CN104601431B - The cut-in method and the network equipment of a kind of vpn service - Google Patents
The cut-in method and the network equipment of a kind of vpn service Download PDFInfo
- Publication number
- CN104601431B CN104601431B CN201410850003.4A CN201410850003A CN104601431B CN 104601431 B CN104601431 B CN 104601431B CN 201410850003 A CN201410850003 A CN 201410850003A CN 104601431 B CN104601431 B CN 104601431B
- Authority
- CN
- China
- Prior art keywords
- vpn
- equipment
- edge
- port
- vpn tunneling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention provides the cut-in method and the network equipment of a kind of vpn service, the described method includes:The network equipment receives the first access request that first edge equipment is sent, and first access request is used to ask the first user site by first edge equipment connection to access the vpn service;Determine that second user site requests access the vpn service;The first edge equipment and the second edge equipment being connected with the second user website are configured, first user site and the second user website are accessed into the vpn service.It can be seen that in the present invention when can be with the second user station transmission data after determining first user site access vpn service, first user site and the second user website are just accessed into the vpn service, occur so as to be avoided as much as occupying the resource situation that still first user site cannot but transmit data of the first edge equipment, therefore reduce the wasting of resources.
Description
Technical field
The present invention relates to the communication technology, more particularly, to the cut-in method and the network equipment of a kind of vpn service.
Background technology
Virtual Private Network (English:Virtual Private Network, referred to as:VPN) it is the structure on public data network
The technology of dedicated network is built, these dedicated networks are mutually isolated, and it is special that the data of a dedicated network are not transmitted to another
In network.And in order to enable being carried out data transmission between user site using VPN, it is necessary to which user site is accessed VPN industry first
Business.
It is at present that operator and user manual negotiations go out to need to access by the usual way of user site access vpn service
All user sites of the vpn service, the edge device connected respectively to each user site afterwards are manually matched somebody with somebody
Put, so that each user site is accessed the vpn service.
However, due to needing to configure the edge device of the user's website connection when user site accesses vpn service,
The resource of edge device will necessarily be taken, and in above-mentioned access way, VPN industry is accessed on demand due to can not achieve user site
Business, that is to say, that even if can not transmit data after user site access vpn service, the operator, which remains on, to stand the user
Point access vpn service, so as to cause the wasting of resources.
The content of the invention
Present invention solves the technical problem that it is the cut-in method and the network equipment that a kind of vpn service is provided, to realize use
Family website accesses vpn service on demand, so as to reduce the wasting of resources.
For this reason, the technical solution that the present invention solves technical problem is:
In a first aspect, the present invention provides a kind of cut-in method of virtual private network business, including:
The network equipment receives the first access request that first edge equipment is sent, and first access request is used for request will
First user site of the first edge equipment connection accesses the vpn service;
The network equipment has determined that second user site requests access the vpn service;
First edge equipment described in the network equipments configuration and set with the second edge that the second user website is connected
It is standby, first user site and the second user website are accessed into the vpn service.
In the first possible implementation of first aspect, first edge equipment described in the network equipments configuration and
The second edge equipment being connected with the second user website, first user site and the second user website are connect
Enter the vpn service, including:
The network equipment from the first edge equipment to the first vpn tunneling of the second edge equipment, with
And deployment is from the second edge equipment to the second vpn tunneling of the first edge equipment, the head end of first vpn tunneling
Associated with the first port, the tail end of first vpn tunneling is associated with the second port, second vpn tunneling
Head end is associated with the second port, and the tail end of second vpn tunneling is associated with the first port, and the first port is
The port being connected in the first edge equipment with first user site, the second port are the second edge equipment
The upper port being connected with the second user website.
The possible implementation of with reference to first aspect the first, in second of possible implementation of first aspect
In, further include:
The network equipment receives the second access request that the 3rd edge device is sent, and second access request is used for please
The 3rd user site by the 3rd edge device connection is asked to access the vpn service;
The network equipment has determined that first user site and the second user website access the VPN industry
Business;
The network equipment from the first edge equipment to the 3rd vpn tunneling of the 3rd edge device, with
And fourth vpn tunneling of the deployment from the 3rd edge device to the first edge equipment, the head end of the 3rd vpn tunneling
Associated with the first port, the tail end and the 3rd port association of the 3rd vpn tunneling, the head end of the 4th vpn tunneling
With the 3rd port association, the tail end of the 4th vpn tunneling is associated with the first port, and the 3rd port is described
The port being connected on 3rd edge device with the 3rd user site;
The network equipment from the second edge equipment to the 5th vpn tunneling of the 3rd edge device, with
And sixth vpn tunneling of the deployment from the 3rd edge device to the second edge equipment, the head end of the 5th vpn tunneling
Associated with the second port, tail end and the 3rd port association of the 5th vpn tunneling, the 6th vpn tunneling
Head end and the 3rd port association, the tail end of the 6th vpn tunneling are associated with the second port.
With reference to first aspect the first or second of possible implementation, in the third possible reality of first aspect
In existing mode, the method further includes:
The network equipment distributes vpn tunneling mark for the vpn service;
The network equipment from the first edge equipment to the first vpn tunneling of the second edge equipment, with
And dispose from the second edge equipment to the second vpn tunneling of the first edge equipment, including:
The network equipment sends the first configuration parameter to the first edge equipment, and the first configuration parameter includes:
The device identification of the vpn tunneling mark, the port-mark of the first port and the second edge equipment;
The network equipment sends the second configuration parameter to the second edge equipment, and the second configuration parameter includes:
The device identification of the vpn tunneling mark, the port-mark of the second port and the first edge equipment.
With reference to first aspect the first or second of possible implementation, in the 4th kind of possible reality of first aspect
In existing mode, the network equipment from the first edge equipment to the first vpn tunneling of the second edge equipment, with
And dispose from the second edge equipment to the second vpn tunneling of the first edge equipment, including:
The network equipment sends the request for disposing first vpn tunneling and second vpn tunneling, institute to controller
State and dispose the request of first vpn tunneling and second vpn tunneling and include the port-mark, described of the first port
The port-mark of second port, the device identification of the first edge equipment and the device identification of the second edge equipment.
For with reference to first aspect the first to the 4th kind of any possible implementation, the 5th kind in first aspect can
In the implementation of energy, further include:
The first of the network equipment reception first edge equipment transmission exits request or the second edge is set
What preparation was sent second exits request, and described first, which exits request, is used to ask first user site exiting the VPN industry
Business, described second, which exits request, is used to ask the second user website exiting the vpn service;
The network equipment cancels first vpn tunneling and second vpn tunneling.
The 5th kind of possible implementation with reference to first aspect, in the 6th kind of possible implementation of first aspect
In, further include:
The network equipment obtains the deployment time for representing first vpn tunneling and second vpn tunneling
Relevant information;
The network equipment sends the relevant information to counting equipment.
For with reference to first aspect the first to the 6th kind of any possible implementation, the 7th kind in first aspect can
In the implementation of energy, first access request further includes the account that the first user site request accesses the vpn service
Number;
The method further includes:
The network equipment obtains the corresponding service quality QoS of the account;
The network equipment is from the first edge equipment to the first vpn tunneling of the second edge equipment, bag
Include:
The network equipment is based on the corresponding QoS of the account, disposes from the first edge equipment to second side
First vpn tunneling of edge equipment.
With reference to first aspect, the first of first aspect is to the 7th kind of any possible implementation, in first aspect
The 8th kind of possible implementation in, further include:
After the network equipment receives first access request, store described in the first user site request access
The information of vpn service;
Second user site requests of the network equipment having determined access the vpn service, including:
The network equipment is determined to be stored with the information that the second user site requests access the vpn service.
With reference to first aspect, the first of first aspect is to the 8th kind of any possible implementation, in first aspect
The 9th kind of possible implementation in, further include:
The first edge equipment is sent after the request of reaching the standard grade of first user site is received to the network equipment
First access request.
Second aspect, the present invention provides a kind of network equipment, including:
Receiving unit, for receiving the first access request of first edge equipment transmission, first access request is used for
The first user site access virtual special network vpn service that request connects the first edge equipment;
Processing unit, for when the receiving unit receives first access request, having determined second user
Site requests access the vpn service, configure the first edge equipment and the second side being connected with the second user website
Edge equipment, the vpn service is accessed by first user site and the second user website.
In the first possible implementation of second aspect, when configuring the first edge equipment and with described second
The second edge equipment of user site connection, the VPN is accessed by first user site and the second user website
During business, the processing unit is specifically used for deployment from the first edge equipment to the first VPN of the second edge equipment
Tunnel, and deployment is from the second edge equipment to the second vpn tunneling of the first edge equipment, the first VPN tunnels
The head end in road is associated with the first port, and the tail end of first vpn tunneling is associated with the second port, and described second
The head end of vpn tunneling is associated with the second port, and the tail end of second vpn tunneling is associated with the first port, described
First port is the port that be connected with first user site in the first edge equipment, and the second port is described the
The port being connected on two edge devices with the second user website.
With reference to the first possible implementation of second aspect, in second of possible implementation of second aspect
In, the receiving unit is additionally operable to, and receives the second access request that the 3rd edge device is sent, and second access request is used for
3rd user site of the 3rd edge device connection is accessed the vpn service by request;
The processing unit is additionally operable to, and when the receiving unit receives second access request, is determined
State the first user site and the second user website and access the vpn service, dispose from the first edge equipment to described
3rd vpn tunneling of the 3rd edge device, disposes the 4th VPN tunnels from the 3rd edge device to the first edge equipment
Road, disposes the 5th vpn tunneling from the second edge equipment to the 3rd edge device, and disposes from the 3rd side
Edge equipment to the second edge equipment the 6th vpn tunneling;
The head end of 3rd vpn tunneling is associated with the first port, the tail end of the 3rd vpn tunneling and the 3rd end
Mouthful association, the head end of the 4th vpn tunneling and the 3rd port association, the tail end of the 4th vpn tunneling and described the
Single port associates, and the head end of the 5th vpn tunneling is associated with the second port, the tail end of the 5th vpn tunneling and institute
State the 3rd port association, head end and the 3rd port association of the 6th vpn tunneling, the tail end of the 6th vpn tunneling
Associated with the second port, the 3rd port is the end being connected on the 3rd edge device with the 3rd user site
Mouthful.
With reference to the first or second of possible implementation of second aspect, in the third possible reality of second aspect
In existing mode, further include:Transmitting element;
The processing unit is additionally operable to, and vpn tunneling mark is distributed for the vpn service;
When in deployment from the first edge equipment to the first vpn tunneling of the second edge equipment, and deployment from
The second edge equipment to the first edge equipment the second vpn tunneling when, the processing unit be specifically used for pass through institute
State transmitting element and send the first configuration parameter to the first edge equipment, and by the transmitting element to second side
Edge equipment sends the second configuration parameter;
The first configuration parameter includes:Vpn tunneling mark, the port-mark of the first port and described the
The device identification of two edge devices;The second configuration parameter includes:The vpn tunneling mark, the port of the second port
The device identification of mark and the first edge equipment.
With reference to the first or second of possible implementation of second aspect, in the 4th kind of possible reality of second aspect
In existing mode, further include:Transmitting element;
When in deployment from the first edge equipment to the first vpn tunneling of the second edge equipment, and deployment from
The second edge equipment to the first edge equipment the second vpn tunneling when, the processing unit be specifically used for pass through institute
State transmitting element and send the request for disposing first vpn tunneling and second vpn tunneling to controller, described in the deployment
The request of first vpn tunneling and second vpn tunneling includes the port-mark of the first port, the second port
Port-mark, the device identification of the first edge equipment and the device identification of the second edge equipment.
With reference to second aspect the first to the 4th kind of any possible implementation, the 5th kind in second aspect can
Can implementation in, the receiving unit is additionally operable to, receive that the first edge equipment is sent first exit request or
The second of the second edge equipment transmission exits request, and described first, which exits request, is used to ask first user site
The vpn service is exited, described second, which exits request, is used to ask the second user website exiting the vpn service;
The processing unit is additionally operable to, and the receiving unit receives described first and exits request or described second exit
During request, first vpn tunneling of deployment and second vpn tunneling are cancelled.
With reference to the 5th kind of possible implementation of second aspect, in the 6th kind of possible implementation of second aspect
In, further include:Transmitting element;
The processing unit is additionally operable to, and obtains the deployment for being used for representing first vpn tunneling and second vpn tunneling
The relevant information of time;
The transmitting element, for sending the relevant information to counting equipment.
With reference to second aspect the first to the 6th kind of any possible implementation, the 7th kind in second aspect can
In the implementation of energy, first access request further includes the account that the first user site request accesses the vpn service
Number;
The processing unit is additionally operable to, and obtains the corresponding service quality QoS of the account;
When deployment is from the first edge equipment to the first vpn tunneling of the second edge equipment, the processing is single
Member is specifically used for being based on the corresponding QoS of the account, disposes the institute from the first edge equipment to the second edge equipment
State the first vpn tunneling.
With reference to second aspect, second aspect the first to the 7th kind of any possible implementation, in second aspect
The 8th kind of possible implementation in, the processing unit is additionally operable to, when the receiving unit receive it is described first access please
When asking, the information that the first user site request accesses the vpn service is stored;
When having determined that second user site requests access the vpn service, the processing unit is specifically used for determining
Go out to be stored with the information that the second user site requests access the vpn service.
With reference to second aspect, second aspect the first to the 8th kind of any possible implementation, in second aspect
The 9th kind of possible implementation in, after the first edge equipment is receives the request of reaching the standard grade of first user site,
The equipment that first access request is sent to the network equipment.
According to the above-mentioned technical solution, the network equipment is received for asking to access the first user site in the present invention
During the first access request of vpn service, first user site vpn service is not accessed into directly, but determine
There are the second user site requests different from first user site to access the vpn service, that is, illustrate first user
When can be with the second user station transmission data after the website access vpn service, configuration and first user site
The first edge equipment of connection and the second edge equipment being connected with the second user website, by first user site
The vpn service is accessed with the second user website.It can be seen that when determining first user site access VPN in the present invention
When can be with the second user station transmission data after business, just by first user site and the second user website
The vpn service is accessed, that is, realizes first user site and accesses the vpn service on demand, so as to be avoided as much as
The resource situation that still first user site cannot but transmit data for occupying the first edge equipment occurs, therefore
Reduce the wasting of resources.
Brief description of the drawings
Fig. 1 is a kind of flow diagram of embodiment of the method provided by the invention;
Fig. 2 is a kind of network topology that the embodiment of the present invention is used for;
Fig. 3 is the flow diagram of another embodiment of the method provided by the invention;
Fig. 4 is another network topology that the embodiment of the present invention is used for;
Fig. 5 in order to control device obtain the first vpn tunneling a kind of specific path;
Fig. 6 is a kind of structure diagram of device embodiment of the network equipment provided by the invention;
Fig. 7 is the structure diagram of another device embodiment of the network equipment provided by the invention;
Fig. 8 is the structure diagram of another device embodiment of the network equipment provided by the invention.
Embodiment
In order to enable carried out data transmission between user site using VPN, it is necessary to which user site is accessed VPN industry first
Business.Wherein, user site is user side equipment, and each user site generally passes through physical connection mode and the edge of operator
Equipment is attached, and can transmit data by backbone network between the edge device of operator.
It is at present that operator and user manual negotiations go out to need to access by the usual way of user site access vpn service
All user sites of the vpn service, after all user sites determine, the side that is connected respectively to each user site
Edge equipment carries out human configuration, so that each user site is accessed the vpn service.
However, inventor has found that due to needing to connect the user's website when user site accesses vpn service
Edge device configured, the resource of edge device will necessarily be taken, and in above-mentioned access way, due to can not achieve user
Website accesses vpn service on demand, that is to say, that can not also transmit data, the operator even if user site access vpn service
Vpn service can be accessed by the user's website by remaining on.Even if causing the resource for occupying the edge device of the user's website connection,
The user's website can not transmit data, so as to cause the wasting of resources.It is illustrated below by an example, it is assumed that shared
3 user sites:User site 01, user site 02 and user site 03, if user site 02 and user site 03 are in
Off-line state or without access vpn service, then even if user site 01 accesses above-mentioned vpn service, user site 01 also without
Method transmits data with user site 02 and user site 03, but due to still can connect in above-mentioned access way to user site 01
The edge device connect is configured such that it is accessed in above-mentioned vpn service, so as to cause the wasting of resources.
And in embodiments of the present invention, there is provided the cut-in method and the network equipment of a kind of vpn service, to realize user site
Vpn service is accessed on demand, so as to reduce the wasting of resources.
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, the every other implementation that those skilled in the art are obtained without creative efforts
Example, belongs to the scope of protection of the invention.
Term " first ", " second ", " the 3rd " " in description and claims of this specification and above-mentioned attached drawing
Four " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so use
Data can exchange in the appropriate case, so that the embodiments described herein can be with except illustrating or describing herein
Order beyond appearance is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that covering is non-exclusive
Include, for example, containing a series of or unit process, method, system, product or equipment is not necessarily limited to what is clearly listed
Those or unit, but may include not list clearly or for intrinsic other of these processes, method, product or equipment
Or unit.
A kind of referring to Fig. 1, embodiment of the method for the cut-in method an embodiment of the present invention provides vpn service.
In order to be better understood from the technical solution of the embodiment of the present invention, illustrate below by Fig. 2 used in the present embodiment
A kind of optional network topology.It should be noted that Fig. 2 is only a kind of exemplary explanation, its concrete structure can't be to this
Inventive embodiments play restriction effect.
As shown in Fig. 2, first edge equipment and second edge equipment belong to the edge device of operator, pass through backbone network
It is connected.The first edge equipment is connected by way of physical connection with the first user site, in the art, can also be claimed
First user site is attached in the first edge equipment.Wherein, used in the first edge equipment with described first
The first port of family website connection is properly termed as the access interface of first user site.It is similar therewith, the second edge
Equipment is connected with second user website, and the second port being connected in the second edge equipment with the second user website can be with
The access interface of referred to as described second user website.The VPN data of first user site and the second user website, needs
To be transmitted using the first edge equipment, the backbone network and the second edge equipment.It should be noted that
In Fig. 2 and Fig. 4 of the present invention, solid line represents physical connection, and dotted line represents logical relation, i.e., interaction is between expression equipment
Control information.
The present embodiment the described method includes:
101:The network equipment receives the first access request that the first edge equipment is sent, and first access request is used
First user site of first edge equipment connection is accessed into the vpn service in request.
In embodiments of the present invention, can determine that first user site needs to connect by the first edge equipment
When entering the vpn service, such as after receiving the request of reaching the standard grade of first user site, send to the network equipment described in
First access request.Wherein, the present embodiment can also include the upper of first edge equipment reception first user site
After line request, first access request is sent to the network equipment.
In specific implementation, user can pre- first to file open the vpn service, such as user can be in the net of operator
The vpn service is opened in application on standing.Wherein described vpn service can correspond to a register account number, can also correspond to multiple notes
Volume account.The network equipment preserves the vpn service opened and the correspondence of register account number.When the vpn service is opened
After logical, user can send the request of reaching the standard grade for including register account number, the first edge equipment root to the first edge equipment
Determine that first user site needs to access the vpn service according to the register account number in the request of reaching the standard grade, so as to institute
State the network equipment and send first access request.Wherein, the first edge equipment register account number can also be sent to
Authenticating device is authenticated, and certification retransmits first access request after.
