CN107241454B - A kind of method, apparatus that realizing address administration, aaa server and SDN controller - Google Patents
A kind of method, apparatus that realizing address administration, aaa server and SDN controller Download PDFInfo
- Publication number
- CN107241454B CN107241454B CN201610188372.0A CN201610188372A CN107241454B CN 107241454 B CN107241454 B CN 107241454B CN 201610188372 A CN201610188372 A CN 201610188372A CN 107241454 B CN107241454 B CN 107241454B
- Authority
- CN
- China
- Prior art keywords
- information
- address
- sdn controller
- aaa server
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of method, apparatus that realizing address administration, SDN controller and aaa server, comprising: the identification of the home gateway from first device (RG) and authentication-related information generate and send and carry out the certification request information of home gateway RG certification to authentication and authorization charging (AAA) server software defined network (SDN) controller based on the received;Aaa server distributes address management information after the certification for completing RG, for VG;SDN controller is after aaa server completes RG certification, it is that RG distributes virtual gateway (VG) according to user signing contract information, SDN controller is VG configuration address according to the authentication response information of the content of the address management information distributed of the promising VG of carrying from aaa server.Present invention method is that RG distributes VG by SDN controller, is that VG distributes address management information by aaa server, the address administration after realizing VG creation.
Description
Technical field
Present document relates to but be not limited to data communication technology, espespecially a kind of method, apparatus for realizing address administration, Certificate Authority
Charging (AAA) server and software defined network (SDN) controller.
Background technique
Universal with Internet application and broadband services, operator provides more network services for broadband user,
Such as the business such as safe, virtual network, filtering, load balancing, multimedia and multimedia enhancing.In order to provide these business, transport
Battalion quotient mainly uses special equipment or router dedicated service plate come the business of disposing.Deployment-specific equipment or in existing routing
Framework is at high cost using dedicated service plate and there is a problem of that deployment is complicated and time-consuming, and network operator is unable to complete quickly.This
Outside, there is the influence portion for carrying out specific customization and manual configuration there is also maintenance cost height in the deployment of special equipment or router
The problem of administration's business.
Virtualization technology uses general hardware structure, by the way that common hardware is carried out resource pool management, to a certain degree
On improve the efficiency of service deployment.
Wired data communication net provides internet (Internet) access and internet for domestic consumer and enterprise customer
Value-added service.Access control in the related technology passes through BAS Broadband Access Server (BRAS, Broadband Remote Access
Server), business router (SR, Service Router), wideband network gateway (BNG, Broadband Network
) etc. Gateway special equipments are realized.However, the user of wired data communication net is more, flow is big, business is complicated.Single is dedicated
Equipment or single virtual technology all can not comprehensively solve these problems.Current standards tissue is proposed by dedicated setting existing
Virtualization technology is extended on the basis of standby networking, preferably to solve the fast-forwarding of business datum and carry out to business flexible
Extension.BBF (Broadband Forum) normal structure proposes that virtual gateway (VG, Virtual Gateway) cooperation is deployed in
The physical gateway of network where user, subscriber household gateway (RG, Residential Gateway) is for realizing basic network function
Can access, realize the flexible deployment of business by VG, the WT-317 protocol definition in the related technology functional requirement of VG.
Summary of the invention
It is the general introduction to the theme being described in detail herein below.This general introduction is not the protection model in order to limit claim
It encloses.
This application example provides a kind of method, apparatus for realizing address administration, aaa server and SDN controller, Neng Goushi
Existing address administration.
The embodiment of the invention provides a kind of methods for realizing address administration, comprising:
Software defined network SDN controller according to from first device identification and authentication-related information generate carry out family
The certification request information of gateway RG certification, and authentication and authorization charging AAA is sent by the RG of the generation certification request information authenticated
Server;
SDN controller is that RG distributes VG according to user signing contract information after aaa server completes RG certification;
SDN controller is VG configuration address according to the authentication response information from aaa server;
The authentication response message are as follows: after aaa server completes certification, that feeds back to SDN controller carries AAA service
Device is the content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
Optionally, certification request information includes identification and authentication-related information;
The identification and authentication-related information include: the tunnel mark of the RG encapsulated in dynamic host configuration protocol DHCP request
Know symbol, and/or RG tunnel source address, and/or with the associated virtual LAN VLAN of RG, and/or with the associated multi-protocols of RG
Tag switching MPLS subnet information, and/or line identification information, and/or the port wideband network gateway BNG for receiving DHCP request
Number, and/or the message comprising DHCP request content.
Optionally, this method further include: the LAN interface access information of pre-stored VG is sent to by the SDN controller
The first device.
Optionally, the LAN interface access information of VG includes:
The connection of the LAN interface of the reachable virtual gateway unique encodings VG-ID information of the LAN interface of VG, and/or VG is believed
Breath.
Optionally, after distributing VG for RG, if including the NAT device shared with the VG of distribution, the method
Further include:
The SDN controller will distribute to the interface of the NAT public network of the network address translation NAT public network address and VG of VG
Port information is handed down to the NAT device shared with the VG.
Optionally, method further include: SDN controller is established corresponding session control session to every RG respectively and managed;
The session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG and/
Or the LAN interface information, and/or VG of VG-ID information, and/or VG wide area network wan interface information, and/or VG NAT public network
Public network address, and/or VG NAT port information, and/or distribution VG address management information, and/or service quality QOS,
And/or security strategy, and/or operation management maintainance OAM management information are recorded and are safeguarded.
On the other hand, the embodiment of the present invention also provides a kind of method for realizing address administration, comprising:
SDN controller receives the address pool id information from aaa server;
SDN controller is that VG distributes address administration letter according to address pool information and received address pool id information is pre-configured with
Breath;
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network of VG
Convert the interface port information of the public network address of NAT and the NAT of VG in location;
Optionally, method further include:
SDN controller is determined as according to being that VG distributes address management information based on address pool information and address pool id information
The IP address of VG distribution, and will give in the determining IP address for VG distribution to aaa server.
On the other hand, the embodiment of the present invention also provides a kind of method for realizing address administration, comprising:
Aaa server distributes address management information after the certification for completing RG, for VG, and feeds back and carry to SDN controller
There is the authentication response message of the content of the address management information for VG distribution;
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, distributing address management information for VG includes:
The aaa server is directly VG distribution address management information;
The address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address of VG
Convert the interface port information of the public network address of NAT and the NAT of VG.
Optionally, before distributing VG for RG, the method also includes:
The aaa server sends user signing contract information to SDN controller.
On the other hand, the embodiment of the present invention also provides a kind of method for realizing address administration, comprising:
First device based on the received dynamic host configuration protocol DHCP request, send DHCP request in include identification and
Authentication-related information is to software defined network SDN controller, so that SDN controller is raw according to the identification and authentication-related information
At the certification request information for carrying out RG certification.
Optionally, DHCP request comes from wideband network gateway BNG or home gateway RG.
Optionally, first device includes: network function virtualization architecture gateway NFVI-GATEWAY or BNG.
Optionally, when first device is NFVI-GATEWAY, the identification and authentication-related information include: in DHCP request
The tunnel identifier of the RG of encapsulation, and/or the tunnel source address of RG, and/or with the associated virtual LAN VLAN of RG, and/or
With the associated multiprotocol label switching MPLS subnet information of RG, and/or line identification information, and/or include DHCP request content
Message;
When the first device is BNG, the identification and authentication-related information include: line identification information, and/or reception
The BNG port numbers of DHCP request, and/or message comprising DHCP request content.
Optionally, when sending the identification and authentication-related information to SDN controller, the method also includes:
The first device sends the mailing address of first device to SDN controller, so that SDN controller is based on the received
The mailing address of first device is communicated with first device.
Optionally, this method further include:
Net where the connection of RG and first device is extended to the local network LAN interface of virtual gateway VG by the first device
Network.
On the other hand, the embodiment of the present invention also provides a kind of SDN controller for realizing address administration, comprising: generates and sends
Unit, allocation unit and address configuration unit;Wherein,
Transmission unit is generated to be used for, according to from first device identification and authentication-related information generate and carry out RG certification
Certification request information, and aaa server is sent by the RG of the generation certification request information authenticated;
Allocation unit is used for, and is that RG distributes VG according to user signing contract information after aaa server completes RG certification;
Address configuration unit is used for, and SDN controller is VG configuration ground according to the authentication response information from aaa server
Location;
The authentication response message are as follows: after aaa server completes certification, that feeds back to SDN controller carries AAA service
Device is the content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
Optionally, which further includes access information transmission unit, for by the LAN interface of pre-stored VG
Access information is sent to the first device.
Optionally, which further includes issuance unit, after distributing VG for RG, if including and distributing
The shared NAT device of the VG, by the port information of the NAT public network of the NAT public network address and VG of distributing to VG be handed down to
The VG shared NAT device.
Optionally, which further includes Session Control Unit, for establishing corresponding session control respectively to every RG
Session management processed;
The session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG and/
Or the LAN interface information, and/or VG of VG-ID information, and/or VG wide area network wan interface information, and/or VG NAT public network
Public network address, and/or VG NAT port information, and/or distribution VG address management information, and/or QOS, and/or safety
Strategy, and/or OAM management information are recorded and are safeguarded.
In another aspect, the embodiment of the present invention also provides a kind of SDN controller for realizing address administration, comprising: receive address
Pond numbered cell and distribution address location;Wherein,
It receives address pool numbered cell to be used for, receives the address pool unique number id information from aaa server;
Distribution address location is used for, according to be pre-configured with address pool information and received address pool id information be VG distributively
Location management information;
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, SDN controller further include on send unit,
For being determined as VG distribution according to being that VG distributes address management information based on address pool information and address pool id information
IP address, and will it is determining for VG distribution IP address on send to aaa server.
In another aspect, the embodiment of the present invention also provides a kind of aaa server for realizing address administration, including distribution information list
Member distributes address management information after completing the certification to RG for VG, and carrying described to SDN controller feedback is VG
The authentication response message of the content of the address management information of distribution;
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, distribution information unit is specifically used for, and directly distributes address management information for VG;
The address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address of VG
Convert the interface port information of the public network address of NAT and the NAT of VG.
Optionally, the aaa server further includes signing information transmission unit, for being controlled before distributing VG for RG to SDN
Device processed sends user signing contract information.
In another aspect, the embodiment of the present invention also provides a kind of device for realizing address administration, comprising: relevant information sends single
Member sends the identification for including in DHCP request and authentication-related information to SDN controller for DHCP request based on the received,
So that SDN controller generates the certification request information for carrying out RG certification according to the identification and authentication-related information.
Optionally, relevant information transmission unit is also used to,
When sending the identification and authentication-related information to SDN controller, the mailing address of described device is sent to SDN control
Device processed, so that the mailing address of SDN controller described device based on the received is communicated with described device.
Optionally, which further includes extension apparatus, is used for, and the LAN that the connection of RG and described device extends to VG is connect
Network where mouthful.
Compared with the relevant technologies, technical scheme includes: that software defined network (SDN) controller comes based on the received
Identification and authentication-related information from the home gateway (RG) of first device, which generate and send, carries out recognizing for home gateway RG certification
Solicited message is demonstrate,proved to authentication and authorization charging (AAA) server;Aaa server distributes address pipe after the certification for completing RG, for VG
Manage information;SDN controller is that RG distributes virtual gateway (VG) according to user signing contract information after aaa server completes RG certification;
Aaa server distributes address management information after the certification for completing RG, for VG, and SDN controller is according to taking from aaa server
The authentication response information of the content of address management information with promising VG distribution is VG configuration address.Present invention method is logical
Crossing SDN controller is that RG distributes VG, is that VG distributes address management information by aaa server, the address after realizing VG creation
Management.
Detailed description of the invention
Fig. 1 embodiment of the present invention realizes the flow chart of the method for address administration;
Fig. 2 another embodiment of the present invention realizes the flow chart of the method for address administration;
Fig. 3 another embodiment of the present invention realizes the flow chart of the method for address administration;
Fig. 4 yet another embodiment of the invention realizes the flow chart of the method for address administration;
Fig. 5 is the structural block diagram for the device that the embodiment of the present invention realizes address administration;
Fig. 6 is the structural block diagram for the SDN controller that the embodiment of the present invention realizes address administration;
Fig. 7 is the structural block diagram of another SDN controller for realizing address administration of the embodiment of the present invention;
Fig. 8 is the structural block diagram for the aaa server that the embodiment of the present invention realizes address administration;
Fig. 9 is to apply exemplary schematic network structure;
Figure 10 is that the present invention first applies exemplary method flow diagram;
Figure 11 is that the present invention second applies exemplary method flow diagram;
Figure 12 is that third of the present invention applies exemplary method flow diagram.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention
Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application
Feature can mutual any combination.
Inventors have found that VG is usually thousands of, huge amount;Aaa server is now used to distribute VG- for RG in the technology of pass
ID, due to VG be it is virtual, may failure, power down or change, RG breaks down, power down or when change, needs to service in AAA
Think highly of and newly distribute VG-ID for RG, realize complexity, in addition, in the related technology without providing the relevant address management information of VG WAN
Distribution method;How dynamic address management is carried out to VG, not yet proposes effective scheme in the related technology.
Fig. 1 embodiment of the present invention realizes the flow chart of the method for address administration, as shown in Figure 1, comprising:
Dynamic host configuration protocol (DHCP) is requested based on the received for step 100, first device, is sent in DHCP request and is wrapped
The identification that contains and authentication-related information are to software defined network (SDN) controller.
Present invention method, according to identification and authentication-related information, SDN controller generates the certification for carrying out RG certification
Solicited message.
Optionally, DHCP request comes from wideband network gateway (BNG) or RG.
It should be noted that present invention method, DHCP request can come from BNG, and the DHCP request from BNG can
To include the DHCP request of RG transmission BNG.
Optionally, in present invention method, first device includes: network function virtualization architecture gateway
(NFVI-GATEWAY) or BNG.
Optionally, when first device is NFVI-GATEWAY, identification and authentication-related information include: to encapsulate in DHCP request
The tunnel identifier of RG, and/or the tunnel source address of RG, and/or with the associated virtual LAN VLAN of RG, and/or and RG
Associated multiprotocol label switching MPLS subnet information, and/or line identification information, and/or disappearing comprising DHCP request content
Breath;
When first device is BNG, identification and authentication-related information include: line identification information, and/or reception DHCP request
BNG port numbers, and/or message comprising DHCP request content.
When sending identification and authentication-related information to SDN controller, present invention method further includes step 101:
Step 101, first device send the mailing address of first device to SDN controller, so that SDN controller is according to connecing
The mailing address of the first device of receipts is communicated with first device.
It should be noted that the mailing address of first device may include tunnel when first device is NFVI-GATEWAY
Destination address;When first device is BNG, the mailing address of first device may include that BNG is sent to itself compiling for SDN controller
Number and receive DHCP request BNG port numbers.
Optionally, present invention method further include:
The connection of RG and first device is extended to net where local area network (LAN) interface of virtual gateway (VG) by first device
Network.
It should be noted that network where the LAN interface of VG here includes: SDN controller in aaa server completion RG
It is network where RG distributes the LAN interface of VG according to user signing contract information after certification.
Present invention method can implement the present invention using with IPV4, IPV6 and NAT network in heterogeneous networks
When implementation method, according to the difference of agreement, partial information needs to carry out the adjustment of adaptability, which does not need this field
Technical staff carries out creative work.
Fig. 2 another embodiment of the present invention realizes the flow chart of the method for address administration, as shown in Figure 2, comprising:
Step 200, software defined network (SDN) controller are according to identification and authentication-related information life from first device
Authentication and authorization charging is sent at the certification request information for carrying out RG certification, and by the RG of the generation certification request information authenticated
(AAA) server;
Step 201, SDN controller are that RG distributes VG according to user signing contract information after aaa server completes RG certification;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
It should be noted that user signing contract information includes the configurations of customer service, including IP for network connection
Address information, user bandwidth information, quality of service information, security control relevant information and user's supplementary service information are (such as family
Long control, firewall etc.).
In addition, distributing VG according to user signing contract information for RG may include: that can choose basic business using template way
Template, corresponding basis IPv4VG, the basis privately owned VG of IPv6VG or IPv4, and template of activating business, are corresponding with home control
Business, household safe business etc..Service template ID can be sent to SDN controller by AAA, and SDN controller is according to template ID group
Close the VG that different business is supported in creation.
Step 202, SDN controller are VG configuration address according to the authentication response information from aaa server;
Authentication response message are as follows: after aaa server completes certification, the aaa server that carries fed back to SDN controller is
The content of the address management information of VG distribution.
Optionally, in present invention method, certification request information includes identification and authentication-related information;
Identification and authentication-related information include: the tunnel identifier of the RG encapsulated in DHCP request, and/or the tunnel source of RG
Address, and/or with the associated VLAN of RG, and/or with the associated MPLS subnet information of RG, and/or line identification information, and/or
Receive the BNG port numbers of DHCP request, and/or the message comprising DHCP request content.
Optionally, present invention method further include: the LAN interface of pre-stored VG is accessed letter by SDN controller
Breath is sent to first device.
Optionally, the LAN interface access information of VG includes:
The connection of the LAN interface of reachable virtual gateway unique encodings (VG-ID) information of the LAN interface of VG, and/or VG is believed
Breath.
Optionally, after distributing VG for RG, if including the NAT device shared with the VG of distribution, the embodiment of the present invention
Method further include:
SDN controller will distribute to the interface (port) of the NAT public network of the network address translation NAT public network address and VG of VG
Information is handed down to the NAT device shared with VG.
Optionally, present invention method further include: SDN controller establishes corresponding session control to every RG respectively
(session) it manages;
Session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG, and/or
The NAT public network of the wide area network wan interface information, and/or VG of the LAN interface information, and/or VG of VG-ID information, and/or VG
The port information, and/or distribution VG address management information, and/or service quality (QOS) of the NAT of public network address, and/or VG,
And/or security strategy, and/or operation management maintainance (OAM) management information are recorded and are safeguarded.
Present invention method is that RG distributes VG by SDN controller, the address administration after realizing VG creation.
Present invention method can implement the present invention using with IPV4, IPV6 and NAT network in heterogeneous networks
When implementation method, according to the difference of agreement, partial information needs to carry out the adjustment of adaptability, which does not need this field
Technical staff carries out creative work.
Fig. 3 another embodiment of the present invention realizes the flow chart of the method for address administration, as shown in Figure 3, comprising:
Step 301, aaa server distribute address management information after the certification for completing RG, for VG, and to SDN controller
Feedback carries the authentication response message of the content of the address management information of promising VG distribution.
Wherein, the VG is the VG that SDN controller is RG distribution.
It is set it should be noted that the aaa server of implementation method of the present invention can be closed with Dynamic Host Configuration Protocol server, it can
The function of Dynamic Host Configuration Protocol server, the information as needed for the embodiment of the present invention for including in Dynamic Host Configuration Protocol server are realized in aaa server
It has differences, the adjustment for needing those skilled in the art that actual conditions is combined to carry out adaptability, the partial adjustment does not need ability
Field technique personnel carry out creative labor.
In addition, distributing address management information for VG, and it can be performed separately for RG distribution VG, there is no timing passes for the two
System;It is when both completing, then reaching the result is that the VG for being RG distribution is to be assigned with address management information.
Optionally, distributing address management information for VG includes:
Aaa server is directly VG distribution address management information;
Address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address translation of VG
(NAT) interface (port) information of the NAT of public network address and VG.
It should be noted that having address management information or aaa server in aaa server from operator's operation management
It is inquired in system.Operator's operation management system stores the address management information created when user's signing.
Optionally, before distributing VG for RG, present invention method further includes step 300;
Step 300, aaa server send user signing contract information to SDN controller.
Present invention method is that VG distributes address management information by aaa server, the ground after realizing VG creation
Location management.
Present invention method can implement the present invention using with IPV4, IPV6 and NAT network in heterogeneous networks
When implementation method, according to the difference of agreement, partial information needs to carry out the adjustment of adaptability, which does not need this field
Technical staff carries out creative work.
Fig. 4 yet another embodiment of the invention realizes the flow chart of the method for address administration, as shown in Figure 4, comprising:
Step 400, SDN controller receive the address pool id information from aaa server;
Step 401, SDN controller are VG distribution according to preconfigured address pool information and received address pool id information
Address management information;
Wherein, the VG is the VG that SDN controller is RG distribution.
It should be noted that address pool ID represents an IP address section and port end, such as 130.0.0.1~200, end
Slogan 2000~3000, SDN controller are that different VG is distributed accordingly respectively out of this IP address section and port end
The management information being made of IP address and port range;The IP address of different VG can be identical, when IP address is identical, port range
It is different.
Optionally, address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network of VG
Convert the interface port information of the public network address of NAT and the NAT of VG in location;
Optionally, present invention method further include:
SDN controller is determined as according to being that VG distributes address management information based on address pool information and address pool id information
The IP address of VG distribution, and will give in the determining IP address for VG distribution to aaa server.
It should be noted that can be used for carrying out security control by sending in determining IP address to aaa server.Such as
It traces to the source.
Fig. 5 is the structural block diagram for the device that the embodiment of the present invention realizes address administration, as shown in Figure 5, comprising: relevant information
Transmission unit sends the identification for including in DHCP request and authentication-related information and controls to SDN for DHCP request based on the received
Device processed, so that SDN controller generates the certification request information for carrying out RG certification according to the identification and authentication-related information.
Optionally, relevant information transmission unit is also used to,
When sending identification and authentication-related information to SDN controller, the mailing address of sending device to SDN controller, with
Communicate the mailing address of SDN controller device based on the received with device.
The device of that embodiment of the invention further includes that extension apparatus is used for, and the connection of RG and device is extended to the LAN interface of VG
Place network.
Fig. 6 is the structural block diagram for the SDN controller that the embodiment of the present invention realizes address administration, as shown in Figure 6, comprising: raw
At transmission unit, allocation unit and address configuration unit;Wherein,
Transmission unit is generated to be used for, according to from first device identification and authentication-related information generate and carry out RG certification
Certification request information, and aaa server is sent by the RG of the generation certification request information authenticated;
Allocation unit is used for, and is that RG distributes VG according to user signing contract information after aaa server completes RG certification;
Address configuration unit is used for, and SDN controller is VG configuration ground according to the authentication response information from aaa server
Location;
Authentication response message includes: to carry aaa server to what SDN controller was fed back after aaa server completes certification
For the content of the address management information of VG distribution;
Wherein, VG is the VG that address management information is distributed by SDN controller or aaa server.
Optionally, the embodiment of the present invention, SDN controller further includes address pool transmission unit, preconfigured for sending
Address pool information is to aaa server.
Optionally, the embodiment of the present invention, SDN controller further include access information transmission unit, and being used for will be pre-stored
The LAN interface access information of VG is sent to first device.
Optionally, the embodiment of the present invention, SDN controller further include issuance unit, after distributing VG for RG, if packet
Containing the NAT device shared with the VG of distribution, under the port information that the NAT public network of the NAT public network address and VG of VG will be distributed to
Issue the NAT device shared with VG.
Optionally, the embodiment of the present invention, SDN controller further include Session Control Unit, for establishing respectively to every RG
Corresponding session control session management;
Session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG, and/or
The public affairs of the NAT public network of the wide area network wan interface information, and/or VG of VG-ID information, and/or VG LAN interface information, and/or VG
The port information, and/or distribution VG address management information, and/or QOS, and/or security strategy of the NAT of net address, and/or VG,
And/or OAM management information is recorded and is safeguarded.
Fig. 7 is the structural block diagram for the SDN controller that the embodiment of the present invention realizes address administration, as shown in fig. 7, comprises receiving
Address pool numbered cell and distribution address location;Wherein,
It receives address pool numbered cell to be used for, receives the address pool unique number id information from aaa server;
Distribution address location is used for, according to be pre-configured with address pool information and received address pool id information be VG distributively
Location management information.
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, SDN controller further include on send unit,
For being determined as VG distribution according to being that VG distributes address management information based on address pool information and address pool id information
IP address, and will it is determining for VG distribution IP address on send to aaa server.
Fig. 8 is the structural block diagram for the aaa server that the embodiment of the present invention realizes address administration, as shown in Figure 8, comprising: point
With information unit, after completing the certification to RG, address management information is distributed for VG, and carry to SDN controller feedback
The authentication response message of the content of the address management information for VG distribution;
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, distribution information unit is specifically used for, and directly distributes address management information for VG;
Address management information includes: that the interface related IP address of wide area network (WAN) of VG, and/or the network address of VG turn
Change the public network address of (NAT) and interface (port) information of the NAT of VG.
It should be noted that the relevant IP address of the wan interface of VG includes the IPv4, and/or IPv6 of the wan interface of VG
Location.
Optionally, aaa server of the embodiment of the present invention further includes signing information transmission unit, for for RG distribute VG it
Before, user signing contract information is sent to SDN controller.
The method of the present invention is carried out to understand detailed description below by way of using example, is only used for stating this hair using example
Bright embodiment, is not intended to limit the scope of protection of the present invention.
It is apparent to make to state using example, it is illustrated to using exemplary network structure, Fig. 9 is that application is exemplary
Schematic network structure, as shown in figure 9, including: home gateway, virtual gateway, wideband network gateway, NFVI- in network structure
GATEWAY, SDN controller and aaa server etc.;Wherein virtual gateway is located in the network of network function virtualization.
Using example 1
In this application example, home gateway (RG, Residential Gateway) includes three-layer routing access function, is led to
It crosses on wan interface through three layer tunnel encapsulation and VG intercommunication;Virtual gateway (VG) is located at the net of network function virtualization (NFV)
In network, first device NFVI-GATEWAY provides RG access as autonomous device for VG.
Figure 10 is that the present invention first applies exemplary method flow diagram, as shown in Figure 8, comprising:
Step 1000:RG sends dynamic host configuration protocol (DHCP) request to the BNG for providing access;
In this application example, DHCP request is the agreement (IP) that interconnects between the network of wide area network (WAN) interface of RG
Location request, for DHCP request when by operator access network (Access network), intermediate equipment will increase line identification
Information.Intermediate equipment may include: digital subscriber line access multiplex (Digital Dilamolt), optical line terminal or connect
Enter interchanger (OLT) etc..
Step 1001:BNG receives DHCP request, initiates RG certification and VG access to authentication and authorization charging (AAA) server
AAA request;Wherein, increased line identification letter when RG certification and VG access AAA request carry DHCP request by intermediate equipment
Breath.
Step 1002:AAA server is according to the RG certification and VG access AAA request certification RG received.
It should be noted that in the related technology, when carrier network has multiple NFV networks to provide VG access, AAA service
Device optional NFV network can be distributed by strategy and VG correlation accesses NFVI-GATEWAY.Aaa server is by the WAN of RG
Information, such as tunnel are established in the access device NFVI-GATEWAY information of data center where the IP address and VG of interface and connection
Packaging information, such as virtual expansible local area network (VXLAN), generic route encapsulation (GRE) are sent to BNG.BNG is by the WAN of RG
IP address, NFVI-GATEWAY information and the connection of interface establish information and are sent to RG.
Step 1003:RG and NFVI-GATEWAY is built according to the IP address of the WAN of RG, NFVI-GATEWAY information and connection
Vertical information establishes connection.
Step 1004:RG sends DHCP request to NFVI-GATEWAY;
This application example, DHCP request are the IP address request of local area network (LAN) interface of RG.
Step 1005:NFVI-GATEWAY receives the DHCP request from RG, by the identification for including in DHCP request and recognizes
SDN controller is sent in card relevant information;
Identification and authentication-related information include the tunnel identifier of the RG encapsulated in DHCP request, and/or the tunnel source of RG
Address;
Optionally, when above sending identification and authentication-related information, this application exemplary method further include: NFVI-GATEWAY is sent
Tunnel destination address is to SDN controller, so that tunnel destination address and NFVI-GATEWAY are logical based on the received for SDN controller
Letter.
It should be noted that can also be including the LAN interface of RG according to encapsulation in the related technology in DHCP request
Other information, belong to the common knowledge of those skilled in the art.
Step 1006:SDN controller identifies based on the received and authentication-related information sends certification request information and takes to AAA
Business device;
Certification request information includes identification and authentication-related information;Authentication authorization and accounting solicited message, which carries in DHCP request, to be encapsulated
RG tunnel identifier, and/or RG tunnel source address;
The certification request information from SDN controller carries out RG certification based on the received for step 1007, aaa server;
It should be noted that carrying out RG certification according to certification request information includes: according to dynamic host configuration protocol DHCP
The tunnel identifier of the RG encapsulated in request, and/or the tunnel source address of RG, and/or with the associated virtual LAN VLAN of RG,
And/or with the associated multiprotocol label switching MPLS subnet information of RG, and/or line identification information, and/or receive DHCP request
Wideband network gateway BNG port numbers, and/or message comprising DHCP request content carry out RG certification;In addition, this application example
Default SDN controller is legal in method, then can be in this application example side if necessary to authenticate to SDN controller
The treatment process authenticated to SDN controller is added in method.
When step 1008, aaa server complete RG certification, address management information is distributed for VG;
Optionally, distributing address management information for VG may include:
Aaa server is directly VG distribution address management information;
Optionally, this application example can be that VG distributes address management information by SDN controller, comprising:
SDN controller receives address pool unique number (ID) information from aaa server;
Address management information is distributed according to address pool information and received address pool id information is pre-configured with for VG.
Optionally, SDN controller distributes address management information according to based on address pool information and address pool id information for VG,
It is determined as the IP address of VG distribution, and will send in the determining IP address for VG distribution to aaa server.
It should be noted that can be used for carrying out security control by sending in determining IP address to aaa server.Such as
It traces to the source.
Address management information may include: the relevant IP address of wan interface of VG, the network address translation of VG (NAT)
Interface (port) information of the NAT of public network address and VG;
It should be noted that address pool is configured by operator's network management is unified, SDN controller allocate in advance address pool and
The ID of different address pools.Aaa server can be VG distribution address management information according to the ID of address pool, including according to address
The ID in pond is that different RG distributes different IP address.Method in the related technology has been used to be configured with address pool on BNG
Information, SDN controller can be according to identical principle configuration address pool information in this application exemplary method;This application exemplary method
The address pool information of storage can also be directly acquired from BNG, still, before the address pool information stored on obtaining BNG, needed
Establish aaa server and the connection of BNG.
Step 1009, aaa server send the address for carrying promising VG and distributing after completing to RG certification to SDN controller
The authentication response message of management information;
After step 1010:SDN controller receives the authentication response message from aaa server, according to user signing contract information
VG is distributed for RG, the content according to the address management information in authentication response information being VG distribution is VG configuration address;
It should be noted that can believe the address administration distributed for VG when SDN controller receives authentication response information
The content of breath is stored.
Optionally, before distributing VG for RG, this application exemplary method further include: aaa server sends to SDN controller and uses
Family signing information;
It should be noted that user signing contract information is existing information in the related technology, it is that user signs with operator
The protocol contents signed when ordering with fidonetFido are stored in aaa server comprising being related to the tactful with net of user.Signing information
Configurations comprising customer service, including IP address information for network connection, user bandwidth information, service quality letter
Breath, security control relevant information and user's supplementary service information (such as parent's control, firewall).
Optionally, this application example further include:
The LAN interface access information of pre-stored VG is sent to NFVI-GATEWAY by SDN controller;
The LAN interface access information of VG may include reachable virtual gateway unique encodings (VG-ID) letter of the LAN interface of VG
The link information of the LAN interface of breath and/or VG;
It should be noted that this application example, the LAN interface access information of VG can be determined by user signing contract information.
Optionally, this application exemplary method further include:
The address management information for distributing to VG is handed down to VG and is configured by SDN controller;
Optionally, if the NAT device comprising being shared with VG, this application exemplary method further include: SDN controller will distribute
The port information of the NAT public network of NAT public network address and VG to VG is handed down to the NAT device shared with VG.
It should be noted that VG shared NAT device can be determined by user signing contract information, the shared NAT of VG is determined
Equipment is a common technical means of those skilled in the art, and details are not described herein;
The connection of RG and NFVI-GATEWAY is extended to net where the LAN interface of VG by step 1011:NFVI-GATEWAY
Network;The network where the tunnel of RG and NFVI-GATEWAY and the LAN interface of VG is established into mapping relations.
It should be noted that network where the LAN interface of VG can control pre-stored network topological information by SDN
It is determined, the content for establishing mapping relations includes: by the tunnel of the RG NFVI-GATEWAY being connected to, with NFVI-GATEWAY
Tunnel connection with RG at the network where the LAN interface of the VG of corresponding relationship, using the tunnel of NFVI-GATEWAY in
Interbed is connected correspondingly;
The connected home network device of the LAN interface and LAN interface of step 1012:RG sends DHCP request to VG.
The connected home network device of LAN interface that step 1013:VG is RG distributes IP address.
Step 1014:RG forwards the data flow of home network device, and VG provides business forwarding for home network device;Business
Forwarding includes IP forwarding or the forwarding of NAT or other business processings.
RG can also send the point-to-point protocol (PPPoE) on Ethernet request for realizing RG access, certification and
The relevant NFVI-GATEWAY distribution of VG.The message that the LAN interface of RG is sent can be carried on the Layer 2 Tunneling Protocols such as VXLAN it
On, and encapsulated by PPPoE and reach BNG.After BNG decapsulates PPPoE message, the message that the LAN interface of RG is sent can be according to two
The destination address of layer tunnel protocol determines the position of NFVI-GATEWAY.
The exemplary RG of this application is also possible to enterprise network gateway accessing, and enterprise network gateway can be with dynamic access, can also be quiet
State access.When enterprise network gateway accessing, BNG supports three layers of forwarding.When dynamic access, by accessing BNG, asked to aaa server
The NFVI-GATEWAY relevant information for seeking accessible VG establishes enterprise gateway wan interface and the wan interface of NFVI-GATEWAY
Connection, the wan interface of NFVI-GATEWAY can distinguish different enterprise gateway accesses by sub-interface or tunnel information.When the company
It is connected to message, the process flow that step 1005 arrives step 1010 can be triggered.
Using example 2
This application exemplary home gateway is communicated by Ethernet access function and VG.VG is located in data center, this application
Example first device is NFVI-GATEWAY, and NFVI-GATEWAY provides RG access as autonomous device, and for VG.
Figure 11 is that the present invention second applies exemplary method flow diagram, as shown in figure 11, comprising:
The LAN interface of step 1100:RG sends DHCP request to the BNG for providing access;
This application example, DHCP request are the IP address request of the LAN interface of home gateway.
Step 1101:BNG receives DHCP request, sends RG certification and VG access AAA request to aaa server;Wherein, RG
Certification and VG access AAA request carry line identification information.
Step 1102:AAA server is authenticated according to RG and VG access AAA request certification RG, and distributes VG link information;VG
Link information includes virtual LAN (VLAN) or multiprotocol label switching (MPLS) subnet information;Aaa server sends RG's
VG link information is to BNG.
VLAN the or MPLS subnet information that step 1103:BNG is returned according to aaa server, what foundation was connect with VG
The connection of NFVI-GATEWAY, and the NFVI-GATEWAY that BNG is connect with VG and the two straton nets that RG is accessed are established on BNG
Mapping.
It should be noted that the mapping for the two straton nets that the NFVI-GATEWAY and RG that BNG is connect with VG is accessed includes:
By the tunnel of the VG NFVI-GATEWAY being connected to, what is connect with the tunnel of NFVI-GATEWAY is connect with RG at the RG of corresponding relationship
The two straton nets entered are connected correspondingly using the tunnel of NFVI-GATEWAY as middle layer;
The NFVI-GATEWAY that step 1104:BNG will receive DHCP request and be sent to connection;
Step 1105:NFVI-GATEWAY receives the DHCP request from BNG, by the identification for including in DHCP request and recognizes
SDN controller is sent in card relevant information;
Identification and authentication-related information include encapsulated in DHCP request with the associated VLAN of RG or with the associated MPLS of RG
Subnet information.
It should be noted that further including the LAN interface etc. of home gateway according to encapsulation in the related technology in DHCP request
Information belongs to the common knowledge of those skilled in the art.
Optionally, when above sending identification and authentication-related information, this application exemplary method further include:
NFVI-GATEWAY sends the tunnel destination address of RG to SDN controller, so that tunnel of the SDN controller according to RG
Destination address is communicated.
Step 1106:SDN controller identifies based on the received and authentication-related information sends certification request information and takes to AAA
Business device;
Certification request information includes identification and authentication-related information, and authentication authorization and accounting solicited message, which carries in DHCP request, to be encapsulated
With the associated VLAN of RG, and/or with the associated MPLS subnet information of RG;
The certification request information from SDN controller carries out RG certification based on the received for step 1107, aaa server;
It should be noted that carrying out the conventional techniques hand that RG certification is those skilled in the art according to certification request information
Section;In addition, this application exemplary method, default SDN controller be it is legal, if necessary to be authenticated to SDN controller, then may be used
To add the treatment process authenticated to SDN controller in this application exemplary method.
When step 1108, aaa server complete RG certification, address management information is distributed for VG;
Optionally, distributing address management information for VG includes:
Aaa server is directly VG distribution address management information;
Address management information includes the relevant IP address of wan interface, the NAT public network address of VG and the NAT of VG of VG
Port information;
Optionally, this application example can be that VG distributes address management information by SDN controller, comprising:
SDN controller receives address pool unique number (ID) information from aaa server;
Address management information is distributed according to address pool information and received address pool id information is pre-configured with for VG.
Optionally, SDN controller distributes address management information according to based on address pool information and address pool id information for VG,
It is determined as the IP address of VG distribution, and will send in the determining IP address for VG distribution to aaa server.
It should be noted that can be used for carrying out security control by sending in determining IP address to aaa server.Such as
It traces to the source.
It should be noted that method in the related technology has been used to be configured with address pool information on BNG, this application is shown
SDN controller can be according to identical principle configuration address pool information in example method;This application exemplary method can also be from BNG
The address pool information of storage is directly acquired, still, before the address pool information stored on obtaining BNG, needs to establish AAA service
The connection of device and BNG.
Step 1109, aaa server are completed to send the address for carrying promising VG and distributing to SDN controller to after RG certification
The authentication response message of management information;
After step 1110:SDN controller receives the authentication response message from aaa server, according to user signing contract information
VG is distributed for RG, the content according to the address management information in authentication response information being VG distribution is VG configuration address;
Optionally, before distributing VG for RG, this application exemplary method further include: aaa server sends to SDN controller and uses
Family signing information;
It should be noted that user signing contract information is existing information in the related technology, it is that user signs with operator
The protocol contents signed when ordering with fidonetFido are stored in aaa server comprising being related to the tactful with net of user;
Optionally, this application example further include: SDN controller is VG distribution to the identification of every RG and authentication-related information
Address management information establish corresponding session control (session) management;
The content of session control management includes: to believe with the associated VLAN of RG, with the associated MPLS subnet information of RG, VG-ID
Breath, the LAN interface information of VG, the wan interface information of VG, the public network address of VGNAT public network, VG NAT port information, distribution
Record and the maintenance of VG address management information, QOS, security strategy and OAM management information.
It should be noted that the control management that conversates includes that the content of session control management is recorded and safeguarded,
Here when maintenance includes: that contracted user logs in, the content of session control management is recorded, when RG is moved back due to some
When out, in login process again, the content of the session control management of record is sent to the RG logged on.
Optionally, the LAN interface access information of pre-stored VG is sent to NFVI-GATEWAY by SDN controller;
The LAN interface access information of VG may include the reachable VG-ID information of the LAN interface of VG and/or the LAN interface of VG
Link information;
It should be noted that the LAN interface access information of VG can be determined by user signing contract information.
Optionally, this application exemplary method further include: the address management information for distributing to VG is handed down to VG by SDN controller
It is configured;
Optionally, this application exemplary method further include:
The address management information for distributing to VG is handed down to VG and is configured by SDN controller;
Optionally, if there is the NAT device shared with VG, this application exemplary method further include: the NAT for distributing to VG is public
The port information of the NAT public network of net address and VG is handed down to the NAT device shared with VG.
It should be noted that VG shared NAT device can be determined by user signing contract information, the shared NAT of VG is determined
Equipment is a common technical means of those skilled in the art, and details are not described herein;
Step 1111:NFVI-GATEWAY extends to the connection of RG and NFVI-GATEWAY and the LAN interface of VG place
Network.
The connected home network device of LAN interface and LAN interface of step 1112:RG sends DHCP request, application to VG
IP address.
The LAN interface and the connected home network device of LAN interface that step 1113:VG is RG distribute IP address.
Step 1114:RG forwards the data flow of home network device, and VG provides business forwarding for home network device;Business
Forwarding includes IP forwarding or the forwarding of NAT or other business processings;
If multiple VG share NAT or other business, processing is forwarded to other business.
RG static can also can also be accessed with enterprise network gateway accessing, enterprise network gateway with dynamic access;Enterprise network net
When closing access, BNG supports two layers of forwarding;When dynamic access, by accessing BNG, request to can access the side VG to aaa server
NFVI-GATEWAY relevant information establishes the connection of the wan interface of enterprise network gateway and the wan interface of NFVI-GATEWAY,
The wan interface of NFVI-GATEWAY can be by realizing and enterprise network gateway with the associated VLAN of RG or with the associated MPLS subnet of RG
Access;When this is connected with message, the process flow that step 1110 is arrived with this application exemplary step 1105 can be triggered.
Using example 3
This application sample application scene is that home gateway passes through three-layer routing access function and VG intercommunication;VG is located in data
Intracardiac, this application example first device is by extending the NFVI- in the first application example and the second application example in BNG
The device of the function of GATEWAY provides RG access for VG.
Figure 12 is that third of the present invention applies exemplary method flow diagram, as shown in figure 12, comprising:
Step 1200:RG sends DHCP request to the BNG being currently accessed;
DHCP request is the IP address request of the wan interface of RG;
For DHCP request when by operator access network (Access network), intermediate equipment will increase line identification
Information.
It should be noted that intermediate equipment may include: digital subscriber line access multiplex (Digital
Dilamolt), optical line terminal or access switch (OLT) etc..
Step 1201:BNG receives the DHCP request from RG, will receive in DHCP request comprising identifying letter related to certification
Breath is sent to SDN controller;
Identification and authentication-related information include: line identification information or the BNG port numbers for receiving DHCP request.
It should be noted that this application exemplary method, it can also be by directly forwarding comprising identification and authentication-related information
The mode of DHCP request is sent to SDN controller.
Step 1202, SDN controller authentication record information according to the pre-stored data judge whether it is new RG;
Optionally, before this application exemplary method step 1002 further include: SDN controller is stored in aaa server completion
The identification and authentication-related information of the RG of certification, as authentication record information.
If RG is new RG, 1003 are thened follow the steps;If not new RG, then it is generally acknowledged that this application example is subsequent
Process is completed;
Step 1203, SDN controller identify based on the received and authentication-related information sends certification request information and takes to AAA
Business device;
Authentication request message carries identification and authentication-related information, and line identification letter is carried in authentication authorization and accounting solicited message
Breath, the BNG port numbers for receiving DHCP request or the message comprising DHCP request content;
Optionally, when identification and authentication-related information are sent on BNG, in order to realize the communication of SDN control and BNG, BNG
Need to send the number of itself to SDN controller, SDN controller is according to the number of BNG and the BNG port numbers of reception DHCP request
It is communicated with BNG.
The certification request information from SDN controller carries out RG certification to step 1204:AAA server based on the received;
It should be noted that this application exemplary method, default SDN controller be it is legal, if necessary to SDN controller
It is authenticated, then can add the authentication processing of more SDN controllers in this step.
When step 1205, aaa server complete RG certification, address management information is distributed for VG;
Optionally, it is directly VG distribution address management information that distribution VG address management information, which includes: aaa server,;
Address management information includes wan interface correlation IP address, the NAT public network address of VG and the NAT public network of VG of VG
Port information;
Optionally, this application example can be that VG distributes address management information by SDN controller, comprising:
SDN controller receives address pool unique number (ID) information from aaa server;
Address management information is distributed according to address pool information and received address pool id information is pre-configured with for VG.
Optionally, SDN controller distributes address management information according to based on address pool information and address pool id information for VG,
It is determined as the IP address of VG distribution, and will send in the determining IP address for VG distribution to aaa server.
It should be noted that can be used for carrying out security control by sending in determining IP address to aaa server.Such as
It traces to the source.
After step 1206, aaa server complete certification, the address administration for carrying promising VG and distributing is returned to SDN controller
The authentication response message of information.
After step 1207:SDN controller receives the authentication response message from aaa server, is contracted and believed according to user
Breath is that RG distributes VG, and the content according to the address management information in authentication response information being VG distribution is VG configuration address;
Optionally, before distributing VG for RG, this application exemplary method further include: aaa server sends to SDN controller and uses
Family signing information;
Optionally, this application example further includes that SDN controller meets the LAN of the WAN IP address of pre-stored RG, VG
Mouth access information is sent to BNG;
The LAN interface access information of VG includes the company of the reachable VG-ID information of the LAN interface of VG and/or the LAN interface of VG
Connect information;
It should be noted that the LAN interface access information of the WAN IP address of RG, VG can be true by user signing contract information
It is fixed.
Optionally, this application exemplary method further include:
The address management information for distributing to VG is handed down to VG and is configured by SDN controller;
Optionally, if the NAT device comprising being shared with VG, this application exemplary method further include: VG NAT will be distributed to
The port information of public network address and VG NAT public network is handed down to the NAT device shared with VG.
It should be noted that VG shares NAT device can determine by user signing contract information, belong to those skilled in the art
Conventional techniques;
The WAN IP address of RG is replied to RG by dhcp message by step 1208:BNG, and by network where RG and VG institute
Subnet be associated after, establish connection.
Step 1209:RG saves the address WAN of VG, establishes RG and connects with the tunnel of BNG.
The LAN interface of step 1210:RG sends DHCP request.
Step 1211:VG distributes IP address by the LAN interface and company's home network device of RG.
After VG carries out business stream process, RG or NAT or other business devices are sent to, Business Stream on BNG finally by being sent to
Internet (Internet).
RG can also be with enterprise network gateway accessing.Enterprise network gateway static can also be accessed with dynamic access.Enterprise network net
When closing access, BNG supports two layers of forwarding;When dynamic access, by accessing BNG, BNG is asked by SDN controller to aaa server
Ask access;BNG is established according to the configuration of SDN controller and is connect by SDN controller dynamic management virtual enterprises network connection.BNG according to
Port connected to the controller identifies enterprise gateway user;Using the step of it is similar with 1203 to 1207 process flow.
Those of ordinary skill in the art will appreciate that all or part of the steps in the above method can be instructed by program
Related hardware (such as processor) is completed, and described program can store in computer readable storage medium, as read-only memory,
Disk or CD etc..Optionally, one or more integrated circuits also can be used in all or part of the steps of above-described embodiment
It realizes.Correspondingly, each module/unit in above-described embodiment can take the form of hardware realization, such as pass through integrated electricity
Its corresponding function is realized on road, can also be realized in the form of software function module, such as is stored in by processor execution
Program/instruction in memory realizes its corresponding function.The present invention is not limited to the hardware and softwares of any particular form
In conjunction with.".
Although disclosed herein embodiment it is as above, the content only for ease of understanding the present invention and use
Embodiment is not intended to limit the invention.Technical staff in any fields of the present invention is taken off not departing from the present invention
Under the premise of the spirit and scope of dew, any modification and variation, but the present invention can be carried out in the form and details of implementation
Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.
Claims (30)
1. a kind of method for realizing address administration characterized by comprising
Software defined network SDN controller according to from first device identification and authentication-related information generate carry out home gateway
The certification request information of RG certification, and authentication and authorization charging AAA service is sent by the RG of the generation certification request information authenticated
Device;
SDN controller is that RG distributes VG according to user signing contract information after aaa server completes RG certification;
SDN controller is VG configuration address according to the authentication response information from aaa server;
The authentication response information are as follows: after aaa server completes certification, the aaa server that carries fed back to SDN controller is
The content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
2. the method according to claim 1, wherein the certification request information includes to identify letter related to certification
Breath;
The identification and authentication-related information include: the Tunnel Identifier of the RG encapsulated in dynamic host configuration protocol DHCP request
Symbol, and/or RG tunnel source address, and/or with the associated virtual LAN VLAN of RG, and/or with the associated multi-protocols mark of RG
Label exchange MPLS subnet information, and/or line identification information, and/or the port wideband network gateway BNG for receiving DHCP request
Number, and/or the message comprising DHCP request content.
3. the method according to claim 1, wherein this method further include: the SDN controller will be stored in advance
The LAN interface access information of VG be sent to the first device.
4. according to the method described in claim 3, it is characterized in that, the LAN interface access information of the VG includes:
The link information of the LAN interface of the reachable virtual gateway unique encodings VG-ID information of the LAN interface of VG, and/or VG.
5. method according to any one of claims 1 to 4, which is characterized in that for RG distribute VG after, if include with
The VG of distribution shared NAT device, the method also includes:
The SDN controller will distribute to the interface port letter of the NAT public network of the network address translation NAT public network address and VG of VG
Breath is handed down to the NAT device shared with the VG.
6. method according to any one of claims 1 to 4, which is characterized in that the method also includes: SDN controller pair
Every RG establishes corresponding session control session management respectively;
The session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG, and/or
The NAT public network of the wide area network wan interface information, and/or VG of the LAN interface information, and/or VG of VG-ID information, and/or VG
The port information of the NAT of public network address, and/or VG, and/or distribution VG address management information, and/or service quality QOS and/
Or security strategy, and/or operation management maintainance OAM management information are recorded and are safeguarded.
7. a kind of method for realizing address administration, which is characterized in that
SDN controller receives the address pool id information from aaa server;
SDN controller is that VG distributes address management information according to address pool information and received address pool id information is pre-configured with;
Wherein, the VG is the VG that SDN controller is RG distribution.
8. the method according to the description of claim 7 is characterized in that
The address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address translation of VG
The interface port information of the NAT of the public network address and VG of NAT.
9. method according to claim 7 or 8, which is characterized in that the method also includes:
SDN controller is determined as VG points according to being that VG distributes address management information based on address pool information and address pool id information
The IP address matched, and will give in the determining IP address for VG distribution to aaa server.
10. a kind of method for realizing address administration characterized by comprising
Aaa server distributes address management information after the certification for completing RG, for VG, and carries to SDN controller feedback
State the authentication response information of the content of the address management information for VG distribution;
Wherein, the VG is the VG that SDN controller is RG distribution.
11. according to the method described in claim 10, it is characterized in that, described include: for VG distribution address management information
The aaa server is directly VG distribution address management information;
The address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address translation of VG
The interface port information of the NAT of the public network address and VG of NAT.
12. method described in 0 or 11 according to claim 1, which is characterized in that before distributing VG for RG, the method also includes:
The aaa server sends user signing contract information to SDN controller.
13. a kind of method for realizing address administration characterized by comprising
First device based on the received request by dynamic host configuration protocol DHCP, sends the identification and certification for including in DHCP request
Relevant information to software defined network SDN controller so that SDN controller according to the identification and authentication-related information generate into
The RG of the generation certification request information authenticated is sent authentication and authorization charging AAA service by the certification request information of row RG certification
Device is RG distribution VG according to user signing contract information, and according to from aaa server after aaa server completes RG certification
Authentication response information is VG configuration address;
The authentication response information are as follows: after aaa server completes certification, the aaa server that carries fed back to SDN controller is
The content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
14. according to the method for claim 13, which is characterized in that the DHCP request from wideband network gateway BNG or
Home gateway RG.
15. according to the method for claim 13, which is characterized in that the first device includes: network function virtualization base
Plinth framework gateway NFVI-GATEWAY or BNG.
16. 3~15 described in any item methods according to claim 1, which is characterized in that
When the first device is NFVI-GATEWAY, the identification and authentication-related information include: to encapsulate in DHCP request
The tunnel identifier of RG, and/or the tunnel source address of RG, and/or with the associated virtual LAN VLAN of RG, and/or with RG close
The multiprotocol label switching MPLS subnet information, and/or line identification information of connection, and/or message comprising DHCP request content;
When the first device is BNG, the identification and authentication-related information include: line identification information, and/or reception DHCP
The BNG port numbers of request, and/or message comprising DHCP request content.
17. 3~15 described in any item methods according to claim 1, which is characterized in that send identification letter related to certification
When ceasing SDN controller, the method also includes:
The first device sends the mailing address of first device to SDN controller, so that SDN controller based on the received first
The mailing address of device is communicated with first device.
18. 3~15 described in any item methods according to claim 1, which is characterized in that this method further include:
Network where the connection of RG and first device is extended to the local network LAN interface of virtual gateway VG by the first device.
19. a kind of SDN controller for realizing address administration characterized by comprising generate transmission unit, allocation unit and ground
Location configuration unit;Wherein,
It generates transmission unit to be used for, according to the certification of identification and authentication-related information generation progress RG certification from first device
Solicited message, and aaa server is sent by the RG of the generation certification request information authenticated;
Allocation unit is used for, and is that RG distributes VG according to user signing contract information after aaa server completes RG certification;
Address configuration unit is used for, and SDN controller is VG configuration address according to the authentication response information from aaa server;
The authentication response information are as follows: after aaa server completes certification, the aaa server that carries fed back to SDN controller is
The content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
20. SDN controller according to claim 19, which is characterized in that the SDN controller further includes that access information is sent
Unit, for the LAN interface access information of pre-stored VG to be sent to the first device.
21. SDN controller described in 9 or 20 according to claim 1, which is characterized in that the SDN controller further includes lower bill
Member, it is if including the NAT device shared with the VG of distribution, the NAT for distributing to VG is public after distributing VG for RG
The port information of the NAT public network of net address and VG is handed down to the NAT device shared with the VG.
22. SDN controller described in 9 or 20 according to claim 1, which is characterized in that the SDN controller further includes session control
Unit is managed for establishing corresponding session control session respectively to every RG;
The session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG, and/or
The NAT public network of the wide area network wan interface information, and/or VG of the LAN interface information, and/or VG of VG-ID information, and/or VG
The port information, and/or distribution VG address management information, and/or QOS of the NAT of public network address, and/or VG, and/or safe plan
Slightly, and/or OAM management information is recorded and is safeguarded.
23. a kind of SDN controller for realizing address administration characterized by comprising receive address pool numbered cell and distributively
Location unit;Wherein,
It receives address pool numbered cell to be used for, receives the address pool unique number id information from aaa server;
Distribution address location is used for, and distributes address pipe according to address pool information and received address pool id information is pre-configured with for VG
Manage information;
Wherein, the VG is the VG that SDN controller is RG distribution.
24. SDN controller according to claim 23, which is characterized in that the SDN controller further include on send unit,
For being determined as the IP of VG distribution according to being that VG distributes address management information based on address pool information and address pool id information
Address, and will give in the determining IP address for VG distribution to aaa server.
25. a kind of aaa server for realizing address administration, which is characterized in that including distributing information unit, for completing to RG's
After certification, address management information is distributed for VG, and carry the address management information distributed for VG to SDN controller feedback
Content authentication response information;
Wherein, the VG is the VG that SDN controller is RG distribution.
26. aaa server according to claim 25, which is characterized in that the distribution information unit is specifically used for, directly
Address management information is distributed for VG;
The address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address translation of VG
The interface port information of the NAT of the public network address and VG of NAT.
27. the aaa server according to claim 25 or 26, which is characterized in that the aaa server further includes signing letter
Transmission unit is ceased, for sending user signing contract information to SDN controller before distributing VG for RG.
28. a kind of device for realizing address administration characterized by comprising relevant information transmission unit, for based on the received
DHCP request sends the identification for including in DHCP request and authentication-related information to SDN controller so that SDN controller according to
The identification and authentication-related information generate the certification request information for carrying out RG certification, and the certification request that the RG of generation is authenticated is believed
Breath is sent to authentication and authorization charging aaa server, is RG points according to user signing contract information after aaa server completes RG certification
It is VG configuration address with VG, and according to the authentication response information from aaa server;
The authentication response information are as follows: after aaa server completes certification, the aaa server that carries fed back to SDN controller is
The content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
29. device according to claim 28, which is characterized in that the relevant information transmission unit is also used to,
When sending the identification and authentication-related information to SDN controller, the mailing address of described device is sent to SDN control
Device, so that the mailing address of SDN controller described device based on the received is communicated with described device.
30. the device according to claim 28 or 29, which is characterized in that the device further includes extension apparatus, is used for, by RG
Connection with described device extends to network where the LAN interface of VG.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610188372.0A CN107241454B (en) | 2016-03-29 | 2016-03-29 | A kind of method, apparatus that realizing address administration, aaa server and SDN controller |
PCT/CN2017/073747 WO2017166936A1 (en) | 2016-03-29 | 2017-02-16 | Method and device for implementing address management, and aaa server and sdn controller |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610188372.0A CN107241454B (en) | 2016-03-29 | 2016-03-29 | A kind of method, apparatus that realizing address administration, aaa server and SDN controller |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107241454A CN107241454A (en) | 2017-10-10 |
CN107241454B true CN107241454B (en) | 2019-08-16 |
Family
ID=59963367
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610188372.0A Active CN107241454B (en) | 2016-03-29 | 2016-03-29 | A kind of method, apparatus that realizing address administration, aaa server and SDN controller |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107241454B (en) |
WO (1) | WO2017166936A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107666419B (en) * | 2016-07-28 | 2020-12-11 | 中兴通讯股份有限公司 | Virtual broadband access method, controller and system |
CN111200665B (en) * | 2018-11-19 | 2022-07-01 | ***通信集团吉林有限公司 | User source tracing method and device and computer readable storage medium |
CN114500276A (en) * | 2020-11-13 | 2022-05-13 | 中兴通讯股份有限公司 | Data processing method, device, system and computer readable storage medium |
CN112637154B (en) * | 2020-12-09 | 2022-06-21 | 迈普通信技术股份有限公司 | Equipment authentication method and device, electronic equipment and storage medium |
CN113765904B (en) * | 2021-08-26 | 2023-03-31 | 新华三大数据技术有限公司 | Authentication method and device |
CN114125596B (en) * | 2021-10-21 | 2023-12-05 | 中盈优创资讯科技有限公司 | PON-SDWAN intelligent terminal normalization control method and device |
CN115361605B (en) * | 2022-10-20 | 2023-03-24 | 武汉长光科技有限公司 | Method, device, equipment and computer readable storage medium for roaming in virtual domain |
CN116980247B (en) * | 2023-09-22 | 2024-01-16 | 广州市成格信息技术有限公司 | Method and system for realizing IP (Internet protocol) following based on software defined local area network |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103067268A (en) * | 2012-12-31 | 2013-04-24 | 华为技术有限公司 | Method and server of virtual home gateway service delivery |
CN103428771A (en) * | 2013-09-05 | 2013-12-04 | 迈普通信技术股份有限公司 | Communication method, software defined network SDN switch and communication system |
CN104243265A (en) * | 2014-09-05 | 2014-12-24 | 华为技术有限公司 | Gateway control method, device and system based on virtual machine migration |
CN104767696A (en) * | 2014-01-07 | 2015-07-08 | 上海贝尔股份有限公司 | Method and device for controlling user access in SDN (software defined network) access network |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9743334B2 (en) * | 2013-02-11 | 2017-08-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for enabling data path selection in a virtual home gateway |
CN103685250A (en) * | 2013-12-04 | 2014-03-26 | 蓝盾信息安全技术股份有限公司 | Virtual machine security policy migration system and method based on SDN |
US9954861B2 (en) * | 2014-01-21 | 2018-04-24 | Centurylink Intellectual Property Llc | Consumer choice for broadband application and content services |
-
2016
- 2016-03-29 CN CN201610188372.0A patent/CN107241454B/en active Active
-
2017
- 2017-02-16 WO PCT/CN2017/073747 patent/WO2017166936A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103067268A (en) * | 2012-12-31 | 2013-04-24 | 华为技术有限公司 | Method and server of virtual home gateway service delivery |
CN103428771A (en) * | 2013-09-05 | 2013-12-04 | 迈普通信技术股份有限公司 | Communication method, software defined network SDN switch and communication system |
CN104767696A (en) * | 2014-01-07 | 2015-07-08 | 上海贝尔股份有限公司 | Method and device for controlling user access in SDN (software defined network) access network |
CN104243265A (en) * | 2014-09-05 | 2014-12-24 | 华为技术有限公司 | Gateway control method, device and system based on virtual machine migration |
Non-Patent Citations (1)
Title |
---|
家庭网关虚拟化研究与应用;程海瑞;《电信网技术》;20150930(第9期);全文 |
Also Published As
Publication number | Publication date |
---|---|
WO2017166936A1 (en) | 2017-10-05 |
CN107241454A (en) | 2017-10-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107241454B (en) | A kind of method, apparatus that realizing address administration, aaa server and SDN controller | |
EP3228053B1 (en) | Enf selection for nfvi | |
EP1753180B1 (en) | Server for routing a connection to a client device | |
CN105637805B (en) | Enhance mobile alternate channel to solve the node failure in wired networks | |
CN103036784B (en) | Method and apparatus for two layers of enterprise network infrastructure of self-organizing | |
CN105025387B (en) | The method and system of IPTV intelligent terminal progress IPTV service and Internet service | |
CN107852365A (en) | Dynamic VPN Policy model with encryption and traffic engineering parsing | |
EP3328004A1 (en) | Broadband access | |
CN106302320B (en) | The method, apparatus and system authorized for the business to user | |
US8559363B2 (en) | Method for operating multi-domain provider Ethernet networks | |
CN103685026A (en) | Virtual network access method and system | |
CN103716213B (en) | The method run in fixed access network and in a user device | |
CN107786613A (en) | Broadband Remote Access Server BRAS forwards implementation method and device | |
CN101461198A (en) | Relay network system and terminal adapter | |
WO2018019299A1 (en) | Virtual broadband access method, controller, and system | |
CN107770012A (en) | A kind of broad band access method, device and virtual broadband RAS system | |
CN107547351A (en) | Address distribution method and device | |
CN107769939A (en) | Network element management method, webmaster, Gateway Network Element and system in data communication network | |
CN107770010A (en) | A kind of home intranet method and home networking system based on OpenFlow | |
CN105635335B (en) | Social resources cut-in method, apparatus and system | |
CN104253980B (en) | Connection method and device of a kind of headend equipment with backstage media device | |
EP3744051B1 (en) | Virtual tenant for a multiple dwelling unit | |
WO2015100585A1 (en) | Fiber-to-the-distribution point device and communication method therefor | |
CN107547467B (en) | Circuit authentication processing method, system and controller | |
JP5261432B2 (en) | Communication system, packet transfer method, network switching apparatus, access control apparatus, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |