CN107241454B - A kind of method, apparatus that realizing address administration, aaa server and SDN controller - Google Patents

A kind of method, apparatus that realizing address administration, aaa server and SDN controller Download PDF

Info

Publication number
CN107241454B
CN107241454B CN201610188372.0A CN201610188372A CN107241454B CN 107241454 B CN107241454 B CN 107241454B CN 201610188372 A CN201610188372 A CN 201610188372A CN 107241454 B CN107241454 B CN 107241454B
Authority
CN
China
Prior art keywords
information
address
sdn controller
aaa server
certification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610188372.0A
Other languages
Chinese (zh)
Other versions
CN107241454A (en
Inventor
吴波
王怀滨
张如通
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201610188372.0A priority Critical patent/CN107241454B/en
Priority to PCT/CN2017/073747 priority patent/WO2017166936A1/en
Publication of CN107241454A publication Critical patent/CN107241454A/en
Application granted granted Critical
Publication of CN107241454B publication Critical patent/CN107241454B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of method, apparatus that realizing address administration, SDN controller and aaa server, comprising: the identification of the home gateway from first device (RG) and authentication-related information generate and send and carry out the certification request information of home gateway RG certification to authentication and authorization charging (AAA) server software defined network (SDN) controller based on the received;Aaa server distributes address management information after the certification for completing RG, for VG;SDN controller is after aaa server completes RG certification, it is that RG distributes virtual gateway (VG) according to user signing contract information, SDN controller is VG configuration address according to the authentication response information of the content of the address management information distributed of the promising VG of carrying from aaa server.Present invention method is that RG distributes VG by SDN controller, is that VG distributes address management information by aaa server, the address administration after realizing VG creation.

Description

A kind of method, apparatus that realizing address administration, aaa server and SDN controller
Technical field
Present document relates to but be not limited to data communication technology, espespecially a kind of method, apparatus for realizing address administration, Certificate Authority Charging (AAA) server and software defined network (SDN) controller.
Background technique
Universal with Internet application and broadband services, operator provides more network services for broadband user, Such as the business such as safe, virtual network, filtering, load balancing, multimedia and multimedia enhancing.In order to provide these business, transport Battalion quotient mainly uses special equipment or router dedicated service plate come the business of disposing.Deployment-specific equipment or in existing routing Framework is at high cost using dedicated service plate and there is a problem of that deployment is complicated and time-consuming, and network operator is unable to complete quickly.This Outside, there is the influence portion for carrying out specific customization and manual configuration there is also maintenance cost height in the deployment of special equipment or router The problem of administration's business.
Virtualization technology uses general hardware structure, by the way that common hardware is carried out resource pool management, to a certain degree On improve the efficiency of service deployment.
Wired data communication net provides internet (Internet) access and internet for domestic consumer and enterprise customer Value-added service.Access control in the related technology passes through BAS Broadband Access Server (BRAS, Broadband Remote Access Server), business router (SR, Service Router), wideband network gateway (BNG, Broadband Network ) etc. Gateway special equipments are realized.However, the user of wired data communication net is more, flow is big, business is complicated.Single is dedicated Equipment or single virtual technology all can not comprehensively solve these problems.Current standards tissue is proposed by dedicated setting existing Virtualization technology is extended on the basis of standby networking, preferably to solve the fast-forwarding of business datum and carry out to business flexible Extension.BBF (Broadband Forum) normal structure proposes that virtual gateway (VG, Virtual Gateway) cooperation is deployed in The physical gateway of network where user, subscriber household gateway (RG, Residential Gateway) is for realizing basic network function Can access, realize the flexible deployment of business by VG, the WT-317 protocol definition in the related technology functional requirement of VG.
Summary of the invention
It is the general introduction to the theme being described in detail herein below.This general introduction is not the protection model in order to limit claim It encloses.
This application example provides a kind of method, apparatus for realizing address administration, aaa server and SDN controller, Neng Goushi Existing address administration.
The embodiment of the invention provides a kind of methods for realizing address administration, comprising:
Software defined network SDN controller according to from first device identification and authentication-related information generate carry out family The certification request information of gateway RG certification, and authentication and authorization charging AAA is sent by the RG of the generation certification request information authenticated Server;
SDN controller is that RG distributes VG according to user signing contract information after aaa server completes RG certification;
SDN controller is VG configuration address according to the authentication response information from aaa server;
The authentication response message are as follows: after aaa server completes certification, that feeds back to SDN controller carries AAA service Device is the content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
Optionally, certification request information includes identification and authentication-related information;
The identification and authentication-related information include: the tunnel mark of the RG encapsulated in dynamic host configuration protocol DHCP request Know symbol, and/or RG tunnel source address, and/or with the associated virtual LAN VLAN of RG, and/or with the associated multi-protocols of RG Tag switching MPLS subnet information, and/or line identification information, and/or the port wideband network gateway BNG for receiving DHCP request Number, and/or the message comprising DHCP request content.
Optionally, this method further include: the LAN interface access information of pre-stored VG is sent to by the SDN controller The first device.
Optionally, the LAN interface access information of VG includes:
The connection of the LAN interface of the reachable virtual gateway unique encodings VG-ID information of the LAN interface of VG, and/or VG is believed Breath.
Optionally, after distributing VG for RG, if including the NAT device shared with the VG of distribution, the method Further include:
The SDN controller will distribute to the interface of the NAT public network of the network address translation NAT public network address and VG of VG Port information is handed down to the NAT device shared with the VG.
Optionally, method further include: SDN controller is established corresponding session control session to every RG respectively and managed;
The session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG and/ Or the LAN interface information, and/or VG of VG-ID information, and/or VG wide area network wan interface information, and/or VG NAT public network Public network address, and/or VG NAT port information, and/or distribution VG address management information, and/or service quality QOS, And/or security strategy, and/or operation management maintainance OAM management information are recorded and are safeguarded.
On the other hand, the embodiment of the present invention also provides a kind of method for realizing address administration, comprising:
SDN controller receives the address pool id information from aaa server;
SDN controller is that VG distributes address administration letter according to address pool information and received address pool id information is pre-configured with Breath;
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network of VG Convert the interface port information of the public network address of NAT and the NAT of VG in location;
Optionally, method further include:
SDN controller is determined as according to being that VG distributes address management information based on address pool information and address pool id information The IP address of VG distribution, and will give in the determining IP address for VG distribution to aaa server.
On the other hand, the embodiment of the present invention also provides a kind of method for realizing address administration, comprising:
Aaa server distributes address management information after the certification for completing RG, for VG, and feeds back and carry to SDN controller There is the authentication response message of the content of the address management information for VG distribution;
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, distributing address management information for VG includes:
The aaa server is directly VG distribution address management information;
The address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address of VG Convert the interface port information of the public network address of NAT and the NAT of VG.
Optionally, before distributing VG for RG, the method also includes:
The aaa server sends user signing contract information to SDN controller.
On the other hand, the embodiment of the present invention also provides a kind of method for realizing address administration, comprising:
First device based on the received dynamic host configuration protocol DHCP request, send DHCP request in include identification and Authentication-related information is to software defined network SDN controller, so that SDN controller is raw according to the identification and authentication-related information At the certification request information for carrying out RG certification.
Optionally, DHCP request comes from wideband network gateway BNG or home gateway RG.
Optionally, first device includes: network function virtualization architecture gateway NFVI-GATEWAY or BNG.
Optionally, when first device is NFVI-GATEWAY, the identification and authentication-related information include: in DHCP request The tunnel identifier of the RG of encapsulation, and/or the tunnel source address of RG, and/or with the associated virtual LAN VLAN of RG, and/or With the associated multiprotocol label switching MPLS subnet information of RG, and/or line identification information, and/or include DHCP request content Message;
When the first device is BNG, the identification and authentication-related information include: line identification information, and/or reception The BNG port numbers of DHCP request, and/or message comprising DHCP request content.
Optionally, when sending the identification and authentication-related information to SDN controller, the method also includes:
The first device sends the mailing address of first device to SDN controller, so that SDN controller is based on the received The mailing address of first device is communicated with first device.
Optionally, this method further include:
Net where the connection of RG and first device is extended to the local network LAN interface of virtual gateway VG by the first device Network.
On the other hand, the embodiment of the present invention also provides a kind of SDN controller for realizing address administration, comprising: generates and sends Unit, allocation unit and address configuration unit;Wherein,
Transmission unit is generated to be used for, according to from first device identification and authentication-related information generate and carry out RG certification Certification request information, and aaa server is sent by the RG of the generation certification request information authenticated;
Allocation unit is used for, and is that RG distributes VG according to user signing contract information after aaa server completes RG certification;
Address configuration unit is used for, and SDN controller is VG configuration ground according to the authentication response information from aaa server Location;
The authentication response message are as follows: after aaa server completes certification, that feeds back to SDN controller carries AAA service Device is the content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
Optionally, which further includes access information transmission unit, for by the LAN interface of pre-stored VG Access information is sent to the first device.
Optionally, which further includes issuance unit, after distributing VG for RG, if including and distributing The shared NAT device of the VG, by the port information of the NAT public network of the NAT public network address and VG of distributing to VG be handed down to The VG shared NAT device.
Optionally, which further includes Session Control Unit, for establishing corresponding session control respectively to every RG Session management processed;
The session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG and/ Or the LAN interface information, and/or VG of VG-ID information, and/or VG wide area network wan interface information, and/or VG NAT public network Public network address, and/or VG NAT port information, and/or distribution VG address management information, and/or QOS, and/or safety Strategy, and/or OAM management information are recorded and are safeguarded.
In another aspect, the embodiment of the present invention also provides a kind of SDN controller for realizing address administration, comprising: receive address Pond numbered cell and distribution address location;Wherein,
It receives address pool numbered cell to be used for, receives the address pool unique number id information from aaa server;
Distribution address location is used for, according to be pre-configured with address pool information and received address pool id information be VG distributively Location management information;
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, SDN controller further include on send unit,
For being determined as VG distribution according to being that VG distributes address management information based on address pool information and address pool id information IP address, and will it is determining for VG distribution IP address on send to aaa server.
In another aspect, the embodiment of the present invention also provides a kind of aaa server for realizing address administration, including distribution information list Member distributes address management information after completing the certification to RG for VG, and carrying described to SDN controller feedback is VG The authentication response message of the content of the address management information of distribution;
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, distribution information unit is specifically used for, and directly distributes address management information for VG;
The address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address of VG Convert the interface port information of the public network address of NAT and the NAT of VG.
Optionally, the aaa server further includes signing information transmission unit, for being controlled before distributing VG for RG to SDN Device processed sends user signing contract information.
In another aspect, the embodiment of the present invention also provides a kind of device for realizing address administration, comprising: relevant information sends single Member sends the identification for including in DHCP request and authentication-related information to SDN controller for DHCP request based on the received, So that SDN controller generates the certification request information for carrying out RG certification according to the identification and authentication-related information.
Optionally, relevant information transmission unit is also used to,
When sending the identification and authentication-related information to SDN controller, the mailing address of described device is sent to SDN control Device processed, so that the mailing address of SDN controller described device based on the received is communicated with described device.
Optionally, which further includes extension apparatus, is used for, and the LAN that the connection of RG and described device extends to VG is connect Network where mouthful.
Compared with the relevant technologies, technical scheme includes: that software defined network (SDN) controller comes based on the received Identification and authentication-related information from the home gateway (RG) of first device, which generate and send, carries out recognizing for home gateway RG certification Solicited message is demonstrate,proved to authentication and authorization charging (AAA) server;Aaa server distributes address pipe after the certification for completing RG, for VG Manage information;SDN controller is that RG distributes virtual gateway (VG) according to user signing contract information after aaa server completes RG certification; Aaa server distributes address management information after the certification for completing RG, for VG, and SDN controller is according to taking from aaa server The authentication response information of the content of address management information with promising VG distribution is VG configuration address.Present invention method is logical Crossing SDN controller is that RG distributes VG, is that VG distributes address management information by aaa server, the address after realizing VG creation Management.
Detailed description of the invention
Fig. 1 embodiment of the present invention realizes the flow chart of the method for address administration;
Fig. 2 another embodiment of the present invention realizes the flow chart of the method for address administration;
Fig. 3 another embodiment of the present invention realizes the flow chart of the method for address administration;
Fig. 4 yet another embodiment of the invention realizes the flow chart of the method for address administration;
Fig. 5 is the structural block diagram for the device that the embodiment of the present invention realizes address administration;
Fig. 6 is the structural block diagram for the SDN controller that the embodiment of the present invention realizes address administration;
Fig. 7 is the structural block diagram of another SDN controller for realizing address administration of the embodiment of the present invention;
Fig. 8 is the structural block diagram for the aaa server that the embodiment of the present invention realizes address administration;
Fig. 9 is to apply exemplary schematic network structure;
Figure 10 is that the present invention first applies exemplary method flow diagram;
Figure 11 is that the present invention second applies exemplary method flow diagram;
Figure 12 is that third of the present invention applies exemplary method flow diagram.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application Feature can mutual any combination.
Inventors have found that VG is usually thousands of, huge amount;Aaa server is now used to distribute VG- for RG in the technology of pass ID, due to VG be it is virtual, may failure, power down or change, RG breaks down, power down or when change, needs to service in AAA Think highly of and newly distribute VG-ID for RG, realize complexity, in addition, in the related technology without providing the relevant address management information of VG WAN Distribution method;How dynamic address management is carried out to VG, not yet proposes effective scheme in the related technology.
Fig. 1 embodiment of the present invention realizes the flow chart of the method for address administration, as shown in Figure 1, comprising:
Dynamic host configuration protocol (DHCP) is requested based on the received for step 100, first device, is sent in DHCP request and is wrapped The identification that contains and authentication-related information are to software defined network (SDN) controller.
Present invention method, according to identification and authentication-related information, SDN controller generates the certification for carrying out RG certification Solicited message.
Optionally, DHCP request comes from wideband network gateway (BNG) or RG.
It should be noted that present invention method, DHCP request can come from BNG, and the DHCP request from BNG can To include the DHCP request of RG transmission BNG.
Optionally, in present invention method, first device includes: network function virtualization architecture gateway (NFVI-GATEWAY) or BNG.
Optionally, when first device is NFVI-GATEWAY, identification and authentication-related information include: to encapsulate in DHCP request The tunnel identifier of RG, and/or the tunnel source address of RG, and/or with the associated virtual LAN VLAN of RG, and/or and RG Associated multiprotocol label switching MPLS subnet information, and/or line identification information, and/or disappearing comprising DHCP request content Breath;
When first device is BNG, identification and authentication-related information include: line identification information, and/or reception DHCP request BNG port numbers, and/or message comprising DHCP request content.
When sending identification and authentication-related information to SDN controller, present invention method further includes step 101:
Step 101, first device send the mailing address of first device to SDN controller, so that SDN controller is according to connecing The mailing address of the first device of receipts is communicated with first device.
It should be noted that the mailing address of first device may include tunnel when first device is NFVI-GATEWAY Destination address;When first device is BNG, the mailing address of first device may include that BNG is sent to itself compiling for SDN controller Number and receive DHCP request BNG port numbers.
Optionally, present invention method further include:
The connection of RG and first device is extended to net where local area network (LAN) interface of virtual gateway (VG) by first device Network.
It should be noted that network where the LAN interface of VG here includes: SDN controller in aaa server completion RG It is network where RG distributes the LAN interface of VG according to user signing contract information after certification.
Present invention method can implement the present invention using with IPV4, IPV6 and NAT network in heterogeneous networks When implementation method, according to the difference of agreement, partial information needs to carry out the adjustment of adaptability, which does not need this field Technical staff carries out creative work.
Fig. 2 another embodiment of the present invention realizes the flow chart of the method for address administration, as shown in Figure 2, comprising:
Step 200, software defined network (SDN) controller are according to identification and authentication-related information life from first device Authentication and authorization charging is sent at the certification request information for carrying out RG certification, and by the RG of the generation certification request information authenticated (AAA) server;
Step 201, SDN controller are that RG distributes VG according to user signing contract information after aaa server completes RG certification;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
It should be noted that user signing contract information includes the configurations of customer service, including IP for network connection Address information, user bandwidth information, quality of service information, security control relevant information and user's supplementary service information are (such as family Long control, firewall etc.).
In addition, distributing VG according to user signing contract information for RG may include: that can choose basic business using template way Template, corresponding basis IPv4VG, the basis privately owned VG of IPv6VG or IPv4, and template of activating business, are corresponding with home control Business, household safe business etc..Service template ID can be sent to SDN controller by AAA, and SDN controller is according to template ID group Close the VG that different business is supported in creation.
Step 202, SDN controller are VG configuration address according to the authentication response information from aaa server;
Authentication response message are as follows: after aaa server completes certification, the aaa server that carries fed back to SDN controller is The content of the address management information of VG distribution.
Optionally, in present invention method, certification request information includes identification and authentication-related information;
Identification and authentication-related information include: the tunnel identifier of the RG encapsulated in DHCP request, and/or the tunnel source of RG Address, and/or with the associated VLAN of RG, and/or with the associated MPLS subnet information of RG, and/or line identification information, and/or Receive the BNG port numbers of DHCP request, and/or the message comprising DHCP request content.
Optionally, present invention method further include: the LAN interface of pre-stored VG is accessed letter by SDN controller Breath is sent to first device.
Optionally, the LAN interface access information of VG includes:
The connection of the LAN interface of reachable virtual gateway unique encodings (VG-ID) information of the LAN interface of VG, and/or VG is believed Breath.
Optionally, after distributing VG for RG, if including the NAT device shared with the VG of distribution, the embodiment of the present invention Method further include:
SDN controller will distribute to the interface (port) of the NAT public network of the network address translation NAT public network address and VG of VG Information is handed down to the NAT device shared with VG.
Optionally, present invention method further include: SDN controller establishes corresponding session control to every RG respectively (session) it manages;
Session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG, and/or The NAT public network of the wide area network wan interface information, and/or VG of the LAN interface information, and/or VG of VG-ID information, and/or VG The port information, and/or distribution VG address management information, and/or service quality (QOS) of the NAT of public network address, and/or VG, And/or security strategy, and/or operation management maintainance (OAM) management information are recorded and are safeguarded.
Present invention method is that RG distributes VG by SDN controller, the address administration after realizing VG creation.
Present invention method can implement the present invention using with IPV4, IPV6 and NAT network in heterogeneous networks When implementation method, according to the difference of agreement, partial information needs to carry out the adjustment of adaptability, which does not need this field Technical staff carries out creative work.
Fig. 3 another embodiment of the present invention realizes the flow chart of the method for address administration, as shown in Figure 3, comprising:
Step 301, aaa server distribute address management information after the certification for completing RG, for VG, and to SDN controller Feedback carries the authentication response message of the content of the address management information of promising VG distribution.
Wherein, the VG is the VG that SDN controller is RG distribution.
It is set it should be noted that the aaa server of implementation method of the present invention can be closed with Dynamic Host Configuration Protocol server, it can The function of Dynamic Host Configuration Protocol server, the information as needed for the embodiment of the present invention for including in Dynamic Host Configuration Protocol server are realized in aaa server It has differences, the adjustment for needing those skilled in the art that actual conditions is combined to carry out adaptability, the partial adjustment does not need ability Field technique personnel carry out creative labor.
In addition, distributing address management information for VG, and it can be performed separately for RG distribution VG, there is no timing passes for the two System;It is when both completing, then reaching the result is that the VG for being RG distribution is to be assigned with address management information.
Optionally, distributing address management information for VG includes:
Aaa server is directly VG distribution address management information;
Address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address translation of VG (NAT) interface (port) information of the NAT of public network address and VG.
It should be noted that having address management information or aaa server in aaa server from operator's operation management It is inquired in system.Operator's operation management system stores the address management information created when user's signing.
Optionally, before distributing VG for RG, present invention method further includes step 300;
Step 300, aaa server send user signing contract information to SDN controller.
Present invention method is that VG distributes address management information by aaa server, the ground after realizing VG creation Location management.
Present invention method can implement the present invention using with IPV4, IPV6 and NAT network in heterogeneous networks When implementation method, according to the difference of agreement, partial information needs to carry out the adjustment of adaptability, which does not need this field Technical staff carries out creative work.
Fig. 4 yet another embodiment of the invention realizes the flow chart of the method for address administration, as shown in Figure 4, comprising:
Step 400, SDN controller receive the address pool id information from aaa server;
Step 401, SDN controller are VG distribution according to preconfigured address pool information and received address pool id information Address management information;
Wherein, the VG is the VG that SDN controller is RG distribution.
It should be noted that address pool ID represents an IP address section and port end, such as 130.0.0.1~200, end Slogan 2000~3000, SDN controller are that different VG is distributed accordingly respectively out of this IP address section and port end The management information being made of IP address and port range;The IP address of different VG can be identical, when IP address is identical, port range It is different.
Optionally, address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network of VG Convert the interface port information of the public network address of NAT and the NAT of VG in location;
Optionally, present invention method further include:
SDN controller is determined as according to being that VG distributes address management information based on address pool information and address pool id information The IP address of VG distribution, and will give in the determining IP address for VG distribution to aaa server.
It should be noted that can be used for carrying out security control by sending in determining IP address to aaa server.Such as It traces to the source.
Fig. 5 is the structural block diagram for the device that the embodiment of the present invention realizes address administration, as shown in Figure 5, comprising: relevant information Transmission unit sends the identification for including in DHCP request and authentication-related information and controls to SDN for DHCP request based on the received Device processed, so that SDN controller generates the certification request information for carrying out RG certification according to the identification and authentication-related information.
Optionally, relevant information transmission unit is also used to,
When sending identification and authentication-related information to SDN controller, the mailing address of sending device to SDN controller, with Communicate the mailing address of SDN controller device based on the received with device.
The device of that embodiment of the invention further includes that extension apparatus is used for, and the connection of RG and device is extended to the LAN interface of VG Place network.
Fig. 6 is the structural block diagram for the SDN controller that the embodiment of the present invention realizes address administration, as shown in Figure 6, comprising: raw At transmission unit, allocation unit and address configuration unit;Wherein,
Transmission unit is generated to be used for, according to from first device identification and authentication-related information generate and carry out RG certification Certification request information, and aaa server is sent by the RG of the generation certification request information authenticated;
Allocation unit is used for, and is that RG distributes VG according to user signing contract information after aaa server completes RG certification;
Address configuration unit is used for, and SDN controller is VG configuration ground according to the authentication response information from aaa server Location;
Authentication response message includes: to carry aaa server to what SDN controller was fed back after aaa server completes certification For the content of the address management information of VG distribution;
Wherein, VG is the VG that address management information is distributed by SDN controller or aaa server.
Optionally, the embodiment of the present invention, SDN controller further includes address pool transmission unit, preconfigured for sending Address pool information is to aaa server.
Optionally, the embodiment of the present invention, SDN controller further include access information transmission unit, and being used for will be pre-stored The LAN interface access information of VG is sent to first device.
Optionally, the embodiment of the present invention, SDN controller further include issuance unit, after distributing VG for RG, if packet Containing the NAT device shared with the VG of distribution, under the port information that the NAT public network of the NAT public network address and VG of VG will be distributed to Issue the NAT device shared with VG.
Optionally, the embodiment of the present invention, SDN controller further include Session Control Unit, for establishing respectively to every RG Corresponding session control session management;
Session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG, and/or The public affairs of the NAT public network of the wide area network wan interface information, and/or VG of VG-ID information, and/or VG LAN interface information, and/or VG The port information, and/or distribution VG address management information, and/or QOS, and/or security strategy of the NAT of net address, and/or VG, And/or OAM management information is recorded and is safeguarded.
Fig. 7 is the structural block diagram for the SDN controller that the embodiment of the present invention realizes address administration, as shown in fig. 7, comprises receiving Address pool numbered cell and distribution address location;Wherein,
It receives address pool numbered cell to be used for, receives the address pool unique number id information from aaa server;
Distribution address location is used for, according to be pre-configured with address pool information and received address pool id information be VG distributively Location management information.
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, SDN controller further include on send unit,
For being determined as VG distribution according to being that VG distributes address management information based on address pool information and address pool id information IP address, and will it is determining for VG distribution IP address on send to aaa server.
Fig. 8 is the structural block diagram for the aaa server that the embodiment of the present invention realizes address administration, as shown in Figure 8, comprising: point With information unit, after completing the certification to RG, address management information is distributed for VG, and carry to SDN controller feedback The authentication response message of the content of the address management information for VG distribution;
Wherein, the VG is the VG that SDN controller is RG distribution.
Optionally, distribution information unit is specifically used for, and directly distributes address management information for VG;
Address management information includes: that the interface related IP address of wide area network (WAN) of VG, and/or the network address of VG turn Change the public network address of (NAT) and interface (port) information of the NAT of VG.
It should be noted that the relevant IP address of the wan interface of VG includes the IPv4, and/or IPv6 of the wan interface of VG Location.
Optionally, aaa server of the embodiment of the present invention further includes signing information transmission unit, for for RG distribute VG it Before, user signing contract information is sent to SDN controller.
The method of the present invention is carried out to understand detailed description below by way of using example, is only used for stating this hair using example Bright embodiment, is not intended to limit the scope of protection of the present invention.
It is apparent to make to state using example, it is illustrated to using exemplary network structure, Fig. 9 is that application is exemplary Schematic network structure, as shown in figure 9, including: home gateway, virtual gateway, wideband network gateway, NFVI- in network structure GATEWAY, SDN controller and aaa server etc.;Wherein virtual gateway is located in the network of network function virtualization.
Using example 1
In this application example, home gateway (RG, Residential Gateway) includes three-layer routing access function, is led to It crosses on wan interface through three layer tunnel encapsulation and VG intercommunication;Virtual gateway (VG) is located at the net of network function virtualization (NFV) In network, first device NFVI-GATEWAY provides RG access as autonomous device for VG.
Figure 10 is that the present invention first applies exemplary method flow diagram, as shown in Figure 8, comprising:
Step 1000:RG sends dynamic host configuration protocol (DHCP) request to the BNG for providing access;
In this application example, DHCP request is the agreement (IP) that interconnects between the network of wide area network (WAN) interface of RG Location request, for DHCP request when by operator access network (Access network), intermediate equipment will increase line identification Information.Intermediate equipment may include: digital subscriber line access multiplex (Digital Dilamolt), optical line terminal or connect Enter interchanger (OLT) etc..
Step 1001:BNG receives DHCP request, initiates RG certification and VG access to authentication and authorization charging (AAA) server AAA request;Wherein, increased line identification letter when RG certification and VG access AAA request carry DHCP request by intermediate equipment Breath.
Step 1002:AAA server is according to the RG certification and VG access AAA request certification RG received.
It should be noted that in the related technology, when carrier network has multiple NFV networks to provide VG access, AAA service Device optional NFV network can be distributed by strategy and VG correlation accesses NFVI-GATEWAY.Aaa server is by the WAN of RG Information, such as tunnel are established in the access device NFVI-GATEWAY information of data center where the IP address and VG of interface and connection Packaging information, such as virtual expansible local area network (VXLAN), generic route encapsulation (GRE) are sent to BNG.BNG is by the WAN of RG IP address, NFVI-GATEWAY information and the connection of interface establish information and are sent to RG.
Step 1003:RG and NFVI-GATEWAY is built according to the IP address of the WAN of RG, NFVI-GATEWAY information and connection Vertical information establishes connection.
Step 1004:RG sends DHCP request to NFVI-GATEWAY;
This application example, DHCP request are the IP address request of local area network (LAN) interface of RG.
Step 1005:NFVI-GATEWAY receives the DHCP request from RG, by the identification for including in DHCP request and recognizes SDN controller is sent in card relevant information;
Identification and authentication-related information include the tunnel identifier of the RG encapsulated in DHCP request, and/or the tunnel source of RG Address;
Optionally, when above sending identification and authentication-related information, this application exemplary method further include: NFVI-GATEWAY is sent Tunnel destination address is to SDN controller, so that tunnel destination address and NFVI-GATEWAY are logical based on the received for SDN controller Letter.
It should be noted that can also be including the LAN interface of RG according to encapsulation in the related technology in DHCP request Other information, belong to the common knowledge of those skilled in the art.
Step 1006:SDN controller identifies based on the received and authentication-related information sends certification request information and takes to AAA Business device;
Certification request information includes identification and authentication-related information;Authentication authorization and accounting solicited message, which carries in DHCP request, to be encapsulated RG tunnel identifier, and/or RG tunnel source address;
The certification request information from SDN controller carries out RG certification based on the received for step 1007, aaa server;
It should be noted that carrying out RG certification according to certification request information includes: according to dynamic host configuration protocol DHCP The tunnel identifier of the RG encapsulated in request, and/or the tunnel source address of RG, and/or with the associated virtual LAN VLAN of RG, And/or with the associated multiprotocol label switching MPLS subnet information of RG, and/or line identification information, and/or receive DHCP request Wideband network gateway BNG port numbers, and/or message comprising DHCP request content carry out RG certification;In addition, this application example Default SDN controller is legal in method, then can be in this application example side if necessary to authenticate to SDN controller The treatment process authenticated to SDN controller is added in method.
When step 1008, aaa server complete RG certification, address management information is distributed for VG;
Optionally, distributing address management information for VG may include:
Aaa server is directly VG distribution address management information;
Optionally, this application example can be that VG distributes address management information by SDN controller, comprising:
SDN controller receives address pool unique number (ID) information from aaa server;
Address management information is distributed according to address pool information and received address pool id information is pre-configured with for VG.
Optionally, SDN controller distributes address management information according to based on address pool information and address pool id information for VG, It is determined as the IP address of VG distribution, and will send in the determining IP address for VG distribution to aaa server.
It should be noted that can be used for carrying out security control by sending in determining IP address to aaa server.Such as It traces to the source.
Address management information may include: the relevant IP address of wan interface of VG, the network address translation of VG (NAT) Interface (port) information of the NAT of public network address and VG;
It should be noted that address pool is configured by operator's network management is unified, SDN controller allocate in advance address pool and The ID of different address pools.Aaa server can be VG distribution address management information according to the ID of address pool, including according to address The ID in pond is that different RG distributes different IP address.Method in the related technology has been used to be configured with address pool on BNG Information, SDN controller can be according to identical principle configuration address pool information in this application exemplary method;This application exemplary method The address pool information of storage can also be directly acquired from BNG, still, before the address pool information stored on obtaining BNG, needed Establish aaa server and the connection of BNG.
Step 1009, aaa server send the address for carrying promising VG and distributing after completing to RG certification to SDN controller The authentication response message of management information;
After step 1010:SDN controller receives the authentication response message from aaa server, according to user signing contract information VG is distributed for RG, the content according to the address management information in authentication response information being VG distribution is VG configuration address;
It should be noted that can believe the address administration distributed for VG when SDN controller receives authentication response information The content of breath is stored.
Optionally, before distributing VG for RG, this application exemplary method further include: aaa server sends to SDN controller and uses Family signing information;
It should be noted that user signing contract information is existing information in the related technology, it is that user signs with operator The protocol contents signed when ordering with fidonetFido are stored in aaa server comprising being related to the tactful with net of user.Signing information Configurations comprising customer service, including IP address information for network connection, user bandwidth information, service quality letter Breath, security control relevant information and user's supplementary service information (such as parent's control, firewall).
Optionally, this application example further include:
The LAN interface access information of pre-stored VG is sent to NFVI-GATEWAY by SDN controller;
The LAN interface access information of VG may include reachable virtual gateway unique encodings (VG-ID) letter of the LAN interface of VG The link information of the LAN interface of breath and/or VG;
It should be noted that this application example, the LAN interface access information of VG can be determined by user signing contract information.
Optionally, this application exemplary method further include:
The address management information for distributing to VG is handed down to VG and is configured by SDN controller;
Optionally, if the NAT device comprising being shared with VG, this application exemplary method further include: SDN controller will distribute The port information of the NAT public network of NAT public network address and VG to VG is handed down to the NAT device shared with VG.
It should be noted that VG shared NAT device can be determined by user signing contract information, the shared NAT of VG is determined Equipment is a common technical means of those skilled in the art, and details are not described herein;
The connection of RG and NFVI-GATEWAY is extended to net where the LAN interface of VG by step 1011:NFVI-GATEWAY Network;The network where the tunnel of RG and NFVI-GATEWAY and the LAN interface of VG is established into mapping relations.
It should be noted that network where the LAN interface of VG can control pre-stored network topological information by SDN It is determined, the content for establishing mapping relations includes: by the tunnel of the RG NFVI-GATEWAY being connected to, with NFVI-GATEWAY Tunnel connection with RG at the network where the LAN interface of the VG of corresponding relationship, using the tunnel of NFVI-GATEWAY in Interbed is connected correspondingly;
The connected home network device of the LAN interface and LAN interface of step 1012:RG sends DHCP request to VG.
The connected home network device of LAN interface that step 1013:VG is RG distributes IP address.
Step 1014:RG forwards the data flow of home network device, and VG provides business forwarding for home network device;Business Forwarding includes IP forwarding or the forwarding of NAT or other business processings.
RG can also send the point-to-point protocol (PPPoE) on Ethernet request for realizing RG access, certification and The relevant NFVI-GATEWAY distribution of VG.The message that the LAN interface of RG is sent can be carried on the Layer 2 Tunneling Protocols such as VXLAN it On, and encapsulated by PPPoE and reach BNG.After BNG decapsulates PPPoE message, the message that the LAN interface of RG is sent can be according to two The destination address of layer tunnel protocol determines the position of NFVI-GATEWAY.
The exemplary RG of this application is also possible to enterprise network gateway accessing, and enterprise network gateway can be with dynamic access, can also be quiet State access.When enterprise network gateway accessing, BNG supports three layers of forwarding.When dynamic access, by accessing BNG, asked to aaa server The NFVI-GATEWAY relevant information for seeking accessible VG establishes enterprise gateway wan interface and the wan interface of NFVI-GATEWAY Connection, the wan interface of NFVI-GATEWAY can distinguish different enterprise gateway accesses by sub-interface or tunnel information.When the company It is connected to message, the process flow that step 1005 arrives step 1010 can be triggered.
Using example 2
This application exemplary home gateway is communicated by Ethernet access function and VG.VG is located in data center, this application Example first device is NFVI-GATEWAY, and NFVI-GATEWAY provides RG access as autonomous device, and for VG.
Figure 11 is that the present invention second applies exemplary method flow diagram, as shown in figure 11, comprising:
The LAN interface of step 1100:RG sends DHCP request to the BNG for providing access;
This application example, DHCP request are the IP address request of the LAN interface of home gateway.
Step 1101:BNG receives DHCP request, sends RG certification and VG access AAA request to aaa server;Wherein, RG Certification and VG access AAA request carry line identification information.
Step 1102:AAA server is authenticated according to RG and VG access AAA request certification RG, and distributes VG link information;VG Link information includes virtual LAN (VLAN) or multiprotocol label switching (MPLS) subnet information;Aaa server sends RG's VG link information is to BNG.
VLAN the or MPLS subnet information that step 1103:BNG is returned according to aaa server, what foundation was connect with VG The connection of NFVI-GATEWAY, and the NFVI-GATEWAY that BNG is connect with VG and the two straton nets that RG is accessed are established on BNG Mapping.
It should be noted that the mapping for the two straton nets that the NFVI-GATEWAY and RG that BNG is connect with VG is accessed includes: By the tunnel of the VG NFVI-GATEWAY being connected to, what is connect with the tunnel of NFVI-GATEWAY is connect with RG at the RG of corresponding relationship The two straton nets entered are connected correspondingly using the tunnel of NFVI-GATEWAY as middle layer;
The NFVI-GATEWAY that step 1104:BNG will receive DHCP request and be sent to connection;
Step 1105:NFVI-GATEWAY receives the DHCP request from BNG, by the identification for including in DHCP request and recognizes SDN controller is sent in card relevant information;
Identification and authentication-related information include encapsulated in DHCP request with the associated VLAN of RG or with the associated MPLS of RG Subnet information.
It should be noted that further including the LAN interface etc. of home gateway according to encapsulation in the related technology in DHCP request Information belongs to the common knowledge of those skilled in the art.
Optionally, when above sending identification and authentication-related information, this application exemplary method further include:
NFVI-GATEWAY sends the tunnel destination address of RG to SDN controller, so that tunnel of the SDN controller according to RG Destination address is communicated.
Step 1106:SDN controller identifies based on the received and authentication-related information sends certification request information and takes to AAA Business device;
Certification request information includes identification and authentication-related information, and authentication authorization and accounting solicited message, which carries in DHCP request, to be encapsulated With the associated VLAN of RG, and/or with the associated MPLS subnet information of RG;
The certification request information from SDN controller carries out RG certification based on the received for step 1107, aaa server;
It should be noted that carrying out the conventional techniques hand that RG certification is those skilled in the art according to certification request information Section;In addition, this application exemplary method, default SDN controller be it is legal, if necessary to be authenticated to SDN controller, then may be used To add the treatment process authenticated to SDN controller in this application exemplary method.
When step 1108, aaa server complete RG certification, address management information is distributed for VG;
Optionally, distributing address management information for VG includes:
Aaa server is directly VG distribution address management information;
Address management information includes the relevant IP address of wan interface, the NAT public network address of VG and the NAT of VG of VG Port information;
Optionally, this application example can be that VG distributes address management information by SDN controller, comprising:
SDN controller receives address pool unique number (ID) information from aaa server;
Address management information is distributed according to address pool information and received address pool id information is pre-configured with for VG.
Optionally, SDN controller distributes address management information according to based on address pool information and address pool id information for VG, It is determined as the IP address of VG distribution, and will send in the determining IP address for VG distribution to aaa server.
It should be noted that can be used for carrying out security control by sending in determining IP address to aaa server.Such as It traces to the source.
It should be noted that method in the related technology has been used to be configured with address pool information on BNG, this application is shown SDN controller can be according to identical principle configuration address pool information in example method;This application exemplary method can also be from BNG The address pool information of storage is directly acquired, still, before the address pool information stored on obtaining BNG, needs to establish AAA service The connection of device and BNG.
Step 1109, aaa server are completed to send the address for carrying promising VG and distributing to SDN controller to after RG certification The authentication response message of management information;
After step 1110:SDN controller receives the authentication response message from aaa server, according to user signing contract information VG is distributed for RG, the content according to the address management information in authentication response information being VG distribution is VG configuration address;
Optionally, before distributing VG for RG, this application exemplary method further include: aaa server sends to SDN controller and uses Family signing information;
It should be noted that user signing contract information is existing information in the related technology, it is that user signs with operator The protocol contents signed when ordering with fidonetFido are stored in aaa server comprising being related to the tactful with net of user;
Optionally, this application example further include: SDN controller is VG distribution to the identification of every RG and authentication-related information Address management information establish corresponding session control (session) management;
The content of session control management includes: to believe with the associated VLAN of RG, with the associated MPLS subnet information of RG, VG-ID Breath, the LAN interface information of VG, the wan interface information of VG, the public network address of VGNAT public network, VG NAT port information, distribution Record and the maintenance of VG address management information, QOS, security strategy and OAM management information.
It should be noted that the control management that conversates includes that the content of session control management is recorded and safeguarded, Here when maintenance includes: that contracted user logs in, the content of session control management is recorded, when RG is moved back due to some When out, in login process again, the content of the session control management of record is sent to the RG logged on.
Optionally, the LAN interface access information of pre-stored VG is sent to NFVI-GATEWAY by SDN controller;
The LAN interface access information of VG may include the reachable VG-ID information of the LAN interface of VG and/or the LAN interface of VG Link information;
It should be noted that the LAN interface access information of VG can be determined by user signing contract information.
Optionally, this application exemplary method further include: the address management information for distributing to VG is handed down to VG by SDN controller It is configured;
Optionally, this application exemplary method further include:
The address management information for distributing to VG is handed down to VG and is configured by SDN controller;
Optionally, if there is the NAT device shared with VG, this application exemplary method further include: the NAT for distributing to VG is public The port information of the NAT public network of net address and VG is handed down to the NAT device shared with VG.
It should be noted that VG shared NAT device can be determined by user signing contract information, the shared NAT of VG is determined Equipment is a common technical means of those skilled in the art, and details are not described herein;
Step 1111:NFVI-GATEWAY extends to the connection of RG and NFVI-GATEWAY and the LAN interface of VG place Network.
The connected home network device of LAN interface and LAN interface of step 1112:RG sends DHCP request, application to VG IP address.
The LAN interface and the connected home network device of LAN interface that step 1113:VG is RG distribute IP address.
Step 1114:RG forwards the data flow of home network device, and VG provides business forwarding for home network device;Business Forwarding includes IP forwarding or the forwarding of NAT or other business processings;
If multiple VG share NAT or other business, processing is forwarded to other business.
RG static can also can also be accessed with enterprise network gateway accessing, enterprise network gateway with dynamic access;Enterprise network net When closing access, BNG supports two layers of forwarding;When dynamic access, by accessing BNG, request to can access the side VG to aaa server NFVI-GATEWAY relevant information establishes the connection of the wan interface of enterprise network gateway and the wan interface of NFVI-GATEWAY, The wan interface of NFVI-GATEWAY can be by realizing and enterprise network gateway with the associated VLAN of RG or with the associated MPLS subnet of RG Access;When this is connected with message, the process flow that step 1110 is arrived with this application exemplary step 1105 can be triggered.
Using example 3
This application sample application scene is that home gateway passes through three-layer routing access function and VG intercommunication;VG is located in data Intracardiac, this application example first device is by extending the NFVI- in the first application example and the second application example in BNG The device of the function of GATEWAY provides RG access for VG.
Figure 12 is that third of the present invention applies exemplary method flow diagram, as shown in figure 12, comprising:
Step 1200:RG sends DHCP request to the BNG being currently accessed;
DHCP request is the IP address request of the wan interface of RG;
For DHCP request when by operator access network (Access network), intermediate equipment will increase line identification Information.
It should be noted that intermediate equipment may include: digital subscriber line access multiplex (Digital Dilamolt), optical line terminal or access switch (OLT) etc..
Step 1201:BNG receives the DHCP request from RG, will receive in DHCP request comprising identifying letter related to certification Breath is sent to SDN controller;
Identification and authentication-related information include: line identification information or the BNG port numbers for receiving DHCP request.
It should be noted that this application exemplary method, it can also be by directly forwarding comprising identification and authentication-related information The mode of DHCP request is sent to SDN controller.
Step 1202, SDN controller authentication record information according to the pre-stored data judge whether it is new RG;
Optionally, before this application exemplary method step 1002 further include: SDN controller is stored in aaa server completion The identification and authentication-related information of the RG of certification, as authentication record information.
If RG is new RG, 1003 are thened follow the steps;If not new RG, then it is generally acknowledged that this application example is subsequent Process is completed;
Step 1203, SDN controller identify based on the received and authentication-related information sends certification request information and takes to AAA Business device;
Authentication request message carries identification and authentication-related information, and line identification letter is carried in authentication authorization and accounting solicited message Breath, the BNG port numbers for receiving DHCP request or the message comprising DHCP request content;
Optionally, when identification and authentication-related information are sent on BNG, in order to realize the communication of SDN control and BNG, BNG Need to send the number of itself to SDN controller, SDN controller is according to the number of BNG and the BNG port numbers of reception DHCP request It is communicated with BNG.
The certification request information from SDN controller carries out RG certification to step 1204:AAA server based on the received;
It should be noted that this application exemplary method, default SDN controller be it is legal, if necessary to SDN controller It is authenticated, then can add the authentication processing of more SDN controllers in this step.
When step 1205, aaa server complete RG certification, address management information is distributed for VG;
Optionally, it is directly VG distribution address management information that distribution VG address management information, which includes: aaa server,;
Address management information includes wan interface correlation IP address, the NAT public network address of VG and the NAT public network of VG of VG Port information;
Optionally, this application example can be that VG distributes address management information by SDN controller, comprising:
SDN controller receives address pool unique number (ID) information from aaa server;
Address management information is distributed according to address pool information and received address pool id information is pre-configured with for VG.
Optionally, SDN controller distributes address management information according to based on address pool information and address pool id information for VG, It is determined as the IP address of VG distribution, and will send in the determining IP address for VG distribution to aaa server.
It should be noted that can be used for carrying out security control by sending in determining IP address to aaa server.Such as It traces to the source.
After step 1206, aaa server complete certification, the address administration for carrying promising VG and distributing is returned to SDN controller The authentication response message of information.
After step 1207:SDN controller receives the authentication response message from aaa server, is contracted and believed according to user Breath is that RG distributes VG, and the content according to the address management information in authentication response information being VG distribution is VG configuration address;
Optionally, before distributing VG for RG, this application exemplary method further include: aaa server sends to SDN controller and uses Family signing information;
Optionally, this application example further includes that SDN controller meets the LAN of the WAN IP address of pre-stored RG, VG Mouth access information is sent to BNG;
The LAN interface access information of VG includes the company of the reachable VG-ID information of the LAN interface of VG and/or the LAN interface of VG Connect information;
It should be noted that the LAN interface access information of the WAN IP address of RG, VG can be true by user signing contract information It is fixed.
Optionally, this application exemplary method further include:
The address management information for distributing to VG is handed down to VG and is configured by SDN controller;
Optionally, if the NAT device comprising being shared with VG, this application exemplary method further include: VG NAT will be distributed to The port information of public network address and VG NAT public network is handed down to the NAT device shared with VG.
It should be noted that VG shares NAT device can determine by user signing contract information, belong to those skilled in the art Conventional techniques;
The WAN IP address of RG is replied to RG by dhcp message by step 1208:BNG, and by network where RG and VG institute Subnet be associated after, establish connection.
Step 1209:RG saves the address WAN of VG, establishes RG and connects with the tunnel of BNG.
The LAN interface of step 1210:RG sends DHCP request.
Step 1211:VG distributes IP address by the LAN interface and company's home network device of RG.
After VG carries out business stream process, RG or NAT or other business devices are sent to, Business Stream on BNG finally by being sent to Internet (Internet).
RG can also be with enterprise network gateway accessing.Enterprise network gateway static can also be accessed with dynamic access.Enterprise network net When closing access, BNG supports two layers of forwarding;When dynamic access, by accessing BNG, BNG is asked by SDN controller to aaa server Ask access;BNG is established according to the configuration of SDN controller and is connect by SDN controller dynamic management virtual enterprises network connection.BNG according to Port connected to the controller identifies enterprise gateway user;Using the step of it is similar with 1203 to 1207 process flow.
Those of ordinary skill in the art will appreciate that all or part of the steps in the above method can be instructed by program Related hardware (such as processor) is completed, and described program can store in computer readable storage medium, as read-only memory, Disk or CD etc..Optionally, one or more integrated circuits also can be used in all or part of the steps of above-described embodiment It realizes.Correspondingly, each module/unit in above-described embodiment can take the form of hardware realization, such as pass through integrated electricity Its corresponding function is realized on road, can also be realized in the form of software function module, such as is stored in by processor execution Program/instruction in memory realizes its corresponding function.The present invention is not limited to the hardware and softwares of any particular form In conjunction with.".
Although disclosed herein embodiment it is as above, the content only for ease of understanding the present invention and use Embodiment is not intended to limit the invention.Technical staff in any fields of the present invention is taken off not departing from the present invention Under the premise of the spirit and scope of dew, any modification and variation, but the present invention can be carried out in the form and details of implementation Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.

Claims (30)

1. a kind of method for realizing address administration characterized by comprising
Software defined network SDN controller according to from first device identification and authentication-related information generate carry out home gateway The certification request information of RG certification, and authentication and authorization charging AAA service is sent by the RG of the generation certification request information authenticated Device;
SDN controller is that RG distributes VG according to user signing contract information after aaa server completes RG certification;
SDN controller is VG configuration address according to the authentication response information from aaa server;
The authentication response information are as follows: after aaa server completes certification, the aaa server that carries fed back to SDN controller is The content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
2. the method according to claim 1, wherein the certification request information includes to identify letter related to certification Breath;
The identification and authentication-related information include: the Tunnel Identifier of the RG encapsulated in dynamic host configuration protocol DHCP request Symbol, and/or RG tunnel source address, and/or with the associated virtual LAN VLAN of RG, and/or with the associated multi-protocols mark of RG Label exchange MPLS subnet information, and/or line identification information, and/or the port wideband network gateway BNG for receiving DHCP request Number, and/or the message comprising DHCP request content.
3. the method according to claim 1, wherein this method further include: the SDN controller will be stored in advance The LAN interface access information of VG be sent to the first device.
4. according to the method described in claim 3, it is characterized in that, the LAN interface access information of the VG includes:
The link information of the LAN interface of the reachable virtual gateway unique encodings VG-ID information of the LAN interface of VG, and/or VG.
5. method according to any one of claims 1 to 4, which is characterized in that for RG distribute VG after, if include with The VG of distribution shared NAT device, the method also includes:
The SDN controller will distribute to the interface port letter of the NAT public network of the network address translation NAT public network address and VG of VG Breath is handed down to the NAT device shared with the VG.
6. method according to any one of claims 1 to 4, which is characterized in that the method also includes: SDN controller pair Every RG establishes corresponding session control session management respectively;
The session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG, and/or The NAT public network of the wide area network wan interface information, and/or VG of the LAN interface information, and/or VG of VG-ID information, and/or VG The port information of the NAT of public network address, and/or VG, and/or distribution VG address management information, and/or service quality QOS and/ Or security strategy, and/or operation management maintainance OAM management information are recorded and are safeguarded.
7. a kind of method for realizing address administration, which is characterized in that
SDN controller receives the address pool id information from aaa server;
SDN controller is that VG distributes address management information according to address pool information and received address pool id information is pre-configured with;
Wherein, the VG is the VG that SDN controller is RG distribution.
8. the method according to the description of claim 7 is characterized in that
The address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address translation of VG The interface port information of the NAT of the public network address and VG of NAT.
9. method according to claim 7 or 8, which is characterized in that the method also includes:
SDN controller is determined as VG points according to being that VG distributes address management information based on address pool information and address pool id information The IP address matched, and will give in the determining IP address for VG distribution to aaa server.
10. a kind of method for realizing address administration characterized by comprising
Aaa server distributes address management information after the certification for completing RG, for VG, and carries to SDN controller feedback State the authentication response information of the content of the address management information for VG distribution;
Wherein, the VG is the VG that SDN controller is RG distribution.
11. according to the method described in claim 10, it is characterized in that, described include: for VG distribution address management information
The aaa server is directly VG distribution address management information;
The address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address translation of VG The interface port information of the NAT of the public network address and VG of NAT.
12. method described in 0 or 11 according to claim 1, which is characterized in that before distributing VG for RG, the method also includes:
The aaa server sends user signing contract information to SDN controller.
13. a kind of method for realizing address administration characterized by comprising
First device based on the received request by dynamic host configuration protocol DHCP, sends the identification and certification for including in DHCP request Relevant information to software defined network SDN controller so that SDN controller according to the identification and authentication-related information generate into The RG of the generation certification request information authenticated is sent authentication and authorization charging AAA service by the certification request information of row RG certification Device is RG distribution VG according to user signing contract information, and according to from aaa server after aaa server completes RG certification Authentication response information is VG configuration address;
The authentication response information are as follows: after aaa server completes certification, the aaa server that carries fed back to SDN controller is The content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
14. according to the method for claim 13, which is characterized in that the DHCP request from wideband network gateway BNG or Home gateway RG.
15. according to the method for claim 13, which is characterized in that the first device includes: network function virtualization base Plinth framework gateway NFVI-GATEWAY or BNG.
16. 3~15 described in any item methods according to claim 1, which is characterized in that
When the first device is NFVI-GATEWAY, the identification and authentication-related information include: to encapsulate in DHCP request The tunnel identifier of RG, and/or the tunnel source address of RG, and/or with the associated virtual LAN VLAN of RG, and/or with RG close The multiprotocol label switching MPLS subnet information, and/or line identification information of connection, and/or message comprising DHCP request content;
When the first device is BNG, the identification and authentication-related information include: line identification information, and/or reception DHCP The BNG port numbers of request, and/or message comprising DHCP request content.
17. 3~15 described in any item methods according to claim 1, which is characterized in that send identification letter related to certification When ceasing SDN controller, the method also includes:
The first device sends the mailing address of first device to SDN controller, so that SDN controller based on the received first The mailing address of device is communicated with first device.
18. 3~15 described in any item methods according to claim 1, which is characterized in that this method further include:
Network where the connection of RG and first device is extended to the local network LAN interface of virtual gateway VG by the first device.
19. a kind of SDN controller for realizing address administration characterized by comprising generate transmission unit, allocation unit and ground Location configuration unit;Wherein,
It generates transmission unit to be used for, according to the certification of identification and authentication-related information generation progress RG certification from first device Solicited message, and aaa server is sent by the RG of the generation certification request information authenticated;
Allocation unit is used for, and is that RG distributes VG according to user signing contract information after aaa server completes RG certification;
Address configuration unit is used for, and SDN controller is VG configuration address according to the authentication response information from aaa server;
The authentication response information are as follows: after aaa server completes certification, the aaa server that carries fed back to SDN controller is The content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
20. SDN controller according to claim 19, which is characterized in that the SDN controller further includes that access information is sent Unit, for the LAN interface access information of pre-stored VG to be sent to the first device.
21. SDN controller described in 9 or 20 according to claim 1, which is characterized in that the SDN controller further includes lower bill Member, it is if including the NAT device shared with the VG of distribution, the NAT for distributing to VG is public after distributing VG for RG The port information of the NAT public network of net address and VG is handed down to the NAT device shared with the VG.
22. SDN controller described in 9 or 20 according to claim 1, which is characterized in that the SDN controller further includes session control Unit is managed for establishing corresponding session control session respectively to every RG;
The session control management include: to the associated VLAN of RG, and/or with the associated MPLS subnet information of RG, and/or The NAT public network of the wide area network wan interface information, and/or VG of the LAN interface information, and/or VG of VG-ID information, and/or VG The port information, and/or distribution VG address management information, and/or QOS of the NAT of public network address, and/or VG, and/or safe plan Slightly, and/or OAM management information is recorded and is safeguarded.
23. a kind of SDN controller for realizing address administration characterized by comprising receive address pool numbered cell and distributively Location unit;Wherein,
It receives address pool numbered cell to be used for, receives the address pool unique number id information from aaa server;
Distribution address location is used for, and distributes address pipe according to address pool information and received address pool id information is pre-configured with for VG Manage information;
Wherein, the VG is the VG that SDN controller is RG distribution.
24. SDN controller according to claim 23, which is characterized in that the SDN controller further include on send unit,
For being determined as the IP of VG distribution according to being that VG distributes address management information based on address pool information and address pool id information Address, and will give in the determining IP address for VG distribution to aaa server.
25. a kind of aaa server for realizing address administration, which is characterized in that including distributing information unit, for completing to RG's After certification, address management information is distributed for VG, and carry the address management information distributed for VG to SDN controller feedback Content authentication response information;
Wherein, the VG is the VG that SDN controller is RG distribution.
26. aaa server according to claim 25, which is characterized in that the distribution information unit is specifically used for, directly Address management information is distributed for VG;
The address management information includes: the relevant IP address of wide area network wan interface of VG, and/or the network address translation of VG The interface port information of the NAT of the public network address and VG of NAT.
27. the aaa server according to claim 25 or 26, which is characterized in that the aaa server further includes signing letter Transmission unit is ceased, for sending user signing contract information to SDN controller before distributing VG for RG.
28. a kind of device for realizing address administration characterized by comprising relevant information transmission unit, for based on the received DHCP request sends the identification for including in DHCP request and authentication-related information to SDN controller so that SDN controller according to The identification and authentication-related information generate the certification request information for carrying out RG certification, and the certification request that the RG of generation is authenticated is believed Breath is sent to authentication and authorization charging aaa server, is RG points according to user signing contract information after aaa server completes RG certification It is VG configuration address with VG, and according to the authentication response information from aaa server;
The authentication response information are as follows: after aaa server completes certification, the aaa server that carries fed back to SDN controller is The content of the address management information of VG distribution;
Wherein, the VG is the VG that address management information is distributed by SDN controller or aaa server.
29. device according to claim 28, which is characterized in that the relevant information transmission unit is also used to,
When sending the identification and authentication-related information to SDN controller, the mailing address of described device is sent to SDN control Device, so that the mailing address of SDN controller described device based on the received is communicated with described device.
30. the device according to claim 28 or 29, which is characterized in that the device further includes extension apparatus, is used for, by RG Connection with described device extends to network where the LAN interface of VG.
CN201610188372.0A 2016-03-29 2016-03-29 A kind of method, apparatus that realizing address administration, aaa server and SDN controller Active CN107241454B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610188372.0A CN107241454B (en) 2016-03-29 2016-03-29 A kind of method, apparatus that realizing address administration, aaa server and SDN controller
PCT/CN2017/073747 WO2017166936A1 (en) 2016-03-29 2017-02-16 Method and device for implementing address management, and aaa server and sdn controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610188372.0A CN107241454B (en) 2016-03-29 2016-03-29 A kind of method, apparatus that realizing address administration, aaa server and SDN controller

Publications (2)

Publication Number Publication Date
CN107241454A CN107241454A (en) 2017-10-10
CN107241454B true CN107241454B (en) 2019-08-16

Family

ID=59963367

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610188372.0A Active CN107241454B (en) 2016-03-29 2016-03-29 A kind of method, apparatus that realizing address administration, aaa server and SDN controller

Country Status (2)

Country Link
CN (1) CN107241454B (en)
WO (1) WO2017166936A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107666419B (en) * 2016-07-28 2020-12-11 中兴通讯股份有限公司 Virtual broadband access method, controller and system
CN111200665B (en) * 2018-11-19 2022-07-01 ***通信集团吉林有限公司 User source tracing method and device and computer readable storage medium
CN114500276A (en) * 2020-11-13 2022-05-13 中兴通讯股份有限公司 Data processing method, device, system and computer readable storage medium
CN112637154B (en) * 2020-12-09 2022-06-21 迈普通信技术股份有限公司 Equipment authentication method and device, electronic equipment and storage medium
CN113765904B (en) * 2021-08-26 2023-03-31 新华三大数据技术有限公司 Authentication method and device
CN114125596B (en) * 2021-10-21 2023-12-05 中盈优创资讯科技有限公司 PON-SDWAN intelligent terminal normalization control method and device
CN115361605B (en) * 2022-10-20 2023-03-24 武汉长光科技有限公司 Method, device, equipment and computer readable storage medium for roaming in virtual domain
CN116980247B (en) * 2023-09-22 2024-01-16 广州市成格信息技术有限公司 Method and system for realizing IP (Internet protocol) following based on software defined local area network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067268A (en) * 2012-12-31 2013-04-24 华为技术有限公司 Method and server of virtual home gateway service delivery
CN103428771A (en) * 2013-09-05 2013-12-04 迈普通信技术股份有限公司 Communication method, software defined network SDN switch and communication system
CN104243265A (en) * 2014-09-05 2014-12-24 华为技术有限公司 Gateway control method, device and system based on virtual machine migration
CN104767696A (en) * 2014-01-07 2015-07-08 上海贝尔股份有限公司 Method and device for controlling user access in SDN (software defined network) access network

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9743334B2 (en) * 2013-02-11 2017-08-22 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for enabling data path selection in a virtual home gateway
CN103685250A (en) * 2013-12-04 2014-03-26 蓝盾信息安全技术股份有限公司 Virtual machine security policy migration system and method based on SDN
US9954861B2 (en) * 2014-01-21 2018-04-24 Centurylink Intellectual Property Llc Consumer choice for broadband application and content services

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067268A (en) * 2012-12-31 2013-04-24 华为技术有限公司 Method and server of virtual home gateway service delivery
CN103428771A (en) * 2013-09-05 2013-12-04 迈普通信技术股份有限公司 Communication method, software defined network SDN switch and communication system
CN104767696A (en) * 2014-01-07 2015-07-08 上海贝尔股份有限公司 Method and device for controlling user access in SDN (software defined network) access network
CN104243265A (en) * 2014-09-05 2014-12-24 华为技术有限公司 Gateway control method, device and system based on virtual machine migration

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
家庭网关虚拟化研究与应用;程海瑞;《电信网技术》;20150930(第9期);全文

Also Published As

Publication number Publication date
WO2017166936A1 (en) 2017-10-05
CN107241454A (en) 2017-10-10

Similar Documents

Publication Publication Date Title
CN107241454B (en) A kind of method, apparatus that realizing address administration, aaa server and SDN controller
EP3228053B1 (en) Enf selection for nfvi
EP1753180B1 (en) Server for routing a connection to a client device
CN105637805B (en) Enhance mobile alternate channel to solve the node failure in wired networks
CN103036784B (en) Method and apparatus for two layers of enterprise network infrastructure of self-organizing
CN105025387B (en) The method and system of IPTV intelligent terminal progress IPTV service and Internet service
CN107852365A (en) Dynamic VPN Policy model with encryption and traffic engineering parsing
EP3328004A1 (en) Broadband access
CN106302320B (en) The method, apparatus and system authorized for the business to user
US8559363B2 (en) Method for operating multi-domain provider Ethernet networks
CN103685026A (en) Virtual network access method and system
CN103716213B (en) The method run in fixed access network and in a user device
CN107786613A (en) Broadband Remote Access Server BRAS forwards implementation method and device
CN101461198A (en) Relay network system and terminal adapter
WO2018019299A1 (en) Virtual broadband access method, controller, and system
CN107770012A (en) A kind of broad band access method, device and virtual broadband RAS system
CN107547351A (en) Address distribution method and device
CN107769939A (en) Network element management method, webmaster, Gateway Network Element and system in data communication network
CN107770010A (en) A kind of home intranet method and home networking system based on OpenFlow
CN105635335B (en) Social resources cut-in method, apparatus and system
CN104253980B (en) Connection method and device of a kind of headend equipment with backstage media device
EP3744051B1 (en) Virtual tenant for a multiple dwelling unit
WO2015100585A1 (en) Fiber-to-the-distribution point device and communication method therefor
CN107547467B (en) Circuit authentication processing method, system and controller
JP5261432B2 (en) Communication system, packet transfer method, network switching apparatus, access control apparatus, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant