Network Working Group                                       L. Andersson
Request for Comments: 4026                                     T. Madsen
Category: Informational                                         Acreo AB
                                                              March 2005
        
Network Working Group                                       L. Andersson
Request for Comments: 4026                                     T. Madsen
Category: Informational                                         Acreo AB
                                                              March 2005
        

Provider Provisioned Virtual Private Network (VPN) Terminology

提供商提供的虚拟专用网络(VPN)术语

Status of This Memo

关于下段备忘

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2005).

版权所有(C)互联网协会(2005年)。

Abstract

摘要

The widespread interest in provider-provisioned Virtual Private Network (VPN) solutions lead to memos proposing different and overlapping solutions. The IETF working groups (first Provider Provisioned VPNs and later Layer 2 VPNs and Layer 3 VPNs) have discussed these proposals and documented specifications. This has lead to the development of a partially new set of concepts used to describe the set of VPN services.

对提供商提供的虚拟专用网络(VPN)解决方案的广泛兴趣导致备忘录提出了不同且重叠的解决方案。IETF工作组(第一个供应商提供的VPN和后来的第2层VPN和第3层VPN)讨论了这些建议和记录的规范。这导致了用于描述VPN服务集的部分新概念集的开发。

To a certain extent, more than one term covers the same concept, and sometimes the same term covers more than one concept. This document seeks to make the terminology in the area clearer and more intuitive.

在某种程度上,一个以上的术语涵盖同一个概念,有时同一术语涵盖多个概念。本文件旨在使该领域的术语更清晰、更直观。

Table of Contents

目录

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  PPVPN Terminology  . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Provider Provisioned Virtual Private Network Services  . . . .  4
       3.1.  Layer 3 VPN (L3VPN)  . . . . . . . . . . . . . . . . . .  4
       3.2.  Layer 2 VPN (L2VPN)  . . . . . . . . . . . . . . . . . .  4
       3.3.  Virtual Private LAN Service (VPLS) . . . . . . . . . . .  4
       3.4.  Virtual Private Wire Service (VPWS)  . . . . . . . . . .  4
       3.5.  IP-Only LAN-Like Service (IPLS)  . . . . . . . . . . . .  5
       3.6.  Pseudo Wire (PW) . . . . . . . . . . . . . . . . . . . .  5
       3.7.  Transparent LAN Service (TLS)  . . . . . . . . . . . . .  5
       3.8.  Virtual LAN (VLAN) . . . . . . . . . . . . . . . . . . .  6
       3.9.  Virtual Leased Line Service (VLLS) . . . . . . . . . . .  6
       3.10. Virtual Private Network (VPN)  . . . . . . . . . . . . .  6
       3.11. Virtual Private Switched Network (VPSN)  . . . . . . . .  6
        
   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  PPVPN Terminology  . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Provider Provisioned Virtual Private Network Services  . . . .  4
       3.1.  Layer 3 VPN (L3VPN)  . . . . . . . . . . . . . . . . . .  4
       3.2.  Layer 2 VPN (L2VPN)  . . . . . . . . . . . . . . . . . .  4
       3.3.  Virtual Private LAN Service (VPLS) . . . . . . . . . . .  4
       3.4.  Virtual Private Wire Service (VPWS)  . . . . . . . . . .  4
       3.5.  IP-Only LAN-Like Service (IPLS)  . . . . . . . . . . . .  5
       3.6.  Pseudo Wire (PW) . . . . . . . . . . . . . . . . . . . .  5
       3.7.  Transparent LAN Service (TLS)  . . . . . . . . . . . . .  5
       3.8.  Virtual LAN (VLAN) . . . . . . . . . . . . . . . . . . .  6
       3.9.  Virtual Leased Line Service (VLLS) . . . . . . . . . . .  6
       3.10. Virtual Private Network (VPN)  . . . . . . . . . . . . .  6
       3.11. Virtual Private Switched Network (VPSN)  . . . . . . . .  6
        
   4.  Classification of VPNs . . . . . . . . . . . . . . . . . . . .  7
   5.  Building Blocks  . . . . . . . . . . . . . . . . . . . . . . .  8
       5.1.  Customer Edge Device (CE)  . . . . . . . . . . . . . . .  8
             5.1.1.  Device Based CE Naming . . . . . . . . . . . . .  9
             5.1.2.  Service Based CE Naming  . . . . . . . . . . . .  9
       5.2.  Provider Edge (PE) . . . . . . . . . . . . . . . . . . . 10
             5.2.1.  Device Based PE Naming . . . . . . . . . . . . . 10
             5.2.2.  Service Based PE Naming  . . . . . . . . . . . . 10
             5.2.3.  Distribution Based PE Naming . . . . . . . . . . 11
       5.3.  Core . . . . . . . . . . . . . . . . . . . . . . . . . . 11
             5.3.1   Provider Router (P)  . . . . . . . . . . . . . . 11
       5.4.  Naming in Specific Internet Drafts . . . . . . . . . . . 11
             5.4.1.  Layer 2 PE (L2PE)  . . . . . . . . . . . . . . . 11
             5.4.2.  Logical PE (LPE) . . . . . . . . . . . . . . . . 12
             5.4.3.  PE-CLE . . . . . . . . . . . . . . . . . . . . . 12
             5.4.4.  PE-Core  . . . . . . . . . . . . . . . . . . . . 12
             5.4.5.  PE-Edge  . . . . . . . . . . . . . . . . . . . . 12
             5.4.6.  PE-POP . . . . . . . . . . . . . . . . . . . . . 12
             5.4.7.  VPLS Edge (VE) . . . . . . . . . . . . . . . . . 12
   6.  Functions  . . . . . . . . . . . . . . . . . . . . . . . . . . 12
       6.1.  Attachment Circuit (AC)  . . . . . . . . . . . . . . . . 12
       6.2.  Backdoor Links . . . . . . . . . . . . . . . . . . . . . 13
       6.3.  Endpoint Discovery . . . . . . . . . . . . . . . . . . . 13
       6.4.  Flooding . . . . . . . . . . . . . . . . . . . . . . . . 13
       6.5.  MAC Address Learning . . . . . . . . . . . . . . . . . . 13
             6.5.1.  Qualified Learning . . . . . . . . . . . . . . . 13
             6.5.2.  Unqualified Learning . . . . . . . . . . . . . . 13
       6.6.  Signalling . . . . . . . . . . . . . . . . . . . . . . . 13
   7.  'Boxes'  . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
       7.1.  Aggregation Box  . . . . . . . . . . . . . . . . . . . . 14
       7.2.  Customer Premises Equipment (CPE)  . . . . . . . . . . . 14
       7.3.  Multi-Tenant Unit (MTU)  . . . . . . . . . . . . . . . . 14
   8.  Packet Switched Network (PSN)  . . . . . . . . . . . . . . . . 14
       8.1.  Route Distinguisher (RD) . . . . . . . . . . . . . . . . 15
       8.2.  Route Reflector  . . . . . . . . . . . . . . . . . . . . 15
       8.3.  Route Target (RT)  . . . . . . . . . . . . . . . . . . . 15
       8.4.  Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . 15
       8.5.  Tunnel Multiplexor . . . . . . . . . . . . . . . . . . . 16
       8.6.  Virtual Channel (VC) . . . . . . . . . . . . . . . . . . 16
       8.7.  VC Label . . . . . . . . . . . . . . . . . . . . . . . . 16
       8.8.  Inner Label  . . . . . . . . . . . . . . . . . . . . . . 16
       8.9.  VPN Routing and Forwarding (VRF) . . . . . . . . . . . . 16
       8.10. VPN Forwarding Instance (VFI)  . . . . . . . . . . . . . 16
       8.11. Virtual Switch Instance (VSI)  . . . . . . . . . . . . . 17
       8.12. Virtual Router (VR)  . . . . . . . . . . . . . . . . . . 17
   9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 17
   10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17
   11. Informative References . . . . . . . . . . . . . . . . . . . . 17
        
   4.  Classification of VPNs . . . . . . . . . . . . . . . . . . . .  7
   5.  Building Blocks  . . . . . . . . . . . . . . . . . . . . . . .  8
       5.1.  Customer Edge Device (CE)  . . . . . . . . . . . . . . .  8
             5.1.1.  Device Based CE Naming . . . . . . . . . . . . .  9
             5.1.2.  Service Based CE Naming  . . . . . . . . . . . .  9
       5.2.  Provider Edge (PE) . . . . . . . . . . . . . . . . . . . 10
             5.2.1.  Device Based PE Naming . . . . . . . . . . . . . 10
             5.2.2.  Service Based PE Naming  . . . . . . . . . . . . 10
             5.2.3.  Distribution Based PE Naming . . . . . . . . . . 11
       5.3.  Core . . . . . . . . . . . . . . . . . . . . . . . . . . 11
             5.3.1   Provider Router (P)  . . . . . . . . . . . . . . 11
       5.4.  Naming in Specific Internet Drafts . . . . . . . . . . . 11
             5.4.1.  Layer 2 PE (L2PE)  . . . . . . . . . . . . . . . 11
             5.4.2.  Logical PE (LPE) . . . . . . . . . . . . . . . . 12
             5.4.3.  PE-CLE . . . . . . . . . . . . . . . . . . . . . 12
             5.4.4.  PE-Core  . . . . . . . . . . . . . . . . . . . . 12
             5.4.5.  PE-Edge  . . . . . . . . . . . . . . . . . . . . 12
             5.4.6.  PE-POP . . . . . . . . . . . . . . . . . . . . . 12
             5.4.7.  VPLS Edge (VE) . . . . . . . . . . . . . . . . . 12
   6.  Functions  . . . . . . . . . . . . . . . . . . . . . . . . . . 12
       6.1.  Attachment Circuit (AC)  . . . . . . . . . . . . . . . . 12
       6.2.  Backdoor Links . . . . . . . . . . . . . . . . . . . . . 13
       6.3.  Endpoint Discovery . . . . . . . . . . . . . . . . . . . 13
       6.4.  Flooding . . . . . . . . . . . . . . . . . . . . . . . . 13
       6.5.  MAC Address Learning . . . . . . . . . . . . . . . . . . 13
             6.5.1.  Qualified Learning . . . . . . . . . . . . . . . 13
             6.5.2.  Unqualified Learning . . . . . . . . . . . . . . 13
       6.6.  Signalling . . . . . . . . . . . . . . . . . . . . . . . 13
   7.  'Boxes'  . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
       7.1.  Aggregation Box  . . . . . . . . . . . . . . . . . . . . 14
       7.2.  Customer Premises Equipment (CPE)  . . . . . . . . . . . 14
       7.3.  Multi-Tenant Unit (MTU)  . . . . . . . . . . . . . . . . 14
   8.  Packet Switched Network (PSN)  . . . . . . . . . . . . . . . . 14
       8.1.  Route Distinguisher (RD) . . . . . . . . . . . . . . . . 15
       8.2.  Route Reflector  . . . . . . . . . . . . . . . . . . . . 15
       8.3.  Route Target (RT)  . . . . . . . . . . . . . . . . . . . 15
       8.4.  Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . 15
       8.5.  Tunnel Multiplexor . . . . . . . . . . . . . . . . . . . 16
       8.6.  Virtual Channel (VC) . . . . . . . . . . . . . . . . . . 16
       8.7.  VC Label . . . . . . . . . . . . . . . . . . . . . . . . 16
       8.8.  Inner Label  . . . . . . . . . . . . . . . . . . . . . . 16
       8.9.  VPN Routing and Forwarding (VRF) . . . . . . . . . . . . 16
       8.10. VPN Forwarding Instance (VFI)  . . . . . . . . . . . . . 16
       8.11. Virtual Switch Instance (VSI)  . . . . . . . . . . . . . 17
       8.12. Virtual Router (VR)  . . . . . . . . . . . . . . . . . . 17
   9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 17
   10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17
   11. Informative References . . . . . . . . . . . . . . . . . . . . 17
        
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 20
        
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 20
        
1. Introduction
1. 介绍

A comparatively large number of memos have been submitted to the former PPVPN working group, and to the L2VPN, L3VPN, and PWE3 working groups, which all address the same problem space; provider provisioned virtual private networking for end customers. The memos address a wide range of services, but there is also a great deal of commonality among the proposed solutions.

已向前PPVPN工作组以及L2VPN、L3VPN和PWE3工作组提交了大量备忘录,这些工作组均涉及相同的问题空间;提供商为最终客户提供的虚拟专用网络。备忘录涉及范围广泛的服务,但在提议的解决方案中也有许多共同之处。

This has led to the development of a partial set of new concepts used to describe this set of VPN services. To a certain extent, more than one term covers the same concept, and sometimes the same term covers more than one concept.

这导致了用于描述这组VPN服务的部分新概念的开发。在某种程度上,一个以上的术语涵盖同一个概念,有时同一术语涵盖多个概念。

This document proposes a foundation for a unified terminology for the L2VPN and L3VPN working groups. In some cases, the parallel concepts within the PWE3 working group are used as references.

本文提出了L2VPN和L3VPN工作组统一术语的基础。在某些情况下,PWE3工作组内的并行概念用作参考。

2. PPVPN Terminology
2. PPVPN术语

The concepts and terms in this list are gathered from Internet Drafts sent to the L2VPN and L3VPN mailing lists (earlier the PPVPN mailing list) and RFCs relevant to the L2VPN and L3VPN working groups. The focus is on terminology and concepts that are specific to the PPVPN area, but this is not strictly enforced; e.g., some concepts and terms within the PWE3 and (Generalized) MPLS areas are closely related. We've tried to find the earliest uses of terms and concepts.

此列表中的概念和术语来自发送至L2VPN和L3VPN邮件列表(之前的PPVPN邮件列表)的互联网草稿以及与L2VPN和L3VPN工作组相关的RFC。重点是专用于PPVPN领域的术语和概念,但并未严格执行;e、 例如,PWE3和(广义)MPLS领域内的一些概念和术语密切相关。我们试图找到术语和概念的最早用法。

This document is intended to fully cover the concepts within the core documents from the L2VPN and L3VPN working groups; i.e., [L3VPN-REQ], [L2VPN-REQ], [L3VPN-FRAME], [L2VPN], and [RFC3809]. The intention is to create a comprehensive and unified set of concepts for these documents and, by extension, for the entire PPVPN area. To do so, it is also necessary to give some of the development the concepts of the area have been through.

本文件旨在全面涵盖L2VPN和L3VPN工作组核心文件中的概念;i、 例如,[L3VPN-REQ]、[L2VPN-REQ]、[L3VPN-FRAME]、[L2VPN]和[RFC3809]。其目的是为这些文档创建一套全面、统一的概念,并扩展为整个PPVPN领域。要做到这一点,还需要对该地区的一些概念进行开发。

The document is structured in four major sections. Section 4 lists the different services that have been or will be specified Section 5 lists the building blocks that are used to specify those services Section 6 lists the functions needed in those services. Section 7 lists some typical devices used in customer and provider networks.

本文件分为四个主要部分。第4节列出了已经或将要指定的不同服务。第5节列出了用于指定这些服务的构建块。第6节列出了这些服务中所需的功能。第7节列出了客户和提供商网络中使用的一些典型设备。

3. Provider Provisioned Virtual Private Network Services
3. 提供商提供的虚拟专用网络服务

In this section, we define the terminology that relates the set of services to solutions specified by the L2VPN and L3VPN working groups. The "pseudo wire" concept, which belongs to the PWE3 working group, is included for reference purposes. For requirements in provider provisioned VPNs, see [L3VPN-REQ].

在本节中,我们将定义与L2VPN和L3VPN工作组指定的解决方案相关的术语。“伪导线”概念属于PWE3工作组,仅供参考。有关提供商提供的VPN中的要求,请参阅[L3VPN-REQ]。

All terms and abbreviations are listed together with a brief description of the service. The list is structured to give the more general information first and the more specific later. The names of services for which the IETF is working on solutions have been moved to the top of the list. Older and more dated terminology has been pushed toward the end of the list.

所有术语和缩写与服务的简要说明一起列出。该列表的结构是先提供更一般的信息,然后再提供更具体的信息。IETF正在研究解决方案的服务名称已移至列表顶部。更古老、更过时的术语被推到了列表的末尾。

3.1. Layer 3 VPN (L3VPN)
3.1. 第三层VPN(L3VPN)

An L3VPN interconnects sets of hosts and routers based on Layer 3 addresses; see [L3VPN-FRAME].

L3VPN基于第3层地址互连主机和路由器组;请参阅[L3VPN-FRAME]。

3.2. Layer 2 VPN (L2VPN)
3.2. 第二层VPN(L2VPN)

Three types of L2VPNs are described in this document: Virtual Private Wire Service (VPWS) (Section 3.4); Virtual Private LAN Service (VPLS)(Section 3.3); and IP-only LAN-like Service (IPLS)(Section 3.5).

本文件中描述了三种类型的L2VPN:虚拟专用有线电视服务(VPWS)(第3.4节);虚拟专用局域网服务(VPLS)(第3.3节);和仅限IP的LAN类服务(IPLS)(第3.5节)。

3.3. Virtual Private LAN Service (VPLS)
3.3. 虚拟专用局域网服务(VPLS)

A VPLS is a provider service that emulates the full functionality of a traditional Local Area Network (LAN). A VPLS makes it possible to interconnect several LAN segments over a packet switched network (PSN) and makes the remote LAN segments behave as one single LAN. For an early work on defining a solution and protocol for a VPLS, see [L2VPN-REQ], [VPLS-LDP], and [VPLS].

VPLS是一种模拟传统局域网(LAN)全部功能的提供商服务。VPLS使通过分组交换网络(PSN)互连多个LAN段成为可能,并使远程LAN段表现为单个LAN。有关为VPLS定义解决方案和协议的早期工作,请参阅[L2VPN-REQ]、[VPLS-LDP]和[VPLS]。

In a VPLS, the provider network emulates a learning bridge, and forwarding decisions are taken based on MAC addresses or MAC addresses and VLAN tag.

在VPLS中,提供商网络模拟学习网桥,并根据MAC地址或MAC地址和VLAN标记做出转发决策。

3.4. Virtual Private Wire Service (VPWS)
3.4. 虚拟专用线路服务(VPWS)

A Virtual Private Wire Service (VPWS) is a point-to-point circuit (link) connecting two Customer Edge devices. The link is established as a logical through a packet switched network. The CE in the customer network is connected to a PE in the provider network via an Attachment Circuit (see Section 6.1); the Attachment Circuit is either a physical or a logical circuit.

虚拟专用线服务(VPWS)是连接两个客户边缘设备的点对点电路(链路)。链路通过分组交换网络建立为逻辑链路。客户网络中的CE通过连接电路连接到提供商网络中的PE(参见第6.1节);连接电路是物理电路或逻辑电路。

The PEs in the core network are connected via a PW.

核心网络中的PEs通过PW连接。

The CE devices can be routers, bridges, switches, or hosts. In some implementations, a set of VPWSs is used to create a multi-site L2VPN network. An example of a VPWS solution is described in [PPVPN-L2VPN].

CE设备可以是路由器、网桥、交换机或主机。在一些实现中,使用一组VPW创建多站点L2VPN网络。[PPVPN-L2VPN]中描述了VPWS解决方案的示例。

A VPWS differs from a VPLS (Section 3.3) in that the VPLS is point to multipoint, while the VPWS is point to point. See [L2VPN].

VPWS与VPLS(第3.3节)的不同之处在于,VPLS是点对多点的,而VPWS是点对点的。请参阅[L2VPN]。

3.5. IP-Only LAN-Like Service (IPLS)
3.5. 仅限IP的类似LAN的服务(IPLS)

An IPLS is very like a VPLS (see Section 3.3), except that

IPLS非常类似于VPLS(参见第3.3节),除了

o it is assumed that the CE devices (see Section 5.1) are hosts or routers, not switches, o it is assumed that the service will only have to carry IP packets, and supporting packets such as ICMP and ARP (otherwise layer 2 packets that do not contain IP are not supported); and o the assumption that only IP packets are carried by the service applies equally to IPv4 and IPv6 packets.

o 假设CE设备(见第5.1节)是主机或路由器,而不是交换机,o假设服务只需携带IP数据包,并支持ICMP和ARP等数据包(否则不支持不包含IP的第2层数据包);o服务仅承载IP数据包的假设同样适用于IPv4和IPv6数据包。

While this service is a functional subset of the VPLS service, it is considered separately because it may be possible to provide it by using different mechanisms, which may allow it to run on certain hardware platforms that cannot support the full VPLS functionality [L2VPN].

虽然该服务是VPLS服务的功能子集,但可以单独考虑,因为可以通过使用不同的机制来提供该服务,这可能允许它在某些无法支持完整VPLS功能的硬件平台上运行[L2VPN]。

3.6. Pseudo Wire (PW)
3.6. 伪导线(PW)

The PWE3 working group within the IETF specifies the pseudo wire technology. A pseudo wire is an emulated point-to-point connection over a packet switched network that allows the interconnection of two nodes with any L2 technology. The PW shares some of the building blocks and architecture constructs with the point-to-multipoint solutions; e.g., PE (see Section 5.2) and CE (see Section 5.1). An early solution for PWs is described in [TRANS-MPLS]. Encapsulation formats readily used in VPWS, VPLS, and PWs are described in [ENCAP-MPLS]. Requirements for PWs are found in [RFC3916], and [PWE3-ARCH] presents an architectural framework for PWs.

IETF内的PWE3工作组规定了伪线技术。伪线是分组交换网络上的模拟点对点连接,允许两个节点通过任何L2技术互连。PW与点对多点解决方案共享一些构建块和架构构造;e、 g、PE(见第5.2节)和CE(见第5.1节)。[TRANS-MPLS]中描述了PWs的早期解决方案。[ENCAP-MPLS]中描述了VPWS、VPLS和PWs中易于使用的封装格式。PWs的要求见[RFC3916],并且[PWE3-ARCH]给出了PWs的架构框架。

3.7. Transparent LAN Service (TLS)
3.7. 透明局域网服务(TLS)

TLS was an early name used to describe the VPLS service. TLS has been replaced by VPLS, which is the current term.

TLS是用于描述VPLS服务的早期名称。TLS已被VPLS(当前术语)取代。

3.8. Virtual LAN (VLAN)
3.8. 虚拟局域网(VLAN)

The term VLAN was specified by IEEE 802.1Q; it defines a method of differentiating traffic on a LAN by tagging the Ethernet frames. By extension, VLAN is used to mean the traffic separated by Ethernet frame tagging or similar mechanisms.

术语VLAN由IEEE 802.1Q指定;它定义了一种通过标记以太网帧来区分局域网流量的方法。通过扩展,VLAN用于表示通过以太网帧标记或类似机制分隔的流量。

3.9. Virtual Leased Line Service (VLLS)
3.9. 虚拟专线服务(VLLS)

The term VLLS has been replaced by term VPWS. VLLS was used in a now dated document intended to create metrics by which it should have been possible to compare different L2VPN solutions. This document has now expired, and the work has been terminated.

术语VLLS已被术语VPWS取代。VLLS在一份现已过时的文档中使用,该文档旨在创建度量标准,通过该标准,可以比较不同的L2VPN解决方案。本文件现已过期,工作已终止。

3.10. Virtual Private Network (VPN)
3.10. 虚拟专用网(VPN)

VPN is a generic term that covers the use of public or private networks to create groups of users that are separated from other network users and that may communicate among them as if they were on a private network. It is possible to enhance the level of separation (e.g., by end-to-end encryption), but this is outside the scope of IETF VPN working group charters. This VPN definition is from [RFC2764].

VPN是一个通用术语,包括使用公共或专用网络创建与其他网络用户分离的用户组,这些用户组之间可以像在专用网络上一样进行通信。可以提高分离级别(例如,通过端到端加密),但这超出了IETF VPN工作组章程的范围。此VPN定义来自[RFC2764]。

In the [L3VPN-FRAME], the term VPN is used to refer to a specific set of sites as either an intranet or an extranet that have been configured to allow communication. Note that a site is a member of at least one VPN and may be a member of many.

在[L3VPN-FRAME]中,术语VPN用于将一组特定的站点称为内部网或外部网,这些站点已配置为允许通信。请注意,站点是至少一个VPN的成员,并且可能是多个VPN的成员。

In this document, "VPN" is also used as a generic name for all services listed in Section 3.

在本文件中,“VPN”也用作第3节中列出的所有服务的通用名称。

3.11. Virtual Private Switched Network (VPSN)
3.11. 虚拟专用交换网络(VPSN)

The term VPSN has been replaced by the term VPLS. The requirements have been merged into the L3VPN [L3VPN-REQ] and L2VPN [L2VPN-REQ] requirements.

术语VPSN已替换为术语VPLS。这些要求已合并到L3VPN[L3VPN-REQ]和L2VPN[L2VPN-REQ]要求中。

4. Classification of VPNs
4. VPN的分类

The terminology used in [RFC3809] is defined based on the figure below.

[RFC3809]中使用的术语是根据下图定义的。

                             PPVPN
               ________________|__________________
              |                                   |
            Layer 2                             Layer 3
        ______|_____                        ______|______
       |            |                      |             |
      P2P          P2M                  PE-based      CE-based
    (VPWS)     _____|____            ______|____         |
              |          |          |           |        |
             VPLS      IPLS     BGP/MPLS     Virtual    IPsec
                                 IP VPNs      Router
        
                             PPVPN
               ________________|__________________
              |                                   |
            Layer 2                             Layer 3
        ______|_____                        ______|______
       |            |                      |             |
      P2P          P2M                  PE-based      CE-based
    (VPWS)     _____|____            ______|____         |
              |          |          |           |        |
             VPLS      IPLS     BGP/MPLS     Virtual    IPsec
                                 IP VPNs      Router
        

Figure 1

图1

The figure above presents a taxonomy of PPVPN technologies. Some of the definitions are given below:

上图显示了PPVPN技术的分类。以下给出了一些定义:

CE-based VPN: A VPN approach in which the shared service provider network does not have any knowledge of the customer VPN. This information is limited to CE equipment. All the VPN-specific procedures are performed in the CE devices, and the PE devices are not aware in any way that some of the traffic they are processing is VPN traffic (see also [L3VPN-FRAME]).

基于CE的VPN:共享服务提供商网络不了解客户VPN的VPN方法。此信息仅限于CE设备。所有特定于VPN的过程都在CE设备中执行,并且PE设备不以任何方式意识到它们正在处理的某些流量是VPN流量(另请参见[L3VPN-FRAME])。

PE-Based VPNs: A Layer 3 VPN approach in which a service provider network is used to interconnect customer sites using shared resources. Specifically, the PE device maintains VPN state, isolating users of one VPN from users of another. Because the PE device maintains all required VPN states, the CE device may behave as if it were connected to a private network. Specifically, the CE in a PE-based VPN must not require any changes or additional functionality to be connected to a PPVPN instead of a private network.

基于PE的VPN:第3层VPN方法,其中使用服务提供商网络使用共享资源互连客户站点。具体而言,PE设备保持VPN状态,将一个VPN的用户与另一个VPN的用户隔离。由于PE设备保持所有必需的VPN状态,CE设备的行为可能就好像连接到专用网络一样。具体而言,基于PE的VPN中的CE不得要求任何更改或附加功能连接到PPVPN而不是专用网络。

The PE devices know that certain traffic is VPN traffic. They forward the traffic (through tunnels) based on the destination IP address of the packet, and optionally based on other information in the IP header of the packet. The PE devices are themselves the tunnel endpoints. The tunnels may make use of various encapsulations to send traffic over the SP network (such as, but not restricted to, GRE, IP-in-IP, IPsec, or MPLS tunnels) [L3VPN-FRAME].

PE设备知道某些流量是VPN流量。它们根据数据包的目的地IP地址转发通信量(通过隧道),并且可选地根据数据包的IP报头中的其他信息转发通信量。PE设备本身就是隧道端点。隧道可利用各种封装在SP网络上发送通信量(例如但不限于GRE、IP中的IP、IPsec或MPLS隧道)[L3VPN-FRAME]。

Virtual Router (VR) style: A PE-based VPN approach in which the PE router maintains a complete logical router for each VPN that it supports. Each logical router maintains a unique forwarding table and executes a unique instance of the routing protocols. These VPNs are described in [L3VPN-VR].

虚拟路由器(VR)风格:一种基于PE的VPN方法,其中PE路由器为其支持的每个VPN维护一个完整的逻辑路由器。每个逻辑路由器维护一个唯一的转发表,并执行路由协议的唯一实例。[L3VPN-VR]中描述了这些VPN。

BGP/MPLS IP VPNs: A PE-based VPN approach in which the PE router maintains a separate forwarding environment and a separate forwarding table for each VPN. In order to maintain multiple forwarding table instances while running only a single BGP instance, BGP/MPLS IP VPNs mark route advertisements with attributes that identify their VPN context. These VPNs are based on the approach described in [RFC2547bis].

BGP/MPLS IP VPN:一种基于PE的VPN方法,其中PE路由器为每个VPN维护一个单独的转发环境和一个单独的转发表。为了在仅运行单个BGP实例时维护多个转发表实例,BGP/MPLS IP VPN使用标识其VPN上下文的属性标记路由播发。这些VPN基于[RFC2547bis]中描述的方法。

RFC 2547 Style: The term has been used by the L3VPN to describe the extensions of the VPNs defined in the informational RFC 2547 [RFC2547]. This term has now been replaced by the term BGP/MPLS IP VPNs.

RFC 2547样式:L3VPN使用该术语来描述信息RFC 2547[RFC2547]中定义的VPN的扩展。这个术语现在已被术语BGP/MPLS IP VPN所取代。

5. Building Blocks
5. 积木

Starting with specifications of L3VPNs (e.g., the 2547 specification [RFC2547] and [RFC2547bis] and Virtual Routers [L3VPN-VR]), a way of describing the building blocks and allocation of functions in VPN solutions was developed. The building blocks are often used in day-to-day talk as if they were physical boxes, common for all services.

从L3VPN规范(例如2547规范[RFC2547]和[RFC2547bis]以及虚拟路由器[L3VPN-VR])开始,开发了一种描述VPN解决方案中构建块和功能分配的方法。构建块通常在日常会话中使用,就好像它们是物理盒子一样,对所有服务都是通用的。

However, for different reasons, this is an oversimplification. Any of the building blocks could be implemented across more than one physical box. How common the use of such implementations will be is beyond the scope of this document.

然而,出于不同的原因,这是一种过于简单化的做法。任何构建块都可以跨多个物理盒实现。此类实现的使用频率超出了本文档的范围。

5.1. Customer Edge Device (CE)
5.1. 客户边缘设备(CE)

A CE is the name of the device with the functionality needed on the customer premises to access the services specified by the former PPVPN working group in relation to the work done on L3VPNs [L3VPN-FRAME]. The concept has been modified; e.g., when L2VPNs and CE-based VPNs were defined. This is addressed further in the sub-sections of this section.

CE是设备的名称,该设备具有访问前PPVPN工作组指定的服务所需的功能,这些服务与在L3VPN上完成的工作有关[L3VPN-FRAME]。对概念进行了修改;e、 例如,定义L2VPN和基于CE的VPN时。本节各小节将进一步阐述这一点。

There are two different aspects that have to be considered in naming CE devices. One could start with the type of device that is used to implement the CE (see Section 5.1.1). It is also possible to use the service the CE provides whereby the result will be a set of "prefixed CEs", (see Section 5.1.2).

在命名CE设备时,必须考虑两个不同的方面。可以从用于实施CE的设备类型开始(见第5.1.1节)。也可以使用CE提供的服务,结果将是一组“前缀CE”(见第5.1.2节)。

It is common practice to use "CE" to indicate any of these boxes, as it is very often unambiguous in the specific context.

通常使用“CE”来表示这些方框中的任何一个,因为它在特定上下文中通常是明确的。

5.1.1. Device Based CE Naming
5.1.1. 基于设备的CE命名
5.1.1.1. Customer Edge Router (CE-R)
5.1.1.1. 客户边缘路由器(CE-R)

A CE-R is a router in the customer network interfacing the provider network. There are many reasons to use a router in the customer network; e.g., in an L3VPN using private IP addressing, this is the router that is able to do forwarding based on the private addresses. Another reason to require the use of a CE-R on the customer side is that one wants to limit the number of MAC-addresses that need to be learned in the provider network.

CE-R是客户网络中与提供商网络接口的路由器。在客户网络中使用路由器有很多原因;e、 例如,在使用专用IP地址的L3VPN中,这是能够根据专用地址进行转发的路由器。要求在客户端使用CE-R的另一个原因是希望限制需要在提供商网络中学习的MAC地址的数量。

A CE-R could be used to access both L2 and L3 services.

CE-R可用于访问L2和L3服务。

5.1.1.2. Customer Edge Switch (CE-S)
5.1.1.2. 客户边缘交换机(CE-S)

A CE-S is a service aware L2 switch in the customer network interfacing the provider network. In a VPWS or a VPLS, it is not strictly necessary to use a router in the customer network; a layer 2 switch might very well do the job.

CE-S是连接提供商网络的客户网络中的服务感知L2交换机。在VPWS或VPLS中,在客户网络中不严格需要使用路由器;第二层交换机可能很好地完成这项工作。

5.1.2. Service Based CE Naming
5.1.2. 基于服务的CE命名

The list below contains examples of how different functionality has been used to name CEs. There are many examples of this type of naming, and we only cover the most frequently used functional names. As these are functional names, it is quite possible that on a single piece of equipment there are platforms for more than one type of function. For example, a router might at the same time be both a L2VPN-CE and a L3VPN-CE. It might also be that the functions needed for a L2VPN-CE or L3VPN-CE are distributed over more than one platform.

下面的列表包含如何使用不同功能命名CE的示例。这类命名的例子很多,我们只介绍最常用的函数名。由于这些都是功能名称,因此很可能在一台设备上存在用于多种功能的平台。例如,路由器可能同时是L2VPN-CE和L3VPN-CE。也可能是L2VPN-CE或L3VPN-CE所需的功能分布在多个平台上。

5.1.2.1. L3VPN-CE
5.1.2.1. L3VPN-CE

An L3VPN-CE is the device or set of devices on the customer premises that attaches to a provider provisioned L3VPN; e.g., a 2547bis implementation.

L3VPN-CE是连接到提供商提供的L3VPN的客户场所上的设备或设备集;e、 例如,2547bis实现。

5.1.2.2. VPLS-CE
5.1.2.2. VPLS-CE

A VPLS-CE is the device or set of devices on the customer premises that attaches to a provider provisioned VPLS.

VPLS-CE是连接到提供商提供的VPLS的客户场所上的设备或设备集。

5.1.2.3. VPWS-CE
5.1.2.3. VPWS-CE

A VPWS-CE is the device or set of devices on the customer premises that attaches to a provider provisioned VPWS.

VPWS-CE是连接到提供商提供的VPWS的客户场所上的设备或设备集。

5.2. Provider Edge (PE)
5.2. 提供商边缘(PE)

A PE is the name of the device or set of devices at the edge of the provider network with the functionality that is needed to interface with the customer. Without further qualifications, PE is very often used for naming the devices since it is made unambiguous by the context.

PE是位于提供商网络边缘的设备或设备集的名称,具有与客户接口所需的功能。在没有进一步限定的情况下,PE通常用于命名设备,因为上下文使其明确无误。

In naming PEs there are three aspects that we need to consider, the service they support, whether the functionality needed for service is distributed across more than one device and the type of device they are build on.

命名PES有三个方面,我们需要考虑的是,它们支持的服务,服务所需的功能是否分布在一个以上的设备和它们所构建的设备的类型上。

5.2.1. Device Based PE Naming
5.2.1. 基于设备的PE命名

Both routers and switches may be used to implement PEs; however, the scaling properties will be radically different depending on which type of equipment is chosen.

路由器和交换机均可用于实现PEs;然而,根据所选择的设备类型,标度特性将完全不同。

5.2.1.1. Provider Edge Router (PE-R)
5.2.1.1. 提供商边缘路由器(PE-R)

A PE-R is a L3 device that participates in the PSN (see Section 8) routing and forwards packets based on the routing information.

PE-R是参与PSN(参见第8节)路由并基于路由信息转发数据包的L3设备。

5.2.1.2. Provider Edge Switch (PE-S)
5.2.1.2. 提供商边缘交换机(PE-S)

A PE-S is a L2 device that participates in for example a switched Ethernet taking forwarding decision packets based on L2 address information.

PE-S是参与例如交换以太网的L2设备,该交换以太网基于L2地址信息进行转发决策分组。

5.2.2. Service Based PE Naming
5.2.2. 基于服务的PE命名
5.2.2.1. L3VPN-PE
5.2.2.1. L3VPN-PE

An L3VPN-PE is a device or set of devices at the edge of the provider network interfacing the customer network, with the functionality needed for an L3VPN.

L3VPN-PE是位于与客户网络接口的提供商网络边缘的一个或一组设备,具有L3VPN所需的功能。

5.2.2.2. VPWS-PE
5.2.2.2. VPWS-PE

A VPWS-PE is a device or set of devices at the edge of the provider network interfacing the customer network, with the functionality needed for a VPWS.

VPWS-PE是位于与客户网络接口的提供商网络边缘的一个或一组设备,具有VPWS所需的功能。

5.2.2.3. VPLS-PE
5.2.2.3. VPLS-PE

A VPLS-PE is a device or set of devices at the edge of the provider network interfacing the customer network, with the functionality needed for a VPLS.

VPLS-PE是位于与客户网络接口的提供商网络边缘的一个或一组设备,具有VPLS所需的功能。

5.2.3. Distribution Based PE Naming
5.2.3. 基于分布的PE命名

For scaling reasons, in the VPLS/VPWS cases sometimes it is desired to distribute the functions in the VPLS/VPWS-PE across more than one device. For example, is it feasible to allocate MAC address learning on a comparatively small and inexpensive device close to the customer site, while participation in the PSN signalling and setup of PE to PE tunnels are done by routers closer to the network core.

出于扩展原因,在VPLS/VPWS情况下,有时需要将VPLS/VPWS-PE中的功能分布在多个设备上。例如,在靠近客户站点的相对较小且便宜的设备上分配MAC地址学习是否可行,而PSN信令的参与和PE到PE隧道的设置由靠近网络核心的路由器完成。

When distributing functionality across devices, a protocol is needed to exchange information between the Network facing PE (N-PE) (see Section 5.2.3.1) and the User facing PE (U-PE) (see Section 5.2.3.2).

当跨设备分发功能时,需要一个协议在面向网络的PE(N-PE)(见第5.2.3.1节)和面向用户的PE(U-PE)(见第5.2.3.2节)之间交换信息。

5.2.3.1. Network Facing PE (N-PE)
5.2.3.1. 面向网络的PE(N-PE)

The N-PE is the device to which the signalling and control functions are allocated when a VPLS-PE is distributed across more than one box.

当VPLS-PE分布在多个机箱中时,N-PE是分配信令和控制功能的设备。

5.2.3.2. User Facing PE (U-PE)
5.2.3.2. 面向用户的PE(U-PE)

The U-PE is the device to which the functions needed to take forwarding or switching decisions at the ingress of the provider network.

U-PE是一种设备,其功能需要在提供商网络入口做出转发或交换决策。

5.3. Core
5.3. 果心
5.3.1. Provider Router (P)
5.3.1. 提供商路由器(P)

The P is defined as a router in the core network that does not have interfaces directly toward a customer. Therefore, a P router does not need to keep VPN state and is VPN unaware.

P被定义为核心网络中没有直接面向客户的接口的路由器。因此,P路由器不需要保持VPN状态,并且VPN不知道。

5.4. Naming in Specific Internet Drafts
5.4. 特定互联网草案中的命名
5.4.1. Layer 2 PE (L2PE)
5.4.1. 第二层PE(L2PE)

L2PE is the joint name of the devices in the provider network that implement L2 functions needed for a VPLS or a VPWS.

L2PE是提供商网络中实现VPLS或VPWS所需的L2功能的设备的联合名称。

5.4.2. Logical PE (LPE)
5.4.2. 逻辑PE(LPE)

The term Logical PE (LPE) originates from a dated Internet Draft, "VPLS/LPE L2VPNs: Virtual Private LAN Services using Logical PE Architecture", and was used to describe a set of devices used in a provider network to implement a VPLS. In a LPE, VPLS functions are distributed across small devices (PE-Edges/U-PE) and devices attached to a network core (PE-Core/N-PE). In an LPE solution, the PE-edge and PE-Core can be interconnected by a switched Ethernet transport network or uplinks. The LPE will appear to the core network as a single PE. In this document, the devices that constitutes, the LPE are called N-PE and U-PE.

术语逻辑PE(LPE)源自一份过时的互联网草案,“VPLS/LPE L2VPNs:使用逻辑PE架构的虚拟专用LAN服务”,用于描述提供商网络中用于实现VPLS的一组设备。在LPE中,VPLS功能分布在小型设备(PE边缘/U-PE)和连接到网络核心(PE核心/N-PE)的设备上。在LPE解决方案中,PE边缘和PE核心可以通过交换式以太网传输网络或上行链路互连。LPE将在核心网络中显示为单个PE。在本文件中,构成LPE的设备称为N-PE和U-PE。

5.4.3. PE-CLE
5.4.3. PE-CLE

An alternative name for the U-PE suggested in the expired Internet Draft, "VPLS architectures".

已过期的互联网草案中建议的U-PE的替代名称“VPLS架构”。

5.4.4. PE-Core
5.4.4. 聚乙烯芯

See the origins and use of this concept in Section 5.4.2.

参见第5.4.2节中该概念的起源和使用。

5.4.5. PE-Edge
5.4.5. PE边缘

See the origins and use of this concept in Section 5.4.2.

参见第5.4.2节中该概念的起源和使用。

5.4.6. PE-POP
5.4.6. 流行音乐

An alternative name for the U-PE suggested in the expired Internet Draft, "VPLS architectures".

已过期的互联网草案中建议的U-PE的替代名称“VPLS架构”。

5.4.7. VPLS Edge (VE)
5.4.7. VPLS边缘(VE)

The term VE originates from a dated Internet Draft on a distributed transparent LAN service and was used to describe the device used by a provider network to hand off a VPLS to a customer. In this document, the VE is called a VPLS-PE. This name is dated.

VE一词来源于分布式透明LAN服务上的一份过时的互联网草案,用于描述提供商网络用于将VPL移交给客户的设备。在本文档中,VE称为VPLS-PE。这个名字有日期。

6. Functions
6. 功能

In this section, we have grouped a number of concepts and terms that have to be performed to make the VPN services work.

在本节中,我们对一些概念和术语进行了分组,这些概念和术语必须执行才能使VPN服务正常工作。

6.1. Attachment Circuit (AC)
6.1. 附件电路(AC)

In a Layer 2 VPN the CE is attached to PE via an Attachment Circuit (AC). The AC may be a physical or logical link.

在第2层VPN中,CE通过连接电路(AC)连接到PE。AC可以是物理或逻辑链路。

6.2. Backdoor Links
6.2. 后门链接

Backdoor Links are links between CE devices that are provided by the end customer rather than by the SP; they may be used to interconnect CE devices in multiple-homing arrangements [L3VPN-FRAME].

后门链接是终端客户而非SP提供的CE设备之间的链接;它们可用于以多个归巢排列方式互连CE设备[L3VPN-FRAME]。

6.3. Endpoint Discovery
6.3. 端点发现

Endpoint discovery is the process by which the devices that are aware of a specific VPN service will find all customer facing ports that belong to the same service.

端点发现是一个过程,通过该过程,了解特定VPN服务的设备将查找属于同一服务的所有面向客户的端口。

The requirements on endpoint discovery and signalling are discussed in [L3VPN-REQ]. It was also the topic in a now dated Internet Draft reporting from a design team activity on VPN discovery.

[L3VPN-REQ]中讨论了端点发现和信令的要求。这也是设计团队关于VPN发现活动的最新互联网草案报告中的主题。

6.4. Flooding
6.4. 泛滥的

Flooding is a function related to L2 services; when a PE receives a frame with an unknown destination MAC address, that frame is send out over (flooded) every other interface.

泛洪是与L2服务相关的功能;当一个PE接收到一个目标MAC地址未知的帧时,该帧会每隔一个接口发送(泛洪)。

6.5. MAC Address Learning
6.5. MAC地址的学习

MAC address learning is a function related to L2 services; when PE receives a frame with an unknown source MAC address, the relationship between that MAC-address and interface is learned for future forwarding purposes. In a layer 2 VPN solution from the L2VPN WG, this function is allocated to the VPLS-PE.

MAC地址学习是与L2服务相关的功能;当PE接收到具有未知源MAC地址的帧时,将学习该MAC地址和接口之间的关系,以便将来转发。在L2VPN工作组的第2层VPN解决方案中,此功能分配给VPLS-PE。

6.5.1. Qualified Learning
6.5.1. 合格学习

In qualified learning, the learning decisions at the U-PE are based on the customer Ethernet frame's MAC address and VLAN tag, if a VLAN tag exists. If no VLAN tag exists, the default VLAN is assumed.

在合格学习中,U-PE的学习决策基于客户以太网帧的MAC地址和VLAN标记(如果存在VLAN标记)。如果不存在VLAN标记,则假定默认VLAN。

6.5.2. Unqualified Learning
6.5.2. 不合格学习

In unqualified learning, learning is based on a customer Ethernet frame's MAC address only.

在非限定学习中,学习仅基于客户以太网帧的MAC地址。

6.6. Signalling
6.6. 信号

Signalling is the process by which the PEs that have VPNs behind them exchange information to set up PWs, PSN tunnels, and tunnel multiplexers. This process might be automated through a protocol or done by manual configuration. Different protocols may be used to establish the PSN tunnels and exchange the tunnel multiplexers.

信令是一个过程,通过该过程,后面有VPN的PE交换信息以建立PWs、PSN隧道和隧道多路复用器。此过程可以通过协议自动化,也可以通过手动配置完成。可以使用不同的协议来建立PSN隧道和交换隧道多路复用器。

7. 'Boxes'
7. “盒子”

We list a set of boxes that will typically be used in an environment that supports different kinds of VPN services. We have chosen to include some names of boxes that originate outside the protocol specifying organisations.

我们列出了一组框,这些框通常用于支持不同类型VPN服务的环境中。我们已选择包含一些源自协议指定组织之外的方框名称。

7.1. Aggregation Box
7.1. 聚合盒

The aggregation box is typically an L2 switch that is service unaware and is used only to aggregate traffic to more function rich points in the network.

聚合框通常是一个L2交换机,它不知道服务,仅用于将流量聚合到网络中更多功能丰富的点。

7.2. Customer Premises Equipment (CPE)
7.2. 客户场所设备(CPE)

The CPE equipment is the box that a provider places with the customer. It serves two purposes: giving the customer ports to plug in to and making it possible for a provider to monitor the connectivity to the customer site. The CPE is typically a low cost box with limited functionality and, in most cases, is not aware of the VPN services offered by the provider network. The CPE equipment is not necessarily the equipment to which the CE functions are allocated, but it is part of the provider network and is used for monitoring purposes.

CPE设备是供应商向客户放置的盒子。它有两个用途:为客户提供可插入的端口,并使提供商能够监控与客户站点的连接。CPE通常是具有有限功能的低成本盒子,并且在大多数情况下,不知道提供商网络提供的VPN服务。CPE设备不一定是分配了CE功能的设备,但它是提供商网络的一部分,用于监控目的。

The CPE name is used primarily in network operation and deployment contexts and should not be used in protocol specifications.

CPE名称主要用于网络操作和部署上下文,不应在协议规范中使用。

7.3. Multi-Tenant Unit (MTU)
7.3. 多租户单元(MTU)

An MTU is typically an L2 switch placed by a service provider in a building where several customers of that service provider are located. The term was introduced in an Internet Draft specifying a VPLS solution with function distributed between the MTU and the PE in the context of a [VPLS].

MTU通常是由服务提供商放置在该服务提供商的多个客户所在的建筑物中的L2交换机。该术语是在互联网草案中引入的,该草案规定了VPLS解决方案,其功能分布在[VPLS]上下文中的MTU和PE之间。

The MTU device name is used primarily in network operation and deployment contexts and should not be used in protocol specifications, as it is also an abbreviation used for Maximum Transmit Units.

MTU设备名称主要用于网络操作和部署上下文,不应在协议规范中使用,因为它也是最大传输单元的缩写。

8. Packet Switched Network (PSN)
8. 分组交换网络(PSN)

A PSN is the network through which the tunnels supporting the VPN services are set up.

PSN是建立支持VPN服务的隧道的网络。

8.1. Route Distinguisher (RD)
8.1. 路线识别器(RD)

A Route Distinguisher [RFC2547bis] is an 8-byte value that, together with a 4 byte IPv4 address, identifies a VPN-IPv4 address family. If two VPNs use the same IPv4 address prefix, the PEs translate these into unique VPN-IPv4 address prefixes. This ensures that if the same address is used in two different VPNs, it is possible to install two completely different routes to that address, one for each VPN.

路由识别器[RFC2547bis]是一个8字节的值,它与一个4字节的IPv4地址一起标识VPN-IPv4地址系列。如果两个VPN使用相同的IPv4地址前缀,PEs会将其转换为唯一的VPN-IPv4地址前缀。这确保了如果在两个不同的VPN中使用相同的地址,则可以为该地址安装两条完全不同的路由,每个VPN一条。

8.2. Route Reflector
8.2. 路由反射器

A route reflector is a network element owned by a Service Provider (SP) that is used to distribute BGP routes to the SP's BGP-enabled routers [L3VPN-FRAME].

路由反射器是由服务提供商(SP)拥有的网元,用于将BGP路由分发到SP的启用BGP的路由器[L3VPN-FRAME]。

8.3. Route Target (RT)
8.3. 路由目标(RT)

A Route Target attribute [RFC2547bis] can be thought of as identifying a set of sites or, more precisely, a set of VRFs (see Section 8.9).

路线目标属性[RFC2547bis]可被视为标识一组站点,或者更准确地说,标识一组VRF(参见第8.9节)。

Associating a particular Route Target with a route allows that route to be placed in all VRFs used for routing traffic received from the corresponding sites.

将特定路由目标与路由相关联,可以将该路由放置在用于路由从相应站点接收的流量的所有VRF中。

A Route Target attribute is also a BGP extended community used in [RFC2547] and [BGP-VPN]. A Route Target community is used to constrain VPN information distribution to the set of VRFs. A route target can be perceived as identifying a set of sites or, more precisely, a set of VRFs.

路由目标属性也是[RFC2547]和[BGP-VPN]中使用的BGP扩展社区。路由目标社区用于将VPN信息分发约束到VRF集合。路线目标可被视为识别一组站点,或者更准确地说,识别一组VRF。

8.4. Tunnel
8.4. 地下通道

A tunnel is connectivity through a PSN that is used to send traffic across the network from one PE to another. The tunnel provides a means to transport packets from one PE to another. Separation of one customer's traffic from another customer's traffic is done based on tunnel multiplexers (see Section 8.5). How the tunnel is established depends on the tunnelling mechanisms provided by the PSN; e.g., the tunnel could be based on the IP-header, an MPLS label, the L2TP Session ID, or the GRE Key field.

隧道是通过PSN的连接,PSN用于通过网络将流量从一个PE发送到另一个PE。隧道提供了将数据包从一个PE传输到另一个PE的方法。基于隧道多路复用器将一个客户的流量与另一个客户的流量分离(见第8.5节)。隧道的建立方式取决于PSN提供的隧道机制;e、 例如,隧道可以基于IP报头、MPLS标签、L2TP会话ID或GRE密钥字段。

8.5. Tunnel Multiplexor
8.5. 隧道多路复用器

A tunnel multiplexor is an entity that is sent with the packets traversing the tunnel to make it possible to decide which instance of a service a packet belongs to and from which sender it was received. In [PPVPN-L2VPN], the tunnel multiplexor is formatted as an MPLS label.

隧道多路复用器是一种实体,它与穿过隧道的数据包一起发送,以便能够确定数据包属于哪个服务实例以及从哪个发送方接收数据包。在[PPVPN-L2VPN]中,隧道多路复用器被格式化为MPLS标签。

8.6. Virtual Channel (VC)
8.6. 虚拟通道(VC)

A VC is transported within a tunnel and identified by its tunnel multiplexer. A virtual channel is identified by a VCI (Virtual Channel Identifier). In the PPVPN context, a VCI is a VC label or tunnel multiplexer, and in the Martini case, it is equal to the VCID.

VC在隧道内传输,并由其隧道多路复用器识别。虚拟通道由VCI(虚拟通道标识符)标识。在PPVPN上下文中,VCI是VC标签或隧道多路复用器,在Martini情况下,它等于VCID。

8.7. VC Label
8.7. 虚电路标记

In an MPLS-enabled IP network, a VC label is an MPLS label used to identify traffic within a tunnel that belongs to a particular VPN; i.e., the VC label is the tunnel multiplexer in networks that use MPLS labels.

在启用MPLS的IP网络中,VC标签是MPLS标签,用于标识属于特定VPN的隧道内的流量;i、 例如,VC标签是使用MPLS标签的网络中的隧道多路复用器。

8.8. Inner Label
8.8. 内标

"Inner label" is another name for VC label (see Section 8.6).

“内部标签”是VC标签的另一个名称(见第8.6节)。

8.9. VPN Routing and Forwarding (VRF)
8.9. VPN路由和转发(VRF)

In networks running 2547 VPN's [RFC2547], PE routers maintain VRFs. A VRF is a per-site forwarding table. Every site to which the PE router is attached is associated with one of these tables. A particular packet's IP destination address is looked up in a particular VRF only if that packet has arrived directly from a site that is associated with that table.

在运行2547 VPN[RFC2547]的网络中,PE路由器维护VRF。VRF是每个站点的转发表。PE路由器连接到的每个站点都与这些表中的一个相关联。仅当特定数据包直接从与该表关联的站点到达时,才会在特定VRF中查找该数据包的IP目的地地址。

8.10. VPN Forwarding Instance (VFI)
8.10. VPN转发实例(VFI)

VPN Forwarding Instance (VFI) is a logical entity that resides in a PE that includes the router information base and forwarding information base for a VPN instance [L3VPN-FRAME].

VPN转发实例(VFI)是驻留在PE中的逻辑实体,其中包括VPN实例的路由器信息库和转发信息库[L3VPN-FRAME]。

8.11. Virtual Switch Instance (VSI)
8.11. 虚拟交换机实例(VSI)

In a layer 2 context, a VSI is a virtual switching instance that serves one single VPLS [L2VPN]. A VSI performs standard LAN (i.e., Ethernet) bridging functions. Forwarding done by a VSI is based on MAC addresses and VLAN tags, and possibly on other relevant information on a per VPLS basis. The VSI is allocated to VPLS-PE or, in the distributed case, to the U-PE.

在第2层上下文中,VSI是服务于单个VPLS[L2VPN]的虚拟交换实例。VSI执行标准LAN(即以太网)桥接功能。VSI进行的转发基于MAC地址和VLAN标记,并且可能基于每个VPLS的其他相关信息。VSI分配给VPLS-PE,或者在分布式情况下,分配给U-PE。

8.12. Virtual Router (VR)
8.12. 虚拟路由器(VR)

A Virtual Router (VR) is software and hardware based emulation of a physical router. Virtual routers have independent IP routing and forwarding tables, and they are isolated from each other; see [L3VPN-VR].

虚拟路由器(VR)是基于软件和硬件的物理路由器仿真。虚拟路由器具有独立的IP路由和转发表,并且相互隔离;参见[L3VPN-VR]。

9. Security Considerations
9. 安全考虑

This is a terminology document and as such doesn't have direct security implications. Security considerations will be specific to solutions, frameworks, and specification documents whose terminology is collected and discussed in this document.

这是一个术语文档,因此没有直接的安全含义。安全注意事项将特定于解决方案、框架和规范文档,其术语将在本文档中收集和讨论。

10. Acknowledgements
10. 致谢

Much of the content in this document is based on discussion in the PPVPN design teams for "auto discovery" and "l2vpn".

本文档中的大部分内容基于PPVPN设计团队对“自动发现”和“l2vpn”的讨论。

Dave McDysan, Adrian Farrel, and Thomas Narten have carefully reviewed the document and given many useful suggestions.

Dave McDysan、Adrian Farrel和Thomas Narten仔细审查了该文件,并给出了许多有用的建议。

Thomas Narten converted an almost final version of this document into XML, after extracting an acceptable version from Word became too painful. Avri Doria has been very helpful in guiding us in the use of XML.

Thomas Narten在从Word中提取一个可接受的版本后,将该文档的几乎最终版本转换为XML变得太痛苦了。Avri Doria在指导我们使用XML方面非常有帮助。

11. Informative References
11. 资料性引用

[L2VPN] Andersson, L. and E. Rosen, "Framework for Layer 2 Virtual Private Networks (L2VPNs)", Work in Progress, June 2004.

[L2VPN]Andersson,L.和E.Rosen,“第二层虚拟专用网络(L2VPN)框架”,正在进行的工作,2004年6月。

[L2VPN-REQ] Augustyn, W. and Y. Serbest, "Service Requirements for Layer 2 Provider Provisioned Virtual Private Networks", Work in Progress, October 2004.

[L2VPN-REQ]Augustyn,W.和Y.Serbest,“第2层提供商提供的虚拟专用网络的服务要求”,正在进行的工作,2004年10月。

[VPLS] Kompella, K., "Virtual Private LAN Service", Work in Progress, January 2005.

[VPLS]Kompella,K.,“虚拟专用局域网服务”,正在进行的工作,2005年1月。

[VPLS-LDP] Lasserre, M. and V. Kompella, "Virtual Private LAN Services over MPLS", Work in Progress, September 2004.

[VPLS-LDP]Lasserre,M.和V.Kompella,“MPLS上的虚拟专用局域网服务”,正在进行的工作,2004年9月。

[BGP-VPN] Ould-Brahim, H., Rosen, E., and Y. Rekhter, "Using BGP as an Auto-Discovery Mechanism for Layer-3 and Layer-2 VPNs", Work in Progress, May 2004.

[BGP-VPN]Ould Brahim,H.,Rosen,E.,和Y.Rekhter,“使用BGP作为第3层和第2层VPN的自动发现机制”,正在进行的工作,2004年5月。

[L3VPN-FRAME] Callon, R. and M. Suzuki, "A Framework for Layer 3 Provider Provisioned Virtual Private Networks", Work in Progress, July 2003.

[L3VPN-FRAME]Callon,R.和M.Suzuki,“第3层提供商提供的虚拟专用网络框架”,正在进行的工作,2003年7月。

[RFC3809] Nagarajan, A., "Generic Requirements for Provider Provisioned Virtual Private Networks (PPVPN)", RFC 3809, June 2004.

[RFC3809]Nagarajan,A.,“提供商提供的虚拟专用网络(PPVPN)的一般要求”,RFC 3809,2004年6月。

[L3VPN-REQ] Carugi, M. and D. McDysan, "Service requirements for Layer 3 Virtual Private Networks", Work in Progress, July 2004.

[L3VPN-REQ]Carugi,M.和D.McDysan,“第3层虚拟专用网络的服务要求”,正在进行的工作,2004年7月。

[RFC2547bis] Rosen, E., "BGP/MPLS IP VPNs", Work in Progress, October 2004.

[RFC2547bis]Rosen,E.,“BGP/MPLS IP VPN”,正在进行的工作,2004年10月。

[L3VPN-VR] Knight, P., Ould-Brahim, H. and B. Gleeson, "Network based IP VPN Architecture using Virtual Routers", Work in Progress, April 2004.

[L3VPN-VR]Knight,P.,Ould Brahim,H.和B.Gleeson,“使用虚拟路由器的基于网络的IP VPN体系结构”,正在进行的工作,2004年4月。

[PWE3-ARCH] Bryant, S. and P. Pate, "PWE3 Architecture", Work in Progress, March 2004.

[PWE3-ARCH]Bryant,S.和P.Pate,“PWE3架构”,正在进行的工作,2004年3月。

[RFC3916] Xiao, X., McPherson, D., and P. Pate, "Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)", RFC 3916, September 2004.

[RFC3916]Xiao,X.,McPherson,D.,和P.Pate,“伪线仿真边到边(PWE3)的要求”,RFC 39162004年9月。

[PPVPN-L2VPN] Kompella, K., "Layer 2 VPNs Over Tunnels", Work in Progress, June 2002.

[PPVPN-L2VPN]Kompella,K.,“隧道上的第2层VPN”,正在进行的工作,2002年6月。

[ENCAP-MPLS] Martini, L., "Encapsulation Methods for Transport of Layer 2 Frames Over IP and MPLS Networks", Work in Progress, September 2004.

[ENCAP-MPLS]Martini,L.,“通过IP和MPLS网络传输第2层帧的封装方法”,正在进行的工作,2004年9月。

[TRANS-MPLS] Martini, L. and N. El-Aawar, "Transport of Layer 2 Frames Over MPLS", Work in Progress, June 2004.

[TRANS-MPLS]Martini,L.和N.El Aawar,“MPLS上的第2层帧传输”,正在进行的工作,2004年6月。

[RFC2547] Rosen, E. and Y. Rekhter, "BGP/MPLS VPNs", RFC 2547, March 1999.

[RFC2547]Rosen,E.和Y.Rekhter,“BGP/MPLS VPN”,RFC 2547,1999年3月。

[RFC2764] Gleeson, B., Lin, A., Heinanen, J., Armitage, G., and A. Malis, "A Framework for IP Based Virtual Private Networks", RFC 2764, February 2000.

[RFC2764]Gleeson,B.,Lin,A.,Heinanen,J.,Armitage,G.,和A.Malis,“基于IP的虚拟专用网络框架”,RFC 2764,2000年2月。

Authors' Addresses

作者地址

Loa Anderson Acreo AB

安德森·阿克雷奥律师事务所

   EMail: loa@pi.se
        
   EMail: loa@pi.se
        

Tove Madsen Acreo AB

托夫·马德森·阿克雷奥律师事务所

   EMail: tove.madsen@acreo.se
        
   EMail: tove.madsen@acreo.se
        

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2005).

版权所有(C)互联网协会(2005年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。