CN105939372A - PPPoE session establishing method and device - Google Patents
PPPoE session establishing method and device Download PDFInfo
- Publication number
- CN105939372A CN105939372A CN201510990532.9A CN201510990532A CN105939372A CN 105939372 A CN105939372 A CN 105939372A CN 201510990532 A CN201510990532 A CN 201510990532A CN 105939372 A CN105939372 A CN 105939372A
- Authority
- CN
- China
- Prior art keywords
- message
- client device
- interface
- padi
- described client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1074—Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a PPPoE session establishing method and device, applied to a PPPoE server. The method comprises the following steps of: receiving a PADI message sent by client side equipment; according to the PADI message, judging whether the client side equipment is legal equipment or not; when the client side equipment is the legal equipment, sending a PADO message responding to the PADI message to the client side equipment; and, after receiving a PADR message sent by the client side equipment based on the PADO message, responding to the PADR message, and entering a session stage with the client side equipment. Due to application of the embodiment of the invention, the legality of the client side equipment can be judged in a PPPoE discovery stage; therefore, the resource recovery condition due to the fact that authentication of the client side equipment is failed in the session stage can be avoided; and thus, the performance of the PPPoE server is improved.
Description
Technical field
The application relates to network communication technology field, particularly relates to a kind of pppoe session method for building up and device.
Background technology
PPPoE (point-to-point protocol over Ethernet, the point-to-point protocol on Ethernet) is net
A kind of communication protocol conventional in network, by PPPoE agreement, it is possible to achieve to each control accessing user
With charging.In existing PPPoE technology, include findings that and two stages of session, wherein, work as client device
After entering session stage with PPPoE server, PPPoE server can distribute some sessions for client device
Resource, and distribute IP address for it after client device is by the certification of session stage.In such realization
In scheme, once Client Device Authentication failure, PPPoE server is accomplished by can be to being already allocated to client
The Session Resources of end equipment reclaims, and this just brings the most unnecessary operation expense to PPPoE server,
Affect the performance of PPPoE server.
Summary of the invention
In view of this, the application provides a kind of pppoe session method for building up and device, to solve prior art
Middle Client Device Authentication is failed and increases the problem that PPPoE server runs expense.
Specifically, the application is achieved by the following technical solution:
The application provides a kind of pppoe session method for building up, and described method is applied on PPPoE server,
Including:
Receive the PADI message that client device sends;
According to described PADI message, it is judged that whether described client device is legitimate device;
When described client device is legitimate device, send the PADO message responding described PADI message
To described client device;
After receiving the PADR message that described client device sends based on described PADO message, response
Described PADR message, and enter the session stage with described client device.
Optionally, when described client device is legitimate device, described method also includes:
Judge whether IP available address;
When there is IP available address, perform to send the PADO message of the described PADI message of response to described
The step of client device.
It is optionally, described according to described PADI message, it is judged that whether described client device is legitimate device,
Including:
Judge whether described PADI message carries domain identifier;
When carrying domain identifier, check whether to preserve the configuration information mated with described domain identifier;
When preserving the configuration information mated with described domain identifier, judge to receive according to described configuration information
Whether the interface of described PADI message is legal interface;
When being legal interface, confirm that described client device is legitimate device;
When being illegal interface, confirm that described client device is illegality equipment.
Optionally, whether the described interface receiving described PADI message according to the judgement of described configuration information is conjunction
Method interface, including:
Judge whether described configuration information is preserved the interface message that described client device is corresponding;
When preserving interface message corresponding to described client device, it is judged that receive described PADI message
Whether interface mates the interface message that described client device is corresponding;
When the interface message that the described client device of coupling is corresponding, confirm to receive connecing of described PADI message
Mouth is legal interface;When not mating interface message corresponding to described client device, confirm to receive described
The interface of PADI message is illegal interface;
When not preserving interface message corresponding to described client device, confirm to receive described PADI message
Interface is legal interface.
Optionally, described method also includes:
When described client device is illegality equipment, ignore described PADI message.
The application also provides for a kind of pppoe session and sets up device, and described device is applied on PPPoE server,
Including:
Receive unit, for receiving the PADI message that client device sends;
First judging unit, according to described PADI message, it is judged that whether described client device is legitimate device;
Packet sending unit, when described client device is legitimate device, sends and responds described PADI message
PADO message give described client device;
Session establishment unit, for when receiving what described client device sent based on described PADO message
After PADR message, respond described PADR message, and enter the session stage with described client device.
Optionally, described device also includes:
At described first judging unit, second judging unit, for determining that described client device is legitimate device
Time, it may be judged whether there is IP available address;
Notification unit, for when there is IP available address, notifies that described packet sending unit sends response institute
State the PADO message of PADI message to described client device.
Optionally, described first judging unit, including:
Mark judgment sub-unit, is used for judging whether carry domain identifier in described PADI message;
Configuration check subelement, for determine carry domain identifier time, check whether to preserve and mark with described territory
Know the configuration information of coupling;
Interface judgment sub-unit, for determine preserve the configuration information mated with described domain identifier time, root
Judge whether the interface receiving described PADI message is legal interface according to described configuration information;
First confirm subelement, for determine be legal interface time, confirm that described client device is legal
Equipment;
Second confirm subelement, for determine be illegal interface time, confirm that described client device is illegal
Equipment.
Optionally, described determine judgment sub-unit, including:
Signal judgement module, for determine preserve the configuration information mated with described domain identifier time, it is judged that
Whether described configuration information preserves the interface message that described client device is corresponding;
Interface judge module, for determine preserve interface message corresponding to described client device time, sentence
Disconnecting receives whether the interface of described PADI message mates the interface message that described client device is corresponding;
First confirms module, for determine mate interface message corresponding to described client device time, confirm
The interface receiving described PADI message is legal interface;
Second confirms module, for determine do not mate interface message corresponding to described client device time, really
Recognize that to receive the interface of described PADI message be illegal interface;
3rd confirms module, for determine do not preserve interface message corresponding to described client device time, really
Recognize that to receive the interface of described PADI message be legal interface.
Optionally, described device also includes:
Message ignores unit, for when determining that described client device is illegality equipment, ignores described PADI
Message.
Application the embodiment of the present application, client device can be closed by PPPoE server at discovery phase
Method judges, in the case of confirming that described client device is legitimate device, replys response PADI report
The PADO message of literary composition, and receiving what described client device sent based on described PADO message
After PADR message, respond described PADR message, and enter the session stage with described client device,
Thus avoid the occurrence of the resource reclaim feelings caused due to described client device at session stage authentification failure
Condition, and then be that described PPPoE server reduces unnecessary operation expense.
Accompanying drawing explanation
Fig. 1 is the mutual schematic diagram that a kind of pppoe session shown in the application one exemplary embodiment is set up;
Fig. 2 is a kind of pppoe session method for building up flow chart shown in the application one exemplary embodiment;
Fig. 3 is the hardware configuration that a kind of pppoe session shown in the application one exemplary embodiment sets up device
Figure;
Fig. 4 is the block diagram that a kind of pppoe session shown in the application one exemplary embodiment sets up device;
Fig. 5 is the block diagram that the another kind of pppoe session shown in the application one exemplary embodiment sets up device;
Fig. 6 is the block diagram that the another kind of pppoe session shown in the application one exemplary embodiment sets up device.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Following retouches
Stating when relating to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.
Embodiment described in following exemplary embodiment does not represent all embodiment party consistent with the application
Formula.On the contrary, they only with describe in detail in appended claims, the application some in terms of mutually one
The example of the apparatus and method caused.
It is only merely for describing the purpose of specific embodiment at term used in this application, and is not intended to be limiting this
Application." a kind of ", " described " of singulative used in the application and appended claims
" it is somebody's turn to do " be also intended to include most form, unless context clearly shows that other implications.It is also understood that
Term "and/or" used herein refer to and comprise any of one or more project of listing being associated or
Likely combine.
Although should be appreciated that may use term first, second, third, etc. to describe various letter in the application
Breath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information district each other
Separately.Such as, in the case of without departing from the application scope, the first information can also be referred to as the second information,
Similarly, the second information can also be referred to as the first information.Depend on linguistic context, word as used in this
" if " can be construed to " ... time " or " when ... time " or " in response to determining ".
See the mutual schematic diagram that Fig. 1, Fig. 1 are PPPoE negotiations processes in the embodiment of the present application.
The process that PPPoE consults is generally divided into two stages: discovery phase and session stage, described discovery rank
Duan Zhong, client device broadcast transmission PADI (PPPoE Active Discovery Initiation, PPPoE master
Dynamic discovery is initially wrapped) message, receiving with client device PPPoE server in same LAN
After the described PADI message that client device is initiated, the PADO responding described PADI message can be sent
(PPPoE Active Discovery Offer, PPPoE are actively discovered proposal bag) message is to client device.
Client device would generally receive the PADO message that multiple PPPoE server sends, and client device leads to
Often can select a PPPoE server as its access server, such as: client device can receive
After first PADO message, the PPPoE server sending this first PADO message is connect as it
Enter server, and be sent to respond PADR (the PPPoE Active Discovery of described PADO message
Request, PPPoE active discovery request bag) message.Send out when PPPoE server receives client device
During the PADR message sent, generation can be carried PADS (the PPPoE Active Discovery of session id
Session-confirmation, PPPoE are actively discovered session and confirm bag) message is sent to described client device,
And enter the session stage with described client device.After entering described session stage, PPPoE server
First would generally distribute some Session Resources for described client device, such as: set up session information, configuration chain
Road information etc., are authenticated described client device, it is judged that whether described client device is legal subsequently
Equipment, the authentication protocol generally used have CHAP (Challenge Handshake Authentication Protocol,
Challenge response Challenge-Handshake Authentication Protocol), PAP (Password Authentication Protocol, cipher authentication assist
View) etc., after described client device is by certification, described PPPoE server can set for described client
Back-up joins IP address, and described client device can use this IP address to access Internet resources.
In prior art, when Client Device Authentication failure, it may be determined that described client device is illegal
Equipment, PPPoE server can be recovered as the Session Resources of described client device distribution, and this adds undoubtedly
The workload of PPPoE server, affects the performance of PPPoE server.
For solving prior art problem, in embodiments of the present invention, PPPoE server is receiving client
After the PADI message that equipment sends, judge according to described PADI message, determining that described client sets
Standby for legitimate device time, send and respond the PADO message of described PADI message to described client device,
After receiving the PADR message that described client device sends based on described PADO message, response is described
PADR message, and enter the session stage with described client device.The application embodiment of the present invention, PPPoE
Server can carry out validity judgement at discovery phase to client device, is confirming described client device
In the case of legitimate device, reply response PADI message PADO message, thus avoid the occurrence of due to
The resource reclaim situation that described client device is caused at session stage authentification failure, and then be described PPPoE
Server reduces unnecessary operation expense.
The pppoe session method for building up and the device that there is provided the present invention below in conjunction with the accompanying drawings are described.
See Fig. 2, for the method stream of the pppoe session method for building up shown in the application one exemplary embodiment
Cheng Tu, described pppoe session method for building up can be applied in PPPoE server, comprises the following steps:
Step 201: receive the PADI message that client device sends.
In the present embodiment, support the client device meeting broadcast transmission PADI message of PPPoE agreement,
Available PPPoE server is found with access network in LAN.With described client device at same local
PPPoE server in net can receive the PADI message that described client device sends.
Step 202: judging whether carry domain identifier in described PADI message, if carrying domain identifier, then performing
Step 203;If not carrying domain identifier, then perform step 208.
In the present embodiment, manager can carry out region division to the network of PPPoE server admin, than
: network as described in by is divided into multiple region, and is that each network area configures corresponding domain identifier, described
Domain identifier is used for identifying the network area of correspondence.Wherein, each network area can include that multiple stage client sets
Standby, client device, when broadcast transmission PADI message, can carry described visitor in described PADI message
The domain identifier of network area, end equipment place, family.PPPoE server is receiving what client device sent
After PADI message, described client device can be identified according to the domain identifier carried in described PADI message
The network area at place.
Wherein, described PADI message includes that Tag field, described Tag field are in described PADI message
The label field of payload, may be used for carrying the domain identifier of network area, client device place.At this
In step, PPPoE server can be by resolving the Tag field of described PADI message, so that it is determined that described
Whether PADI message carries domain identifier, when carrying domain identifier in described PADI message, performs step
203;When not carrying domain identifier in described PADI message, PPPoE server can confirm that described client
End equipment is illegality equipment, performs step 208.
Step 203: check and whether preserve the configuration information mated with described domain identifier in PPPoE server,
If preserving the configuration information mated with described domain identifier, then perform step 204;Mark with described territory if not preserving
Know the configuration information of coupling, then perform step 208.
In the present embodiment, manager, when network carrying out region and dividing, can be that each network area is joined
Put the configuration information of correspondence, described configuration information can include interface message and address pool etc., described configuration
Information the most manually can be modified by manager.Wherein, described interface message is usually PPPoE
The identification information of certain physical interface on server, is used for representing client device in map network region
Sending the interface message of PADI message, including in described address pool can be client device in map network region
The IP address of distribution, in described address pool, the quantity of IP address can be by manager according in map network region
The quantity of client device configures, such as: less than or equal to the quantity of client device in map network region
Deng.
In the present embodiment, PPPoE server can preserve the multiple configuration letters corresponding with multiple network areas
Breath, each configuration information can separate independent preservation, it is also possible to is combined and saves as configuration information table, this
This is not done particular restriction by invention.
Table 1 configuration information table
Domain identifier | Interface message | Address pool |
A | a1 | ~192.168.0.20 192.168.0.1 |
B | Nothing | Nothing |
In this step, judged result based on abovementioned steps S202, when carrying in described PADI message
During domain identifier, the domain identifier carried in described PADI message can be parsed, then look up whether preserve with
The configuration information of described domain identifier coupling, if preserving the configuration information of described domain identifier coupling, then performs step
Rapid 204;If not preserving the configuration information of described domain identifier coupling, then can confirm that described client device is non-
Method equipment, performs step 208.Further describe according to table 1, if PPPoE server receives a PADI
Message, for ease of distinguishing, can be referred to as a PADI message by described PADI message, if it is determined that described
The domain identifier carried in oneth PADI message is A, then PPPoE whois lookup table 1 understands, in table 1
Preserve the configuration information mated with domain identifier A, therefore perform step 204;If PPPoE server accepts
To another PADI message, for ease of distinguishing, described PADI message can be referred to as the 2nd PADI message,
If it is determined that the domain identifier carried in described 2nd PADI message is C, then PPPoE whois lookup table 1
Understand, do not preserve the configuration information mated with C in table 1, then PPPoE server confirms to send described second
The client device of PADI message is illegality equipment, thus performs step 208.
Step 204: judge whether the interface receiving described PADI message is legal according to described configuration information
Interface, if legal interface, then performs step 205;If illegal interface, then perform step 208.
In the present embodiment, preserve, when described PPPoE server determines, the configuration information mated with domain identifier
Time, can judge whether the interface receiving described PADI message is legal interface according to described configuration information.
In the present embodiment, judge whether the interface receiving described PADI message is legal according to described configuration information
Interface can include following two situation:
The first situation, if non-saving interface information in described configuration information, then may determine that described in receiving
The interface of PADI message is legal interface, performs step 205.
The second situation, if preserving interface message in described configuration information, then may determine that described in receiving
Whether the interface of PADI message mates with the interface message in described configuration information, if it does, may determine that
The interface receiving described PADI message is legal interface, performs step 205;If do not mated, can be true
Surely the interface receiving described PADI message is illegal interface, and described client device is illegality equipment, then hold
Row step 208.In above-mentioned two situations, if it is determined that the interface receiving described PADI message is legal
Interface, then may determine that the client device sending described PADI message is legitimate device.Enter according to table 1
One step describes, and sees the configuration information mated with domain identifier A in table 1 and understands, domain identifier A map network
The interface message in region is a1, then PPPoE server is checked and received connecing of a described PADI message
Whether mouth is a1, the most then confirm that described client device is legitimate device, performs step 205;If no
It is that then PPPoE server confirms that the client device sending a described PADI message is illegality equipment,
Perform step 208.In another example, if described PPPoE server receives a PADI message,
For ease of distinguishing, described PADI message can be referred to as the 3rd PADI message, if described 3rd PADI
The domain identifier carried in message is B, then check that table 1 understands, there is the configuration information mated with domain identifier B,
And non-saving interface information in described configuration information, the interface the most no matter receiving described 3rd PADI message is
Which interface, can confirm that the interface receiving described PADI message is legal interface, further confirm that institute
Stating client device is legitimate device, same execution step 205.
Step 205: judge whether IP available address, if existing, then performs step 206;If not existing,
Then perform step 208.
In the implementation of the application, when confirming that described client device is legitimate device, it may be judged whether
There is IP available address, can include following three kinds of situations:
The first situation, can use if including in described configuration information to exist in address pool, and described address pool
IP address, then perform step 206;
The second situation, if including address pool in described configuration information, but do not exist in described address pool can
During with IP address, it may be determined that there is not IP available address, step 208 can be performed;
The third situation, if not including address pool in described configuration information, determining the most equally and there is not IP available
Address, performs step 208.
Further describe according to table 1, send a described PADI message when PPPoE server determines
When client device is legitimate device, check that the domain information A that a described PADI message carries is corresponding
Configuration information understands, and the address pool for the configuration of map network region is 192.168.0.1~192.168.0.20, then
Whether described PPPoE server exists IP available address in checking described address pool, if
192.168.0.1 192.168.0.20~exists IP available address, then performs step 206;If but
192.168.0.1 192.168.0.20~does not exist IP available address, then performs step 208.In another example
In son, described PPPoE server checks that configuration information corresponding for domain information B understands, this map network region
The most non-configuration address pond, then perform step 208.
Step 206: send and respond the PADO message of described PADI message to described client device.
In the present embodiment, when confirming that described client is legitimate device, and determine when there is IP available address,
In this step, can send and respond the PADO message of described PADI message to described client device.
Step 207: when receiving the PADR report that described client device sends based on described PADO message
Wen Hou, responds described PADR message, and enters the session stage with described client device.
In the embodiment of the present application, owing to described client device having been carried out legitimacy at discovery phase
Judge, therefore after described PPPoE server enters session stage with described client device, can avoid
The resource reclaim situation caused due to the failure of described Client Device Authentication occurs.Additionally, according to PPPoE
The interaction flow of agreement, described PPPoE server can be to distribute IP address by the client device of certification,
But in this process, if there is not IP available address, need also exist for reclaiming for client device configuration
Session Resources, therefore in the embodiment of the present application, determine that described client device is legal setting at discovery phase
After Bei, can continue to be confirmed whether to there is IP available address, when determine there is IP available address time, retransmit
PADO message is to client device, to avoid the occurrence of the resource that session stage does not has IP available address to be caused
Recovering state.
Step 208: ignore described PADI message.
In the present embodiment, based on above-mentioned steps 202 to step 204, determining that described client device is non-
During method equipment, described PADI message can be ignored;Based on above-mentioned steps 205, determining that described client sets
Standby for legitimate device, but determine when there is not IP available address, it is also possible to ignore described PADI message.
Application above-described embodiment, PPPoE server is by discovery phase, according to the PADI message received
Judge, confirm that described client device is legitimate device, and determine when there is IP available address, send
Respond the PADO message of described PADI message to described client device, thus when receiving described client
After the PADR message that end equipment sends based on described PADO message, respond described PADR message, enter
With the session stage of described client device, described client device can be prevented effectively from and occur at session stage
The situation of authentification failure, further, it is also possible to avoid the occurrence of owing to not having what IP available address was caused
Resource reclaim situation, thus reduce the recovery operation of described PPPoE server, and then improve PPPoE service
Device performance.
In another embodiment, after PPPoE server execution of step 203, when PPPoE server
During the configuration information that the domain identifier found and carry in described PADI message mates, it is also possible to first judge described
Whether configuration information exist IP available address, and after determining and there is IP available address, then judge to receive
Whether the interface of described PADI message is legal interface, when being defined as legal interface, sends response described
The PADO message of PADI message to described client device, thus when receive described client device based on
After the PADR message that described PADO message sends, respond described PADR message, enter and described client
The session stage of end equipment.The most concrete judge process may refer to step 204 and step 205, at this not
Repeat again.
Corresponding with the embodiment of above-mentioned a kind of pppoe session method for building up, present invention also provides one
Pppoe session sets up the embodiment of device.
A kind of pppoe session of the application is set up the embodiment of device and can be applied on PPPoE server.Dress
Put embodiment to be realized by software, it is also possible to realize by the way of hardware or software and hardware combining.With
As a example by software realizes, as the device on a logical meaning, it is will by the processor of its place server
Computer program instructions corresponding in nonvolatile memory reads and runs formation in internal memory.From hardware layer
For face, as it is shown on figure 3, set up a kind of hard of device place server for a kind of pppoe session of the application
Part structure chart, except the processor shown in Fig. 3, internal memory, network interface and nonvolatile memory it
Outward, in embodiment, the server at device place generally can also include other hardware, such as responsible process message
Forwarding chip etc.;This server from the point of view of from hardware configuration, it is also possible that distributed server, may wrap
Include multiple interface card, in order to carry out the extension of Message processing at hardware view.
With reference to Fig. 4, it is that a kind of pppoe session shown in the application one exemplary embodiment sets up device
Block diagram, described device can be applied on the PPPoE server shown in earlier figures 3, described PPPoE
The device 400 of session establishment may include that reception unit the 410, first judging unit 420, message send
Unit 430, session establishment unit the 440, second judging unit 450, notification unit 460 and message are ignored
Unit 470.
Seeing Fig. 5, described first judging unit 420 can also include: identifies judgment sub-unit 421, join
Put and check that subelement 422, interface judgment sub-unit 423, first confirm subelement 424 and the second confirmation form
Unit 425.See Fig. 6, described determine that judgment sub-unit 423 can also include: signal judgement module 4231,
Interface judge module 4232, first confirms that module 4233, second confirms that module 4234 and the 3rd confirms mould
Block 4235.
Wherein, receive unit 410, for receiving the PADI message that client device sends;
First judging unit 420, according to described PADI message, it is judged that whether described client device is legal
Equipment;
Packet sending unit 430, when described client device is legitimate device, sends and responds described PADI
The PADO message of message gives described client device;
Session establishment unit 440, sends out based on described PADO message for receiving described client device
After the PADR message sent, respond described PADR message, and enter the session rank with described client device
Section.
Second judging unit 450, for for determining described client device at described first judging unit 420
During for legitimate device, it may be judged whether there is IP available address;
Notification unit 460, for when there is IP available address, notifies described packet sending unit 430
Send the PADO message responding described PADI message to described client device.
Mark judgment sub-unit 421, is used for judging whether carry domain identifier in described PADI message;
Configuration check subelement 422, for determine carry domain identifier time, check whether to preserve and described territory
The configuration information of mark coupling;
Interface judgment sub-unit 423, for determine preserve the configuration information mated with described domain identifier time,
Judge whether the interface receiving described PADI message is legal interface according to described configuration information;
First confirm subelement 424, for determine be legal interface time, confirm described client device for close
Method equipment;
Second confirm subelement 425, for determine be illegal interface time, confirm that described client device is non-
Method equipment.
Signal judgement module 4231, for determine preserve the configuration information mated with described domain identifier time,
Judge whether described configuration information preserves the interface message that described client device is corresponding;
Interface judge module 4232, for determine preserve interface message corresponding to described client device time,
Judge whether the interface receiving described PADI message mates the interface message that described client device is corresponding;
First confirms module 4233, for determine mate interface message corresponding to described client device time,
Confirm that the interface receiving described PADI message is legal interface;
Second confirms module 4234, for determine do not mate interface message corresponding to described client device time,
Confirm that the interface receiving described PADI message is illegal interface;
3rd confirms module 4235, for determine do not preserve interface message corresponding to described client device time,
Confirm that the interface receiving described PADI message is legal interface.
Message ignores unit 470, for when determining that described client device is illegality equipment, ignores described
PADI message.
As seen from the above-described embodiment, PPPoE server is by discovery phase, according to the PADI received
Message judges, confirms that described client device is legitimate device, and determines when there is IP available address,
The PADO message of the transmission described PADI message of response is to described client device, thus ought receive described
After the PADR message that client device sends based on described PADO message, respond described PADR message,
Enter the session stage with described client device, described client device can be prevented effectively from session stage
The situation of authentification failure occurs, equally avoids the occurrence of owing to there is not the resource that IP available address is caused
Recovering state, further, thus is that described PPPoE server reduces unnecessary operation expense, and then
Improve PPPoE server performance.
In said apparatus, the function of unit and the process that realizes of effect specifically refer to corresponding step in said method
Rapid realizes process, does not repeats them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part sees
The part of embodiment of the method illustrates.Device embodiment described above is only schematically, wherein
The described unit illustrated as separating component can be or may not be physically separate, as unit
The parts of display can be or may not be physical location, i.e. may be located at a place, or also may be used
To be distributed on multiple NE.Some or all of module therein can be selected according to the actual needs
Realize the purpose of the application scheme.Those of ordinary skill in the art in the case of not paying creative work,
I.e. it is appreciated that and implements.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all in this Shen
Within spirit please and principle, any modification, equivalent substitution and improvement etc. done, should be included in this Shen
Within the scope of please protecting.
Claims (10)
1. the PPPoE session method for building up on an Ethernet, it is characterised in that described side
Method is applied on PPPoE server, including:
The PPPoE receiving client device transmission is actively discovered initial bag PADI message;
According to described PADI message, it is judged that whether described client device is legitimate device;
When described client device is legitimate device, sends and respond the PPPoE of described PADI message actively
Find to propose that bag PADO message is to described client device;
When receiving the PPPoE active discovery request that described client device sends based on described PADO message
After bag PADR message, respond described PADR message, and enter the session stage with described client device.
Method the most according to claim 1, it is characterised in that be legal setting at described client device
Time standby, described method also includes:
Judge whether IP available address;
When there is IP available address, perform to send the PADO message of the described PADI message of response to described
The step of client device.
Method the most according to claim 1, it is characterised in that described according to described PADI message,
Judge whether described client device is legitimate device, including:
Judge whether described PADI message carries domain identifier;
When carrying domain identifier, check whether to preserve the configuration information mated with described domain identifier;
When preserving the configuration information mated with described domain identifier, judge to receive according to described configuration information
Whether the interface of described PADI message is legal interface;
When being legal interface, confirm that described client device is legitimate device;
When being illegal interface, confirm that described client device is illegality equipment.
Method the most according to claim 3, it is characterised in that described judge according to described configuration information
Whether the interface receiving described PADI message is legal interface, including:
Judge whether described configuration information is preserved the interface message that described client device is corresponding;
When preserving interface message corresponding to described client device, it is judged that receive described PADI message
Whether interface mates the interface message that described client device is corresponding;
When the interface message that the described client device of coupling is corresponding, confirm to receive connecing of described PADI message
Mouth is legal interface;When not mating interface message corresponding to described client device, confirm to receive described
The interface of PADI message is illegal interface;
When not preserving interface message corresponding to described client device, confirm to receive described PADI message
Interface is legal interface.
Method the most according to claim 1, it is characterised in that described method also includes:
When described client device is illegality equipment, ignore described PADI message.
6. a pppoe session sets up device, it is characterised in that described device is applied and serviced at PPPoE
On device, including:
Receive unit, for receiving the PADI message that client device sends;
First judging unit, for according to described PADI message, it is judged that whether described client device is legal
Equipment;
Packet sending unit, for when described client device is legitimate device, sends and responds described PADI
The PADO message of message gives described client device;
Session establishment unit, for when receiving what described client device sent based on described PADO message
After PADR message, respond described PADR message, and enter the session stage with described client device.
Device the most according to claim 6, it is characterised in that described device also includes:
At described first judging unit, second judging unit, for determining that described client device is legitimate device
Time, it may be judged whether there is IP available address;
Notification unit, for when there is IP available address, notifies that described packet sending unit sends response institute
State the PADO message of PADI message to described client device.
Device the most according to claim 6, it is characterised in that described first judging unit, including:
Mark judgment sub-unit, is used for judging whether carry domain identifier in described PADI message;
Configuration check subelement, for determine carry domain identifier time, check whether to preserve and mark with described territory
Know the configuration information of coupling;
Interface judgment sub-unit, for determine preserve the configuration information mated with described domain identifier time, root
Judge whether the interface receiving described PADI message is legal interface according to described configuration information;First confirms son
Unit, for determine be legal interface time, confirm that described client device is legitimate device;
Second confirm subelement, for determine be illegal interface time, confirm that described client device is illegal
Equipment.
Device the most according to claim 8, it is characterised in that described determine judgment sub-unit, including:
Signal judgement module, for determine preserve the configuration information mated with described domain identifier time, it is judged that
Whether described configuration information preserves the interface message that described client device is corresponding;
Interface judge module, for determine preserve interface message corresponding to described client device time, sentence
Disconnecting receives whether the interface of described PADI message mates the interface message that described client device is corresponding;
First confirms module, for determine mate interface message corresponding to described client device time, confirm
The interface receiving described PADI message is legal interface;
Second confirms module, for determine do not mate interface message corresponding to described client device time, really
Recognize that to receive the interface of described PADI message be illegal interface;
3rd confirms module, for determine do not preserve interface message corresponding to described client device time, really
Recognize that to receive the interface of described PADI message be legal interface.
Device the most according to claim 6, it is characterised in that described device also includes:
Message ignores unit, for when determining that described client device is illegality equipment, ignores described PADI
Message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510990532.9A CN105939372B (en) | 2015-12-24 | 2015-12-24 | A kind of pppoe session method for building up and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510990532.9A CN105939372B (en) | 2015-12-24 | 2015-12-24 | A kind of pppoe session method for building up and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105939372A true CN105939372A (en) | 2016-09-14 |
CN105939372B CN105939372B (en) | 2019-04-09 |
Family
ID=57153021
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510990532.9A Active CN105939372B (en) | 2015-12-24 | 2015-12-24 | A kind of pppoe session method for building up and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105939372B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111181900A (en) * | 2018-11-13 | 2020-05-19 | 杭州光启人工智能研究院 | Data message sending and receiving method, storage medium and processor |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101079771A (en) * | 2007-04-03 | 2007-11-28 | 中兴通讯股份有限公司 | A broadband access method based on PPPoE |
CN101197837A (en) * | 2007-12-25 | 2008-06-11 | 华为技术有限公司 | Method and system of Ethernet P2P protocol negotiation authentication mode |
US20100325295A1 (en) * | 2009-06-17 | 2010-12-23 | Takatoshi Kajiwara | Communication apparatus |
CN104301336A (en) * | 2014-11-14 | 2015-01-21 | 深圳市共进电子股份有限公司 | PPPoE access authentication method |
-
2015
- 2015-12-24 CN CN201510990532.9A patent/CN105939372B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101079771A (en) * | 2007-04-03 | 2007-11-28 | 中兴通讯股份有限公司 | A broadband access method based on PPPoE |
CN101197837A (en) * | 2007-12-25 | 2008-06-11 | 华为技术有限公司 | Method and system of Ethernet P2P protocol negotiation authentication mode |
US20100325295A1 (en) * | 2009-06-17 | 2010-12-23 | Takatoshi Kajiwara | Communication apparatus |
CN104301336A (en) * | 2014-11-14 | 2015-01-21 | 深圳市共进电子股份有限公司 | PPPoE access authentication method |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111181900A (en) * | 2018-11-13 | 2020-05-19 | 杭州光启人工智能研究院 | Data message sending and receiving method, storage medium and processor |
CN111181900B (en) * | 2018-11-13 | 2022-04-22 | 深圳光启高等理工研究院 | Data message sending and receiving method, storage medium and processor |
Also Published As
Publication number | Publication date |
---|---|
CN105939372B (en) | 2019-04-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109565500B (en) | On-demand security architecture | |
US8966075B1 (en) | Accessing a policy server from multiple layer two networks | |
US7735129B2 (en) | Firewall device | |
CN101110847B (en) | Method, device and system for obtaining medium access control address | |
US7765309B2 (en) | Wireless provisioning device | |
US9967738B2 (en) | Methods and arrangements for enabling data transmission between a mobile device and a static destination address | |
CN102438028B (en) | A kind of prevent Dynamic Host Configuration Protocol server from cheating method, Apparatus and system | |
CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
WO2015085848A1 (en) | Security authentication method and bidirectional forwarding detection method | |
CN103580980A (en) | Automatic searching and automatic configuration method and device of VN | |
US20110202670A1 (en) | Method, device and system for identifying ip session | |
JP5864598B2 (en) | Method and system for providing service access to a user | |
WO2013056619A1 (en) | Method, idp, sp and system for identity federation | |
CN110474922B (en) | Communication method, PC system and access control router | |
CN103957194B (en) | A kind of procotol IP cut-in methods and access device | |
JP2013522786A (en) | Method for securing access to data or services accessible through a device performing the method and corresponding device | |
CN101945053B (en) | Method and device for transmitting message | |
CN100471167C (en) | Method and apparatus for managing wireless access-in wide-band users | |
CN102752266A (en) | Access control method and equipment thereof | |
CN107046568B (en) | Authentication method and device | |
CN105939372A (en) | PPPoE session establishing method and device | |
JP2010187314A (en) | Network relay apparatus with authentication function, and terminal authentication method employing the same | |
JP4965499B2 (en) | Authentication system, authentication device, communication setting device, and authentication method | |
CN102594808A (en) | System and method for preventing Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) server spoofing | |
US20100100960A1 (en) | System and method for protecting data of network users |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |