WO2008058477A1 - Location information management method, apparatus and system - Google Patents

Location information management method, apparatus and system Download PDF

Info

Publication number
WO2008058477A1
WO2008058477A1 PCT/CN2007/070371 CN2007070371W WO2008058477A1 WO 2008058477 A1 WO2008058477 A1 WO 2008058477A1 CN 2007070371 W CN2007070371 W CN 2007070371W WO 2008058477 A1 WO2008058477 A1 WO 2008058477A1
Authority
WO
WIPO (PCT)
Prior art keywords
location information
user
data
address
information management
Prior art date
Application number
PCT/CN2007/070371
Other languages
French (fr)
Chinese (zh)
Inventor
Zhenting Yang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008058477A1 publication Critical patent/WO2008058477A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information

Definitions

  • the present invention relates to data communication technologies, and in particular, to a location information management method, apparatus, and system.
  • the communication based on the IP protocol is based on the Medium Access Control (MAC) address.
  • MAC Medium Access Control
  • Table 1 below shows a common data frame: DMAC indicates the destination MAC address, SMAC indicates the source MAC address, and Length/Type > 500 indicates the type of the data frame. Length/Type ⁇ ⁇ 500 represents the length of the data frame.
  • ARP Address Resolution Protocol
  • the topology of the network can be learned by dividing the source address of the number of frames from all connected networks. For example, when the switch receives the data frame from host A from port 1, it can reach the continuous learning process through the host through port 1, and the switch establishes a forwarding.
  • An example of such a forwarding table is shown in Table 2 below. Shown as follows:
  • the switch When the switch receives a data frame from one of the ports, it looks up the forwarding table according to the address of the data frame, such as the correspondence between the address existing in the forwarding table and a port of another network device such as a bridge or a switch. The data frame will be forwarded through the corresponding port; otherwise, the data frame will be forwarded through all other ports except the receiving port, which is flooding.
  • the same physical link is defined in the prior art.
  • the method of carrying data streams on multiple subnets also defines the VLAN frame format, which provides a standard method for identifying VLANs.
  • the data frame format of 802 J Q is shown in Table 3 below:
  • a VLAN-based forwarding table is shown in Table 4 below:
  • Flooding and automatic learning mechanisms have the advantage of being simple and easy to deploy, but they also bring a lot of negative effects.
  • the capacity of the network device because each network device needs to learn the MAC address of all users, resulting in poor scalability of the network device.
  • the user device MAC address directly participates in the path configuration of the network device, completely deviating from the principle of information isolation between the network and the user. It is well known that a large number of MAC address security problems exist in the existing network system.
  • this mechanism will also cause network performance degradation: On the one hand, broadcast information not only occupies a large amount of network bandwidth, but also seriously affects network performance; on the other hand, devices that receive broadcast information also need to eliminate Set resources to process il broadcast information.
  • the Provider Backbone Transport (PTT) technology is developed from Ethernet technology and is proud of the Ethernet forwarding infrastructure.
  • Some improved PBT technology consists of the MAC address and VLAN ID (VID) of the target host (VEHDA).
  • VID VLAN ID
  • VEHDA target host
  • IVL independent VLAN Leariiing
  • I3 ⁇ 4herael; Switched Parti, ESP Ethernet switched path
  • This path can be thought of as a connection or tunnel 3 ⁇ 4 PBT
  • the technology disables the broadcast of unknown messages and the multicast and broadcast functions in the VLAN (that is, the Flooding mechanism is turned off), and also disables the automatic learning to avoid the flood of broadcast packets, and reuses the forwarding table to discard the PBT forwarding table.
  • the packet PBT to the definition defines the IVL mode to implement packet forwarding based on DA+ VLAN.
  • the PBT establishes the connection and must know the information of the switch where the two communication terminals are located and the MAC address of the two terminals. If a connection needs to be established between host A and host B, host A needs to know the MAC address of host B. The switch connected to host A also needs to know the information (MAC address) of the switch connected to host B. In addition, host B You need to know the MAC address of Host A. The switch connected to Host B also needs to know the information (MAC address) of the switch to which Host A is connected. BT technology prohibits the flooding and automatic learning mechanism of Ethernet. Although it solves the problem of broadcast storm to some extent, it also introduces a new problem. How does a communication terminal automatically discover the problem of the communication peer MAC address?
  • the present invention provides a location information management method, device and system to ensure the security of the transmission network, so that the network system has good expansion performance and stability, and adopts the FlooclHig and the automatic learning mechanism to ensure the normal communication of the network.
  • a location information management system including a switching device and a location information management device, the switching device notifying user location information to the location information management device; the location information management device for saving and managing a location accessed by the user information.
  • the present invention also provides a location information management apparatus including a data management unit for storing and maintaining user location information.
  • the invention also provides a location information management method, comprising:
  • the invention implements centralized control and management of user location information such as a MAC address and an IP address, thereby encapsulating and isolating sensitive information such as a MAC address, thereby realizing isolation of the bearer information and the user information, thereby improving network security and reliability. It lays a good foundation for solving network security problems such as ARP spoofing and DOS (Distributed Denial of Service) attacks.
  • DRAWINGS distributed Denial of Service
  • FIG. 1 is a schematic diagram of a location management system in accordance with an embodiment of the present invention.
  • Figure 2 is a block diagram of a location information management apparatus in an embodiment of the present invention.
  • FIG. 3 is a system diagram for applying a location information management apparatus according to an embodiment of the present invention to a convergence aggregation network to implement centralized control of an address;
  • FIG. 4 is a flowchart of a method for managing location information in an embodiment of the present invention.
  • FIG. 5 is a flowchart of a method for performing MAC address learning in an embodiment of the present invention
  • FIG. 6 is a network diagram of establishing a network connection according to an embodiment of the present invention
  • FIG. 7 is a flow chart of a method for establishing a network connection in an embodiment of the present invention.
  • the embodiment of the present invention introduces a location information management device in an existing network system for controlling and managing location information of an end user in an Ethernet, such as saving and managing a user MAC address and a physical port or logic of a switch or a switch to which the switch belongs.
  • Location information such as correspondence between port information, correspondence between user MAC address and user IP address, centralized management and control of user MAC address
  • the location information referred to herein includes but is not limited to MAC address information, address and switching device port number. Location information such as VLAN ID, Permanent Virtual Comiection (PVC), and user access points.
  • the users referred to in this document are network terminal devices, including but not limited to Dynamic Host Configuration Protocol (DHCP). Servers, policy servers, and other terminal devices connected to the network; the switching devices referred to herein include, but are not limited to, Digital Subscriber Line Access Multiplexers (DSLAMs), switches, routers, and hubs.
  • Network device according to forwarding function
  • FIG. 1 is a schematic diagram of a network for a location information management system according to an embodiment of the present invention, which is described as follows:
  • the switching device (LSW, LAN Switch) in the domain is divided into one or more intra-domain switching devices (as shown in the figure).
  • LSWO intra-domain switching devices
  • edge switching devices such as LSWA, LAWB, LSWC, LSWD in the figure
  • the edge switching device refers to the switch directly connected to the user, not with
  • the user directly connected to the exchange is divided into intra-domain switching devices.
  • the switching devices in the domain can be switched only to the edge switching device, and the user's MAC address is not learned.
  • the function is mainly responsible for data forwarding;
  • the edge switching device is connected to one or more users, and each edge switching device includes a confirmation unit for learning and learning only the MAC address of the user connected thereto, for example, the LSWA only learns the MAC address MAC A of the user A, and the LSWB only learns the user B.
  • the edge switching device or other similar functional entity may further comprise an advertising unit responsible for notifying or registering to the location information management device location information including the user MAC address learned by the confirmation unit.
  • the edge switching device or other switching device parses the protocol packet received by the protocol, that is, the protocol packet, confirms the MAC address of the unit learning protocol packet, and the notification unit mentions the user MAC address information, the address, and the like included therein.
  • the location information may also determine the location of the access point of the user, and notify or register the location information including the user MAC address learned by the confirmation unit to the location information management apparatus.
  • the user access point location includes: the switching device identifier accessed by the user, the switching device identifier and port identifier accessed by the user, the switching device identifier and port identifier of the user access, and the link identifier of the user, and the switching device identifier of the user access.
  • the edge switching device may not directly parse the received protocol data packet but directly forward the data packet to the location information management device, and the latter parses.
  • the protocol packets described above include, but are not limited to: the General Attribiite Registration Protocol (GAR) series of protocols. Poii t ⁇ tO"Poiiit Protocol over Ethernet (PPPOE) , DHCP. Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP), etc., other functional entities mentioned above include but are not limited to: DHCP server, AAA (Aut Authentication, Atrtiiorizatio Accounting)
  • the server is the authentication server, the network management server, etc.
  • the way to notify or register the location information including the MAC address to the location information management device includes but is not limited to the following three types: one is the edge switching device or other functional entity will be related
  • the protocol message is directly forwarded to the location information management device; second, the edge switching device adds location information such as the user access point in the related protocol message (such as DHCP, PPPOE, etc.), and then carries the relevant protocol of the user location information.
  • the other functional entities then advertise the user location information to the location information management device; third, the edge switching device or other functional entity converts the relevant protocol packets, and may increase the location information such as the user access point. Then pass the position FIG.
  • the location information management apparatus shown in FIG. 2 includes one or more location information.
  • the data management unit 20 is responsible for managing and maintaining the MAC address of the user, storing location information such as the user MAC address and the user access point, and storing other related location information for the network connection, such as the IP address of the user, etc. in the present invention.
  • the data management unit 20 saves the user location information in the form of information including a MAC address, port information, an IP address, and the like.
  • keywords such as a user MAC address and a switching device MAC address are included.
  • the query interface 21, the interface 22, the status indicator 23, and the ARP proxy unit 24 and the data parsing unit 25 ⁇ are described in detail below.
  • the location information management apparatus may further include a data parsing unit 25, configured to receive a data packet or a message of the advertised or registered location information, and obtain location information of the user from the data packet or the message, including the received message.
  • the location information such as the MAC address, the IP address, the port number, and the like are parsed; and the location is saved in the data management unit.
  • the read location information management apparatus may also have a mechanism for maintaining the state of the user location information, and the mechanism for maintaining the state of the location information includes, for example, a keep aiwe mechanism or an aging mechanism.
  • the foregoing state may be represented by a status indicator 23, which may be changed and/or processed based on a preset aging mechanism, such as changing a survival state to an aging state, that is, a timing aging mechanism when not in use for a certain period of time, or
  • the change state is triggered by an external event, that is, when a certain event occurs, the aging state of the location information is changed to the survival state or vice versa.
  • the aging state may be deleted according to a preset time. If the location information in the aging state is not changed within a certain period of time, the location information in the aging state is deleted, and the deleting includes deleting the MAC address corresponding to the MAC address. Relationship data.
  • the remote location information management device can also provide an external operation interface 22, and the data stored in the data management unit 20 can be operated by the operation interface 22, and the operation content includes but is not limited to the following one mode or a combination thereof: Deleting or modifying, the operation mode may be one or a combination of the following modes: manual mode or automatic mode; may be remote operation based on a communication protocol, or may directly provide the query interface 21 to the external location information management device.
  • the query interface 21 may be based on a Simple Network aoagement Protocol (SNMP), or Therefore, it is the other protocol of its protocol.
  • SNMP Simple Network aoagement Protocol
  • the query can be used to query the user's home path to establish a local signaling address or address query.
  • the saved MMAACC address, the IIPP address, and other location information of the user or network element saved by the user may also query and query Established a connection connection through the PPBBTT or a related information about the connection path established by the RReessoouurrccee RReesseerrvvaalliioonn PPrroototoccooll (RRSSVVPP) Information or its other type of information. .
  • the location information management device can also be provided with an AARRPP proxy device unit 2244, and has the AARRPP proxy agent function. .
  • the function of the AAJJ PP agent is explained: If you use the user AA, you know the user. BB's IIPP address, but it is not known that the user's BB ⁇ MMAACC address is used. At this time, the user's AA is used to broadcast the network to the network. All the users in Nene send and send AAJJRRPP RReeqquueesstt text, please request the user's BB ⁇ MMAACC address, and receive the AARRPP RReeqquueesstt message from the user BB. After that, the reply response package includes the AARRPP RReessppoonnssee report text including the user's BB's MMAACC address, which is the user AA.
  • the information management device is installed, and then The user AA will send out the AARRPP RReeqquueesstt report message through the over-the-exchange switching device, and the exchange switch device will forward the AARRPP RReeqquueesstt message to the location information.
  • the location management information is set up by the inquiry management inquiry device.
  • the saved user's MMAACC address address pair is used to obtain the MMAACC address address of the user account BB, and the pass-through exchange device is prepared.
  • the MMAACC address address pair returned to the user BB returned by the user AA is more known than the two or two flow processes described above, and the location location confidence letter
  • the management device of the management device is responsible for the user's BB response.
  • the AARRPP RReessiixxmmssee ll text that is, the location location confidence information management device is equipped with the AARRPP agent. Functional ability.
  • the query is related to the address of the MMAACC or other information thereof. When information is available, it may be taken to take at least one of the following methods to deal with the following:: No response, please initiate a query to obtain The required address of the MMAACC address or the identification of the required user is off-line; and may be notified to the user in a certain way:: '''
  • the 2200 said location location information management management device installed on the AARRPP of the user's user connected to the network network connection, and requested to proceed in a unified unified and centralized
  • the corresponding relationship between the IIPP and the corresponding relationship check and check the AARRPP report text is consistent with the other, which may prevent the AARRPP from defrauding the manuscript, etc.
  • the bit position confidence information management device of the present invention may be regarded as a separate entity entity, or may be in the existing network.
  • the function of the progressive function in the middle can be expanded and expanded.
  • the function of the external location location information management device can be implemented as a software module capable of passing through a purely pure software function, or it can be It is a simple pure pass through the combination of the physical physical hardware and hardware or the combination of the two. .
  • FIG. 33 is a bit position confidence information management device for the implementation of the present invention, which is used for realizing the present position in the network of access and aggregation networks.
  • the location confidence information gathers the system system of the central control system, and the system package of the system shown in Fig. 33 includes the internal exchange switching equipment 3300 in the domain domain, and the user household 33]], DDHHCCPP service server 3322, location location information management device management device set 3333, wide broadband network gateway gateway (( BBNNGG,, * 34.
  • An access node (AN, Access iNfode) 35 and other network elements AN35 mainly provide a common transmission bearer path, and the physical implementation manner thereof may be an optical network unit in a fiber access network or a user terminal in a fixed radio access network.
  • Both the BNG 34 and the AN 35 in the embodiment belong to the edge switching device, and the location information of the BNG 34 can be registered and saved by manual configuration, or the BNG 34 can be automatically registered and saved through the interface provided by the location information management device 33. Similar to the above process, the user can register and save the relevant location information in the location information management device 33 via the BNG 34.
  • DHCP eqitest The user initiates a DHCP address request message.
  • DHCP eqitest The user initiates a DHCP address request message.
  • the AN receives the DHCP address request message initiated by the user, and forwards the DHCP Request message to the DHCP server:
  • the DHCP server allocates an IP address to the user, and sends an IP address allocation address confirmation message to the AN, DHCP ACK;
  • the AN forwards the DHCP ACK message sent by the DHCP server to the user.
  • the AN captures the DHCP ACK message sent by the DHCP server, and obtains the IViAC address of the user by parsing the message.
  • the AN sends or advertises the location information including the user's MAC address and the user access point to the location information management device for registration and storage.
  • the location information may also include location information such as the user's IP address and port number.
  • the DHCP process can include two steps: DHCP Discovery and OFFER before the above steps.
  • the other steps are the same as above.
  • the user sends a DHCP address request message DHCP Request;
  • AN receives the DHCP address request message initiated by the user, determines the location of the user access point, adds the location information to the DHCP message, and forwards the DHCP Request message to the DHCP server.
  • the DHCP Server assigns an IP address to the user> and sends an address confirmation address to the AN. Message: DHCP ACK;
  • the DHCP Server sends the user's MAC address and user access point location to the location information management device for registration;
  • the DHCP process may include two steps, DHCP Discover and OFFER, before the step, and the other steps are the same as above.
  • the user initiates an ARP Request > requesting the MAC address of the broadband gateway with the IP address of 10, l.j, and l;
  • the AN After receiving the ARP Request ⁇ good message initiated by the user, the AN forwards the message to the location information management apparatus.
  • the location information management device After receiving the ARP Request message forwarded by the AN, the location information management device processes the packet (that is, obtains the MAC address of the BNG1 with the address 10.1 ⁇ ), and then sends the MAC address information to the AN.
  • ARP response message After receiving the ARP Request message forwarded by the AN, the location information management device processes the packet (that is, obtains the MAC address of the BNG1 with the address 10.1 ⁇ ), and then sends the MAC address information to the AN.
  • the AN After receiving the ARP response packet including the MAC address information of the BNGi, the AN will be retransmitting the ARP response packet including the MAC address information of the BNGi.
  • ARP response packet is forwarded to the user.
  • the device can also parse the packet to obtain the user MAC address, IP address, or other location information, such as the port number, the MAC address of the switching device, and the like.
  • the message is forwarded to the location information management device for processing, and the location information management device stores the user MAC address, the IP address or other location information, and the location information management device can determine the user's access point according to the source of the message, such as the user.
  • the location information management device queries the location information such as the user MAC address, if the location information is found to be in an aging state, the state of the location information is changed to a survival state.
  • FIG. 6 is a system diagram of establishing a network connection by using a location information management apparatus according to an embodiment of the present invention.
  • the system includes a policy server (Poliey Server) 62, and the policy server 62 interacts with an upper management layer for The establishment policy server 62 for controlling the network connection channel may be a sub-module or other system of the network management server or the network management server.
  • the system further includes: The intra-domain switching device 60, the user 61, the location information management device 63, the broadband gateway (BlGG, Broadband Network Gateway) 64, and the network element such as the AN (Access Node) 65.
  • BlGG Broadband Network Gateway
  • FIG. 7 is a flowchart of a method for managing location information in establishing a network connection according to an embodiment of the present invention, and the detailed description is as follows:
  • the policy server notifies the broadband gateway BNG 1 (the P address is 10.1, 1.1) and establishes a network connection channel, wherein the AN1 is connected to the user 1 (the IP address is 10.1 ⁇ 200);
  • 702 BNG i sends a query request to the location information management apparatus, and queries the MAC address of the user A (]0 ⁇ 1.200) and the related location information of the AN 1.
  • the location information management apparatus processes the query sent by the BNG1, and returns a MAC address of the user A (! 0 ⁇ L200) and related location information of the AN1 to which the connection is connected;
  • the BNG 1 initiates establishment of a network bearer channel to the AN1.
  • the network bearer channel is the connection channel between BNG 1 and AN], which is used to carry the service data of the user (IP address is 10.1 ⁇ 200).
  • the step 701 corresponds to the flow described in steps j to 4 in Fig. 6.
  • the policy server 62 can also notify the AN 65 to establish a connection to other network elements; the AN 65 sends a query request to the location information management device 63 to query the peer's location or other location information; the location information management device 63 performs After processing, the corresponding result is returned; finally AN'65 root.
  • the network bearer channel established to the opposite end establishes a network connection. The communication terminal user automatically discovers the MAC address of the communication peer end.
  • the embodiment of the present invention implements centralized control and management of user location information such as a MAC address and an IP address to encapsulate and isolate sensitive information such as a MAC address, and implement bearer information and user information.
  • the isolation which improves the network security and reliability, lays a good foundation for solving network security problems such as ARJP bullying and DOS (Distributed Denial of Service) attacks.
  • the present invention implements centralized control of user MAC.
  • the address also provides a MAC address learning mechanism to ensure a good network If charging performance

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A location information management apparatus and a location information management system are disclosed. The system includes a switch device and a location information management apparatus; the location information management apparatus includes a data management unit, and it may be implemented to collectively manage user's location information; a location information management method is also disclosed, including: receiving from a network device a data packet containing the user's location information; acquiring said user's location information from said data packet.

Description

位置信息管理方法、 装置及***  Location information management method, device and system
本申请要求于 2006 年 11 月 16 EI提交中国专利局、 申请号为 200610156947.7 , 发明名称为"地址集中控制的方法, 设备及***"的中国专利 申请的优先权, 其全部内容通过引用结合在本申请中。  This application claims priority to Chinese Patent Application No. 200610156947.7, entitled "Methods, Equipment and Systems for Centralized Address Control", published on November 16, 2006 by EI. The entire contents of this application are incorporated herein by reference. In the application.
技术领域 Technical field
本发明涉及数据通信技术, 尤其涉及到一种位置信息管理方法、装置及*** 背景技术  The present invention relates to data communication technologies, and in particular, to a location information management method, apparatus, and system.
基亍 IP协议的通信是建立在媒体接入控制( Mdium Access Control , MAC ) 地址的基础之上的, 当主机 A需要与主机 B建立通信时,那主机 B就需要知道主 机 A的 ίΡ地址和 MAC地址„  The communication based on the IP protocol is based on the Medium Access Control (MAC) address. When Host A needs to establish communication with Host B, Host B needs to know the address of Host A and MAC address „
下表 1为一种常见的数据帧: DMAC表示目的 MAC地址, SMAC表示源 MAC地址, Length/Type >】 500时代表该数据帧的类型, Length/Type < \ 500代 表该数据祯的长度 Table 1 below shows a common data frame: DMAC indicates the destination MAC address, SMAC indicates the source MAC address, and Length/Type > 500 indicates the type of the data frame. Length/Type < \ 500 represents the length of the data frame.
Figure imgf000003_0001
一般有两个重要机制用于保证主机间的正常通信: 即所谓的泛洪 ( Flooding ) 与自动学习 ( Auto-leaming )机制 ': 自动学习基于地址解析协议 ( Address Resolution Protocol, ARP )实现, ARP协议用于将 IP地址解析为 MAC 地址 自动学习的流程如下: 主机 A向其所连接的网絡发送 ARP请求报文 ARP Request, 该报文是以广播形式发送的, 即网絡内的所有主机都会收到该报文; 网络内主机收到了上述 ARP Request报文后, 检查报文的 ίΡ地址, 如杲发现该 IP地址为本 地址, 则响应一个 ARJP 响应报文即所谓的 ARP Response, 该 响应报文包含了该主机的 MAC地址;主机 A收到响应报文后就学习到了其它主 机的 MAC地址。
Figure imgf000003_0001
There are generally two important mechanisms for ensuring normal communication between hosts: the so-called Flooding and Auto-leaming mechanisms: Automatic learning based on Address Resolution Protocol (ARP), ARP The procedure for the automatic negotiation of the IP address to the MAC address is as follows: Host A sends an ARP Request message to the network to which it is connected. The message is sent in broadcast form, that is, all hosts in the network receive it. After receiving the ARP Request message, the host in the network checks the address of the message. If the IP address is found to be the address, the host responds to an ARP response message, which is called ARP Response. The text contains the MAC address of the host; after receiving the response message, Host A learns the MAC address of other hosts.
通过分 *来自所有相连网络输入的数 ·¾·帧的源地址,可学习网络的拓朴结 构。 例如, 交换机从端口 1接收到来自主机 A的数据帧时, 通过端口 1就可以达 到主机 通过上迷不断的学习过程, 交换机就建立起一张转发.表 这种转发 表的一个例子如下表 2所示:  The topology of the network can be learned by dividing the source address of the number of frames from all connected networks. For example, when the switch receives the data frame from host A from port 1, it can reach the continuous learning process through the host through port 1, and the switch establishes a forwarding. An example of such a forwarding table is shown in Table 2 below. Shown as follows:
主机 MAC地址 端口 】i,.u n i i,.n 1 Host MAC address port 】i,.unii,.n 1
2222.2222.2222 1  2222.2222.2222 1
3333.3333.3333 2  3333.3333.3333 2
^■*^f'^r,h^" -: ™f" , *^f" ^r,h^1™1"^■*^f'^ r,h ^" - : TMf" , *^f" ^ r,h ^ 1 TM1"
Figure imgf000004_0001
Figure imgf000004_0001
当交换机从其中的一个端口接收到一个数据帧时,它根据数据幀的 的地 址查找转发表,如杲在转发表中存在 Θ的地址和网桥或交换机等其它网络设备 某个端口的对应关系, 数据帧将通过相应的端口被转发出去; 否则, 数据帧将 通过除接收端口外的所有其他端口被转发出去, 这就是泛洪( Flooding ) , 在现有技术中定义了同一个物理链路上承载多个子网的数据流的方法,还 定义了 VLAN 帧格式, 从¾为识別 VLAN提供了一个标准的方法。 如下表 3 所示为 802 J Q的数据帧格式:  When the switch receives a data frame from one of the ports, it looks up the forwarding table according to the address of the data frame, such as the correspondence between the address existing in the forwarding table and a port of another network device such as a bridge or a switch. The data frame will be forwarded through the corresponding port; otherwise, the data frame will be forwarded through all other ports except the receiving port, which is flooding. The same physical link is defined in the prior art. The method of carrying data streams on multiple subnets also defines the VLAN frame format, which provides a standard method for identifying VLANs. The data frame format of 802 J Q is shown in Table 3 below:
DMAC SMAC VLAN ID  DMAC SMAC VLAN ID
表 3  table 3
802, 1Q在 VLAN内部进行 Floodi g和自动学习 ( Awto4eammg ) , 其原理及 流程与上文所述的基本一致。 如下表 4所示为一种基于 VLAN的转发表:  802, 1Q performs Floodi g and automatic learning (Awto4eammg) inside the VLAN. The principle and process are basically the same as those described above. A VLAN-based forwarding table is shown in Table 4 below:
Figure imgf000004_0002
Figure imgf000004_0002
表 4  Table 4
Flooding和自动学习机制具有实现简单和容易部署的优点, 但是同时也带 来不少的负面作用。 比如网絡设备的容量问题, 由于每一个网络设备需要学习 所有用户的 MAC地址, 导致网络设备的可扩充性很差。 另外还有安全问題, 用户设备 MAC地址直接参与网络设备的路径配置, 完全背离了网络和用户的 信息隔离的原则, 现有网络***存在大量的 MAC地址安全性问题已是众所周 知。 除此之外, 这种机制还会造成网络性能下降: 一方面广播信息不仅占用了 大量网络带宽, 严重影响了网络性能; 另一方面, 收到广播信息的设备也要消 定资源来处理 il广播信息。 Flooding and automatic learning mechanisms have the advantage of being simple and easy to deploy, but they also bring a lot of negative effects. For example, the capacity of the network device, because each network device needs to learn the MAC address of all users, resulting in poor scalability of the network device. In addition, there are security issues. The user device MAC address directly participates in the path configuration of the network device, completely deviating from the principle of information isolation between the network and the user. It is well known that a large number of MAC address security problems exist in the existing network system. In addition, this mechanism will also cause network performance degradation: On the one hand, broadcast information not only occupies a large amount of network bandwidth, but also seriously affects network performance; on the other hand, devices that receive broadcast information also need to eliminate Set resources to process il broadcast information.
运营商骨千传输(Provider Backbone Transport, PBT )技术由以太网技 术发展而来, 并对以太网转发基础机制傲了一些改进 PBT技术通过目标主机 的 MAC地址和 VLAN ID ( VID )組成标签( VEHDA )在一系列支持独立 V.LAN 学习 ( independent VLAN Leariiing , IVL ) 的以太网交换机上转发, 形成了以 太网交换通路(I¾herael; Switched Parti, ESP ) > 这个通路可以认为是一个连接 或者隧道¾ PBT技术在 VLAN中关闭未知报文的广播以及多播和广播功能(即 关闭了 Flooding机制) , 同时也关闭了自动学习以遊免广播包的泛滥, 并且重 用转发表 丟弃在 PBT转发表中查不到的数据包 PBT定义了 IVL的方式, 以 实现基于 DA+ VLAN进行的数据包转发„ The Provider Backbone Transport (PTT) technology is developed from Ethernet technology and is proud of the Ethernet forwarding infrastructure. Some improved PBT technology consists of the MAC address and VLAN ID (VID) of the target host (VEHDA). ) Forwarding over a series of Ethernet switches supporting independent VLAN Leariiing (IVL), forming an Ethernet switched path (I3⁄4herael; Switched Parti, ESP) > This path can be thought of as a connection or tunnel 3⁄4 PBT The technology disables the broadcast of unknown messages and the multicast and broadcast functions in the VLAN (that is, the Flooding mechanism is turned off), and also disables the automatic learning to avoid the flood of broadcast packets, and reuses the forwarding table to discard the PBT forwarding table. The packet PBT to the definition defines the IVL mode to implement packet forwarding based on DA+ VLAN.
PBT建立连接必须知道两个通信终端所在的交换机的信息以及两个终端 的: MAC地址。 如主机 A与主机 B之间需要建立连接时, 主机 A需要知道主机 B 的 MAC地址, 主机 A所连接的交换机也需要知道主机 B所连接的交换.机的信息 ( MAC地址) ; 另外主机 B需要知道主机 A的 MAC地址, 主机 B所连接的交换 机也需要知道主机 A所连接的交换机的信息(MAC地址)。 BT技术禁止了以 太网的 Flooding和自动学习机制, 虽然在一定程度上解决了广播风暴等问題, 但是同时也引入了新的问题 就是一个通信终端如何自动发现通信对端 MAC 地址问题  The PBT establishes the connection and must know the information of the switch where the two communication terminals are located and the MAC address of the two terminals. If a connection needs to be established between host A and host B, host A needs to know the MAC address of host B. The switch connected to host A also needs to know the information (MAC address) of the switch connected to host B. In addition, host B You need to know the MAC address of Host A. The switch connected to Host B also needs to know the information (MAC address) of the switch to which Host A is connected. BT technology prohibits the flooding and automatic learning mechanism of Ethernet. Although it solves the problem of broadcast storm to some extent, it also introduces a new problem. How does a communication terminal automatically discover the problem of the communication peer MAC address?
发明内容 Summary of the invention
有鉴于此, 本发明提 了一种位置信息管理方法、 装置及***, 以保障传 送网络安全, 使网络***具有良好的扩充性能和稳定性, 同时采用 FlooclHig 和自动学习机制保证网络正常通信 本发明提供了一种位置信息管理***, 包 括交换设备和位置信息管理装置,所述交换设备向所迷位置信息管理装置通告 用户位置信息; 所述位置信息管理装置用于保存和管理用户接入的位置信息。  In view of the above, the present invention provides a location information management method, device and system to ensure the security of the transmission network, so that the network system has good expansion performance and stability, and adopts the FlooclHig and the automatic learning mechanism to ensure the normal communication of the network. A location information management system is provided, including a switching device and a location information management device, the switching device notifying user location information to the location information management device; the location information management device for saving and managing a location accessed by the user information.
本发明还提供了一种位置信息管理装置, 包括数据管理单元,用于保存和 维护用户位置信息。  The present invention also provides a location information management apparatus including a data management unit for storing and maintaining user location information.
本发明还提供了一种位置信息管理方法, 包括:  The invention also provides a location information management method, comprising:
获知用户位置信息;  Know user location information;
保存所述用户位置信息, 并对所述用户位置信息进行集中管理 本发明通过对 MAC地址、 IP地址等用户位置信息实行集中控制和管理, 实现对 MAC地址等敏感信息的封装与隔离, 实现了承载信息与用户信息的隔 离, 从而提高了网络安全性与可靠性, 为解决 ARP欺骗和 DOS ( Distributed Denial of Service,分布式拒绝服务) 攻击等网絡安全问题打下良好的基础。 附图说明 Saving the user location information, and centrally managing the user location information The invention implements centralized control and management of user location information such as a MAC address and an IP address, thereby encapsulating and isolating sensitive information such as a MAC address, thereby realizing isolation of the bearer information and the user information, thereby improving network security and reliability. It lays a good foundation for solving network security problems such as ARP spoofing and DOS (Distributed Denial of Service) attacks. DRAWINGS
图 1为本发明的一个实施例中位置管理***示意图;  1 is a schematic diagram of a location management system in accordance with an embodiment of the present invention;
图 2为本发明的一个实施例中位置信息管理装置的方框图;  Figure 2 is a block diagram of a location information management apparatus in an embodiment of the present invention;
图 3 为将本发明实施例的位置信息管理装置应用于接 汇聚网络实现地 址集中控制的***图;  3 is a system diagram for applying a location information management apparatus according to an embodiment of the present invention to a convergence aggregation network to implement centralized control of an address;
图 4为本发明的一个实施例中位置信息管理方法的流程图;  4 is a flowchart of a method for managing location information in an embodiment of the present invention;
图 5为本发明的一个实施例中进行 MAC地址学习的方法流程图; 图 6为本发明的一个实施例中建立网络连接的网络图;  FIG. 5 is a flowchart of a method for performing MAC address learning in an embodiment of the present invention; FIG. 6 is a network diagram of establishing a network connection according to an embodiment of the present invention;
图 7为本发明的一个实施例中建立网絡连接的方法流程图,  7 is a flow chart of a method for establishing a network connection in an embodiment of the present invention.
具体实施方式 detailed description
本发明实旄例通过在现有网络***中引入位置信息管理装置,用于负责控 制和管理以太网内终端用户的位置信息,如保存与管理用户 MAC地址与所属 交换机或交换机的物理端口或逻辑端口信息的对应关系、用户 MAC地址与用 户 IP地址的对应关系等位置信息, 实现集中管理和控制用户 MAC地址 本 文所指的位置信息包括但不仅限于 MAC地址信息, ΪΡ地址和交换设备端口号, VLAN ID、 永久虛连接( PVC, Permanent Virtual Comiection )信息和用户接 入点等位置信息; 本文中所称的用户为网络终端设备, 包括但不局限于动态主 机配置协议(Dynamic Host Configuration Protocol, DHCP )服务器、 策略服务 器以及其它与网络连接的终端设备;本文所指交换设备包括但不仅限于数字用 户线路接入复用器 (Digital Subscriber Line Access Multiplexer, DSLAM)、 交换 机、 路由器和集线器等具有数据转发功能的网络设备  The embodiment of the present invention introduces a location information management device in an existing network system for controlling and managing location information of an end user in an Ethernet, such as saving and managing a user MAC address and a physical port or logic of a switch or a switch to which the switch belongs. Location information such as correspondence between port information, correspondence between user MAC address and user IP address, centralized management and control of user MAC address The location information referred to herein includes but is not limited to MAC address information, address and switching device port number. Location information such as VLAN ID, Permanent Virtual Comiection (PVC), and user access points. The users referred to in this document are network terminal devices, including but not limited to Dynamic Host Configuration Protocol (DHCP). Servers, policy servers, and other terminal devices connected to the network; the switching devices referred to herein include, but are not limited to, Digital Subscriber Line Access Multiplexers (DSLAMs), switches, routers, and hubs. Network device according to forwarding function
如图 1所示为本发明一个实施例的位置信息營理***组网示意图,详细介 绍如下: 将网域内的交换设备(LSW , LAN Switch ) 分为一个或多个域内 交换设备(如图中的 LSWO )和一个或多个边沿交换设备(如图中的 LSWA, LAWB、 LSWC、 LSWD ), 边沿交换设备是指与用户直接相连的交换机, 不与 用户直接相连的交.换机则划分为域内交换设备, 两者在一定情况下可以转换 域内交换设备仅和边沿交换设备连接, 不学习用户的 MAC地址, 其功能主要 为负责数据转发; 每个边沿交换设备与一个或多个用户相连,每个边沿交换设 备包括确认单元, 用于学习且仅仅学习与其相连用户的 MAC地址, 如 LSWA 仅学习用户 A的 MAC地址 MAC A, LSWB仅仅学习用户 B的 MAC地址 MAC B、.. ..., 侬此类推。 边沿交换设备或者其他类似的功能实体还可包括通 告单元,负责向位置信息管理装置通告或者注册包括所述确认单元学习到的用 户 MAC地址的位置信息。 具体步骤如下: 边沿交换设备或者其他交换设备解 析其所收到的协议数据包即协议报文,确认单元学习协议数据包的 MAC地址, 通告单元提 其中包含的用户 MAC地址信息、 ΪΡ地址等其它位置信息, 同时 还可以确定用户的接入点位置,向位置信息管理装置通告或者注册包括所述确 认单元学习到的用户 MAC地址的位置信息。 用户接入点位置包括: 用户接入 的交换设备标识、用户接入的交换设备标识和端口标识、用户接入的交换设备 标识和端口标识和還辑链路标识、 用户接入的交换设备标识和逻辑链路标识 等;另外边沿交换设备也可以不解析所收到的协议数据包而是直接将数据包转 发至位置信息管理装置, 由后者进行解析。上文所述的协议数据包包括但不仅 限于: 一般属性注册协 i义 ( General Attribiite Registration Protocol , GAR ) ) 的 系列协议 . 以太网点到点协议 ( Poii t~tO"Poiiit Protocol over Ethernet , PPPOE )、 DHCP. 地址解析协议( Address Resolution Protocol , ARP )、 因特网控制消息 v ( Internet Control Message Protocol , ICMP ), 等等., 上文所述的其 它功能实体包括但不仅限于: DHCP 服务器、 AAA ( Aut eniication、 Atrtiiorizatio Accounting )服务器即认证服务器、 网管服务器等等„ 向位置 信息管理装置通告或者注册包括 MAC地址的位置信息的方式包括但不仅限于 以下三种:一是边沿交换设备或者其他功能实体将相关的协议报文直接转发至 位置信息管理装置; 二是边沿交换设备在相关协议报文(如 DHCP, PPPOE 等协议)中增加用户接入点等位置信息, 然后将携带有用户位置信息的相关协 议报文转发至位置信息管理装置,或者转发至其他功能实体, 其他功能实体再 将用户位置信息通告至位置信息管理装置;三是边沿交换设备或者其他功能实 体将相关协议报文转化后,可以增加用户接入点等位置信息, 然后再通过位置 信息管理装置提供的接口通告或者注册用户的 MAC地址等其它位置信息 如图 2所示为本发明一个实施例中位置信息管理装置的框图,图 2所示的 位置信息管理装置包括一个或一个以上数据管理单元 20,负责用户 MAC地址 的管理和維护, 保存用户 MAC地址以及用户接入点等位置信息, 也可保存其 它用于网络连接的相关位置信息如用户的 IP地址等信息 在本发明的一个实 施例中, 数据管理单元 20保存用户位置信息的形式为包括 MAC地址、 端口 信息、 IP地址等信息及其对应关系。 在本发明的另一个实施例中, 则包括用 户 MAC地址和交换设备 MAC地址等关键字。 FIG. 1 is a schematic diagram of a network for a location information management system according to an embodiment of the present invention, which is described as follows: The switching device (LSW, LAN Switch) in the domain is divided into one or more intra-domain switching devices (as shown in the figure). LSWO ) and one or more edge switching devices (such as LSWA, LAWB, LSWC, LSWD in the figure), the edge switching device refers to the switch directly connected to the user, not with The user directly connected to the exchange is divided into intra-domain switching devices. Under certain circumstances, the switching devices in the domain can be switched only to the edge switching device, and the user's MAC address is not learned. The function is mainly responsible for data forwarding; The edge switching device is connected to one or more users, and each edge switching device includes a confirmation unit for learning and learning only the MAC address of the user connected thereto, for example, the LSWA only learns the MAC address MAC A of the user A, and the LSWB only learns the user B. MAC address MAC B, .. ..., and so on. The edge switching device or other similar functional entity may further comprise an advertising unit responsible for notifying or registering to the location information management device location information including the user MAC address learned by the confirmation unit. The specific steps are as follows: The edge switching device or other switching device parses the protocol packet received by the protocol, that is, the protocol packet, confirms the MAC address of the unit learning protocol packet, and the notification unit mentions the user MAC address information, the address, and the like included therein. The location information may also determine the location of the access point of the user, and notify or register the location information including the user MAC address learned by the confirmation unit to the location information management apparatus. The user access point location includes: the switching device identifier accessed by the user, the switching device identifier and port identifier accessed by the user, the switching device identifier and port identifier of the user access, and the link identifier of the user, and the switching device identifier of the user access. And the logical link identifier and the like; in addition, the edge switching device may not directly parse the received protocol data packet but directly forward the data packet to the location information management device, and the latter parses. The protocol packets described above include, but are not limited to: the General Attribiite Registration Protocol (GAR) series of protocols. Poii t~tO"Poiiit Protocol over Ethernet (PPPOE) , DHCP. Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP), etc., other functional entities mentioned above include but are not limited to: DHCP server, AAA (Aut Authentication, Atrtiiorizatio Accounting) The server is the authentication server, the network management server, etc. The way to notify or register the location information including the MAC address to the location information management device includes but is not limited to the following three types: one is the edge switching device or other functional entity will be related The protocol message is directly forwarded to the location information management device; second, the edge switching device adds location information such as the user access point in the related protocol message (such as DHCP, PPPOE, etc.), and then carries the relevant protocol of the user location information. Message forwarding to location information management device Or forwarded to other functional entities, the other functional entities then advertise the user location information to the location information management device; third, the edge switching device or other functional entity converts the relevant protocol packets, and may increase the location information such as the user access point. Then pass the position FIG. 2 is a block diagram of a location information management apparatus according to an embodiment of the present invention. The location information management apparatus shown in FIG. 2 includes one or more location information. The data management unit 20 is responsible for managing and maintaining the MAC address of the user, storing location information such as the user MAC address and the user access point, and storing other related location information for the network connection, such as the IP address of the user, etc. in the present invention. In one embodiment, the data management unit 20 saves the user location information in the form of information including a MAC address, port information, an IP address, and the like. In another embodiment of the present invention, keywords such as a user MAC address and a switching device MAC address are included.
査询接口 21、搡作接口 22,状态指示器 23以及 ARP代理单元 24和数据 解析单元 25 β 下面进行详细介绍。 The query interface 21, the interface 22, the status indicator 23, and the ARP proxy unit 24 and the data parsing unit 25 β are described in detail below.
此外, 该位置信息管理装置还可包括数据解析单元 25, 用于接收通告或 注册的位置信息的数据包或消息, 从所述数据包或消息中获取用户的位置信 息, 包括从收到的消息中解析出 MAC地址、 IP地址、 端口号等位置信息; 并 且将所述位置保存在数据管理单元中。  In addition, the location information management apparatus may further include a data parsing unit 25, configured to receive a data packet or a message of the advertised or registered location information, and obtain location information of the user from the data packet or the message, including the received message. The location information such as the MAC address, the IP address, the port number, and the like are parsed; and the location is saved in the data management unit.
读位置信息管理装置还可以具有维护用户位置信息的状态的机制、所述维 护位置信息状态的机制包括如存活 (keep aiwe)机制或老化机制等。 上述状态可 通过状态指示器 23 来表示, 所述状态可基于预先设定的老化机制而改变和 / 或处理,如规定一定时间内未使用时将存活状态改变为老化状态即定时老化机 制,或者由外部事件触发改变状态即当一定事件发生时,将位置信息的老化状 态改变为存活状态或者反之。上述老化状态可以基于预先设定的时间进行删除 处理, 如规定一定时间内处于老化状态的位置信息未改变状态时,将处于老化 状态的位置信息进行删除,所述的删除包括删除与 MAC地址对应的关系数据。  The read location information management apparatus may also have a mechanism for maintaining the state of the user location information, and the mechanism for maintaining the state of the location information includes, for example, a keep aiwe mechanism or an aging mechanism. The foregoing state may be represented by a status indicator 23, which may be changed and/or processed based on a preset aging mechanism, such as changing a survival state to an aging state, that is, a timing aging mechanism when not in use for a certain period of time, or The change state is triggered by an external event, that is, when a certain event occurs, the aging state of the location information is changed to the survival state or vice versa. The aging state may be deleted according to a preset time. If the location information in the aging state is not changed within a certain period of time, the location information in the aging state is deleted, and the deleting includes deleting the MAC address corresponding to the MAC address. Relationship data.
遠位置信息營理装置还可对外提供操作接口 22 ,通过兹操作接口 22可以对 数据管理单元 20中所保存的数据进行操作,操作内容包括但不仅限于以下的一 种方式或其組合: 增加、删除或修改, 操作方式可以是以下方式的一种或其组 合: 手工方式或自动方式; 可以是基于通信协议远程操作, 也可以是直接在主 该位置信息管理装置还可以对外提供查询接口 21,该查询接口 21可以是基 于简单网络管理协议 ( Simple Network aoagement Protocol, SNMP ) , 也可 以以是是其其它它协协议议 通通过过上上述述查查询询接接口口 2211可可查查询询用用户户路路径径建建立立的的信信令令地地址址或或查查询询所所 保保存存的的用用户户或或网网元元的的 MMAACC地地址址、、 IIPP地地址址以以及及其其它它位位置置信信息息;; 还还可可以以查查询询通通过过 PPBBTT建建立立连连接接或或通通过过资资源源颈颈留留协协议议 (( RReessoouurrccee RReesseerrvvaalliioonn PPrroototoccooll ,, RRSSVVPP ))建建 立立路路径径连连接接的的相相关关信信息息或或其其它它类类型型的的信信息息。。 The remote location information management device can also provide an external operation interface 22, and the data stored in the data management unit 20 can be operated by the operation interface 22, and the operation content includes but is not limited to the following one mode or a combination thereof: Deleting or modifying, the operation mode may be one or a combination of the following modes: manual mode or automatic mode; may be remote operation based on a communication protocol, or may directly provide the query interface 21 to the external location information management device. The query interface 21 may be based on a Simple Network aoagement Protocol (SNMP), or Therefore, it is the other protocol of its protocol. Through the above-mentioned query query interface port 2211, the query can be used to query the user's home path to establish a local signaling address or address query. The saved MMAACC address, the IIPP address, and other location information of the user or network element saved by the user; and may also query and query Established a connection connection through the PPBBTT or a related information about the connection path established by the RReessoouurrccee RReesseerrvvaalliioonn PPrroototoccooll (RRSSVVPP) Information or its other type of information. .
55 该该位位置置信信息息管管理理装装置置还还可可以以设设有有 AARRPP代代理理单单元元 2244,, 具具备备 AARRPP 代代理理功功能能。。  55. The location information management device can also be provided with an AARRPP proxy device unit 2244, and has the AARRPP proxy agent function. .
现现通通过过一一个个具具体体的的应应用用场场景景来来说说明明 AAJJ PP代代理理的的功功能能:: 如如杲杲用用户户 AA知知道道用用户户 BB的的 IIPP地地址址,, 但但是是不不知知道道用用户户 BB^^MMAACC地地址址,, 此此时时用用户户 AA以以广广播播的的形形式式向向网网络络内内所所 有有用用户户发发送送 AAJJRRPP RReeqquueesstt 文文,,请请求求获获得得用用户户 BB^^MMAACC地地址址,, 用用户户 BB收收到到该该 AARRPP RReeqquueesstt报报文文后后,, 回回应应包包括括用用户户 BB的的 MMAACC地地址址的的 AARRPP RReessppoonnssee报报文文,, 这这样样用用户户 AA Now, through the specific application scenes of a specific body, the function of the AAJJ PP agent is explained: If you use the user AA, you know the user. BB's IIPP address, but it is not known that the user's BB^^MMAACC address is used. At this time, the user's AA is used to broadcast the network to the network. All the users in Nene send and send AAJJRRPP RReeqquueesstt text, please request the user's BB^^MMAACC address, and receive the AARRPP RReeqquueesstt message from the user BB. After that, the reply response package includes the AARRPP RReessppoonnssee report text including the user's BB's MMAACC address, which is the user AA.
1100 就就荻荻--得得了了用用户户 BB的的 MMAACC地地址址信信息息,,,, 本本发发明明引引入入位位置置信信息息管管理理装装置置后后,, 用用户户 AA通通 过过交交换换设设备备发发出出 AARRPP RReeqquueesstt报报文文,, 交交换换设设备备将将上上述述 AARRPP RReeqquueesstt报报文文转转发发至至位位 置置信信息息管管理理装装置置;; 接接收收到到上上述述 AARRPP RReeqquueesstt报报文文后后,, 位位置置信信息息營營理理装装置置通通过过查查 询询其其所所保保存存的的用用户户 MMAACC地地址址对对应应关关系系信信息息从从而而获获得得用用户户 BB的的 MMAACC地地址址,, 并并通通 过过交交换换设设备备向向用用户户 AA返返回回用用户户 BB的的 MMAACC地地址址 对对比比上上述述两两个个流流程程可可知知,, 位位置置信信1100 is just awkward--has obtained the information of the MMAACC address and address information of the user's BB, and, after the introduction of the invention, the introduction of the location information, the information management device is installed, and then The user AA will send out the AARRPP RReeqquueesstt report message through the over-the-exchange switching device, and the exchange switch device will forward the AARRPP RReeqquueesstt message to the location information. After receiving the above-mentioned AARRPP RReeqquueesstt report text, the location management information is set up by the inquiry management inquiry device. The saved user's MMAACC address address pair is used to obtain the MMAACC address address of the user account BB, and the pass-through exchange device is prepared. The MMAACC address address pair returned to the user BB returned by the user AA is more known than the two or two flow processes described above, and the location location confidence letter
1155 息息管管理理装装置置代代理理用用户户 BB响响应应了了 AARRPP RReessiixxmmssee ll文文,, 即即位位置置信信息息管管理理装装置置具具备备 AARRPP代代理理的的功功能能。。当当所所述述位位置置信信息息管管理理装装置置无无法法在在数数据据管管理理单单元元中中查查询询到到相相关关 MMAACC地地址址或或其其它它信信息息时时,, 可可以以采采取取以以下下方方式式的的至至少少一一种种进进行行处处理理:: 不不响响应应、、 发发起起查查询询以以获获得得所所需需要要的的 MMAACC地地址址或或标标识识用用户户离离线线;; 并并可可以以某某种种方方式式通通知知用用 户户::'' 1155 The management device of the management device is responsible for the user's BB response. The AARRPP RReessiixxmmssee ll text, that is, the location location confidence information management device is equipped with the AARRPP agent. Functional ability. . When the said location location confidence information management device is unable to check in the data management management unit unit, the query is related to the address of the MMAACC or other information thereof. When information is available, it may be taken to take at least one of the following methods to deal with the following:: No response, please initiate a query to obtain The required address of the MMAACC address or the identification of the required user is off-line; and may be notified to the user in a certain way:: ''
2200 所所述述位位置置信信息息管管理理装装置置对对网网络络连连接接的的用用户户的的 AARRPP请请求求进进行行了了统统一一和和集集中中 的的处处理理,, 能能够够根根据据用用户户的的 MMAACC对对应应关关系系对对 AARRPP进进行行检检查查和和校校验验,, 即即通通过过.. MMAACC 与与 IIPP的的对对应应关关系系检检查查 AARRPP报报文文的的对对应应关关系系是是否否与与其其一一致致,, 可可以以防防止止 AARRPP欺欺稿稿等等 网网络络安安全全问问题题  The 2200 said location location information management management device installed on the AARRPP of the user's user connected to the network network connection, and requested to proceed in a unified unified and centralized According to the processing theory, it is possible to carry out the inspection and check and the calibration of the AARRPP according to the corresponding MMAACC of the user account, that is, pass the pass.. MMAACC and The corresponding relationship between the IIPP and the corresponding relationship check and check the AARRPP report text is consistent with the other, which may prevent the AARRPP from defrauding the manuscript, etc. Network network security security questions
本本发发明明所所指指的的位位置置信信息息管管理理装装置置可可以以为为独独立立的的实实体体,,也也可可以以是是在在现现有有网网元元 2255 中中进进行行功功能能扩扩充充实实现现。。另另外外位位置置信信息息管管理理装装置置的的功功能能可可以以为为通通过过纯纯粹粹的的软软件件功功 能能模模块块实实现现,, 也也可可以以是是单单純純通通过过--物物理理硬硬件件实实体体或或两两者者的的结结合合来来实实现现。。 The bit position confidence information management device of the present invention may be regarded as a separate entity entity, or may be in the existing network. In the element 2255, the function of the progressive function in the middle can be expanded and expanded. . In addition, the function of the external location location information management device can be implemented as a software module capable of passing through a purely pure software function, or it can be It is a simple pure pass through the combination of the physical physical hardware and hardware or the combination of the two. .
''图图 33为为将将本本发发明明实实施施 的的位位置置信信息息管管理理装装置置应应用用于于接接入入汇汇聚聚网网絡絡中中实实现现 位位置置信信息息集集中中控控制制的的系***统,, 图图 33所所迷迷系***统包包括括域域内内交交换换设设备备 3300、、用用户户 33】】、、 DDHHCCPP 服服务务器器 3322、、位位置置信信息息管管理理装装置置 3333、、宽宽带带网网关关(( BBNNGG,, * 34. 接入节点 ( AN, Access iNfode ) 35等网元 AN35主要功能为提供公用传 输承载通路,其物理实现方式可以是光纤接入网中的光网络单元或固定无线接 入网中的用户终端设备 ***中可以有一个以上的 AN35 ; 类似的可以有一个 以上用户 31与 AN35相连, ***中至少有至少一个 BNG34。 本实施例中的 BNG34与 AN35均属于边沿交换设备, BNG34的位置信息可以通过人工配置进 行注册并保存,也可以是 BNG34通过位置信息管理装置 33提供的接口自动进行 注册并保存。 与上述流程类似, 用户可以通过 BNG34在位置信息管理装置 33 中注册并保存相关位置信息。 '' Figure 33 is a bit position confidence information management device for the implementation of the present invention, which is used for realizing the present position in the network of access and aggregation networks. The location confidence information gathers the system system of the central control system, and the system package of the system shown in Fig. 33 includes the internal exchange switching equipment 3300 in the domain domain, and the user household 33]], DDHHCCPP service server 3322, location location information management device management device set 3333, wide broadband network gateway gateway (( BBNNGG,, * 34. An access node (AN, Access iNfode) 35 and other network elements AN35 mainly provide a common transmission bearer path, and the physical implementation manner thereof may be an optical network unit in a fiber access network or a user terminal in a fixed radio access network. There may be more than one AN35 in the equipment system; similarly there may be more than one user 31 connected to the AN35, and at least one BNG34 in the system. Both the BNG 34 and the AN 35 in the embodiment belong to the edge switching device, and the location information of the BNG 34 can be registered and saved by manual configuration, or the BNG 34 can be automatically registered and saved through the interface provided by the location information management device 33. Similar to the above process, the user can register and save the relevant location information in the location information management device 33 via the BNG 34.
下面结合附图 4详细介绍本实旄例中实现集中控制 MAC地址的过程, 包括 以下步骤:  The process of implementing centralized control of the MAC address in the present embodiment will be described in detail below with reference to FIG. 4, including the following steps:
401、 用户发起 DHCP地址请求消息 DHCP eqitest;  401. The user initiates a DHCP address request message. DHCP eqitest;
402、 AN接收用户发起的 DHCP地址请求消息, 并将上述 DHCP Request消 息转发到 DHCP Server:  402. The AN receives the DHCP address request message initiated by the user, and forwards the DHCP Request message to the DHCP server:
403、 DHCP Server给用户分配 IP地址, 并向 AN发送 IP地址分配地址确认 消息 DHCP ACK;  403. The DHCP server allocates an IP address to the user, and sends an IP address allocation address confirmation message to the AN, DHCP ACK;
404、 AN将 DHCP Server发出的 DHCP ACK消息转发给用户;  404. The AN forwards the DHCP ACK message sent by the DHCP server to the user.
上迷步骤 401至 404对应图 3中的步骤 1至 4描述的流程;  The above steps 401 to 404 correspond to the processes described in steps 1 to 4 in Fig. 3;
405、 AN同时捕获 DHCP Server发送的 DHCP ACK消息, 并通过解析该消 息获取用户的 IViAC地址;  405. The AN captures the DHCP ACK message sent by the DHCP server, and obtains the IViAC address of the user by parsing the message.
406、 AN将包括用户的 MAC地址和用户接入点的位置信息发送或通告至 位置信息管理装置进行注册并保存;所迷的位置信息还可以包括用户的 IP地址 和端口号等位置信息  406. The AN sends or advertises the location information including the user's MAC address and the user access point to the location information management device for registration and storage. The location information may also include location information such as the user's IP address and port number.
通常 DHCP的流程在上述步骤之前还可包括 DHCP Discovery以及 OFFER 两个步塚, 其它步骤与上述内容相同„  Usually, the DHCP process can include two steps: DHCP Discovery and OFFER before the above steps. The other steps are the same as above.
DHCP的流程还可以存在另外一种通告方式:  There is another way to advertise the DHCP process:
40 Γ、 用户发出 DHCP地址请求消息 DHCP Request;  40 Γ, the user sends a DHCP address request message DHCP Request;
402% AN接收用户发起的 DHCP地址请求消息, 确定用户接入点位置, 増 加位置信息到 DHCP报文, 并将上述 DHCP Request消息转发到 DHCP Server;  402% AN receives the DHCP address request message initiated by the user, determines the location of the user access point, adds the location information to the DHCP message, and forwards the DHCP Request message to the DHCP server.
403' . DHCP Server给用户分配 IP地址 > 并向 AN发送 ίΡ地址分配地址确认 消息: DHCP ACK; 403'. The DHCP Server assigns an IP address to the user> and sends an address confirmation address to the AN. Message: DHCP ACK;
404? DHCP Server将用户的 MAC地址和用户接入点位置发送至位置信息 管理装置进行注册; 404 ? The DHCP Server sends the user's MAC address and user access point location to the location information management device for registration;
通常 DHCP的流程在上迷步骤之前还可包括 DHCP Discover 以及 OFFER 两个步骤, 其它步骤与上述内容相同。  Usually, the DHCP process may include two steps, DHCP Discover and OFFER, before the step, and the other steps are the same as above.
现仍以图 3所述的***来为例来描述应用本发明实施例的位置信息管理 装置来进行 MAC地址学习的过程。 附图 5为读学习过程的流程图, 步骤如下:  The process of applying the location information management apparatus of the embodiment of the present invention to perform MAC address learning is still described by taking the system described in FIG. 3 as an example. Figure 5 is a flow chart of the reading learning process, the steps are as follows:
501、用户发起 ARP Request >请求获得 IP地址为 10、l .j、l的宽带网关的 MAC 地址;  501. The user initiates an ARP Request > requesting the MAC address of the broadband gateway with the IP address of 10, l.j, and l;
502、 AN接收到用户发起的 ARP Request^良文后, 将该消息转发到位置信 息管理装置;  502. After receiving the ARP Request^ good message initiated by the user, the AN forwards the message to the location information management apparatus.
503、 位置信息管理装置收到 AN转发的 ARP Request报文后, 对报文进行 处理 (即通过查询获得与 ίΡ地址为 10.1丄】的 BNG1的 MAC地址) , 然后向 AN 发送包括上述 MAC地址信息的 ARP response报文;  503. After receiving the ARP Request message forwarded by the AN, the location information management device processes the packet (that is, obtains the MAC address of the BNG1 with the address 10.1丄), and then sends the MAC address information to the AN. ARP response message;
504、 AN接收到包括 BNGi的 MAC地址信息的 ARP response报文后, 将 i亥 504. After receiving the ARP response packet including the MAC address information of the BNGi, the AN will
ARP response报文转发到用户 ARP response packet is forwarded to the user.
在上述流程中 AN > BNG或其它交换设备在收到 ARP报文后 还可以解 析该报文获得用户 MAC地址、 IP地址或其它位置信息如端口号、 交换设备的 MAC地址等; 还可以将该报文转发至位置信息管理装置处理, 在位置信息管 理装置中保存用户 MAC地址、 IP地址或其它位置信息, 位置信息營理装置可 以根据 ·4艮文的来源确定用户的接入点, 如用户接入的交换设备 在本发明的一 个实施倒中, 位置信息管理装置在查询用户 MAC地址等位置信息时, 如果发 现该位置信息的状态是老化状态时, 将该位置信息的状态改为存活状态  After the ARP packet is received, the device can also parse the packet to obtain the user MAC address, IP address, or other location information, such as the port number, the MAC address of the switching device, and the like. The message is forwarded to the location information management device for processing, and the location information management device stores the user MAC address, the IP address or other location information, and the location information management device can determine the user's access point according to the source of the message, such as the user. In an implementation of the present invention, when the location information management device queries the location information such as the user MAC address, if the location information is found to be in an aging state, the state of the location information is changed to a survival state.
下面结合酎图介绍应用本发明实旄倒的位置信息管理装置建立网络连接 的过程  The process of establishing a network connection by using the location information management apparatus of the present invention will be described below with reference to the drawings.
参照图 6, 酎图 6为本发明一个实施例中应用位置信息管理装置建立网络 连接的系統图, 本***中包括策略服务器 (Poliey Server ) 62, 策略服务器 62 与上层管理控制层交互, 用于控制网络连接通道的建立 策略服务器 62可以 是网管服务器或者网管服务器的子模块或其它*** 除此之外,该***还包括: 域内交换设备 60、用户 61、位置信息管理装置 63、宽带网关( BlNiG, Broadband Network Gateway ) 64、 接 ¾ ( AN, Access Node ) 65等网.元。 Referring to FIG. 6, FIG. 6 is a system diagram of establishing a network connection by using a location information management apparatus according to an embodiment of the present invention. The system includes a policy server (Poliey Server) 62, and the policy server 62 interacts with an upper management layer for The establishment policy server 62 for controlling the network connection channel may be a sub-module or other system of the network management server or the network management server. In addition, the system further includes: The intra-domain switching device 60, the user 61, the location information management device 63, the broadband gateway (BlGG, Broadband Network Gateway) 64, and the network element such as the AN (Access Node) 65.
如图 7 所示为本发明一个实施例中在建立网络连接中应用位置信息管理 方法的流程图, 详细步翁描述如下:  FIG. 7 is a flowchart of a method for managing location information in establishing a network connection according to an embodiment of the present invention, and the detailed description is as follows:
701、 策略服务器通知宽带网关 BNG 1 ( :P地址为 10.1 , 1.1 ) 与 ΑΝ】建立网 络连接通道, 其中 AN1连接了用户 1 ( IP地址为 10.1丄 200 ) ;  701. The policy server notifies the broadband gateway BNG 1 (the P address is 10.1, 1.1) and establishes a network connection channel, wherein the AN1 is connected to the user 1 (the IP address is 10.1丄200);
702 BNG i向位置信息管理装置发送查询请求, 查询用户 A(】0丄 1.200)的 MAC地址以及其所连接的 AN 1.的相关位置信息;  702 BNG i sends a query request to the location information management apparatus, and queries the MAC address of the user A (]0丄 1.200) and the related location information of the AN 1.
703、 位置信息管理装置对 BNG1发出的査询进行处理, 返回用户 A(! 0丄 L200)的 MAC地址以及其所连接的 AN1的相关位置信息;  703. The location information management apparatus processes the query sent by the BNG1, and returns a MAC address of the user A (! 0丄 L200) and related location information of the AN1 to which the connection is connected;
704、 BNG 1向 AN1发起建立网絡承载通道。谅网络承载通道为 BNG 1与 AN】 之间连接通道, 用于承载用户〗 (IP地址为 10.1丄 200 ) 的业务数据等。  704. The BNG 1 initiates establishment of a network bearer channel to the AN1. The network bearer channel is the connection channel between BNG 1 and AN], which is used to carry the service data of the user (IP address is 10.1丄 200).
上迷步骡 701对应图 6中的步骤 j至 4描述的流程。  The step 701 corresponds to the flow described in steps j to 4 in Fig. 6.
同样, 策略服务器 62也可以通知 AN65建立到其它网元之间的连接; AN65 向位置信息管理装置 63发送查询请求以查询对端的 1^八:地¾1或其它位置信 息; 位置信息管理装置 63进行处理后返回相应结果; 最后 AN'65根.据上述位置 信息建立到对端的网絡承载通道即建立网络连接.,通信终端用户自动发现通信 对端的 MAC地址  Similarly, the policy server 62 can also notify the AN 65 to establish a connection to other network elements; the AN 65 sends a query request to the location information management device 63 to query the peer's location or other location information; the location information management device 63 performs After processing, the corresponding result is returned; finally AN'65 root. According to the above location information, the network bearer channel established to the opposite end establishes a network connection. The communication terminal user automatically discovers the MAC address of the communication peer end.
由上述对各实施例的描述可见, 本发明实施例通过对 MAC地址、 IP地址 等用户位置信息实行集中控制和管理, 实现对 MAC地址等敏感信息的封装与 隔离, 实现了承载信息与用户信息的隔离, 从而提高了网络安全性与可靠性, 为解决 ARJP欺 和 DOS(Distributed Denial of Service,分布式拒绝服务)攻击等 网络安全问题打下良好的基础; 另外本发明实施倒在集中控制用户 MAC地址 的同时提供了 MAC地址学习机制, 保证了良好的网络 If充性能„  It can be seen from the above description of the embodiments that the embodiment of the present invention implements centralized control and management of user location information such as a MAC address and an IP address to encapsulate and isolate sensitive information such as a MAC address, and implement bearer information and user information. The isolation, which improves the network security and reliability, lays a good foundation for solving network security problems such as ARJP bullying and DOS (Distributed Denial of Service) attacks. In addition, the present invention implements centralized control of user MAC. The address also provides a MAC address learning mechanism to ensure a good network If charging performance
以上应用了优选实施例对本发明进行了描迷,但以上优选实施例仅用于帮 助理解本发明的核心思想及其实施方式,因此本领域的一般技术人员在不偏离 本发明的思想和范围的情形下,可以在具体实施方式及细节上有所改变 这些 改变应当理解为实施了本发明 ¾ The present invention has been described above by using the preferred embodiments, but the above preferred embodiments are only used to help understand the core idea of the present invention and its embodiments, and therefore, those skilled in the art can deviate from the spirit and scope of the present invention. case, these changes may be changed to be understood as the embodiment of the present invention ¾ on the specific embodiments and details

Claims

- Γ! - 权 利 要 求  - Oh! - Claims
1 , —种位置信息營理***, 其特征在于, 包括交换设备和位置信息管理 装置, 所述交换设备向所述位置信息管理装置通告用户位置信息; 所述位置信 息管理装置用于管理接入用户的位置信息。  a location information management system, comprising: a switching device and a location information management device, wherein the switching device notifies user location information to the location information management device; the location information management device is configured to manage access User's location information.
2、 根据权利要求〗所述的***, 其特征在于, 所述交换设,备包括: 边沿交换设备,与至少一个用户相连, 用亍转发用户数据以及处理用户位 置信息;  2. The system according to claim 1, wherein the switching device comprises: an edge switching device, connected to at least one user, configured to forward user data and process user location information;
域内交换设备,与至少一个所述边沿交换设备相连, 负责转发所述用户数 据。  The intra-domain switching device is connected to at least one of the edge switching devices and is responsible for forwarding the user data.
3、 根据权利要求 2所述的***, 其特征在于, 所述边沿交换设备包括: 确定单元, 用于学习与其相连用户的位置信息;  The system according to claim 2, wherein the edge switching device comprises: a determining unit, configured to learn location information of a user connected thereto;
通告单元, 用于将所述位置信息上报至所述位置信息管理装置,,  a notification unit, configured to report the location information to the location information management device,
4、 根据权利要求〗所述的***, 其特征在于, 所述***进一步包括: DHCP服务器、或网管服务器或认证服务器, 所述服务器向所述位置信息 管理装置通告自身位置信息或与其连接用户的位置信息  The system according to claim 1, wherein the system further comprises: a DHCP server, or a network management server or an authentication server, wherein the server notifies the location information management device of its own location information or a user connected thereto location information
5、 —种位置信息管理装置, 其特征在于, 包括数据管理单元, 用于保存 和维护用户位置信息。  5. A location information management apparatus, comprising: a data management unit, configured to save and maintain user location information.
6、根据权利要求 5所述的装置, 其特征在于, 进一步包括数据解析单元, 用于接收上报的数据包 并从所述数据包中解析出用户的位置信息并保存在所 述数据管理单元中  The device according to claim 5, further comprising a data parsing unit, configured to receive the reported data packet, and parse the location information of the user from the data packet and save the data in the data management unit.
7、 根据权利要求 5所迷的装置, 其特征在于, 进.一步包括状态指示器, 用于标识保存在所述数据管理单元中的用户位置信息的存活状态或老化状态„ 7. Apparatus according to claim 5, wherein the step further comprises a status indicator for identifying a survival status or an aging status of the user position information stored in said data management unit.
8、 根据权利要求 5至 7任一项所述的装置, 其特征在于, 迸一步包括: 操作接口,用于对所述数据管理单元中保存的数据进行操作, 所述操作包 括以下一种或其組合方式: 增加、 删除或修改; The apparatus according to any one of claims 5 to 7, further comprising: an operation interface, configured to operate on data held in the data management unit, the operation comprising the following one or Its combination: add, delete or modify;
查询接口, 用于对所述数据管理单元中的用户位置信息进行查询  a query interface, configured to query user location information in the data management unit
9、 根据权利要求 5至 7任一项所述的装置, 其特征在于, 进一步包括地 址解析协议代理单元, 用于接收地址解析协议请求报文, 并根据所述数据管理 单元中存储的用户位置信息向请求方返回包含用户位置信息的响应报文。 10、 一种位置信息管理方法, 其特征在于, 包括: The device according to any one of claims 5 to 7, further comprising an address resolution protocol proxy unit, configured to receive an address resolution protocol request message, and according to a user location stored in the data management unit The information returns a response message containing the user location information to the requester. 10. A method for managing location information, comprising:
获知用户位置信息;  Know user location information;
保存所述用户位置信息, 并对所述用户位置信息进行集中管理。  The user location information is saved, and the user location information is centrally managed.
1.K 根据权利要求】0所述的方法, 其特征在于 > 所述获取用户位置信息 的步骤包括:  1. The method according to claim 0, wherein the step of acquiring user location information comprises:
接收网络设备发送的包含用户位置信息的数据包;  Receiving a data packet sent by the network device that includes user location information;
从所述数据包中获知所述用户位置信息。  The user location information is known from the data packet.
12、 根据权利要求】1所述的方法, 其特征在于, 所述包含用户位置信息 的数据包为:  12. The method according to claim 1, wherein the data packet including user location information is:
交换设备直接转发的用户数据包; 或者  User data packets forwarded directly by the switching device; or
交换设备解析用户协议报文后上报的包含用户位置信息的数据包  A packet containing user location information reported by the switching device after parsing the user protocol packet.
13 ,根据权利要求 10至】 2任一项所述的方法, 其特征在于, 所述保存所 述用户位置信息的步骡包括:  The method according to any one of claims 10 to 2, wherein the step of saving the user location information comprises:
保存用户 MAC地址与交换机端口号或用户 IP地址之间的对应关系表,, 14 , 根据权利要求 13所述的方法, 其特征在于, 所述方法还包括: 设立用户位置信息的状态值,所述用户位置信息的状态包括老化状态、存 活状态;  And storing a correspondence table between the user MAC address and the switch port number or the user IP address, 14 . The method according to claim 13 , wherein the method further comprises: setting a state value of the user location information, where The status of the user location information includes an aging state and a survival state;
当用户位置信息在规定的时间内未被使用时,将状态从存活状态改为老化 状态; 或者将老化状态的用户位置信息删除,,  When the user location information is not used within the specified time, the state is changed from the survival state to the aging state; or the user location information of the aging state is deleted,
PCT/CN2007/070371 2006-11-16 2007-07-27 Location information management method, apparatus and system WO2008058477A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610156947.7 2006-11-16
CNA2006101569477A CN101188510A (en) 2006-11-16 2006-11-16 Method, device and system for central address control

Publications (1)

Publication Number Publication Date
WO2008058477A1 true WO2008058477A1 (en) 2008-05-22

Family

ID=39401328

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070371 WO2008058477A1 (en) 2006-11-16 2007-07-27 Location information management method, apparatus and system

Country Status (2)

Country Link
CN (1) CN101188510A (en)
WO (1) WO2008058477A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917492A (en) * 2010-08-06 2010-12-15 北京乾唐视联网络科技有限公司 Communication method and communication system of novel network

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101702680B (en) * 2009-11-26 2011-12-28 福建星网锐捷网络有限公司 Aging method, device and communication equipment of media accessing control address
CN101895587B (en) * 2010-07-06 2015-09-16 中兴通讯股份有限公司 Prevent the methods, devices and systems of users from modifying IP addresses privately
CN102118316B (en) * 2011-03-07 2013-09-25 杭州华三通信技术有限公司 Method and device for learning MAC (Media Access Control) address
CN102685732A (en) * 2011-03-14 2012-09-19 深圳市同洲软件有限公司 Method, terminal and system for connecting shake message terminal
CN102868555A (en) * 2012-08-31 2013-01-09 浪潮电子信息产业股份有限公司 Method for automatically managing computer based on network
CN103812779B (en) 2012-11-08 2018-03-09 华为技术有限公司 The processing method of flooding, device
CN103457882A (en) * 2013-08-29 2013-12-18 国家电网公司 Intelligent substation secure access method
CN108134853A (en) * 2017-12-06 2018-06-08 杭州迪普科技股份有限公司 A kind of method and apparatus of management terminal location information
CN114268816B (en) * 2021-12-24 2023-11-21 广东悦伍纪网络技术有限公司 Advertisement directional distribution method, device and system based on local area network equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005067263A1 (en) * 2004-01-09 2005-07-21 Matsushita Electric Industrial Co., Ltd. Ip device, management server, and network system
CN1829188A (en) * 2005-03-01 2006-09-06 杭州华为三康技术有限公司 Method for carrying out policy management on medium access control address learning

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005067263A1 (en) * 2004-01-09 2005-07-21 Matsushita Electric Industrial Co., Ltd. Ip device, management server, and network system
CN1829188A (en) * 2005-03-01 2006-09-06 杭州华为三康技术有限公司 Method for carrying out policy management on medium access control address learning

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917492A (en) * 2010-08-06 2010-12-15 北京乾唐视联网络科技有限公司 Communication method and communication system of novel network

Also Published As

Publication number Publication date
CN101188510A (en) 2008-05-28

Similar Documents

Publication Publication Date Title
JP4960437B2 (en) Logical group endpoint discovery for data communication networks
WO2008058477A1 (en) Location information management method, apparatus and system
KR101063080B1 (en) How to provide Ethernet DSL access multiplexer and dynamic service selection and end-user configuration
US7801123B2 (en) Method and system configured for facilitating residential broadband service
US7941512B2 (en) Use of IPv6 in access networks
US7515542B2 (en) Broadband access note with a virtual maintenance end point
JP4575439B2 (en) Method and apparatus for L3-aware switching in an Ethernet passive optical network
JP5053376B2 (en) Point-to-multipoint capability in bridged networks
US7808994B1 (en) Forwarding traffic to VLAN interfaces built based on subscriber information strings
JP4801153B2 (en) Access device, routing device and method for supporting IPv6 stateless address configuration in communication network
US8681779B2 (en) Triple play subscriber and policy management system and method of providing same
WO2007147340A1 (en) Method, system and device of the ethernet technique exchanging and forwarding
WO2007124679A1 (en) Method and system of network communication
JP2008527929A (en) System and method for monitoring end nodes using Ethernet connection fault management (CFM) in an access network
WO2009138034A1 (en) Method and apparatus for internet protocol version six (ipv6) addressing and packet filtering in broadband networks
BRPI0722112B1 (en) access node, telecommunication network infrastructure, and computer read method and memory for communication on a telecommunication network
WO2009094928A1 (en) A method and equipment for transmitting a message based on the layer-2 tunnel protocol
JP2007536851A (en) Session-based packet switching equipment
WO2006122502A1 (en) A transmission method for message in layer 2 and an access device
WO2009082978A1 (en) Access network protecting method, system and access edge node
WO2008151548A1 (en) A method and apparatus for preventing the counterfeiting of the network-side media access control (mac) address
KR101508124B1 (en) Self-configuration of a forwarding table in an access node
WO2014153860A1 (en) Network access method, gateway and system
EP2073506B1 (en) Method for resolving a logical user address in an aggregation network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07764292

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07764292

Country of ref document: EP

Kind code of ref document: A1