CN106878052B - User migration method and device - Google Patents
User migration method and device Download PDFInfo
- Publication number
- CN106878052B CN106878052B CN201611193678.1A CN201611193678A CN106878052B CN 106878052 B CN106878052 B CN 106878052B CN 201611193678 A CN201611193678 A CN 201611193678A CN 106878052 B CN106878052 B CN 106878052B
- Authority
- CN
- China
- Prior art keywords
- user
- interface
- migrated
- migration
- destination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/148—Migration or transfer of sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
Abstract
The application provides a user migration method and a user migration device, wherein the method comprises the following steps: determining a source interface before migration, a destination interface after migration and a user to be migrated; acquiring the access control attribute, the user information and the forwarding table entry of the user to be migrated; and migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface. By the technical scheme, the online smooth switching of the user is realized, the influence on the use of the user is small, the service interruption time is reduced, the user cannot be forced to be offline due to the switching from the source interface to the destination interface, the authentication process does not need to be executed again, the service experience of the user is improved, and the efficiency and operability of network switching are improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a user migration method and apparatus.
Background
The Authentication system may include a user (or called a user host, an Authentication client, etc.), a gateway device (e.g., a BRAS (Broadband Remote Access Server, etc.), and an Authentication Server (e.g., an AAA (Authentication Authorization Accounting, etc.)) as well as a user terminal (or called a user host, an Authentication client, etc.). The gateway equipment sends the authentication information of the user to an authentication server, and the authentication server completes authentication, authorization and charging of the user. And when the user authentication is passed, the network resource can be accessed through the gateway equipment.
Fig. 1 is a schematic diagram of an authentication system. There is a need for: the user under the switch 4 needs to migrate to the switch 2, that is, the user accesses the network resource through the switch 4, the switch 2 and the gateway device, and does not access the network resource through the switch 4, the switch 1 and the gateway device.
In the conventional manner, the gateway device needs to interrupt the traffic of these users (i.e. the users under the exchange 4) and manually delete the configurations of these users from under the interface P1, thereby triggering the users to re-perform the authentication process, so that the configurations of these users can be maintained under the interface P2 during the re-authentication process.
However, in the above method, the configuration of the user needs to be manually deleted, the workload of the manual work is large, and the user is forced to be offline and re-authenticated, which causes service interruption and affects the service experience of the user.
Disclosure of Invention
The application provides a user migration method, which is applied to gateway equipment and comprises the following steps:
determining a source interface before migration, a destination interface after migration and a user to be migrated;
acquiring the access control attribute, the user information and the forwarding table entry of the user to be migrated;
and migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface.
The application provides a user migration device, is applied to gateway equipment, the device includes:
the determining module is used for determining a source interface before migration, a destination interface after migration and a user to be migrated;
the acquisition module is used for acquiring the access control attribute, the user information and the forwarding table entry of the user to be migrated;
and the migration module is used for migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface.
Based on the technical scheme, in the embodiment of the application, when a user needs to be migrated from a source interface to a destination interface, the access control attribute can be automatically migrated from the source interface to the destination interface, the user information can be migrated from the source interface to the destination interface, and the forwarding table entry can be migrated from the source interface to the destination interface, so that online smooth switching of the user is realized, the influence on the use of the user is small, the service interruption time is reduced, the user cannot be forced to go offline due to switching from the source interface to the destination interface, the authentication process does not need to be executed again, the service experience of the user is improved, the efficiency and operability of network switching are improved, and great convenience is brought to operation and maintenance.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present application or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a schematic diagram of an authentication system;
FIG. 2 is a flow chart of a user migration method in one embodiment of the present application;
FIG. 3 is a diagram of a hardware configuration of a gateway device in one embodiment of the present application;
fig. 4 is a block diagram of a user migration apparatus according to an embodiment of the present application.
Detailed Description
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
An embodiment of the present application provides a user migration method, where the method may be applied to a gateway device (such as a BRAS, etc.), and refer to fig. 2, where the method is a flowchart of the user migration method, and the method may include:
In one example, the process for determining the source interface before migration and the destination interface after migration may include: receiving a migration command, wherein the migration command can comprise a source interface before migration and a destination interface after migration; and analyzing a source interface before migration and a destination interface after migration from the migration command. In addition, for the process of "determining users to be migrated", the process may include: the user accessed through the source interface can be directly determined as the user to be migrated; or, if the migration command further includes a user access attribute, a user accessed through the source interface and matched with the user access attribute may be determined as a user to be migrated.
As shown in fig. 1, assuming that all users under the switch 4 need to migrate to the switch 2, that is, users access network resources through the switch 4, the switch 2 and the gateway device, and no longer access network resources through the switch 4, the switch 1 and the gateway device, a migration command may be issued up and down on the gateway device, so that the gateway device is instructed to migrate all users under the switch 4 to the switch 2 through the migration command.
In one example, the migration command may include a source interface before migration (e.g., interface P1), a destination interface after migration (e.g., interface P2), and the migration command may be relocation port _ P1 to port _ P2. After receiving the migration command, the gateway device may parse the migration command to obtain an interface P1 as a source interface before migration and an interface P2 as a destination interface after migration. Furthermore, the gateway device may also determine all users under interface P1 (e.g., all users in user group 1 and user group 2) as users to be migrated.
In another example, the migration command may include a source interface before migration (e.g., interface P1), a destination interface after migration (e.g., interface P2), a user access attribute (e.g., a VLAN (Virtual Local Area Network) attribute, a domain attribute, a logical subinterface attribute, etc., although the user access attribute is not limited to these types, and the type of the user access attribute is not limited in detail), for example, the migration command may be relocation port _ P1[ VLAN10, domain _1] port _ P2. After receiving the migration command, the gateway device may parse the migration command to obtain an interface P1 as a source interface before migration and an interface P2 as a destination interface after migration. Furthermore, the gateway device may also determine the user under the interface P1 that matches the user access attribute (e.g., VLAN10, domain _1, etc.) as the user to be migrated.
By carrying the user access attribute in the migration command, the gateway device may determine a specific user as a user to be migrated, instead of determining all users under the interface P1 as users to be migrated. For example, assuming that the user under the switch 4 (i.e., the user in the user group 2) corresponds to the VLAN10, and the user under the switch 3 corresponds to the VLAN60, the user access attribute VLAN10 is carried in the migration command, so that the gateway device determines the user under the interface P1 that matches the VLAN10 as the user to be migrated, thereby determining all the users in the user group 2 as the user to be migrated, and not determining the user in the user group 1 as the user to be migrated. For another example, by carrying domain _1 in the migration command, the gateway device may determine the user in domain _1 as the user to be migrated, and so on, and the function of accessing the attribute to the user is not described again.
In one example, for a large number of online users existing on the gateway device, the gateway device may query users to be migrated (i.e., users under interface P1/interface P1 that match the user access attribute) from these online users, and for this query process, the following processes of the embodiments of the present application are explained.
1. And migrating the access control attribute of the user to be migrated from the source interface to the destination interface.
In one example, the process for "migrating the access control attribute of the user to be migrated from the source interface to the destination interface" may include: if the access control attribute does not correspond to the logical subinterface, directly recording the mapping relation between the access control attribute and the destination interface, and deleting the mapping relation between the access control attribute and the source interface. Or, if the access control attribute corresponds to a logical subinterface, determining whether the destination interface includes the logical subinterface. If yes, recording the mapping relation of the access control attribute, the destination interface and the logic sub-interface, if not, creating the logic sub-interface under the destination interface, and recording the mapping relation of the access control attribute, the destination interface and the currently created logic sub-interface. Furthermore, the mapping relationship among the access control attribute, the source interface and the logical subinterface can be deleted.
In one example, the access control attribute may include, but is not limited to, one or any combination of the following: VLAN attributes, VT (virtualization) attributes, IP segment attributes, etc. Of course, the access control attribute is not limited to these types, and the type of the access control attribute is not limited in detail. For convenience of description, the following description will take the example that the access control attribute includes a VLAN attribute, a VT attribute, and an IP segment attribute.
In an example, as shown in table 1, as an example of the access control attribute not corresponding to the logical subinterface, based on the interface P1 and the user access attribute (such as VLAN10) in the migration command, the gateway device may determine that the access control attribute of the user to be migrated is VLAN10, VT10, and IP segment X, and therefore, the gateway device may record the mapping relationship between VLAN10, VT10, IP segment X and interface P2, and delete the mapping relationship between VLAN10, VT10, IP segment X and interface P1, as shown in table 2.
TABLE 1
TABLE 2
In another example, as shown in table 3, an example of the access control attribute of the corresponding logical subinterface is shown, and the destination interface includes the logical subinterface. Based on the interface P1 and the user access attribute (such as VLAN10) in the migration command, the gateway device may determine that the access control attribute of the user to be migrated is VLAN10, VT10, and IP segment X, and therefore, the gateway device may record the mapping relationships between VLAN10, VT10, IP segment X and interface P2, and logical subinterface 10, and may delete the mapping relationships between VLAN10, VT10, IP segment X and interface P1, and logical subinterface 10, as shown in table 4.
TABLE 3
TABLE 4
In another example, as shown in table 5, an example of access control attributes of a corresponding logical subinterface is shown, and the destination interface does not include the logical subinterface. Based on the interface P1 and the user access attribute (e.g., VLAN10) in the migration command, the gateway device may determine that the access control attribute of the user to be migrated is VLAN10, VT10, and IP segment X, and the access control attribute may correspond to the logical subinterface 10, so the gateway device may create the logical subinterface 10 under the interface P2, record the mapping relationships between VLAN10, VT10, and IP segment X and the interface P2, and the logical subinterface 10, and delete the mapping relationships between VLAN10, VT10, and IP segment X and the interface P1, and the logical subinterface 10, as shown in table 6.
TABLE 5
TABLE 6
2. And migrating the user information of the user to be migrated from the source interface to the destination interface.
In one example, the process for "migrating the user information of the user to be migrated from the source interface to the destination interface" may include: and modifying the access interface corresponding to the user to be migrated from the source interface to the destination interface. Moreover, the interface attribute corresponding to the user to be migrated can be modified from the interface attribute corresponding to the source interface to the interface attribute corresponding to the destination interface; and/or modifying the interface resource corresponding to the user to be migrated from the interface resource corresponding to the source interface to the interface resource corresponding to the destination interface.
An online user table shown in table 7 may be maintained on the gateway device, where the online user table is used to record user information of an online user, and the user information may include, but is not limited to, one or any combination of the following: user name, domain name, VLAN attributes, VT attributes, access interface, logical subinterface, interface attributes, interface resources, etc. Of course, the user information is only an example of the present application, and in the embodiment of the present application, the user information is not limited to these types, and the type of the user information is not limited in detail.
TABLE 7
User name | Domain name | VLAN attributes | VT genusProperty of (2) | Access interface | Logical subinterface | Interface attributes | Interface resource |
AAA | domain_1 | VLAN10 | VT10 | Interface P1 | Logical subinterface 10 | 0x01000a | 0x111110 |
BBB | domain_1 | VLAN60 | VT30 | Interface P1 | Logical subinterface 6 | 0x01000b | 0x111110 |
CCC | domain_1 | VLAN200 | VT50 | Interface P2 | Logical subinterface 8 | 0x02000c | 0x211110 |
In an example, for a process "the gateway device queries the user to be migrated from the online users" in step 201, the gateway device may obtain the user to be migrated by querying the online user table. For example, the gateway device may query the online user table based on the information of the interface P1, the user access attribute (e.g., VLAN10), and the like in the migration command, so as to obtain that the user to be migrated is "user AAA".
In one example, for the "user AAA to be migrated", the gateway device may modify the access interface corresponding to the user AAA to be migrated from the interface P1 (source interface) to the interface P2 (destination interface). The gateway device can modify the interface attribute corresponding to the user AAA to be migrated from the interface attribute (0x01000a) corresponding to the interface P1 to the interface attribute (0x02000a) corresponding to the interface P2; the interface attribute is an attribute that an interface has, and the interface attributes of different interfaces are different, for example, the interface attribute may be ifIndex (interface index), and the type of the interface attribute is not limited. The gateway device may modify the interface resource corresponding to the AAA to be migrated from the interface resource corresponding to the interface P1 to the interface resource corresponding to the interface P2; the interface resources are resource attributes of the interfaces, and the interface resources of different interfaces are different, for example, the interface resources may include a speed limit policy, a QoS policy, a bandwidth usage policy, an access policy, and the like, and the types of the interface resources are not limited.
Wherein the gateway device may be modified in the online user table shown in table 7 for access interfaces and interface attributes. For the interface resource, the gateway device modifies the interface resource corresponding to the user AAA to be migrated from the interface resource corresponding to the interface P1 to the interface resource corresponding to the interface P2, and modifies the resource index (e.g., 0x111110, 0x211110, etc.) corresponding to the user AAA to be migrated in the online user table shown in table 7, and finds the interface resource corresponding to the user AAA to be migrated according to the resource index.
As shown in table 8, is an example of an online user table modified in the manner described above.
TABLE 8
User name | Domain name | VLAN attributes | VT attributes | Access interface | Logical subinterface | Interface attributes | Interface resource |
AAA | domain_1 | VLAN10 | VT10 | Interface P2 | Logical subinterface 10 | 0x02000a | 0x211110 |
BBB | domain_1 | VLAN60 | VT30 | Interface P1 | Logical subinterface 6 | 0x01000b | 0x111110 |
CCC | domain_1 | VLAN200 | VT50 | Interface P2 | Logical subinterface 8 | 0x02000c | 0x211110 |
3. And migrating the forwarding table entry of the user to be migrated from the source interface to the destination interface.
In an example, the process for "migrating the forwarding table entry of the user to be migrated from the source interface to the destination interface" may include: determining address information (such as a Media Access Control (MAC) address and/or an IP address) of a user to be migrated, querying a forwarding table entry through the address information, obtaining an egress interface corresponding to the address information, and modifying the egress interface from the source interface to the destination interface.
The online user tables shown in tables 7 and 8 may further include address information corresponding to the user to be migrated (the address information is not shown in tables 7 and 8), so that after the user to be migrated is determined to be "user AAA", the address information of the user to be migrated AAA may be analyzed from the online user table.
Taking the address information as an IP address as an example, as shown in table 9, the address information is an example of a forwarding table entry. Assuming that the address information of the AAA to be migrated is the IP address 10.1.1.2/32, the outbound interface corresponding to the IP address 10.1.1.2/32 may be modified from the source interface (interface P1) to the destination interface (interface P2), as shown in table 10.
TABLE 9
Destination IP address | Next hop address | Sign (sign) | Outlet interface | Label (R) | … |
10.1.1.2/32 | 10.1.1.1 | UDGH | Interface P1 | Null | … |
Watch 10
Destination IP address | Next hop address | Sign (sign) | Outlet interface | Label (R) | … |
10.1.1.2/32 | 10.1.1.1 | UDGH | Interface P2 | Null | … |
In one example, the authentication server typically charges based on the access interface of the user when charging the user, and therefore, after the user to be migrated migrates from the source interface to the destination interface, the charging information may change, and cause a charging error. Based on this, before migrating the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface, the gateway device may further send a charging update message for the user to be migrated to the authentication server, where the charging update message may carry information of the source interface, so that the authentication server performs charging using the charging update message. Of course, the charging update message may also carry other information, such as a user name, online time, and used traffic of the user to be migrated, which is not limited to this. Based on the information, the authentication server can complete the charging of the user to be migrated at the source interface.
Further, after the access control attribute, the user information, and the forwarding table of the user to be migrated are migrated from the source interface to the destination interface, the gateway device may also carry the information of the destination interface, the user name, the online time, the used traffic, and other contents in the charging update message sent to the authentication server, so that the authentication server may complete the charging of the user to be migrated at the destination interface.
Considering that the authentication server also needs to maintain the user information, and the user information includes the access interface, before migrating the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface, the gateway device may further send an interface update message for the user to be migrated to the authentication server, where the interface update message carries the information of the source interface and the information of the destination interface, and the authentication server modifies the access interface of the user to be migrated from the source interface to the destination interface. Certainly, the interface update message may also carry other information, such as the user name, MAC address, IP address, domain, login time, etc. of the user to be migrated.
In addition, considering that a DHCP (Dynamic Host Configuration Protocol) server also needs to maintain user information, and the user information includes an access interface, before migrating an access control attribute, user information, and a forwarding table entry of a user to be migrated from a source interface to a destination interface, the gateway device may further send an interface update message for the user to be migrated to the DHCP server, where the interface update message carries information of the source interface and information of the destination interface, so that the DHCP server modifies the access interface of the user to be migrated from the source interface to the destination interface. Certainly, the interface update message may also carry other information, such as a user name, an MAC address, an IP address, domain, lease, and the like of the user to be migrated.
In one example, the number of the users to be migrated may be one or more than one, in order to distinguish which users to be migrated have completed migration and which users to be migrated have not completed migration, after all the users to be migrated are determined, a user table to be migrated is also maintained, and a correspondence between each user to be migrated and a migration flag is recorded in the user table to be migrated, where a migration flag corresponding to each user to be migrated includes a first identifier, and the first identifier indicates that migration has not been completed. Based on this, the user to be migrated marked with the first identifier can be selected from the user table to be migrated, the process of migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface is executed, the migration mark of the user to be migrated is modified into the second identifier, and the second identifier indicates that the migration is completed. Judging whether a user to be migrated marked as a first identifier exists in a user table to be migrated or not; if yes, continuing to execute the process of selecting the user to be migrated marked as the first identification from the user table to be migrated; if not, determining that all users to be migrated have completed the migration.
Further, before modifying the migration flag of the user to be migrated to the second flag, a request message for the user to be migrated may be sent to the authentication server, where the request message carries information of the destination interface, and if a response message returned by the authentication server is received, it is determined that the user to be migrated has successfully completed migration, and a process of modifying the migration flag of the user to be migrated to the second flag is performed.
The user table to be migrated may be as shown in table 11, where the user table to be migrated records a correspondence between a user name of the user to be migrated, a source interface before migration, a destination interface after migration, and a migration flag. And the migration mark of each user to be migrated is no, which indicates that the user to be migrated does not complete the migration.
TABLE 11
Firstly, the user to be migrated "AAA 1" marked as no for migration is selected from the user table to be migrated, and the process of migrating the access control attribute, user information, and forwarding table entry of the user to be migrated "AAA 1" from the source interface to the destination interface is executed. The table of users to be migrated may also be as shown in table 12, where a value of 0 indicates that the corresponding content has not been migrated. Based on this, a migration command is sent to the control module 1 with the access control attribute, so that the control module 1 migrates the access control attribute of the user "AAA 1" to be migrated from the source interface to the destination interface, and when a successful response of the control module 1 is received, the access control attribute corresponding to the user "AAA 1" to be migrated is modified to 1, which indicates that the access control attribute has completed migration, as shown in table 13. Then, a migration command is sent to the control module 2 of the user information, so that the control module 2 migrates the user information of the user "AAA 1" to be migrated from the source interface to the destination interface, and when a successful response of the control module 2 is received, the user information corresponding to the user "AAA 1" to be migrated is modified to 1, which indicates that the user information has been migrated, as shown in table 13. Then, a migration command is sent to the control module 3 of the forwarding table entry, so that the control module 3 migrates the forwarding table entry of the user "AAA 1" to be migrated from the source interface to the destination interface, and when a successful response of the control module 3 is received, the forwarding table entry corresponding to the user "AAA 1" to be migrated is modified to 1, which indicates that the forwarding table entry has been migrated, as shown in table 13. In this way, when the access control attribute, the user information, and the forwarding table entry corresponding to the user "AAA 1" to be migrated are all 1, it indicates that the migration is completed.
TABLE 12
Watch 13
After the user "AAA 1" to be migrated is migrated, a request message (e.g., an accounting request message) for the user "AAA 1" to be migrated may be sent to the authentication server, where the request message carries information of the destination interface P2. After receiving the request message, the authentication server returns a response message to the gateway device if finding that the user "AAA 1" has indeed migrated to the interface P2. If the gateway device receives the response message returned by the authentication server, it is determined that the user "AAA 1" to be migrated has successfully completed the migration, and the migration flag of the user "AAA 1" to be migrated is modified to be yes, which indicates that the user has completed the migration.
And then, selecting the user to be migrated with the migration flag of "AAA 2" from the user table to be migrated, wherein the processing process is the same as that of the user to be migrated of "AAA 1", which is not described herein again, and so on.
In an example, for the above process of determining that the "user to be migrated" AAA1 "is migrated completely, after receiving the response message for the charging update message and the response message for the interface update message, the gateway device determines that the" user to be migrated "AAA 1" is migrated completely, and sends a request message for the user to be migrated "AAA 1" to the authentication server, where the request message carries information of the destination interface P2.
Based on the technical scheme, in the embodiment of the application, when a user needs to be migrated from a source interface to a destination interface, the access control attribute can be automatically migrated from the source interface to the destination interface, the user information can be migrated from the source interface to the destination interface, and the forwarding table entry can be migrated from the source interface to the destination interface, so that online smooth switching of the user is realized, the influence on the use of the user is small, the service interruption time is reduced, the user cannot be forced to go offline due to switching from the source interface to the destination interface, the authentication process does not need to be executed again, the service experience of the user is improved, the efficiency and operability of network switching are improved, and great convenience is brought to operation and maintenance.
Based on the same application concept as the method, the embodiment of the application also provides a user migration device, and the user migration device is applied to the gateway equipment. The user migration apparatus may be implemented by software, or may be implemented by hardware, or a combination of hardware and software. Taking a software implementation as an example, as a logical means, the device is formed by reading a corresponding computer program instruction in the nonvolatile memory through a processor of the gateway device where the device is located. From a hardware aspect, as shown in fig. 3, for a hardware structure diagram of a gateway device where a user migration apparatus provided by the present application is located, in addition to the processor and the nonvolatile memory shown in fig. 3, the gateway device may further include other hardware, such as a forwarding chip, a network interface, and a memory, which are responsible for processing a packet; in terms of hardware structure, the gateway device may also be a distributed device, and may include a plurality of interface cards, so as to perform extension of message processing at a hardware level.
As shown in fig. 4, a structure diagram of a user migration apparatus proposed by the present application includes:
the determining module 11 is configured to determine a source interface before migration, a destination interface after migration, and a user to be migrated; an obtaining module 12, configured to obtain an access control attribute, user information, and a forwarding table entry of the user to be migrated; a migration module 13, configured to migrate the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface.
In an example, the determining module 11 is specifically configured to receive a migration command in a process of determining a source interface before migration, a destination interface after migration, and a user to be migrated, where the migration command includes the source interface before migration and the destination interface after migration, and analyze the source interface before migration and the destination interface after migration from the migration command; and determining the user accessed through the source interface as the user to be migrated, or determining the user accessed through the source interface and matched with the user access attribute as the user to be migrated if the migration command further comprises the user access attribute.
In an example, the migration module 13 is specifically configured to, in a process of migrating the access control attribute of the user to be migrated from the source interface to the destination interface, record a mapping relationship between the access control attribute and the destination interface if the access control attribute does not correspond to a logical subinterface, and delete the mapping relationship between the access control attribute and the source interface;
if the access control attribute corresponds to a logic sub-interface, judging whether the target interface comprises the logic sub-interface; if yes, recording the mapping relation among the access control attribute, the destination interface and the logic sub-interface, if not, creating the logic sub-interface under the destination interface, and recording the mapping relation among the access control attribute, the destination interface and the currently created logic sub-interface; and deleting the mapping relation among the access control attribute, the source interface and the logic subinterface.
In an example, the migration module 13 is specifically configured to modify, in a process of migrating the user information of the user to be migrated from the source interface to the destination interface, an access interface corresponding to the user to be migrated from the source interface to the destination interface;
modifying the interface attribute corresponding to the user to be migrated from the interface attribute corresponding to the source interface to the interface attribute corresponding to the destination interface; and/or modifying the interface resource corresponding to the user to be migrated from the interface resource corresponding to the source interface to the interface resource corresponding to the destination interface.
In an example, the migration module 13 is specifically configured to determine address information of the user to be migrated in a process of migrating the forwarding entry of the user to be migrated from the source interface to the destination interface; inquiring a forwarding table item through the address information to obtain an output interface corresponding to the address information; modifying the outbound interface from the source interface to the destination interface.
In one example, the user migration apparatus further comprises (not shown): a sending module, configured to send a charging update message for the user to be migrated to an authentication server before the migration module 13 migrates the access control attribute, the user information, and the forwarding entry of the user to be migrated from the source interface to the destination interface, where the charging update message carries information of the source interface, so that the authentication server charges by using the charging update message; and/or sending an interface update message aiming at the user to be migrated to the authentication server and/or the Dynamic Host Configuration Protocol (DHCP) server, wherein the interface update message carries the information of a source interface and the information of a destination interface.
In an example, the determining module 11 is further configured to, after determining the users to be migrated, record, in the user table to be migrated, a corresponding relationship between each user to be migrated and a migration flag if the number of the determined users to be migrated is one or more than one, where the migration flag corresponding to each user to be migrated includes a first identifier, and the first identifier indicates that migration is not completed;
the obtaining module 12 is further configured to select a user to be migrated marked as a first identifier from the user table to be migrated; the migration module 13 is further configured to migrate the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface, and modify the migration flag of the user to be migrated into a second flag, where the second flag indicates that the migration has been completed; the determining module 11 is further configured to determine whether there is a user to be migrated marked as a first identifier in the user table to be migrated; if not, determining that all users to be migrated have completed migration; if yes, the obtaining module 12 selects the user to be migrated marked as the first identifier from the user table to be migrated;
the determining module 11 is further configured to send a request message for the user to be migrated to an authentication server before the migration module 13 modifies the migration flag of the user to be migrated to the second identifier, where the request message carries information of the destination interface, and if a response message returned by the authentication server is received, it is determined that the user to be migrated has successfully completed migration.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (which may include, but is not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (12)
1. A user migration method is applied to gateway equipment, and is characterized in that the method comprises the following steps:
determining a source interface before migration, a destination interface after migration and a user to be migrated;
acquiring the access control attribute, the user information and the forwarding table entry of the user to be migrated;
migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface;
the process of migrating the access control attribute of the user to be migrated from the source interface to the destination interface specifically includes: if the access control attribute does not correspond to the logic sub-interface, recording the mapping relation between the access control attribute and the destination interface, and deleting the mapping relation between the access control attribute and the source interface; if the access control attribute corresponds to a logic sub-interface, judging whether the target interface comprises the logic sub-interface; if yes, recording the mapping relation among the access control attribute, the destination interface and the logic sub-interface, if not, creating the logic sub-interface under the destination interface, and recording the mapping relation among the access control attribute, the destination interface and the currently created logic sub-interface; and deleting the mapping relation among the access control attribute, the source interface and the logic subinterface.
2. The method according to claim 1, wherein the process of determining the source interface before migration, the destination interface after migration, and the user to be migrated specifically includes:
receiving a migration command, wherein the migration command comprises a source interface before migration and a destination interface after migration;
analyzing the source interface before the migration and the target interface after the migration from the migration command;
determining the user accessed through the source interface as a user to be migrated; alternatively, the first and second electrodes may be,
and if the migration command further comprises a user access attribute, determining the user which is accessed through the source interface and is matched with the user access attribute as the user to be migrated.
3. The method according to claim 1, wherein the process of migrating the user information of the user to be migrated from the source interface to the destination interface specifically includes:
modifying the access interface corresponding to the user to be migrated from the source interface to the destination interface;
modifying the interface attribute corresponding to the user to be migrated from the interface attribute corresponding to the source interface to the interface attribute corresponding to the destination interface; and/or modifying the interface resource corresponding to the user to be migrated from the interface resource corresponding to the source interface to the interface resource corresponding to the destination interface.
4. The method according to claim 1, wherein the process of migrating the forwarding entry of the user to be migrated from the source interface to the destination interface specifically includes:
determining the address information of the user to be migrated;
inquiring a forwarding table item through the address information to obtain an output interface corresponding to the address information;
modifying the outbound interface from the source interface to the destination interface.
5. The method of claim 1,
before the migrating the access control attribute, the user information and the forwarding table entry of the user to be migrated from the source interface to the destination interface, the method further includes:
sending a charging updating message aiming at the user to be migrated to an authentication server, wherein the charging updating message carries the information of the source interface, so that the authentication server charges by using the charging updating message; and/or sending an interface updating message aiming at the user to be migrated to an authentication server and/or a Dynamic Host Configuration Protocol (DHCP) server, wherein the interface updating message carries the information of a source interface and the information of a destination interface.
6. The method according to any one of claims 1 to 5, wherein after determining the users to be migrated, if the determined number of users to be migrated is one or more, the method further comprises:
recording the corresponding relation between each user to be migrated and a migration mark in a user table to be migrated, wherein the migration mark corresponding to each user to be migrated comprises a first identifier which indicates that migration is not completed;
selecting a user to be migrated marked as a first identifier from the user table to be migrated, executing a process of migrating an access control attribute, user information and a forwarding table item of the user to be migrated from the source interface to the destination interface, and modifying the migration mark of the user to be migrated into a second identifier, wherein the second identifier represents that the migration is completed;
judging whether a user to be migrated marked as a first identifier exists in the user table to be migrated or not;
if yes, executing a process of selecting the user to be migrated marked as the first identification from the user table to be migrated; if not, determining that all users to be migrated have completed the migration.
7. The method of claim 6,
before the modifying the migration flag of the user to be migrated to the second identifier, the method further includes:
and sending a request message aiming at the user to be migrated to an authentication server, wherein the request message carries the information of the target interface, if a response message returned by the authentication server is received, determining that the user to be migrated has successfully completed migration, and executing a process of modifying the migration mark of the user to be migrated into a second mark.
8. A user migration apparatus applied to a gateway device, the apparatus comprising:
the determining module is used for determining a source interface before migration, a destination interface after migration and a user to be migrated;
the acquisition module is used for acquiring the access control attribute, the user information and the forwarding table entry of the user to be migrated;
a migration module, configured to migrate the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface;
the migration module is specifically configured to, in a process of migrating the access control attribute of the user to be migrated from the source interface to the destination interface, record a mapping relationship between the access control attribute and the destination interface if the access control attribute does not correspond to the logical subinterface, and delete the mapping relationship between the access control attribute and the source interface; if the access control attribute corresponds to a logic sub-interface, judging whether the target interface comprises the logic sub-interface; if yes, recording the mapping relation among the access control attribute, the destination interface and the logic sub-interface, if not, creating the logic sub-interface under the destination interface, and recording the mapping relation among the access control attribute, the destination interface and the currently created logic sub-interface; and deleting the mapping relation among the access control attribute, the source interface and the logic subinterface.
9. The apparatus according to claim 8, wherein the determining module is specifically configured to receive a migration command in a process of determining a source interface before migration, a destination interface after migration, and a user to be migrated, where the migration command includes the source interface before migration and the destination interface after migration, and the source interface before migration and the destination interface after migration are analyzed from the migration command; and determining the user accessed through the source interface as the user to be migrated, or determining the user accessed through the source interface and matched with the user access attribute as the user to be migrated if the migration command further comprises the user access attribute.
10. The apparatus of claim 8,
the migration module is specifically configured to modify an access interface corresponding to the user to be migrated from the source interface to the destination interface in a process of migrating the user information of the user to be migrated from the source interface to the destination interface; modifying the interface attribute corresponding to the user to be migrated from the interface attribute corresponding to the source interface to the interface attribute corresponding to the destination interface; and/or modifying the interface resource corresponding to the user to be migrated from the interface resource corresponding to the source interface to the interface resource corresponding to the destination interface;
determining address information of the user to be migrated in the process of migrating the forwarding table entry of the user to be migrated from the source interface to the destination interface; inquiring a forwarding table item through the address information to obtain an output interface corresponding to the address information; modifying the outbound interface from the source interface to the destination interface.
11. The apparatus of claim 8, further comprising:
a sending module, configured to send a charging update message for the user to be migrated to an authentication server before the migration module migrates the access control attribute, the user information, and the forwarding entry of the user to be migrated from the source interface to the destination interface, where the charging update message carries information of the source interface, so that the authentication server charges by using the charging update message; and/or sending an interface update message aiming at the user to be migrated to the authentication server and/or the Dynamic Host Configuration Protocol (DHCP) server, wherein the interface update message carries the information of a source interface and the information of a destination interface.
12. The apparatus according to any one of claims 8 to 11, wherein the determining module is further configured to, after determining the users to be migrated, if the determined number of the users to be migrated is one or more than one, record a corresponding relationship between each user to be migrated and a migration flag in the user table to be migrated, where a migration flag corresponding to each user to be migrated includes a first identifier, and the first identifier indicates that migration is not completed;
the obtaining module is further configured to select a user to be migrated marked as a first identifier from the user table to be migrated; the migration module is further configured to migrate the access control attribute, the user information, and the forwarding table entry of the user to be migrated from the source interface to the destination interface, and modify the migration flag of the user to be migrated into a second flag, where the second flag indicates that the migration has been completed;
the determining module is further configured to determine whether a user to be migrated marked as a first identifier exists in the user table to be migrated; if not, determining that all users to be migrated have completed migration; if yes, the obtaining module selects the user to be migrated marked as the first identifier from the user table to be migrated;
the determining module is further configured to send a request message for the user to be migrated to an authentication server before the migration module modifies the migration flag of the user to be migrated to the second identifier, where the request message carries information of the destination interface, and if a response message returned by the authentication server is received, it is determined that the user to be migrated has successfully completed migration.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611193678.1A CN106878052B (en) | 2016-12-21 | 2016-12-21 | User migration method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611193678.1A CN106878052B (en) | 2016-12-21 | 2016-12-21 | User migration method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106878052A CN106878052A (en) | 2017-06-20 |
CN106878052B true CN106878052B (en) | 2020-04-03 |
Family
ID=59163870
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611193678.1A Active CN106878052B (en) | 2016-12-21 | 2016-12-21 | User migration method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106878052B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109189549A (en) * | 2018-08-01 | 2019-01-11 | 新华三技术有限公司 | Virtual machine migration method and device |
CN109344100A (en) * | 2018-08-17 | 2019-02-15 | 北京奇虎科技有限公司 | A kind of method and device of auxiliary system interface shift |
CN112714011B (en) * | 2020-12-15 | 2023-06-02 | 贝壳技术有限公司 | Distribution information configuration method, device, electronic equipment and storage medium |
CN113360184A (en) * | 2021-06-04 | 2021-09-07 | 曙光信息产业(北京)有限公司 | Software migration method and device among multiple ecosystems, computer equipment and storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102143138A (en) * | 2010-09-15 | 2011-08-03 | 华为技术有限公司 | Method and device for configuring virtual local area network (VLAN) in live migration process of virtual machine |
CN102394831A (en) * | 2011-11-28 | 2012-03-28 | 杭州华三通信技术有限公司 | Flow uninterruptible method and device based on virtual machine VM (virtual memory) migration |
CN103201721A (en) * | 2012-08-29 | 2013-07-10 | 华为技术有限公司 | Virtual machine thermal migration system and method |
CN103607430A (en) * | 2013-10-30 | 2014-02-26 | 中兴通讯股份有限公司 | Network processing method and system, and network control center |
CN103812823A (en) * | 2012-11-07 | 2014-05-21 | 华为技术有限公司 | Method, device and system for configuration information migration in thermal migration of virtual machine |
CN104348637A (en) * | 2013-07-26 | 2015-02-11 | 中国科学院声学研究所 | Method for maintaining TCP connection in fault switching |
CN105591807A (en) * | 2015-10-10 | 2016-05-18 | 杭州华三通信技术有限公司 | Interface configuration migration method and device |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102457439B (en) * | 2011-12-07 | 2014-05-28 | 中标软件有限公司 | Virtual switching system and method of cloud computing system |
CN102821023B (en) * | 2012-08-07 | 2016-12-21 | 杭州华三通信技术有限公司 | A kind of method and device of VLAN configuration dynamic migration |
CN103227843B (en) * | 2012-08-31 | 2016-05-04 | 杭州华三通信技术有限公司 | A kind of physical link address management method and device |
-
2016
- 2016-12-21 CN CN201611193678.1A patent/CN106878052B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102143138A (en) * | 2010-09-15 | 2011-08-03 | 华为技术有限公司 | Method and device for configuring virtual local area network (VLAN) in live migration process of virtual machine |
CN102394831A (en) * | 2011-11-28 | 2012-03-28 | 杭州华三通信技术有限公司 | Flow uninterruptible method and device based on virtual machine VM (virtual memory) migration |
CN103201721A (en) * | 2012-08-29 | 2013-07-10 | 华为技术有限公司 | Virtual machine thermal migration system and method |
CN103812823A (en) * | 2012-11-07 | 2014-05-21 | 华为技术有限公司 | Method, device and system for configuration information migration in thermal migration of virtual machine |
CN104348637A (en) * | 2013-07-26 | 2015-02-11 | 中国科学院声学研究所 | Method for maintaining TCP connection in fault switching |
CN103607430A (en) * | 2013-10-30 | 2014-02-26 | 中兴通讯股份有限公司 | Network processing method and system, and network control center |
CN105591807A (en) * | 2015-10-10 | 2016-05-18 | 杭州华三通信技术有限公司 | Interface configuration migration method and device |
Also Published As
Publication number | Publication date |
---|---|
CN106878052A (en) | 2017-06-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108632074B (en) | Service configuration file issuing method and device | |
CN108667695B (en) | Backup method and device for BRAS transfer control separation | |
CN109981493B (en) | Method and device for configuring virtual machine network | |
CN106878052B (en) | User migration method and device | |
EP3461072B1 (en) | Access control in a vxlan | |
KR101857511B1 (en) | Method and apparatus for determining virtual machine migration | |
CN108737224B (en) | Message processing method and device based on micro-service architecture | |
CN106878199B (en) | Configuration method and device of access information | |
EP3614650B1 (en) | Separation of forwarding plane and control plane of cgn | |
EP3451592B1 (en) | Packet transmission between vxlan domains | |
CN108667575B (en) | Backup method and device for BRAS transfer control separation | |
CN106878084B (en) | Authority control method and device | |
CN106506515B (en) | Authentication method and device | |
CN109714239B (en) | Management message issuing method, VNFM (virtual network management frequency) equipment and server | |
CN108259218B (en) | IP address allocation method and device | |
CN108234422B (en) | Resource scheduling method and device | |
CN103795622A (en) | Message forwarding method and device using same | |
CN111327651A (en) | Resource downloading method, device, edge node and storage medium | |
US11050661B2 (en) | Creating an aggregation group | |
US11743258B2 (en) | Access authenticating | |
CN107547400B (en) | Virtual machine migration method and device | |
CN105049546B (en) | A kind of Dynamic Host Configuration Protocol server is the method and device of client distribution IP address | |
CN108781189B (en) | Load balancing method and related equipment | |
CN111262771B (en) | Virtual private cloud communication system, system configuration method and controller | |
CN108023774B (en) | Cross-gateway migration method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230616 Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd. Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466 Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd. |
|
TR01 | Transfer of patent right |