[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2014059787A1 - Communication connection method, communication device and communication system - Google Patents

Communication connection method, communication device and communication system Download PDF

Info

Publication number
WO2014059787A1
WO2014059787A1 PCT/CN2013/075605 CN2013075605W WO2014059787A1 WO 2014059787 A1 WO2014059787 A1 WO 2014059787A1 CN 2013075605 W CN2013075605 W CN 2013075605W WO 2014059787 A1 WO2014059787 A1 WO 2014059787A1
Authority
WO
WIPO (PCT)
Prior art keywords
configuration information
network
network site
tunnel
vpn configuration
Prior art date
Application number
PCT/CN2013/075605
Other languages
French (fr)
Chinese (zh)
Inventor
周天然
曾晴
于德雷
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2014059787A1 publication Critical patent/WO2014059787A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/72Admission control; Resource allocation using reservation actions during connection setup
    • H04L47/724Admission control; Resource allocation using reservation actions during connection setup at intermediate nodes, e.g. resource reservation protocol [RSVP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • H04L47/825Involving tunnels, e.g. MPLS

Definitions

  • the present invention relates to the field of communications, and in particular, to a communication connection method, a communication device, and a communication system.
  • Cloud computing technology is a technology that applies cloud processing network sites (such as enterprise computer systems, etc.) to transmit processing results back to network sites.
  • the network site leases devices in the cloud to form a virtual private cloud.
  • VPC Virtual Private Cloud
  • Embodiments of the present invention provide a communication connection method, a communication device, and a communication system, which can improve connection efficiency.
  • a communication connection method including:
  • a first request message sent when the load of the network site is higher than the first load where the first request message includes a request for creating a VPC, an identifier (IDentity, ID) of the network station, and a first tunnel. Attribute information; creating a target VPC according to the request to create a VPC; connecting the target VPC and a first operator edge device (PE); sending the ID of the network site to the first PE and the a tunnel attribute information, so that the first PE obtains a second virtual private network (VPN) configuration information and an address of the second PE according to the ID of the network station, and determines according to the second VPN configuration information.
  • VPN virtual private network
  • the first VPN configuration information that matches the second VPN configuration information, and according to the first VPN configuration information, the address of the second PE And establishing, by the first tunnel attribute information, a VPN connection and a tunnel connection with the second PE, so as to implement a communication connection between the target VPC and the network site, where the second VPN configuration information is The VPN configuration information of the second PE, where the second PE is an access device of the network site.
  • the connecting the target VPC and the first carrier edge device includes: creating a virtual customer edge device corresponding to the target VPC (virtual customer edge, VCE); connecting the first PE through the VCE.
  • the method further includes: receiving, by the network station, a second a request message, the second request message includes a request for updating a communication connection, second tunnel attribute information, and an ID of the network station; determining, after the network station needs to update a communication connection, according to the request for updating the communication connection, The first PE sends the second tunnel attribute information and the ID of the network station, so that the first PE is configured according to the ID of the network station, the address of the second PE, and the second tunnel attribute information. Updating a tunnel attribute between the first PE and the second PE, thereby updating a communication connection attribute of the target VPC and the network site.
  • the second aspect provides another communication connection method, including: connecting a target VPC located in the cloud; receiving an ID of the network station and the first tunnel attribute information sent by the cloud, the ID of the network station, and the first tunnel
  • the attribute information is sent by the network station when the load of the network site is higher than the first load; obtaining the second VPN configuration information and the address of the second PE according to the ID of the network station, where the second VPN configuration information is The VPN configuration information of the second PE, the second PE is an access device of the network station, and determining, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information.
  • the obtaining the second VPN configuration information and the address of the second PE according to the ID of the network station includes: applying an ID of the network site, querying a database The second VPN configuration information and the address of the second PE, the database pre-storing the address of the second PE corresponding to the ID of the network site, and the second VPN configuration corresponding to the ID of the network site.
  • the method further includes: receiving an ID of the network site sent by the cloud And And updating the tunnel attribute between the first PE and the second PE according to the ID of the network station, the address of the second PE, and the second tunnel attribute information, so as to update the The communication connection attribute of the target VPC with the network site.
  • the connecting the target VPC in the cloud includes: connecting the target VPC by using a VCE located in the cloud.
  • a cloud device including: a first receiving module, configured to receive a first request message sent by a network site when a load of the network site is higher than a first load, where the first request message includes a request of the VPC, the ID of the network station, and the first tunnel attribute information; a creating module, configured to create a target VPC according to the request for creating the VPC; and a connection module, configured to connect the target VPC and the first PE; a sending module, configured to send the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE acquires second VPN configuration information and a second PE according to the ID of the network station And determining, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information, and according to the first VPN configuration information, the address of the second PE, and the a first tunnel attribute information, establishing a VPN connection and a tunnel connection with the second PE, thereby implementing a communication connection between the target VPC and the network site, where the VPN
  • the connecting module includes: a creating unit, configured to create a VCE corresponding to the target VPC, and a connecting unit, configured to connect the first PE by using the VCE .
  • the second possible implementation manner of the third aspect further includes: a second receiving module, configured to receive the network a second request message sent by the station, the second request message includes a request for updating a communication connection, a second tunnel attribute information, and an ID of the network station; and a second sending module, configured to determine, according to the request for updating the communication connection After the network station needs to update the communication connection, send the second tunnel attribute information and the ID of the network station to the first PE, so that the first PE is based on the ID of the network station, and the second Updating the tunnel attribute between the first PE and the second PE by using the address of the PE and the second tunnel attribute information, so as to update the communication connection attribute of the target VPC and the network station.
  • a second receiving module configured to receive the network a second request message sent by the station, the second request message includes a request for updating a communication connection, a second tunnel attribute information, and an ID of the network station
  • a second sending module configured to determine, according to the request for updating the communication connection After the network station needs to
  • the fourth aspect provides a communication device, including: a first connection module, configured to connect to a target VPC located in the cloud; and a first receiving module, configured to receive an ID of the network station and the first tunnel sent by the cloud Channel attribute information, where the ID of the network station and the first tunnel attribute information are sent by the network station when the load of the network site is higher than the first load; and the acquiring module is configured to use the ID of the network station Acquiring the second VPN configuration information and the address of the second PE, where the second VPN configuration information is the VPN configuration information of the second PE, the second PE is an access device of the network site; Determining, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information, where the second connection module is configured to use, according to the first VPN configuration information, an address of the second PE And the first tunnel attribute information, establishing a VPN connection and a tunnel connection with the second PE, so as to implement a communication connection between the target VPC and the network site.
  • the second possible implementation manner of the fourth aspect further includes: a second receiving module, configured to receive, sent by the cloud The ID of the network station and the second tunnel attribute information; the third connection module, configured to update the first PE according to the ID of the network station, the address of the second PE, and the second tunnel attribute information And a tunnel attribute between the second PE, thereby updating a communication connection attribute of the target VPC and the network site.
  • the first connection module is specifically configured to connect the target VPC by using a virtual user edge device VCE located in the cloud.
  • the fifth aspect provides a communication system, including the cloud device provided in any one of the possible implementation manners of the third aspect, and the communication device provided in any one of the possible implementation manners of the fourth aspect.
  • the communication connection method, the communication device, and the communication system provided by the embodiment of the present invention after receiving the request message including the request for creating a VPC, the ID of the network station, and the first tunnel attribute information, are automatically generated by the receiving network site, and are created according to the request for creating a VPC.
  • the target VPC connecting the target VPC and the first PE, sending the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network station, and And obtaining a matching first VPN configuration information according to the second VPN configuration information, and establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, to implement A communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it can be implemented according to the network station. The point needs to establish a communication connection in time, thereby improving the connection efficiency.
  • FIG. 1 is a flowchart of a communication connection method 100 according to an embodiment of the present invention
  • FIG. 2 is a flowchart of another communication connection method 100 according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of a communication connection method 200 according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of another communication connection method 200 according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of an application scenario of a data transmission method according to an embodiment of the present invention.
  • FIG. 6 is a schematic flowchart of implementing a communication connection according to an embodiment of the present invention.
  • FIG. 7 is a schematic flowchart of implementing an update communication connection according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a cloud device according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of another cloud device according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic structural diagram of still another cloud device according to an embodiment of the present disclosure.
  • FIG. 1 is a schematic structural diagram of a communication apparatus according to an embodiment of the present invention.
  • FIG. 12 is a schematic structural diagram of another communication apparatus according to an embodiment of the present invention.
  • FIG. 14 is a schematic structural diagram of still another cloud device according to an embodiment of the present disclosure.
  • FIG. 15 is a schematic structural diagram of still another communication apparatus according to an embodiment of the present invention. DETAILED DESCRIPTION OF THE EMBODIMENTS In order to make the objects, technical solutions, and advantages of the present invention more comprehensible, the embodiments of the present invention will be further described in detail below.
  • the network site is a network site capable of performing data processing by using the cloud.
  • the network site may be a computer (such as a personal computer) or a computer system (such as an enterprise computer system).
  • An embodiment of the present invention provides a communication connection method 100. As shown in FIG. 1, the method 100 may include Includes:
  • the first request message sent by the receiving network station when the load of the network site is higher than the first load includes a request for creating a VPC, an ID of the network station, and first tunnel attribute information.
  • the ID of the network site is used to identify the network site, and the request for creating a VPC may be identified by applying a data segment in the first request message.
  • the network station can detect the load in real time, and when the load is higher than the first load, send the first request information to the cloud, that is, the network station autonomously controls the sending of the first request message.
  • the first load can be changed according to different scenarios.
  • the network site may also send the first request message according to the sending instruction.
  • the target VPC is a VPC corresponding to the network site.
  • the VPN configuration information determines the first VPN configuration information that matches the second VPN configuration information, and establishes a relationship with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information.
  • the VPN connection and the tunnel connection are used to implement a communication connection between the target VPC and the network site.
  • the second VPN configuration information is VPN configuration information of the second PE, and the second PE is an access device of the network site.
  • the VPN configuration information is related to the type of VPN connection to be established.
  • the second VPN configuration information may be information such as an input route target (RT) and an output RT of the second PE.
  • the second VPN configuration information may be a virtual circuit (Virtual Circuit, VC) ) ID and other information.
  • the address of the second PE may be an IP address of the second PE.
  • a unidirectional tunnel or a bidirectional tunnel communication connection may be established between the target VPC and the network site.
  • the first PE and the second PE are divided into different PEs for convenience of presentation, and do not constitute a pair.
  • the first VPN configuration information and the second VPN configuration information are divided into different VPN configuration information for convenience of presentation, and are not limited to the embodiments of the present invention.
  • the execution body of the above 110-140 may be a cloud device, and the cloud device may be located in the cloud.
  • the cloud device can be divided into different modules distributed in multiple devices, or integrated into the same device, or can be used as a stand-alone device.
  • the communication connection method 100 of the embodiment of the present invention by receiving the request for creating a VPC, the ID of the network station, and the first tunnel attribute information automatically sent by the network site, creates a target VPC according to the request for creating a VPC, and connects the target VPC and the first PE. Sending the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network station, and obtains the matching according to the second VPN configuration information.
  • the request message is automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency.
  • a VCE corresponding to the target VPC may be created, and the first PE is connected by using the VCE.
  • the VCE is connected to the first PE, and the VCE is configured to enable the VCE to communicate with the first PE.
  • the running routing protocol on the VCE is set, so that the route on the VCE can communicate with the route on the first PE.
  • the routing protocol running on the VCE and the first PE is a Border Gateway Protocol (BGP)
  • BGP Border Gateway Protocol
  • the BGP peer that sets the VCE is the first PE.
  • the VLAN ID on the VCE is set to be connected to the first PE.
  • the VLAN ID of the interface that enters the VCE is the same, so that the VCE can be in the same VLAN as the interface that accesses the VCE on the first PE.
  • the method further includes: receiving a second request message sent by the network station, where the second request message includes a request for updating a communication connection, Two tunnel attribute information and the ID of the network site.
  • the network station may autonomously control the sending of the second request message, and send a second request message when detecting that the current communication connection needs to be updated.
  • the network station The point may also send a second request message according to the send command.
  • the second tunnel attribute information and the ID of the network station are sent to the first PE, so that the first PE is based on the ID of the network station. Updating the tunnel attribute between the first PE and the second PE by the address of the second PE and the second tunnel attribute information, so as to update the communication connection attribute of the target VPC and the network station.
  • the communication connection between the target VPC and the network site can be adjusted in real time as needed.
  • the first tunnel attribute information and the second tunnel attribute information may include a communication tunnel bandwidth value of the network site and the cloud.
  • the embodiment of the present invention receives the request for creating a VPC, the ID of the network station, and the first tunnel attribute information that are automatically sent by the network site, creates a target VPC according to the request for creating a VPC, connects the target VPC and the first PE, and sends the network to the first PE.
  • the ID of the site and the first tunnel attribute information so that the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network station, and obtains the matched first VPN configuration information according to the second VPN configuration information, and And establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement a communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency.
  • Another communication connection method 200 provided by the embodiment of the present invention, as shown in FIG. 3, the method 200 may include:
  • the target VPC is created by the cloud.
  • the second VPN configuration information is the VPN configuration information of the second PE, and the second PE is the access device of the network station.
  • the access device may be a network device with a routing function, such as a router.
  • the VPN configuration information is related to the type of VPN connection to be established.
  • the second VPN configuration information may be information such as an input route target (RT) and an output RT of the network site; when the VPN to be established When the type of the connection is a Virtual Leased Line (VLL) in the Layer 2 VPN, the second VPN configuration information may be a virtual circuit (VC) ID or the like.
  • the address of the second PE may be an IP address of the second PE.
  • a unidirectional tunnel or a bidirectional tunnel communication connection may be established between the target VPC and the network site.
  • the first VPN configuration information and the second VPN configuration information are divided into different VPN configuration information, which is not limited to the embodiment of the present invention.
  • the execution body of the above 210-250 may be a communication device, which is a network device having a routing function, such as a router or the like.
  • the communication connection method 200 of the embodiment of the present invention receives the ID of the network site and the first tunnel attribute information sent by the cloud by connecting the target VPC located in the cloud, and acquires the second VPN configuration information and the second PE according to the ID of the network site. And obtaining a matching first VPN configuration information according to the second VPN configuration information, and establishing a VPN connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, and Tunnel connection to achieve communication connection between the target VPC and the network site. Since the ID of the network site and the first tunnel attribute information are automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency.
  • the ID of the network site may be applied to query the database for the second VPN configuration.
  • the information and the address of the second PE the database pre-stores the address of the second PE corresponding to the ID of the network station and the second VPN configuration information corresponding to the ID of the network station.
  • the second VPN configuration information and the address of the second PE are automatically obtained from the database according to the ID of the network site, and the connection with the second PE and the cloud is implemented, thereby improving connection efficiency.
  • the database may store the ID of the network site, the address of the second PE, and the second VPN configuration information in the format shown in Table 1.
  • Second VPN configuration information Address of the second PE In Table 1, the ID of the network site, the second VPN configuration information, and the address of the second PE correspond to each other.
  • the ID of the network site is used to identify the network site
  • the second VPN configuration information is the VPN configuration information of the second PE
  • the address of the second PE may be the IP address of the second PE.
  • the second VPN configuration information is the input RT and the output RT of the second PE
  • the first VPN configuration information matching the second VPN configuration information is determined in the foregoing 240
  • the second The input RT of the network site in the VPN configuration information is used as the output RT of the first VPN configuration information
  • the output RT of the network site in the second VPN configuration information is used as the input RT of the first VPN configuration information.
  • the second VPN configuration information is the VC ID
  • the first VPN configuration information matching the second VPN configuration information is determined in the foregoing 240
  • the value of the VC ID in the first VPN configuration information and the second VPN configuration The value of the VC ID in the message is the same.
  • the target VPC located in the cloud when the target VPC located in the cloud is connected, the target VPC may be connected through a VCE located in the cloud.
  • local parameters when connecting to the target VPC through a VCE located in the cloud, local parameters can be set to connect with the VCE located in the cloud.
  • the setting method of the local parameters is similar to the setting method of the VCE parameters in the above 130, please refer to.
  • the method may further include:
  • the communication connection between the target VPC and the network site can be adjusted in real time as needed.
  • the second tunnel attribute information may include a bidirectional communication tunnel bandwidth value.
  • the communication connection herein may be a unidirectional tunnel or a bidirectional tunnel communication connection, or may be a bidirectional tunnel communication connection.
  • the first tunnel attribute information and the second tunnel attribute information may include a communication tunnel bandwidth value of the network site and the cloud.
  • the target VPC located in the cloud by connecting the target VPC located in the cloud, receiving the ID of the network station and the first tunnel attribute information sent by the cloud, acquiring the second VPN configuration information and the address of the second PE according to the ID of the network station, and according to the second
  • the VPN configuration information is matched with the first VPN configuration information, and is established with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information.
  • the VPN connection and the tunnel connection realize the communication connection between the target VPC and the network site. Since the ID of the network site and the first tunnel attribute information are automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving connection efficiency.
  • FIG. 5 shows an application scenario of a communication connection method according to an embodiment of the present invention.
  • the network site includes a network site management module and a customer site edge device (CE), wherein the network site management module is configured to detect a network site load and send a message to the cloud; the network site CE may be an outlet of the network site data center.
  • the router is connected to the network site PE.
  • the carrier network includes the network site PE, cloud PE and database.
  • the network site PE (second PE) is provided by the operator network, and is used to access the network site to an access device (such as a router) of the operating network, and the network site PE maintains a format as shown in Table 2. Association table.
  • the cloud PE (first PE) is an access device (such as a router) that is provided by the carrier network to connect the cloud to the carrier network.
  • the cloud PE maintains an association table in the format shown in Table 3 (see below).
  • the database is connected to the cloud PE, and the database stores an information table in the format shown in Table 1.
  • the cloud includes a cloud management module, a cloud gateway router (CGR), and a public cloud.
  • the CGR can be an egress router of the cloud and connected to the cloud PE.
  • FIG. 5 is taken as an example, and the specific implementation process of the communication connection method in the embodiment of the present invention is described in detail in conjunction with the interaction process shown in FIG. 6. It should be understood that FIG. 5 is only an application of the embodiment of the present invention. The simplification of the embodiments of the present invention is not to be construed as limiting the embodiments of the present invention.
  • a VPN connection is used as a Layer 3 VPN connection, but the present invention is not limited thereto.
  • the VPN connection may also be a Layer 2 VPN connection.
  • the network site registers the ID of the network site with the operator, and the ID of the network site is used to distinguish different network sites.
  • a VPN instance is set up on the network site PE.
  • the input site RT and output RT (configuration information) are configured on the network site PE, and the ID of the network site and the configuration on the network site PE are saved in the database of the carrier network in the format shown in Table 1.
  • Input RT and output RT (second VPN configuration information) and the address of the network site PE. Record the ID of the network site and the corresponding network site VPN ID in the association table maintained by the network site PE as shown in Table 2, and set the tunnel ID before the tunnel connection. The ID is empty. After the tunnel connection is established, the tunnel ID is recorded in the table. 2 (refer to the method of obtaining the tunnel ID of the reverse tunnel in 507 in FIG. 6 below).
  • the bidirectional tunnel mentioned in the embodiment of the present invention includes a forward tunnel and a reverse tunnel, and the tunnel of the cloud PE (first PE) to the network site PE (second PE) is a forward tunnel, and the tunnel of the network site PE to the cloud PE For the reverse tunnel.
  • FIG. 6 is a schematic diagram of information interaction for implementing a communication connection in the scenario of FIG. 5, including:
  • the cloud management module receives a connection request message (first request message) sent by the network site management module, where the connection request message includes a request for creating a VPC (target VPC), a network station ID, and a bidirectional tunnel bandwidth value (first tunnel attribute) Information), the cloud management module creates a VPC (target VPC) based on the request to create a VPC.
  • first request message a connection request message sent by the network site management module
  • the connection request message includes a request for creating a VPC (target VPC), a network station ID, and a bidirectional tunnel bandwidth value (first tunnel attribute) Information
  • an indication field may be added to the connection request message to identify a request to create a VPC, instructing the cloud to create a VPC.
  • connection request message is automatically sent by the network site when the load of the network site is higher than the first load, and the bidirectional tunnel bandwidth value includes a forward tunnel bandwidth value and a reverse tunnel bandwidth value.
  • the cloud management module sends the ID of the network station and the bidirectional tunnel bandwidth value to the CGR.
  • the CGR creates a VCE corresponding to the VPC and connects to the cloud PE through the VCE.
  • the cloud PE is also connected to the VCE.
  • the CGR sends the ID of the network station and the bandwidth of the bidirectional tunnel to the cloud PE.
  • the CGR may send the ID of the network site and the bidirectional tunnel bandwidth to the cloud PE in the Border Gateway Protocol (BGP) update signaling attribute.
  • BGP Border Gateway Protocol
  • the ID of the cloud PE application network site acquires the input RT and output RT of the PE configuration of the network site and the address of the PE of the network site to the database.
  • the input RT and the output RT configured by the PE of the cloud PE application network site establishes a VPN instance, generates a cloud VPN ID, connects the VCE with the VPN instance, and maintains an association table in the cloud PE (such as a table).
  • 3 shows the ID of the network site and the cloud VPN ID. In Table 3, the Tunnel ID column is vacant. After the 507 is determined, the tunnel ID is stored in the table.
  • the network site ID, cloud VPN ID, and Tunne l ID correspond to each other.
  • the address of the PE of the cloud PE application network station initiates a bidirectional tunnel connection to the network site PE, and applies the bidirectional bandwidth value to determine the bidirectional bandwidth.
  • the bidirectional tunnel includes a forward tunnel (the cloud PE to the network site PE) and a reverse tunnel (the network site PE to the cloud PE), and correspondingly, the bidirectional tunnel bandwidth value includes the forward tunnel bandwidth value and the reverse direction. Tunnel bandwidth value.
  • the cloud PE creates a forward tunnel. After the forward tunnel is created, the tunnel ID of the forward tunnel is obtained. The entry in the association table (Table 3) maintained by the cloud PE is the entry corresponding to the ID of the network site. After the PE creates the forward tunnel information and reaches the network site PE, the network site PE is triggered to create a reverse tunnel. After the reverse tunnel is created, the network site PE obtains the tunnel ID of the reverse tunnel, and records the association table maintained by the network site PE. In Table 2), the ID of the network site corresponds to the entry.
  • the cloud PE binds the tunnel ID of the forward tunnel to the cloud VPN ID according to the ID of the network site in the association table maintained by the cloud PE (Table 3).
  • the network site PE binds the tunnel ID of the reverse tunnel to the network site VPN ID according to the ID of the network site in the association table maintained by the network site PE (Table 2).
  • the embodiment of the present invention may also initiate a unidirectional tunnel connection.
  • the specific implementation method refer to the above bidirectional tunnel connection method, and details are not described herein.
  • the bidirectional tunnel connection may be updated according to the bandwidth value of the new bidirectional tunnel according to the request of the network site.
  • Figure 7 including:
  • the cloud management module receives an update request message (second request message) sent by the network site management module, where the update request message includes a request for updating the bidirectional tunnel (request to update the communication connection), a network station ID, and a bidirectional tunnel bandwidth value ( Second tunnel attribute information).
  • second request message an update request message sent by the network site management module
  • the update request message includes a request for updating the bidirectional tunnel (request to update the communication connection), a network station ID, and a bidirectional tunnel bandwidth value ( Second tunnel attribute information).
  • an indication field may be added to the update request message to identify a request to update the bidirectional tunnel, instructing the cloud to update the bidirectional tunnel.
  • the update request message is sent when the network station detects that the tunnel bandwidth needs to be changed, or is sent by the network station according to the instruction.
  • the bidirectional tunnel bandwidth value may include a forward tunnel bandwidth value and a reverse tunnel bandwidth value.
  • the cloud management module sends the ID of the network station and the bidirectional tunnel bandwidth value to the CGR.
  • the CGR sends the ID of the network station and the bandwidth of the bidirectional tunnel to the cloud PE.
  • the CGR can carry the ID of the network station and the bidirectional tunnel bandwidth value in the extended BGP update signaling attribute to the cloud PE.
  • the cloud PE queries the tunnel ID of the forward tunnel corresponding to the ID of the network site according to the ID of the network site in the local maintenance association table (Table 3), and changes the forward tunnel bandwidth value in the bidirectional tunnel bandwidth value.
  • the cloud PE sends the ID of the network station and the reverse tunnel bandwidth value to the network site PE. Specifically, the cloud PE may send the ID of the network station and the reverse tunnel bandwidth value to the network site PE by using the Resource Reservation Protocol (Traffic Engineering, RSVP-TE) signaling.
  • RSVP-TE Resource Reservation Protocol
  • the network site PE queries the local tunnel maintenance association table (Table 2) through the ID of the network site to query the tunnel ID of the reverse tunnel corresponding to the ID of the stored network site, and changes the bandwidth of the reverse tunnel according to the reverse tunnel bandwidth value. .
  • the network site automatically sends a request for creating a VPC, a network site ID, and a bidirectional tunnel bandwidth value to the cloud, and the cloud creates a target VPC according to the request for creating a VPC, connects the target VPC and the cloud PE, and sends the network site to the cloud PE.
  • the cloud PE obtains the input RT and the output RT of the network site PE and the address of the second PE according to the ID of the network site, and establishes a VPN according to the input RT and the output RT configured by the network site PE, and according to the The VPN, the address of the network site PE, and the bandwidth of the bidirectional tunnel establish a VPN connection and a tunnel connection with the network site PE to implement a communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency. In addition, the embodiment of the present invention can also adjust the communication connection between the target VPC and the network site in real time as needed.
  • the embodiment of the present invention provides a cloud device, which may include: a first receiving module 810, a creating module 820, a connecting module 830, and a first sending module 840, where:
  • the first receiving module 810 is configured to receive a first request message sent by the network site when the load of the network site is higher than the first load, where the first request message includes a request for creating a VPC, an ID of the network station, and first tunnel attribute information.
  • a module 820 is created for creating a target VPC based on the request to create a VPC.
  • the connection module 830 is configured to connect the target VPC and the first PE.
  • the first sending module 840 is configured to send the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE acquires the second VPN configuration information and the address of the second PE according to the ID of the network station, and according to the second
  • the VPN configuration information obtains the matched first VPN configuration information, and establishes a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, thereby implementing the target VPC.
  • the communication connection with the network site, the second VPN configuration information is the VPN configuration information of the second PE, and the second PE is the access device of the network site.
  • the connection module 830 can include:
  • Creating a unit 831 configured to create a VCE corresponding to the target VPC
  • the connecting unit 832 is configured to connect the first PE by using the VCE.
  • another cloud device in the embodiment of the present invention may further include: a second receiving module 850 and a second sending module 860, where:
  • the second receiving module 850 is configured to receive a second request message sent by the network station, where the second request message includes a request for updating the communication connection, the second tunnel attribute information, and an ID of the network station.
  • the second sending module 860 is configured to: after determining that the network station needs to update the communication connection according to the request for updating the communication connection, send the second tunnel attribute information and the ID of the network station to the first PE, so that the first PE is based on the ID of the network station, The address of the second PE and the second tunnel attribute information are used to update the tunnel attribute between the first PE and the second PE, thereby updating the communication connection attribute of the target VPC and the network station.
  • the communication connection between the target VPC and the network site can be adjusted in real time as needed.
  • the components of the cloud device of the embodiment of the present invention may be distributed among different devices, or may be integrated into the same device, and multiple modules may be used in combination, and a single module may also be used separately or separately, and can implement respective functions. Just fine.
  • the first receiving module 810 and the creating module 820 can be combined into the cloud management module in FIG. 5 to implement corresponding functions.
  • the functions of the modules in the cloud device are only described briefly. For a detailed description, refer to the embodiment of the communication connection method 100.
  • the cloud device may perform the corresponding steps in the foregoing embodiment of the communication connection method 100.
  • the cloud device of the embodiment of the present invention receives a request message for automatically creating a VPC request, a network site ID, and a first tunnel attribute information, and creates a target VPC according to the request for creating a VPC, and connects the target VPC and the first PE.
  • a VPN configuration information and establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement a communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency.
  • the embodiment of the present invention provides a communication device, which may include: a first connection module 910, a first receiving module 920, an obtaining module 930, a determining module 940, and a second connecting module 950, where:
  • the first connection module 910 is configured to connect to the target VPC located in the cloud.
  • the first receiving module 920 is configured to receive an ID of the network station and the first tunnel attribute information sent by the cloud, where the ID of the network station and the first tunnel attribute information are when the load of the data center of the network site at the network site is higher than the first load. send.
  • the obtaining module 930 is configured to obtain the second VPN configuration information according to the ID of the network site, and the second
  • the address of the PE, the second VPN configuration information is the VPN configuration information of the second PE, and the second PE is the access device of the network site.
  • the determining module 940 is configured to determine, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information.
  • the second connection module 950 is configured to establish a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement communication between the target VPC and the network site. connection.
  • the obtaining module 930 is specifically configured to: query an ID of the application site, query the database for the second VPN configuration information and the address of the second PE, and the address of the second PE corresponding to the ID of the database pre-stored network site and the network site The second VPN configuration information corresponding to the ID.
  • another cloud device in the embodiment of the present invention may further include: a second receiving module 960 and a third connecting module 970, where:
  • the second receiving module 960 is configured to receive an ID of the network station and a second tunnel attribute information sent by the cloud.
  • the third connection module 970 is configured to update a tunnel attribute between the first PE and the second PE according to the ID of the network station, the address of the second PE, and the second tunnel attribute information, so as to update the communication connection attribute between the target VPC and the network site. .
  • the first receiving module is connected to the target VPC through a VCE located in the cloud.
  • the communication device in the embodiment of the present invention may be a network device with a routing function, such as a router.
  • the component modules of the communication device may be distributed among different devices, or may be integrated into the same device, and multiple modules may be used in combination, and a single module may also be used separately or separately, and the respective functions can be realized. .
  • the functions of the modules in the above communication device are only briefly described. For a detailed description, refer to the embodiment of the communication connection method 200 described above. In addition, the communication device may perform the corresponding steps in the embodiment of the communication connection method 200.
  • the communication device of the embodiment of the present invention by connecting the target VPC located in the cloud, receives the ID of the network site and the first tunnel attribute information sent by the cloud, and obtains the second VPN configuration information and the address of the second PE according to the ID of the network site, and And obtaining a matching first VPN configuration information according to the second VPN configuration information, and establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, to implement A communication connection between the target VPC and the network site.
  • an embodiment of the present invention provides a communication system, including: a cloud device S1 and a communication device S2, where:
  • the cloud device S1 may be configured to receive a first request message sent by the network site when the load of the network site is higher than the first load, where the first request message includes a request for creating a VPC, an identifier ID of the network station, and the first tunnel attribute information.
  • the target VPC is created according to the request for creating the VPC; the target VPC and the first PE are connected; the ID of the network station and the first tunnel attribute information are sent to the first PE, so that the first PE obtains the second VPN configuration information according to the ID of the network station and An address of the second PE, and determining, according to the second VPN configuration information, the first VPN configuration information that matches the second VPN configuration information, and establishing, according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information.
  • the VPN connection and the tunnel connection with the second PE so as to realize the communication connection between the target VPC and the network site, the second VPN configuration information is the VPN configuration information of the second PE, and the second PE is the access device of the network site.
  • the communication device S2 may be configured to connect to a target VPC located in the cloud; receive an ID of the network station sent by the cloud, and first tunnel attribute information, where the ID of the network station and the first tunnel attribute information are used by the network station And sending, when the load of the network site is higher than the first load, obtaining the second VPN configuration information and the address of the second PE according to the ID of the network site, where the second VPN configuration information is the VPN configuration information of the second PE
  • the second PE is an access device of the network site; determining, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information; according to the first VPN configuration information.
  • the address of the second PE and the first tunnel attribute information establish a VPN connection and a tunnel connection with the second PE, so as to implement a communication connection between the target VPC and the network site.
  • the component modules of the cloud device S1 and the specific functions of the modules are the same as those of the cloud device in the embodiment of the present invention.
  • the component modules of the communication device S2, and the specifics of each module The function is the same as that of the above-described communication device of the embodiment of the present invention, please refer to it.
  • the cloud device receives the request for creating a VPC, the ID of the network station, and the first tunnel attribute information that are automatically sent by the network station, and creates a target VPC according to the request for creating a VPC, and connects the target VPC with the first PE.
  • the first PE sends the ID of the network station and the first tunnel attribute information, so that the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network station, and obtains the first matching according to the second VPN configuration information.
  • the VPN configuration information is used to establish a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement a communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving connection efficiency.
  • an embodiment of the present invention further provides a cloud device, which may include: a bus 144 and an interface 141 connected to the bus 144, a processor 142, and a memory 143, where:
  • the interface 141 is configured to receive a first request message sent by the network site when the load of the network site is higher than the first load, where the first request message includes a request for creating a VPC, an ID of the network station, and first tunnel attribute information;
  • the memory 143 is used to store instructions, and the processor 142 executes instructions in the memory 143 for creating a target VPC according to the request to create a VPC; connecting the target VPC with the first PE; transmitting the ID of the network site and the first tunnel attribute information to the first PE
  • the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network site, and determines, according to the second VPN configuration information, the first VPN configuration information that matches the second VPN configuration information, and according to the first
  • the VPN configuration information, the address of the second PE, and the first tunnel attribute information establish a VPN connection and a tunnel connection with the second PE, so as to implement a communication connection between the target VPC and the network site, and the second VPN configuration information is the second PE.
  • VPN configuration information, the second PE is an access device of the network site.
  • the processor 142 executes the instructions in the memory 143 for connecting to the VPC and the first PE, including: creating a VCE corresponding to the target VPC; and connecting the first PE by using the VCE.
  • the processor 142 executes instructions in the memory 143 for receiving a second request message sent by the network station, where the second request message includes a request to update the communication connection, the second tunnel attribute information, and the ID of the network site;
  • the request for the communication connection determines that the network station needs to update the communication connection, and sends the second tunnel attribute information and the ID of the network station to the first PE, so that the first PE is based on the ID of the network station, the address of the second PE, and the second tunnel attribute information. Updating the tunnel attribute between the first PE and the second PE, Thereby updating the communication connection attribute of the target VP c and the network site.
  • the cloud device of the embodiment of the present invention receives a request message for automatically creating a VPC request, a network site ID, and a first tunnel attribute information, and creates a target VPC according to the request for creating a VPC, and connects the target VPC and the first PE.
  • a VPN configuration information and establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement a communication connection between the target VPC and the network site.
  • an embodiment of the present invention further provides a communication device, which may include: a bus 154 and an interface 151, a processor 152, and a memory 153 connected to the bus 154, where:
  • the interface 151 is configured to receive the ID of the network station and the first tunnel attribute information sent by the cloud, where the ID of the network station and the first tunnel attribute information are sent by the network station when the load of the network site is higher than the first load;
  • the memory 153 is used to store instructions, the processor 152 executes instructions in the memory 153 for connecting to the target VPC located in the cloud, and obtains the second VPN configuration information and the address of the second PE according to the ID of the network station.
  • the second VPN configuration information is The VPN configuration information of the second PE, the second PE is an access device of the network site; determining, according to the second VPN configuration information, the first VPN configuration information that matches the second VPN configuration information; according to the first VPN configuration information, the second PE The address and the first tunnel attribute information establish a VPN connection and a tunnel connection with the second PE, thereby implementing a communication connection between the target VPC and the network site.
  • the processor 152 executes the instruction in the memory 153 for acquiring the second VPN configuration information according to the ID of the network site and the address of the second PE, including: the ID of the application site, and querying the database for the second VPN configuration information and The address of the second PE, the address of the second PE corresponding to the ID of the database pre-stored network site, and the second VPN configuration information corresponding to the ID of the network site.
  • the processor 152 executes the instruction in the memory 153 to receive the ID of the network station and the second tunnel attribute information sent by the cloud; and updates according to the ID of the network station, the address of the second PE, and the second tunnel attribute information.
  • the tunnel attribute between the first PE and the second PE, thereby updating the target VPC and the network The communication connection properties of the site.
  • the processor 152 executing the instructions in the memory 153 for connecting to the target VPC located in the cloud comprises: connecting the target VPC through the VCE located in the cloud.
  • the communication device of the embodiment of the present invention receives the ID of the network site and the first tunnel attribute information sent by the cloud by connecting the target VPC located in the cloud, and obtains the second VPN configuration information and the address of the second PE according to the ID of the network site, and And obtaining a matching first VPN configuration information according to the second VPN configuration information, and establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, to implement A communication connection between the target VPC and the network site. Since the ID of the network site and the first tunnel attribute information are automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency.
  • the data transmitting apparatus and the data receiving apparatus provided in the above embodiments are merely exemplified by the division of the above functional modules. In actual applications, the functions may be assigned different functions as needed.
  • the module is completed, that is, the internal structure of the device is divided into function modules for dialing to complete all or part of the above functions.
  • the device provided by the foregoing embodiment is the same as the corresponding method, and the specific implementation process is described in detail in the method embodiment, and details are not described herein again.
  • a person skilled in the art may understand that all or part of the steps of implementing the above embodiments may be completed by hardware, or may be instructed by a program to execute related hardware, and the program may be stored in a computer readable storage medium.
  • the storage medium mentioned may be a read only memory, a magnetic disk or an optical disk or the like.
  • the various embodiments in the specification are described in a progressive manner, and the same or similar parts of the various embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
  • the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.
  • the device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, ie may be located One place, or it can be distributed to multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without any creative effort.
  • the disclosed systems, devices, and methods may be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical, mechanical or otherwise.
  • the units described as separate components may or may not be physically separate, and the components displayed as the units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product.
  • the technical solution of the present invention which is essential or contributes to the prior art, or a part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including
  • the instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a removable hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes.
  • ROM read-only memory
  • RAM random access memory
  • magnetic disk or an optical disk and the like, which can store program codes.
  • the present invention can be implemented by means of software plus necessary general hardware including general-purpose integrated circuits, general-purpose CPUs, general-purpose memories, general-purpose components, and the like.
  • dedicated hardware including an application specific integrated circuit, a dedicated CPU, a dedicated memory, a dedicated component, etc., but in many cases, the former is a better implementation.
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer.
  • a hard disk or optical disk, etc. includes instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods of various embodiments of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed are a communication connection method, a communication device and a communication system. The method comprises: receiving a first request message sent by a network station when the load thereof is higher than the first load, the first request message comprising a VPC creating request, an ID of the network station and attribute information about the first tunnel; creating a target VPC in accordance with the VPC creating request; connecting the target VPC with a first PE; and sending the ID of the network station and the attribute information about the first tunnel to the first PE, so as to enable the first PE to acquire the configuration information about a second VPN and the address of a second PE in accordance with the ID of the network station, determine the configuration information about a first VPN in accordance with the configuration information about the second VPN, and establish a VPN connection and a tunnel connection with the second PE in accordance with the configuration information about the first VPN, the address of the second PE and the attribute information about the first tunnel, thereby achieving the communication connection between the target VPC and the network station. By means of the embodiments of the present invention, a communication connection can be established in time in accordance with the demand of the network station, thereby improving the connection efficiency.

Description

通信连接方法、 通信装置及通信系统  Communication connection method, communication device and communication system
技术领域 本发明涉及通信领域, 特别涉及一种通信连接方法、 通信装置及通信系统。 背景技术 云计算技术是一种应用云端处理网络站点(如企业计算机系统等)的数据, 将处理结果回传给网络站点的技术。 TECHNICAL FIELD The present invention relates to the field of communications, and in particular, to a communication connection method, a communication device, and a communication system. BACKGROUND OF THE INVENTION Cloud computing technology is a technology that applies cloud processing network sites (such as enterprise computer systems, etc.) to transmit processing results back to network sites.
应用云计算技术时, 网络站点在云端租用设备构成一个虚拟专用云  When applying cloud computing technology, the network site leases devices in the cloud to form a virtual private cloud.
(Virtual Private Cloud, VPC ) 。 网络站点的数据处理能力不能满足需求时, 将网络站点与 VPC建立连接, 应用 VPC进行数据处理; 网络站点的数据处理能 力能够满足需求时, 网络站点与 VPC断开连接, 从而最大程度的降低设备和维 护成本。  (Virtual Private Cloud, VPC). When the data processing capability of the network site cannot meet the demand, the network site is connected with the VPC, and the VPC is used for data processing; when the data processing capability of the network site can meet the demand, the network site is disconnected from the VPC, thereby minimizing the device. And maintenance costs.
但是, 现有的方法通常由网管手动控制实现网络站点与 VPC建立连接, 连 接效率有待提高。 发明内容 本发明实施例提供一种通信连接方法、 通信装置及通信系统, 能够提高连 接效率。  However, the existing methods are usually manually controlled by the network management system to establish a connection between the network site and the VPC, and the connection efficiency needs to be improved. SUMMARY OF THE INVENTION Embodiments of the present invention provide a communication connection method, a communication device, and a communication system, which can improve connection efficiency.
本发明实施例采用如下技术方案:  The embodiment of the invention adopts the following technical solutions:
第一方面, 提供一种通信连接方法, 包括:  In a first aspect, a communication connection method is provided, including:
接收网络站点在所述网络站点的负荷高于第一负荷时发送的第一请求消 息, 所述第一请求消息包括创建 VPC的请求、 所述网络站点的标识(IDentity, ID) 和第一隧道属性信息; 根据所述创建 VPC的请求创建目标 VPC; 连接所述 目标 VPC和第一运营商边缘设备 (provider edge , PE) ; 向所述第一 PE发送 所述网络站点的 ID及所述第一隧道属性信息, 使得所述第一 PE根据所述网络 站点的 ID获取第二虚拟专用网 (Virtual Private Network, VPN) 配置信息及 第二 PE的地址,并根据所述第二 VPN配置信息确定与所述第二 VPN配置信息相 匹配的第一 VPN配置信息, 并根据所述第一 VPN配置信息、 所述第二 PE的地址 和所述第一隧道属性信息, 建立与所述第二 PE间的 VPN连接以及隧道连接, 从 而实现所述目标 VPC与所述网络站点间的通信连接, 所述第二 VPN配置信息为 所述第二 PE的 VPN配置信息, 所述第二 PE为所述网络站点的接入设备。 And receiving, by the network station, a first request message sent when the load of the network site is higher than the first load, where the first request message includes a request for creating a VPC, an identifier (IDentity, ID) of the network station, and a first tunnel. Attribute information; creating a target VPC according to the request to create a VPC; connecting the target VPC and a first operator edge device (PE); sending the ID of the network site to the first PE and the a tunnel attribute information, so that the first PE obtains a second virtual private network (VPN) configuration information and an address of the second PE according to the ID of the network station, and determines according to the second VPN configuration information. The first VPN configuration information that matches the second VPN configuration information, and according to the first VPN configuration information, the address of the second PE And establishing, by the first tunnel attribute information, a VPN connection and a tunnel connection with the second PE, so as to implement a communication connection between the target VPC and the network site, where the second VPN configuration information is The VPN configuration information of the second PE, where the second PE is an access device of the network site.
在第一方面的第一种可能的实现方式中, 所述连接所述目标 VPC和第一运 营商边缘设备 (PE ) 包括: 创建与所述目标 VPC对应的虚拟用户边缘设备 ( virtual customer edge , VCE ) ; 通过所述 VCE连接所述第一 PE。  In a first possible implementation manner of the first aspect, the connecting the target VPC and the first carrier edge device (PE) includes: creating a virtual customer edge device corresponding to the target VPC (virtual customer edge, VCE); connecting the first PE through the VCE.
结合所述第一方面, 或所述第一方面的第一种可能的实现方式, 在所述第 一方面的第二种可能的实现方式中, 还包括: 接收所述网络站点发送的第二请 求消息, 所述第二请求消息包括更新通信连接的请求、 第二隧道属性信息和所 述网络站点的 ID; 根据所述更新通信连接的请求确定所述网络站点需更新通信 连接后, 向所述第一 PE发送所述第二隧道属性信息及所述网络站点的 ID, 使 得所述第一 PE根据所述网络站点的 ID、 所述第二 PE的地址及所述第二隧道属 性信息,更新所述第一 PE与所述第二 PE间的隧道属性,从而更新所述目标 VPC 与所述网络站点的通信连接属性。  With reference to the first aspect, or the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the method further includes: receiving, by the network station, a second a request message, the second request message includes a request for updating a communication connection, second tunnel attribute information, and an ID of the network station; determining, after the network station needs to update a communication connection, according to the request for updating the communication connection, The first PE sends the second tunnel attribute information and the ID of the network station, so that the first PE is configured according to the ID of the network station, the address of the second PE, and the second tunnel attribute information. Updating a tunnel attribute between the first PE and the second PE, thereby updating a communication connection attribute of the target VPC and the network site.
第二方面, 提供另一种通信连接方法, 包括: 连接位于云端的目标 VPC; 接收所述云端发送的网络站点的 ID及第一隧道属性信息, 所述网络站点的 ID 及所述第一隧道属性信息由所述网络站点在所述网络站点的负荷高于第一负荷 时发送; 根据所述网络站点的 ID获取第二 VPN配置信息及第二 PE的地址, 所 述第二 VPN配置信息为所述第二 PE的 VPN配置信息, 所述第二 PE为所述网络 站点的接入设备; 根据所述第二 VPN配置信息确定与所述第二 VPN配置信息相 匹配的第一 VPN配置信息; 根据所述第一 VPN配置信息、 所述第二 PE的地址及 所述第一隧道属性信息, 建立与所述第二 PE间的 VPN连接以及隧道连接, 从而 实现所述目标 VPC与所述网络站点间的通信连接。  The second aspect provides another communication connection method, including: connecting a target VPC located in the cloud; receiving an ID of the network station and the first tunnel attribute information sent by the cloud, the ID of the network station, and the first tunnel The attribute information is sent by the network station when the load of the network site is higher than the first load; obtaining the second VPN configuration information and the address of the second PE according to the ID of the network station, where the second VPN configuration information is The VPN configuration information of the second PE, the second PE is an access device of the network station, and determining, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information. Establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, thereby implementing the target VPC and the Communication connection between network sites.
在第二方面的第一种可能的实现方式中,所述根据所述网络站点的 ID获取 第二 VPN配置信息及第二 PE的地址包括: 应用所述络站点的 ID, 向数据库査 询所述第二 VPN配置信息及所述第二 PE的地址,所述数据库预存所述网络站点 的 ID对应的所述第二 PE的地址和所述网络站点的 ID对应的所述第二 VPN配置 自  In a first possible implementation manner of the second aspect, the obtaining the second VPN configuration information and the address of the second PE according to the ID of the network station includes: applying an ID of the network site, querying a database The second VPN configuration information and the address of the second PE, the database pre-storing the address of the second PE corresponding to the ID of the network site, and the second VPN configuration corresponding to the ID of the network site.
结合所述第二方面, 或所述第二方面的第一种可能的实现, 在所述第二方 面的第二种可能的实现方式中, 还包括: 接收云端发送的所述网络站点的 ID及 第二隧道属性信息; 根据所述网络站点的 ID、 所述第二 PE的地址及所述第二 隧道属性信息, 更新所述第一 PE与所述第二 PE间的隧道属性, 从而更新所述 目标 VPC与所述网络站点的通信连接属性。 In conjunction with the second aspect, or the first possible implementation of the second aspect, in a second possible implementation of the second aspect, the method further includes: receiving an ID of the network site sent by the cloud And And updating the tunnel attribute between the first PE and the second PE according to the ID of the network station, the address of the second PE, and the second tunnel attribute information, so as to update the The communication connection attribute of the target VPC with the network site.
在所述第二方面的第三种可能的实现方式中, 所述连接位于所述云端的目 标 VPC, 包括: 通过位于所述云端的 VCE连接所述目标 VPC。  In a third possible implementation manner of the second aspect, the connecting the target VPC in the cloud includes: connecting the target VPC by using a VCE located in the cloud.
第三方面, 提供一种云端装置, 包括: 第一接收模块, 用于接收网络站点 在所述网络站点的负荷高于第一负荷时发送的第一请求消息, 所述第一请求消 息包括创建 VPC的请求、 所述网络站点的 ID和第一隧道属性信息; 创建模块, 用于根据所述创建 VPC的请求创建目标 VPC; 连接模块, 用于连接所述目标 VPC 和第一 PE ; 第一发送模块, 用于向所述第一 PE发送所述网络站点的 ID及所述 第一隧道属性信息, 使得所述第一 PE根据所述网络站点的 ID获取第二 VPN配 置信息及第二 PE的地址,并根据所述第二 VPN配置信息确定与所述第二 VPN配 置信息相匹配的第一 VPN配置信息, 并根据所述第一 VPN配置信息、 所述第二 PE的地址和所述第一隧道属性信息, 建立与所述第二 PE间的 VPN连接以及隧 道连接, 从而实现所述目标 VPC与所述网络站点间的通信连接, 所述第二 VPN 配置信息为所述第二 PE的 VPN配置信息, 所述第二 PE为所述网络站点的接入 设备。  In a third aspect, a cloud device is provided, including: a first receiving module, configured to receive a first request message sent by a network site when a load of the network site is higher than a first load, where the first request message includes a request of the VPC, the ID of the network station, and the first tunnel attribute information; a creating module, configured to create a target VPC according to the request for creating the VPC; and a connection module, configured to connect the target VPC and the first PE; a sending module, configured to send the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE acquires second VPN configuration information and a second PE according to the ID of the network station And determining, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information, and according to the first VPN configuration information, the address of the second PE, and the a first tunnel attribute information, establishing a VPN connection and a tunnel connection with the second PE, thereby implementing a communication connection between the target VPC and the network site, where the VPN configuration information to the VPN configuration information of the second PE, the second PE device to access the network site.
在第三方面的第一种可能的实现方式中, 所述连接模块包括: 创建单元, 用于创建与所述目标 VPC对应的 VCE ; 连接单元, 用于通过所述 VCE连接所述 第一 PE。  In a first possible implementation manner of the third aspect, the connecting module includes: a creating unit, configured to create a VCE corresponding to the target VPC, and a connecting unit, configured to connect the first PE by using the VCE .
结合所述第三方面, 或所述第三方面的第一种可能的实现方式, 在第三方 面的第二种可能的实现方式中, 还包括: 第二接收模块, 用于接收所述网络站 点发送的第二请求消息, 所述第二请求消息包括更新通信连接的请求、 第二隧 道属性信息和所述网络站点的 ID ; 第二发送模块, 用于根据所述更新通信连接 的请求确定所述网络站点需更新通信连接后, 向所述第一 PE发送所述第二隧道 属性信息及所述网络站点的 ID, 使得所述第一 PE根据所述网络站点的 ID、 所 述第二 PE的地址及所述第二隧道属性信息,更新所述第一 PE与所述第二 PE间 的隧道属性, 从而更新所述目标 VPC与所述网络站点的通信连接属性。  With reference to the third aspect, or the first possible implementation manner of the foregoing third aspect, the second possible implementation manner of the third aspect, further includes: a second receiving module, configured to receive the network a second request message sent by the station, the second request message includes a request for updating a communication connection, a second tunnel attribute information, and an ID of the network station; and a second sending module, configured to determine, according to the request for updating the communication connection After the network station needs to update the communication connection, send the second tunnel attribute information and the ID of the network station to the first PE, so that the first PE is based on the ID of the network station, and the second Updating the tunnel attribute between the first PE and the second PE by using the address of the PE and the second tunnel attribute information, so as to update the communication connection attribute of the target VPC and the network station.
第四方面, 提供一种通信装置, 包括: 第一连接模块, 用于连接位于云端 的目标 VPC ; 第一接收模块, 用于接收所述云端发送的网络站点的 ID及第一隧 道属性信息,所述网络站点的 ID及所述第一隧道属性信息由所述网络站点在所 述网络站点的负荷高于第一负荷时发送; 获取模块, 用于根据所述网络站点的 ID获取第二 VPN配置信息及第二 PE的地址, 所述第二 VPN配置信息为所述第 二 PE的 VPN配置信息, 所述第二 PE为所述网络站点的接入设备; 确定模块, 用于根据所述第二 VPN配置信息确定与所述第二 VPN配置信息相匹配的第一 VPN 配置信息; 第二连接模块, 用于根据所述第一 VPN配置信息、 所述第二 PE的地 址及所述第一隧道属性信息, 建立与所述第二 PE间的 VPN连接以及隧道连接, 从而实现所述目标 VPC与所述网络站点间的通信连接。 The fourth aspect provides a communication device, including: a first connection module, configured to connect to a target VPC located in the cloud; and a first receiving module, configured to receive an ID of the network station and the first tunnel sent by the cloud Channel attribute information, where the ID of the network station and the first tunnel attribute information are sent by the network station when the load of the network site is higher than the first load; and the acquiring module is configured to use the ID of the network station Acquiring the second VPN configuration information and the address of the second PE, where the second VPN configuration information is the VPN configuration information of the second PE, the second PE is an access device of the network site; Determining, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information, where the second connection module is configured to use, according to the first VPN configuration information, an address of the second PE And the first tunnel attribute information, establishing a VPN connection and a tunnel connection with the second PE, so as to implement a communication connection between the target VPC and the network site.
在第四方面的第一种可能的实现方式中, 所述获取模块具体用于, 应用所 述络站点的 ID, 向数据库査询所述第二 VPN配置信息及所述第二 PE的地址, 所述数据库预存所述网络站点的 ID对应的所述第二 PE的地址和所述网络站点 的 ID对应的所述第二 VPN配置信息。  In a first possible implementation manner of the fourth aspect, the acquiring module is specifically configured to: apply an ID of the network site, and query the database for the second VPN configuration information and the address of the second PE, The database prestores the address of the second PE corresponding to the ID of the network site and the second VPN configuration information corresponding to the ID of the network site.
结合所述第四方面, 或所述第四方面的第一种可能的实现方式, 在第四方 面的第二种可能的实现方式中, 还包括: 第二接收模块, 用于接收云端发送的 所述网络站点的 ID及第二隧道属性信息; 第三连接模块, 用于根据所述网络站 点的 ID、 所述第二 PE的地址及所述第二隧道属性信息, 更新所述第一 PE与所 述第二 PE间的隧道属性,从而更新所述目标 VPC与所述网络站点的通信连接属 性。  With reference to the fourth aspect, or the first possible implementation manner of the foregoing aspect, the second possible implementation manner of the fourth aspect, further includes: a second receiving module, configured to receive, sent by the cloud The ID of the network station and the second tunnel attribute information; the third connection module, configured to update the first PE according to the ID of the network station, the address of the second PE, and the second tunnel attribute information And a tunnel attribute between the second PE, thereby updating a communication connection attribute of the target VPC and the network site.
在第四方面的第三种可能的实现方式中, 所述第一连接模块具体用于, 通 过位于所述云端的虚拟用户边缘设备 VCE连接所述目标 VPC。  In a third possible implementation manner of the fourth aspect, the first connection module is specifically configured to connect the target VPC by using a virtual user edge device VCE located in the cloud.
第五方面, 提供一种通信系统, 包括第三方面任意一种可能的实现方式中 提供的云端装置及第四方面任意一种可能的实现方式中提供的通信装置。  The fifth aspect provides a communication system, including the cloud device provided in any one of the possible implementation manners of the third aspect, and the communication device provided in any one of the possible implementation manners of the fourth aspect.
本发明实施例提供的通信连接方法、通信装置及通信系统,通过接收网络站 点在自动发送包含创建 VPC的请求、网络站点的 ID及第一隧道属性信息的请求 消息后, 根据创建 VPC的请求创建目标 VPC, 连接目标 VPC和第一 PE, 向第一 PE发送网络站点的 ID及第一隧道属性信息, 使得第一 PE根据网络站点的 ID 获取第二 VPN配置信息及第二 PE的地址,并根据第二 VPN配置信息得到相匹配 的第一 VPN配置信息, 并根据第一 VPN配置信息、第二 PE的地址和第一隧道属 性信息, 建立与第二 PE间的 VPN连接以及隧道连接, 实现目标 VPC与网络站点 间的通信连接。 由于请求消息由网络站点自动发送, 因此可以实现根据网络站 点的需要及时建立通信连接, 从而能够提高连接效率。 附图说明 为了更清楚地说明本发明实施例中的技术方案, 下面将对实施例描述中所 需要使用的附图作简单地介绍, 显而易见地, 下面描述中的附图仅仅是本发明 的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动的前提下, 还可以根据这些附图获得其他的附图。 The communication connection method, the communication device, and the communication system provided by the embodiment of the present invention, after receiving the request message including the request for creating a VPC, the ID of the network station, and the first tunnel attribute information, are automatically generated by the receiving network site, and are created according to the request for creating a VPC. The target VPC, connecting the target VPC and the first PE, sending the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network station, and And obtaining a matching first VPN configuration information according to the second VPN configuration information, and establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, to implement A communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it can be implemented according to the network station. The point needs to establish a communication connection in time, thereby improving the connection efficiency. BRIEF DESCRIPTION OF THE DRAWINGS In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. Obviously, the drawings in the following description are only some of the present invention. For the embodiments, those skilled in the art can obtain other drawings according to the drawings without any creative work.
图 1为本发明实施例提供的一种通信连接方法 100的流程图;  FIG. 1 is a flowchart of a communication connection method 100 according to an embodiment of the present invention;
图 2为本发明实施例提供的另一种通信连接方法 100的流程图;  FIG. 2 is a flowchart of another communication connection method 100 according to an embodiment of the present invention;
图 3为本发明实施例提供的一种通信连接方法 200的流程图;  FIG. 3 is a flowchart of a communication connection method 200 according to an embodiment of the present invention;
图 4为本发明实施例提供的另一种通信连接方法 200的流程图;  FIG. 4 is a flowchart of another communication connection method 200 according to an embodiment of the present invention;
图 5为本发明实施例的数据传输方法的一种应用场景示意图;  FIG. 5 is a schematic diagram of an application scenario of a data transmission method according to an embodiment of the present invention;
图 6为本发明实施例实现通信连接的流程示意图;  6 is a schematic flowchart of implementing a communication connection according to an embodiment of the present invention;
图 7为本发明实施例实现更新通信连接的流程示意图;  FIG. 7 is a schematic flowchart of implementing an update communication connection according to an embodiment of the present invention;
图 8为本发明实施例提供的一种云端装置的结构示意图;  FIG. 8 is a schematic structural diagram of a cloud device according to an embodiment of the present disclosure;
图 9为本发明实施例提供的另一种云端装置的结构示意图;  FIG. 9 is a schematic structural diagram of another cloud device according to an embodiment of the present disclosure;
图 10为本发明实施例提供的又一种云端装置的结构示意图;  FIG. 10 is a schematic structural diagram of still another cloud device according to an embodiment of the present disclosure;
图 1 1为本发明实施例提供的一种通信装置的结构示意图;  FIG. 1 is a schematic structural diagram of a communication apparatus according to an embodiment of the present invention;
图 12为本发明实施例提供的另一种通信装置的结构示意图;  FIG. 12 is a schematic structural diagram of another communication apparatus according to an embodiment of the present invention;
图 13为本发明实施例提供的一种通信系统的结构示意图;  FIG. 13 is a schematic structural diagram of a communication system according to an embodiment of the present invention;
图 14为本发明实施例提供的再一种云端装置的结构示意图;  FIG. 14 is a schematic structural diagram of still another cloud device according to an embodiment of the present disclosure;
图 15为本发明实施例提供的再一种通信装置的结构示意图。 具体实施方式 为使本发明的目的、 技术方案和优点更加清楚, 下面将结合附图对本发明 实施方式作进一步地详细描述。  FIG. 15 is a schematic structural diagram of still another communication apparatus according to an embodiment of the present invention. DETAILED DESCRIPTION OF THE EMBODIMENTS In order to make the objects, technical solutions, and advantages of the present invention more comprehensible, the embodiments of the present invention will be further described in detail below.
本发明实施例中, 网络站点为能够利用云端进行数据处理的网络站点, 例 如, 该网络站点可以为一台计算机 (如个人电脑) , 也可以为一个计算机系统 (如企业计算机系统) 。  In the embodiment of the present invention, the network site is a network site capable of performing data processing by using the cloud. For example, the network site may be a computer (such as a personal computer) or a computer system (such as an enterprise computer system).
本发明实施例提供一种通信连接方法 100, 如图 1所示, 方法 100可以包 括: An embodiment of the present invention provides a communication connection method 100. As shown in FIG. 1, the method 100 may include Includes:
110、接收网络站点在该网络站点的负荷高于第一负荷时发送的第一请求消 息, 该第一请求消息包括创建 VPC的请求、 该网络站点的 ID和第一隧道属性信 息。  110. The first request message sent by the receiving network station when the load of the network site is higher than the first load, the first request message includes a request for creating a VPC, an ID of the network station, and first tunnel attribute information.
其中, 该网络站点的 ID用于识别该网络站点, 创建 VPC的请求可以在第一 请求消息中应用数据段进行标识。  The ID of the network site is used to identify the network site, and the request for creating a VPC may be identified by applying a data segment in the first request message.
具体地, 该网络站点可以实时检测负荷, 当负荷高于第一负荷时, 向云端 发送该第一请求信息, 即网络站点自主控制该第一请求消息的发送。 其中, 该 第一负荷可以根据不同场景, 进行设置变更。 另外, 根据不同的应用场景, 网 络站点还可以根据到发送指令发送该第一请求消息。  Specifically, the network station can detect the load in real time, and when the load is higher than the first load, send the first request information to the cloud, that is, the network station autonomously controls the sending of the first request message. The first load can be changed according to different scenarios. In addition, according to different application scenarios, the network site may also send the first request message according to the sending instruction.
120、 根据该创建 VPC的请求创建目标 VPC。  120. Create a target VPC according to the request to create a VPC.
其中, 该目标 VPC为与该网络站点对应的 VPC。  The target VPC is a VPC corresponding to the network site.
130、 连接该目标 VPC和第一 PE。  130. Connect the target VPC and the first PE.
140、 向该第一 PE发送该网络站点的 ID及该第一隧道属性信息, 使得该第 一 PE根据该网络站点的 ID获取第二 VPN配置信息及第二 PE的地址,并根据该 第二 VPN配置信息确定与该第二 VPN配置信息相匹配的第一 VPN配置信息, 并 根据该第一 VPN配置信息、 该第二 PE的地址和该第一隧道属性信息, 建立与该 第二 PE间的 VPN连接以及隧道连接,从而实现该目标 VPC与该网络站点间的通 信连接, 该第二 VPN配置信息为该第二 PE的 VPN配置信息, 该第二 PE为该网 络站点的接入设备。  140. Send the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network station, and according to the second The VPN configuration information determines the first VPN configuration information that matches the second VPN configuration information, and establishes a relationship with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information. The VPN connection and the tunnel connection are used to implement a communication connection between the target VPC and the network site. The second VPN configuration information is VPN configuration information of the second PE, and the second PE is an access device of the network site.
其中, VPN配置信息与所要建立的 VPN连接的类型相关。 例如, 当所要建 立的 VPN连接为基于三层协议的 VPN ( Layer 3 VPN ) 时, 该第二 VPN配置信息 可以为该第二 PE的输入路由目标 (Route Target, RT ) 和输出 RT等信息; 当 所要建立的 VPN连接的类型为基于二层协议的 VPN ( Layer 2 VPN ) 中的虚拟租 用线 (Virtual Leased Line , VLL ) 时, 该第二 VPN配置信息可以为虚电路 ( Virtual Circui t , VC ) ID等信息。 其中, 该第二 PE的地址可以为该第二 PE的 IP地址。  The VPN configuration information is related to the type of VPN connection to be established. For example, when the VPN connection to be established is a layer 3 VPN, the second VPN configuration information may be information such as an input route target (RT) and an output RT of the second PE. When the type of the VPN connection to be established is a virtual leased line (VLL) in a Layer 2 VPN based layer 2 VPN, the second VPN configuration information may be a virtual circuit (Virtual Circuit, VC) ) ID and other information. The address of the second PE may be an IP address of the second PE.
本发明实施例中, 可以在目标 VPC与网络站点之间建立单向隧道或双向隧 道的通信连接。  In the embodiment of the present invention, a unidirectional tunnel or a bidirectional tunnel communication connection may be established between the target VPC and the network site.
上述第一 PE及第二 PE为便于表述时区分不同的 PE而进行划分,不构成对 本发明实施例的限定。 上述第一 VPN配置信息及第二 VPN配置信息为便于表述 时区分不同的 VPN配置信息而进行划分, 不构成对本发明实施例的限定。 The first PE and the second PE are divided into different PEs for convenience of presentation, and do not constitute a pair. A definition of an embodiment of the invention. The first VPN configuration information and the second VPN configuration information are divided into different VPN configuration information for convenience of presentation, and are not limited to the embodiments of the present invention.
上述 110-140的执行主体可以为云端装置, 该云端装置可以位于云端。 另 夕卜, 该云端装置可以划分成不同的模块分布于多个设备, 也可以集成于同一设 备之中, 还可以作为一个独立的设备。  The execution body of the above 110-140 may be a cloud device, and the cloud device may be located in the cloud. In addition, the cloud device can be divided into different modules distributed in multiple devices, or integrated into the same device, or can be used as a stand-alone device.
本发明实施例的通信连接方法 100,通过接收网络站点自动发送的创建 VPC 的请求、 网络站点的 ID及第一隧道属性信息, 根据创建 VPC的请求创建目标 VPC, 连接目标 VPC和第一 PE, 向第一 PE发送网络站点的 ID及第一隧道属性 信息,使得第一 PE根据网络站点的 ID获取第二 VPN配置信息及第二 PE的地址, 并根据第二 VPN配置信息得到相匹配的第一 VPN配置信息, 并根据第一 VPN配 置信息、 第二 PE的地址和第一隧道属性信息, 建立与第二 PE间的 VPN连接以 及隧道连接, 实现目标 VPC与网络站点间的通信连接。 由于请求消息由网络站 点自动发送, 因此可以实现根据网络站点的需要及时建立通信连接, 从而能够 提高连接效率。  The communication connection method 100 of the embodiment of the present invention, by receiving the request for creating a VPC, the ID of the network station, and the first tunnel attribute information automatically sent by the network site, creates a target VPC according to the request for creating a VPC, and connects the target VPC and the first PE. Sending the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network station, and obtains the matching according to the second VPN configuration information. a VPN configuration information, and establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement a communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency.
本发明实施例中, 可选地, 上述 130中连接该 VPC和第一 PE时, 可以创建 与该目标 VPC对应的 VCE, 通过该 VCE连接该第一 PE。  In the embodiment of the present invention, optionally, when the VPC and the first PE are connected to the foregoing 130, a VCE corresponding to the target VPC may be created, and the first PE is connected by using the VCE.
其中, 该 VCE连接该第一 PE是指设置该 VCE, 使得该 VCE可以和该第一 PE 进行通信。 例如, 当该 VCE与该第一 PE间的通信是基于三层路由协议时, 设置 该 VCE上的运行的路由协议,使得该 VCE上的路由可以与该第一 PE上的路由互 通。 再例如, 当该 VCE与该第一 PE上运行的路由协议是边界网关协议(Border Gateway Protocol , BGP ) 时, 设置该 VCE的 BGP 对等体是该第一 PE。 又例如, 当该 VCE与该第一 PE间的通信是基于二层协议, 如在虚拟局域网 (Virtual Local Area Network, VLAN) 的情况下, 设置该 VCE上的 VLAN ID与该第一 PE 上接入该 VCE的接口的 VLAN ID相同, 使得该 VCE可以与该第一 PE上接入该 VCE的接口在同一个 VLAN内。  The VCE is connected to the first PE, and the VCE is configured to enable the VCE to communicate with the first PE. For example, when the communication between the VCE and the first PE is based on the Layer 3 routing protocol, the running routing protocol on the VCE is set, so that the route on the VCE can communicate with the route on the first PE. For example, when the routing protocol running on the VCE and the first PE is a Border Gateway Protocol (BGP), the BGP peer that sets the VCE is the first PE. For example, when the communication between the VCE and the first PE is based on a Layer 2 protocol, for example, in the case of a virtual local area network (VLAN), the VLAN ID on the VCE is set to be connected to the first PE. The VLAN ID of the interface that enters the VCE is the same, so that the VCE can be in the same VLAN as the interface that accesses the VCE on the first PE.
如图 2所示, 本发明实施例中, 可选地, 在上述 140之后还可以包括: 150、接收该网络站点发送的第二请求消息, 该第二请求消息包括更新通信 连接的请求、 第二隧道属性信息和该网络站点的 ID。  As shown in FIG. 2, in the embodiment of the present invention, optionally, after the foregoing 140, the method further includes: receiving a second request message sent by the network station, where the second request message includes a request for updating a communication connection, Two tunnel attribute information and the ID of the network site.
具体地, 该网络站点可以自主控制第二请求消息的发送, 如检测到当前的 通信连接需更新时发送第二请求消息。 另外, 根据不同的应用场景, 该网络站 点还可以根据到发送指令发送第二请求消息。 Specifically, the network station may autonomously control the sending of the second request message, and send a second request message when detecting that the current communication connection needs to be updated. In addition, according to different application scenarios, the network station The point may also send a second request message according to the send command.
160、 根据该更新通信连接的请求确定该网络站点需更新通信连接后, 向该 第一 PE发送该第二隧道属性信息及该网络站点的 ID, 使得该第一 PE根据该网 络站点的 ID、 该第二 PE的地址及该第二隧道属性信息, 更新该第一 PE与该第 二 PE间的隧道属性, 从而更新该目标 VPC与该网络站点的通信连接属性。  After the network station needs to update the communication connection according to the request for the update communication connection, the second tunnel attribute information and the ID of the network station are sent to the first PE, so that the first PE is based on the ID of the network station. Updating the tunnel attribute between the first PE and the second PE by the address of the second PE and the second tunnel attribute information, so as to update the communication connection attribute of the target VPC and the network station.
这样, 可以根据需要实时调整目标 VPC与网络站点的通信连接。  In this way, the communication connection between the target VPC and the network site can be adjusted in real time as needed.
本发明实施例中, 第一隧道属性信息及第二隧道属性信息可以包括网络站 点与云端的通信隧道带宽值。  In the embodiment of the present invention, the first tunnel attribute information and the second tunnel attribute information may include a communication tunnel bandwidth value of the network site and the cloud.
本发明实施例通过接收网络站点自动发送的创建 VPC的请求、 网络站点的 ID及第一隧道属性信息, 根据创建 VPC的请求创建目标 VPC, 连接目标 VPC和 第一 PE, 向第一 PE发送网络站点的 ID及第一隧道属性信息, 使得第一 PE根 据网络站点的 ID获取第二 VPN配置信息及第二 PE的地址, 并根据第二 VPN配 置信息得到相匹配的第一 VPN配置信息, 并根据第一 VPN配置信息、 第二 PE的 地址和第一隧道属性信息, 建立与第二 PE间的 VPN连接以及隧道连接, 实现目 标 VPC与网络站点间的通信连接。 由于请求消息由网络站点自动发送, 因此可 以实现根据网络站点的需要及时建立通信连接, 从而能够提高连接效率。  The embodiment of the present invention receives the request for creating a VPC, the ID of the network station, and the first tunnel attribute information that are automatically sent by the network site, creates a target VPC according to the request for creating a VPC, connects the target VPC and the first PE, and sends the network to the first PE. The ID of the site and the first tunnel attribute information, so that the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network station, and obtains the matched first VPN configuration information according to the second VPN configuration information, and And establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement a communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency.
本发明实施例提供的另一种通信连接方法 200, 如图 3所示, 方法 200可 以包括:  Another communication connection method 200 provided by the embodiment of the present invention, as shown in FIG. 3, the method 200 may include:
210、 连接位于云端的目标 VPC。  210. Connect to the target VPC in the cloud.
其中, 该目标 VPC由该云端创建。  The target VPC is created by the cloud.
220、 接收该云端发送的网络站点的 ID及第一隧道属性信息, 该网络站点 的 ID及该第一隧道属性信息由该网络站点在该网络站点的负荷高于第一负荷 时发送。  220. Receive an ID of the network station sent by the cloud and first tunnel attribute information, where the ID of the network station and the first tunnel attribute information are sent by the network station when the load of the network station is higher than the first load.
230、 根据该网络站点的 ID获取第二 VPN配置信息及第二 PE的地址, 该第 二 VPN配置信息为该第二 PE的 VPN配置信息, 该第二 PE为该网络站点的接入 设备。  The second VPN configuration information is the VPN configuration information of the second PE, and the second PE is the access device of the network station.
其中, 该接入设备可以为具有路由功能的网络设备, 如路由器等。  The access device may be a network device with a routing function, such as a router.
240、 根据该第二 VPN配置信息确定与该第二 VPN配置信息相匹配的第一 VPN配置信息。  240. Determine, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information.
其中, VPN配置信息与所要建立的 VPN连接的类型相关。 例如, 当所要建 立的 VPN连接为基于三层协议的 VPN ( Layer 3 VPN ) 时, 该第二 VPN配置信息 可以为该网络站点的输入路由目标 (Route Target, RT ) 和输出 RT等信息; 当所要建立的 VPN连接的类型为基于二层协议的 VPN ( Layer 2 VPN ) 中的虚拟 租用线 (Virtual Leased Line , VLL ) 时, 该第二 VPN配置信息可以为虚电路 ( Virtual Circui t , VC ) ID等信息。 其中, 该第二 PE的地址可以为该第二 PE的 IP地址。 The VPN configuration information is related to the type of VPN connection to be established. For example, when you want to build When the VPN connection is a Layer 3 VPN based on Layer 3 VPN, the second VPN configuration information may be information such as an input route target (RT) and an output RT of the network site; when the VPN to be established When the type of the connection is a Virtual Leased Line (VLL) in the Layer 2 VPN, the second VPN configuration information may be a virtual circuit (VC) ID or the like. The address of the second PE may be an IP address of the second PE.
250、 根据该第一 VPN配置信息、 该第二 PE的地址及该第一隧道属性信息, 建立与该第二 PE间的 VPN连接以及隧道连接,从而实现该目标 VPC与该网络站 点间的通信连接。  250. Establish a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement communication between the target VPC and the network site. connection.
本发明实施例中, 可以在目标 VPC与网络站点之间建立单向隧道或双向隧 道的通信连接。  In the embodiment of the present invention, a unidirectional tunnel or a bidirectional tunnel communication connection may be established between the target VPC and the network site.
上述第一 VPN配置信息及第二 VPN配置信息为便于区分不同的 VPN配置信 息而进行划分, 不构成对本发明实施例的限定。 上述 210-250的执行主体可以 为通信装置, 该通信装置为具有路由功能的网络设备, 如路由器等。  The first VPN configuration information and the second VPN configuration information are divided into different VPN configuration information, which is not limited to the embodiment of the present invention. The execution body of the above 210-250 may be a communication device, which is a network device having a routing function, such as a router or the like.
本发明实施例的通信连接方法 200, 通过连接位于云端的目标 VPC, 接收该 云端发送的网络站点的 ID及第一隧道属性信息, 根据该网络站点的 ID获取第 二 VPN配置信息及第二 PE的地址,并根据第二 VPN配置信息得到相匹配的第一 VPN配置信息,并根据第一 VPN配置信息、第二 PE的地址和第一隧道属性信息, 建立与第二 PE间的 VPN连接以及隧道连接,实现目标 VPC与网络站点间的通信 连接。 由于网络站点的 ID及第一隧道属性信息由网络站点自动发送, 因此可以 实现根据网络站点的需要及时建立通信连接, 从而能够提高连接效率。  The communication connection method 200 of the embodiment of the present invention receives the ID of the network site and the first tunnel attribute information sent by the cloud by connecting the target VPC located in the cloud, and acquires the second VPN configuration information and the second PE according to the ID of the network site. And obtaining a matching first VPN configuration information according to the second VPN configuration information, and establishing a VPN connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, and Tunnel connection to achieve communication connection between the target VPC and the network site. Since the ID of the network site and the first tunnel attribute information are automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency.
本发明实施例中, 可选地, 上述 230中根据该网络站点的 ID获取第二 VPN 配置信息及第二 PE的地址时, 可以应用该络站点的 ID, 向数据库査询该第二 VPN配置信息及该第二 PE的地址, 该数据库预存该网络站点的 ID对应的该第 二 PE的地址和该网络站点的 ID对应的该第二 VPN配置信息。  In the embodiment of the present invention, optionally, when the second VPN configuration information and the address of the second PE are obtained according to the ID of the network site, the ID of the network site may be applied to query the database for the second VPN configuration. The information and the address of the second PE, the database pre-stores the address of the second PE corresponding to the ID of the network station and the second VPN configuration information corresponding to the ID of the network station.
这样,可以实现根据该络站点的 ID 自动向数据库获取第二 VPN配置信息及 该第二 PE的地址, 实现与第二 PE及云端的连接, 可以提高连接效率。  In this way, the second VPN configuration information and the address of the second PE are automatically obtained from the database according to the ID of the network site, and the connection with the second PE and the cloud is implemented, thereby improving connection efficiency.
本发明实施例中, 该数据库可以应用表 1所示的格式存储该络站点的 ID、 该第二 PE的地址及该第二 VPN配置信息。  In the embodiment of the present invention, the database may store the ID of the network site, the address of the second PE, and the second VPN configuration information in the format shown in Table 1.
表 1  Table 1
网络站点的 ID 第二 VPN配置信息 第二 PE的地址 表 1中, 该络站点的 ID、 该第二 VPN配置信息及该第二 PE的地址三者相 对应。 其中, 网络站点的 ID用于标识该网络站点, 第二 VPN配置信息为第二 PE的 VPN配置信息, 第二 PE的地址可以为该第二 PE的 IP地址。 ID of the network site Second VPN configuration information Address of the second PE In Table 1, the ID of the network site, the second VPN configuration information, and the address of the second PE correspond to each other. The ID of the network site is used to identify the network site, the second VPN configuration information is the VPN configuration information of the second PE, and the address of the second PE may be the IP address of the second PE.
本发明实施例中,该第二 VPN配置信息为该第二 PE的输入 RT和输出 RT时, 上述 240中确定与该第二 VPN配置信息相匹配的第一 VPN配置信息时, 将该第 二 VPN配置信息中该网络站点的输入 RT作为该第一 VPN配置信息的输出 RT, 将该第二 VPN配置信息中该网络站点的输出 RT作为该第一 VPN配置信息的输入 RT。 该第二 VPN配置信息为 VC ID时, 上述 240中确定与该第二 VPN配置信息 相匹配的第一 VPN配置信息时, 该第一 VPN配置信息中的 VC ID的值与该第二 VPN配置信息中的 VC ID的值相同。  In the embodiment of the present invention, when the second VPN configuration information is the input RT and the output RT of the second PE, when the first VPN configuration information matching the second VPN configuration information is determined in the foregoing 240, the second The input RT of the network site in the VPN configuration information is used as the output RT of the first VPN configuration information, and the output RT of the network site in the second VPN configuration information is used as the input RT of the first VPN configuration information. When the second VPN configuration information is the VC ID, when the first VPN configuration information matching the second VPN configuration information is determined in the foregoing 240, the value of the VC ID in the first VPN configuration information and the second VPN configuration The value of the VC ID in the message is the same.
本发明实施例中, 可选地, 连接位于该云端的目标 VPC时, 可以通过位于 该云端的 VCE连接该目标 VPC。  In the embodiment of the present invention, optionally, when the target VPC located in the cloud is connected, the target VPC may be connected through a VCE located in the cloud.
例如, 在通过位于该云端的 VCE连接该目标 VPC时, 可以设置本地参数以 实现与位于该云端的 VCE连接。 本地参数的设置方法与上述 130中 VCE参数的 设置方法类似, 请参阅。  For example, when connecting to the target VPC through a VCE located in the cloud, local parameters can be set to connect with the VCE located in the cloud. The setting method of the local parameters is similar to the setting method of the VCE parameters in the above 130, please refer to.
如图 4所示, 本发明实施例中, 可选地, 上述 250之后, 还可以包括: As shown in FIG. 4, in the embodiment of the present invention, optionally, after the foregoing 250, the method may further include:
260、 接收该云端发送的该网络站点的 ID及第二隧道属性信息。 260. Receive an ID of the network station and second tunnel attribute information sent by the cloud.
270、 根据该网络站点的 ID、 该第二 PE的地址及该第二隧道属性信息, 更 新该第一 PE与该第二 PE间的隧道属性, 从而更新该目标 VPC与该网络站点的 通信连接属性。  270. Update a tunnel attribute between the first PE and the second PE according to the ID of the network station, the address of the second PE, and the second tunnel attribute information, so as to update a communication connection between the target VPC and the network station. Attributes.
这样, 可以根据需要实时调整目标 VPC与网络站点的通信连接。  In this way, the communication connection between the target VPC and the network site can be adjusted in real time as needed.
具体地, 第二隧道属性信息可以包括双向通信隧道带宽值, 同样, 此处的 通信连接可以为单向隧道或双向隧道的通信连接, 也可以为双向隧道的通信连 接。  Specifically, the second tunnel attribute information may include a bidirectional communication tunnel bandwidth value. Similarly, the communication connection herein may be a unidirectional tunnel or a bidirectional tunnel communication connection, or may be a bidirectional tunnel communication connection.
本发明实施例中, 第一隧道属性信息及第二隧道属性信息可以包括网络站 点与云端的通信隧道带宽值。  In the embodiment of the present invention, the first tunnel attribute information and the second tunnel attribute information may include a communication tunnel bandwidth value of the network site and the cloud.
本发明实施例, 通过连接位于云端的目标 VPC, 接收云端发送的网络站点 的 ID及第一隧道属性信息, 根据网络站点的 ID获取第二 VPN配置信息及第二 PE的地址, 并根据第二 VPN配置信息得到相匹配的第一 VPN配置信息, 并根据 第一 VPN配置信息、 第二 PE的地址和第一隧道属性信息, 建立与第二 PE间的 VPN连接以及隧道连接, 实现目标 VPC与网络站点间的通信连接。 由于网络站 点的 ID及第一隧道属性信息由网络站点自动发送,因此可以实现根据网络站点 的需要及时建立通信连接, 从而能够提高连接效率。 In the embodiment of the present invention, by connecting the target VPC located in the cloud, receiving the ID of the network station and the first tunnel attribute information sent by the cloud, acquiring the second VPN configuration information and the address of the second PE according to the ID of the network station, and according to the second The VPN configuration information is matched with the first VPN configuration information, and is established with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information. The VPN connection and the tunnel connection realize the communication connection between the target VPC and the network site. Since the ID of the network site and the first tunnel attribute information are automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving connection efficiency.
图 5示出了本发明实施例的通信连接方法的一种应用场景, 图 5中, 包括 网络站点, 运营商网络和云端。 其中网络站点包括网络站点管理模块和网络站 点用户边缘设备 (customer edge, CE ) , 其中网络站点管理模块用于检测网络 站点负荷, 并向云端发送消息; 网络站点 CE可以为网络站点数据中心的出口路 由器, 与网络站点 PE相连。 运营商网络包括网络站点 PE, 云端 PE和数据库。 其中网络站点 PE (第二 PE ) 为由运营商网络提供的, 用于将该网络站点接入到 运营上网络的接入设备(如路由器等) , 网络站点 PE维护一个如表 2所示格式 的关联表。 云端 PE (第一 PE ) 为由运营商网络提供的, 用于将云端接入到运营 商网络的接入设备 (如路由器等) 。 云端 PE维护一个如表 3 (详见下述) 所示 格式的关联表。 数据库与云端 PE相连, 数据库存储一个如表 1所示格式的信息 表。 云端包括云端管理模块, 云网关路由器 (cloud gateway router, CGR) 和 公共云, 其中 CGR可以为云端的出口路由器, 与云端 PE连接。  FIG. 5 shows an application scenario of a communication connection method according to an embodiment of the present invention. In FIG. 5, a network site, a carrier network, and a cloud are included. The network site includes a network site management module and a customer site edge device (CE), wherein the network site management module is configured to detect a network site load and send a message to the cloud; the network site CE may be an outlet of the network site data center. The router is connected to the network site PE. The carrier network includes the network site PE, cloud PE and database. The network site PE (second PE) is provided by the operator network, and is used to access the network site to an access device (such as a router) of the operating network, and the network site PE maintains a format as shown in Table 2. Association table. The cloud PE (first PE) is an access device (such as a router) that is provided by the carrier network to connect the cloud to the carrier network. The cloud PE maintains an association table in the format shown in Table 3 (see below). The database is connected to the cloud PE, and the database stores an information table in the format shown in Table 1. The cloud includes a cloud management module, a cloud gateway router (CGR), and a public cloud. The CGR can be an egress router of the cloud and connected to the cloud PE.
下面以图 5所示的应用场景为例, 结合图 6示出的交互流程详细说明本发 明实施例的通信连接方法的具体实现过程, 应当理解, 图 5仅为本发明实施例 的一种应用场景, 是为方便理解本发明实施例而作的示范性说明, 不应视为对 本发明实施例的限定。 此外, 图 5中以 VPN连接为 Layer 3 VPN连接为例, 但 并不限于此, 例如, VPN连接还可以为 Layer 2 VPN连接。  The application scenario shown in FIG. 5 is taken as an example, and the specific implementation process of the communication connection method in the embodiment of the present invention is described in detail in conjunction with the interaction process shown in FIG. 6. It should be understood that FIG. 5 is only an application of the embodiment of the present invention. The simplification of the embodiments of the present invention is not to be construed as limiting the embodiments of the present invention. In addition, in FIG. 5, a VPN connection is used as a Layer 3 VPN connection, but the present invention is not limited thereto. For example, the VPN connection may also be a Layer 2 VPN connection.
图 5所示的场景中, 实现网络站点与云端通信连接前, 网络站点向运营商 注册网络站点的 ID, 网络站点的 ID用于区分不同的网络站点。 网络站点 PE上 建立一个 VPN实例, 网络站点 PE上配置输入 RT和输出 RT (配置信息) , 并在 运营商网络的数据库中采用表 1所示的格式保存网络站点的 ID、 网络站点 PE 上配置的输入 RT和输出 RT (第二 VPN配置信息) 及网络站点 PE的地址。 在网 络站点 PE维护的如表 2所示格式的关联表中记录网络站点的 ID和对应的网络 站点 VPN ID,建立隧道连接前 TunneK隧道) ID为空,建立隧道连接后将 Tunnel ID记录在表 2中 (参见下述图 6中 507中获得反向隧道的隧道 ID的方法) 。  In the scenario shown in Figure 5, before the network site and the cloud communication connection are implemented, the network site registers the ID of the network site with the operator, and the ID of the network site is used to distinguish different network sites. A VPN instance is set up on the network site PE. The input site RT and output RT (configuration information) are configured on the network site PE, and the ID of the network site and the configuration on the network site PE are saved in the database of the carrier network in the format shown in Table 1. Input RT and output RT (second VPN configuration information) and the address of the network site PE. Record the ID of the network site and the corresponding network site VPN ID in the association table maintained by the network site PE as shown in Table 2, and set the tunnel ID before the tunnel connection. The ID is empty. After the tunnel connection is established, the tunnel ID is recorded in the table. 2 (refer to the method of obtaining the tunnel ID of the reverse tunnel in 507 in FIG. 6 below).
表 2  Table 2
网络站点的 ID 网络站点 VPN ID Tunnel ID  Network site ID Network site VPN ID Tunnel ID
表 2中, 网络站点的 ID、 网络站点 VPN ID、 Tunnel lD三者相对应。 本发明实施例中提及的双向隧道包括正向隧道和反向隧道, 云端 PE (第一 PE ) 至网络站点 PE (第二 PE ) 的隧道为正向隧道, 网络站点 PE至云端 PE的隧 道为反向隧道。 In Table 2, the network site ID, network site VPN ID, and tunnel lD correspond to each other. The bidirectional tunnel mentioned in the embodiment of the present invention includes a forward tunnel and a reverse tunnel, and the tunnel of the cloud PE (first PE) to the network site PE (second PE) is a forward tunnel, and the tunnel of the network site PE to the cloud PE For the reverse tunnel.
图 6为图 5场景中实现通信连接的信息交互示意图, 包括:  FIG. 6 is a schematic diagram of information interaction for implementing a communication connection in the scenario of FIG. 5, including:
501、 云端管理模块接收到网络站点管理模块发送的连接请求消息(第一请 求消息) , 连接请求消息包括创建 VPC (目标 VPC ) 的请求、 网络站点的 ID和 双向隧道带宽值 (第一隧道属性信息) , 云端管理模块根据创建 VPC的请求创 建一个 VPC (目标 VPC ) 。  501. The cloud management module receives a connection request message (first request message) sent by the network site management module, where the connection request message includes a request for creating a VPC (target VPC), a network station ID, and a bidirectional tunnel bandwidth value (first tunnel attribute) Information), the cloud management module creates a VPC (target VPC) based on the request to create a VPC.
例如, 可以在连接请求消息中加入一个指示字段, 标识创建 VPC的请求, 指示云端创建 VPC。  For example, an indication field may be added to the connection request message to identify a request to create a VPC, instructing the cloud to create a VPC.
其中, 连接请求消息由网络站点在网络站点的负荷高于第一负荷时自动发 送, 双向隧道带宽值包括正向隧道带宽值和反向隧道带宽值。  The connection request message is automatically sent by the network site when the load of the network site is higher than the first load, and the bidirectional tunnel bandwidth value includes a forward tunnel bandwidth value and a reverse tunnel bandwidth value.
502、 云端管理模块向 CGR发送网络站点的 ID及双向隧道带宽值。  502. The cloud management module sends the ID of the network station and the bidirectional tunnel bandwidth value to the CGR.
503、 CGR创建与 VPC对应的 VCE, 并通过 VCE连接云端 PE。  503. The CGR creates a VCE corresponding to the VPC and connects to the cloud PE through the VCE.
此时, 云端 PE也与 VCE连接。  At this time, the cloud PE is also connected to the VCE.
504、 CGR向云端 PE发送网络站点的 ID及双向隧道带宽值。  504. The CGR sends the ID of the network station and the bandwidth of the bidirectional tunnel to the cloud PE.
具体地, CGR可以将网络站点的 ID及双向隧道带宽携带于扩展边界网关协 议 (Border Gateway Protocol, BGP ) update信令属性中向云端 PE发送。  Specifically, the CGR may send the ID of the network site and the bidirectional tunnel bandwidth to the cloud PE in the Border Gateway Protocol (BGP) update signaling attribute.
505、 云端 PE应用网络站点的 ID向数据库获取网络站点 PE配置的输入 RT 和输出 RT、 及网络站点 PE的地址。  505. The ID of the cloud PE application network site acquires the input RT and output RT of the PE configuration of the network site and the address of the PE of the network site to the database.
506、 云端 PE应用网络站点 PE配置的输入 RT和输出 RT (第一 VPN配置信 息) 建立 VPN实例, 生成云端 VPN ID , 将 VCE与该 VPN实例对接, 并在云端 PE 维护的关联表 (如表 3所示) 中记录网络站点的 ID及云端 VPN ID , 表 3中, Tunnel (隧道) ID栏空置, 待下述 507确定 Tunnel ID后存入表中。  506. The input RT and the output RT configured by the PE of the cloud PE application network site (the first VPN configuration information) establishes a VPN instance, generates a cloud VPN ID, connects the VCE with the VPN instance, and maintains an association table in the cloud PE (such as a table). 3 shows the ID of the network site and the cloud VPN ID. In Table 3, the Tunnel ID column is vacant. After the 507 is determined, the tunnel ID is stored in the table.
表 3  table 3
网络站点的 ID 云端 VPN ID Tunnel ID  Network site ID cloud VPN ID Tunnel ID
表 3中, 网络站点的 ID、 云端 VPN ID、 Tunne l ID三者相对应。  In Table 3, the network site ID, cloud VPN ID, and Tunne l ID correspond to each other.
507、 云端 PE应用网络站点 PE的地址向网络站点 PE发起双向隧道连接, 并应用双向带宽值确定双向带宽。  507. The address of the PE of the cloud PE application network station initiates a bidirectional tunnel connection to the network site PE, and applies the bidirectional bandwidth value to determine the bidirectional bandwidth.
其中, 双向隧道包括正向隧道 (云端 PE至网络站点 PE ) 和反向隧道 (网 络站点 PE至云端 PE ) , 相应地, 双向隧道带宽值包括正向隧道带宽值和反向 隧道带宽值。 例如, 云端 PE创建正向隧道, 在创建正向隧道后, 得到正向隧道 的隧道 ID, 记录在云端 PE维护的关联表 (表 3 ) 中该网络站点的 ID对应的表 项中, 在云端 PE创建正向隧道的信息到达网络站点 PE后, 触发网络站点 PE创 建反向隧道, 在创建反向隧道后, 网络站点 PE得到反向隧道的隧道 ID, 记录 在网络站点 PE维护的关联表 (表 2 ) 中该网络站点的 ID对应的表项中。 The bidirectional tunnel includes a forward tunnel (the cloud PE to the network site PE) and a reverse tunnel (the network site PE to the cloud PE), and correspondingly, the bidirectional tunnel bandwidth value includes the forward tunnel bandwidth value and the reverse direction. Tunnel bandwidth value. For example, the cloud PE creates a forward tunnel. After the forward tunnel is created, the tunnel ID of the forward tunnel is obtained. The entry in the association table (Table 3) maintained by the cloud PE is the entry corresponding to the ID of the network site. After the PE creates the forward tunnel information and reaches the network site PE, the network site PE is triggered to create a reverse tunnel. After the reverse tunnel is created, the network site PE obtains the tunnel ID of the reverse tunnel, and records the association table maintained by the network site PE. In Table 2), the ID of the network site corresponds to the entry.
508、 云端 PE根据云端 PE维护的关联表 (表 3 ) 中的网络站点的 ID, 将正 向隧道的隧道 ID与云端 VPN ID绑定。  508. The cloud PE binds the tunnel ID of the forward tunnel to the cloud VPN ID according to the ID of the network site in the association table maintained by the cloud PE (Table 3).
509、 网络站点 PE根据网络站点 PE维护的关联表 (表 2 ) 中的网络站点的 ID, 将反向隧道的隧道 ID与网络站点 VPN ID绑定。  509. The network site PE binds the tunnel ID of the reverse tunnel to the network site VPN ID according to the ID of the network site in the association table maintained by the network site PE (Table 2).
应当理解, 本发明实施例也可以发起单向隧道连接, 具体实现方法可以请 参照上述双向隧道连接方法, 不再赘述。  It should be understood that the embodiment of the present invention may also initiate a unidirectional tunnel connection. For the specific implementation method, refer to the above bidirectional tunnel connection method, and details are not described herein.
至此, 实现 VPC与网络站点的数据中心的通信连接。  At this point, the communication connection between the VPC and the data center of the network site is realized.
另外本发明实施例中,在云端 PE与网络站点 PE间建立双向隧道连接之后, 还可以根据网络站点的请求, 按新的双向隧道的带宽值更新双向隧道连接。 请 参阅图 7, 包括:  In addition, in the embodiment of the present invention, after the bidirectional tunnel connection is established between the cloud PE and the network site PE, the bidirectional tunnel connection may be updated according to the bandwidth value of the new bidirectional tunnel according to the request of the network site. Please refer to Figure 7, including:
601、 云端管理模块收到网络站点管理模块发送的更新请求消息(第二请求 消息) , 更新请求消息包括更新双向隧道的请求 (更新通信连接的请求) 、 网 络站点的 ID及双向隧道带宽值 (第二隧道属性信息) 。  601. The cloud management module receives an update request message (second request message) sent by the network site management module, where the update request message includes a request for updating the bidirectional tunnel (request to update the communication connection), a network station ID, and a bidirectional tunnel bandwidth value ( Second tunnel attribute information).
例如, 可以在更新请求消息中加入一个指示字段, 标识更新双向隧道的请 求, 指示云端更新双向隧道。 更新请求消息由网络站点检测到隧道带宽需要变 更时发送, 或者由网络站点根据指令发送, 双向隧道带宽值可以包括正向隧道 带宽值和反向隧道带宽值。  For example, an indication field may be added to the update request message to identify a request to update the bidirectional tunnel, instructing the cloud to update the bidirectional tunnel. The update request message is sent when the network station detects that the tunnel bandwidth needs to be changed, or is sent by the network station according to the instruction. The bidirectional tunnel bandwidth value may include a forward tunnel bandwidth value and a reverse tunnel bandwidth value.
收到双向隧道带宽的请求后, 执行 602。  After receiving the request for the bidirectional tunnel bandwidth, execute 602.
602、 云端管理模块向 CGR发送网络站点的 ID及双向隧道带宽值。  602. The cloud management module sends the ID of the network station and the bidirectional tunnel bandwidth value to the CGR.
603、 CGR向云端 PE发送网络站点的 ID及双向隧道带宽值。  603. The CGR sends the ID of the network station and the bandwidth of the bidirectional tunnel to the cloud PE.
同样, 此处 CGR可以将网络站点的 ID及双向隧道带宽值携带于扩展 BGP update信令属性向云端 PE发送。  Similarly, the CGR can carry the ID of the network station and the bidirectional tunnel bandwidth value in the extended BGP update signaling attribute to the cloud PE.
604、 云端 PE根据网络站点的 ID在本地维护的关联表 (表 3 ) 中査询到该 网络站点的 ID对应的正向隧道的隧道 ID, 按双向隧道带宽值中的正向隧道带 宽值变更正向隧道的带宽。 605、 云端 PE将网络站点的 ID及反向隧道带宽值发送到网络站点 PE。 具体地,云端 PE可以通过扩展资源预留协议流量工程(Resource Reservation Protocol -Traffic Engineering, RSVP-TE)信令携带网络站点的 ID及反向隧道带 宽值发送到网络站点 PE。 604. The cloud PE queries the tunnel ID of the forward tunnel corresponding to the ID of the network site according to the ID of the network site in the local maintenance association table (Table 3), and changes the forward tunnel bandwidth value in the bidirectional tunnel bandwidth value. The bandwidth of the forward tunnel. 605. The cloud PE sends the ID of the network station and the reverse tunnel bandwidth value to the network site PE. Specifically, the cloud PE may send the ID of the network station and the reverse tunnel bandwidth value to the network site PE by using the Resource Reservation Protocol (Traffic Engineering, RSVP-TE) signaling.
606、 网络站点 PE通过网络站点的 ID在本地维护的关联表 (表 2 ) 中査询 存储的网络站点的 ID对应的反向隧道的隧道 ID, 按反向隧道带宽值变更反向 隧道的带宽。  606. The network site PE queries the local tunnel maintenance association table (Table 2) through the ID of the network site to query the tunnel ID of the reverse tunnel corresponding to the ID of the stored network site, and changes the bandwidth of the reverse tunnel according to the reverse tunnel bandwidth value. .
至此, 实现更新云端 PE与网络站点 PE间的双向隧道连接。  So far, the two-way tunnel connection between the cloud PE and the network site PE is updated.
本发明实施例, 网络站点自动向云端发送创建 VPC的请求、 网络站点的 ID 及双向隧道带宽值, 云端根据创建 VPC的请求创建目标 VPC, 连接目标 VPC和 云端 PE, 向云端 PE发送网络站点的 ID及第一隧道属性信息, 云端 PE根据网 络站点的 ID获取网络站点 PE配置的输入 RT和输出 RT及第二 PE的地址,并根 据网络站点 PE配置的输入 RT和输出 RT建立 VPN, 并根据 VPN、 网络站点 PE的 地址和双向隧道带宽值, 建立与网络站点 PE间的 VPN连接以及隧道连接, 实现 目标 VPC与网络站点间的通信连接。 由于请求消息由网络站点自动发送, 因此 可以实现根据网络站点的需要及时建立通信连接, 从而能够提高连接效率。 另 夕卜, 本发明实施例还可以根据需要实时调整目标 VPC与网络站点的通信连接。  In the embodiment of the present invention, the network site automatically sends a request for creating a VPC, a network site ID, and a bidirectional tunnel bandwidth value to the cloud, and the cloud creates a target VPC according to the request for creating a VPC, connects the target VPC and the cloud PE, and sends the network site to the cloud PE. ID and first tunnel attribute information, the cloud PE obtains the input RT and the output RT of the network site PE and the address of the second PE according to the ID of the network site, and establishes a VPN according to the input RT and the output RT configured by the network site PE, and according to the The VPN, the address of the network site PE, and the bandwidth of the bidirectional tunnel establish a VPN connection and a tunnel connection with the network site PE to implement a communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency. In addition, the embodiment of the present invention can also adjust the communication connection between the target VPC and the network site in real time as needed.
如图 8所示, 本发明实施例提供一种云端装置, 该装置可以包括: 第一接 收模块 810, 创建模块 820, 连接模块 830, 第一发送模块 840, 其中:  As shown in FIG. 8, the embodiment of the present invention provides a cloud device, which may include: a first receiving module 810, a creating module 820, a connecting module 830, and a first sending module 840, where:
第一接收模块 810, 用于接收网络站点在网络站点的负荷高于第一负荷时 发送的第一请求消息, 第一请求消息包括创建 VPC的请求、 网络站点的 ID和第 一隧道属性信息。  The first receiving module 810 is configured to receive a first request message sent by the network site when the load of the network site is higher than the first load, where the first request message includes a request for creating a VPC, an ID of the network station, and first tunnel attribute information.
创建模块 820, 用于根据创建 VPC的请求创建目标 VPC。  A module 820 is created for creating a target VPC based on the request to create a VPC.
连接模块 830, 用于连接目标 VPC和第一 PE。  The connection module 830 is configured to connect the target VPC and the first PE.
第一发送模块 840, 用于向第一 PE发送网络站点的 ID及第一隧道属性信 息, 使得第一 PE根据网络站点的 ID获取第二 VPN配置信息及第二 PE的地址, 并根据第二 VPN配置信息得到相匹配的第一 VPN配置信息, 并根据第一 VPN配 置信息、 第二 PE的地址和第一隧道属性信息, 建立与第二 PE间的 VPN连接以 及隧道连接, 从而实现目标 VPC与网络站点间的通信连接, 第二 VPN配置信息 为第二 PE的 VPN配置信息, 第二 PE为网络站点的接入设备。 较佳地, 如图 9所示, 连接模块 830可以包括: The first sending module 840 is configured to send the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE acquires the second VPN configuration information and the address of the second PE according to the ID of the network station, and according to the second The VPN configuration information obtains the matched first VPN configuration information, and establishes a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, thereby implementing the target VPC. The communication connection with the network site, the second VPN configuration information is the VPN configuration information of the second PE, and the second PE is the access device of the network site. Preferably, as shown in FIG. 9, the connection module 830 can include:
创建单元 831, 用于创建与目标 VPC对应的 VCE;  Creating a unit 831, configured to create a VCE corresponding to the target VPC;
连接单元 832, 用于通过该 VCE连接该第一 PE。  The connecting unit 832 is configured to connect the first PE by using the VCE.
较佳地, 如图 10所示, 本发明实施例的另一种云端装置还可以包括: 第二 接收模块 850、 第二发送模块 860, 其中:  Preferably, as shown in FIG. 10, another cloud device in the embodiment of the present invention may further include: a second receiving module 850 and a second sending module 860, where:
第二接收模块 850, 用于接收网络站点发送的第二请求消息, 第二请求消 息包括更新通信连接的请求、 第二隧道属性信息和网络站点的 ID。  The second receiving module 850 is configured to receive a second request message sent by the network station, where the second request message includes a request for updating the communication connection, the second tunnel attribute information, and an ID of the network station.
第二发送模块 860, 用于根据更新通信连接的请求确定网络站点需更新通 信连接后, 向第一 PE发送第二隧道属性信息及网络站点的 ID, 使得第一 PE根 据网络站点的 ID、第二 PE的地址及第二隧道属性信息, 更新第一 PE与第二 PE 间的隧道属性, 从而更新目标 VPC与网络站点的通信连接属性。  The second sending module 860 is configured to: after determining that the network station needs to update the communication connection according to the request for updating the communication connection, send the second tunnel attribute information and the ID of the network station to the first PE, so that the first PE is based on the ID of the network station, The address of the second PE and the second tunnel attribute information are used to update the tunnel attribute between the first PE and the second PE, thereby updating the communication connection attribute of the target VPC and the network station.
这样, 可以根据需要实时调整目标 VPC与网络站点的通信连接。  In this way, the communication connection between the target VPC and the network site can be adjusted in real time as needed.
本发明实施例的云端装置的组成模块可以分布于不同的设备之中, 也可以 集成于同一设备之中, 多个模块可以合并使用, 单个模块也可以使用也可以分 立使用, 能够实现各自的功能即可。 例如, 第一接收模块 810和创建模块 820 可以合并为图 5中的云端管理模块实现相应的功能。 上述云端装置中各模块的 功能仅作简要描述, 详细描述请参见上述通信连接方法 100的实施例, 另外上 述云端装置可以执行上述通信连接方法 100实施例中相应的步骤。  The components of the cloud device of the embodiment of the present invention may be distributed among different devices, or may be integrated into the same device, and multiple modules may be used in combination, and a single module may also be used separately or separately, and can implement respective functions. Just fine. For example, the first receiving module 810 and the creating module 820 can be combined into the cloud management module in FIG. 5 to implement corresponding functions. The functions of the modules in the cloud device are only described briefly. For a detailed description, refer to the embodiment of the communication connection method 100. The cloud device may perform the corresponding steps in the foregoing embodiment of the communication connection method 100.
本发明实施例的云端装置接收网络站点自动发送的包含创建 VPC的请求、 网络站点的 ID及第一隧道属性信息的请求消息,根据创建 VPC的请求创建目标 VPC, 连接目标 VPC和第一 PE, 向第一 PE发送网络站点的 ID及第一隧道属性 信息,使得第一 PE根据网络站点的 ID获取第二 VPN配置信息及第二 PE的地址, 并根据第二 VPN配置信息得到相匹配的第一 VPN配置信息, 并根据第一 VPN配 置信息、 第二 PE的地址和第一隧道属性信息, 建立与第二 PE间的 VPN连接以 及隧道连接, 实现目标 VPC与网络站点间的通信连接。 由于请求消息由网络站 点自动发送, 因此可以实现根据网络站点的需要及时建立通信连接, 从而能够 提高连接效率。  The cloud device of the embodiment of the present invention receives a request message for automatically creating a VPC request, a network site ID, and a first tunnel attribute information, and creates a target VPC according to the request for creating a VPC, and connects the target VPC and the first PE. Sending the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network station, and obtains the matching according to the second VPN configuration information. a VPN configuration information, and establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement a communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency.
如图 11所示, 本发明实施例提供一种通信装置, 该装置可以包括: 第一连 接模块 910, 第一接收模块 920, 获取模块 930, 确定模块 940, 第二连接模块 950, 其中: 第一连接模块 910, 用于连接位于云端的目标 VPC。 As shown in FIG. 11, the embodiment of the present invention provides a communication device, which may include: a first connection module 910, a first receiving module 920, an obtaining module 930, a determining module 940, and a second connecting module 950, where: The first connection module 910 is configured to connect to the target VPC located in the cloud.
第一接收模块 920, 用于接收云端发送的网络站点的 ID及第一隧道属性信 息,网络站点的 ID及第一隧道属性信息由网络站点在网络站点的数据中心的负 荷高于第一负荷时发送。  The first receiving module 920 is configured to receive an ID of the network station and the first tunnel attribute information sent by the cloud, where the ID of the network station and the first tunnel attribute information are when the load of the data center of the network site at the network site is higher than the first load. send.
获取模块 930, 可以用于根据网络站点的 ID获取第二 VPN配置信息及第二 The obtaining module 930 is configured to obtain the second VPN configuration information according to the ID of the network site, and the second
PE的地址, 第二 VPN配置信息为第二 PE的 VPN配置信息, 第二 PE为网络站点 的接入设备。 The address of the PE, the second VPN configuration information is the VPN configuration information of the second PE, and the second PE is the access device of the network site.
确定模块 940, 用于根据第二 VPN配置信息确定与第二 VPN配置信息相匹 配的第一 VPN配置信息。  The determining module 940 is configured to determine, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information.
第二连接模块 950, 用于根据第一 VPN配置信息、 第二 PE的地址及第一隧 道属性信息, 建立与第二 PE间的 VPN连接以及隧道连接, 从而实现目标 VPC与 网络站点间的通信连接。  The second connection module 950 is configured to establish a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement communication between the target VPC and the network site. connection.
较佳地,获取模块 930具体用于,应用络站点的 ID, 向数据库査询第二 VPN 配置信息及第二 PE的地址,数据库预存网络站点的 ID对应的第二 PE的地址和 网络站点的 ID对应的第二 VPN配置信息。  Preferably, the obtaining module 930 is specifically configured to: query an ID of the application site, query the database for the second VPN configuration information and the address of the second PE, and the address of the second PE corresponding to the ID of the database pre-stored network site and the network site The second VPN configuration information corresponding to the ID.
较佳地, 如图 12所示, 本发明实施例的另一种云端装置还可以包括: 第二 接收模块 960、 第三连接模块 970, 其中:  Preferably, as shown in FIG. 12, another cloud device in the embodiment of the present invention may further include: a second receiving module 960 and a third connecting module 970, where:
第二接收模块 960, 用于接收云端发送的网络站点的 ID及第二隧道属性信 息。  The second receiving module 960 is configured to receive an ID of the network station and a second tunnel attribute information sent by the cloud.
第三连接模块 970, 用于根据网络站点的 ID、 第二 PE的地址及第二隧道属 性信息, 更新第一 PE与第二 PE间的隧道属性, 从而更新目标 VPC与网络站点 的通信连接属性。  The third connection module 970 is configured to update a tunnel attribute between the first PE and the second PE according to the ID of the network station, the address of the second PE, and the second tunnel attribute information, so as to update the communication connection attribute between the target VPC and the network site. .
较佳地, 上述第一接收模块通过位于云端的 VCE连接目标 VPC。  Preferably, the first receiving module is connected to the target VPC through a VCE located in the cloud.
本发明实施例的通信装置可以为具有路由功能的网络设备, 如路由器等。 另外, 该通信装置的组成模块可以分布于不同的设备之中, 也可以集成于同一 设备之中, 多个模块可以合并使用, 单个模块也可以使用也可以分立使用, 能 够实现各自的功能即可。  The communication device in the embodiment of the present invention may be a network device with a routing function, such as a router. In addition, the component modules of the communication device may be distributed among different devices, or may be integrated into the same device, and multiple modules may be used in combination, and a single module may also be used separately or separately, and the respective functions can be realized. .
上述通信装置中各模块的功能仅作简要描述, 详细描述请参见上述通信连 接方法 200的实施例, 另外上述通信装置可以执行上述通信连接方法 200实施 例中相应的步骤。 本发明实施例的通信装置,通过连接位于云端的目标 VPC, 接收云端发送的 网络站点的 ID及第一隧道属性信息, 根据网络站点的 ID获取第二 VPN配置信 息及第二 PE的地址,并根据第二 VPN配置信息得到相匹配的第一 VPN配置信息, 并根据第一 VPN配置信息、 第二 PE的地址和第一隧道属性信息, 建立与第二 PE间的 VPN连接以及隧道连接, 实现目标 VPC与网络站点间的通信连接。 由于 网络站点的 ID及第一隧道属性信息由网络站点自动发送,因此可以实现根据网 络站点的需要及时建立通信连接, 从而能够提高连接效率。 如图 13所示, 本发明实施例提供一种通信系统, 包括: 云端装置 S1及通 信装置 S2, 其中: The functions of the modules in the above communication device are only briefly described. For a detailed description, refer to the embodiment of the communication connection method 200 described above. In addition, the communication device may perform the corresponding steps in the embodiment of the communication connection method 200. The communication device of the embodiment of the present invention, by connecting the target VPC located in the cloud, receives the ID of the network site and the first tunnel attribute information sent by the cloud, and obtains the second VPN configuration information and the address of the second PE according to the ID of the network site, and And obtaining a matching first VPN configuration information according to the second VPN configuration information, and establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, to implement A communication connection between the target VPC and the network site. Since the ID of the network site and the first tunnel attribute information are automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving connection efficiency. As shown in FIG. 13, an embodiment of the present invention provides a communication system, including: a cloud device S1 and a communication device S2, where:
云端装置 S 1可以用于,接收网络站点在网络站点的负荷高于第一负荷时发 送的第一请求消息, 第一请求消息包括创建 VPC的请求、 网络站点的标识 ID和 第一隧道属性信息; 根据创建 VPC的请求创建目标 VPC; 连接目标 VPC和第一 PE; 向第一 PE发送网络站点的 ID及第一隧道属性信息, 使得第一 PE根据网络 站点的 ID获取第二 VPN配置信息及第二 PE的地址, 并根据第二 VPN配置信息 确定与第二 VPN配置信息相匹配的第一 VPN配置信息, 并根据第一 VPN配置信 息、 第二 PE的地址和第一隧道属性信息, 建立与第二 PE间的 VPN连接以及隧 道连接, 从而实现目标 VPC与网络站点间的通信连接, 第二 VPN配置信息为第 二 PE的 VPN配置信息, 第二 PE为网络站点的接入设备。  The cloud device S1 may be configured to receive a first request message sent by the network site when the load of the network site is higher than the first load, where the first request message includes a request for creating a VPC, an identifier ID of the network station, and the first tunnel attribute information. The target VPC is created according to the request for creating the VPC; the target VPC and the first PE are connected; the ID of the network station and the first tunnel attribute information are sent to the first PE, so that the first PE obtains the second VPN configuration information according to the ID of the network station and An address of the second PE, and determining, according to the second VPN configuration information, the first VPN configuration information that matches the second VPN configuration information, and establishing, according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information. The VPN connection and the tunnel connection with the second PE, so as to realize the communication connection between the target VPC and the network site, the second VPN configuration information is the VPN configuration information of the second PE, and the second PE is the access device of the network site.
通信装置 S2可以用于, 连接位于云端的目标 VPC ; 接收云端发送的网络站 点的 ID及第一隧道属性信息, 所述网络站点的 ID及所述第一隧道属性信息由 所述网络站点在所述网络站点的负荷高于第一负荷时发送; 根据所述网络站点 的 ID获取第二 VPN配置信息及第二 PE的地址, 所述第二 VPN配置信息为所述 第二 PE的 VPN配置信息, 所述第二 PE为所述网络站点的接入设备; 根据所述 第二 VPN配置信息确定与所述第二 VPN配置信息相匹配的第一 VPN配置信息; 根据所述第一 VPN配置信息、所述第二 PE的地址及所述第一隧道属性信息, 建 立与所述第二 PE间的 VPN连接以及隧道连接,从而实现所述目标 VPC与所述网 络站点间的通信连接。  The communication device S2 may be configured to connect to a target VPC located in the cloud; receive an ID of the network station sent by the cloud, and first tunnel attribute information, where the ID of the network station and the first tunnel attribute information are used by the network station And sending, when the load of the network site is higher than the first load, obtaining the second VPN configuration information and the address of the second PE according to the ID of the network site, where the second VPN configuration information is the VPN configuration information of the second PE The second PE is an access device of the network site; determining, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information; according to the first VPN configuration information. The address of the second PE and the first tunnel attribute information establish a VPN connection and a tunnel connection with the second PE, so as to implement a communication connection between the target VPC and the network site.
具体地, 该云端设备 S1的组成模块, 及各模块的具体功能与上述实本发明 实施例的云端装置相同, 请参阅。 该通信装置 S2的组成模块, 及各模块的具体 功能与上述实本发明实施例的通信装置相同, 请参阅。 Specifically, the component modules of the cloud device S1 and the specific functions of the modules are the same as those of the cloud device in the embodiment of the present invention. The component modules of the communication device S2, and the specifics of each module The function is the same as that of the above-described communication device of the embodiment of the present invention, please refer to it.
本发明实施例的通信系统, 云端装置接收网络站点自动发送的创建 VPC的 请求、网络站点的 ID及第一隧道属性信息,根据创建 VPC的请求创建目标 VPC, 连接目标 VPC和第一 PE, 向第一 PE发送网络站点的 ID及第一隧道属性信息, 使得第一 PE根据网络站点的 ID获取第二 VPN配置信息及第二 PE的地址,并根 据第二 VPN配置信息得到相匹配的第一 VPN配置信息, 并根据第一 VPN配置信 息、 第二 PE的地址和第一隧道属性信息, 建立与第二 PE间的 VPN连接以及隧 道连接, 实现目标 VPC与网络站点间的通信连接。 由于请求消息由网络站点自 动发送, 因此可以实现根据网络站点的需要及时建立通信连接, 从而能够提高 连接效率。  In the communication system of the embodiment of the present invention, the cloud device receives the request for creating a VPC, the ID of the network station, and the first tunnel attribute information that are automatically sent by the network station, and creates a target VPC according to the request for creating a VPC, and connects the target VPC with the first PE. The first PE sends the ID of the network station and the first tunnel attribute information, so that the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network station, and obtains the first matching according to the second VPN configuration information. The VPN configuration information is used to establish a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement a communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving connection efficiency.
如图 14所示, 本发明实施例还提供一种云端装置, 该装置可以包括: 总线 144及连接到总线 144的接口 141、 处理器 142、 存储器 143, 其中:  As shown in FIG. 14, an embodiment of the present invention further provides a cloud device, which may include: a bus 144 and an interface 141 connected to the bus 144, a processor 142, and a memory 143, where:
接口 141用于接收网络站点在网络站点的负荷高于第一负荷时发送的第一 请求消息, 第一请求消息包括创建 VPC的请求、 网络站点的 ID和第一隧道属性 信息;  The interface 141 is configured to receive a first request message sent by the network site when the load of the network site is higher than the first load, where the first request message includes a request for creating a VPC, an ID of the network station, and first tunnel attribute information;
存储器 143用于存储指令, 处理器 142执行存储器 143中的指令用于根据 创建 VPC的请求创建目标 VPC ; 连接目标 VPC和第一 PE ; 向第一 PE发送网络站 点的 ID及第一隧道属性信息,使得第一 PE根据网络站点的 ID获取第二 VPN配 置信息及第二 PE的地址,并根据第二 VPN配置信息确定与第二 VPN配置信息相 匹配的第一 VPN配置信息, 并根据第一 VPN配置信息、 第二 PE的地址和第一隧 道属性信息, 建立与第二 PE间的 VPN连接以及隧道连接, 从而实现目标 VPC与 网络站点间的通信连接, 第二 VPN配置信息为第二 PE的 VPN配置信息, 第二 PE为网络站点的接入设备。  The memory 143 is used to store instructions, and the processor 142 executes instructions in the memory 143 for creating a target VPC according to the request to create a VPC; connecting the target VPC with the first PE; transmitting the ID of the network site and the first tunnel attribute information to the first PE The first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network site, and determines, according to the second VPN configuration information, the first VPN configuration information that matches the second VPN configuration information, and according to the first The VPN configuration information, the address of the second PE, and the first tunnel attribute information establish a VPN connection and a tunnel connection with the second PE, so as to implement a communication connection between the target VPC and the network site, and the second VPN configuration information is the second PE. VPN configuration information, the second PE is an access device of the network site.
较佳地,处理器 142执行存储器 143中的指令用于连接 VPC和第一 PE包括: 创建与目标 VPC对应的 VCE; 通过 VCE连接第一 PE。  Preferably, the processor 142 executes the instructions in the memory 143 for connecting to the VPC and the first PE, including: creating a VCE corresponding to the target VPC; and connecting the first PE by using the VCE.
较佳地, 处理器 142执行存储器 143中的指令还用于接收网络站点发送的 第二请求消息, 第二请求消息包括更新通信连接的请求、 第二隧道属性信息和 网络站点的 ID ; 根据更新通信连接的请求确定网络站点需更新通信连接后, 向 第一 PE发送第二隧道属性信息及网络站点的 ID, 使得第一 PE根据网络站点的 ID、第二 PE的地址及第二隧道属性信息,更新第一 PE与第二 PE间的隧道属性, 从而更新目标 V P c与网络站点的通信连接属性。 Preferably, the processor 142 executes instructions in the memory 143 for receiving a second request message sent by the network station, where the second request message includes a request to update the communication connection, the second tunnel attribute information, and the ID of the network site; The request for the communication connection determines that the network station needs to update the communication connection, and sends the second tunnel attribute information and the ID of the network station to the first PE, so that the first PE is based on the ID of the network station, the address of the second PE, and the second tunnel attribute information. Updating the tunnel attribute between the first PE and the second PE, Thereby updating the communication connection attribute of the target VP c and the network site.
本发明实施例的云端装置接收网络站点自动发送的包含创建 VPC的请求、 网络站点的 ID及第一隧道属性信息的请求消息,根据创建 VPC的请求创建目标 VPC, 连接目标 VPC和第一 PE, 向第一 PE发送网络站点的 ID及第一隧道属性 信息,使得第一 PE根据网络站点的 ID获取第二 VPN配置信息及第二 PE的地址, 并根据第二 VPN配置信息得到相匹配的第一 VPN配置信息, 并根据第一 VPN配 置信息、 第二 PE的地址和第一隧道属性信息, 建立与第二 PE间的 VPN连接以 及隧道连接, 实现目标 VPC与网络站点间的通信连接。 由于请求消息由网络站 点自动发送, 因此可以实现根据网络站点的需要及时建立通信连接, 从而能够 提高连接效率。 如图 15所示, 本发明实施例还提供一种通信装置, 该装置可以包括: 总线 154及连接到总线 154的接口 151、 处理器 152、 存储器 153, 其中:  The cloud device of the embodiment of the present invention receives a request message for automatically creating a VPC request, a network site ID, and a first tunnel attribute information, and creates a target VPC according to the request for creating a VPC, and connects the target VPC and the first PE. Sending the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE obtains the second VPN configuration information and the address of the second PE according to the ID of the network station, and obtains the matching according to the second VPN configuration information. a VPN configuration information, and establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement a communication connection between the target VPC and the network site. Since the request message is automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency. As shown in FIG. 15, an embodiment of the present invention further provides a communication device, which may include: a bus 154 and an interface 151, a processor 152, and a memory 153 connected to the bus 154, where:
接口 151用于接收云端发送的网络站点的 ID及第一隧道属性信息,网络站 点的 ID及第一隧道属性信息由网络站点在网络站点的负荷高于第一负荷时发 送;  The interface 151 is configured to receive the ID of the network station and the first tunnel attribute information sent by the cloud, where the ID of the network station and the first tunnel attribute information are sent by the network station when the load of the network site is higher than the first load;
存储器 153用于存储指令, 处理器 152执行存储器 153中的指令用于连接 位于云端的目标 VPC; 根据网络站点的 ID获取第二 VPN配置信息及第二 PE的 地址, 第二 VPN配置信息为第二 PE的 VPN配置信息, 第二 PE为网络站点的接 入设备; 根据第二 VPN配置信息确定与第二 VPN配置信息相匹配的第一 VPN配 置信息; 根据第一 VPN配置信息、 第二 PE的地址及第一隧道属性信息, 建立与 第二 PE间的 VPN连接以及隧道连接,从而实现目标 VPC与网络站点间的通信连 接。  The memory 153 is used to store instructions, the processor 152 executes instructions in the memory 153 for connecting to the target VPC located in the cloud, and obtains the second VPN configuration information and the address of the second PE according to the ID of the network station. The second VPN configuration information is The VPN configuration information of the second PE, the second PE is an access device of the network site; determining, according to the second VPN configuration information, the first VPN configuration information that matches the second VPN configuration information; according to the first VPN configuration information, the second PE The address and the first tunnel attribute information establish a VPN connection and a tunnel connection with the second PE, thereby implementing a communication connection between the target VPC and the network site.
较佳地,处理器 152执行存储器 153中的指令用于根据网络站点的 ID获取 第二 VPN配置信息及第二 PE的地址包括: 应用络站点的 ID, 向数据库査询第 二 VPN配置信息及第二 PE的地址,数据库预存网络站点的 ID对应的第二 PE的 地址和网络站点的 ID对应的第二 VPN配置信息。  Preferably, the processor 152 executes the instruction in the memory 153 for acquiring the second VPN configuration information according to the ID of the network site and the address of the second PE, including: the ID of the application site, and querying the database for the second VPN configuration information and The address of the second PE, the address of the second PE corresponding to the ID of the database pre-stored network site, and the second VPN configuration information corresponding to the ID of the network site.
较佳地, 处理器 152执行存储器 153中的指令还用于接收云端发送的网络 站点的 ID及第二隧道属性信息; 根据网络站点的 ID、 第二 PE的地址及第二隧 道属性信息, 更新第一 PE与第二 PE间的隧道属性, 从而更新目标 VPC与网络 站点的通信连接属性。 Preferably, the processor 152 executes the instruction in the memory 153 to receive the ID of the network station and the second tunnel attribute information sent by the cloud; and updates according to the ID of the network station, the address of the second PE, and the second tunnel attribute information. The tunnel attribute between the first PE and the second PE, thereby updating the target VPC and the network The communication connection properties of the site.
较佳地,处理器 152执行存储器 153中的指令用于连接位于云端的目标 VPC 包括: 通过位于云端的 VCE连接目标 VPC。  Preferably, the processor 152 executing the instructions in the memory 153 for connecting to the target VPC located in the cloud comprises: connecting the target VPC through the VCE located in the cloud.
本发明实施例的通信装置, 通过连接位于云端的目标 VPC, 接收云端发送 的网络站点的 ID及第一隧道属性信息, 根据网络站点的 ID获取第二 VPN配置 信息及第二 PE的地址,并根据第二 VPN配置信息得到相匹配的第一 VPN配置信 息, 并根据第一 VPN配置信息、 第二 PE的地址和第一隧道属性信息, 建立与第 二 PE间的 VPN连接以及隧道连接, 实现目标 VPC与网络站点间的通信连接。 由 于网络站点的 ID及第一隧道属性信息由网络站点自动发送, 因此可以实现根据 网络站点的需要及时建立通信连接, 从而能够提高连接效率。 需要说明的是: 上述实施例提供的数据发送装置及数据接收装置, 在表述 时, 仅以上述各功能模块的划分进行举例说明, 实际应用中, 可以根据需要而 将上述功能分配由不同的功能模块完成, 即将设备的内部结构划分成拨通的功 能模块, 以完成上述的全部或部分功能。 另外, 上述实施例提供的装置与相应 的方法属于同一构思, 其具体实现过程详见方法实施例, 这里不再赘述。  The communication device of the embodiment of the present invention receives the ID of the network site and the first tunnel attribute information sent by the cloud by connecting the target VPC located in the cloud, and obtains the second VPN configuration information and the address of the second PE according to the ID of the network site, and And obtaining a matching first VPN configuration information according to the second VPN configuration information, and establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, to implement A communication connection between the target VPC and the network site. Since the ID of the network site and the first tunnel attribute information are automatically sent by the network site, it is possible to establish a communication connection in time according to the needs of the network site, thereby improving the connection efficiency. It should be noted that, in the description, the data transmitting apparatus and the data receiving apparatus provided in the above embodiments are merely exemplified by the division of the above functional modules. In actual applications, the functions may be assigned different functions as needed. The module is completed, that is, the internal structure of the device is divided into function modules for dialing to complete all or part of the above functions. In addition, the device provided by the foregoing embodiment is the same as the corresponding method, and the specific implementation process is described in detail in the method embodiment, and details are not described herein again.
本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过 硬件来完成, 也可以通过程序来指令相关的硬件完成, 所述的程序可以存储于 一种计算机可读存储介质中, 上述提到的存储介质可以是只读存储器, 磁盘或 光盘等。  A person skilled in the art may understand that all or part of the steps of implementing the above embodiments may be completed by hardware, or may be instructed by a program to execute related hardware, and the program may be stored in a computer readable storage medium. The storage medium mentioned may be a read only memory, a magnetic disk or an optical disk or the like.
本说明书中的各个实施例均采用递进的方式描述, 各个实施例相同相似的 部分互相参见即可, 每个实施例重点说明的都是与其他实施例的不同之处。 尤 其, 对于装置实施例而言, 由于其基本相似于方法实施例, 所以描述得比较简 单, 相关之处参见方法实施例的部分说明即可。 以上所描述的装置实施例仅仅 是示意性的, 其中所述作为分离部件说明的单元可以是或者也可以不是物理上 分开的, 作为单元显示的部件可以是或者也可以不是物理单元, 即可以位于一 个地方, 或者也可以分布到多个网络单元上。 可以根据实际的需要选择其中的 部分或者全部模块来实现本实施例方案的目的。 本领域普通技术人员在不付出 创造性劳动的情况下, 即可以理解并实施。  The various embodiments in the specification are described in a progressive manner, and the same or similar parts of the various embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment. The device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, ie may be located One place, or it can be distributed to multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without any creative effort.
本领域普通技术人员可以意识到, 结合本文中所公开的实施例描述的各示 例的单元及算法步骤, 能够以电子硬件、 或者计算机软件和电子硬件的结合来 实现。 这些功能究竟以硬件还是软件方式来执行, 取决于技术方案的特定应用 和设计约束条件。 专业技术人员可以对每个特定的应用来使用不同方法来实现 所描述的功能, 但是这种实现不应认为超出本发明的范围。 One of ordinary skill in the art will recognize the various aspects described in connection with the embodiments disclosed herein. The unit and algorithm steps of the example can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
所属领域的技术人员可以清楚地了解到, 为描述的方便和简洁, 上述描述 的系统、装置和单元的具体工作过程, 可以参考前述方法实施例中的对应过程, 在此不再赘述。  A person skilled in the art can clearly understand that, for the convenience and brevity of the description, the specific working process of the system, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
在本申请所提供的几个实施例中, 应该理解到, 所揭露的系统、 装置和方 法, 可以通过其它的方式实现。 例如, 以上所描述的装置实施例仅仅是示意性 的, 例如, 所述单元的划分, 仅仅为一种逻辑功能划分, 实际实现时可以有另 外的划分方式, 例如多个单元或组件可以结合或者可以集成到另一个系统, 或 一些特征可以忽略, 或不执行。 另一点, 所显示或讨论的相互的耦合或直接耦 合或通信连接可以是通过一些接口, 装置或单元的间接耦合或通信连接, 可以 是电性, 机械或其它的形式。  In the several embodiments provided herein, it should be understood that the disclosed systems, devices, and methods may be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical, mechanical or otherwise.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的, 作为 单元显示的部件可以是或者也可以不是物理单元, 即可以位于一个地方, 或者 也可以分布到多个网络单元上。 可以根据实际的需要选择其中的部分或者全部 单元来实现本实施例方案的目的。  The units described as separate components may or may not be physically separate, and the components displayed as the units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solution of the embodiment.
另外, 在本发明各个实施例中的各功能单元可以集成在一个处理单元中, 也可以是各个单元单独物理存在, 也可以两个或两个以上单元集成在一个单元 中。  In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用 时, 可以存储在一个计算机可读取存储介质中。 基于这样的理解, 本发明的技 术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以 软件产品的形式体现出来, 该计算机软件产品存储在一个存储介质中, 包括若 干指令用以使得一台计算机设备 (可以是个人计算机, 服务器, 或者网络设备 等) 执行本发明各个实施例所述方法的全部或部分步骤。 而前述的存储介质包 括: U盘、 移动硬盘、 只读存储器 (ROM, Read-Only Memory ) 、 随机存取存储 器 (RAM, Random Access Memory ) 、 磁碟或者光盘等各种可以存储程序代码的 介质。 通过以上的实施方式的描述, 所属领域的技术人员可以清楚地了解到本发 明可借助软件加必需的通用硬件的方式来实现, 通用硬件包括通用集成电路、 通用 CPU、 通用存储器、 通用元器件等, 当然也可以通过专用硬件包括专用集 成电路、 专用 CPU、 专用存储器、 专用元器件等来实现, 但很多情况下前者是 更佳的实施方式。 基于这样的理解, 本发明的技术方案本质上或者说对现有技 术做出贡献的部分可以以软件产品的形式体现出来, 该计算机软件产品存储在 可读取的存储介质中, 如计算机的软盘, 硬盘或光盘等, 包括若干指令用以使 得一台计算机设备 (可以是个人计算机, 服务器, 或者网络设备等) 执行本发 明各个实施例的方法。 The functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, or a part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including The instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a U disk, a removable hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. . Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by means of software plus necessary general hardware including general-purpose integrated circuits, general-purpose CPUs, general-purpose memories, general-purpose components, and the like. Of course, it can also be realized by dedicated hardware including an application specific integrated circuit, a dedicated CPU, a dedicated memory, a dedicated component, etc., but in many cases, the former is a better implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer. A hard disk or optical disk, etc., includes instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods of various embodiments of the present invention.
以上仅为本发明的较佳实施例, 并不用以限制本发明, 凡在本发明的精神 和原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护 范围之内。  The above are only the preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalents, improvements, etc., which are within the spirit and scope of the present invention, should be included in the scope of the present invention. Inside.

Claims

权 利 要 求 书 Claims
1、 一种通信连接方法, 其特征在于, 包括: A communication connection method, comprising:
接收网络站点在所述网络站点的负荷高于第一负荷时发送的第一请求消 息, 所述第一请求消息包括创建虚拟专用云 VPC的请求、 所述网络站点的标识 ID和第一隧道属性信息;  Receiving, by the network site, a first request message sent when the load of the network site is higher than the first load, where the first request message includes a request for creating a virtual private cloud VPC, an identifier ID of the network site, and a first tunnel attribute. Information
根据所述创建 VPC的请求创建目标 VPC ;  Creating a target VPC according to the request to create a VPC;
连接所述目标 VPC和第一运营商边缘设备 PE ;  Connecting the target VPC and the first carrier edge device PE;
向所述第一 PE发送所述网络站点的 ID和所述第一隧道属性信息, 使得所 述第一 PE根据所述网络站点的 ID获取第二虚拟专用网 VPN配置信息及第二 PE 的地址, 并根据所述第二 VPN配置信息确定与所述第二 VPN配置信息相匹配的 第一 VPN配置信息, 并根据所述第一 VPN配置信息、 所述第二 PE的地址和所述 第一隧道属性信息, 建立与所述第二 PE间的 VPN连接和隧道连接, 从而实现所 述目标 VPC与所述网络站点间的通信连接, 所述第二 VPN配置信息为所述第二 PE的 VPN配置信息, 所述第二 PE为所述网络站点的接入设备。  Sending the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE acquires the second virtual private network VPN configuration information and the address of the second PE according to the ID of the network station. Determining, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information, and according to the first VPN configuration information, the address of the second PE, and the first The tunnel attribute information is used to establish a VPN connection and a tunnel connection with the second PE, so as to implement a communication connection between the target VPC and the network site, where the second VPN configuration information is the VPN of the second PE. Configuration information, where the second PE is an access device of the network site.
2、 根据权利要求 1所述的方法, 其特征在于, 所述连接所述目标 VPC和第 一运营商边缘设备 PE包括:  2. The method according to claim 1, wherein the connecting the target VPC and the first carrier edge device PE comprises:
创建与所述目标 VPC对应的虚拟用户边缘设备 VCE ;  Creating a virtual user edge device VCE corresponding to the target VPC;
通过所述 VCE连接所述第一 PE。  The first PE is connected through the VCE.
3、 根据权利要求 1或 2所述的方法, 其特征在于, 还包括:  The method according to claim 1 or 2, further comprising:
接收所述网络站点发送的第二请求消息, 所述第二请求消息包括更新通信 连接的请求、 第二隧道属性信息和所述网络站点的 ID ;  Receiving a second request message sent by the network station, where the second request message includes a request for updating a communication connection, second tunnel attribute information, and an ID of the network station;
根据所述更新通信连接的请求确定所述网络站点需更新通信连接后, 向所 述第一 PE发送所述第二隧道属性信息和所述网络站点的 ID, 使得所述第一 PE 根据所述网络站点的 ID、 所述第二 PE的地址和所述第二隧道属性信息, 更新 所述第一 PE与所述第二 PE间的隧道属性, 从而更新所述目标 VPC与所述网络 站点的通信连接属性。  After determining, by the request for updating the communication connection, that the network station needs to update the communication connection, sending the second tunnel attribute information and the ID of the network station to the first PE, so that the first PE is configured according to the Updating the tunnel attribute between the first PE and the second PE by the ID of the network station, the address of the second PE, and the second tunnel attribute information, thereby updating the target VPC and the network site Communication connection properties.
4、 一种通信连接方法, 其特征在于, 包括:  4. A communication connection method, comprising:
连接位于所述云端的目标虚拟专用云 VPC ;  Connecting a target virtual private cloud VPC located in the cloud;
接收云端发送的网络站点的标识 ID和第一隧道属性信息,所述网络站点的 ID和所述第一隧道属性信息由所述网络站点在所述网络站点的负荷高于第一负 荷时发送; Receiving an identifier ID of the network site sent by the cloud and first tunnel attribute information, where the ID of the network site and the first tunnel attribute information are higher than the first negative load of the network site at the network site Send time;
根据所述网络站点的 ID获取第二虚拟专用网 VPN配置信息和第二运营商边 缘设备 PE的地址, 所述第二 VPN配置信息为所述第二 PE的 VPN配置信息, 所 述第二 P E为所述网络站点的接入设备;  Obtaining the second virtual private network VPN configuration information and the address of the second carrier edge device PE according to the ID of the network site, where the second VPN configuration information is the VPN configuration information of the second PE, the second PE An access device for the network site;
根据所述第二 VPN配置信息确定与所述第二 VPN配置信息相匹配的第一 VPN 配置信息;  Determining, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information;
根据所述第一 VPN配置信息、所述第二 PE的地址和所述第一隧道属性信息, 建立与所述第二 PE间的 VPN连接以及隧道连接,从而实现所述目标 VPC与所述 网络站点间的通信连接。  Establishing a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, thereby implementing the target VPC and the network Communication connection between sites.
5、 根据权利要求 4所述的方法, 其特征在于, 所述根据所述网络站点的 5. The method according to claim 4, wherein the according to the network site
ID获取第二 VPN配置信息及第二 PE的地址包括: The ID obtains the second VPN configuration information and the address of the second PE, including:
应用所述络站点的 ID, 向数据库査询所述第二 VPN配置信息和所述第二 PE 的地址, 所述数据库预存所述网络站点的 ID对应的所述第二 PE的地址和所述 网络站点的 ID对应的所述第二 VPN配置信息。  Applying the ID of the network site to query the database for the second VPN configuration information and the address of the second PE, where the database prestores the address of the second PE corresponding to the ID of the network site, and the The second VPN configuration information corresponding to the ID of the network site.
6、 根据权利要求 4或 5所述的方法, 其特征在于, 还包括:  The method according to claim 4 or 5, further comprising:
接收所述云端发送的所述网络站点的 ID和第二隧道属性信息;  Receiving the ID of the network station and the second tunnel attribute information sent by the cloud;
根据所述网络站点的 ID、 所述第二 PE的地址和所述第二隧道属性信息, 更新所述第一 PE与所述第二 PE间的隧道属性, 从而更新所述目标 VPC与所述 网络站点的通信连接属性。  Updating a tunnel attribute between the first PE and the second PE according to the ID of the network station, the address of the second PE, and the second tunnel attribute information, thereby updating the target VPC and the The communication connection properties of the network site.
7根据权利要求 4所述的方法, 其特征在于, 所述连接位于所述云端的目 标虚拟专用云 VPC, 包括:  The method according to claim 4, wherein the connecting the target virtual private cloud VPC located in the cloud comprises:
通过位于所述云端的虚拟用户边缘设备 VCE连接所述目标 VPC。  The target VPC is connected through a virtual user edge device VCE located in the cloud.
8、 一种云端装置, 其特征在于, 包括:  8. A cloud device, comprising:
第一接收模块, 用于接收网络站点在所述网络站点的负荷高于第一负荷时 发送的第一请求消息, 所述第一请求消息包括创建虚拟专用云 VPC的请求、 所 述网络站点的标识 ID和第一隧道属性信息;  a first receiving module, configured to receive a first request message sent by the network site when the load of the network site is higher than the first load, where the first request message includes a request for creating a virtual private cloud VPC, and the network site Identification ID and first tunnel attribute information;
创建模块, 用于根据所述创建 VPC的请求创建目标 VPC;  a creating module, configured to create a target VPC according to the request for creating a VPC;
连接模块, 用于连接所述目标 VPC和第一运营商边缘设备 PE ;  a connection module, configured to connect the target VPC and the first carrier edge device PE;
第一发送模块, 用于向所述第一 PE发送所述网络站点的 ID和所述第一隧 道属性信息,使得所述第一 PE根据所述网络站点的 ID获取第二虚拟专用网 VPN 配置信息及第二 PE的地址, 并根据所述第二 VPN配置信息确定与所述第二 VPN 配置信息相匹配的第一 VPN配置信息, 并根据所述第一 VPN配置信息、 所述第 二 PE的地址和所述第一隧道属性信息, 建立与所述第二 PE间的 VPN连接以及 隧道连接,从而实现所述目标 VPC与所述网络站点间的通信连接,所述第二 VPN 配置信息为所述第二 PE的 VPN配置信息, 所述第二 PE为所述网络站点的接入 设备。 a first sending module, configured to send the ID of the network station and the first tunnel attribute information to the first PE, so that the first PE acquires a second virtual private network VPN according to the ID of the network station Configuring the information and the address of the second PE, and determining the first VPN configuration information that matches the second VPN configuration information according to the second VPN configuration information, and according to the first VPN configuration information, the second Establishing a VPN connection and a tunnel connection with the second PE by using the address of the PE and the first tunnel attribute information, so as to implement a communication connection between the target VPC and the network site, where the second VPN configuration information is For the VPN configuration information of the second PE, the second PE is an access device of the network site.
9、 根据权利要求 8所述的装置, 其特征在于, 所述连接模块包括: 创建单元, 用于创建与所述目标 VPC对应的虚拟用户边缘设备 VCE ;  The device according to claim 8, wherein the connection module comprises: a creating unit, configured to create a virtual user edge device VCE corresponding to the target VPC;
连接单元, 用于通过所述 VCE连接所述第一 PE。  a connecting unit, configured to connect the first PE by using the VCE.
10、 根据权利要求 8或 9所述的装置, 其特征在于, 还包括:  The device according to claim 8 or 9, further comprising:
第二接收模块, 用于接收所述网络站点发送的第二请求消息, 所述第二请 求消息包括更新通信连接的请求、 第二隧道属性信息和所述网络站点的 ID ; 第二发送模块, 用于根据所述更新通信连接的请求确定所述网络站点需更 新通信连接后, 向所述第一 PE发送所述第二隧道属性信息和所述网络站点的 ID, 使得所述第一 PE根据所述网络站点的 ID、 所述第二 PE的地址和所述第二 隧道属性信息, 更新所述第一 PE与所述第二 PE间的隧道属性, 从而更新所述 目标 VPC与所述网络站点的通信连接属性。  a second receiving module, configured to receive a second request message sent by the network station, where the second request message includes a request for updating a communication connection, second tunnel attribute information, and an ID of the network station; After determining that the network station needs to update the communication connection according to the request for updating the communication connection, sending the second tunnel attribute information and the ID of the network station to the first PE, so that the first PE is configured according to the first PE Updating the tunnel attribute between the first PE and the second PE by the ID of the network station, the address of the second PE, and the second tunnel attribute information, thereby updating the target VPC and the network The communication connection properties of the site.
11、 一种通信装置, 其特征在于, 包括:  A communication device, comprising:
第一连接模块, 用于连接位于云端的目标虚拟专用云 VPC ;  a first connection module, configured to connect to a target virtual private cloud VPC located in the cloud;
第一接收模块,用于接收所述云端发送的网络站点的标识 ID和第一隧道属 性信息,所述网络站点的 ID及所述第一隧道属性信息由所述网络站点在所述网 络站点的负荷高于第一负荷时发送;  a first receiving module, configured to receive an identifier ID of the network site sent by the cloud, and first tunnel attribute information, where the ID of the network station and the first tunnel attribute information are used by the network site at the network site Send when the load is higher than the first load;
获取模块,用于根据所述网络站点的 ID获取第二虚拟专用网 VPN配置信息 及第二运营商边缘设备 PE的地址,所述第二 VPN配置信息为所述第二 PE的 VPN 配置信息, 所述第二 PE为所述网络站点的接入设备;  An obtaining module, configured to acquire, according to the ID of the network site, the second virtual private network VPN configuration information and the address of the second carrier edge device PE, where the second VPN configuration information is the VPN configuration information of the second PE, The second PE is an access device of the network site;
确定模块, 用于根据所述第二 VPN配置信息确定与所述第二 VPN配置信息 相匹配的第一 VPN配置信息;  a determining module, configured to determine, according to the second VPN configuration information, first VPN configuration information that matches the second VPN configuration information;
第二连接模块, 用于根据所述第一 VPN配置信息、所述第二 PE的地址和所 述第一隧道属性信息, 建立与所述第二 PE间的 VPN连接以及隧道连接, 从而实 现所述目标 VPC与所述网络站点间的通信连接。 12、 根据权利要求 11所述的装置, 其特征在于, 所述获取模块具体用于, 应用所述络站点的 ID, 向数据库査询所述第二 VPN配置信息和所述第二 PE的 地址, 所述数据库预存所述网络站点的 ID对应的所述第二 PE的地址和所述网 络站点的 ID对应的所述第二 VPN配置信息。 a second connection module, configured to establish a VPN connection and a tunnel connection with the second PE according to the first VPN configuration information, the address of the second PE, and the first tunnel attribute information, so as to implement A communication connection between the target VPC and the network site. The device according to claim 11, wherein the acquiring module is specifically configured to: apply an ID of the network site, and query the database for the second VPN configuration information and the address of the second PE. And the database pre-stores the address of the second PE corresponding to the ID of the network station and the second VPN configuration information corresponding to the ID of the network station.
13、 根据权利要求 11或 12所述的装置, 其特征在于, 还包括:  The device according to claim 11 or 12, further comprising:
第二接收模块,用于接收所述云端发送的所述网络站点的 ID和第二隧道属 性信息;  a second receiving module, configured to receive the ID of the network station and the second tunnel attribute information sent by the cloud;
第三连接模块, 用于根据所述网络站点的 ID、 所述第二 PE的地址和所述 第二隧道属性信息, 更新所述第一 PE与所述第二 PE间的隧道属性, 从而更新 所述目标 VPC与所述网络站点的通信连接属性。  a third connection module, configured to update a tunnel attribute between the first PE and the second PE according to an ID of the network station, an address of the second PE, and the second tunnel attribute information, so as to update The communication connection attribute of the target VPC with the network site.
14、 根据权利要求 11所述的装置, 其特征在于, 所述第一连接模块具体用 于, 通过位于所述云端的虚拟用户边缘设备 VCE连接所述目标 VPC。  The device according to claim 11, wherein the first connection module is specifically configured to connect the target VPC through a virtual user edge device VCE located in the cloud.
15、 一种通信系统, 其特征在于, 包括如权利要求 8-10中任一项所述的 云端装置及如权利要求 11-14中任一项所述的通信装置。  A communication system, comprising: the cloud device according to any one of claims 8 to 10, and the communication device according to any one of claims 11-14.
PCT/CN2013/075605 2012-10-19 2013-05-14 Communication connection method, communication device and communication system WO2014059787A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210401104.4A CN103780467B (en) 2012-10-19 2012-10-19 communication connection method, communication device and communication system
CN201210401104.4 2012-10-19

Publications (1)

Publication Number Publication Date
WO2014059787A1 true WO2014059787A1 (en) 2014-04-24

Family

ID=50487518

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/075605 WO2014059787A1 (en) 2012-10-19 2013-05-14 Communication connection method, communication device and communication system

Country Status (2)

Country Link
CN (1) CN103780467B (en)
WO (1) WO2014059787A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111740893A (en) * 2020-06-30 2020-10-02 成都卫士通信息产业股份有限公司 Method, device, system, medium and equipment for realizing software-defined VPN

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10116493B2 (en) * 2014-11-21 2018-10-30 Cisco Technology, Inc. Recovering from virtual port channel peer failure
CN105791073B (en) * 2014-12-23 2019-07-19 华为技术有限公司 The method and apparatus of service deployment in a kind of virtualization network
CN104601431B (en) * 2014-12-31 2018-04-20 华为技术有限公司 The cut-in method and the network equipment of a kind of vpn service
CN105721306B (en) * 2016-02-04 2019-03-15 杭州数梦工场科技有限公司 A kind of transmission method and device of configuration information
CN107872542B (en) * 2016-09-27 2021-05-04 阿里巴巴集团控股有限公司 Data transmission method and network equipment
CN108900637A (en) * 2018-08-08 2018-11-27 北京百度网讯科技有限公司 Method for transmitting information and device
CN113098749B (en) * 2020-01-08 2024-10-15 华为技术有限公司 Message sending method, device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137008A (en) * 2011-01-24 2011-07-27 华为技术有限公司 Quality of service (QoS) keeping method, device and system
WO2011103840A2 (en) * 2011-04-19 2011-09-01 华为技术有限公司 Virtual private cloud connection method and tunnel proxy server
CN102387061A (en) * 2011-10-21 2012-03-21 华为技术有限公司 Method, device and system for accessing VPC (virtual private cloud) to VPN (virtual private network)

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137008A (en) * 2011-01-24 2011-07-27 华为技术有限公司 Quality of service (QoS) keeping method, device and system
WO2011103840A2 (en) * 2011-04-19 2011-09-01 华为技术有限公司 Virtual private cloud connection method and tunnel proxy server
CN102387061A (en) * 2011-10-21 2012-03-21 华为技术有限公司 Method, device and system for accessing VPC (virtual private cloud) to VPN (virtual private network)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111740893A (en) * 2020-06-30 2020-10-02 成都卫士通信息产业股份有限公司 Method, device, system, medium and equipment for realizing software-defined VPN
CN111740893B (en) * 2020-06-30 2022-02-11 成都卫士通信息产业股份有限公司 Method, device, system, medium and equipment for realizing software-defined VPN

Also Published As

Publication number Publication date
CN103780467B (en) 2017-04-26
CN103780467A (en) 2014-05-07

Similar Documents

Publication Publication Date Title
WO2014059787A1 (en) Communication connection method, communication device and communication system
US11856065B2 (en) Data transmission for service integration between a virtual private cloud and an intranet
EP2590369B1 (en) Method and device for connecting to virtual private network across domains
US11750515B2 (en) Data transmission method and apparatus
US8549286B2 (en) Method and system for forwarding data between private networks
US11575592B2 (en) Message processing method and apparatus, control-plane device, and computer storage medium
WO2015149563A1 (en) Communication method and system, resource pool management system, switch and control device
CN108616431A (en) A kind of message processing method, device, equipment and machine readable storage medium
CN108011754B (en) Transfer control separation system, backup method and device
EP3493483A1 (en) Virtual broadband access method, controller, and system
WO2017181807A1 (en) Sdn-based switch port information detection method, device, and terminal apparatus
JP5866083B1 (en) Control method, control apparatus and processor in software definition network
KR20130101663A (en) Apparatus and method for cloud networking
WO2021098727A1 (en) Network deployment method and system
WO2012149718A1 (en) Method for cloud terminal to access cloud server in cloud computing system, and cloud computing system
WO2014067293A1 (en) Remote access method and device
CN103634171A (en) Dynamic configuration method, device and system
WO2015081551A1 (en) Method, device and system for implementing packet routing in network
JP2019519146A (en) Routing establishment, packet transmission
WO2016101780A1 (en) Method and device for deploying service in virtualized network
EP3664403B1 (en) User authentication of bras under architecture of mutually separated forwarding and control
WO2016019676A1 (en) Method, apparatus and system for processing data packet in software defined network (sdn)
JP7541116B2 (en) COMMUNICATION METHOD AND RELATED APPARATUS
CN106936608B (en) Method, related equipment and system for establishing SSH connection
WO2015188331A1 (en) 转发控制方法、驱动器及sdn网络 forwarding control method, driver and sdn network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13847319

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13847319

Country of ref document: EP

Kind code of ref document: A1