Implementation method and device of VPN (virtual private network) for edge equipment

An edge device and processing method technology, applied in the field of virtual private network, can solve the problems of complex configuration and table item content, and achieve the effect of reducing configuration and table item capacity

Inactive Publication Date: 2014-12-17
ZTE CORP
View PDF4 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at technical problems such as complex configuration and entry content in the VPN automatic control scheme in related technolo

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Implementation method and device of VPN (virtual private network) for edge equipment
  • Implementation method and device of VPN (virtual private network) for edge equipment
  • Implementation method and device of VPN (virtual private network) for edge equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0107]A method for dynamically establishing and managing VPN services on an IP / MPLS network through a network management system. The network management system receives application requests for VPN services, and performs unified control on table entries of forwarding device services at the operator's edge through interfaces, including:

[0108] After the network management system receives the VPN routing information sent by the operator's edge device, it combines the received information with the application request for centralized calculation and processing, and generates the calculated and processed information and sends it to the forwarding device.

[0109] The VPN routing information includes VPN Table ID, table entry, and the content of the table entry includes but is not limited to: table entry key value, next hop, outgoing interface, VPN identification, VPN forwarding plane identification, protocol type, active and standby Some or all of the items such as logo, load shari...

Embodiment 2

[0122] Example 2: L3VPN automatic control and delivery of related entries

[0123] Such as Figure 6 As shown, site 1 and site 3 belong to VPN1, and site 2 and site 4 belong to the same VPN2. When performing VPN access on each PE, the existing implementation needs to manually configure VPN1 on each PE. After the configuration is complete, the routes of VPN1 and VPN2 are maintained through different entries on each PE, and the RTs with matching attributes are imported and exported to the corresponding VPN forwarding table to realize VPN isolation. . In this way, PE1, PE2, and PE3 will be isolated on PE1, PE2, and PE3, and all effective local virtual routing / forwarding (virtual routing & forwarding instance, VRF for short) routes will be published in the VPN message carried by BGP. For example, the VPN1 message on PE1 is in PE2 will also receive it, but this message is completely invalid for PE2 and takes up bandwidth transmission and protocol packet filtering time.

[0124] ...

Embodiment 3

[0158] Embodiment 3: On the basis of Embodiment 1, the customer proposes a policy application process with traffic filtering and time period requirements

[0159] Such as Figure 6 As shown, on the basis of the description in Embodiment 1, when a user submits an application for opening a VPN service with a traffic filtering request. Specifically, users of VPN1 require some clients between different sites to provide direct access, and some clients cannot access across sites. For example, there are three client-side terminals accessing in site 1, and their IPs are IP1, IP2, and IP3, and there are only two terminals accessing in site 3, and their IPs are IP5 and IP6 respectively. It is required that IP1 and IP2 can communicate with IP5. IP3 and IP6 can only communicate with members in the same site. Then, according to the traffic filtering request, the relevant VPN entries are issued through the Client, so that IP1 and IP2 in Site 1 can issue entries on PE3, so that PE3 can only...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an implementation method and device of a VPN (virtual private network) for edge equipment. The method includes the steps of acquiring a VPN application request which carries VPN attribute configuration messages; receiving VPN routing messages of edge devices in a VPN; transmitting a VPN routing control message to each edge device. The VPN routing control message is a routing message obtained by central calculation of the attribute configuration messages and the VPN routing messages. According to the scheme, the implementation method and device has the advantages that the technical problems such that in related arts, VPN auto-control schemes have complex configurations and table item contents are solved, release of simpler configurations, more concentrated table item management and release of table items can be automatically controlled under a uniform control platform, and the existing equipment needs less configuration and table item capacity.

Description

technical field [0001] The present invention relates to the communication field, and in particular, to a method and device for implementing a virtual private network (Virtual Private Network, VPN for short) of an edge device. Background technique [0002] Now a new interface to the routing system (Interface to the Routing System, referred to as I2RS) working group established by the IETF standard organization is dedicated to researching a routing system-oriented interface. Interfaces that can be directly read and written, such as the policy configuration of the router and the routing information table (Routing Information Base, referred to as RIB) of the routing information base. The approximate I2RS model described in the existing personal drafts related to I2RS is as follows figure 1 , where the dotted box in the lower half of the figure represents an internal implementation element of a router. Among them, the I2RS agent (Agent) is a new component on the router to suppo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/723H04L12/46H04L45/50
CPCH04L12/6418H04L45/04H04L63/0272H04L41/0895H04L41/122H04L41/12H04L41/0893H04L45/14
Inventor 廖婷吴波代雪会
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap