Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Embodiment 1
The embodiment of the invention provides a kind of Virtual Private Network topology control method, and as shown in Figure 1, this method comprises:
101, receive the message that customer edge devices sends, comprise source MAC and the target MAC (Media Access Control) address of message in the described message.
102, when the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message.
Wherein, described operation matching list to message comprises: up Access Control List (ACL) or filter table; Described up Access Control List (ACL) comprises the pseudo-line of message source MAC Address, purpose, message target MAC (Media Access Control) address and to the operation of matching message; Described filter table comprises the far-end provider edge equipment port attribute of the pseudo-line of message source port attribute, purpose, the pseudo-line of purpose and to the operation of matching message.
When described operation matching list to message is up Access Control List (ACL), described according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message determine whether with described message send for: determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and described up Access Control List (ACL); When described operation matching list to message is filter table, at first need to obtain the message source port attribute corresponding with described message source MAC Address according to mac address learning table, and the pseudo-line far-end of the purpose corresponding with described message target MAC (Media Access Control) address provider edge equipment port attribute; And the far-end provider edge equipment port attribute of corresponding message source port attribute, purpose puppet line in the far-end provider edge equipment port attribute of the pseudo-line of the described message source port attribute that obtains, purpose and the described filter table is mated described according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message, determine whether with described message send for: determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and described filter table.
103, if determine described message is sent, then described message is sent to the provider edge equipment of message destination.
Wherein, described when described message is sent to the provider edge equipment of message destination when determining according to described up access control list described message sent, comprise described message source MAC Address and message target MAC (Media Access Control) address in the described message; When according to described filter table is definite described message being sent, it is described when described message is sent to the provider edge equipment of message destination, comprise described message source MAC Address in the described message, message target MAC (Media Access Control) address and indication information, described indication information is used to indicate the attribute of described message source end customer edge devices port, described port attribute, refer to the topological attribute of customer edge devices in Virtual Private Network that port connects, described topological attribute comprises root attribute and leaf attribute, be that described message source end customer edge devices port is that root (root) port still is leaf (leaf) port, described port can be physical port, also can be logic port.
The embodiment of the invention provides a kind of message source end provider edge equipment, and as shown in Figure 2, this equipment comprises: message receiving element 201, first determining unit 202 and transmitting element 203.
Message receiving element 201 is used for receiving the message that customer edge devices sends, and comprises source MAC and the target MAC (Media Access Control) address of message in the described message; First determining unit 202 when being used for the pseudo-line of outbound port correspondence when described message, determines whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message; Wherein, described operation matching list to message comprises: up Access Control List (ACL) or filter table; Described up Access Control List (ACL) comprises the pseudo-line of message source MAC Address, purpose, message target MAC (Media Access Control) address and to the operation of matching message; Described filter table comprises the far-end provider edge equipment port attribute of the pseudo-line of message source port attribute, purpose, the pseudo-line of purpose and to the operation of matching message, described port attribute, refer to the topological attribute of customer edge devices in Virtual Private Network that port connects, described topological attribute comprises root attribute and leaf attribute.Described port can be physical port, also can be logic port.
When described operation matching list to message is filter table, at first need to obtain the message source port attribute corresponding with described message source MAC Address according to mac address learning table, and the pseudo-line far-end of the purpose corresponding with described message target MAC (Media Access Control) address provider edge equipment port attribute; And the far-end provider edge equipment port attribute of corresponding message source port attribute, purpose puppet line in the far-end provider edge equipment port attribute of the pseudo-line of the described message source port attribute that obtains, purpose and the described filter table mated, determine whether described message is sent.
Transmitting element 203 is used for described message being sent to the provider edge equipment of message destination when described first determining unit 202 is determined described message sent.
In the embodiment of the invention, when pseudo-line of outbound port correspondence of the message that receives, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message, if determine described message is sent, then described message sent to the provider edge equipment of message destination; The embodiment of the invention is before sending to destination with message, according to the operation matching list to message that arranges described message is mated filtration earlier, when definite described message can send, just described message is sent, avoid unnecessary message to send in the network, saved Internet resources; And owing to described message is being mated in the process of filtration, only the message that can send sends to corresponding port, namely only sets up virtual link for the message that can send in the transmission course of message, thereby realizes the control to the virtual private net topology.
Embodiment 2
The embodiment of the invention provides a kind of Virtual Private Network topology control method, this method is the Virtual Private Network topology control method of message source end, be specially PE (the Provider Edge of message source end, provider edge equipment) according to up ACL (Access Control List, Access Control List (ACL)) determines whether Virtual Private Network topology control method that message is sent, as shown in Figure 3, this method comprises:
When implementing the embodiment of the invention, at first need to arrange up ACL table, after described up ACL table is set, when the PE of message source end receives CE (Customer Edge, customer edge devices) message of Fa Songing, and the outbound port of judging described message is PW (Pseudo Wire, pseudo-line) time, the PE of described message source end determines whether described message is sent according to the up ACL table of the message source MAC Address that comprises in the described message and message target MAC (Media Access Control) address and described setting, when determining described message to be sent, the PE of message source end just sends described message.The embodiment of the invention will be in conjunction with the concrete Virtual Private Network topology control method of setting forth described message source end of Fig. 4, and for convenience, the PE of described message source end is set to PE1, and the PE of described message destination is set to PE2.As shown in Figure 4, by PE1, PE2 forms a L2VPN, is a MPLS network between PE1 and the PE2, connects by PW12 respectively for A, B, C, E, five CE websites of F.Existing A and F port are the root ports, and the connection of requirement is, the root port, i.e. and A, F can be communicated with other all of the port, and the leaf port, i.e. B, C can not be communicated with between the E.Also have PE3 also to have the CE website to belong to this L2VPN in addition, all CE that PE3 connects are leaf nodes.
301, receive the message that PE2 sends, comprise the MAC Address of root (root) customer edge devices in the customer edge devices that PE2 connects in the described message.
302, after the MAC Address that receives the root customer edge devices that described PE2 comprises, according to the MAC Address of described customer edge devices with pre-set rule described up ACL table is set.Described up ACL table comprises message source MAC Address (S-MAC), the pseudo-line (T-PW) of purpose, message target MAC (Media Access Control) address (D-MAC) and to the operation of matching message.
Wherein, the described rule that pre-sets is: attribute is the CE port of leaf (leaf), can only be that the CE port of root (root) is connected with attribute, and attribute is the CE port of root, can be connected with the CE port of any attribute.
Up ACL table is set in conjunction with Fig. 4 according to above-mentioned preset rules, the up ACL table of setting is specifically as shown in table 1:
S-MAC |
T-PW |
D-MAC |
Operation |
MAC-A |
any |
any |
send |
any |
PW12 |
MAC-F |
send |
any |
PW12 |
multicast |
send |
any |
any |
any |
discard |
Table 1
303, receive the message that customer edge devices sends, comprise source MAC and the target MAC (Media Access Control) address of message in the described message.Sending message with C to F in the embodiment of the invention is example, specifically sets forth the Virtual Private Network topology control method.
304, judge corresponding port that pseudo-line still is message source end provider edge equipment of outbound port of described message according to the mac learning table; If when judging the corresponding pseudo-line of the outbound port of described message, execution in step 305; If judge when the outbound port of described message is the port of message source end provider edge equipment execution in step 308.
305, corresponding message source MAC Address and target MAC (Media Access Control) address in described message source MAC Address, target MAC (Media Access Control) address and the described ACL table are mated.
The message source MAC Address is MAC-C in the embodiment of the invention, the message target MAC (Media Access Control) address is MAC-F, source MAC and target MAC (Media Access Control) address in described message source MAC Address MAC-C and message target MAC (Media Access Control) address MAC-F and the table 1 are mated, then in table 1, obtain occurrence, i.e. (a S-MAC, T-PW, D-MAC, operation) be (any, PW12, MAC-F, send).
306, determine whether described message is sent according to the operation to matching message in the occurrence that is complementary with described message source MAC Address and target MAC (Media Access Control) address, described operation to matching message comprises and sends or abandon.If determine described message is sent, then execution in step 307; Otherwise with described packet loss.
Wherein, the operation to matching message in the occurrence that described basis and described message source MAC Address and target MAC (Media Access Control) address are complementary determines whether described message sent specifically and comprises: if described to matching message be operating as send (transmission) time, described message is sent to the PE2 of described message destination, if it is described when being operating as of matching message abandoned, with described packet loss, the PE2 to described message destination does not send described message.
In the present embodiment, the occurrence that the message from C to F obtains in ACL table for (any, PW12, MAC-F, send) since in the described occurrence to the send that is operating as of matching message, then determine described message to be sent execution in step 307.
307, described message is sent to the provider edge equipment of message destination, in the embodiment of the invention described message from C to F is sent to PE2, process finishes.
308, according to the attribute of the inbound port of described message and the attribute of described outbound port, the port of determining described message is transmitted to corresponding message source end provider edge equipment is still with described packet loss, and carries out corresponding operation, and process finishes.
Wherein, according to the attribute of the inbound port of described message and the attribute of described outbound port, determine that the port that described message is transmitted to corresponding message source end provider edge equipment still is specially described packet loss: the attribute that obtains the message source CE port corresponding with described message source MAC Address according to mac address learning table, and the attribute of the message purpose CE port of described message target MAC (Media Access Control) address correspondence, according to the attribute of described message source CE port and the attribute of described message purpose CE port, and the Virtual Private Network transmission rule is determined described message is sent to corresponding CE port still with described packet loss.
The embodiment of the invention also provides a kind of Virtual Private Network topology control method, this method is the Virtual Private Network topology control method of message destination, be specially when the provider edge equipment of message source end sends message according to described message source MAC Address, target MAC (Media Access Control) address and descending Access Control List (ACL) are definite, the Virtual Private Network topology control method of message destination, as shown in Figure 5, this method comprises:
When implementing the embodiment of the invention, at first need to arrange descending ACL table, after described descending ACL table is set, when the PE of message destination receives the message that the PE of message source end sends, the PE of described message destination determines whether described message is sent according to the descending ACL table of the message source MAC Address that comprises in the described message and message target MAC (Media Access Control) address and described setting, when determining described message to be sent, the PE of message destination just sends described message.Therefore when implementing the embodiment of the invention, described descending ACL table need be set earlier.
401, receive the message that described message source end provider edge equipment sends, comprise the MAC Address of the root customer edge devices in the customer edge devices that message source end provider edge equipment connects in the described message.
Wherein, concrete described message can adopt LDP (tag distribution protocol) expansion (RFC5036), but inventive embodiments does not limit this; The expansion of described LDP (RFC5036) is as carrying described indication information for expansion LDPnotify message or hello message in PW status TLV.The definition of message format is not emphasis of the present invention, and those skilled in the art does not need creative work to define.
402, after the MAC Address that receives described customer edge devices, according to the MAC Address of described customer edge devices with pre-set rule described descending Access Control List (ACL) is set.Described descending ACL comprises message source MAC Address (S-MAC), message target MAC (Media Access Control) address (D-MAC) and to the operation of matching message.
Wherein, the described rule that pre-sets is: attribute is the CE port of leaf (leaf), can only be that the CE port of root (root) is connected with attribute, and attribute is the CE port of root, can be connected with the CE port of any attribute.According to above-mentioned preset rules and in conjunction with Fig. 4, descending ACL table is set, the descending ACL table of setting is specifically as shown in table 2:
S-MAC |
D-MAC |
Operation |
MAC-A |
any |
continue |
any |
multicast |
Send to protF |
any |
MAC-F |
continue |
any |
any |
discard |
Table 2
403, when the provider edge equipment PE of message source end sends described message to the PE of described message destination, the PE of described message destination receives the message that the PE of message source end sends, and comprises source MAC and the target MAC (Media Access Control) address of message in the described message.
404, determine described message not to be sent to corresponding purpose customer edge devices according to the source MAC in the described message, target MAC (Media Access Control) address and described descending ACL table.If determine described message is sent to corresponding purpose customer edge devices, then execution in step 405; Otherwise with described packet loss.
Wherein, describedly determine that according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL) described message not being sent to corresponding purpose customer edge devices comprises: message source MAC Address and target MAC (Media Access Control) address mated during described message source MAC Address, target MAC (Media Access Control) address were shown with described descending ACL; Occurrence as if obtaining being complementary with described message source MAC Address and target MAC (Media Access Control) address then determines whether described message is sent according to the operation to matching message in the described occurrence, and described operation to matching message comprises transmission or abandons.
Wherein, the operation to matching message in the occurrence that described basis and described message source MAC Address and target MAC (Media Access Control) address are complementary determines whether described message sent specifically and comprises: if described to matching message be operating as continue (continuation) time, described message is sent to corresponding purpose customer edge devices, and the purpose customer edge of described correspondence is determined according to mac address learning table by described PE; If described to matching message be operating as discard (abandoning) time, with described packet loss, the purpose customer edge devices to correspondence does not send described message.
405, described message is sent to corresponding purpose customer edge devices, process finishes.
At said method embodiment, the embodiment of the invention also provides a kind of message source end provider edge equipment, as shown in Figure 6, this message source end provider edge equipment comprises: the energy 201, first determining unit 202, transmitting element 203, the first message sink unit 204, first that message receives arrange unit 205, judging unit 206 and second determining unit 207.
The first message sink unit 204 be used for to receive the message that described message destination provider edge equipment (PE) sends, and comprises the MAC Address of the root customer edge devices in the customer edge devices that message destination provider edge equipment connects in the described message; After the MAC Address that receives described customer edge devices, first arranges unit 205, is used for according to the MAC Address of described customer edge devices and pre-sets rule described up access control list (ACL) is set.Described up ACL table comprises message source MAC Address (S-MAC), the pseudo-line (T-PW) of purpose, message target MAC (Media Access Control) address (D-MAC) and to the operation of matching message.
Wherein, the described rule that pre-sets is: attribute is the CE port of leaf (leaf), can only be that the CE port of root (root) is connected with attribute, and attribute is the CE port of root, can be connected with the CE port of any attribute.
When CE (Customer Edge, customer edge devices) sent message to the PE of message source end, message receiving element 201 was used for receiving the message that CE sends, and comprises source MAC and the target MAC (Media Access Control) address of message in the described message; After receiving described message, judging unit 205 is used for judging that according to the mac learning table outbound port of described message is the port of pseudo-line or message source end provider edge equipment; When described judging unit 205 is judged pseudo-line of outbound port correspondence of described message, first determining unit 202, the source MAC, target MAC (Media Access Control) address and the described up ACL table that are used for according to described message determine whether described message is sent; When described first determining unit 202 was determined described message sent, transmitting element 203 was used for described message is sent to the PE of message destination.
When described judging unit 205 judges that the outbound port of described message is the port of message source end provider edge equipment, second determining unit 207, be used for determining described message is transmitted to the port of corresponding message source end provider edge equipment still with described packet loss according to the attribute of the inbound port of described message and the attribute of described outbound port; Wherein, according to the attribute of the inbound port of described message and the attribute of described outbound port, determine that the port that described message is transmitted to corresponding message source end provider edge equipment still is specially described packet loss: the attribute that obtains the message source CE port corresponding with described message source MAC Address according to mac address learning table, and the attribute of the message purpose CE port of described message target MAC (Media Access Control) address correspondence, according to the attribute of described message source CE port and the attribute of described message purpose CE port, and the Virtual Private Network transmission rule is determined described message is sent to corresponding CE port still with described packet loss.
Wherein, described first determining unit 202 comprises: first matching module 2021 and first determination module 2022.
First matching module 2021 is used for the corresponding message source MAC Address of described message source MAC Address, target MAC (Media Access Control) address and described up Access Control List (ACL) and target MAC (Media Access Control) address are mated; When the occurrence that described first matching module 2021 obtains being complementary with described message source MAC Address and target MAC (Media Access Control) address, first determination module 2022, be used for determining whether described message is sent according to the operation to matching message of described occurrence, described operation to matching message comprises transmission or abandons.
Wherein, the operation to matching message in the occurrence that described basis and described message source MAC Address and target MAC (Media Access Control) address are complementary determines whether described message sent specifically and comprises: if described when being operating as of matching message sent, described message is sent to the PE of described message destination, if it is described when being operating as of matching message abandoned, with described packet loss, the PE to described message destination does not send described message.
At said method, the embodiment of the invention provides a kind of message destination provider edge equipment, as shown in Figure 7, this message destination provider edge equipment comprises: message sink unit 61, unit 62, message receiving element 63, determining unit 64 and transmitting element 65 are set.
Message sink unit 61 be used for to receive the message that described message source end provider edge equipment sends, and comprises the MAC Address of the root customer edge devices in the customer edge devices that message source end provider edge equipment connects in the described message; After the MAC Address that receives described customer edge devices, unit 62 is set, be used for according to the MAC Address of described customer edge devices and pre-set rule described descending Access Control List (ACL) is set.Described descending ACL comprises message source MAC Address (S-MAC), message target MAC (Media Access Control) address (D-MAC) and to the operation of matching message.Wherein, the described rule that pre-sets is: attribute is the CE port of leaf (leaf), can only be that the CE port of root (root) is connected with attribute, and attribute is the CE port of root, can be connected with the CE port of any attribute.
When the provider edge equipment (PE) of message source end to described message destination to PE when sending described message, message receiving element 63 is used for receiving the message that the PE of message source end sends, and comprises source MAC and the target MAC (Media Access Control) address of message in the described message; After receiving described message, determining unit 64, be used for determining described message not to be sent to corresponding purpose CE according to source MAC, target MAC (Media Access Control) address and the descending Access Control List (ACL) of described message, described descending Access Control List (ACL) comprises: message source MAC Address, message target MAC (Media Access Control) address and to the operation of matching message; Wherein, describedly determine that according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL) described message not being sent to corresponding purpose customer edge devices comprises: message source MAC Address and target MAC (Media Access Control) address mated during described message source MAC Address, target MAC (Media Access Control) address were shown with described descending ACL; Occurrence as if obtaining being complementary with described message source MAC Address and target MAC (Media Access Control) address then determines whether described message is sent according to the operation to matching message in the described occurrence, and described operation to matching message comprises transmission or abandons.
Wherein, the operation to matching message in the occurrence that described basis and described message source MAC Address and target MAC (Media Access Control) address are complementary determines whether described message sent specifically and comprises: if described when being operating as of matching message continued, described message is sent to corresponding purpose customer edge devices, and described correspondence is that the purpose subscriber equipment has described PE to determine according to mac address learning table; If described when being operating as of matching message abandoned, with described packet loss, the purpose customer edge devices to correspondence does not send described message.
Transmitting element 65 is used for when described determining unit 64 is determined described message sent described message being sent to corresponding purpose customer edge devices.
The embodiment of the invention also provides a kind of virtual private net topology control system, and this system comprises: message source end provider edge equipment and message destination provider edge equipment.
Message source end provider edge equipment is used for receiving the message that customer edge devices sends, and comprises source MAC and the target MAC (Media Access Control) address of message in the described message; When the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and up Access Control List (ACL); If determine described message is sent, then described message sent to the provider edge equipment of message destination.
Message destination provider edge equipment for the message that the provider edge equipment that receives the message source end sends, comprises source MAC and the target MAC (Media Access Control) address of message in the described message; Determine described message not to be sent to corresponding purpose customer edge devices according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL), described descending Access Control List (ACL) comprises: message source MAC Address, message target MAC (Media Access Control) address and to the operation of matching message; If determine described message is sent, then described message sent to corresponding purpose customer edge devices.
In the embodiment of the invention, when the message that receives, at first determine other ports of the PE that the corresponding pseudo-line of outbound port of described message still is the message source end according to mac address learning table, when determining pseudo-line of outbound port correspondence of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and up ACL table, if determine described message is sent, then described message sent to the provider edge equipment of message destination.The embodiment of the invention is before sending to destination with message, according to the up ACL table that arranges described message is mated filtration earlier, when definite described message can send, just described message is sent, avoid unnecessary message to send in the network, saved Internet resources; And owing to described message is being mated in the process of filtration, only the message that can send sends to corresponding port, namely only sets up virtual link for the message that can send in the transmission course of message, thereby realizes the control to the virtual private net topology.
And, after described message destination provider edge equipment receives message source end provider edge equipment transmission message, according to default descending ACL table the described message that receives is further filtered, when determining the described message that receives to be sent, just described message is sent to corresponding purpose customer edge devices.
Embodiment 3
The embodiment of the invention provides a kind of Virtual Private Network topology control method, this method is the Virtual Private Network topology control method of message source end, be specially PE (the Provider Edge of message source end, provider edge equipment) determines whether Virtual Private Network topology control method that message is sent according to filter table, as shown in Figure 8, this method comprises:
When implementing the embodiment of the invention, at first need to arrange filter table, after described filter table is set, when the PE of message source end receives CE (Customer Edge, customer edge devices) message of Fa Songing, and the outbound port of judging described message is PW (Pseudo Wire, pseudo-line) time, the PE of described message source end determines whether described message is sent according to the filter table of the message source MAC Address that comprises in the described message and message target MAC (Media Access Control) address and described setting, when determining described message to be sent, the PE of message source end just sends described message.The embodiment of the invention will be in conjunction with the concrete Virtual Private Network topology control method of setting forth described message source end of Fig. 4, and for convenience, the PE of described message source end is set to PE1, and the PE of described message destination is set to PE2.
701, receive the message that PE2 sends, contain in the described message and comprise indication information, be used to indicate the far-end provider edge equipment port attribute of the pseudo-line of purpose, namely whether comprise the root customer edge devices in the customer edge devices that described message destination provider edge equipment connects.
Wherein, described port attribute refers to the topological attribute of customer edge devices in Virtual Private Network that port connects, and described topological attribute comprises root attribute and leaf attribute.Described port can be physical port, also can be logic port.
702, after receiving described indication information, according to described indication information with pre-set rule filter table is set.Described filter table comprises the far-end provider edge equipment port attribute (PW far-end attribute) of the pseudo-line (T-PW) of message source port attribute (S-PORT), purpose, the pseudo-line of purpose and to the operation of matching message.
Wherein, the described rule that pre-sets is: attribute is the CE port of leaf (leaf), can only be that the CE port of root (root) is connected with attribute, and attribute is the CE port of root, can be connected with the CE port of any attribute.According to above-mentioned preset rules and in conjunction with Fig. 4, filter table is set, the filter table of setting is specifically as shown in table 3:
S-PORT |
T-PW |
PW far-end attribute |
Operation |
any |
PW12 |
root |
send |
leaf |
PW13 |
leaf |
discard |
root |
PW13 |
leaf |
send |
Table 3
703, receive the message that customer edge devices sends, comprise source MAC and the target MAC (Media Access Control) address of message in the described message.
704, judge corresponding port that pseudo-line still is message source end provider edge equipment of outbound port of described message according to the mac learning table; If when judging the corresponding pseudo-line of the outbound port of described message, execution in step 705; If judge when the outbound port of described message is the port of message source end provider edge equipment execution in step 709.
705, obtain the message source port attribute corresponding with described message source MAC Address according to mac address learning table, and the pseudo-line far-end of the purpose corresponding with described message target MAC (Media Access Control) address provider edge equipment port attribute.
706, the far-end provider edge equipment port attribute with corresponding message source port attribute, purpose puppet line in the far-end provider edge equipment port attribute of the pseudo-line of the described message source port attribute that obtains, purpose and the described filter table mates.
707, the operation to matching message in the occurrence that is complementary according to the far-end provider edge equipment port attribute with the pseudo-line of the described message source port attribute that obtains, purpose, determine whether described message is sent, described operation to matching message comprises transmission or abandons.If determine described message is sent, then execution in step 708; Otherwise with described packet loss.
Wherein, the operation to matching message in the occurrence that the far-end provider edge equipment port attribute of described basis and the described message source port attribute that obtains, the pseudo-line of purpose is complementary, determine whether described message sent specifically and comprise: if described to matching message be operating as send (transmission) time, described message is sent to the provider edge equipment of described message destination, if it is described when being operating as of matching message abandoned, with described packet loss, the provider edge equipment to described message destination does not send described message.
708, described message is sent to the provider edge equipment of message destination, comprise indication information in the described message information, be used to indicate the attribute of described message source port, process finishes.
Wherein, in the step 701, when PE2 sends to PE1, the information that contains in the message has two kinds of situations, if one PW only is a VSI (VPLS Service Instance, centrex service example) service, then specifically the information of carrying comprises PW sign and above-mentioned indication information; If one PW is a plurality of VSI services, then the information of carrying comprises the PW sign, VSI sign and above-mentioned indication information.If sending message transmits by PW, and the unique corresponding VSI of this PW, then which VSI can judge by informed source PW pipeline be to receiving terminal, then only need carry above indication information gets final product, the embodiment of the invention does not limit this, determines as the case may be in the specific implementation to use which kind of mode to transmit.
Wherein, described message can adopt the expansion of LDP (tag distribution protocol), the embodiment of the invention does not limit this, and the expansion of described employing LDP can be carried described indication information for expansion LDP notify message or hello message in PW status TLV.The definition of message format is not emphasis of the present invention, and those skilled in the art does not need creative work to define.
709, according to the attribute of the inbound port of described message and the attribute of described outbound port, the port of determining described message is transmitted to corresponding message source end provider edge equipment is still with described packet loss, and carries out corresponding operation, terminal procedure.
Wherein, according to the attribute of the inbound port of described message and the attribute of described outbound port, determine that the port that described message is transmitted to corresponding message source end provider edge equipment still is specially described packet loss: the attribute that obtains the message source CE port corresponding with described message source MAC Address according to mac address learning table, and the attribute of the message purpose CE port of described message target MAC (Media Access Control) address correspondence, according to the attribute of described message source CE port and the attribute of described message purpose CE port, and the Virtual Private Network transmission rule is determined described message is sent to corresponding CE port still with described packet loss.
In the embodiment of the invention when adopting said method to the message that the sends PE place at the message source end, after the filtration by described filter table, when determining described message to be sent to the PE of described message destination, can adopt existing L bit scheme, namely when the PE to the message destination sends message, carry indication information in described message, be used to indicate the attribute of described message source end CE port, namely described CE port still is the root port for the leaf port; After the PE of described message destination receives described message, PE port attribute according to described indication information and message destination, determine whether described message is sent, and when determining described message sent, determine the purpose CE that described message will be sent to according to mac address learning table, and carry out corresponding operation, and the embodiment of the invention is not given unnecessary details at this, and specific implementation can adopt existing program of the prior art.
At said method embodiment, the embodiment of the invention also provides a kind of message source end provider edge equipment, as shown in Figure 9, this message source end provider edge equipment comprises: message receiving element 201, first determining unit 202, transmitting element 203, the second message sink unit 208, second arrange unit 209, judging unit 206 and second determining unit 207.
The second message sink unit 208, be used for receiving the message that described message destination provider edge equipment sends, comprise indication information in the described message, be used to indicate the far-end provider edge equipment port attribute of the pseudo-line of purpose, namely whether comprise the root customer edge devices in the customer edge devices that described message destination provider edge equipment connects; After receiving described indication information, second arranges unit 209, is used for according to described indication information and pre-sets rule described filter table is set.Described filter table comprises the far-end provider edge equipment port attribute of the pseudo-line of message source port attribute, purpose, the pseudo-line of purpose and to the operation of matching message.Wherein, described port attribute refers to the topological attribute of customer edge devices in Virtual Private Network that port connects, and described topological attribute comprises root attribute and leaf attribute.Described port can be physical port, also can be logic port.
Wherein, the described rule that pre-sets is: attribute is the CE port of leaf (leaf), can only be that the CE port of root (root) is connected with attribute, and attribute is the CE port of root, can be connected with the CE port of any attribute.
As CE (Customer Edge, when customer edge devices) sending message to the PE of message source end, message receiving element 201, be used for receiving the message that CE sends, the source MAC and the target MAC (Media Access Control) address that comprise message in the described message, after receiving described message, judging unit 206 is for the corresponding port that pseudo-line still is message source end provider edge equipment of the outbound port of judging described message according to the mac learning table; When described judging unit 206 was judged pseudo-line of outbound port correspondence of described message, described first determining unit 202 was used for determining whether described message is sent according to source MAC, target MAC (Media Access Control) address and the described filter table of described message; When described first determining unit 202 was determined described message sent, transmitting element 203 was used for described message is sent to the PE of message destination.
When described judging unit 206 judges that the outbound port of described message is the port of message source end provider edge equipment, second determining unit 207, be used for according to the attribute of the inbound port of described message and the attribute of described outbound port, determine described message is transmitted to the port of corresponding message source end provider edge equipment, still with described packet loss; Wherein, according to the attribute of the inbound port of described message and the attribute of described outbound port, determine described message is transmitted to the port of corresponding message source end provider edge equipment, still described packet loss is specially: the attribute that obtains the message source CE port corresponding with described message source MAC Address according to mac address learning table, and the attribute of the message purpose CE port of described message target MAC (Media Access Control) address correspondence, according to the attribute of described message source CE port and the attribute of described message purpose CE port, and the Virtual Private Network transmission rule is determined described message is sent to corresponding CE port still with described packet loss.
Wherein, described first determining unit 202 comprises: acquisition module 2023, second matching module 2024 and second determination module 2025.
Acquisition module 2023 is used for obtaining the message source port attribute corresponding with described message source MAC Address according to mac address learning table, and the pseudo-line far-end of the purpose corresponding with described message target MAC (Media Access Control) address provider edge equipment port attribute; Second matching module 2024, the message source port attribute that is used for described acquisition module 2023 is obtained, the far-end provider edge equipment port attribute of the pseudo-line of purpose mate with the far-end provider edge equipment port attribute of the corresponding message source port attribute of described filter table, purpose puppet line; When described second matching module 2024 obtains occurrence that the far-end provider edge equipment port attribute with the pseudo-line of the described message source port attribute that obtains, purpose is complementary, second determination module 2025, be used for determining whether described message is sent according to the operation to matching message of described occurrence, described operation to matching message comprises transmission or abandons.Wherein, the operation to matching message in the occurrence that described basis and described message source MAC Address and target MAC (Media Access Control) address are complementary determines whether described message sent specifically and comprises: if described when being operating as of matching message sent, described message is sent to the PE of described message destination, if it is described when being operating as of matching message abandoned, with described packet loss, the PE to described message destination does not send described message.
At above-described embodiment, the embodiment of the invention provides a kind of virtual private net topology control system, and this system comprises: message source end provider edge equipment and message destination provider edge equipment.
Message source end provider edge equipment is used for receiving the message that customer edge devices sends, and comprises source MAC and the target MAC (Media Access Control) address of message in the described message; When the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and filter table; If determine described message is sent, then described message is sent to the provider edge equipment of message destination, carry indication information in the described message, be used to indicate described message source port attribute.Wherein, described port attribute refers to the topological attribute of customer edge devices in Virtual Private Network that port connects, and described topological attribute comprises root attribute and leaf attribute.Described port can be physical port, also can be logic port.
Message destination provider edge equipment, the message for the provider edge equipment that receives the message source end sends carries indication information in the described message, is used to indicate described message source port attribute; Determine whether described message is sent according to described indication information and message destination provider edge equipment port attribute; If determine described message is sent, then described message sent to corresponding purpose customer edge devices.
In the embodiment of the invention, when the message that receives, at first determine other ports of the PE that the corresponding pseudo-line of outbound port of described message still is the message source end according to mac address learning table, when determining pseudo-line of outbound port correspondence of described message, filter table according to the source MAC in the described message, target MAC (Media Access Control) address and setting determines whether described message is sent, if determine described message is sent, then described message sent to the provider edge equipment of message destination.The embodiment of the invention is before sending to destination with message, according to the filter table that arranges described message is mated filtration earlier, when definite described message can send, just described message is sent, avoid unnecessary message to send in the network, saved Internet resources; And owing to described message is being mated in the process of filtration, only the message that can send sends to corresponding port, namely only sets up virtual link for the message that can send in the transmission course of message, thereby realizes the control to the virtual private net topology.
Through the above description of the embodiments, the those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential common hardware, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium that can read, floppy disk as computer, hard disk or CD etc., comprise some instructions with so that computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of described claim.