WO2016008320A1 - 获取终端在网络中的标识的方法、管理网元及存储介质 - Google Patents
获取终端在网络中的标识的方法、管理网元及存储介质 Download PDFInfo
- Publication number
- WO2016008320A1 WO2016008320A1 PCT/CN2015/076769 CN2015076769W WO2016008320A1 WO 2016008320 A1 WO2016008320 A1 WO 2016008320A1 CN 2015076769 W CN2015076769 W CN 2015076769W WO 2016008320 A1 WO2016008320 A1 WO 2016008320A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- address
- network
- node
- identifier
- current terminal
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000013507 mapping Methods 0.000 claims description 118
- 230000004044 response Effects 0.000 claims description 25
- 230000001360 synchronised effect Effects 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 20
- 238000012545 processing Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000011664 signaling Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000011330 nucleic acid test Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4535—Network directories; Name-to-address mapping using an address exchange platform which sets up a session between two nodes, e.g. rendezvous servers, session initiation protocols [SIP] registrars or H.323 gatekeepers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4547—Network directories; Name-to-address mapping for personal communications, i.e. using a personal identifier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5046—Resolving address allocation conflicts; Testing of addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0019—Control or signalling for completing the hand-off for data sessions of end-to-end connection adapted for mobile IP [MIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/26—Network addressing or numbering for mobility support
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/654—International mobile subscriber identity [IMSI] numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/02—Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
- H04W8/08—Mobility data transfer
Definitions
- the invention relates to a technology for allocating a terminal identifier, and particularly to a method for acquiring an identifier of a terminal in a network, a management network element and a computer storage medium.
- the terminal can be divided into two types, one is a fixed-position terminal, such as a home terminal, and the other is a mobile terminal, such as a mobile phone, a personal digital assistant PAD, and the like, which is easy to carry.
- a fixed-position terminal such as a home terminal
- a mobile terminal such as a mobile phone, a personal digital assistant PAD, and the like
- IP Internet Protocol
- the IP address has a dual identity, indicating both the identity of the home terminal and the network topology location of the home terminal. That is to say, for a terminal with a fixed location, its IP address applied to the Internet can identify the dual identity of the terminal.
- mobile terminal A moving from the jurisdiction of one access gateway to the jurisdiction of another access gateway, that is, moving from one network topology location to another, requires A corresponding IP address can be obtained in different jurisdictions in order to successfully access the network.
- the operator changed the IP address allocation method for mobile users. Further, the original user IP address was directly assigned to the mobile user, and the private network IP address was assigned to the mobile user first.
- the private network IP address is converted into a public IP address through a pre-deployed carrier-grade Network Address Translation (NAT) device to save IP address resources.
- NAT Network Address Translation
- the mobile user is usually in a mobile state and may access the network through different access devices or different carrier-level NATs, resulting in the mobile terminal being allocated when it accesses the Internet.
- the private IP address and the converted public IP address are different, which brings the following problems to operators and service providers:
- each mobile terminal in the network accesses the network by using a different IP address, so that the discovery of the illegal operation terminal cannot be performed, and the source of the terminal cannot be traced, thereby failing to ensure network security;
- the network access address of the same mobile terminal keeps changing, it is impossible to perform effective tracking and service access analysis on the mobile terminal, and thus it is impossible to provide a better service for the mobile terminal.
- the embodiments of the present invention provide a method for acquiring an identifier of a terminal in a network, a management network element, and a computer storage medium, which can identify a fixed identity of the mobile user in the network, thereby satisfying the operation.
- An embodiment of the present invention provides a method for obtaining an identifier of a terminal in a network, where the method includes:
- the network identifier is a fixed public network internet protocol IP address or a public network IP address and a port number segment allocated for the current terminal.
- the assigning a corresponding network identifier to the current terminal according to the current terminal device identifier including: in the pre-configured first mapping table, searching whether there is a public network IP corresponding to the current terminal device identifier. Address, or public network IP address and port number segment;
- the public network IP address or the public network IP address and the port number segment are allocated to the current terminal; when not found, the free public IP address or the free public IP address and Idle port number segment, or non-idle public IP address and free port number segment A fixed network identifier of the current terminal is allocated to the current terminal; wherein the first mapping table records a correspondence between the terminal device identifier and the network identifier.
- the method further includes:
- the address and the identifier information of the node to which the current terminal belongs are added to the first mapping table by the private network IP address and the node identifier information.
- the method further includes:
- the new private device allocated by the new access device to the current terminal Obtaining, by the network IP address, the node identifier information of the new node to which the current terminal belongs; updating the private network IP address of the current terminal in the first mapping table as the new private network IP address, and updating the first mapping
- the node identification information of the current terminal in the table is the new node identification information.
- the method further includes:
- the traceability address lookup request carries the IP address to be traced.
- the private network IP address of the terminal corresponding to the source IP address to be traced is searched.
- the address, or the private network IP address and the node identifier, the private network IP address, or the private network IP address and the node identifier information are sent as the response message of the traceability address search request;
- the trace source address lookup request carries the IP address to be traced, and in the first mapping table, the terminal device identifier corresponding to the source IP address to be traced is searched; In the information, the terminal user account corresponding to the terminal device identifier is further searched, and the terminal user account information is sent as a response message of the traceability address search request, where the source IP address to be traced is a public network IP address. Address, or public IP address and port number.
- the method further includes: the management network element sends the network identifier allocated to the current terminal to the node to which the current terminal belongs, so that the node forms a second mapping table, and the second mapping table records Corresponding relationship between the current terminal device identifier, the network identifier, and the private network IP address;
- the transmitting, by the current terminal, the data in the network by using the allocated network identifier includes: acquiring, by the node, the private network IP of the current terminal when acquiring the first data from the current terminal An address, in the second mapping table, searching for a network identifier corresponding to the private network IP address;
- the node When the node does not know the identification information of the node for receiving the first data, sending a query request to the management network element, where the management network element receives the query request, and searches in the first mapping table. a node identifier to which the terminal corresponding to the destination address of the first data belongs, transmitting the found node identifier; the node receiving the node identifier found by the management network element, and determining that the node having the node identifier is used for a node that receives the first data;
- the node transmits the first data to the determined node for receiving the first data by using a network identifier that is found by itself.
- the embodiment of the present invention further provides a management network element, where the management network element includes:
- a first acquiring unit configured to acquire a device identifier of a current terminal registered in the network, where the current terminal is a mobile user;
- the first allocation unit is configured to allocate a corresponding network identifier to the current terminal according to the current terminal device identifier, so that the current terminal uses the allocated network identifier to transmit data in the network;
- the network identifier is a fixed public network internet protocol IP address or a public network IP address and a port number segment allocated for the current terminal.
- the first allocating unit is further configured to:
- the pre-configured first mapping table it is found whether there is a public network IP address corresponding to the current terminal device identifier, or a public network IP address and a port number segment; when found, the public network IP address to be found, Or the public network IP address and port number segment are allocated to the current terminal; when not found, select an idle public network Internet Protocol IP address, or an idle public network IP address and an idle port number segment, or a non-idle public The network IP address and the idle port number segment are allocated to the current terminal as the fixed network identifier of the current terminal.
- the first mapping table records the correspondence between the terminal device identifier and the network identifier.
- the first acquiring unit is further configured to: obtain the identifier information of the node to which the current terminal belongs, add the node identifier information to the first mapping table, or obtain the current terminal
- the inbound access device is configured to add the private network IP address and the node identifier information to the first mapping table by using the private network IP address allocated by the current terminal and the identifier information of the node to which the current terminal belongs.
- the management network element further includes:
- a first deleting unit configured to delete, when the current terminal leaves the network, the node identifier information corresponding to the current terminal identifier in the first mapping table, or delete the private network IP address and the node identifier Information
- a first update unit configured to acquire the new access device as described when the current terminal is switched by the access device to a new access device and the two access devices belong to the same node Updating a private network IP address of the current terminal, and updating a private network IP address of the current terminal in the first mapping table to the new private network IP address;
- a second update unit configured to acquire the new access device as the current access device when the current terminal is switched to the new access device by the access device and the two access devices are not affiliated with the same node
- the new private network IP address assigned by the current terminal is obtained, and the node identification information of the new node to which the current terminal belongs is obtained, and the private network IP address of the current terminal in the first mapping table is updated to be the new private network IP address.
- the management network element further includes:
- the first receiving unit is configured to receive a traceability address lookup request, where the traceability address lookup request carries a source IP address to be traced;
- a first search unit configured to search for a private network IP address of the terminal corresponding to the source IP address to be traced, or the private network IP address and node identifier;
- the first sending unit is configured to send the private network IP address, or the private network IP address and the node identifier information as a response message of the traceability address search request;
- the first receiving unit is configured to receive a traceability address lookup request, where the traceable source address lookup request carries a source IP address to be traced;
- the first searching unit is configured to search for a terminal device identifier corresponding to the source IP address to be traced in the first mapping table, and further search for the terminal device identifier corresponding to the terminal device identifier in the pre-synchronized terminal authentication information. End user account;
- the first sending unit is configured to send the terminal user account information as a response message of the traceability address search request, where the source IP address to be traced is a public network IP address or a public network IP address and port. number.
- the management network element further includes:
- a second receiving unit configured to receive a query request, where the query request is sent by the node when the node is unable to learn the node identifier information used by the current terminal to receive the first data when transmitting the first data;
- a second searching unit configured to: in the first mapping table, find a node identifier to which the terminal corresponding to the destination address of the first data belongs;
- the second sending unit is configured to send the node identifier information.
- the embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the foregoing method for acquiring an identifier of a terminal in a network.
- the method for acquiring the identifier of the terminal in the network, the management network element, and the computer storage medium provided by the embodiment of the present invention includes: acquiring a device identifier of a current terminal registered in the network; and according to the current terminal device identifier, The current terminal assigns a corresponding network identity such that the current terminal transmits data in the network using the assigned network identity.
- the network identifier is a fixed public network IP address or a public network IP address and a port number segment allocated to the current terminal, and can identify a fixed identity of the mobile user in the network, thereby satisfying the operator's traceability and security. Other requirements.
- FIG. 1 is a schematic flowchart of a method for acquiring an identifier of a terminal in a network according to an embodiment of the present disclosure
- FIG. 2 is a schematic diagram of a first application scenario according to an embodiment of the present disclosure
- FIG. 3 is a schematic diagram of a specific embodiment of a method for obtaining an identifier of a terminal in a network according to the present invention
- FIG. 4 is a schematic diagram of an implementation of a management network element according to an embodiment of the present invention when a terminal leaves a network;
- FIG. 5 is a schematic diagram of the implementation of the management network element according to the embodiment of the present invention when the access device of the terminal is switched;
- FIG. 6 is a schematic diagram of a second application scenario according to an embodiment of the present disclosure.
- FIG. 7 is a schematic diagram of a terminal transmitting a data packet in a network by using the allocated network identifier according to an embodiment of the present disclosure
- FIG. 8 is a schematic diagram of a first embodiment of implementing traceability according to the present invention.
- FIG. 9 is a schematic diagram of a second embodiment of implementing traceability according to the present invention.
- FIG. 10 is a schematic structural diagram of a management network element according to an embodiment of the present invention.
- the technical solution of the embodiment of the present invention is applied to a mobile user terminal, and is specifically applied to a situation in which an operator has a private network IP address assigned to the terminal (mobile user).
- the terminal accesses the Internet
- the device identifier of the terminal is obtained.
- the public network IP address assigned to the terminal as the terminal moves in the prior art is often Compared with the change, the terminal has a relatively fixed identity in the interconnection, which is more convenient for the operator to find the illegal terminal and realize the security control of the user, and meet the requirements of the operator in terms of traceability and security.
- FIG. 1 is a schematic flowchart of a method for obtaining an identifier of a terminal in a network according to an embodiment of the present invention. Methods include:
- Step 101 Obtain a device identifier of a current terminal registered in a network, where the current terminal is Mobile users;
- the network may be the Internet;
- the terminal includes a portable terminal such as a mobile phone or a personal digital assistant (PDA); preferably, when the terminal is a mobile phone, the device identifier of the terminal is The International Mobile Subscriber Identification Number (IMSI) of the mobile phone; when the terminal is a PAD, the device identifier of the terminal is a Media Access Control (MAC) address of the PAD.
- IMSI International Mobile Subscriber Identification Number
- MAC Media Access Control
- the management network element obtains the device identifier of the terminal in the network.
- 2 is a schematic diagram of a first application scenario according to an embodiment of the present invention; in FIG. 2, the communication device involved includes: the terminal, an access device accessed by the terminal, and the access device. a node to which the terminal belongs, a management network element that allocates a network identifier to the terminal, and a peer terminal that communicates with the terminal and a peer node to which the peer terminal belongs.
- the terminal accesses the network through the access device, and the access device acquires the device identifier of the terminal, such as the mobile phone IMSI information; the access device sends the acquired device identifier of the mobile terminal to the management.
- the network element, the management network element obtains the device identifier of the mobile terminal by receiving the device identifier.
- Step 102 Allocating a corresponding network identifier to the current terminal according to the current terminal device identifier, so that the current terminal transmits data in the network by using the allocated network identifier, where the network identifier is the current terminal A fixed public network Internet Protocol IP address, or a public network IP address and port number segment.
- the management network element uses the device identifier of the current terminal as an index to find whether there is a network identifier corresponding to the device identifier of the current terminal, and when found, assigns the found network identifier to the network identifier.
- a current terminal such that the current terminal transmits a data packet in the Internet by using the allocated network identifier; wherein the first mapping table records a device identifier of a terminal previously accessed in the network and a public network IP address thereof Corresponding relationship, or the first mapping table records the end of the previous access to the network
- Each item in the first mapping table may be an entry.
- the network identifier may be only a public network IP address, or a combination of a public network IP address and a port number segment.
- the current mobile terminal When not found, determine that the current mobile terminal is a newly registered terminal in the network, select an idle public network IP address, or an idle public network IP address and an idle port number segment, or a non-idle public IP address and The idle port number segment is used as the network identifier of the newly registered terminal, and is allocated to the newly registered terminal, so that the current terminal transmits the data packet in the Internet by using the assigned network identifier.
- the terminal identified by the different device is assigned a corresponding public network IP address, or a network identifier such as a public network IP address and a port number segment, and the identity of the terminal in the network is identified;
- the assigned network identifier is fixed and the device identifier of the terminal is also fixed, it is easy to find the terminal according to the fixed network identifier allocated for the terminal in the Internet, which satisfies the requirements of the operator in terms of traceability and security. .
- the management network element After the newly registered terminal is assigned to the network identifier, the management network element records the device identifier of the newly registered terminal and its network identifier in the first mapping table.
- management network element needs to comply with the following principles when configuring the corresponding network identifier for the terminal:
- the public network IP address and port number range configured for the mobile terminal must comply with the protocol of the Transmission Control Protocol (TCP)/IP protocol cluster;
- TCP Transmission Control Protocol
- IP protocol cluster IP protocol cluster
- the public network IP address is configured, different port number segments are configured for the at least two mobile terminals.
- the method further includes:
- the management network element obtains the identification information of the node to which the current terminal belongs, and adds the node identification information to the first mapping table; or obtains the private information allocated by the access device accessed by the current terminal to the current terminal. a network IP address and identification information of a node to which the current terminal belongs; and adding the node identification information and the private network IP address to the first mapping table.
- the method further includes:
- the management network element learns that the current terminal leaves the network, deleting the node identifier information corresponding to the current terminal identifier in the first mapping table, or deleting the private network IP address and node identifier information; For details, please refer to FIG. 4 and the description of FIG. 4 .
- the new access device When the management network element learns that the current terminal is handed over to the new access device by the access device and the two access devices belong to the same node, the new access device is allocated to the current terminal.
- the new private network IP address is used to update the private network IP address of the current terminal in the first mapping table to be the new private network IP address. For details, refer to FIG. 5 and the description of FIG. 5 .
- the node identifier information of the current terminal in the table is the new node identifier information.
- the method further includes:
- the traceability address lookup request carries the IP to be traced.
- the management network element searches for a private network IP address of the terminal corresponding to the source IP address to be traced, or the private network IP address and node identifier, and the private network IP address, or The private network IP address and the node identification information are sent as the response message of the traceability address search request, where the source IP address to be traced is a public network IP address, or a public network IP address and a port number; See the subsequent Figure 8 and the description of Figure 8.
- the source network address search request carries the to-be-tracked IP address
- the management network element searches for the source IP address to be traced in the first mapping table, when the source network address search request is received by the management network element.
- the source IP address to be traced is a public network IP address or a public network IP address and a port number. For details, refer to FIG. 9 and FIG. 9 .
- the management network element After the management network element allocates the network identifier to the current terminal, the management network element sends the network identifier assigned to the current terminal to the node to which the current terminal belongs, so that the node forms a second mapping table, and the second mapping
- the table records the correspondence between the current terminal device identifier, the network identifier, and the private network IP address of the current terminal; correspondingly, the current terminal uses the allocated network identifier to transmit data in the network, including Obtaining a private network IP address of the current terminal when the node obtains the first data from the current terminal, and searching for a network identifier corresponding to the private network IP address in the second mapping table; Determining, by the node, the identifier information of the node for receiving the first data, determining, by the node, the identifier information of the node for receiving the first data; And sending a query request to the management network element, where the management network element receives the query request, and in the first mapping table, searches for a destination address corresponding
- the found network identifier transmits the first data to the node for receiving the first data through a data tunnel; here, please refer to the following FIG. 6 and FIG. 7 and the descriptions of FIGS. 6 and 7.
- FIG. 3 is a schematic flowchart of a specific embodiment of a method for obtaining an identifier of a terminal in a network according to the present invention; as shown in FIG. 3, the method includes:
- Step 301 The mobile phone initiates an access request to the access device.
- Step 302 The access device initiates an authentication request to the authentication server.
- Step 303 The authentication server authenticates the mobile phone, and the corresponding authority is granted to the mobile phone after the authentication is passed; the authentication server returns a response message of the authentication request to notify the access device that the mobile phone has successfully passed the authentication.
- Step 304 The access device allocates a private network IP address to the mobile terminal.
- Step 305 The access device extracts the IMSI information of the mobile phone, and sends the IMSI information and the private network IP address allocated to the user as terminal information to the node.
- the terminal information such as the mobile phone IMSI and the private network IP address can be sent in a customized message format through a carrier-defined signaling interface; or a Remote Authentication Dial In User Service (RADIUS) can also be used.
- the charging message is sent in the form of a RADIUS accounting message.
- the signaling interface needs to meet the requirements of the RADIUS standard protocol.
- Step 306 After receiving the terminal information such as the mobile phone IMSI and the private network IP address sent by the access device, the node sends an address request message to the management network element.
- the address request message carries terminal information such as a mobile phone IMSI and a private network IP address.
- Step 307 After receiving the address request message, the management network element uses the IMSI information of the mobile phone as an index, and searches for the network identifier corresponding to the IMSI information of the mobile phone in the configured first mapping table, and searches for the network identifier corresponding to the IMSI information of the mobile phone.
- the network identifier to be assigned to the mobile phone; preferably, when checking When found, the private network IP address, the node identifier, and the like may be added to the first mapping table.
- the mobile phone When it is not found, it is determined that the mobile phone is a newly registered mobile phone in the network, and selects a public IP address that is currently in an idle state, or an idle public network IP address and an idle port number segment, or a non-idle public IP address.
- the address and the idle port number segment are allocated to the mobile phone as the network identifier of the mobile phone, and the mobile phone IMSI, the network identifier, the node identifier, and the private network IP address are added as a correspondence to the first mapping. In the table.
- the first mapping table may be specifically a static mapping table and configured by a static mapping method.
- the first mapping table shown in Table 1 is only a preferred embodiment of the first mapping table of the present invention and does not cover all of the first mapping tables of the present invention.
- the first mapping table in the embodiment of the present invention may further include three entries: a terminal device identifier, a network identifier, and a node identifier.
- Step 308 the management network element returns an address response message to the node.
- the address response message carries a network identifier such as a public network IP address assigned by the management network element to the mobile phone, or a public network IP address and a port number segment.
- Step 309 The node receives the network identifier of the mobile phone sent by the management network element, and records information such as the IMSI information, the private network IP address, and the network identifier of the mobile phone in the second mapping table.
- Step 310 The node returns an acknowledgement message ACK to the access device to notify the access device management network element that the network identifier has been allocated to the mobile phone.
- the management network element when the management network element interacts with the node, the information exchanged is transmitted through the operator-defined signaling interface.
- the terminal identified by the different device is assigned a corresponding public network IP address, or a network identifier such as a public network IP address and a port number segment, and the identity of the terminal in the network is identified;
- the assigned network identifier is fixed, the device identifier of the terminal It is also fixed, so it is easy to find the terminal according to the fixed network identifier assigned to the terminal in the Internet, which satisfies the requirements of the operator in terms of traceability and security.
- FIG. 4 is a schematic diagram of the implementation of the management network element according to the embodiment of the present invention when the terminal leaves the network; the application scenario shown in FIG. 4 is: after the management network element allocates the corresponding network identifier to the terminal, the terminal will leave the network.
- Step 401 The access device determines, when the mobile phone leaves the network, sends the indication information that the mobile phone will leave to the node.
- the location switching of the mobile phone offline and/or the mobile phone can be regarded as the mobile phone leaving the network;
- the indication information carries terminal information such as the mobile phone IMSI and the private network IP address to be left.
- Step 402 The node receives the indication information of the access device, and starts its own timer.
- the online message of the mobile phone is not received within the time limit of the timer, it is determined that the mobile phone leaves the network; after the timer time expires, the private network IP address of the mobile phone in the second mapping table is deleted. Address this entry.
- Step 403 The node sends a notification packet to the management network element to notify the management network element that the terminal has left the network.
- the notification message carries an IMSI and a private network IP address of a mobile phone leaving the network.
- Step 404 After receiving the notification message, the management network element searches for an entry corresponding to the IMSI information of the mobile phone in the first mapping table, deletes the node identification information of the mobile phone, and deletes the private network IP of the mobile phone. address.
- Step 405 The management network element sends an ACK message to the node to notify the node that the first mapping table has deleted the corresponding entry of the mobile phone.
- Step 406 The node sends an ACK message for the indication information to the access device to notify the access device that the mobile phone has indeed left the network.
- the management network element learns that the terminal is leaving, the entry of the private network IP address and the node identification information of the terminal in the first mapping table needs to be deleted, but the terminal is still allocated for the terminal.
- the public network IP address, or the public network IP address and port number segment, and the reserved content is used as the fixed identity of the terminal in the network, which facilitates subsequent access of the terminal, and facilitates the operator to implement traceability and network. Security provides a strong basis.
- the information exchanged is transmitted through the operator-defined signaling interface.
- FIG. 5 is a schematic diagram of the implementation of the management network element according to the embodiment of the present invention when the access device of the terminal is switched.
- the application scenario shown in FIG. 5 is as follows: after the management network element allocates the corresponding network identifier to the terminal, the terminal needs to be switched by the access device 1 to the access device 2 and the two access devices belong to the same node.
- Step 501 The mobile phone accesses the network through the access device 1, and when the access device 1 determines that the mobile phone leaves the network, sends the indication information that the mobile phone will leave to the node;
- the indication information carries the mobile phone IMSI to be removed, and the private network IP address allocated by the access device 1 for the mobile phone.
- Step 502 The node receives the indication information of the access device 1, starts its own timer, and waits for the access information of the mobile phone.
- Step 503 After the mobile phone is switched by the access device 1 to the access device 2, and after the authentication of the authentication server is passed, the access device 2 allocates a new private network IP address to the mobile phone.
- the IMSI of the mobile phone, the new private network IP address, and the like are sent as terminal information to the node to which the access device 2 belongs;
- the access device 1 and the access device 2 belong to the same node.
- Step 504 Before the timer expires, the node receives the device identification information of the mobile phone sent by the access device 2, determines that the mobile phone is back online, turns off its own timer, and stops the timer function; In the mapping table, the private network IP address allocated by the access device 1 for the mobile phone is updated to the new private network IP address allocated by the access device 2 for the mobile phone.
- Step 505 The node reports the new private network IP address information of the mobile phone to the management network element.
- Step 506 After receiving the information, the management network element updates the first mapping table, and the private network IP address of the mobile phone is the new private network IP address.
- Step 507 The management network element sends an ACK message to the node to notify the management node that the private network IP address of the mobile phone has been updated to be a new private network IP address.
- Step 508 The node sends an ACK message to the access device 2 to notify the access device 2 that the mobile phone has successfully accessed the network.
- Step 509 The node sends an ACK message to the access device 1 to notify the mobile phone that the mobile phone has left the access device 2 and leaves the access device 1.
- steps 506 and 507 are omitted, and steps 508 and 509 are directly executed.
- the foregoing solution belongs to the case where the terminal is switched by the access device 1 to the access device 2 and the two access devices belong to the same node, that is, the terminal does not cross-node handover.
- the terminal When the terminal cross-node handover occurs, the terminal is connected.
- the management network element obtains a new private network IP address assigned by the new access device to the mobile phone, and obtains a node of the new node to which the mobile phone belongs. And identifying the private network IP address of the mobile phone in the first mapping table as the new private network IP address, and updating the node identification information of the mobile phone in the first mapping table as the new node identification information.
- the processing flow of the terminal cross-node switching can be roughly divided into two parts.
- the first part is that the mobile phone is offline at the node 1, and the second part is re-online at the node 2; wherein, the process of the mobile phone in the node 1 offline Similar to the foregoing description of FIG. 5; the process of re-online at node 2 is similar to that described above with respect to FIG. 3 and will not be described again herein.
- the management network element when the management network element learns that there is an access device handover of the terminal, the management network element needs to update the corresponding entry in the first mapping table of the terminal in time, but still retains the public network IP allocated to the terminal.
- the address, or the public network IP address and the port number segment, and the reserved content is used as the fixed identity of the terminal in the network, which facilitates the subsequent access of the terminal and provides a basis for the operator to implement traceability and network security.
- FIG. 6 is a schematic diagram of a second application scenario according to an embodiment of the present invention.
- the node to which the terminal 1 belongs is the node 1, and the node to which the terminal 2 belongs, that is, the peer node is the node 2 as an example.
- FIG. 7 is a schematic diagram of a terminal transmitting a data packet in a network by using the allocated network identifier according to an embodiment of the present invention. The case of transmitting a data packet by using a network identifier will be further described with reference to FIGS. 6 and 7.
- Step 701 the terminal 1 sends a data packet 1 to the node 1 to which the terminal 1 belongs, to send the data packet 1 to the terminal 2 through the node 1;
- the data packet 1 carries the source address, the source port number, the destination address, and the destination port number of the data packet 1.
- the normal source address is a private network IP address
- the destination address is a public network IP address.
- the private network IP address of the terminal 1 is the source address of the packet 1 is 10.1.1.2
- the source port number is 3248.
- Step 702 After receiving the data packet 1 sent by the terminal 1, the node 1 searches for a network identifier corresponding to the private network IP address of the terminal 1 in the second mapping table.
- the node 1 searches for the public network IP address corresponding to the private network IP address 10.1.1.2 of the terminal 1 as 123.1.1.2, and the port number segment is [1024, 2047];
- the IP address of packet 1 is converted from source address 10.1.1.2 and source port number 3248 to a public network IP address of 123.1.1.2 and a port number of 2035.
- the node records the conversion relationship.
- Step 703 the node 1 encapsulates the data packet, and then uses the found public network IP address to transmit the data packet 1 to the node 2 through the data tunnel;
- node 1 transmits packet 1 to node 2 using the public network IP address 123.1.1.2.
- Step 704 the node 2 receives the data packet 1 through the data tunnel, and decapsulates the data packet 1.
- the node 2 searches for the private network IP address and port number of the terminal corresponding to the destination address and the destination port number of the data packet 1, and determines that the private The terminal with the network IP address and port number is the terminal 2, and sends the data packet 1 to the terminal 2;
- step 705 the terminal 2 receives the data packet 1 from the terminal 1, and transmits a response data packet of the data packet 1, such as the data packet 2 to the node 2, to return the data packet 2 to the terminal 1 through the node 2.
- Step 706, node 2 receives the data packet 2
- the receiver (terminal 1) of the data packet 2 is a private network user
- the public network IP address corresponding to the private network IP address of the terminal 2 or the public network IP address and the port number are searched for.
- the data packet 2 is encapsulated and sent to the public network user; the process ends.
- the packet 2 is the response packet of the packet 1, that is, the node 2 is aware of the node 1, and when the node 2 transmits the packet 1 of the terminal 1 and does not know the node identifier to which the terminal 1 belongs, the node 2 needs Sending a query request to the management network element, the management network element searches for the node identifier of the terminal corresponding to the destination address by using the destination address (or destination address, port number) of the data packet 3, and determines that the node identifier belongs to the node identifier.
- the node is a receiving node of the data packet 3; wherein the data packet 3 carries the active address and the destination address; and the source address of the data packet 3 is the private network IP address of the terminal 2.
- Step 707 encapsulating the data packet 2, and transmitting the data packet 2 to the node 1 through the data tunnel by using the found public network IP address.
- Step 708 the node 1 receives the data packet 2 through the data tunnel, and decapsulates the data packet 2; in the second mapping table, searches for the private network IP address and port of the terminal corresponding to the destination address and the port number of the data packet 2 Number, and determine that the terminal with the private network IP address and port number is a data packet.
- step 709 the node 1 sends the data packet 2 to the terminal 1.
- the terminal 1 is the sender of the data packet 1 and the terminal 2 is the receiver.
- the terminal 2 is the sender of the data packet 2, and the terminal 1 is the receiver;
- the sender whoever acts as the receiver can convert the private network IP address to the public network IP address and/or the public network IP address to the private network IP address according to the second mapping table of the node to which it belongs.
- the sender may use the second mapping table of the node to which the sender belongs to search for the public network IP address corresponding to the private network IP of the sender terminal.
- the public network IP address is used to transmit the data packet in the Internet; and the receiving party uses the second mapping table of the node to which the receiving terminal belongs to find the destination node of the data packet (the public network IP address of the receiving terminal)
- the private network IP address of the corresponding terminal, and the terminal with the private network IP address is the receiver terminal, which facilitates the transmission of the data packet and also identifies the identity of the terminal.
- FIG. 8 is a schematic diagram of a first embodiment for implementing traceability according to the present invention; as shown in FIG. 8, how the scheme can facilitate the carrier to better understand the traceability.
- the communication device involved in FIG. 8 includes a security supervision system, an Internet Content Provider (ICP), a traceability processor, and the like in addition to the management network element and the authentication server.
- ICP Internet Content Provider
- traceability processor and the like in addition to the management network element and the authentication server.
- Step 801 The security supervision system detects that an event affecting the network security occurs, that is, when there is an illegal operation of the terminal in the network, the ICP sends a request for obtaining the source IP address to be traced.
- step 802 the ICP returns the source IP address of the illegal operation as a response message of the request to the security supervision system.
- the IP address to be traced obtained by the ICP is the public IP address or the public IP address and port number.
- Step 803 The security supervision system sends a traceability request to the traceability processor to obtain an end user account of the source IP address to be traced.
- the traceability request carries a source IP address to be traced.
- Step 804 After receiving the traceability request sent by the security supervision system, the traceability processor initiates a traceability address lookup request to the management network element.
- the traceability address lookup request carries a source IP address to be traced.
- Step 805 The management network element searches for a private network IP address and a node identifier of the terminal corresponding to the source IP address to be traced in the first mapping table.
- the first mapping table records information such as the device identifier, the private network IP address, the network identifier, and the node identifier of the terminal; wherein, the private network IP address of one terminal corresponds to a unique network identifier (public network IP address, port number segment)
- the management network element in the first mapping table can also find the private network IP address of the terminal corresponding to the source IP address to be traced, and the node identifier to which the terminal belongs, according to the IP address and port number of the public network to be traced. .
- Step 806 The management network element returns the searched private network IP address and the node identifier as the response message of the traceability address lookup request to the traceability processor.
- Step 807 After receiving the response message, the traceability processor issues a traceback request to the authentication server.
- Step 808 The authentication server receives the traceability request, and finds a terminal user account used by the terminal having the private network IP address in the network according to the private network IP address and the terminal authentication information, and uses the terminal user account information as a location.
- the response message of the trace request is returned to the traceability processor.
- Step 809 The traceability processor returns the terminal user account information as a response message of the traceability request sent by the security supervision system to the traceability processor, and returns to the security supervision system.
- the management unit assigns a unique network identifier to each terminal, and records the device identifier, the network identifier, the private network IP address of the terminal, and the node identifier of the terminal.
- the information is stored in the first mapping table. Therefore, according to the record of the first mapping table, the terminal having the illegal operation can be quickly found according to the network identifier, so that the operator can trace the source of the illegal terminal; Compared with the method of finding the trace source of the log server, the solution can not only locate the illegal terminal in real time, but also meet the requirements of the service, and avoid the waste of storage resources caused by the need to deploy the log server and maintain the address translation log.
- FIG. 9 is a schematic diagram of a second embodiment for implementing traceability according to the present invention. As shown in FIG. 9, how the scheme can facilitate the carrier to better understand the traceability.
- Step 901 After the authentication server authenticates the terminal, the authentication server synchronizes the terminal authentication information to the management network element.
- the authentication information includes: an end user account, a password, a user category, and a right used by the terminal.
- Step 902 The security supervision system detects that an event affecting the network security occurs, that is, when there is an illegal operation of the terminal in the network, the ICP sends a request for obtaining the source IP address to be traced.
- step 903 the ICP returns the source IP address of the illegal operation as the response message of the request to the security supervision system.
- the IP address to be traced obtained by the ICP is the public IP address or the public IP address and port number.
- Step 904 The security supervision system sends a traceability request to the traceability processor to obtain an end user account of the source IP address to be traced.
- the traceability request carries a source IP address to be traced.
- Step 905 After receiving the traceability request sent by the security supervision system, the traceability processor initiates a traceability address lookup request to the management network element.
- the traceability address lookup request carries a source IP address to be traced.
- the management network element searches for the device identifier of the terminal corresponding to the source IP address to be traced in the first mapping table. According to the device identifier, in the pre-synchronized terminal authentication information, Find the end user account used by the terminal with the device ID.
- Step 907 The management network element returns the searched private network IP address and the node identifier as the response message of the traceability address lookup request to the traceability processor.
- Step 908 The traceability processor returns the terminal user account information as a response message of the traceability request sent by the security supervision system to the traceability processor, and returns to the security supervision system.
- the authentication server synchronizes the terminal authentication information including the terminal user account to the management network element.
- the management network element can find the corresponding device identifier through the source IP address to be traced, and then use the device identifier to search. Go to the end user account to be traced.
- fast traceability positioning can be realized, which saves the search time and meets the requirements of the operator in terms of traceability and security.
- the embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the foregoing method for acquiring an identifier of a terminal in a network.
- FIG. 10 is a schematic diagram of a composition of a management network element according to an embodiment of the present invention; as shown in FIG. 10, the network element includes: a first obtaining unit 101, and a first allocation. Unit 102; wherein
- the first acquiring unit 101 is configured to acquire a device identifier of a current terminal that is registered in the network, where the current terminal is a mobile user;
- the first allocating unit 102 is configured to allocate a corresponding network identifier to the current terminal according to the current terminal device identifier, so that the current terminal transmits data in the network by using the allocated network identifier; wherein the network
- the identifier is a fixed public network internet protocol IP address assigned to the current terminal, or a public network IP address and a port number segment.
- the first allocating unit 102 is further configured to: in the pre-configured first mapping table, find whether there is a public network IP address corresponding to the current terminal device identifier, or a public network IP address and port. Number segment; when found, the public IP address that will be found, or the IP address of the public network The address and port number segments are assigned to the current terminal; when not found, the idle public network internet protocol IP address, or the idle public network IP address and the idle port number segment, or the non-idle public network IP address and The idle port number segment is allocated to the current terminal as the network identifier of the current terminal.
- the first mapping table records the correspondence between the terminal device identifier and the network identifier.
- the first obtaining unit 101 is further configured to: obtain the identifier information of the node to which the current terminal belongs, and add the node identifier information to the first mapping table; or
- the network element further includes:
- the first deleting unit 103 is configured to delete, when the current terminal leaves the network, the node identifier information corresponding to the current terminal identifier in the first mapping table, or delete the private network IP address and the node. Identification information;
- the first update unit 104 is configured to acquire the new access device as the current access device when it is learned that the current terminal is switched to the new access device by the access device and the two access devices belong to the same node.
- the new private network IP address allocated by the current terminal is updated, and the private network IP address of the current terminal in the first mapping table is updated to be the new private network IP address;
- the second update unit 105 is configured to acquire, when the current terminal is switched by the access device to a new access device, and the two access devices are not affiliated with the same node, acquiring the new access device as The new private network IP address allocated by the current terminal acquires the node identification information of the new node to which the current terminal belongs; and updates the private network IP address of the current terminal in the first mapping table to the new private network IP address. And updating the node identifier information of the current terminal in the first mapping table to the new node identifier information.
- the network element further includes:
- the first receiving unit 106 is configured to receive a traceability address lookup request, where the traceable source address lookup request carries a source IP address to be traced;
- the first searching unit 107 is configured to search for a private network IP address of the terminal corresponding to the source IP address to be traced, or the private network IP address and node identifier;
- the first sending unit 108 is configured to send the private network IP address, or the private network IP address and node identifier information as a response message of the trace source address search request, and send the message;
- the first receiving unit 106 is configured to receive a traceability address lookup request, where the traceable source address lookup request carries a source IP address to be traced;
- the first searching unit 107 is configured to: in the first mapping table, search for a terminal device identifier corresponding to the source IP address to be traced, and search for the terminal device identifier in the pre-synchronized terminal authentication information. Corresponding end user account;
- the first sending unit 108 is configured to send the terminal user account information as a response message of the trace source address lookup request, where the source IP address to be traced is a public network IP address or a public network IP address and The port number.
- the network element further includes:
- the second receiving unit 109 is configured to receive a query request, where the query request is sent by the node when the node cannot learn the node identifier information of the first data when the current terminal transmits the first data;
- the second searching unit 110 is configured to: in the first mapping table, search for a node identifier to which the terminal corresponding to the destination address of the first data belongs;
- the second sending unit 111 is configured to send the node identification information to the node.
- the implementation functions of the processing units in the management network element shown in FIG. 10 can be understood by referring to the foregoing description of the method for obtaining the identifier of the terminal in the network. It should be understood by those skilled in the art that the functions of the processing units in the management network element shown in FIG. 10 can be implemented by a program running on a processor, or can be implemented by a specific logic circuit.
- the first obtaining unit 101, the first allocating unit 102, the first deleting unit 103, the first updating unit 104, the second updating unit 105, the first receiving unit 106, the first searching unit 107, and the first A transmitting unit 108, a second receiving unit 109, a second searching unit 110, and a second transmitting unit 111 may each be configured by a central processing unit CPU, or a digital signal processing DSP, or a microprocessor MPU, or a field programmable gate array FPGA.
- embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
- the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
- the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
- These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. Instructions are provided for implementation The steps of a function specified in a block or blocks of a flow or a flow and/or a block diagram of a flow chart.
- the device identifier of the current terminal that is registered in the network is obtained, and the current terminal is allocated a corresponding network identifier according to the current terminal device identifier, so that the current terminal uses the allocated network identifier in the network.
- the network identifier is a fixed public network IP address or a public network IP address and a port number segment allocated to the current terminal, and can identify a fixed identity of the mobile user in the network, thereby satisfying the operator's traceability and security. Other requirements.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
终端设备标识 | 网络标识 | 私网IP地址 | 节点标识 |
Claims (13)
- 一种获取终端在网络中的标识的方法,所述方法包括:获取注册于网络中的当前终端的设备标识,所述当前终端为移动用户;依据当前终端设备标识,为所述当前终端分配相应的网络标识,以使当前终端利用所分配的网络标识在所述网络中传输数据;其中,所述网络标识为为所述当前终端分配的固定的公网互联网协议IP地址、或公网IP地址和端口号段。
- 根据权利要求1所述的方法,其中,所述依据当前终端设备标识,为所述当前终端分配相应的网络标识,包括:在预先配置的第一映射表中,查找是否存在有与当前终端设备标识相对应的公网IP地址、或公网IP地址与端口号段;查找到时,将查找到的公网IP地址、或公网IP地址与端口号段分配给所述当前终端;查找不到时,选择空闲的公网IP地址,或者空闲的公网IP地址和空闲的端口号段,或者非空闲的公网IP地址和空闲的端口号段,作为所述当前终端的固定的网络标识,分配给所述当前终端;其中,所述第一映射表记录有终端设备标识、网络标识之间的对应关系。
- 根据权利要求2所述的方法,其中,所述方法还包括:获取所述当前终端所属节点的标识信息,将所述节点标识信息添加至所述第一映射表;或者,获取所述当前终端所接入的接入设备为所述当前终端分配的私网IP地址及所述当前终端所属节点的标识信息,将所述私网IP地址及所述节点标识信息添加至所述第一映射表。
- 根据权利要求3所述的方法,其中,将所述节点标识信息添加至所述第一映射表,或者将所述私网IP地址和所述节点标识信息添加至所述第一映射表之后,所述方法还包括:当获知所述当前终端离开所述网络时,删除所述第一映射表中的与所述当前终端标识相对应的节点标识信息、或者删除私网IP地址和节点标识信息;当获知所述当前终端由所述接入设备切换至新的接入设备且两个接入设备隶属于同一个节点时,获取所述新的接入设备为所述当前终端分配的新私网IP地址,更新所述第一映射表中所述当前终端的私网IP地址为所述新私网IP地址;当获知所述当前终端由所述接入设备切换至新的接入设备且两个接入设备不隶属于同一个节点时,获取所述新的接入设备为所述当前终端分配的新私网IP地址,获取所述当前终端所属的新节点的节点标识信息;更新所述第一映射表中所述当前终端的私网IP地址为所述新私网IP地址,更新所述第一映射表中所述当前终端的节点标识信息为所述新节点标识信息。
- 根据权利要求3所述的方法,其中,所述方法还包括:接收到溯源地址查找请求时,所述溯源地址查找请求携带有待溯源IP地址,在第一映射表中,查找与所述待溯源IP地址相对应的终端的私网IP地址、或者所述私网IP地址和节点标识,将所述私网IP地址、或者所述私网IP地址和节点标识信息作为所述溯源地址查找请求的响应消息,发送;或者,接收到溯源地址查找请求时,所述溯源地址查找请求携带有待溯源IP地址,在第一映射表中,查找与所述待溯源IP地址相对应的终端设备标识;在预先同步的终端认证信息中,再查找与所述终端设备标识相对应的终端用户账号,将所述终端用户账号信息作为所述溯源地址查找请求的响应消 息,发送;其中,所述待溯源IP地址为公网IP地址、或公网IP地址和端口号。
- 根据权利要求3所述的方法,其中,所述方法还包括:管理网元发送为所述当前终端分配的网络标识至所述当前终端所属的节点,以供所述节点形成第二映射表,所述第二映射表记录有当前终端设备标识、网络标识、私网IP地址之间的对应关系;相应的,所述以使当前终端利用所分配的网络标识在所述网络中传输数据,包括:所述节点获取到来自所述当前终端的第一数据时,获取所述当前终端的私网IP地址,在第二映射表中,查找与所述私网IP地址相对应的网络标识;当所述节点获知用于接收所述第一数据的节点的标识信息时,确定用于接收所述第一数据的节点;当所述节点没有获知用于接收所述第一数据的节点的标识信息时,向所述管理网元发送查询请求,所述管理网元接收所述查询请求,在第一映射表中,查找与第一数据的目的地址相对应的终端所属的节点标识,发送所查找到的节点标识;所述节点接收所述管理网元查找到的节点标识,并确定具有该节点标识的节点为用于接收所述第一数据的节点;所述节点利用自身所查找到的网络标识通过数据隧道传输第一数据至所确定出的用于接收所述第一数据的节点。
- 一种管理网元,所述管理网元包括:第一获取单元,配置为获取注册于网络中的当前终端的设备标识,所述当前终端为移动用户;第一分配单元,配置为依据当前终端设备标识,为所述当前终端分配相应的网络标识,以使当前终端利用所分配的网络标识在所述网络中传输 数据;其中,所述网络标识为为所述当前终端分配的固定的公网互联网协议IP地址、或公网IP地址和端口号段。
- 根据权利要求7所述的管理网元,其中,所述第一分配单元,还配置为:在预先配置的第一映射表中,查找是否存在有与当前终端设备标识相对应的公网IP地址、或公网IP地址与端口号段;查找到时,将查找到的公网IP地址、或公网IP地址与端口号段分配给所述当前终端;查找不到时,选择空闲的公网互联网协议IP地址,或者空闲的公网IP地址和空闲的端口号段,或者非空闲的公网IP地址和空闲的端口号段,作为所述当前终端的固定的网络标识,分配给所述当前终端;其中,所述第一映射表记录有终端设备标识、网络标识之间的对应关系。
- 根据权利要求8所述的管理网元,其中,所述第一获取单元,还配置为:获取所述当前终端所属节点的标识信息,将所述节点标识信息添加至所述第一映射表;或者,获取所述当前终端所接入的接入设备为所述当前终端分配的私网IP地址及所述当前终端所属节点的标识信息,将所述私网IP地址及所述节点标识信息添加至所述第一映射表。
- 根据权利要求9所述的网元,其中,所述管理网元还包括:第一删除单元,配置为当获知所述当前终端离开所述网络时,删除所述第一映射表中的与所述当前终端标识相对应的节点标识信息、或者删除私网IP地址和节点标识信息;第一更新单元,配置为当获知所述当前终端由所述接入设备切换至新的接入设备且两个接入设备隶属于同一个节点时,获取所述新的接入设备为所述当前终端分配的新私网IP地址,更新所述第一映射表中所述当前终端的私网IP地址为所述新私网IP地址;第二更新单元,配置为当获知所述当前终端由所述接入设备切换至新的接入设备且两个接入设备不隶属于同一个节点时,获取所述新的接入设备为所述当前终端分配的新私网IP地址,获取所述当前终端所属的新节点的节点标识信息,更新所述第一映射表中所述当前终端的私网IP地址为所述新私网IP地址,更新所述第一映射表中所述当前终端的节点标识信息为所述新节点标识信息。
- 根据权利要求9所述的管理网元,其中,所述管理网元还包括:第一接收单元,配置为接收到溯源地址查找请求,所述溯源地址查找请求携带有待溯源IP地址;第一查找单元,配置为查找与所述待溯源IP地址相对应的终端的私网IP地址、或者所述私网IP地址和节点标识;第一发送单元,配置为将所述私网IP地址、或者所述私网IP地址和节点标识信息作为所述溯源地址查找请求的响应消息,发送;或者,所述第一接收单元,配置为接收到溯源地址查找请求,所述溯源地址查找请求携带有待溯源IP地址;所述第一查找单元,配置为在第一映射表中,查找与所述待溯源IP地址相对应的终端设备标识,在预先同步的终端认证信息中,再查找与所述终端设备标识相对应的终端用户账号;所述第一发送单元,配置为将所述终端用户账号信息作为所述溯源地址查找请求的响应消息,发送;其中,所述待溯源IP地址为公网IP地址、或公网IP地址和端口号。
- 根据权利要求9所述的管理网元,其中,所述管理网元还包括:第二接收单元,配置为接收查询请求;所述查询请求在节点无法获知所述当前终端传输第一数据时用于接收所述第一数据的节点标识信息时,由所述节点发送;第二查找单元,配置为在第一映射表中,查找与所述第一数据的目的地址相对应的终端所属的节点标识;第二发送单元,配置为发送所述节点标识信息。
- 一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1至6任一项所述的方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/325,445 US10154003B2 (en) | 2014-07-15 | 2015-04-16 | Method for acquiring identifier of terminal in network, management network element and storage medium |
EP15821558.2A EP3157230B1 (en) | 2014-07-15 | 2015-04-16 | Method for acquiring identifier of terminal in network, management network element and storage medium |
MX2017000413A MX2017000413A (es) | 2014-07-15 | 2015-04-16 | Procedimiento para adquirir identificador de terminal en una red, elemento de red de gestion y medio de almacenamiento. |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410337512.7 | 2014-07-15 | ||
CN201410337512.7A CN105306612A (zh) | 2014-07-15 | 2014-07-15 | 获取终端在网络中的标识的方法及管理网元 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016008320A1 true WO2016008320A1 (zh) | 2016-01-21 |
Family
ID=55077888
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/076769 WO2016008320A1 (zh) | 2014-07-15 | 2015-04-16 | 获取终端在网络中的标识的方法、管理网元及存储介质 |
Country Status (5)
Country | Link |
---|---|
US (1) | US10154003B2 (zh) |
EP (1) | EP3157230B1 (zh) |
CN (1) | CN105306612A (zh) |
MX (1) | MX2017000413A (zh) |
WO (1) | WO2016008320A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021121040A1 (zh) * | 2019-12-19 | 2021-06-24 | 中兴通讯股份有限公司 | 一种宽带接入的方法、装置、设备和存储介质 |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9936378B2 (en) * | 2015-09-23 | 2018-04-03 | Htc Corporation | Device and method of handling non access stratum procedure |
CN106790732B (zh) * | 2015-11-24 | 2020-04-10 | 中兴通讯股份有限公司 | 地址转换方法、装置及***、网络标识控制方法及装置 |
CN107241207B (zh) * | 2016-03-29 | 2022-10-28 | 中兴通讯股份有限公司 | 设备管理方法及装置 |
CN106658479B (zh) * | 2016-11-16 | 2020-12-11 | 广东新岸线科技有限公司 | 一种无线网络融合的实现方法 |
CN109842504B (zh) * | 2017-11-27 | 2021-09-14 | 华为技术有限公司 | 一种信息上报方法及相关设备 |
CN110071984A (zh) * | 2018-01-24 | 2019-07-30 | 中兴通讯股份有限公司 | 一种网络标识映射方法和***以及终端、标识网关 |
CN111107538B (zh) * | 2018-10-25 | 2022-08-19 | 天翼数字生活科技有限公司 | 国际移动用户识别码获取方法、装置和计算机设备 |
CN112995349B (zh) * | 2019-12-12 | 2023-07-04 | 中兴通讯股份有限公司 | 地址管理方法、服务器和计算机可读存储介质 |
CN111565438B (zh) * | 2020-04-15 | 2022-06-21 | 中国联合网络通信集团有限公司 | 一种通信方法和接入网设备 |
CN111698248B (zh) * | 2020-06-11 | 2021-06-11 | 杭州商湾网络科技有限公司 | 一种基于标签的网络授权管理方法及*** |
CN113810900A (zh) * | 2020-06-12 | 2021-12-17 | 中兴通讯股份有限公司 | 网络接入方法、电子设备及存储介质 |
CN114024899A (zh) * | 2020-07-17 | 2022-02-08 | 艾锐势企业有限责任公司 | 路由器、用于路由器的方法、计算机可读介质以及装置 |
CN114363331A (zh) * | 2021-12-22 | 2022-04-15 | 上海浦东发展银行股份有限公司 | 通信方法、***、计算机设备和存储介质 |
CN115915113B (zh) * | 2022-11-25 | 2024-04-16 | 中国联合网络通信集团有限公司 | 号段关联设备的确定方法、装置及存储介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150598A (zh) * | 2005-11-02 | 2008-03-26 | 中兴通讯股份有限公司 | Cdma***为用户分配固定ip地址的方法 |
CN101483672A (zh) * | 2009-02-16 | 2009-07-15 | 深圳华为通信技术有限公司 | 业务信息访问处理方法与***、网关服务器、移动终端 |
CN102299942A (zh) * | 2010-06-25 | 2011-12-28 | 中兴通讯股份有限公司 | 代理网络设备的管理方法和*** |
CN102790812A (zh) * | 2012-07-31 | 2012-11-21 | 中国联合网络通信集团有限公司 | 基于移动终端的ip地址溯源方法、设备和*** |
CN103067268A (zh) * | 2012-12-31 | 2013-04-24 | 华为技术有限公司 | 一种虚拟家庭网关服务提供方法及服务器 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7941512B2 (en) * | 2004-12-13 | 2011-05-10 | Cisco Technology, Inc. | Use of IPv6 in access networks |
EP2053886A3 (en) * | 2007-10-26 | 2015-03-25 | Hitachi, Ltd. | Communication system and gateway apparatus |
US8532618B2 (en) * | 2009-07-03 | 2013-09-10 | Futurewei Technologies, Inc. | System and method for communications device and network component operation |
US9083587B2 (en) * | 2009-08-21 | 2015-07-14 | Cisco Technology, Inc. | Port chunk allocation in network address translation |
US9730101B2 (en) * | 2012-01-31 | 2017-08-08 | Telefonaktiebolaget Lm Ericsson | Server selection in communications network with respect to a mobile user |
KR102053856B1 (ko) * | 2013-09-13 | 2019-12-09 | 삼성전자주식회사 | 통신 시스템에서 푸쉬 서비스 제공을 위한 방법 및 장치 |
-
2014
- 2014-07-15 CN CN201410337512.7A patent/CN105306612A/zh active Pending
-
2015
- 2015-04-16 MX MX2017000413A patent/MX2017000413A/es unknown
- 2015-04-16 US US15/325,445 patent/US10154003B2/en active Active
- 2015-04-16 WO PCT/CN2015/076769 patent/WO2016008320A1/zh active Application Filing
- 2015-04-16 EP EP15821558.2A patent/EP3157230B1/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150598A (zh) * | 2005-11-02 | 2008-03-26 | 中兴通讯股份有限公司 | Cdma***为用户分配固定ip地址的方法 |
CN101483672A (zh) * | 2009-02-16 | 2009-07-15 | 深圳华为通信技术有限公司 | 业务信息访问处理方法与***、网关服务器、移动终端 |
CN102299942A (zh) * | 2010-06-25 | 2011-12-28 | 中兴通讯股份有限公司 | 代理网络设备的管理方法和*** |
CN102790812A (zh) * | 2012-07-31 | 2012-11-21 | 中国联合网络通信集团有限公司 | 基于移动终端的ip地址溯源方法、设备和*** |
CN103067268A (zh) * | 2012-12-31 | 2013-04-24 | 华为技术有限公司 | 一种虚拟家庭网关服务提供方法及服务器 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021121040A1 (zh) * | 2019-12-19 | 2021-06-24 | 中兴通讯股份有限公司 | 一种宽带接入的方法、装置、设备和存储介质 |
Also Published As
Publication number | Publication date |
---|---|
US20170171149A1 (en) | 2017-06-15 |
US10154003B2 (en) | 2018-12-11 |
CN105306612A (zh) | 2016-02-03 |
MX2017000413A (es) | 2017-04-27 |
EP3157230A4 (en) | 2017-08-02 |
EP3157230A1 (en) | 2017-04-19 |
EP3157230B1 (en) | 2018-11-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016008320A1 (zh) | 获取终端在网络中的标识的方法、管理网元及存储介质 | |
CN107852430B (zh) | 用于在局域网中形成网关的设备以及计算机可读存储介质 | |
US20220124147A1 (en) | Application relocation method and apparatus | |
JP6510030B2 (ja) | モノのインターネット(IoT)におけるデバイス場所登録のためのサーバ | |
CN106790732B (zh) | 地址转换方法、装置及***、网络标识控制方法及装置 | |
US20230171618A1 (en) | Communication method and apparatus | |
US9143483B2 (en) | Method for anonymous communication, method for registration, method and system for transmitting and receiving information | |
TWI516160B (zh) | An implementation method and device for an adjacent communication service | |
CN109964495B (zh) | 应用的服务层移动性管理 | |
US9031074B2 (en) | Method and apparatus for packet call setup | |
JP2019500792A (ja) | グループマルチキャスト方法、グループ作成方法およびモバイルネットワークプラットフォーム | |
KR102053856B1 (ko) | 통신 시스템에서 푸쉬 서비스 제공을 위한 방법 및 장치 | |
US7289471B2 (en) | Mobile router, position management server, mobile network management system, and mobile network management method | |
WO2015085573A1 (zh) | 一种利用白频谱通信的方法及设备 | |
WO2017045197A1 (zh) | 接入本地网络的方法和相关设备 | |
US11196666B2 (en) | Receiver directed anonymization of identifier flows in identity enabled networks | |
JP2003258859A (ja) | 通信システム、通信方法、転送装置及びネットワーク管理装置 | |
US20230171673A1 (en) | Method and system for routing an internet protocol data packet between wireless computer devices connected to a cellular network | |
WO2015135278A1 (zh) | 一种鉴权认证方法和***、ProSe功能实体以及UE | |
WO2015145953A1 (ja) | 通信端末、通信方法及びプログラムを格納する記憶媒体 | |
WO2014154185A1 (zh) | 一种无线控制器通信方法及无线控制器 | |
CN111200514A (zh) | 网元的信息处理方法、装置、网络平台及存储介质 | |
US9843553B2 (en) | Method and device for sending message | |
US9497784B2 (en) | Apparatus and method of establishing interface in a local network | |
WO2021250860A1 (ja) | アドレス設定システム、アドレス設定方法、アドレス設定管理装置及びプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15821558 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: MX/A/2017/000413 Country of ref document: MX |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15325445 Country of ref document: US |
|
REEP | Request for entry into the european phase |
Ref document number: 2015821558 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2015821558 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |