CN1744541A - Method for realizing virtual private network business in multi-layer label switch network - Google Patents
Method for realizing virtual private network business in multi-layer label switch network Download PDFInfo
- Publication number
- CN1744541A CN1744541A CNA2004100741217A CN200410074121A CN1744541A CN 1744541 A CN1744541 A CN 1744541A CN A2004100741217 A CNA2004100741217 A CN A2004100741217A CN 200410074121 A CN200410074121 A CN 200410074121A CN 1744541 A CN1744541 A CN 1744541A
- Authority
- CN
- China
- Prior art keywords
- route
- vpn
- opposite end
- tunnel
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The method includes steps: after receiving route sent from source CE1, PEl determines PE2 to be issued, and assigns tunnel between PEl and CE-1; through hopping from entrance of CM, the information of route is sent to exit of CM; exit of CM determines whether there is tunnel between PEl and PE2; if no, building tunnel between PEl and PE2; otherwise, sending the information of route to PE2 directly; PE2 updates information of route in VRF of the VPN operation, and issues the information of route to CE-2; when receiving IP data packet containing route ID sent from CE-2, PE2 forwards IP data packet to VPN user at opposite end based on tunnel information of PEl obtained from route ID. Out-of-band signaling is adopted in the invention to issue VPN route. PE does not need to run MP-IBGP software so that complexity of PE device is lowered greatly. The invention raises reliability and lowers cost.
Description
Technical field
Communication technical field of the present invention is meant a kind of method that realizes VPN (VPN) business in multilayer labels exchange (MPLS) network especially.
Background technology
VPN is the Virtual Private Network of setting up on public network, and it has and private network same remarkable fail safe, reliability and ease of manageability.VPN has substituted traditional dialing access, utilizes the continuity as Virtual Private Network of Internet resources that interconnected (INTERNET) public network or operator provide, saves expensive special line rent and uses; VPN can also use the fail safe of technique guarantee VPN traffics such as tunnel protocol, authentication and data encryption simultaneously, is subjected to enterprise customer's welcome.
The typical case who Figure 1 shows that the VPN network of RFC2547bis definition uses, as shown in Figure 1, the VPN service is by backbone network router (P, Provider) pass through backbone network edge router (PE) to customer edge (CE, Customer Edge) provides, the existence of the imperceptible backbone network of CE just looks like to have had that independently Internet resources are the same.Equally, for the P of backbone network inside, do not know the existence of VPN yet, only be responsible for the message transmissions of backbone network inside.The structure of all VPN, connection and management are all carried out on PE.From the angle of PE, a website (Site) is that the CE that is administered is communicated with vpn system, and Site is the elementary cell that constitutes VPN, and VPN is the set of Site.Each Site among the same VPN is connected with PE in the backbone network by CE, and the message among each VPN all is to propagate on backbone network by CE and PE.There are not man-to-man corresponding relation in Site and VPN, and a Site can belong to a plurality of VPN simultaneously, and still, message can only transmit on the different Site in same VPN.
Process based on the VPN of IPv4 management route comprises the issue of route, the reception of route and the storage of route.
Wherein, the issuing process of route is: according to RFC 2547 standards, propagate routing iinformation by inner network management protocol (IGP) or privately owned network management protocol (EBGP) between CE and the PE, guarantee the continuity of IP between each PE by IGP, propagate VPN by IBGP and form information and route.When issuing route between the PE, the route of being issued is carried the output route target community (Export Route Targets) in VPN-IPv4 address and the route target community (Route Targets), there are 12 bytes this VPN-IPv4 address, preceding 8 bytes are Route Distinguisher (RD, Route Distinguisher), 4 bytes in back are the IPv4 address, and the IPv4 address is privately owned address, and different VPN may use identical IPv4 address down; When issuing route between CE and the PE, the route of being issued is carried IPv4 address and Export Route Targets.
Described Route Targets is the topological structure that is used for distinguishing different routes under the same VPN, it comprise be used for appending to issue the Export Route Targets on the route and be used to the input route target community (Import Route Targets) that determines which route can introduce this Site routing table.
The receiving course of route is: store the VPN-IPv4 address and the Route Targets that are connected Site with it among the PE in advance, when PE receives the route of being issued, judge VPN-IPv4 address that this route is carried and Export Route Targets whether with VPN-IPv4 address of self storing and RouteTargets in Import Route Targets be complementary, if then receive this route; Otherwise, do not receive this route.If this route carry for the IPv4 address, then when judging whether the VPN-IPv4 address mates, judge that back four bytes in the VPN-IPv4 address of whether being stored with PE this IPv4 address are complementary.
When CE receives the route of connected PE issue, judge whether the IPv4 address that route carries is identical with the IPv4 address of self, if, then receive this route, otherwise, this route do not received.
The storing process of route is: the VPN member relation that PE has stored this Site for each coupled Site is provided with and the VPN route/forwarding instance (VRF) of routing rule, VRF comprises: IP route table, Label Forwarding Information Base and management information, management information comprise Route Distinguisher (RD), route filtering strategy and the tabulation of VPN member interface etc.At present PE is stored in the route that receives in the routing table of VRF of corresponding Site in the scheme, and distinguishes the route of different VPN with RD.CE directly stores the route that receives.
In order to prevent that might repeat to cause can't be according to IPv4 address area branch route in PE owing to the IPv4 address among each VPN, VPN based on IPv4 manages the scheme of route when storing route, be provided with VRF respectively in PE, for each coupled Site, be used to store the routing iinformation of corresponding Site, and storage during routing iinformation in order to distinguish the route of different VPN, the RD that given the route affix.
What in fact, in fact the RFC2547bis of IETF exploitation adopted is a kind of scheme of in-band signalling.That is to say that it is to realize by the other MP-BGP example of operation between PE and the PE that these control signalings such as the issue of the issue of VPN route, VPN routing tag are propagated.The place one's entire reliance upon software of present router of this VPN scheme, and the software of router 99.999% the reliability level that do not reach at all that telecommunications requires at present based on RFC2547bis.
And, because the professional difference that supplies a pattern, such as: the three-layer VPN business is a kind of supplying a pattern, the two-layer VPN business is again a kind of presentation mode, the NGN business, presentation mode and the presentation mode of vpn service of 3G business on IP network is also different, adopt communication scheme in this band, make that cannot adopt unified business to supply a pattern provides new business on IP network, therefore, network whenever provides a new business, the software of pe router all needs to upgrade, these are concerning equipment manufacturers, its router device software development does not have the end forever, concerning operator, and the network instability that frequent equipment software upgrading may bring, inestimable to the impact that existing business may be brought.
And in the RFC2547bis scheme, PE equipment not only will be finished the route Processing tasks of ordinary Internet business, also needs to finish the route Processing tasks of vpn service, has so just increased the complexity of PE device software, has increased the factors of instability.In case and the control veneer of P equipment breaks down, not only vpn service can't be realized, the Internet business can not normally be moved.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of method that in the multilayer labels switching network, realizes virtual private network service, make it not need to utilize the in-band signalling mode to carry out the route issue, thus the inconvenience of avoiding the in-band signalling mode to bring.
In order to achieve the above object, the invention provides a kind of method that realizes virtual private network service in the multilayer labels switching network, this method is achieved in that
A. after end PE1 in source receives the route that source end CE-1 sends, need to determine the opposite end PE2 of issue, and be the tunnel between this route assignment source end PE1 and the source end CE-1, by inlet CM hop-by-hop the routing iinformation transmission is exported CM then;
B. export CM and determine whether current PE 1 exists the tunnel between the PE2 of opposite end, if exist, then with execution in step c, otherwise, set up source end PE1 to the tunnel between the PE2 of opposite end, execution in step c again;
C. export the near described routing iinformation of CM and be sent to opposite end PE2, opposite end PE2 upgrades the routing iinformation among the VRF of this vpn service, and described routing iinformation is distributed to opposite end CE-2;
D. when PE2 receive that CE-2 sends contain the IP packet of Route Distinguisher the time, get access to the tunnel information of opposite end PE1 according to this Route Distinguisher, and the IP packet be forwarded to opposite end VPN user according to the tunnel that is distributed among this tunnel information and the step a.
Step a comprises:
After a1, source end PE1 receive the route that source end CE-1 sends, according to office's number formulary of vpn service user data and network according to determining opposite end PE2;
A2, source end PE1 are the label information of this route assignment source end PE1 to source end CE-1, and this route is sent to inlet CM, wherein carry described label information and route;
A3, inlet CM be by according to the loopback address or the RD of opposite end PE2 correspondence, determines that next jumps CM, and will comprise and carry label information and routing iinformation is forwarded to next jumping step by step, through forwarded hop-by-hop, arrives outlet CM at last.
3, method according to claim 2 is characterized in that, described routing iinformation comprises Route Distinguisher, the loopback address of source end PE1 correspondence and the loopback address of opposite end PE2 correspondence that opposite end PE2 distributes for this VPN at least.
The CM of inlet described in the step a3 determines next jumping CM's by the loopback address of opposite end PE2 correspondence or RD.
Described vpn service user data comprises RD/RT, topological data, member relation data.
Described office number formulary is according to comprising the allocation strategy of VPN label, the LoopBack address of PE.
Described vpn service user data and/or office's number formulary are according to setting in advance in PE or in the external data base.
When described vpn service user data and/or office's number formulary when setting in advance externally in the database, described PE can adopt Radius, SIP, LDAP or COPS agreement and external data base to carry out communication.
The end PE1 of source described in the step b sets up according to business demand, service priority to the tunnel between the PE2 of opposite end.
Tunnel between end PE1 of source described in the step a and the source end CE1 is based on every route assignment among VRF, interface or each VPN.
The present invention has adopted the VPN route orientation/appointment issue mechanism of out-band method, when route is issued, does not need PE to pass through MP-IBGP agreement, operation MP-IBGP software.It all is the same that method of the present invention supplies a pattern for different business, therefore when network provides new business, the software of the pe router that do not need to upgrade, therefore, reduce software development process and software upgrade process, thereby avoided the unsteadiness brought by software upgrade process.
And when pe router did not provide Internet professional in network, PE did not just need to move that cover route software of Internet, because the vpn service data do not need to be stored on the PE equipment yet, the software of PE significantly reduces like this, and reliability greatly improves.Certainly, when the PE equipment in network does not carry the Internet business, after the good parameter of manual configuration, can not need to control the veneer of pe router correspondence so, this moment, the reliability of network can be suitable with transmission equipment.And if PE equipment carrying Internet business even the control veneer breaks down, also only influences the Internet business, can not influence vpn service.Therefore, use method of the present invention, because PE equipment complexity reduces greatly, reliability height, cost are low.
Description of drawings
Fig. 1 uses schematic diagram for the typical case of VPN network;
Fig. 2 is for providing the overall framework schematic diagram of three-layer VPN business on the MPLS network;
Fig. 3 is for realizing the schematic flow sheet of method of the present invention;
Fig. 4 is VPN route issuing process and a data forwarding process schematic diagram in the embodiments of the invention;
Fig. 5 realizes the schematic flow sheet of route issue and data forwarding for Fig. 4.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Referring to shown in Figure 2, networking structure of the present invention comprises service control layer, bearer control layer, logical bearers net, four levels of basic physics net.Wherein, the basic physics net is that basic IP network by present operator constitutes; The logical bearers layer is made up of a plurality of logical bearers networks of planning in advance and configure on the physical IP network of operator by MPLS traffic engineering technology, and each logical bearers network corresponds respectively to class of service EF, AF1, the AF2 of DiffServ standard code; Bearer control layer is made up of a plurality of explorers (CM) of minute layer building, be in charge of Internet resources and topology information with the service logic bearing bed, and for meet the end-to-end bearer channel of strict qos requirement from service quality (QoS) the request foundation of service control layer, this bearer channel is to represent by the MPLS label stack on IP backbone; Service control layer is made up of the miscellaneous service controlling platform of the professional application of process user, it is according to service request from user, determine this professional required parameter: qos parameter, IP five-tuple, be source IP address, purpose IP address, protocol number, source port number, destination slogan, generate the QoS request command, the form of order is (qos parameter, an IP five-tuple), then to the bearer channel of bearer control layer application Business Stream.Professional controlling platform can be the controlling platform of SoftSwitch, VPN Manager, VOD Control Server, video conference MCU controlling platform, collaborative work, professional controlling platform can be an operator, also can be signatory ICP, the ISP customer of operator.Different business has different professional controlling platform, but the interface of different business controlling platform and bearer control layer is unified.
In order to make solution have good extended capability, use for reference dynamic routing protocol OSPF, IS-IS and divide the mechanism of distinguishing the territory, here the IP physical network is divided into some directorial areas, each directorial area is by explorer CM unified management Internet resources, be responsible for session selection path and Resources allocation through this directorial area, transregional routing needs the explorer CM in two districts just can finish alternately mutually.In actual applications, a directorial area can be a metropolitan area network, can be province's backbone network, also can be national backbone network; The division of directorial area also can be consistent with the division of Routing Area.
Below for simplicity, the route publisher is called source end CE-1, is called for short CE-1, its corresponding local side apparatus is source end PE1, is called for short PE1, and the route reciever is called opposite end CE-2, is called for short CE-2, and its corresponding local side apparatus is opposite end PE2, is called for short PE2.
Referring to shown in Figure 3, realize that method of the present invention may further comprise the steps:
After step 301:PE1 receives the route that CE-1 sends, need to determine the PE2 of issue, and be the tunnel between this route assignment PE1 and the CE1, by inlet CM hop-by-hop routing iinformation is sent to then and exports CM;
Step 302: outlet CM determines whether there is the tunnel between the current PE 1 to PE2, if exist, then execution in step 303, otherwise, set up source end PE1 to the tunnel between the PE2 of opposite end;
Step 303: outlet CM near described routing iinformation is sent to PE2, and PE2 upgrades the routing iinformation among the VRF of this vpn service, and described routing iinformation is distributed to CE-2;
Step 304: when PE2 receive that CE-2 sends contain the IP packet of Route Distinguisher the time, get access to the tunnel information of opposite end PE according to this Route Distinguisher, and the IP packet be forwarded to opposite end CE-1 according to the tunnel that is distributed in this tunnel information and the step 301.
Lifting specific embodiment below in conjunction with Fig. 4 is described in further detail the present invention.
Referring to shown in Figure 5, present embodiment realizes that the process of issue of VPN route and data forwarding is as follows:
Step 501: when PE1 receives the route of CE-1 issue, according to the PE2 of pre-configured VPN service-user data drawn game number formulary according to definite needs issue.
Here, route is that RD represents.And, several numbering plans that RD can adopt people to know, for example E.164 (as 800 addresses of enterprise), have geography information Internet domain name (huawei.bi.cn, huawei.shanghai.cn), have the Email address (bj@huawei.com, shanghai@huawei.com) of geography information etc.And numbering granularity and the operator of RD wishes that the addressing object size that reaches is relevant, and following several scheme can be arranged:
(1) based on having set up a kind of mapping relations one by one between VRF distribution RD:RD and the VRF, this moment, RD was addressed to the VPN on the PE;
(2) a kind of mapping relations have one by one been set up based on the interface of interface assignment RD:RD and VPN, the VPN website that this moment, RD was addressed on the PE to be connected.
And the vpn service user data can comprise RD/RT, topological data, member relation data etc.In actual application, can as the allocation strategy of VPN label, the LoopBack address of PE etc., directly be stored on the PE according to RFC2547bis with vpn service user data and office's number formulary certificate.Certainly,, also the unification of vpn service user data can be arranged on the database of external server, when PE need use these data, can obtain from this database inquiry in order to manage, reduce operation cost concentratedly.And this database can be considered to merge or setting separately with the Radius Server of operator.Communications protocol between PE and these databases can adopt Radius, SIP, LDAP, COPS etc.
Step 502:PE1 is label Lv1 of this route assignment, the tunnel of expression between from PE1 to CE-1, and routing iinformation is issued inlet CM, give the LoopBack address of RD, the PE1 of this VPN distribution, the LoopBack address of PE2 etc. comprising route, label information Lv1, opposite end PE2.
Step 503: after inlet CM receives this routing iinformation, according to LoopBack address or the RD table of query and routing of wherein PE2, determine that next jumps CM, and the routing iinformation of receiving is transmitted to next jumps CM, through such forwarded hop-by-hop, these information arrive outlet CM at last.
Step 504: outlet CM judges the current LSP that whether has PE2 to PE1, if exist, then execution in step 505, otherwise, set up the LSP of PE2 to PE1, execution in step 505 then.
Step 505: outlet CM is sent to opposite end PE2 with this routing iinformation.
Step 506:PE2 basis is the LoopBack address of PE1 wherein, obtain PE2 to PE1 label stack information L4/L3/L2/L1, PE2 is again according to the routing table of the VRF instance of RD+Dest/Mask, label information Lv1 and this VPN correspondence of label stack information updating with transmit, and last PE2 is distributed to CE-2 with this route.
Step 501~step 506 is to finish the route issuing process.From said process as can be seen, the present invention has improved the issue mechanism of RFC2547bisVPN route, changes the broadcast distribution mode into orientation/appointment published method.And be the directed issue mechanism of route just because of what adopt among the present invention, so purpose PE does not need route is filtered, therefore do not need this parameter of RT.
Step 507: when PE2 receives VPN user's IP packet, according to RD inquiry VRF table, obtain label stack L4/L3/L2/L1/Lv1 information, and label stack L4/L3/L2/L1/Lv1 information is encapsulated on the IP head, according to label stack information the IP packet is forwarded to PE1 then, PE1 is transmitted to VPN user according to VPN label Lv1 with the IP message.
In the embodiment shown in fig. 4, be to be that example illustrates in the step 402 with method based on route assignment VPN label, the distribution method of VPN label depends primarily on the partition size of VPN label in fact, for PE, the distribution of VPN label is partial approach, can be determined by each PE oneself fully.For example, the distribution method of VPN label can comprise following several partition size:
(1) distribute the VPN label based on VRF: only for each VRF distributes a VPN label, each VRF just has a fib table like this, on outlet PE, must carry out quadratic search according to this fib table on PE, obtains outgoing interface and corresponding packaging information.
(2) based on interface assignment VPN label: each interface circuit that is VPN on PE distributes a label, can avoid the quadratic search on outlet PE.
(3) based on route assignment VPN label: the label of every route assignment that is VPN on PE.
The present invention adopts the architectural framework of out-band method that MPLS is provided L3VPN, and this architectural framework not only can MPLS L3VPN, and the telecommunication service of conventional telecommunications such as NGN, 3G, video also can be provided.Adopt unified architectural framework that various telecommunication services are provided like this, operator does not need to upgrade when new telecommunication service is provided, the upgrading router software.
The present invention has adopted the VPN route orientation/appointment issue mechanism of out-band method, when route is issued, does not need PE to pass through MP-IBGP agreement, operation MP-IBGP software.It all is unified that method of the present invention supplies a pattern for different business, therefore, when network provides a new business, the software of pe router does not need to upgrade, therefore, reduce software development process and software upgrade process, thereby avoided the unsteadiness brought by software upgrade process, guaranteed the safety of professional control plane.
And if pe router does not provide the Internet business, PE does not just need to move that cover route software of Internet, because the vpn service data do not need to be stored on the PE equipment yet, the software of PE significantly reduces like this, and reliability greatly improves.Certainly, if the PE equipment in the network does not carry the Internet business, after the good parameter of manual configuration, can not need to control veneer so, this moment, the reliability of network can be suitable with transmission equipment.And if PE equipment carrying Internet business even the control veneer breaks down, also only influences the Internet business, can not influence vpn service.
And the present invention has done significant improvement to the coding addressing system of RD, has cancelled the RT parameter.The coded system that RD adopts people to know, study, training, debugging, fault location, operation maintenance cost reduce greatly.
In a word, the above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (10)
1, a kind of method that realizes virtual private network service in the multilayer labels switching network is characterized in that this method may further comprise the steps:
A. after end PE1 in source receives the route that source end CE-1 sends, need to determine the opposite end PE2 of issue, and be the tunnel between this route assignment source end PE1 and the source end CE-1, by inlet CM hop-by-hop the routing iinformation transmission is exported CM then;
B. export CM and determine whether current PE 1 exists the tunnel between the PE2 of opposite end, if exist, then with execution in step c, otherwise, set up source end PE1 to the tunnel between the PE2 of opposite end, execution in step c again;
C. export the near described routing iinformation of CM and be sent to opposite end PE2, opposite end PE2 upgrades the routing iinformation among the VRF of this vpn service, and described routing iinformation is distributed to opposite end CE-2;
D. when PE2 receive that CE-2 sends contain the IP packet of Route Distinguisher the time, get access to the tunnel information of opposite end PE1 according to this Route Distinguisher, and the IP packet be forwarded to opposite end VPN user according to the tunnel that is distributed among this tunnel information and the step a.
2, method according to claim 1 is characterized in that, step a comprises:
After a1, source end PE1 receive the route that source end CE-1 sends, according to office's number formulary of vpn service user data and network according to determining opposite end PE2;
A2, source end PE1 are the label information of this route assignment source end PE1 to source end CE-1, and this route is sent to inlet CM, wherein carry described label information and route;
A3, inlet CM be by according to the loopback address or the RD of opposite end PE2 correspondence, determines that next jumps CM, and will comprise and carry label information and routing iinformation is forwarded to next jumping step by step, through forwarded hop-by-hop, arrives outlet CM at last.
3, method according to claim 2 is characterized in that, described routing iinformation comprises Route Distinguisher, the loopback address of source end PE1 correspondence and the loopback address of opposite end PE2 correspondence that opposite end PE2 distributes for this VPN at least.
4, method according to claim 3 is characterized in that, the CM of inlet described in the step a3 determines next jumping CM's by the loopback address of opposite end PE2 correspondence or RD.
5, method according to claim 2 is characterized in that, described vpn service user data comprises RD/RT, topological data, member relation data.
6, method according to claim 2 is characterized in that, described office number formulary is according to comprising the allocation strategy of VPN label, the LoopBack address of PE.
7, method according to claim 2 is characterized in that, described vpn service user data and/or office's number formulary are according to setting in advance in PE or in the external data base.
8, method according to claim 7, it is characterized in that, when described vpn service user data and/or office's number formulary when setting in advance externally in the database, described PE can adopt Radius, SIP, LDAP or COPS agreement and external data base to carry out communication.
9, method according to claim 2 is characterized in that, the end PE1 of source described in the step b sets up according to business demand, service priority to the tunnel between the PE2 of opposite end.
10, method according to claim 1 is characterized in that, the tunnel between end PE1 of source described in the step a and the source end CE1 is based on every route assignment among VRF, interface or each VPN.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100741217A CN100563182C (en) | 2004-08-31 | 2004-08-31 | A kind of method that in the multilayer labels switching network, realizes virtual private network service |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100741217A CN100563182C (en) | 2004-08-31 | 2004-08-31 | A kind of method that in the multilayer labels switching network, realizes virtual private network service |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1744541A true CN1744541A (en) | 2006-03-08 |
CN100563182C CN100563182C (en) | 2009-11-25 |
Family
ID=36139746
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2004100741217A Expired - Fee Related CN100563182C (en) | 2004-08-31 | 2004-08-31 | A kind of method that in the multilayer labels switching network, realizes virtual private network service |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100563182C (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011009331A1 (en) * | 2009-07-23 | 2011-01-27 | 中兴通讯股份有限公司 | Routing label distribution method and apparatus in virtual private network |
CN101051992B (en) * | 2006-04-17 | 2011-04-13 | 华为技术有限公司 | Method for calculating customer layer service route in multilayer network |
CN102215143A (en) * | 2010-04-12 | 2011-10-12 | 华为技术有限公司 | Session failure detection method and routing equipment |
CN101645895B (en) * | 2009-08-31 | 2012-04-18 | 杭州华三通信技术有限公司 | Method and device for realizing tunnel safety |
CN102647328A (en) * | 2012-04-28 | 2012-08-22 | 华为技术有限公司 | Label distribution method, equipment and system |
WO2014044151A1 (en) * | 2012-09-20 | 2014-03-27 | 华为技术有限公司 | Vpn implementation method and pe device |
WO2014079369A1 (en) * | 2012-11-21 | 2014-05-30 | Hangzhou H3C Technologies Co., Ltd. | Forwarding a packet in a network |
CN104980362A (en) * | 2014-04-04 | 2015-10-14 | 华为技术有限公司 | Business tunnel establishment method and business tunnel establishment device |
CN113132235A (en) * | 2019-12-31 | 2021-07-16 | 中兴通讯股份有限公司 | Data message processing method based on virtual circuit and construction method of forwarding table item |
-
2004
- 2004-08-31 CN CNB2004100741217A patent/CN100563182C/en not_active Expired - Fee Related
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051992B (en) * | 2006-04-17 | 2011-04-13 | 华为技术有限公司 | Method for calculating customer layer service route in multilayer network |
WO2011009331A1 (en) * | 2009-07-23 | 2011-01-27 | 中兴通讯股份有限公司 | Routing label distribution method and apparatus in virtual private network |
CN101645895B (en) * | 2009-08-31 | 2012-04-18 | 杭州华三通信技术有限公司 | Method and device for realizing tunnel safety |
CN102215143A (en) * | 2010-04-12 | 2011-10-12 | 华为技术有限公司 | Session failure detection method and routing equipment |
CN102215143B (en) * | 2010-04-12 | 2014-10-08 | 华为技术有限公司 | Session failure detection method and routing equipment |
CN102647328A (en) * | 2012-04-28 | 2012-08-22 | 华为技术有限公司 | Label distribution method, equipment and system |
CN102647328B (en) * | 2012-04-28 | 2016-03-09 | 华为技术有限公司 | A kind of label distribution method, equipment and system |
US9755855B2 (en) | 2012-09-20 | 2017-09-05 | Huawei Technologies Co., Ltd. | VPN implementation method and PE device |
WO2014044151A1 (en) * | 2012-09-20 | 2014-03-27 | 华为技术有限公司 | Vpn implementation method and pe device |
WO2014079369A1 (en) * | 2012-11-21 | 2014-05-30 | Hangzhou H3C Technologies Co., Ltd. | Forwarding a packet in a network |
US9479420B2 (en) | 2012-11-21 | 2016-10-25 | Hewlett Packard Enterprise Development Lp | Forwarding a packet in a network |
CN104980362A (en) * | 2014-04-04 | 2015-10-14 | 华为技术有限公司 | Business tunnel establishment method and business tunnel establishment device |
CN104980362B (en) * | 2014-04-04 | 2019-04-12 | 华为技术有限公司 | A kind of service tunnel method for building up and equipment |
CN113132235A (en) * | 2019-12-31 | 2021-07-16 | 中兴通讯股份有限公司 | Data message processing method based on virtual circuit and construction method of forwarding table item |
CN113132235B (en) * | 2019-12-31 | 2023-03-31 | 中兴通讯股份有限公司 | Data message processing method based on virtual circuit and construction method of forwarding table item |
US11924094B2 (en) | 2019-12-31 | 2024-03-05 | Zte Corporation | Virtual circuit-based data packet processing method and forwarding table entry construction method |
Also Published As
Publication number | Publication date |
---|---|
CN100563182C (en) | 2009-11-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1254059C (en) | Method of realizing special multiple-protocol label exchanging virtual network | |
US8085791B1 (en) | Using layer two control protocol (L2CP) for data plane MPLS within an L2 network access node | |
US8121126B1 (en) | Layer two (L2) network access node having data plane MPLS | |
CN1214583C (en) | Three layer virtual private network and its construction method | |
US8385342B2 (en) | System and method of virtual private network route target filtering | |
US7467227B1 (en) | System using policy filter decision to map data traffic to virtual networks for forwarding the traffic in a regional access network | |
CN1502195A (en) | System, method and apparatus that isolate virtual private network (VPN) and best effort traffic to resist denial of service attacks | |
CN100372336C (en) | MPLS VPN and its control and forwarding method | |
CN1703020A (en) | Architecture for configuration and management of cross-domain network services | |
CN1823506A (en) | Methods and apparatus for routing of information depending on the traffic direction | |
CN1652542A (en) | Method for implement virtual leased line | |
CN101047636A (en) | Method and system for end-to-end pseudo-line simulation virtual leased line access virtual special network | |
CN101488914A (en) | Quality of service implementing method and provide edge equipment | |
WO2011009331A1 (en) | Routing label distribution method and apparatus in virtual private network | |
CN1697408B (en) | Method for managing routes in virtual private network based on IPv6 | |
CN102571375B (en) | Multicast forwarding method and device as well as network device | |
CA2440241C (en) | Apparatus and methods for establishing virtual private networks in a broadband network | |
CN1297105C (en) | Method for implementing multirole main machine based on virtual local network | |
CN100563182C (en) | A kind of method that in the multilayer labels switching network, realizes virtual private network service | |
EP1732268A1 (en) | A method for safely transmitting the service stream over the ip network | |
WO2004071009A1 (en) | A method for determining relation between client edge router and virtual private network | |
CN1625144A (en) | Method for securing service quality in skeletal network of two-stage virtual special network | |
CN1716901A (en) | Virtual special network system of mixed station mixed skeleton network and its realizing method | |
CN101304337A (en) | Method and apparatus for generating access topology of service VPN | |
CN1852255A (en) | System and method for providing QoS service to virtual special line |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091125 Termination date: 20170831 |