[go: up one dir, main page]

CN1404263A - Realizing method and system of special network in wideband virtual network - Google Patents

Realizing method and system of special network in wideband virtual network Download PDF

Info

Publication number
CN1404263A
CN1404263A CN01132745A CN01132745A CN1404263A CN 1404263 A CN1404263 A CN 1404263A CN 01132745 A CN01132745 A CN 01132745A CN 01132745 A CN01132745 A CN 01132745A CN 1404263 A CN1404263 A CN 1404263A
Authority
CN
China
Prior art keywords
address
packet
virtual
ethernet
area network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN01132745A
Other languages
Chinese (zh)
Other versions
CN1180583C (en
Inventor
张世发
刘毓
梁晓明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB011327456A priority Critical patent/CN1180583C/en
Publication of CN1404263A publication Critical patent/CN1404263A/en
Application granted granted Critical
Publication of CN1180583C publication Critical patent/CN1180583C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及一种宽带网络虚拟专用网系统的实现方法及其系统,其实现方法主要包括下述步骤:首先,系统的入口数据链路可以根据需要配置属于某个VPLS或者某个虚拟路由器;其次连接到某个VPLS的多个数据链路间实现完全的以太网交换并进行特殊处理;最后,VPLS可以根据需要选择是否连接到系统内部的虚拟路由器。本发明由于将根据以太网地址路由方式和根据IP地址路由方式相结合并用交换的方式实现多个虚拟交换式路由器,使每个虚拟专用网系统都是一个完整的虚拟专用局域网段既可以互相独立、单独使用,又可以通过路由方式实现互通,构成多个专用系统,并且系统在可管理性、组网能力、强壮性方面比现有的VPN方式更先进和简单可靠。

The present invention relates to a method for realizing a broadband network virtual private network system and the system thereof. The method mainly includes the following steps: firstly, the entry data link of the system can be configured to belong to a certain VPLS or a certain virtual router as required; secondly, Multiple data links connected to a VPLS realize complete Ethernet switching and perform special processing; finally, VPLS can choose whether to connect to a virtual router inside the system according to needs. The present invention realizes a plurality of virtual switching routers by combining the routing method according to the Ethernet address and the routing method according to the IP address, so that each virtual private network system is a complete virtual private local area network segment and can be independent of each other. , used alone, and can realize intercommunication through routing to form multiple dedicated systems, and the system is more advanced, simple and reliable than the existing VPN in terms of manageability, networking capabilities, and robustness.

Description

一种宽带网络虚拟专用网的实现方法及其系统Realization method and system of broadband network virtual private network

技术领域technical field

本发明属于数据通信宽带网络虚拟交换路由技术(Virtual Switch Router),特别是涉及一种宽带网络虚拟专用网(VPN——Virtual Private Network)系统的实现方法及其系统。The invention belongs to the virtual switch router technology of data communication broadband network, and in particular relates to a method for realizing a broadband network virtual private network (VPN—Virtual Private Network) system and a system thereof.

背景技术Background technique

宽带网络迅速发展,现代企业和政府机关需要将多个办公地点的电脑网络互连起来。这些办公地点之间的距离可能从一两公里到几千公里,每个地点的信息点数量(连网的计算机数量)从几台到上千台,典型的大公司需要组成遍布全国的电脑网络,连网计算机的数目达到几万台。With the rapid development of broadband networks, modern enterprises and government agencies need to interconnect computer networks in multiple office locations. The distance between these office locations may range from one or two kilometers to several thousand kilometers, and the number of information points (the number of computers connected to the network) at each location ranges from a few to thousands. A typical large company needs to form a computer network all over the country , the number of connected computers reaches tens of thousands.

由企业铺设线路,各自建设自己的专用网络显然是不经济也不合理。通常企业购买Internet服务提供商(ISPInternetProvider)提供的虚拟专用网(VPN——Virtual Private Network)服务,用于组建企业自己的专用网络。因此,如何用合理的方式实现VPN是ISP和网络设备提供商需要解决的问题。It is obviously uneconomical and unreasonable for companies to lay lines and build their own dedicated networks. Usually, enterprises purchase virtual private network (VPN—Virtual Private Network) services provided by Internet Service Providers (ISPInternetProvider) to set up their own private networks. Therefore, how to implement VPN in a reasonable way is a problem that ISPs and network equipment providers need to solve.

互联网工程任务组(IETF)建议的虚拟专用网VPN包括四种类型(请参考“RFC2764 A Eramework for IP Based Virtual Private Networks”,B.Gleeson,A.Lin,J.Heinanen,G.Armifage,A.Malis,February 2000):The virtual private network VPN recommended by the Internet Engineering Task Force (IETF) includes four types (please refer to "RFC2764 A Eramework for IP Based Virtual Private Networks", B.Gleeson, A.Lin, J.Heinanen, G.Armifage, A. Malis, February 2000):

(1)虚拟专用拨号网络(VPDN——Virtual Private Dial Networks)——指用户利用拨号网络访问企业数据中心,用户从企业数据中心获得一个私有地址,但用户数据可跨公共数据网络进行传送。可利用PPTP、L2F、L2TP实现。(1) Virtual Private Dial Networks (VPDN—Virtual Private Dial Networks)——meaning that users use dial-up networks to access corporate data centers. Users obtain a private address from corporate data centers, but user data can be transmitted across public data networks. Can use PPTP, L2F, L2TP to realize.

(2)虚拟专线(VLL——Virtual Lease Line)——最简单的VPN类型,两端之间通过IP隧道仿真出一条专线,它可利用IPIP、GRE、L2TP、VTP、MPLS等方式实现。(2) Virtual Lease Line (VLL—Virtual Lease Line)—the simplest VPN type, a leased line is simulated through an IP tunnel between the two ends, which can be realized by using IPIP, GRE, L2TP, VTP, MPLS, etc.

(3)虚拟路由专用网络(VPRN——Virtual Private RoutedNetworks)——企业可以利用公共数据网络建立自己的私有企业网络。用户可自由规划企业各分支机构之间的地址,路由策略,安全机制等。实现协议包括IPIP、GRE、L2TP、VTP、MPLS等。(3) Virtual Private Routed Networks (VPRN—Virtual Private Routed Networks)—Enterprises can use public data networks to build their own private enterprise networks. Users can freely plan addresses, routing strategies, security mechanisms, etc. between branches of the enterprise. Implementation protocols include IPIP, GRE, L2TP, VTP, MPLS, etc.

(4)虚拟专用局域网段(VPLS——Virtual Private LAN Segment)——是利用Internet仿真一个局网。(4) Virtual Private LAN Segment (VPLS - Virtual Private LAN Segment) - is to use the Internet to simulate a local network.

VLL和VPDN是最简单的VPN方式,VPLS和VPRN是更先进的VPN方式。VLL and VPDN are the simplest VPN methods, and VPLS and VPRN are more advanced VPN methods.

在现有技术条件下,ISP能够根据用户需求通过出租DDN,X.25,ATMPVC提供最简单的VLL服务,或者通过接入服务器提供VPDN服务VPLS服务还很少提供。Under the existing technical conditions, ISP can provide the simplest VLL service by renting out DDN, X.25, ATMPVC according to user needs, or provide VPDN service through the access server, and VPLS service is rarely provided.

发明内容Contents of the invention

本发明的目的是提供一种可以实现多虚拟交换式路由器系统该系统可以在单个宽带交换机/路由器系统中虚拟多个专用宽带交换机/路由器虚拟系统,且每个虚拟系统互相独立、构成多个既可分别单独使用,又可以通过路由器互通的专用系统,同时每个虚拟专用系统都是一个完整的虚拟专用局域网段(VPLS——Virtual Private LAN Segment)的宽带网络虚拟专用网(VPN——Virtual PrivateNetwork)系统的实现方法及其系统,其中该宽带网络虚拟专用网(VPN——Virtual Private Network)系统的实现方法包括以下步骤:The purpose of the present invention is to provide a multi-virtual switching router system that can virtualize multiple dedicated broadband switch/router virtual systems in a single broadband switch/router system, and each virtual system is independent of each other, forming multiple It is a dedicated system that can be used separately and can communicate with each other through routers. At the same time, each virtual private system is a complete virtual private local area network segment (VPLS—Virtual Private LAN Segment) broadband network virtual private network (VPN—Virtual Private Network ) system and system thereof, wherein the realization method of this broadband network virtual private network (VPN——Virtual Private Network) system comprises the following steps:

a、判断是否有数据包到达,如果无数据包到达,则重新开始等待数据包到达;否则a. Determine whether there is a data packet arriving, if no data packet arrives, restart waiting for the data packet to arrive; otherwise

b、根据数据链路配置,识别数据包的输入端口类型,判断该数据包是发往虚拟专用局域网段VPLS还是发往路由器;如果数据包是发往路由器则转到步骤e;如果数据包是发往虚拟专用局域网段VPLS则B, according to the data link configuration, identify the input port type of the data packet, judge whether the data packet is sent to the virtual private local area network segment VPLS or send to the router; if the data packet is sent to the router, then go to step e; if the data packet is Send to the virtual private LAN segment VPLS

c、进一步识别数据包的输入端口所属的虚拟专用局域网段VPLS序号和虚拟专用局域网段VPLS虚端口序号;c, further identifying the virtual private local area network segment VPLS serial number and the virtual private local area network segment VPLS virtual port serial number to which the input port of the data packet belongs;

d、根据数据包以太网地址在本虚拟专用局域网段VPLS内转发,转发完毕后则转到步骤g;D, forward in this virtual private local area network segment VPLS according to data packet ethernet address, then go to step g after forwarding;

e、进一步识别数据包的输入端口所属路由器序号和路由器虚端口序号;e, further identifying the serial number of the router to which the input port of the data packet belongs and the virtual port serial number of the router;

f、根据数据包的IP地址在本路由器内转发;转发完毕则f. According to the IP address of the data packet, it is forwarded in this router;

g、判断转发的出口是不是其他虚拟专用局域网段VPLS的端口,如果是转回到步骤c;否则g, judge whether the forwarding exit is the port of VPLS of other virtual private local area network segments, if it is, turn back to step c; otherwise

h、判断转发的出口是不是发往本机其他路由器,如果是则转回到步骤e;否则h. Determine whether the forwarded export is sent to other routers of the machine, if yes, go back to step e; otherwise

i、转发到系统出端口;i. Forward to the system output port;

j、结束任务,并重新开始等待数据包到达。j. End the task and restart to wait for the arrival of the data packet.

其中上述步骤d中在本虚拟专用局域网段VPLS内转发的过程包括以下步骤:Wherein the process of forwarding in this virtual private local area network segment VPLS among the above-mentioned steps d comprises the following steps:

d1、判断是否有数据包待处理,如果无数据包待处理,则重新开始等待数据包到达;否则d1, judge whether there is a data packet to be processed, if there is no data packet to be processed, then restart to wait for the data packet to arrive; otherwise

d2、分析包头,检验数据包是否合法,如果不合法转到步骤d12;否则d2, analyze the packet header, check whether the data packet is legal, if not legal, go to step d12; otherwise

d3、分析以太网包内部承载的是否IP包,如果是IP包则将该IP包在路由器的地址解析协议ARP查找表中记录该IP地址对应的虚拟专用局域网段VPLS序号、虚拟专用局域网段VPLS虚端口号、以太网源地址等相关信息,供地址解析协议ARP过程使用;否则d3, analyze whether the IP packet is carried inside the Ethernet packet, if it is an IP packet, record the corresponding virtual private local area network segment VPLS serial number and virtual private local area network segment VPLS of the IP address in the address resolution protocol ARP lookup table of the router with the IP packet Virtual port number, Ethernet source address and other related information for the address resolution protocol ARP process; otherwise

d4、分析判断以太网包目的地址是单播地址还是组播或广播,如果是组播或广播地址转到d11;否则d4. Analyze and judge whether the destination address of the Ethernet packet is a unicast address or a multicast or broadcast address, if it is a multicast or broadcast address, transfer to d11; otherwise

d5、单播以太网目的地址查找,学习以太网源地址和源IP地址;d5, unicast Ethernet destination address search, learn Ethernet source address and source IP address;

d6、判断以太网目的地址是否匹配,如果不匹配转到d11,否则d6. Determine whether the Ethernet destination address matches, if not, go to d11, otherwise

d7、更新地址老化计时器;d7. Update the address aging timer;

d8、进行虚拟专用局域网段VPLS拓扑检查,判断是否符合拓扑规则、允许转发,如果不允许转发则转到d12,否则d8. Check the VPLS topology of the virtual private LAN segment to judge whether it conforms to the topology rules and allow forwarding. If forwarding is not allowed, go to d12, otherwise

d9、转发到系统出端口;d9, forwarding to the system output port;

d10、结束任务并重新开始等待数据包到达;d10, end the task and start to wait for the data packet to arrive again;

d11、将数据包向本虚拟专用局域网段VPLS中所有端口广播,并转回到上d11. Broadcast the data packet to all ports in the VPLS of this virtual private LAN segment, and transfer it back to the upper

     述步骤d8;Describe step d8;

d12、丢弃该数据包,并转到上述步骤d10。d12. Discard the data packet, and go to the above step d10.

同时上述步骤f中根据数据包的IP地址在本路由器内转发的过程包括以下步骤:Simultaneously, the process of forwarding in this router according to the IP address of the packet in the above-mentioned steps f comprises the following steps:

f1、判断是否有数据包待处理,如果无数据包待处理,则重新开始等待数据包到达;否则f1, judge whether there is a data packet to be processed, if there is no data packet to be processed, then restart to wait for the data packet to arrive; otherwise

f2、验证入口数据包是否为符合路由转发要求,如果不符合转发要求,则转到步骤f9;否则f2, verify whether the ingress data packet meets the routing forwarding requirements, if not, then go to step f9; otherwise

f3、核验IP包头是否合法,如果IP包头不合法,则转到步骤f12,否则f3, check whether the IP header is legal, if the IP header is illegal, then go to step f12, otherwise

f4、进行路由查找,根据查找结果判断是否匹配,如果路由查找结果不匹配,则转到步骤f10,否则f4, carry out route search, judge whether to match according to search result, if route search result does not match, then go to step f10, otherwise

f5、将IP包头的TTL减1并将查找结果匹配的数据包连同查表结果,生成新的IP包头,并重新计算IP包头中文校验值checksum;f5, reduce the TTL of the IP packet header by 1 and generate a new IP packet header with the matched data packet of the search result together with the table lookup result, and recalculate the checksum of the Chinese checksum of the IP packet header;

f5、根据下一跳IP地址进行地址解析协议ARP处理,得到目的以太网地址;f5. Perform address resolution protocol ARP processing according to the next-hop IP address to obtain the destination Ethernet address;

f7、将IP包封装到以太网包中并转发到目的端口所在的虚拟专用局域网段VPLS;f7, the IP packet is encapsulated into the Ethernet packet and forwarded to the virtual private local area network segment VPLS where the destination port is located;

f8、结束本次任务,并重新开始,等待新的数据包到达;f8, end this task, and start again, waiting for new data packets to arrive;

f9、根据路由协议的要求,判断数据包是否为其它需要交协议软件处理的数据包,如果不是则转到步骤f12;否则f9, according to the requirements of the routing protocol, judge whether the data packet is another data packet that needs to be handed over to the protocol software for processing, if not then go to step f12; otherwise

f10、交给协议软件进行路由协议处理,解析目的路由;f10, hand over to the protocol software for routing protocol processing, and analyze the destination route;

f11、判断目的路由解析是否成功,如果成功则转回到步骤f5;否则f11, judging whether the destination route analysis is successful, if successful, turn back to step f5; otherwise

f12、将数据包丢失,并转回到步骤f8。f12. Lose the data packet, and return to step f8.

本发明所述的宽带网络虚拟专用网VPN系统包括:主控板MPU,用于完成平台管理、信令控制、路由管理等功能,其中平台管理包括设备管理、配置管理、链路设置,路由管理包括收集路由信息,形成转发表,并通过同步机制同各个接口板保持同步,转发各个接口板不能转发的数据包(包括带OPTION的IP包、组播包)及接口管理机制;The broadband network virtual private network VPN system of the present invention comprises: main control board MPU, is used for completing functions such as platform management, signaling control, routing management, wherein platform management includes equipment management, configuration management, link setting, routing management Including collecting routing information, forming a forwarding table, and maintaining synchronization with each interface board through a synchronization mechanism, forwarding data packets that cannot be forwarded by each interface board (including IP packets with OPTION, multicast packets) and an interface management mechanism;

交换网板NET,用于为其它各单板提供高速的交换通路,使其它各单板可以无阻塞的相互交换数据包和其它控制信息;The switching network board NET is used to provide high-speed switching channels for other boards, so that other boards can exchange data packets and other control information without blocking;

线路处理板LPU,用于提供多种物理链路接口,如100M以太网电接口、千兆以太网光接口、155M/622M/2.5GATM光接口、155M/622M/2.5GPOS光接口等,实现与其它网络设备对接的功能;The line processing unit LPU is used to provide various physical link interfaces, such as 100M Ethernet electrical interface, Gigabit Ethernet optical interface, 155M/622M/2.5GATM optical interface, 155M/622M/2.5GPOS optical interface, etc. The function of connecting other network devices;

路由功能模块RFM,为虚拟专用局域网段VPLS的执行部件,用于提供虚拟专用局域网段VPLS的二层交换功能和路由转发处理功能;The routing function module RFM is an execution component of the virtual private local area network segment VPLS, and is used to provide the layer-2 switching function and routing forwarding processing function of the virtual private area network segment VPLS;

其中所述的主控板MPU、交换网板NET、线路处理板LPU、路由功能模块RFM各部件之间通过相对应的数据总线(如1483B等数据线)相互连接形成一整体。The main control board MPU, the switching network board NET, the line processing board LPU, and the routing function module RFM are connected to each other through corresponding data buses (such as 1483B and other data lines) to form a whole.

本发明由于将根据以太网地址路由方式和根据IP地址路由方式相结合并用交换的方式实现多个虚拟交换式路由器,使每个虚拟专用网系统都是一个完整的虚拟专用局域网段(VPLS——Virtual Private LAN Segment)既可以互相独立、单独使用,又可以通过路由方式实现互通,构成多个专用系统,并且系统在可管理性、组网能力、强壮性方面比现有的宽带网络薄似专用网VPN方式更先进和简单可靠。The present invention realizes a plurality of virtual switching routers by combining the routing method according to the Ethernet address and the routing method according to the IP address, so that each virtual private network system is a complete virtual private local area network segment (VPLS—— Virtual Private LAN Segment) can be independent of each other and used alone, and can also communicate with each other through routing to form multiple dedicated systems, and the system is thinner than existing broadband networks in terms of manageability, networking capabilities, and robustness. The network VPN method is more advanced, simple and reliable.

同时本发明由于用数据链路层信息区分多个专用系统,虚拟专用局域网段VPLS系统内部根据以太网包头携带的目的地址查表得到出端口信息,并将数据包转发到出端口;如果查表无匹配,则向本虚拟专用局域网段VPLS系统内所有其它端口转发。从而使每个专用系统具有独立的以太网地址学习和地址淘汰功能。Simultaneously the present invention is owing to distinguish a plurality of dedicated systems with data link layer information, virtual private local area network section VPLS system inside according to the destination address look-up table that Ethernet packet head carries obtains the outlet port information, and data packet is forwarded to outlet port; If look-up table If there is no match, it will be forwarded to all other ports in the VPLS system of this virtual private LAN segment. Therefore, each dedicated system has independent Ethernet address learning and address elimination functions.

同时根据本发明,还可分别指定每个虚拟专用系统同时支持的最大以太网地址数量,并可隔离每个虚拟专用局域网段VPLS所使用的以太网地址,对共享的资源进行隔离,使每个虚拟专用系统不受其他虚拟专用局域网段VPLS系统的影响。Simultaneously according to the present invention, also can designate the maximum Ethernet address quantity that each virtual private system supports simultaneously, and can isolate the Ethernet address that each virtual private local area network section VPLS uses, isolates the shared resource, makes each A virtual private system is not affected by other virtual private LAN segment VPLS systems.

而且根据本发明,还可以对每个虚拟专用局域网段VPLS内部各端口之间的虚拟网络拓扑关系进行灵活设置。Moreover, according to the present invention, it is also possible to flexibly set the virtual network topology relationship between ports inside each virtual private local area network segment VPLS.

综上所述,本发明具有以下优点:In summary, the present invention has the following advantages:

1、使单个交换路由器可以虚拟多个专用系统1. Enable a single switch router to virtualize multiple dedicated systems

一般交换路由器无法虚拟多个专用系统,无法处理虚拟专用局网段VPLS的宽带网络虚拟专用网VPN方式。本发明可实现单个交换路由器虚拟多个虚拟专用局网段VPLS。General switching routers cannot virtualize multiple private systems, and cannot handle the broadband network virtual private network VPN mode of the virtual private office network segment VPLS. The invention can realize virtual multiple virtual private office network segment VPLS of a single switching router.

2、提供高级的宽带网络虚拟专用网VPN方式——虚拟专用局网段VPLS,用少量的连接数同时又能达到全互连网络的效果2. Provide advanced broadband network virtual private network VPN mode - virtual private office network segment VPLS, with a small number of connections and at the same time achieve the effect of a fully interconnected network

由于提供的虚拟交换/虚拟路由服务,可以大大减少企业网互连使用的通信线路。Due to the virtual switching/virtual routing services provided, the communication lines used by the enterprise network interconnection can be greatly reduced.

举例说明如下,假设某城域网中某家企业有5个办公地点,如果需要实现多个办公地点全互连,需要使用多达4+3+2+1=10条通信线路连接任意两个办公地点;如果使用本发明中的虚拟交换机,则只需要5条连接到虚拟交换路由器的通信线路即可实现全互连。减少了企业宽带互连的费用和复杂程度。An example is as follows, assuming that an enterprise in a MAN has 5 office locations, if multiple office locations need to be fully interconnected, up to 4+3+2+1=10 communication lines need to be used to connect any two Office location; if the virtual switch among the present invention is used, only 5 communication lines connected to the virtual switch router are needed to realize full interconnection. Reduces the cost and complexity of enterprise broadband interconnection.

3、提供处理简单,带宽丰富的宽带企业虚拟专用网系统。3. Provide a broadband enterprise virtual private network system with simple processing and rich bandwidth.

由于本发明提出的虚拟专用网系统利用了以太网交换的技术,避免完全依赖复杂的路由技术,具有处理相对简单的优势,从而可以在单个系统中提供多达数千个虚拟专用局域网段VPLS和少量虚拟路由器,比单纯依赖路由技术的系统能够提供更多的虚拟系统数目。Because the virtual private network system that the present invention proposes has utilized the technology of Ethernet exchange, avoids relying on complicated routing technology completely, has the advantage that handles relatively simple, thus can provide up to thousands of virtual private local area network segments VPLS and VPLS in a single system A small number of virtual routers can provide more virtual systems than systems that rely solely on routing technology.

4、提供管理难度最小的虚拟专用交换路由服务。4. Provide virtual private exchange routing services with the least management difficulty.

在本发明的虚拟专用局域网段VPLS系统中避免了多个企业之间IP地址重合、路由配置带来复杂的技术问题。利用本发明有效减少了网络管理工作量和难度。In the virtual private local area network segment VPLS system of the present invention, the complicated technical problems caused by IP address overlapping and routing configuration among multiple enterprises are avoided. The invention effectively reduces the workload and difficulty of network management.

5、提供网络拓扑剪裁功能,能够根据需要改变网络的拓扑结构。5. Provide the function of network topology tailoring, which can change the topology of the network according to the needs.

本发明的虚拟专用局域网段VPLS流程的步骤d8可以配合访问列表以非常简单的方式实现多种拓扑结构限制,将虚拟专用局域网段VPLS的各端口组成星型、全互连型、或者任何需要的网络拓扑。The step d8 of the VPLS process of the virtual private area network segment of the present invention can cooperate with the access list to realize multiple topological structure restrictions in a very simple manner, and form each port of the virtual private area network segment VPLS into a star type, a full interconnection type, or any required Network topology.

6、节省了ISP的设备投资费用6. Save the equipment investment cost of ISP

根据本发明,单个虚拟交换系统可以提供多达数百个虚拟交换系统及几个虚拟路由系统。也就是说,单个设备就可以解决很多企业的内部互连问题。According to the present invention, a single virtual switching system can provide up to hundreds of virtual switching systems and several virtual routing systems. In other words, a single device can solve the internal interconnection problems of many enterprises.

ISP用购买单个交换路由器的费用购买根据本发明设计的虚拟交换路由器,可以支持的企业互连数目增加了上百倍。同样的设备投资可以获得多达上百倍的回报。ISP buys the virtual switch router designed according to the invention with the cost of purchasing a single switch router, and the number of enterprise interconnections that can be supported is increased hundreds of times. The same equipment investment can get up to hundreds of times the return.

以下结合附图详细说明本发明的组成及其实现方法与工作原理:The composition of the present invention and its implementation method and working principle are described in detail below in conjunction with the accompanying drawings:

附图说明Description of drawings

图1是本发明的系统组成方框图;Fig. 1 is a system block diagram of the present invention;

图2是本发明的系统处理流程图;Fig. 2 is a system processing flowchart of the present invention;

图3是本发明的虚拟专用局域网段VPLS内部转发流程图;Fig. 3 is the internal forwarding flowchart of virtual private local area network segment VPLS of the present invention;

图4是本发明的虚拟路由器内部转发流程图;Fig. 4 is the internal forwarding flowchart of the virtual router of the present invention;

具体实施方式Detailed ways

如图1~图4所示,本发明所述的宽带网络虚拟专用网(VPN——VirtualPrivate Network)系统的实现方法包括以下步骤:As shown in Fig. 1~Fig. 4, the implementation method of broadband network virtual private network (VPN——VirtualPrivate Network) system of the present invention comprises the following steps:

a、判断是否有数据包到达,其中数据包的入口可以是ATM虚通道ATMVC、以太网端口、位置(POS-position)接口等,但不论物理层是什么端口以及链路层是什么封装,进入虚拟专用局域网段VPLS的数据包内容必须是以太网包。同时在系统配置的时候确定该数据链路属于虚拟专用局域网段VPLS的入口还是路由器的入口。如果无数据包到达,则重新开始等待数据包到达;否则a, judge whether there is data packet to arrive, wherein the entrance of data packet can be ATM virtual channel ATMVC, Ethernet port, position (POS-position) interface etc., but no matter what port of physical layer and what encapsulation of link layer, enter The packet content of the virtual private LAN segment VPLS must be an Ethernet packet. At the same time, it is determined whether the data link belongs to the entrance of the virtual private area network segment VPLS or the entrance of the router during system configuration. If no packet arrives, restart waiting for the packet to arrive; otherwise

b、根据数据链路配置,识别数据包的输入端口类型,判断该数据包是发往虚拟专用局域网段VPLS还是发往路由器,如果数据包是发往路由器则转到步骤e;如果数据包是发往虚拟专用局域网段VPLS则B, according to the data link configuration, identify the input port type of the data packet, judge whether the data packet is sent to the virtual private local area network segment VPLS or send to the router, if the data packet is sent to the router, then go to step e; if the data packet is Send to the virtual private LAN segment VPLS

c、由于系统中可以有多至数千个虚拟专用局域网段VPLS,当数据链路配置为发往虚拟专用局域网段VPLS时,进一步识别数据包的输入端口所属的虚拟专用局域网段VPLS序号和虚拟专用局域网段VPLS虚端口序号,这些信息用于在该特定的虚拟专用局域网段VPLS中转发;c. Since there can be as many as thousands of virtual private local area network segments VPLS in the system, when the data link is configured to be sent to the virtual private area network segment VPLS, further identify the virtual private local area network segment VPLS sequence number and virtual private area network segment to which the input port of the data packet belongs. Private LAN segment VPLS virtual port serial number, which information is used for forwarding in the specific virtual private LAN segment VPLS;

d、根据数据包以太网地址在本虚拟专用局域网段VPLS内转发,转发完毕后转到步骤g;D, forward in this virtual private local area network segment VPLS according to data packet ethernet address, forward to step g after forwarding;

其中本步骤中所述根据数据包以太网地址在本虚拟专用局域网段VPLS内转发的过程包括以下步骤:Wherein the process described in this step forwards in this virtual private local area network segment VPLS according to the packet Ethernet address comprises the following steps:

d1、判断是否有数据包待处理,如果无数据包待处理,则重新开始等待数据包到达;否则d1, judge whether there is a data packet to be processed, if there is no data packet to be processed, then restart to wait for the data packet to arrive; otherwise

d2、分析包头、检验数据包是否合法,其中本步骤中分析、检验数据包是否合法是如果数据包包头有链路层封装,则分析、检验数据包包头链路层封装是否合法,如果不合法转到步骤d12;否则d2, analyze the packet header, check whether the data packet is legal, wherein analysis in this step, check whether the packet is legal if the packet header has link layer encapsulation, then analyze and check whether the packet header link layer encapsulation is legal, if not legal Go to step d12; otherwise

d3、分析以太网包内部承载的是否IP包,如果是IP包则将该IP包在路由器的地址解析协议ARP查找表中记录该IP地址对应的虚拟专用局域网段VPLS序号、虚拟专用局域网段VPLS虚端口号、以太网源地址等相关信息,供地址解析协议ARP过程使用;否则d3, analyze whether the IP packet is carried inside the Ethernet packet, if it is an IP packet, record the corresponding virtual private local area network segment VPLS serial number and virtual private local area network segment VPLS of the IP address in the address resolution protocol ARP lookup table of the router with the IP packet Virtual port number, Ethernet source address and other related information for the address resolution protocol ARP process; otherwise

d4、分析判断以太网包目的地址是单播地址还是组播或广播,如果是组播或广播地址则转到d11;否则d4. Analyze and judge whether the destination address of the Ethernet packet is a unicast address or a multicast or broadcast address, if it is a multicast or broadcast address, then go to d11; otherwise

d5、单播以太网目的地址查找,学习以太网源地址和源IP地址;其中本步骤中学习以太网源地址和源IP地址是将该数据包的以太网源地址和对应的虚拟专用局域网段VPLS序号、入口虚拟专用局域网段VPLS虚端口序号、端口类型等相关信息记录在以太网地址查找表中,如果查找表已存在有以太网源地址和虚拟专用局域网段VPLS序号都相同的表项,则用新的信息替换原有的信息。这个过程实现了以太网地址学习,该地址学习过程是基于虚拟专用局域网段VPLS序号和以太网源地址的,这种学习方式可以保证每个虚拟专用局域网段VPLS有自己单独的以太网地址空间,起到隔离多个虚拟专用局域网段VPLS的作用,同时,限制每个虚拟专用局域网段VPLS允许的最大以太网地址数。其中,在学习一个新的以太网地址以前,先比较该虚拟专用局域网段VPLS的以太网地址数目计数是否超过预先设定的值,如果没有超出则学习,否则不学习。学习操作完成后,则对该虚拟专用局域网段VPLS的现有以太网地址计数加壹,该计数供下一次地址学习操作以前比较。这种地址学习的方式实现了对每个虚拟专用局域网段VPLS最大以太网地址数目的限制,使每个虚拟专用局域网段VPLS以太网查找表的存储空间受控,避免了虚拟专用局域网段VPLS因为共享有限的查找表空间而造成资源冲突。隔离虚拟专用局域网段VPLS之间的共享资源是本发明保证系统强壮性的重要手段。本步骤还用虚拟专用局域网段VPLS序号和以太网目的地址在以太网地址查找表中查出数据转发出端口信息,包括出端口类型、出端口号、链路层封装方式等相关内容。D5, unicast Ethernet destination address search, learning Ethernet source address and source IP address; Wherein learning Ethernet source address and source IP address in this step is the Ethernet source address of the packet and the corresponding virtual private local area network segment VPLS serial number, VPLS virtual port serial number of the entrance virtual private LAN segment, port type and other relevant information are recorded in the Ethernet address lookup table. If the lookup table already has entries with the same Ethernet source address and virtual private LAN segment VPLS serial number, Replace the original information with new information. This process realizes Ethernet address learning. The address learning process is based on the VPLS sequence number of the virtual private LAN segment and the Ethernet source address. This learning method can ensure that each virtual private LAN segment VPLS has its own separate Ethernet address space. It plays the role of isolating multiple virtual private LAN segments VPLS, and at the same time, limits the maximum number of Ethernet addresses allowed by each virtual private LAN segment VPLS. Wherein, before learning a new Ethernet address, first compare whether the number of Ethernet addresses of the virtual private local area network segment VPLS exceeds a preset value, if not, learn, otherwise do not learn. After the learning operation is completed, add one to the existing Ethernet address count of the virtual private local area network segment VPLS, and this count is used for comparison before the next address learning operation. This address learning method realizes the limitation of the maximum number of Ethernet addresses for each virtual private LAN segment VPLS, and makes the storage space of each virtual private LAN segment VPLS Ethernet lookup table controlled, avoiding the virtual private LAN segment VPLS due to Resource conflicts due to sharing limited lookup table space. Isolating the shared resources between the VPLSs of virtual private LAN segments is an important means for ensuring the robustness of the system in the present invention. This step also uses the virtual private local area network segment VPLS sequence number and the Ethernet destination address to find out the data forwarding port information in the Ethernet address lookup table, including related content such as the outgoing port type, the outgoing port number, and the link layer encapsulation method.

d6、判断以太网目的地址是否匹配,如果不匹配转到d11,否则d6. Determine whether the Ethernet destination address matches, if not, go to d11, otherwise

d7、更新地址老化计时器;本步骤中更新地址老化计时器是对虚拟专用局域网段VPLS中的每个以太网源地址进行计时淘汰。如果一段时间内没有源地址为某个以太网地址的数据包到达,相应的地址淘汰计时器计时满,就淘汰该虚拟专用局域网段VPLS序号以及太网源地址对应的查找表项,并对该计时器复位。每当有数据包到达,将该数据包虚拟专用局域网段VPLS序号和以太网源地址对应有尽的地址淘汰计时器清零。d7. Updating the address aging timer; updating the address aging timer in this step is to time out each Ethernet source address in the virtual private local area network segment VPLS. If there is no source address within a period of time for the arrival of a data packet with a certain Ethernet address, and the corresponding address elimination timer expires, the VPLS sequence number of the virtual private local area network segment and the lookup table item corresponding to the Ethernet source address are eliminated, and the The timer is reset. Whenever a data packet arrives, the virtual private local area network segment VPLS sequence number of the data packet and the Ethernet source address corresponding to the infinite address elimination timer are cleared.

d8、进行虚拟专用局域网段VPLS拓扑检查,判断是否符合拓扑规则、允许转发,如果不允许转发转到d12,否则d8. Check the VPLS topology of the virtual private LAN segment to determine whether it complies with the topology rules and allow forwarding. If forwarding is not allowed, go to d12, otherwise

d9、转发到系统出端口;d9, forwarding to the system output port;

d10、结束任务并重新开始等待数据包到达;d10, end the task and start to wait for the data packet to arrive again;

d11、将该以太网广播数据包复制多份,并将其向本虚拟专用局域网段VPLS中所有端口广播,并转回到上述步骤d8;d11. Duplicate the Ethernet broadcast data packet in multiple copies, and broadcast it to all ports in the VPLS of this virtual private local area network segment, and turn back to the above-mentioned step d8;

d12、丢弃该数据包,并转到上述步骤d10。d12. Discard the data packet, and go to the above step d10.

e、当数据链路标示应该发往路由器,由于系统可能有不止一个虚拟路由器,则进一步识别数据包的输入端口即数据包入口数据链路所属路由器的序号和所属路由器虚端口序号,这些信息用于在该路由器中转发;e. When the data link mark should be sent to the router, since the system may have more than one virtual router, the input port of the data packet is further identified, that is, the sequence number of the router to which the data packet entry data link belongs and the virtual port sequence number of the router to which it belongs. This information is used for forwarding in the router;

f、根据数据包的IP地址在本路由器内转发;f. According to the IP address of the data packet, it is forwarded in this router;

其中本步骤中根据数据包的IP地址在本路由器内转发的过程包括以下步骤:Wherein in this step, the process of forwarding in this router according to the IP address of the packet comprises the following steps:

f1、判断是否有数据包待处理,如果无数据包待处理,则重新开始等待数据包到达;否则f1, judge whether there is a data packet to be processed, if there is no data packet to be processed, then restart to wait for the data packet to arrive; otherwise

f2、验证入口数据包是否为符合路由转发要求的IP包,其中,具体的转发条件必须包括:f2, verify whether the ingress packet is an IP packet meeting the routing forwarding requirements, wherein the specific forwarding conditions must include:

1、以太网目的地址与路由器接口的以太网地址匹配;1. The Ethernet destination address matches the Ethernet address of the router interface;

2、协议类型为IP包,但条件可以不限于这些,根据具体情况还可以有其它的条件或要求,如果不符合转发要求,则转到步骤f9;否则2. The protocol type is an IP packet, but the conditions are not limited to these, and other conditions or requirements may also be arranged according to the specific circumstances. If the forwarding requirements are not met, then go to step f9; otherwise

f3、核验IP包头是否合法,如果IP包头不合法,则转到步骤f12,否则f3, check whether the IP header is legal, if the IP header is illegal, then go to step f12, otherwise

f4、进行路由查找,根据查找结果判断是否匹配,其中本步骤中进行路由查找是根据RFC 1519以最长匹配方式进行路由查找,具体的查找方式可以参考“RFC1519Classless Inter-Damain Routing(CIDR)an Address Assignment andAggregation Strategy”,V.Fuller,T.Li,J.Yu,K.Varadhan,September1993.(Status:Proposed Standard)的有关部分。如果路由查找结果不匹配,则转到步骤f10,否则f4, perform route search, and judge whether it matches according to the search result, wherein the route search in this step is to perform route search according to RFC 1519 with the longest matching method, and the specific search method can refer to "RFC1519 Classless Inter-Damain Routing (CIDR) an Address Assignment and Aggregation Strategy", relevant part of V.Fuller, T.Li, J.Yu, K.Varadhan, September1993. (Status: Proposed Standard). If the route lookup result does not match, then go to step f10, otherwise

f5、将IP包头的TTL减1并将查找结果匹配的数据包连同查表结果生成新的IP包头,所述的查表结果包含输出端口号、是否直接路由、下一条IP等信息,并根据查表结果重新计算IP包头中文校验值checksum,同时完成IP包头的修改工作;f5, the TTL of IP packet header is subtracted 1 and the data packet that search result matches generates new IP packet header together with table lookup result, and described table lookup result includes information such as output port number, direct routing, next IP, and according to The result of the lookup table recalculates the checksum of the Chinese checksum of the IP header, and completes the modification of the IP header at the same time;

f6、根据路由查找得到的下一跳IP地址进行地址解析协议ARP处理,得到目的以太网地址;f6, perform address resolution protocol ARP processing according to the next-hop IP address obtained by routing search, and obtain the destination Ethernet address;

f7、将该IP包根据地址解析协议ARP的处理结果修改数据包的以太网封装,并将IP包封装到以太网包中并转发到目的端口所在的虚拟专用局域网段VPLS;f7, modify the Ethernet encapsulation of the data packet according to the processing result of the address resolution protocol ARP by this IP packet, and encapsulate the IP packet in the Ethernet packet and forward it to the virtual private local area network segment VPLS where the destination port is located;

f8、结束本次任务,并重新开始,等待新的数据包到达;f8, end this task, and start again, waiting for new data packets to arrive;

f9、根据路由协议的要求,判断数据包是否为其它需要交协议软件处理的数据包,如果不是则转到步骤f12;否则f9, according to the requirements of the routing protocol, judge whether the data packet is another data packet that needs to be handed over to the protocol software for processing, if not then go to step f12; otherwise

f10、交给协议软件进行路由协议处理,解析目的路由;f10, hand over to the protocol software for routing protocol processing, and analyze the destination route;

f11、判断目的路由解析是否成功,如果成功则转回到步骤f5;否则f11, judging whether the destination route analysis is successful, if successful, turn back to step f5; otherwise

f12、将数据包丢失,并转回到步骤f8。f12. Lose the data packet, and return to step f8.

g、判断转发的出口是不是其他虚拟专用局域网段VPLS的端口,如果是,则转回到步骤c;否则g, judge whether the forwarding exit is the port of other virtual private local area network segment VPLS, if yes, then turn back to step c; otherwise

h、判断转发的出口是不是发往本机其他路由器,如果是则转回到步骤e;否则h. Determine whether the forwarded export is sent to other routers of the machine, if yes, go back to step e; otherwise

i、转发到系统出端口;本步骤中转发到系统出端口是将数据包根据出端口要求加上链路层封装,用交换的方式发往物理出端口。i. Forwarding to the system output port; Forwarding to the system output port in this step is to add link layer encapsulation to the data packet according to the requirements of the output port, and send it to the physical output port by switching.

其中本发明所述的步骤g、h、i等三个步骤的处理可以保证系统的虚拟专用局域网段VPLS可以和系统的虚拟专用局域网段VPLS或其它路由器之间可以级联,使系统具有更大的灵活性,使系统的逻辑结构可灵活调整。Wherein the processing of three steps such as step g, h, i described in the present invention can guarantee that the virtual private local area network section VPLS of the system can be cascaded with the virtual private local area network section VPLS of the system or other routers, so that the system has a larger The flexibility enables the logical structure of the system to be adjusted flexibly.

j、结束任务并重新等待新的数据包到达。j. End the task and wait for new data packets to arrive again.

综上所述,根据本发明的实现方法,可以将交换式路由器系统虚拟成多达数百个的虚拟专用系统,每个虚拟专用局域网段VPLS内部使用以太网交换技术实现交换,多个虚拟专用局域网段VPLS之间可以通过路由器实现IP层路由。In summary, according to the implementation method of the present invention, the switched router system can be virtualized into up to hundreds of virtual private systems, and each virtual private local area network segment VPLS uses Ethernet switching technology to realize switching, and multiple virtual private Routers can be used to implement IP layer routing between VPLS in LAN segments.

如图1所示根据上述实现方法所实现的宽带网络虚拟专用系统包括:主控板MPU,用于完成平台管理、信令控制、路由管理等功能,其中平台管理包括设备管理、配置管理、链路设置,路由管理包括收集路由信息,形成转发表,并通过同步机制同各个接口板保持同步,转发各个接口板不能转发的数据包(包括带OPTION的IP包、组播包)及接口管理机制;As shown in Figure 1, the broadband network virtual private system realized according to the above-mentioned implementation method includes: a main control board MPU, which is used to complete functions such as platform management, signaling control, and routing management, wherein platform management includes equipment management, configuration management, link management, etc. Route setting, routing management includes collecting routing information, forming a forwarding table, and maintaining synchronization with each interface board through a synchronization mechanism, forwarding data packets that cannot be forwarded by each interface board (including IP packets with OPTION, multicast packets) and interface management mechanism ;

交换网板NET,用于为其它各单板提供高速的交换通路,使其它各单板可以无阻塞的相互交换数据包和其它控制信息;The switching network board NET is used to provide high-speed switching channels for other boards, so that other boards can exchange data packets and other control information without blocking;

线路处理板LPU,用于提供多种物理链路接口,如100M以太网电接口、千兆以太网光接口、155M/622M/2.5GATM光接口、155M/622M/2.5GPOS光接口等,实现与其它网络设备对接的功能;The line processing unit LPU is used to provide various physical link interfaces, such as 100M Ethernet electrical interface, Gigabit Ethernet optical interface, 155M/622M/2.5GATM optical interface, 155M/622M/2.5GPOS optical interface, etc. The function of connecting other network devices;

路由功能模块RFM,为虚拟专用局域网段VPLS的执行部件,用于提供虚拟专用局域网段VPLS的二层交换功能和路由转发处理功能。RFM作为多虚拟交换式路由器的一个单板插入机框内通过MPU上的配置管理平台,对RFM上的虚拟专用局域网段VPLS进行配置,如图1所示,各LPU从线路上接收数据包,通过交换网板交换到RFM单板,在RFM完成虚拟专用局域网段VPLS以及路由处理。The routing function module RFM is an execution unit of the virtual private local area network segment VPLS, and is used to provide the layer 2 switching function and routing and forwarding processing function of the virtual private area network segment VPLS. As a single board of a multi-virtual switch router, RFM is inserted into the frame through the configuration management platform on the MPU to configure the virtual private LAN segment VPLS on the RFM, as shown in Figure 1, each LPU receives data packets from the line, It is switched to the RFM board through the SFU, and the VPLS and routing processing of the virtual private LAN segment are completed in the RFM.

其中上述主控板MPU、交换网板NET、线路处理板LPU、路由功能模块RFM各部件之间通过数据总线(如1483B等数据线)相互连接形成一整体。Among them, the main control board MPU, the switching network board NET, the line processing board LPU, and the routing function module RFM are connected to each other through a data bus (such as a data line such as 1483B) to form a whole.

Claims (12)

1, a kind of implementation method of special network in wideband virtual network is characterized in that may further comprise the steps:
A, judged whether that packet arrives,, restarted then to wait for that packet arrives if the free of data bag arrives; Otherwise
B, according to data link configuration, the input port type of recognition data bag judges that this packet mails to the virtual special local area network section or mails to router; If packet is to mail to router then forward step e to; If packet is to mail to virtual special local area network Duan Ze
The empty port sequence number of virtual special local area network section sequence number under the input port of c, further recognition data bag and virtual special local area network section;
D, in this virtual special local area network section, transmit, transmit and then forward step g to after finishing according to the packet ethernet address;
The empty port sequence number of router sequence number and router under the input port of e, further recognition data bag;
F, in this router, transmit according to the IP address of packet; Forwarding finishes then
The outlet that g, judgement are transmitted is the port of other virtual special local area network sections, if rotate back into step c; Otherwise
Whether the outlet that h, judgement are transmitted mails to other routers of this machine, if then rotate back into step e; Otherwise
I, be forwarded to system's outbound port;
J, end task, and restart to wait for that packet arrives.
2,, it is characterized in that the process of transmitting among the above-mentioned steps d may further comprise the steps in this virtual special local area network section according to the implementation method of the described special network in wideband virtual network of claim 1:
D1, judged whether that packet is pending,, restarted then to wait for that packet arrives if the free of data bag is pending; Otherwise
D2, analysis packet header, whether the check data bag is legal, if the illegal steps d 12 that forwards to; Otherwise
D3, analyze the whether IP bag of the inner carrying of Ethernet bag, if IP wraps relevant informations such as this IP address corresponding virtual dedicated local-area network segment sequence number of record in the address resolution protocol look-up table that then this IP is wrapped in router, the empty port numbers of virtual special local area network section, ethernet source address, use for the address resolution protocol process; Otherwise
D4, analysis and judgement Ethernet bag destination address are unicast address or multicast or broadcasting, if multicast or broadcast address forward d11 to; Otherwise
D5, clean culture Ethernet destination address are searched, study ethernet source address and source IP address;
D6, judge whether the Ethernet destination address mates, and does not forward d11 to if match, otherwise
D7, scheduler age timer;
D8, carry out the inspection of virtual special local area network section topology, judge whether to meet topology rule and allow and transmit, if do not allow to transmit then forward d12 to, otherwise
D9, be forwarded to system's outbound port;
D10, end task, and restart to wait for that packet arrives;
D11, with packet all of the port broadcasting in this virtual special local area network section, and rotate back into above-mentioned steps
d8;
D12, abandon this packet, and forward above-mentioned steps d10 to.
3, whether according to the implementation method of the described special network in wideband virtual network of claim 2, it is characterized in that analyzing among the above-mentioned steps d2 packet header, check packet header legal is whether analyze the packet header link encapsulated layer of packet legal.
4, according to the implementation method of the described special network in wideband virtual network of claim 2, it is characterized in that among the above-mentioned steps d5 study ethernet source address and source IP address be with relevant information records such as the ethernet source address of this packet and corresponding virtual dedicated local-area network segment sequence number, the empty port sequence number of inlet virtual special local area network section, port types in the ethernet address look-up table, if look-up table has had ethernet source address and all identical list item of virtual special local area network section sequence number, then replace original information with new information.
5, according to the implementation method of claim 2 or 3 or 4 described special network in wideband virtual network, when it is characterized in that above-mentioned steps d5 carries out, its front also has a steps d 51, this steps d 51 is before new ethernet address of study, relatively whether the ethernet address number of this virtual special local area network section counting surpasses predefined value earlier, if do not exceed then learn, otherwise do not learn.
6, according to the implementation method of claim 2 or 3 or 4 described special network in wideband virtual network, when it is characterized in that above-mentioned steps d5 carries out, its back also has a steps d 52, this steps d 52 is after learning manipulation is finished, existing ethernet address counting to this virtual special local area network section adds 1, and this counting supplies relatively to use before the address learning operation next time.
7, according to the implementation method of the described special network in wideband virtual network of claim 2, it is characterized in that scheduler age timer among the above-mentioned steps d7 is is that the packet of certain ethernet address arrives if there is not source address in a period of time, it is full that the timer timing is eliminated in corresponding address, then eliminate the list item of searching of this virtual special local area network section sequence number and ethernet source address correspondence, and this timer resetted, and, then the virtual special local area network section sequence number and the ethernet source address corresponding address of this packet are eliminated the timer zero clearing whenever there being packet to arrive.
8, according to the implementation method of the described special network in wideband virtual network of claim 2, it is characterized in that among the above-mentioned steps d11 packet being broadcasted to all of the port of this virtual special local area network section is earlier this Ethernet broadcast data packet to be duplicated many parts, again with its all of the port broadcasting in this virtual special local area network section.
9,, it is characterized in that the process of transmitting in this router according to the IP address of packet among the above-mentioned steps f may further comprise the steps according to the described special network in wideband virtual network of claim 1:
F1, judged whether that packet is pending,, restarted then to wait for that packet arrives if the free of data bag is pending; Otherwise
Whether f2, checking entry data bag are to meet the IP bag that routing forwarding requires, if do not meet the forwarding requirement, then forward step f9 to; Otherwise
F3, whether legal, if IP packet header is illegal, then forward step f12 to if veritifying IP packet header, otherwise
F4, carry out route querying, judge whether coupling,, then forward step f10 to if route searching result does not match according to lookup result, otherwise
F5, with the TTL in IP packet header subtract 1 and with the packet of lookup result coupling together with checking result, generates new IP packet header, and recomputates the Chinese check value in IP packet header;
F6, carry out address resolution protocol according to next-hop ip address and handle, obtain the purpose ethernet address;
F7, IP sealed the virtual special local area network section that installs in the Ethernet bag and be forwarded to the destination interface place;
F8, finish this subtask, and restart, wait for that new packet arrives;
F9, according to the requirement of Routing Protocol, whether the judgment data bag is other packet that need hand over the protocol software to handle, if not then forwarding step f12 to; Otherwise
F10, give the protocol software and carry out Routing Protocol and handle, resolve the purpose route;
F11, judge the whether success of purpose routing resolution, if success then rotate back into step f5; Otherwise
F12, with data-bag lost, and rotate back into step f8.
10, according to the implementation method of the described special network in wideband virtual network of claim 1, it is characterized in that packet described in the above-mentioned steps a is the Ethernet bag, its inlet can be ATM Virtual Channel, ethernet port, positional interface or other forms of interface.
11, according to the implementation method of the described special network in wideband virtual network of claim 1, it is characterized in that being forwarded among the above-mentioned steps i system's outbound port is that requirement adds link layer packaging according to outbound port with packet, mails to the physics outbound port with the mode that exchanges.
12, a kind of special network in wideband virtual network system that is used for the described implementation method of claim 1 is characterized in that this system comprises:
Master control borad, be used to finish functions such as platform management, signaling control, routing management, wherein platform management comprises equipment control, configuration management, link setting, routing management comprises the collection routing iinformation, formation is transmitted, and by synchronization mechanism synchronously, transmit bag and interface management mechanism that each interface board can not be transmitted with each interface board maintenance;
Network board is used to other each veneer that at a high speed switching path is provided, and makes other each veneer can choke free mutual exchange data packets and other control information;
Line Processing Unit is used to provide multiple physical link interface, as 100M Ethernet electrical interface, gigabit Ethernet optical interface, 155M/622M/2.5GATM optical interface, 155M/622M/2.5GPOS optical interface etc., realizes the function of docking with other network equipment;
The routing function module is the execution unit of virtual special local area network section, is used to provide the two layers of function of exchange and the routing forwarding processing capacity of virtual special local area network section;
Be interconnected to form an integral body by corresponding data/address bus between wherein said master control borad, network board, Line Processing Unit, each parts of routing function module.
CNB011327456A 2001-09-03 2001-09-03 A Realization Method of Broadband Network Virtual Private Network Expired - Lifetime CN1180583C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB011327456A CN1180583C (en) 2001-09-03 2001-09-03 A Realization Method of Broadband Network Virtual Private Network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB011327456A CN1180583C (en) 2001-09-03 2001-09-03 A Realization Method of Broadband Network Virtual Private Network

Publications (2)

Publication Number Publication Date
CN1404263A true CN1404263A (en) 2003-03-19
CN1180583C CN1180583C (en) 2004-12-15

Family

ID=4671551

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB011327456A Expired - Lifetime CN1180583C (en) 2001-09-03 2001-09-03 A Realization Method of Broadband Network Virtual Private Network

Country Status (1)

Country Link
CN (1) CN1180583C (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005112350A1 (en) * 2004-05-14 2005-11-24 Huawei Technologies Co., Ltd. A METHOD FOR MANAGING THE ROUTE IN THE VIRTUAL PRIVATE NETWORK BASED ON IPv6
WO2007140691A1 (en) * 2006-06-02 2007-12-13 Huawei Technologies Co., Ltd. A method, apparatus, and system implementing the vpn configuration service
CN100396039C (en) * 2005-01-07 2008-06-18 华为技术有限公司 Method of Realizing MPLS Network Intercommunication Based on Heterogeneous Media
CN100399767C (en) * 2003-09-26 2008-07-02 华为技术有限公司 Method for accessing IP public network by virtual switch system
CN1988497B (en) * 2005-12-24 2010-05-05 中兴通讯股份有限公司 Method for Processing Layer 2 Data Packet in Ethernet Switch
CN101902384A (en) * 2010-03-29 2010-12-01 正文科技股份有限公司 Data transmission system and method with multi-network segment access
CN101262429B (en) * 2008-04-16 2011-03-16 中兴通讯股份有限公司 A system and method for realizing virtual private network communication
CN101540718B (en) * 2008-03-18 2011-04-27 中国移动通信集团公司 Method, device and local area network for realizing port service intercommunication in local area network
CN101494574B (en) * 2009-03-03 2011-05-25 中兴通讯股份有限公司 Performance test system and method for double-layer virtual special access backbone network
WO2011091688A1 (en) * 2010-01-27 2011-08-04 成都市华为赛门铁克科技有限公司 Method, device and network system for transmitting datagram
CN101136853B (en) * 2007-09-27 2012-04-25 华为技术有限公司 Data routing method
CN102984067A (en) * 2011-09-02 2013-03-20 盛科网络(苏州)有限公司 Method and chip for message processing of layer 3 next-hop independent of layer 2 forwarding table
CN103078699A (en) * 2012-12-28 2013-05-01 华为技术有限公司 Method and network device for conducting time synchronization based on precision time protocol
US9084108B2 (en) 2009-05-27 2015-07-14 Huawei Technologies Co., Ltd. Method, apparatus, and system for mobile virtual private network communication
CN108965129A (en) * 2018-06-25 2018-12-07 烽火通信科技股份有限公司 A kind of implementation method of VPLS business multicast physical port iteration
CN119109922A (en) * 2024-08-30 2024-12-10 新华三技术有限公司 A method for processing a message and a network device

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100399767C (en) * 2003-09-26 2008-07-02 华为技术有限公司 Method for accessing IP public network by virtual switch system
WO2005112350A1 (en) * 2004-05-14 2005-11-24 Huawei Technologies Co., Ltd. A METHOD FOR MANAGING THE ROUTE IN THE VIRTUAL PRIVATE NETWORK BASED ON IPv6
CN100396039C (en) * 2005-01-07 2008-06-18 华为技术有限公司 Method of Realizing MPLS Network Intercommunication Based on Heterogeneous Media
CN1988497B (en) * 2005-12-24 2010-05-05 中兴通讯股份有限公司 Method for Processing Layer 2 Data Packet in Ethernet Switch
WO2007140691A1 (en) * 2006-06-02 2007-12-13 Huawei Technologies Co., Ltd. A method, apparatus, and system implementing the vpn configuration service
US7933978B2 (en) 2006-06-02 2011-04-26 Huawei Technologies Co., Ltd. Method, device and system for implementing VPN configuration service
CN101136853B (en) * 2007-09-27 2012-04-25 华为技术有限公司 Data routing method
CN101540718B (en) * 2008-03-18 2011-04-27 中国移动通信集团公司 Method, device and local area network for realizing port service intercommunication in local area network
CN101262429B (en) * 2008-04-16 2011-03-16 中兴通讯股份有限公司 A system and method for realizing virtual private network communication
CN101494574B (en) * 2009-03-03 2011-05-25 中兴通讯股份有限公司 Performance test system and method for double-layer virtual special access backbone network
US9084108B2 (en) 2009-05-27 2015-07-14 Huawei Technologies Co., Ltd. Method, apparatus, and system for mobile virtual private network communication
US8713305B2 (en) 2010-01-27 2014-04-29 Huawei Technologies Co., Ltd. Packet transmission method, apparatus, and network system
WO2011091688A1 (en) * 2010-01-27 2011-08-04 成都市华为赛门铁克科技有限公司 Method, device and network system for transmitting datagram
CN101902384B (en) * 2010-03-29 2013-10-23 正文科技股份有限公司 Data transmission system and method with multi-network segment access
CN101902384A (en) * 2010-03-29 2010-12-01 正文科技股份有限公司 Data transmission system and method with multi-network segment access
CN102984067A (en) * 2011-09-02 2013-03-20 盛科网络(苏州)有限公司 Method and chip for message processing of layer 3 next-hop independent of layer 2 forwarding table
CN103078699A (en) * 2012-12-28 2013-05-01 华为技术有限公司 Method and network device for conducting time synchronization based on precision time protocol
CN103078699B (en) * 2012-12-28 2015-08-05 华为技术有限公司 Method and the network equipment of time synchronized is carried out based on precision time protocol
CN108965129A (en) * 2018-06-25 2018-12-07 烽火通信科技股份有限公司 A kind of implementation method of VPLS business multicast physical port iteration
CN119109922A (en) * 2024-08-30 2024-12-10 新华三技术有限公司 A method for processing a message and a network device

Also Published As

Publication number Publication date
CN1180583C (en) 2004-12-15

Similar Documents

Publication Publication Date Title
CN1180583C (en) A Realization Method of Broadband Network Virtual Private Network
CN1125545C (en) Data forwarding method for implementing virtual channel transmission in LAN
RU2357281C2 (en) Virtual broadcasting network for inter-domain connection
CN1708957A (en) Multi-layer virtual local area network (VLAN) domain mapping mechanism
CN1423873A (en) Method and apparatus for multicasting of wire-speed IP information
CN1943190A (en) Flooding suppression method
CN1787485A (en) Packet forwarding apparatus and communication network
CN1620010A (en) VLAN server
CN1474563A (en) Forwarding method of multicast message in network communication
CN1135689A (en) Method for interconnecting local network and apparatus thereof
CN101960796A (en) blade switch
CN1878133A (en) Dynamic VLAN ID assignment and packet transfer apparatus
CN1820463A (en) Large-scale layer 2 metropolitan area network
CN102571613A (en) Method and network device for message forwarding
CN101119290B (en) Ethernet supporting source specific multicast forwarding method and system
EP3200398A1 (en) Automated mirroring and remote switch port analyzer (rspan)/encapsulated remote switch port analyzer (erspan) functions using fabric attach (fa) signaling
US8576840B2 (en) Assigning packets to a network service
CN1960313A (en) Periphery devices of service provider of combining network address conversion, and method of application
CN1297105C (en) Method for implementing multirole main machine based on virtual local network
CN1946041A (en) VLAN polymerizing method, converging exchanger and system based on ARP detector intercept
CN1943173A (en) Intelligent adjunct network device
CN1677951A (en) Data exchange method based on virtual local area network
CN1925452A (en) Data transferring system, method and network transferring apparatus
CN101030915A (en) Method for sharing V-Switch transparent-transferring data load
CN1863127A (en) Method for core network access to multi-protocol sign exchange virtual special network

Legal Events

Date Code Title Description
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20041215

DD01 Delivery of document by public notice
DD01 Delivery of document by public notice

Addressee: Patent of Huawei Technology Co.,Ltd. The person in charge

Document name: Notice of expiration and termination of patent right