CN106878052B - User migration method and device - Google Patents

User migration method and device Download PDF

Info

Publication number
CN106878052B
CN106878052B CN201611193678.1A CN201611193678A CN106878052B CN 106878052 B CN106878052 B CN 106878052B CN 201611193678 A CN201611193678 A CN 201611193678A CN 106878052 B CN106878052 B CN 106878052B
Authority
CN
China
Prior art keywords
user
interface
migrated
migration
destination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611193678.1A
Other languages
Chinese (zh)
Other versions
CN106878052A (en
Inventor
廖以顺
章靠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Information Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201611193678.1A priority Critical patent/CN106878052B/en
Publication of CN106878052A publication Critical patent/CN106878052A/en
Application granted granted Critical
Publication of CN106878052B publication Critical patent/CN106878052B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/148Migration or transfer of sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability

Abstract

The application provides a user migration method and a user migration device, wherein the method comprises the following steps: determining a source interface before migration, a destination interface after migration and a user to be migrated; acquiring the access control attribute, the user information and the forwarding table entry of the user to be migrated; and migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface. By the technical scheme, the online smooth switching of the user is realized, the influence on the use of the user is small, the service interruption time is reduced, the user cannot be forced to be offline due to the switching from the source interface to the destination interface, the authentication process does not need to be executed again, the service experience of the user is improved, and the efficiency and operability of network switching are improved.

Description

User migration method and device
Technical Field
The present application relates to the field of communications technologies, and in particular, to a user migration method and apparatus.
Background
The Authentication system may include a user (or called a user host, an Authentication client, etc.), a gateway device (e.g., a BRAS (Broadband Remote Access Server, etc.), and an Authentication Server (e.g., an AAA (Authentication Authorization Accounting, etc.)) as well as a user terminal (or called a user host, an Authentication client, etc.). The gateway equipment sends the authentication information of the user to an authentication server, and the authentication server completes authentication, authorization and charging of the user. And when the user authentication is passed, the network resource can be accessed through the gateway equipment.
Fig. 1 is a schematic diagram of an authentication system. There is a need for: the user under the switch 4 needs to migrate to the switch 2, that is, the user accesses the network resource through the switch 4, the switch 2 and the gateway device, and does not access the network resource through the switch 4, the switch 1 and the gateway device.
In the conventional manner, the gateway device needs to interrupt the traffic of these users (i.e. the users under the exchange 4) and manually delete the configurations of these users from under the interface P1, thereby triggering the users to re-perform the authentication process, so that the configurations of these users can be maintained under the interface P2 during the re-authentication process.
However, in the above method, the configuration of the user needs to be manually deleted, the workload of the manual work is large, and the user is forced to be offline and re-authenticated, which causes service interruption and affects the service experience of the user.
Disclosure of Invention
The application provides a user migration method, which is applied to gateway equipment and comprises the following steps:
determining a source interface before migration, a destination interface after migration and a user to be migrated;
acquiring the access control attribute, the user information and the forwarding table entry of the user to be migrated;
and migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface.
The application provides a user migration device, is applied to gateway equipment, the device includes:
the determining module is used for determining a source interface before migration, a destination interface after migration and a user to be migrated;
the acquisition module is used for acquiring the access control attribute, the user information and the forwarding table entry of the user to be migrated;
and the migration module is used for migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface.
Based on the technical scheme, in the embodiment of the application, when a user needs to be migrated from a source interface to a destination interface, the access control attribute can be automatically migrated from the source interface to the destination interface, the user information can be migrated from the source interface to the destination interface, and the forwarding table entry can be migrated from the source interface to the destination interface, so that online smooth switching of the user is realized, the influence on the use of the user is small, the service interruption time is reduced, the user cannot be forced to go offline due to switching from the source interface to the destination interface, the authentication process does not need to be executed again, the service experience of the user is improved, the efficiency and operability of network switching are improved, and great convenience is brought to operation and maintenance.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present application or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a schematic diagram of an authentication system;
FIG. 2 is a flow chart of a user migration method in one embodiment of the present application;
FIG. 3 is a diagram of a hardware configuration of a gateway device in one embodiment of the present application;
fig. 4 is a block diagram of a user migration apparatus according to an embodiment of the present application.
Detailed Description
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
An embodiment of the present application provides a user migration method, where the method may be applied to a gateway device (such as a BRAS, etc.), and refer to fig. 2, where the method is a flowchart of the user migration method, and the method may include:
step 201, determining a source interface before migration, a destination interface after migration, and a user to be migrated.
In one example, the process for determining the source interface before migration and the destination interface after migration may include: receiving a migration command, wherein the migration command can comprise a source interface before migration and a destination interface after migration; and analyzing a source interface before migration and a destination interface after migration from the migration command. In addition, for the process of "determining users to be migrated", the process may include: the user accessed through the source interface can be directly determined as the user to be migrated; or, if the migration command further includes a user access attribute, a user accessed through the source interface and matched with the user access attribute may be determined as a user to be migrated.
As shown in fig. 1, assuming that all users under the switch 4 need to migrate to the switch 2, that is, users access network resources through the switch 4, the switch 2 and the gateway device, and no longer access network resources through the switch 4, the switch 1 and the gateway device, a migration command may be issued up and down on the gateway device, so that the gateway device is instructed to migrate all users under the switch 4 to the switch 2 through the migration command.
In one example, the migration command may include a source interface before migration (e.g., interface P1), a destination interface after migration (e.g., interface P2), and the migration command may be relocation port _ P1 to port _ P2. After receiving the migration command, the gateway device may parse the migration command to obtain an interface P1 as a source interface before migration and an interface P2 as a destination interface after migration. Furthermore, the gateway device may also determine all users under interface P1 (e.g., all users in user group 1 and user group 2) as users to be migrated.
In another example, the migration command may include a source interface before migration (e.g., interface P1), a destination interface after migration (e.g., interface P2), a user access attribute (e.g., a VLAN (Virtual Local Area Network) attribute, a domain attribute, a logical subinterface attribute, etc., although the user access attribute is not limited to these types, and the type of the user access attribute is not limited in detail), for example, the migration command may be relocation port _ P1[ VLAN10, domain _1] port _ P2. After receiving the migration command, the gateway device may parse the migration command to obtain an interface P1 as a source interface before migration and an interface P2 as a destination interface after migration. Furthermore, the gateway device may also determine the user under the interface P1 that matches the user access attribute (e.g., VLAN10, domain _1, etc.) as the user to be migrated.
