User grouping intercommunication/isolation device in virtual special network service

A user grouping and isolation device technology, applied in the field of virtual private network services, can solve the problems of inability to distinguish VLANs, unable to truly play the role of VLANs, unable to use VLAN user grouping and isolation, etc., to achieve rich functions, ease of use, and simple configuration , the effect of flexible access control policies

Active Publication Date: 2010-09-29
ZTE CORP
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] It can be seen that in the qualified learning mode, users in a VPLS VPN can only be in one VLAN and cannot really play the role of VLAN. Similarly, in the unqualified learning mode, although multiple VLANs can be in the same VPLSVPN , but VPLS VPN cannot distinguish between these VLANs
[0006] Therefore, in the existing VPLS VPN, it is impossible to use VLAN to realize grouping and isolation of users, and it is impossible to realize intercommunication between users in different groups.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • User grouping intercommunication/isolation device in virtual special network service
  • User grouping intercommunication/isolation device in virtual special network service
  • User grouping intercommunication/isolation device in virtual special network service

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0034] Realize the intercommunication between two different VLANs on different PEs (taking the intercommunication between Client2 and Server1 as an example).

[0035] First describe the arp request and the MAC address learning process: Client2 needs to access Server1, first Client2 sends an arp broadcast message, and the message forwarding module 106 on PE2 finds that there is no forwarding table entry corresponding to the source MAC+VLAN of the message in the forwarding table , just send the information such as the source MAC address in this message and VLAN and incoming interface to MAC address learning and FIB management module 104, MAC address learning and FIB management module 104 learn according to the information sent on the message forwarding module 106 The outgoing interface corresponding to VLAN1+MAC2 is 1, and the generated forwarding entry is recorded as VLAN1+MAC2——1, and then search the VLAN intercommunication relationship table, find out that there is a VLAN inte...

example 2

[0045] Realize the isolation between different VLANs on different PEs (take the realization of the isolation of Client2 and Client1 as an example to illustrate).

[0046]Client2 tries to access Client1. First, it sends an arp request message. The VLAN carried in the message is VLAN1. This message is a broadcast message, so it will be broadcast to PE1 through PW1. For PE1, the message is received from PW. Therefore, the message forwarding module 106 on PE1 broadcasts the message to the local VPN member that is the same as the VLAN in the message and the local VLAN that has an intercommunication relationship with this VLAN. There is no VLAN1 member locally, only VLAN4 and VLAN1 There is an intercommunication relationship, so the message will be broadcast to VLAN4, that is, only Server1 can receive the message, Client1 cannot receive the message, and Client1 cannot reply to the arp request, so the arp request of Client2 fails and cannot communicate with Client1 sends packets to e...

example 3

[0049] Implement isolation between different VLANs on the same PE (take the isolation of Client2 and Client3 as an example to illustrate).

[0050] The arp request message of Client2 arrives at PE2. For PE2, the message is a broadcast message received from the local AC. The message forwarding module 106 on PE2 forwards the message to the local VPN members and VPN local members of the VLAN with intercommunication relationship and all PW broadcasts, there are no other members of VLAN1 except Client2, and there is no member of VLAN4 with intercommunication relationship with VLAN1, so Client3 cannot receive the arp request message, and Client2's The arp request failed, and the packet cannot be sent to Client3. Due to the same reason, the arp request of Client3 will also fail, and it cannot continue to send packets to Client2.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a user grouping intercommunication / isolation device in the virtual private network service which comprises: a VLAN intercommunication command configuration module used to analyze a VLAN intercommunication configuration command and a VLAN intercommunication deletion command which are configurated by the user; a MAC address learning and FIB management module which is connected to the VLAN intercommunication command configuration module, is used to copy the transfer entry of a MAC address in a VLAN to other VLANs intercommunicated with the VLAN, writes the transfer entry into a FIB for message transfer; and a message transfer module which is connected to the MAC address learning and FIB management module, is used to broadcast the message to other VLANs intercommunicated with the VLAN according to the intercommunication state of the VLAN, and replaces the VLAN of the message according to the transfer entry when the related single-cast message is processed and then transfers the message.

Description

technical field [0001] The present invention relates to a virtual private network service (Virtual Private LAN Service, VPLS) technology in a Layer 2 Virtual Private Network (Layer 2 Virtual Private Network, L2VPN) technology based on a multi-protocol label switching network (Multi Protocol Label Switch, referred to as MPLS). Specifically, it relates to a device for implementing intercommunication / isolation between user groups in a VPLS virtual private network (Virtual Private Network, VPN for short). Background technique [0002] VPLS provides users with virtual local area network (Local Area Network, referred to as LAN) services. Through VPLS technology, all customers seem to be in a LAN no matter where they are physically located, and enjoy the benefits brought by the LAN. Convenience and benefits. In traditional LAN, VLAN is used for user isolation and access control in order to enhance the security of the network. By dividing multiple broadcast domains, mutual visits c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/56H04L12/46H04L45/16H04L45/50
Inventor 冯军刘克波
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap