CN105939372A - PPPoE session establishing method and device - Google Patents

PPPoE session establishing method and device Download PDF

Info

Publication number
CN105939372A
CN105939372A CN201510990532.9A CN201510990532A CN105939372A CN 105939372 A CN105939372 A CN 105939372A CN 201510990532 A CN201510990532 A CN 201510990532A CN 105939372 A CN105939372 A CN 105939372A
Authority
CN
China
Prior art keywords
message
client device
interface
padi
described client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510990532.9A
Other languages
Chinese (zh)
Other versions
CN105939372B (en
Inventor
仇俊杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201510990532.9A priority Critical patent/CN105939372B/en
Publication of CN105939372A publication Critical patent/CN105939372A/en
Application granted granted Critical
Publication of CN105939372B publication Critical patent/CN105939372B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a PPPoE session establishing method and device, applied to a PPPoE server. The method comprises the following steps of: receiving a PADI message sent by client side equipment; according to the PADI message, judging whether the client side equipment is legal equipment or not; when the client side equipment is the legal equipment, sending a PADO message responding to the PADI message to the client side equipment; and, after receiving a PADR message sent by the client side equipment based on the PADO message, responding to the PADR message, and entering a session stage with the client side equipment. Due to application of the embodiment of the invention, the legality of the client side equipment can be judged in a PPPoE discovery stage; therefore, the resource recovery condition due to the fact that authentication of the client side equipment is failed in the session stage can be avoided; and thus, the performance of the PPPoE server is improved.

Description

A kind of pppoe session method for building up and device
Technical field
The application relates to network communication technology field, particularly relates to a kind of pppoe session method for building up and device.
Background technology
PPPoE (point-to-point protocol over Ethernet, the point-to-point protocol on Ethernet) is net A kind of communication protocol conventional in network, by PPPoE agreement, it is possible to achieve to each control accessing user With charging.In existing PPPoE technology, include findings that and two stages of session, wherein, work as client device After entering session stage with PPPoE server, PPPoE server can distribute some sessions for client device Resource, and distribute IP address for it after client device is by the certification of session stage.In such realization In scheme, once Client Device Authentication failure, PPPoE server is accomplished by can be to being already allocated to client The Session Resources of end equipment reclaims, and this just brings the most unnecessary operation expense to PPPoE server, Affect the performance of PPPoE server.
Summary of the invention
In view of this, the application provides a kind of pppoe session method for building up and device, to solve prior art Middle Client Device Authentication is failed and increases the problem that PPPoE server runs expense.
Specifically, the application is achieved by the following technical solution:
The application provides a kind of pppoe session method for building up, and described method is applied on PPPoE server, Including:
Receive the PADI message that client device sends;
According to described PADI message, it is judged that whether described client device is legitimate device;
When described client device is legitimate device, send the PADO message responding described PADI message To described client device;
After receiving the PADR message that described client device sends based on described PADO message, response Described PADR message, and enter the session stage with described client device.
Optionally, when described client device is legitimate device, described method also includes:
Judge whether IP available address;
When there is IP available address, perform to send the PADO message of the described PADI message of response to described The step of client device.
It is optionally, described according to described PADI message, it is judged that whether described client device is legitimate device, Including:
Judge whether described PADI message carries domain identifier;
When carrying domain identifier, check whether to preserve the configuration information mated with described domain identifier;
When preserving the configuration information mated with described domain identifier, judge to receive according to described configuration information Whether the interface of described PADI message is legal interface;
When being legal interface, confirm that described client device is legitimate device;
When being illegal interface, confirm that described client device is illegality equipment.
Optionally, whether the described interface receiving described PADI message according to the judgement of described configuration information is conjunction Method interface, including:
Judge whether described configuration information is preserved the interface message that described client device is corresponding;
When preserving interface message corresponding to described client device, it is judged that receive described PADI message Whether interface mates the interface message that described client device is corresponding;
When the interface message that the described client device of coupling is corresponding, confirm to receive connecing of described PADI message Mouth is legal interface;When not mating interface message corresponding to described client device, confirm to receive described The interface of PADI message is illegal interface;
When not preserving interface message corresponding to described client device, confirm to receive described PADI message Interface is legal interface.
Optionally, described method also includes:
When described client device is illegality equipment, ignore described PADI message.
The application also provides for a kind of pppoe session and sets up device, and described device is applied on PPPoE server, Including:
Receive unit, for receiving the PADI message that client device sends;
First judging unit, according to described PADI message, it is judged that whether described client device is legitimate device;
Packet sending unit, when described client device is legitimate device, sends and responds described PADI message PADO message give described client device;
Session establishment unit, for when receiving what described client device sent based on described PADO message After PADR message, respond described PADR message, and enter the session stage with described client device.
Optionally, described device also includes:
At described first judging unit, second judging unit, for determining that described client device is legitimate device Time, it may be judged whether there is IP available address;
Notification unit, for when there is IP available address, notifies that described packet sending unit sends response institute State the PADO message of PADI message to described client device.
Optionally, described first judging unit, including:
Mark judgment sub-unit, is used for judging whether carry domain identifier in described PADI message;
Configuration check subelement, for determine carry domain identifier time, check whether to preserve and mark with described territory Know the configuration information of coupling;
Interface judgment sub-unit, for determine preserve the configuration information mated with described domain identifier time, root Judge whether the interface receiving described PADI message is legal interface according to described configuration information;
First confirm subelement, for determine be legal interface time, confirm that described client device is legal Equipment;
Second confirm subelement, for determine be illegal interface time, confirm that described client device is illegal Equipment.
Optionally, described determine judgment sub-unit, including:
Signal judgement module, for determine preserve the configuration information mated with described domain identifier time, it is judged that Whether described configuration information preserves the interface message that described client device is corresponding;
Interface judge module, for determine preserve interface message corresponding to described client device time, sentence Disconnecting receives whether the interface of described PADI message mates the interface message that described client device is corresponding;
First confirms module, for determine mate interface message corresponding to described client device time, confirm The interface receiving described PADI message is legal interface;
Second confirms module, for determine do not mate interface message corresponding to described client device time, really Recognize that to receive the interface of described PADI message be illegal interface;
3rd confirms module, for determine do not preserve interface message corresponding to described client device time, really Recognize that to receive the interface of described PADI message be legal interface.
Optionally, described device also includes:
Message ignores unit, for when determining that described client device is illegality equipment, ignores described PADI Message.
Application the embodiment of the present application, client device can be closed by PPPoE server at discovery phase Method judges, in the case of confirming that described client device is legitimate device, replys response PADI report The PADO message of literary composition, and receiving what described client device sent based on described PADO message After PADR message, respond described PADR message, and enter the session stage with described client device, Thus avoid the occurrence of the resource reclaim feelings caused due to described client device at session stage authentification failure Condition, and then be that described PPPoE server reduces unnecessary operation expense.
Accompanying drawing explanation
Fig. 1 is the mutual schematic diagram that a kind of pppoe session shown in the application one exemplary embodiment is set up;
Fig. 2 is a kind of pppoe session method for building up flow chart shown in the application one exemplary embodiment;
Fig. 3 is the hardware configuration that a kind of pppoe session shown in the application one exemplary embodiment sets up device Figure;
Fig. 4 is the block diagram that a kind of pppoe session shown in the application one exemplary embodiment sets up device;
Fig. 5 is the block diagram that the another kind of pppoe session shown in the application one exemplary embodiment sets up device;
Fig. 6 is the block diagram that the another kind of pppoe session shown in the application one exemplary embodiment sets up device.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Following retouches Stating when relating to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element. Embodiment described in following exemplary embodiment does not represent all embodiment party consistent with the application Formula.On the contrary, they only with describe in detail in appended claims, the application some in terms of mutually one The example of the apparatus and method caused.
It is only merely for describing the purpose of specific embodiment at term used in this application, and is not intended to be limiting this Application." a kind of ", " described " of singulative used in the application and appended claims " it is somebody's turn to do " be also intended to include most form, unless context clearly shows that other implications.It is also understood that Term "and/or" used herein refer to and comprise any of one or more project of listing being associated or Likely combine.
Although should be appreciated that may use term first, second, third, etc. to describe various letter in the application Breath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information district each other Separately.Such as, in the case of without departing from the application scope, the first information can also be referred to as the second information, Similarly, the second information can also be referred to as the first information.Depend on linguistic context, word as used in this " if " can be construed to " ... time " or " when ... time " or " in response to determining ".
See the mutual schematic diagram that Fig. 1, Fig. 1 are PPPoE negotiations processes in the embodiment of the present application.
The process that PPPoE consults is generally divided into two stages: discovery phase and session stage, described discovery rank Duan Zhong, client device broadcast transmission PADI (PPPoE Active Discovery Initiation, PPPoE master Dynamic discovery is initially wrapped) message, receiving with client device PPPoE server in same LAN After the described PADI message that client device is initiated, the PADO responding described PADI message can be sent (PPPoE Active Discovery Offer, PPPoE are actively discovered proposal bag) message is to client device. Client device would generally receive the PADO message that multiple PPPoE server sends, and client device leads to Often can select a PPPoE server as its access server, such as: client device can receive After first PADO message, the PPPoE server sending this first PADO message is connect as it Enter server, and be sent to respond PADR (the PPPoE Active Discovery of described PADO message Request, PPPoE active discovery request bag) message.Send out when PPPoE server receives client device During the PADR message sent, generation can be carried PADS (the PPPoE Active Discovery of session id Session-confirmation, PPPoE are actively discovered session and confirm bag) message is sent to described client device, And enter the session stage with described client device.After entering described session stage, PPPoE server First would generally distribute some Session Resources for described client device, such as: set up session information, configuration chain Road information etc., are authenticated described client device, it is judged that whether described client device is legal subsequently Equipment, the authentication protocol generally used have CHAP (Challenge Handshake Authentication Protocol, Challenge response Challenge-Handshake Authentication Protocol), PAP (Password Authentication Protocol, cipher authentication assist View) etc., after described client device is by certification, described PPPoE server can set for described client Back-up joins IP address, and described client device can use this IP address to access Internet resources.
In prior art, when Client Device Authentication failure, it may be determined that described client device is illegal Equipment, PPPoE server can be recovered as the Session Resources of described client device distribution, and this adds undoubtedly The workload of PPPoE server, affects the performance of PPPoE server.
For solving prior art problem, in embodiments of the present invention, PPPoE server is receiving client After the PADI message that equipment sends, judge according to described PADI message, determining that described client sets Standby for legitimate device time, send and respond the PADO message of described PADI message to described client device, After receiving the PADR message that described client device sends based on described PADO message, response is described PADR message, and enter the session stage with described client device.The application embodiment of the present invention, PPPoE Server can carry out validity judgement at discovery phase to client device, is confirming described client device In the case of legitimate device, reply response PADI message PADO message, thus avoid the occurrence of due to The resource reclaim situation that described client device is caused at session stage authentification failure, and then be described PPPoE Server reduces unnecessary operation expense.
The pppoe session method for building up and the device that there is provided the present invention below in conjunction with the accompanying drawings are described.
See Fig. 2, for the method stream of the pppoe session method for building up shown in the application one exemplary embodiment Cheng Tu, described pppoe session method for building up can be applied in PPPoE server, comprises the following steps:
Step 201: receive the PADI message that client device sends.
In the present embodiment, support the client device meeting broadcast transmission PADI message of PPPoE agreement, Available PPPoE server is found with access network in LAN.With described client device at same local PPPoE server in net can receive the PADI message that described client device sends.
Step 202: judging whether carry domain identifier in described PADI message, if carrying domain identifier, then performing Step 203;If not carrying domain identifier, then perform step 208.
In the present embodiment, manager can carry out region division to the network of PPPoE server admin, than : network as described in by is divided into multiple region, and is that each network area configures corresponding domain identifier, described Domain identifier is used for identifying the network area of correspondence.Wherein, each network area can include that multiple stage client sets Standby, client device, when broadcast transmission PADI message, can carry described visitor in described PADI message The domain identifier of network area, end equipment place, family.PPPoE server is receiving what client device sent After PADI message, described client device can be identified according to the domain identifier carried in described PADI message The network area at place.
Wherein, described PADI message includes that Tag field, described Tag field are in described PADI message The label field of payload, may be used for carrying the domain identifier of network area, client device place.At this In step, PPPoE server can be by resolving the Tag field of described PADI message, so that it is determined that described Whether PADI message carries domain identifier, when carrying domain identifier in described PADI message, performs step 203;When not carrying domain identifier in described PADI message, PPPoE server can confirm that described client End equipment is illegality equipment, performs step 208.
Step 203: check and whether preserve the configuration information mated with described domain identifier in PPPoE server, If preserving the configuration information mated with described domain identifier, then perform step 204;Mark with described territory if not preserving Know the configuration information of coupling, then perform step 208.
In the present embodiment, manager, when network carrying out region and dividing, can be that each network area is joined Put the configuration information of correspondence, described configuration information can include interface message and address pool etc., described configuration Information the most manually can be modified by manager.Wherein, described interface message is usually PPPoE The identification information of certain physical interface on server, is used for representing client device in map network region Sending the interface message of PADI message, including in described address pool can be client device in map network region The IP address of distribution, in described address pool, the quantity of IP address can be by manager according in map network region The quantity of client device configures, such as: less than or equal to the quantity of client device in map network region Deng.
In the present embodiment, PPPoE server can preserve the multiple configuration letters corresponding with multiple network areas Breath, each configuration information can separate independent preservation, it is also possible to is combined and saves as configuration information table, this This is not done particular restriction by invention.
Table 1 configuration information table
Domain identifier Interface message Address pool
A a1 ~192.168.0.20 192.168.0.1
B Nothing Nothing
In this step, judged result based on abovementioned steps S202, when carrying in described PADI message During domain identifier, the domain identifier carried in described PADI message can be parsed, then look up whether preserve with The configuration information of described domain identifier coupling, if preserving the configuration information of described domain identifier coupling, then performs step Rapid 204;If not preserving the configuration information of described domain identifier coupling, then can confirm that described client device is non- Method equipment, performs step 208.Further describe according to table 1, if PPPoE server receives a PADI Message, for ease of distinguishing, can be referred to as a PADI message by described PADI message, if it is determined that described The domain identifier carried in oneth PADI message is A, then PPPoE whois lookup table 1 understands, in table 1 Preserve the configuration information mated with domain identifier A, therefore perform step 204;If PPPoE server accepts To another PADI message, for ease of distinguishing, described PADI message can be referred to as the 2nd PADI message, If it is determined that the domain identifier carried in described 2nd PADI message is C, then PPPoE whois lookup table 1 Understand, do not preserve the configuration information mated with C in table 1, then PPPoE server confirms to send described second The client device of PADI message is illegality equipment, thus performs step 208.
Step 204: judge whether the interface receiving described PADI message is legal according to described configuration information Interface, if legal interface, then performs step 205;If illegal interface, then perform step 208.
In the present embodiment, preserve, when described PPPoE server determines, the configuration information mated with domain identifier Time, can judge whether the interface receiving described PADI message is legal interface according to described configuration information. In the present embodiment, judge whether the interface receiving described PADI message is legal according to described configuration information Interface can include following two situation:
The first situation, if non-saving interface information in described configuration information, then may determine that described in receiving The interface of PADI message is legal interface, performs step 205.
The second situation, if preserving interface message in described configuration information, then may determine that described in receiving Whether the interface of PADI message mates with the interface message in described configuration information, if it does, may determine that The interface receiving described PADI message is legal interface, performs step 205;If do not mated, can be true Surely the interface receiving described PADI message is illegal interface, and described client device is illegality equipment, then hold Row step 208.In above-mentioned two situations, if it is determined that the interface receiving described PADI message is legal Interface, then may determine that the client device sending described PADI message is legitimate device.Enter according to table 1 One step describes, and sees the configuration information mated with domain identifier A in table 1 and understands, domain identifier A map network The interface message in region is a1, then PPPoE server is checked and received connecing of a described PADI message Whether mouth is a1, the most then confirm that described client device is legitimate device, performs step 205;If no It is that then PPPoE server confirms that the client device sending a described PADI message is illegality equipment, Perform step 208.In another example, if described PPPoE server receives a PADI message, For ease of distinguishing, described PADI message can be referred to as the 3rd PADI message, if described 3rd PADI The domain identifier carried in message is B, then check that table 1 understands, there is the configuration information mated with domain identifier B, And non-saving interface information in described configuration information, the interface the most no matter receiving described 3rd PADI message is Which interface, can confirm that the interface receiving described PADI message is legal interface, further confirm that institute Stating client device is legitimate device, same execution step 205.
Step 205: judge whether IP available address, if existing, then performs step 206;If not existing, Then perform step 208.
In the implementation of the application, when confirming that described client device is legitimate device, it may be judged whether There is IP available address, can include following three kinds of situations:
The first situation, can use if including in described configuration information to exist in address pool, and described address pool IP address, then perform step 206;
The second situation, if including address pool in described configuration information, but do not exist in described address pool can During with IP address, it may be determined that there is not IP available address, step 208 can be performed;
The third situation, if not including address pool in described configuration information, determining the most equally and there is not IP available Address, performs step 208.
Further describe according to table 1, send a described PADI message when PPPoE server determines When client device is legitimate device, check that the domain information A that a described PADI message carries is corresponding Configuration information understands, and the address pool for the configuration of map network region is 192.168.0.1~192.168.0.20, then Whether described PPPoE server exists IP available address in checking described address pool, if 192.168.0.1 192.168.0.20~exists IP available address, then performs step 206;If but 192.168.0.1 192.168.0.20~does not exist IP available address, then performs step 208.In another example In son, described PPPoE server checks that configuration information corresponding for domain information B understands, this map network region The most non-configuration address pond, then perform step 208.
Step 206: send and respond the PADO message of described PADI message to described client device.
In the present embodiment, when confirming that described client is legitimate device, and determine when there is IP available address, In this step, can send and respond the PADO message of described PADI message to described client device.
Step 207: when receiving the PADR report that described client device sends based on described PADO message Wen Hou, responds described PADR message, and enters the session stage with described client device.
In the embodiment of the present application, owing to described client device having been carried out legitimacy at discovery phase Judge, therefore after described PPPoE server enters session stage with described client device, can avoid The resource reclaim situation caused due to the failure of described Client Device Authentication occurs.Additionally, according to PPPoE The interaction flow of agreement, described PPPoE server can be to distribute IP address by the client device of certification, But in this process, if there is not IP available address, need also exist for reclaiming for client device configuration Session Resources, therefore in the embodiment of the present application, determine that described client device is legal setting at discovery phase After Bei, can continue to be confirmed whether to there is IP available address, when determine there is IP available address time, retransmit PADO message is to client device, to avoid the occurrence of the resource that session stage does not has IP available address to be caused Recovering state.
Step 208: ignore described PADI message.
In the present embodiment, based on above-mentioned steps 202 to step 204, determining that described client device is non- During method equipment, described PADI message can be ignored;Based on above-mentioned steps 205, determining that described client sets Standby for legitimate device, but determine when there is not IP available address, it is also possible to ignore described PADI message.
Application above-described embodiment, PPPoE server is by discovery phase, according to the PADI message received Judge, confirm that described client device is legitimate device, and determine when there is IP available address, send Respond the PADO message of described PADI message to described client device, thus when receiving described client After the PADR message that end equipment sends based on described PADO message, respond described PADR message, enter With the session stage of described client device, described client device can be prevented effectively from and occur at session stage The situation of authentification failure, further, it is also possible to avoid the occurrence of owing to not having what IP available address was caused Resource reclaim situation, thus reduce the recovery operation of described PPPoE server, and then improve PPPoE service Device performance.
In another embodiment, after PPPoE server execution of step 203, when PPPoE server During the configuration information that the domain identifier found and carry in described PADI message mates, it is also possible to first judge described Whether configuration information exist IP available address, and after determining and there is IP available address, then judge to receive Whether the interface of described PADI message is legal interface, when being defined as legal interface, sends response described The PADO message of PADI message to described client device, thus when receive described client device based on After the PADR message that described PADO message sends, respond described PADR message, enter and described client The session stage of end equipment.The most concrete judge process may refer to step 204 and step 205, at this not Repeat again.
Corresponding with the embodiment of above-mentioned a kind of pppoe session method for building up, present invention also provides one Pppoe session sets up the embodiment of device.
A kind of pppoe session of the application is set up the embodiment of device and can be applied on PPPoE server.Dress Put embodiment to be realized by software, it is also possible to realize by the way of hardware or software and hardware combining.With As a example by software realizes, as the device on a logical meaning, it is will by the processor of its place server Computer program instructions corresponding in nonvolatile memory reads and runs formation in internal memory.From hardware layer For face, as it is shown on figure 3, set up a kind of hard of device place server for a kind of pppoe session of the application Part structure chart, except the processor shown in Fig. 3, internal memory, network interface and nonvolatile memory it Outward, in embodiment, the server at device place generally can also include other hardware, such as responsible process message Forwarding chip etc.;This server from the point of view of from hardware configuration, it is also possible that distributed server, may wrap Include multiple interface card, in order to carry out the extension of Message processing at hardware view.
With reference to Fig. 4, it is that a kind of pppoe session shown in the application one exemplary embodiment sets up device Block diagram, described device can be applied on the PPPoE server shown in earlier figures 3, described PPPoE The device 400 of session establishment may include that reception unit the 410, first judging unit 420, message send Unit 430, session establishment unit the 440, second judging unit 450, notification unit 460 and message are ignored Unit 470.
Seeing Fig. 5, described first judging unit 420 can also include: identifies judgment sub-unit 421, join Put and check that subelement 422, interface judgment sub-unit 423, first confirm subelement 424 and the second confirmation form Unit 425.See Fig. 6, described determine that judgment sub-unit 423 can also include: signal judgement module 4231, Interface judge module 4232, first confirms that module 4233, second confirms that module 4234 and the 3rd confirms mould Block 4235.
Wherein, receive unit 410, for receiving the PADI message that client device sends;
First judging unit 420, according to described PADI message, it is judged that whether described client device is legal Equipment;
Packet sending unit 430, when described client device is legitimate device, sends and responds described PADI The PADO message of message gives described client device;
Session establishment unit 440, sends out based on described PADO message for receiving described client device After the PADR message sent, respond described PADR message, and enter the session rank with described client device Section.
Second judging unit 450, for for determining described client device at described first judging unit 420 During for legitimate device, it may be judged whether there is IP available address;
Notification unit 460, for when there is IP available address, notifies described packet sending unit 430 Send the PADO message responding described PADI message to described client device.
Mark judgment sub-unit 421, is used for judging whether carry domain identifier in described PADI message;
Configuration check subelement 422, for determine carry domain identifier time, check whether to preserve and described territory The configuration information of mark coupling;
Interface judgment sub-unit 423, for determine preserve the configuration information mated with described domain identifier time, Judge whether the interface receiving described PADI message is legal interface according to described configuration information;
First confirm subelement 424, for determine be legal interface time, confirm described client device for close Method equipment;
Second confirm subelement 425, for determine be illegal interface time, confirm that described client device is non- Method equipment.
Signal judgement module 4231, for determine preserve the configuration information mated with described domain identifier time, Judge whether described configuration information preserves the interface message that described client device is corresponding;
Interface judge module 4232, for determine preserve interface message corresponding to described client device time, Judge whether the interface receiving described PADI message mates the interface message that described client device is corresponding;
First confirms module 4233, for determine mate interface message corresponding to described client device time, Confirm that the interface receiving described PADI message is legal interface;
Second confirms module 4234, for determine do not mate interface message corresponding to described client device time, Confirm that the interface receiving described PADI message is illegal interface;
3rd confirms module 4235, for determine do not preserve interface message corresponding to described client device time, Confirm that the interface receiving described PADI message is legal interface.
Message ignores unit 470, for when determining that described client device is illegality equipment, ignores described PADI message.
As seen from the above-described embodiment, PPPoE server is by discovery phase, according to the PADI received Message judges, confirms that described client device is legitimate device, and determines when there is IP available address, The PADO message of the transmission described PADI message of response is to described client device, thus ought receive described After the PADR message that client device sends based on described PADO message, respond described PADR message, Enter the session stage with described client device, described client device can be prevented effectively from session stage The situation of authentification failure occurs, equally avoids the occurrence of owing to there is not the resource that IP available address is caused Recovering state, further, thus is that described PPPoE server reduces unnecessary operation expense, and then Improve PPPoE server performance.
In said apparatus, the function of unit and the process that realizes of effect specifically refer to corresponding step in said method Rapid realizes process, does not repeats them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part sees The part of embodiment of the method illustrates.Device embodiment described above is only schematically, wherein The described unit illustrated as separating component can be or may not be physically separate, as unit The parts of display can be or may not be physical location, i.e. may be located at a place, or also may be used To be distributed on multiple NE.Some or all of module therein can be selected according to the actual needs Realize the purpose of the application scheme.Those of ordinary skill in the art in the case of not paying creative work, I.e. it is appreciated that and implements.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all in this Shen Within spirit please and principle, any modification, equivalent substitution and improvement etc. done, should be included in this Shen Within the scope of please protecting.

Claims (10)

1. the PPPoE session method for building up on an Ethernet, it is characterised in that described side Method is applied on PPPoE server, including:
The PPPoE receiving client device transmission is actively discovered initial bag PADI message;
According to described PADI message, it is judged that whether described client device is legitimate device;
When described client device is legitimate device, sends and respond the PPPoE of described PADI message actively Find to propose that bag PADO message is to described client device;
When receiving the PPPoE active discovery request that described client device sends based on described PADO message After bag PADR message, respond described PADR message, and enter the session stage with described client device.
Method the most according to claim 1, it is characterised in that be legal setting at described client device Time standby, described method also includes:
Judge whether IP available address;
When there is IP available address, perform to send the PADO message of the described PADI message of response to described The step of client device.
Method the most according to claim 1, it is characterised in that described according to described PADI message, Judge whether described client device is legitimate device, including:
Judge whether described PADI message carries domain identifier;
When carrying domain identifier, check whether to preserve the configuration information mated with described domain identifier;
When preserving the configuration information mated with described domain identifier, judge to receive according to described configuration information Whether the interface of described PADI message is legal interface;
When being legal interface, confirm that described client device is legitimate device;
When being illegal interface, confirm that described client device is illegality equipment.
Method the most according to claim 3, it is characterised in that described judge according to described configuration information Whether the interface receiving described PADI message is legal interface, including:
Judge whether described configuration information is preserved the interface message that described client device is corresponding;
When preserving interface message corresponding to described client device, it is judged that receive described PADI message Whether interface mates the interface message that described client device is corresponding;
When the interface message that the described client device of coupling is corresponding, confirm to receive connecing of described PADI message Mouth is legal interface;When not mating interface message corresponding to described client device, confirm to receive described The interface of PADI message is illegal interface;
When not preserving interface message corresponding to described client device, confirm to receive described PADI message Interface is legal interface.
Method the most according to claim 1, it is characterised in that described method also includes:
When described client device is illegality equipment, ignore described PADI message.
6. a pppoe session sets up device, it is characterised in that described device is applied and serviced at PPPoE On device, including:
Receive unit, for receiving the PADI message that client device sends;
First judging unit, for according to described PADI message, it is judged that whether described client device is legal Equipment;
Packet sending unit, for when described client device is legitimate device, sends and responds described PADI The PADO message of message gives described client device;
Session establishment unit, for when receiving what described client device sent based on described PADO message After PADR message, respond described PADR message, and enter the session stage with described client device.
Device the most according to claim 6, it is characterised in that described device also includes:
At described first judging unit, second judging unit, for determining that described client device is legitimate device Time, it may be judged whether there is IP available address;
Notification unit, for when there is IP available address, notifies that described packet sending unit sends response institute State the PADO message of PADI message to described client device.
Device the most according to claim 6, it is characterised in that described first judging unit, including:
Mark judgment sub-unit, is used for judging whether carry domain identifier in described PADI message;
Configuration check subelement, for determine carry domain identifier time, check whether to preserve and mark with described territory Know the configuration information of coupling;
Interface judgment sub-unit, for determine preserve the configuration information mated with described domain identifier time, root Judge whether the interface receiving described PADI message is legal interface according to described configuration information;First confirms son Unit, for determine be legal interface time, confirm that described client device is legitimate device;
Second confirm subelement, for determine be illegal interface time, confirm that described client device is illegal Equipment.
Device the most according to claim 8, it is characterised in that described determine judgment sub-unit, including:
Signal judgement module, for determine preserve the configuration information mated with described domain identifier time, it is judged that Whether described configuration information preserves the interface message that described client device is corresponding;
Interface judge module, for determine preserve interface message corresponding to described client device time, sentence Disconnecting receives whether the interface of described PADI message mates the interface message that described client device is corresponding;
First confirms module, for determine mate interface message corresponding to described client device time, confirm The interface receiving described PADI message is legal interface;
Second confirms module, for determine do not mate interface message corresponding to described client device time, really Recognize that to receive the interface of described PADI message be illegal interface;
3rd confirms module, for determine do not preserve interface message corresponding to described client device time, really Recognize that to receive the interface of described PADI message be legal interface.
Device the most according to claim 6, it is characterised in that described device also includes:
Message ignores unit, for when determining that described client device is illegality equipment, ignores described PADI Message.
CN201510990532.9A 2015-12-24 2015-12-24 A kind of pppoe session method for building up and device Active CN105939372B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510990532.9A CN105939372B (en) 2015-12-24 2015-12-24 A kind of pppoe session method for building up and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510990532.9A CN105939372B (en) 2015-12-24 2015-12-24 A kind of pppoe session method for building up and device

Publications (2)

Publication Number Publication Date
CN105939372A true CN105939372A (en) 2016-09-14
CN105939372B CN105939372B (en) 2019-04-09

Family

ID=57153021

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510990532.9A Active CN105939372B (en) 2015-12-24 2015-12-24 A kind of pppoe session method for building up and device

Country Status (1)

Country Link
CN (1) CN105939372B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111181900A (en) * 2018-11-13 2020-05-19 杭州光启人工智能研究院 Data message sending and receiving method, storage medium and processor

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101079771A (en) * 2007-04-03 2007-11-28 中兴通讯股份有限公司 A broadband access method based on PPPoE
CN101197837A (en) * 2007-12-25 2008-06-11 华为技术有限公司 Method and system of Ethernet P2P protocol negotiation authentication mode
US20100325295A1 (en) * 2009-06-17 2010-12-23 Takatoshi Kajiwara Communication apparatus
CN104301336A (en) * 2014-11-14 2015-01-21 深圳市共进电子股份有限公司 PPPoE access authentication method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101079771A (en) * 2007-04-03 2007-11-28 中兴通讯股份有限公司 A broadband access method based on PPPoE
CN101197837A (en) * 2007-12-25 2008-06-11 华为技术有限公司 Method and system of Ethernet P2P protocol negotiation authentication mode
US20100325295A1 (en) * 2009-06-17 2010-12-23 Takatoshi Kajiwara Communication apparatus
CN104301336A (en) * 2014-11-14 2015-01-21 深圳市共进电子股份有限公司 PPPoE access authentication method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111181900A (en) * 2018-11-13 2020-05-19 杭州光启人工智能研究院 Data message sending and receiving method, storage medium and processor
CN111181900B (en) * 2018-11-13 2022-04-22 深圳光启高等理工研究院 Data message sending and receiving method, storage medium and processor

Also Published As

Publication number Publication date
CN105939372B (en) 2019-04-09

Similar Documents

Publication Publication Date Title
CN109565500B (en) On-demand security architecture
US8966075B1 (en) Accessing a policy server from multiple layer two networks
US7735129B2 (en) Firewall device
CN101110847B (en) Method, device and system for obtaining medium access control address
US7765309B2 (en) Wireless provisioning device
US9967738B2 (en) Methods and arrangements for enabling data transmission between a mobile device and a static destination address
CN102438028B (en) A kind of prevent Dynamic Host Configuration Protocol server from cheating method, Apparatus and system
CN102739684B (en) Portal authentication method based on virtual IP address, and server thereof
WO2015085848A1 (en) Security authentication method and bidirectional forwarding detection method
CN103580980A (en) Automatic searching and automatic configuration method and device of VN
US20110202670A1 (en) Method, device and system for identifying ip session
JP5864598B2 (en) Method and system for providing service access to a user
WO2013056619A1 (en) Method, idp, sp and system for identity federation
CN110474922B (en) Communication method, PC system and access control router
CN103957194B (en) A kind of procotol IP cut-in methods and access device
JP2013522786A (en) Method for securing access to data or services accessible through a device performing the method and corresponding device
CN101945053B (en) Method and device for transmitting message
CN100471167C (en) Method and apparatus for managing wireless access-in wide-band users
CN102752266A (en) Access control method and equipment thereof
CN107046568B (en) Authentication method and device
CN105939372A (en) PPPoE session establishing method and device
JP2010187314A (en) Network relay apparatus with authentication function, and terminal authentication method employing the same
JP4965499B2 (en) Authentication system, authentication device, communication setting device, and authentication method
CN102594808A (en) System and method for preventing Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) server spoofing
US20100100960A1 (en) System and method for protecting data of network users

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant after: Hangzhou Dipu Polytron Technologies Inc

Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant before: Hangzhou Dipu Technology Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant