Virtual private network and method for controlling and forwarding route thereof

US 20070133577A1
Filed: 10/30/2006
Published: 06/14/2007
Est. Priority Date: 07/13/2004
Status: Abandoned Application

First Claim

Patent Images

1. A Virtual Private Network (VPN), comprising:

a provider'"'"'s network and a customer'"'"'s network;

wherein, a Sub-Provider Edge (SUB_PE) is configured in the customer'"'"'s network, and the SUB-PE is connected with a PE in the provider'"'"'s network. at least one SUB_VPN belonging to the same customer is configured under the SUB_PE, and the SUB_VPN accesses the provider'"'"'s network via the SUB_PE.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a Virtual Private Network (VPN), which includes: a Sub-Provider Edge (SUB_PE), configured in a customer'"'"'s network and connected with a PE in a provider'"'"'s network; at least one SUB_VPN belonging to a same customer is configured under the SUB_PE and accesses the provider'"'"'s network through the SUB_PE. The present invention also discloses a method for controlling and forwarding route of the VPN, including: an SUB_PE or a PE adds an export target attribute of the VPN where it is located to the route before transmitting; after receiving the route, the SUB_PE or the PE compares the export target attribute in the route with the import target attribute saved by itself, if they match, accept the route and forward it to a lower layer VPN; otherwise, reject the route.

50 Citations

View as Search Results

11 Claims

1. A Virtual Private Network (VPN), comprising:
- a provider'"'"'s network and a customer'"'"'s network;
  
  wherein, a Sub-Provider Edge (SUB_PE) is configured in the customer'"'"'s network, and the SUB-PE is connected with a PE in the provider'"'"'s network. at least one SUB_VPN belonging to the same customer is configured under the SUB_PE, and the SUB_VPN accesses the provider'"'"'s network via the SUB_PE.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The VPN according to claim 1, wherein, the VPN comprises at least one of the following:
    - a Customer Edge (CE), a SUB_PE and a SUB_Provider (P) router.
  - 3. The VPN according to claim 2, wherein, the VPN comprises at least one lower layer SUB_PE, which is connected to the PE through the SUB_PE in the SUB_VPN;
    - at least one lower layer SUB_VPN is configured under the lower layer SUB_PE.
  - 4. The VPN according to claim 1, wherein, private network routes are transmitted between the SUB_PE and the PE connected with the SUB_PE by Multi-protocol Border Gateway Protocol (MBGP).
  - 5. The VPN according to claim 1, wherein, the SUB_VPN is configured under the SUB_PE in the following format:
    - SUB_VPN name;
      
      VPN import/export SUB_VPN identifier.

6. A method for controlling and forwarding route of a Virtual Private Network (VPN) which comprises a provider'"'"'s network and a customer'"'"'s network, comprising:
- configuring a Sub-Provider Edge (SUB_PE) in the customer'"'"'s network, connected with a PE in the provider'"'"'s network;
  
  configuring at least one SUB_VPN belonging to the same customer under the SUB_PE, and the SUB_VPN accessing the provider'"'"'s network through the SUB_PE;
  
  adding, by a SUB_PE, an export target attribute of a SUB_VPN to a route of the SUB_VPN, and transmitting the route to the PE by Multi-protocol Border Gateway Protocol (MBGP);
  
  adding, by the PE, an export target attribute of the SUB_VPN to the received route, and forwarding the route to a peer PE in the VPN through the provider'"'"'s network;
  
  after receiving the route, comparing, by the peer PE, the export target attribute in the route with an import target attribute saved by the peer PE, if a matching VPN is found, accepting the route and forwarding the route to a SUB_VPN connected with the peer PE;
  
  otherwise, rejecting the route;
  
  after receiving the route, comparing, by a SUB_PE in the SUB_VPN connected with the peer PE, the export target attribute of the SUB_VPN connected with the PE in the route with an import target attribute of the SUB_VPN connected with the peer PE saved by the SUB_PE in the SUB_VPN connected with the peer PE, if they match, accepting the route;
  
  otherwise, rejecting the route.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method according to claim 6, wherein, at least one lower layer SUB_PE is configured, connected with the PE through the SUB_PE in the SUB_VPN;
    - and at least one lower layer SUB_VPN is configured under the lower layer SUB_PE;
      
      the step of transmitting the route to the PE by the SUB_PE comprises;
      
      forwarding, by the lower layer SUB_PE, the route layer by layer through the SUB_PE; and
      
      adding export target attributes of the SUB_VPNs respectively corresponding to the lower layer SUB_PE and the SUB_PE to the route when forwarding the route;
      
      after the step of forwarding the route to the SUB_VPN connected with the peer PE by the peer PE, the method further comprises;
      
      after receiving the route, comparing, by the SUB_PE in the SUB_VPN connected with the peer PE, the current layer export target attribute of the SUB_VPN in the route with the import target attribute of the SUB_VPN saved by the SUB_PE in the SUB_VPN connected with the peer PE, if a matching SUB_VPN is found, accepting the route and forwarding the route to a lower layer SUB_VPN connected with the SUB_PE in the SUB_VPN connected with the peer PE;
      
      otherwise, rejecting the route.
  - 8. The method according to claim 6, further comprising:
    - after receiving a route by an SUB_PE or a PE, forwarding the route to other interfaces of the SUB_VPN or the VPN to which the SUB_PE or the PE belongs.
  - 9. The method according to claim 7, further comprising:
    - after receiving a route by an SUB_PE or a PE, forwarding the route to other interfaces of the SUB_VPN or the VPN to which the SUB_PE or the PE belongs.
  - 10. The method according to claim 6, wherein, a SUB_CE is configured in the SUB_VPN;
    - in the step of forwarding the route to an SUB_VPN connected with the peer PE by the peer PE, if the route is to be forwarded to an SUB_CE, the route is transformed into an IPv4 route before forwarding to the SUB_CE.
  - 11. The method according to claim 6, further comprising:
    - before the step of forwarding the route to an SUB_VPN connected with the peer PE by the peer PE, judging, by the peer PE, whether there is a router running the MBGP among the routers in the customer'"'"'s network connected with the peer PE, if there is such a router, it indicating that there is an SUB_VPN, continuing with the following operations;
      
      otherwise, it indicating that there is no SUB_VPN, ending the procedure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Dong, Weisi

Application Number

US11/589,092
Publication Number

US 20070133577A1
Time in Patent Office

Days
Field of Search
US Class Current

370/401
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/46   Cluster building

H04L 45/50   using label swapping, e.g. ...

Virtual private network and method for controlling and forwarding route thereof

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual private network and method for controlling and forwarding route thereof

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links