Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberCN100334849 C
Publication typeGrant
Application numberCN 03144082
Publication date29 Aug 2007
Filing date31 Jul 2003
Priority date31 Jul 2003
Also published asCN1581819A
Publication number03144082.7, CN 03144082, CN 100334849 C, CN 100334849C, CN-C-100334849, CN03144082, CN03144082.7, CN100334849 C, CN100334849C
Inventors晋兆琼, 刘建锋
Applicant华为技术有限公司
Export CitationBiBTeX, EndNote, RefMan
External Links: SIPO, Espacenet
Method for realizing address synchronization in independant virtual LAN learning mode
CN 100334849 C
Abstract  translated from Chinese
本发明涉及一种独立VLAN学习方式下实现地址同步的方法。 The present invention relates to a method for achieving an independent VLAN learning under the address synchronization. 该方法包括:当增加或删除独立VLAN(虚拟局域网)中接入地址时,同时在接入地址默认的VLAN的地址表,以及共享该接入地址的VLAN的地址表中进行该接入地址的增加或删除操作。 The method includes: when adding or deleting independent VLAN (Virtual LAN) in the access address, the access address in the same time the access address of the default VLAN address table, and the sharing of the access address is an address table VLAN add or delete operation. 本发明的实现避免了在网络中出现大量的广播报文,节省了有限的通信网络资源,从而使通信网络可以为用户提供更大的带宽资源;同时,本发明的实现还提高了网络通信的安全性能。 Implementation of the invention to avoid the emergence of a large number of broadcast packets in the network, saving the limited communication network resources, so that the communication network can provide greater bandwidth for users; at the same time, implementation of the invention also improves network communication safety performance. 另外,本发明的实现还大大提高了IVL方式下查找MAC地址表的效率,从而提高了通信网络转发报文的性能。 In addition, the implementation of the present invention is also greatly improved under way to find the MAC address table IVL efficiency, thereby improving the performance of the communication network packet forwarding.
Claims(13)  translated from Chinese
1.一种独立VLAN学习方式下实现地址同步的方法,其特征在于包括:增加独立VLAN中接入地址的地址同步处理过程:将接入地址添加至其接入端口默认的VLAN中,同时将所述的接入地址添加至共享该接入地址的VLAN中,并将为该地址设置的地址标志位置位,通过该地址标志位表示该接入地址接入的端口默认的VLAN不是共享该接入地址的VLAN;删除独立VLAN中接入地址的地址同步处理过程:将接入地址从其接入端口默认的VLAN的网络接入设备中删除,同时将该接入地址从共享该接入地址的VLAN中删除。 Address synchronization method to achieve under an independent VLAN 1. learning, comprising: an increase in the access address VLAN address independent synchronization process: Adding an access address to its access port default VLAN, while the The access address is added to the access VLAN shared address, and the address for the address of a flag which is set by the address flag indicates that the port default VLAN of the access address is not shared access to the connection the VLAN address; delete access address in a separate VLAN addresses the synchronization process: the access address deleted from the access port default VLAN network access device, while the access to the shared address from the access address The VLAN is deleted.
2.根据权利要求1所述的独立VLAN学习方式下实现地址同步的方法,其特征在于所述的接入地址为介质访问控制MAC地址,且所述的MAC地址以MAC地址表的形式存放于网络接入设备中。 The separate VLAN learning method according to claim 1 to achieve synchronization of the next address, wherein said access address is the Media Access Control MAC address, and the MAC address as the MAC address table stored in a network access device.
3.根据权利要求1或2所述的独立VLAN学习方式下实现地址同步的方法,其特征在于所述的增加独立VLAN中接入地址的地址同步处理过程还包括:将加入共享该接入地址的VLAN中的接入地址的老化时间设置为不老化。 The Independent VLAN Learning mode 1 or claim 2, wherein the method to achieve synchronization of the next address, characterized in that the increase in the access independent VLAN address of the address of the synchronization process further comprises: sharing the access address is added VLAN aging time of the access address is set to not aging.
4.根据权利要求3所述的独立VLAN学习方式下实现地址同步的方法,其特征在于:当加入接入端口默认VLAN中的接入地址的老化时间设置为不老化时,所述的删除独立VLAN中接入地址的地址同步处理过程由用户通过命令行执行。 4. The independent VLAN learning method of claim 3, wherein the address of the synchronization of Realization, wherein: when the aging time to join the access port default VLAN of the access address is set to aging, said the deletion independent address of the VLAN access address synchronization process executed by the user via the command line.
5.根据权利要求3所述的独立VLAN学习方式下实现地址同步的方法,其特征在于:加入接入端口默认VLAN中的接入地址的老化时间设置为可老化时,所述的删除独立VLAN中接入地址的地址同步处理过程由该接入地址的老化定时器触发执行或由用户通过命令行执行。 The independent VLAN learning method of claim 3, wherein the address of the synchronization of Realization, wherein: Add an access port in the default VLAN aging time access address is set to be aging, independent of the deleted VLAN address access address synchronization process by the access address aging timer to trigger the execution or executed by the user via the command line.
6.根据权利要求1或2所述的独立VLAN学习方式下实现地址同步的方法,其特征在于所述的将该接入地址从共享该接入地址的VLAN中删除进一步包括:确定共享该接入地址的VLAN;从所述确定共享该接入地址的VLAN的地址表中查找该接入地址;根据该接入地址的地址标志位判断是否为共享的接入地址,如果是,则删除该接入地址,否则,不作处理。 The independent VLAN learning 1 or method of claim 2, wherein the synchronization Realization address, characterized in that the address be removed from the access VLAN share the access address further comprises: determining share the connection the VLAN address; shared address from the access address of the determined VLAN table lookup of the access address; the address of the access address of the shared flag determines whether the access address, and if so, delete the Access address, otherwise, not be processed.
7.根据权利要求1所述的独立VLAN学习方式下实现地址同步的方法,其特征在于所述的独立VLAN包括:私有虚拟局域网PVLAN中的上层VLANPrimary VLAN和二层VLAN Secondary VLAN。 7. The independent VLAN learning method of claim 1, wherein the address of the synchronization of Realization, wherein a separate VLAN comprises: private virtual LAN PVLAN in the upper floor VLANPrimary VLAN and VLAN Secondary VLAN.
8.根据权利要求7所述的独立VLAN学习方式下实现地址同步的方法,其特征在于该方法还包括PVLAN建立时的地址同步过程:遍历Primary VLAN中的MAC地址表,并将其中老化时间为可老化的MAC地址删除,将不可老化的MAC地址添加到Secondary VLAN的MAC地址表中,老化时间仍设置为不老化,同时将其地址标志位置位;遍历Secondary VLAN的MAC地址表,将其中老化时间为可老化的MAC地址删除,将老化时间为不可老化且地址标志位未置位的MAC地址添加到Primary VLAN的MAC地址表中,同时将其地址标志位置位。 Independent VLAN Learning mode according to claim 7, wherein the method to achieve synchronization of the next address, wherein the method further comprises the address of the synchronization process PVLAN establish: traversal Primary VLAN MAC address table, and wherein the aging time is can delete the MAC address aging, aging of MAC addresses will not be added to the Secondary VLAN MAC address table aging time is still set to aging, while its address flag bit; traversal Secondary VLAN MAC address table, which will be aging Time for the MAC address aging can delete the aging time is not aging and address flag is not set the MAC address is added to the Primary VLAN MAC address table, while its address flag bit.
9.根据权利要求7所述的独立VLAN学习方式下实现地址同步的方法,其特征在于,所述的增加独立VLAN中接入地址的地址同步处理过程包括:确定需要增加的MAC地址默认的VLAN是Primary VLAN或SecondaryVLAN,并获取所述需要增加的MAC地址默认的VLAN对应的Secondary VLAN或Primary VLAN;判断对应的Secondary VLAN或Primary VLAN中是否存在需要增加的MAC地址;如果不存在,则在所述Secondary VLAN或Primary VLAN中添加该需要增加的MAC地址,且将地址标志位置位;如果存在,则判断存在的该需要增加的MAC地址的老化时间是否为不老化;如果为不老化,则进一步判断对应的VLAN是Secondary VLAN还是Primary VLAN;如果对应的VLAN是Secondary VLAN,则继续判断其他与该Secondary VLAN所属的Primary VLAN对应的Secondary VLAN中是否存在需要增加的MAC地址,若不存在,则在所述其他与该Secondary VLAN所属的Primary VLAN对应的Secondary VLAN中添加该需要增加的MAC地址,若存在且为可老化,则删除在所述其他与该Secondary VLAN所属的Primary VLAN对应的SecondaryVLAN中存在的MAC地址,并在所述其他与该Secondary VLAN所属的Primary VLAN对应的Secondary VLAN中添加该需要增加的MAC地址,若存在且为不老化,则不做处理,直到与本PrimaryVLAN对应的所有Secondary VLAN均被执行完毕;如果对应的VLAN是Primary VLAN,则过程结束;如果是可老化,则删除所述Secondary VLAN或Primary VLAN中存在的MAC地址,并在所述Secondary VLAN或Primary VLAN中添加该需要增加的MAC地址,且将该MAC地址标志位置位。 Methods to achieve synchronization of the address under independent VLAN learning according to claim 7, characterized in that the increase in the access address independent VLAN addresses according to the synchronization process includes: determining a need to increase the MAC address of the default VLAN a Primary VLAN or SecondaryVLAN, and acquiring the need to increase the MAC address of the default of Secondary VLAN or VLAN corresponding Primary VLAN; whether there is need to increase the MAC address of the corresponding judgment or Secondary VLAN Primary VLAN; if not present in the Primary VLAN described Secondary VLAN or add the need to increase the MAC address, and the address of the flag bit; if it exists, it is determined that there is a need to increase the aging time for the MAC address is not aging; if it is not aging, it is further determine the corresponding Secondary VLAN or VLAN is Primary VLAN; if the corresponding VLAN is a Secondary VLAN, then continue to determine whether there is need to increase the MAC address of the other Primary VLAN Secondary VLAN belongs to the corresponding Secondary VLAN and, if present, then in Primary VLAN and the other belongs to the Secondary VLAN corresponding Secondary VLAN and add the need to increase the MAC address, and if there is to be worn, the deletion present in the other Primary VLAN belongs to the Secondary VLAN corresponding SecondaryVLAN in MAC address, and add the MAC address of the need to increase the other Primary VLAN Secondary VLAN belongs to the corresponding Secondary VLAN, if exists and is not aging, does nothing until all Secondary corresponding to this PrimaryVLAN VLAN are finished; if the corresponding VLAN is the Primary VLAN, then the process ends; if you are aging, remove the Secondary VLAN or Primary VLAN MAC address exists, and add that the Secondary VLAN or the Primary VLAN need to add the MAC address and the MAC address of the flag bit.
10.根据权利要求7所述的独立VLAN学习方式下实现地址同步的方法,其特征在于,所述的删除独立VLAN中接入地址的地址同步处理过程包括:确定需要删除的MAC地址默认的VLAN是Primary VLAN或SecondaryVLAN,并获取所述需要删除的MAC地址默认的VLAN对应的Secondary VLAN或Primary VLAN;判断对应的Secondary VLAN或Primary VLAN中是否存在需要删除的MAC地址;如果存在,则获取该MAC地址的地址标志位和老化时间,如果老化时间是不可老化,且地址标志位置位,则删除对应的Secondary VLAN或Primary VLAN中存在的需要删除的MAC地址,否则,按不存在该MAC地址处理;如果不存在,则进一步判断对应的VLAN是Secondary VLAN还是Primary VLAN;如果对应的VLAN是Secondary VLAN,则继续判断其他与该Secondary VLAN所属的Primary VLAN对应的Secondary VLAN中是否存在需要删除的MAC地址,若存在,则删除该需要删除的MAC地址,直到与本Primary VLAN对应的所有Secondary VLAN均被执行完毕;如果对应的VLAN是Primary VLAN,则过程结束。 Methods to achieve synchronization of the address under independent VLAN learning according to claim 7, characterized in that, to remove unattached VLAN address in the access address of the synchronization process includes: determining the need to delete the MAC address of the default VLAN a Primary VLAN or SecondaryVLAN, and acquiring the need to remove the MAC address of the default of Secondary VLAN or VLAN corresponding Primary VLAN; whether there is need to remove the MAC address to determine the corresponding Secondary VLAN or Primary VLAN; and if there is, then get the MAC Address flag addresses and aging time, if the aging time is not aging, and the address flag is set, then delete the corresponding need to delete the MAC address of the Secondary VLAN or Primary VLAN exists, otherwise, according to the MAC address of the deal does not exist; If not, then further determine the corresponding Secondary VLAN or VLAN is Primary VLAN; if the corresponding VLAN is a Secondary VLAN, then continue to determine whether there is need to remove the MAC address of the other Primary VLAN Secondary VLAN belongs to the corresponding Secondary VLAN in If there is, remove the need to remove the MAC address until this Primary VLAN corresponding to all Secondary VLAN are finished; if the corresponding VLAN is the Primary VLAN, then the process ends.
11.根据权利要求7所述的独立VLAN学习方式下实现地址同步的方法,其特征在于该方法还包括解除PVLAN中Primary VLAN与SecondaryVLAN对应关系时,地址标志位置位的MAC地址的删除过程:获取需要解除PVLAN中Primary VLAN与Secondary VLAN对应关系的Primary VLAN及其对应的所有Secondary VLAN;遍历Primary VLAN及其对应的所有Secondary VLAN的MAC地址表,将老化时间为不可老化,且地址标志位置位的MAC地址从MAC地址表中删除。 Address synchronization method to achieve independent VLAN learning under way as claimed in claim 7, wherein the method further comprises lifted when the Primary VLAN and PVLAN SecondaryVLAN correspondence, address mark removal process bit MAC address: Get PVLAN need to lift the Primary VLAN and Secondary VLAN correspondence between the Primary VLAN and its corresponding all Secondary VLAN; traversal Primary VLAN and all Secondary VLAN MAC address table corresponding to the aging time is not aging, and the address flag bits MAC address is deleted from the MAC address table.
12.根据权利要求1或7所述的独立VLAN学习方式下实现地址同步的方法,其特征在于:所述的增加独立VLAN中接入地址的地址同步处理过程,是在增加接入地址的同时进行;所述的删除独立VLAN中接入地址的地址同步处理过程是在删除接入地址的同时进行。 12. The Independent VLAN Learning mode 1 or method of claim 7, wherein the address synchronous implementation under, characterized in that: an increase in the access independent VLAN address of the address of the synchronization process, at the same time increasing the access address performed; delete separate VLAN address in the access address of the synchronization process is to delete the access address simultaneously.
13.根据权利要求1或7所述的独立VLAN学习方式下实现地址同步的方法,其特征在于:所述的增加独立VLAN中接入地址的地址同步处理过程和删除独立VLAN中接入地址的地址同步处理过程为周期进行,即周期性的确定PVLAN的Primary VLAN和Secondary VLAN中增加或删除的接入地址,并在Primary VLAN与Secondary VLAN间进行接入地址的同步处理。 13. The Independent VLAN Learning mode 1 or method of claim 7, wherein the address synchronous Realization, wherein: said increased address in the access address VLAN independent synchronization process and remove the access address in separate VLAN Address synchronization process for the cycle, namely periodically determine the Primary VLAN PVLAN and Secondary VLAN and add or delete access address and synchronize access between the Primary VLAN address and Secondary VLAN.
Description  translated from Chinese
独立虚拟局域网学习方式下实现地址同步的方法 Address synchronization method to achieve learning standalone virtual LANs

技术领域 FIELD

本发明涉及网络通信技术领域,尤其涉及一种独立VLAN(虚拟局域网)学习方式下实现地址同步的方法。 The present invention relates to the field of network communication technology, particularly to achieve synchronization method addresses cases involving an independent VLAN (Virtual LAN) learning.

背景技术 BACKGROUND

在网络通信中,为了便于通信网络的管理,保证网络通信的安全,通常需要对于以太网交换机等网络接入设备的应用进行隔离,所采用的方法是为每个需要隔离的网络接入设备分配一个VLAN ID(虚拟局域网标识),本VLAN内的用户与外界的通信均需要通过该网络接入设备实现。 In network communication, in order to facilitate the management of the communication network, to ensure the secure network communications, generally require application for Ethernet switches and other network access device isolation method used is assigned to each network access device requiring isolation a VLAN ID (VID), the user and the outside of the VLAN communication are needed within the network access device through. 但是,随着网络通信的日益发展,网络组网的日益庞大,组网所需要的VLAN ID也越来越多,而可以分配的VLAN ID资源又是有限的,因此当网络规模较大时,可以提供的VLAN ID数目将无法满足组网的需要。 However, with the increasing development of network communications, networking is an increasingly large network VLAN ID required more and more, and VLAN ID resources that can be allocated is limited, so when the large-scale network, the The number of VLAN ID can be provided will not meet the needs of the network.

为了解决上述问题,在通信网络中引入了Private VLAN(PVLAN,私有虚拟局域网)技术,该技术是目前应用的一种具有二层隔离功能的VLAN管理方法,该方法提供了一种在较低层次(二层)可以聚合VLAN的手段,在PVLAN中包括:一个primary VLAN(上层VLAN)和一个或多个secondary VLAN(二层VLAN)。 In order to solve the above problem, in a communication network introduced Private VLAN (PVLAN, private virtual local area network) technology, which is a kind of floor management VLAN isolation function of the current application, the method provides a lower level (second floor) can VLAN aggregation means in PVLAN includes: a primary VLAN (upper VLAN) and one or more secondary VLAN (Layer VLAN).

如图1所示,二层交换机Quidway S2403和Quidway S3026分别通过上行端口5、6连接至三层交换机Quidway S3526的端口7、8;在QuidwayS3526上,认为Quidway S2403接入的所有用户都在VLAN 5中,而Quidway S3026接入的所有用户都在VLAN 6中;这样,在QuidwayS3526上,只需要为VLAN 5和VLAN 6配置相应的IP(互联网协议)网段即可。 Shown switcher Quidway S2403 and Quidway S3026 in Figure 1 are connected via the uplink port three switches Quidway S3526 5,6 to 7,8 ports; on QuidwayS3526, believe that all users have access Quidway S2403 in VLAN 5 , and all users have access Quidway S3026 in VLAN 6; and so on QuidwayS3526, only 6 configure the IP (Internet Protocol) network can be for VLAN 5 and VLAN. 所述的VLAN 5和VLAN 6分别是标识两台二层交换机QuidwayS2403和Quidway S3026的Primary VLAN;而VLAN 1和VLAN 2是VLAN5的Secondary VLAN,VLAN 3和VLAN 4是VLAN 6的Secondary VLAN,每个端口的用户都被Secondary VLAN在二层隔离,三层报文的互通需要通过上接的三层交换机Quidway S3526来转发。 Described VLAN 5 and VLAN 6 are to identify the two switcher QuidwayS2403 and Quidway S3026's Primary VLAN; and VLAN 1 and VLAN 2 is VLAN5 of Secondary VLAN, VLAN 3 and VLAN 4 is VLAN Secondary VLAN 6 each user port are on the second floor Secondary VLAN isolation, exchange three packets need to be forwarded through the connection of the three switches Quidway S3526.

由上述描述可以看出,PVLAN的实质是通过划分多个VLAN,VLAN之间相互配合的方法来实现的。 As can be seen from the above description, the essence PVLAN is by dividing the multiple VLAN, methods of mutual cooperation between the VLAN to achieve. 其中,secondary VLAN主要实现上行的功能,每个secondary VLAN都包含了至少一个用户接入端口和一个上行端口,保证用户的报文能够上行,同时上行报文不能到达别的用户。 Which, secondary VLAN function mainly to achieve upward, each secondary VLAN contains at least one user access port and an uplink port, ensure that the user's packets can be upward, while the uplink packet can not reach any other user. primary VLAN则主要实现了下行的功能,primary VLAN要包括PVLAN内的所有端口,每个从上行端口下来的报文进入交换机以后,都被当做是primary VLAN内的报文来处理,因此下行报文可以到达VLAN内的任意一个用户。 primary VLAN is the main achievement of the downstream functions, primary VLAN PVLAN to include all ports within the port after each down from the uplink packet enters the switch, have been used as a primary VLAN packets inside to deal with, so the downlink packet You can reach any user VLAN. 即用户的数据在secondary VLAN内上行,又通过primaryVLAN下行。 Ie the user's data in a secondary VLAN up, but also through primaryVLAN down. 因此,PVLAN的建立既实现了在二层隔离用户的目的,又节约了三层交换机上的VLAN ID资源,同时还节约了IP网段。 Therefore, the establishment PVLAN both realized the purpose of the second floor to isolate users, but also saves on three switches VLAN ID resources, while also saving the IP network segment.

基于上述PVLAN的组网形式,目前交换机等网络接入设备采用的地址组织模式通过包括以下两种:IVL(independent VLAN learning,独立VLAN学习)方式和SVL(shared VLAN learning,共享式VLAN学习)方式;所述的IVL方式为每个VLAN内部都有自己的MAC地址表,相同的MAC地址可以学习到不同的VLAN中去,所述的SVL方式所有VLAN共享MAC地址表,表项中不会存在多个相同的MAC地址。 Based on the above form PVLAN network, address organizational mode switches and other network access devices currently used by including the following two: IVL (independent VLAN learning, independent VLAN learning) mode and SVL (shared VLAN learning, shared VLAN learning) mode ; IVL manner described for each VLAN has its own internal MAC address table, the same MAC address to a VLAN can learn to go the way of all the SVL shared VLAN MAC address table, there will be no entries in a plurality of the same MAC address.

SVL工作方式下的交换机由于所有的VLAN可以共享一个MAC地址表,因此占用的资源比较少;另外查地址表的时候不管VLAN信息,只要根据MAC地址查找到对应的端口信息即可。 Work under way switch SVL Since all VLAN can share a MAC address table, so a relatively small footprint; check the address table when another regardless of VLAN information, as long as find the MAC address corresponding to the port information. 但是SVL方式也有一个难以克服的缺点:在组播方式下,相同目的的转发表项在不同VLAN的转发目的端口是不同的,所以限制了组播方式的应用。 But there is a drawback SVL way insurmountable: in multicast mode, the same purpose of forwarding entries in different VLAN forwarding destination port is different, so limit the application of the multicast mode. 而IVL方式虽然资源占用较多,但由于每个VLAN都有自己单独的转发表,所以对组播的支持是没有问题的,这就使得IVL方式的工作模式有了较多的应用。 And although IVL way takes more resources, but because each has its own separate VLAN forwarding, so that there is no support for multicast problem, which makes IVL mode operating mode has more applications.

在IVL方式下,使用MAC地址和VLAN ID为索引来查找某个转发表项,比如要在VLAN1中查找MAC1,而MAC1存在于VLAN2中,不存在于VLAN1中,此时的查表结果是未能命中,因此IVL方式的查表效率相对SVL方式来说要低很多。 In IVL mode, use the MAC address and VLAN ID for the index to find a forwarding entry, such as to find MAC1 in VLAN1, rather MAC1 exist in VLAN2, and does not exist in VLAN1, in which case the result is not a look-up table can hit, so the look-up table of the relative efficiency of IVL mode SVL way it is much lower.

而且,当使用IVL方式来实现PVLAN时,假设用户B的地址是从VLAN2上来,属于VLAN2,用户A的地址是从VLAN1进入的,属于VLAN1。 Also, when using IVL way to achieve PVLAN, assume the address of the user B from VLAN2 up, belong to VLAN2, address of the user A is accessible from VLAN1 belongs VLAN1. 用户A和B通信就会出现一个问题,由A到B和由B到A的报文在交换机中是当做广播来处理的,如果在VLAN2内还有别的用户,那么由B到A的报文会被另外一个用户收到,从B到A的报文更是会被所有的接入用户接受到。 User A and B will be a problem of communication, from A to B and from B to A packet switch is handled as a broadcast, if there are other users in the VLAN2, then from B to A newspaper the text will be received by another user, from B to A packet is received will be access to all users. 因此,这种IVL方式的应用产生两个问题:一个是网络设备的带宽浪费的问题,所有的报文都是在作广播,没有利用交换机的优势;第二个是网络安全的问题,一个用户的报文可以被其它用户收到,安全上无法得到保证。 Therefore, the application of this approach IVL two problems: one is a waste of bandwidth network equipment problems, all the messages are in for broadcasting, no advantage of the switch; the second is the problem of network security, a user The message can be received by other users, security can not be guaranteed.

发明内容 SUMMARY

本发明的目的是提供一种独立VLAN学习方式下实现地址同步的方法,从而提高IVL方式下查找地址表的效率,防止网络中产生大量的广播报文,同时还可以提高了网络通信的安全性能。 The purpose of the present invention is a method for synchronizing address implementation provides an independent VLAN learning mode to improve under way to find the address table IVL efficiency and prevent a large number of broadcast packets in the network, but also can improve the safety performance of network communications .

本发明的目的是这样实现的:一种独立VLAN学习方式下实现地址同步的方法,包括:增加独立VLAN(虚拟局域网)中接入地址的地址同步处理过程:将接入地址添加至其接入端口默认的VLAN中,同时将所述的接入地址添加至共享该接入地址的VLAN中,并将为该地址设置的地址标志位置位,表示该接入地址接入的端口默认的VLAN不是共享该接入地址的VLAN;删除独立VLAN中接入地址的地址同步处理过程:将接入地址从其接入端口默认的VLAN(虚拟局域网)的网络接入设备中删除,同时将该接入地址从共享该接入地址的VLAN中删除。 Object of the present invention is achieved by: a method to achieve synchronization of the next address independent VLAN learning, comprising: increasing the independent VLAN (Virtual LAN) address of the access address in the synchronization process: add the access address to which the access The default port VLAN, while the access address is added to the access VLAN shared address, and the address for the address of the flag bit set, the port default VLAN of the access address of the access is not Sharing the access VLAN address; address deleted in a separate VLAN access addresses the synchronization process: the access address deleted from the access port default VLAN (Virtual LAN) network access device, while the access address removed from the VLAN share the access address.

所述的接入地址为MAC(介质访问控制)地址,且所述的MAC地址以MAC地址表的形式存放于网络接入设备中。 The access address is the MAC (Media Access Control) address, and the MAC address as the MAC address table stored in the network access device.

所述的增加独立VLAN中接入地址的地址同步处理过程还包括:将加入共享该接入地址的VLAN中的接入地址的老化时间设置为不老化。 The increase in the access address independent VLAN address synchronization process further comprises: the added VLAN aging time shared access of the address of the access address is set to non-aging.

本发明中,当加入接入端口默认VLAN中的接入地址的老化时间设置为不老化时,所述的删除独立VLAN中接入地址的地址同步处理过程由用户通过命令行执行。 The present invention, when the default VLAN access port was not added in the access address is set to the aging of the aging time, delete the VLAN according to the independent address of the access address of the synchronization process performed by the user through the command line.

所述的独立VLAN学习方式下实现地址同步的方法,还包括:加入接入端口默认VLAN中的接入地址的老化时间设置为可老化时,所述的删除独立VLAN中接入地址的地址同步处理过程由该接入地址的老化定时器触发执行或由用户通过命令行执行。 Address achieve synchronization method described under independent VLAN learning, further comprising: adding an access port in the default VLAN aging time access address is set to be aging, independent VLAN delete the address in the address synchronous access process is triggered by the execution of the access address aging timer or by the user via the command line execution.

所述的将该接入地址从共享该接入地址的VLAN中删除进一步包括:确定共享该接入地址的VLAN;从所述确定共享该接入地址的VLAN的地址表中查找该接入地址;根据该接入地址的地址标志位判断是否为共享的接入地址,如果是,则删除该接入地址,否则,不作处理。 According to the access address is deleted from the access address of the shared VLAN further comprising: determining the access address of the shared VLAN; sharing the access address from the address of the determined VLAN lookup table address of the access ; flags determine the address of the access address for shared access to address whether, and if so, remove the access address, otherwise, not be processed.

所述的独立VLAN包括:PVLAN(私有虚拟局域网)中的Primary VLAN(上层VLAN)和Secondary VLAN(二层VLAN)。 Independent VLAN comprising: PVLAN (Private VLAN) in the Primary VLAN (upper VLAN) and Secondary VLAN (Layer VLAN).

该方法还包括PVLAN建立时的地址同步过程:遍历Primary VLAN中的MAC地址表,并将其中老化时间为可老化的MAC地址删除,将不可老化的MAC地址添加到Secondary VLAN的MAC地址表中,老化时间仍设置为不老化,同时将其地址标志位置位;遍历Secondary VLAN的MAC地址表,将其中老化时间为可老化的MAC地址删除,将老化时间为不可老化且地址标志位未置位的MAC地址添加到PrimaryVLAN的MAC地址表中,同时将其地址标志位置位。 The method also includes address PVLAN establish synchronization process: The Primary VLAN traversing the MAC address table aging time and which can delete the MAC address aging, aging of MAC addresses will not be added to the Secondary VLAN MAC address table, aging time is still set to aging, while its address flag bit; traversal Secondary VLAN MAC address table, which will be the aging of the aging time for the MAC address deleted, the aging time is not aging and the address of the flag is not set PrimaryVLAN MAC address is added to the MAC address table, while its address flag bit.

所述的增加独立VLAN(虚拟局域网)中接入地址的地址同步处理过程包括: The increase in independent VLAN (Virtual LAN) access to the address in the address of the synchronization process includes:

确定需要增加的MAC地址默认的VLAN是Primary VLAN或SecondaryVLAN,并获取所述需要增加的MAC地址默认的VLAN对应的Secondary VLAN或Primary VLAN;判断对应的Secondary VLAN或Primary VLAN中是否存在需要增加的MAC地址;如果不存在,则在所述Secondary VLAN或Primary VLAN中添加该需要增加的MAC地址,且将地址标志位置位;如果存在,则判断存在的该需要增加的MAC地址的老化时间是否为不老化;如果为不老化,则进一步判断对应的VLAN是Secondary VLAN还是Primary VLAN;如果对应的VLAN是Secondary VLAN,则继续判断其他与该Secondary VLAN所属的Primary VLAN对应的Secondary VLAN中是否存在需要增加的MAC地址,若不存在,则在所述其他与该Secondary VLAN所属的Primary VLAN对应的Secondary VLAN中添加该需要增加的MAC地址,若存在且为可老化,则删除在其他与该Secondary VLAN所属的Primary VLAN对应的Secondary VLAN中存在的MAC地址,并在其他与该Secondary VLAN所属的Primary VLAN对应的Secondary VLAN中添加该需要增加的MAC地址,若存在且为不老化,则不做处理,直到与本Primary VLAN对应的所有Secondary VLAN均被执行完毕;如果对应的VLAN是Primary VLAN,则过程结束;如果是可老化,则删除在所述Secondary VLAN或Primary VLAN中存在的MAC地址,并在所述Secondary VLAN或Primary VLAN中添加该需要增加的MAC地址,且将该MAC地址标志位置位。 Identified the need to increase the MAC address of the default VLAN is the Primary VLAN or SecondaryVLAN, and acquiring the need to increase the MAC address of the default VLAN corresponding Secondary VLAN or Primary VLAN; determine the corresponding Primary VLAN Secondary VLAN or whether there is need to increase the MAC address; if you do not exist, add the need to add the MAC address of the Secondary VLAN or Primary VLAN, and the flag bit address; if there is, it is determined that the presence of the aging time of the need to increase the MAC address is not aging; if it is not worn, the further determine the corresponding Secondary VLAN or VLAN is Primary VLAN; if the corresponding VLAN is a Secondary VLAN, then continue to determine other Primary VLAN belongs to the Secondary VLAN Secondary VLAN corresponding to whether there is a need to increase the MAC address, if present, then add the need to add the MAC address of the other Primary VLAN Secondary VLAN belongs to the corresponding Secondary VLAN, if present and to be aging, remove the other belongs to the Secondary VLAN Primary VLAN corresponding Secondary VLAN and MAC address exists, and in other Primary VLAN Secondary VLAN belongs to the corresponding Secondary VLAN and add the need to increase the MAC address, if exists and is not aging, then not processed until the The Primary VLAN corresponding to all Secondary VLAN are finished; if the corresponding VLAN is the Primary VLAN, then the process ends; if you are aging, remove the presence of the Secondary VLAN or Primary VLAN, MAC address, and the Primary VLAN Secondary VLAN or add the need to increase the MAC address and the MAC address of the flag bit.

所述的删除独立VLAN中接入地址的地址同步处理过程包括:确定需要删除的MAC地址默认的VLAN是Primary VLAN或SecondaryVLAN,并获取所述需要删除的MAC地址默认的VLAN对应的Secondary VLAN或Primary VLAN;判断对应的Secondary VLAN或Primary VLAN中是否存在需要删除的MAC地址;如果存在,则获取该MAC地址的地址标志位和老化时间,如果老化时间是不可老化,且地址标志位置位,则删除对应的Secondary VLAN或PrimaryVLAN中存在的需要删除的MAC地址,否则,按不存在该MAC地址处理;如果不存在,则进一步判断对应的VLAN是Secondary VLAN还是PrimaryVLAN;如果对应的VLAN是Secondary VLAN,则继续判断其他与该Secondary VLAN所属的Primary VLAN对应的Secondary VLAN中是否存在需要删除的MAC地址,若存在,则删除该需要删除的MAC地址,直到与本Primary VLAN对应的所有Secondary VLAN均被执行完毕;如果对应的VLAN是Primary VLAN,则过程结束。 The deletion independent VLAN access address in an address synchronization process includes: determining the need to delete the MAC address of the default VLAN is the Primary VLAN or SecondaryVLAN, and acquiring the need to remove the MAC address of the default of Secondary VLAN or VLAN corresponding Primary VLAN; Secondary VLAN corresponding judgment or whether there is need to remove the Primary VLAN MAC address; if there is, then get the address of the flag and the MAC address aging time, if the aging time is not aging, and the address of the flag is set, then delete corresponding Secondary VLAN or MAC address to be deleted PrimaryVLAN exist, otherwise, according to the MAC address of the deal does not exist; if not, then further determine the corresponding Secondary VLAN or VLAN is PrimaryVLAN; if the corresponding VLAN is a Secondary VLAN, then continue to determine whether there is need to delete the MAC address of the other Primary VLAN Secondary VLAN belongs to the corresponding Secondary VLAN, if present, then remove the need to remove the MAC address until this Primary VLAN corresponding Secondary VLAN are all finished ; if the corresponding VLAN is the Primary VLAN, then the process ends.

该方法还包括解除PVLAN中Primary VLAN与Secondary VLAN对应关系时,地址标志位置位的MAC地址的删除过程:获取需要解除PVLAN中Primary VLAN与Secondary VLAN对应关系的Primary VLAN及其对应的所有Secondary VLAN;遍历Primary VLAN及其对应的所有Secondary VLAN的MAC地址表,将老化时间为不可老化,且地址标志位置位的MAC地址从MAC地址表中删除。 The method also includes the lifting of the Primary VLAN PVLAN and Secondary VLAN when correspondence address mark removal process bit MAC address: Get the need to lift the Primary VLAN PVLAN and Secondary VLAN correspondence between the Primary VLAN and its corresponding all Secondary VLAN; Primary VLAN traversal and all Secondary VLAN MAC address table corresponding to the aging time is not aging, and the address of the flag should be removed from the MAC address of the MAC address table.

所述的独立VLAN学习方式下实现地址同步的方法,还包括: Way to achieve independence under the VLAN address synchronous learning, further comprising:

所述的增加独立VLAN中接入地址的地址同步处理过程,是在增加接入地址的同时进行;所述的删除独立VLAN中接入地址的地址同步处理过程是在删除接入地址的同时进行。 The increase in the access address independent VLAN address synchronization process, at the same time increasing the access address; delete said address in the access address VLAN independent synchronization process is carried out while deleting the access address .

所述的增加独立VLAN中接入地址的地址同步处理过程和删除独立VLAN中接入地址的地址同步处理过程为周期进行,即周期性的确定PVLAN的Primary VLAN和Secondary VLAN中增加或删除的接入地址,并在Primary VLAN与Secondary VLAN间进行接入地址的同步处理。 The increase in independent VLAN access address and the address of the synchronization process to delete the access address in a separate VLAN addresses the synchronization process for the cycle, namely periodically determine the Primary VLAN and Secondary PVLAN add or remove a VLAN access the address and synchronize access between the Primary VLAN address and Secondary VLAN.

由上述技术方案可以看出,本发明的实现保证了独立VLAN学习方式下地址表中记录的地址的同步性,即实现了在PVLAN中各个VLAN间MAC地址表的同步,避免了在网络中出现大量的广播报文,节省了有限的通信网络资源,从而使通信网络可以为用户提供更大的带宽资源;同时,本发明的实现还提高了网络通信的安全性能。 As can be seen from the above technical solutions, implementations of the invention ensures the synchronization of independent VLAN learning under way address table records the address, which achieved a PVLAN in various inter-VLAN MAC address table synchronization, avoiding the emergence of the network a large number of broadcast packets, saving the limited communication network resources, so that the communication network can provide greater bandwidth for users; at the same time, to achieve the present invention further improve the safety performance of network communications. 另外,本发明的实现还大大提高了IVL方式下查找MAC地址表的效率,从而提高了通信网络转发报文的性能。 In addition, the implementation of the present invention is also greatly improved under way to find the MAC address table IVL efficiency, thereby improving the performance of the communication network packet forwarding.

附图说明 Brief Description

图1为PVLAN的组网结构示意图;图2为PVLAN中VLAN的管理示意图;图3为本发明建立PVLAN时的MAC地址同步操作过程;图4为本发明中增加MAC地址的同步操作过程;图5为本发明中删除MAC地址的同步操作过程; Figure 1 is a schematic diagram of the network structure PVLAN; Figure 2 is a schematic diagram of PVLAN in the management VLAN; Figure 3 of the present invention when MAC address setup PVLAN synchronization process; Figure 4 of the present invention to add the MAC address of the synchronization process; Fig. 5 of the present invention in the removal process synchronization operations MAC address;

图6为本发明中解除或改变PVLAN时的操作过程。 Figure 6 is lifted invention during operation or when changing the PVLAN.

具体实施方式 DETAILED DESCRIPTION

本发明的内容前面已有叙述,现以PVLAN为例对本发明的具体实施方式作进一步说明。 Contents have been described earlier in this invention, is to PVLAN example to embodiments of the present invention will be further illustrated. 在IVL(独立VLAN学习)模式下,PVAN的SecondaryVLAN中的主机与Primary VLAN中的服务器之间由于MAC地址的不共享,所以只能通过广播的方式实现相互间的信息交换,网络中大量的广播报文必然影响网络的性能显然。 In IVL (Independent VLAN learning) mode between the SecondaryVLAN PVAN and Primary VLAN host servers because they do not share the MAC address, so can only be achieved through mutual exchange of information broadcasting, a large number of broadcast networks packets will inevitably affect the performance of the network apparently. 为此,本发明需要解决的问题是在IVL模式下实现Secondary VLAN与Primary VLAN之间MAC地址的共享,即保证同一个MAC地址同时在Secondary VLAN和Primary VLAN中存在,也就是说一个用户的MAC地址在添加到所在端口默认VLAN中的同时必须添加到需要共享该MAC地址的其他VLAN中,我们可以将其他VLAN中存在的该MAC地址称为“影子地址”,以方便下面的叙述。 To this end, the present invention is required to solve the problem is to be shared between the Secondary VLAN with a Primary VLAN MAC address in the IVL mode, which is to ensure the same MAC address exist in Secondary VLAN and Primary VLAN, that is a user's MAC In addition to the location address of the default VLAN of the port at the same time must be added to other VLAN need to share the MAC address, we can be present in the other VLAN MAC address is called "shadow address" in order to facilitate the following description. 如图2所示,对于局域网交换机LanSwitch的下行端口,1个MAC地址有1个影子地址;对于交换机LanSwitch的上行端口,1个MAC地址有n个影子地址,其中n为PrimaryVLAN包含的Secondary VLAN的个数,本发明就是要使在IVL下的PVLAN中各个VLAN的MAC地址表实现同步,即所述的MAC地址与其影子地址在各VLAN中同时增加或删除。 Shown in Figure 2, for LanSwitch downstream port LAN switch, a MAC address has a shadow address; LanSwitch uplink ports for the switch, a MAC address has n shadow address, where n is the Secondary VLAN contains PrimaryVLAN The number, the present invention is to enable the MAC address table for each VLAN PVLAN in the IVL under synchronization, ie the MAC address of its shadow at the same time add or delete addresses in each VLAN.

对MAC地址表中MAC地址的操作可以分为两类:静态配置和动态维护。 MAC address table for the operation of the MAC address can be divided into two categories: static and dynamic configuration and maintenance. 静态配置是用户自动对MAC地址表进行添加、删除和修改的操作。 Static configuration is user automatically MAC address table to add, delete and modify operations. 动态维护则是交换机根据端口状态和接收到报文的情况自动进行地址学习、老化和删除的操作。 Maintenance is a dynamic address automatically switch port status and circumstances of learning based on the received packet, aging, and delete operations. MAC地址表中的MAC地址根据老化时间还可以分为两大类:可老化的和不可老化的。 MAC address table based on the MAC address aging time can also be divided into two categories: non-aging and aging. 对于不可老化的地址,通常是通过用户配置来维护的;可老化的地址则既可以由用户配置也可以动态维护,如果这个地址在设定的时间间隔里一直没有发送报文就会被交换机自动删除掉。 For non-address aging, usually maintained by the user configuration; you can either address aging can also be dynamically maintained by the user configuration, if the address has not been sending packets at a set time intervals will be automatically switch deleted.

参照上述现有交换机中MAC地表的维护方式,本发明考虑从不可老化的MAC地址的同步处理和可老化的MAC地址的同步处理两个方面解决IVL方式下PVLAN中的地址同步问题。 With reference to the existing switch MAC surface maintenance mode, the present invention contemplates IVL under way to resolve the address PVLAN synchronization synchronize sync from the aging process and can not be the MAC address aging MAC addresses two aspects. 其中不可老化的MAC地址的添加和删除都是由用户配置触发的,所以对于不可老化的MAC地址只要在用户操作的时间点上进行各VLAN的MAC地址表同步维护就可以了。 Add and delete non-aging MAC addresses are configured by the user to trigger, so for non-MAC address aging time as long as the user operations performed each VLAN MAC address table synchronization maintenance on it. 如图2中的用户B,可以通过用户配置将它的MAC地址添加到Primary VLAN和Secondary VLAN1中,地址状态都设为不可老化,这样在管理员删除它们之前,用户B都可以很好的开展网络业务。 User B in Figure 2 can be configured by the user to add its MAC address to the Primary VLAN and Secondary VLAN1, the address of the state are set to non-aging, so remove them before the administrator, user B can be a good conduct Network Business. 即:在Primary VLAN中添加、删除地址,则在所有的Secondary VLAN中添加、删除影子地址;在Secondary VLAN中添加、删除地址,则在Primary VLAN中添加、删除影子地址。 Namely: the Primary VLAN add, remove addresses, add in all of the Secondary VLAN, delete the shadow address; add in Secondary VLAN, delete the address, add the Primary VLAN, delete the shadow address. 同时,为了将一个VLAN中用户配置的不可老化地址与影子地址区分开来,需要给每个地址增加一个地址标志位,提高MAC地址表维护的有效性。 Meanwhile, in order to address non-aging and shadow address area in a VLAN configured by the user to separate each address the need to add an address flag, improve the effectiveness of the MAC address table maintenance. 而对于可老化MAC地址,由于受系统动态维护的影响,所以仅通过用户配置操作无法实现各VLAN的MAC地址表的同步,而需要参考不可老化的MAC地址的处理过程,将影子地址的老化时间设置为不可老化,并在添加或删除MAC地址时触发影子地址的相应处理过程。 As for the MAC address aging may, due to the impact of dynamic maintenance system, it is not possible to achieve only by the user to configure the operation to synchronize the MAC address table for each VLAN, and not need to refer to the process of aging MAC addresses, the address of the shadow of the aging time Set as non-aging, and when you add or remove a MAC address corresponding to trigger the process shadow addresses.

下面结合附图本发明的具体实现过程作进一步说明: OF THE DRAWINGS The present invention will be further illustrated by the specific implementation process:

在PVLAN建立的时候,为提高处理效率,考虑到现有动态MAC地址可以通过报文重新学习到,所以可以先清除Primary VLAN及SecondaryVLAN中的所有可老化地址,仅保留涉其中由用户配置的不可老化地址,并进行地址同步操作;而且为避免影子地址再生成影子地址的情况,采用了首先将Primary VLAN中的不可老化的MAC地址同步到SecondaryVLAN,当Secondary VLAN中的MAC地址同步到Primary VLAN时则检查并排除MAC地址表中的影子地址,判断MAC地址是否为影子地址的依据是该MAC地址的地址标志位是否被置位,如果被置位,则确定为影子地址;现结合图3对建立PVLAN时的各VLAN的MAC地址同步过程进行详细说明:步骤301:在通信网络中根据需要建立PVLAN,确定PVLAN包含的Primary VLAN和Secondary VLAN,同时确定所述各VLAN的MAC地址表索引;步骤302:根据Primary VLAN的MAC地址表索引遍历PrimaryVLAN的MAC地址表,获取MAC地址的老化状态,即老化时间;步骤303:判断MAC地址的老化时间是否为不可老化,如果是,执行步骤304,否则,执行步骤305,以清除MAC地址表中老化时间为可老化的MAC地址;步骤304:将不可老化的MAC地址添加到Primary VLAN下的所有Secondary VLAN的MAC地址表,且将地址标志位置位,表示该MAC地址为影子地址,并执行步骤306; PVLAN when established, in order to improve processing efficiency, taking into account existing dynamic MAC address can pass the message to re-learn, so it can be cleared and Primary VLAN aging SecondaryVLAN all available addresses, which involves retaining only configured by the user is not available Aging address, and address synchronization; and address the situation in order to avoid re-generate the shadow of a shadow address, using the first Primary VLAN MAC address aging can not be synchronized to SecondaryVLAN, when the Secondary VLAN and MAC address when synchronized to the Primary VLAN check and eliminate the MAC address table in the shadow address, MAC address to determine whether the address is based on the address of the shadow flag whether the MAC address is set, if it is set, it is determined to address the shadow; now in conjunction with Figure 3 pairs Each VLAN PVLAN established when the MAC address of the synchronization process is described in detail: Step 301: Establish a communication network needed PVLAN, determine Primary VLAN and Secondary VLAN PVLAN included while determining the MAC address table for each VLAN index; step 302: Primary VLAN based on the MAC address table index traversal PrimaryVLAN MAC address table, get the MAC address aging state, namely the aging time; Step 303: determine whether the MAC address aging time is not aging, and if so, step 304, otherwise , step 305, to clear the MAC address table aging time for the MAC address can be aging; Step 304: the aging of the MAC addresses will not be added to all Secondary VLAN MAC address table under the Primary VLAN, and will address a flag indicates that the MAC address of the shadow address, and perform step 306;

该步骤的目的是将Primary VLAN中的不可老化的MAC地址同步到与其对应的所有Secondary VLAN中,同时为对增加和删除MAC地址的有效管理,还将同步过去的MAC地址作了标记,标记为影子地址;步骤305:删除该可老化的MAC地址,并执行步骤6,因为可老化的MAC地址可以在地址学习过程中学习到,并在学习到时执行相应的同步操作过程,所以此处将其删除;步骤306:判断Primary VLAN中的MAC地址表是否遍历完毕,如果是,则执行步骤307,否则,执行步骤302,继续遍历该MAC地址表,获取地址表中的下一个MAC地址;步骤307:从Primary VLAN下的各个Secondary VLAN中依次确定本次需要遍历的Secondary VLAN的MAC地址表;在PVLAN中一个Primary VLAN中通常包含多个Secondary VLAN,因此,首先需要确定需要遍历的一个Secondary VLAN的MAC地址表索引;步骤308:根据确定的MAC地址表索引遍历该MAC地址表,获取MAC地址的老化时间和地址标志位;步骤309:判断MAC地址的老化时间是否为不可老化,如果是,执行步骤311,否则,执行步骤310;步骤310:删除该可老化的MAC地址,并执行步骤313;步骤311:判断该不可老化的MAC地址的地址标志位是否被置位,即是否是影子地址,如果是,执行步骤313,否则,执行步骤312;该步骤避免了影子地址再次生成新的影子地址; The purpose of this step is the Primary VLAN MAC address aging can not be synchronized to the corresponding Secondary VLAN in all, as well as effective management of adding and deleting a MAC address, the MAC address will be synchronized in the past been marked, labeled shadow address; Step 305: delete the MAC address can be aging, and perform step 6, because the MAC address aging can learn to address the learning process, and learning to be executed when the corresponding process synchronization, so here will remove; Step 306: Analyzing Primary VLAN MAC address table is completed traversed, if yes, perform step 307, otherwise, execute step 302, continue to traverse the MAC address table, the address table to obtain the next MAC address; Step 307: in order to determine this need to traverse the Secondary VLAN MAC address table from each Secondary VLAN Primary VLAN under the; in a Primary VLAN PVLAN usually contains multiple Secondary VLAN, therefore, you first need to determine the need to traverse a Secondary VLAN MAC address table index; Step 308: According to the index to determine the MAC address table traverse the MAC address table, get the MAC address aging time and address flags; Step 309: Determine whether the MAC address aging time is not aging, and if so, step 311, otherwise, go to step 310; Step 310: delete the MAC address can be aging, and to step 313; Step 311: determine the MAC address aging can not address whether the flag is set, that is, whether it is the shadow address If yes, perform step 313, otherwise, go to step 312; this step avoids the shadow address generating new shadow address again;

步骤312:将该不可老化的MAC地址添加到Primary VLAN的MAC地址表中,且将其地址标志位置位,表示该MAC地址为影子地址;步骤313:判断是否遍历完毕该Secondary VLAN的MAC地址表,如果是,执行步骤314,否则,执行步骤308;步骤314:判断是否遍历完该Primary VLAN下所有的SecondaryVLAN的MAC地址表,如果是,PVLAN建立时的地址同步过程结束,否则继续执行步骤7。 Step 312: the aging of the MAC address can not be added to the Primary VLAN MAC address table, and its address flag which indicates that the MAC address of the shadow address; Step 313: Determine whether to traverse completed the Secondary VLAN MAC address table If yes, perform step 314, otherwise, go to Step 308; Step 314: determining whether all SecondaryVLAN traversed the MAC address table under the Primary VLAN, and if so, the address PVLAN establish synchronization process ends, otherwise, proceed to Step 7 .

建立PVLAN时的地址同步过程完成后,则需要确定建立后的PVLAN的Primary VLAN及Secondary VLAN中的MAC地址表的同步维持过程,本发明中PVLAN建立完成后,是根据用户配置和动态维护实现各个VLAN的MAC地址表的同步,而且无论是用户配置还是动态维护均为根据需要操作的地址信息实现对该地址的增加或删除,并结合PVLAN的配置情况对各个VLAN的MAC地址进行同步,需要操作的地址信息包括:所属的VLAN、MAC地址、老化时间、地址标志位、使用的端口等。 After the address of the synchronization process of establishing PVLAN when completed, you will need to determine PVLAN established after synchronization process to maintain the Primary VLAN and Secondary VLAN and MAC address table after the invention PVLAN established, is to achieve a dynamic individual user to configure and maintain synchronization VLAN MAC address table, and whether it is user-configured or dynamic maintenance operations are based on the address information required to achieve this address to add or remove, combined PVLAN configuration of MAC address of each VLAN to synchronize, you need to operate The address information includes: VLAN belongs, MAC address aging time, address flag, port and so on. 建立后的PVLAN的地址同步维持过程实际上包括:添加MAC地址时的同步处理过程和删除MAC地址时的同步处理过程。 PVLAN address after the establishment of the synchronization maintenance process actually includes: synchronous processing and synchronization process to remove the MAC address when the MAC address is added.

所述的增加MAC地址时PVLAN的地址同步过程操作参见图4,添加MAC地址可以是用户进行的地址添加操作,也可以是学习到新的MAC地址导致的地址添加操作,具体包括以下步骤: When the increase in the MAC address PVLAN address synchronous operation Referring to Figure 4, add the MAC address is the address of the user may add operation, may be to learn new MAC address to the address resulting from adding the operation, includes the following steps:

步骤401:确定需要添加的MAC地址信息,包括需要添加的MAC地址的默认的VLAN、MAC地址值、接入端口、地址标志位、地址的老化时间等;步骤402:根据需要添加的MAC地址的接入端口信息判断添加的MAC地址默认的VLAN是否为PVLAN中的Primary VLAN,如果是,执行步骤404,否则,执行步骤403;步骤403:根据需要添加的MAC地址的端口信息判断该MAC地址默认的VLAN是否为PVLAN中的Secondary VLAN,如果是,执行步骤410,否则,过程结束;即如果需要添加的MAC地址默认的VLAN既不是Primary VLAN也不是Secondary VLAN,则本次添加MAC地址的同步过程结束;步骤404:从该Primary VLAN对应的所有Secondary VLAN中依次确定本次需要遍历的Secondary VLAN的MAC地址表,并获取该MAC地址表的索引;步骤405:根据MAC地址索引遍历该MAC地址表中的MAC地址,并判断需要添加的MAC地址是否存在于该MAC地址表中,如果存在,执行步骤406,否则,执行步骤408;步骤406:判断存在于该MAC地址表中的需要添加的MAC地址的老化时间是否为不可老化,如果是,则执行步骤409,否则,执行步骤407;步骤407:将需要添加的MAC地址从该MAC地址表中删除,并执行步骤408; Step 401: Determine the need to add the MAC address information, including VLAN, MAC address of the default values need to add the MAC address of the access port, address flag, address aging time; Step 402: According to the need to add the MAC address MAC address of the default VLAN access port information to determine whether to add in the PVLAN Primary VLAN, if yes, perform step 404, otherwise, go to Step 403; Step 403: according to the port information to add the MAC address of the MAC address of the default judgment The VLAN PVLAN whether the Secondary VLAN, if yes, step 410, otherwise, the process ends; that is, if you need to add the MAC address of the default VLAN is neither a Primary VLAN nor Secondary VLAN, then add this synchronization process MAC address end; Step 404: click OK from the Primary VLAN corresponding Secondary VLAN and all of this needs to traverse the Secondary VLAN MAC address table, and get the index of the MAC address table; Step 405: traversing the MAC address table based on the MAC address index the MAC address, and determines the need to add the MAC address exists in the MAC address table, if present, step 406, otherwise, go to Step 408; Step 406: Analyzing present in the MAC address table, it is required to add MAC whether the address aging time can not be aging, if yes, perform step 409, otherwise, go to Step 407; Step 407: the need to add the MAC address is deleted from the MAC address table, and proceed to step 408;

该步骤也可以直接将该MAC地址的老化时间设置为不可老化,为其设置地址标志位,并置位,执行步骤409;步骤408:将需要添加的MAC地址添加到本次遍历的SecondaryVLAN的MAC地址表中,将其老化时间设置为不可老化,地址标志位置位,表示该地址为影子地址,并执行步骤409;步骤409:判断Primary VLAN下的所有Secondary VLAN的MAC地址表是否均已遍历完毕,如果是,则结束过程,否则,继续执行步骤404;步骤410:获取该Secondary VLAN对应的Primary VLAN;步骤411:判断该Primary VLAN的MAC地址表中是否存在该需要添加的MAC地址,如果是,则执行步骤412,否则,执行步骤414;步骤412:判断该存在的MAC地址的地址老化时间是否为不可老化,如果是,结束过程,否则,执行步骤413;步骤413:删除存在于Primary VLAN的MAC地址表中的该MAC地址,执行步骤414;该步骤也可以直接将该MAC地址的老化时间设置为不可老化,为其设置地址标志位,并置位,并结束地址同步过程;步骤414:将需要添加的MAC地址添加到Primary VLAN的MAC地址表中,将其地址老化时间设置为不可老化,地址标志位置位,表示该地址为影子地址。 This step can also be directly the MAC address aging time is set to non-aging, to set the address of the flag, and set, step 409; Step 408: the need to add the MAC address is added to this traversal SecondaryVLAN of MAC address table aging time is set to be non-aging, address flag which indicates that the address of the shadow of address, and to step 409; Step 409: Determine whether all the Secondary VLAN MAC address table Primary VLAN traversal have been completed under If yes, then the process ends, otherwise, proceed to step 404; Step 410: Get the Secondary VLAN corresponding Primary VLAN; Step 411: Determine whether you need to add the MAC address of the presence of the Primary VLAN MAC address table, if it is , step 412, otherwise, go to Step 414; Step 412: determine whether the presence of the address of the MAC address aging if the aging time is not available, and if so, the process ends, otherwise, perform step 413; step 413: Remove exist in Primary VLAN The MAC address of the MAC address table, step 414; this step can also be directly the MAC address aging time is set to non-aging, to set the address flag and set, and the end of the address of the synchronization process; 414 : will need to add the MAC address is added to the Primary VLAN MAC address table, which address aging time is set to non-aging, address flag which indicates that the address is a shadow address.

所述的删除MAC地址时PVLAN的地址同步过程操作参见图5,删除MAC地址可以是用户进行的地址删除操作,也可以是系统中老化定时器超时时地址被老化掉导致的地址删除操作,具体包括以下步骤:步骤501:确定需要删除的MAC地址信息,包括需要删除的MAC地址的默认的VLAN、MAC地址值、接入端口、地址标志位、地址的老化时间等;步骤502:判断的需要删除的MAC地址默认的VLAN是否为PVLAN中的Primary VLAN,如果是,执行步骤504,否则,执行步骤503;步骤503:判断需要删除的MAC地址默认的VLAN是否为PVLAN中的Secondary VLAN,如果是,执行步骤509,否则,过程结束;步骤504:从该Primary VLAN对应的所有Secondary VLAN中依次确定本次需要遍历的Secondary VLAN的MAC地址表,并获取该MAC地址表的索引;步骤505:根据MAC地址索引遍历该MAC地址表中的MAC地址,并判断需要删除的MAC地址是否存在于该MAC地址表中,如果存在,执行步骤506,否则,执行步骤508;步骤506:判断存在于该MAC地址表中的需要删除的MAC地址是否为老化时间设置为不可老化,且地址标志位被置位(该MAC地址为影子地址),如果是,则执行步骤507,否则,执行步骤508;步骤507:将需要删除的MAC地址从该MAC地址表中删除,并执行步骤508; The MAC address is deleted when the address of the synchronization procedure PVLAN see Figure 5, you can delete the MAC address is the address of the user delete operation, the system can also be an address aging timer expires, the address is aged out due to the deletion of specific includes the following steps: Step 501: determine the MAC address information needs to be removed, including the need to delete the MAC address of the default VLAN, MAC address value, the access port, address flag, address aging time; Step 502: the need for judgment removes the MAC address of the default VLAN whether PVLAN in Primary VLAN, if yes, perform step 504, otherwise, go to step 503; Step 503: Determine MAC address needs to be removed whether the default VLAN PVLAN the Secondary VLAN, if it is , step 509, otherwise, the process ends; Step 504: in order to determine this need to traverse the Secondary VLAN MAC address table from the Primary VLAN corresponding Secondary VLAN in all, and get the index of the MAC address table; Step 505: According to MAC address index traverse the MAC address table MAC address, and determine whether you want to delete the MAC address exists in the MAC address table, if it exists, to step 506, otherwise, go to step 508; Step 506: Determine present in the MAC whether the address table need to remove the MAC address aging time is set for non-aging, and the address flag is set (the MAC address for the shadow address), and if yes, proceed to step 507, otherwise, go to step 508; step 507 : The need to remove the MAC address is deleted from the MAC address table, and perform step 508;

步骤508:判断Primary VLAN下的所有Secondary VLAN的MAC地址表是否均已遍历完毕,如果是,则结束过程,否则,继续执行步骤504;步骤509:获取该Secondary VLAN对应的Primary VLAN;步骤510:判断该Primary VLAN的MAC地址表中是否存在该需要删除的MAC地址,如果是,则执行步骤511,否则,过程结束;步骤511:判断该存在的MAC地址是否为老化时间设置为不可老化,且地址标志位被置位,如果不是,结束过程,否则,执行步骤512;步骤512:删除存在于Primary VLAN的MAC地址表中的该MAC地址,过程结束。 Step 508: determining whether all under the Primary VLAN Secondary VLAN MAC address table are traversing is completed, if it is, the end of the process, otherwise, proceed to step 504; Step 509: Get the Secondary VLAN corresponding Primary VLAN; Step 510: determines whether there is the need to remove the MAC address of the Primary VLAN MAC address table, if yes, perform step 511, otherwise, the process ends; Step 511: judging whether the existence of the MAC address aging time for the aging can not be set, and Address flag is set, and if not, the end of the process, otherwise, go to step 512; Step 512: Delete Primary VLAN exists in the MAC address table of the MAC address, the process ends.

总之,在向PVLAN中添加MAC地址时,如果添加的MAC地址为Primary VLAN中的地址,则在其对应的每个Secondary VLAN中增加该MAC地址的影子地址;如果是Secondary VLAN中的地址,则在其对应的Primary VLAN中增加该MAC地址的影子地址;在删除PVLAN中的MAC地址时,如果删除的MAC地址为Primary VLAN中的地址,则在其对应的每个Secondary VLAN中删除该MAC地址的影子地址;如果是SecondaryVLAN中的地址,则在其对应的Primary VLAN中删除该MAC地址的影子地址。 In short, when you add MAC addresses to PVLAN, if you add the MAC address is the address of the Primary VLAN, increase the shadow of the address of the MAC address corresponding to each of its Secondary VLAN; if you are in the Secondary VLAN address is increase shadow address with the MAC address in the corresponding Primary VLAN; when deleting PVLAN MAC address, if you delete the MAC address of the Primary VLAN address, delete the MAC address corresponding to each of the Secondary VLAN shadow address; if it is SecondaryVLAN the address, delete the MAC address in the corresponding Shadow Primary VLAN address.

本发明的实现还包括解除或改变PVLAN中Primary VLAN和SecondaryVLAN映射关系时,对Primary VLAN和Secondary VLAN的MAC地址表中影子地址的删除操作,具体具体实现流程参见图6,包括以下步骤: Implementation of the invention also includes the lifting or changing the Primary VLAN and SecondaryVLAN PVLAN mapping relationship of Secondary VLAN Primary VLAN and MAC address table in the shadow of addresses delete operation, the specific implementation process see Figure 6, comprising the following steps:

步骤601:确定需要解除的PVLAN中Primary VLAN和SecondaryVLAN;步骤602:依次遍历PVLAN中各个VLAN的MAC地址表,获取各个MAC地址的老化时间和地址标志位;步骤603:判断该MAC地址是否为老化时间为不可老化,且地址标志位被置位,如果是,则执行步骤604,否则,执行步骤605;步骤604:删除该MAC地址,并执行步骤605;步骤605:判断当前遍历的MAC地址表是否遍历完毕,如果是,过程结束,否则,执行步骤606;步骤606:获取MAC地址表中的下一个MAC地址的老化时间和地址标志位,并执行步骤603。 Step 601: Determine the need to lift the PVLAN in the Primary VLAN and SecondaryVLAN; Step 602: in order to traverse each VLAN PVLAN in the MAC address table aging time to obtain the MAC address and the address of each flag; Step 603: Determine whether the MAC address aging Time is not aging, and the address flag is set, and if yes, proceed to step 604, otherwise, go to step 605; Step 604: delete the MAC address, and perform step 605; Step 605: Determine the current traversing the MAC address table whether the traversal is complete, and if so, the process ends, otherwise, perform step 606; Step 606: Get the aging time and the address flag in the MAC address table of the next MAC address, and step 603 is executed.

经过上述过程的描述,实现了当解除改变PVLAN包含的VLAN时,影子地址可以被有效地清除,以便于建立新的PVLAN,开始新的地址同步过程。 After the above description of the process to achieve the lifting of changing VLAN PVLAN when included, the shadow address can be effectively removed, in order to establish a new PVLAN, start a new address synchronization process.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
CN1411213A *14 Nov 200216 Apr 2003烽火通信科技股份有限公司Ethernet switch in net virtual local network switch in technique
CN1426199A *13 Dec 200125 Jun 2003华为技术有限公司Method for managing users in wide hand city network
US6111874 *18 Dec 199729 Aug 2000Advanced Micro Devices, Inc.Shared address table with source and destination two-pass algorithm
US6188694 *23 Dec 199713 Feb 2001Cisco Technology, Inc.Shared spanning tree protocol
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
CN103414801A *12 Aug 201327 Nov 2013杭州华三通信技术有限公司Method and device for synchronizing medium access control addresses in stacking system
CN103414801B *12 Aug 201317 Aug 2016杭州华三通信技术有限公司一种堆叠系统中媒质访问控制地址同步的方法和设备
Classifications
International ClassificationH04L29/06, H04L9/00, H04L12/24, H04L12/28
Legal Events
DateCodeEventDescription
16 Feb 2005C06Publication
1 Mar 2006C10Entry into substantive examination
29 Aug 2007C14Grant of patent or utility model
21 Sep 2016EXPYTermination of patent right or utility model