WO2009021458A1

WO2009021458A1 - Method, apparatus and system for connecting layer2 network and layer3 network

Info

Publication number: WO2009021458A1
Application number: PCT/CN2008/071971
Authority: WO
Inventors: Weiguo Hao; Kun Niu; Yuexu Gu; Gang Xu
Original assignee: Huawei Technologies Co., Ltd.
Priority date: 2007-08-14
Filing date: 2008-08-13
Publication date: 2009-02-19
Also published as: CN101110745A

Abstract

A method, apparatus and system for connecting the layer2 network and the layer3 network are provided. The first virtual interface receives the data message; according to the virtual interface ID, the first virtual interface searches the layer2 and layer3 virtual interface binding map, and acquires the corresponding second virtual interface; the data messages are transmitted from the second virtual interface; wherein, when the first virtual interface is the layer2 virtual interface, the second virtual interface is the layer3 virtual interface, accordingly, the virtual interface ID is the layer2 virtual interface ID; when the first virtual interface is the layer3 virtual interface, the second virtual interface is the layer2 virtual interface, accordingly, the virtual interface ID is the layer3 virtual interface ID.

Description

衔接二层网络和三层网络的方法、装置和*** 技术领域 Method, device and system for connecting two-layer network and three-layer network

本发明涉及网络互联的方法、装置和***，特别涉及一种实现 MPLS L2VPN (多协议标签交换二层虚拟专用网）网络和 MPLS L 3VPN (多协议标签交换三层虚拟专用网）网络互联的方法、装置和***。 The invention relates to a method, device and system for network interconnection, in particular to a method for realizing network interconnection of MPLS L2VPN (multi-protocol label switching layer 2 virtual private network) network and MPLS L 3VPN (multi-protocol label switching layer 3 virtual private network) , devices and systems.

背景技术 Background technique

随着网络技术的发展，为适应不同用户、不同业务量的需求，各种组网技术层出不穷。当今普遍使用的 MPLS L2VPN网络和 MPLS L3VPN网络之间的通讯过程，如图 1所示。下面以 CE1 ( Customer Edge, 用户边缘设备）设备发送的数据报文在 MPLS L2VPN网络和 MPLS L3VPN网络之间的通讯过程为例来进行说明： With the development of network technology, in order to meet the needs of different users and different services, various networking technologies emerge one after another. The communication process between the commonly used MPLS L2VPN network and the MPLS L3VPN network is shown in Figure 1. The following describes the communication process between the MPLS L2VPN network and the MPLS L3VPN network by using the data packets sent by the CE1 (Customer Edge) device as an example:

参照附图 1 ,数据报文从 CE1传送到 CE2需要穿过 MPLS L2VPN网络和 MPLS L3VPN网络，数据报文传输经过三个过程： 1、数据报文在 MPLS L2VPN 网络中的传输过程； 2、数据报文在 MPLS L2VPN网络和 MPLS L3VPN网络之间的传输过程； 3、数据报文在 MPLS L3VPN网络中的传输过程。 Referring to Figure 1, the data packet is transmitted from CE1 to CE2 through the MPLS L2VPN network and the MPLS L3VPN network. The data packet transmission process goes through three processes: 1. The transmission process of data packets in the MPLS L2VPN network; 2. Data The transmission process of the packet between the MPLS L2VPN network and the MPLS L3VPN network; 3. The transmission process of the data packet in the MPLS L3VPN network.

1、数据报文在 MPLS L2VPN网络中的传输过程。 CE1设备保存用户的路由表，并且 CE1设备具有维护该路由表的功能。 CE1设备发送数据报文（图 1中所示 PDU )前，已经知道数据 ^艮文的目的地址（ CE2的地址 ), 并将目的地址和源地址（CE1 的地址）封装在数据报文的报文头。 CE1设备与 MPLS L2VPN网络中的 PE1 ( Provider Edge, 运营商边缘设备）直接相连， CE1设备将数据报文发送到 PE1设备上，所述 PE1设备根据数据报文中目的地址和源地址信息，查找二层 FIB ( Forwarding Information Table, 转发信息表）表项，找到数据报文在 MPLS L2VPN网络中传输的终结设备 PE2, PE1设备根据在二层 FIB表项中查找到的 PE1设备到终结设备 PE2的路由信息为数据报文封装内层标签（ N2为内层标签）和外层标签（ W2为外层标签）。数据报文根据外层标签在 MPLS L2VPN网络内通过 P ( Provider, 骨干网核心路由器）设备进行交换，形成一条 PE1设备到终结设备 PE2的 PW (伪线），该 PW指示从源 PE1设备到终结设备 PE2的一条标签交换路径，数据报文利用外层标签，沿标签交换路径到达终结设备 PE2, 所述终结设备 PE2接收到数据报文后，根据数据报文的外层标签查找 ILM ( Incoming Label Map,入标签映射表 ) 表项，查到跳出信息，剥去外层标签，根据内层标签继续查找 ILM表项，查到跳出信息，剥去内层标签。当两层标签都剥去以后会查到二层终结标志， 1. Transmission process of data packets in an MPLS L2VPN network. The CE1 device saves the user's routing table, and the CE1 device has the function of maintaining the routing table. Before sending the data packet (the PDU shown in Figure 1), the CE1 device knows the destination address of the data (the address of CE2), and encapsulates the destination address and the source address (the address of CE1) in the data packet. Head. The CE1 device is directly connected to the PE1 (the Provider Edge) of the MPLS L2VPN network. The CE1 device sends the data packet to the PE1. The PE1 device searches for the destination address and source address information in the data packet. The second-layer FIB (Forwarding Information Table) entry finds the terminating device PE2 that the data packet is transmitted on the MPLS L2VPN network. The PE1 device searches for the PE1 device to the terminating device PE2 in the Layer 2 FIB entry. The routing information encapsulates the inner label (N2 is the inner label) and the outer label (the outer label is W2) for the data packet. Data message The PW (pseudowire) of the PE1 device to the terminating device PE2 is formed by the P (the Provider, the backbone network core router) device in the MPLS L2VPN network. The PW indicates the source PE1 device to the terminating device PE2. A label switching path, the data packet uses the outer label, and reaches the final device PE2 along the label switching path. After receiving the data packet, the final device PE2 searches for the ILM (Incoming Label Map, according to the outer label of the data packet. Tag mapping table) The entry, find the bounce message, strip the outer tag, continue to search for the ILM entry according to the inner tag, find the bounce message, and strip the inner tag. When the two layers of labels are stripped, the second-level termination mark will be found.

2、数据报文在 MPLS L2VPN网络和 MPLS L3VPN网络之间的传输过程。 MPLS L2VPN网络的终结设备 PE2与 MPLS L3VPN网络的接入设备 PE3之间通过一根物理线路直接相连接。 MPLS L2VPN网络的终结设备 PE2将数据报文从 MPLS L2VPN网络中弹出后，数据报文被直接发送到 MPLS L3VPN 网络的接入设备 PE3上。 2. The transmission process of data packets between the MPLS L2VPN network and the MPLS L3VPN network. The terminating device of the MPLS L2VPN network PE2 is directly connected to the access device PE3 of the MPLS L3VPN network through a physical line. The terminating device of the MPLS L2VPN network After PE2 pops the data packet from the MPLS L2VPN network, the data packet is directly sent to the access device PE3 of the MPLS L3VPN network.

3、数据报文在 MPLS L3VPN网络中的传输过程。 MPLS L3VPN网络的接入设备 PE3根据数据报文中目的地址和源地址信息，查找三层 FIB表项，找到 MPLS L3VPN网络中与数据报文中的目的地址（ CE2地址 )直接相连的 PE4设备， PE3设备根据在三层 FIB表项中查找到的 PE3设备到 PE4设备的路由信息为数据报文封装内层标签（N3为内层标签）和外层标签（W3为外据报文发送到 PE4设备后， PE4设备剥去数据报文的两层标签，从报文头中取出目的地址，在 FIB表项中查找数据报文转发路径，将数据报文转发给 CE2 设备。 3. The transmission process of data packets in the MPLS L3VPN network. The access device PE3 of the MPLS L3VPN network searches for the Layer 3 FIB entry based on the destination address and the source address information in the data packet, and finds the PE4 device directly connected to the destination address (CE2 address) in the data packet in the MPLS L3VPN network. The PE3 encapsulates the inner label (N3 is the inner label) and the outer label according to the routing information of the PE3 device to the PE4 device, which is found in the Layer 3 FIB entry. The W3 sends the packet to the PE4. After the device, the PE4 device strips the two-layer label of the data packet, removes the destination address from the packet header, and searches for the data packet forwarding path in the FIB entry to forward the data packet to the CE2 device.

在 MPLS L2VPN网络中，如果接入的是 BRAS (宽带远程接入服务器 ) 用户，则只需要将 MPLS L3VPN网络中的接入设备 PE3换成 BRAS设备，在 BRAS设备上除了需要根据用户信息进行认证管理之外，其他步骤与接入设备为 CE1的情况相同，即可实现 MPLS L2VPN网络和 MPLS L3VPN网络之间的互联。 In the MPLS L2VPN network, if the BRAS (Broadband Remote Access Server) user is connected, only the access device PE3 in the MPLS L3VPN network needs to be replaced with the BRAS device. In addition to the user information, the BRAS device needs to be authenticated. In addition to the management, the other steps are the same as the case where the access device is CE1, and the MPLS L2VPN network and the MPLS L3VPN network can be realized. Interconnection.

在实现本发明的过程中，发明人发现，现有技术至少存在如下问题：上述实现二层网络与三层网络互联的方法，是在 MPLS L2VPN 网络和 MPLS L3VPN网络之间通过 PE2和 PE3两台运营商边缘设备连接，从而达到 MPLS L2VPN网络和 MPLS L3VPN网络衔接的目的，釆用该方法会造成二层网络和三层网络衔接时组网成本高、组网灵活性和可靠性差等问题。发明内容 In the process of implementing the present invention, the inventor has found that at least the following problems exist in the prior art: The foregoing method for interconnecting a Layer 2 network and a Layer 3 network is to pass two PE2 and PE3 between the MPLS L2VPN network and the MPLS L3VPN network. The edge device of the carrier is connected to achieve the connection between the MPLS L2VPN network and the MPLS L3VPN network. This method may cause high networking costs, poor networking flexibility, and poor reliability when the Layer 2 network and the Layer 3 network are connected. Summary of the invention

一方面，本发明的实施例提供一种衔接二层网络和三层网络的通讯方法，该通讯方法使数据报文在二层网络和三层网络之间进行正常交换的概率提高。 In one aspect, an embodiment of the present invention provides a communication method for connecting a Layer 2 network and a Layer 3 network, and the communication method increases the probability of normal exchange of data packets between the Layer 2 network and the Layer 3 network.

本发明的实施例釆用的技术方案包括： The technical solutions adopted by the embodiments of the present invention include:

一种衔接二层网络和三层网络的通讯方法，包括如下步骤： A communication method for connecting a Layer 2 network and a Layer 3 network, comprising the following steps:

第一虚拟接口接收数据报文； The first virtual interface receives the data packet;

根据所述数据报文中的虚拟接口标识，查找二三层虚拟接口绑定映射表，获得对应的第二虚拟接口； And searching for the second and third layer virtual interface binding mapping table according to the virtual interface identifier in the data packet, to obtain a corresponding second virtual interface;

从所述第二虚拟接口转发所述数据报文；其中， Forwarding the data packet from the second virtual interface;

当所述第一虚拟接口是二层虚拟接口时，所述第二虚拟接口是三层虚拟接口，相应地，所述虚拟接口标识是二层虚拟接口标识； When the first virtual interface is a Layer 2 virtual interface, the second virtual interface is a Layer 3 virtual interface, and the virtual interface identifier is a Layer 2 virtual interface identifier.

当所述第一虚拟接口是三层虚拟接口时，所述第二虚拟接口是二层虚拟接口，相应地，所述虚拟接口标识是三层虚拟接口标识。 When the first virtual interface is a Layer 3 virtual interface, the second virtual interface is a Layer 2 virtual interface, and correspondingly, the virtual interface identifier is a Layer 3 virtual interface identifier.

本发明实施例提供的通讯方法，在二层网络和三层网络之间使用一台终结接入设备，进行数据报文在二层网络和三层网络之间的交换，相对于现有技术减少了网间通讯的故障点，提高了组网的灵活性，简化了数据报文在网间通讯的过程，从而提高了网间通讯的可靠性。 The communication method provided by the embodiment of the present invention uses a terminating access device between the Layer 2 network and the Layer 3 network to exchange data packets between the Layer 2 network and the Layer 3 network, which is reduced compared with the prior art. The fault point of the inter-network communication improves the flexibility of the networking and simplifies the process of data packet communication between the networks, thereby improving the reliability of the communication between the networks.

另一方面，本发明的实施例提供一种衔接二层网络和三层网络的通讯装置，使二层网络和三层网络的衔接结构简单，数据报文通过该通讯装置在二层网络和三层网络之间进行正常交换的概率提高。 On the other hand, an embodiment of the present invention provides a communication device that connects a Layer 2 network and a Layer 3 network, so that the connection structure between the Layer 2 network and the Layer 3 network is simple, and the data packet passes through the communication device. The probability of normal exchange between the layer network and the layer 3 network is increased.

一种衔接二层网络和三层网络的通讯装置，包括： A communication device connecting a layer 2 network and a layer 3 network, comprising:

至少一个第一虚拟接口（201 ), 用于接收数据报文； At least one first virtual interface (201), configured to receive a data message;

至少一个第二虚拟接口（202 ), 用于发送数据报文； At least one second virtual interface (202) for transmitting a data message;

二三层虚拟接口绑定映射表（203 ), 用于存储第一虚拟接口标识和第二虚拟接口标识的对应关系，以及， The second and third layer virtual interface binding mapping table (203) is configured to store a correspondence between the first virtual interface identifier and the second virtual interface identifier, and

查找单元（204 ), 用于根据所述第一虚拟接口（201 )接收到的数据报文中的虚拟接口标识，查找二三层虚拟接口绑定映射表（203 ), 获得相应的第二虚拟接口标识，将所述第一虚拟接口（201 )接收到的数据报文发送到所述第二虚拟接口标识对应的第二虚拟接口（ 202 )上；其中， The searching unit (204) is configured to search the virtual interface identifier in the data packet received by the first virtual interface (201), and search the second and third layer virtual interface binding mapping table (203) to obtain a corresponding second virtual An interface identifier, where the data packet received by the first virtual interface (201) is sent to the second virtual interface (202) corresponding to the second virtual interface identifier;

当所述第一虚拟接口是二层虚拟接口时，所述第二虚拟接口是三层虚拟接口，相应地，所述虚拟接口标识是第一虚拟接口标识，该第一虚拟接口标识是二层虚拟接口标识； When the first virtual interface is a Layer 2 virtual interface, the second virtual interface is a Layer 3 virtual interface, and the virtual interface identifier is a first virtual interface identifier, and the first virtual interface identifier is a second layer. Virtual interface identifier;

当所述第一虚拟接口是三层虚拟接口时，所述第二虚拟接口是二层虚拟接口，相应地，所述虚拟接口标识是第二虚拟接口标识，该第二虚拟接口标识是三层虚拟接口标识。 When the first virtual interface is a Layer 3 virtual interface, the second virtual interface is a Layer 2 virtual interface, and the virtual interface identifier is a second virtual interface identifier, and the second virtual interface identifier is a third layer. Virtual interface ID.

本发明实施例提供的通讯装置，在二层网络和三层网络之间使用一台终结接入设备，进行数据报文在二层网络和三层网络之间的交换，相对于现有技术减少了网间通讯的故障点，提高了组网的灵活性，简化了数据报文在网间通讯的过程，从而提高了网间通讯的可靠性，并且节省了一台网络设备，节约了硬件成本。 The communication device provided by the embodiment of the present invention uses a terminating access device between the Layer 2 network and the Layer 3 network to exchange data packets between the Layer 2 network and the Layer 3 network, which is reduced compared with the prior art. The fault point of the communication between the networks improves the flexibility of the networking, simplifies the process of data packet communication between the networks, thereby improving the reliability of the communication between the networks, and saving one network device, thereby saving hardware costs. .

再一方面，本发明的实施例提供一种衔接二层网络和三层网络的***，该***使二层网络和三层网络的衔接结构简单，节约了硬件成本，并且提高了数据报文在二层网络和三层网络之间进行正常交换的概率。 In another aspect, an embodiment of the present invention provides a system for connecting a Layer 2 network and a Layer 3 network, which makes the connection structure of the Layer 2 network and the Layer 3 network simple, saves hardware costs, and improves data packets. The probability of normal exchange between a Layer 2 network and a Layer 3 network.

本发明的实施例釆用的技术方案包括：一种衔接二层网络和三层网络的***，包括一台终结接入设备、第一用户设备和第二用户设备；其中， The technical solutions adopted by the embodiments of the present invention include: A system for connecting a Layer 2 network and a Layer 3 network, including a terminating access device, a first user equipment, and a second user equipment;

所述终结接入设备是二层网络或者三层网络的运营商边缘设备 PE, 所述第一用户设备和第二用户设备与所述终结接入设备相连； The terminating access device is a carrier edge device PE of a Layer 2 network or a Layer 3 network, and the first user equipment and the second user equipment are connected to the terminating access device;

所述第一用户设备，用于向所述终结接入设备发送数据报文； The first user equipment is configured to send a data packet to the terminating access device;

所述终结接入设备，用于从第一虚拟接口接收所述第一用户设备发送的数据报文，根据该数据报文中的虚拟接口标识，查找二三层虚拟接口绑定映射表，获得对应的第二虚拟接口，将所述数据报文通过所述第二虚拟接口发送出去； The terminating access device is configured to receive a data packet sent by the first user equipment from the first virtual interface, and search for a Layer 2 and Layer 3 virtual interface binding mapping table according to the virtual interface identifier in the data packet, Corresponding the second virtual interface, sending the data packet to the second virtual interface;

所述第二用户设备，用于接收所述终结接入设备发送的数据报文，其中，当所述第一用户设备位于所述二层网络时，所述第二用户设备位于所述三层网络，相应地，所述第一虚拟接口和所述第二虚拟接口分别是二层虚拟接口和三层虚拟接口，所述虚拟接口标识是二层虚拟接口标识； The second user equipment is configured to receive the data packet sent by the terminating access device, where the second user equipment is located in the third layer when the first user equipment is located in the layer 2 network The network, the first virtual interface and the second virtual interface are respectively a Layer 2 virtual interface and a Layer 3 virtual interface, and the virtual interface identifier is a Layer 2 virtual interface identifier;

当所述第一用户设备位于所述三层网络时，所述第二用户设备位于所述二层网络，相应地，所述第一虚拟接口和所述第二虚拟接口分别是三层虚拟接口和二层虚拟接口，所述虚拟接口标识是三层虚拟接口标识。 When the first user equipment is located in the Layer 3 network, the second user equipment is located in the Layer 2 network, and correspondingly, the first virtual interface and the second virtual interface are respectively a three-layer virtual interface. And the Layer 2 virtual interface, where the virtual interface identifier is a Layer 3 virtual interface identifier.

本发明实施例提供的***，只需要在二层网络和三层网络之间使用一台终结接入设备，就可以实现二层网络与三层网络的互联，该终结接入设备既可以作为二层网络的终结设备，又可以作为三层网络的接入设备，相对于现有技术节省了一台网络设备，从而降低了组网成本，并且提高了组网的灵活性，并且由于仅需使用一台终结接入设备就可以实现二层网络和三层网络的通讯，相对于现有技术减少了网间通讯的故障点，简化了数据报文在网间通讯的过程，从而提高了网间通讯的可靠性；同时，可以对用户数据报文进行有效的层次化 QOS (服务质量）调度。 The system provided by the embodiment of the present invention can interconnect the Layer 2 network and the Layer 3 network by using a terminating access device between the Layer 2 network and the Layer 3 network. The terminating access device can serve as the second The terminating device of the layer network can also serve as the access device of the Layer 3 network, which saves one network device compared with the prior art, thereby reducing the networking cost, and improving the flexibility of the networking, and since only needs to be used. A terminal access device can realize communication between the Layer 2 network and the Layer 3 network, which reduces the fault point of the network communication compared with the prior art, and simplifies the process of data packet communication between the networks, thereby improving the network space. Communication reliability; At the same time, effective hierarchical QOS (Quality of Service) scheduling can be performed on user data messages.

附图说明 DRAWINGS

图 1为现有技术中 MPLS L2VPN网络和 MPLS L3VPN网络的衔接方式示意图； Figure 1 shows the connection between the MPLS L2VPN network and the MPLS L3VPN network in the prior art. Schematic diagram

图 2为本发明实施例的衔接二层网络和三层网络的通讯装置示意图；图 3为本发明的实施例通过一台终结接入设备衔接 MPLS L2VPN网络和 MPLS L3VPN网络的示意图； 2 is a schematic diagram of a communication device connecting a Layer 2 network and a Layer 3 network according to an embodiment of the present invention; FIG. 3 is a schematic diagram of connecting an MPLS L2VPN network and an MPLS L3VPN network through a terminating access device according to an embodiment of the present invention;

图 4为图 3所示的终结接入设备的放大示意图； 4 is an enlarged schematic view of the terminating access device shown in FIG. 3;

图 5为使用本发明实施例提供的技术方案在 MPLS L2VPN网络和 L2TP 隧道所在的三层 IP公网衔接通讯的示意图。 FIG. 5 is a schematic diagram of the communication between the MPLS L2VPN network and the Layer 3 IP public network where the L2TP tunnel is located, using the technical solution provided by the embodiment of the present invention.

具体实施方式 detailed description

现有技术通过一根物理线路将二层网络的终结设备和三层网络的接入设备相连，以达到衔接二层网络和三层网络的目的，为达到该目的，本发明的实施例釆用的技术方案是： The prior art connects the termination device of the Layer 2 network to the access device of the Layer 3 network through a physical line to achieve the purpose of connecting the Layer 2 network and the Layer 3 network. To achieve the purpose, the embodiment of the present invention uses The technical solution is:

与该通讯方法相对应，本发明的实施例还提供一种衔接二层网络和三层网络的通讯装置，如图 2所示，该通讯装置包括： Corresponding to the communication method, the embodiment of the present invention further provides a communication device that connects the Layer 2 network and the Layer 3 network. As shown in FIG. 2, the communication device includes:

二三层虚拟接口绑定映射表（203 ), 用于存储第一虚拟接口标识和第二虚拟接口标识的对应关系，以及，查找单元（204 ), 用于根据所述第一虚拟接口（201 )接收到的数据报文中的虚拟接口标识，查找二三层虚拟接口绑定映射表（203 ), 获得相应的第二虚拟接口标识，将所述第一虚拟接口（201 )接收到的数据报文发送到所述第二虚拟接口标识对应的第二虚拟接口（ 202 )上；其中， The second and third layer virtual interface binding mapping table (203) is configured to store a correspondence between the first virtual interface identifier and the second virtual interface identifier, and The searching unit (204) is configured to search the virtual interface identifier in the data packet received by the first virtual interface (201), and search the second and third layer virtual interface binding mapping table (203) to obtain a corresponding second virtual An interface identifier, where the data packet received by the first virtual interface (201) is sent to the second virtual interface (202) corresponding to the second virtual interface identifier;

进一步地，所述通讯装置还可以包括映射单元（图 2中未视出）；所述映射单元，用于将所述至少一个第一虚拟接口（201 )映射到第一物理接口；将所述至少一个第二虚拟接口（202 ) 映射到第二物理接口； Further, the communication device may further include a mapping unit (not shown in FIG. 2); the mapping unit is configured to map the at least one first virtual interface (201) to the first physical interface; At least one second virtual interface (202) is mapped to the second physical interface;

所述至少一个第一虚拟接口（201 )通过所述第一物理接口接收数据报文；所述至少一个第二虚拟接口（ 202 )通过所述第二物理接口发送数据报文。本发明实施例在二层网络和三层网络之间使用一台终结接入设备，进行数据报文在二层网络和三层网络之间的交换，相对于现有技术减少了网间通讯的故障点，提高了组网的灵活性，简化了数据报文在网间通讯的过程，从而提高了网间通讯的可靠性，并且节省了一台网络设备，节约了硬件成本。 The at least one first virtual interface (201) receives a data packet by using the first physical interface; and the at least one second virtual interface (202) sends a data packet by using the second physical interface. In the embodiment of the present invention, a terminating access device is used between the Layer 2 network and the Layer 3 network to exchange data packets between the Layer 2 network and the Layer 3 network, and the network communication is reduced compared with the prior art. The fault point improves the flexibility of the networking and simplifies the process of data packet communication between the networks, thereby improving the reliability of the communication between the networks, and saving one network device, thereby saving hardware costs.

为了使本发明实施例的目的、方案以及效果更加清楚，下面结合附图对本发明方案的实施方式进行详细描述： In order to make the objects, aspects and effects of the embodiments of the present invention more clear, the embodiments of the present invention are described in detail below with reference to the accompanying drawings:

在本实施例中 ,二层网络为 MPLS L2VPN网络，三层网络为 MPLS L3VPN 网络。下面以 MPLS L2VPN网络和 MPLS L3VPN网络之间的通信为例进行说明。 In this embodiment, the Layer 2 network is an MPLS L2VPN network, and the Layer 3 network is an MPLS L3VPN network. The following takes the communication between the MPLS L2VPN network and the MPLS L3VPN network as an example.

如图 3所示，在 MPLS L2VPN网络和 MPLS L3VPN网络之间建立一台终结接入设备，在所述终结接入设备上建立两个虚拟接口，其中一个虚拟接口为二层虚拟接口 , 所述二层虚拟接口通过 PW (伪线）与 MPLS L2VPN网络对端的 PE1设备相连接，另一个虚拟接口为三层虚拟接口，所述三层虚拟接口与 MPLS L3VPN网络对端的 PE2设备相连接。所述 MPLS L2VPN网络和 MPLS L3VPN网络之间建立的终结接入设备，同时充当了图 1所示 MPLS L2VPN网络的终结设备 PE2和 MPLS L3VPN网络的接入设备 PE3。所述终结接入设备可以使数据报文正常地在二层网络和三层网络之间通讯，并且，相对于现有技术节省了一台 PE设备。 As shown in Figure 3, a terminating access device is established between the MPLS L2VPN network and the MPLS L3VPN network, and two virtual interfaces are established on the terminating access device, one of which is virtualized. The interface is a Layer 2 virtual interface. The Layer 2 virtual interface is connected to the PE1 device at the peer end of the MPLS L2VPN network through the PW (pseudowire), and the other virtual interface is a Layer 3 virtual interface. The Layer 3 virtual interface and the MPLS L3VPN network. The peer PE2 device is connected. The terminating access device established between the MPLS L2VPN network and the MPLS L3VPN network serves as the terminating device PE2 of the MPLS L2VPN network and the access device PE3 of the MPLS L3VPN network. The terminating access device can enable data packets to communicate normally between the Layer 2 network and the Layer 3 network, and saves one PE device compared to the prior art.

如图 4 所示，所述终结接入设备的两个虚拟接口类型均为 VE ( Virtual Ethernet, 虚拟以太接口）。该 VE接口是广播类型的接口，可以进行 ARP (地址解析协议）学习。在实际通讯中，该 VE接口映射到对应的物理接口 , 通过物理接口实现接收和发送数据报文，所述虚拟接口实现对数据报文接收和发送的控制作用。 As shown in Figure 4, the two virtual interface types of the terminating access device are VE (Virtual Ethernet). The VE interface is a broadcast type interface and can perform ARP (Address Resolution Protocol) learning. In the actual communication, the VE interface is mapped to the corresponding physical interface, and the physical interface is used to receive and send data packets. The virtual interface implements the control function for receiving and sending data packets.

图 4所示的一个虚拟接口为 MPLS L2VPN网络的接口，用 VE1表示；另一个虚拟接口为 MPLS L3VPN网络的接口，用 VE2表示。 VE1接口没有子接口，所述 VE1接口可以直接接入 CE路由器，也可以直接接入 BRAS用户； VE2接口可以包括多个子接口，所述 VE2接口的子接口根据接入用户类型不同，可以分为 CE路由器接入接口和 BRAS用户的接入接口。 The virtual interface shown in Figure 4 is the interface of the MPLS L2VPN network and is represented by VE1. The other virtual interface is the interface of the MPLS L3VPN network, which is represented by VE2. The VE1 interface has no sub-interfaces. The VE1 interface can directly access the CE router or directly access the BRAS user. The VE2 interface can include multiple sub-interfaces. The sub-interfaces of the VE2 interface can be classified according to different types of access users. CE router access interface and access interface of BRAS users.

两个虚拟接口 VE1和 VE2组成一对，具有相对应的的标识。为 VE1接口配置标识，为 VE2接口配置与 VE1接口相对应的的标识，根据标识可以将两个虚拟接口 VE1和 VE2关联起来，将所述用于关联 VE1和 VE2接口的标识存储到二三层虚拟接口绑定映射表中。当 VE2接口包括多个子接口时，为每个子接口配置与 VE1接口标识相对应的的标识，例如： VE2包括 4个子接口， VE1的标识为 5 , 为 VE2的每个子接口配置的标识也为 5; VE1和每个子接口之间存在对应关系。 Two virtual interfaces VE1 and VE2 form a pair with corresponding identifiers. Configure an identifier for the VE1 interface, and configure an identifier corresponding to the VE1 interface for the VE2 interface. You can associate the two virtual interfaces VE1 and VE2 according to the identifier, and store the identifiers used to associate the VE1 and VE2 interfaces to Layer 2 and Layer 3. The virtual interface is bound in the mapping table. When the VE2 interface includes multiple sub-interfaces, configure the identifier corresponding to the VE1 interface identifier for each sub-interface. For example, VE2 includes four sub-interfaces, VE1 has a label of 5, and each sub-interface of VE2 has an identifier of 5 ; There is a correspondence between VE1 and each subinterface.

为了通过一个二层网络^奸接多个三层网络，在该二层网络边缘设置一个终结接入设备，在该终结接入设备上建立至少一对虚拟接口，每对虚拟接口之间通过标识进行关联，各对虚拟接口之间的标识不相对应，在每对虚拟接口中一个虚拟接口连接二层网络，另一个虚拟接口连接三层网络。每个连接三层网络的虚拟接口可以包括一个以上的子接口。为每个子接口配置相对应的标识，在每对虚拟接口中，每个连接二层网络的虚拟接口和每个连接三层网络的子接口之间存在对应关系。如法炮制，通过一个三层网络也可以衔接多个二层网络。 To connect multiple Layer 3 networks through a Layer 2 network, set up a terminating access device at the edge of the Layer 2 network, and establish at least one pair of virtual interfaces on the terminating access device, each pair of virtual interfaces. The identifiers are associated with each other, and the identifiers of the pairs of virtual interfaces do not correspond. In each pair of virtual interfaces, one virtual interface is connected to the Layer 2 network, and the other virtual interface is connected to the Layer 3 network. Each virtual interface connected to a three-layer network may include more than one sub-interface. A corresponding identifier is configured for each sub-interface. In each pair of virtual interfaces, there is a correspondence between each virtual interface connected to the Layer 2 network and each sub-interface connected to the Layer 3 network. In the same way, multiple Layer 2 networks can be connected through a three-layer network.

本实施例通过在一台终结接入设备上构建虚拟接口的方法进行网络衔接，能够达到降低组网成本，提高组网的灵活性和可靠性的目的。 In this embodiment, the network connection is implemented by constructing a virtual interface on a terminating access device, which can reduce the networking cost and improve the flexibility and reliability of the networking.

在 MPLS L2VPN网络中， VE1接口所在的终结接入设备可以直接与接入用户相连，也可以通过远端 PE设备与接入用户相连。所述接入用户可以为 CE接入用户，也可以为 BRAS接入用户。 On an MPLS L2VPN network, the terminating access device on which the VE1 interface resides can be directly connected to the access user or connected to the access user through the remote PE device. The access user may be a CE access user or a BRAS access user.

在 MPLS L2VPN网络中，远端 PE设备与终结接入设备之间通过 PW (伪当 PW状态 up (开启）时候，该 VE1接口状态开启；当 VE1接口状态开启时， VE1 接口将该接口配置的标识下发到二三层虚拟接口绑定映射表中，并且将 MPLS L2VPN网络的终结标志下发到 ILM ( Incoming Label Map, 入标签映射表）表项中。 On the MPLS L2VPN network, the remote PE device and the terminating access device pass the PW. (When the PW state is up, the VE1 interface is enabled. When the VE1 interface is enabled, the VE1 interface is configured with the interface. The identifier is sent to the Layer 2 and Layer 3 virtual interface binding mapping table, and the MPLS L2VPN network termination flag is sent to the ILM (Incoming Label Map) entry.

在 MPLS L3VPN网络中， VE2接口可以直接与接入用户相连，也可以通过远端 PE设备与接入用户相连。所述接入用户可以为 CE接入用户，也可以为 BRAS接入用户。 On an MPLS L3VPN network, the VE2 interface can be directly connected to the access user or connected to the access user through the remote PE device. The access user may be a CE access user or a BRAS access user.

在 MPLS L3VPN网络中，如果所述 VE2接口接入的是 CE用户，则需要为该 VE2接口配置路由协议；如果所述 VE2接口接入的是 BRAS用户，则该 VE2接口要配置 BRAS用户接入和认证方式。为了实现组播功能，可以为 CE 路由器或 BRAS个人用户配置组播协议。 In the MPLS L3VPN network, if the VE2 interface is a CE user, you need to configure a routing protocol for the VE2 interface. If the VE2 interface is a BRAS user, the VE2 interface must be configured with BRAS user access. And authentication method. To implement multicast, you can configure a multicast protocol for a CE router or a BRAS individual user.

通过在 VE2接口和 CE路由器上的接入接口之间启用组播路由协议，并且将组播源设置在上行三层 IP公网中，就可以实现将组播流量复制到 VE2接口，从而实现传输组播数据的能力。所述传输组播数据的具体步骤为：首先进行用户组播报文的二层信息封装（源 MAC是 VE2接口的 MAC,目的 MAC 是和组播 IP对应的组播 MAC ) , 接着进行组播报文的两层标签封装，并将封装好的组播报文发送出去；再进行外层隧道的二层信息封装，这个和单播处理一样；如果在 CE设备相连的三层 IP公网连结有组播源，则终结接入设备接收的组播数据需要弹去两层标签，再根据 VE2接口做组播的 RPF (逆向路径转发）检查，接着进行普通的组播流量复制处理。 CE设备可以作为三层 IP 公网或者某个 MPLS L3VPN网络实例的组播路由器， MVPN (移动虚拟专用网 )可以釆用 Multicast Domain (组播域）、 VPN-IP PIM (虚拟专用网和 IP网之间的协议无关组播）、 MD using PIM NBMA techniques (使用协议无关组播非广播多通路网络技术的组播域）等任意技术进行构建。 By enabling the multicast routing protocol between the VE2 interface and the access interface on the CE router, and setting the multicast source on the uplink Layer 3 IP public network, you can copy the multicast traffic to the VE2 interface. Port, thus enabling the ability to transmit multicast data. The specific steps of transmitting the multicast data are as follows: First, the Layer 2 information encapsulation of the user multicast packet is performed (the source MAC is the MAC of the VE2 interface, the destination MAC is the multicast MAC corresponding to the multicast IP), and then the multicast is performed. The two-layer label of the packet is encapsulated, and the encapsulated multicast packet is sent out. The Layer 2 information encapsulation of the outer tunnel is performed. This is the same as the unicast processing. If the three-layer IP public network connection is connected to the CE device. If there is a multicast source, the multicast data received by the access device needs to be removed from the two-layer label. Then, the VP2 interface performs multicast RPF (reverse path forwarding) check, and then performs normal multicast traffic replication. The CE device can function as a Layer 3 IP public network or a multicast router of an MPLS L3VPN network instance. MVPN (Mobile Virtual Private Network) can use Multicast Domain, VPN-IP PIM (Virtual Private Network and IP Network). Any protocol, such as protocol-independent multicast, MD using PIM NBMA techniques (multicast domain using protocol-independent multicast non-broadcast multi-path network technology).

在 MPLS L3VPN网络中，由于 PE设备负责保存并维护路由表，所以需要对 VE2接口配置路由协议和虚拟 MAC地址。因此， VE2接口状态不仅取决于 PW状态（开启 /关闭 ), 还取决于 VE2接口的协议状态（开启 /关闭）。 On an MPLS L3VPN network, the PE device is responsible for saving and maintaining the routing table. Therefore, you need to configure the routing protocol and virtual MAC address for the VE2 interface. Therefore, the VE2 interface status depends not only on the PW status (on/off) but also on the protocol status (on/off) of the VE2 interface.

当 PW状态 up (开启）时候，该 VE2接口的物理状态开启； VE2接口的协议状态取决于该接口是否配置 IP地址、该接口是否开启、该接口对应的 PW 状态是否 up。只有当 VE2接口配置有 IP地址、该接口开启，并且该接口所对应的 PW状态为开启状态时， VE2接口的协议状态才能够开启。只有当 VE2 接口的物理状态和协议状态同时开启时，该 VE2接口状态才为开启。当 VE2 接口状态开启时， VE2接口将该接口配置的标识下发到二三层虚拟接口绑定映射表中，并且，为下一跳节点配置路由： When the PW state is up, the physical state of the VE2 interface is enabled. The protocol state of the VE2 interface depends on whether the interface is configured with an IP address, whether the interface is enabled, and whether the PW state of the interface is up. The protocol status of the VE2 interface can be enabled only when the VE2 interface is configured with an IP address, the interface is enabled, and the PW status of the interface is enabled. The VE2 interface status is enabled only when the physical state and protocol status of the VE2 interface are enabled at the same time. When the VE2 interface is enabled, the VE2 interface sends the ID of the interface to the Layer 2 and Layer 3 virtual interface binding mapping table, and configures the route for the next hop node:

1 )当 VE2接口用于接入远端 CE路由器时，则此时动态路由协议状态才可能协商成功，或者当 VE2接口用于接入的是静态路由时，则此时静态路由才能够变为活跃； 2 ) 当 VE2接口作为 BRAS个人用户接入接口时，则此时才能够进行用户接入的协议状态协商，如 PPPOE (以太网上的点对点协议）、 DHCP (动态主机分配协议）等协议报文，用户认证接入成功之后，在终结接入设备上会生成到达 BRAS用户和 VE2接口之间的路由关系。 1) When the VE2 interface is used to access the remote CE router, the dynamic routing protocol status may be negotiated successfully, or when the VE2 interface is used to access the static route, the static route can be changed. Active; 2) When the VE2 interface is used as the BRAS personal user access interface, protocol status negotiation for user access, such as PPPOE (point-to-point protocol over Ethernet) and DHCP (Dynamic Host Assignment Protocol) protocol, can be performed at this time. After the user authentication is successfully accessed, the terminal is terminated. The routing relationship between the BRAS user and the VE2 interface is generated on the device.

当 VE2接口要和远端 PE设备上的 CE路由器进行数据报文传输时，所述 VE2接口和 CE路由器需要具有 MAC地址学习能力，所述 VE2接口学习远端 PE设备上的 CE路由器接口的 MAC地址，远端 CE路由器也要学习 VE2 接口的虚拟 MAC地址。在 MPLS L3VPN网络中，数据报文从 VE2接口传送到远端 PE设备上的 CE路由器的过程为： VE2接口根据数据报文中目的地址和源地址信息，查找三层 FIB表项，找到 MPLS L3VPN网络中与数据报文中的目的地址直接相连的 PE设备，所述 VE2接口根据在 FIB表项中查找到的 VE2接口到远端 PE设备的路由信息为数据报文封装内层标签和外层标签，数据报文根据外层标签从所述 VE2接口传输到远端的 PE设备上，再由远端的 PE设备根据数据报文的内层标签将所述数据传输到所述 CE路由器上。在 MPLS L3VPN网络中，所述 VE2接口和远端 PE上的 CE路由器接入接口 , 相当于直接相连的接口。 The VE2 interface and the CE router need to have the MAC address learning capability when the VE2 interface is to be transmitted with the CE router on the remote PE device. The VE2 interface learns the MAC address of the CE router interface on the remote PE device. Address, the remote CE router should also learn the virtual MAC address of the VE2 interface. In the MPLS L3VPN network, the process of transmitting data packets from the VE2 interface to the CE router on the remote PE device is as follows: The VE2 interface searches for the Layer 3 FIB entry and finds the MPLS L3VPN based on the destination address and source address information in the data packet. The PE device that is directly connected to the destination address in the data packet, the VE2 interface encapsulates the inner label and the outer layer of the data packet according to the routing information of the VE2 interface to the remote PE device found in the FIB entry. The data packet is transmitted from the VE2 interface to the remote PE device according to the outer label, and then the remote PE device transmits the data to the CE router according to the inner label of the data packet. In an MPLS L3VPN network, the VE2 interface and the CE router access interface on the remote PE are equivalent to directly connected interfaces.

通过上面的介绍，便于理解下面数据报文从 MPLS L2VPN网络到 MPLS L3VPN网络的数据才艮文转发过程和从 MPLS L3VPN网络到 MPLS L2VPN网络的数据报文转发过程。 Through the above description, it is easy to understand the following data packet forwarding process from the MPLS L2VPN network to the MPLS L3VPN network, and the data packet forwarding process from the MPLS L3VPN network to the MPLS L2VPN network.

上述两个过程的数据报文转发共同包括如下步骤： The data packet forwarding of the above two processes jointly includes the following steps:

VE1 ( VE2 )接口收到需要进行网间转发的数据报文的步骤； The VE1 (VE2) interface receives the data packet that needs to be forwarded by the network;

VE1 ( VE2 )接口在二三层虚拟接口绑定映射表中找到与 VE1 ( VE2 )接口标识对应的 VE2 ( VE1 )接口的步骤； The VE1 ( VE2 ) interface finds the VE2 ( VE1 ) interface corresponding to the VE1 ( VE2 ) interface identifier in the Layer 2 and Layer 3 virtual interface binding mapping table.

VE1 ( VE2 )接口将数据报文发送到 VE2 ( VE1 )接口的步骤。 The VE1 (VE2) interface sends data packets to the VE2 (VE1) interface.

数据才艮文从 MPLS L2VPN网络到 MPLS L3VPN网络的转发过程中 , VE1 接口在二三层虚拟接口绑定映射表中找到与 VE1接口标识对应的 VE2接口的步骤具体为： VE1接口根据内层 VPN标签查找 ILM ( Incoming Label Map, 入标签映射）表项（假设外层标签已经弹出 ), 发现有 MPLS L2VPN网络终结标志，从二三层虚拟接口绑定映射表中取出 VE1接口对应的标识；首先，根据 VE1接口对应的标识在二三层虚拟接口绑定映射表中找到该标识所对应的 VE2接口；然后，根据用户报文 VLAN (虚拟局域网）值查找 VE2子接口。数据报文的 VLAN值与 VE2子接口的对应关系需要在组网的时候建立起来，建立过程为：把值为 0的 VLAN匹配给 VE2第一个子接口，把值为 1的 VLAN 匹配给 VE2第二个子接口，把值为 2的 VLAN匹配给 VE2第三个子接口 , 依此类推，把值为 N(N为大于等于 0的整数)的 VLAN匹配给 VE2第 M(M为大于等于 1的整数)个子接口。 The VE1 interface finds the VE2 interface corresponding to the VE1 interface identifier in the MPLS L2VPN network to the MPLS L3VPN network. The VE1 interface finds the VE2 interface corresponding to the VE1 interface identifier in the Layer 2 and Layer 3 virtual interface binding mapping table. The tag finds the ILM (Incoming Label Map) entry (assuming the outer label has been ejected), and finds the MPLS L2VPN network termination flag. The VE1 interface corresponding identifier is removed from the Layer 2 and Layer 3 virtual interface binding mapping table. , The VE2 interface corresponding to the identifier is found in the Layer 2 and Layer 3 virtual interface binding mapping table according to the identifier corresponding to the VE1 interface. Then, the VE2 sub-interface is searched according to the user packet VLAN (Virtual Local Area Network) value. The mapping between the VLAN value of the data packet and the VE2 sub-interface needs to be established during the networking. The process is as follows: match the VLAN with the value 0 to the first sub-interface of VE2, and match the VLAN with the value 1 to the VE2. The second sub-interface matches the VLAN with the value 2 to the third sub-interface of VE2, and so on, and matches the VLAN with the value N (N is an integer greater than or equal to 0) to the VE2 M (M is greater than or equal to 1) Integer) subinterfaces.

由于在 MPLS L3VPN网络中， PE设备负责保存并维护路由信息，所以在 MPLS L3VPN网络到 MPLS L2VPN网络的数据报文转发过程中 , VE2接口在二三层虚拟接口绑定映射表中找到与 VE2接口标识对应的 VE1接口的步骤之后 ,还包括通过查找 FIB表项找到与 VE2接口的物理接口对应的 VE1接口的物理接口的步骤。 In the MPLS L3VPN network, the PE device is responsible for saving and maintaining the routing information. Therefore, during the data packet forwarding process from the MPLS L3VPN network to the MPLS L2VPN network, the VE2 interface finds the VE2 interface in the Layer 2 and Layer 3 virtual interface binding mapping table. After the step of identifying the corresponding VE1 interface, the method further includes the step of finding the physical interface of the VE1 interface corresponding to the physical interface of the VE2 interface by searching for the FIB entry.

根据内层标签查找 ILM表项，在 ILM表项中找到 VPN ID (虚拟专用网的值），然后拨去内层标签，露出三层 IP报文，根据目的 IP地址和 VPN ID 查找 FIB表项，得到 VE2子接口，接着根据目的 IP查找 ARP表项，获得目的用户 MAC,进行用户二层信息封装；接着根据 VE2子接口标识在二三层虚拟接口绑定映射表中查找对应的 VE1接口，并通过 VE1接口找到与之对应的 PW, 从而找到对应的两层标签和二层物理出接口，将已封装的二层信息再进行二层标签封装，从 VE1接口对应的 PW外层隧道出接口发送出去。 Find the ILM entry based on the inner label, find the VPN ID (the value of the virtual private network) in the ILM entry, and then dial the inner label to expose the Layer 3 IP packet. Search for the FIB entry based on the destination IP address and VPN ID. The VE2 sub-interface is obtained, and then the ARP entry is obtained according to the destination IP address, and the destination user MAC is obtained, and the user's Layer 2 information encapsulation is performed. Then, the VE1 interface is searched for in the Layer 2 and Layer 3 virtual interface binding mapping table according to the VE2 sub-interface identifier. The VP1 interface is used to find the corresponding PW, and the corresponding two-layer label and the second-layer physical outgoing interface are found. The encapsulated Layer 2 information is encapsulated in the Layer 2 label, and the PW outer tunnel outbound interface corresponding to the VE1 interface is used. Send it out.

本发明实施例只需要在二层网络和三层网络之间使用一台终结接入设备，就可以实现二层网络与三层网络的互联，该终结接入设备既可以作为二层网络的终结设备，又可以作为三层网络的接入设备，相对于现有技术节省了一台网络设备，从而降低了组网成本，并且提高了组网的灵活性，并且由于仅需使用一台终结接入设备就可以实现二层网络和三层网络的通讯，相对于现有技术减少了网间通讯的故障点，简化了数据报文在网间通讯的过程，从而提高了网间通讯的可靠性。本发明实施例同时还提供了一种衔接二层网络和三层网络的***，包括一台终结接入设备、第一用户设备和第二用户设备；其中， The embodiment of the present invention only needs to use a terminating access device between the Layer 2 network and the Layer 3 network to interconnect the Layer 2 network and the Layer 3 network. The terminating access device can serve as the end of the Layer 2 network. The device can also be used as an access device of the Layer 3 network, which saves one network device compared with the prior art, thereby reducing the networking cost, and improving the flexibility of the networking, and since only one termination is needed. The device can realize the communication between the Layer 2 network and the Layer 3 network, which reduces the fault point of the network communication compared with the prior art, simplifies the process of data packet communication between the networks, thereby improving the reliability of the communication between the networks. . The embodiment of the present invention further provides a system for connecting a Layer 2 network and a Layer 3 network, including a terminating access device, a first user equipment, and a second user equipment;

所述终结接入设备是二层网络或者三层网络的运营商边缘设备 PE, 所述第一用户设备和第二用户设备分别通过所述二层网络和三层网络与所述终结接入设备相连； The terminating access device is a carrier edge device PE of a Layer 2 network or a Layer 3 network, and the first user device and the second user device respectively use the Layer 2 network and the Layer 3 network to terminate the access device Connected

本发明实施例提供的***中，所述二层网络为多协议标签交换二层虚拟专用网；所述三层网络为多协议标签交换三层虚拟专用网。 In the system provided by the embodiment of the present invention, the layer 2 network is a multi-protocol label switching layer 2 virtual private network; and the layer 3 network is a multi-protocol label switching layer 3 virtual private network.

本发明实施例提供的***，只需要在二层网络和三层网络之间使用一台终结接入设备，就可以实现二层网络与三层网络的互联，该终结接入设备既可以作为二层网络的终结设备，又可以作为三层网络的接入设备，相对于现有技术节省了一台网络设备，从而降低了组网成本，并且提高了组网的灵活性，并且由于仅需使用一台终结接入设备就可以实现二层网络和三层网络的通讯，相对于现有技术减少了网间通讯的故障点，简化了数据报文在网间通讯的过程，从而提高了网间通讯的可靠性。本发明实施例还提供了一种衔接二层网络和三层网络的***。该***包括：客户端、 LAC (二层隧道协议访问集中器）和 LNS (二层隧道协议网络服务器）。所述客户端位于局域网内， LAC与 LNS均位于三层 IP公网边缘， LAC与客户端之间通过 PPP链路传递数据，在 LAC与 LNS之间通过 L2TP (二层隧道协议 )建立一条 PPP链路，使客户端与 LNS之间可以通过 PPP链路传递数据。 The system provided by the embodiment of the present invention can interconnect the Layer 2 network and the Layer 3 network by using a terminating access device between the Layer 2 network and the Layer 3 network. The terminating access device can serve as the second The terminating device of the layer network can also serve as the access device of the Layer 3 network, which saves one network device compared with the prior art, thereby reducing the networking cost, and improving the flexibility of the networking, and since only needs to be used. A terminal access device can realize communication between the Layer 2 network and the Layer 3 network, which reduces the fault point of the network communication compared with the prior art, and simplifies the process of data packet communication between the networks, thereby improving the network space. The reliability of communication. The embodiment of the invention further provides a system for connecting a layer 2 network and a layer 3 network. The system includes: client, LAC (Layer 2 Tunneling Protocol Access Concentrator) and LNS (Layer 2 Tunneling Protocol Network Server). The client is located in the local area network. The LAC and the LNS are located on the edge of the Layer 3 IP public network. The LAC and the client transmit data through the PPP link. The L2TP (Layer 2 Tunneling Protocol) establishes a PPP between the LAC and the LNS. The link enables the client and the LNS to pass data through the PPP link.

在本实施例中，二层网络为 MPLS L2VPN网络，三层网络为 L2TP隧道所在的三层 IP公网。 In this embodiment, the Layer 2 network is an MPLS L2VPN network, and the Layer 3 network is a Layer 3 IP public network where the L2TP tunnel is located.

如图 5所示，在 MPLS L2VPN网络和三层 IP公网之间建立一台终结接入设备，在所述终结接入设备上建立两个虚拟接口（假设接口类型均为 VE ), 其中一个虚拟接口为 MPLS L2VPN网络的接口 , 用于作为 MPLS L2VPN网络的 CE接口（VE1), 另一个虚拟接口为三层 IP公网的接口，用于作为三层 IP 公网的 BRAS接入接口（VE2)。 As shown in Figure 5, a terminating access device is established between the MPLS L2VPN network and the Layer 3 IP public network, and two virtual interfaces are established on the terminating access device (assuming the interface type is VE), one of which is The virtual interface is the interface of the MPLS L2VPN network and is used as the CE interface (VE1) of the MPLS L2VPN network. The other virtual interface is the interface of the Layer 3 IP public network. It is used as the BRAS access interface of the Layer 3 IP public network (VE2). ).

两个虚拟接口 VE1和 VE2组成一对，具有相对应的的标识。为 VE1接口配置标识，为 VE2接口配置与 VE1接口相对应的的标识，根据标识可以将两个虚拟接口 VE1和 VE2关联起来，将所述用于关联 VE1和 VE2接口的标识存储到二三层虚拟接口绑定映射表中。 Two virtual interfaces VE1 and VE2 form a pair with corresponding identifiers. Configure an identifier for the VE1 interface, and configure an identifier corresponding to the VE1 interface for the VE2 interface. You can associate the two virtual interfaces VE1 and VE2 according to the identifier, and store the identifiers used to associate the VE1 and VE2 interfaces to Layer 2 and Layer 3. The virtual interface is bound in the mapping table.

所述 BRAS接入接口用于接入 L2TP用户，此时，所述终结接入设备同时充当 MPLS L2VPN网络的 PE设备和三层 IP公网的 LAC设备两种角色，在所述终结接入设备上根据用户账号进入相应的 L2TP隧道，接入到 LNS实现业务批发的功能。本实施例通过在 MPLS L2VPN网络和三层 IP公网之间建立终结接入设备，并在终结接入设备上建立虚拟接口的方法接入 L2TP用户，可以减少一台组网设备、降低组网成本、提高组网灵活性和可靠性。 The BRAS access interface is used to access the L2TP user. In this case, the terminating access device serves as both the PE device of the MPLS L2VPN network and the LAC device of the Layer 3 IP public network. Enter the corresponding L2TP tunnel according to the user account and access the LNS to implement the wholesale function of the service. In this embodiment, by establishing a terminating access device between the MPLS L2VPN network and the Layer 3 IP public network, and establishing a virtual interface on the terminating access device to access the L2TP user, the network device can be reduced and the networking can be reduced. Cost, increase networking flexibility and reliability.

当 VE1接口对应的 PW状态 up时候， L2TP用户协议 4艮文和数据 4艮文便可以通过 MPLS L2VPN网络到达终结接入设备，数据 4艮文到达该终结接入设备后，首先剥去数据报文的外层标签和内层标签，并且根据内层标签查找的 ILM表项，其中会有 MPLS L2VPN网络终结标志；对于 L2TP用户协议报文，网络处理器会将报文上送主机协议栈处理，首先是客户端与 LAC间进行 LCP (互联网内容提供商）协商，接着会进行验证，验证通过后， LAC开始将验证报文等后续报文透明传送到 LNS, 也就是相当于在 LNS与客户端之间进行验证与 IPCP ( IP控制协议）协商， IPCP协商通过后，客户端与 LNS之间的 PPP链路就建立了，上层控制软件就可以将 PW隧道和 L2TP隧道、 Tunnel Session (会议隧道）的对应关系下发到微码数据转发层面表项中，后面用户访问 LNS方向的数据报文，需要在 LAC设备上进行 PW隧道和 L2TP隧道交换。具体数据转发流程描述如下： When the PW state of the VE1 interface is up, the L2TP user protocol and the data can reach the terminating access device through the MPLS L2VPN network. After the data reaches the terminating access device, the datagram is first stripped. The outer and inner labels of the text, and are searched according to the inner label The ILM entry has the MPLS L2VPN network termination flag. For the L2TP user protocol packet, the network processor sends the packet to the host protocol stack. The first is the LCP (Internet Content Provider) negotiation between the client and the LAC. After the verification is passed, the LAC starts to transparently transmit the subsequent packets such as the authentication packet to the LNS, which is equivalent to the authentication between the LNS and the client and the IPCP (IP Control Protocol) negotiation. The IPCP negotiation is passed. Then, the PPP link between the client and the LNS is established, and the upper layer control software can send the mapping between the PW tunnel and the L2TP tunnel and the tunnel session to the microcode data forwarding layer entry. To access data packets in the LNS, you need to exchange PW tunnels and L2TP tunnels on the LAC. The specific data forwarding process is described as follows:

对于 L2TP用户访问 LNS的数据报文，首先需要穿越 MPLS L2VPN网络到达 LAC, 中间的数据转发流程与实施例一相同；在 LAC上剥去外层标签和内层标签，并且根据内层标签查找 ILM表项，发现 MPLS L2VPN网络终结标志，找到对应的 L2TP隧道，进行 L2TP隧道封装流程，该 L2TP隧道封装流程包括：首先，进行 L2TP隧道头封装，其次，进行端口号为 1701的 UDP (用户数据包协议）头封装，最后进行 IP头封装（目的 IP地址为 L2TP隧道的对端地址 ), 然后再根据该目的 IP地址查找 FIB表项进行普通数据转发，将数据转发出去，从而完成 PW隧道到 L2TP隧道的交换；在 L2TP隧道经过的中间 IP网络，看不到 L2TP隧道封装，根据 L2TP隧道的目的 IP进行普通 IP转发处理；数据到达 LNS设备之后，首先根据目的 IP查找 FIB命中本机地址生成路由，接着根据 UDP端口号为 1701知道该数据报文为 L2TP报文，再进行 L2TP隧道头解封装，露出用户报文进行普通 IP转发，接入上行三层 IP公网或者 MPLS L3VPN网络。 For the L2TP user to access the LNS data packet, the MPLS L2VPN network needs to be traversed to the LAC. The intermediate data forwarding process is the same as that in the first embodiment. The outer label and the inner label are stripped on the LAC, and the ILM is searched according to the inner label. The MPLS L2VPN network termination flag is found, and the corresponding L2TP tunnel is found, and the L2TP tunnel encapsulation process is performed. The L2TP tunnel encapsulation process includes: First, performing L2TP tunnel header encapsulation, and second, performing UDP port number 1701 (user data packet) The protocol header is encapsulated. The IP header is encapsulated (the destination IP address is the peer address of the L2TP tunnel). Then, the FIB entry is searched for the common data according to the destination IP address, and the data is forwarded to complete the PW tunnel to L2TP. In the intermediate IP network that the L2TP tunnel passes through, the L2TP tunnel encapsulation is not seen, and the ordinary IP forwarding process is performed according to the destination IP address of the L2TP tunnel. After the data arrives at the LNS device, the FIB hits the local address to generate a route according to the destination IP address. And then know the data based on the UDP port number of 1701. The packet is an L2TP packet, and then the L2TP tunnel header is decapsulated to expose the user packet for normal IP forwarding and access to the uplink Layer 3 IP public network or the MPLS L3VPN network.

对于 LNS回 LAC方向的数据报文，在 LNS设备上进行 L2TP隧道和用户 PPP信息封装；在 L2TP隧道经过的中间三层 IP公网，在 LAC设备上，看不到 L2TP隧道封装，根据 L2TP隧道的目的 IP进行普通 IP转发处理；在 LAC 设备上首先进行 L2TP隧道终结，进行 L2TP头解封装，查找到 L2TP隧道对应的 PW隧道，从而封装外层隧道标签和内层 VPN标签将报文转发出去，完成 L2TP隧道和 PW隧道的交换。如果 LAC和客户端之间是 PPPOE链路，则在用户 PPP信息头之外还需要封装 PPPOE头，然后再封装两层标签将报文转发出去。 The L2TP tunnel and the user PPP information are encapsulated on the LNS device. The L2TP tunnel is encapsulated on the L2TP tunnel. The L2TP tunnel encapsulation is based on the L2TP tunnel. The destination IP address is processed by the ordinary IP forwarding. The L2TP tunnel is first terminated on the LAC device, and the L2TP header is decapsulated to find the L2TP tunnel pair. The PW tunnel, which encapsulates the outer tunnel label and the inner VPN label, forwards the packet and completes the exchange between the L2TP tunnel and the PW tunnel. If the PPPOE link is used between the LAC and the client, the PPPOE header needs to be encapsulated in the PPP header. Then, the Layer 2 label is encapsulated and the packet is forwarded.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件完成，所述的程序可以存储于一计算机可读存储介质中，如 ROM/RAM、磁碟或光盘等。 A person skilled in the art can understand that all or part of the steps of implementing the above embodiments can be completed by a program to instruct related hardware, and the program can be stored in a computer readable storage medium, such as ROM/RAM, magnetic. Disc or CD.

以上所述，仅为本发明的具体实施方式，但本发明的保护范围并不局限于此，任何熟悉本技术领域的技术人员在本发明揭露的技术范围内，可轻易想到的变化或替换，都应涵盖在本发明的保护范围之内。因此，本发明的保护范围应该以权利要求的保护范围为准。 The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any change or replacement that can be easily conceived by those skilled in the art within the technical scope of the present invention is All should be covered by the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims

权利要求书 Claim

1、一种衔接二层网络和三层网络的通讯方法，其特征在于，包括如下步骤：第一虚拟接口接收数据报文； A communication method for connecting a Layer 2 network and a Layer 3 network, comprising the steps of: receiving, by the first virtual interface, a data packet;

2、根据权利要求 1所述的衔接二层网络和三层网络的通讯方法，其特征在于，所述二层网络为多协议标签交换二层虚拟专用网；所述三层网络为多协议标签交换三层虚拟专用网。 2. The communication method for connecting a Layer 2 network and a Layer 3 network according to claim 1, wherein the Layer 2 network is a multi-protocol label switching Layer 2 virtual private network; and the Layer 3 network is a multi-protocol label. Exchange a three-layer virtual private network.

3、根据权利要求 1所述的衔接二层网络和三层网络的通讯方法，其特征在于，当所述第一虚拟接口是二层虚拟接口，所述第二虚拟接口是三层虚拟接口，所述虚拟接口标识是二层虚拟接口标识，且所述三层虚拟接口分为一个以上子接口时，根据所述数据报文中的虚拟接口标识，查找二三层虚拟接口绑定映射表，获得对应的第二虚拟接口之后，还包括：根据数据报文中的虚拟局域网值找到对应的三层虚拟接口的子接口； The communication method of the connection between the Layer 2 network and the Layer 3 network according to claim 1, wherein when the first virtual interface is a Layer 2 virtual interface, the second virtual interface is a Layer 3 virtual interface, The virtual interface identifier is a Layer 2 virtual interface identifier, and the Layer 3 virtual interface is divided into one or more sub-interfaces, and the second-to-three-layer virtual interface binding mapping table is searched according to the virtual interface identifier in the data packet. After obtaining the corresponding second virtual interface, the method further includes: finding a sub-interface of the corresponding three-layer virtual interface according to the virtual local area network value in the data packet;

则所述从所述第二虚拟接口转发所述数据报文为： And the forwarding, by the second virtual interface, the data packet is:

从所述三层虚拟接口的子接口转发所述数据报文。 Forwarding the data packet from the sub-interface of the Layer 3 virtual interface.

4、根据权利要求 1所述的衔接二层网络和三层网络的通讯方法，其特征在于，当所述第一虚拟接口是三层虚拟接口，所述第二虚拟接口是二层虚拟接口，所述虚拟接口标识是三层虚拟接口标识时，所述根据所述数据报文中的虚拟接口标识，查找二三层虚拟接口绑定映射表，获得对应的第二虚拟接口之前，还包括：根据目的 IP查找地址解析协议表项，获得目的用户介质访问控制地址，进行用户二层信息封装。 The communication method of the connection between the Layer 2 network and the Layer 3 network according to claim 1, wherein the first virtual interface is a Layer 3 virtual interface, and the second virtual interface is a Layer 2 virtual interface. When the virtual interface identifier is a Layer 3 virtual interface identifier, the method includes: searching for a Layer 2 and Layer 3 virtual interface binding mapping table according to the virtual interface identifier in the data packet, and obtaining the corresponding second virtual interface, the method further includes: Find an address resolution protocol entry according to the destination IP address, and obtain the destination user media access control address. Perform user Layer 2 information encapsulation.

5、一种衔接二层网络和三层网络的通讯装置，其特征在于，包括：至少一个第一虚拟接口（201 ), 用于接收数据报文； A communication device that is connected to a Layer 2 network and a Layer 3 network, and includes: at least one first virtual interface (201), configured to receive a data message;

6、根据权利要求 5所述的衔接二层网络和三层网络的通讯装置，其特征在于，所述二层网络为多协议标签交换二层虚拟专用网；所述三层网络为多协议标签交换三层虚拟专用网。 The communication device that connects the Layer 2 network and the Layer 3 network according to claim 5, wherein the Layer 2 network is a multi-protocol label switching Layer 2 virtual private network; and the Layer 3 network is a multi-protocol label. Exchange a three-layer virtual private network.

7、根据权利要求 5所述的衔接二层网络和三层网络的通讯装置，其特征在于，当所述第二虚拟接口（202 ) 为三层虚拟接口时，该第二虚拟接口（202 ) 进一步包括至少一个子接口，分别用于转发具有不同虚拟局域网值的数据报文。 The communication device for connecting the two-layer network and the three-layer network according to claim 5, wherein when the second virtual interface (202) is a three-layer virtual interface, the second virtual interface (202) The method further includes at least one sub-interface for forwarding data packets having different virtual local area network values.

8、根据权利要求 5至 7中任一权利要求所述的衔接二层网络和三层网络的通信装置，其特征在于，还包括： The communication device for connecting the two-layer network and the three-layer network according to any one of claims 5 to 7, further comprising:

映射单元，用于将所述至少一个第一虚拟接口（201 )映射到第一物理接口；将所述至少一个第二虚拟接口（202 ) 映射到第二物理接口；所述至少一个第一虚拟接口（201 )通过所述第一物理接口接收数据报文；所述至少一个第二虚拟接口（202 )通过所述第二物理接口发送数据报文。 a mapping unit, configured to map the at least one first virtual interface (201) to a first physical interface; map the at least one second virtual interface (202) to a second physical interface; The at least one first virtual interface (201) receives a data packet by using the first physical interface; and the at least one second virtual interface (202) sends a data packet by using the second physical interface.

9、一种衔接二层网络和三层网络的***，其特征在于，包括一台终结接入设备、第一用户设备和第二用户设备；其中， A system for connecting a Layer 2 network and a Layer 3 network, comprising: a terminating access device, a first user device, and a second user device;

所述终结接入设备，用于从第一虚拟接口接收所述第一用户设备发送的数据报文，根据该数据报文中的虚拟接口标识，查找二三层虚拟接口绑定映射表，获得对应的第二虚拟接口，将所述数据报文通过所述第二虚拟接口发送出去；所述第二用户设备，用于接收所述终结接入设备发送的数据报文，其中，当所述第一用户设备位于所述二层网络时，所述第二用户设备位于所述三层网络，相应地，所述第一虚拟接口和所述第二虚拟接口分别是二层虚拟接口和三层虚拟接口，所述虚拟接口标识是二层虚拟接口标识； The terminating access device is configured to receive a data packet sent by the first user equipment from the first virtual interface, and search for a Layer 2 and Layer 3 virtual interface binding mapping table according to the virtual interface identifier in the data packet, Corresponding the second virtual interface, the data packet is sent by using the second virtual interface, and the second user equipment is configured to receive the data packet sent by the terminating access device, where When the first user equipment is located in the Layer 2 network, the second user equipment is located in the Layer 3 network, and correspondingly, the first virtual interface and the second virtual interface are respectively a Layer 2 virtual interface and three layers. a virtual interface, where the virtual interface identifier is a layer 2 virtual interface identifier;

10、根据权利要求 9所述的衔接二层网络和三层网络的***，其特征在于，所述二层网络为多协议标签交换二层虚拟专用网；所述三层网络为多协议标签交换三层虚拟专用网。 The system for connecting a Layer 2 network and a Layer 3 network according to claim 9, wherein the Layer 2 network is a multi-protocol label switching Layer 2 virtual private network; and the Layer 3 network is a multi-protocol label switching. Three-tier virtual private network.