1. Field of the Invention
The present invention relates to a network connection method, a network connection system, and a layer 2 switch and a management server forming the network connection system. More particularly, the present invention relates to a network connection method, a network connection system, and a layer 2 switch and a management server forming the network connection system for interconnecting virtual LANs that are distributed over a plurality of sites.
2. Description of the Related Art
In recent years, as one kind of private network services provided by a service provider, a service is being provided for transferring a layer 2 MAC frame, as it is, of a subscriber LAN and the like from a site to another site to which the subscriber belongs by using layer 2 switches (to be referred to as L2 switch hereinafter). Compared with a service based on layer 3 switches, since the above-mentioned service can handle protocols other than the IP protocol, the above-mentioned service can be expected to become further widespread as a more general service.
FIG. 1 shows a block diagram of an example of a conventional network connection system for providing the above-mentioned service. In the figure, a network 10 of a service provider is configured by L2 switches as a mesh or tree topology. In addition, in the network 10, the MAC frame may be encapsulated and transmitted via an ATM network and the like other than a LAN. Sites 11, 12 and 13 of a subscriber A and sites 14 and 15 of a subscriber B are connected to the network 10. For example, the sites 11, 12 and 13 of the subscriber A are a Tokyo branch, a Oosaka branch and a Nagoya branch respectively.
In the network 10, since MAC frames of the plural subscribers A and B are transferred, it is necessary to identify a subscriber for each MAC frame so as to identify a port of a transfer destination. Therefore, a method for providing a VLAN (Virtual Local Area Network) tag specific for each subscriber is used to identify the subscriber.
By the way, a subscriber may establishes a plurality of VLANs in a site of the subscriber. For example, the subscriber may establishes VLANs for each organization in a company. FIG. 2 shows a block diagram of an example of such a conventional network connection system.
In this case, it is necessary that, a VLAN tag is provided to a MAC frame in each of the sites 11, 12 and 13 of the subscriber, and the MAC frame is transferred transparently over the network of the service provider. However, since the VLAN tag of the subscriber is decided arbitrarily by the subscriber, there is a possibility that the VLAN tag provided by the subscriber may be the same as a VLAN tag used by the service provider for transferring the MAC frame over the network 10.
To avoid this problem, a following method is used. That is, in each edge switch (a switch placed at a position that is connected to a subscriber side (L2 switches 16, 17 and 18)), as shown in a format in FIG. 3, the VLAN tag 20 provided in the subscriber side in the MAC frame sent from the subscriber is kept as it is, and a new VLAN tag 21 is provided for transferring the MAC frame in the network 10 of the service provider.
For example, a VLAN tag 21 provided at an edge L2 switch 16 of the service provider is removed at a L2 switch 17 placed at an edge of a site of the transfer destination, so that a MAC frame having only the VLAN tag of the subscriber is transferred to the subscriber. The above-mentioned function for adding or removing a new VLAN tag at an edge L2 switch of the service provider side is called VLAN tag stacking.
As a further conventional technology, for example, Japanese Laid-Open Patent Application No. 2002-26955 discloses an ID identification method in which each of a LAN switch and a terminal includes a function for identifying a GVRP (GARP VLAN) frame and a new protocol, and a GW (Gateway) address kept by each terminal is used for determining a VLAN-ID to be assigned to each terminal.
In addition, Japanese Laid-Open Patent Application NO. 10-93614 discloses that MAC address learning in a LAN switch is performed for each VLAN.
As to a source MAC address and a destination MAC address used in the network 10 of the L2 switches, there is a case where a predetermined specific MAC address is used for a kind of a protocol. For example, to use functions of VRRP (a protocol for virtual router) shown in RFC 2338, “00-00-5E-00-01-{VRID}” is used as a MAC address, wherein “VRID” is a variable and is one octet information used for identifying a router.
In addition, when VLANs are formed in a network of the subscriber, since the L2 switch has a function (IVL mode in IEEE802.1d) for performing address learning for each VLAN independently, the same MAC address such as “00-00-5E-00-01-01” of VRRP can be used and operated in each VLAN by separating the VLANs.
That is, even for networks that are physically interconnected, if each VLAN can be identified, any MAC address can be used in each VLAN. Other than the VRRP, for example, when a local MAC address is used, there may be a case where the same MAC address may be used in different VLANs.
However, if a configuration shown in FIG. 4 is adopted for connecting a plurality of VLANs of a subscriber via the network 10 of the service provider, a following problem arises.
Since the network 10 of the service provider is formed by the L2 switches 16 and 17 and the like, learning of MAC addresses is performed in the edge L2 switch for each VLAN tag of the provider added by the VLAN tag stacking function. That is, learning of MAC addresses is not performed for each VLAN tag of the subscriber.
Therefore, a MAC frame having a MAC address “00-00-5E-00-01-01” of a node of a subscriber may be sent from the Tokyo site 11 and may be sent from the Oosaka site 12, so that communications cannot be performed properly. For example, when a user tries to send a MAC frame to “00-00-5E-00-01-01” in a VLAN 201 (in the Oosaka site 12) from the Tokyo site 11, at this time, there is a possibility that the L2 switch 16 has learned that “00-00-5E-00-01-01” of a VLAN 301 exists at the Tokyo site 11. In this case, when the MAC frame is sent to the L2 switch 16 at the edge of the provider from the Tokyo site 11, the frame is filtered so that any communication cannot be performed.
To solve this problem, it can be considered that the L2 switch in the network of the provider performs learning of MAC addresses including VLAN tags of subscribers. Generally, in L2 switches, CAM (Content Addressable Memory) is used for increasing speed for address learning and for searching learning results. For learning a MAC address including a VLAN tag for a subscriber, an address space having 72 bits is necessary since bits to be learned are 48 bits of the MAC address and double arranged 12 bits of a VLAN tag. But, the cost of the apparatus increases when adopting a CAM having such a large address space. In addition, a special L2 switch is necessary and such a special L2 switch is more expensive than a general L2 switch.
In addition, as another solution, it can be considered to provide a VLAN-ID (to be referred to as “VID” hereinafter) as the VLAN tag of the provider according to a value of the VLAN tag of the subscriber. That is, the L2 switch at the edge of the provider refers to a VLAN tag of a frame sent from a subscriber, obtains a VID in the network of the provider based on the VLAN tag, and provides the VID to the frame by using the VLAN tag stacking function.
Accordingly, since address learning at the L2 switch of the provider is performed for each VID corresponding to each different VLAN in the subscriber side, the above-mentioned problem can be solved. However, for realizing this solution, each time when the subscriber adds or deletes a VLAN, it becomes necessary to change setting for providing a VLAN tag, so that there is a problem in that enormous efforts need to be expended for network management.