-
公开(公告)号:US08971332B2
公开(公告)日:2015-03-03
申请号:US13004979
申请日:2011-01-12
申请人: Paul Unbehagen , David Allan , Bruno Germain , Roger Lapuh , Mohnish Anumala , Nigel Bragg
发明人: Paul Unbehagen , David Allan , Bruno Germain , Roger Lapuh , Mohnish Anumala , Nigel Bragg
IPC分类号: H04L12/28 , H04L12/751 , H04L12/46 , H04L12/715 , H04L12/721
CPC分类号: H04L12/4662 , H04L12/462 , H04L12/4645 , H04L12/4683 , H04L45/02 , H04L45/028 , H04L45/04 , H04L45/502 , H04L45/52 , H04L45/54 , H04L45/66
摘要: Nodes on a link state protocol controlled Ethernet network implement a link state routing protocol such as IS-IS. Nodes assign an IP address or I-SID value per VRF and then advertise the IP addresses or I-SID values in IS-IS LSAs. When a packet is to be forwarded on the VPN, the ingress node identifies the VRF for the packet and performs an IP lookup in customer address space in the VRF to determine the next hop and the IP address or I-SID value of the VRF on the egress node. The ingress node prepends an I-SID or IP header to identify the VRFs and then creates a MAC header to allow the packet to be forwarded to the egress node on the link state protocol controlled Ethernet network. When the packet is received at the egress node, the MAC header is stripped from the packet and the appended I-SID or IP header is used to identify the egress VRF. A customer address space IP lookup is then performed in the identified VRF on the egress node using the information in the client IP header to determine how to forward the packet. Customer reachability information within a VPN may be exchanged between VRFs using iBGP, or directly by using link state protocol LSAs tagged with the relevant I-SID.
-
公开(公告)号:US20120170578A1
公开(公告)日:2012-07-05
申请号:US12980885
申请日:2010-12-29
申请人: Mohnish Anumala , Roger Lapuh , Ganesh Nakhawa
发明人: Mohnish Anumala , Roger Lapuh , Ganesh Nakhawa
IPC分类号: H04L12/56
CPC分类号: H04L12/56 , H04L12/1886 , H04L12/4641 , H04L45/04 , H04L45/16
摘要: Techniques disclosed herein include systems and methods for providing multicast Virtual Private Network (VPN) support for IP VPN networks, including IP VPN-lite networks. Such techniques provide multicast VPN capability over an IP unicast core network by creating a multicast service VLAN and IP interface, which is used for multicast control traffic exchange between VPN instances. Multicast VPN data traffic is then carried over unicast IP-in-IP tunnels. A given ingress Provide Edge (PE) replicates the multicast traffic for all receiving egress PEs, and adds control information so that the multicast traffic appears as unicast traffic to the Core network. With such a technique, a given Core network only needs to run an IP unicast that is free of VPN unicast or multicast route or tree information.
摘要翻译: 本文公开的技术包括为IP VPN网络(包括IP VPN-Lite网络)提供组播虚拟专用网(VPN)支持的系统和方法。 这种技术通过创建组播业务VLAN和IP接口,通过IP单播核心网提供组播VPN能力,用于VPN实例之间的组播控制流量交换。 组播VPN数据流量然后通过单播IP-in-IP隧道传输。 给定的入口提供边缘(PE)复制所有接收出口PE的组播流量,并添加控制信息,使得组播流量以单播流量出现到核心网络。 通过这种技术,给定的核心网络只需要运行一个没有VPN单播或组播路由或树信息的IP单播。
-
公开(公告)号:US20100329265A1
公开(公告)日:2010-12-30
申请号:US12492548
申请日:2009-06-26
申请人: Roger Lapuh , Mohnish Anumala
发明人: Roger Lapuh , Mohnish Anumala
IPC分类号: H04L12/56
CPC分类号: H04L45/00 , H04L12/4645 , H04L12/4679 , H04L45/66
摘要: MP-BGP VPN infrastructure based on IETF RFC 4364/2547 is used to configure a layer 2 VPN on an IP network. VRFs for the VPN are configured on Ethernet switches and service IP addresses are associated with each configured VRF. The service IP addresses are exchanged to enable VPN traffic to be encapsulated for transport over the IP network. To enable a L2 VPN to be established on the network, a VPN-VLAN ID will be configured for the L2 VPN and import/export route targets for the VPN-VLAN will be set in each VRF and UNI-VLAN that is part of the VPN. The VPN-VLAN will be announced to all PEs using MP-iBGP with export route targets set for this VPN-VLAN. The PE's control plane learns the VPN-VLAN on a logical port if the import RT matches the export RT received by the MP-iBGP control plane. Once the VPN-VLAN is learned on a logical port, the PE will perform MAC learning on that logical port and treat the logical port as if it were part of the L2 VLAN.
摘要翻译: 基于IETF RFC 4364/2547的MP-BGP VPN基础设施用于在IP网络上配置第2层VPN。 VPN的VRF在以太网交换机上配置,服务IP地址与每个配置的VRF相关联。 交换服务IP地址,使VPN流量能够被封装,以便通过IP网络进行传输。 为了在网络上建立L2 VPN,将为L2 VPN配置VPN-VLAN ID,VPN-VLAN的导入/导出路由目标将在每个VRF和UNI-VLAN中设置,作为 VPN。 VPN-VLAN将使用MP-iBGP向所有PE发布,并为此VPN-VLAN设置导出路由目标。 如果导入RT与MP-iBGP控制平面接收到的导出RT匹配,PE的控制面将在逻辑端口上学习VPN-VLAN。 一旦在逻辑端口学到VPN-VLAN,PE将在该逻辑端口上执行MAC学习,并将该逻辑端口视为L2 VLAN的一部分。
-
公开(公告)号:US08098656B2
公开(公告)日:2012-01-17
申请号:US12492548
申请日:2009-06-26
申请人: Roger Lapuh , Mohnish Anumala
发明人: Roger Lapuh , Mohnish Anumala
CPC分类号: H04L45/00 , H04L12/4645 , H04L12/4679 , H04L45/66
摘要: MP-BGP VPN infrastructure based on IETF RFC 4364/2547 is used to configure a layer 2 VPN on an IP network. VRFs for the VPN are configured on Ethernet switches and service IP addresses are associated with each configured VRF. The service IP addresses are exchanged to enable VPN traffic to be encapsulated for transport over the IP network. To enable a L2 VPN to be established on the network, a VPN-VLAN ID will be configured for the L2 VPN and import/export route targets for the VPN-VLAN will be set in each VRF and UNI-VLAN that is part of the VPN. The VPN-VLAN will be announced to all PEs using MP-iBGP with export route targets set for this VPN-VLAN. The PE's control plane learns the VPN-VLAN on a logical port if the import RT matches the export RT received by the MP-iBGP control plane. Once the VPN-VLAN is learned on a logical port, the PE will perform MAC learning on that logical port and treat the logical port as if it were part of the L2 VLAN.
摘要翻译: 基于IETF RFC 4364/2547的MP-BGP VPN基础设施用于在IP网络上配置第2层VPN。 VPN的VRF在以太网交换机上配置,服务IP地址与每个配置的VRF相关联。 交换服务IP地址,使VPN流量能够被封装,以便通过IP网络进行传输。 为了在网络上建立L2 VPN,将为L2 VPN配置VPN-VLAN ID,VPN-VLAN的导入/导出路由目标将在每个VRF和UNI-VLAN中设置,作为 VPN。 VPN-VLAN将使用MP-iBGP向所有PE发布,并为此VPN-VLAN设置导出路由目标。 如果导入RT与MP-iBGP控制平面接收到的导出RT匹配,PE的控制面将在逻辑端口上学习VPN-VLAN。 一旦在逻辑端口学到VPN-VLAN,PE将在该逻辑端口上执行MAC学习,并将该逻辑端口视为L2 VLAN的一部分。
-
5.发明申请Providing an abstraction layer in a cluster switch that includes plural switches 有权在包含多个交换机的集群交换机中提供抽象层公开(公告)号:US20090092043A1
公开(公告)日:2009-04-09
申请号:US11906668
申请日:2007-10-03
CPC分类号: H04L49/552 , H04L49/351 , H04L49/555 , H04L49/70
摘要: In a communications network, a cluster switch is provided, where the cluster switch has plural individual switches. An abstraction layer is provided in the cluster switch, such that an interface having a set of ports is provided to upper layer logic in the cluster switch. The set of ports includes a collection of ports of the individual switches. Control traffic and data traffic are communicated over virtual tunnels between individual switches of the cluster switch, where each virtual tunnel has an active channel and at least one standby channel.
摘要翻译: 在通信网络中,提供集群交换机,其中集群交换机具有多个单独的交换机。 在集群交换机中提供抽象层,使得具有一组端口的接口被提供给集群交换机中的上层逻辑。 端口集包括各个交换机的端口集合。 在群集交换机的各个交换机之间的虚拟隧道上传送控制业务和数据业务,其中每个虚拟隧道具有活动信道和至少一个备用信道。
-
公开(公告)号:US08537816B2
公开(公告)日:2013-09-17
申请号:US12980885
申请日:2010-12-29
申请人: Mohnish Anumala , Roger Lapuh , Ganesh Nakhawa
发明人: Mohnish Anumala , Roger Lapuh , Ganesh Nakhawa
CPC分类号: H04L12/56 , H04L12/1886 , H04L12/4641 , H04L45/04 , H04L45/16
摘要: Techniques disclosed herein include systems and methods for providing multicast Virtual Private Network (VPN) support for IP VPN networks, including IP VPN-lite networks. Such techniques provide multicast VPN capability over an IP unicast core network by creating a multicast service VLAN and IP interface, which is used for multicast control traffic exchange between VPN instances. Multicast VPN data traffic is then carried over unicast IP-in-IP tunnels. A given ingress Provide Edge (PE) replicates the multicast traffic for all receiving egress PEs, and adds control information so that the multicast traffic appears as unicast traffic to the Core network. With such a technique, a given Core network only needs to run an IP unicast that is free of VPN unicast or multicast route or tree information.
摘要翻译: 本文公开的技术包括为IP VPN网络(包括IP VPN-Lite网络)提供组播虚拟专用网(VPN)支持的系统和方法。 这种技术通过创建组播业务VLAN和IP接口,通过IP单播核心网提供组播VPN能力,用于VPN实例之间的组播控制流量交换。 组播VPN数据流量然后通过单播IP-in-IP隧道传输。 给定的入口提供边缘(PE)复制所有接收出口PE的组播流量,并添加控制信息,使得组播流量以单播流量出现到核心网络。 通过这种技术,给定的核心网络只需要运行一个没有VPN单播或组播路由或树信息的IP单播。
-
7.发明授权Implementation of VPNs over a link state protocol controlled ethernet network 有权通过链路状态协议控制的以太网网络实现VPN公开(公告)号:US07894450B2
公开(公告)日:2011-02-22
申请号:US12215350
申请日:2008-06-26
申请人: Paul Unbehagen , David Allan , Bruno Germain , Roger Lapuh , Mohnish Anumala , Nigel Bragg
发明人: Paul Unbehagen , David Allan , Bruno Germain , Roger Lapuh , Mohnish Anumala , Nigel Bragg
CPC分类号: H04L12/4662 , H04L12/462 , H04L12/4645 , H04L12/4683 , H04L45/02 , H04L45/028 , H04L45/04 , H04L45/502 , H04L45/52 , H04L45/54 , H04L45/66
摘要: Nodes on a link state protocol controlled Ethernet network implement a link state routing protocol such as IS-IS. Nodes assign an IP address or I-SID value per VRF and then advertise the IP addresses or I-SID values in IS-IS LSAs. When a packet is to be forwarded on the VPN, the ingress node identifies the VRF for the packet and performs an IP lookup in customer address space in the VRF to determine the next hop and the IP address or I-SID value of the VRF on the egress node. The ingress node prepends an I-SID or IP header to identify the VRFs and then creates a MAC header to allow the packet to be forwarded to the egress node on the link state protocol controlled Ethernet network. When the packet is received at the egress node, the MAC header is stripped from the packet and the appended I-SID or IP header is used to identify the egress VRF. A customer address space IP lookup is then performed in the identified VRF on the egress node using the information in the client IP header to determine how to forward the packet. Customer reachability information within a VPN may be exchanged between VRFs using iBGP, or directly by using link state protocol LSAs tagged with the relevant I-SID.
摘要翻译: 链路状态协议控制的以太网上的节点实现了IS-IS等链路状态路由协议。 节点为每个VRF分配IP地址或I-SID值,然后在IS-IS LSA中通告IP地址或I-SID值。 当在VPN上转发数据包时,入节点识别数据包的VRF,并在VRF的客户地址空间中执行IP查找,以确定下一跳以及VRF的IP地址或I-SID值 出口节点。 入口节点前置I-SID或IP头以识别VRF,然后创建一个MAC报头,以允许将数据包转发到链路状态协议控制的以太网上的出口节点。 当在出口节点处接收到分组时,从分组中剥离MAC报头,并使用附加的I-SID或IP报头来识别出口VRF。 然后使用客户端IP报头中的信息在出口节点上识别的VRF中执行客户地址空间IP查找,以确定如何转发数据包。 VPN内的客户可达性信息可以使用iBGP在VRF之间交换,也可以直接使用与相关I-SID标记的链路状态协议LSA交换。
-
8.发明授权Providing an abstraction layer in a cluster switch that includes plural switches 有权在包含多个交换机的集群交换机中提供抽象层公开(公告)号:US07751329B2
公开(公告)日:2010-07-06
申请号:US11906668
申请日:2007-10-03
CPC分类号: H04L49/552 , H04L49/351 , H04L49/555 , H04L49/70
摘要: In a communications network, a cluster switch is provided, where the cluster switch has plural individual switches. An abstraction layer is provided in the cluster switch, such that an interface having a set of ports is provided to upper layer logic in the cluster switch. The set of ports includes a collection of ports of the individual switches. Control traffic and data traffic are communicated over virtual tunnels between individual switches of the cluster switch, where each virtual tunnel has an active channel and at least one standby channel.
摘要翻译: 在通信网络中,提供集群交换机,其中集群交换机具有多个单独的交换机。 在集群交换机中提供抽象层,使得具有一组端口的接口被提供给集群交换机中的上层逻辑。 端口集包括各个交换机的端口集合。 在群集交换机的各个交换机之间的虚拟隧道上传送控制业务和数据业务,其中每个虚拟隧道具有活动信道和至少一个备用信道。
-
9.发明申请Implementation of VPNs over a link state protocol controlled Ethernet network 有权通过链路状态协议控制的以太网实现VPN公开(公告)号:US20090168666A1
公开(公告)日:2009-07-02
申请号:US12215350
申请日:2008-06-26
申请人: Paul Unbehagen , David Allan , Bruno Germain , Roger Lapuh , Mohnish Anumala , Nigel Bragg
发明人: Paul Unbehagen , David Allan , Bruno Germain , Roger Lapuh , Mohnish Anumala , Nigel Bragg
CPC分类号: H04L12/4662 , H04L12/462 , H04L12/4645 , H04L12/4683 , H04L45/02 , H04L45/028 , H04L45/04 , H04L45/502 , H04L45/52 , H04L45/54 , H04L45/66
摘要: Nodes on a link state protocol controlled Ethernet network implement a link state routing protocol such as IS-IS. Nodes assign an IP address or I-SID value per VRF and then advertise the IP addresses or I-SID values in IS-IS LSAs. When a packet is to be forwarded on the VPN, the ingress node identifies the VRF for the packet and performs an IP lookup in customer address space in the VRF to determine the next hop and the IP address or I-SID value of the VRF on the egress node. The ingress node prepends an I-SID or IP header to identify the VRFs and then creates a MAC header to allow the packet to be forwarded to the egress node on the link state protocol controlled Ethernet network. When the packet is received at the egress node, the MAC header is stripped from the packet and the appended I-SID or IP header is used to identify the egress VRF. A customer address space IP lookup is then performed in the identified VRF on the egress node using the information in the client IP header to determine how to forward the packet. Customer reachability information within a VPN may be exchanged between VRFs using iBGP, or directly by using link state protocol LSAs tagged with the relevant I-SID.
摘要翻译: 链路状态协议控制的以太网上的节点实现了IS-IS等链路状态路由协议。 节点为每个VRF分配IP地址或I-SID值,然后在IS-IS LSA中通告IP地址或I-SID值。 当要在VPN上转发数据包时,入口节点识别数据包的VRF,并在VRF的客户地址空间中执行IP查找,以确定下一跳,并且VRF的IP地址或I-SID值 出口节点。 入口节点前置I-SID或IP头以识别VRF,然后创建一个MAC报头,以允许将数据包转发到链路状态协议控制的以太网上的出口节点。 当在出口节点处接收到分组时,从分组中剥离MAC报头,并使用附加的I-SID或IP报头来识别出口VRF。 然后使用客户端IP报头中的信息,在出口节点上识别的VRF中执行客户地址空间IP查找,以确定如何转发数据包。 VPN内的客户可达性信息可以使用iBGP在VRF之间交换,也可以直接使用与相关I-SID标记的链路状态协议LSA交换。
-
公开(公告)号:US08929364B2
公开(公告)日:2015-01-06
申请号:US11935563
申请日:2007-11-06
IPC分类号: H04L12/28 , H04L12/46 , H04L12/715
CPC分类号: H04L12/4641 , H04L12/4633 , H04L45/04
摘要: A new type of Provider Edge (PE) device is used to support BGP-based IP-VPNs. Each VRF instance in a PE device is associated with a dedicated IP address (Service IP address). Each service IP address is dedicated to a VRF in a PE device. The service IP address is distributed by BGP for VPN route association. Customer/VRF IP packets can be sent to a VRF instance in the egress PE device using service IP header encapsulation (with IP Destination Address=Service IP address of egress PE's VRF & IP Source Address=Service IP address of ingress PE's VRF). This obviates the need for explicit tunnels in the core.
摘要翻译: 一种新型的Provider Edge(PE)设备用于支持基于BGP的IP-VPN。 PE设备中的每个VRF实例与专用IP地址(服务IP地址)相关联。 每个服务IP地址专用于PE设备中的VRF。 服务IP地址由BGP分配用于VPN路由关联。 客户/ VRF IP数据包可以使用业务IP报头封装(IP目的地址=出口PE的VRF和IP源地址=入口PE的VRF的服务IP地址)的服务IP地址发送到出口PE设备中的VRF实例。 这消除了核心中明确隧道的需要。
-
-
-
-
-
-
-
-
-
搜索结果
33 条记录 (耗时 0.018 秒)