In embodiments of the present invention, mark and the institute of first user site can be included in first access request
State the mark of vpn service.Wherein, the mark of first user site is specifically as follows the port-mark of the first port.
The mark of the vpn service can be specifically allocated by the network equipment.Wherein the first access request can be included in meter
Expense, which is made a copy in information, to be occurred to the network equipment.
102:The network equipment has determined that the second user site requests access the vpn service.Wherein, it is described
Second user website is the user site different from first user site.
In embodiments of the present invention, it is not directly by institute after the network equipment receives first access request
State the first user site and access the vpn service, but further determine whether the institute different from first user site
State second user website and access the vpn service, if it is, representing that the network equipment has determined the second user station
Point request accesses the vpn service.
If the network equipment has determined that the second user site requests access the vpn service, described the is represented
One user site and the second user website all ask to access the vpn service, illustrate first user site at this time
After accessing the vpn service with the second user website, first user site can be passed with the second user website
Transmission of data.
It should be noted that in the embodiment of the present invention, the second user website refers to and first user site
Different any user websites.I.e. the network equipment described in this determines any user different from first user site
When website accesses the vpn service, using any user website as the second user website.
103:First edge equipment described in the network equipments configuration and be connected with the second user website described
Two edge devices, the vpn service is accessed by first user site and the second user website.
In embodiments of the present invention, when the network equipment determines described different from first user site
The request of two user sites accesses the vpn service, can further determine that out that first user site accesses the vpn service
After therefore the first edge equipment and the second edge equipment can be configured with the second user station transmission data,
So as to which first user site and the second user website are accessed the vpn service.
Optionally, further included in the present embodiment:If the network equipment determine not except first user site it
Outer user site accesses the vpn service, illustrates that first user site can not transmit number after accessing the vpn service
According to when, then do not perform 103, but can directly terminate the flow of the present embodiment, can also be after predetermined period, again really
It is fixed whether to there is the second user website different from first user site to access the vpn service.
According to the above-mentioned technical solution, the network equipment in the embodiment of the present invention, which receives, is used to asking by described the
When one user site accesses first access request of the vpn service, directly first user site is not accessed
The vpn service, but determine described in the second user site requests access different from first user site
Vpn service, that is, illustrate that first user site can be with the second user station transmission data after accessing the vpn service
When, configure the first edge equipment that is connected with first user site and described in being connected with the second user website
Second edge equipment, the vpn service is accessed by first user site and the second user website.It can be seen that the present invention
In when can be with the second user station transmission data after determining first user site access vpn service, just will
First user site and the second user website access the vpn service, that is, realize first user site by
The vpn service need to be accessed, so that the resource for being avoided as much as occupying the first edge equipment still described first is used
The situation that family website cannot but transmit data occurs, therefore reduces the wasting of resources.
In embodiments of the present invention, the network equipment can be cooperative device, arranging equipment (English:
Orchetrator), Network Management Equipment etc. has the function of the equipment of coordinated management.The first edge equipment and the second edge
Equipment can be wideband network gateway (English:Broadband Network Gateway, abbreviation BNG).First subscriber station
Point and the second user website can be customer premises equipment, CPE (abbreviation:CPE).
In embodiments of the present invention, the network equipment receives first access that the first edge equipment is sent
Request, can also store the first user site request and access the information of the vpn service, such as specifically store the VPN
The correspondence of the port-mark of business and the first port, when the access request for receiving the transmission of other edge devices again
Afterwards, it is possible to determine that first user site accesses the information of the vpn service according to the described information of storage.Cause
This, the network equipment in 102 has determined that second user site requests access the vpn service, can include:The net
Network equipment is determined to be stored with the information that the second user site requests access the vpn service.
In embodiments of the present invention, the network equipment receives first access request, and has determined described the
When the request of two user sites accesses the vpn service, the first edge equipment and the second edge equipment are configured, by institute
State the first user site and the second user website accesses the vpn service.The wherein described network equipment is configuring described the
When one edge device and the second edge equipment, there can be two kinds of configuration modes, the first configuration mode is by described first
User site and the second user website independently access the vpn service, i.e., after each user site accesses the vpn service
Other user equipmenies for accessing the vpn service are not known.Second of configuration mode is by first user site
The mode of vpn tunneling is disposed between the second user website, by first user site and the second user website
Access the vpn service.Both configuration modes are introduced separately below.
The first configuration mode:The network equipment can be to the first edge equipment and the second edge equipment point
Do not configure so that first user site and the second user website independently access the vpn service.
For example, the network equipment sends configuration parameter to the first edge equipment, which only includes being used for
First user site is accessed to the configuration parameter of the vpn service, such as the port-mark of the first port, without wrapping
Include and the relevant configuration parameter of the second user website.The port-mark of wherein described first port can connect from described first
Enter and obtained in request.Under some scenes, the network equipment can also be sent to the first edge equipment:The network is set
The standby first via for first user site distribution is by target component (English:Route Target, referred to as:) and the first via RT
By specificator parameter (English:Route Ditinguiher, referred to as:RD).Similarly, the network equipment is to second side
The configuration parameter that edge equipment is sent, also only includes being used for the configuration parameter that the second user website is accessed to the vpn service,
Such as the port-mark of second port, without including with the relevant configuration parameter of first user site.Wherein described second
The port-mark of port can be obtained from for asking to access the second user website in the access request of the vpn service
Take.Under some scenes, the network equipment can also be sent to the second edge equipment:The network equipment is described the
The 2nd RT and the 2nd RD of two user sites distribution.The first edge equipment and the second edge equipment are according to the network
The configuration parameter that equipment is sent, independently accesses the VPN industry by the first edge equipment and the second edge equipment respectively
Business.
Second of configuration mode:In fact, under some scenes, such as user applies during the vpn service described in setting
When vpn service is the type of service of point-to-point, above-mentioned second of configuration mode can be used, i.e., by being set in the first edge
The mode for disposing vpn tunneling between standby and described second edge equipment accesses the vpn service.Below by one embodiment plus
To illustrate.
Referring to Fig. 3, another embodiment of the method for the cut-in method an embodiment of the present invention provides vpn service.With it
Unlike his embodiment, the present embodiment stress by the first edge equipment and the second edge equipment it
Between dispose vpn tunneling mode access the vpn service.
The present embodiment the described method includes 301 to 303, wherein 301 and 302 and the 101 and 102 of embodiment illustrated in fig. 1
It is similar, therefore relatively simple, related part embodiment shown in Figure 1 is described.The present embodiment emphasis describes 303.
301:The network equipment receives the first access request that the first edge equipment is sent, and first access please
Ask for asking first user site by first edge equipment connection to access the vpn service.
302:The second user site requests of the network equipment having determined access the vpn service, and described second
User site is the user site different from first user site.
303:The network equipment is from the first edge equipment to the first VPN tunnels of the second edge equipment
Road, and deployment is from the second edge equipment to the second vpn tunneling of the first edge equipment.
Wherein, the head end of first vpn tunneling is associated with the first port, the tail end of first vpn tunneling with
The second port association, the head end of second vpn tunneling are associated with the second port, the tail of second vpn tunneling
End is associated with the first port.The first port is what is be connected in the first edge equipment with first user site
Port, i.e., the access interface of described first user site, the second port in the second edge equipment with described second
The port of user site connection, i.e., the access interface of described second user website.
It is described below in the embodiment of the present invention, the head end or tail end of vpn tunneling and a kind of implementation of port association.
The head end of first vpn tunneling is associated with the first port, can be embodied in and be deposited in the first edge equipment
The first port and the mapping relations of first vpn tunneling are stored up, so that the first edge equipment is according to the mapping
Relation, will be transmitted from the data that the first port receives by first vpn tunneling.First vpn tunneling
Tail end associated with the second port, can be embodied in stored in the second edge equipment second port and
The mapping relations of first vpn tunneling, so that the second edge equipment is according to the mapping relations, by described first
The data of vpn tunneling transmission are exported to the second port.
Similarly, the head end of second vpn tunneling is associated with the second port, the tail end of second vpn tunneling
Above-mentioned implementation can also be embodied in by being associated with the first port, and which is not described herein again.
Due to being not direct after the network equipment receives first access request in embodiments of the present invention
First user site is accessed into the vpn service, but is determined whether described in the second user site requests access
Vpn service, if it is, the network equipment actually gets two user sites for accessing the vpn service, the net
Network equipment can be by way of disposing first vpn tunneling and second vpn tunneling by two user site accesses
The vpn service.
As it can be seen that this embodiment describes the implementation of second of configuration mode, i.e., by the first edge
First vpn tunneling and second vpn tunneling are disposed between equipment and the second edge equipment, by first user
Website and the second user website have accessed the vpn service.In fact, first vpn tunneling and the 2nd VPN tunnels
Road is between first user site and the second user website, it is known that the point-to-point vpn tunneling of opposite end, therefore compared to
The first described configuration mode, i.e. first user site and the second user website are independently accessed into the VPN industry
Business, second of configuration mode without finding website, therefore the discovery agreement complicated without operation automatically, to edge device
Equipment requirement is relatively low, and error rate is relatively low.
In the present embodiment, the first VPN is disposed between the first edge equipment and the second edge equipment
, can be by others if there is other user site requests to access the vpn service behind tunnel and second vpn tunneling
The edge device that user site is connected, respectively with the first edge equipment and the second edge deployed with devices vpn tunneling.
Specific implementation is that the network equipment receives the second access request that the 3rd edge device is sent, and second access please
Ask for asking the 3rd user site by the 3rd edge device connection to access the vpn service;The network equipment is true
First user site is made and the second user website accesses the vpn service;The network equipment is from institute
First edge equipment is stated to the 3rd vpn tunneling of the 3rd edge device, and deployment is from the 3rd edge device to institute
The 4th vpn tunneling of first edge equipment is stated, the head end of the 3rd vpn tunneling is associated with the first port, and the described 3rd
The tail end of vpn tunneling and the 3rd port association, head end and the 3rd port association of the 4th vpn tunneling, the described 4th
The tail end of vpn tunneling is associated with the first port, and the 3rd port is to be used on the 3rd edge device with the described 3rd
The port of family website connection;The network equipment from the second edge equipment to the 3rd edge device the 5th
Vpn tunneling, and dispose the 6th vpn tunneling from the 3rd edge device to the second edge equipment, the 5th VPN
The head end in tunnel is associated with the second port, tail end and the 3rd port association of the 5th vpn tunneling, and the described 6th
The head end of vpn tunneling and the 3rd port association, the tail end of the 6th vpn tunneling are associated with the second port.Wherein,
The associated specific manifestation mode of head end or tail end in port and tunnel, specifically refers to head end and the institute of first vpn tunneling
State first port association, and the tail end of second vpn tunneling and the associated specific manifestation mode of the second port.Here
Repeat no more.
It should be noted that the network equipment can be by directly configuring the first edge equipment and described second
Edge device disposes first vpn tunneling and second vpn tunneling to realize, such as to the first edge equipment and institute
State second edge equipment and send configuration parameter.The network equipment can be with first edge equipment described in indirect configuration and described
Two edge devices, such as by way of sending request to other equipment, first vpn tunneling and institute are disposed by other equipment
State the second vpn tunneling.Illustrate separately below.
Illustrate the mode directly configured first.The present embodiment can also include:The network equipment is the vpn service point
Identified with vpn tunneling.The 303 of the present embodiment include 3031 and 3032.Wherein, vpn tunneling mark is used to uniquely represent VPN tunnels
Road.Vpn tunneling refers to the vpn tunneling for carrying vpn service, such as can be lsp tunnel, the TE tunnels of MPLS of MPLS
Road, L2TP Tunnel, gre tunneling, IPSEC tunnels etc., the embodiment of the present invention is to this and is not limited.
3031:The network equipment sends the first configuration parameter, the first configuration parameter to the first edge equipment
Including:The device identification of the vpn tunneling mark, the port-mark of the first port and the second edge equipment.It is described
The device identification of second edge equipment is specifically as follows the IP address of the second edge equipment.
3032:The network equipment sends the second configuration parameter, the second configuration parameter to the second edge equipment
Including:The device identification of the vpn tunneling mark, the port-mark of the second port and the first edge equipment.It is described
The device identification of first edge equipment is specifically as follows the IP address of the first edge equipment.
As it can be seen that include and the second user station to the first configuration parameter that the first edge equipment is sent
The relevant configuration parameter of point:The device identification of the second edge equipment, and to described in second edge equipment transmission
Second configuration parameter includes and the relevant configuration parameter of first user site:The equipment mark of the first edge equipment
Know.Wherein described first edge equipment and the second edge equipment are joined according to the described first configuration parameter and second configuration
Number disposes first vpn tunneling and second vpn tunneling, can be according to current any vpn tunneling deployment way, this hair
Bright embodiment is to this and is not limited.In some scenarios, the network equipment can also be sent out to the first edge equipment
The first RT and the first RD for first user site distribution are sent, and sends to the second edge equipment and is used for described second
The 2nd RT and the 2nd RD of family website distribution.
Illustrate the mode of indirect configuration below, specifically from disposing the first VPN tunnels by sending request to other equipment
Road and second vpn tunneling.Refer to shown in Fig. 4, the 303 of the present embodiment can specifically include:The network equipment is to control
Device 401 processed, which is sent between the first edge equipment and the second edge equipment, disposes first vpn tunneling and described
The request of second vpn tunneling, the request for disposing first vpn tunneling and second vpn tunneling include described the
The port-mark of Single port, the port-mark of the second port, the device identification of the first edge equipment and described
The device identification of two edge devices.It can also be wrapped in the request for disposing first vpn tunneling and second vpn tunneling
Include the mark of the vpn service.
The controller 401 is after the request is received, according to the request in the first edge equipment and described
First vpn tunneling and second vpn tunneling are disposed between second edge equipment.Wherein described controller 401 is being disposed
, can be according to the device identification of the first edge equipment and described when first vpn tunneling and second vpn tunneling
The device identification of second edge equipment obtains the specific path of first vpn tunneling and second vpn tunneling, that is, determines institute
State the approach equipment of the first vpn tunneling and second vpn tunneling.Afterwards according to the path, the port of the first port
The port-mark of mark and the second port, generates and issues forwarding-table item for each approach equipment, so that each
The approach equipment transmits data according to the forwarding-table item.The controller 401 can be SDN controllers.
It can include the label and output port of the controller 401 distribution in the forwarding-table item.Below by one
A specific example illustrates the deployment way to first vpn tunneling.As shown in figure 5, the controller 401 obtain described the
The approach equipment of one vpn tunneling includes successively:BNG1, router Router1, router Router2 and BNG2.It is wherein described
The BNG1 and BNG2 is respectively the first edge equipment and the second edge equipment.
The request that the network equipment is sent to the controller 401 is:
port1/BNG1-->port2/BNG2
The controller 401 is to the BNG1 forwarding-table items sent:
port1-->port3,with Label100
The controller 401 is to the Router1 forwarding-table items sent:
port4with label 100-->port5with label 200
The controller 401 is to the Router2 forwarding-table items sent:
port6with label 200-->port7with labe 100
The controller 401 is to the BNG2 forwarding-table items sent:
port8with label 100-->port2
Wherein, the port1 is the first port, and the port2 is the second port, the port3 and port4
The port connected for the BNG1 with the Router1, the port5 and port6 are the Router1 and Router2
The port of connection, the port7 and port8 are the port that the Router2 is connected with the BNG2.
As it can be seen that issuing the forwarding-table item to each approach equipment by the controller 401, realize described
First vpn tunneling is disposed between first edge equipment and the second edge equipment.Wherein, the approach equipment includes institute
State first edge equipment and the second edge equipment.To the deployment way of second vpn tunneling, and to the first VPN
The deployment way in tunnel is similar, and which is not described herein again.
Optionally, in the present embodiment, since the vpn service can correspond to one or more accounts, and each account
Different QoS can be corresponded to, therefore when disposing first vpn tunneling, it is right to be also based on account institute used by a user
The Qos answered.Specifically, first access request further includes the account that the first user site request accesses the vpn service
Number;The present embodiment can also include:The network equipment obtains the corresponding QoS of the account;The network equipment is from institute
Stating the first vpn tunneling of first edge equipment to the second edge equipment includes:The network equipment is based on the account pair
The QoS answered, disposes the first vpn tunneling from the first edge equipment to the second edge equipment.Wherein, can also be into one
Step obtains the account that the second user site requests access the vpn service, and disposes institute according to the corresponding QoS of the account
State the second vpn tunneling.First vpn tunneling and second vpn tunneling finally disposed can have different QoS.
It is further alternative, in the present embodiment, when disposing first vpn tunneling and second vpn tunneling, may be used also
Think that first vpn tunneling and second vpn tunneling reserve bandwidth, and work as first user site or described second
When user site needs to exit the vpn service, for example, first user site or the second user site requests from
During line, first vpn tunneling and second vpn tunneling can also be further cancelled, to be released to first vpn tunneling
The bandwidth reserved with second vpn tunneling.During specific implementation, the network equipment receives what the first edge equipment was sent
First exits request or the second edge equipment is sent second exits request, described first exit request be used to asking by
First user site exits the vpn service, and described second, which exits request, is used to ask to move back the second user website
Go out the vpn service;The network equipment cancels the institute disposed between the first edge equipment and the second edge equipment
State the first vpn tunneling and second vpn tunneling.
At present when carrying out charging to vpn service, vpn service is accessed on demand due to can not achieve, usually basis
The QoS for the vpn service opened carries out charging.It is further alternative, in the present embodiment, dispose and cancel on demand due to realizing
First vpn tunneling and second vpn tunneling, therefore can be according to first vpn tunneling and second vpn tunneling
Deployment time, i.e., described first user site access vpn service real time carry out charging.During specific implementation, this reality
Example is applied to further include:The network equipment obtains the deployment time for being used for representing first vpn tunneling and second vpn tunneling
Relevant information;The network equipment sends the relevant information to counting equipment, and the counting equipment can be according to described
Relevant information gets the deployment time of first vpn tunneling and second vpn tunneling, so that according to the deployment time
Carry out charging.Wherein, the relevant information, when being specifically as follows the deployment of first vpn tunneling and second vpn tunneling
Between, or can also be to dispose first vpn tunneling and at the time of second vpn tunneling and cancel the first VPN tunnels
At the time of road and second vpn tunneling, by the counting equipment according to two moment calculate first vpn tunneling and
The deployment time of second vpn tunneling.
The embodiment of the cut-in method of the vpn service in the embodiment of the present invention is described above, below will be from mould
The device embodiment of the network equipment in the embodiment of the present invention is described in the angle of block functional entity.
A kind of referring to Fig. 6, device embodiment an embodiment of the present invention provides the network equipment 600.
In order to be better understood from the technical solution of the embodiment of the present invention, the net of the present embodiment is illustrated below by Fig. 2
A kind of optional network topology used in network equipment.It should be noted that Fig. 2 is only a kind of exemplary explanation, its is specific
Structure can't play restriction effect to the embodiment of the present invention.As shown in Fig. 2, the network equipment respectively with first edge equipment and
The connection of two edge devices, the first edge equipment and the second edge equipment belong to the edge device of operator, pass through bone
Dry network is connected.The first edge equipment is connected by way of physical connection with the first user site.The second edge
Equipment is connected by physical connection with second user website.
The network equipment 600 of the present embodiment includes:Receiving unit 601 and processing unit 602.
The receiving unit 601, the first access request sent for receiving the first edge equipment, described first connects
Enter request to be used to ask first user site by first edge equipment connection to access vpn service.
In embodiments of the present invention, can determine that first user site needs to connect by the first edge equipment
When entering the vpn service, such as after receiving the request of reaching the standard grade of first user site, sent to the network equipment 600
First access request.Wherein, after the first edge equipment can be to receive the request of reaching the standard grade of first user site,
The equipment that first access request is sent to the network equipment 600.
In specific implementation, user can pre- first to file open the vpn service, such as user can be in the net of operator
The vpn service is opened in application on standing.Wherein described vpn service can correspond to a register account number, can also correspond to multiple notes
Volume account.The network equipment 600 preserves the vpn service opened and the correspondence of register account number.When the vpn service
After opening, user can send the request of reaching the standard grade for including register account number, the first edge equipment to the first edge equipment
Register account number in the request of reaching the standard grade determines that first user site needs to access the vpn service, so as to
The network equipment 600 sends first access request.Wherein, the first edge equipment can also send out the register account number
Send to authenticating device and be authenticated, certification retransmits first access request after.
In embodiments of the present invention, mark and the institute of first user site can be included in first access request
State the mark of vpn service.Wherein, the mark of first user site is specifically as follows the port-mark of the first port.
The mark of the vpn service can be specifically allocated by the network equipment 600.
The processing unit 602, for when the receiving unit 601 receives first access request, determining
There are second user site requests to access the vpn service.Wherein, the second user website be with first user site not
Same user site.
In embodiments of the present invention, after the receiving unit 601 receives first access request, the processing unit
602 be not that first user site directly is accessed the vpn service, but has been further determined whether and described first
The different second user website of user site accesses the vpn service, if it is, representing that the processing unit 602 is true
Make the second user site requests and access the vpn service.
If the second user site requests of the processing unit 602 having determined access the vpn service, described in expression
First user site and the second user website all ask to access the vpn service, illustrate first subscriber station at this time
After point and the second user website access the vpn service, first user site can be with the second user website
Transmit data.
It should be noted that in the embodiment of the present invention, the second user website refers to and first user site
Different any user websites.I.e. described processing unit 602 is specifically used for determining different from first user site
When any user website accesses the vpn service, using any user website as the second user website.
The processing unit 602 is additionally operable to, when having determined that the second user site requests access the vpn service
When, the first edge equipment and the second edge equipment being connected with the second user website are configured, by described
One user site and the second user website access the vpn service.
In embodiments of the present invention, when the processing unit 602 determines the institute different from first user site
State second user site requests and access the vpn service, can further determine that out that first user site accesses the VPN
With the second user station transmission data therefore the first edge equipment and the second edge can be configured and set after business
It is standby, so that first user site and the second user website are accessed the vpn service.
The processing unit 602 can be also used for:If it is determined that the not no subscriber station in addition to first user site
Point accesses the vpn service, when illustrate that data can not be transmitted after the first user site access vpn service, then not
First user site is accessed into the vpn service, but can be with power cut-off, can also be after predetermined period, again
Determine whether that the second user website different from first user site accesses the vpn service.
According to the above-mentioned technical solution, the receiving unit 601 in the embodiment of the present invention, which receives, is used to ask institute
When stating first access request of the first user site access vpn service, the processing unit 602 is not directly by institute
State the first user site and access the vpn service, but determine that described second different from first user site are used
Family site requests access the vpn service, that is, illustrating that first user site accesses after the vpn service can be with described the
When two user sites transmit data, the first edge equipment that is connected with first user site is configured and with described second
The second edge equipment of user site connection, by described in first user site and second user website access
Vpn service.It can be seen that can be with the second user station after the first user site access vpn service is determined in the present invention
During point transmission data, first user site and the second user website are just accessed into the vpn service, that is, realize institute
State the first user site and access the vpn service on demand, so as to be avoided as much as occupying the money of the first edge equipment
The source situation that still first user site cannot but transmit data occurs, therefore reduces the wasting of resources.
In embodiments of the present invention, the network equipment 600 can be the tool such as cooperative device, arranging equipment, Network Management Equipment
There is the equipment of coordinated management function.The first edge equipment and the second edge equipment can be BNG, first user
Website and the second user website can be CPE.
In embodiments of the present invention, when the receiving unit 601 receive that the first edge equipment sends described the
During one access request, the processing unit 602 can be also used for storing the first user site request access vpn service
Information, such as specifically store the correspondence of the vpn service and the port-mark of the first port, when it is described receive it is single
After member 601 receives the access request of other edge devices transmission again, the processing unit 602 can be according to storage
Information determines that first user site accesses the information of the vpn service.Therefore, when having determined second user website
When request accesses the vpn service, the processing unit 602 can be specifically used for determining to be stored with the second user website
Request accesses the information of the vpn service.
In embodiments of the present invention, the receiving unit 601 receives first access request, and the processing unit
602 when having determined that the second user site requests access the vpn service, and the processing unit 602 configures described first
Edge device and the second edge equipment, the VPN is accessed by first user site and the second user website
Business.Wherein described processing unit 602 can have two kinds when configuring the first edge equipment and the second edge equipment
Configuration mode, the first configuration mode are that first user site and the second user website are independently accessed the VPN
Business, i.e., each user site do not know other user equipmenies for accessing the vpn service after accessing the vpn service.The
Two kinds of configuration modes be between first user site and the second user website dispose vpn tunneling by way of,
First user site and the second user website are accessed into the vpn service.Both configuration sides are introduced separately below
Formula.
The first configuration mode:The processing unit 602 can set the first edge equipment and the second edge
It is standby to be respectively configured so that first user site and the second user website independently access the vpn service.
For example, the network equipment 600 can also include transmitting element, the processing unit 602 sends list by described
Member sends configuration parameter to the first edge equipment, which only includes being used to first user site accessing institute
The configuration parameter of vpn service, such as the port-mark of the first port are stated, without including related to the second user website
Configuration parameter.The port-mark of wherein described first port can be obtained from first access request.In some scenes
Under, the processing unit 602 can also be sent by the transmitting element to the first edge equipment:The network equipment
600 the first RT and the first RD distributed for first user site.Similarly, the processing unit 602 passes through the transmission
The configuration parameter that unit is sent to the second edge equipment, also only includes being used for described in second user website access
The configuration parameter of vpn service, such as the port-mark of the second port, without including relevant with first user site
Configure parameter.The port-mark of wherein described second port can be from for asking described in second user website access
Obtained in the access request of vpn service.Under some scenes, the processing unit 602 can also by the transmitting element to
The second edge equipment is sent:The network equipment 600 is the 2nd RT and the 2nd RD of second user website distribution.Institute
The configuration parameter that first edge equipment and the second edge equipment are sent according to the network equipment 600 is stated, respectively by described in
First edge equipment and the second edge equipment independently access the vpn service.
Second of configuration mode:In fact, under some scenes, such as user applies during the vpn service described in setting
, can be by between the first edge equipment and the second edge equipment when vpn service is the type of service of point-to-point
The mode of deployment vpn tunneling accesses the vpn service.Illustrated below by one embodiment.
Referring to Fig. 7, another device embodiment an embodiment of the present invention provides the network equipment 700.With other implementations
Unlike example, the present embodiment is stressed by being disposed between the first edge equipment and the second edge equipment
The mode of vpn tunneling accesses the vpn service.
The network equipment 700 of the present embodiment includes:Receiving unit 701 and processing unit 702.
The receiving unit 701 is used for, and receives the first access request that the first edge equipment is sent, described first connects
Enter request to be used to ask first user site by first edge equipment connection to access the vpn service.
The processing unit 702 is used for, and when the receiving unit 701 receives first access request, has determined
The second user site requests access the vpn service, and the second user website is different from first user site
User site.
Connect described in embodiment shown in the function above and Fig. 6 of the receiving unit 701 and the processing unit 702
It is similar with the correlation function of the processing unit 602 to receive unit 601, therefore description is relatively simple, related part refers to Fig. 6 institutes
The embodiment shown.
The processing unit 702 is additionally operable to, when having determined that the second user site requests access the vpn service
When, the first vpn tunneling from the first edge equipment to the second edge equipment is disposed, and dispose from second side
Edge equipment to the first edge equipment the second vpn tunneling.
Wherein, the head end of first vpn tunneling is associated with the first port, the tail end of first vpn tunneling with
The second port association, the head end of second vpn tunneling are associated with the second port, the tail of second vpn tunneling
End is associated with the first port.The first port is what is be connected in the first edge equipment with first user site
Port, i.e., the access interface of described first user site, the second port in the second edge equipment with described second
The port of user site connection, i.e., the access interface of described second user website.
It is described below in the embodiment of the present invention, the head end or tail end of vpn tunneling and a kind of implementation of port association.
The head end of first vpn tunneling is associated with the first port, can be embodied in and be deposited in the first edge equipment
The first port and the mapping relations of first vpn tunneling are stored up, so that the first edge equipment is according to the mapping
Relation, will be transmitted from the data that the first port receives by first vpn tunneling.First vpn tunneling
Tail end associated with the second port, can be embodied in stored in the second edge equipment second port and
The mapping relations of first vpn tunneling, so that the second edge equipment is according to the mapping relations, by described first
The data of vpn tunneling transmission are exported to the second port.
Similarly, the head end of second vpn tunneling is associated with the second port, the tail end of second vpn tunneling
Above-mentioned implementation can also be embodied in by being associated with the first port, and which is not described herein again.
Due in embodiments of the present invention, after the receiving unit 701 receives first access request, the processing
Unit 702 is not that first user site directly is accessed the vpn service, but determines whether the second user
Site requests access the vpn service, if it is, the processing unit 702 actually gets the access vpn service
Two user sites, the processing unit 702 can be by disposing the side of first vpn tunneling and second vpn tunneling
Two user sites are accessed the vpn service by formula.
