CN105450520B - Packet processing method and device, and method and device for establishing aggregation tunnel - Google Patents

本发明实施例公开了一种报文处理方法和装置以及一种建立聚合隧道的方法和装置。其中，聚合隧道的转发节点根据隧道标签和VPN标签共同对VPN的报文进行转发处理。隧道标签携带有语义标记。对于聚合隧道对应的目标VPN，在聚合隧道的转发节点上配置有用于记录目标VPN与目标VPN在该转发节点之后的下一个节点之间映射关系的子树信息。该转发节点在接收到目标VPN的报文时通过读取隧道标签，在该语义标记的指示下读取报文中的VPN标签并根据读取到的VPN标签和已配置的子树信息向所述下一个节点转发目标VPN的报文。因此，聚合隧道中的链路能够避免被用于转发无用的报文，从而节约了网络中的流量资源。

Embodiments of the present invention disclose a packet processing method and device, and a method and device for establishing an aggregation tunnel. The forwarding node of the aggregated tunnel jointly forwards the VPN packets according to the tunnel label and the VPN label. Tunnel labels carry semantic tags. For the target VPN corresponding to the aggregation tunnel, the forwarding node of the aggregation tunnel is configured with subtree information for recording the mapping relationship between the target VPN and the next node of the target VPN after the forwarding node. When receiving the message of the target VPN, the forwarding node reads the tunnel label, reads the VPN label in the message under the instruction of the semantic label, and sends the message to the destination according to the read VPN label and the configured subtree information. The next node forwards the packets of the target VPN. Therefore, the links in the aggregated tunnel can avoid being used for forwarding useless packets, thereby saving traffic resources in the network.

Message processing method and device, the method and apparatus for establishing aggregating tunnel

Technical field

The present invention relates to fields of communication technology, gather more particularly to a kind of message processing method and device and a kind of establish The method and apparatus for closing tunnel.

Background technique

In the network for supporting multicast polymerization retransmission technique, multiple Virtual Private Network (English: Virtual Private Network, abbreviation VPN) it the same aggregating tunnel (English: Aggregate Tunnel) can be used E-Packets.Multiple In the case that VPN is E-Packeted using the same aggregating tunnel, the aggregating tunnel corresponds to the multiple VPN, the multiple VPN Message forward passed through link to collectively constitute the aggregating tunnel in a network, the message of the multiple VPN is in network The passed through forward node of middle forwarding can be considered as the forward node of the aggregating tunnel.In the establishment process of the aggregating tunnel In, each forward node of the aggregating tunnel is configured with corresponding tunnel label under the aggregating tunnel.For institute It states for a forward node of aggregating tunnel, the forward node is according to identical tunnel label to the message of the multiple VPN It is forwarded processing.Wherein, the corresponding tunnel label of the forward node can be mapped to the forwarding section under the aggregating tunnel The corresponding all conversion links of the multiple VPN on point.Therefore, for any one message of the multiple VPN received, The message will be all forwarded on the corresponding all conversion links of the multiple VPN on the forward node.As it can be seen that for entirely polymerizeing tunnel For road, in the multiple VPN to be E-Packeted using same aggregating tunnel, it is right that the message of VPN is not only forwarded to the VPN itself The destination node answered, and it is also forwarded to the corresponding destination node of other VPN (English: Egress Node).As it can be seen that polymerization Many links in tunnel be used to forward a large amount of useless messages, so as to cause the waste of floating resources in network.

Summary of the invention

The embodiment of the present invention is the technical problem to be solved is that, provide a kind of message processing method and device and one kind is built The method and apparatus of vertical aggregating tunnel are forwarded to by aggregating tunnel the destination node of other VPN to avoid the message of VPN, To avoid the link in aggregating tunnel from being used to forward useless message, the floating resources in network are saved.

In a first aspect, the embodiment of the invention provides a kind of message processing methods.This method comprises:

First forward node receives object message, and first forward node belongs to the forward node of aggregating tunnel；

First forward node identifies destination virtual the dedicated network VPN, the target VPN of the object message ownership Belong to the VPN to E-Packet using the aggregating tunnel；

First forward node searches subtree information of the target VPN on first forward node, the son Tree information record has the mapping relations between the target VPN and the second forward node, and second forward node is described Next node on the corresponding conversion link of target VPN after first forward node；

First forward node encapsulates the first tunnel label according to the subtree information found in the object message With the VPN label of the target VPN, and to second forward node forwarding be packaged with the tunnel label and the VPN mark The object message of label；

First tunnel label is the corresponding tunnel label of the second forward node described under the aggregating tunnel；Described One tunnel label is that second forward node distributes to first forward node；First tunnel label carries language Justice label；The semantic marker is used to indicate second forward node and reads first tunnel in the object message The VPN label of the object message is read when road label；The VPN label is used to indicate second forward node and knows Not Chu object message ownership the target VPN.

Optionally, first forward node is the corresponding source node of the target VPN；

First forward node identifies the destination virtual dedicated network VPN of the object message ownership, specifically: it is described First forward node determines the target of the object message ownership according to the incoming interface or packaging information in the object message VPN。

Optionally, first forward node is the corresponding intermediate node of the target VPN；

First forward node identifies the destination virtual dedicated network VPN of the object message ownership, comprising:

First forward node reads the second tunnel label encapsulated in the object message, second tunnel label For the corresponding tunnel label of the first forward node described under the aggregating tunnel, second tunnel label carries institute's predicate Justice label；

The semantic marker that first forward node is carried in response to recognizing second tunnel label, reads institute Next layer of label for stating the second tunnel label described in object message, obtains the VPN label；

First forward node according to the mapping relations between the VPN label and the target VPN, determine described in The target VPN of VPN label ownership.

Optionally, the method also includes:

First forward node pops up second tunnel label from the object message.

Optionally, the method also includes:

First forward node receives second tunnel label that the network equipment the issues, semantic marker, described VPN label and the subtree information.

Optionally, the network equipment is control node, and first tunnel label passes through the channel open flows OpenFlow It issues, the semantic marker is issued by the channel OpenFlow, and the VPN label is assisted by the channel OpenFlow or borde gateway The view channel BGP issues, and the subtree information is issued by the channel OpenFlow.

Optionally, the aggregating tunnel is located at virtual access system, all forward node in the virtual access system It is access node.

Second aspect, the embodiment of the invention provides a kind of methods for establishing aggregating tunnel.This method comprises:

The network equipment distributes the forward node under the aggregating tunnel for the forward node of the aggregating tunnel and corresponds to Tunnel label, and issue the tunnel label to the forward node；

The network equipment issues the semantic marker of the tunnel label to the forward node, to indicate the forwarding section Point carries the semantic marker in the tunnel label；

The network equipment is that target VPN distributes VPN label, and issues the VPN label to the forward node；

The network equipment determination is next after the forward node on the corresponding conversion link of the target VPN Node generates subtree information of the target VPN on the forward node, and issues the subtree letter to the forward node Breath, wherein the subtree information record has the mapping relations between the target VPN and the next node；

The semantic marker of the tunnel label is used to indicate the forward node and reads in the object message received The VPN label of the object message is read when the tunnel label, the object message is the message of the target VPN； The VPN label is used to indicate the target VPN that the forward node identifies the object message ownership；The subtree Information is used to indicate the forward node to the next node and forwards the object message.

Optionally, the network equipment is control node；

It is described to issue the tunnel label to the forward node, specifically: by the channel open flows OpenFlow to institute It states forward node and issues the tunnel label；

The semantic marker that the tunnel label is issued to the forward node, specifically: pass through the channel OpenFlow The semantic marker is issued to the forward node；

It is described to issue the VPN label to the forward node, specifically: it is assisted by the channel OpenFlow or borde gateway It discusses the channel BGP and issues the VPN label to the forward node；

It is described to issue the subtree information to the forward node, specifically: by the channel OpenFlow to the forwarding Node issues the subtree information.

Optionally, the aggregating tunnel is located at virtual access system, all forward node in the virtual access system It is access node.

The third aspect, the embodiment of the invention provides a kind of message process devices.The device is configured at the first forward node. The device includes:

First receiving unit, for receiving object message, first forward node belongs to the forward node of aggregating tunnel；

Recognition unit, the destination virtual dedicated network VPN that the object message belongs to for identification, the target VPN category In the VPN to be E-Packeted using the aggregating tunnel；

Searching unit, for searching subtree information of the target VPN on first forward node, the subtree letter Breath record has the mapping relations between the target VPN and the second forward node, and second forward node is in the target Next node on the corresponding conversion link of VPN after first forward node；

Encapsulation unit, for according to the subtree information that finds, encapsulated in the object message the first tunnel label and The VPN label of the target VPN；

Retransmission unit, for being packaged with the tunnel label and the VPN label to second forward node forwarding Object message；

First tunnel label is the corresponding tunnel label of the second forward node described under the aggregating tunnel；Described One tunnel label is that second forward node is sent to first forward node；First tunnel label carries language Justice label；The semantic marker is used to indicate second forward node and reads first tunnel in the object message The VPN label of the object message is read when road label；The VPN label is used to indicate second forward node and knows Not Chu object message ownership the target VPN.

Optionally, first forward node is the corresponding source node of the target VPN；

The recognition unit, specifically for determining the mesh according to the incoming interface or packaging information in the object message Mark the target VPN of message ownership.

Optionally, first forward node is the corresponding intermediate node of the target VPN；

The recognition unit, is specifically used for:

The second tunnel label encapsulated in the object message is read, second tunnel label is in the aggregating tunnel Under the corresponding tunnel label of first forward node, second tunnel label carries the semantic marker；

The semantic marker carried in response to recognizing second tunnel label, reads described in the object message Next layer of label of the second tunnel label, obtains the VPN label；

First forward node according to the mapping relations between the VPN label and the target VPN, determine described in The target VPN of VPN label ownership.

Optionally, described device further include:

Unit is popped up, for popping up second tunnel label from the object message.

Optionally, described device further include:

Second receiving unit, for receiving second tunnel label, the semantic marker that the network equipment issues, described VPN label and the subtree information.

Optionally, the network equipment is control node, and first tunnel label passes through the channel open flows OpenFlow It issues, the semantic marker is issued by the channel OpenFlow, and the VPN label is assisted by the channel OpenFlow or borde gateway The view channel BGP issues, and the subtree information is issued by the channel OpenFlow.

Optionally, the aggregating tunnel is located at virtual access system, all forward node in the virtual access system It is access node.

Fourth aspect, the embodiment of the invention provides a kind of devices for establishing aggregating tunnel.The device is configured at network and sets It is standby.The device includes:

First allocation unit, for distributing the forwarding under the aggregating tunnel for the forward node of the aggregating tunnel The corresponding tunnel label of node；

First issuance unit, for issuing the tunnel label to the forward node；

Second issuance unit, for issuing the semantic marker of the tunnel label to the forward node, described in instruction Forward node carries the semantic marker in the tunnel label；

Second allocation unit, for distributing VPN label for target VPN；

Third issuance unit, for issuing the VPN label to the forward node；

Generation unit, it is next after the forward node on the corresponding conversion link of the target VPN for determining A node generates subtree information of the target VPN on the forward node；

4th issuance unit, for issuing the subtree information to the forward node, wherein the subtree information record There are the mapping relations between the target VPN and the next node；The semantic marker of the tunnel label is used to indicate institute State the VPN mark that the object message is read when forward node reads the tunnel label in the object message received Label, the object message is the message of the target VPN；The VPN label, be used to indicate the forward node identify it is described The target VPN of object message ownership；The subtree information is used to indicate the forward node and turns to the next node Send out object message described.

Optionally, the network equipment is control node；

First issuance unit, it is described specifically for being issued by the channel open flows OpenFlow to the forward node Tunnel label；

Second issuance unit, specifically for issuing the semantic mark to the forward node by the channel OpenFlow Note；

The third issuance unit is specifically used for through the channel OpenFlow or Border Gateway Protocol (BGP) channel to described Forward node issues the VPN label；

4th issuance unit is believed specifically for issuing the subtree to the forward node by the channel OpenFlow Breath.

Optionally, the aggregating tunnel is located at virtual access system, all forward node in the virtual access system It is access node.

Compared with prior art, the embodiment of the present invention has the advantage that

Using the technical solution of the embodiment of the present invention, in order to use aggregating tunnel to turn the object message of target VPN It sends out, forwards section under the aggregating tunnel in addition to configuring on the forward node that object message described in the aggregating tunnel needs to pass through Except the corresponding tunnel label of point, the VPN label that can also configure the target VPN, the target VPN are in the forward node On subtree information and carry semantic marker in the tunnel label, wherein subtree information record has the target VPN The mapping relations between next node on conversion link corresponding with the target VPN after the forward node.Work as institute When stating forward node and receiving the object message, it is packaged with the tunnel label and the VPN label in the object message, The VPN label is next layer of label of the tunnel label.The forward node reads the tunnel in the object message Road label, and according to the instruction of the semantic marker carried in the tunnel label, the tunnel is read in the object message Next layer of label of label and obtain the VPN label, the mesh of target VPN ownership is determined according to the VPN label VPN is marked, and determines the forwarding chain of the target VPN according to the subtree information of the target VPN on the forward node The next node of the forward node on the road, so as to which object message is transmitted to the next node.It can be seen that On the forward node of aggregating tunnel, the message of target VPN can be only forwarded by the corresponding conversion link of target VPN, And the corresponding conversion link of other corresponding VPN of aggregating tunnel no longer forwards the message of target VPN.As it can be seen that for entirely polymerizeing For tunnel, the message of VPN can only be forwarded to the corresponding destination node of the VPN itself, without being forwarded to other VPN Corresponding destination node.Therefore, the link in aggregating tunnel, which can be avoided, be used to forward useless message, to save net Floating resources in network.

Detailed description of the invention

In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The some embodiments recorded in application, for those of ordinary skill in the art, without creative efforts, It is also possible to obtain other drawings based on these drawings.

Fig. 1 is a kind of flow diagram of message processing method in the embodiment of the present invention；

Fig. 2 is a kind of flow diagram for the method for establishing aggregating tunnel in the embodiment of the present invention；

Fig. 3 is a kind of exemplary configuration diagram of aggregating tunnel in the embodiment of the present invention；

Fig. 4 is a kind of structural schematic diagram of message process device in the embodiment of the present invention；

Fig. 5 is a kind of structural schematic diagram for the device for establishing aggregating tunnel in the embodiment of the present invention.

Specific embodiment

In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only this Apply for a part of the embodiment, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art exist Every other embodiment obtained under the premise of creative work is not made, shall fall in the protection scope of this application.

Inventor has found that when multiple VPN are E-Packeted using the same aggregating tunnel, the forwarding of aggregating tunnel Node is actually that all VPN provide identical tunnel label, and therefore, the forward node of aggregating tunnel is to receiving The message of different VPN is to carry out identical forward process according to identical tunnel label.Message in order to guarantee different VPN is final It can be forwarded to the corresponding destination node of its VPN, the forward node of aggregating tunnel needs to pass through the message of different VPN all The corresponding conversion link of VPN forwards.But for a VPN, in order to realize the message forwarding of the VPN, the VPN Message only need by the forward node of aggregating tunnel the corresponding conversion link of the VPN be forwarded, without by The corresponding conversion link of other VPN is forwarded on the forward node of aggregating tunnel.As it can be seen that the forward node of aggregating tunnel will not Message with VPN is forwarded by the corresponding conversion link of all VPN, can result in many links in aggregating tunnel by with In a large amount of useless messages of forwarding, to cause the waste of floating resources in network.

To solve the above-mentioned problems, in embodiments of the present invention, the forward node of aggregating tunnel can be according to tunnel label Processing is forwarded to the message of VPN jointly with VPN label.Wherein, tunnel label carries semantic marker.With aggregating tunnel pair Any one VPN answered is as target VPN, configured with for recording target VPN and target on the forward node of aggregating tunnel The subtree information of the corresponding conversion link of VPN mapping relations between the next node after the forward node.The forwarding section Point, by reading tunnel label, can go down to read message when receiving the message of target VPN in the instruction of the semantic marker In VPN label and target VPN is forwarded to the next node according to the VPN label that reads and configured subtree information Message.Therefore, on the forward node of aggregating tunnel, the message of target VPN can only pass through the corresponding forwarding chain of target VPN Road is forwarded, and the corresponding conversion link of other corresponding VPN of aggregating tunnel no longer forwards the message of target VPN.Therefore, gather It closes the link in tunnel and can be avoided and be used to forward useless message, to save the floating resources in network.

With reference to the accompanying drawing, by embodiment, come the present invention will be described in detail, middle message processing method and device and foundation are poly- Close the specific implementation of the method and apparatus in tunnel.

Referring to Fig. 1, a kind of flow diagram of message processing method in the embodiment of the present invention is shown.In the present embodiment In, the method for example can specifically include following steps:

S101, the first forward node receive object message, and first forward node belongs to the forward node of aggregating tunnel.

Wherein, the first forward node can be any one forward node on aggregating tunnel.For example, the first forward node It can be the corresponding source node of object message.For another example, the first forward node can be the corresponding intermediate node of object message.

It is understood that object message can be the multicast message forwarded using aggregating tunnel.The aggregating tunnel can be with It is the message for forwarding multiple VPN, which belongs to one of VPN, which is target VPN.Wherein, The aggregating tunnel specifically can be P2MP aggregating tunnel.

S102, first forward node identify the destination virtual dedicated network VPN of the object message ownership, the mesh Mark VPN belongs to the VPN to E-Packet using the aggregating tunnel.

In the present embodiment, different types of first forward node can identify that in different ways object message is returned The target VPN of category.

In some embodiments of the present embodiment, the first forward node can be the corresponding source node of target VPN.Due to There are no packaging V PN label when object message reaches the first forward node, S102 can be with specifically: the first forward node root According to the incoming interface or packaging information in the object message, the target VPN of the object message ownership is determined.

In other embodiments of the present embodiment, the first forward node can be the corresponding intermediate node of target VPN. Since the corresponding source node of target VPN encapsulates VPN label in object message, object message is when reaching the first forward node VPN label is encapsulated, therefore, the VPN label in object message can be read directly to identify target in the first forward node The target VPN of message ownership.It is understood that object message is when reaching the first forward node as intermediate node, mesh The outer layer label for marking message is corresponding second tunnel label of the first forward node under aggregating tunnel, the vpn label of object message For VPN label.In the repeating process of object message, the outer layer label that intermediate node usually only reads message to carry out message Forward process is forwarded processing to message without can read the vpn label of message.In order to enable intermediate node can be read To VPN label, a semantic marker can be carried in the tunnel label of aggregating tunnel, which can be used for triggering centre Node goes to read VPN label.Specifically, S102 for example may include: that first forward node is read in the object message Second tunnel label of encapsulation, second tunnel label are the corresponding tunnel of the first forward node described under the aggregating tunnel Road label, second tunnel label carry the semantic marker；First forward node is in response to recognizing described The semantic marker that two tunnel labels carry, reads next layer of label of the second tunnel label described in the object message, Obtain the VPN label；First forward node is according to the mapping relations between the VPN label and the target VPN, really The target VPN of the fixed VPN label ownership.In the object message, the VPN label is second tunnel label Next layer of label.Wherein, the example of the mapping relations between a VPN label and the target VPN can be (Label=LABEL_RED, vpn=VPN_RED), wherein VPN_RED is the mark of target VPN, and LABEL_RED is target The VPN label of VPN.

S103, first forward node search subtree information of the target VPN on first forward node, institute Stating subtree information record has a mapping relations between the target VPN and the second forward node, second forward node be Next node on the corresponding conversion link of the target VPN after first forward node.

It should be noted that having according to the message forwarding mechanism of aggregating tunnel, on the first forward node based on polymerization tunnel The elite stand information in road.In the elite stand information, the tunnel label that each VPN is used all be it is identical, which has mapped Aggregating tunnel corresponding all conversion links on the first forward node.Therefore, the object message of target VPN is according only to the forwarding List item will be forwarded by the corresponding all conversion links of aggregating tunnel on the first forward node.For example, elite stand information Example can be (parent_treeid=P2MP_ID, role=branch, inlabel=Context-Label- Assigned-By-AP1, tree=<oif=AP2/AP3>)." P2MP_ID " is the mark of aggregating tunnel."Context- Label-Assigned-By-AP1 " is the corresponding tunnel label of forward node AP1 namely forward node AP1 under aggregating tunnel Distribute to the tunnel label of other forward node."<oif=AP2/AP3>" indicates that aggregating tunnel is corresponding on the first forward node Conversion link.As it can be seen that after object message reaches forward node AP1, forwarding AP1 will be to according to tunnel label and elite stand information Forward node AP2 and AP3 forward object message, and in other words, forward node AP2 and forward node AP3 will receive target report Text.

In order to avoid such case, the first forward node also has for recording between target VPN and the second forward node The subtree information of mapping relations, wherein after the second forward node is the first forward node on the corresponding conversion link of target VPN Next node.Therefore, the first forward node, can be only by target VPN in the first forward node according to the subtree information The message of upper corresponding conversion link forwarding target VPN, and no longer pass through other VPN corresponding forwarding on the first forward node The message of link forwarding target VPN.Wherein, which can specifically include the mark and the second forward node of target VPN Mark.For example, the example of a subtree information can be (vpn=VPN_RED, subtree=<oif=AP2>), wherein " VPN_RED " is the mark of target VPN, and "<oif=AP2>" indicates target VPN corresponding forwarding chain on the first forward node Road.As it can be seen that forward node, will according to tunnel label, VPN label and subtree information after object message reaches forward node AP1 Object message only is forwarded to forward node AP2, and no longer forwards object message to forward node AP3.

S104, first forward node encapsulate the first tunnel according to the subtree information found in the object message The VPN label of road label and the target VPN, and the tunnel label and described is packaged with to second forward node forwarding The object message of VPN label.

First tunnel label is the corresponding tunnel label of the second forward node described under the aggregating tunnel；Described One tunnel label is that second forward node distributes to first forward node；First tunnel label carries language Justice label；The semantic marker is used to indicate second forward node and reads first tunnel in the object message The VPN label of the object message is read when road label；The VPN label is used to indicate second forward node and knows Not Chu object message ownership the target VPN.

It is understood that the first forward node forwards the object message to the second forward node, the specifically can be One forward node replicates object message to the corresponding oif list of the second forward node.First tunnel label and VPN label It can be and be encapsulated into object message during duplication.For example, in a kind of example of encapsulation, the first forward node is to It, can be by " vpn_label=LABEL_RED " and " parent_label=when two forward node forward object message Context-Label-Assigned-By-AP2 " is encapsulated into object message.Wherein, " LABEL_RED " indicates VPN label, " Context-Label-Assigned-By-AP2 " indicates that the second forward node is assigned to the tunnel label of the first forward node, That is, the tunnel label is the first tunnel label.Wherein, " Context-Label " is the semantic marker.

If the first forward node is the corresponding source node of target VPN, the first forward node can by the first tunnel label and VPN label is encapsulated into the object message received, then the object message after encapsulation is transmitted to the second forward node.

If the first forward node is the corresponding intermediate node of target VPN, the first forward node can be first by second tunnel Road label and the VPN label are popped up from the object message received as a whole, then by the first tunnel mark Label and VPN label are encapsulated into object message as a whole, then the object message after encapsulation is transmitted to the second forwarding section Point.Alternatively, the first forward node can be first by second tunnel if the first forward node is the corresponding intermediate node of target VPN Road label is popped up from the object message received, and then first tunnel label is encapsulated into object message, then Object message after encapsulation is transmitted to the second retransmission unit.

If the second forward node is the corresponding intermediate node of target VPN, the second forward node can be according to the first tunnel Label and VPN label are forwarded processing to the object message, and for details, reference can be made to aforementioned first forward node according to the second tunnel Road label and VPN label are forwarded the embodiment of processing to the object message, and details are not described herein for the present embodiment.

If the second forward node is the corresponding destination node of target VPN, the second forward node can be incited somebody to action according to VPN label The object message is forwarded to the local device of the target VPN.

It should be noted that aforementioned second tunnel label, semantic marker, VPN label and subtree information can be by network Equipment is that the first forward node is distributed and issued.Similarly, it is second that aforementioned first tunnel label, which can be by the network equipment, Forward node is distributed and is issued.Wherein, the network equipment can be any one equipment in network.For example, the net Network equipment can be control node, such as SDN controller.For another example, the network equipment can be any one turn of aggregating tunnel Send out node.

If the network equipment is control node, first tunnel label can be logical by open flows OpenFlow Road issues, and the semantic marker can be to be issued by the channel OpenFlow, and the VPN label can be logical by OpenFlow Road or Border Gateway Protocol (English: Border Gateway Protocol, abbreviation BGP) channel issue, and the subtree information is logical The channel OpenFlow is crossed to issue.

It is understood that the present embodiment can be applied to virtual access system.Specifically, the aggregating tunnel can position In virtual access system, the virtual access system all forward node be access node (English Access Point, Abbreviation AP).Access node needs to handle VPN label originally, and forwarding section all in virtual access system Point is access node, it is seen then that the VPN label and target VPN of target VPN are configured on the forward node in virtual access system Subtree information, not will increase system be tag processes expend resource.

The forward node of technical solution through this embodiment, aggregating tunnel can be total according to tunnel label and VPN label It carries out turning reason with the message to VPN.Wherein, tunnel label carries semantic marker.With any one corresponding VPN of aggregating tunnel As target VPN, configured with for recording target VPN forwarding chain corresponding with target VPN on the forward node of aggregating tunnel The subtree information of road mapping relations between the next node after the forward node.The forward node is receiving target By reading tunnel label when the message of VPN, it can go down to read VPN label in message simultaneously root in the instruction of the semantic marker The message of target VPN is forwarded to the next node according to the VPN label and configured subtree information read.Therefore, exist On the forward node of aggregating tunnel, the message of target VPN can be only forwarded by the corresponding conversion link of target VPN, and The corresponding conversion link of other corresponding VPN of aggregating tunnel no longer forwards the message of target VPN.Therefore, the chain in aggregating tunnel Road, which can be avoided, be used to forward useless message, to save the floating resources in network.

Referring to fig. 2, a kind of flow diagram for the method for establishing aggregating tunnel in the embodiment of the present invention is shown.In this reality It applies in example, the method for example may include:

S201, the forward node that the network equipment is the aggregating tunnel distribute the forward node under the aggregating tunnel Corresponding tunnel label, and the tunnel label is issued to the forward node.

Specifically, the network equipment can calculate the link information of aggregating tunnel according to the topology being collected into.Link letter Breath has recorded all conversion links of the aggregating tunnel.For example, in aggregating tunnel example shown in Fig. 3, the aggregating tunnel Link information indicate, the conversion link of the aggregating tunnel includes link, forward node of the forward node M1 to forward node AP1 The link of M1 to forward node AP4, the link of forward node AP1 to forward node AP2 and forward node AP1 are to forward node The link of AP3.Then, the network equipment can be each forward node point of aggregating tunnel according to the link information of aggregating tunnel It fits over the corresponding tunnel label of the forward node under aggregating tunnel and is handed down to each forward node.Wherein, the network equipment can lead to It crosses RSVP-TE signaling and issues tunnel label to each forward node, alternatively, if the network equipment is control node (Master), network Equipment can also issue tunnel label to each forward node by the channel OpenFlow.

S202, the network equipment issue the semantic marker of the tunnel label to the forward node, described in instruction Forward node carries the semantic marker in the tunnel label.

Wherein, which specifically can be a BOOL phenotypic marker.Forward node when receiving the semantic marker, The semantic marker can will be stamped in the corresponding tunnel label of the forward node under aggregating tunnel.For example, a kind of semantic marker Example can be " Context-Label ".It is marked when entering label in the message that forwarding receives comprising " Context-Label " When, the label substance in message in the space of " Context-Label " label is popped up to and is checked next layer of mark of tunnel label Next layer of label is placed in the space of " Context-Label " label and searches tag processes table by label.

It is understood that if the network equipment is control node, the network equipment can be by the channel OpenFlow to institute It states forward node and issues the semantic marker.

S203, the network equipment are that target VPN distributes VPN label, and issues the VPN mark to the forward node Label.

It can be target VPN distribution one when system needs to configure a target VPN to E-Packet using aggregating tunnel A VPN label and the forward node for being handed down to aggregating tunnel.Wherein, in order to issue VPN label, the network equipment is actually handed down to Forward node can be the mapping relations between the mark and VPN label of target VPN.For example, a kind of mark of target VPN with Mapping relations example between VPN label can be (Label=LABEL_RED, vpn=VPN_RED), wherein VPN_RED is The mark of target VPN, LABEL_RED are the VPN label of target VPN.

It is understood that the network equipment can pass through the channel OpenFlow or side if the network equipment is control node The boundary channel gateway protocol BGP issues the VPN label to the forward node.

S204, the network equipment determine on the corresponding conversion link of the target VPN after the forward node Next node, generates subtree information of the target VPN on the forward node, and issues to the forward node described Subtree information, wherein the subtree information record has the mapping relations between the target VPN and the next node.

The semantic marker of the tunnel label is used to indicate the forward node and reads in the object message received The VPN label of the object message is read when the tunnel label, the object message is the message of the target VPN； The VPN label is used to indicate the target VPN that the forward node identifies the object message ownership；The subtree Information is used to indicate the forward node to the next node and forwards the object message.

Specifically, the network equipment can determine the next node after the forward node, base according to the link of target VPN Subtree information of the target VPN on the forward node is generated in this and issues the subtree information.For example, polymerization shown in Fig. 3 In tunnel example, if target VPN's is identified as VPN_RED, the forward node of target VPN includes AP1 and AP2, the target The link of VPN includes the link of the link of forward node M1 to forward node AP1, forward node AP1 to forward node AP2.It is right For forward node AP1, subtree information of the target VPN on forward node AP1 can be (vpn=VPN_RED, subtree =<oif=AP2>), wherein VPN_RED is the mark of target VPN, and<oif=AP2>indicates to turn on the conversion link of target VPN The next node for sending out node AP1 is forward node AP2.

It is understood that the network equipment can pass through the channel OpenFlow or side if the network equipment is control node The boundary channel gateway protocol BGP issues the VPN label to the forward node.

In addition, the network equipment can also for aggregating tunnel forward node generate the elite stand information based on tunnel label and under Issue forward node.It wherein, may include mark, the class of forward node of aggregating tunnel in the elite stand information of forward node Type mark, the corresponding tunnel label of forward node, next node of the aggregating tunnel after forward node.For example, in Fig. 3 institute In the aggregating tunnel example shown, the elite stand information of forward node AP1 can be (parent_treeid=P2MP_ID, role= Branch, inlabel=Context-Label-Assigned-By-AP1, tree=<oif=AP2/AP3>), wherein The value of parent_treeid is the mark of aggregating tunnel, and the value of role is the type identification (type that root is indicated of forward node For root node, the type that leaf is indicated is leaf node, and the type that branch is indicated is crossover node), the value of inlabel be The tunnel label of forward node under aggregating tunnel, the value of tree indicate next node of the aggregating tunnel after forward node.

It should be noted that network equipment issues tunnel label, semantic marker, VPN label and subtree letter to forward node After breath, forward node may refer to aforementioned embodiment shown in FIG. 1 to be forwarded processing to message, and the present embodiment is herein not It repeats again.

It is understood that the present embodiment can be applied to virtual access system.Specifically, the aggregating tunnel can position In virtual access system, the virtual access system all forward node be access node (English Access Point, Abbreviation AP).Access node needs to handle VPN label originally, and forwarding section all in virtual access system Point is access node, it is seen then that the VPN label and target VPN of target VPN are configured on the forward node in virtual access system Subtree information, not will increase system be tag processes expend resource.

The forward node of technical solution through this embodiment, aggregating tunnel can be total according to tunnel label and VPN label It carries out turning reason with the message to VPN.Wherein, tunnel label carries semantic marker.With any one corresponding VPN of aggregating tunnel As target VPN, configured with for recording target VPN forwarding chain corresponding with target VPN on the forward node of aggregating tunnel The subtree information of road mapping relations between the next node after the forward node.The forward node is receiving target By reading tunnel label when the message of VPN, it can go down to read VPN label in message simultaneously root in the instruction of the semantic marker The message of target VPN is forwarded to the next node according to the VPN label and configured subtree information read.Therefore, exist On the forward node of aggregating tunnel, the message of target VPN can be only forwarded by the corresponding conversion link of target VPN, and The corresponding conversion link of other corresponding VPN of aggregating tunnel no longer forwards the message of target VPN.Therefore, the chain in aggregating tunnel Road, which can be avoided, be used to forward useless message, to save the floating resources in network.

Referring to fig. 4, a kind of structural schematic diagram of message process device in the embodiment of the present invention is shown.In the present embodiment In, described device can be configured at the first forward node, and described device for example can specifically include:

First receiving unit 401, for receiving object message, first forward node belongs to the forwarding section of aggregating tunnel Point；

Recognition unit 402, destination virtual the dedicated network VPN, the target VPN that the object message belongs to for identification Belong to the VPN to E-Packet using the aggregating tunnel；

Searching unit 403, for searching subtree information of the target VPN on first forward node, the son Tree information record has the mapping relations between the target VPN and the second forward node, and second forward node is described Next node on the corresponding conversion link of target VPN after first forward node；

Encapsulation unit 404, for encapsulating the first tunnel label in the object message according to the subtree information found With the VPN label of the target VPN；

Retransmission unit 405, for being packaged with the tunnel label and the VPN label to second forward node forwarding Object message；

First tunnel label is the corresponding tunnel label of the second forward node described under the aggregating tunnel；Described One tunnel label is that second forward node is sent to first forward node；First tunnel label carries language Justice label；The semantic marker is used to indicate second forward node and reads first tunnel in the object message The VPN label of the object message is read when road label；The VPN label is used to indicate second forward node and knows Not Chu object message ownership the target VPN.

Optionally, first forward node is the corresponding source node of the target VPN；

The recognition unit, specifically for determining the mesh according to the incoming interface or packaging information in the object message Mark the target VPN of message ownership.

Optionally, first forward node is the corresponding intermediate node of the target VPN；

The recognition unit, is specifically used for:

The second tunnel label encapsulated in the object message is read, second tunnel label is in the aggregating tunnel Under the corresponding tunnel label of first forward node, second tunnel label carries the semantic marker；

The semantic marker carried in response to recognizing second tunnel label, reads described in the object message Next layer of label of the second tunnel label, obtains the VPN label；

First forward node according to the mapping relations between the VPN label and the target VPN, determine described in The target VPN of VPN label ownership.

Optionally, described device further include:

Unit is popped up, for popping up second tunnel label from the object message.

Optionally, described device further include:

Second receiving unit, for receiving second tunnel label, the semantic marker that the network equipment issues, described VPN label and the subtree information.

Optionally, the network equipment is control node, and first tunnel label passes through the channel open flows OpenFlow It issues, the semantic marker is issued by the channel OpenFlow, and the VPN label is assisted by the channel OpenFlow or borde gateway The view channel BGP issues, and the subtree information is issued by the channel OpenFlow.

Optionally, the aggregating tunnel is located at virtual access system, all forward node in the virtual access system It is access node.

The forward node of technical solution through this embodiment, aggregating tunnel can be total according to tunnel label and VPN label It carries out turning reason with the message to VPN.Wherein, tunnel label carries semantic marker.With any one corresponding VPN of aggregating tunnel As target VPN, configured with for recording target VPN forwarding chain corresponding with target VPN on the forward node of aggregating tunnel The subtree information of road mapping relations between the next node after the forward node.The forward node is receiving target By reading tunnel label when the message of VPN, it can go down to read VPN label in message simultaneously root in the instruction of the semantic marker The message of target VPN is forwarded to the next node according to the VPN label and configured subtree information read.Therefore, exist On the forward node of aggregating tunnel, the message of target VPN can be only forwarded by the corresponding conversion link of target VPN, and The corresponding conversion link of other corresponding VPN of aggregating tunnel no longer forwards the message of target VPN.Therefore, the chain in aggregating tunnel Road, which can be avoided, be used to forward useless message, to save the floating resources in network.

Referring to Fig. 5, a kind of structural schematic diagram for the device for establishing aggregating tunnel in the embodiment of the present invention is shown.In this reality It applies in example, described device can be configured at the network equipment, and described device for example can specifically include:

First allocation unit 501 is distributed described under the aggregating tunnel for the forward node for the aggregating tunnel The corresponding tunnel label of forward node；

First issuance unit 502, for issuing the tunnel label to the forward node；

Second issuance unit 503, for issuing the semantic marker of the tunnel label to the forward node, to indicate It states forward node and carries the semantic marker in the tunnel label；

Second allocation unit 504, for distributing VPN label for target VPN；

Third issuance unit 505, for issuing the VPN label to the forward node；

Generation unit 506, for determine on the corresponding conversion link of the target VPN after the forward node under One node generates subtree information of the target VPN on the forward node；

4th issuance unit 507, for issuing the subtree information to the forward node, wherein the subtree information Record has the mapping relations between the target VPN and the next node；The semantic marker of the tunnel label, for referring to Show and is read described in the object message when forward node reads the tunnel label in the object message received VPN label, the object message are the messages of the target VPN；The VPN label is used to indicate the forward node identification The target VPN of the object message ownership out；The subtree information is used to indicate the forward node to described next Node forwards the object message.

Optionally, the network equipment is control node；

First issuance unit, it is described specifically for being issued by the channel open flows OpenFlow to the forward node Tunnel label；

Second issuance unit, specifically for issuing the semantic mark to the forward node by the channel OpenFlow Note；

The third issuance unit is specifically used for through the channel OpenFlow or Border Gateway Protocol (BGP) channel to described Forward node issues the VPN label；

4th issuance unit is believed specifically for issuing the subtree to the forward node by the channel OpenFlow Breath.

Optionally, the aggregating tunnel is located at virtual access system, all forward node in the virtual access system It is access node.

The forward node of technical solution through this embodiment, aggregating tunnel can be total according to tunnel label and VPN label It carries out turning reason with the message to VPN.Wherein, tunnel label carries semantic marker.With any one corresponding VPN of aggregating tunnel As target VPN, configured with for recording target VPN forwarding chain corresponding with target VPN on the forward node of aggregating tunnel The subtree information of road mapping relations between the next node after the forward node.The forward node is receiving target By reading tunnel label when the message of VPN, it can go down to read VPN label in message simultaneously root in the instruction of the semantic marker The message of target VPN is forwarded to the next node according to the VPN label and configured subtree information read.Therefore, exist On the forward node of aggregating tunnel, the message of target VPN can be only forwarded by the corresponding conversion link of target VPN, and The corresponding conversion link of other corresponding VPN of aggregating tunnel no longer forwards the message of target VPN.Therefore, the chain in aggregating tunnel Road, which can be avoided, be used to forward useless message, to save the floating resources in network.

It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.The terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or equipment for including a series of elements not only includes those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or equipment institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including institute State in the process, method, article or equipment of element that there is also other identical elements.

For system embodiments, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.System embodiment described above is only schematical, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual It needs that some or all of the modules therein is selected to achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not In the case where making the creative labor, it can understand and implement.

The above is only the specific embodiment of the application, it is noted that for the ordinary skill people of the art For member, under the premise of not departing from the application principle, several improvements and modifications can also be made, these improvements and modifications are also answered It is considered as the protection scope of the application.