The market of wide area LAN services using the Ethernet technology is rapidly developing in recent years. The dedicated line service of company networks has been inherited by the ATM service to integrate voice and data and the frame backbone service specialized to data, and developed into IP-VPN (IP-Virtual Private Network) oriented to network outsourcing and the wide area LAN service which virtually connects already built LANs. In the wide area LAN communication, when a customer ID of a VLAN (Virtual LAN) is given to a customer, a logical private network, i.e., VPN (Virtual Private Network) can be provided.
In the VPN service, the wide area LAN service can use the provided public network as if it were a dedicated line. The VPN service is called a virtual closed network or virtual private network. More specifically, in this service a customer telephone network can be used like extensions in a company. A customer such as a company prepares an arbitrary telephone number system of two to seven digits. VPN customers can freely call each other by using the telephone numbers. Even in data communication, data is transmitted/received by using a VLAN stack frame, like the telephone. In the VPN service, data is forwarded by using a customer MAC frame (Customer's Media Access Control Frame: also called an Ethernet frame).
[Address Space in Customer MAC frame Forwarding]
The address space in conventional customer MAC frame forwarding will be described.
FIG. 9 is a view showing a conventional VLAN stack frame format.
In the header of a conventional VLAN stack frame format 12E, the destination MAC address, source MAC address, VLAN tag, VLAN tag, type ID, customer data, and FCS (Frame Check Sequence) are transmitted in this order. In each VLAN tag, the type ID, priority, CFI (Canonical Format Indicator), and VLAN ID are transmitted in this order.
When a customer MAC frame forwarded from a customer network is received, the destination MAC address and VLAN ID contained in the header information of the customer MAC frame, the number of the port which has received the customer MAC frame, and the Service VLAN ID set for the port number in advance are analyzed. The Service VLAN ID is added to the customer MAC frame as a VLAN tag. By using the Service VLAN ID and destination MAC address as keys, the port to transmit is searched from a forwarding table which is learned in advance. The received customer MAC frame is transmitted to that port.
A Bridge in the backbone network analyzes the destination MAC address and Service VLAN ID contained in the header information of the customer MAC frame. By using the Service VLAN ID and destination MAC address as keys, the port to transmit is searched from a forwarding table which is learned in advance. The received customer MAC frame is transmitted to that port.
In the above-described prior art, the backbone network and customer network are managed on the basis of the same address system. The Bridge in the backbone network must search for the destination for all addresses on the customer network connected to the backbone network. In addition, since the Service VLAN ID is implemented by 12 bits, the possible range is limited to 4,096. Furthermore, the Bridge in the backbone network does not refer to the VLAN ID and cannot therefore identify terminals which have the same destination MAC address on different VLANs in the same VPN.
Examples of proposals similar to the conventional method are “Simple Bridge Apparatus” in Japanese Patent Laid-Open No. 5-235942 (to be referred to as a first prior art hereinafter), “Frame Forwarding Method and Frame Bridge” in Japanese Patent Laid-Open No. 2003-273911 to be referred to as a second prior art hereinafter), and “Method used in Packet Communication and Edge Switch” in Japanese Patent Laid-Open No. 2002-344476 (to be referred to as a third prior art hereinafter).
In the first prior art, a station address management unit for the secondary LAN is provided in a bridge HUB. A frame conversion unit in the bridge HUB encapsulates a frame to be communicated between stations connected to the primary LAN into data of the secondary LAN so the frame is not succeeded to the destination address of a frame of the secondary LAN.
The destination address is used to succeed only a frame to be communicated between a station connected to the primary LAN and a station connected to the secondary LAN. In this arrangement, processing by the frame conversion unit is simple as compared to an arrangement to convert all frames transparently. The requirement for the bridge processing speed is relaxed, and the apparatus can be implemented at a low cost.
However, the first prior art has no function as a VPN to virtually connect a plurality of primary LANs.
In the frame forwarding method of the second prior art, a forwarding route to forward a frame is set between nodes in the network. A terminal to send a frame or a node outside the forwarding route is to transmit a frame which should be forwarded through the forwarding route, forwarding route selection information about the forwarding route and output line information about the output line of the node of the terminal of the forwarding route are written in the frame from frame forwarding destination information in the frame. Then, the frame is transmitted. In this case, the node of the start of the forwarding route determines, on the basis of the forwarding route selection information in the frame, the forwarding route to be used for forwarding, and transmits the frame to the forwarding route. The node of the terminal of the forwarding route determines, on the basis of the output line information in the frame, the output line to which the frame should be output from the node, and transmits the frame to the output line. With this arrangement, a network capable of accommodating a larger number of VPNs can be provided.
In the second prior art, however, forwarding routes to forward a frame must be set in advance between all nodes in the network.
In the third prior art, each original Ethernet packet (EP) generated in the first network of a company, customer, or network service provider is encapsulated into another EP. This EP is given an interface address between the first Ethernet network (EN) and a second EN such as a metropolitan EN. The encapsulated packet is transmitted in accordance with this address. When the encapsulated packet exceeds the permitted EP length, the original EP is divided by the interface between the first and second networks. Resultant divided parts are encapsulated as two encapsulated packets.
In this prior art, however, since the VPN ID is expressed by 12 bits, the possible range is limited to 4,096. Additionally, since the VPN space has no hierarchical structure, management is cumbersome. As the address to be used for forwarding in the backbone network, the address of a customer-facing port is used. For this reason, if the number of customer-facing ports increases, the number of addresses in the backbone network increases. The entity (VPN) is determined on the basis of the input port of the packet (paragraph [0022] of this prior art). Hence, the input ports and VPNs can permit only a one-to-one relationship. To belong to a plurality of VPNs, a plurality of input ports and a plurality of logical lines to connect to the input ports are necessary.
[Mutual Connection Between Stacked VLAN Network and Backbone Network]
Conventional mutual connection between a stacked VLAN network and a backbone network will be described next.
FIG. 23 is an explanatory view showing a conventional customer MAC frame forwarding method.
Referring to FIG. 23, a stacked VLAN/MAC frame forwarded from a stacked VLAN network 4E is received by a stacked VLAN port 6E of a stacked VLAN edge Bridge 2S. When a stacked VLAN/MAC frame forwarded from a stacked VLAN network 4F, it is received by a stacked VLAN port 6F. By using the destination MAC address, Provider VLAN ID, and VLAN ID contained in the header information of the received stacked VLAN/MAC frame as keys, the stacked VLAN edge Bridge 2S searches for the port to transmit from a forwarding table which is learned in advance.
The received stacked VLAN/MAC frame is converted into a customer MAC frame by removing the Provider VLAN ID information and the like from the stacked VLAN/MAC frame. The customer MAC frame is transmitted to found ports 8A to 8K.
An edge Bridge 2Q receives the customer MAC frame by customer-facing ports 9A to 9K and analyzes the destination MAC address and VLAN ID contained in the header information of the customer MAC frame, the number of the port which has received the customer MAC frame, and the Service VLAN ID set for the port number in advance. By using the Service VLAN ID, VLAN ID, and destination MAC address as keys, the backbone MAC address to transmit is searched from a forwarding table which is learned in advance, and a port to transmit is searched on the basis of the backbone MAC address. The customer MAC frame is encapsulated into a backbone MAC frame. The backbone MAC frame is transmitted to backbone-facing ports 7A and 7B.
In this prior art, to mutually connect the stacked VLAN networks 4E and 4F to a backbone network 1, two apparatuses, i.e., the stacked VLAN edge Bridge 2S and edge Bridge 2Q are necessary.
In addition, there is no means for identifying the Provider VLAN and Service VLAN of the customer MAC frame forwarded between the two, stacked VLAN edge Bridge 2S and edge Bridge 2Q.
As an alternate means for identifying the Provider VLAN and Service VLAN of the customer MAC frame, ports are prepared for the respective Provider VLANs and Service VLANs. The ports of corresponding Provider VLAN and Service VLAN are connected by a cable. In this case, to accommodate a number of Provider VLANs and Service VLANs, a number of ports and cables are necessary, and management of them is complex.
In addition, to connect an arbitrary VLAN belonging to an arbitrary Provider VLAN and an arbitrary VLAN belonging to an arbitrary Service VLAN, setting for it is necessary for both the stacked VLAN edge Bridge 2S and the edge Bridge 2Q. To identify the connection relationship, individual ports and cables are necessary for both apparatuses.
Furthermore, in the second and third prior arts, the stacked VLAN network and backbone network cannot be connected.
[Generation of Loop in Backbone Network]
Generation of a frame forwarding loop in the backbone network will be described next.
FIG. 37 is a view showing a customer MAC frame forwarding method according to a prior art.
In this prior art, upon receiving a customer MAC frame from a customer-facing port 6A or 6B, an edge Bridge 2 identifies the Service VLAN ID corresponding to the customer MAC frame on the basis of the customer-facing port and the VLAN ID of the customer MAC frame. To transmit the customer MAC frame from the backbone-facing port 7A or 7B, the customer MAC frame is encapsulated into a backbone MAC frame and transmitted to a backbone network 1A or 1B.
Upon receiving a backbone MAC frame from the backbone-facing port 7A or 7B, the edge Bridge 2 sets, as the Service VLAN ID contained in the backbone MAC frame, the Service VLAN ID corresponding to the customer MAC frame contained in the backbone MAC frame. To transmit the backbone MAC frame from the customer-facing port 6A or 6B, the customer MAC frame is extracted from the backbone MAC frame and transmitted.
A Bridge (not shown) in the backbone network 1A or 1B analyzes the destination backbone MAC address and Service VLAN ID contained in the header information of the backbone MAC frame. By using the Service VLAN ID and destination backbone MAC address as keys, a port to transmit is searched from a forwarding table which is learned in advance. The backbone MAC frame is transmitted to that port.
In this prior art, when the edge Bridge 2 receives, from a backbone-facing port, a backbone MAC frame that the apparatus itself has transmitted from a backbone-facing port, it cannot be determined because no means for detecting it is present, and a loop may be generated. In addition, even when a loop is generated in the backbone network connected to the backbone-facing port, the loop cannot be detected.
In the above prior art, when the source address of the backbone MAC frame which the edge Bridge 2 has received from the backbone-facing port is an invalid address such as a broadcast address or multicast address, it cannot be determined because no means for detecting it is present, and the frame may be forwarded.
In the above prior art, when the edge Bridge 2 executes loop-back forwarding between the backbone-facing ports, and the destination address of the backbone MAC frame received from the backbone-facing port is not the address of the edge Bridge, it cannot be determined because no means for detecting it is present, and the frame may be forwarded.
In the above prior art, even when a loop is generated in backbone MAC frame forwarding, the position of the loop cannot be specified.
FIG. 31 is a view showing a VLAN stack frame format 15C of a prior art.
In this prior art, the edge Bridge 2 receives a customer MAC frame forwarded from a customer network and analyzes the destination MAC address and VLAN ID contained in the header information of the customer MAC frame, the number of the port which has received the customer MAC frame, and the Service VLAN ID set for the port number in advance.
The Service VLAN ID is added to the customer MAC frame as a VLAN tag. By using the Service VLAN ID and destination MAC address as keys, a port to transmit is searched from a forwarding table which is learned in advance. The customer MAC frame is transmitted to that port.
A Bridge (not shown) in the backbone network 1A or 1B analyzes the destination MAC address and Service VLAN ID contained in the header information of the customer MAC frame. By using the Service VLAN ID and destination address as keys, a port to transmit is searched from a forwarding table which is learned in advance. The customer MAC frame is transmitted to that port.
In this prior art, when the edge Bridge receives, from a backbone-facing port, a stacked VLAN/MAC frame that the apparatus itself has transmitted from a backbone-facing port, it cannot be determined because no means for detecting it is present, and a loop may be generated. In addition, even when a loop is generated in the backbone network connected to the backbone-facing port, the loop cannot be detected.
In the above prior art, even when a loop is generated in stacked VLAN/MAC frame forwarding, the position of the loop cannot be specified.
The customer MAC frame forwarding technique in Ethernet communication is currently being standardized under the name of “802.1ad Provider Bridges” in IEEE (Institute of Electric and Electronics Engineers). No patent references which describe the contents of technique of this type could not be found at the time of patent application.