WO2009086757A1 - Method and device for controlling message forwarding - Google Patents

Method and device for controlling message forwarding Download PDF

Info

Publication number
WO2009086757A1
WO2009086757A1 PCT/CN2008/073131 CN2008073131W WO2009086757A1 WO 2009086757 A1 WO2009086757 A1 WO 2009086757A1 CN 2008073131 W CN2008073131 W CN 2008073131W WO 2009086757 A1 WO2009086757 A1 WO 2009086757A1
Authority
WO
WIPO (PCT)
Prior art keywords
broadcast domain
interface
domain identifier
packet
access control
Prior art date
Application number
PCT/CN2008/073131
Other languages
French (fr)
Chinese (zh)
Inventor
Shi Tang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009086757A1 publication Critical patent/WO2009086757A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/214Monitoring or handling of messages using selective forwarding

Abstract

The technical field of the invention relates to telecommunications, and in particular to a method and device for controlling message forwarding. The method comprises: dividing a first broadcast domain and a second broadcast domain; maintaining a first broadcast domain identifier at the interfaces of the public network side, while maintaining a second broadcast domain identifier at the interfaces of the accessing side; receiving the forwarding message, studying the source media access control (MAC) address of the message so as to achieve a corresponding relationship between the source MAC address, the receiving interface and the broadcast domain identifier, and mapping said broadcast domain identifier, whereafter an item from a source MAC address corresponding to the broadcast domain identifier is forwarded. The device comprises a division module, a preservation module, a receiving module and a mapping module. Thanks to the broadcast domain and mapping broadcast domain identifiers, there is no need to modify a forwarding engine chip of the current message forwarding device. The invention meets the requirements for an accessing side isolation in a two-layer network and realizes successful message forwarding.

Description

一种控制报文转发的方法和设备  Method and device for controlling message forwarding
本申请要求于 2007 年 12 月 27 日提交中国专利局、 申请号为 200710304352. 6、 发明 名称为 "一种控制报文转发的方法和设备" 的中国专利申请的优先权, 其全部内容通过引 用结合在本申请中。 技术领域  This application claims the priority of the Chinese patent application filed on Dec. 27, 2007, the Chinese Patent Application No. 200710304352. 6. The invention is entitled "A Method and Apparatus for Controlling Message Forwarding", the entire contents of which are incorporated by reference. Combined in this application. Technical field
本发明涉及通信领域, 特别涉及说一种控制报文转发的方法和设备。 背景技术  The present invention relates to the field of communications, and in particular, to a method and device for controlling packet forwarding. Background technique
在二层网络中, 二层报文转发设备的工作原理是: 接收待转发的报文, 根据接收到的 书  On a Layer 2 network, the working principle of the Layer 2 packet forwarding device is as follows: Receive packets to be forwarded, according to the received books.
报文中携带的目的 MAC (Media Access Control , 介质访问控制) 地址, 查找设备自身的 MAC转发表,通过命中的 MAC表项对应的出接口转发报文。 其中, 该报文转发设备接收到报 文进行报文的转发时,若该报文转发设备上还没有记录目的 MAC地址和接口的对应关系(即 该目的 MAC地址还没有被学习得到),会将该报文,在设备自身除接收该报文的接收接口(可 以是物理接口也可以是逻辑接口) 外的其他所有接口上进行广播, 同时, 二层报文转发设 备还会学习上述转发报文的源 MAC地址, 即将该转发报文的源 MAC地址和接收该转发报文 的接收接口的对应关系添加到 MAC转发表中。 当报文转发设备接收到以根据该转发报文记 录的源 MAC地址为目的地址的反向报文时, 就能够通过查找 MAC转发表直接得到该反向报 文对应的出接口, 于是不用对该报文进行广播, 节省了网络带宽。 The destination MAC address (Media Access Control) address carried in the packet is used to find the MAC forwarding table of the device. The packet is forwarded through the outbound interface corresponding to the MAC address entry. If the packet forwarding device receives the packet and forwards the packet, if the packet forwarding device does not record the mapping between the destination MAC address and the interface (that is, the destination MAC address has not been learned), The packet is broadcasted on all interfaces except the receiving interface (which may be a physical interface or a logical interface) that receives the packet. The Layer 2 packet forwarding device also learns the forwarding packet. The source MAC address of the packet is added to the MAC forwarding table by the source MAC address of the forwarded packet and the corresponding interface of the receiving interface that receives the forwarded packet. When the packet forwarding device receives the reverse packet whose destination MAC address is the destination address, the interface can directly obtain the outbound interface corresponding to the reverse packet by using the MAC forwarding table. The message is broadcast, which saves network bandwidth.
大部分二层设备都支持根据 VLAN (Virtual Local Area Network, 虚拟局域网) 或 VSI (Virtual Switch Instance, 虚拟交换实例) 来进行广播域 (对应广播域 ID) 的划分, 通 过划分广播域避免了在转发报文的目的 MAC地址没有被学习得到的情况下, 进行报文的广 播时对不在同一广播域下的其他接口的影响。 当进行了广播域的划分后, 相应地, 报文转 发设备中的 MAC转发表也根据广播域标识 ID分为不同的多份。 例如, 划分为广播域 A和广 播域 B, 接收到报文后根据接收接口对应的广播域 ID (以 A为例) 和报文携带的目的 MAC 地址查找转发表; 当其目的 MAC地址还没有被学习得到时, 只需要向广播域 A内除接收接 口外其他所有接口广播该报文, 从而避免了对报文转发设备中不在广播域 A 范围的接口的 影响。  Most of the Layer 2 devices support the division of the broadcast domain (the corresponding broadcast domain ID) according to the Virtual Local Area Network (Virtual Local Area Network) or VSI (Virtual Switch Instance). By dividing the broadcast domain, forwarding is avoided. If the destination MAC address of the packet is not learned, the broadcast of the packet affects other interfaces that are not in the same broadcast domain. After the division of the broadcast domain is performed, correspondingly, the MAC forwarding table in the packet forwarding device is also divided into different shares according to the broadcast domain identifier ID. For example, it is divided into broadcast domain A and broadcast domain B. After receiving the packet, the forwarding table is searched according to the broadcast domain ID (for example, A) of the receiving interface and the destination MAC address carried in the packet; when the destination MAC address is not yet available, When learned, the device only needs to broadcast the packet to all interfaces except the receiving interface in the broadcast domain A, thus avoiding the impact on the interface of the packet forwarding device that is not in the range of the broadcast domain A.
参见图 1, 为二层网络设备的转发结构示意图, 其中, 接收模块接收到需要转发的报文 后, 发送到转发引擎, 转发引擎查找表项存储模块获取 MAC转发表中的对应的表项, 根据 获取的表项中目的 MAC地址对应的接口, 转发引擎将该报文发送至发送模块进行转发; 同 时, 转发引擎将该报文的 MAC学习信息 (如广播域 ID, MAC地址和接收接口) 上报给上层 学习模块, 上层学习模块根据 MAC学习信息进行 MAC学习, 并将学习得到的表项发送至表 项存储模块进行保存。 Figure 1 is a schematic diagram of a forwarding structure of a Layer 2 network device, where the receiving module receives a packet to be forwarded. After being sent to the forwarding engine, the forwarding engine search entry storage module obtains the corresponding entry in the MAC forwarding table. According to the interface corresponding to the destination MAC address in the obtained entry, the forwarding engine sends the packet to the sending module for forwarding. At the same time, the forwarding engine reports the MAC learning information (such as the broadcast domain ID, the MAC address, and the receiving interface) of the packet to the upper learning module, and the upper learning module performs MAC learning according to the MAC learning information, and sends the learned entry. Save to the entry storage module.
目前, 在构建二层网络时, 出现了接入侧隔离的需求, 即公网侧和接入侧之间能够互 通二层报文, 而接入侧之间的设备之间不能互相转发报文, 参见图 2, 为启用了接入侧隔离 的 VPLS ( Virtual Provate LAN Service,虚拟专用局域网服务) 设备组网示意图, 其中, 报文转发设备以 SPE ( Superstratum Provider Edge , 上层服务商边缘设备) 4为例进行说 明; 公网侧设备包括: SPE1、 PE ( Provider Edge , 服务商边缘设备) 2以及 SPE3; 接入侧 设备包括: UPE ( Underlayer PE, 下层 PE ) 1、 UPE2、 CE ( Customer Edge , 客户边缘设备) 1以及 CE2 ; 相应地, SPE4的公网侧接口分别为连接 SPE3的接口 1、 连接 SPE1的接口 2、 连接 PE2的接口 3 ; 接入侧接口分别为连接 UPE1的接口 4、 连接 UPE2的接口 5、 连接 CE1 的接口 6、 连接 CE2的接口 7, 此时要求公网侧接口和接入侧接口之间可以进行报文的相互 转发, 而接入侧接口之间不允许进行报文的相互转发。  Currently, when a Layer 2 network is built, the access-side isolation is required. The two devices can communicate with each other. The devices on the access side cannot forward packets to each other. Figure 2 is a schematic diagram of the networking of the VPLS (Virtual Provate LAN Service) device with the access side isolation enabled. The packet forwarding device is SPE (Superstratum Provider Edge). For example, the public network side device includes: SPE1, PE (Provider Edge, Service Provider Edge Device) 2 and SPE3. The access side devices include: UPE (Underlayer PE, Lower PE) 1. UPE2, CE (Customer Edge, Customer edge equipment 1 and CE2; correspondingly, the public network side interfaces of SPE4 are respectively connected to SPE3, interface 1, SPE1, and PE2; UPE2 interface 5, interface 6 connected to CE1, and interface 7 connected to CE2. Packets can be sent between the public network side interface and the access side interface. Mutual forward, while the access is not allowed between the side interface to forward packets to each other.
发明人在实现本发明的过程中发现: 由于在二层网路中接入侧隔离的需求的提出比较 新, 还没有形成标准, 而二层网络设备转发引擎一般是采用 ASIC (Appl ication Specific Intergrated Circuits,专用集成电路)化的不可编程修改的芯片完成的, 在设计时没有进 行该需求的考虑, 所以不能自动支持满足上述接入侧隔离的转发需求。 发明内容  The inventor found in the process of implementing the present invention that: since the requirement of access side isolation in the Layer 2 network is relatively new, no standard has been formed, and the Layer 2 network device forwarding engine generally adopts ASIC (Appl ication Specific Intergrated). Circuits, ASICs, which are implemented by non-programmable modified chips, are not designed to meet this requirement, so they cannot automatically support the forwarding requirements of the above-mentioned access side isolation. Summary of the invention
为了在二层网络设备上实现控制报文转发, 特别是实现了满足接入侧隔离需求的报文 转发, 本发明实施例提供了一种控制报文转发的方法和设备。 所述技术方案如下:  In order to implement control packet forwarding on a Layer 2 network device, and in particular, to implement packet forwarding that meets the requirements of the access side isolation, the embodiment of the present invention provides a method and device for controlling packet forwarding. The technical solution is as follows:
一种控制报文转发的方法, 所述方法包括:  A method for controlling packet forwarding, the method comprising:
划分第一广播域和第二广播域; 所述第一广播域包含公网侧和接入侧的接口; 所述第 二广播域包含所述公网侧的接口;  Dividing a first broadcast domain and a second broadcast domain; the first broadcast domain includes an interface of a public network side and an access side; and the second broadcast domain includes an interface of the public network side;
在所述公网侧的接口上保存所述第一广播域标识, 在所述接入侧的接口上保存所述第 二广播域标识;  Saving the first broadcast domain identifier on the interface on the public network side, and storing the second broadcast domain identifier on the interface on the access side;
接收待转发的报文, 对所述待转发的报文的源介质访问控制地址, 学习得到所述源介 质访问控制地址、 接收接口和广播域标识的对应关系, 并将所述对应关系中的广播域标识 进行映射, 得到映射后广播域标识对应的源介质访问控制地址转发表项。 一种控制报文转发的设备, 所述设备包括: Receiving a packet to be forwarded, and obtaining a correspondence between the source medium access control address, the receiving interface, and the broadcast domain identifier, and obtaining the correspondence between the source medium access control address and the broadcast domain identifier of the to-be-forwarded packet, The broadcast domain identifier is mapped, and the source media access control address forwarding entry corresponding to the broadcast domain identifier is obtained. A device for controlling packet forwarding, where the device includes:
划分模块, 用于划分第一广播域和第二广播域; 所述第一广播域包含所述公网侧和接 入侧的接口; 所述第二广播域包含所述公网侧的接口;  a dividing module, configured to divide the first broadcast domain and the second broadcast domain; the first broadcast domain includes an interface of the public network side and the access side; and the second broadcast domain includes an interface of the public network side;
保存模块, 用于在所述公网侧的接口上保存所述第一广播域标识, 在所述接入侧的接 口上保存所述第二广播域标识;  a saving module, configured to save the first broadcast domain identifier on an interface of the public network, and save the second broadcast domain identifier on an interface of the access side;
接收模块, 用于接收待转发的报文;  a receiving module, configured to receive a packet to be forwarded;
映射模块, 用于当所述接收模块接收到待转发的报文后, 对所述待转发的报文的源介 质访问控制地址学习得到所述源介质访问控制地址、 所述接收接口和广播域标识的对应关 系, 并将所述对应关系中的广播域标识进行映射, 得到映射后广播域标识对应的源介质访 问控制地址转发表项。  a mapping module, configured to learn, by the source media access control address of the to-be-forwarded packet, the source media access control address, the receiving interface, and the broadcast domain, after the receiving module receives the packet to be forwarded Mapping the corresponding relationship, and mapping the broadcast domain identifier in the corresponding relationship to obtain a source media access control address forwarding entry corresponding to the mapped broadcast domain identifier.
本发明实施例提供的技术方案的有益效果是:  The beneficial effects of the technical solutions provided by the embodiments of the present invention are:
通过在报文转发设备上划分多个广播域以及对广播域标识进行映射的方式, 实现控制 报文的转发, 不用修改目前的报文转发设备中的转发引擎的基础上, 能够自动的支持并满 足实现了在二层网络中满足接入侧隔离的条件下转发报文。 附图说明  By dividing the multiple broadcast domains and mapping the broadcast domain identifiers on the packet forwarding device, the control packet is forwarded. The forwarding engine can be automatically supported without modifying the forwarding engine in the current packet forwarding device. The packet is forwarded under the condition that the access side isolation is satisfied in the Layer 2 network. DRAWINGS
图 1是现有技术提供的报文转发设备的结构示意图;  1 is a schematic structural diagram of a packet forwarding device provided by the prior art;
图 2是现有技术提供的启用接入侧隔离的设备组网示意图;  2 is a schematic diagram of networking of devices that enable access side isolation provided by the prior art;
图 3是本发明实施例 1提供的控制报文转发的方法流程图;  3 is a flowchart of a method for controlling packet forwarding according to Embodiment 1 of the present invention;
图 4是本发明实施例 4提供的控制报文转发的设备示意图;  4 is a schematic diagram of a device for controlling packet forwarding according to Embodiment 4 of the present invention;
图 5是本发明实施例 4提供的控制报文转发的设备另一示意图。 具体实施方式  FIG. 5 is another schematic diagram of an apparatus for controlling packet forwarding according to Embodiment 4 of the present invention. detailed description
为使本发明的目的、 技术方案和优点更加清楚, 下面将结合附图对本发明实施方式作 进一步地详细描述。  The embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.
本发明实施例提供的技术方案, 通过在报文转发设备上划分多个广播域以及对广播域 标识进行映射的方式实现控制报文的转发, 实现了在二层网络中满足接入侧隔离的条件下 转发报文。  The technical solution provided by the embodiment of the present invention implements control packet forwarding by dividing a plurality of broadcast domains and mapping the broadcast domain identifiers on the packet forwarding device, so as to satisfy the access side isolation in the Layer 2 network. Forward the packet under the condition.
实施例 1  Example 1
本发明实施例提供了一种控制报文转发的方法, 以图 2提供的 VPLS报文转发设备组网 示意图为例进行说明, 其中, 在构建二层网络时, 根据需要对接入侧启用了隔离, 即不允 许接入侧之间的设备进行报文的相互转发, 采用本发明实施例提供的方法能够在不改变现 有二层网络的报文转发设备转发引擎的基础上支持接入侧隔离, 实现对报文的成功转发。 参见图 3, 为本发明实施例提供的控制报文转发的方法流程图, 具体内容包括: An embodiment of the present invention provides a method for controlling packet forwarding. The following is a description of the networking diagram of the VPLS packet forwarding device provided in FIG. 2, where the Layer 2 network is configured, and the access side is enabled as needed. Isolation, that is, not allowed The device between the access side performs the mutual forwarding of the packet, and the method provided by the embodiment of the present invention can support the access side isolation on the basis of not changing the forwarding engine of the packet forwarding device of the existing Layer 2 network. Successful forwarding of packets. FIG. 3 is a flowchart of a method for controlling packet forwarding according to an embodiment of the present invention, where the specific content includes:
101: 将启用接入侧隔离的二层网络划分为两个广播域: 广播域 A和广播域 B, 其中广 播域 A包含报文转发设备的所有公网侧接口 1、 2、 3和接入侧接口 4、 5、 6、 7; 广播域 B 只包含公网侧接口 1、 2、 3。  101: Divide the Layer 2 network with access side isolation into two broadcast domains: Broadcast domain A and broadcast domain B, where broadcast domain A includes all public network side interfaces 1, 2, and 3 of the packet forwarding device. Side interface 4, 5, 6, 7; Broadcast domain B only contains public network side interfaces 1, 2, 3.
102: 在所有公网侧接口 1、 2、 3的接口的信息表中保存广播域 A的标识 A; 并在所有 接入侧接口 4、 5、 6、 7的接口信息表中保存广播域 B的标识 B。  102: Save the identifier A of the broadcast domain A in the information table of the interfaces of all the public network side interfaces 1, 2, and 3; and save the broadcast domain B in the interface information table of all the access side interfaces 4, 5, 6, and 7. Logo B.
103: 收到待转发的报文, 查找以接收接口对应的广播域的标识为索引的 MAC转发表进 行报文的转发, 并进行该待转发的报文的源 MAC学习, 并将学习得到的对应关系中的广播 域标识进行相应的映射, 得到映射后的广播域标识对应的 MAC转发表项。  103: Receive a packet to be forwarded, search for a MAC forwarding table indexed by the identifier of the broadcast domain corresponding to the interface, forward the packet, and learn the source MAC address of the packet to be forwarded. The broadcast domain identifier in the corresponding relationship is mapped correspondingly, and the MAC forwarding entry corresponding to the mapped broadcast domain identifier is obtained.
下面分别针对该待转发报文, 具体为报文转发设备收到来自公网侧报文的情况和来自 接入侧报文的情况进行详细描述, 具体内容如下:  The following is a detailed description of the packet to be forwarded, which is specifically described by the packet forwarding device receiving the packet from the public network side and the packet from the access side. The specific content is as follows:
1)当报文转发设备收到来自公网侧需要转发到接入侧的报文时, 查找以广播域 A 的标 识为索引的 MAC转发表, 并进行源 MAC学习, 并将学习后得到的对应关系中的广播域标识 A 映射为广播域标识 B。  1) When the packet forwarding device receives a packet from the public network side that needs to be forwarded to the access side, it searches for a MAC forwarding table indexed by the identifier of the broadcast domain A, and performs source MAC learning, and learns after learning. The broadcast domain identifier A in the correspondence is mapped to the broadcast domain identifier B.
本实施例以公网侧接口 1收到需要向接入侧进行转发的报文为例进行说明, 内容如下: a.当该转发报文的目的 MAC地址为接入侧的设备 CE1时, 且报文转发设备已经学习到 该 CE1对应的接口为 6时, 则以接口 1保存的广播域 A的标识 A为索引, 查找广播域 A对 应的 MAC转发表, 得到该目的 MAC对应的接口 6, 将该转发报文按照单播的方式发送到接入 侧对应的接口 6。  In this embodiment, the packet that needs to be forwarded to the access side is received by the interface on the public network side as an example. The content is as follows: a. When the destination MAC address of the forwarded packet is the CE1 of the access device, When the packet forwarding device has learned that the interface corresponding to the CE1 is 6, the identifier A of the broadcast domain A saved by the interface 1 is used as an index, and the MAC forwarding table corresponding to the broadcast domain A is searched to obtain the interface 6 corresponding to the destination MAC address. The forwarding packet is sent to the interface 6 corresponding to the access side in a unicast manner.
当在该报文转发设备上, 还没有记录该转发报文的目的 MAC和接口的对应关系时 (即 该目的 MAC地址还没被学习得到), 则该报文转发设备根据接口 1的接口的信息表中保存的 广播域 A的接口信息, 向到广播域 A对应的所有接口 1、 2、 3、 4、 5、 6、 7进行广播, 然 后通过对报文的接收接口和发送接口的比较, 将发往接口 1 的报文报文丢弃, 此时实现了 向广播域 A对应的所有接口中除了接收接口外的其他接口进行报文广播;  When the correspondence between the destination MAC address and the interface of the forwarding packet is not recorded on the packet forwarding device (that is, the destination MAC address has not been learned yet), the packet forwarding device is configured according to the interface of the interface 1. The interface information of the broadcast domain A stored in the information table is broadcast to all interfaces 1, 2, 3, 4, 5, 6, and 7 corresponding to the broadcast domain A, and then compared by the receiving interface and the sending interface of the packet. Packets sent to the interface 1 are discarded. In this case, packets are broadcast to other interfaces except the receiving interface on all interfaces corresponding to the broadcast domain A.
b.对转发报文进行源 MAC学习, 将学习得到的广播域 A、 MAC地址、 接收接口的对应关 系中的广播域 A映射为广播域 B, 得到广播域 B的 MAC转发表项。  The source MAC address learning is performed on the forwarded packet, and the broadcast domain A in the corresponding domain of the broadcast domain A, the MAC address, and the receiving interface is mapped to the broadcast domain B, and the MAC forwarding entry of the broadcast domain B is obtained.
例如: 对转发报文进行源 MAC学习,得到该 MAC地址、广播域 A、接收接口的对应关系, 将该对应关系中的广播域标识进行映射, 即将标识 A映射为标识 B, 得到广播域 B的 MAC转 发表项。 参见表 1, 为映射之前生成的对应关系示例, 参见表 2, 为映射后得到的 MAC转发 表项的示例。 其中, 在进行广播域标识的映射时可以通过软件可支持的对应的映射算法实 现, 本发明实施例不限制所采用的映射算法。 For example, the source MAC address of the forwarding packet is obtained, and the correspondence between the MAC address, the broadcast domain A, and the receiving interface is obtained, and the broadcast domain identifier in the corresponding relationship is mapped, that is, the identifier A is mapped to the identifier B, and the broadcast domain B is obtained. MAC forwarding entry. See Table 1, for the mapping example generated before mapping, see Table 2, for MAC forwarding after mapping. An example of a table entry. The mapping algorithm of the broadcast domain identifier may be implemented by a corresponding mapping algorithm that can be supported by the software. The embodiment of the present invention does not limit the mapping algorithm used.
表 1  Table 1
Figure imgf000007_0001
Figure imgf000007_0001
由于在上述对源 MAC学习后, 将学习得到的广播域 A、 MAC地址、 接收接口的对应关系 中的广播域 A映射为广播域 B, 得到广播域 B的 MAC转发表项。此时当报文转发设备收到来 自接入侧的转发报文时 (且该报文的目的 MAC地址对应的设备在公网侧时), 就可以以接入 侧接口上保存的广播域标识 B为索引查找 MAC转发表, 将该报文按照单播方式发送到公网 侧接口。  After the learning of the source MAC is performed, the broadcast domain A in the correspondence between the learned broadcast domain A, the MAC address, and the receiving interface is mapped to the broadcast domain B, and the MAC forwarding entry of the broadcast domain B is obtained. At this time, when the packet forwarding device receives the forwarding packet from the access side (and the device corresponding to the destination MAC address of the packet is on the public network side), the broadcast domain identifier saved on the access side interface can be used. B is the index to find the MAC forwarding table, and the packet is sent to the public network side interface in unicast mode.
2) 当报文转发设备收到来自接入侧需要转发的报文时, 查找以广播域 B的标识为索引 的 MAC转发表, 并进行源 MAC学习, 并将学习后的广播域标识 B映射为广播域标识 A。  2) When the packet forwarding device receives the packet to be forwarded from the access side, it searches for the MAC forwarding table indexed by the identifier of the broadcast domain B, performs source MAC learning, and maps the broadcast domain identifier B after learning. Identify A for the broadcast domain.
本实施例以通过接入侧接口 4收到需要转发的报文为例进行说明, 内容如下: a.当该转发报文的目的 MAC地址为公网侧的设备 PE2时, 且报文转发设备己经学习到 该 PE2对应的接口为 3时, 则以接口 4保存的广播域 B的标识 B为索引, 查找广播域 B对 应的 MAC转发表, 得到该目的 MAC地址对应的接口 3, 将该报文按照单播的方式发送到公网 侧对应的接口 3。  In this embodiment, the packet that needs to be forwarded is received by the access side interface 4 as an example. The content is as follows: a. When the destination MAC address of the forwarded packet is the device PE2 on the public network side, and the packet forwarding device is used. After learning that the interface corresponding to the PE2 is 3, the identifier B of the broadcast domain B saved by the interface 4 is used as an index, and the MAC forwarding table corresponding to the broadcast domain B is searched, and the interface 3 corresponding to the destination MAC address is obtained. The packet is sent to the corresponding interface 3 on the public network side in unicast mode.
当在该报文转发设备上, 还没有记录该转发报文的目的 MAC和接口的对应关系时 (即 该目的 MAC地址还没学习得到), 则该报文转发设备根据接口 4的接口信息表中保存的广播 域 B的接口信息, 向到广播域 B对应的所有接口 1、 2、 3进行广播;  When the correspondence between the destination MAC address and the interface of the forwarding packet is not recorded on the packet forwarding device (that is, the destination MAC address has not been learned yet), the packet forwarding device according to the interface information table of the interface 4 The interface information of the broadcast domain B saved in the broadcast is broadcast to all interfaces 1, 2, and 3 corresponding to the broadcast domain B;
b.对转发报文进行源 MAC学习, 将学习得到的广播域 B、 MAC地址、 接收接口的对应关 系中的广播域 B映射为广播域 A, 得到广播域 A的 MAC转发表项。  The source MAC address learning is performed on the forwarded packet, and the broadcast domain B in the corresponding domain of the broadcast domain B, the MAC address, and the receiving interface is mapped to the broadcast domain A, and the MAC forwarding entry of the broadcast domain A is obtained.
例如: 进行源 MAC学习时, 得到该 MAC地址、 广播域 A、 接收接口的对应关系, 将该对 应关系中的广播域标识进行映射,即将标识 B映射为标识 A,得到广播域 A的 MAC转发表项。 参见表 3, 为映射之前的生成的对应关系示例; 参见表 4, 为映射后得到的 MAC转发表项的 示例。 表 3 For example, when the source MAC address learning is performed, the correspondence between the MAC address, the broadcast domain A, and the receiving interface is obtained, and the broadcast domain identifier in the corresponding relationship is mapped, that is, the identifier B is mapped to the identifier A, and the MAC of the broadcast domain A is obtained. Publish the item. See Table 3 for an example of the generated correspondence before mapping. See Table 4 for an example of the MAC forwarding entry obtained after mapping. table 3
Figure imgf000008_0001
由于在上述对源 MAC学习, 将学习得到的广播域 B、 MAC地址、 接收接口的对应关系中 的广播域 B映射为广播域 A, 得到广播域 A的 MAC转发表项。此时当报文转发设备收到来自 公网侧的转发报文 (且该报文的目的 MAC地址对应的设备在接入侧时), 就可以以公网侧接 口上保存的广播域标识 A为索引查找 MAC转发表, 将该报文按照单播方式发送到接入侧接 曰。
Figure imgf000008_0001
The MAC address forwarding entry of the broadcast domain A is obtained by mapping the broadcast domain B in the correspondence between the learned broadcast domain B, the MAC address, and the receiving interface to the broadcast domain A. In this case, when the packet forwarding device receives the forwarding packet from the public network side, and the device corresponding to the destination MAC address of the packet is on the access side, the broadcast domain identifier A can be saved on the public network side interface. The MAC forwarding table is searched for the index, and the packet is sent to the access side interface in a unicast manner.
综上所述, 通过上述方法能够实现在二层网络中, 报文转发时满足进行接入侧隔离的 要求:  In summary, the above method can meet the requirements for performing access side isolation when forwarding packets in a Layer 2 network:
当通过公网侧接口接收到转发报文时, 由于在公网侧的接口上保存的是广播域 A 的标 识, 所以是使用广播域 A为索引进行查表转发, 当目的 MAC地址未知时, 能够将该报文广 播到广播域 A中的所有接口的 (其中包括接入侧接口); 当目的 MAC地址对应的设备在接入 侧时, 由于进行 MAC地址学习时, 将广播域 B的 MAC地址表项映射为广播域 A的 MAC地址 表项, 公网侧接收到的报文就可以按照单播方式发送到接入侧接口。  When the forwarding packet is received through the interface on the public network side, the broadcast domain A is used for indexing and forwarding, because the destination MAC address is unknown. The packet can be broadcasted to all interfaces in the broadcast domain A (including the access side interface); when the device corresponding to the destination MAC address is on the access side, the MAC of the broadcast domain B will be broadcasted when MAC address learning is performed. The address entry is mapped to the MAC address entry of broadcast domain A. The packets received by the public network can be sent to the access side interface in unicast mode.
当通过接入侧接口接收到转发报文时, 由于在接入侧的接口上保存的是广播域 B 的标 识, 所以是使用广播域 B为索引进行查表转发, 当目的 MAC地址未知时, 能够将该报文广 播到广播域 B中的所有接口 (其中只包括公网侧接口, 不包括接入侧接口); 当目的 MAC地 址对应的设备在公网侧时, 由于进行 MAC地址学习时, 将广播域 A的 MAC地址表项映射为 了广播域 B的 MAC地址表项, 接入侧收到的报文就可以按照单播方式发送到公网侧接口。  When the forwarding packet is received through the access side interface, the broadcast domain B is used to perform table lookup forwarding by using the broadcast domain B. When the destination MAC address is unknown, The packet can be broadcast to all the interfaces in the broadcast domain B (including the public network side interface, excluding the access side interface). When the device corresponding to the destination MAC address is on the public network side, The MAC address entry of the broadcast domain A is mapped to the MAC address entry of the broadcast domain B. The packet received by the access side can be sent to the public network side interface in unicast mode.
由此可见, 由于公网侧和接入侧的报文能够相互通信; 而接入侧接口之间, 由于不能 学习到对方的以广播域 B为索引时的 MAC地址, 所以不能按照已知 MAC地址的情况进行单 播方式的通信; 而又由于按未知 MAC地址的情况进行广播方式通信时, 接入侧的接口都不 在对应的广播域 B中, 所以广播方式也无法通信, 从而达到了接入侧隔离的目的。  It can be seen that the packets on the public network side and the access side can communicate with each other. The access side interface cannot learn the MAC address of the other party when the broadcast domain B is indexed. In the case of the address, the unicast communication is performed; and when the broadcast communication is performed according to the unknown MAC address, the interface on the access side is not in the corresponding broadcast domain B, so the broadcast mode cannot be communicated, thereby achieving the connection. The purpose of isolation into the side.
本发明实施例通过在报文转发设备上划分多个广播域以及对广播域标识进行映射的方 式, 实现控制报文的转发, 不用修改目前的报文转发设备中的转发引擎的基础上, 能够自 动的支持并满足实现了在二层网络中满足接入侧隔离的条件下转发报文。 实施例 2 The embodiment of the present invention can implement the control packet forwarding by dividing the multiple broadcast domains and mapping the broadcast domain identifiers on the packet forwarding device, without modifying the forwarding engine in the current packet forwarding device. Automatically supports and implements forwarding of packets under the condition that the access side isolation is satisfied in the Layer 2 network. Example 2
本发明实施例 1 提供的控制报文转发的方法还可以进一步优化, 本实施例通过针对实 施例 1中进行 MAC表项映射之前的生成的对应关系, 根据该对应关系生成的 MAC表项, 设 置该 MAC表项中的接口为黑洞接口, 有效地避免了由于在 MAC转发表中查不到源 MAC地址, 而导致持续上报 MAC学习消息的问题。  The method for controlling packet forwarding provided by the embodiment of the present invention may be further optimized. In this embodiment, the MAC address entry generated according to the correspondence relationship is set according to the corresponding relationship generated before the mapping of the MAC entry in the first embodiment. The interface in the MAC entry is a blackhole interface, which effectively avoids the problem of continuously reporting the MAC learning message because the source MAC address cannot be found in the MAC forwarding table.
本实施例依然分别针对从公网侧接口接收到报文和接入侧接口接收到报文的情况进行 详细说明, 具体内容如下:  This embodiment further describes the case where the packet is received from the interface on the public network side and the packet is received on the access side interface. The details are as follows:
1 ) 当报文转发设备通过公网侧接口 1收到源 MAC地址为 MAC1的转发报文时, 此时在 查找广播域 A的 MAC转发表时, 由于该广播域 A的 MAC转发表中没有记录该 MAC1和接口 1 对应的表项, 而导致由于在广播域 A的 MAC转发表中查不到对应的表项, 持续上报 MAC1的 MAC学习消息。 本实施例通过在广播域 A的转发表中, 生成一个与学习到的 MAC1地址对应 的 MAC表项的方式来解决上述问题, 解决办法如下:  1) When the packet forwarding device receives the forwarding packet whose source MAC address is MAC1 through the public network side interface 1, when searching for the MAC forwarding table of the broadcast domain A, the MAC forwarding table of the broadcast domain A does not exist. The entry corresponding to the MAC1 and the interface 1 is recorded, and the MAC learning message of the MAC1 is continuously reported because the corresponding entry is not found in the MAC forwarding table of the broadcast domain A. This embodiment solves the above problem by generating a MAC entry corresponding to the learned MAC1 address in the forwarding table of the broadcast domain A. The solution is as follows:
在广播域 A的转发表中, 根据学习得到的 MAC1、 广播域 A和接口 1的对应关系, 根据 该对应关系生成一个 MAC表项, 并且将该 MAC表项对应的接口设置为黑洞接口, 使该接口 对应的状态为黑洞模式, 也就是说命中该接口的报文会直接被丢弃。 参见表 5, 针对由于表 1提供对应关系, 生成一个广播域 A的 MAC表项, 如表 5所示, 该表项中的接口被设置为黑 洞接口。 此时, 当接口 1持续收到源 MAC地址为 MAC1的转发报文时, ώ于根据源 MAC地址 可以在广播域 A中查到 MAC1的表项, 所以有效地避免了持续上报 MAC学习消息的问题。  In the forwarding table of the broadcast domain A, a MAC entry is generated according to the correspondence between the learned MAC1, the broadcast domain A, and the interface 1, and the interface corresponding to the MAC entry is set as a blackhole interface. The status of the interface is blackhole. The packets that match the interface are discarded. For the mappings provided in Table 1, the MAC address entries of the broadcast domain A are generated. As shown in Table 5, the interfaces in the entries are set as blackhole interfaces. At this time, when the interface 1 continues to receive the forwarding packet whose source MAC address is MAC1, the MAC1 entry can be found in the broadcast domain A according to the source MAC address, so that the MAC learning message is continuously reported. problem.
表 5
Figure imgf000009_0001
table 5
Figure imgf000009_0001
上面举的例子是适用在 VPLS ( VSI ) 业务中转发的情况。 根据标准在 VPLS业务中, 公 网侧接 U间本身就应该是相互隔离的, 所以设置广播域 A中的 MAC1的接 U为黑洞, 能够提 前达到这个目的。 如公网侧接口 2收到了一个目的 MAC为 MAC1的待转发报文, 由于公网侧 所有接口保存的是广播域 A的信息, 这样根据广播域 A和 MAC1查找 MAC转发表, 发现对应 的接口为黑洞接口, 所以该报文将会被直接丢弃。  The above example is for forwarding in a VPLS (VSI) service. According to the standard, in the VPLS service, the public network side-to-side Us should be isolated from each other. Therefore, setting the MAC1 of the broadcast domain A to the black hole is a black hole, which can achieve this goal in advance. If the interface on the public network side receives a packet to be forwarded with the destination MAC address being MAC1, the interface on the public network side stores the information of the broadcast domain A. Then, the MAC forwarding table is searched according to the broadcast domain A and MAC1, and the corresponding interface is found. It is a black hole interface, so the message will be discarded directly.
而在二层 VLAN转发业务中, 普通情况下公网侧接口间是不需要相互隔离的, 此时广播 域 A中的 MAC1表项不需要再将对应接口设置为黑洞接口, 即保持表 1中所示的情况即可。  In the Layer 2 VLAN forwarding service, the interfaces on the public network side do not need to be isolated from each other. In this case, the MAC address entry in the broadcast domain A does not need to be configured as a blackhole interface. The situation shown can be.
2) 当报文转发设备通过接入侧接口 4收到源 MAC地址为 MAC4的转发报文时, 此时在 查找广播域 B的 MAC转发表时, 由于该广播域 B的 MAC转发表中没有记录该 MAC4和接口 4 对应的表项, 而导致由于在广播域 B的 MAC转发表中查不到对应的表项, 持续上报 MAC4的 MAC学习消息。本实施例通过在广播域 B的 MAC转发表中,生成一个对应于 MAC4地址的 MAC 表项的方式来解决上述问题, 解决办法如下: 2) When the packet forwarding device receives the forwarding packet whose source MAC address is MAC4 through the access side interface 4, when searching for the MAC forwarding table of the broadcast domain B, the MAC forwarding table of the broadcast domain B does not exist. The entry corresponding to the MAC4 and the interface 4 is recorded, and the corresponding entry is not found in the MAC forwarding table of the broadcast domain B, and the MAC4 is continuously reported. MAC learning message. This embodiment solves the above problem by generating a MAC entry corresponding to the MAC4 address in the MAC forwarding table of the broadcast domain B. The solution is as follows:
在广播域 B的转发表中, 根据学习得到的 MAC4、 广播域 B和接口 4的对应关系, 根据 该对应关系生成一个 MAC表项, 并将该表项对应的接口设置为黑洞接口, 使该接口对应的 状态为黑洞模式, 也就是说命中该接口报文会直接被丢弃, 参见表 6, 针对表 3提供对应关 系, 生成一个广播域 B的 MAC表项, 将该表项的接口设置为黑洞接口。 此时, 当接口 4持 续收到源 MAC地址为 MAC4的转发报文时, 由于根据源 MAC地址可以在广播域 B中查到 MAC4 的表项, 所以有效地避免了持续上报 MAC学习消息的问题。  In the forwarding table of the broadcast domain B, according to the correspondence between the learned MAC4, the broadcast domain B, and the interface 4, a MAC entry is generated according to the corresponding relationship, and the interface corresponding to the entry is set as a black hole interface, so that the The interface is in the black hole mode. That is, the interface of the entry is directly discarded. See Table 6 for the mapping between the MAC address entries of the broadcast domain B and the interface of the entry. Black hole interface. At this time, when the interface 4 continues to receive the forwarding packet whose source MAC address is MAC4, the MAC4 entry can be found in the broadcast domain B according to the source MAC address, so that the problem of continuously reporting the MAC learning message is effectively avoided. .
表 6
Figure imgf000010_0001
Table 6
Figure imgf000010_0001
本实施例, 将广播域 B中的出接口设置为黑洞接口的目的, 是为了在接入侧接口之间, 虽然能够以广播域 B为索引查找对方的 MAC地址, 但是双方还是不能进行通信, 即保证了 在这种情况下, 仍然使报文转发设备在转发报文的时候能够达到接入侧隔离的目的。  In this embodiment, the purpose of setting the outbound interface in the broadcast domain B as a blackhole interface is to find the MAC address of the other party in the broadcast domain B as an index between the access side interfaces, but the two parties cannot communicate. That is to say, in this case, the packet forwarding device can still achieve the purpose of isolation on the access side when forwarding the packet.
由于采用了本实施例提供的方法, 所以在现有的二层网络设备的上层学习模块在保存 新学习到的 MAC表项之前, 先根据广播域映射模块的信息判断是否有对应的两个广播域, 如果有则为这两个广播域各下发一份新学习到的 MAC表项, 只不过其中一份 MAC表项的出 接口设置为学习到的接口, 另一份的出接口则需要判断是否是 VPLS业务还是二层 VLAN业 务:  The upper layer learning module of the existing Layer 2 network device determines whether there are two corresponding broadcasts according to the information of the broadcast domain mapping module before saving the newly learned MAC entry. The domain, if any, sends a newly learned MAC entry for each of the two broadcast domains, except that the outbound interface of one of the MAC entries is set to the learned interface, and the other outgoing interface is required. Determine whether it is a VPLS service or a Layer 2 VLAN service:
a.如果是 VPLS业务则设置为黑洞接口。  a. If it is a VPLS service, set it as a black hole interface.
b.如果是二层 VLAN业务, 则公网侧对应的 MAC表项的出接口设置为学习到的接口, 而 接入侧对应的 MAC表项的出接口设置为黑洞接口。  If the Layer 2 VLAN service is used, the outbound interface of the corresponding MAC address entry on the public network is set to the learned interface, and the outbound interface of the MAC entry corresponding to the access side is set as the blackhole interface.
本发明实施例在保证报文转发设备转发报文时达到接入侧隔离目的的前提下, 还有效 地避免了由于在 MAC转发表中查不到源 MAC地址, 而导致持续上报 MAC学习消息的问题。 实施例 3  The embodiment of the present invention can effectively prevent the MAC address learning message from being continuously reported due to the fact that the source MAC address cannot be found in the MAC forwarding table, while ensuring that the packet forwarding device forwards the packet to the access side. problem. Example 3
本领域技术人员知道, 在进行二层网络维护时, 经常会采用人工配置静态 MAC 的方式 来避免 MAC学习时进行的广播转发, 或将转发报文引入一个目的 MAC地址并不在其范围的 接口。 因此, 在本实施例中, 还可以在广播域 A和 /或8的 MAC转发表中保存由网管或人工 配置的静态 MAC地址对应的表项 (广播域标识、 MAC地址以及对应的接口), 而不需要将其 中一份的 MAC表项的出接口强制设置为黑洞接口。 通常配置静态 MAC都有着某种特殊的目 的, 即当有报文命中该表项时, 就将报文转发到该表项对应的接口上, 从而实现报文转发 的特殊目的。 通过该静态配置出 MAC地址的方式可以实现在启用接入侧隔离的情况下, 接 入侧下挂的某些设备间依然能够进行相互通信。 A person skilled in the art knows that when performing Layer 2 network maintenance, a static MAC is manually configured to avoid broadcast forwarding during MAC learning, or to forward a packet to an interface whose destination MAC address is not in its range. Therefore, in this embodiment, the entry corresponding to the static MAC address configured by the network management system or manually configured (the broadcast domain identifier, the MAC address, and the corresponding interface) may be saved in the MAC forwarding table of the broadcast domain A and/or 8. You do not need to force the outbound interface of one of the MAC entries to be a blackhole interface. Usually configured static MAC has a special purpose When a packet hits the entry, the packet is forwarded to the interface corresponding to the entry, thereby achieving the special purpose of packet forwarding. By configuring the MAC address statically, you can still communicate with each other between the devices connected to the access side.
本发明实施例通过静态配置出 MAC地址的方式, 实现了在启用接入侧隔离的情况下, 接入侧设备当需要进行特殊目的通信时能够进行相互间报文的转发。 实施例 4  In the embodiment of the present invention, the MAC address is statically configured, so that when the access side isolation is enabled, the access side device can forward packets between each other when special purpose communication is required. Example 4
参见图 4, 本发明实施例提供了一种控制报文转发的设备, 设备包括:  Referring to FIG. 4, an embodiment of the present invention provides a device for controlling packet forwarding, where the device includes:
划分模块 201, 用于划分第一广播域和第二广播域; 第一广播域包含公网侧和接入侧的 接口; 第二广播域包含公网侧的接口;  The dividing module 201 is configured to divide the first broadcast domain and the second broadcast domain; the first broadcast domain includes an interface of the public network side and the access side; and the second broadcast domain includes an interface of the public network side;
保存模块 202, 用于在公网侧的接口上保存第一广播域标识, 在接入侧的有接口上保存 第二广播域标识;  The saving module 202 is configured to save the first broadcast domain identifier on the interface on the public network side, and save the second broadcast domain identifier on the interface on the access side;
接收模块 203, 用于接收待转发的报文;  The receiving module 203 is configured to receive a packet to be forwarded.
映射模块 204, 用于当接收模块 203接收到待转发的报文后, 对待转发的报文的源介质 访问控制地址学习得到源介质访问控制地址、 接收接口和广播域标识的对应关系, 并将对 应关系中的广播域标识进行映射, 得到映射后广播域标识对应的源介质访问控制地址转发 表项。  The mapping module 204 is configured to: after the receiving module 203 receives the packet to be forwarded, learn, by using the source medium access control address of the packet to be forwarded, the source medium access control address, the receiving interface, and the broadcast domain identifier, and The broadcast domain identifier in the corresponding relationship is mapped, and the source media access control address forwarding entry corresponding to the broadcast domain identifier is obtained.
参见图 5, 其中, 当接收待转发的报文的接口为公网侧接口时, 映射模块 204还可以具 体包括:  Referring to FIG. 5, when the interface that receives the packet to be forwarded is a public network side interface, the mapping module 204 may further include:
第一映射单元 2041, 用于当接收模块 203接收到待转发的报文是来自公网侧接口时, 对转发报文的源介质访问控制地址学习得到源介质访问控制地址、 接收接口和第一广播域 标识的对应关系, 将对应关系中第一广播域标识映射为第二广播域标识, 生成第二广播域 标识对应的源介质访问控制地址转发表项。  The first mapping unit 2041 is configured to: when the receiving module 203 receives the packet to be forwarded from the public network side interface, learn, by the source medium access control address of the forwarded packet, the source medium access control address, the receiving interface, and the first And mapping the first broadcast domain identifier to the second broadcast domain identifier, and generating the source media access control address forwarding entry corresponding to the second broadcast domain identifier.
其中, 当接收待转发的报文的接口为接入侧接口时, 映射模块 204还可以具体包括: 第二映射单元 2042用于当接收模块 203接收到的待转发的报文是来自接入侧接口时, 对接入侧接口接收转发报文的源介质访问控制地址学习得到源介质访问控制地址、 接收接 口和第二广播域标识的对应关系, 将源介质访问控制地址、 接收接口和第二广播域标识的 对应关系中的第二广播域标识映射为第一广播域标识, 生成第一广播域标识对应的源介质 访问控制地址转发表项。  When the interface that receives the packet to be forwarded is the access side interface, the mapping module 204 may further include: the second mapping unit 2042 is configured to receive, when the receiving module 203, the packet to be forwarded is from the access side. The source medium access control address of the access side interface receiving the forwarded packet learns the correspondence between the source medium access control address, the receiving interface, and the second broadcast domain identifier, and the source medium access control address, the receiving interface, and the second The second broadcast domain identifier in the correspondence between the broadcast domain identifiers is mapped to the first broadcast domain identifier, and the source media access control address forwarding entry corresponding to the first broadcast domain identifier is generated.
其中, 设备还包括转发模块 205用于根据接收待转发的报文的接口对应的广播域标识, 查找广播域标识对应的介质访问控制转发表进行报文转发。 为了避免持续上报 MAC学习消息的情况, 该设备还可以包括: The device further includes a forwarding module 205, configured to search for a media access control forwarding table corresponding to the broadcast domain identifier to forward the packet according to the broadcast domain identifier corresponding to the interface that receives the packet to be forwarded. In order to avoid the situation of continuously reporting MAC learning messages, the device may further include:
设置模块 206, 用于当映射模块 204学习到源介质访问控制地址、接收接口和广播域标 识的对应关系时, 生成广播域标识对应的介质访问控制转发表项, 并将广播域标识对应的 介质访问控制转发表项中的接口根据需要设置为黑洞接口 (VPLS业务的情况, 或二层 VLAN 转发业务学习接入侧 MAC地址的情况)。 或实际学习的接口 (二层 VLAN转发业务学习公网 侧 MAC地址的情况)。  The setting module 206 is configured to: when the mapping module 204 learns the correspondence between the source media access control address, the receiving interface, and the broadcast domain identifier, generate a media access control forwarding entry corresponding to the broadcast domain identifier, and set the media corresponding to the broadcast domain identifier. The interface in the access control forwarding entry is configured as a blackhole interface (in the case of a VPLS service or a Layer 2 VLAN forwarding service learning access side MAC address). Or the actual learning interface (the case where the Layer 2 VLAN forwarding service learns the MAC address of the public network side).
为了实现报文的特殊目的的转发, 例如在启用了接入侧隔离的情况下, 为了特殊的目 的, 接入侧和接入侧之间某两台设备需要进行互相通信时, 设备还包括:  In order to achieve the special purpose of the packet forwarding, for example, when the access side isolation is enabled, for a special purpose, when two devices between the access side and the access side need to communicate with each other, the device further includes:
配置模块 207, 用于通过静态配置的方式得到广播域标识对应的介质访问控制转发表 项。  The configuration module 207 is configured to obtain, by using a static configuration, a media access control forwarding entry corresponding to the broadcast domain identifier.
本发明实施例提供的控制报文转发的设备, 通过拆分广播域和广播域标识映射的方式, 实现控制报文的转发。 特别是针对目前报文转发设备在满足接入侧隔离的需求的前提下, 而不用修改转发流程中的转发引擎, 实现了报文的成功转发。 本发明实施例提供的技术方案, 通过在报文转发设备上划分多个广播域以及对广播域 标识进行映射的方式, 实现控制报文的转发, 不用修改目前的报文转发设备中的转发引擎 的基础上, 能够自动的支持并满足实现了在二层网络中满足接入侧隔离的条件下转发报文。  The device for controlling packet forwarding provided by the embodiment of the present invention implements control packet forwarding by splitting the mapping between the broadcast domain and the broadcast domain identifier. In particular, the current packet forwarding device meets the requirements of the access side isolation, and the forwarding engine in the forwarding process is not modified, so that the packet is successfully forwarded. The technical solution provided by the embodiment of the present invention implements the control packet forwarding by dividing the multiple broadcast domains and mapping the broadcast domain identifiers on the packet forwarding device, without modifying the forwarding engine in the current packet forwarding device. On the basis of the above, it can automatically support and meet the requirements of forwarding packets under the condition that the access side isolation is satisfied in the Layer 2 network.
本发明实施例中的部分步骤, 可以利用软件实现, 相应的软件程序可以存储在可读取 的存储介质中, 如光盘或硬盘等。  Some of the steps in the embodiment of the present invention may be implemented by software, and the corresponding software program may be stored in a readable storage medium such as an optical disk or a hard disk.
以上所述仅为本发明的较佳实施例, 并不用以限制本发明, 凡在本发明的精神和原则 之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., which are within the spirit and scope of the present invention, should be included in the protection of the present invention. Within the scope.

Claims

权 利 要 求 书 Claim
1.一种控制报文转发的方法, 其特征在于, 所述方法包括:  A method for controlling packet forwarding, the method comprising:
划分第一广播域和第二广播域; 所述第一广播域包含公网侧和接入侧的接口; 所述第 二广播域包含所述公网侧的接口;  Dividing a first broadcast domain and a second broadcast domain; the first broadcast domain includes an interface of a public network side and an access side; and the second broadcast domain includes an interface of the public network side;
在所述公网侧的接口上保存所述第一广播域标识, 在所述接入侧的接口上保存所述第 二广播域标识;  Saving the first broadcast domain identifier on the interface on the public network side, and storing the second broadcast domain identifier on the interface on the access side;
接收待转发的报文, 对所述待转发的报文的源介质访问控制地址, 学习得到所述源介 质访问控制地址、 接收接口和广播域标识的对应关系, 并将所述对应关系中的广播域标识 进行映射, 得到映射后广播域标识对应的源介质访问控制地址转发表项。  Receiving a packet to be forwarded, and obtaining a correspondence between the source medium access control address, the receiving interface, and the broadcast domain identifier, and obtaining the correspondence between the source medium access control address and the broadcast domain identifier of the to-be-forwarded packet, The broadcast domain identifier is mapped, and the source media access control address forwarding entry corresponding to the broadcast domain identifier is obtained.
2.如权利要求 1 所述的控制报文转发的方法, 其特征在于, 所述接收待转发的报文, 对所述待转发的报文的源介质访问控制地址, 学习得到所述源介质访问控制地址、 接收接 口和广播域标识的对应关系, 并将所述对应关系中的广播域标识进行映射, 得到映射后广 播域标识对应的源介质访问控制地址转发表项, 具体为: The method for controlling packet forwarding according to claim 1, wherein the receiving the packet to be forwarded, accessing the control address of the source medium of the packet to be forwarded, and learning to obtain the source medium The mapping between the access control address, the receiving interface, and the broadcast domain identifier is performed, and the broadcast domain identifier in the corresponding relationship is mapped, and the source media access control address forwarding entry corresponding to the broadcast domain identifier is obtained, which is specifically:
所述公网侧的接口接收待转发的报文, 对所述待转发的报文的源介质访问控制地址, 学习得到所述源介质访问控制地址、 接收接口和所述第一广播域标识的对应关系, 将所述 对应关系中所述第一广播域标识映射为第二广播域标识, 生成所述第二广播域标识对应的 源介质访问控制地址转发表项。  The interface on the public network side receives the packet to be forwarded, and learns the source medium access control address of the packet to be forwarded, and learns to obtain the source medium access control address, the receiving interface, and the first broadcast domain identifier. Corresponding relationship, the first broadcast domain identifier in the corresponding relationship is mapped to the second broadcast domain identifier, and the source media access control address forwarding entry corresponding to the second broadcast domain identifier is generated.
3.如权利要求 1 所述的控制报文转发的方法, 其特征在于, 所述接收待转发的报文, 对所述待转发的报文的源介质访问控制地址, 学习得到所述源介质访问控制地址、 接收接 口和广播域标识的对应关系, 并将所述对应关系中的广播域标识进行映射, 得到映射后广 播域标识对应的源介质访问控制地址转发表项, 具体为: The method for controlling packet forwarding according to claim 1, wherein the receiving the packet to be forwarded, accessing the control address of the source medium of the packet to be forwarded, and learning to obtain the source medium The mapping between the access control address, the receiving interface, and the broadcast domain identifier is performed, and the broadcast domain identifier in the corresponding relationship is mapped, and the source media access control address forwarding entry corresponding to the broadcast domain identifier is obtained, which is specifically:
所述接入侧的接口接收待转发的报文, 对所述待转发的报文的源介质访问控制地址, 学习得到所述源介质访问控制地址、 接收接口和所述第二广播域标识的对应关系, 将所述 对应关系中的所述第二广播域标识映射为所述第一广播域标识, 生成所述第一广播域标识 对应的源介质访问控制地址转发表项。  The interface on the access side receives the packet to be forwarded, and learns the source medium access control address of the packet to be forwarded, and learns to obtain the source medium access control address, the receiving interface, and the second broadcast domain identifier. Corresponding relationship, the second broadcast domain identifier in the corresponding relationship is mapped to the first broadcast domain identifier, and the source media access control address forwarding entry corresponding to the first broadcast domain identifier is generated.
4.如权利要求 1 所述的控制报文转发的方法, 其特征在于, 所述方法还包括: 接收到 待转发的报文时, 根据接收所述报文的接口对应的广播域标识, 查找所述广播域标识对应 的介质访问控制转发表进行报文转发。 The method for controlling packet forwarding according to claim 1, wherein the method further comprises: when receiving the packet to be forwarded, searching according to the broadcast domain identifier corresponding to the interface receiving the packet The broadcast domain identifier corresponds to The media access control forwarding table forwards the message.
5.如权利要求 1 所述的控制报文转发的方法, 其特征在于, 所述对所述报文的源介质 访问控制地址学习得到所述源介质访问控制地址、 接收接口和广播域标识的对应关系之后, 还包括: The method for controlling packet forwarding according to claim 1, wherein the source medium access control address learning of the packet obtains the source medium access control address, the receiving interface, and the broadcast domain identifier. After the correspondence, it also includes:
根据所述对应关系, 生成所述广播域标识对应的介质访问控制转发表项, 并将所述广 播域标识对应的介质访问控制转发表项中的接口根据需要设置为黑洞接口。  And generating, according to the corresponding relationship, a media access control forwarding entry corresponding to the broadcast domain identifier, and setting an interface in the media access control forwarding entry corresponding to the broadcast domain identifier as a black hole interface.
6.如权利要求 1 所述的控制报文转发的方法, 其特征在于, 所述方法还包括: 通过静 态配置的方式得到广播域标识对应的介质访问控制转发表项。 The method for controlling packet forwarding according to claim 1, wherein the method further comprises: obtaining, by the static configuration, a media access control forwarding entry corresponding to the broadcast domain identifier.
7. 一种控制报文转发的设备, 其特征在于, 所述设备包括: A device for controlling packet forwarding, wherein the device includes:
划分模块 (201 ), 用于划分第一广播域和第二广播域; 所述第一广播域包含所述公网 侧和接入侧的接口; 所述第二广播域包含所述公网侧的接口;  a dividing module (201), configured to divide the first broadcast domain and the second broadcast domain; the first broadcast domain includes an interface of the public network side and the access side; and the second broadcast domain includes the public network side Interface;
保存模块 (202), 用于在所述公网侧的接口上保存所述第一广播域标识, 在所述接入 侧的接口上保存所述第二广播域标识;  a saving module (202), configured to save the first broadcast domain identifier on an interface on the public network side, and save the second broadcast domain identifier on an interface on the access side;
接收模块 (203), 用于接收待转发的报文;  a receiving module (203), configured to receive a packet to be forwarded;
映射模块 (204), 用于当所述接收模块 (203 ) 接收到待转发的报文后, 对所述待转发 的报文的源介质访问控制地址学习得到所述源介质访问控制地址、 所述接收接口和广播域 标识的对应关系, 并将所述对应关系中的广播域标识进行映射, 得到映射后广播域标识对 应的源介质访问控制地址转发表项。  a mapping module (204), configured to: when the receiving module (203) receives the packet to be forwarded, learn the source medium access control address of the to-be-forwarded packet to obtain the source medium access control address, The mapping between the receiving interface and the broadcast domain identifier is performed, and the broadcast domain identifier in the corresponding relationship is mapped, and the source media access control address forwarding entry corresponding to the mapped broadcast domain identifier is obtained.
8. 如权利要求 7 所述的控制报文转发的设备, 其特征在于, 所述映射模块 (204) 具 体包括: 8. The device for controlling packet forwarding according to claim 7, wherein the mapping module (204) specifically includes:
第一映射单元 (2041 ), 用于当所述接收模块 (203 ) 接收到待转发的报文是来自公网 侧接口时, 对所述待转发的报文的源介质访问控制地址学习得到所述源介质访问控制地址、 接收接口和所述第一广播域标识的对应关系, 将所述对应关系中第一广播域标识映射为第 二广播域标识, 生成所述第二广播域标识对应的源介质访问控制地址转发表项。  The first mapping unit (2041) is configured to: when the receiving module (203) receives the packet to be forwarded from the public network side interface, learn the source medium access control address of the to-be-forwarded packet Mapping the source medium access control address, the receiving interface, and the first broadcast domain identifier, mapping the first broadcast domain identifier in the corresponding relationship to the second broadcast domain identifier, and generating the second broadcast domain identifier Source media access control address forwarding entry.
9. 如权利要求 7 所述的控制报文转发的设备, 其特征在于, 所述映射模块 (204) 具 体包括: 第二映射单元 (2042 ), 用于当所述接收模块 (203 ) 接收到的待转发的报文是来自所 述接入侧接口时, 对所述接入侧接口接收待转发的报文的源介质访问控制地址学习得到所 述源介质访问控制地址、 接收接口和所述第二广播域标识的对应关系, 将所述源介质访问 控制地址、 接收接口和所述第二广播域标识的对应关系中的所述第二广播域标识映射为所 述第一广播域标识, 生成所述第一广播域标识对应的源介质访问控制地址转发表项。 The apparatus for controlling packet forwarding according to claim 7, wherein the mapping module (204) specifically includes: a second mapping unit (2042), configured to receive, when the receiving module (203) receives a packet to be forwarded from the access side interface, to receive, by the access side interface, a packet to be forwarded The source medium access control address learning obtains the correspondence between the source medium access control address, the receiving interface, and the second broadcast domain identifier, and the correspondence between the source medium access control address, the receiving interface, and the second broadcast domain identifier The second broadcast domain identifier in the relationship is mapped to the first broadcast domain identifier, and the source media access control address forwarding entry corresponding to the first broadcast domain identifier is generated.
10. 如权利要求 7 所述的控制报文转发的设备, 其特征在于, 所述设备还包括转发模 块 (205 ) 用于根据接收所述待转发的报文的接口对应的广播域标识, 查找所述广播域标识 对应的介质访问控制转发表进行报文转发。 The device for controlling packet forwarding according to claim 7, wherein the device further includes a forwarding module (205) configured to search according to a broadcast domain identifier corresponding to an interface that receives the packet to be forwarded. The medium access control forwarding table corresponding to the broadcast domain identifier performs packet forwarding.
11. 如权利要求 7所述的控制报文转发的设备, 其特征在于, 所述设备还包括: 设置模块 (206), 用于当所述映射模块 (204) 学习到所述源介质访问控制地址、 接收 接口和所述广播域标识的对应关系时, 生成所述广播域标识对应的介质访问控制转发表项, 并将所述广播域标识对应的介质访问控制转发表项中的接口根据需要设置为黑洞接口。 The device for controlling packet forwarding according to claim 7, wherein the device further comprises: a setting module (206), configured to learn, by the mapping module (204), the source medium access control And generating, by the address, the media access control forwarding entry corresponding to the broadcast domain identifier, and the interface in the media access control forwarding entry corresponding to the broadcast domain identifier, as needed, when the mapping between the address, the receiving interface, and the broadcast domain identifier is performed. Set to black hole interface.
12. 如权利要求 7所述的控制报文转发的设备, 其特征在于, 所述设备还包括: 配置模块 (207), 用于通过静态配置的方式得到广播域标识对应的介质访问控制转发 表项。 The device for controlling packet forwarding according to claim 7, wherein the device further comprises: a configuration module (207), configured to obtain a media access control forwarding table corresponding to the broadcast domain identifier by static configuration item.
PCT/CN2008/073131 2007-12-27 2008-11-20 Method and device for controlling message forwarding WO2009086757A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710304352.6 2007-12-27
CN2007103043526A CN101217463B (en) 2007-12-27 2007-12-27 Method and device for controlling message forwarding

Publications (1)

Publication Number Publication Date
WO2009086757A1 true WO2009086757A1 (en) 2009-07-16

Family

ID=39623826

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/073131 WO2009086757A1 (en) 2007-12-27 2008-11-20 Method and device for controlling message forwarding

Country Status (2)

Country Link
CN (1) CN101217463B (en)
WO (1) WO2009086757A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9584568B2 (en) 2012-05-09 2017-02-28 Nec Corporation Signal processing apparatus and signal processing method thereof for implementing a broadcast or a multicast communication
CN111541610A (en) * 2020-04-21 2020-08-14 北京天融信网络安全技术有限公司 Communication method, communication device, network equipment and computer readable storage medium
CN113472655A (en) * 2021-06-18 2021-10-01 新华三信息安全技术有限公司 Method and device for managing two-layer forwarding table items

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217463B (en) * 2007-12-27 2012-04-18 华为技术有限公司 Method and device for controlling message forwarding
CN101494610B (en) * 2009-03-12 2011-06-22 福建星网锐捷网络有限公司 Method for processing message and switch
CN101616082B (en) * 2009-07-29 2011-09-07 杭州华三通信技术有限公司 Method for message processing in VPLS service network and device
CN102137108A (en) * 2011-03-16 2011-07-27 华为技术有限公司 Method for message registration and exchanger
WO2012106877A1 (en) * 2011-07-08 2012-08-16 华为技术有限公司 Method and apparatus for quick switching of forwarding port
CN102811173B (en) * 2012-07-26 2015-12-02 杭州华三通信技术有限公司 A kind of MAC address learning method and apparatus
CN102801625B (en) * 2012-08-17 2016-06-08 杭州华三通信技术有限公司 A kind of method of heterogeneous network double layer intercommunication and equipment
CN102916877B (en) * 2012-09-19 2015-06-17 华为技术有限公司 Method and device for setting up black hole media access control (MAC) forwarding table
CN103401782B (en) * 2013-07-24 2017-04-05 杭州华三通信技术有限公司 A kind of MAC Address synchronous method and equipment
CN104065571B (en) * 2014-06-05 2017-11-03 福建星网锐捷网络有限公司 A kind of broadcasting packet processing method, apparatus and system
CN106850388B (en) * 2017-02-27 2020-04-03 迈普通信技术股份有限公司 Method and device for forwarding message by VPLS network
CN111817958B (en) * 2020-06-10 2023-04-07 新华三信息安全技术有限公司 Message forwarding method and network equipment
CN115941383B (en) * 2022-11-28 2023-12-22 北京神经元网络技术有限公司 Network domain distribution method, device and equipment for broadband field bus multi-domain switching system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6208649B1 (en) * 1998-03-11 2001-03-27 Cisco Technology, Inc. Derived VLAN mapping technique
CN1507215A (en) * 2002-12-11 2004-06-23 华为技术有限公司 Two-layer message isolating method
CN1538685A (en) * 2003-10-23 2004-10-20 港湾网络有限公司 Method of isolation of bilayer VLAN port
US20050076143A1 (en) * 2003-09-23 2005-04-07 Zhiqiang Wang Techniques for resolving network connectivity
CN1809032A (en) * 2006-02-20 2006-07-26 杭州华为三康技术有限公司 Method of dynamically learning address on MAC layer
US20070177597A1 (en) * 2006-02-02 2007-08-02 Yu Ju Ethernet connection-based forwarding process
CN101056267A (en) * 2007-05-15 2007-10-17 杭州华三通信技术有限公司 Layer 2 forwarding method and forwarding device
CN101217463A (en) * 2007-12-27 2008-07-09 华为技术有限公司 Method and device for controlling message forwarding

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6208649B1 (en) * 1998-03-11 2001-03-27 Cisco Technology, Inc. Derived VLAN mapping technique
CN1507215A (en) * 2002-12-11 2004-06-23 华为技术有限公司 Two-layer message isolating method
US20050076143A1 (en) * 2003-09-23 2005-04-07 Zhiqiang Wang Techniques for resolving network connectivity
CN1538685A (en) * 2003-10-23 2004-10-20 港湾网络有限公司 Method of isolation of bilayer VLAN port
US20070177597A1 (en) * 2006-02-02 2007-08-02 Yu Ju Ethernet connection-based forwarding process
CN1809032A (en) * 2006-02-20 2006-07-26 杭州华为三康技术有限公司 Method of dynamically learning address on MAC layer
CN101056267A (en) * 2007-05-15 2007-10-17 杭州华三通信技术有限公司 Layer 2 forwarding method and forwarding device
CN101217463A (en) * 2007-12-27 2008-07-09 华为技术有限公司 Method and device for controlling message forwarding

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9584568B2 (en) 2012-05-09 2017-02-28 Nec Corporation Signal processing apparatus and signal processing method thereof for implementing a broadcast or a multicast communication
CN111541610A (en) * 2020-04-21 2020-08-14 北京天融信网络安全技术有限公司 Communication method, communication device, network equipment and computer readable storage medium
CN113472655A (en) * 2021-06-18 2021-10-01 新华三信息安全技术有限公司 Method and device for managing two-layer forwarding table items
CN113472655B (en) * 2021-06-18 2023-06-13 新华三信息安全技术有限公司 Method and device for managing two-layer forwarding table items

Also Published As

Publication number Publication date
CN101217463A (en) 2008-07-09
CN101217463B (en) 2012-04-18

Similar Documents

Publication Publication Date Title
WO2009086757A1 (en) Method and device for controlling message forwarding
ES2359602T3 (en) METHOD, SYSTEM AND DEVICE TO REMOVE AN ADDRESS ACCESS CONTROL CONTROL.
US9559951B1 (en) Providing intra-subnet and inter-subnet data center connectivity
US8416787B2 (en) Method, system and apparatus for implementing L2VPN between autonomous systems
EP2230800A1 (en) Method for obtaining virtual private network label and autonomous system boundary router device
US10425354B2 (en) Resource allocation method, packet communication method, and apparatus
WO2007045146A1 (en) A method and a device for bridging forwarding
WO2005011197A1 (en) Method of multi-port virtual local area network (vlan) supported by multi-protocol label switch (mpls)
WO2007019785A1 (en) A multicast supported virtual local area network switching system and a method thereof
WO2016197787A2 (en) Access control method and apparatus
WO2015109478A1 (en) Method, switch, and controller for implementing arp
WO2014190690A1 (en) Method, equipment and system for forwarding packets in information centric network (icn)
WO2007062592A1 (en) A system, a method, and a router device of layer 2 virtual private network for interconnecting point/multi-points and multi-points
WO2009149646A1 (en) Port switching method, network device and network system
WO2012006888A1 (en) Method and apparatus for implementing virtual media access control address
WO2020258969A1 (en) Creation of method and apparatus for implementing table entry backup
WO2018171722A1 (en) Mac address synchronization
WO2012109864A1 (en) Message forwarding method and device
CN1870588A (en) Implementing method and system for support VPLS service on IP skeletal network
WO2014067328A1 (en) Layer 2 forwarding method and forwarding device
US9654304B2 (en) Method and apparatus for sending transparent interconnection of lots of links data frame
WO2012075846A1 (en) Method and device for broadcasting domain-division time-division packet
WO2012068854A1 (en) Method and apparatus for updating media access control (mac) address
RU2592408C2 (en) Method and apparatus for configuring medium access control space in service virtual private local area network
WO2008017255A1 (en) A method and device for realizing unicast reverse path check

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08870269

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08870269

Country of ref document: EP

Kind code of ref document: A1