As it can be seen that the present embodiment introduces the implementation of second of configuration mode, i.e., by being set in the first edge
First vpn tunneling and second vpn tunneling are disposed between standby and described second edge equipment, by first subscriber station
Point and the second user website have accessed the vpn service.In fact, first vpn tunneling and second vpn tunneling
It is between first user site and the second user website, it is known that the point-to-point vpn tunneling of opposite end, therefore compared to institute
State the first configuration mode, i.e. first user site and the second user website are independently accessed into the vpn service,
Second of configuration mode, without running complicated discovery agreement, sets edge device without finding website automatically
It is relatively low for requiring, and error rate is relatively low.
In the present embodiment, the first VPN is disposed between the first edge equipment and the second edge equipment
, can be by others if there is other user site requests to access the vpn service behind tunnel and second vpn tunneling
The edge device that user site is connected, respectively with the first edge equipment and the second edge deployed with devices vpn tunneling.
Specific implementation is that the receiving unit 701 is additionally operable to, and receives the second access request that the 3rd edge device is sent, described
Second access request is used to ask the 3rd user site by the 3rd edge device connection to access the vpn service;It is described
Processing unit 702 is additionally operable to, and when the receiving unit 701 receives second access request, has determined described first
User site and the second user website access the vpn service, dispose from the first edge equipment to the 3rd side
3rd vpn tunneling of edge equipment, is disposed from the 3rd edge device to the 4th vpn tunneling of the first edge equipment, portion
Administration sets from the second edge equipment to the 5th vpn tunneling of the 3rd edge device, and deployment from the 3rd edge
6th vpn tunneling of second edge equipment described to the utmost.The head end of 3rd vpn tunneling is associated with the first port, institute
State the tail end and the 3rd port association of the 3rd vpn tunneling, head end and the 3rd port association of the 4th vpn tunneling, institute
The tail end for stating the 4th vpn tunneling is associated with the first port, and head end and the second port of the 5th vpn tunneling are closed
Connection, tail end and the 3rd port association of the 5th vpn tunneling, head end and the 3rd end of the 6th vpn tunneling
Mouth association, the tail end of the 6th vpn tunneling are associated with the second port.Wherein, the head end or tail end in port and tunnel close
The specific manifestation mode of connection, the head end for specifically referring to first vpn tunneling are associated with the first port, and described
The tail end of two vpn tunnelings and the associated specific manifestation mode of the second port.Which is not described herein again.
It should be noted that processing unit 702 can be by directly configuring the first edge equipment and described second
Edge device disposes first vpn tunneling and second vpn tunneling to realize, such as to the first edge equipment and institute
State second edge equipment and send configuration parameter.Processing unit 702 can be with first edge equipment described in indirect configuration and described
Two edge devices, such as by way of sending request to other equipment, first vpn tunneling and institute are disposed by other equipment
State the second vpn tunneling.Illustrate separately below.
Illustrate the mode directly configured first.The network equipment 700 of the present embodiment further includes transmitting element.The place
Reason unit 702 is additionally operable to, and vpn tunneling mark is distributed for the vpn service.Wherein, vpn tunneling mark is unique represents one
Vpn tunneling, vpn tunneling refer to the vpn tunneling for carrying vpn service.
When the first VPN tunnels that the vpn service is disposed between the first edge equipment and the second edge equipment
When road and second vpn tunneling, the processing unit 702 is specifically used for setting to the first edge by the transmitting element
Preparation send the first configuration parameter, and sends the second configuration parameter to the second edge equipment by the transmitting element;Institute
Stating the first configuration parameter includes:Vpn tunneling mark, the port-mark of the first port and the second edge equipment
Device identification;The second configuration parameter includes:Vpn tunneling mark, the port-mark of the second port and described
The device identification of first edge equipment.
As it can be seen that include and the second user station to the first configuration parameter that the first edge equipment is sent
The relevant configuration parameter of point:The device identification of the second edge equipment, and to described in second edge equipment transmission
Second configuration parameter includes and the relevant configuration parameter of first user site:The equipment mark of the first edge equipment
Know.Wherein described first edge equipment and the second edge equipment are joined according to the described first configuration parameter and second configuration
Number disposes first vpn tunneling and second vpn tunneling, can be according to current any vpn tunneling deployment way, this hair
Bright embodiment is to this and is not limited.In some scenarios, the processing unit 702 can be also used for sending list by described
Member sends the first RT and the first RD for first user site distribution to the first edge equipment, and to second side
Edge equipment sends the 2nd RT and the 2nd RD for second user website distribution.
Illustrate the mode of indirect configuration below, specifically from disposing the first VPN tunnels by sending request to other equipment
Road and second vpn tunneling.The network equipment 700 of the present embodiment further includes transmitting element, when in the first edge
When the first vpn tunneling of the vpn service and second vpn tunneling are disposed between equipment and the second edge equipment, institute
Processing unit 702 is stated to be specifically used for being sent in the first edge equipment and described second to controller by the transmitting element
The request of first vpn tunneling and second vpn tunneling, deployment the first VPN tunnels are disposed between edge device
The request of road and second vpn tunneling include the port-mark of the first port, the second port port-mark,
The device identification of the first edge equipment and the device identification of the second edge equipment.Deployment the first VPN
It can also include in the request of tunnel and second vpn tunneling:The mark of the vpn service.
The controller is after the request is received, according to the request in the first edge equipment and described second
First vpn tunneling and second vpn tunneling are disposed between edge device.Wherein described controller is in deployment described first
Device identification that can be according to the first edge equipment when vpn tunneling and second vpn tunneling and the second edge
The device identification of equipment obtains the specific path of first vpn tunneling and second vpn tunneling, that is, determines described first
The approach equipment of vpn tunneling and second vpn tunneling.Afterwards according to the path, the first port port-mark and
The port-mark of the second port, generates and issues forwarding-table item for each approach equipment, so that each way
Footpath equipment transmits data according to the forwarding-table item.It can include the controller 401 distribution in wherein described forwarding-table item
Label and output port.The connection relation of the controller and the network equipment 700 can be as shown in Figure 4.The control
Implement body can be SDN controllers.
Optionally, in the present embodiment, since the vpn service can correspond to one or more accounts, and each account
Different QoS can be corresponded to, therefore when disposing first vpn tunneling, it is right to be also based on account institute used by a user
The Qos answered.Specifically, first access request further includes the account that the first user site request accesses the vpn service
Number;The processing unit 702 is additionally operable to, and obtains the corresponding QoS of the account;When deployment from the first edge equipment to institute
When stating the first vpn tunneling of second edge equipment, the processing unit 702 is specifically used for being based on the corresponding QoS of the account, portion
Administration is from the first edge equipment to the first vpn tunneling of the second edge equipment.Wherein, the processing unit 702 may be used also
For obtaining the account that the second user site requests access the vpn service, and according to the corresponding QoS portions of the account
Affix one's name to second vpn tunneling.First vpn tunneling and second vpn tunneling finally disposed can have different
QoS。
It is further alternative, in the present embodiment, when disposing first vpn tunneling and second vpn tunneling, may be used also
Think that first vpn tunneling and second vpn tunneling reserve bandwidth, and work as first user site or described second
When user site needs to exit the vpn service, for example, first user site or the second user site requests from
During line, first vpn tunneling and second vpn tunneling can also be further cancelled, to be released to first vpn tunneling
The bandwidth reserved with second vpn tunneling.During specific implementation, the receiving unit 701 is additionally operable to, and receives the first edge
What equipment was sent first exits request or what the second edge equipment was sent second exits request, and described first exits request
For asking first user site exiting the vpn service, described second, which exits request, is used to ask described second
User site exits the vpn service;The processing unit 702 is additionally operable to, and the receiving unit 701 receives described first and moves back
Go out request or described second when exiting request, cancel what is disposed between the first edge equipment and the second edge equipment
First vpn tunneling and second vpn tunneling.
At present when carrying out charging to vpn service, vpn service is accessed on demand due to can not achieve, usually basis
The QoS for the vpn service opened carries out charging.It is further alternative, in the present embodiment, dispose and cancel on demand due to realizing
First vpn tunneling and second vpn tunneling, therefore can be according to first vpn tunneling and second vpn tunneling
Deployment time, i.e., described first user site access vpn service real time carry out charging.During specific implementation, this reality
The network equipment 700 of example is applied, is further included:Transmitting element;The processing unit 702 is additionally operable to, and is obtained and is used to represent described
The relevant information of the deployment time of first vpn tunneling and second vpn tunneling;The transmitting element, for by the correlation
Information is sent to counting equipment.Wherein, the relevant information, is specifically as follows first vpn tunneling and the 2nd VPN tunnels
The deployment time in road, or can also be at the time of disposing first vpn tunneling and second vpn tunneling and described in revocation
At the time of first vpn tunneling and second vpn tunneling, described first is calculated according to two moment by the counting equipment
The deployment time of vpn tunneling and second vpn tunneling.
The angle of slave module functional entity carries out the device embodiment of the network equipment in the embodiment of the present invention above
Description.The device embodiment of the network equipment in the embodiment of the present invention will be described from the angle of hardware handles below.
Fig. 8 is refer to, an embodiment of the present invention provides another device embodiment of the network equipment.The network of the present embodiment
Equipment 800 can be microprocessor computer.Such as:The network equipment 800 can be all-purpose computer, customization machine, hand
One kind in the portable equipment such as machine terminal or purl machine.The network equipment 800 includes:Processor 804, memory 806, communication
Interface 802 and bus 808.The processor 804, the memory 806 and the communication interface 802 pass through the bus 808
Connect and complete mutual communication.
The bus 808 can be industry standard architecture (Industry Standard Architecture, abbreviation
For ISA) bus or external equipment interconnection (Peripheral Component, referred to as PCI) bus or extension industrial standard body
Architecture (Extended Industry Standard Architecture, referred to as EISA) bus etc..The bus 808
The one or more that can be divided into address bus, data/address bus, controlling bus.For ease of representing, only with a thick line in Fig. 8
Represent, it is not intended that an only bus or a type of bus.
The memory 806 is used to store executable program code, which includes computer-managed instruction.Work as institute
When stating the execution program code of the network equipment 800, the network equipment 800 can complete the embodiment shown in Fig. 1 or Fig. 3
, it can also realize all functions of the network equipment in the embodiment shown in Fig. 6 or Fig. 7.Memory 806 can include at a high speed
RAM (Ramdom Access Memory) memory.Alternatively, the memory 806 can also further include non-volatile memories
Device (non-volatile memory).Such as the memory 806 can include magnetic disk storage.
The processor 804 can be a central processing unit (Central Processing Unit, referred to as CPU),
Or the processor 804 can be specific integrated circuit (Application Specific Integrated Circuit,
Referred to as ASIC), or the processor 804 can be arranged to implement the embodiment of the present invention one or more integrate electricity
Road.
The communication interface 802, sends for performing the reception first edge equipment in the embodiment shown in Fig. 1 and Fig. 3
The first access request, first access request be used for ask by the first edge equipment connection the first user site connect
Enter the vpn service.
The processor 804, for reading the instruction stored in memory 806, so as to perform the reality shown in Fig. 1 and Fig. 3
Apply in example and determined that second user site requests access the vpn service, the second user website is and described first
The different user site of user site, configures the first edge equipment and the second edge being connected with the second user website
Equipment, the vpn service is accessed by first user site and the second user website.
What deserves to be explained is each functional unit of the network equipment provided by the invention, can be based on Fig. 1 or Fig. 3 institutes
Show the method for embodiment and the specific implementation of function that Fig. 6 or the device of embodiment illustrated in fig. 7 possess, the definition of term and
Illustrate to be consistent with the embodiment shown in Fig. 1, Fig. 3, Fig. 6 and Fig. 7, details are not described herein again.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with
Realize by another way.For example, device embodiment described above is only schematical, for example, the unit
Division, is only a kind of division of logic function, can there is other dividing mode, such as multiple units or component when actually realizing
Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be the indirect coupling by some interfaces, device or unit
Close or communicate to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separate, be shown as unit
The component shown may or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
In network unit.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units integrate in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use
When, it can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially
The part to contribute in other words to the prior art or all or part of the technical solution can be in the form of software products
Embody, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment the method for the present invention
Portion or part.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory),
Random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with store program codes
Medium.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before
Embodiment is stated the present invention is described in detail, it will be understood by those of ordinary skill in the art that:It still can be to preceding
State the technical solution described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these
Modification is replaced, and the essence of appropriate technical solution is departed from the scope of various embodiments of the present invention technical solution.
Claims (20)
- A kind of 1. cut-in method of virtual private network business, it is characterised in that including:The network equipment receives the first access request that first edge equipment is sent, and first access request is used to ask by described in First user site of first edge equipment connection accesses the vpn service;The network equipment has determined that second user site requests access the vpn service;First edge equipment described in the network equipments configuration and the second edge equipment being connected with the second user website, with First user site and the second user website are accessed into the vpn service.
- 2. according to the method described in claim 1, it is characterized in that, first edge equipment described in the network equipments configuration and with The second edge equipment of the second user website connection, first user site and the second user website are accessed The vpn service, including:The network equipment is from the first edge equipment to the first vpn tunneling of the second edge equipment, and portion Administration is from the second edge equipment to the second vpn tunneling of the first edge equipment, the head end of first vpn tunneling and the Single port associates, and the tail end of first vpn tunneling associates with second port, the head end of second vpn tunneling and described the Two-port netwerk associates, and the tail end of second vpn tunneling is associated with the first port, and the first port is the first edge The port being connected in equipment with first user site, the second port in the second edge equipment with described second The port of user site connection.
- 3. according to the method described in claim 2, it is characterized in that, further include:The network equipment receives the second access request that the 3rd edge device is sent, and second access request is used for request will 3rd user site of the 3rd edge device connection accesses the vpn service;The network equipment has determined that first user site and the second user website access the vpn service;The network equipment is from the first edge equipment to the 3rd vpn tunneling of the 3rd edge device, and portion Affix one's name to the 4th vpn tunneling from the 3rd edge device to the first edge equipment, the head end of the 3rd vpn tunneling and institute State first port association, the tail end and the 3rd port association of the 3rd vpn tunneling, the head end of the 4th vpn tunneling and institute The 3rd port association is stated, the tail end of the 4th vpn tunneling is associated with the first port, and the 3rd port is the described 3rd The port being connected on edge device with the 3rd user site;The network equipment is from the second edge equipment to the 5th vpn tunneling of the 3rd edge device, and portion Affix one's name to the 6th vpn tunneling from the 3rd edge device to the second edge equipment, the head end of the 5th vpn tunneling and institute State second port association, tail end and the 3rd port association of the 5th vpn tunneling, the head end of the 6th vpn tunneling With the 3rd port association, the tail end of the 6th vpn tunneling is associated with the second port.
- 4. according to the method in claim 2 or 3, it is characterised in that the method further includes:The network equipment distributes vpn tunneling mark for the vpn service;The network equipment is from the first edge equipment to the first vpn tunneling of the second edge equipment, and portion Affix one's name to from the second edge equipment to the second vpn tunneling of the first edge equipment, including:The network equipment sends the first configuration parameter to the first edge equipment, and the first configuration parameter includes:It is described The device identification of vpn tunneling mark, the port-mark of the first port and the second edge equipment;The network equipment sends the second configuration parameter to the second edge equipment, and the second configuration parameter includes:It is described The device identification of vpn tunneling mark, the port-mark of the second port and the first edge equipment.
- 5. according to the method in claim 2 or 3, it is characterised in that the network equipment is set from the first edge First vpn tunneling of second edge equipment described to the utmost, and deployment are set from the second edge equipment to the first edge The second standby vpn tunneling, including:The network equipment sends the request for disposing first vpn tunneling and second vpn tunneling, the portion to controller Affixing one's name to the request of first vpn tunneling and second vpn tunneling includes the port-mark of the first port, described second The port-mark of port, the device identification of the first edge equipment and the device identification of the second edge equipment.
- 6. according to the method in claim 2 or 3, it is characterised in that further include:The network equipment receives first that the first edge equipment is sent and exits request or second edge equipment hair Second sent exits request, and described first, which exits request, is used to ask first user site exiting the vpn service, institute State second and exit request and be used to ask the second user website exiting the vpn service;The network equipment cancels first vpn tunneling and second vpn tunneling.
- 7. according to the method described in claim 6, it is characterized in that, further include:The network equipment, which obtains, to be used to represent that first vpn tunneling is related to the deployment time of second vpn tunneling Information;The network equipment sends the relevant information to counting equipment.
- 8. according to the method in claim 2 or 3, it is characterised in that first access request further includes described first and uses Family site requests access the account of the vpn service;The method further includes:The network equipment obtains the corresponding service quality QoS of the account;The network equipment from the first edge equipment to the first vpn tunneling of the second edge equipment, including:The network equipment is based on the corresponding QoS of the account, disposes and is set from the first edge equipment to the second edge Standby first vpn tunneling.
- 9. method according to any one of claims 1 to 3, it is characterised in that further include:After the network equipment receives first access request, store the first user site request and access the VPN industry The information of business;Second user site requests of the network equipment having determined access the vpn service, including:The network equipment is determined to be stored with the information that the second user site requests access the vpn service.
- 10. method according to any one of claims 1 to 3, it is characterised in that further include:The first edge equipment is after the request of reaching the standard grade of first user site is received, to described in network equipment transmission First access request.
- A kind of 11. network equipment, it is characterised in that including:Receiving unit, for receiving the first access request of first edge equipment transmission, first access request is used to ask The first user site access virtual special network vpn service that the first edge equipment is connected;Processing unit, for when the receiving unit receives first access request, having determined second user website Request accesses the vpn service, configures the first edge equipment and is set with the second edge that the second user website is connected It is standby, first user site and the second user website are accessed into the vpn service.
- 12. the network equipment according to claim 11, it is characterised in thatWhen the second edge equipment for configuring the first edge equipment and being connected with the second user website, by described first When user site and the second user website access the vpn service, the processing unit is specifically used for deployment from described the One edge device is to the first vpn tunneling of the second edge equipment, and deployment is from the second edge equipment to described the Second vpn tunneling of one edge device, the head end of first vpn tunneling are associated with first port, first vpn tunneling Tail end is associated with second port, and the head end of second vpn tunneling is associated with the second port, second vpn tunneling Tail end is associated with the first port, and the first port is to be connected in the first edge equipment with first user site Port, the second port is the port that is connected with the second user website in the second edge equipment.
- 13. the network equipment according to claim 12, it is characterised in thatThe receiving unit is additionally operable to, and receives the second access request that the 3rd edge device is sent, and second access request is used The 3rd user site of the 3rd edge device connection is accessed into the vpn service in request;The processing unit is additionally operable to, and when the receiving unit receives second access request, has determined described One user site and the second user website access the vpn service, dispose from the first edge equipment to the described 3rd 3rd vpn tunneling of edge device, disposes the 4th vpn tunneling from the 3rd edge device to the first edge equipment, Deployment is from the second edge equipment to the 5th vpn tunneling of the 3rd edge device, and disposes from the 3rd edge Equipment to the second edge equipment the 6th vpn tunneling;The head end of 3rd vpn tunneling is associated with the first port, and the tail end of the 3rd vpn tunneling and the 3rd port are closed Connection, head end and the 3rd port association of the 4th vpn tunneling, tail end and the first end of the 4th vpn tunneling Mouthful association, the head end of the 5th vpn tunneling associates with the second port, the tail end of the 5th vpn tunneling and described the Three port associations, head end and the 3rd port association, the tail end of the 6th vpn tunneling and the institute of the 6th vpn tunneling Second port association is stated, the 3rd port is the port being connected on the 3rd edge device with the 3rd user site.
- 14. the network equipment according to claim 12 or 13, it is characterised in that further include:Transmitting element;The processing unit is additionally operable to, and vpn tunneling mark is distributed for the vpn service;When in deployment, from the first edge equipment to the first vpn tunneling of the second edge equipment, and deployment is from described Second edge equipment to the first edge equipment the second vpn tunneling when, the processing unit be specifically used for pass through the hair Send unit to send the first configuration parameter to the first edge equipment, and set by the transmitting element to the second edge Preparation send the second configuration parameter;The first configuration parameter includes:Vpn tunneling mark, the port-mark of the first port and second side The device identification of edge equipment;The second configuration parameter includes:Vpn tunneling mark, the second port port-mark, With the device identification of the first edge equipment.
- 15. the network equipment according to claim 12 or 13, it is characterised in that further include:Transmitting element;When in deployment, from the first edge equipment to the first vpn tunneling of the second edge equipment, and deployment is from described Second edge equipment to the first edge equipment the second vpn tunneling when, the processing unit be specifically used for pass through the hair Unit is sent to send the request for disposing first vpn tunneling and second vpn tunneling, the deployment described first to controller The request of vpn tunneling and second vpn tunneling includes the port-mark of the first port, the port of the second port Mark, the device identification of the first edge equipment and the device identification of the second edge equipment.
- 16. according to 12 or 13 any one of them network equipment of claim, it is characterised in thatThe receiving unit is additionally operable to, and receive the first edge equipment transmission first exits request or the second edge The second of equipment transmission exits request, and described first, which exits request, is used to ask first user site exiting the VPN Business, described second, which exits request, is used to ask the second user website exiting the vpn service;The processing unit is additionally operable to, and the receiving unit receives described first and exits request or described second exit request When, cancel first vpn tunneling of deployment and second vpn tunneling.
- 17. the network equipment according to claim 16, it is characterised in that further include:Transmitting element;The processing unit is additionally operable to, and obtains the deployment time for being used for representing first vpn tunneling and second vpn tunneling Relevant information;The transmitting element, for sending the relevant information to counting equipment.
- 18. the network equipment according to claim 12 or 13, it is characterised in that first access request further includes described The request of first user site accesses the account of the vpn service;The processing unit is additionally operable to, and obtains the corresponding service quality QoS of the account;When deployment is from the first edge equipment to the first vpn tunneling of the second edge equipment, the processing unit tool Body is used to be based on the corresponding QoS of the account, disposes described the from the first edge equipment to the second edge equipment One vpn tunneling.
- 19. according to claim 11 to 13 any one of them network equipment, it is characterised in thatThe processing unit is additionally operable to, and when the receiving unit receives first access request, stores first user Site requests access the information of the vpn service;When having determined that second user site requests access the vpn service, the processing unit is specifically used for determining to deposit Contain the information that the second user site requests access the vpn service.
- 20. according to claim 11 to 13 any one of them network equipment, it is characterised in that the first edge equipment is to connect After the request of reaching the standard grade for receiving first user site, to the equipment of network equipment transmission first access request.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410850003.4A CN104601431B (en) | 2014-12-31 | 2014-12-31 | The cut-in method and the network equipment of a kind of vpn service |
PCT/CN2015/093091 WO2016107261A1 (en) | 2014-12-31 | 2015-10-28 | Method for accessing vpn service, and network device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410850003.4A CN104601431B (en) | 2014-12-31 | 2014-12-31 | The cut-in method and the network equipment of a kind of vpn service |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104601431A CN104601431A (en) | 2015-05-06 |
CN104601431B true CN104601431B (en) | 2018-04-20 |
Family
ID=53126952
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410850003.4A Active CN104601431B (en) | 2014-12-31 | 2014-12-31 | The cut-in method and the network equipment of a kind of vpn service |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104601431B (en) |
WO (1) | WO2016107261A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104601431B (en) * | 2014-12-31 | 2018-04-20 | 华为技术有限公司 | The cut-in method and the network equipment of a kind of vpn service |
US10938599B2 (en) | 2017-05-22 | 2021-03-02 | Futurewei Technologies, Inc. | Elastic VPN that bridges remote islands |
CN113778463B (en) * | 2020-06-09 | 2023-01-06 | 华为技术有限公司 | Business service deployment method and device |
CN111884903B (en) * | 2020-07-15 | 2022-02-01 | 迈普通信技术股份有限公司 | Service isolation method and device, SDN network system and routing equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1829176A (en) * | 2005-03-01 | 2006-09-06 | ***电信研究院 | Resource managing method based on signal mechanism in IP telecommunication network system |
CN101114972A (en) * | 2006-07-26 | 2008-01-30 | 成都迈普产业集团有限公司 | Method for establishing and dismounting virtual private network in IP telecommunication network system |
CN101330459A (en) * | 2008-07-31 | 2008-12-24 | 电子科技大学 | Method for controlling VPN consumer wideband based on Hose flexible pipe |
CN102055639A (en) * | 2009-11-10 | 2011-05-11 | 杭州华三通信技术有限公司 | Method for establishing remote access virtual private network connection and local access concentrator |
CN103001872A (en) * | 2011-09-13 | 2013-03-27 | 华为技术有限公司 | Label distribution method and aggregation unit |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6912232B1 (en) * | 1998-10-19 | 2005-06-28 | At&T Corp. | Virtual private network |
US7680934B2 (en) * | 2004-03-26 | 2010-03-16 | Nortel Networks Limited | Method and apparatus for assigning and allocating network resources to layer 1 virtual private networks |
CN100441030C (en) * | 2004-06-10 | 2008-12-03 | 华为技术有限公司 | Method for establishing privacy call |
DE602004005461T2 (en) * | 2004-09-30 | 2007-12-13 | Alcatel Lucent | Mobile authentication for network access |
JP5223376B2 (en) * | 2008-02-29 | 2013-06-26 | 日本電気株式会社 | Remote access system, method and program |
DE102010038228A1 (en) * | 2010-10-15 | 2012-04-19 | Phoenix Contact Gmbh & Co. Kg | Method for establishing a VPN connection between two networks |
CN103780467B (en) * | 2012-10-19 | 2017-04-26 | 华为技术有限公司 | communication connection method, communication device and communication system |
CN104601431B (en) * | 2014-12-31 | 2018-04-20 | 华为技术有限公司 | The cut-in method and the network equipment of a kind of vpn service |
-
2014
- 2014-12-31 CN CN201410850003.4A patent/CN104601431B/en active Active
-
2015
- 2015-10-28 WO PCT/CN2015/093091 patent/WO2016107261A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1829176A (en) * | 2005-03-01 | 2006-09-06 | ***电信研究院 | Resource managing method based on signal mechanism in IP telecommunication network system |
CN101114972A (en) * | 2006-07-26 | 2008-01-30 | 成都迈普产业集团有限公司 | Method for establishing and dismounting virtual private network in IP telecommunication network system |
CN101330459A (en) * | 2008-07-31 | 2008-12-24 | 电子科技大学 | Method for controlling VPN consumer wideband based on Hose flexible pipe |
CN102055639A (en) * | 2009-11-10 | 2011-05-11 | 杭州华三通信技术有限公司 | Method for establishing remote access virtual private network connection and local access concentrator |
CN103001872A (en) * | 2011-09-13 | 2013-03-27 | 华为技术有限公司 | Label distribution method and aggregation unit |
Also Published As
Publication number | Publication date |
---|---|
CN104601431A (en) | 2015-05-06 |
WO2016107261A1 (en) | 2016-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106533883B (en) | A kind of method for building up, the apparatus and system of network special line | |
CN104243210B (en) | The method and system of remote access router administration page | |
CN103051737B (en) | The method and system of the network capabilities merged on interconnection architecture is provided | |
CN104639414B (en) | A kind of message forwarding method and equipment | |
CN105450532B (en) | Three-layer forwarding method in software defined network and device | |
CN106375142B (en) | The test method and device of application program | |
CN104954274B (en) | Generate method, controller and the business Delivery Function of forwarding information | |
CN103957160B (en) | Message sending method and device | |
US7440415B2 (en) | Virtual network addresses | |
CN104601431B (en) | The cut-in method and the network equipment of a kind of vpn service | |
EP3382942B1 (en) | Network service configuration method and network management device | |
CN107580065A (en) | A kind of private clound cut-in method and equipment | |
CN104506670B (en) | Establish method, equipment and the system of network game connection | |
CN109561171A (en) | The configuration method and device of virtual private cloud service | |
CN107306201A (en) | Virtualize the dispositions method and deployment system of network | |
CN104133776B (en) | Storage array automatic configuration method, device and storage system | |
CN107196813A (en) | Method and apparatus for two layers of enterprise network infrastructure of self-organizing | |
CN109412922B (en) | Method, forwarding device, controller and system for transmitting message | |
CN107800603B (en) | Intranet user accesses the method and storage medium of headend equipment based on VPN | |
CN107222324A (en) | The business collocation method and device of network service | |
CN104144096A (en) | Virtual network layer construction method, device and system | |
CN105577500B (en) | The correlating method and device of VXLAN and tunnel | |
CN107547665A (en) | A kind of method, equipment and the system of dhcp address distribution | |
CN106330779A (en) | Server, physical switch, and communication system | |
CN110198229A (en) | Network collocating method and device, storage medium and electronic device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |