WO2009086776A1 - Method, system and equipment for accessing visual private network - Google Patents

Method, system and equipment for accessing visual private network Download PDF

Info

Publication number
WO2009086776A1
WO2009086776A1 PCT/CN2008/073705 CN2008073705W WO2009086776A1 WO 2009086776 A1 WO2009086776 A1 WO 2009086776A1 CN 2008073705 W CN2008073705 W CN 2008073705W WO 2009086776 A1 WO2009086776 A1 WO 2009086776A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
l2vpn
data packet
correspondence
connection
Prior art date
Application number
PCT/CN2008/073705
Other languages
French (fr)
Chinese (zh)
Inventor
Jun Guo
Qinfeng Gu
Ming Li
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009086776A1 publication Critical patent/WO2009086776A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to a virtual private network access method, system and device.
  • Network is a solution for virtual private networks.
  • the carrier network and the customer's virtual private network VPN are completely independent.
  • the operator simply provides some Layer 2 network functions to the customer. From the customer's point of view, the operator only provides a simple Layer 2 connection, and the customer can easily control the VPN.
  • this transparency simplifies the structure and configuration management of the carrier network, and provides multi-service support capabilities for customers.
  • operators can also provide customers with customers. Provide a variety of services such as IPv6.
  • L2VPN In L2VPN, users are required to access L2VPN in Layer 2 mode. However, due to cost constraints, many users need to access L2VPN on the original low-speed link or leased line. At present, the low-speed link or leased line provided by the general operator only supports the PPP dial-up connection network, and the general PPP connection is in the network layer control protocol (Network Control).
  • Network Control Network Control
  • IP Protocol IP Protocol
  • NCP IP Protocol
  • IPCP IP Protocol
  • the PPP link carries Layer 3 packets, that is, IP packets.
  • Layer 3 data exchange can be performed, which does not meet the requirements of L2VPN Layer 2 data exchange. Therefore, users on low-speed links cannot access L2VPN through PPP.
  • the embodiment of the present invention provides a virtual private network access method, which can implement PPP access to L2VPN.
  • the embodiment of the present invention provides a virtual private network access system, which can implement PPP access to L2VPN.
  • the embodiment of the present invention provides an access server, which can access the L2VPN in the PPP mode.
  • a virtual private network access method comprising:
  • the user's data message is transmitted to the corresponding L2
  • a virtual private network access system comprising:
  • the user Provider Edge (CPE) is used to initiate a PPP connection in the BCP mode.
  • an intermediate device configured to bridge a PPP connection initiated by the user side device in a BCP manner to the access server;
  • an access server configured to establish a user side device and the access server by using a bridge control protocol BCP mode of
  • the user's data packet is transmitted to the corresponding L2VPN according to the user connection information.
  • An access server comprising:
  • a connection establishment module configured to establish a PPP connection between the user side device and the access server by using a bridge control protocol BCP mode;
  • the data sending module is configured to send the user data packet to the corresponding L2VPN according to the preset connection rule according to the user connection information.
  • the PPP connection between the user side device and the access server is established by using the BCP manner in the embodiment of the present invention; according to the preset corresponding rule, the user is connected according to the user connection information.
  • the data packet is transmitted to the virtual private network access method, system and device in the corresponding L2VPN, and the Layer 2 data packet is carried in the BPP mode in the PPP connection, thereby realizing the low-speed network or the leased network supporting only the PPP connection. Access to L2VPN.
  • FIG. 1 is a flowchart of a method for accessing a virtual private network according to an embodiment of the present invention
  • FIG. 2 is a structural diagram of an L2VPN access system according to an embodiment of the present invention.
  • the BCP mode can be used for NCP negotiation.
  • the BCP mode is characterized by PPP link bearer.
  • the second layer of Ethernet packets, this feature allows the PPP connection to transmit Layer 2 packets.
  • the embodiment of the present invention mainly establishes a PPP connection between the user side device and the access server by using a bridge control protocol BCP manner; according to the preset corresponding rule, the user data packet is transmitted according to the user connection information to In the corresponding L2VPN, the Layer 2 data packet is carried in the BCP mode in the PPP connection, so that the L2VPN is accessed in the low-speed network or the leased network that only supports the PPP connection.
  • FIG. 1 is a flowchart of a method for accessing a virtual private network according to an embodiment of the present invention
  • [31] 101 establishing a PPP connection between the user side device and the access server by using a bridge control protocol BCP manner; [32] 102, according to the preset corresponding rule, transmitting the user data packet according to the user connection information Corresponding to L2VPN.
  • the establishment process of the PPP connection is: the user initiates a BPP mode PPP connection through the user side device CPE, and the connection is aggregated to the intermediate device, such as a digital subscriber line access multiplexer DSLAM.
  • the intermediate device such as a digital subscriber line access multiplexer DSLAM.
  • the BRAS can authenticate the originating user of the connection, and if the authentication is successful, the connection is established. After the connection is established, the user's data message will be transmitted via the BRAS. In addition, the BRAS can also charge the user connection through an external billing server.
  • the preset corresponding rule may be preset in the BRAS by static configuration, remote configuration, or dynamic delivery. After receiving the data packet of the user, the BRAS may be based on the connection information of the user. The user's data packet is transmitted to the corresponding L2VPN according to the preset corresponding rule.
  • the BRAS can determine the correspondence between the user data packet and the L2VPN according to the preset connection rule according to the user's connection information; and then transmit the user data packet to the corresponding one according to the determined correspondence relationship. L2VPN.
  • connection information of the user may be any information that can distinguish the identity of the user, for example, the physical line identifier of the user connection that the DSLAM device transmits the user data message to the BRAS, and the physical line identifier may be a virtual local area network VLAN. logo, etc.
  • the connection information of the user may be any information that can distinguish the identity of the user, for example, the physical line identifier of the user connection that the DSLAM device transmits the user data message to the BRAS, and the physical line identifier may be a virtual local area network VLAN. logo, etc.
  • the BRAS forwards the user connection to the L2TP network server LNS (L2TP Network)
  • the specific processing steps on the LNS are the same as those on the BRAS above.
  • FIG. 2 is a structural diagram of an L2VPN access system according to an embodiment of the present invention. As shown in the figure, the system includes:
  • CPE201 used to initiate a PPP connection in BCP mode
  • the intermediate device 202 is configured to bridge the PPP connection initiated by the CPE in the BCP manner to the access server 203;
  • the access server 203 is configured to establish a PPP connection between the CPE and the access server 203 in a BCP manner; and transmit the user data packet to the corresponding L2V PN according to the preset connection rule according to the user connection information.
  • the preset corresponding rule can be preset in the BRAS by static configuration, remote configuration, or dynamic delivery. After receiving the user's data packet, the BRAS can follow the preset information according to the user's connection information. Corresponding rules, the user's data message is transmitted to the corresponding L2VPN.
  • the access server 203 includes:
  • connection establishing module 204 is configured to establish a PPP connection between the CPE and the access server 203 in a BCP manner.
  • the data sending module 205 is configured to: according to the preset corresponding rule, transmit the data packet of the user to the corresponding L2VPN according to the user connection information; specifically, the connection information of the user may be any that can distinguish the identity of the user.
  • the information such as the physical line identifier of the user connection to which the DSLAM device transmits the user data packet to the BRAS, or the physical line identifier and the domain identifier of the user connection; wherein the physical line identifier may be a virtual local area network VLAN identifier or the like.
  • the data sending module 205 includes:
  • the correspondence determining unit 206 is configured to determine, according to the preset correspondence rule, the correspondence between the user data packet and the L2VPN according to the user connection information;
  • the data sending unit 208 is configured to transmit the data packet of the user to the corresponding L2VPN according to the determined correspondence.
  • the data sending module 205 may further include a user attribute processing unit 207, configured to perform different according to the previous matching rule according to the preset matching rule. Users perform different processing. For example, if the user is a large customer, bandwidth or priority processing can be guaranteed according to preset rules.
  • the corresponding correspondence determining unit 206 may determine the correspondence between the user data packet and the L2VPN according to the preset physical rule identifier according to the preset corresponding rule; or when it is necessary to further distinguish different users on the same physical line.
  • the corresponding relationship between the user data packet and the L2VPN is determined according to the preset physical rule identifier and the domain identifier carried in the user connection.
  • the intermediate device may be a DSLAM. If the user access network supports L2TP, the intermediate device may include a DSLAM and a BRAS, and the BRAS transfers the connection to the LNS.
  • the access server may be a BRAS. If the user accesses the network to support L2TP, the access server may also be an LNS.
  • the PPP connection between the CPE and the access server is established in the BCP manner according to the embodiment of the present invention; according to the preset corresponding rule, the user data report is obtained according to the user connection information.
  • the method is transmitted to the virtual private network access method in the corresponding L2VPN, and the Layer 2 data packet is carried in the BPP mode in the PPP connection, thereby implementing the access to the L2VPN under the low-speed network or the leased network supporting only the PPP connection, and
  • the physical line identifier of the PPP connection or the domain identifier of the user dialing distinguishes different users and performs differentiated processing.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method, system and equipment for accessing layer 2 visual private network (L2VPN). The method involves establishing a PPP connection of customer premise equipment and an access server through a bridge control protocol (BCP) way (101). A data message of a customer is transmitted to a corresponding L2VPN according to pre-set corresponding rules based on customer connecting information (102). The method achieves accessing of L2VPN by only supporting PPP connected low speed network or leased network, because layer 2 data packet is carried in the PPP connection by BCP way. Different customers can be distinguished through the physical circuit mark connected by PPP or field mark dialed by customer, so as to perform different processes.

Description

说明书 虚拟专用网接入方法、 ***及装置  Virtual private network access method, system and device
[1] 技术领域  [1] Technical field
[2] 本发明涉及网络通信技术领域, 特别涉及虚拟专用网接入方法、 ***及装置。  [2] The present invention relates to the field of network communication technologies, and in particular, to a virtual private network access method, system and device.
[3] 发明背景  [3] Background of the invention
[4] 二层虚拟专用网 L2VPN (Layer-2 Virtual Private  [4] Layer 2 Virtual Private Network L2VPN (Layer-2 Virtual Private
Network) 是虚拟专用网的一种解决方案, 在该解决方案中, 运营商网络和客户 的虚拟专用网 VPN之间完全独立, 运营商只是简单向客户提供一些基于 2层的网 络功能。 从客户的角度看运营商只是提供了一个简单的 2层连接, 客户可以方便 地对 VPN进行控制。 相对于三层虚拟专用网 L3VPN, 这种透明简化了运营商网 络的结构和配置管理, 提供了对客户的多业务支持能力, 运营商除了传统的英 特网协议 IP业务以外, 还可以向客户提供 IPv6等多种业务。  Network) is a solution for virtual private networks. In this solution, the carrier network and the customer's virtual private network VPN are completely independent. The operator simply provides some Layer 2 network functions to the customer. From the customer's point of view, the operator only provides a simple Layer 2 connection, and the customer can easily control the VPN. Compared with the Layer 3 virtual private network L3VPN, this transparency simplifies the structure and configuration management of the carrier network, and provides multi-service support capabilities for customers. In addition to the traditional Internet protocol IP services, operators can also provide customers with customers. Provide a variety of services such as IPv6.
[5] 在 L2VPN中, 要求用户能够以二层方式接入 L2VPN, 但限于成本限制, 很多用 户需要在原有的低速链路或租用的线路上接入 L2VPN。 目前, 一般的运营商所 提供的低速链路或租用线路只支持 PPP拨号方式连接网络, 而一般 PPP连接在网 络层控制协议 (Network Control  [5] In L2VPN, users are required to access L2VPN in Layer 2 mode. However, due to cost constraints, many users need to access L2VPN on the original low-speed link or leased line. At present, the low-speed link or leased line provided by the general operator only supports the PPP dial-up connection network, and the general PPP connection is in the network layer control protocol (Network Control).
Protocol, NCP) 协商阶段釆用的是 IP控制协议 (Internet Protocol Control Protocol, IPCP) , 这样的 PPP连接中, PPP链路承载的是三层数据包, 即 IP数据 包, 在 PPP连接建立后, 只能进行三层数据交换, 不符合 L2VPN的二层数据交换 的要求, 因此造成了位于低速链路的用户无法通过 PPP方式接入 L2VPN的问题。  Protocol, NCP) In the negotiation phase, the IP Protocol (IPCP) is used. In the PPP connection, the PPP link carries Layer 3 packets, that is, IP packets. After the PPP connection is established, Only Layer 3 data exchange can be performed, which does not meet the requirements of L2VPN Layer 2 data exchange. Therefore, users on low-speed links cannot access L2VPN through PPP.
[6] 发明内容 [6] Summary of the invention
[7] 本发明实施例提供一种虚拟专用网接入方法, 可以实现以 PPP方式接入 L2VPN  [7] The embodiment of the present invention provides a virtual private network access method, which can implement PPP access to L2VPN.
[8] 本发明实施例提供一种虚拟专用网接入***, 可以实现以 PPP方式接入 L2VPN [8] The embodiment of the present invention provides a virtual private network access system, which can implement PPP access to L2VPN.
[9] 本发明实施例提供一种接入服务器, 可以实现以 PPP方式接入 L2VPN。 [9] The embodiment of the present invention provides an access server, which can access the L2VPN in the PPP mode.
[10] 为达到上述目的, 本发明实施例的技术方案具体是这样实现的: [11] 一种虚拟专用网接入方法, 该方法包括: [10] In order to achieve the above objective, the technical solution of the embodiment of the present invention is specifically implemented as follows: [11] A virtual private network access method, the method comprising:
[12] 以桥控制协议 BCP (Bridge Control [12] Bridge Control Protocol BCP (Bridge Control
Protocol) 方式建立用户侧设备与接入服务器之间的 PPP连接;  Protocol) establishes a PPP connection between the user side device and the access server;
[13] 按照预置的对应规则, 根据用户连接信息, 将用户的数据报文传送到对应的 L2[13] According to the preset corresponding rules, according to the user connection information, the user's data message is transmitted to the corresponding L2
VPN中。 In the VPN.
[14] 一种虚拟专用网接入***, 该***包括:  [14] A virtual private network access system, the system comprising:
[15] 用户侧设备 CPE (Customer Provider Edge) , 用于发起 BCP方式的 PPP连接; [15] The user Provider Edge (CPE) is used to initiate a PPP connection in the BCP mode.
[16] 中间设备, 用于将用户侧设备以 BCP方式发起的 PPP连接桥接至接入服务器; [17] 接入服务器, 用于以桥控制协议 BCP方式建立用户侧设备与接入服务器之间的[16] an intermediate device, configured to bridge a PPP connection initiated by the user side device in a BCP manner to the access server; [17] an access server, configured to establish a user side device and the access server by using a bridge control protocol BCP mode of
PPP连接; 按照预置的对应规则, 根据用户连接信息, 将用户的数据报文传送到 对应的 L2VPN中。 PPP connection; According to the preset corresponding rules, the user's data packet is transmitted to the corresponding L2VPN according to the user connection information.
[18] 一种接入服务器, 该接入服务器包括: [18] An access server, the access server comprising:
[19] 连接建立模块, 用于以桥控制协议 BCP方式建立用户侧设备与接入服务器之间 的 PPP连接;  [19] A connection establishment module, configured to establish a PPP connection between the user side device and the access server by using a bridge control protocol BCP mode;
[20] 数据发送模块, 用于按照预置的对应规则, 根据用户连接信息, 将用户的数据 报文传送到对应的 L2VPN中。  [20] The data sending module is configured to send the user data packet to the corresponding L2VPN according to the preset connection rule according to the user connection information.
[21] 由上述的技术方案可见, 本发明实施例的这种通过以 BCP方式建立用户侧设备 与接入服务器之间的 PPP连接; 按照预置的对应规则, 根据用户连接信息, 将用 户的数据报文传送到对应的 L2VPN中的虚拟专用网络接入方法、 ***及装置, 在 PPP连接中以 BCP方式承载了二层数据包, 从而实现了在仅支持 PPP连接的低 速网络或租用网络下接入 L2VPN。  [21] It can be seen from the above technical solution that the PPP connection between the user side device and the access server is established by using the BCP manner in the embodiment of the present invention; according to the preset corresponding rule, the user is connected according to the user connection information. The data packet is transmitted to the virtual private network access method, system and device in the corresponding L2VPN, and the Layer 2 data packet is carried in the BPP mode in the PPP connection, thereby realizing the low-speed network or the leased network supporting only the PPP connection. Access to L2VPN.
[22] 附图简要说明  [22] BRIEF DESCRIPTION OF THE DRAWINGS
[23] 图 1为本发明实施例的虚拟专用网接入方法的流程图;  1 is a flowchart of a method for accessing a virtual private network according to an embodiment of the present invention;
[24] 图 2为本发明实施例的 L2VPN接入***结构图。 2 is a structural diagram of an L2VPN access system according to an embodiment of the present invention.
[25] 实施本发明的方式 [25] Mode for carrying out the invention
[26] 为使本发明的目的、 技术方案及优点更加清楚明白, 以下参照附图并举实施例 [26] In order to make the objects, technical solutions and advantages of the present invention more clear, the following embodiments are described with reference to the accompanying drawings.
, 对本发明实施例进一步详细说明。 The embodiments of the present invention are further described in detail.
[27] 在 PPP中, 进行 NCP协商吋可以釆用 BCP方式, BCP方式的特点是 PPP链路承载 的是二层的以太数据包, 这个特性使 PPP连接可以传送二层数据包。 [27] In PPP, the BCP mode can be used for NCP negotiation. The BCP mode is characterized by PPP link bearer. The second layer of Ethernet packets, this feature allows the PPP connection to transmit Layer 2 packets.
[28] 本发明实施例主要是通过以桥控制协议 BCP方式建立用户侧设备与接入服务器 之间的 PPP连接; 按照预置的对应规则, 根据用户连接信息, 将用户的数据报文 传送到对应的 L2VPN中, 因在 PPP连接中以 BCP方式承载了二层数据包, 从而实 现了在仅支持 PPP连接的低速网络或租用网络下接入 L2VPN。 [28] The embodiment of the present invention mainly establishes a PPP connection between the user side device and the access server by using a bridge control protocol BCP manner; according to the preset corresponding rule, the user data packet is transmitted according to the user connection information to In the corresponding L2VPN, the Layer 2 data packet is carried in the BCP mode in the PPP connection, so that the L2VPN is accessed in the low-speed network or the leased network that only supports the PPP connection.
[29] 图 1为本发明实施例的虚拟专用网接入方法的流程图; 1 is a flowchart of a method for accessing a virtual private network according to an embodiment of the present invention;
[30] 如图 1所示, 该流程具体包括: [30] As shown in Figure 1, the process specifically includes:
[31] 101, 以桥控制协议 BCP方式建立用户侧设备与接入服务器之间的 PPP连接; [32] 102, 按照预置的对应规则, 根据用户连接信息, 将用户的数据报文传送到对 应的 L2VPN中。  [31] 101, establishing a PPP connection between the user side device and the access server by using a bridge control protocol BCP manner; [32] 102, according to the preset corresponding rule, transmitting the user data packet according to the user connection information Corresponding to L2VPN.
[33] 在上述 101中, PPP连接的建立过程是: 用户通过用户侧设备 CPE发起 BCP方式 的 PPP连接, 该连接将被汇聚到中间设备上, 如数字用户线接入复用器 DSLAM [33] In the foregoing 101, the establishment process of the PPP connection is: the user initiates a BPP mode PPP connection through the user side device CPE, and the connection is aggregated to the intermediate device, such as a digital subscriber line access multiplexer DSLAM.
(Digital Subscriber Line Access (Digital Subscriber Line Access
Multiplexer) 上, DSLAM则将该连接接入远程宽带接入服务器 BRAS (Broadban d Remote Access  On the Multiplexer), the DSLAM connects the connection to the remote broadband access server BRAS (Broadban d Remote Access)
Server) , 从而建立 CPE到 BRAS的 PPP连接。 当然, BRAS可以对该连接的发起 用户进行认证, 如果认证成功, 则建立连接。 连接建立后, 用户的数据报文将 可以通过 BRAS进行传送。 另外, BRAS还可以通过外接的计费服务器对用户连 接进行计费等。  Server), thus establishing a PPP connection from CPE to BRAS. Of course, the BRAS can authenticate the originating user of the connection, and if the authentication is successful, the connection is established. After the connection is established, the user's data message will be transmitted via the BRAS. In addition, the BRAS can also charge the user connection through an external billing server.
[34] 在上述 102中, 预置的对应规则可以通过静态配置、 远程配置或动态下发等方 法预置在 BRAS内, 当收到用户的数据报文吋, BRAS可以根据用户的连接信息 , 按照预置的对应规则, 将用户的数据报文传送到对应的 L2VPN中。  [34] In the above 102, the preset corresponding rule may be preset in the BRAS by static configuration, remote configuration, or dynamic delivery. After receiving the data packet of the user, the BRAS may be based on the connection information of the user. The user's data packet is transmitted to the corresponding L2VPN according to the preset corresponding rule.
[35] 具体来说, BRAS可以根据用户的连接信息, 按照预置的对应规则, 确定用户 数据报文与 L2VPN的对应关系; 再根据确定的对应关系, 将用户的数据报文传 送到对应的 L2VPN中。  [35] Specifically, the BRAS can determine the correspondence between the user data packet and the L2VPN according to the preset connection rule according to the user's connection information; and then transmit the user data packet to the corresponding one according to the determined correspondence relationship. L2VPN.
[36] 其中, 用户的连接信息可以是任何可以区分用户身份的信息, 比如 DSLAM设 备在将用户数据报文传送至 BRAS吋加入的用户连接的物理线路标识, 该物理线 路标识可以是虚拟局域网 VLAN标识等。 当对于同一物理线路下还需要进行用户 区分吋, 比如多个用户通过同一物理线路釆用以太网点到点 PPPoE的拨号形式接 入 BRAS , BRAS还可以通过用户拨号吋填写的域标识来区别用户身份。 [36] wherein, the connection information of the user may be any information that can distinguish the identity of the user, for example, the physical line identifier of the user connection that the DSLAM device transmits the user data message to the BRAS, and the physical line identifier may be a virtual local area network VLAN. Logo, etc. When users need to be on the same physical line Differentiating 吋, for example, multiple users accessing the BRAS through the dial-up form of the Ethernet point-to-point PPPoE through the same physical line, and the BRAS can also distinguish the user identity by the domain identifier filled in by the user dialing 。.
[37] 对不同的用户进行区分, 是为了达到对不同的用户进行差异化处理的目的, 比 如对特殊的用户给与带宽保证, 或优先处理等。  [37] Different users are differentiated in order to achieve different purposes for different users, such as bandwidth guarantee for special users, or priority processing.
[38] 当然, 若用户接入网络支持第 2层隧道协议 L2TP (Layer 2 Tunneling  [38] Of course, if the user accesses the network to support Layer 2 tunneling protocol L2TP (Layer 2 Tunneling)
Protocol) , 也可以根据 L2TP的业务批发功能, 由 BRAS将用户连接转发到 L2TP 网络服务器 LNS (L2TP Network  Protocol), according to the L2TP service wholesale function, the BRAS forwards the user connection to the L2TP network server LNS (L2TP Network)
Server) 上, 由 LNS进行处理, LNS上具体处理步骤与以上 BRAS上的处理相同 Server), processed by the LNS, the specific processing steps on the LNS are the same as those on the BRAS above.
, 这里不再赞述。 , no longer praise here.
[39] 以上介绍了本发明实施例的 L2VPN接入方法, 下面将具体介绍本发明实施例的 [39] The L2VPN access method of the embodiment of the present invention is described above, and the following describes the embodiment of the present invention.
L2VPN接入***结构。 L2VPN access system structure.
[40] 图 2是本发明实施例的 L2VPN接入***结构图, 如图所示, 该***包括: 2 is a structural diagram of an L2VPN access system according to an embodiment of the present invention. As shown in the figure, the system includes:
[41] CPE201、 中间设备 202和接入服务器 203; [41] CPE 201, intermediate device 202 and access server 203;
[42] CPE201 , 用于发起 BCP方式的 PPP连接; [42] CPE201, used to initiate a PPP connection in BCP mode;
[43] 中间设备 202, 用于将 CPE以 BCP方式发起的 PPP连接桥接至接入服务器 203;  [43] The intermediate device 202 is configured to bridge the PPP connection initiated by the CPE in the BCP manner to the access server 203;
[44] 接入服务器 203, 用于以 BCP方式建立 CPE与接入服务器 203之间的 PPP连接; 按照预置的对应规则, 根据用户连接信息, 将用户的数据报文传送到对应的 L2V PN中; 例如, 预置的对应规则可以通过静态配置、 远程配置或动态下发等方法 预置在 BRAS内, 当收到用户的数据报文吋, BRAS可以根据用户的连接信息, 按照预置的对应规则, 将用户的数据报文传送到对应的 L2VPN中。 [44] The access server 203 is configured to establish a PPP connection between the CPE and the access server 203 in a BCP manner; and transmit the user data packet to the corresponding L2V PN according to the preset connection rule according to the user connection information. For example, the preset corresponding rule can be preset in the BRAS by static configuration, remote configuration, or dynamic delivery. After receiving the user's data packet, the BRAS can follow the preset information according to the user's connection information. Corresponding rules, the user's data message is transmitted to the corresponding L2VPN.
[45] 其中, 接入服务器 203包括: [45] wherein the access server 203 includes:
[46] 连接建立模块 204, 用于以 BCP方式建立 CPE与接入服务器 203之间的 PPP连接  [46] The connection establishing module 204 is configured to establish a PPP connection between the CPE and the access server 203 in a BCP manner.
[47] 数据发送模块 205, 用于按照预置的对应规则, 根据用户连接信息, 将用户的 数据报文传送到对应的 L2VPN中; 具体的, 用户的连接信息可以是任何可以区 分用户身份的信息, 比如 DSLAM设备在将用户数据报文传送至 BRAS吋加入的 用户连接的物理线路标识, 或用户连接的物理线路标识和域标识; 其中该物理 线路标识可以是虚拟局域网 VLAN标识等。 [48] 其中数据发送模块 205包括: [47] The data sending module 205 is configured to: according to the preset corresponding rule, transmit the data packet of the user to the corresponding L2VPN according to the user connection information; specifically, the connection information of the user may be any that can distinguish the identity of the user. The information, such as the physical line identifier of the user connection to which the DSLAM device transmits the user data packet to the BRAS, or the physical line identifier and the domain identifier of the user connection; wherein the physical line identifier may be a virtual local area network VLAN identifier or the like. [48] wherein the data sending module 205 includes:
[49] 对应关系确定单元 206, 用于按照预置的对应规则, 根据用户连接信息, 确定 用户数据报文与 L2VPN的对应关系;  [49] The correspondence determining unit 206 is configured to determine, according to the preset correspondence rule, the correspondence between the user data packet and the L2VPN according to the user connection information;
[50] 数据发送单元 208, 用于根据所述确定的对应关系, 将用户的数据报文传送到 对应的 L2VPN中。 [50] The data sending unit 208 is configured to transmit the data packet of the user to the corresponding L2VPN according to the determined correspondence.
[51] 如果需要对不同的用户进行不同的处理, 所述数据发送模块 205中还可以包括 用户属性处理单元 207, 用于按照预置的对应规则, 根据之前对不同用户的识别 结果, 对不同的用户进行不同的处理。 比如, 用户为大客户, 可以根据预置的 规则, 来保证带宽或优先处理等。  [51] If the different users need to be processed differently, the data sending module 205 may further include a user attribute processing unit 207, configured to perform different according to the previous matching rule according to the preset matching rule. Users perform different processing. For example, if the user is a large customer, bandwidth or priority processing can be guaranteed according to preset rules.
[52] 以上的对应关系确定单元 206可以是按照预置的对应规则, 根据用户连接的物 理线路标识, 确定用户数据报文与 L2VPN的对应关系; 或者当需要进一步区分 同一物理线路上的不同用户的话, 还可以是按照预置的对应规则, 根据用户连 接的物理线路标识和用户连接中携带的域标识, 确定用户数据报文与 L2VPN的 对应关系。  [52] The corresponding correspondence determining unit 206 may determine the correspondence between the user data packet and the L2VPN according to the preset physical rule identifier according to the preset corresponding rule; or when it is necessary to further distinguish different users on the same physical line. The corresponding relationship between the user data packet and the L2VPN is determined according to the preset physical rule identifier and the domain identifier carried in the user connection.
[53] 在以上***中, 中间设备可以是 DSLAM, 如果用户接入网络支持 L2TP, 那么 中间设备可以包括 DSLAM和 BRAS, BRAS将连接转接至 LNS。  [53] In the above system, the intermediate device may be a DSLAM. If the user access network supports L2TP, the intermediate device may include a DSLAM and a BRAS, and the BRAS transfers the connection to the LNS.
[54] 其中接入服务器可以是 BRAS, 如果用户接入网络支持 L2TP, 那么接入服务器 还可以是 LNS。  [54] The access server may be a BRAS. If the user accesses the network to support L2TP, the access server may also be an LNS.
[55] 由上述的实施例可见, 本发明实施例的这种通过以 BCP方式建立 CPE与接入服 务器之间的 PPP连接; 按照预置的对应规则, 根据用户连接信息, 将用户的数据 报文传送到对应的 L2VPN中的虚拟专用网络接入方法, 在 PPP连接中以 BCP方式 承载了二层数据包, 从而实现了在仅支持 PPP连接的低速网络或租用网络下接入 L2VPN, 并且可以通过 PPP连接的物理线路标识或用户拨号的域标识区分不同的 用户, 进行差异化处理。  [55] It can be seen from the foregoing embodiment that the PPP connection between the CPE and the access server is established in the BCP manner according to the embodiment of the present invention; according to the preset corresponding rule, the user data report is obtained according to the user connection information. The method is transmitted to the virtual private network access method in the corresponding L2VPN, and the Layer 2 data packet is carried in the BPP mode in the PPP connection, thereby implementing the access to the L2VPN under the low-speed network or the leased network supporting only the PPP connection, and The physical line identifier of the PPP connection or the domain identifier of the user dialing distinguishes different users and performs differentiated processing.
[56] 以上所述, 仅为本发明较佳的具体实施方式, 但本发明的保护范围并不局限于 此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易想到 的变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围 应该以权利要求的保护范围为准。  The above is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of within the technical scope disclosed by the present invention. Changes or substitutions are intended to be included within the scope of the invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims

权利要求书 Claim
[1] 一种虚拟专用网接入方法, 其特征在于, 该方法包括:  [1] A virtual private network access method, the method comprising:
以桥控制协议 BCP方式建立用户侧设备与接入服务器之间的 PPP连接; 按照预置的对应规则, 根据用户连接信息, 将用户的数据报文传送到对应 的 L2VPN中。  The PPP connection between the user-side device and the access server is established in the BCP mode. The data packet of the user is transmitted to the corresponding L2VPN according to the preset connection rule.
[2] 如权利要求 1所述的虚拟专用网接入方法, 其特征在于, 所述按照预置的对 应规则, 根据用户连接信息, 将用户的数据报文传送到对应的 L2VPN中, 包括:  [2] The method for accessing a virtual private network according to claim 1, wherein the transmitting the data packet of the user to the corresponding L2VPN according to the user connection information according to the preset corresponding rule includes:
按照预置的对应规则, 根据用户连接信息, 确定用户数据报文与 L2VPN的 对应关系;  According to the preset corresponding rule, the correspondence between the user data packet and the L2VPN is determined according to the user connection information;
根据所述确定的对应关系, 将用户的数据报文传送到对应的 L2VPN中。  And transmitting, according to the determined correspondence, the data packet of the user to the corresponding L2VPN.
[3] 如权利要求 2所述的虚拟专用网接入方法, 其特征在于, 所述按照预置的对 应规则, 根据用户连接信息, 确定用户数据报文与 L2VPN的对应关系, 包 括: [3] The virtual private network access method according to claim 2, wherein the mapping between the user data packet and the L2VPN is determined according to the user connection information according to the preset corresponding rule, and the method includes:
按照预置的对应规则, 根据用户连接的物理线路标识, 确定用户数据报文 与 L2VPN的对应关系。  According to the preset corresponding rules, the correspondence between the user data packet and the L2VPN is determined according to the physical line identifier of the user connection.
[4] 如权利要求 2所述的虚拟专用网接入方法, 其特征在于, 所述按照预置的对 应规则, 根据用户连接信息, 确定用户数据报文与 L2VPN的对应关系, 包 括:  [4] The method for accessing a virtual private network according to claim 2, wherein the determining, according to the preset correspondence rule, the correspondence between the user data packet and the L2VPN according to the user connection information, including:
按照预置的对应规则, 根据用户连接的物理线路标识和域标识, 确定用户 数据报文与 L2VPN的对应关系。  According to the preset corresponding rules, the correspondence between the user data packet and the L2VPN is determined according to the physical line identifier and the domain identifier of the user connection.
[5] 如权利要求 3或 4所述的虚拟专用网接入方法, 其特征在于, 所述确定用户 数据报文与 L2VPN的对应关系后, 将用户数据报文传送到对应的 L2VPN中 之前, 还包括: 按照预置的规则, 对不同的用户进行不同的处理。 [5] The virtual private network access method according to claim 3 or 4, wherein after determining the correspondence between the user data packet and the L2VPN, before transmitting the user data packet to the corresponding L2VPN, It also includes: Different treatments for different users according to preset rules.
[6] 如权利要求 1所述的虚拟专用网接入方法, 其特征在于, 所述预置的对应规 则包括: 通过静态配置、 远程配置或动态下发预置的对应规则。 [6] The method for accessing a virtual private network according to claim 1, wherein the preset corresponding rule comprises: performing static configuration, remote configuration, or dynamically delivering a preset corresponding rule.
[7] 一种接入服务器, 其特征在于, 该接入服务器包括: [7] An access server, characterized in that the access server comprises:
连接建立模块, 用于以桥控制协议 BCP方式建立用户侧设备与接入服务器 之间的 PPP连接; a connection establishment module, configured to establish a user side device and an access server by using a bridge control protocol BCP mode PPP connection between;
数据发送模块, 用于按照预置的对应规则, 根据用户连接信息, 将用户的 数据报文传送到对应的 L2VPN中。  The data sending module is configured to send the user data packet to the corresponding L2VPN according to the preset connection rule according to the user connection information.
[8] 如权利要求 7所述的接入服务器, 其特征在于, 所述数据发送模块包括: 对应关系确定单元, 用于按照预置的对应规则, 根据用户连接信息, 确定 用户数据报文与 L2VPN的对应关系; [8] The access server according to claim 7, wherein the data sending module comprises: a correspondence determining unit, configured to determine a user data packet according to the user connection information according to a preset corresponding rule Correspondence relationship of L2VPN;
数据发送单元, 用于根据所述确定的对应关系, 将用户的数据报文传送到 对应的 L2VPN中。  The data sending unit is configured to send the data packet of the user to the corresponding L2VPN according to the determined correspondence.
[9] 如权利要求 7所述的接入服务器, 其特征在于, 所述数据发送模块还包括: 用户属性处理单元, 用于按照预置的对应规则, 根据所述确定的对应关系 , 对不同的用户进行不同的处理;  [9] The access server according to claim 7, wherein the data sending module further includes: a user attribute processing unit, configured to perform different according to the determined correspondence according to the preset corresponding rule Users perform different processing;
所述数据发送单元, 还用于将所述用户属性处理单元处理后的数据报文传 送到对应的 L2VPN中。  The data sending unit is further configured to transmit the data packet processed by the user attribute processing unit to the corresponding L2VPN.
[10] 如权利要求 8所述的接入服务器, 其特征在于, 所述对应关系确定单元, 用 于按照预置的对应规则, 根据用户连接的物理线路标识, 确定用户数据报 文与 L2VPN的对应关系。  [10] The access server according to claim 8, wherein the correspondence relationship determining unit is configured to determine, according to a preset corresponding rule, a user data packet and an L2VPN according to a physical line identifier connected by the user. Correspondence relationship.
[11] 如权利要求 8所述的接入服务器, 其特征在于, 所述对应关系确定单元, 用 于按照预置的对应规则, 根据用户连接的物理线路标识和域标识, 确定用 户数据报文与 L2VPN的对应关系。 [11] The access server according to claim 8, wherein the corresponding relationship determining unit is configured to determine a user data packet according to a preset physical network identifier and a domain identifier according to a preset corresponding rule. Correspondence with L2VPN.
[12] 一种虚拟专用网接入***, 其特征在于, 该***包括: 如权利要求 7-11任 一项所述的接入服务器; 该***还包括: [12] A virtual private network access system, the system comprising: the access server according to any one of claims 7-11;
用户侧设备, 用于发起 BCP方式的 PPP连接;  A user-side device, configured to initiate a PPP connection in a BCP mode;
中间设备, 用于将用户侧设备以 BCP方式发起的 PPP连接桥接至所述接入服 务器。  The intermediate device is configured to bridge the PPP connection initiated by the user side device in a BCP manner to the access server.
[13] 如权利要求 12所述的虚拟专用网接入***, 其特征在于, 所述接入服务器 包括远程宽带接入服务器 BRAS或二层传输协议网络服务器 LNS。  [13] The virtual private network access system according to claim 12, wherein the access server comprises a remote broadband access server BRAS or a layer 2 transport protocol network server LNS.
PCT/CN2008/073705 2007-12-27 2008-12-24 Method, system and equipment for accessing visual private network WO2009086776A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710301633.6 2007-12-27
CNA2007103016336A CN101197835A (en) 2007-12-27 2007-12-27 Virtual special network access method, system and device

Publications (1)

Publication Number Publication Date
WO2009086776A1 true WO2009086776A1 (en) 2009-07-16

Family

ID=39547982

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/073705 WO2009086776A1 (en) 2007-12-27 2008-12-24 Method, system and equipment for accessing visual private network

Country Status (2)

Country Link
CN (1) CN101197835A (en)
WO (1) WO2009086776A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101197835A (en) * 2007-12-27 2008-06-11 华为技术有限公司 Virtual special network access method, system and device
CN104486191B (en) * 2014-11-28 2018-06-22 国家信息中心 Mobile terminal cut-in method
CN107634907B (en) * 2017-10-25 2020-04-28 新华三技术有限公司 Data forwarding method and device for L2VPN (layer two virtual private network)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1342361A (en) * 1998-12-30 2002-03-27 艾利森电话股份有限公司 Mobile terminating L2TP using mobile IP data
CN1455559A (en) * 2003-06-19 2003-11-12 北京港湾网络有限公司 Bridge connecting method of ethernet carrying point-to-point protocol and network protocol of ethernet protocol
JP2004304574A (en) * 2003-03-31 2004-10-28 Fujitsu Ltd Communication equipment
CN1780294A (en) * 2004-11-26 2006-05-31 中兴通讯股份有限公司 Melthod for realizing virtual special network based on point-to-point protocol of Ethernet
CN1822574A (en) * 2006-03-17 2006-08-23 港湾网络有限公司 Method for connecting broad band user
CN101197835A (en) * 2007-12-27 2008-06-11 华为技术有限公司 Virtual special network access method, system and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1342361A (en) * 1998-12-30 2002-03-27 艾利森电话股份有限公司 Mobile terminating L2TP using mobile IP data
JP2004304574A (en) * 2003-03-31 2004-10-28 Fujitsu Ltd Communication equipment
CN1455559A (en) * 2003-06-19 2003-11-12 北京港湾网络有限公司 Bridge connecting method of ethernet carrying point-to-point protocol and network protocol of ethernet protocol
CN1780294A (en) * 2004-11-26 2006-05-31 中兴通讯股份有限公司 Melthod for realizing virtual special network based on point-to-point protocol of Ethernet
CN1822574A (en) * 2006-03-17 2006-08-23 港湾网络有限公司 Method for connecting broad band user
CN101197835A (en) * 2007-12-27 2008-06-11 华为技术有限公司 Virtual special network access method, system and device

Also Published As

Publication number Publication date
CN101197835A (en) 2008-06-11

Similar Documents

Publication Publication Date Title
JP4236398B2 (en) Communication method, communication system, and communication connection program
US6381646B2 (en) Multiple network connections from a single PPP link with partial network address translation
US6308213B1 (en) Virtual dial-up protocol for network communication
US7325058B1 (en) Method and system for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites
US6754712B1 (en) Virtual dial-up protocol for network communication
Guichard et al. MPLS and VPN architectures
US20100217882A1 (en) Method, system and apparatus for accessing a Layer-3 session
US20030174714A1 (en) Zero-installation PPP-Bridge setup for lan-to-wan connectivity
WO2008106881A1 (en) A ppp access method, corresponding system and access node device
US8804562B2 (en) Broadband network system and implementation method thereof
WO2006118676A2 (en) System and method for dsl subcriber identification over ethernet network
WO2008138274A1 (en) A method and corresponding device and system for accessing remote service
US20040168049A1 (en) Method for encrypting data of an access virtual private network (VPN)
WO2007112691A1 (en) System, method and network device for vpn customer to access public network
CN101212398A (en) Access system and method
Malkin Dial-in virtual private networks using layer 3 tunneling
WO2007028330A1 (en) A method and system for automatically distributing the service to the ppp access terminal
WO2008037212A1 (en) An access terminal and a method for the terminal binding to the operator
US7761508B2 (en) Access device-based fragmentation and interleaving support for tunneled communication sessions
WO2009074072A1 (en) Method, network system and network equipment of dynamic strategy conversion
JP4166609B2 (en) Communication device
WO2009086776A1 (en) Method, system and equipment for accessing visual private network
WO2007107076A1 (en) A broadband user access method and device
EP2073432B1 (en) Method for binding an access terminal to an operator and corresponding access terminal
Cisco RA Glossary

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08870381

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08870381

Country of ref document: EP

Kind code of ref document: A1