WO2007009352A1 - A v-switch access method, apparatus and v-switch system - Google Patents

A v-switch access method, apparatus and v-switch system Download PDF

Info

Publication number
WO2007009352A1
WO2007009352A1 PCT/CN2006/001654 CN2006001654W WO2007009352A1 WO 2007009352 A1 WO2007009352 A1 WO 2007009352A1 CN 2006001654 W CN2006001654 W CN 2006001654W WO 2007009352 A1 WO2007009352 A1 WO 2007009352A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual switching
virtual
port
vlan
ethernet frame
Prior art date
Application number
PCT/CN2006/001654
Other languages
French (fr)
Chinese (zh)
Inventor
Lingyuan Fan
Yuepeng Chen
Dengchao Wu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CNB2005100839718A external-priority patent/CN100433713C/en
Priority claimed from CNA2005100839690A external-priority patent/CN1897569A/en
Priority claimed from CNA2005100839737A external-priority patent/CN1870577A/en
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007009352A1 publication Critical patent/WO2007009352A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to a virtual switching access method, apparatus, and virtual switching system. Background technique
  • Ethernet technology has become one of the main technologies for building a triple play and metropolitan area network in the future.
  • the Ethernet service will have great development in the future market.
  • V-Switch virtual switching
  • Virtue-Switch Generic Routing Encapsulation
  • GRE Generic Routing Encapsulation
  • L2TP Layer 2 Tunneling Protocol
  • MPLS Multiple Protocols Label Switch
  • VPN virtual private dial-up network
  • V-Switch Virtual Switching
  • Metro Ethernet can implement QoS guarantee, network security protection, carrier-class network maintenance and management functions, and has core business management capabilities such as number-based user management, certain mobility, and centralized management of business open management billing.
  • Provides services such as intelligent Layer 2 traffic scheduling, local area network (LAN), IP traffic planning, and other services.
  • LAN local area network
  • V-Switch virtual switching
  • V-Switch virtual switch
  • the virtual switch (V-Switch) architecture has complete Ethernet VLAN switching and scheduling functions, flexible service scheduling and establishment and adjustment methods, and rich and scalable Layer 2 service provision capabilities. And information.
  • V-Switch virtual switching
  • Figure 1 The logical hierarchy and functional model of the virtual switching (V-Switch) system are shown in Figure 1.
  • the virtual switching (V-Switch) system is divided into three layers: the V-Switch service control layer, the V-Switch connection control layer, and the V-Switch bearer capability layer.
  • the V-Switch connection control layer maintains the switching resources in the Data Retransmission Entity (DRE), such as devices, ports, links, and VLANs, and receives the V-Switch service control layer service control entity (SCR, Service Control Register).
  • DRE Data Retransmission Entity
  • SCR Service Control Register
  • the V-Switch establishes a request, selects a service flow path for the V-Switch connection, allocates bandwidth and a virtual local area network (VLAN) resource, and sends the control information to the data forwarding entity DRE device through which the service flow passes. on.
  • VLAN virtual local area network
  • the DRE is in the V-Switch bearer capability layer.
  • the DRE completes the service flow forwarding in the Ethernet frame format according to the VLAN switch entry set by the V-Switch connection control layer.
  • port 1 service flow forwarding port 1, such as GE 1/0/0
  • VLAN ID carried in the Ethernet frame format on port 1
  • port 2 service flow forwarding port 2, such as GE 1/0/1
  • VLAN ID of the vlan id 2 service flow carried in the Ethernet frame format on port 2.
  • the DRE uses the VLAN switching table as the routing basis for service flow forwarding.
  • the DRE forwards the service flow data according to the VLAN exchange table as shown in Figure 2:
  • the DRE in the V-Switch domain includes: an edge DRE and an intermediate DRE.
  • the edge DRE is the edge node of the V-Switoh domain, which is connected to the access user, and the intermediate DRE is connected to the access user through the edge DRE.
  • Both edge DRE and intermediate DRE only support "port + Vlan" exchange.
  • DRE sends the vlan id 1 Ethernet frame received on port 1 to port 2, and converts vlan id 1 to vlan id 2; DRE will The Ethernet frame of vlan id 2 received in port 2 is sent to port 1 and vlan id 2 is converted to vlan id 1.
  • a virtual channel of a VLAN can be established in the entire network.
  • the virtual channel can be described as: (device 1, port 1, vlan id 1) - (device 1, port 2, vlan id 2) - (device 2, port 3, vlan id 2) - (device 2, port 1, vlan id 3) ....
  • the access technology on the edge DRE is single, and only the access mode based on "port + VLAN" is required, and the user equipment is required to send to the access DRE.
  • the Ethernet tag must be marked with an Ethernet frame.
  • L2 Layer 2
  • the VLAN is encapsulated in the Ethernet frame sent by the client device to the DRE.
  • the application of technology is very inconvenient, and it also increases the equipment overhead of building a network. .
  • the V-Switch when the V-Switch carries an Ethernet frame to implement point-to-multipoint interworking, the "port + Vlan" of the Ethernet frame that receives the edge of the Ethernet frame received from the user side must be different, as shown in Figure 4.
  • the data forwarding entity DRE whose medium access control address is MAC (Medium Access Control) 1 needs to communicate with the data forwarding entity DRE whose media access control address is MAC2, MAC3, and MAC4 respectively
  • the V-Switch domain needs to be Establish three virtual channels of V-Switch for these three service flows, and the access address is MAC1.
  • the port + Vlan of the Ethernet frame received by the edge DRE from the user side must be different, so that it can be switched to different V-Switch virtual channels. Therefore, the requirements on the user side device are very high, requiring each for each Possible destination MAC addresses establish independent routes, and different "ports + VLANs" are forwarded. This is difficult to implement in actual networking.
  • a session connection can be established between any two IP addresses in the IP protocol.
  • any IP address in the Next Generation Network (NGN) service can establish a session connection with multiple IP addresses at the same time.
  • NTN Next Generation Network
  • the V-Switch carries IP services
  • the "port + Vlan" of the Ethernet frame carrying the IP flow received by the edge DRE of the access IP service from the user side must be different, as shown in Figure 3, if IP1 needs both IP2 and IP2.
  • IP3, IP4 communication the V-Switch domain needs to establish three virtual channels of V-Switeh for the three IP flows, and the port of the Ethernet frame that receives the IP flow received by the edge DRE of the IP1 from the user side.
  • V-Switch carries IP services
  • the Layer 3 routing device on the user side is required for each possible destination IP address. Establish independent routes and take different interfaces, which is almost impossible to implement in actual networking.
  • the present invention aims to provide a virtual switching access method and apparatus, and a virtual switching system.
  • the present invention improves the virtual switching access method based on multiple policies (including ports, MAC addresses, IP addresses, etc.) on the edge DRE.
  • the architecture of the virtual switching system enriches the virtual switching access method, thereby improving the access capability of the virtual switching technology, expanding the application range of the virtual switching technology, and reducing the cost of forming the network.
  • a virtual switching access method is provided, which is applied to a virtual switching system having an edge data forwarding entity configured with a virtual switching policy, the method comprising:
  • the edge data forwarding entity performs virtual exchange data transmission according to the mapping relationship.
  • the edge data forwarding entity maps the user data packet to the corresponding virtual switching channel
  • the data packet is encapsulated according to the virtual switching channel Ethernet frame format, and the encapsulated data packet is transmitted along the virtual switching channel.
  • the virtual switching policy includes:
  • the mapping between the port and the virtual switch channel is established based on the port, or the mapping between the port and the virtual local area network VLAN ID and the virtual switch channel is established.
  • the mapping relationship between the IP address or the IP quintuple and the virtual switching channel is established.
  • Another virtual switching access method provided by the present invention includes:
  • the data forwarding entity performs virtual exchange data transmission according to the mapping relationship of the received Ethernet frame.
  • the establishing a mapping relationship includes:
  • the virtual exchange data transmission includes:
  • Ethernet frame received from the first port is encapsulated by the VUN protocol according to the second port virtual local area network VLAN identifier in the corresponding relationship, and the encapsulated Ethernet frame is transmitted through the second port;
  • Ethernet frame encapsulated by the second port VLAN identifier according to the VLAN protocol is decapsulated, and the decapsulated Ethernet frame is transmitted through the first port.
  • the information stored in the record is the correspondence between the first port and the second port and the VLAN identifier. ;
  • the information stored in the record is the correspondence between the first port and the second port.
  • the information stored in the record is a correspondence between the first port and the second port and the second port VLAN identifier
  • the record is in the record
  • the stored information is a correspondence between the first port and the second port.
  • a virtual switching access device including: a storage module: a mapping relationship between a storage port and a virtual switching channel;
  • the switching module performs the virtual exchange data transmission according to the mapping relationship stored in the storage module.
  • a further virtual switching access method includes:
  • the data forwarding entity determines the location according to the IP layer address information of the IP packet and the mapping relationship.
  • the data forwarding entity carries the IP packet according to the virtual switching channel corresponding to the IP packet for transmission.
  • the establishing a mapping relationship includes:
  • the IP packet of the access virtual switching domain received from the Ethernet layer is delivered to the IP layer;
  • the IP layer determines the egress port and the outbound VLAN identifier of the virtual switch channel corresponding to the IP packet according to the mapping relationship, the destination address information of the IP packet to be accessed in the virtual switching domain, or the quintuple information of the IP layer.
  • the message transmission includes: an out VLAN identifier encapsulating and transmitting an Ethernet frame of the IP >3 ⁇ 4 text; or
  • the Ethernet layer of the egress data forwarding entity transmits the IP packet that needs to be forwarded out of the virtual switching domain to the IP layer.
  • the IP layer performs IP packet transmission according to the destination address of the IP packet.
  • Another virtual switching access device includes:
  • the storage module is configured to: store the mapping relationship between the IP address information and the virtual switch channel; the channel determining module: receives the IP packet that is connected to the virtual switching domain, and according to the mapping relationship stored in the storage module, the IP carried in the IP packet Layer address information determines that the IP packet corresponds to Virtual exchange channel
  • the encapsulation and forwarding module encapsulates and transmits the IP packet according to the virtual switching channel determined by the virtual switching channel module.
  • a virtual switching system including: an ingress data forwarding entity and an egress data forwarding entity;
  • the ingress data forwarding entity determines the virtual switching channel corresponding to the IP packet according to the mapping relationship between the IP layer address information and the virtual switching channel, and the IP layer address information of the IP packet accessing the virtual switching domain, and the IP address is After the packet is encapsulated, it is transmitted on the virtual switched channel.
  • the egress packet forwarding entity The IP packet that needs to be forwarded out of the virtual switching domain is transmitted according to the IP layer destination address it carries.
  • the ingress data forwarding entity includes:
  • the storage module is configured to: store the mapping relationship between the IP address information and the virtual switch channel; the channel determining module: receives the IP packet that is connected to the virtual switching domain, and according to the mapping relationship stored in the storage module, the IP carried in the IP packet The layer address information determines a virtual switching channel corresponding to the IP packet.
  • Encapsulating and forwarding module The IP packet is encapsulated and transmitted according to the determined virtual switching channel.
  • the virtual switching system further includes: at least one intermediate data forwarding entity;
  • the intermediate data forwarding entity transmits IP packets in the virtual switching domain to other intermediate data forwarding entities or egress data forwarding entities according to the VLA exchange table.
  • a virtual switching access method including: establishing a mapping relationship between Ethernet layer address information and a virtual switching channel;
  • Determining, according to the Ethernet layer address information of the Ethernet frame, the mapping relationship, the virtual switching channel corresponding to the Ethernet frame; the establishing the mapping relationship includes:
  • mapping between the destination MAC address information and the port ID and VLAN ID is established.
  • mapping between the destination MAC address information and the source MAC address information of the virtual switch channel and the outbound VLAN ID is established.
  • the method further comprises: The Ethernet layer of the ingress data forwarding entity determines the egress port and the outbound virtual switching channel corresponding to the Ethernet frame according to the mapping relationship, the destination MAC address information of the Ethernet frame that accesses the virtual switching domain, or the destination MAC address and the source MAC address information. VLAN ID.
  • the Ethernet frame transmission includes:
  • the port data forwarding entity encapsulates and transmits the Ethernet frame corresponding to the port corresponding to the Ethernet frame and the VLAN identifier;
  • the intermediate data forwarding entity transmits the Ethernet frame in the virtual switching domain it receives according to the VLA exchange table
  • the egress data forwarding entity that forwards the Ethernet frame out of the virtual switching domain receives the Ethernet frame in the virtual switching domain and transmits according to the destination MAC address of the Ethernet frame.
  • the storage module is configured to: store a mapping relationship between the Ethernet layer address information and the virtual switching channel; and the channel determining module: receiving an Ethernet frame that accesses the virtual switching domain, and according to the mapping relationship stored in the storage module, the Ethernet layer address carried in the Ethernet frame The information determines a virtual switching channel corresponding to the Ethernet frame;
  • Encapsulating and forwarding module The Ethernet frame is encapsulated and transmitted according to the virtual switching channel determined by the virtual switching channel module.
  • the method includes: an ingress data forwarding entity and an egress data forwarding entity;
  • the ingress data forwarding entity determining a virtual switching channel corresponding to the Ethernet frame according to the mapping relationship between the Ethernet layer address information and the virtual switching channel, and the Ethernet layer address information of the Ethernet frame of the access virtual switching domain, and encapsulating the Ethernet frame Post transmission
  • Egress data forwarding entity The Ethernet frame transmitted in the virtual switching domain is transmitted according to the destination MAC address it carries.
  • the ingress data forwarding entity includes:
  • the storage module is configured to: store a mapping relationship between the Ethernet layer address information and the virtual switching channel; and the channel determining module: receiving an Ethernet frame that accesses the virtual switching domain, and according to the mapping relationship stored in the storage module, the Ethernet layer address carried in the Ethernet frame The information determines a virtual switching channel corresponding to the Ethernet frame; Encapsulating and forwarding module: The Ethernet frame is encapsulated and transmitted according to the virtual switching channel determined by the virtual switching channel module.
  • the virtual switching system further includes: at least one intermediate data forwarding entity;
  • Intermediate data forwarding entity The Ethernet frame of the virtual switching domain is transmitted to other intermediate data forwarding entities or egress data forwarding entities according to the VLAN switching table.
  • the port-based policy is to establish a mapping relationship between the port and the virtual switching channel on the edge DRE, so that the edge DRE can perform virtual switch transmission of the common Ethernet frame according to the port.
  • the ingress DRE can transmit the client device without passing the 802.1Q.
  • the encapsulated ordinary Ethernet frame is directly encapsulated in 802.1Q and transmitted through the virtual switch channel corresponding to the receiving port.
  • the egress DRE can convert the 802.1Q encapsulated Ethernet frame transmitted from the virtual switched domain into a normal Ethernet frame and directly pass the corresponding output.
  • the port is sent.
  • the ingress DRE can directly send the normal Ethernet frame received from the port through the corresponding other port.
  • the L2 device does not need to be added, and the network is reduced.
  • the cost of the virtual switch is increased.
  • the virtual switching method is improved by setting the mapping relationship in the VLAN switching table, such as making full use of the existing fields in the VLAN switching table. Access capability, expand the application range of virtual switching technology, reduce the group The purpose of building network costs.
  • the IP address-based policy provides a virtual switch access method for the IP packet.
  • the mapping between the IP address information and the virtual switch channel is established on the edge DRE, so that the ingress DRE can directly obtain the address information of the IP packet.
  • the virtual switch channel corresponding to the IP packet is determined, so that the V-Switch does not require the port + VLAN of the Ethernet frame to carry the IP service flow. Therefore, the port must be different through the same port.
  • the IP packet of the information can be transmitted through the different ports + Vlan, and the virtual switch access method is enriched.
  • the egress packet of the present invention can transmit IP packets to the virtual switch domain according to the IP address of the IP packet. Forwarding; thus, the technical solution provided by the present invention achieves the purpose of improving the carrying capacity of the virtual switching to the IP service and expanding the application range of the virtual switching technology.
  • the MAC address-based policy provides a new virtual switching access method for the Ethernet frame.
  • the ingress DRE can directly according to the address information of the Ethernet frame. Determining the virtual switching channel corresponding to the Ethernet frame, When the V-Switch is carrying an Ethernet frame, the "port + VLAN" of the Ethernet frame must not be required to be different, so that the Ethernet frame with different Ethernet layer address information accessed through the same port or the same "port + VLAN" is allowed.
  • the virtual switch access method can be enriched by different "port + VLAN"transmission; the egress DRE of the present invention can forward the Ethernet frame transmitted by the virtual switch domain according to the destination MAC address of the Ethernet frame; thus, provided by the present invention
  • the technical solution achieves the purpose of improving the access capability of the virtual switching technology and expanding the application range of the virtual switching technology.
  • Figure 1 is a schematic diagram of the logical hierarchy and functional model of the virtual switching system
  • FIG. 2 is a schematic diagram of a method for implementing virtual switching in the prior art
  • FIG. 3 is a schematic diagram of a virtual switch access implementation principle of an IP service in the prior art
  • FIG. 4 is a schematic diagram of a virtual switch access principle based on an Ethernet frame in the prior art
  • FIG. 5 is a schematic diagram of an implementation principle of virtual switching access according to the present invention.
  • FIG. 6 is a schematic diagram of a virtual-switching access principle based on "port-port-port, VLAN" according to a first embodiment of the present invention
  • FIG. 7 is a schematic diagram of a virtual port access principle based on "port-one port” according to a second embodiment of the present invention.
  • FIG. 8 is a schematic diagram of a virtual switch access device according to the present invention.
  • FIG. 9 is a schematic diagram of an IP-based virtual switch access implementation principle according to the present invention.
  • FIG. 10 is a schematic diagram of implementing IP layer point-to-multipoint service based on IP-based virtual switch access according to the present invention.
  • FIG. 11 is a schematic diagram of a virtual switch access principle based on an Ethernet frame according to the present invention
  • FIG. 12 is a schematic diagram showing the principle of implementing Ethernet layer-to-multipoint service based on virtual switch access of an Ethernet frame according to the present invention.
  • the present invention proposes a new virtual switching access method, device and virtual switching system in the V-Switch technology.
  • the core idea is to establish a mapping relationship between a user data packet/frame and a virtual switching channel by configuring a policy at the edge entry DRE. It mainly includes the mapping between the port and the virtual switching channel, the mapping between the IP address information and the virtual switching channel, or the Ethernet layer address information and the virtual switching channel. 06 001654
  • the ingress DRE selects a suitable virtual switching channel to transmit the service flow according to the above policy.
  • the present invention establishes a mapping relationship between a user data packet/frame and a virtual switching channel by configuring a virtual switching policy at the edge DRE.
  • a user data packet/frame from a user edge device CE, Customer Edge
  • the ingress DRE selects a suitable virtual switching channel to transmit the service flow according to the policy, and the service flow passes through the virtual switching channel.
  • the exchange of several intermediate DREs finally reaches the edge exit DRE, the exit DRE terminates the tunnel, obtains the user data packet/frame, and then forwards it to the CE.
  • FIG. 5 is a schematic diagram showing the principle of virtual switching access according to the present invention, with reference to FIG. 5.
  • the user data packet/data frame is mapped to the virtual switching channel according to the configured policy, and is encapsulated according to the virtual switching channel Ethernet frame format, and then the encapsulated data packet is sent out from the outbound port.
  • the intermediate DRE forwards the data packet according to the port and the VLAN
  • the virtual switched channel is terminated to restore the user packet/frame and forwarded to the CE device.
  • the virtual exchange policy of the above-mentioned entry DRE is flexible, and can be based on port, port +
  • VLAN ID MAC address (destination MAC, destination MAC + source MAC), IP address (such as S IP address, IPv4 quintuple).
  • IP address such as S IP address, IPv4 quintuple.
  • the edge of the virtual switching access may be only a port, and the other end may be only a port or a port. +VLAN" and so on.
  • the Ethernet frame transmission channel between the port and the port is a special case in the virtual switch channel.
  • This embodiment adopts a virtual port access method based on "port one port, VLAN".
  • the mapping between port 1 and port 2 and VLAN ID 2 is required. Therefore, the DRE can encapsulate the normal Ethernet frame transmitted by the client device received from port 1 according to the VLAN identifier in the corresponding relationship, such as VLAN.
  • the identifier 2 is encapsulated in the 802.1Q, and the encapsulated Ethernet frame is transmitted according to the virtual switching channel in the corresponding relationship; at the same time, the DRE receives the encapsulated VLAN 2 from the virtual switched channel in the corresponding relationship.
  • the Ethernet frame is converted into a normal Ethernet frame, and the converted normal Ethernet frame is directly transmitted through the port 1 according to the correspondence.
  • the L2 device does not need to be added between the user equipment and the ingress DRE, or between the user equipment and the egress DRE, which reduces the equipment overhead of the network and increases the application of the virtual exchange. Scenes.
  • FIG. 6 is a schematic diagram of virtual port access based on "port-port, VLAN" according to the present invention, with reference to FIG. 6,
  • the normal Ethernet frame on the user side enters the V-Switch domain through port 1 of the ingress DRE.
  • port 1 of the ingress DRE corresponds to port 2 and VLAN ID 2
  • the Ethernet layer of the ingress DRE performs 802.1Q on the common Ethernet frame according to the VLAN ID 2. Encapsulation, and sending the 802.1Q encapsulated Ethernet frame according to port 2 and VLAN identifier 2.
  • the Ethernet layer of the intermediate DRE After receiving the 802.1Q encapsulated Ethernet frame, the Ethernet layer of the intermediate DRE still transmits in the "port + VLAN" mode according to the VLAN exchange table.
  • the Ethernet layer of the egress DRE After the egress Ethernet layer receives the 802.1Q encapsulated Ethernet frame through the port 2, when the port 1 of the egress DRE corresponds to the port 2 and the VLAN ID 2, the Ethernet layer of the egress DRE converts the 802.1 Q encapsulated Ethernet frame into an ordinary ether. Frame, and send the normal Ethernet frame directly through port 1.
  • This embodiment adopts a virtual port access method based on "port one port”.
  • FIG. 7 is a schematic diagram of a virtual port access principle based on "port-port" according to the present invention, referring to FIG. 7,
  • the ingress DRE and the egress DRE are the same DRE, and the normal Ethernet frame on the user side enters the V-Switch domain through the port 1 of the ingress DRE.
  • the Ethernet layer of the ingress DRE associates the ordinary Ether frame. Send directly through port 2.
  • the correspondence in the above embodiment may be set in the VLAN switching table.
  • the method of setting the above correspondence in the exchange table is flexible, and can be set to the form of Table 2.
  • the vlan id 1 of port 1 is an invalid VLAN ID
  • the vlan id2 of port 2 is a valid VLAN ID
  • the vlan id 1 of port 1 is a valid VLAN ID
  • the vlan id of port 2 is 2 If the VLAN ID is invalid, or if the VLAN ID of port 1 is invalid, and the VLAN ID of port 2 is invalid, the DRE needs to perform the port-based virtual switch according to the entry. Into the method.
  • vlan id1 of port 1 is a valid VLAN ID and the vlan id2 of port 2 is also a valid VLAN ID, it indicates that the DRE needs to perform the virtual switch based on "port + Vlan" in the prior art according to the entry. Into the method.
  • the DRE After receiving the Ethernet frame from port 1, the DRE needs to determine the entry of the VLAN switch table corresponding to the Ethernet frame, and then determine the VLAN ID vlan idl and VLAN in the entry. Whether the value of ID vlan id2 is a valid value.
  • the packet received by the ingress DRE is an 802.1Q encapsulated Ethernet frame of the vlan id1, and the ingress DRE needs to convert the 802.1Q encapsulated Ethernet frame into an ordinary one.
  • the Ethernet frame is sent directly through port 2.
  • the packet received by the ingress DRE is a normal Ethernet frame.
  • the DRE needs to convert the ordinary Ethernet frame into an 802.1 Q encapsulated Ethernet frame of vlan id2. And send it out through port 2.
  • the packet received by the DRE is an ordinary Ethernet frame.
  • the ingress DRE only needs to send the ordinary Ethernet frame directly through port 2.
  • the packet received by the ingress DRE is the 802.1Q encapsulated Ethernet frame of the VLAN ID vlan idl, and the ingress DRE receives the vlan idl of the port 1.
  • the 802.1Q encapsulated Ethernet frame is sent to port 2, and the vlan idl is converted to vlan id2.
  • the setting such as adding a new switching mode type in the VLAN switching table, indicating the VLAN switching mode used by the DRE by using different values of the switching mode type, and adding two fields in the VLAN switching table,
  • the different values of the two fields indicate which VLAN switching mode the DRE uses.
  • FIG. 1 A virtual switching access device provided by the present invention is shown in FIG.
  • the virtual switch access device includes: a storage module and a switch module.
  • the storage module is mainly used to map the relationship between the storage port and the virtual switch channel, including: the mapping between port 1 and port 2 and VLAN ID 2, the mapping between port 1 and port 2, and port 1 and VLAN ID 1 and port 2 and VLAN.
  • the switching module is configured to receive an Ethernet frame, determine an entry in the VLAN switch table corresponding to the Ethernet frame, and determine a virtual switch access mode of the Ethernet frame according to the content in the entry, and perform virtual switching according to the Ethernet frame.
  • the access mode sends an Ethernet port, such as based on "port one port, Virtual switching access method of VLAN", or virtual port access method based on “port-port”, or virtual port exchange based on "port, VLAN-port, VLAN”.
  • Switch module for virtual frame of Ethernet The exchange transmission method is as described in the above method and will not be described in detail herein.
  • the IP layer address information in the present invention may be the IP layer destination address information, or may be the IP layer quintuple (source IP address, destination IP address) Address, protocol number, source port number, destination port number) information. Therefore, the mapping relationship between the IP address information and the virtual switch channel in the edge DRE is as follows: The mapping between the IP address of the IP layer and the outbound port and the outbound VLAN of the virtual switch channel is established, or the IP layer quintuple is established. The mapping between the information and the outgoing port of the virtual switching channel and the outgoing VLA identifier.
  • the above mapping relationship can be stored in the ingress DRE.
  • FIG. 9 is a schematic diagram of an IP-based virtual switch access implementation according to the present invention. The transmission process of IP packets in the virtual switch domain is described in detail below in conjunction with FIG. 9.
  • the link layer of the ingress DRE submits the IP packet to the IP layer for processing.
  • the mapping relationship stored in the ingress DRE is the IP layer quintuple information and the virtual switch channel.
  • the IP layer should obtain the corresponding address information of the IP packet, and match the address information with the mapping relationship stored in the ingress DRE to determine the egress port and out VLAN ID of the virtual switching channel corresponding to the packet. .
  • the mapping relationship between the IP address and the virtual switch channel is the mapping between the IP address and the virtual switch channel
  • the IP address of the IP address is matched with the destination address of the IP address.
  • the outbound port and outbound VLAN ID of the virtual switch channel corresponding to the IP packet are determined.
  • the Ethernet layer of the ingress DRE uses the outbound VLAN identifier to encapsulate the IP packet in 802.1Q, and sends the packet according to the determined outbound port.
  • the intermediate DRE Ethernet layer When the intermediate DRE Ethernet layer receives the 802.1 Q-encapsulated IP packet, it still transmits the packet according to the VLAN switch table as "port + VLAN".
  • the egress Ethernet interface After the egress Ethernet layer receives the 802.1Q encapsulated IP packet, the egress Ethernet interface terminates the virtual switch channel and sends the IP packet to the IP layer for processing. The IP layer forwards the packet according to the destination address of the IP packet.
  • 10 is a schematic diagram of implementing IP layer point-to-multipoint service based on IP-based virtual switching access according to the present invention. The virtual switching process of establishing a session connection between an IP address and multiple IP addresses is described in detail below with reference to FIG. .
  • the V-Switch domain will establish three V-Switch channels for the three IP service flows. Since the IP address information of the three IP service flows received by the access DRE1 of the access IP1 is different from the IP address, the IP header addresses are IP2, IP3, and IP4 respectively. Therefore, the DRE1 can be in the IP address. After the IP address of the IP address is encapsulated, the three IP service flows are encapsulated and switched to different V-Switch channels. After the three IP service flows are encapsulated, they are respectively identified according to different egress ports and VLAN IDs. Transfer to DRE2 and DRE4.
  • DRE2 When receiving the two IP service flows transmitted by DRE1, DRE2 transmits one of the IP service flows to DRE3 according to the VLAN switching table, and submits one IP service flow to the IP layer for processing, and the IP layer of DRE2 is based on the IP.
  • the destination address of the packet forwards the IP traffic flow route to IP2.
  • DRE3 submits the IP service flow transmitted by DRE2 to the IP layer for processing.
  • the IP layer of DRE3 forwards the IP service flow route to IP3 according to the destination address of the IP packet.
  • DRE4 When receiving an IP service flow from DRE1, DRE4 transmits it to DRE5 according to the VLAN switch table. DRE5 submits the IP service flow transmitted by DRE4 to the IP layer for processing. The IP layer of DRE5 forwards the IP service flow route to IP4 according to the destination address of the IP packet.
  • a virtual switching system provided by the present invention includes: an ingress data forwarding entity and an egress data forwarding entity.
  • the virtual switching system may also include an intermediate data forwarding entity, and the number of intermediate data forwarding entities may be one or more.
  • the following describes an example of a virtual switching system including an ingress data forwarding entity, an intermediate data forwarding entity, and an egress data forwarding entity.
  • the number of the ingress data forwarding entity, the intermediate data forwarding entity, and the egress data forwarding entity in the system may be one or more.
  • the ingress data forwarding entity is mainly used to map the IP layer address information to the virtual switching channel.
  • the IP address information of the IP address of the IP address of the virtual switch domain is determined, and the virtual switch channel corresponding to the IP packet is determined, and the IP packet is encapsulated and transmitted to the intermediate data forwarding entity or the egress data forwarding entity.
  • the ingress data forwarding entity is an IP-based virtual switching access device, which includes a storage module, a virtual switching channel module, and a package forwarding module.
  • the storage module is mainly used for storing the mapping relationship between the IP address information and the virtual switching channel, such as the mapping between the IP address of the IP layer and the outgoing port of the virtual switching channel, and the outbound VLAN identifier. Five-tuple information, etc.
  • the virtual switching channel determining module is configured to receive an IP packet that is connected to the virtual switching domain, such as receiving an IP packet transmitted by the routing device on the user side, and receiving the IP packet according to the mapping relationship stored in the storage module.
  • the IP address information carried in the IP address determines the virtual switch channel corresponding to the IP packet. For example, the outbound port and the outbound VLAN identifier of the virtual switch channel corresponding to the IP packet are determined according to the destination address of the IP packet.
  • the encapsulation and forwarding module is configured to encapsulate the IP packet and transmit it to the intermediate DRE or the egress DRE according to the information determined by the port and the VLAN identifier determined by the virtual switching channel module.
  • the intermediate data forwarding entity is configured to receive the IP packet transmitted by the encapsulating and forwarding module of the ingress DRE or other intermediate DRE, and transmit the IP packet received by the inbound to the other intermediate data forwarding entity or the egress data forwarding entity according to the VLAN switching table. .
  • the egress packet forwarding entity is mainly used to transmit the IP packet transmitted by the ingress data forwarding entity or the intermediate data forwarding entity according to the destination address of the bearer.
  • the Ethernet layer address information in the present invention may be the destination MAC address information, or may be the destination MAC address information and the source MAC address information. Therefore, the mapping relationship between the Ethernet layer address information and the virtual switching channel is established in the edge DRE as follows: establishing a mapping relationship between the destination MAC address information and the outbound port and the outgoing VLAN identifier of the virtual switching channel, or establishing the destination MAC address information and source. The mapping between the MAC address information and the egress port and outbound VLAN ID of the virtual switching channel.
  • the above mapping relationship can be stored in the ingress DRE.
  • FIG. 11 is a schematic diagram of a virtual switch access principle based on an Ethernet frame according to the present invention.
  • the transmission process of an Ethernet frame in a virtual switched domain is described in detail below with reference to FIG. 11.
  • the mapping relationship stored in the ingress DRE is the mapping between the destination MAC address, the source MAC address information, and the outbound port and outbound VLAN identifier of the virtual switching channel
  • the ingress DRE Ethernet layer should obtain the destination MAC address of the Ethernet frame and
  • the source MAC address information is matched, and the destination MAC address and the source MAC address information are matched with the mapping relationship stored in the ingress DRE to determine the outbound port and outbound VLAN identifier of the virtual switching channel corresponding to the Ethernet frame.
  • the destination DRE Ethernet layer should acquire the Ethernet frame when the Ethernet frame enters the V-Switch domain.
  • the MAC address is matched with the mapping relationship between the destination MAC address and the ingress DRE to determine the outbound port and outbound VLAN identifier of the virtual switching channel corresponding to the Ethernet frame.
  • the ingress DRE layer uses the outbound VLAN identifier to encapsulate the Ethernet frame in 802.1Q, and sends the packet according to the determined out port.
  • Ethernet layer of the intermediate DRE When the Ethernet layer of the intermediate DRE receives the 802.1Q encapsulated Ethernet frame, it still transmits in the "port + VLAN" according to the VLAN switch table.
  • the Ethernet layer of the egress DRE After the Ethernet layer of the egress DRE receives the 802.1Q encapsulated Ethernet frame, the Ethernet layer of the egress DRE terminates the virtual switch channel and forwards according to the destination MAC address of the Ether frame.
  • FIG. 12 is a schematic diagram of the principle of implementing Ethernet layer-to-multipoint service based on virtual switching access of an Ethernet frame according to the present invention.
  • the virtual switching process of establishing a session connection between a MAC address and multiple MAC addresses simultaneously is performed in conjunction with FIG. 11. A detailed description.
  • the V-Switch domain establishes three V-Switch channels for three Ethernet frame traffic flows.
  • the Ethernet layer address information of the three Ethernet frame service flows received from the user side is different, for example, the destination MAC address is MAC2, MAC3, and MAC4. Therefore, the DRE1 can be based on the destination MAC address.
  • the address or the three Ethernet frame service flows are encapsulated according to the destination MAC address and the source MAC address, and then switched to different V-Switch channels, that is, after the three Ethernet frame service flows are encapsulated, according to different outgoing ports and VLANs.
  • the identifiers are transmitted to DRE2 and DRE4, respectively.
  • DRE2 When DRE2 receives two Ethernet frame traffic flows from DRE1, it is based on VLAN The table exchanges one of the Ethernet frame traffic to DRE3, and the other Ethernet frame traffic forwards the Ethernet frame traffic to MAC2 according to the destination MAC address of the Ethernet frame or according to the destination MAC address and the source MAC address.
  • DRE3 receives the Ethernet frame traffic transmitted by DRE2, and forwards the Ethernet frame traffic to MAC3.
  • DRE4 When receiving the Ethernet frame traffic from DRE1, DRE4 transmits it to DRE5 according to the VLAN switch table. DRE5 receives the Ethernet frame traffic transmitted by DRE4 and forwards it to MAC4 according to the ATM traffic.
  • Another virtual switching system provided by the present invention mainly includes: an ingress data forwarding entity and an egress data forwarding entity.
  • the virtual switching system may also include an intermediate data forwarding entity, and the number of intermediate data forwarding entities may be one or more.
  • the virtual switching system includes an ingress data forwarding entity, an intermediate data forwarding entity, and an egress data forwarding entity as an example.
  • the ingress data forwarding entity is configured to determine the virtual switching channel corresponding to the Ethernet frame according to the mapping relationship between the Ethernet layer address information and the virtual switching channel, and the Ethernet layer address information of the Ethernet frame of the virtual switching domain, and encapsulate the Ethernet frame. , to the intermediate data forwarding entity or the export data forwarding entity.
  • the ingress data forwarding entity is a virtual switching access device based on an Ethernet frame, and includes a storage module, a virtual switching channel module, and a package forwarding module.
  • the storage module is mainly used for storing the mapping relationship between the Ethernet layer address information and the virtual switching channel, such as the mapping between the destination MAC address and the outgoing port of the virtual switching channel, and the outgoing VLAN identifier.
  • the Ethernet layer address information can also serve the purpose. MAC address and source MAC address information, etc.
  • the virtual switching channel determining module is mainly used for receiving an Ethernet frame that accesses the virtual switching domain, such as Receiving an Ethernet frame transmitted by the Layer 2 or Layer 3 routing device on the user side, and determining the virtual switching channel corresponding to the Ethernet frame according to the mapping relationship stored in the storage module and the Ethernet layer address information carried in the received Ethernet frame, such as The outbound port and the outbound VLAN identifier of the virtual switching channel corresponding to the Ethernet frame are determined according to the destination MAC address of the Ethernet frame.
  • the encapsulation and forwarding module is mainly used to encapsulate the Ethernet frame and transmit it to the intermediate DRE or the outlet DRE according to the information determined by the port and the VLAN identifier determined by the virtual switching channel module.
  • the intermediate data forwarding entity is mainly used for receiving an encapsulated forwarding module of the ingress DRE or other Ethernet frames transmitted by the intermediate DRE, and transmitting the received Ethernet frame to other intermediate data forwarding entities or egress data forwarding entities according to the VLA exchange table.
  • the egress data forwarding entity is mainly used to transmit the Ethernet frame transmitted by the ingress data forwarding entity or the intermediate data forwarding entity according to the destination MAC address it carries.

Abstract

The core idea of a new V-SWITCH access method, apparatus and V-SWITCH system in the V-SWITCH technology is that a V-SWITCH access method based on a variety of policies (including port, MAC address, IP address and so on) is supported on the edge DRE, by configuring the policies on the edge ingress DRE to establish the mapping relationship from the user data packets/frames to the V-SWITCH channels, which mainly includes the mapping relationship from port to V-SWITCH channel, from IP layer address information to V-SWITCH channel, or from Ethernet layer address information to V-SWITCH channel, when the packets from user come into the V-SWITCH domain, the ingress DRE selects a suitable V-SWITCH channel for the packets according to the policies above to transmit the traffic stream. The present invention consummates the architecture of the V-SWITCH system, enriches the V-SWITCH access method, thereby enhances the access capacity of the V-SWITCH technology, expands the application area of the V-SWITCH technology, and reduces the cost of establishing network.

Description

虛交换接入方法、 装置和虛交换系统 技术领域 本发明涉及网络通信技术领域, 具体涉及虚交换接入方法、 装置和 虚交换系统。 背景技术  The present invention relates to the field of network communication technologies, and in particular, to a virtual switching access method, apparatus, and virtual switching system. Background technique
随着 Internet规模的不断增大, 各种各样的网络服务不断涌现, 先 进的多媒体系统相继出现。 由于实时业务对网络传输时延、 延时抖动等 特性较为敏感, 当网络上有突发性高的文件传输协议(FTP,FILE Transfer Protocol ) 或者含有图像文件的超文本传输协议 (HTTP , Hyber Text Transport Protocol )等业务时, 实时业务就会受到艮大影响; 另一方面, 多媒体业务占去了大量的带宽, 这样, 现有网络要保证的关键业务就难 以得到可靠的传输。 于是, 各种业务盾量(QoS , Quality Of Service ) 技术应运而生。网络工程任务组( IETF , Internet Engineering Task Force ) 已经建议了很多服务模型和机制, 以满足 QoS的需求。  As the scale of the Internet continues to increase, a variety of network services continue to emerge, and advanced multimedia systems have emerged. Since real-time services are sensitive to network transmission delays and delay jitter, there are bursty file transfer protocols (FTP, FILE Transfer Protocol) or hypertext transfer protocols (HTTP, Hyber Text) with image files. In the case of services such as Transport Protocol, real-time services are greatly affected. On the other hand, multimedia services take up a large amount of bandwidth, so that the critical services to be guaranteed by existing networks are difficult to obtain reliable transmission. As a result, various QoS (Quality Of Service) technologies emerged. The Network Engineering Task Force (IETF) has proposed a number of service models and mechanisms to meet the needs of QoS.
基于门户的多种应用和服务以及宽带多媒体业务, 包括为普通住宅 用户提供丰富的 Video/Audio流、 视频点播(VOD, Video On Demand )、 视频组播、 多媒体交互、 高带宽需求的网络游戏, 为商业用户提供视频 会议、远程教育、虚拟专用网(VPN, Virtue Private Network ),具有 QoS 保障的数据专线、 数字酒店 (IPHotel, Internet Protocol Hotel )等, 成为 宽带运营的重要内容。  Portal-based applications and services as well as broadband multimedia services, including rich video/Audio streaming, video on demand (VOD, Video On Demand), video multicast, multimedia interaction, high bandwidth demand online games for ordinary residential users, Providing video conferencing, distance education, virtual private network (VPN, Virtue Private Network), QoS-guaranteed data line, and IPHotel (Internet Protocol Hotel) for commercial users, it is an important part of broadband operation.
运营商和企事业用户对以太网技术和端对端以太网技术有较高的认 知程度。 以太网技术成为未来搭建三网合一、 城域网的主要技术之一, 以太网业务在未来市场将会有极大的发展。  Operators and enterprises have a high level of awareness of Ethernet technology and end-to-end Ethernet technology. Ethernet technology has become one of the main technologies for building a triple play and metropolitan area network in the future. The Ethernet service will have great development in the future market.
针对这些商业用户,目前已提出了虚交换( V-Switch, Virtue-Switch )、 通用路由封装(GRE , Generic Routing Encapsulation ), 第二层隧道协议 ( L2TP, Layer 2 Tunneling Protocol ),多协议标签交换( MPLS, Multiple Protocols Label Switch ) 等多种方式的虚拟专用网 /虚拟专用拨号网络 ( VPN /VPDN, Virtue Private Dial-up Network ) 专线方案。  For these commercial users, virtual switching (V-Switch, Virtue-Switch), Generic Routing Encapsulation (GRE), Layer 2 Tunneling Protocol (L2TP), and multi-protocol label switching have been proposed. (MPLS, Multiple Protocols Label Switch) and other methods of virtual private network / virtual private dial-up network (VPN / VPDN, Virtue Private Dial-up Network) dedicated line solution.
虛交换( V-Switch )技术主要用于组建稳定、 实用、 经济的运营级 城域以太网, 可以实现 QoS保证、 网络安全保护、 电信級的网络维护和 管理等功能, 具备基于号码的用户管理、 一定的移动性、 业务开放管理 计费的集中管理等核心业务管理能力, 提供包括智能二层流量调度、 局 域网 (LAN, Local Area Network )专线、 IP流量规划等业务和服务, 虚 交换 ( V-Switch ) 的出现填补了目前的网络在純二层能力上的不足, 对 新时期城域网的建设具有重要的作用。 Virtual Switching (V-Switch) technology is mainly used to build stable, practical, and economical carrier-grade Metro Ethernet can implement QoS guarantee, network security protection, carrier-class network maintenance and management functions, and has core business management capabilities such as number-based user management, certain mobility, and centralized management of business open management billing. Provides services such as intelligent Layer 2 traffic scheduling, local area network (LAN), IP traffic planning, and other services. The emergence of virtual switching (V-Switch) fills the gaps in the current network's pure Layer 2 capabilities. The construction of the metropolitan area network has an important role.
虚交换( V- Switch )体系结构具备完善的以太网 VLAN交换和调度功 能, 灵活的业务调度和建立、 调整的手段, 以及丰富的、 可扩展的二层 业务提供能力, 完善的操作维护管理工具和信息。  The virtual switch (V-Switch) architecture has complete Ethernet VLAN switching and scheduling functions, flexible service scheduling and establishment and adjustment methods, and rich and scalable Layer 2 service provision capabilities. And information.
虛交换(V-Switch )体系的逻辑层次和功能模型如附图 1所示。 图 1中, 虚交换(V-Switch )体系分为三层: V-Switch业务控制层, V-Switch连接控制层, V-Switch承载能力层。  The logical hierarchy and functional model of the virtual switching (V-Switch) system are shown in Figure 1. In Figure 1, the virtual switching (V-Switch) system is divided into three layers: the V-Switch service control layer, the V-Switch connection control layer, and the V-Switch bearer capability layer.
V-Switch连接控制层维护数据转发实体(DRE, Data Retransmission Entity )中交换资源,如设备、端口、链路、 VLAN等交换资源,接收 V-Switch 业务控制层业务控制实体( SCR, Service Control Register ) 的 V- Switch 建立请求, 为该 V-Switch连接选择业务流路径, 分配带宽及虚拟局域网 ( VLAN, Virtue Local Area Network ) 资源, 并将控制信息下发到业务 流经过的数据转发实体 DRE设备上。  The V-Switch connection control layer maintains the switching resources in the Data Retransmission Entity (DRE), such as devices, ports, links, and VLANs, and receives the V-Switch service control layer service control entity (SCR, Service Control Register). The V-Switch establishes a request, selects a service flow path for the V-Switch connection, allocates bandwidth and a virtual local area network (VLAN) resource, and sends the control information to the data forwarding entity DRE device through which the service flow passes. on.
DRE处于 V-Switch承载能力层, DRE根据 V-Switch连接控制层设置 的 VLAN交换表项, 完成对以太帧格式的业务流转发。  The DRE is in the V-Switch bearer capability layer. The DRE completes the service flow forwarding in the Ethernet frame format according to the VLAN switch entry set by the V-Switch connection control layer.
VLAN交换表项的内容如表 1所示。 The contents of the VLAN switch entry are shown in Table 1.
Figure imgf000004_0001
Figure imgf000004_0001
参 数 参数说明  Parameter parameter description
1 端口 1 业务流转发端口 1, 如 GE 1/0/0  1 port 1 service flow forwarding port 1, such as GE 1/0/0
2 vlan id 1 业务流在端口 1上以太帧格式中携带的 VLAN ID 2 vlan id 1 VLAN ID carried in the Ethernet frame format on port 1
3 端口 2 业务流转发端口 2, 如 GE 1/0/1 3 port 2 service flow forwarding port 2, such as GE 1/0/1
4 vlan id 2 业务流在端口 2上以太帧格式中携带的 VLAN ID 4 VLAN ID of the vlan id 2 service flow carried in the Ethernet frame format on port 2.
5 带宽 业务流带宽限制 5 Bandwidth Service Flow Bandwidth Limit
5. 1 上行最大带宽 业务流上行 (从端口 1接收, 从端口 2发送) 最 大带宽 5. 2 下行最大带宽 业务流下行 (从端口 2接收, 从端口 1发送) 最 5. 1 Upstream maximum bandwidth service flow uplink (received from port 1, sent from port 2) Maximum bandwidth 5. 2 Downstream Maximum Bandwidth Service Flow Downstream (received from port 2, sent from port 1)
大带宽  Large bandwidth
6 QoS参数 业务流 QoS参数要求  6 QoS parameters Service flow QoS parameter requirements
6. 1 延迟  6. 1 delay
6. 2 延迟抖动  6. 2 Delay jitter
6. 3 丢包率  6. 3 packet loss rate
DRE以 VLAN交换表作为业务流转发的路由依据。 DRE根据 VLAN 交换表对业务流数据的转发过程如附图 2所示: The DRE uses the VLAN switching table as the routing basis for service flow forwarding. The DRE forwards the service flow data according to the VLAN exchange table as shown in Figure 2:
图 2中, V- Switch域中的 DRE包括: 边缘 DRE和中间 DRE。 边缘 DRE 为 V-Switoh域的边缘节点, 与接入用户连接, 中间 DRE通过边缘 DRE与 接入用户连接。 边缘 DRE和中间 DRE都仅支持 "端口 + Vlan" 的交换, 如 DRE将端口 1中接收到的 vlan id 1的以太帧发送到端口 2的同时, 将 vlan id 1转换成 vlan id 2; DRE将端口 2中接收到的 vlan id 2的以太帧发送到端 口 1的同时将 vlan id 2转换成 vlan id 1。  In Figure 2, the DRE in the V-Switch domain includes: an edge DRE and an intermediate DRE. The edge DRE is the edge node of the V-Switoh domain, which is connected to the access user, and the intermediate DRE is connected to the access user through the edge DRE. Both edge DRE and intermediate DRE only support "port + Vlan" exchange. For example, DRE sends the vlan id 1 Ethernet frame received on port 1 to port 2, and converts vlan id 1 to vlan id 2; DRE will The Ethernet frame of vlan id 2 received in port 2 is sent to port 1 and vlan id 2 is converted to vlan id 1.
通过上述转发形式, 在整个网络中可以建立一条 VLAN的虛通道, 该虚通道可以描述为: (设备 1 , 端口 1 , vlan id 1 )—(设备 1, 端口 2, vlan id 2 )— (设备 2,端口 3 , vlan id 2 )— (设备 2,端口 1, vlan id 3 ) ... ...。  Through the above forwarding form, a virtual channel of a VLAN can be established in the entire network. The virtual channel can be described as: (device 1, port 1, vlan id 1) - (device 1, port 2, vlan id 2) - (device 2, port 3, vlan id 2) - (device 2, port 1, vlan id 3) ....
由于目前的 V-Switch在架构上没有充分考虑边缘 DRE的业务需求, 边缘 DRE上的接入技术单一, 仅支持基于 "端口 + VLAN" 的接入方式, 要求用户端设备在向接入 DRE发送以太帧时必须打上 VLAN标记。 当用户端设备不支持 VLAN时, 则需要在用户端设备和接入 DRE之间增 加一台二层 (L2 )设备, 专门对用户端设备发送至 DRE的以太帧进行 VLAN封装, 使 V-Switch技术的应用很不方便, 还额外增加了组建网络 的设备开销。 。  Because the current V-Switch does not fully consider the service requirements of the edge DRE, the access technology on the edge DRE is single, and only the access mode based on "port + VLAN" is required, and the user equipment is required to send to the access DRE. The Ethernet tag must be marked with an Ethernet frame. When the client device does not support VLANs, you need to add a Layer 2 (L2) device between the client device and the access DRE. The VLAN is encapsulated in the Ethernet frame sent by the client device to the DRE. The application of technology is very inconvenient, and it also increases the equipment overhead of building a network. .
另外, 当 V-Switch承载以太帧, 实现点到多点的互通时, 接入以太 帧的边缘 DRE从用户侧接收到的承载以太网帧的 "端口 + Vlan" 必须不 同, 如附图 4中所示, 如果媒体接入控制地址为 MAC ( Medium Access Control ) 1的数据转发实体 DRE需要同时和媒体接入控制地址分别为 MAC2、 MAC3、 MAC4的数据转发实体 DRE进行通信, V- Switch域需要 为这三个业务流建立三个 V-Switch的虚通道, 而且接入地址为 MAC1的 边缘 DRE从用户侧收到的以太帧的 "端口 + Vlan,, 必须不同, 这样, 才 能够交换到不同的 V-Switch虛通道上。 因此, 对用户侧设备的要求很高, 要求对每一个可能的目的 MAC地址建立独立的路由, 不同的 "端口 + VLAN" 进行转发, 这在实际组网中难以实现。 In addition, when the V-Switch carries an Ethernet frame to implement point-to-multipoint interworking, the "port + Vlan" of the Ethernet frame that receives the edge of the Ethernet frame received from the user side must be different, as shown in Figure 4. As shown in the figure, if the data forwarding entity DRE whose medium access control address is MAC (Medium Access Control) 1 needs to communicate with the data forwarding entity DRE whose media access control address is MAC2, MAC3, and MAC4 respectively, the V-Switch domain needs to be Establish three virtual channels of V-Switch for these three service flows, and the access address is MAC1. The port + Vlan of the Ethernet frame received by the edge DRE from the user side must be different, so that it can be switched to different V-Switch virtual channels. Therefore, the requirements on the user side device are very high, requiring each for each Possible destination MAC addresses establish independent routes, and different "ports + VLANs" are forwarded. This is difficult to implement in actual networking.
由于 IP协议中任何两个 IP地址之间都可以建立会话连接, 如下一代 网络(NGN, Next Generation Network )业务中任何一个 IP地址都可以同 时和多个 IP地址之间建立会话连接, 所以, 当 V-Switch承载 IP业务时, 接入 IP业务的边缘 DRE从用户侧接收到的承载 IP流以太网帧的 "端口 + Vlan" 必须不同, 如附图 3所示, 如果 IP1需要同时和 IP2、 IP3、 IP4通讯, V-Switch域需要为这三个 IP流建立三个 V-Switeh的虚通道, 而且接入 IP1 的边缘 DRE从用户侧收到的承载 IP流的以太网帧的 "端口 + Vlan,, 必须 不同, 这样, 才能够交换到不同的 V-Switch虚通道上。 因此, 当 V-Switch 承载 IP业务时, 要求处于用户侧的三层路由设备对每一个可能的目的 IP 地址建立独立的路由, 走不同的接口, 这在实际组网中几乎不能实现。 发明内容  A session connection can be established between any two IP addresses in the IP protocol. For example, any IP address in the Next Generation Network (NGN) service can establish a session connection with multiple IP addresses at the same time. When the V-Switch carries IP services, the "port + Vlan" of the Ethernet frame carrying the IP flow received by the edge DRE of the access IP service from the user side must be different, as shown in Figure 3, if IP1 needs both IP2 and IP2. , IP3, IP4 communication, the V-Switch domain needs to establish three virtual channels of V-Switeh for the three IP flows, and the port of the Ethernet frame that receives the IP flow received by the edge DRE of the IP1 from the user side. + Vlan, must be different, so that it can be switched to different V-Switch virtual channels. Therefore, when the V-Switch carries IP services, the Layer 3 routing device on the user side is required for each possible destination IP address. Establish independent routes and take different interfaces, which is almost impossible to implement in actual networking.
本发明的目的在于, 提供虚交换接入方法和装置和虚交换系统, 本 发明通过在边缘 DRE上支持基于多种策略(包括端口、 MAC地址、 IP 地址等) 的虛交换接入方法, 完善了虛交换系统的架构, 丰富了虚交换 接入方法, 从而提高虚交换技术接入能力、 拓展虚交换技术应用范围、 降低组建网络成本。  The present invention aims to provide a virtual switching access method and apparatus, and a virtual switching system. The present invention improves the virtual switching access method based on multiple policies (including ports, MAC addresses, IP addresses, etc.) on the edge DRE. The architecture of the virtual switching system enriches the virtual switching access method, thereby improving the access capability of the virtual switching technology, expanding the application range of the virtual switching technology, and reducing the cost of forming the network.
根据本发明的第一方面, 提供一种虚交换接入方法, 应用于具有配 置虚交换策略的边缘数据转发实体的虚交换系统中, 该方法包括:  According to a first aspect of the present invention, a virtual switching access method is provided, which is applied to a virtual switching system having an edge data forwarding entity configured with a virtual switching policy, the method comprising:
建立用户数据包到虛交换通道的映射关系;  Establish a mapping relationship between user data packets and virtual switching channels;
边缘数据转发实体根据所述映射关系进行虚交换数据传输。  The edge data forwarding entity performs virtual exchange data transmission according to the mapping relationship.
还包括:  Also includes:
根据所配置的虛交换策略, 边缘数据转发实体将用户数据包映射到 相应的虚交换通道;  According to the configured virtual switching policy, the edge data forwarding entity maps the user data packet to the corresponding virtual switching channel;
按照虚交换通道以太帧格式对所述数据包进行封装, 并将封装后的 数据包沿虚交换通道进行传送。 所述虚交换策略包括: The data packet is encapsulated according to the virtual switching channel Ethernet frame format, and the encapsulated data packet is transmitted along the virtual switching channel. The virtual switching policy includes:
根据端口建立端口与虛交换通道的映射关系, 或建立端口及虚拟局 域网 VLAN 标识与虚交换通道的映射关系; 或,  The mapping between the port and the virtual switch channel is established based on the port, or the mapping between the port and the virtual local area network VLAN ID and the virtual switch channel is established.
根据媒体接入控制 MAC地址建立 MAC地址与虚交换通道的映射关系; 或,  Establish a mapping relationship between the MAC address and the virtual switching channel according to the media access control MAC address; or
才艮据 IP地址或 IP五元组建立 IP地址或 IP五元组与虚交换通道的 映射关系。  According to the IP address or IP quintuple, the mapping relationship between the IP address or the IP quintuple and the virtual switching channel is established.
根据本发明提供的另一种虚交换接入方法, 包括:  Another virtual switching access method provided by the present invention includes:
在边缘数据转发实体建立端口与虚交换通道的映射关系;  Establishing a mapping relationship between the port and the virtual switching channel in the edge data forwarding entity;
数据转发实体将接收的以太帧根据所述映射关系进行虚交换数据传 输。  The data forwarding entity performs virtual exchange data transmission according to the mapping relationship of the received Ethernet frame.
所述建立映射关系包括:  The establishing a mapping relationship includes:
建立第一端口与第二端口以及第一端口和第二端口 VLAN标识的对 应关系, 该对应关系保存在 VLAN交换表中。  Establishing a correspondence between the first port and the second port and the VLAN identifiers of the first port and the second port, where the correspondence is saved in the VLAN switch table.
所述虛交换数据传输包括:  The virtual exchange data transmission includes:
将从第一端口接收的以太帧根据所述对应关系中的第二端口虚拟局 域网 VLAN标识进行 VUN协议封装, 并将封装后的以太帧通过第二端口 传输;  The Ethernet frame received from the first port is encapsulated by the VUN protocol according to the second port virtual local area network VLAN identifier in the corresponding relationship, and the encapsulated Ethernet frame is transmitted through the second port;
将从第二端口接收的以第二端口 VLAN标识 按 VLAN协议封装的以太 帧进行解封装, 并将解封装后的以太帧通过第一端口传输。  The Ethernet frame encapsulated by the second port VLAN identifier according to the VLAN protocol is decapsulated, and the decapsulated Ethernet frame is transmitted through the first port.
当 VLAN交换表的记录中的第一端口对应的 VLAN标识为无效、 且第 二端口对应的 VLAN标识为有效时,该记录中存储的信息为第一端口与第 二端口和 VLAN标识的对应关系; 或  When the VLAN ID corresponding to the first port in the record of the VLAN switch is invalid, and the VLAN ID corresponding to the second port is valid, the information stored in the record is the correspondence between the first port and the second port and the VLAN identifier. ; or
当 VLAN交换表的记录中的两端口对应的 VLAN标识均为无效的 VLAN 标识时, 该记录中存储的信息为第一端口与第二端口的对应关系。  When the VLAN IDs of the two ports in the record of the VLAN switch are invalid VLAN IDs, the information stored in the record is the correspondence between the first port and the second port.
当 VLAN交换表的一条记录中的预定字段为第一预定值时,该记录中 存储的信息为第一端口与第二端口和第二端口 VLAN 标识交换的对应关 系;  When the predetermined field in a record of the VLAN switch table is the first predetermined value, the information stored in the record is a correspondence between the first port and the second port and the second port VLAN identifier;
当 VLAN交换表的一条记录中的预定字段为第二预定值时,该记录中 存储的信息为第一端口与第二端口的对应关系。 When a predetermined field in a record of the VLAN switch table is a second predetermined value, the record is in the record The stored information is a correspondence between the first port and the second port.
根据本发明的第二方面, 提供一种虚交换接入装置, 包括: 存储模块: 存储端口与虛交换通道的映射关系;  According to a second aspect of the present invention, a virtual switching access device is provided, including: a storage module: a mapping relationship between a storage port and a virtual switching channel;
交换模块: 将接收的以太帧根据所述存储模块中存储的映射关系进 行虚交换数据传输。  The switching module: performs the virtual exchange data transmission according to the mapping relationship stored in the storage module.
根据本发明提供的又一种虚交换接入方法, 包括:  A further virtual switching access method according to the present invention includes:
建立 IP层地址信息与虛交换通道的映射关系;  Establish a mapping relationship between IP address information and virtual switching channels.
数据转发实体根据 IP报文的 IP层地址信息、 所述映射关系确定该 The data forwarding entity determines the location according to the IP layer address information of the IP packet and the mapping relationship.
IP ·艮文对应的虚交换通道; IP · 虚 对应 corresponding virtual exchange channel;
数据转发实体根据所述 IP报文对应的虚交换通道承载该 IP报文进 行传输。  The data forwarding entity carries the IP packet according to the virtual switching channel corresponding to the IP packet for transmission.
所述建立映射关系包括:  The establishing a mapping relationship includes:
建立 IP层目的地址信息或 IP层五元组信息与虚交换通道的出端口、 出 VL AN标识的映射关系。  Establish the mapping relationship between the IP address information of the IP layer or the quintuple information of the IP layer and the outgoing port of the virtual switching channel and the VL AN identifier.
更适宜地, 进一步包括:  More suitably, further comprising:
将从以太层接收的接入虚交换域的 IP报文交给 IP层;  The IP packet of the access virtual switching domain received from the Ethernet layer is delivered to the IP layer;
IP层根据所述映射关系、 接入虛交换域的 IP报文的目的地址信息 或 IP层五元組信息确定该 IP报文对应的虚交换通道的出端口和出 VLAN 标识。  The IP layer determines the egress port and the outbound VLAN identifier of the virtual switch channel corresponding to the IP packet according to the mapping relationship, the destination address information of the IP packet to be accessed in the virtual switching domain, or the quintuple information of the IP layer.
所述报文传输包括: 出 VLAN标识对该 IP >¾文进行以太帧的封装并传输; 或,  The message transmission includes: an out VLAN identifier encapsulating and transmitting an Ethernet frame of the IP >3⁄4 text; or
出口数据转发实体的以太层将虚交换域中需要转发出虛交换域的 IP报 文传输至 IP层;  The Ethernet layer of the egress data forwarding entity transmits the IP packet that needs to be forwarded out of the virtual switching domain to the IP layer.
所述 IP层根据该 IP报文的目的地址进行 IP报文的传输。  The IP layer performs IP packet transmission according to the destination address of the IP packet.
根据本发明提供的另一种虚交换接入装置, 包括:  Another virtual switching access device according to the present invention includes:
存储模块: 存储 IP层地址信息与虚交换通道的映射关系; 通道确定模块:接收接入虚交换域的 IP报文, 并根据存储模块中存 储的映射关系、所述 IP报文中承载的 IP层地址信息确定该 IP报文对应 的虚交换通道; The storage module is configured to: store the mapping relationship between the IP address information and the virtual switch channel; the channel determining module: receives the IP packet that is connected to the virtual switching domain, and according to the mapping relationship stored in the storage module, the IP carried in the IP packet Layer address information determines that the IP packet corresponds to Virtual exchange channel
封装转发模块: 根据确定虚交换通道模块确定的虛交换通道将所述 IP报文封装后传输。  The encapsulation and forwarding module: encapsulates and transmits the IP packet according to the virtual switching channel determined by the virtual switching channel module.
根据本发明的第三方面, 提供一种虚交换系统, 包括: 入口数据转 发实体、 出口数据转发实体;  According to a third aspect of the present invention, a virtual switching system is provided, including: an ingress data forwarding entity and an egress data forwarding entity;
所述入口数据转发实体:根据 IP层地址信息与虚交换通道的映射关 系、接入虚交换域的 IP报文的 IP层地址信息确定该 IP报文对应的虚交 换通道, 并将所述 IP报文封装后在虚交换通道上传输;  The ingress data forwarding entity determines the virtual switching channel corresponding to the IP packet according to the mapping relationship between the IP layer address information and the virtual switching channel, and the IP layer address information of the IP packet accessing the virtual switching domain, and the IP address is After the packet is encapsulated, it is transmitted on the virtual switched channel.
出口数据转发实体:将需要转发出虚交换域的 IP报文根据其承载的 IP层目的地址进行传输。  The egress packet forwarding entity: The IP packet that needs to be forwarded out of the virtual switching domain is transmitted according to the IP layer destination address it carries.
所述入口数据转发实体包括:  The ingress data forwarding entity includes:
存储模块: 存储 I P层地址信息与虚交换通道的映射关系; 通道确定模块:接收接入虚交换域的 IP报文, 并根据存储模块中存 储的映射关系、所述 IP报文中承载的 IP层地址信息确定该 IP报文对应 的虛交换通道;  The storage module is configured to: store the mapping relationship between the IP address information and the virtual switch channel; the channel determining module: receives the IP packet that is connected to the virtual switching domain, and according to the mapping relationship stored in the storage module, the IP carried in the IP packet The layer address information determines a virtual switching channel corresponding to the IP packet.
封装转发模块: 根据确定的虚交换通道将所述 IP报文封装后传输。 所述虚交换系统还包括: 至少一个中间数据转发实体;  Encapsulating and forwarding module: The IP packet is encapsulated and transmitted according to the determined virtual switching channel. The virtual switching system further includes: at least one intermediate data forwarding entity;
所述中间数据转发实体根据 VLA 交换表将虚交换域中的 IP报文传 输至其它中间数据转发实体或出口数据转发实体。  The intermediate data forwarding entity transmits IP packets in the virtual switching domain to other intermediate data forwarding entities or egress data forwarding entities according to the VLA exchange table.
根据本发明的第四方面, 提供一种虚交换接入方法, 包括: 建立以太层地址信息与虚交换通道的映射关系;  According to a fourth aspect of the present invention, a virtual switching access method is provided, including: establishing a mapping relationship between Ethernet layer address information and a virtual switching channel;
才艮据以太帧的以太层地址信息、 所述映射关系确定该以太帧对应的 虚交换通道; 所述建立映射关系包括:  Determining, according to the Ethernet layer address information of the Ethernet frame, the mapping relationship, the virtual switching channel corresponding to the Ethernet frame; the establishing the mapping relationship includes:
建立目的 MAC地址信息与端口、 VLAN标识的映射关系; 或 建立目的 MAC地址信息、 源 MAC地址信息与虚交换通道出端口、 出 VLAN 标识的映射关系。  The mapping between the destination MAC address information and the port ID and VLAN ID is established. The mapping between the destination MAC address information and the source MAC address information of the virtual switch channel and the outbound VLAN ID is established.
更适宜地, 该方法进一步包括: 入口数据转发实体的以太层根据所述映射关系、 接入虚交换域的以 太帧的目的 MAC地址信息或者根据目的 MAC地址、 源 MAC地址信息确定 该以太帧对应的虛交换通道的出端口和出 VLAN标识。 More suitably, the method further comprises: The Ethernet layer of the ingress data forwarding entity determines the egress port and the outbound virtual switching channel corresponding to the Ethernet frame according to the mapping relationship, the destination MAC address information of the Ethernet frame that accesses the virtual switching domain, or the destination MAC address and the source MAC address information. VLAN ID.
所述以太帧传输包括:  The Ethernet frame transmission includes:
入口数据转发实体 居所述以太帧对应的端口、 VLAN标识对该以太 帧进行封装并传输;  The port data forwarding entity encapsulates and transmits the Ethernet frame corresponding to the port corresponding to the Ethernet frame and the VLAN identifier;
中间数据转发实体根据 VLA 交换表对其接收的虚交换域中的以太 帧进行传输;  The intermediate data forwarding entity transmits the Ethernet frame in the virtual switching domain it receives according to the VLA exchange table;
将以太帧转发出虚交换域的出口数据转发实体接收虚交换域中的以 太帧, 并根据该以太帧的目的 MAC地址进行传输。  The egress data forwarding entity that forwards the Ethernet frame out of the virtual switching domain receives the Ethernet frame in the virtual switching domain and transmits according to the destination MAC address of the Ethernet frame.
根据本发明还提供又一种虚交换接入装置, 包括:  According to the present invention, there is still another virtual switching access device, including:
存储模块: 存储以太层地址信息与虚交换通道的映射关系; 通道确定模块: 接收接入虛交换域的以太帧, 并根据存储模块中存 储的映射关系、 所述以太帧中承载的以太层地址信息确定该以太帧对应 的虚交换通道;  The storage module is configured to: store a mapping relationship between the Ethernet layer address information and the virtual switching channel; and the channel determining module: receiving an Ethernet frame that accesses the virtual switching domain, and according to the mapping relationship stored in the storage module, the Ethernet layer address carried in the Ethernet frame The information determines a virtual switching channel corresponding to the Ethernet frame;
封装转发模块: 根据确定虚交换通道模块确定的虚交换通道将所述 以太帧封装后传输。  Encapsulating and forwarding module: The Ethernet frame is encapsulated and transmitted according to the virtual switching channel determined by the virtual switching channel module.
根据本发明的又一种虚交换系统, 包括: 入口数据转发实体、 出口 数据转发实体;  According to still another virtual switching system of the present invention, the method includes: an ingress data forwarding entity and an egress data forwarding entity;
所述入口数据转发实体: 根据以太层地址信息与虚交换通道的映射 关系、 接入虚交换域的以太帧的以太层地址信息确定该以太帧对应的虚 交换通道, 并将所述以太帧封装后传输;  The ingress data forwarding entity: determining a virtual switching channel corresponding to the Ethernet frame according to the mapping relationship between the Ethernet layer address information and the virtual switching channel, and the Ethernet layer address information of the Ethernet frame of the access virtual switching domain, and encapsulating the Ethernet frame Post transmission
出口数据转发实体: 将虚交换域中传输来的以太帧根据其承载的目 的 MAC地址进行传输。  Egress data forwarding entity: The Ethernet frame transmitted in the virtual switching domain is transmitted according to the destination MAC address it carries.
所述入口数据转发实体包括:  The ingress data forwarding entity includes:
存储模块: 存储以太层地址信息与虚交换通道的映射关系; 通道确定模块: 接收接入虚交换域的以太帧, 并根据存储模块中存 储的映射关系、 所述以太帧中承载的以太层地址信息确定该以太帧对应 的虚交换通道; 封装转发模块: 根据确定虛交换通道模块确定的虚交换通道将所述 以太帧封装后传输。 The storage module is configured to: store a mapping relationship between the Ethernet layer address information and the virtual switching channel; and the channel determining module: receiving an Ethernet frame that accesses the virtual switching domain, and according to the mapping relationship stored in the storage module, the Ethernet layer address carried in the Ethernet frame The information determines a virtual switching channel corresponding to the Ethernet frame; Encapsulating and forwarding module: The Ethernet frame is encapsulated and transmitted according to the virtual switching channel determined by the virtual switching channel module.
所述虛交换系统还包括: 至少一个中间数据转发实体;  The virtual switching system further includes: at least one intermediate data forwarding entity;
中间数据转发实体:根据 VLAN交换表将虛交换域的以太帧传输至其 它中间数据转发实体或出口数据转发实体。  Intermediate data forwarding entity: The Ethernet frame of the virtual switching domain is transmitted to other intermediate data forwarding entities or egress data forwarding entities according to the VLAN switching table.
基于端口的策略是通过在边缘 DRE上建立端口与虚交换通道的映 射关系,使边缘 DRE能够根据端口进行普通以太帧的虚交换传输,如入 口 DRE能够将用户端设备传输来的未经过 802.1Q封装的普通以太帧直 接进行 802.1Q封装,并通过接收端口对应的虚交换通道传输,出口 DRE 能够将其从虚交换域传输来的 802.1Q封装的以太帧转换为普通以太帧 直接通过对应的输出端口发送,再如,入口 DRE能够将其从端口接收到 的普通以太帧直接通过对应的其他端口直接发送, 这样, 当用户端设备 不支持 VLAN时, 不需要增加 L2设备, 减少了组建网络的设备开销, 增加了虚交换的适用场景; 通过在 VLAN交换表中设置对应关系, 如充 分利用 VLAN交换表中的现有字段, 使本发明的虚交换方法易于实现; 从而实现了提高虚交换技术接入能力、 拓展虛交换技术应用范围、 降低 组建网络成本的目的。  The port-based policy is to establish a mapping relationship between the port and the virtual switching channel on the edge DRE, so that the edge DRE can perform virtual switch transmission of the common Ethernet frame according to the port. For example, the ingress DRE can transmit the client device without passing the 802.1Q. The encapsulated ordinary Ethernet frame is directly encapsulated in 802.1Q and transmitted through the virtual switch channel corresponding to the receiving port. The egress DRE can convert the 802.1Q encapsulated Ethernet frame transmitted from the virtual switched domain into a normal Ethernet frame and directly pass the corresponding output. The port is sent. For example, the ingress DRE can directly send the normal Ethernet frame received from the port through the corresponding other port. Therefore, when the user equipment does not support the VLAN, the L2 device does not need to be added, and the network is reduced. The cost of the virtual switch is increased. The virtual switching method is improved by setting the mapping relationship in the VLAN switching table, such as making full use of the existing fields in the VLAN switching table. Access capability, expand the application range of virtual switching technology, reduce the group The purpose of building network costs.
基于 IP地址的策略是为 IP报文提供了一种虚交换接入方法, 通过 在边缘 DRE上建立 IP层地址信息与虛交换通道的映射关系,使入口 DRE 能够直接根据 IP报文的地址信息确定 IP报文对应的虛交换通道, 使 V-Switch在承载 IP业务流时, 可以不要求以太网帧的 "端口 + Vlan,, 必 须不同, 从而使通过同一端口接入的、 具有不同 IP地址信息的 IP报文 能够通过不同的 "端口 + Vlan,, 传输, 丰富了虚交换接入方法; 本发明 的出口 DRE能够根据 IP报文的 IP层目的地址对虚交换域传输来的 IP 报文进行转发; 从而通过本发明提供的技术方案实现了提高虚交换对 IP 业务的承载能力、 拓展虚交换技术应用范围的目的。  The IP address-based policy provides a virtual switch access method for the IP packet. The mapping between the IP address information and the virtual switch channel is established on the edge DRE, so that the ingress DRE can directly obtain the address information of the IP packet. The virtual switch channel corresponding to the IP packet is determined, so that the V-Switch does not require the port + VLAN of the Ethernet frame to carry the IP service flow. Therefore, the port must be different through the same port. The IP packet of the information can be transmitted through the different ports + Vlan, and the virtual switch access method is enriched. The egress packet of the present invention can transmit IP packets to the virtual switch domain according to the IP address of the IP packet. Forwarding; thus, the technical solution provided by the present invention achieves the purpose of improving the carrying capacity of the virtual switching to the IP service and expanding the application range of the virtual switching technology.
基于 MAC地址的策略是为以太帧提供了一种新的虚交换接入方法, 通过在边缘 DRE上建立以太层地址信息与虚交换通道的映射关系,使入 口 DRE能够直接根据以太帧的地址信息确定以太帧对应的虚交换通道, 使 V-Switch在承载以太帧时, 可以不要求以太网帧的 "端口 + VLAN" 必须不同, 从而使通过同一端口或同一 "端口 + VLAN" 接入的、 具有 不同以太层地址信息的以太帧能够通过不同的 "端口 + VLAN" 传输, 丰富了虚交换接入方法; 本发明的出口 DRE 能够根据以太帧的目的 MAC地址对虚交换域传输来的以太帧进行转发;从而通过本发明提供的 技术方案实现了提高虚交换技术接入能力、 拓展虚交换技术应用范围的 目的。 附图说明 The MAC address-based policy provides a new virtual switching access method for the Ethernet frame. By establishing the mapping relationship between the Ethernet layer address information and the virtual switching channel on the edge DRE, the ingress DRE can directly according to the address information of the Ethernet frame. Determining the virtual switching channel corresponding to the Ethernet frame, When the V-Switch is carrying an Ethernet frame, the "port + VLAN" of the Ethernet frame must not be required to be different, so that the Ethernet frame with different Ethernet layer address information accessed through the same port or the same "port + VLAN" is allowed. The virtual switch access method can be enriched by different "port + VLAN"transmission; the egress DRE of the present invention can forward the Ethernet frame transmitted by the virtual switch domain according to the destination MAC address of the Ethernet frame; thus, provided by the present invention The technical solution achieves the purpose of improving the access capability of the virtual switching technology and expanding the application range of the virtual switching technology. DRAWINGS
图 1是虚交换体系的逻辑层次和功能模型示意图;  Figure 1 is a schematic diagram of the logical hierarchy and functional model of the virtual switching system;
图 2是现有技术中实现虚交换的方法示意图;  2 is a schematic diagram of a method for implementing virtual switching in the prior art;
图 3 是现有技术中 IP业务的虛交换接入实现原理示意图; 图 4是现有技术中基于以太帧的虚交换接入原理示意图;  3 is a schematic diagram of a virtual switch access implementation principle of an IP service in the prior art; FIG. 4 is a schematic diagram of a virtual switch access principle based on an Ethernet frame in the prior art;
图 5为根据本发明的虚交换接入实现原理示意图;  5 is a schematic diagram of an implementation principle of virtual switching access according to the present invention;
图 6是根据本发明第一实施例的基于 "端口一端口、 VLAN" 的虚交 换接入原理示意图;  6 is a schematic diagram of a virtual-switching access principle based on "port-port-port, VLAN" according to a first embodiment of the present invention;
图 7是根据本发明第二实施例的基于 "端口一端口" 的虚交换接入 原理示意图;  7 is a schematic diagram of a virtual port access principle based on "port-one port" according to a second embodiment of the present invention;
图 8是根据本发明的一种虚交换接入装置示意图;  8 is a schematic diagram of a virtual switch access device according to the present invention;
图 9是根据本发明基于 IP的虛交换接入实现原理示意图; 图 10是根据本发明基于 IP的虚交换接入实现 IP层点到多点业务的 示意图;  9 is a schematic diagram of an IP-based virtual switch access implementation principle according to the present invention; FIG. 10 is a schematic diagram of implementing IP layer point-to-multipoint service based on IP-based virtual switch access according to the present invention;
图 11是根据本发明基于以太帧的虚交换接入原理示意图; 图 12 是根据本发明基于以太帧的虛交换接入实现以太层点到多点 业务的原理示意图。 具体实施方式  11 is a schematic diagram of a virtual switch access principle based on an Ethernet frame according to the present invention; FIG. 12 is a schematic diagram showing the principle of implementing Ethernet layer-to-multipoint service based on virtual switch access of an Ethernet frame according to the present invention. detailed description
本发明在 V-Switch技术中提出了新的虚交换接入方法、 装置和虚交 换系统, 其核心思想是通过在边缘入口 DRE配置策略, 建立用户数据包 / 帧到虛交换通道的映射关系, 主要包括端口与虚交换通道的映射关系、 IP层地址信息与虚交换通道的映射关系或以太层地址信息与虚交换通道 06 001654 The present invention proposes a new virtual switching access method, device and virtual switching system in the V-Switch technology. The core idea is to establish a mapping relationship between a user data packet/frame and a virtual switching channel by configuring a policy at the edge entry DRE. It mainly includes the mapping between the port and the virtual switching channel, the mapping between the IP address information and the virtual switching channel, or the Ethernet layer address information and the virtual switching channel. 06 001654
- 11- 的映射关系, 当来自用户的数据包 /帧进入虚交换域时, 入口 DRE根据上 述策略, 为其选择一条合适的虛交换通道传送该业务流。 - 11- mapping relationship, when the data packet/frame from the user enters the virtual switching domain, the ingress DRE selects a suitable virtual switching channel to transmit the service flow according to the above policy.
本发明通过在边缘 DRE配置虛交换策略, 建立用户数据包 /帧到虚 交换通道的映射关系。 当来自用户边缘设备 ( CE , Customer Edge )的用 户数据包 /帧进入虛交换域时, 入口 DRE根据策略, 为其选择一条合适 的虛交换通道传送该业务流, 业务流在虚交换通道中经过若干中间 DRE 的交换, 最终到达边缘出口 DRE, 出口 DRE终结隧道, 获得用户数据 包 /帧, 然后向 CE转发。 图 5为根据本发明的虚交换接入实现原理示意 图, 参照图 5。  The present invention establishes a mapping relationship between a user data packet/frame and a virtual switching channel by configuring a virtual switching policy at the edge DRE. When a user data packet/frame from a user edge device (CE, Customer Edge) enters the virtual switching domain, the ingress DRE selects a suitable virtual switching channel to transmit the service flow according to the policy, and the service flow passes through the virtual switching channel. The exchange of several intermediate DREs finally reaches the edge exit DRE, the exit DRE terminates the tunnel, obtains the user data packet/frame, and then forwards it to the CE. FIG. 5 is a schematic diagram showing the principle of virtual switching access according to the present invention, with reference to FIG. 5.
在入口 DRE,根据所配置的策略将用户数据包 /数据帧映射到虚交换 通道, 并按照虚交换通道以太帧格式进行封装, 再将封装后的数据包从 出端口发出。  At the ingress DRE, the user data packet/data frame is mapped to the virtual switching channel according to the configured policy, and is encapsulated according to the virtual switching channel Ethernet frame format, and then the encapsulated data packet is sent out from the outbound port.
中间 DRE才艮据入端口和 VLAN进行数据包转发;  The intermediate DRE forwards the data packet according to the port and the VLAN;
在出口 DRE, 终结虚交换通道还原用户数据包 /帧, 并转发给 CE设备。 上述入口 DRE的虚交换策略比较灵活, 可以是根据端口、 端口 + At the egress DRE, the virtual switched channel is terminated to restore the user packet/frame and forwarded to the CE device. The virtual exchange policy of the above-mentioned entry DRE is flexible, and can be based on port, port +
VLAN ID、 MAC地址(目的 MAC, 目的 MAC +源 MAC ) 、 IP地址(如 S的 IP地址, IPv4五元组)等。 其中 "端口 + Vlan,, 的策略现有技术已 经支持, 其它的策略如下所述: VLAN ID, MAC address (destination MAC, destination MAC + source MAC), IP address (such as S IP address, IPv4 quintuple). The policy of "Port + Vlan," is supported by the existing technology. Other strategies are as follows:
根据本发明提供的基于端口策略的虚交换接入方法, 即边缘 DRE在 进行虛交换接入过程中, 虚交换接入的一端可以仅为端口, 另一端可以 仅为端口, 也可以为 "端口 +VLAN" 等。 当虛交换接入的两端均为端口 时,端口与端口之间的以太帧传输通道是虛交换通道中的一种特殊情况。  According to the port policy-based virtual switching access method provided by the present invention, in the process of performing virtual switching access, the edge of the virtual switching access may be only a port, and the other end may be only a port or a port. +VLAN" and so on. When both ends of the virtual switch access are ports, the Ethernet frame transmission channel between the port and the port is a special case in the virtual switch channel.
为使本发明的原理、 特性和优点更加清楚, 下面按照附图结合具体 实施例对本发明予以进一步描述。  In order to make the principles, features and advantages of the present invention more apparent, the invention will be further described in accordance with the accompanying drawings.
本实施方案采用基于 "端口一端口、 VLAN" 的虛交换接入方法。 首先需要建立端口 1与端口 2和 VLAN标识 2的对应关系, 这样, DRE可以将其从端口 1接收的用户端设备传输来的普通以太帧根据该对 应关系中的 VLAN标识进行封装, 如打上 VLAN标识 2, 进行 802.1Q 的封装, 并根据该对应关系中的虚交换通道传输封装后的以太帧; 同时, DRE将其从对应关系中的虚交换通道中接收的有 VLAN标识 2的封装的 以太帧转换为普通的以太帧, 并根据所述对应关系将转换后的普通以太 帧直接通过端口 1传输。 这样, 当用户端设备不支持 VLAN时, 不需要 在用户端设备与入口 DRE之间、 或者用户端设备与出口 DRE之间增加 L2设备, 减少了组建网络的设备开销, 增加了虚交换的适用场景。 This embodiment adopts a virtual port access method based on "port one port, VLAN". First, the mapping between port 1 and port 2 and VLAN ID 2 is required. Therefore, the DRE can encapsulate the normal Ethernet frame transmitted by the client device received from port 1 according to the VLAN identifier in the corresponding relationship, such as VLAN. The identifier 2 is encapsulated in the 802.1Q, and the encapsulated Ethernet frame is transmitted according to the virtual switching channel in the corresponding relationship; at the same time, the DRE receives the encapsulated VLAN 2 from the virtual switched channel in the corresponding relationship. The Ethernet frame is converted into a normal Ethernet frame, and the converted normal Ethernet frame is directly transmitted through the port 1 according to the correspondence. In this way, when the user equipment does not support the VLAN, the L2 device does not need to be added between the user equipment and the ingress DRE, or between the user equipment and the egress DRE, which reduces the equipment overhead of the network and increases the application of the virtual exchange. Scenes.
图 6是根据本发明的基于 "端口一端口、 VLAN" 的虚交换接入示意 图, 参照图 6 ,  6 is a schematic diagram of virtual port access based on "port-port, VLAN" according to the present invention, with reference to FIG. 6,
用户侧的普通以太帧通过入口 DRE的端口 1进入 V-Switch域, 当入口 DRE中端口 1与端口 2、 VLAN标识 2对应时,入口 DRE的以太层根据 VLAN 标识 2对普通以太帧进行 802.1Q封装, 并根据端口 2、 VLAN标识 2发送该 802.1Q封装的以太帧。  The normal Ethernet frame on the user side enters the V-Switch domain through port 1 of the ingress DRE. When port 1 of the ingress DRE corresponds to port 2 and VLAN ID 2, the Ethernet layer of the ingress DRE performs 802.1Q on the common Ethernet frame according to the VLAN ID 2. Encapsulation, and sending the 802.1Q encapsulated Ethernet frame according to port 2 and VLAN identifier 2.
中间 DRE的以太层接收到 802.1Q封装的以太帧后, 仍根据 VLAN交 换表以 "端口 + VLAN" 的方式传输。  After receiving the 802.1Q encapsulated Ethernet frame, the Ethernet layer of the intermediate DRE still transmits in the "port + VLAN" mode according to the VLAN exchange table.
出口 DRE以太层通过端口 2接收到 802.1Q封装的以太帧后, 当出口 DRE中端口 1与端口 2、 VLAN标识 2对应时, 出口 DRE的以太层将 802.1 Q 封装的以太帧转换为普通的以太帧,并通过端口 1将普通以太帧直接发送 出去。  After the egress Ethernet layer receives the 802.1Q encapsulated Ethernet frame through the port 2, when the port 1 of the egress DRE corresponds to the port 2 and the VLAN ID 2, the Ethernet layer of the egress DRE converts the 802.1 Q encapsulated Ethernet frame into an ordinary ether. Frame, and send the normal Ethernet frame directly through port 1.
本实施方案采用基于 "端口一端口" 的虚交换接入方法。  This embodiment adopts a virtual port access method based on "port one port".
首先需要建立两个端口之间的对应关系, 即端口 1与端口 2之间的 对应关系, 这样, DRE可以将其从一个端口接收的普通以太帧根据该对 应关系直接传输至另一个端口, 即不需要对两个端口之间传输的以太帧 打 VLAN标识并进行封装, 直接进行虚交换传输即可。 这样, 当用户端 设备不支持 VLAN时, 不需要在用户端设备与入口 DRE之间、 以及用 户端设备与出口 DRE之间增加 L2设备, 减少了组建网络的设备开销, 增加了虛交换的适用场景。  First, it is necessary to establish a correspondence between two ports, that is, a correspondence between port 1 and port 2, so that the DRE can directly transmit the normal Ethernet frame received from one port to another port according to the correspondence, that is, It is not necessary to VLAN-identify and encapsulate the Ethernet frame transmitted between the two ports, and directly perform virtual exchange transmission. In this way, when the user equipment does not support the VLAN, the L2 device does not need to be added between the user equipment and the ingress DRE, and between the user equipment and the egress DRE, which reduces the equipment overhead of the network and increases the application of the virtual exchange. Scenes.
图 7是根据本发明的基于 "端口一端口"的虚交换接入原理示意图, 参照图 7 ,  7 is a schematic diagram of a virtual port access principle based on "port-port" according to the present invention, referring to FIG. 7,
入口 DRE与出口 DRE为同一个 DRE, 用户侧的普通以太帧通过入口 DRE的端口 1进入 V-Switch域, 当入口 DRE中端口 1与端口 2对应时, 入口 DRE的以太层将该普通以太帧直接通过端口 2发送。  The ingress DRE and the egress DRE are the same DRE, and the normal Ethernet frame on the user side enters the V-Switch domain through the port 1 of the ingress DRE. When the port 1 of the ingress DRE corresponds to the port 2, the Ethernet layer of the ingress DRE associates the ordinary Ether frame. Send directly through port 2.
上述实施方案中的对应关系可以设置在 VLAN交换表中。 在 VLAN 交换表中设置上述对应关系的方法很灵活, 如可以设置为表 2的形式。 The correspondence in the above embodiment may be set in the VLAN switching table. In the VLAN The method of setting the above correspondence in the exchange table is flexible, and can be set to the form of Table 2.
表 2  Table 2
Figure imgf000015_0001
Figure imgf000015_0001
表 2中,当端口 1的 vlan id 1为无效的 VLAN标识、且端口 2的 vlan id2为有效的 VLAN标识, 或者当端口 1的 vlan id 1为有效的 VLAN标 识、且端口 2的 vlan id 2为无效的 VLAN标识,或者当端口 1的 vlan idl 为无效的 VLAN标识、 且端口 2的 vlan id2为无效的 VLAN标识时, 则 表明 DRE需要根据该表项进行本发明的基于端口的虚交换接入方法。  In Table 2, the vlan id 1 of port 1 is an invalid VLAN ID, and the vlan id2 of port 2 is a valid VLAN ID, or the vlan id 1 of port 1 is a valid VLAN ID, and the vlan id of port 2 is 2 If the VLAN ID is invalid, or if the VLAN ID of port 1 is invalid, and the VLAN ID of port 2 is invalid, the DRE needs to perform the port-based virtual switch according to the entry. Into the method.
当端口 1的 vlan idl为有效的 VLAN标识、 且端口 2的 vlan id2也 为有效的 VLAN标识时, 则表明 DRE需要根据该表项进行现有技术中 的基于 "端口 + Vlan" 的虚交换接入方法。  If the vlan id1 of port 1 is a valid VLAN ID and the vlan id2 of port 2 is also a valid VLAN ID, it indicates that the DRE needs to perform the virtual switch based on "port + Vlan" in the prior art according to the entry. Into the method.
当本发明中的对应关系设置为表 2的形式时, DRE实现虚交换接入 的具体过程为:  When the corresponding relationship in the present invention is set to the form of Table 2, the specific process of DRE implementing virtual switch access is:
DRE 从端口 1 接收到以太帧后, 首先需要确定该以太帧对应的 VLAN交换表的表项,然后,判断该表项中的 VLAN ID vlan idl和 VLAN ID vlan id2的数值是否为有效数值。 After receiving the Ethernet frame from port 1, the DRE needs to determine the entry of the VLAN switch table corresponding to the Ethernet frame, and then determine the VLAN ID vlan idl and VLAN in the entry. Whether the value of ID vlan id2 is a valid value.
如果该表项中 vlan idl为有效数值, vlan id2为无效数值, 则入口 DRE接收的报文为 vlan idl的 802.1Q封装的以太帧, 入口 DRE需要将 该 802.1Q封装的以太帧转换为普通的以太帧,并直接通过端口 2发送出 去。  If the vlan id1 is a valid value and the vlan id2 is an invalid value, the packet received by the ingress DRE is an 802.1Q encapsulated Ethernet frame of the vlan id1, and the ingress DRE needs to convert the 802.1Q encapsulated Ethernet frame into an ordinary one. The Ethernet frame is sent directly through port 2.
如果该表项中 vlan id2为有效数值, vlan idl为无效数值, 则入口 DRE接收的报文为普通的以太帧, DRE 需要将该普通的以太帧转换为 vlan id2的 802.1 Q封装的以太帧, 并通过端口 2发送出去。  If vlan id2 is a valid value and vlan idl is an invalid value, the packet received by the ingress DRE is a normal Ethernet frame. The DRE needs to convert the ordinary Ethernet frame into an 802.1 Q encapsulated Ethernet frame of vlan id2. And send it out through port 2.
如果该表项中 vlan idl为无效数值, vlan id2也为无效数值, 则入 口 DRE接收的报文为普通的以太帧, 入口 DRE只需要将该普通的以太 帧直接通过端口 2发送出去即可。  If the vlan id1 is invalid and the vlan id2 is invalid, the packet received by the DRE is an ordinary Ethernet frame. The ingress DRE only needs to send the ordinary Ethernet frame directly through port 2.
如果该表项中 vlan id2为有效数值, vlan idl也为有效数值, 则入 口 DRE接收的报文为 VLAN ID vlan idl的 802.1Q封装的以太帧, 入口 DRE在将端口 1中接收到的 vlan idl的 802.1Q封装的以太帧发送到端口 2的同时, 将 vlan idl转换成 vlan id2。 -  If vlan id2 is a valid value and vlan idl is also a valid value, the packet received by the ingress DRE is the 802.1Q encapsulated Ethernet frame of the VLAN ID vlan idl, and the ingress DRE receives the vlan idl of the port 1. The 802.1Q encapsulated Ethernet frame is sent to port 2, and the vlan idl is converted to vlan id2. -
的设置, 如在 VLAN交换表中增加一个新的交换模式类型, 通过该交换 模式类型的不同取值来指示 DRE 采用何种 VLAN 交换模式, 再如在 VLAN交换表中增加两个字段,通过这两个字段的不同取值来指示 DRE 采用何种 VLAN交换模式。 The setting, such as adding a new switching mode type in the VLAN switching table, indicating the VLAN switching mode used by the DRE by using different values of the switching mode type, and adding two fields in the VLAN switching table, The different values of the two fields indicate which VLAN switching mode the DRE uses.
本发明提供的一种虛交换接入装置如图 8所示。  A virtual switching access device provided by the present invention is shown in FIG.
参照图 8, 该虛交换接入装置包括: 存储模块和交换模块。  Referring to FIG. 8, the virtual switch access device includes: a storage module and a switch module.
存储模块主要用于存储端口与虚交换通道的映射关系, 包括: 端口 1 与端口 2和 VLAN标识 2的对应关系、端口 1与端口 2的对应关系以及端口 1 和 VLAN标识 1与端口 2和 VLAN标识 2的对应关系。 这些对应关系可以以 VLAN交换表的形式存储。  The storage module is mainly used to map the relationship between the storage port and the virtual switch channel, including: the mapping between port 1 and port 2 and VLAN ID 2, the mapping between port 1 and port 2, and port 1 and VLAN ID 1 and port 2 and VLAN. The correspondence of the identifier 2. These correspondences can be stored in the form of a VLAN exchange table.
交换模块主要用于接收以太帧, 确定该以太帧对应的 VLAN交换表 中的表项, 并根据该表项中的内容确定该以太帧的虚交换接入方式, 并 根据该以太帧的虚交换接入模式发送以太桢, 如以基于 "端口一端口、 VLAN" 的虚交换接入方法、 或以基于 "端口一端口" 的虚交换接入方 法、 或以基于 "端口、 VLAN—端口、 VLAN" 的虚交换方法进行传输。 交换模块对以太帧的虚交换传输方法如上述方法中的描述, 在此不再详 细介绍。 The switching module is configured to receive an Ethernet frame, determine an entry in the VLAN switch table corresponding to the Ethernet frame, and determine a virtual switch access mode of the Ethernet frame according to the content in the entry, and perform virtual switching according to the Ethernet frame. The access mode sends an Ethernet port, such as based on "port one port, Virtual switching access method of VLAN", or virtual port access method based on "port-port", or virtual port exchange based on "port, VLAN-port, VLAN". Switch module for virtual frame of Ethernet The exchange transmission method is as described in the above method and will not be described in detail herein.
另一方面, 本发明提供的基于 IP地址策略的虚交换接入方法: 本发明中的 IP层地址信息可以为 IP层目的地址信息, 也可以为 IP 层五元组(源 IP地址, 目的 IP地址, 协议号, 源端口号, 目的端口号) 信息。 所以, 本发明在边缘 DRE中建立 IP层地址信息与虚交换通道的 映射关系为: 建立 IP层目的地址信息与虚交换通道的出端口、 出 VLAN 标识的映射关系, 或建立 IP层五元组信息与虚交换通道的出端口、 出 VLA 标识的映射关系。  On the other hand, the virtual address access method based on the IP address policy provided by the present invention: the IP layer address information in the present invention may be the IP layer destination address information, or may be the IP layer quintuple (source IP address, destination IP address) Address, protocol number, source port number, destination port number) information. Therefore, the mapping relationship between the IP address information and the virtual switch channel in the edge DRE is as follows: The mapping between the IP address of the IP layer and the outbound port and the outbound VLAN of the virtual switch channel is established, or the IP layer quintuple is established. The mapping between the information and the outgoing port of the virtual switching channel and the outgoing VLA identifier.
上述映射关系可以存储在入口 DRE中。  The above mapping relationship can be stored in the ingress DRE.
图 9是根据本发明的基于 IP的虚交换接入实现原理示意图,下面结 合图 9对 IP报文在虛交换域中的传输过程进行详细描述。  FIG. 9 is a schematic diagram of an IP-based virtual switch access implementation according to the present invention. The transmission process of IP packets in the virtual switch domain is described in detail below in conjunction with FIG. 9.
图 8中, 当 IP业务流进入 V-Switch域时, 入口 DRE的链路层将 IP报文 提交至 IP层处理, 如果入口 DRE中存储的映射关系为 IP层五元组信息与 虛交换通道的映射关系, 则 IP层应获取 IP报文相应的地址信息, 并将该 地址信息与入口 DRE中存储的映射关系进行匹配, 以确定该 艮文对应 的虚交换通道的出端口、 出 VLAN标识。 如果入口 DRE中存储的映射关 系为 IP层目的地址信息与虚交换通道的映射关系, 则 IP层应获取 IP报文 的目的地址, 并将该目的地址与入口 DRE中存储的映射关系进行匹配, 以确定该 IP报文对应的虚交换通道的出端口、 出 VLAN标识。  In Figure 8, when the IP service flow enters the V-Switch domain, the link layer of the ingress DRE submits the IP packet to the IP layer for processing. If the mapping relationship stored in the ingress DRE is the IP layer quintuple information and the virtual switch channel. In the mapping relationship, the IP layer should obtain the corresponding address information of the IP packet, and match the address information with the mapping relationship stored in the ingress DRE to determine the egress port and out VLAN ID of the virtual switching channel corresponding to the packet. . If the mapping relationship between the IP address and the virtual switch channel is the mapping between the IP address and the virtual switch channel, the IP address of the IP address is matched with the destination address of the IP address. The outbound port and outbound VLAN ID of the virtual switch channel corresponding to the IP packet are determined.
在确定了该 IP报文对应的虚交换通道的出端口、 出 VLAN标识后, 入口 DRE的以太层使用该出 VLAN标识对 IP报文进行 802.1Q的封装, 并 根据上述确定的出端口发送。  After the outbound port and the outgoing VLAN ID of the virtual switch channel corresponding to the IP packet are determined, the Ethernet layer of the ingress DRE uses the outbound VLAN identifier to encapsulate the IP packet in 802.1Q, and sends the packet according to the determined outbound port.
当中间 DRE以太层接收到 802.1 Q封装的 IP报文后,仍根据 VLAN交换 表以 "端口 + VLAN" 的方式传输。  When the intermediate DRE Ethernet layer receives the 802.1 Q-encapsulated IP packet, it still transmits the packet according to the VLAN switch table as "port + VLAN".
当出口 DRE以太层接收到 802.1Q封装的 IP报文后, 出口 DRE以太层 终结虛交换通道,将 IP报文提交 IP层处理, IP层根据 IP报文的目的地址进 行普通的路由转发。 图 10是根据本发明基于 IP的虚交换接入实现 IP层点到多点业务的 示意图,下面结合图 10对一个 IP地址同时和多个 IP地址之间建立会话 连接的虛交换过程进行详细描述。 After the egress Ethernet layer receives the 802.1Q encapsulated IP packet, the egress Ethernet interface terminates the virtual switch channel and sends the IP packet to the IP layer for processing. The IP layer forwards the packet according to the destination address of the IP packet. 10 is a schematic diagram of implementing IP layer point-to-multipoint service based on IP-based virtual switching access according to the present invention. The virtual switching process of establishing a session connection between an IP address and multiple IP addresses is described in detail below with reference to FIG. .
图 10中, 如果 IP1需要同时和 IP2、 IP3、 IP4通讯, V-Switch域会为三 个 IP业务流建立三个 V-Switch通道。 由于接入 IP1的入口 DRE1从用户侧 接收到的三个 IP业务流的 IP层地址信息不同, 如 IP头目的地址不同, IP 头目的地址分别为 IP2、 IP3、 IP4, 所以, DRE1能够 居 IP头目的地址或 者 IP层五元組信息等将三个 IP业务流分别进行封装后, 交换到不同的 V-Switch通道中, 即将三个 IP业务流封装后,根据不同的出端口和 VLAN 标识分别传输至 DRE2和 DRE4。  In Figure 10, if IP1 needs to communicate with IP2, IP3, and IP4 at the same time, the V-Switch domain will establish three V-Switch channels for the three IP service flows. Since the IP address information of the three IP service flows received by the access DRE1 of the access IP1 is different from the IP address, the IP header addresses are IP2, IP3, and IP4 respectively. Therefore, the DRE1 can be in the IP address. After the IP address of the IP address is encapsulated, the three IP service flows are encapsulated and switched to different V-Switch channels. After the three IP service flows are encapsulated, they are respectively identified according to different egress ports and VLAN IDs. Transfer to DRE2 and DRE4.
DRE2在接收到 DRE1传输来的两个 IP业务流时, 根据 VLAN交换表 将其中一个 IP业务流传输至 DRE3 , 将另夕 1、一个 IP业务流提交至 IP层处 理, DRE2的 IP层根据 IP报文的目的地址将该 IP业务流路由转发至 IP2。  When receiving the two IP service flows transmitted by DRE1, DRE2 transmits one of the IP service flows to DRE3 according to the VLAN switching table, and submits one IP service flow to the IP layer for processing, and the IP layer of DRE2 is based on the IP. The destination address of the packet forwards the IP traffic flow route to IP2.
DRE3将 DRE2传输来的 IP业务流提交至 IP层处理, DRE3的 IP层根据 IP报 文的目的地址将该 IP业务流路由转发至 IP3。 DRE3 submits the IP service flow transmitted by DRE2 to the IP layer for processing. The IP layer of DRE3 forwards the IP service flow route to IP3 according to the destination address of the IP packet.
DRE4在接收到 DRE1传输来的一个 IP业务流时, 根据 VLAN交换表 将其传输至 DRE5。 DRE5将 DRE4传输来的 IP业务流提交至 IP层处理, DRE5的 IP层根据 IP报文的目的地址将该 IP业务流路由转发至 IP4。  When receiving an IP service flow from DRE1, DRE4 transmits it to DRE5 according to the VLAN switch table. DRE5 submits the IP service flow transmitted by DRE4 to the IP layer for processing. The IP layer of DRE5 forwards the IP service flow route to IP4 according to the destination address of the IP packet.
从而完成一个 IP地址同时和多个 IP地址之间建立会话连接的虚交换 过程。  Thereby completing a virtual exchange process in which an IP address establishes a session connection with multiple IP addresses at the same time.
从上面的描述可以看出, 在利用本发明的虚交换接入方法对 IP报文 进行虛交换传输时, 对用户侧的路由设备没有任何特殊要求, 用户侧的 路由设备和入口 DRE之间只需要一个端口连接即可。  It can be seen from the above description that when the virtual packet transmission method of the present invention is used for virtual switching transmission of IP packets, there is no special requirement for the routing device on the user side, and only the routing device between the user side and the ingress DRE is only Need a port connection.
本发明提供的一种虚交换系统, 包括: 入口数据转发实体和出口数 据转发实体。 当然虚交换系统也可以包括中间数据转发实体, 而且中间 数据转发实体的数量可以为 1个或多个。 下面以虚交换系统包括入口数 据转发实体、 中间数据转发实体和出口数据转发实体为例进行说明。  A virtual switching system provided by the present invention includes: an ingress data forwarding entity and an egress data forwarding entity. Of course, the virtual switching system may also include an intermediate data forwarding entity, and the number of intermediate data forwarding entities may be one or more. The following describes an example of a virtual switching system including an ingress data forwarding entity, an intermediate data forwarding entity, and an egress data forwarding entity.
该系统中入口数据转发实体、 中间数据转发实体和出口数据转发实 体的数量都可以为一个或多个。  The number of the ingress data forwarding entity, the intermediate data forwarding entity, and the egress data forwarding entity in the system may be one or more.
入口数据转发实体主要用于根据 IP层地址信息与虚交换通道的映射 关系、 接入虚交换域的 IP^艮文的 IP层地址信息确定该 IP艮文对应的虚交 换通道, 并将该 IP报文封装后, 传输至中间数据转发实体或出口数据转 发实体。 The ingress data forwarding entity is mainly used to map the IP layer address information to the virtual switching channel. The IP address information of the IP address of the IP address of the virtual switch domain is determined, and the virtual switch channel corresponding to the IP packet is determined, and the IP packet is encapsulated and transmitted to the intermediate data forwarding entity or the egress data forwarding entity.
入口数据转发实体为基于 IP的虛交换接入装置, 其包括存储模块、 确定虚交换通道模块和封装转发模块。  The ingress data forwarding entity is an IP-based virtual switching access device, which includes a storage module, a virtual switching channel module, and a package forwarding module.
存储模块, 主要用于存储 IP层地址信息与虚交换通道的映射关系, 如存储 IP层目的地址与虚交换通道的出端口、 出 VLAN标识的映射关系 等, 当然, IP层地址信息也可以为五元组信息等。  The storage module is mainly used for storing the mapping relationship between the IP address information and the virtual switching channel, such as the mapping between the IP address of the IP layer and the outgoing port of the virtual switching channel, and the outbound VLAN identifier. Five-tuple information, etc.
虛交换通道确定模块, 主要用于接收接入虚交换域的 IP报文, 如接 收用户侧的路由设备传输来的 IP报文, 并根据存储模块中存储的映射关 系、 其接收的 IP报文中承载的 IP层地址信息确定该 IP报文对应的虚交换 通道, 如根据 IP报文的目的地址确定该 IP报文对应的虛交换通道的出端 口、 出 VLAN标识。  The virtual switching channel determining module is configured to receive an IP packet that is connected to the virtual switching domain, such as receiving an IP packet transmitted by the routing device on the user side, and receiving the IP packet according to the mapping relationship stored in the storage module. The IP address information carried in the IP address determines the virtual switch channel corresponding to the IP packet. For example, the outbound port and the outbound VLAN identifier of the virtual switch channel corresponding to the IP packet are determined according to the destination address of the IP packet.
封装转发模块, 主要用于根据确定虚交换通道模块确定的端口、 VLAN标识等信息将该 IP报文封装后传输至中间 DRE或出口 DRE。  The encapsulation and forwarding module is configured to encapsulate the IP packet and transmit it to the intermediate DRE or the egress DRE according to the information determined by the port and the VLAN identifier determined by the virtual switching channel module.
中间数据转发实体,主要用于接收入口 DRE的封装转发模块或其它 中间 DRE传输来的 IP报文,并根据 VLAN交换表将其接收的 IP报文传 输至其它中间数据转发实体或出口数据转发实体。  The intermediate data forwarding entity is configured to receive the IP packet transmitted by the encapsulating and forwarding module of the ingress DRE or other intermediate DRE, and transmit the IP packet received by the inbound to the other intermediate data forwarding entity or the egress data forwarding entity according to the VLAN switching table. .
出口数据转发实体, 主要用于将入口数据转发实体或中间数据转发 实体传输来的 IP报文根据其承载的目的地址进行传输。  The egress packet forwarding entity is mainly used to transmit the IP packet transmitted by the ingress data forwarding entity or the intermediate data forwarding entity according to the destination address of the bearer.
又一方面, 本发明提供的基于 MAC地址策略的虚交换接入方法: 本发明中的以太层地址信息可以为目的 MAC地址信息, 也可以为 目的 MAC地址信息和源 MAC地址信息。 所以, 本发明在边缘 DRE中 建立以太层地址信息与虚交换通道的映射关系为: 建立目的 MAC地址 信息与虚交换通道的出端口、 出 VLAN标识的映射关系, 或建立目的 MAC地址信息和源 MAC地址信息与虛交换通道的出端口、 出 VLAN 标识的映射关系。  In another aspect, the virtual address access method based on the MAC address policy provided by the present invention: the Ethernet layer address information in the present invention may be the destination MAC address information, or may be the destination MAC address information and the source MAC address information. Therefore, the mapping relationship between the Ethernet layer address information and the virtual switching channel is established in the edge DRE as follows: establishing a mapping relationship between the destination MAC address information and the outbound port and the outgoing VLAN identifier of the virtual switching channel, or establishing the destination MAC address information and source. The mapping between the MAC address information and the egress port and outbound VLAN ID of the virtual switching channel.
上述映射关系可以存储在入口 DRE中。  The above mapping relationship can be stored in the ingress DRE.
图 11是根据本发明基于以太帧的虛交换接入原理示意图,下面结合 图 11对以太帧在虚交换域中的传输过程进行详细描迷。 图 11中,如果入口 DRE中存储的映射关系为目的 MAC地址、源 MAC 地址信息与虛交换通道的出端口、出 VLAN标识的映射关系,则入口 DRE 以太层应获取以太帧的目的 MAC地址和源 MAC地址信息, 并将该目的 MAC地址和源 MAC地址信息与入口 DRE中存储的映射关系进行匹配,以 确定该以太帧对应的虚交换通道的出端口、出 VLAN标识。如果入口 DRE 中存储的映射关系为目的 MAC地址信息与虚交换通道的出端口、 出 VLAN标识的端口映射关系, 则当以太帧进入 V-Switch域时, 入口 DRE 以太层应获取以太帧的目的 MAC地址,并将该目的 MAC地址与入口 DRE 中存储的映射关系进行匹配, 以确定该以太帧对应的虚交换通道的出端 口、 出 VLAN标识。 11 is a schematic diagram of a virtual switch access principle based on an Ethernet frame according to the present invention. The transmission process of an Ethernet frame in a virtual switched domain is described in detail below with reference to FIG. 11. In Figure 11, if the mapping relationship stored in the ingress DRE is the mapping between the destination MAC address, the source MAC address information, and the outbound port and outbound VLAN identifier of the virtual switching channel, the ingress DRE Ethernet layer should obtain the destination MAC address of the Ethernet frame and The source MAC address information is matched, and the destination MAC address and the source MAC address information are matched with the mapping relationship stored in the ingress DRE to determine the outbound port and outbound VLAN identifier of the virtual switching channel corresponding to the Ethernet frame. If the mapping between the destination MAC address and the outbound port of the virtual switch channel and the port of the outbound VLAN are mapped, the destination DRE Ethernet layer should acquire the Ethernet frame when the Ethernet frame enters the V-Switch domain. The MAC address is matched with the mapping relationship between the destination MAC address and the ingress DRE to determine the outbound port and outbound VLAN identifier of the virtual switching channel corresponding to the Ethernet frame.
在确定了该以太帧对应的虚交换通道的出端口、 出 VLAN标识后, 入口 DRE 太层使用该出 VLAN标识对以太帧进行 802.1Q的封装, 并根 据上述确定的出端口发送。  After the outbound port and the outbound VLAN identifier of the virtual switch channel corresponding to the Ethernet frame are determined, the ingress DRE layer uses the outbound VLAN identifier to encapsulate the Ethernet frame in 802.1Q, and sends the packet according to the determined out port.
当中间 DRE的以太层接收到 802.1Q封装的以太帧后, 仍根据 VLAN 交换表以 "端口 + VLAN" 的方式传输。  When the Ethernet layer of the intermediate DRE receives the 802.1Q encapsulated Ethernet frame, it still transmits in the "port + VLAN" according to the VLAN switch table.
当出口 DRE的以太层接收到 802.1Q封装的以太帧后, 出口 DRE的以 太层终结虚交换通道, 根据该以太帧的目的 MAC地址进行转发。  After the Ethernet layer of the egress DRE receives the 802.1Q encapsulated Ethernet frame, the Ethernet layer of the egress DRE terminates the virtual switch channel and forwards according to the destination MAC address of the Ether frame.
图 12是根据本发明基于以太帧的虚交换接入实现以太层点到多点 业务的原理示意图,下面结合图 11对一个 MAC地址同时和多个 MAC地址 之间建立会话连接的虚交换过程进行详细描述。  FIG. 12 is a schematic diagram of the principle of implementing Ethernet layer-to-multipoint service based on virtual switching access of an Ethernet frame according to the present invention. The virtual switching process of establishing a session connection between a MAC address and multiple MAC addresses simultaneously is performed in conjunction with FIG. 11. A detailed description.
图 12中,如果 MAC1需要同时和 MAC2、MAC3、MAC4通讯, V-Switch 域会为三个以太帧业务流建立三个 V-Switch通道。 由于接入 MAC1的入 口 DRE1从用户侧接收到的三个以太帧业务流的以太层地址信息不同,如 目的 MAC地址不同, 目的 MAC地址分别为 MAC2、 MAC3、 MAC4, 所 以, DRE1能够根据目的 MAC地址或者根据目的 MAC地址和源 MAC地址 等将三个以太帧业务流分别进行封装后, 交换到不同的 V-Switch通道中, 即将三个以太帧业务流封装后, 根据不同的出端口和 VLAN标识分别传 输至 DRE2和 DRE4。  In Figure 12, if MAC1 needs to communicate with MAC2, MAC3, and MAC4 at the same time, the V-Switch domain establishes three V-Switch channels for three Ethernet frame traffic flows. The Ethernet layer address information of the three Ethernet frame service flows received from the user side is different, for example, the destination MAC address is MAC2, MAC3, and MAC4. Therefore, the DRE1 can be based on the destination MAC address. The address or the three Ethernet frame service flows are encapsulated according to the destination MAC address and the source MAC address, and then switched to different V-Switch channels, that is, after the three Ethernet frame service flows are encapsulated, according to different outgoing ports and VLANs. The identifiers are transmitted to DRE2 and DRE4, respectively.
DRE2在接收到 DRE1传输来的两个以太帧业务流时, 根据 VLAN交 换表将其中一个以太帧业务流传输至 DRE3 ,将另外一个以太帧业务流根 据以太帧的目的 MAC地址或者根据目的 MAC地址和源 MAC地址将该以 太帧业务流转发至 MAC2。 DRE3接收 DRE2传输来的以太帧业务流, 并 以太帧业务流转发至 MAC3。 When DRE2 receives two Ethernet frame traffic flows from DRE1, it is based on VLAN The table exchanges one of the Ethernet frame traffic to DRE3, and the other Ethernet frame traffic forwards the Ethernet frame traffic to MAC2 according to the destination MAC address of the Ethernet frame or according to the destination MAC address and the source MAC address. DRE3 receives the Ethernet frame traffic transmitted by DRE2, and forwards the Ethernet frame traffic to MAC3.
DRE4在接收到 DRE1传输来的以太帧业务流时, 根据 VLAN交换表 将其传输至 DRE5。 DRE5接收 DRE4传输来的以太帧业务流, 并根据以太 务流转发至 MAC4。  When receiving the Ethernet frame traffic from DRE1, DRE4 transmits it to DRE5 according to the VLAN switch table. DRE5 receives the Ethernet frame traffic transmitted by DRE4 and forwards it to MAC4 according to the ATM traffic.
从而完成了一个 MAC地址同时和多个 MAC地址之间建立会话连接 的虚交换过程。  Thus, a virtual exchange process in which a MAC address establishes a session connection with multiple MAC addresses simultaneously is completed.
从上面的描述可以看出, 在利用本发明的虛交换接入方法对以太帧 进行虛交换接入传输时, 对用户侧的二层或三层路由设备没有任何特殊 要求, 用户侧的二层或三层路由设备和入口 DRE之间只需要一个端口连 接即可。  It can be seen from the above description that when the virtual switching access method of the present invention is used for virtual switching access transmission of the Ethernet frame, there is no special requirement for the Layer 2 or Layer 3 routing device on the user side, and the second layer of the user side. Or only one port connection is required between the Layer 3 routing device and the ingress DRE.
本发明提供的另一种虚交换系统主要包括: 入口数据转发实体和出 口数据转发实体。 当然虚交换系统也可以包括中间数据转发实体, 而且 中间数据转发实体的数量可以为 1个或多个。 下面以虚交换系统包括入 口数据转发实体、中间数据转发实体和出口数据转发实体为例进行说明。  Another virtual switching system provided by the present invention mainly includes: an ingress data forwarding entity and an egress data forwarding entity. Of course, the virtual switching system may also include an intermediate data forwarding entity, and the number of intermediate data forwarding entities may be one or more. The virtual switching system includes an ingress data forwarding entity, an intermediate data forwarding entity, and an egress data forwarding entity as an example.
入口数据转发实体主要用于根据以太层地址信息与虚交换通道的映 射关系、 接入虚交换域的以太帧的以太层地址信息确定该以太帧对应的 虚交换通道, 并将该以太帧封装后, 传输至中间数据转发实体或出口数 据转发实体。  The ingress data forwarding entity is configured to determine the virtual switching channel corresponding to the Ethernet frame according to the mapping relationship between the Ethernet layer address information and the virtual switching channel, and the Ethernet layer address information of the Ethernet frame of the virtual switching domain, and encapsulate the Ethernet frame. , to the intermediate data forwarding entity or the export data forwarding entity.
入口数据转发实体为基于以太帧的虚交换接入装置, 其包括存储模 块、 确定虚交换通道模块和封装转发模块。  The ingress data forwarding entity is a virtual switching access device based on an Ethernet frame, and includes a storage module, a virtual switching channel module, and a package forwarding module.
存储模块,主要用于存储以太层地址信息与虚交换通道的映射关系, 如存储目的 MAC地址与虚交换通道的出端口、 出 VLAN标识的映射关系 等,当然,以太层地址信息也可以为目的 MAC地址和源 MAC地址信息等。  The storage module is mainly used for storing the mapping relationship between the Ethernet layer address information and the virtual switching channel, such as the mapping between the destination MAC address and the outgoing port of the virtual switching channel, and the outgoing VLAN identifier. Of course, the Ethernet layer address information can also serve the purpose. MAC address and source MAC address information, etc.
虛交换通道确定模块, 主要用于接收接入虚交换域的以太帧, 如接 收用户侧的二层或三层路由设备传输来的以太帧, 并根据存储模块中存 储的映射关系、 其接收的以太帧中承载的以太层地址信息确定该以太帧 对应的虛交换通道,如根据以太帧的目的 MAC地址确定该以太帧对应的 虚交换通道的出端口、 出 VLAN标识。 The virtual switching channel determining module is mainly used for receiving an Ethernet frame that accesses the virtual switching domain, such as Receiving an Ethernet frame transmitted by the Layer 2 or Layer 3 routing device on the user side, and determining the virtual switching channel corresponding to the Ethernet frame according to the mapping relationship stored in the storage module and the Ethernet layer address information carried in the received Ethernet frame, such as The outbound port and the outbound VLAN identifier of the virtual switching channel corresponding to the Ethernet frame are determined according to the destination MAC address of the Ethernet frame.
封装转发模块, 主要用于根据确定虚交换通道模块确定的端口、 VLAN标识等信息将该以太帧封装后传输至中间 DRE或出口 DRE。  The encapsulation and forwarding module is mainly used to encapsulate the Ethernet frame and transmit it to the intermediate DRE or the outlet DRE according to the information determined by the port and the VLAN identifier determined by the virtual switching channel module.
中间数据转发实体,主要用于接收入口 DRE的封装转发模块或其它 中间 DRE传输来的以太帧, 并根据 VLA 交换表将其接收的以太帧传 输至其它中间数据转发实体或出口数据转发实体。  The intermediate data forwarding entity is mainly used for receiving an encapsulated forwarding module of the ingress DRE or other Ethernet frames transmitted by the intermediate DRE, and transmitting the received Ethernet frame to other intermediate data forwarding entities or egress data forwarding entities according to the VLA exchange table.
出口数据转发实体, 主要用于将入口数据转发实体或中间数据转发 实体传输来的以太帧根据其承载的目的 MAC地址进行传输。  The egress data forwarding entity is mainly used to transmit the Ethernet frame transmitted by the ingress data forwarding entity or the intermediate data forwarding entity according to the destination MAC address it carries.
以上通过实施例描绘了本发明, 但本发明不仅限于此。 本领域普通 技术人员知道, 在不脱离本发明的实质和范围的前提下本发明有许多变 更和替换, 这些变更和替换落入本发明的权利要求的保护范围。  The invention has been described above by way of examples, but the invention is not limited thereto. It will be apparent to those skilled in the art that the present invention is susceptible to various modifications and alternatives without departing from the spirit and scope of the invention.

Claims

权 利 要 求 Rights request
1、一种虛交换接入方法, 应用于具有配置虚交换策略的边缘数据转 发实体的虚交换系统中, 其特征在于, 包括:  A virtual switching access method, which is applied to a virtual switching system having an edge data forwarding entity configured with a virtual switching policy, and includes:
建立用户数据包到虚交换通道的映射关系;  Establish a mapping relationship between user data packets and virtual switching channels;
边缘数据转发实体根据所述映射关系进行虚交换数据传输。  The edge data forwarding entity performs virtual exchange data transmission according to the mapping relationship.
2、如权利要求 1所述的虛交换接入方法,其特征在于,进一步包括: 根据所配置的虛交换策略, 边缘数据转发实体将用户数据包映射到 相应的虚交换通道;  The virtual switching access method of claim 1, further comprising: mapping, by the edge data forwarding entity, the user data packet to the corresponding virtual switching channel according to the configured virtual switching policy;
按照虛交换通道以太帧格式对所述数据包进行封装, 并将封装后的 数据包沿虛交换通道进行传送。  The data packet is encapsulated according to the virtual switching channel Ethernet frame format, and the encapsulated data packet is transmitted along the virtual switching channel.
3、 如权利要求 1或 2所述的虚交换接入方法, 其特征在于, 所述虚 交换策略包括:  The virtual switching access method according to claim 1 or 2, wherein the virtual switching policy comprises:
根据端口建立端口与虚交换通道的映射关系, 或建立端口及虚拟局 域网 VLAN标识与虚交换通道的映射关系; 或,  The mapping between the port and the virtual switching channel is established based on the port, or the mapping between the port and the virtual local area network VLAN ID and the virtual switching channel is established.
根据媒体接入控制 MAC地址建立 MAC地址与虚交换通道的映射关 系; 或,  Establishing a mapping relationship between the MAC address and the virtual switching channel according to the media access control MAC address; or
才艮据 IP地址或 IP五元组建立 IP地址或 IP五元组与虚交换通道的映 射关系。  The mapping relationship between the IP address or the IP quintuple and the virtual switching channel is established according to the IP address or the IP quintuple.
4、 一种虚交换接入方法, 其特征在于, 包括:  4. A virtual switching access method, characterized in that:
在边缘数据转发实体建立端口与虚交换通道的映射关系;  Establishing a mapping relationship between the port and the virtual switching channel in the edge data forwarding entity;
数据转发实体将接收的以太帧根据所述映射关系进行虚交换数据传 输。  The data forwarding entity performs virtual exchange data transmission according to the mapping relationship of the received Ethernet frame.
5、 如权利要求 4所述的虚交换接入方法, 其特征在于, 所述建立 映射关系包括:  The virtual switch access method according to claim 4, wherein the establishing the mapping relationship comprises:
建立第一端口与第二端口以及第一端口和第二端口 VLAN标识的对 应关系, 该对应关系保存在 VLAN交换表中。  Establishing a correspondence between the first port and the second port and the VLAN identifiers of the first port and the second port, where the correspondence is saved in the VLAN switch table.
6、 如权利要求 5所述的虚交换接入方法, 其特征在于, 所述虚交 换数据传输包括:  The virtual switching access method according to claim 5, wherein the virtual exchange data transmission comprises:
将从第一端口接收的以太帧根据所述对应关系中的第二端口虚拟局 域网 VLAN标识进行 VLAN协议封装,并将封装后的以太帧通过第二端 口传输; The Ethernet frame received from the first port is according to the second port virtual office in the corresponding relationship The VLAN ID of the domain network is encapsulated by the VLAN protocol, and the encapsulated Ethernet frame is transmitted through the second port.
将从第二端口接收的以第二端口 VLAN标识按 VLAN协议封装的 以太帧进行解封装, 并将解封装后的以太帧通过第一端口传输。  Decapsulating the Ethernet frame encapsulated by the VLAN protocol with the second port VLAN identifier received from the second port, and transmitting the decapsulated Ethernet frame through the first port.
7、 如权利要求 5或 6所述的虛交换接入方法, 其特征在于, 当 VLAN交换表的记录中的第一端口对应的 VLAN标识为无效、且 第二端口对应的 VLAN标识为有效时,该记录中存储的信息为第一端口 与第二端口和 VLAN标识的对应关系; 或  The virtual switch access method according to claim 5 or 6, wherein when the VLAN identifier corresponding to the first port in the record of the VLAN switch table is invalid and the VLAN identifier corresponding to the second port is valid, The information stored in the record is a correspondence between the first port and the second port and the VLAN identifier; or
当 VLAN交换表的记录中的两端口对应的 VLAN标识均为无效的 VLA 标识时,该记录中存储的信息为第一端口与第二端口的对应关系。  When the VLAN IDs of the two ports in the record of the VLAN switch are invalid VLAs, the information stored in the records is the correspondence between the first port and the second port.
8、 如权利要求 5或 6所述的虚交换接入方法, 其特征在于, 当 VLAN交换表的一条记录中的预定字段为第一预定值时, 该记录 中存储的信息为第一端口与第二端口和第二端口 VLAN标识交换的对应 关系;  The virtual switch access method according to claim 5 or 6, wherein when the predetermined field in a record of the VLAN switch table is a first predetermined value, the information stored in the record is the first port and Corresponding relationship between the second port and the second port VLAN identifier exchange;
当 VLAN交换表的一条记录中的预定字段为第二预定值时, 该记录 中存储的信息为第一端口与第二端口的对应关系。  When the predetermined field in a record of the VLAN switch table is a second predetermined value, the information stored in the record is a correspondence between the first port and the second port.
9、 一种虚交换接入装置, 其特征在于, 包括:  A virtual switching access device, comprising:
存储模块: 存储端口与虚交换通道的映射关系;  Storage module: The mapping relationship between the storage port and the virtual switch channel.
交换模块: 将接收的以太帧根据所述存储模块中存储的映射关系进 行虚交换数据传输。  The switching module: performs the virtual exchange data transmission according to the mapping relationship stored in the storage module.
10、 一种虛交换接入方法, 其特征在于, 包括:  10. A virtual switching access method, characterized in that:
建立 IP层地址信息与虚交换通道的映射关系;  Establish a mapping relationship between IP address information and virtual switching channels.
数据转发实体根据 BP报文的 IP层地址信息、 所述映射关系确定该 IP 报文对应的虚交换通道;  The data forwarding entity determines the virtual switching channel corresponding to the IP packet according to the IP layer address information of the BP packet and the mapping relationship;
数据转发实体根据所述 IP报文对应的虚交换通道承载该 IP报文进行 传输。  The data forwarding entity carries the IP packet according to the virtual switching channel corresponding to the IP packet for transmission.
11、 如权利要求 10所述的虛交换接入方法, 其特征在于, 所述建立 映射关系包括:  The virtual switch access method according to claim 10, wherein the establishing the mapping relationship comprises:
建立 IP层目的地址信息或 IP层五元組信息与虛交换通道的出端口、 出 VLAN标识的映射关系。 The mapping between the IP address of the IP address and the outbound port and outbound VLAN of the virtual switch channel is established.
12、 如权利要求 11所述的虚交换接入方法, 其特征在于, 进一步 包括: The method of accessing the virtual switch according to claim 11, further comprising:
将从以太层接收的接入虚交换域的 IP报文交给 IP层;  The IP packet of the access virtual switching domain received from the Ethernet layer is delivered to the IP layer;
IP层根据所述映射关系、接入虚交换域的 IP报文的目的地址信息或 IP层五元组信息确定该 IP报文对应的虚交换通道的出端口和出 VLAN 标识。  The IP layer determines the egress port and the outbound VLAN identifier of the virtual switch channel corresponding to the IP packet according to the mapping relationship, the destination address information of the IP packet that accesses the virtual switching domain, or the IP layer quintuple information.
13、 如权利要求 12所述的虚交换接入方法, 其特征在于, 所述报文 传输包括:  The virtual switch access method according to claim 12, wherein the message transmission comprises:
入口数据转发实体的以太层根据 IP层确定的虚交换通道的出端口、 出 VLAN标识对该 IP报文进行以太帧的封装并传输; 或,  The Ethernet layer of the ingress data forwarding entity encapsulates and transmits the Ethernet frame according to the outbound port and the outbound VLAN identifier of the virtual switching channel determined by the IP layer; or
出口数据转发实体的以太层将虚交换域中需要转发出虚交换域的 IP 报文传输至 IP层;  The Ethernet layer of the egress data forwarding entity transmits the IP packets that need to be forwarded out of the virtual switching domain to the IP layer.
所述 IP层根据该 IP报文的目的地址进行 IP报文的传输。  The IP layer performs IP packet transmission according to the destination address of the IP packet.
14、 一种虛交换接入装置, 其特征在于, 包括:  14. A virtual switching access device, comprising:
存储模块: 存储 IP层地址信息与虚交换通道的映射关系;  The storage module: stores a mapping relationship between the IP layer address information and the virtual switching channel.
通道确定模块: 接收接入虛交换域的 IP报文, 并根据存储模块中存 储的映射关系、 所述 艮文中承载的 IP层地址信息确定该 艮文对应的 虚交换通道;  The channel determining module is configured to: receive the IP packet corresponding to the virtual switching domain, and determine the virtual switching channel corresponding to the packet according to the mapping relationship stored in the storage module and the IP layer address information carried in the packet;
封装转发模块: 根据确定虚交换通道模块确定的虚交换通道将所述 IP报文封装后传输。  The encapsulation and forwarding module: encapsulates and transmits the IP packet according to the virtual switching channel determined by the virtual switching channel module.
15、 一种虛交换系统, 其特征在于, 包括: 入口数据转发实体、 出 口数据转发实体;  A virtual switching system, comprising: an ingress data forwarding entity and an egress data forwarding entity;
所述入口数据转发实体: 根据 IP层地址信息与虚交换通道的映射关 系、 接入虚交换域的 IP报文的 IP层地址信息确定该 IP报文对应的虚交换 通道, 并将所述 IP报文封装后在虚交换通道上传输;  The ingress data forwarding entity: determining a virtual switching channel corresponding to the IP packet according to the mapping relationship between the IP layer address information and the virtual switching channel, and the IP layer address information of the IP packet accessing the virtual switching domain, and the IP address After the packet is encapsulated, it is transmitted on the virtual switched channel.
出口数据转发实体: 将需要转发出虚交换域的 IP报文根据其承载的 The egress packet forwarding entity: IP packets that need to be forwarded out of the virtual switching domain according to the bearer
IP层目的地址进行传输。 The IP layer destination address is transmitted.
16、 如权利要求 15所述的虛交换系统, 其特征在于, 所述入口数据 转发实体包括:  The virtual switching system according to claim 15, wherein the ingress data forwarding entity comprises:
存储模块: 存储 IP层地址信息与虚交换通道的映射关系;  The storage module: stores a mapping relationship between the IP layer address information and the virtual switching channel.
通道确定模块: 接收接入虚交换域的 IP报文, 并根据存储模块中存 储的映射关系、 所述 IP报文中承载的 IP层地址信息确定该 IP报文对应的 虚交换通道; The channel determining module: receives an IP packet that is connected to the virtual switching domain, and stores the packet according to the storage module. The mapping relationship between the storage and the IP address information carried in the IP packet determines the virtual switching channel corresponding to the IP packet;
封装转发模块: 根据确定的虚交换通道将所述 IP报文封装后传输。 Encapsulating and forwarding module: The IP packet is encapsulated and transmitted according to the determined virtual switching channel.
17、 如权利要求 15所述的虚交换系统, 其特征在于, 所述虚交换系 统还包括: 至少一个中间数据转发实体; The virtual switching system according to claim 15, wherein the virtual switching system further comprises: at least one intermediate data forwarding entity;
所述中间数据转发实体根据 VLAN交换表将虚交换域中的 IP报文 传输至其它中间数据转发实体或出口数据转发实体。  The intermediate data forwarding entity transmits the IP packet in the virtual switching domain to another intermediate data forwarding entity or an egress data forwarding entity according to the VLAN switching table.
18、 一种虛交换接入方法, 其特征在于, 包括:  18. A virtual switching access method, comprising:
建立以太层地址信息与虚交换通道的映射关系;  Establish a mapping relationship between the Ethernet layer address information and the virtual switching channel;
根据以太帧的以太层地址信息、 所述映射关系确定该以太帧对应的 虚交换通道;  Determining, according to the Ethernet layer address information of the Ethernet frame, the mapping relationship, the virtual switching channel corresponding to the Ethernet frame;
19、 如权利要求 18所述的虚交换接入方法, 其特征在于, 所述建立 映射关系包括: The virtual switch access method according to claim 18, wherein the establishing the mapping relationship comprises:
建立目的 MAC地址信息与端口、 VLAN标识的映射关系; 或 建立目的 MAC地址信息、 源 MAC地址信息与虚交换通道出端口、 出 VLAN标识的映射关系。  The mapping between the destination MAC address information and the port ID and VLAN ID is established. The mapping between the destination MAC address information and the source MAC address information and the outgoing port of the virtual switch channel and the outgoing VLAN ID are established.
20、 如权利要求 19所述的虚交换接入方法, 其特征在于, 进一步包 括:  The virtual switch access method of claim 19, further comprising:
入口数据转发实体的以太层根据所述映射关系、 接入虚交换域的以 太帧的目的 MAC地址信息或者根据目的 MAC地址、源 MAC地址信息 确定该以太帧对应的虚交换通道的出端口和出 VLAN标识。  The Ethernet layer of the ingress data forwarding entity determines the egress port and the outbound virtual switching channel corresponding to the Ethernet frame according to the mapping relationship, the destination MAC address information of the Ethernet frame accessing the virtual switching domain, or the destination MAC address and the source MAC address information. VLAN ID.
21、 如权利要求 20所述的虚交换接入方法, 其特征在于, 所述以太 帧传输包括:  The virtual switch access method according to claim 20, wherein the Ethernet frame transmission comprises:
入口数据转发实体根据所述以太帧对应的端口、 VLAN标识对该以 太帧进行封装并传输;  The ingress data forwarding entity encapsulates and transmits the Ethernet frame according to the port and the VLAN identifier corresponding to the Ethernet frame.
中间数据转发实体根据 VLAN交换表对其接收的虛交换域中的以太 帧进行传输;  The intermediate data forwarding entity transmits the Ethernet frame in the virtual switching domain it receives according to the VLAN switching table;
将以太帧转发出虚交换域的出口数据转发实体接收虚交换域中的以 太帧, 并 ~据该以太帧的目的 MAC地址进行传输。 The egress data forwarding entity that forwards the Ethernet frame out of the virtual switching domain receives the virtual switching domain. Too frame, and ~ according to the destination MAC address of the Ethernet frame for transmission.
22、 一种虚交换接入装置, 其特征在于, 包括:  22. A virtual switching access device, comprising:
存储模块: 存储以太层地址信息与虚交换通道的映射关系; 通道确定模块: 接收接入虚交换域的以太帧, 并根据存储模块中存 储的映射关系、 所述以太帧中承载的以太层地址信息确定该以太帧对应 的虛交换通道;  The storage module is configured to: store a mapping relationship between the Ethernet layer address information and the virtual switching channel; and the channel determining module: receiving an Ethernet frame that accesses the virtual switching domain, and according to the mapping relationship stored in the storage module, the Ethernet layer address carried in the Ethernet frame The information determines a virtual switching channel corresponding to the Ethernet frame;
封装转发模块: 根据确定虛交换通道模块确定的虚交换通道将所述 以太帧封装后传输。  Encapsulating and forwarding module: The Ethernet frame is encapsulated and transmitted according to the virtual switching channel determined by the virtual switching channel module.
23、 一种虛交换系统, 其特征在于, 包括: 入口数据转发实体、 出 口数据转发实体;  A virtual switching system, comprising: an ingress data forwarding entity and an egress data forwarding entity;
所述入口数据转发实体: 根据以太层地址信息与虚交换通道的映射 关系、 接入虛交换域的以太帧的以太层地址信息确定该以太帧对应的虚 交换通道, 并将所述以太帧封装后传输;  The ingress data forwarding entity: determining a virtual switching channel corresponding to the Ethernet frame according to the mapping relationship between the Ethernet layer address information and the virtual switching channel, and the Ethernet layer address information of the Ethernet frame of the access virtual switching domain, and encapsulating the Ethernet frame Post transmission
出口数据转发实体: 将虚交换域中传输来的以太帧根据其承载的目 的 MAC地址进行传输。  Egress data forwarding entity: The Ethernet frame transmitted in the virtual switching domain is transmitted according to the destination MAC address it carries.
24、 如权利要求 23所述的虚交换系统, 其特征在于, 所述入口数据 转发实体包括:  The virtual switching system according to claim 23, wherein the ingress data forwarding entity comprises:
存储模块: 存储以太层地址信息与虚交换通道的映射关系; 通道确定模块: 接收接入虚交换域的以太帧, 并根据存储模块中存 储的映射关系、 所述以太帧中承载的以太层地址信息确定该以太帧对应 的虚交换通道;  The storage module is configured to: store a mapping relationship between the Ethernet layer address information and the virtual switching channel; and the channel determining module: receiving an Ethernet frame that accesses the virtual switching domain, and according to the mapping relationship stored in the storage module, the Ethernet layer address carried in the Ethernet frame The information determines a virtual switching channel corresponding to the Ethernet frame;
封装转发模块: 根据确定虚交换通道模块确定的虚交换通道将所述 以太帧封装后传输。  Encapsulating and forwarding module: The Ethernet frame is encapsulated and transmitted according to the virtual switching channel determined by the virtual switching channel module.
25、 如权利要求 23所述的虚交换系统, 其特征在于, 所述虚交换系 统还包括: 至少一个中间数据转发实体;  The virtual switching system according to claim 23, wherein the virtual switching system further comprises: at least one intermediate data forwarding entity;
中间数据转发实体: 根据 VLAN交换表将虛交换域的以太帧传输至 其它中间数据转发实体或出口数据转发实体。  Intermediate data forwarding entity: The Ethernet frame of the virtual switching domain is transmitted to other intermediate data forwarding entities or egress data forwarding entities according to the VLAN switching table.
PCT/CN2006/001654 2005-07-15 2006-07-12 A v-switch access method, apparatus and v-switch system WO2007009352A1 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
CN200510083973.7 2005-07-15
CN200510083971.8 2005-07-15
CNB2005100839718A CN100433713C (en) 2005-07-15 2005-07-15 Virtual exchange access method, device and virtual exchange system based on IP
CNA2005100839690A CN1897569A (en) 2005-07-15 2005-07-15 Virtual-exchange access method and device
CNA2005100839737A CN1870577A (en) 2005-07-15 2005-07-15 Virtual exchange access method, device and virtual exchange system based on Ethernet frame
CN200510083969.0 2005-07-15

Publications (1)

Publication Number Publication Date
WO2007009352A1 true WO2007009352A1 (en) 2007-01-25

Family

ID=37668437

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/001654 WO2007009352A1 (en) 2005-07-15 2006-07-12 A v-switch access method, apparatus and v-switch system

Country Status (1)

Country Link
WO (1) WO2007009352A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9112794B2 (en) 2013-11-05 2015-08-18 International Business Machines Corporation Dynamic multipath forwarding in software defined data center networks
US9350607B2 (en) 2013-09-25 2016-05-24 International Business Machines Corporation Scalable network configuration with consistent updates in software defined networks

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5963552A (en) * 1996-03-30 1999-10-05 Samsung Electronics Co., Ltd. Low/medium speed multi-casting device and method
US20030174706A1 (en) * 2002-03-15 2003-09-18 Broadcom Corporation Fastpath implementation for transparent local area network (LAN) services over multiprotocol label switching (MPLS)

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5963552A (en) * 1996-03-30 1999-10-05 Samsung Electronics Co., Ltd. Low/medium speed multi-casting device and method
US20030174706A1 (en) * 2002-03-15 2003-09-18 Broadcom Corporation Fastpath implementation for transparent local area network (LAN) services over multiprotocol label switching (MPLS)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9350607B2 (en) 2013-09-25 2016-05-24 International Business Machines Corporation Scalable network configuration with consistent updates in software defined networks
US9112794B2 (en) 2013-11-05 2015-08-18 International Business Machines Corporation Dynamic multipath forwarding in software defined data center networks

Similar Documents

Publication Publication Date Title
WO2007009337A1 (en) A method for implementing virtue-switch and the apparatus thereof
US7339929B2 (en) Virtual private LAN service using a multicast protocol
EP1585261B1 (en) Apparatus and method for processing labeled flows in a communications access network
US9088669B2 (en) Scalable system and method for DSL subscriber traffic over an Ethernet network
US8014316B2 (en) System, method and computer-readable storage medium for calculating addressing and bandwidth requirements of a network
US7978701B2 (en) Virtual ethernet MAC switching
WO2005107161A1 (en) A system and communication method of ip telecommunication network and its application
WO2005055548A1 (en) A method for realizing the pseudo wire emulation edge-to-edge protocol
WO2010034255A1 (en) Data transmission method and network node and data transmission system
WO2005101730A1 (en) A system and method of ensuring quality of service in virtual private network
WO2013182059A1 (en) Method and device for establishing multi-protocol label switching traffic engineering tunnel
WO2007009347A1 (en) A method and apparatus for transmitting service stream on a virtual interchange system
JP2008147882A5 (en)
WO2008011818A1 (en) Method of realizing hierarchy-virtual private lan service and network system
WO2013139159A1 (en) Method for forwarding packet in network and provider edge device
WO2008040163A1 (en) Ethernet frame transmitting method and ethernet infrastructure
WO2011054263A1 (en) Access method and access system for layer 3 virtual private networks(vpn)
Wen et al. A YANG data model for layer 2 virtual private network (L2VPN) service delivery
US20050220059A1 (en) System and method for providing a multiple-protocol crossconnect
WO2022166773A1 (en) Multicast packet transmission method, bit forwarding router, and storage medium
WO2008028383A1 (en) Method for identifying the layer 3 protocol in l2vpn heterogeneous medium interconnection and the apparatus and system thereof
US7031307B2 (en) Packet routing apparatus having label switching function
WO2007104201A1 (en) A method for forwarding message in the service tunnel of the ethernet application and a system thereof
WO2007059699A1 (en) Method and date relay entity for relaying the date frame by the date relay entity
WO2007009352A1 (en) A v-switch access method, apparatus and v-switch system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06761408

Country of ref document: EP

Kind code of ref document: A1