WO2008106881A1 - A ppp access method, corresponding system and access node device - Google Patents

A ppp access method, corresponding system and access node device Download PDF

Info

Publication number
WO2008106881A1
WO2008106881A1 PCT/CN2008/070352 CN2008070352W WO2008106881A1 WO 2008106881 A1 WO2008106881 A1 WO 2008106881A1 CN 2008070352 W CN2008070352 W CN 2008070352W WO 2008106881 A1 WO2008106881 A1 WO 2008106881A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
point
protocol
message
packet
Prior art date
Application number
PCT/CN2008/070352
Other languages
French (fr)
Chinese (zh)
Inventor
Zhenting Yang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008106881A1 publication Critical patent/WO2008106881A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/168Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP] specially adapted for link layer protocols, e.g. asynchronous transfer mode [ATM], synchronous optical network [SONET] or point-to-point protocol [PPP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Definitions

  • Point-to-point protocol access method system and access node device
  • the present invention relates to the field of broadband access network technologies, and in particular, to a point-to-point protocol (PPP) access method, system, and access node device.
  • PPP point-to-point protocol
  • the PPP protocol is a data link layer protocol in the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack, providing a standard way to transport multiple network layer protocols over a point-to-point link. Datagram.
  • the PPP protocol has Network Control Protocol (NCP) supporting different network layers, such as Internet Protocol Control Protocol (IPCP) and Internet Work Packet Exchange Control Protocol (IPXCP).
  • NCP Network Control Protocol
  • IPCP Internet Protocol Control Protocol
  • IPXCP Internet Work Packet Exchange Control Protocol
  • LCP Link Control Protocol
  • ALCP Challenge Handshake Authentication Protocol
  • PAP Password Authentication Protocol
  • the authentication protocol is mainly used to authenticate the connected user, prevent the PPP connection of the illegal user, and ensure the security of the network.
  • Figure 1 shows the frame format of the PPP protocol.
  • the protocol field is used to identify the protocol type encapsulated in the information field.
  • the protocol types used mainly include LCP, NCP, and common IP protocols, and their corresponding protocol domains.
  • the fields are 0xC021, 0x80, and 0x0021, respectively.
  • the following information contains different message contents according to different protocols.
  • Asymmetric Digital Subscriber Loop ADSL
  • VDSL Very High-Speed-bit Digital Subscriber Loop
  • Ethernet Ethernet
  • PON Passive Optical Network
  • ATM Asynchronous Transfer Mode
  • PPPoA PPP over
  • ATM ATM
  • PPPoA ⁇ ⁇ is the ATM PPP layer 5 (ATMAAL5, ATM Adaptation Layer 5) PPP
  • PPPoA uses ATM to adapt the 5th layer assembled PPP package.
  • the PPP protocol requires that both parties communicate in a peer-to-peer relationship and cannot be directly applied to broadcast Ethernet, and PPPoE solves this problem.
  • PPPoE Through the PPPoE protocol, multiple hosts in a shared Ethernet network can access multiple PPP sessions with a remote access server through one or more simple bridging access devices.
  • PPPoE not only provides a broadband access method for users using bridged Ethernet access, but also provides convenient access control and billing.
  • the workflow of the PPPoE protocol includes two phases of discovery and session.
  • a host wants to start a PPP session, it first performs a discovery process to identify the other party's Media Access Control (MAC) address, and then establishes a unique PPP session identifier (ID, Identification).
  • ID unique PPP session identifier
  • the host and the access server transmit PPP data according to the PPP protocol, and perform PPP negotiation and data transmission.
  • PPPoA and PPPoE provide a point-to-point connection. The difference is that PPPoA is carried on the ATM network, and PPPoE is carried on the Ethernet network, which is adapted to the ATM standard and Ethernet standard respectively.
  • PPPoX (including PPPoA and PPPoE) provides a point-to-point connection. Protocol packets and user data packets are bundled between the two points of the protocol. .
  • PPPoX including PPPoA and PPPoE
  • Protocol packets and user data packets are bundled between the two points of the protocol. .
  • the inventors found that at least the following problems exist in the prior art: Each technology update of the bearer network needs to support the PPP protocol, and the innovation of the PPP access technology also needs to adapt to the bearer network, which leads to the network. The increase of operating costs is not conducive to the expansion and upgrade of the network. With the evolution of the network, the separation of control and bearer becomes an inevitable requirement.
  • PPPoX provides a point-to-point connection
  • the access server in the network serves as the end of the network side of the point-to-point connection. It needs to terminate a large number of PPP sessions and forward a large number of IP packets. When the service is busy, it is likely to become network performance. The bottleneck.
  • the technical problem to be solved by the embodiments of the present invention is to provide a PPP access authentication method, system, and access node device, so as to implement separation of control and bearer in PPP access authentication.
  • the embodiment of the present invention provides a point-to-point protocol access method, where the method includes:
  • the access node device receives the point-to-point protocol access message from the user, and determines the point-to-point protocol Whether the access packet is a protocol packet or a data packet;
  • the protocol packet is sent to the access controller, and the access controller performs access management on the user;
  • the access node device forwards the data message.
  • An embodiment of the present invention provides a point-to-point protocol access system, where the system includes an access node device and an access controller, where:
  • the access node device is configured to receive a point-to-point protocol access message from the user, and when the point-to-point protocol access message is a protocol message, send the packet to the access controller for processing; When the point-to-point protocol access packet is a data packet, the data packet is forwarded;
  • the access controller is configured to perform access management on the user according to the received protocol packet.
  • An embodiment of the present invention further provides an access node device, where the access node device includes a message receiving and identifying unit, a message sending unit, and a storage unit, where:
  • a message receiving and identifying unit configured to receive a point-to-point protocol message, and identify the received point-to-point protocol message as a protocol message or a data message;
  • the message sending unit forwards the protocol message received by the message receiving and identifying unit to the first destination address, and forwards the data message received by the message receiving and identifying unit to the second purpose according to the data forwarding table stored in the storage unit.
  • a storage unit configured to store a data forwarding table.
  • the access node device judges the PPPoX access message from the user, separates the data packet and the protocol packet, and forwards the data packet, and the access controller Protocol packet access control and management, which completes the separation of control and bearer in PPP access, so that the innovation of PPP access control technology and the evolution of bearer network do not affect each other, which is conducive to network expansion and upgrade, and also saves Network operating costs.
  • the access controller is responsible for access control and management of the user, and the access node device forwards the data packet, and the network load is shared by the two, thereby improving the utilization efficiency of the device and avoiding the burden of a certain device of the network. Excessive weight affects the operation of the entire network, reducing the performance requirements for network devices.
  • 1 is a schematic diagram of a PPP frame format in the prior art
  • 2 is a flowchart of accessing a preferred embodiment of a PPP access method according to the present invention
  • FIG. 3 is a schematic structural diagram of a PPP access system according to a preferred embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a preferred embodiment of an access node device according to the present invention.
  • Step 21 The access node device (AN, Access Node) receives the PPP access message from the user.
  • the user equipment sends a PPP access message to request to establish a PPP connection.
  • the PPP connection can be initiated by the user host or by the Residential Gateway (RG).
  • the PPPoA access packet and the PPPoE access packet are used in the PPP access packet.
  • the PPPoA is used in the routing mode.
  • the access authentication process is performed by the RG, and the PPPoE works in the bridging mode.
  • the host or RG initiates a PPPoE request. Therefore, the specific device on the user side can be the user host or the RG.
  • Step 22 The AN determines whether the PPPoX access message is a protocol message or a data message, if it is a protocol message, step 23 is performed; if it is a data message, step 27 is performed;
  • the AN can determine the type of the packet based on the protocol field of the PPP frame. For example, if the protocol field field is 0x8021, then the NCP protocol is used. If the protocol field is 0x0021, the IP data is ⁇ .
  • Step 23 The protocol packet is sent to an access controller (AC, Access Controller), and the AC performs access management on the user, including access link negotiation, user access address allocation, and access authentication authorization.
  • AC Access Controller
  • the AC performs corresponding processing according to different protocol types. If the received LCP protocol packet is received, the user is negotiated to establish, maintain, or terminate the data link. If the authentication protocol, such as the Password Authentication Protocol (PAP) or the Challenge Handshake Authentication Protocol (CHP), is received, the protocol packet is forwarded to authorization, authentication, and accounting. : Authentication, Authorization and Accounting) The server authenticates the user to prevent unauthorized users from PPP connections. If necessary, the message returned by the AAA server should also be converted to PPPoX format first. When receiving the protocol packet sent by the AC to the user, the AN directly forwards the protocol packet. To the user.
  • PAP Password Authentication Protocol
  • CHP Challenge Handshake Authentication Protocol
  • the AAA implementation can use RADIUS (Remote Authentication Dial In User Service), which is a type of network access server (NAS Access Network) such as BRAS (Broadband Remote Access Server) and shared authentication server.
  • NAS Access Network network access server
  • BRAS Broadband Remote Access Server
  • RADIUS uses UDP (User Datagram Protocol) as its transport protocol.
  • RADIUS is responsible for transmitting the accounting information between the network access server and the shared accounting server.
  • the AC can function as a NAS device such as a BRAS.
  • Step 24 The AN determines whether the user is allowed to access. If not, step 25 is performed; if yes, step 26 is performed;
  • the user identity can be verified to pass or not to determine whether to allow access to the user.
  • Step 25 Close the link and terminate the PPP session.
  • Step 26 The AN establishes and maintains a data forwarding table
  • the AN can obtain the PPP signaling information of the user and the AC through monitoring or detection, and then obtain the required information or parameters.
  • the AN can also be controlled by the AC through an additional control protocol such as SNMP (Simple Network Management Protocol), ANCP (Access Network Control Protocol), and the like.
  • SNMP Simple Network Management Protocol
  • ANCP Access Network Control Protocol
  • each phase has a certain timing relationship. Therefore, if user access is not allowed, for example, if the user's identity authentication is not completed, the data message transmitted by the user cannot be transmitted to the destination network. Therefore, the interface can only transmit PPP packets on the user-side interface. By default, the device can transmit data packets, similar to 802.1X.
  • the AN establishes and maintains a data forwarding table based on the acquired PPP information.
  • one of the data forwarding tables can be: (port [including logical port] identifier, user MAC, PPP session identifier) ⁇ -> (user MAC, user IP address, user gateway IP address), and the AN uses this table to PPP data.
  • the packet is forwarded, including the format of the packet and the packet is sent to the destination address.
  • the format of the packet is translated from IPoE to PPPoE or from PPPoE to PPPoA.
  • the AN obtains the MAC address of the user through the ARP (Address Resolution Protocol).
  • ARP Address Resolution Protocol
  • Step 27 The AN determines whether the user access is allowed, if yes, step 28 is performed; if no, step 29 is performed;
  • the AN can determine whether there is a corresponding session ID and destination address according to the data forwarding table established in step 26, and if so, the user is allowed to access. You can also set a port status indicating the user access in the table. By default, the port is disabled. When the user is allowed to access, the port is open and allows data packets to be transmitted.
  • Step 28 The AN forwards the data packet according to the established and maintained data forwarding table.
  • the negotiation is divided into five phases, namely: an offline phase, an association establishment phase, and authentication. (Authenticate) phase, network control negotiation (Network) phase and termination (Terminate) phase. Different stages of negotiation are carried out at different stages. After the previous agreement is negotiated, the result is transferred to the negotiation of the next stage agreement. Therefore, in general, when the user is allowed to access, for example, the authentication of the user identity is passed, the data message sent by the user can be forwarded by the AN to the destination address.
  • the destination address in the data forwarding table it can be forwarded to the destination network, such as the aggregation network, or other users.
  • the corresponding data packet can be converted from the PPPoX format to the IPoX format, that is, the PPPoX decapsulation is completed, and the data packet is sent to the corresponding destination IP address according to the table.
  • the other end of the PPP connection with the user can also send data packets to the user.
  • the AN After receiving the data packets, the AN sends the data packets to the user according to the established and maintained data forwarding table. . If required, for example, the data packet received by the AN is in the IPoX format, or the receiving side is different from the bearer mode of the network, the AN needs to first convert the received data packet format into the PPPoX format approved by the access side.
  • Step 29 Discard the data packet.
  • PPPoX provides a point-to-point connection.
  • the above is the process of processing PPP access messages sent by users. It can be seen from the above workflow that the PPP access message sent by the user is performed in the AN. Separation, the AN forwards the data packet and sends the protocol packet to the AC for processing. Therefore, the control of the PPP access is separated from the bearer, so that the innovation of the access control technology and the evolution of the bearer network do not affect each other, which is beneficial to the expansion and upgrade of the network.
  • a PPP access method is described in the foregoing embodiment.
  • a PPP access system is described in the following, and the system includes: an access node device and an access controller, where:
  • the access node device is configured to receive a PPP access packet from the user, and determine whether the PPP access packet is a protocol packet or a data packet, and when the PPP access packet is a protocol packet, The method is sent to the access controller for processing, and when the message sent by the access controller is allowed to be accessed by the user, the session data forwarding table is created and maintained; when the PPP access message is a data packet, according to the Forwarding the data forwarding table;
  • the access controller is configured to perform access management on the user according to the received protocol packet, and send the protocol packet to the user through the access node device.
  • the access node device can also be used to forward the data packet sent to the user to the user; receive the PPPoX protocol packet from the access controller and send the packet to the user;
  • RG31, AN32, AC33, and aggregation network 35 form an access network.
  • the AN is logically connected to the AC.
  • RG31 is used to initiate a PPP call, request access to the network, and receive PPP packets and PPP data packets.
  • the AN32 is configured to receive and determine whether the packet sent by the user is a PPP data packet or a PPP protocol packet.
  • the packet is directly sent to the AC33 to authenticate the user.
  • the packet is PPPoX data.
  • the message is forwarded according to the data forwarding table, for example, sent to the Internet Service Provider (ISP) network 36 through the aggregation network 35.
  • ISP Internet Service Provider
  • the data packet sent to the RG31 sent by the aggregation network 35 is forwarded to the user, and the protocol packet sent by the AC33 to the RG31 is directly sent.
  • the AC33 is used to control the PPP connection and perform access management for the user.
  • the authentication information is sent to the AAA server for identity authentication, and the state machine of the PPP is maintained, that is, the conversion is performed in different negotiation stages.
  • the AAA server 34 is configured to authenticate, authorize, and charge the user.
  • the ISP network 36 interacts with the user through the aggregation network 35 to provide access services and information services. And value-added services.
  • An access node device is described below by using an embodiment, where the device includes: a message receiving and identifying unit, a message sending unit, and a storage unit, where:
  • a packet receiving and identifying unit configured to receive a PPP packet and identify whether the received PPP packet is a protocol packet or a data packet;
  • the message sending unit forwards the protocol message received by the message receiving and identifying unit to the first destination address, and forwards the data message received by the message receiving and identifying unit to the second purpose according to the data forwarding table stored in the storage unit.
  • a storage unit configured to store a data forwarding table.
  • the access node device further includes a format conversion unit, configured to perform format conversion on the packet sent by the packet receiving and identifying unit according to the bearer mode of the destination network, and then send the packet to the packet sending unit.
  • a format conversion unit configured to perform format conversion on the packet sent by the packet receiving and identifying unit according to the bearer mode of the destination network, and then send the packet to the packet sending unit.
  • PPPoX and IPoX can be converted
  • PPPoA and PPPoE can be converted.
  • the access node device includes: a message receiving and identifying unit 41, a text sending unit 42, and a storage unit 43, and further includes a format converting unit 44, where:
  • the packet receiving and identifying unit 41 is configured to receive the PPP packet and identify whether the received PPP packet is a protocol packet or a data packet.
  • the message sending unit 42 forwards the protocol message received by the message receiving and identifying unit 41 to the first destination address, for example, the address of the access controller in the access network; according to the data forwarding table stored in the storage unit 43 The data packet received by the text receiving and identifying unit 41 is forwarded to the second destination address;
  • the storage unit 43 is configured to store a data forwarding table
  • the format conversion unit 44 is configured to format the message sent by the message receiving and identifying unit 41 according to the bearer mode of the destination network, and then send the message to the message sending unit 42.
  • the parameters in the data forwarding table according to the forwarding data packet may include: a PPP session identifier, an access user identifier, and a forwarding path identifier.
  • the access node device can also obtain other required PPP signaling information as parameters in the data forwarding table.
  • the access node device determines the PPPoX access packet from the user side, separates the data packet and the protocol packet, and forwards the data packet, and the access control The device performs access control and management according to the protocol packet, thereby completing the separation of PPP access control and bearer, so that the innovation of PPP access control technology and the evolution of the bearer network do not affect each other, which is beneficial to network expansion and upgrade. It also saves network operating costs.
  • the access controller is responsible for access control and management of the user, and the access node device forwards the data packet, and the network load is shared by the two, thereby improving the utilization efficiency of the device and avoiding the burden of a certain device of the network. Excessive weight affects the operation of the entire network, reducing the performance requirements for network devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A PPP access method, corresponding system and access node device are provided, with the method including steps of: an access node device receiving the PPP access message from the user, determining whether the PPP access message is a protocol message or a data message; when the PPP access message is a protocol message, sending the protocol message to an access controller, and performing access management for the user by the access controller; and when the PPP access message is a data message, forwarding the data message by the access node device.

Description

一种点对点协议接入方法、 ***及接入节点设备  Point-to-point protocol access method, system and access node device
本申请要求于 2007 年 3 月 2 日提交中国专利局、 申请号为 200710085357.4、 发明名称为"一种点对点协议接入方法、 ***及接入节点设 备"的中国专利申请的优先权, 其全部内容通过引用结合在本申请中。  This application claims priority to Chinese Patent Application No. 200710085357.4, entitled "A Peer-to-Peer Access Method, System and Access Node Device", filed on March 2, 2007, the entire contents of which is hereby incorporated by reference. This is incorporated herein by reference.
技术领域 Technical field
本发明涉及宽带接入网技术领域, 尤其涉及一种点对点协议 (PPP, Point to Point Protocol)接入方法、 ***及接入节点设备。  The present invention relates to the field of broadband access network technologies, and in particular, to a point-to-point protocol (PPP) access method, system, and access node device.
背景技术 Background technique
PPP 协议是传输控制协议 /因特网协议 (TCP/IP , Transmission Control Protocol/Internet Protocol )协议栈中的数据链路层协议, 提供一种标准的方式 在点对点的链路上传输多个网络层协议的数据报。 PPP协议有支持不同网络层 次的网络控制协议 ( NCP, Network Control Protocol),如网际协议控制协议 (IPCP, Internet Protocol Control Protocol)和互联网络数据包交换控制协议 (IPXCP, Internet work Packet Exchange Control Protocol) , 链路控制协议 (LCP, Link Control Protocol)以及验证族协议如挑战握手验证协议(CHAP, Challenge Handshake Authentication Protocol)、口令验证协议 (PAP, Password Authentication Protocol) 0 其中, NCP主要用来协商链路上传输的数据包的格式和类型, LCP 主要用来建立、 拆除和监控 PPP数据链路, 验证族协议主要用来对连接用户 进行身份验证, 防止非法用户的 PPP连接, 保证网络的安全。 图 1所示为 PPP 协议的帧格式, 其中, 协议域用于识别信息域字段封装的协议类型, 目前主要 用到的协议类型有 LCP、 NCP和普通的 IP协议, 而它们相对应的协议域字段 分别为 0xC021、 0x8021、 0x0021 , 后面的信息根据不同的协议包含不同的报 文内容。 The PPP protocol is a data link layer protocol in the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack, providing a standard way to transport multiple network layer protocols over a point-to-point link. Datagram. The PPP protocol has Network Control Protocol (NCP) supporting different network layers, such as Internet Protocol Control Protocol (IPCP) and Internet Work Packet Exchange Control Protocol (IPXCP). Link Control Protocol (LCP) and authentication protocol protocols such as Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP) 0, where NCP is mainly used to negotiate links. The format and type of the transmitted data packet. The LCP is mainly used to establish, tear down, and monitor the PPP data link. The authentication protocol is mainly used to authenticate the connected user, prevent the PPP connection of the illegal user, and ensure the security of the network. Figure 1 shows the frame format of the PPP protocol. The protocol field is used to identify the protocol type encapsulated in the information field. Currently, the protocol types used mainly include LCP, NCP, and common IP protocols, and their corresponding protocol domains. The fields are 0xC021, 0x80, and 0x0021, respectively. The following information contains different message contents according to different protocols.
随着网络技术的发展, 宽带接入已经成为一种主导的用户接入方式。 常见 的宽带接入方式有非对称数字用户环路 (ADSL, Asymmetrical Digital Subscriber Loop),甚高速数字用户环路 (VDSL, Very-high-bit-rate Digital Subscriber Loop), 以太网、 无源光网络 (PON, Passive Optical Network)。 根据运营商运营的需要, 这些接入方式需要有宽带拨号与认证的过程。当前宽带拨号与认证的主要方式 有异步传输模式 (ATM, Asynchronous Transfer Mode)承载 PPP (PPPoA, PPP over ATM, )和以太网承载 PPP (PPPoE, PPP over Ethernet)。 其中, PPPoA ^ ^于 ATM适配第 5层 (ATMAAL5, ATM Adaptation Layer 5)的 PPP, PPPoA使用 ATM 适配第 5层组装 PPP封装的包。 PPP协议要求进行通信的双方是点对点的关系, 无法直接应用于广播型的以太网, 而 PPPoE解决了这一问题。 通过 PPPoE协 议 ,在一个共享的以太网中的多个主机可以通过一个或多个简单的桥接接入设 备, 与远程接入服务器进行多个 PPP会话。 PPPoE不仅为使用桥接以太网接 入的用户提供了一种宽带接入手段, 同时还能提供方便的接入控制和计费。 With the development of network technology, broadband access has become a dominant user access method. Common broadband access methods include Asymmetric Digital Subscriber Loop (ADSL), Very High-Speed-bit Digital Subscriber Loop (VDSL), Ethernet, and Passive Optical Network. (PON, Passive Optical Network). These access methods require broadband dialing and authentication as required by the operator's operations. The main mode of current broadband dial-up and authentication is Asynchronous Transfer Mode (ATM), which carries PPP (PPPoA, PPP over). ATM, ) and Ethernet bear PPP (PPPoE, PPP over Ethernet). Among them, PPPoA ^ ^ is the ATM PPP layer 5 (ATMAAL5, ATM Adaptation Layer 5) PPP, PPPoA uses ATM to adapt the 5th layer assembled PPP package. The PPP protocol requires that both parties communicate in a peer-to-peer relationship and cannot be directly applied to broadcast Ethernet, and PPPoE solves this problem. Through the PPPoE protocol, multiple hosts in a shared Ethernet network can access multiple PPP sessions with a remote access server through one or more simple bridging access devices. PPPoE not only provides a broadband access method for users using bridged Ethernet access, but also provides convenient access control and billing.
PPPoE协议的工作流程包括发现和会话两个阶段。 一个主机想开始一个 PPP 会话时, 它首先要执行一个发现过程来识别对方的介质访问控制(MAC, Medium Access Control)地址, 然后建立一个唯一的 PPP 会话标识(ID, Identification)。 PPPoE会话阶段开始后, 主机和接入服务器依据 PPP协议传送 PPP数据, 进行 PPP的各项协商和数据传输。 PPPoA与 PPPoE提供的都是一 种点到点的连接, 不同之处在于, PPPoA是承载在 ATM网络上的, 而 PPPoE 是承载在以太网网络上的, 分别适应 ATM标准和以太网标准。 The workflow of the PPPoE protocol includes two phases of discovery and session. When a host wants to start a PPP session, it first performs a discovery process to identify the other party's Media Access Control (MAC) address, and then establishes a unique PPP session identifier (ID, Identification). After the PPPoE session begins, the host and the access server transmit PPP data according to the PPP protocol, and perform PPP negotiation and data transmission. PPPoA and PPPoE provide a point-to-point connection. The difference is that PPPoA is carried on the ATM network, and PPPoE is carried on the Ethernet network, which is adapted to the ATM standard and Ethernet standard respectively.
由于 PPP协议是一种标准的点对点连接,而 PPPoX(包括 PPPoA和 PPPoE ) 提供的也是一种点对点连接,协议报文和用户数据报文在协议的两点之间控制 和承载是捆绑在一起的。在进行本发明创造过程中,发明人发现现有技术中至 少存在如下问题: 承载网络的每项技术更新都需要支持 PPP协议, 而 PPP接 入技术的革新也要适应承载网络, 这样会导致网络运营成本的增加, 不利于网 络的扩展与升级,随着网络的演进,控制与承载分离成为必然要求。由于 PPPoX 提供的是点到点的连接, 网络中的接入服务器作为点对点连接中网络侧的一 端, 需要终结大量的 PPP会话, 转发大量的 IP数据包, 在业务繁忙时, 很可 能成为网络性能的瓶颈。  Since the PPP protocol is a standard point-to-point connection, PPPoX (including PPPoA and PPPoE) provides a point-to-point connection. Protocol packets and user data packets are bundled between the two points of the protocol. . In the process of creating the present invention, the inventors found that at least the following problems exist in the prior art: Each technology update of the bearer network needs to support the PPP protocol, and the innovation of the PPP access technology also needs to adapt to the bearer network, which leads to the network. The increase of operating costs is not conducive to the expansion and upgrade of the network. With the evolution of the network, the separation of control and bearer becomes an inevitable requirement. Since PPPoX provides a point-to-point connection, the access server in the network serves as the end of the network side of the point-to-point connection. It needs to terminate a large number of PPP sessions and forward a large number of IP packets. When the service is busy, it is likely to become network performance. The bottleneck.
发明内容 Summary of the invention
本发明实施例所要解决的技术问题是提供一种 PPP接入认证方法、 *** 和接入节点设备, 以实现 PPP接入认证中控制和承载的分离。  The technical problem to be solved by the embodiments of the present invention is to provide a PPP access authentication method, system, and access node device, so as to implement separation of control and bearer in PPP access authentication.
为解决上述技术问题, 本发明实施例的目的是通过以下技术方案实现的: 本发明实施例提供了一种点对点协议接入方法, 该方法包括:  To solve the above technical problem, the object of the present invention is implemented by the following technical solutions: The embodiment of the present invention provides a point-to-point protocol access method, where the method includes:
接入节点设备接收来自用户的点对点协议接入报文,判断所述点对点协议 接入报文为协议报文还是数据报文; The access node device receives the point-to-point protocol access message from the user, and determines the point-to-point protocol Whether the access packet is a protocol packet or a data packet;
当所述点对点协议接入报文为协议报文时,将所述的协议报文发送至接入 控制器, 并由所述的接入控制器对用户进行接入管理;  When the point-to-point protocol access packet is a protocol packet, the protocol packet is sent to the access controller, and the access controller performs access management on the user;
当所述点对点协议接入报文为数据报文时,所述接入节点设备转发所述数 据报文。  When the point-to-point protocol access message is a data message, the access node device forwards the data message.
本发明实施例提供了一种点对点协议接入***, 该***包括接入节点设 备、 接入控制器, 其中:  An embodiment of the present invention provides a point-to-point protocol access system, where the system includes an access node device and an access controller, where:
所述接入节点设备, 用于接收来自用户的点对点协议接入报文, 在所述点 对点协议接入报文为协议报文时,将其发送至所述接入控制器进行处理; 在所 述点对点协议接入报文为数据报文时, 转发所述数据报文;  The access node device is configured to receive a point-to-point protocol access message from the user, and when the point-to-point protocol access message is a protocol message, send the packet to the access controller for processing; When the point-to-point protocol access packet is a data packet, the data packet is forwarded;
接入控制器, 用于根据接收到的协议报文对用户进行接入管理。  The access controller is configured to perform access management on the user according to the received protocol packet.
本发明实施例还提供了一种接入节点设备,该接入节点设备包括报文接收 识别单元、 报文发送单元、 存储单元, 其中:  An embodiment of the present invention further provides an access node device, where the access node device includes a message receiving and identifying unit, a message sending unit, and a storage unit, where:
报文接收识别单元,用于接收点对点协议报文并识别接收到的所述点对点 协议报文为协议报文还是数据报文;  a message receiving and identifying unit, configured to receive a point-to-point protocol message, and identify the received point-to-point protocol message as a protocol message or a data message;
报文发送单元,将报文接收识别单元接收到的协议报文转发至第一目的地 址,根据存储单元中存储的数据转发表将报文接收识别单元接收到的数据报文 转发至第二目的地址;  The message sending unit forwards the protocol message received by the message receiving and identifying unit to the first destination address, and forwards the data message received by the message receiving and identifying unit to the second purpose according to the data forwarding table stored in the storage unit. Address
存储单元, 用于存储数据转发表。  A storage unit, configured to store a data forwarding table.
从以上技术方案可以看出, 通过接入节点设备对来自用户的 PPPoX接入 报文进行判断, 分离出数据报文与协议报文, 并将数据报文进行转发, 而由接 入控制器根据协议报文进行接入控制与管理, 从而完成了 PPP接入中控制与 承载的分离, 使得 PPP接入控制技术的革新与承载网络的演进互不影响, 利 于网络的扩展与升级, 同时也节约了网络运营成本。  It can be seen from the above technical solution that the access node device judges the PPPoX access message from the user, separates the data packet and the protocol packet, and forwards the data packet, and the access controller Protocol packet access control and management, which completes the separation of control and bearer in PPP access, so that the innovation of PPP access control technology and the evolution of bearer network do not affect each other, which is conducive to network expansion and upgrade, and also saves Network operating costs.
同时, 由接入控制器负责对用户进行接入控制与管理, 而由接入节点设备 转发数据包, 网络负荷由二者分担, 从而提高了设备的利用效率, 避免了网络 的某一设备负担过重而影响整个网络的运行, 降低了对网络设备的性能要求。 附图说明  At the same time, the access controller is responsible for access control and management of the user, and the access node device forwards the data packet, and the network load is shared by the two, thereby improving the utilization efficiency of the device and avoiding the burden of a certain device of the network. Excessive weight affects the operation of the entire network, reducing the performance requirements for network devices. DRAWINGS
图 1为现有技术中 PPP帧格式示意图; 图 2为本发明 PPP接入方法的较佳实施例的接入流程图; 1 is a schematic diagram of a PPP frame format in the prior art; 2 is a flowchart of accessing a preferred embodiment of a PPP access method according to the present invention;
图 3为本发明 PPP接入***较佳实施例的结构示意图;  3 is a schematic structural diagram of a PPP access system according to a preferred embodiment of the present invention;
图 4为本发明接入节点设备较佳实施例的结构示意图。  4 is a schematic structural diagram of a preferred embodiment of an access node device according to the present invention.
具体实施方式 detailed description
为使本发明的目的、技术方案及优点更加清楚明白, 以下参照附图并举实 施例, 对本发明进一步详细说明。  The present invention will be further described in detail below with reference to the drawings and embodiments.
首先举一实施例说明本发明提供的 PPP接入方法, 参照图 2。  First, an embodiment will be described to explain a PPP access method provided by the present invention. Referring to FIG.
步骤 21: 接入节点设备 (AN, Access Node)接收来自用户的 PPP接入报文; 首先由用户设备发送 PPP接入报文, 请求建立 PPP连接。 PPP连接可以 由用户主机发起, 也可以由驻地网关 (RG, Residential Gateway)发起。 PPP接入 报文根据承载方式的不同包括 PPPoA接入报文和 PPPoE接入报文, 一般情况 下, PPPoA用于路由方式, 接入认证过程由 RG完成, 而 PPPoE工作于桥接 方式, 由用户主机或 RG发起 PPPoE请求。 因此用户侧具体设备可为用户主 机, 也可以为 RG。  Step 21: The access node device (AN, Access Node) receives the PPP access message from the user. First, the user equipment sends a PPP access message to request to establish a PPP connection. The PPP connection can be initiated by the user host or by the Residential Gateway (RG). The PPPoA access packet and the PPPoE access packet are used in the PPP access packet. Generally, the PPPoA is used in the routing mode. The access authentication process is performed by the RG, and the PPPoE works in the bridging mode. The host or RG initiates a PPPoE request. Therefore, the specific device on the user side can be the user host or the RG.
步骤 22: AN判断所述 PPPoX接入报文为协议报文还是数据报文, 如果 是协议报文, 则执行步骤 23 ; 如果为数据报文, 则执行步骤 27;  Step 22: The AN determines whether the PPPoX access message is a protocol message or a data message, if it is a protocol message, step 23 is performed; if it is a data message, step 27 is performed;
AN可以根据 PPP帧的协议域来判断^艮文类型, 如协议域字段为 0x8021 , 则为 NCP协议 ^艮文, 如协议字段为 0x0021 , 则为 IP数据 ^艮文。  The AN can determine the type of the packet based on the protocol field of the PPP frame. For example, if the protocol field field is 0x8021, then the NCP protocol is used. If the protocol field is 0x0021, the IP data is 艮.
步骤 23: 将所述协议报文发送至接入控制器 (AC, Access Controller), 并由 AC对用户进行接入管理, 包括接入链路协商、 用户接入地址分配、 接入认证 授权;  Step 23: The protocol packet is sent to an access controller (AC, Access Controller), and the AC performs access management on the user, including access link negotiation, user access address allocation, and access authentication authorization.
在接入管理的过程中, AC根据不同的协议类型, 进行相应的处理。 如接 收到的为 LCP协议报文, 则与用户进行协商, 进行数据链路的建立、 维护或 终止。 如果接收到的为认证族协议如密码验证协议 PAP(Password Authentication Protocol , PAP)或密码握手鉴定协议 (Challenge Handshake Authentication Protocol , CHAP) ,则将该协议报文转发到授权、验证和计费 (ΑΑΑ: Authentication, Authorization and Accounting)服务器对用户进行身份认证, 以防 非法用户的 PPP连接。 如果需要, 还应将 AAA服务器返回的报文首先转换为 PPPoX格式。 AN接收到 AC发往用户的协议报文时, 直接将该协议报文转发 至用户。 In the process of access management, the AC performs corresponding processing according to different protocol types. If the received LCP protocol packet is received, the user is negotiated to establish, maintain, or terminate the data link. If the authentication protocol, such as the Password Authentication Protocol (PAP) or the Challenge Handshake Authentication Protocol (CHP), is received, the protocol packet is forwarded to authorization, authentication, and accounting. : Authentication, Authorization and Accounting) The server authenticates the user to prevent unauthorized users from PPP connections. If necessary, the message returned by the AAA server should also be converted to PPPoX format first. When receiving the protocol packet sent by the AC to the user, the AN directly forwards the protocol packet. To the user.
AAA的实现可釆用 RADIUS ( Remote Authentication Dial In User Service, 远程用户拨号认证***), RADIUS是一种在 NAS ( Network Access Server, 网 络接入服务器)如 BRAS ( Broadband Remote Access Server )和共享认证服务 器间传输认证、 授权和配置信息的协议。 RADIUS 使用 UDP ( User Datagram Protocol, 用户数据报协议)作为其传输协议。 此外 RADIUS也负责传送网络 接入服务器和共享计费服务器间的计费信息。 在本实施例中, AC 可以作为 BRAS等 NAS设备。  The AAA implementation can use RADIUS (Remote Authentication Dial In User Service), which is a type of network access server (NAS Access Network) such as BRAS (Broadband Remote Access Server) and shared authentication server. A protocol for transmitting authentication, authorization, and configuration information. RADIUS uses UDP (User Datagram Protocol) as its transport protocol. In addition, RADIUS is responsible for transmitting the accounting information between the network access server and the shared accounting server. In this embodiment, the AC can function as a NAS device such as a BRAS.
步骤 24: AN判断是否允许该用户接入, 如果否, 则执行步骤 25; 如果 是, 则执行步骤 26;  Step 24: The AN determines whether the user is allowed to access. If not, step 25 is performed; if yes, step 26 is performed;
可以通过对用户身份进行验证是否通过来决定是否允许该用户接入。  The user identity can be verified to pass or not to determine whether to allow access to the user.
步骤 25: 关闭拆除链路, 终结 PPP会话;  Step 25: Close the link and terminate the PPP session.
步骤 26: AN建立并维护数据转发表;  Step 26: The AN establishes and maintains a data forwarding table;
AN可以通过监控或探测来获取用户与 AC的 PPP信令信息, 进而获取所 需要的信息或参数。 也可以由 AC 通过附加的控制协议如 SNMP ( Simple Network Management Protocol, 简单网络管理协议)、 ANCP ( Access Network Control Protocol, 接入网络控制协议)等来控制 AN。 这样, 在 AN中就有一 个管理代理, 它用于向 AC请求信息和动作。  The AN can obtain the PPP signaling information of the user and the AC through monitoring or detection, and then obtain the required information or parameters. The AN can also be controlled by the AC through an additional control protocol such as SNMP (Simple Network Management Protocol), ANCP (Access Network Control Protocol), and the like. Thus, there is a management agent in the AN that is used to request information and actions from the AC.
由于在 PPP 点对点通信中, 各个阶段是有一定的时序关系的, 因此, 如 果不允许用户接入,如对用户的身份认证没有完成, 则该用户传送的数据报文 就无法传递到目的网络,因此可以设置默认情况下 AN在用户侧的端口只能传 输 PPP协议报文, 当认证通过, 才可以传输数据报文, 类似于 802.1X。  In PPP peer-to-peer communication, each phase has a certain timing relationship. Therefore, if user access is not allowed, for example, if the user's identity authentication is not completed, the data message transmitted by the user cannot be transmitted to the destination network. Therefore, the interface can only transmit PPP packets on the user-side interface. By default, the device can transmit data packets, similar to 802.1X.
AN根据所获取的 PPP信息建立和维护数据转发表。  The AN establishes and maintains a data forwarding table based on the acquired PPP information.
比如, 数据转发表其中一条可为: (端口 [含逻辑端口]标识, 用户 MAC, PPP会话标识 ) <-> (用户 MAC, 用户 IP地址, 用户网关 IP地址), AN依据此 表对 PPP数据报文进行转发处理, 包括报文格式的转换以及将报文发送到目 的地址, 报文格式转换如: IPoE到 PPPoE转换, 或者 PPPoE到 PPPoA的转 换。  For example, one of the data forwarding tables can be: (port [including logical port] identifier, user MAC, PPP session identifier) <-> (user MAC, user IP address, user gateway IP address), and the AN uses this table to PPP data. The packet is forwarded, including the format of the packet and the packet is sent to the destination address. The format of the packet is translated from IPoE to PPPoE or from PPPoE to PPPoA.
上面所述如果是 PPPoE情况, 而且如果 AN为三层设备的情况下, 可以 直接在本地获取数据报文的目的 MAC地址; 如果 AN为两层设备的情况, 如 AN为交换机, AN通过 ARP ( Address Resolution Protocol, 地址解析协议 )获 用户的 MAC地址。 If the above is the case of PPPoE, and if the AN is a three-layer device, If the AN is a switch, the AN obtains the MAC address of the user through the ARP (Address Resolution Protocol).
步骤 27: AN判断用户接入是否经允许, 如果是, 则执行步骤 28; 如果 否, 则执行步骤 29;  Step 27: The AN determines whether the user access is allowed, if yes, step 28 is performed; if no, step 29 is performed;
如 AN可以通过查找步骤 26所建立的数据转发表, 根据该表中是否有相 应的会话 ID及目的地址来判断, 如果有, 则说明允许用户接入。 也可以在该 表中设置一个表示用户接入的端口状态, 默认情况下, 该端口为关闭, 当允许 用户接入时, 该端口为打开, 允许传输数据报文。  For example, the AN can determine whether there is a corresponding session ID and destination address according to the data forwarding table established in step 26, and if so, the user is allowed to access. You can also set a port status indicating the user access in the table. By default, the port is disabled. When the user is allowed to access, the port is open and allows data packets to be transmitted.
步骤 28: AN根据所建立和维护的数据转发表对数据报文进行转发; 在 PPP点对点通信中, 协商分为 5个阶段, 即: 离线 (Dead)阶段、 链路建 立 (Establish)阶段、 认证 (Authenticate)阶段、 网络控制协商 (Network)阶段和结 束 (Terminate)阶段。 不同阶段进行不同协议的协商, 前面的协议协商得出结果 后, 再转入下一阶段协议的协商。 因此, 一般情况下, 当允许用户接入, 例如 对用户身份进行的验证通过后,该用户发送的数据报文才可以被 AN转发到目 的地址。  Step 28: The AN forwards the data packet according to the established and maintained data forwarding table. In the PPP peer-to-peer communication, the negotiation is divided into five phases, namely: an offline phase, an association establishment phase, and authentication. (Authenticate) phase, network control negotiation (Network) phase and termination (Terminate) phase. Different stages of negotiation are carried out at different stages. After the previous agreement is negotiated, the result is transferred to the negotiation of the next stage agreement. Therefore, in general, when the user is allowed to access, for example, the authentication of the user identity is passed, the data message sent by the user can be forwarded by the AN to the destination address.
根据数据转发表中的目的地址可以转发到目的网络,如汇聚网,也可以是 其他的用户。  According to the destination address in the data forwarding table, it can be forwarded to the destination network, such as the aggregation network, or other users.
数据转发表中, 可以将相应的数据报文由 PPPoX格式转换为 IPoX格式, 即完成 PPPoX的解封装, 并根据该表将数据报文发往相应的目的 IP地址。  In the data forwarding table, the corresponding data packet can be converted from the PPPoX format to the IPoX format, that is, the PPPoX decapsulation is completed, and the data packet is sent to the corresponding destination IP address according to the table.
当允许用户接入后, 与用户建立 PPP连接的另一端也可向用户发送数据 报文, 当 AN接收到这些数据报文后, 根据所建立和维护的数据转发表将数据 报文发送至用户。 如果需要, 例如 AN接收到的数据报文为 IPoX格式, 或接 入侧与网络的承载方式有所不同,则 AN需要先将接收到的数据报文格式转换 为接入侧认可的 PPPoX格式。  After the user is allowed to access, the other end of the PPP connection with the user can also send data packets to the user. After receiving the data packets, the AN sends the data packets to the user according to the established and maintained data forwarding table. . If required, for example, the data packet received by the AN is in the IPoX format, or the receiving side is different from the bearer mode of the network, the AN needs to first convert the received data packet format into the PPPoX format approved by the access side.
步骤 29: 将该数据报文丟弃。  Step 29: Discard the data packet.
PPPoX提供的是点对点的连接, 以上是对用户发出的 PPP接入报文进行 处理的过程。 由上述工作流程可以看出,用户发出的 PPP接入报文在 AN进行 了分离, AN将数据报文进行转发, 而将协议报文发送到 AC进行处理。 从而 实现将 PPP接入的控制与承载分离, 使得接入控制技术的革新与承载网络的 演进互不影响, 利于网络的扩展与升级。 PPPoX provides a point-to-point connection. The above is the process of processing PPP access messages sent by users. It can be seen from the above workflow that the PPP access message sent by the user is performed in the AN. Separation, the AN forwards the data packet and sends the protocol packet to the AC for processing. Therefore, the control of the PPP access is separated from the bearer, so that the innovation of the access control technology and the evolution of the bearer network do not affect each other, which is beneficial to the expansion and upgrade of the network.
通过以上实施例说明了一种 PPP接入方法,以下通过实施例说明一种 PPP 接入***, 该***包括: 接入节点设备、 接入控制器, 其中:  A PPP access method is described in the foregoing embodiment. A PPP access system is described in the following, and the system includes: an access node device and an access controller, where:
接入节点设备, 用于接收来自用户的 PPP接入报文, 判断所述 PPP接入 报文为协议报文还是数据报文, 并在所述 PPP接入报文为协议报文时, 将其 发送到接入控制器进行处理,在接收到接入控制器发送的允许用户接入的消息 时, 创建并维护会话数据转发表; 在所述 PPP接入报文为数据报文时, 根据 所述数据转发表将其转发;  The access node device is configured to receive a PPP access packet from the user, and determine whether the PPP access packet is a protocol packet or a data packet, and when the PPP access packet is a protocol packet, The method is sent to the access controller for processing, and when the message sent by the access controller is allowed to be accessed by the user, the session data forwarding table is created and maintained; when the PPP access message is a data packet, according to the Forwarding the data forwarding table;
接入控制器, 用于根据接收到的协议报文对用户进行接入管理, 将协议报 文通过接入节点设备发送至用户。  The access controller is configured to perform access management on the user according to the received protocol packet, and send the protocol packet to the user through the access node device.
接入节点设备还可用于转发发往用户的数据报文至用户;接收来自接入控 制器的 PPPoX协议报文并发送至用户;  The access node device can also be used to forward the data packet sent to the user to the user; receive the PPPoX protocol packet from the access controller and send the packet to the user;
如图 3所示, RG31、 AN32、 AC33 以及汇聚网 35组成了一个接入网, As shown in FIG. 3, RG31, AN32, AC33, and aggregation network 35 form an access network.
AN逻辑上连接 AC。 The AN is logically connected to the AC.
RG31用于发起 PPP呼叫, 请求接入网络, 接收 PPP协议报文与 PPP数 据报文。  RG31 is used to initiate a PPP call, request access to the network, and receive PPP packets and PPP data packets.
AN32用于接收并判断用户发送的报文为 PPP数据报文还是 PPP协议报 文, 在该报文为 PPP协议报文时, 直接发送到 AC33对用户进行进行认证, 在 该报文为 PPPoX数据报文时根据数据转发表进行转发,如通过汇聚网 35发送 至因特网服务提供商 (ISP , Internet Service Provider)网络 36。 将汇聚网 35发送 的发往 RG31的数据报文转发至用户, 将 AC33发往 RG31的协议报文直接发 送。  The AN32 is configured to receive and determine whether the packet sent by the user is a PPP data packet or a PPP protocol packet. When the packet is a PPP protocol packet, the packet is directly sent to the AC33 to authenticate the user. The packet is PPPoX data. The message is forwarded according to the data forwarding table, for example, sent to the Internet Service Provider (ISP) network 36 through the aggregation network 35. The data packet sent to the RG31 sent by the aggregation network 35 is forwarded to the user, and the protocol packet sent by the AC33 to the RG31 is directly sent.
AC33用于对 PPP连接进行控制和对用户进行接入管理, 如将认证信息发 往 AAA服务器进行身份认证, 同时维护 PPP的状态机, 即进行不同协商阶段 的转换。  The AC33 is used to control the PPP connection and perform access management for the user. For example, the authentication information is sent to the AAA server for identity authentication, and the state machine of the PPP is maintained, that is, the conversion is performed in different negotiation stages.
AAA服务器 34, 用于对用户进行鉴权、 授权、 计费。  The AAA server 34 is configured to authenticate, authorize, and charge the user.
ISP网络 36通过汇聚网 35与用户进行交互, 可以提供接入业务、 信息业 务和增值业务。 The ISP network 36 interacts with the user through the aggregation network 35 to provide access services and information services. And value-added services.
下面通过实施例来说明一种接入节点设备, 该设备包括: 报文接收识别单 元、 报文发送单元、 存储单元, 其中:  An access node device is described below by using an embodiment, where the device includes: a message receiving and identifying unit, a message sending unit, and a storage unit, where:
报文接收识别单元, 用于接收 PPP报文并识别接收到的所述 PPP报文为 协议报文还是数据报文;  a packet receiving and identifying unit, configured to receive a PPP packet and identify whether the received PPP packet is a protocol packet or a data packet;
报文发送单元,将报文接收识别单元接收到的协议报文转发至第一目的地 址,根据存储单元中存储的数据转发表将报文接收识别单元接收到的数据报文 转发至第二目的地址;  The message sending unit forwards the protocol message received by the message receiving and identifying unit to the first destination address, and forwards the data message received by the message receiving and identifying unit to the second purpose according to the data forwarding table stored in the storage unit. Address
存储单元, 用于存储数据转发表。  A storage unit, configured to store a data forwarding table.
为了适应不同的网络承载方式, 该接入节点设备还包括格式转换单元, 用 于根据目的网络的承载方式将报文接收识别单元发送的报文进行格式转换后 再发送到报文发送单元。如可以进行 PPPoX与 IPoX的转换, PPPoA与 PPPoE 的相互转换。  In order to adapt to different network bearer modes, the access node device further includes a format conversion unit, configured to perform format conversion on the packet sent by the packet receiving and identifying unit according to the bearer mode of the destination network, and then send the packet to the packet sending unit. For example, PPPoX and IPoX can be converted, and PPPoA and PPPoE can be converted.
如图 4所示的接入节点设备结构示意图, 该接入节点设备包括: 报文接收 识别单元 41、 文发送单元 42、 存储单元 43 , 还可以包括格式转换单元 44, 其中:  As shown in FIG. 4, the access node device includes: a message receiving and identifying unit 41, a text sending unit 42, and a storage unit 43, and further includes a format converting unit 44, where:
报文接收识别单元 41用于接收 PPP报文并识别接收到的所述 PPP报文为 协议报文还是数据报文;  The packet receiving and identifying unit 41 is configured to receive the PPP packet and identify whether the received PPP packet is a protocol packet or a data packet.
报文发送单元 42将报文接收识别单元 41接收到的协议报文转发至第一目 的地址, 比如, 接入网中接入控制器的地址; 根据存储单元 43中存储的数据 转发表将报文接收识别单元 41接收到的数据报文转发至第二目的地址;  The message sending unit 42 forwards the protocol message received by the message receiving and identifying unit 41 to the first destination address, for example, the address of the access controller in the access network; according to the data forwarding table stored in the storage unit 43 The data packet received by the text receiving and identifying unit 41 is forwarded to the second destination address;
存储单元 43用于存储数据转发表;  The storage unit 43 is configured to store a data forwarding table;
格式转换单元 44 用于根据目的网络的承载方式将报文接收识别单元 41 发送的报文进行格式转换后再发送到报文发送单元 42。  The format conversion unit 44 is configured to format the message sent by the message receiving and identifying unit 41 according to the bearer mode of the destination network, and then send the message to the message sending unit 42.
转发数据报文所依据的数据转发表中的参数可以包括: PPP会话标识、接 入用户标识、 转发路径标识。 根据需要, 本接入节点设备也可以获取其他所需 要的 PPP信令信息来作为数据转发表中的参数。  The parameters in the data forwarding table according to the forwarding data packet may include: a PPP session identifier, an access user identifier, and a forwarding path identifier. The access node device can also obtain other required PPP signaling information as parameters in the data forwarding table.
在上述各实施例中, 通过接入节点设备对来自用户侧的 PPPoX接入报文 进行判断, 分离出数据报文与协议报文, 并将数据报文进行转发, 而由接入控 制器根据协议报文进行接入控制与管理, 从而完成了 PPP接入控制与承载的 分离, 使得 PPP接入控制技术的革新与承载网络的演进互不影响, 利于网络 的扩展与升级, 同时也节约了网络运营成本。 In the foregoing embodiments, the access node device determines the PPPoX access packet from the user side, separates the data packet and the protocol packet, and forwards the data packet, and the access control The device performs access control and management according to the protocol packet, thereby completing the separation of PPP access control and bearer, so that the innovation of PPP access control technology and the evolution of the bearer network do not affect each other, which is beneficial to network expansion and upgrade. It also saves network operating costs.
同时, 由接入控制器负责对用户进行接入控制与管理, 而由接入节点设备 转发数据包, 网络负荷由二者分担, 从而提高了设备的利用效率, 避免了网络 的某一设备负担过重而影响整个网络的运行, 降低了对网络设备的性能要求。  At the same time, the access controller is responsible for access control and management of the user, and the access node device forwards the data packet, and the network load is shared by the two, thereby improving the utilization efficiency of the device and avoiding the burden of a certain device of the network. Excessive weight affects the operation of the entire network, reducing the performance requirements for network devices.
以上对本发明所提供的一种 PPP 接入方法、 ***及接入节点设备 通过实施例进行了详细介绍,以上实施例的说明只是用于帮助理解本发明的方 法及其思想; 同时, 对于本领域的一般技术人员, 依据本发明的思想, 在具体 实施方式及应用范围上均会有改变之处, 综上所述, 本说明书内容不应理解为 对本发明的限制。  The PPP access method, system, and access node device provided by the present invention are described in detail by using the embodiments. The foregoing description of the embodiments is only used to help understand the method and the idea of the present invention. The present invention is not limited by the scope of the present invention, and the details of the present invention are not limited by the scope of the present invention.

Claims

权 利 要 求 Rights request
1. 一种点对点协议接入方法, 其特征在于, 包括:  A point-to-point protocol access method, comprising:
接入节点设备接收来自用户的点对点协议接入报文,判断所述点对点协议 接入报文为协议报文还是数据报文;  The access node device receives the point-to-point protocol access message from the user, and determines whether the point-to-point protocol access message is a protocol message or a data message;
当所述点对点协议接入报文为协议报文时,将所述的协议报文发送至接入 控制器, 并由所述的接入控制器对用户进行接入管理;  When the point-to-point protocol access packet is a protocol packet, the protocol packet is sent to the access controller, and the access controller performs access management on the user;
当所述点对点协议接入报文为数据报文时,所述接入节点设备转发所述数 据报文。  When the point-to-point protocol access message is a data message, the access node device forwards the data message.
2. 如权利要求 1所述的点对点协议接入方法, 其特征在于, 所述的接入 控制器对用户进行接入管理包括:  The point-to-point protocol access method according to claim 1, wherein the access controller performs access management on the user, including:
如果所述接入控制器允许所述用户接入,则所述接入节点设备建立和维护 数据转发表。  The access node device establishes and maintains a data forwarding table if the access controller allows the user to access.
3. 如权利要求 2所述的点对点协议接入方法, 其特征在于, 所述接入节 点设备通过监控用户与接入控制器的点对点协议信令消息建立所述数据转发 表。  The point-to-point protocol access method according to claim 2, wherein the access node device establishes the data forwarding table by monitoring a point-to-point protocol signaling message between the user and the access controller.
4. 如权利要求 2所述的点对点协议接入方法, 其特征在于, 所述接入节 点设备通过附加的控制协议获取的用户接入信息建立所述数据转发表。  The point-to-point protocol access method according to claim 2, wherein the access node device establishes the data forwarding table by using user access information acquired by an additional control protocol.
5. 如权利要求 2至 4任一项所述的点对点协议接入方法, 其特征在于, 所述接入节点设备根据所述数据转发表转发所述数据报文。  The point-to-point protocol access method according to any one of claims 2 to 4, wherein the access node device forwards the data packet according to the data forwarding table.
6. 如权利要求 1至 4任一项所述的点对点协议接入方法, 其特征在于, 所述接入节点设备转发所述数据报文之前, 进一步包括:  The point-to-point protocol access method according to any one of claims 1 to 4, wherein before the accessing the data packet, the access node device further includes:
所述接入节点设备根据网络承载方式的不同,对所述数据报文进行格式转 换。  The access node device performs format conversion on the data packet according to different network bearer modes.
7. 如权利要求 1所述的点对点协议接入方法, 其特征在于, 所述点对点 协议接入包括异步传输模式网承载的点对点协议接入、 和 /或以太网承载的点 对点协议接入。  The point-to-point protocol access method according to claim 1, wherein the point-to-point protocol access comprises a point-to-point protocol access carried by an asynchronous transmission mode network, and/or a point-to-point protocol access of an Ethernet bearer.
8. 一种点对点协议接入***, 其特征在于, 包括接入节点设备、 接入控 制器, 其中:  A point-to-point protocol access system, comprising: an access node device, an access controller, wherein:
所述接入节点设备,用于接收来自用户的点对点协议接入报文,在所述点 对点协议接入报文为协议报文时,将其发送至所述接入控制器进行处理; 在所 述点对点协议接入报文为数据报文时, 转发所述数据报文; The access node device is configured to receive a point-to-point protocol access message from a user, where the point is When the point protocol access packet is a protocol packet, the packet is sent to the access controller for processing; when the peer-to-peer protocol access packet is a data packet, the data packet is forwarded;
所述接入控制器, 用于根据接收到的协议报文对用户进行接入管理。 The access controller is configured to perform access management on the user according to the received protocol packet.
9. 如权利要求 8所述的点对点协议接入***, 其特征在于, 所述接入节 点设备还用于在所述接入控制器允许所述用户接入时,创建并维护用于转发所 述数据报文所需的数据转发表。 The point-to-point protocol access system according to claim 8, wherein the access node device is further configured to create and maintain a forwarding device when the access controller allows the user to access the network. The data forwarding table required for the data message.
10. 如权利要求 8或 9所述的点对点协议接入***, 其特征在于, 所述接 入控制器为宽带远程接入服务器。  10. The point-to-point protocol access system according to claim 8 or 9, wherein the access controller is a broadband remote access server.
11. 一种接入节点设备, 其特征在于, 包括报文接收识别单元、 报文发送 单元、 存储单元, 其中:  An access node device, comprising: a message receiving and identifying unit, a message sending unit, and a storage unit, wherein:
报文接收识别单元,用于接收点对点协议报文并识别接收到的所述点对点 协议报文为协议报文还是数据报文;  a message receiving and identifying unit, configured to receive a point-to-point protocol message, and identify the received point-to-point protocol message as a protocol message or a data message;
报文发送单元,将报文接收识别单元接收到的协议报文转发至第一目的地 址,根据存储单元中存储的数据转发表将报文接收识别单元接收到的数据报文 转发至第二目的地址;  The message sending unit forwards the protocol message received by the message receiving and identifying unit to the first destination address, and forwards the data message received by the message receiving and identifying unit to the second purpose according to the data forwarding table stored in the storage unit. Address
存储单元, 用于存储数据转发表。  A storage unit, configured to store a data forwarding table.
12. 如权利要求 11所述的接入节点设备, 其特征在于, 还包括格式转换 单元,用于根据目的网络的承载方式对所述报文接收识别单元发送的报文进行 格式转换后再发送到所述报文发送单元。  The access node device according to claim 11, further comprising a format conversion unit, configured to perform format conversion on the packet sent by the packet receiving and identifying unit according to a bearer mode of the destination network, and then send the packet To the message sending unit.
PCT/CN2008/070352 2007-03-02 2008-02-25 A ppp access method, corresponding system and access node device WO2008106881A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200710085357 CN101257420A (en) 2007-03-02 2007-03-02 Point-to-point protocol accessing method, system as well as access node equipment
CN200710085357.4 2007-03-02

Publications (1)

Publication Number Publication Date
WO2008106881A1 true WO2008106881A1 (en) 2008-09-12

Family

ID=39737796

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/070352 WO2008106881A1 (en) 2007-03-02 2008-02-25 A ppp access method, corresponding system and access node device

Country Status (2)

Country Link
CN (1) CN101257420A (en)
WO (1) WO2008106881A1 (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102548022B (en) * 2011-12-27 2015-05-20 上海顶竹通讯技术有限公司 Network access device and network access method
CN104125191B (en) * 2013-04-23 2017-09-26 华为技术有限公司 Processing method, equipment and the system of point-to-point protocol based on Ethernet
CN109088809A (en) * 2014-12-05 2018-12-25 华为技术有限公司 Message processing method, network server and virtual private network system
CN104506451A (en) * 2014-12-24 2015-04-08 中国电子科技集团公司第五十四研究所 POS (packet over SONET (synchronous optical network)/SDH (synchronous digital hierarchy)) data link layer classification processing device based on FPGA (field programmable gate array)
CN106357483B (en) 2015-07-17 2021-06-01 华为技术有限公司 Message transmission method, access node, access controller and access system
WO2017012443A2 (en) * 2015-07-17 2017-01-26 华为技术有限公司 Message transmission method, access node, access controller and access system
CN107786613B (en) 2016-08-30 2020-05-12 新华三技术有限公司 Broadband remote access server BRAS forwarding implementation method and device
CN107948082A (en) * 2016-10-12 2018-04-20 中国电信股份有限公司 The processing method and system and agent apparatus of point-to-point protocol on Ethernet
CN108259298B (en) * 2017-05-31 2020-12-29 新华三技术有限公司 Message forwarding method and device
CN107547338B (en) * 2017-05-31 2020-12-29 新华三技术有限公司 Message forwarding method and device
CN108259633B (en) 2017-05-31 2020-05-12 新华三技术有限公司 Method, system and device for realizing management message three-layer communication
CN108259453B (en) 2017-05-31 2020-03-06 新华三技术有限公司 Message forwarding method and device
CN109672594B (en) * 2017-10-13 2021-12-03 中国电信股份有限公司 IPoE message processing method and device and broadband remote access server
CN109672593B (en) * 2017-10-13 2021-11-05 中国电信股份有限公司 PPPoE message processing method and device and broadband remote access server
CN111262770B (en) * 2018-12-03 2022-05-20 迈普通信技术股份有限公司 Communication method and communication system
CN111193323B (en) * 2020-01-06 2023-08-11 山东电工电气集团新能科技有限公司 Distribution network downlink equipment management device based on CAN bus
CN112260913B (en) * 2020-12-21 2021-04-02 广东省新一代通信与网络创新研究院 Access method and system for realizing distributed broadband

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1414760A (en) * 2002-02-10 2003-04-30 华为技术有限公司 Method of realizing quick inserting ethernet load point to point protocol using network processor
CN1474560A (en) * 2002-06-13 2004-02-11 Method and device for distributing transmission capacity of shared media in multiple point to point network
CN1571392A (en) * 2003-07-25 2005-01-26 华为技术有限公司 A method for implementing PPPoA to PPPoE conversion in network access equipment
US20070153801A1 (en) * 2005-12-12 2007-07-05 Samsung Electronics Co., Ltd. Method and apparatus for scheduling to guarantee QoS of VoIP service in portable Internet system
CN101094532A (en) * 2007-07-26 2007-12-26 中兴通讯股份有限公司 Data transmission method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1414760A (en) * 2002-02-10 2003-04-30 华为技术有限公司 Method of realizing quick inserting ethernet load point to point protocol using network processor
CN1474560A (en) * 2002-06-13 2004-02-11 Method and device for distributing transmission capacity of shared media in multiple point to point network
CN1571392A (en) * 2003-07-25 2005-01-26 华为技术有限公司 A method for implementing PPPoA to PPPoE conversion in network access equipment
US20070153801A1 (en) * 2005-12-12 2007-07-05 Samsung Electronics Co., Ltd. Method and apparatus for scheduling to guarantee QoS of VoIP service in portable Internet system
CN101094532A (en) * 2007-07-26 2007-12-26 中兴通讯股份有限公司 Data transmission method and device

Also Published As

Publication number Publication date
CN101257420A (en) 2008-09-03

Similar Documents

Publication Publication Date Title
WO2008106881A1 (en) A ppp access method, corresponding system and access node device
JP4236398B2 (en) Communication method, communication system, and communication connection program
US6308213B1 (en) Virtual dial-up protocol for network communication
EP2207321B1 (en) An accessing method, system and equipment of layer-3 session
US8086749B2 (en) Techniques for migrating a point to point protocol to a protocol for an access network
US6754712B1 (en) Virtual dial-up protocol for network communication
WO2013170790A1 (en) Method and system for accessing virtual network
JP2007536851A (en) Session-based packet switching equipment
Valencia et al. Cisco Layer Two Forwarding (Protocol)" L2F"
WO2006114037A1 (en) A communication system with session border controller and a method for the transmission of the signaling
WO2007000120A1 (en) An authentication access system, method and server
WO2007033519A1 (en) A method for updating the access of virtual private dial-network dynamically
EP2525531B1 (en) Method and network access device for enabling data forwarding between different physical media
CN101212398A (en) Access system and method
JP3692083B2 (en) Communication device with dial-up function
WO2014153860A1 (en) Network access method, gateway and system
WO2008037212A1 (en) An access terminal and a method for the terminal binding to the operator
WO2009074072A1 (en) Method, network system and network equipment of dynamic strategy conversion
WO2008028383A1 (en) Method for identifying the layer 3 protocol in l2vpn heterogeneous medium interconnection and the apparatus and system thereof
JP4166609B2 (en) Communication device
WO2007107076A1 (en) A broadband user access method and device
WO2006081776A1 (en) A communication method and device of local different link protocol
EP2073432B1 (en) Method for binding an access terminal to an operator and corresponding access terminal
WO2016082454A1 (en) Renegotiation processing method and device
WO2009086776A1 (en) Method, system and equipment for accessing visual private network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08715089

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08715089

Country of ref document: EP

Kind code of ref document: A1