By carrying the user access attribute in the migration command, the gateway device may determine a specific user as a user to be migrated, instead of determining all users under the interface P1 as users to be migrated. For example, assuming that the user under the switch 4 (i.e., the user in the user group 2) corresponds to the VLAN10, and the user under the switch 3 corresponds to the VLAN60, the user access attribute VLAN10 is carried in the migration command, so that the gateway device determines the user under the interface P1 that matches the VLAN10 as the user to be migrated, thereby determining all the users in the user group 2 as the user to be migrated, and not determining the user in the user group 1 as the user to be migrated. For another example, by carrying domain _1 in the migration command, the gateway device may determine the user in domain _1 as the user to be migrated, and so on, and the function of accessing the attribute to the user is not described again.
In one example, for a large number of online users existing on the gateway device, the gateway device may query users to be migrated (i.e., users under interface P1/interface P1 that match the user access attribute) from these online users, and for this query process, the following processes of the embodiments of the present application are explained.
Step 202, obtaining the access control attribute, the user information and the forwarding table entry of the user to be migrated.
Step 203, migrating the access control attribute, user information and forwarding table of the user to be migrated from the source interface to the destination interface. The following describes migration of access control attributes, user information, and forwarding table entries.
1. And migrating the access control attribute of the user to be migrated from the source interface to the destination interface.
In one example, the process for "migrating the access control attribute of the user to be migrated from the source interface to the destination interface" may include: if the access control attribute does not correspond to the logical subinterface, directly recording the mapping relation between the access control attribute and the destination interface, and deleting the mapping relation between the access control attribute and the source interface. Or, if the access control attribute corresponds to a logical subinterface, determining whether the destination interface includes the logical subinterface. If yes, recording the mapping relation of the access control attribute, the destination interface and the logic sub-interface, if not, creating the logic sub-interface under the destination interface, and recording the mapping relation of the access control attribute, the destination interface and the currently created logic sub-interface. Furthermore, the mapping relationship among the access control attribute, the source interface and the logical subinterface can be deleted.
In one example, the access control attribute may include, but is not limited to, one or any combination of the following: VLAN attributes, VT (virtualization) attributes, IP segment attributes, etc. Of course, the access control attribute is not limited to these types, and the type of the access control attribute is not limited in detail. For convenience of description, the following description will take the example that the access control attribute includes a VLAN attribute, a VT attribute, and an IP segment attribute.
In an example, as shown in table 1, as an example of the access control attribute not corresponding to the logical subinterface, based on the interface P1 and the user access attribute (such as VLAN10) in the migration command, the gateway device may determine that the access control attribute of the user to be migrated is VLAN10, VT10, and IP segment X, and therefore, the gateway device may record the mapping relationship between VLAN10, VT10, IP segment X and interface P2, and delete the mapping relationship between VLAN10, VT10, IP segment X and interface P1, as shown in table 2.
TABLE 1
Figure BDA0001187695860000051
TABLE 2
Figure BDA0001187695860000052
In another example, as shown in table 3, an example of the access control attribute of the corresponding logical subinterface is shown, and the destination interface includes the logical subinterface. Based on the interface P1 and the user access attribute (such as VLAN10) in the migration command, the gateway device may determine that the access control attribute of the user to be migrated is VLAN10, VT10, and IP segment X, and therefore, the gateway device may record the mapping relationships between VLAN10, VT10, IP segment X and interface P2, and logical subinterface 10, and may delete the mapping relationships between VLAN10, VT10, IP segment X and interface P1, and logical subinterface 10, as shown in table 4.
TABLE 3
Figure BDA0001187695860000061
TABLE 4
Figure BDA0001187695860000062
In another example, as shown in table 5, an example of access control attributes of a corresponding logical subinterface is shown, and the destination interface does not include the logical subinterface. Based on the interface P1 and the user access attribute (e.g., VLAN10) in the migration command, the gateway device may determine that the access control attribute of the user to be migrated is VLAN10, VT10, and IP segment X, and the access control attribute may correspond to the logical subinterface 10, so the gateway device may create the logical subinterface 10 under the interface P2, record the mapping relationships between VLAN10, VT10, and IP segment X and the interface P2, and the logical subinterface 10, and delete the mapping relationships between VLAN10, VT10, and IP segment X and the interface P1, and the logical subinterface 10, as shown in table 6.
TABLE 5
Figure BDA0001187695860000063
TABLE 6
Figure BDA0001187695860000064
Figure BDA0001187695860000071
2. And migrating the user information of the user to be migrated from the source interface to the destination interface.
In one example, the process for "migrating the user information of the user to be migrated from the source interface to the destination interface" may include: and modifying the access interface corresponding to the user to be migrated from the source interface to the destination interface. Moreover, the interface attribute corresponding to the user to be migrated can be modified from the interface attribute corresponding to the source interface to the interface attribute corresponding to the destination interface; and/or modifying the interface resource corresponding to the user to be migrated from the interface resource corresponding to the source interface to the interface resource corresponding to the destination interface.
An online user table shown in table 7 may be maintained on the gateway device, where the online user table is used to record user information of an online user, and the user information may include, but is not limited to, one or any combination of the following: user name, domain name, VLAN attributes, VT attributes, access interface, logical subinterface, interface attributes, interface resources, etc. Of course, the user information is only an example of the present application, and in the embodiment of the present application, the user information is not limited to these types, and the type of the user information is not limited in detail.
TABLE 7
User name Domain name VLAN attributes VT genusProperty of (2) Access interface Logical subinterface Interface attributes Interface resource
AAA domain_1 VLAN10 VT10 Interface P1 Logical subinterface 10 0x01000a 0x111110
BBB domain_1 VLAN60 VT30 Interface P1 Logical subinterface 6 0x01000b 0x111110
CCC domain_1 VLAN200 VT50 Interface P2 Logical subinterface 8 0x02000c 0x211110
In an example, for a process "the gateway device queries the user to be migrated from the online users" in step 201, the gateway device may obtain the user to be migrated by querying the online user table. For example, the gateway device may query the online user table based on the information of the interface P1, the user access attribute (e.g., VLAN10), and the like in the migration command, so as to obtain that the user to be migrated is "user AAA".
In one example, for the "user AAA to be migrated", the gateway device may modify the access interface corresponding to the user AAA to be migrated from the interface P1 (source interface) to the interface P2 (destination interface). The gateway device can modify the interface attribute corresponding to the user AAA to be migrated from the interface attribute (0x01000a) corresponding to the interface P1 to the interface attribute (0x02000a) corresponding to the interface P2; the interface attribute is an attribute that an interface has, and the interface attributes of different interfaces are different, for example, the interface attribute may be ifIndex (interface index), and the type of the interface attribute is not limited. The gateway device may modify the interface resource corresponding to the AAA to be migrated from the interface resource corresponding to the interface P1 to the interface resource corresponding to the interface P2; the interface resources are resource attributes of the interfaces, and the interface resources of different interfaces are different, for example, the interface resources may include a speed limit policy, a QoS policy, a bandwidth usage policy, an access policy, and the like, and the types of the interface resources are not limited.
Wherein the gateway device may be modified in the online user table shown in table 7 for access interfaces and interface attributes. For the interface resource, the gateway device modifies the interface resource corresponding to the user AAA to be migrated from the interface resource corresponding to the interface P1 to the interface resource corresponding to the interface P2, and modifies the resource index (e.g., 0x111110, 0x211110, etc.) corresponding to the user AAA to be migrated in the online user table shown in table 7, and finds the interface resource corresponding to the user AAA to be migrated according to the resource index.
As shown in table 8, is an example of an online user table modified in the manner described above.
TABLE 8
User name Domain name VLAN attributes VT attributes Access interface Logical subinterface Interface attributes Interface resource
AAA domain_1 VLAN10 VT10 Interface P2 Logical subinterface 10 0x02000a 0x211110
BBB domain_1 VLAN60 VT30 Interface P1 Logical subinterface 6 0x01000b 0x111110
CCC domain_1 VLAN200 VT50 Interface P2 Logical subinterface 8 0x02000c 0x211110
3. And migrating the forwarding table entry of the user to be migrated from the source interface to the destination interface.
In an example, the process for "migrating the forwarding table entry of the user to be migrated from the source interface to the destination interface" may include: determining address information (such as a Media Access Control (MAC) address and/or an IP address) of a user to be migrated, querying a forwarding table entry through the address information, obtaining an egress interface corresponding to the address information, and modifying the egress interface from the source interface to the destination interface.
The online user tables shown in tables 7 and 8 may further include address information corresponding to the user to be migrated (the address information is not shown in tables 7 and 8), so that after the user to be migrated is determined to be "user AAA", the address information of the user to be migrated AAA may be analyzed from the online user table.
Taking the address information as an IP address as an example, as shown in table 9, the address information is an example of a forwarding table entry. Assuming that the address information of the AAA to be migrated is the IP address 10.1.1.2/32, the outbound interface corresponding to the IP address 10.1.1.2/32 may be modified from the source interface (interface P1) to the destination interface (interface P2), as shown in table 10.
TABLE 9
Destination IP address Next hop address Sign (sign) Outlet interface Label (R)
10.1.1.2/32 10.1.1.1 UDGH Interface P1 Null
Watch 10
Destination IP address Next hop address Sign (sign) Outlet interface Label (R)
10.1.1.2/32 10.1.1.1 UDGH Interface P2 Null
In one example, the authentication server typically charges based on the access interface of the user when charging the user, and therefore, after the user to be migrated migrates from the source interface to the destination interface, the charging information may change, and cause a charging error. Based on this, before migrating the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface, the gateway device may further send a charging update message for the user to be migrated to the authentication server, where the charging update message may carry information of the source interface, so that the authentication server performs charging using the charging update message. Of course, the charging update message may also carry other information, such as a user name, online time, and used traffic of the user to be migrated, which is not limited to this. Based on the information, the authentication server can complete the charging of the user to be migrated at the source interface.
Further, after the access control attribute, the user information, and the forwarding table of the user to be migrated are migrated from the source interface to the destination interface, the gateway device may also carry the information of the destination interface, the user name, the online time, the used traffic, and other contents in the charging update message sent to the authentication server, so that the authentication server may complete the charging of the user to be migrated at the destination interface.
Considering that the authentication server also needs to maintain the user information, and the user information includes the access interface, before migrating the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface, the gateway device may further send an interface update message for the user to be migrated to the authentication server, where the interface update message carries the information of the source interface and the information of the destination interface, and the authentication server modifies the access interface of the user to be migrated from the source interface to the destination interface. Certainly, the interface update message may also carry other information, such as the user name, MAC address, IP address, domain, login time, etc. of the user to be migrated.
In addition, considering that a DHCP (Dynamic Host Configuration Protocol) server also needs to maintain user information, and the user information includes an access interface, before migrating an access control attribute, user information, and a forwarding table entry of a user to be migrated from a source interface to a destination interface, the gateway device may further send an interface update message for the user to be migrated to the DHCP server, where the interface update message carries information of the source interface and information of the destination interface, so that the DHCP server modifies the access interface of the user to be migrated from the source interface to the destination interface. Certainly, the interface update message may also carry other information, such as a user name, an MAC address, an IP address, domain, lease, and the like of the user to be migrated.
In one example, the number of the users to be migrated may be one or more than one, in order to distinguish which users to be migrated have completed migration and which users to be migrated have not completed migration, after all the users to be migrated are determined, a user table to be migrated is also maintained, and a correspondence between each user to be migrated and a migration flag is recorded in the user table to be migrated, where a migration flag corresponding to each user to be migrated includes a first identifier, and the first identifier indicates that migration has not been completed. Based on this, the user to be migrated marked with the first identifier can be selected from the user table to be migrated, the process of migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface is executed, the migration mark of the user to be migrated is modified into the second identifier, and the second identifier indicates that the migration is completed. Judging whether a user to be migrated marked as a first identifier exists in a user table to be migrated or not; if yes, continuing to execute the process of selecting the user to be migrated marked as the first identification from the user table to be migrated; if not, determining that all users to be migrated have completed the migration.
Further, before modifying the migration flag of the user to be migrated to the second flag, a request message for the user to be migrated may be sent to the authentication server, where the request message carries information of the destination interface, and if a response message returned by the authentication server is received, it is determined that the user to be migrated has successfully completed migration, and a process of modifying the migration flag of the user to be migrated to the second flag is performed.
The user table to be migrated may be as shown in table 11, where the user table to be migrated records a correspondence between a user name of the user to be migrated, a source interface before migration, a destination interface after migration, and a migration flag. And the migration mark of each user to be migrated is no, which indicates that the user to be migrated does not complete the migration.
TABLE 11
Figure BDA0001187695860000101
Figure BDA0001187695860000111
Firstly, the user to be migrated "AAA 1" marked as no for migration is selected from the user table to be migrated, and the process of migrating the access control attribute, user information, and forwarding table entry of the user to be migrated "AAA 1" from the source interface to the destination interface is executed. The table of users to be migrated may also be as shown in table 12, where a value of 0 indicates that the corresponding content has not been migrated. Based on this, a migration command is sent to the control module 1 with the access control attribute, so that the control module 1 migrates the access control attribute of the user "AAA 1" to be migrated from the source interface to the destination interface, and when a successful response of the control module 1 is received, the access control attribute corresponding to the user "AAA 1" to be migrated is modified to 1, which indicates that the access control attribute has completed migration, as shown in table 13. Then, a migration command is sent to the control module 2 of the user information, so that the control module 2 migrates the user information of the user "AAA 1" to be migrated from the source interface to the destination interface, and when a successful response of the control module 2 is received, the user information corresponding to the user "AAA 1" to be migrated is modified to 1, which indicates that the user information has been migrated, as shown in table 13. Then, a migration command is sent to the control module 3 of the forwarding table entry, so that the control module 3 migrates the forwarding table entry of the user "AAA 1" to be migrated from the source interface to the destination interface, and when a successful response of the control module 3 is received, the forwarding table entry corresponding to the user "AAA 1" to be migrated is modified to 1, which indicates that the forwarding table entry has been migrated, as shown in table 13. In this way, when the access control attribute, the user information, and the forwarding table entry corresponding to the user "AAA 1" to be migrated are all 1, it indicates that the migration is completed.
TABLE 12
Figure BDA0001187695860000112
Watch 13
Figure BDA0001187695860000113
After the user "AAA 1" to be migrated is migrated, a request message (e.g., an accounting request message) for the user "AAA 1" to be migrated may be sent to the authentication server, where the request message carries information of the destination interface P2. After receiving the request message, the authentication server returns a response message to the gateway device if finding that the user "AAA 1" has indeed migrated to the interface P2. If the gateway device receives the response message returned by the authentication server, it is determined that the user "AAA 1" to be migrated has successfully completed the migration, and the migration flag of the user "AAA 1" to be migrated is modified to be yes, which indicates that the user has completed the migration.
And then, selecting the user to be migrated with the migration flag of "AAA 2" from the user table to be migrated, wherein the processing process is the same as that of the user to be migrated of "AAA 1", which is not described herein again, and so on.
In an example, for the above process of determining that the "user to be migrated" AAA1 "is migrated completely, after receiving the response message for the charging update message and the response message for the interface update message, the gateway device determines that the" user to be migrated "AAA 1" is migrated completely, and sends a request message for the user to be migrated "AAA 1" to the authentication server, where the request message carries information of the destination interface P2.
Based on the technical scheme, in the embodiment of the application, when a user needs to be migrated from a source interface to a destination interface, the access control attribute can be automatically migrated from the source interface to the destination interface, the user information can be migrated from the source interface to the destination interface, and the forwarding table entry can be migrated from the source interface to the destination interface, so that online smooth switching of the user is realized, the influence on the use of the user is small, the service interruption time is reduced, the user cannot be forced to go offline due to switching from the source interface to the destination interface, the authentication process does not need to be executed again, the service experience of the user is improved, the efficiency and operability of network switching are improved, and great convenience is brought to operation and maintenance.
Based on the same application concept as the method, the embodiment of the application also provides a user migration device, and the user migration device is applied to the gateway equipment. The user migration apparatus may be implemented by software, or may be implemented by hardware, or a combination of hardware and software. Taking a software implementation as an example, as a logical means, the device is formed by reading a corresponding computer program instruction in the nonvolatile memory through a processor of the gateway device where the device is located. From a hardware aspect, as shown in fig. 3, for a hardware structure diagram of a gateway device where a user migration apparatus provided by the present application is located, in addition to the processor and the nonvolatile memory shown in fig. 3, the gateway device may further include other hardware, such as a forwarding chip, a network interface, and a memory, which are responsible for processing a packet; in terms of hardware structure, the gateway device may also be a distributed device, and may include a plurality of interface cards, so as to perform extension of message processing at a hardware level.
As shown in fig. 4, a structure diagram of a user migration apparatus proposed by the present application includes:
the determining module 11 is configured to determine a source interface before migration, a destination interface after migration, and a user to be migrated; an obtaining module 12, configured to obtain an access control attribute, user information, and a forwarding table entry of the user to be migrated; a migration module 13, configured to migrate the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface.
In an example, the determining module 11 is specifically configured to receive a migration command in a process of determining a source interface before migration, a destination interface after migration, and a user to be migrated, where the migration command includes the source interface before migration and the destination interface after migration, and analyze the source interface before migration and the destination interface after migration from the migration command; and determining the user accessed through the source interface as the user to be migrated, or determining the user accessed through the source interface and matched with the user access attribute as the user to be migrated if the migration command further comprises the user access attribute.
In an example, the migration module 13 is specifically configured to, in a process of migrating the access control attribute of the user to be migrated from the source interface to the destination interface, record a mapping relationship between the access control attribute and the destination interface if the access control attribute does not correspond to a logical subinterface, and delete the mapping relationship between the access control attribute and the source interface;
if the access control attribute corresponds to a logic sub-interface, judging whether the target interface comprises the logic sub-interface; if yes, recording the mapping relation among the access control attribute, the destination interface and the logic sub-interface, if not, creating the logic sub-interface under the destination interface, and recording the mapping relation among the access control attribute, the destination interface and the currently created logic sub-interface; and deleting the mapping relation among the access control attribute, the source interface and the logic subinterface.
In an example, the migration module 13 is specifically configured to modify, in a process of migrating the user information of the user to be migrated from the source interface to the destination interface, an access interface corresponding to the user to be migrated from the source interface to the destination interface;
modifying the interface attribute corresponding to the user to be migrated from the interface attribute corresponding to the source interface to the interface attribute corresponding to the destination interface; and/or modifying the interface resource corresponding to the user to be migrated from the interface resource corresponding to the source interface to the interface resource corresponding to the destination interface.
In an example, the migration module 13 is specifically configured to determine address information of the user to be migrated in a process of migrating the forwarding entry of the user to be migrated from the source interface to the destination interface; inquiring a forwarding table item through the address information to obtain an output interface corresponding to the address information; modifying the outbound interface from the source interface to the destination interface.
In one example, the user migration apparatus further comprises (not shown): a sending module, configured to send a charging update message for the user to be migrated to an authentication server before the migration module 13 migrates the access control attribute, the user information, and the forwarding entry of the user to be migrated from the source interface to the destination interface, where the charging update message carries information of the source interface, so that the authentication server charges by using the charging update message; and/or sending an interface update message aiming at the user to be migrated to the authentication server and/or the Dynamic Host Configuration Protocol (DHCP) server, wherein the interface update message carries the information of a source interface and the information of a destination interface.
In an example, the determining module 11 is further configured to, after determining the users to be migrated, record, in the user table to be migrated, a corresponding relationship between each user to be migrated and a migration flag if the number of the determined users to be migrated is one or more than one, where the migration flag corresponding to each user to be migrated includes a first identifier, and the first identifier indicates that migration is not completed;
the obtaining module 12 is further configured to select a user to be migrated marked as a first identifier from the user table to be migrated; the migration module 13 is further configured to migrate the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface, and modify the migration flag of the user to be migrated into a second flag, where the second flag indicates that the migration has been completed; the determining module 11 is further configured to determine whether there is a user to be migrated marked as a first identifier in the user table to be migrated; if not, determining that all users to be migrated have completed migration; if yes, the obtaining module 12 selects the user to be migrated marked as the first identifier from the user table to be migrated;
the determining module 11 is further configured to send a request message for the user to be migrated to an authentication server before the migration module 13 modifies the migration flag of the user to be migrated to the second identifier, where the request message carries information of the destination interface, and if a response message returned by the authentication server is received, it is determined that the user to be migrated has successfully completed migration.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (which may include, but is not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (12)

1. A user migration method is applied to gateway equipment, and is characterized in that the method comprises the following steps:
determining a source interface before migration, a destination interface after migration and a user to be migrated;
acquiring the access control attribute, the user information and the forwarding table entry of the user to be migrated;
migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface;
the process of migrating the access control attribute of the user to be migrated from the source interface to the destination interface specifically includes: if the access control attribute does not correspond to the logic sub-interface, recording the mapping relation between the access control attribute and the destination interface, and deleting the mapping relation between the access control attribute and the source interface; if the access control attribute corresponds to a logic sub-interface, judging whether the target interface comprises the logic sub-interface; if yes, recording the mapping relation among the access control attribute, the destination interface and the logic sub-interface, if not, creating the logic sub-interface under the destination interface, and recording the mapping relation among the access control attribute, the destination interface and the currently created logic sub-interface; and deleting the mapping relation among the access control attribute, the source interface and the logic subinterface.
2. The method according to claim 1, wherein the process of determining the source interface before migration, the destination interface after migration, and the user to be migrated specifically includes:
receiving a migration command, wherein the migration command comprises a source interface before migration and a destination interface after migration;
analyzing the source interface before the migration and the target interface after the migration from the migration command;
determining the user accessed through the source interface as a user to be migrated; alternatively, the first and second electrodes may be,
and if the migration command further comprises a user access attribute, determining the user which is accessed through the source interface and is matched with the user access attribute as the user to be migrated.
3. The method according to claim 1, wherein the process of migrating the user information of the user to be migrated from the source interface to the destination interface specifically includes:
modifying the access interface corresponding to the user to be migrated from the source interface to the destination interface;
modifying the interface attribute corresponding to the user to be migrated from the interface attribute corresponding to the source interface to the interface attribute corresponding to the destination interface; and/or modifying the interface resource corresponding to the user to be migrated from the interface resource corresponding to the source interface to the interface resource corresponding to the destination interface.
4. The method according to claim 1, wherein the process of migrating the forwarding entry of the user to be migrated from the source interface to the destination interface specifically includes:
determining the address information of the user to be migrated;
inquiring a forwarding table item through the address information to obtain an output interface corresponding to the address information;
modifying the outbound interface from the source interface to the destination interface.
5. The method of claim 1,
before the migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface, the method further includes:
sending a charging updating message aiming at the user to be migrated to an authentication server, wherein the charging updating message carries the information of the source interface, so that the authentication server charges by using the charging updating message; and/or sending an interface updating message aiming at the user to be migrated to an authentication server and/or a Dynamic Host Configuration Protocol (DHCP) server, wherein the interface updating message carries the information of a source interface and the information of a destination interface.
6. The method according to any one of claims 1 to 5, wherein after determining the users to be migrated, if the determined number of users to be migrated is one or more, the method further comprises:
recording the corresponding relation between each user to be migrated and a migration mark in a user table to be migrated, wherein the migration mark corresponding to each user to be migrated comprises a first identifier which indicates that migration is not completed;
selecting a user to be migrated marked as a first identifier from the user table to be migrated, executing a process of migrating an access control attribute, user information and a forwarding table item of the user to be migrated from the source interface to the destination interface, and modifying the migration mark of the user to be migrated into a second identifier, wherein the second identifier represents that the migration is completed;
judging whether a user to be migrated marked as a first identifier exists in the user table to be migrated or not;
if yes, executing a process of selecting the user to be migrated marked as the first identification from the user table to be migrated; if not, determining that all users to be migrated have completed the migration.
7. The method of claim 6,
before the modifying the migration flag of the user to be migrated to the second identifier, the method further includes:
and sending a request message aiming at the user to be migrated to an authentication server, wherein the request message carries the information of the target interface, if a response message returned by the authentication server is received, determining that the user to be migrated has successfully completed migration, and executing a process of modifying the migration mark of the user to be migrated into a second mark.
8. A user migration apparatus applied to a gateway device, the apparatus comprising:
the determining module is used for determining a source interface before migration, a destination interface after migration and a user to be migrated;
the acquisition module is used for acquiring the access control attribute, the user information and the forwarding table entry of the user to be migrated;
a migration module, configured to migrate the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface;
the migration module is specifically configured to, in a process of migrating the access control attribute of the user to be migrated from the source interface to the destination interface, record a mapping relationship between the access control attribute and the destination interface if the access control attribute does not correspond to the logical subinterface, and delete the mapping relationship between the access control attribute and the source interface; if the access control attribute corresponds to a logic sub-interface, judging whether the target interface comprises the logic sub-interface; if yes, recording the mapping relation among the access control attribute, the destination interface and the logic sub-interface, if not, creating the logic sub-interface under the destination interface, and recording the mapping relation among the access control attribute, the destination interface and the currently created logic sub-interface; and deleting the mapping relation among the access control attribute, the source interface and the logic subinterface.
9. The apparatus according to claim 8, wherein the determining module is specifically configured to receive a migration command in a process of determining a source interface before migration, a destination interface after migration, and a user to be migrated, where the migration command includes the source interface before migration and the destination interface after migration, and the source interface before migration and the destination interface after migration are analyzed from the migration command; and determining the user accessed through the source interface as the user to be migrated, or determining the user accessed through the source interface and matched with the user access attribute as the user to be migrated if the migration command further comprises the user access attribute.
10. The apparatus of claim 8,
the migration module is specifically configured to modify an access interface corresponding to the user to be migrated from the source interface to the destination interface in a process of migrating the user information of the user to be migrated from the source interface to the destination interface; modifying the interface attribute corresponding to the user to be migrated from the interface attribute corresponding to the source interface to the interface attribute corresponding to the destination interface; and/or modifying the interface resource corresponding to the user to be migrated from the interface resource corresponding to the source interface to the interface resource corresponding to the destination interface;
determining address information of the user to be migrated in the process of migrating the forwarding table entry of the user to be migrated from the source interface to the destination interface; inquiring a forwarding table item through the address information to obtain an output interface corresponding to the address information; modifying the outbound interface from the source interface to the destination interface.
11. The apparatus of claim 8, further comprising:
a sending module, configured to send a charging update message for the user to be migrated to an authentication server before the migration module migrates the access control attribute, the user information, and the forwarding entry of the user to be migrated from the source interface to the destination interface, where the charging update message carries information of the source interface, so that the authentication server charges by using the charging update message; and/or sending an interface update message aiming at the user to be migrated to the authentication server and/or the Dynamic Host Configuration Protocol (DHCP) server, wherein the interface update message carries the information of a source interface and the information of a destination interface.
12. The apparatus according to any one of claims 8 to 11, wherein the determining module is further configured to, after determining the users to be migrated, if the determined number of the users to be migrated is one or more than one, record a corresponding relationship between each user to be migrated and a migration flag in the user table to be migrated, where a migration flag corresponding to each user to be migrated includes a first identifier, and the first identifier indicates that migration is not completed;
the obtaining module is further configured to select a user to be migrated marked as a first identifier from the user table to be migrated; the migration module is further configured to migrate the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface, and modify the migration flag of the user to be migrated into a second flag, where the second flag indicates that the migration has been completed;
the determining module is further configured to determine whether a user to be migrated marked as a first identifier exists in the user table to be migrated; if not, determining that all users to be migrated have completed migration; if yes, the obtaining module selects the user to be migrated marked as the first identifier from the user table to be migrated;
the determining module is further configured to send a request message for the user to be migrated to an authentication server before the migration module modifies the migration flag of the user to be migrated to the second identifier, where the request message carries information of the destination interface, and if a response message returned by the authentication server is received, it is determined that the user to be migrated has successfully completed migration.
CN201611193678.1A 2016-12-21 2016-12-21 User migration method and device Active CN106878052B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611193678.1A CN106878052B (en) 2016-12-21 2016-12-21 User migration method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611193678.1A CN106878052B (en) 2016-12-21 2016-12-21 User migration method and device

Publications (2)

Publication Number Publication Date
CN106878052A CN106878052A (en) 2017-06-20
CN106878052B true CN106878052B (en) 2020-04-03

Family

ID=59163870

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611193678.1A Active CN106878052B (en) 2016-12-21 2016-12-21 User migration method and device

Country Status (1)

Country Link
CN (1) CN106878052B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109189549A (en) * 2018-08-01 2019-01-11 新华三技术有限公司 Virtual machine migration method and device
CN109344100A (en) * 2018-08-17 2019-02-15 北京奇虎科技有限公司 A kind of method and device of auxiliary system interface shift
CN112714011B (en) * 2020-12-15 2023-06-02 贝壳技术有限公司 Distribution information configuration method, device, electronic equipment and storage medium
CN113360184A (en) * 2021-06-04 2021-09-07 曙光信息产业(北京)有限公司 Software migration method and device among multiple ecosystems, computer equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143138A (en) * 2010-09-15 2011-08-03 华为技术有限公司 Method and device for configuring virtual local area network (VLAN) in live migration process of virtual machine
CN102394831A (en) * 2011-11-28 2012-03-28 杭州华三通信技术有限公司 Flow uninterruptible method and device based on virtual machine VM (virtual memory) migration
CN103201721A (en) * 2012-08-29 2013-07-10 华为技术有限公司 Virtual machine thermal migration system and method
CN103607430A (en) * 2013-10-30 2014-02-26 中兴通讯股份有限公司 Network processing method and system, and network control center
CN103812823A (en) * 2012-11-07 2014-05-21 华为技术有限公司 Method, device and system for configuration information migration in thermal migration of virtual machine
CN104348637A (en) * 2013-07-26 2015-02-11 中国科学院声学研究所 Method for maintaining TCP connection in fault switching
CN105591807A (en) * 2015-10-10 2016-05-18 杭州华三通信技术有限公司 Interface configuration migration method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457439B (en) * 2011-12-07 2014-05-28 中标软件有限公司 Virtual switching system and method of cloud computing system
CN102821023B (en) * 2012-08-07 2016-12-21 杭州华三通信技术有限公司 A kind of method and device of VLAN configuration dynamic migration
CN103227843B (en) * 2012-08-31 2016-05-04 杭州华三通信技术有限公司 A kind of physical link address management method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143138A (en) * 2010-09-15 2011-08-03 华为技术有限公司 Method and device for configuring virtual local area network (VLAN) in live migration process of virtual machine
CN102394831A (en) * 2011-11-28 2012-03-28 杭州华三通信技术有限公司 Flow uninterruptible method and device based on virtual machine VM (virtual memory) migration
CN103201721A (en) * 2012-08-29 2013-07-10 华为技术有限公司 Virtual machine thermal migration system and method
CN103812823A (en) * 2012-11-07 2014-05-21 华为技术有限公司 Method, device and system for configuration information migration in thermal migration of virtual machine
CN104348637A (en) * 2013-07-26 2015-02-11 中国科学院声学研究所 Method for maintaining TCP connection in fault switching
CN103607430A (en) * 2013-10-30 2014-02-26 中兴通讯股份有限公司 Network processing method and system, and network control center
CN105591807A (en) * 2015-10-10 2016-05-18 杭州华三通信技术有限公司 Interface configuration migration method and device

Also Published As

Publication number Publication date
CN106878052A (en) 2017-06-20

Similar Documents

Publication Publication Date Title
CN108632074B (en) Service configuration file issuing method and device
CN108667695B (en) Backup method and device for BRAS transfer control separation
CN109981493B (en) Method and device for configuring virtual machine network
CN106878052B (en) User migration method and device
EP3461072B1 (en) Access control in a vxlan
KR101857511B1 (en) Method and apparatus for determining virtual machine migration
CN108737224B (en) Message processing method and device based on micro-service architecture
CN106878199B (en) Configuration method and device of access information
EP3614650B1 (en) Separation of forwarding plane and control plane of cgn
EP3451592B1 (en) Packet transmission between vxlan domains
CN108667575B (en) Backup method and device for BRAS transfer control separation
CN106878084B (en) Authority control method and device
CN106506515B (en) Authentication method and device
CN109714239B (en) Management message issuing method, VNFM (virtual network management frequency) equipment and server
CN108259218B (en) IP address allocation method and device
CN108234422B (en) Resource scheduling method and device
CN103795622A (en) Message forwarding method and device using same
CN111327651A (en) Resource downloading method, device, edge node and storage medium
US11050661B2 (en) Creating an aggregation group
US11743258B2 (en) Access authenticating
CN107547400B (en) Virtual machine migration method and device
CN105049546B (en) A kind of Dynamic Host Configuration Protocol server is the method and device of client distribution IP address
CN108781189B (en) Load balancing method and related equipment
CN111262771B (en) Virtual private cloud communication system, system configuration method and controller
CN108023774B (en) Cross-gateway migration method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230616

Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466

Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right