WO2016026448A1

WO2016026448A1 - Method and apparatus for bandwidth on demand

Info

Publication number: WO2016026448A1
Application number: PCT/CN2015/087583
Authority: WO
Inventors: 杜宗鹏; 薛莉; 苗福友; 徐小飞
Original assignee: 华为技术有限公司
Priority date: 2014-08-22
Filing date: 2015-08-20
Publication date: 2016-02-25
Also published as: CN105450547A

Abstract

The present application relates to the communication field and in particular to a method for Bandwidth on Demand. The method comprises: a first device receiving a first message sent by a second device, the second device being the one requesting bandwidth adjustment, the first message comprising a first identification for identifying the type of the requested bandwidth adjustment and a second identification for identifying a user corresponding to the second device; according to the first message, the first device obtaining a second message according to the first message, the second message comprising the first identification and the second identification; and the first device sending the second message to a server. According to the present application, whether or not the second device is authorized for bandwidth adjustment can be determined according to the identity of the user, instead of determining whether the bandwidth of user equipment is adjusted or not by a location where the user is accessed, so that bandwidth adjustment can still occur even if there is a change in the location where the user is accessed.

Description

一种按需分配带宽的方法及装置Method and device for allocating bandwidth on demand

本申请要求于2014年8月22日提交中国专利局、申请号为CN201410418350.X、发明名称为“一种按需分配带宽的方法及装置”的中国专利申请的优先权，其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese Patent Application filed on August 22, 2014, the Chinese Patent Office, Application No. CN201410418350.X, entitled "A Method and Apparatus for Allocating Bandwidth on Demand", the entire contents of which are incorporated by reference. Combined in this application.

技术领域Technical field

本发明实施例涉及网络技术领域，具体涉及一种按需分配带宽的方法及装置。The embodiments of the present invention relate to the field of network technologies, and in particular, to a method and an apparatus for allocating bandwidth on demand.

背景技术Background technique

按需分配带宽(英文全称为Bandwidth on Demand，缩写为BOD)是一种用户设备或者网络设备以其需求的速率获取网络可用接入速率的方式。这种方式可以让用户有效利用用户接入线路上富裕的带宽，以提高网络传输速率，提高用户的体验。Bandwidth on Demand (Broadwidth on Demand, abbreviated as BOD) is a way for user equipment or network equipment to obtain the available access rate of the network at the rate required by it. This method allows users to effectively utilize the rich bandwidth of the user access line to increase the network transmission rate and improve the user experience.

现有技术中存在一种BOD方法，用户设备在登陆网络后，宽带远程接入服务器(英文全称为Broadband Remote Access Server，缩写为BRAS)向策略服务器(英文名称为policy server)上报用户信息，由所述策略服务器下发按访问地址计费(英文全称为Destination Address Accounting，缩写为DAA)策略给所述BRAS。所述BRAS根据所述DAA策略生成访问控制列表(英文全称为Access Control List，缩写为ACL)。当用户设备接入网络时，所述BRAS根据所述用户设备的接入位置确定所述用户设备的接入位置是否是其固定接入位置，如果是，则所述BRAS允许用户接入，并且如果该用户订制了定向BOD业务，则所述BRAS通过ACL中配置的服务器地址区分用户访问的服务器。所述BRAS根据用户访问的服务器地址确定已订制的BOD业务中所述服务器地址对应的速率，根据所述速率对用户的访问特定服务器的数据流进行速度调整。There is a BOD method in the prior art. After the user equipment logs in to the network, the broadband remote access server (Broadband Remote Access Server, abbreviated as BRAS) reports the user information to the policy server (English name is policy server). The policy server delivers a policy according to an access address (English name called Destination Address Accounting, abbreviated as DAA) to the BRAS. The BRAS generates an access control list (referred to as an Access Control List in English, abbreviated as ACL) according to the DAA policy. When the user equipment accesses the network, the BRAS determines whether the access location of the user equipment is its fixed access location according to the access location of the user equipment, and if yes, the BRAS allows the user to access, and If the user subscribes to the directed BOD service, the BRAS distinguishes the server accessed by the user by the server address configured in the ACL. The BRAS determines a rate corresponding to the server address in the customized BOD service according to the server address accessed by the user, and performs speed adjustment on the data flow of the user accessing the specific server according to the rate.

现有的BOD方法，运营商网络往往需要锁定用户的接入位置，按照用户的接入线路分发业务，由此导致用户只能在固定的接入位置进行BOD提速。In the existing BOD method, the operator network often needs to lock the user's access location, according to the user. The access line distributes the service, thereby causing the user to perform BOD speedup only at a fixed access location.

发明内容Summary of the invention

本发明实施例解决的技术问题是提供一种按需分配带宽的方法和装置，有助于在用户的接入位置移动或改变时仍能够实现网络提速。The technical problem to be solved by the embodiments of the present invention is to provide a method and device for allocating bandwidth on demand, which can help realize network speed increase when the user's access location moves or changes.

为此，本发明实施例提供如下技术方案：To this end, the embodiments of the present invention provide the following technical solutions:

第一方面，提供了一种按需分配带宽的方法，所述方法包括：In a first aspect, a method of allocating bandwidth on demand is provided, the method comprising:

第一设备接收第二设备发送的包含带宽调整请求的第一报文，所述第二设备为请求带宽调整的设备，所述第一报文包括第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识所述第二设备对应的用户；The first device receives a first packet that is sent by the second device and includes a bandwidth adjustment request, where the second device is a device that requests bandwidth adjustment, where the first packet includes a first identifier and a second identifier, where the first device Identifying a type for identifying a bandwidth adjustment request, where the second identifier is used to identify a user corresponding to the second device;

所述第一设备在所述第一报文包括所述第一标识时，根据所述第一报文获得第二报文，所述第二报文包括所述第一标识和所述第二标识；When the first packet includes the first identifier, the first device obtains a second packet according to the first packet, where the second packet includes the first identifier and the second packet Identification

所述第一设备向服务器发送所述第二报文，所述服务器用于响应所述带宽调整请求。The first device sends the second packet to a server, where the server is configured to respond to the bandwidth adjustment request.

结合第一方面，在第一方面的第一种可能的实现方式中，所述第一报文是可扩展身份验证协议请求(英文全称为Extensible Authentication Protocle Request，缩写为EAP Request)报文，所述EAP Request报文包括子类型(英文名称为Subtype)和属性类型(英文名称为Attribute Type)，所述Subtype用于携带所述第一标识，所述Attribute Type用于携带所述第二标识。With reference to the first aspect, in a first possible implementation manner of the first aspect, the first packet is an Extensible Authentication Protocol Request (EAP Request) message. The EAP Request message includes a subtype (English name is Subtype) and an attribute type (English name is Attribute Type), and the Subtype is used to carry the first identifier, and the Attribute Type is used to carry the second identifier.

结合第一方面，在第一方面的第二种可能的实现方式中，所述第一报文是可扩展身份验证协议响应(英文全称为Extensible Authentication Protocol Response，缩写为EAP Response)报文，所述EAP Response报文的Attribute Type用于携带所述第一标识和所述第二标识。With reference to the first aspect, in a second possible implementation manner of the first aspect, the first packet is an Extensible Authentication Protocol Response (EAP Response) message. The Attribute Type of the EAP Response packet is used to carry the first identifier and the second identifier.

结合第一方面、所述第一方面的第一种可能的实现方式或者所述第一方面的第二种可能的实现方式，在第一方面的第三种可能的实现方式中，所述第二报文是远程用户拨号认证***协议(英文全称为Remote Authentication Dial In UserService，英文缩写为RADIUS)报文，所述RADIUS报文的Attribute Type用于携带所述第一报文。In conjunction with the first aspect, the first possible implementation of the first aspect, or the second possible implementation of the first aspect, in a third possible implementation of the first aspect, the The second message is the remote user dial-up authentication system protocol (English name is Remote Authentication). Dial In User Service (abbreviated as RADIUS) packet, the Attribute Type of the RADIUS packet is used to carry the first packet.

第二方面，提供了一种按需分配带宽的方法，所述方法包括：In a second aspect, a method of allocating bandwidth on demand is provided, the method comprising:

服务器接收第一设备发送的第一报文，所述第一报文包含第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识第二设备对应的用户，所述第二设备为请求带宽调整的设备；The server receives the first packet sent by the first device, where the first packet includes a first identifier and a second identifier, where the first identifier is used to identify a type of bandwidth adjustment request, and the second identifier is used to identify a user corresponding to the second device, where the second device is a device that requests bandwidth adjustment;

所述服务器根据所述第二标识判断所述用户是否具有带宽调整的权限；Determining, by the server, whether the user has the right to adjust bandwidth according to the second identifier;

当所述服务器确定所述用户具有带宽调整的权限时，所述服务器根据所述第一标识，获得第一策略变更(英文全称为Change of Authentication，缩写为COA)报文，所述第一COA报文包括所述第二标识，所述第一COA报文用于指示宽带接入服务器BRAS执行与所述第一标识对应的带宽调整；When the server determines that the user has the right to adjust the bandwidth, the server obtains a first policy change (English name is called Change of Authentication, abbreviated as COA) message according to the first identifier, and the first COA The packet includes the second identifier, where the first COA packet is used to instruct the broadband access server BRAS to perform bandwidth adjustment corresponding to the first identifier.

所述服务器向所述BRAS发送与所述请求带宽调整所述第一COA报文。Sending, by the server, the first COA message to the BRAS and the request bandwidth.

结合第二方面，在第二方面的第一种可能的实现方式中，所述方法还包括：With reference to the second aspect, in a first possible implementation manner of the second aspect, the method further includes:

所述服务器向所述第二设备发送第二报文，所述第二报文包括认证矢量中的随机数；The server sends a second packet to the second device, where the second packet includes a random number in the authentication vector;

当所述服务器确定未收到所述第二设备发送的与所述第二报文对应的响应报文，或者所述服务器根据所述第二报文对应的响应报文确定认证失败时，向所述BRAS发送第二COA报文，所述第二COA报文包括所述第二标识，所述第二COA报文用于指示所述BRAS停止执行与所述第一标识对应的带宽调整。When the server determines that the response packet corresponding to the second packet sent by the second device is not received, or the server determines that the authentication fails according to the response packet corresponding to the second packet, The BRAS sends a second COA message, where the second COA message includes the second identifier, and the second COA message is used to instruct the BRAS to stop performing bandwidth adjustment corresponding to the first identifier.

第三方面，提供了一种按需分配带宽的方法，所述方法包括：In a third aspect, a method of allocating bandwidth on demand is provided, the method comprising:

第一设备获得第一报文，所述第一设备为请求带宽调整的设备，所述第一报文包括第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识所述第一设备对应的用户；The first device obtains a first packet, where the first device is a device that requests bandwidth adjustment, and the first packet includes a first identifier and a second identifier, where the first identifier is used to identify a type of request bandwidth adjustment. The second identifier is used to identify a user corresponding to the first device;

所述第一设备向第二设备发送所述第一报文。The first device sends the first packet to the second device.

结合第三方面，在第三方面的第一种可能的实现方式中，所述第一设备获得第一报文之前，所述方法还包括： With reference to the third aspect, in a first possible implementation manner of the third aspect, before the first device obtains the first packet, the method further includes:

所述第一设备接收所述第二设备发送EAP Request报文；The first device receives the second device to send an EAP Request message;

所述第一设备获得第一报文包括：The obtaining, by the first device, the first packet includes:

所述第一设备接收到所述EAP Request报文后，获得EAP Response报文，所述EAP Response报文包括所述第一标识和所述第二标识。After receiving the EAP Request message, the first device obtains an EAP Response message, where the EAP Response message includes the first identifier and the second identifier.

结合第三方面，在第三方面的第二种可能的实现方式中，所述第一设备获得第一报文之前，所述方法还包括：With reference to the third aspect, in a second possible implementation manner of the third aspect, before the first device obtains the first packet, the method further includes:

所述第一设备接收到所述第二设备发送的第二报文，所述第二报文用于指示所述第一设备通过所述第二设备的认证。The first device receives the second packet sent by the second device, where the second packet is used to indicate that the first device is authenticated by the second device.

结合第三方面或者第三方面的前述任意一种可能的实现方式，在第三方面的第三种可能的实现方式中，所述方法还包括：With reference to the third aspect, or any one of the foregoing possible implementation manners of the third aspect, in a third possible implementation manner of the third aspect, the method further includes:

所述第一设备接收来自服务器的第三报文，所述服务器用于响应所述带宽调整请求，所述第三报文包括认证矢量中的随机数；The first device receives a third packet from a server, where the server is configured to respond to the bandwidth adjustment request, where the third packet includes a random number in an authentication vector;

所述第一设备根据所述认证矢量中的随机数以及与所述第二标识对应的共享密钥，获得认证运算结果；The first device obtains an authentication operation result according to a random number in the authentication vector and a shared key corresponding to the second identifier;

所述第一设备向所述服务器发送第四报文，所述第四报文包含所述认证运算结果。The first device sends a fourth packet to the server, where the fourth packet includes the authentication operation result.

第四方面，提供了一种第一设备，所述第一设备包括：In a fourth aspect, a first device is provided, where the first device includes:

第一接收单元，用于接收第二设备发送的包含带宽调整请求的第一报文，所述第二设备为请求带宽调整的设备，所述第一报文包括第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识所述第二设备对应的用户；a first receiving unit, configured to receive, by the second device, a first packet that includes a bandwidth adjustment request, where the second device is a device that requests bandwidth adjustment, where the first packet includes a first identifier and a second identifier, where The first identifier is used to identify a type of requesting bandwidth adjustment, and the second identifier is used to identify a user corresponding to the second device;

第一获得单元，用于在所述接收单元接收的所述第一报文包括所述第一标识时，根据所述第一报文获得第二报文，所述第二报文包括所述第一标识和所述第二标识；a first obtaining unit, configured to: when the first packet received by the receiving unit includes the first identifier, obtain a second packet according to the first packet, where the second packet includes the a first identifier and the second identifier;

第一发送单元，用于向服务器发送所述获得单元获得的所述第二报文，所述服务器用于响应带宽调整请求。a first sending unit, configured to send, to the server, the second packet obtained by the obtaining unit, where the server is configured to respond to a bandwidth adjustment request.

结合第四方面，在第四方面的第一种可能的实现方式中，所述第一报文是EAP Request报文，所述EAP Request报文包括Subtype和AttributeType，所述Subtype用于携带所述第一标识，所述Attribute type携带所述第二标识。With reference to the fourth aspect, in a first possible implementation manner of the fourth aspect, the first packet The EAP Request message is an EAP Request message, and the EAP Request message includes a Subtype and an AttributeType, where the Subtype is used to carry the first identifier, and the Attribute Type carries the second identifier.

结合第四方面，在第四方面的第二种可能的实现方式中，所述第一报文是EAP Response报文，所述EAP Response报文的Attribute Type用于携带所述第一标识和所述第二标识。With reference to the fourth aspect, in a second possible implementation manner of the fourth aspect, the first packet is an EAP Response packet, and an Attribute Type of the EAP Response packet is used to carry the first identifier and the identifier The second identifier is described.

结合第四方面或者第四方面的第一种至第二种可能的实现方式，在第四方面的第三种可能的实现方式中，所述第二报文是RADIUS报文，所述RADIUS报文的Attribute Type用于携带所述第一报文。With reference to the fourth aspect, or the first to the second possible implementation manner of the fourth aspect, in the third possible implementation manner of the fourth aspect, the second packet is a RADIUS packet, and the RADIUS packet The Attribute Type of the text is used to carry the first packet.

第五方面，提供了一种服务器，所述服务器包括：In a fifth aspect, a server is provided, the server comprising:

第一接收单元，用于接收第一设备发送的第一报文，所述第一报文包含第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识第二设备对应的用户，所述第二设备为请求带宽调整的设备；a first receiving unit, configured to receive a first packet sent by the first device, where the first packet includes a first identifier and a second identifier, where the first identifier is used to identify a type of request bandwidth adjustment, where The second identifier is used to identify a user corresponding to the second device, and the second device is a device that requests bandwidth adjustment;

确定单元，用于根据所述第二标识判断所述用户是否具有带宽调整的权限；a determining unit, configured to determine, according to the second identifier, whether the user has the right to adjust bandwidth;

第一获得单元，用于当确定所述用户具有带宽调整的权限时，根据所述第一标识，获得第一COA报文，所述第一COA报文包括所述第二标识，所述第一COA报文用于指示BRAS执行与所述第一标识对应的带宽调整；a first obtaining unit, configured to obtain, according to the first identifier, a first COA packet, where the first COA packet includes the second identifier, where the determining a COA message is used to instruct the BRAS to perform bandwidth adjustment corresponding to the first identifier;

第一发送单元，用于向所述BRAS发送所述第一COA报文。The first sending unit is configured to send the first COA message to the BRAS.

结合第五方面，在第五方面的第一种可能的实现方式中，所述服务器还包括：With reference to the fifth aspect, in a first possible implementation manner of the fifth aspect, the server further includes:

第二发送单元，用于向所述第二设备发送第二报文，所述第二报文包括认证矢量中的随机数；a second sending unit, configured to send a second packet to the second device, where the second packet includes a random number in the authentication vector;

第三发送单元，用于当确定未收到所述第二设备发送的与所述第二报文对应的响应报文，或者根据所述第二报文对应的响应报文确定认证失败时，向所述BRAS发送第二COA报文，所述第二COA报文包括所述第二标识，所述第二COA用于指示所述BRAS停止执行与所述第一标识对应的带宽调整。a third sending unit, configured to: when it is determined that the response packet corresponding to the second packet sent by the second device is not received, or when the authentication failure is determined according to the response packet corresponding to the second packet, Sending a second COA message to the BRAS, where the second COA message includes the second identifier, where the second COA is used to instruct the BRAS to stop performing bandwidth adjustment corresponding to the first identifier.

第六方面，提供了一种请求带宽调整的设备，所述请求带宽调整的设备为第一设备，所述第一设备包括：According to a sixth aspect, a device for requesting bandwidth adjustment is provided, where the device for requesting bandwidth adjustment is provided As a first device, the first device includes:

获得单元，用于获得第一报文，所述第一报文包括所述第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识所述第一设备对应的用户；An obtaining unit, configured to obtain a first packet, where the first packet includes the first identifier and the second identifier, where the first identifier is used to identify a type of request bandwidth adjustment, and the second identifier is used to identify a user corresponding to the first device;

第一发送单元，用于向第二设备发送所述第一报文。The first sending unit is configured to send the first packet to the second device.

结合第六方面，在第六方面的第一种可能的实现方式中，所述设备还包括：With reference to the sixth aspect, in a first possible implementation manner of the sixth aspect, the device further includes:

第一接收单元，用于接收所述第二设备发送的EAP Request报文；The first receiving unit is configured to receive an EAP Request message sent by the second device;

所述获得单元具体用于：The obtaining unit is specifically configured to:

在所述第二接收单元接收到所述EAP Request报文后，获得EAP Response报文，所述EAP Response报文包括所述第一标识和所述第二标识。After receiving the EAP Request message, the second receiving unit obtains an EAP Response packet, where the EAP Response packet includes the first identifier and the second identifier.

结合第六方面，在第六方面的第二种可能的实现方式中，所述设备还包括：With reference to the sixth aspect, in a second possible implementation manner of the sixth aspect, the device further includes:

第二接收单元，用于接收所述第二设备发送的第二报文，所述第二报文用于指示所述第一设备通过所述第二设备的认证。The second receiving unit is configured to receive the second packet sent by the second device, where the second packet is used to indicate that the first device is authenticated by the second device.

结合第六方面或者第六方面的前述任意一种可能的实现方式，在第六方面的第三种可能的实现方式中，所述设备还包括：With reference to the sixth aspect, or any one of the foregoing possible implementation manners of the sixth aspect, in a third possible implementation manner of the sixth aspect, the device further includes:

第三接收单元，用于接收来自服务器的第三报文，所述服务器用于响应所述带宽调整请求，所述第三报文包括认证矢量中的随机数；a third receiving unit, configured to receive a third packet from the server, where the server is configured to respond to the bandwidth adjustment request, where the third packet includes a random number in the authentication vector;

计算单元，用于根据所述认证矢量中的随机数以及与所述第二标识对应的共享密钥，获得认证运算结果；a calculating unit, configured to obtain an authentication operation result according to a random number in the authentication vector and a shared key corresponding to the second identifier;

第二发送单元，用于向所述第二设备发送第四报文，所述第四报文包含所述认证运算结果。a second sending unit, configured to send a fourth packet to the second device, where the fourth packet includes the authentication operation result.

根据本发明实施例的一个方面提供的按需分配带宽的方法和设备，第一设备接收请求带宽调整的第二设备发送的包含所述第一标识和第二标识的第一报文，所述第一标识用于标识所述请求带宽调整的类型，所述第二标识用于标识所述第二设备对应的用户；所述第一设备根据所述第一报文获得包括所述第二标识和所述第一标识的第二报文，向服务器发送所述第二报文，以使得所述服务器可根据所述第二标识确定所述第二标识对应的用户是否具有带宽调整权限，并在确认所述用户具有带宽调整权限时，执行带宽调整操作。这样，本发明实施例利用标识用户身份的信息来区分第二设备是否有进行带宽调整的权限，而不是通过用户的接入位置确定是否对用户设备的带宽进行调整，使得用户设备的接入位置发生变化时，仍能够进行带宽调整。本发明通过简单的方法实现了用户设备提高带宽速率或者降低带宽速率的目的。According to the method and device for allocating bandwidth according to an aspect of the present invention, the first device receives the first packet that includes the first identifier and the second identifier that is sent by the second device that requests the bandwidth adjustment, The first identifier is used to identify the type of the requested bandwidth adjustment, the second identifier is used to identify a user corresponding to the second device, and the first device is obtained according to the first packet. The second identifier and the second packet of the first identifier are sent by the server to the server, so that the server may determine, according to the second identifier, whether the user corresponding to the second identifier has The bandwidth adjustment authority is performed, and when it is confirmed that the user has the bandwidth adjustment authority, the bandwidth adjustment operation is performed. In this way, the embodiment of the present invention uses the information identifying the identity of the user to distinguish whether the second device has the right to perform bandwidth adjustment, instead of determining whether to adjust the bandwidth of the user equipment by using the access location of the user, so that the access location of the user equipment is Bandwidth adjustments are still possible when changes occur. The invention achieves the purpose of increasing the bandwidth rate or reducing the bandwidth rate of the user equipment by a simple method.

附图说明DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本发明的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动性的前提下，还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.

图1为本发明实施例提供的一种按需分配带宽的方法的流程示意图；1 is a schematic flowchart of a method for allocating bandwidth on demand according to an embodiment of the present invention;

图2为本发明实施例提供的一种按需分配带宽的方法的流程示意图；2 is a schematic flowchart of a method for allocating bandwidth on demand according to an embodiment of the present invention;

图3为本发明实施例提供的一种按需分配带宽的方法的流程示意图；3 is a schematic flowchart of a method for allocating bandwidth on demand according to an embodiment of the present invention;

图4为本发明实施例提供的按需分配带宽的方法的一种应用场景示意图；FIG. 4 is a schematic diagram of an application scenario of a method for allocating bandwidth on demand according to an embodiment of the present disclosure;

图5为本发明实施例提供的一种按需分配带宽的方法的信令图；FIG. 5 is a signaling diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention;

图6为本发明实施例提供的一种按需分配带宽的方法的信令图；FIG. 6 is a signaling diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention;

图7为本发明实施例提供的一种按需分配带宽的方法的信令图；FIG. 7 is a signaling diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention;

图8为本发明实施例提供的一种按需分配带宽的方法的信令图；FIG. 8 is a signaling diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention;

图9为本发明实施例提供的一种按需分配带宽的方法的信令图；FIG. 9 is a signaling diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention;

图10为本发明实施例提供的一种第一设备的示意图；FIG. 10 is a schematic diagram of a first device according to an embodiment of the present disclosure;

图11为本发明实施例提供的一种第一设备的示意图；FIG. 11 is a schematic diagram of a first device according to an embodiment of the present disclosure;

图12为本发明实施例提供的一种服务器的示意图；FIG. 12 is a schematic diagram of a server according to an embodiment of the present disclosure;

图13为本发明实施例提供的一种服务器的示意图；FIG. 13 is a schematic diagram of a server according to an embodiment of the present disclosure;

图14为本发明实施例提供的一种请求带宽调整的设备的示意图； FIG. 14 is a schematic diagram of an apparatus for requesting bandwidth adjustment according to an embodiment of the present disclosure;

图15为本发明实施例提供的一种请求带宽调整的设备的示意图；FIG. 15 is a schematic diagram of an apparatus for requesting bandwidth adjustment according to an embodiment of the present disclosure;

图16为本发明实施例提供的EAP Request报文一种实现方式示意图。FIG. 16 is a schematic diagram of an implementation manner of an EAP Request message according to an embodiment of the present invention.

具体实施方式detailed description

本发明实施例解决的技术问题是提供一种按需分配带宽的方法和装置，无需锁定用户的接入位置，根据用户的固定接入位置进行网络速度调整。本发明实施例可以简单的方法实现用户在接入位置移动或改变时仍能够实现网络带宽调整。The technical problem to be solved by the embodiments of the present invention is to provide a method and device for allocating bandwidth on demand, without locking the access location of the user, and performing network speed adjustment according to the fixed access location of the user. The embodiment of the invention can implement the network bandwidth adjustment even when the user moves or changes the access location in a simple manner.

为了使本技术领域的人员更好地理解本发明实施例的方案，下面结合附图和实施方式对本发明实施例作进一步的详细说明。The embodiments of the present invention are further described in detail below with reference to the accompanying drawings and embodiments.

在本发明实施例中使用的术语是仅仅出于描述特定实施例的目的，而非旨在限制本发明。在本发明实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式，除非上下文清楚地表示其他含义。还应当理解，本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terms used in the embodiments of the present invention are for the purpose of describing particular embodiments only and are not intended to limit the invention. The singular forms "a", "the" and "the" It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.

应当理解，尽管在本发明实施例中可能采用术语第一、第二、第三来描述某些设备、单元或报文，例如使用第一设备、第二设备等来描述各设备，但这些设备不应限于这些术语。这些术语仅用来例如将第一设备和第二设备彼此区分开。例如，在不脱离本发明实施例范围的情况下，第一设备也可以被称为第二设备，类似地，第二设备也可以被称为第一设备。It should be understood that although the terms first, second, and third may be used to describe certain devices, units, or messages in the embodiments of the present invention, such as using a first device, a second device, etc., the devices are described. It should not be limited to these terms. These terms are only used to distinguish, for example, the first device and the second device from each other. For example, a first device may also be referred to as a second device without departing from the scope of the embodiments of the present invention. Similarly, the second device may also be referred to as a first device.

取决于语境，如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”或“响应于检测”。类似地，取决于语境，短语“如果确定”或“如果检测(陈述的条件或事件)”可以被解释成为“当确定时”或“响应于确定”或“当检测(陈述的条件或事件)时”或“响应于检测(陈述的条件或事件)”。Depending on the context, the word "if" as used herein may be interpreted as "when" or "when" or "in response to determining" or "in response to detecting." Similarly, depending on the context, the phrase "if determined" or "if detected (conditions or events stated)" may be interpreted as "when determined" or "in response to determination" or "when detected (stated condition or event) "Time" or "in response to a test (condition or event stated)".

图1所示的方法是从第一设备的角度对按需分配带宽的方法进行说明。所述第一设备是能够与第二设备和服务器通信的设备，所述第二设备是请求带宽调整的设备，所述服务器可响应带宽调整请求。参见图1，图1示出了本发明实施例一种按需分配带宽的方法的流程示意图，可包括以下步骤：The method shown in FIG. 1 is a method of allocating bandwidth on demand from the perspective of the first device. The first device is a device capable of communicating with a second device and a server, and the second device is a request band A wide-tuned device that responds to bandwidth adjustment requests. Referring to FIG. 1, FIG. 1 is a schematic flowchart diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention, which may include the following steps:

S101，所述第一设备接收第二设备发送的包含带宽调整请求的第一报文，所述第二设备为请求带宽调整的设备，所述第一报文包括第一标识和第二标识，所述第一标识用于标识所述请求带宽调整的类型，所述第二标识用于标识所述第二设备对应的用户。S101. The first device receives a first packet that is sent by the second device and includes a bandwidth adjustment request, where the second device is a device that requests bandwidth adjustment, where the first packet includes a first identifier and a second identifier. The first identifier is used to identify the type of the requested bandwidth adjustment, and the second identifier is used to identify a user corresponding to the second device.

举例来说，所述第一设备与所述第二设备通信连接，所述第一设备还可以与服务器通信连接，所述服务器用于响应带宽调整请求，所述服务器可以是鉴权、授权和计费(英文全称为Authentication Authorization and Accounting，缩写为AAA)服务器、策略服务器或集成了策略服务器的AAA服务器。其中，所述第二设备为请求带宽调整的设备，例如用户设备、家庭网关(英文全称为Residential Gateway，英文缩写为RG)。所述用户设备包括但不限于电视、手机、电视棒、支持通用串行总线(英文全称为Universal Serial Bus，英文缩写为USB)接口的便携用户设备等设备。所述用户设备保存有第二标识，所述第二标识用于标识所述用户设备。RG可以保存有第二标识，所述第二标识用于标识所述RG所对应的用户。所述第二标识可以是用户的身份标识，例如应用在手机中的用户身份标识模块(英文全称为Subscriber Identity Module，英文缩写为SIM)或者通用用户身份标识模块(英文全称为Universal Subscriber Identity Module，英文缩写为USIM)中保存的用户的身份标识，该用户的身份标识可唯一标识用户。其中，所述第一设备可以是对所述第二设备进行认证的设备，也可以不是对所述第二设备进行认证的设备，而是由其他设备对所述第二设备进行认证，在认证通过后，由所述第一设备接收所述第二设备用于请求带宽调整的第一报文。所述第一设备可以是RG设备，还可以是BRAS，数字用户线路接入复用器(英文全称为Digital Subscriber Line Access Multiplexer，英文缩写为DSLAM)、超文本传输协议(英文全称为Hypertext Transfer Protocol，英文缩写为HTTP)服务器，或者其他认证设备，例如接入控制器(英文全称为Access Controller，英文缩写为AC)，等，本发明实施例对此不进行限定。For example, the first device is in communication connection with the second device, and the first device may also be in communication connection with a server, the server is configured to respond to a bandwidth adjustment request, and the server may be authentication, authorization, and Accounting (English full name Authentication Authorization and Accounting, abbreviated as AAA) server, policy server or AAA server integrated with policy server. The second device is a device that requests bandwidth adjustment, such as a user equipment and a home gateway (English full name is Residential Gateway, abbreviated as RG in English). The user equipment includes, but is not limited to, a television, a mobile phone, a television stick, and a portable user equipment supporting a universal serial bus (Universal Serial Bus, abbreviated as USB) interface. The user equipment stores a second identifier, where the second identifier is used to identify the user equipment. The RG may hold a second identifier, where the second identifier is used to identify a user corresponding to the RG. The second identifier may be an identifier of the user, such as a user identity module (in English, referred to as Subscriber Identity Module, SIM) or a universal user identity module (English full name is Universal Subscriber Identity Module). The identity of the user saved in the English abbreviation USIM), the user's identity can uniquely identify the user. The first device may be a device that authenticates the second device, or may not be a device that authenticates the second device, but the other device authenticates the second device. After the first device receives the first packet for requesting bandwidth adjustment by the first device. The first device may be an RG device, or may be a BRAS, a digital subscriber line access multiplexer (English full name Digital Subscriber Line Access Multiplexer, abbreviated as DSLAM), and a hypertext transfer protocol (English full name Hypertext Transfer Protocol) , abbreviated as HTTP) server, or other authentication device, such as an access controller (English full name called Access Controller, abbreviated as AC), etc., in the embodiment of the present invention This is not limited.

举例来说，所述第一报文包括的所述第一标识用于标识请求带宽调整的类型，所述请求带宽调整的类型可以为提高带宽、终止提高带宽、降低带宽或终止降低带宽，带宽调整的类型也可以是其它类型，在此不再逐一举例说明。For example, the first identifier included in the first packet is used to identify a type of request bandwidth adjustment, and the type of the request bandwidth adjustment may be increasing bandwidth, terminating increasing bandwidth, reducing bandwidth, or terminating reducing bandwidth, and bandwidth. The type of adjustment can also be other types, which are not illustrated one by one here.

在一种可能的实现方式中，所述第一报文具体可以是EAP Response报文。在本发明实施例中，对EAP报文进行了扩展，EAP Response报文的Attribute Type可携带第一标识和第二标识。例如：EAP报文的Attribute Type的第一类型长度值(英文全称为Type Length Value，英文缩写为TLV)字段可携带第一标识，所述Attribute Type的第二TLV字段可携带第二标识。其中，所述Attribute Type可携带于所述EAP Response报文的净荷(英文名称为payload)中，或者可以携带于所述EAP Response报文的报文头中。In a possible implementation, the first packet may be an EAP Response packet. In the embodiment of the present invention, the EAP packet is extended, and the Attribute Type of the EAP Response packet carries the first identifier and the second identifier. For example, the first type length value of the Attribute Type of the EAP packet (the full length of the type length value, the English abbreviation is TLV) field may carry the first identifier, and the second TLV field of the Attribute Type may carry the second identifier. The Attribute Type may be carried in the payload of the EAP Response packet (the English name is the payload), or may be carried in the header of the EAP Response packet.

在另外一种可能的实现方式中，所述第一报文具体可以是EAP Request报文。在本发明实施例中，定义了新的EAP报文的类型，所述EAP Request报文包括Subtype和Attribute Type，所述Subtype用于携带所述第一标识，所述Attribute Type可携带所述第二标识。例如：所述Attribute Type可以包含一个TLV字段，所述TLV字段用于携带所述用户的身份标识。其中，所述EAP Request的报文头可包括方法类型(英文名称为Method Type)和所述Subtype；所述EAP Request的payload包括所述Attribute Type的TLV字段。在另一种可能的实现方式中，所述EAP Request的报文头中包括Method Type，所述EAP Request的payload包括所述Subtype和所述Attribute Type的TLV字段。In another possible implementation manner, the first packet may be an EAP Request packet. In the embodiment of the present invention, the type of the new EAP packet is defined, and the EAP Request message includes a Subtype and an Attribute Type, where the Subtype is used to carry the first identifier, and the Attribute Type may carry the Two logos. For example, the Attribute Type may include a TLV field, where the TLV field is used to carry the identity of the user. The packet header of the EAP Request may include a method type (English name is Method Type) and the Subtype; and the payload of the EAP Request includes a TLV field of the Attribute Type. In another possible implementation, the EAP Request header includes a Method Type, and the EAP Request payload includes the Subtype and the TLV field of the Attribute Type.

S102，所述第一设备在所述第一报文包括所述第一标识时，根据所述第一报文获得第二报文，所述第二报文包括所述第一标识和所述第二标识。S102, the first device, when the first packet includes the first identifier, obtains a second packet according to the first packet, where the second packet includes the first identifier and the The second logo.

举例来说，当所述第一设备在确定所述第一报文包括第一标识时，所述第一设备根据所述第一报文获得符合所述第一设备与所述服务器的通信协议格式的第二报文。所述第二报文可以是RADIUS报文，也可以是计费认证(英文名称为Diameter)协议报文，或者是符合通信协议格式的报文，所述通信协议为第一设备和服务器间的通信协议。For example, when the first device determines that the first packet includes the first identifier, the first device obtains a communication protocol conforming to the first device and the server according to the first packet. The second message of the format. The second packet may be a RADIUS packet, or a packet authentication (English name is Diameter) protocol packet, or a packet conforming to a communication protocol format, and the communication protocol It is the communication protocol between the first device and the server.

举例来说，当所述第一报文是EAP报文时，比如EAP Response报文或EAP request报文，所述第二报文可以是RADIUS报文，所述RADIUS报文的Attribute Type包含一个TLV字段，所述TLV字段用于携带所述第一报文。For example, when the first packet is an EAP packet, such as an EAP Response packet or an EAP request packet, the second packet may be a RADIUS packet, and the Attribute Type of the RADIUS packet includes one. a TLV field, where the TLV field is used to carry the first packet.

S103，所述第一设备向服务器发送所述第二报文，所述服务器用于响应带宽调整请求。S103. The first device sends the second packet to a server, where the server is configured to respond to a bandwidth adjustment request.

举例来说，所述第一设备向服务器发送所述第二报文，其中，所述第二报文包括所述第二标识和所述第一标识。所述服务器在接收到所述第二报文后，将根据所述第二报文包含的所述第二标识，确定所述第二标识对应的用户是否具有带宽调整的权限。当所述服务器确定所述第二标识对应的用户具有带宽调整的权限时，所述服务器根据所述第一标识获得第一COA报文，所述第一COA报文包括所述第二标识，所述第一COA报文用于指示BRAS执行与所述第一标识对应的带宽调整；所述服务器向所述BRAS发送所述第一COA报文。所述第一COA报文用于通知所述BRAS执行与所述第一标识对应的带宽调整。For example, the first device sends the second packet to a server, where the second packet includes the second identifier and the first identifier. After receiving the second packet, the server determines, according to the second identifier included in the second packet, whether the user corresponding to the second identifier has the bandwidth adjustment authority. When the server determines that the user corresponding to the second identifier has the right to adjust the bandwidth, the server obtains the first COA packet according to the first identifier, where the first COA packet includes the second identifier, The first COA message is used to instruct the BRAS to perform bandwidth adjustment corresponding to the first identifier; the server sends the first COA message to the BRAS. The first COA message is used to notify the BRAS to perform bandwidth adjustment corresponding to the first identifier.

可选地，所述第一COA报文可包含所述第一标识或与所述第一标识对应的信息，以便所述BRAS能够根据第一COA报文执行与所述第一标识对应的带宽调整。Optionally, the first COA message may include the first identifier or information corresponding to the first identifier, so that the BRAS can perform bandwidth corresponding to the first identifier according to the first COA packet. Adjustment.

可选地，本发明实施例提供的方法还可以包括：所述第一设备接收所述服务器发送的第三报文，所述第三报文包括所述请求带宽调整的结果；所述第一设备根据所述第三报文获得第四报文，所述第四报文包括第三标识，所述第三标识用于标识所述请求带宽调整的结果；所述第一设备向所述第二设备发送所述第四报文。所述第四报文用于通知第二设备请求带宽调整的结果。Optionally, the method provided by the embodiment of the present invention may further include: the first device receives a third packet sent by the server, where the third packet includes a result of the request bandwidth adjustment; The device obtains a fourth packet according to the third packet, where the fourth packet includes a third identifier, where the third identifier is used to identify a result of the requested bandwidth adjustment; The second device sends the fourth packet. The fourth packet is used to notify the second device of the result of requesting bandwidth adjustment.

可选地，在本发明实施例中，所述第一设备还可以转发所述服务器与所述第二设备间的报文，即本发明实施例提供的方法还可以包括：Optionally, in the embodiment of the present invention, the first device may further forward the packet between the server and the second device, that is, the method provided by the embodiment of the present invention may further include:

所述第一设备接收所述服务器发送的包含认证矢量中的随机数(英文名称为random number，英文缩写为RAND)的第五报文，向所述第二设备发送包含所述随机数的第六报文；The first device receives a fifth packet that is sent by the server and includes a random number (English name is random number, English abbreviation is RAND) in the authentication vector, and sends the fifth packet to the second device. The sixth message of the random number;

所述第一设备接收所述第二设备发送的第七报文，所述第七报文包括根据所述随机数以及对应所述用户的身份标识的共享密钥进行运算得到的认证运算结果；Receiving, by the first device, a seventh packet that is sent by the second device, where the seventh packet includes an authentication operation result that is obtained according to the random number and a shared key corresponding to the identity identifier of the user;

所述第一设备向所述服务器发送包括所述认证运算结果的第八报文；Transmitting, by the first device, an eighth packet that includes the result of the authentication operation to the server;

所述第一设备接收所述服务器发送的第九报文；所述第九报文用于指示所述第一设备，已终止对所述第二标识对应的用户进行带宽调整；Receiving, by the first device, a ninth packet sent by the server, where the ninth packet is used to indicate that the first device has terminated bandwidth adjustment for a user corresponding to the second identifier;

所述第一设备向所述第二设备发送第十报文，所述第十报文包括第四标识，所述第四标识用于指示所述第二设备，已终止对所述第二标识对应的用户进行带宽调整。The first device sends a tenth packet to the second device, where the tenth packet includes a fourth identifier, where the fourth identifier is used to indicate that the second device has terminated the second identifier. The corresponding user performs bandwidth adjustment.

举例来说，所述认证矢量又可以称为鉴权矢量，可以包括随机数和认证令牌(英文名称为authentication token，英文缩写为AUTN)；所述认证矢量为根据对应所述用户的身份标识的共享密钥计算得到。所述认证矢量用于进行认证运算。具体认证实现可以参照图6对应的实施例的方法实现。For example, the authentication vector may be referred to as an authentication vector, and may include a random number and an authentication token (English name is an authentication token, abbreviated as AUTN in English); the authentication vector is an identity identifier corresponding to the user. The shared key is calculated. The authentication vector is used to perform an authentication operation. The specific authentication implementation can be implemented by referring to the method of the embodiment corresponding to FIG. 6.

在本发明实施例提供的按需分配带宽的方法中，第一设备接收请求带宽调整的第二设备发送的包含所述第一标识和第二标识的第一报文，所述第一设备根据所述第一报文获得包括所述所述第一标识和所述第二标识的第二报文，所述第一设备向服务器发送所述第二报文，以使得所述服务器在确认所述第二标识对应的用户具有带宽调整权限时对所述用户的带宽进行调整。这样，本发明实施例通过用户标识来确定第二设备是否有进行带宽调整的权限，使得用户设备的接入位置发生变化时，仍能够进行带宽调整，有助于简化带宽调整的操作。In the method for allocating bandwidth according to the embodiment of the present invention, the first device receives the first packet that is sent by the second device that requests the bandwidth adjustment, and includes the first identifier and the second identifier, where the first device is configured according to the first device. Obtaining, by the first packet, the second packet that includes the first identifier and the second identifier, where the first device sends the second packet to a server, so that the server is in the confirmation The bandwidth of the user is adjusted when the user corresponding to the second identifier has the bandwidth adjustment authority. In this way, the embodiment of the present invention determines whether the second device has the right to perform bandwidth adjustment by using the user identifier, so that when the access location of the user equipment changes, the bandwidth adjustment can still be performed, which helps simplify the operation of bandwidth adjustment.

图2所示的方法是从服务器的角度对按需分配带宽的方法进行说明。图2对应的实施例中的第一设备和第二设备的含义与图1对应的实施例中的内容相同，在图2对应的实施例中不再赘述。参见图2，图2示出了本发明实施例一种按需分配带宽的方法的流程示意图，可包括以下步骤：The method shown in Figure 2 illustrates the method of allocating bandwidth on demand from the perspective of the server. The meanings of the first device and the second device in the corresponding embodiment of FIG. 2 are the same as those in the embodiment corresponding to FIG. 1 , and details are not described in the corresponding embodiment of FIG. 2 . Referring to FIG. 2, FIG. 2 is a schematic flowchart diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention, which may include the following steps:

S201，所述服务器接收第一设备发送的第一报文，所述第一报文包含第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识第二设备对应的用户，所述第二设备为请求带宽调整的设备。S201. The server receives a first packet sent by a first device, where the first packet includes a first packet. An identifier is used to identify a type of bandwidth adjustment request, the second identifier is used to identify a user corresponding to the second device, and the second device is a device that requests bandwidth adjustment.

举例来说，所述服务器可以是策略服务器、具有策略调整功能或者带宽调整功能的AAA服务器或集成了策略服务器功能的AAA服务器，即所述服务器能够向BRAS发送策略变更报文。当然，也不排除所述服务器自身即具有执行带宽调整策略的功能，能够根据所述第一报文执行与所述第一标识对应的带宽调整。所述第一报文包括的所述第一标识用于标识请求带宽调整的类型，所述请求带宽调整的类型可以包括提高带宽、终止提高带宽、降低带宽或终止降低带宽。For example, the server may be a policy server, an AAA server with a policy adjustment function or a bandwidth adjustment function, or an AAA server integrated with a policy server function, that is, the server can send a policy change message to the BRAS. Of course, it is not excluded that the server itself has the function of performing a bandwidth adjustment policy, and the bandwidth adjustment corresponding to the first identifier can be performed according to the first packet. The first identifier included in the first packet is used to identify a type of request bandwidth adjustment, and the type of the request bandwidth adjustment may include increasing bandwidth, terminating increasing bandwidth, reducing bandwidth, or terminating reducing bandwidth.

举例来说，图2对应的实施例中的第一报文具体可以是图1对应的实施例中的第二报文，在此不再对所述第一报文进行赘述。图2对应的实施例中的第一报文为符合所述第一设备与所述服务器的通信协议格式的报文。其中，所述第一报文可以是RADIUS报文，也可以是Diameter报文。For example, the first packet in the embodiment corresponding to FIG. 2 may specifically be the second packet in the embodiment corresponding to FIG. 1, and the first packet is not described herein again. The first packet in the corresponding embodiment of FIG. 2 is a packet conforming to a communication protocol format of the first device and the server. The first packet may be a RADIUS packet or a Diameter packet.

S202，所述服务器根据所述第二标识判断所述用户是否具有带宽调整的权限。S202. The server determines, according to the second identifier, whether the user has the right to adjust bandwidth.

举例来说，在所述服务器中保存了第二标识与用户的权限的对应关系，所述服务器根据所述第二标识即可确定所述用户是否具有请求带宽调整的权限。不同于需要根据用户的固定接入位置调整带宽的方式，本发明实施例中根据报文中携带的第二标识确定所述第二标识对应的用户是否具有请求带宽调整的权限，从而使得用户设备在接入位置移动时，仍能够通过请求报文中携带的第二标识确定其带宽调整权限，实现对用户设备的带宽调整。所述第二标识例如可以是用户的身份标识。For example, a correspondence between the second identifier and the user's authority is saved in the server, and the server may determine, according to the second identifier, whether the user has the right to request bandwidth adjustment. Different from the method of adjusting the bandwidth according to the fixed access location of the user, in the embodiment of the present invention, the second identifier that is carried in the packet determines whether the user corresponding to the second identifier has the right to request bandwidth adjustment, so that the user equipment When the access location is moved, the bandwidth adjustment authority can be determined by using the second identifier carried in the request packet to implement bandwidth adjustment on the user equipment. The second identifier may be, for example, an identity of the user.

S203，当所述服务器确定所述用户具有带宽调整的权限时，所述服务器根据所述第一标识，获得第一COA报文，所述第一COA报文包括所述第二标识，所述第一COA报文用于指示BRAS执行与所述第一标识对应的带宽调整。S203, when the server determines that the user has the right to adjust the bandwidth, the server obtains a first COA message according to the first identifier, where the first COA message includes the second identifier, The first COA message is used to instruct the BRAS to perform bandwidth adjustment corresponding to the first identifier.

S204，所述服务器向所述BRAS发送所述第一COA报文。S204. The server sends the first COA message to the BRAS.

举例来说，所述服务器向所述BRAS发送第一COA报文，用于指示BRAS 执行与所述第一标识对应的带宽调整。所述服务器通知BRAS进行策略变更以对所述第二标识对应的用户进行带宽调整，带宽调整的类型与所述第一标识所标识的请求带宽调整的类型相对应。For example, the server sends a first COA message to the BRAS for indicating the BRAS Performing bandwidth adjustment corresponding to the first identifier. The server notifies the BRAS to perform a policy change to perform bandwidth adjustment on the user corresponding to the second identifier, and the type of the bandwidth adjustment corresponds to the type of the requested bandwidth adjustment identified by the first identifier.

可选地，本发明实施例提供的方法还包括：所述服务器接收所述BRAS发送的第一COA响应报文，所述第一COA响应报文包括带宽调整的结果；根据所述第一COA响应报文获得第三报文；向所述第一设备发送所述第三报文；其中，所述第三报文包括所述带宽调整的结果。具体实现时，BRAS在对所述第二标识对应的用户进行与第一标识对应的带宽调整成功后，向所述服务器返回第一COA响应报文，在所述第一COA响应报文携带所述带宽调整的结果。所述服务器构造第三报文，向所述第一设备发送所述第三报文，用于通知其带宽调整的结果。Optionally, the method provided by the embodiment of the present invention further includes: the server receiving a first COA response message sent by the BRAS, where the first COA response message includes a result of bandwidth adjustment; according to the first COA Receiving, by the response packet, a third packet; sending the third packet to the first device; wherein the third packet includes a result of the bandwidth adjustment. In a specific implementation, the BRAS returns a first COA response message to the server after the bandwidth adjustment corresponding to the first identifier is successfully performed on the user corresponding to the second identifier, where the first COA response message carries the The result of the bandwidth adjustment. The server constructs a third packet, and sends the third packet to the first device, to notify the result of the bandwidth adjustment.

可选地，本发明实施例提供的方法还可以包括：所述服务器向所述第二设备发送第二报文，所述第二报文包含认证矢量中的随机数；当所述服务器确定未收到所述第二设备发送的与所述第二报文对应的响应报文，或者所述服务器根据收到的所述第二报文对应的响应报文确定认证失败时，向所述BRAS发送第二COA报文，所述第二COA报文包括所述第二标识，所述第二COA报文用于指示所述BRAS停止执行与所述第一标识对应的带宽调整；在所述服务器接收到所述BRAS发送的第二COA响应报文后，向所述第一设备发送第四报文；其中，所述第四报文用于指示所述第一设备，已停止执行与所述第一标识对应的带宽调整。具体实现可以参照图6对应的实施例的方法实现。Optionally, the method provided by the embodiment of the present invention may further include: the server sending a second packet to the second device, where the second packet includes a random number in an authentication vector; when the server determines not Receiving, by the second device, a response message corresponding to the second packet, or the server determining, according to the received response message corresponding to the second packet, that the authentication fails, to the BRAS Sending a second COA message, where the second COA message includes the second identifier, where the second COA message is used to instruct the BRAS to stop performing bandwidth adjustment corresponding to the first identifier; After receiving the second COA response message sent by the BRAS, the server sends a fourth message to the first device, where the fourth message is used to indicate that the first device has stopped executing The bandwidth adjustment corresponding to the first identifier is described. The specific implementation can be implemented by referring to the method of the embodiment corresponding to FIG. 6.

可选地，S202之后，本发明实施例提供的方法还可以包括：当所述服务器确定所述用户不具有带宽调整的权限时，所述服务器可向请求带宽调整的设备发送第五报文，所述第五报文可携带带宽调整的结果，所述带宽调整的结果可以是带宽调整失败。举例来说，所述服务器可通过所述第一设备，向所述第二设备发送所述第五报文；所述第一设备可以是对所述第二设备进行认证的设备，所述第二设备可以是请求带宽调整的设备。Optionally, after the step S202, the method provided by the embodiment of the present invention may further include: when the server determines that the user does not have the right to adjust the bandwidth, the server may send the fifth packet to the device that requests the bandwidth adjustment, The fifth packet may carry a result of bandwidth adjustment, and the result of the bandwidth adjustment may be a bandwidth adjustment failure. For example, the server may send the fifth packet to the second device by using the first device, where the first device may be a device that authenticates the second device, where the The second device can be a device that requests bandwidth adjustment.

在本发明实施例提供的按需分配带宽的方法中，所述服务器根据接收的一设备发送的第一报文中的第二标识，判断所述第二标识对应的用户是否具有带宽调整权限。当所述服务器确定所述用户具有带宽调整权限时，根据所述第一标识所标识的请求带宽调整的类型，对所述用户的带宽进行调整。本发明实施例通过第二标识的来确定第二设备对应的用户是否有进行带宽调整的权限，而不是通过用户的接入位置确定是否对带宽进行调整，使得用户设备的接入位置发生变化时，仍能够进行带宽调整。In the method for allocating bandwidth on demand according to an embodiment of the present invention, the server is received according to A second identifier in the first packet sent by the device determines whether the user corresponding to the second identifier has bandwidth adjustment authority. When the server determines that the user has the bandwidth adjustment authority, the bandwidth of the user is adjusted according to the type of the requested bandwidth adjustment identified by the first identifier. The embodiment of the present invention determines, by using the second identifier, whether the user corresponding to the second device has the right to perform bandwidth adjustment, instead of determining whether the bandwidth is adjusted by using the access location of the user, so that the access location of the user equipment changes. , still able to make bandwidth adjustments.

图3对应的实施例是从请求带宽调整的设备的角度对按需分配带宽的方法进行说明。在图3对应的实施例中，请求带宽调整的设备为第一设备，能够与第一设备和服务器进行通信的设备为第二设备，服务器可用于响应带宽调整请求。参见图3，图3示出了本发明实施例一种按需分配带宽的方法的流程示意图，可包括以下步骤：The corresponding embodiment of FIG. 3 illustrates a method of allocating bandwidth on demand from the perspective of a device requesting bandwidth adjustment. In the embodiment corresponding to FIG. 3, the device that requests bandwidth adjustment is the first device, and the device that can communicate with the first device and the server is the second device, and the server is configured to respond to the bandwidth adjustment request. Referring to FIG. 3, FIG. 3 is a schematic flowchart diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention, which may include the following steps:

S301，所述第一设备获得第一报文，所述第一设备为请求带宽调整的设备，所述第一报文包括所第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识所述第一设备对应的用户。S301: The first device obtains a first packet, where the first device is a device that requests bandwidth adjustment, where the first packet includes the first identifier and the second identifier, where the first identifier is used to identify the request. A type of bandwidth adjustment, where the second identifier is used to identify a user corresponding to the first device.

图3对应的实施例中的第一设备可以是图1对应的实施例中的第二设备，图3对应的实施例中的第二设备可以是图1对应的实施例中的第一设备，图3对应的实施例中的服务器可以是图1对应的实施例中的服务器，在此不再对图3对应的实施例中的第一设备、第二设备和服务器进行说明。The first device in the corresponding embodiment of FIG. 3 may be the second device in the embodiment corresponding to FIG. 1, and the second device in the corresponding embodiment of FIG. 3 may be the first device in the embodiment corresponding to FIG. The server in the corresponding embodiment of FIG. 3 may be the server in the embodiment corresponding to FIG. 1, and the first device, the second device, and the server in the embodiment corresponding to FIG. 3 are not described herein.

可选地，所述第一设备获得第一报文之前，所述方法还包括：所述第一设备接收所述第二设备发送的EAP Request报文，所述EAP Request报文用于向所述第一设备请求所述第一设备对应的用户的标识。所述第一设备获得第一报文包括：所述第一设备接收到所述EAP Request报文后，获得EAP Response报文，所述EAP Response报文包括所述第一标识和所述第二标识。在这种实现方式中，所述第一设备在接收到第二设备发送的EAP Request报文后，通过向第二设备发送包括所述第二标识和第一标识的EAP Response报文，向服务器请求带宽调整。其中，所述第一设备可以在与所述第二设备进行认证交互且确定认证通过后，向所述第二设备发送可扩展身份认证协议初始化(英文名称为EAP Start)报文，以触发所述第二设备发送EAP Request报文。或者，所述第一设备可在与所述第二设备的认证交互过程中，发送所述第一报文。例如，所述第一设备向所述第二设备发送EAP Start报文开始认证过程，在接收到所述第二设备的EAP Request报文后，向所述第二设备发送包括所述第二标识和第一标识的EAP Response报文。Optionally, before the first device obtains the first packet, the method further includes: the first device receiving an EAP Request message sent by the second device, where the EAP Request message is used by the device The first device requests the identifier of the user corresponding to the first device. The obtaining, by the first device, the first packet includes: after receiving the EAP Request packet, the first device obtains an EAP Response packet, where the EAP Response packet includes the first identifier and the second Logo. In this implementation manner, after receiving the EAP Request message sent by the second device, the first device sends an EAP Response packet including the second identifier and the first identifier to the second device, to the server. Request bandwidth adjustment. The first device may send an extensible identity authentication protocol initialization to the second device after performing authentication interaction with the second device and determining that the authentication is passed. The EAP Start packet is sent to trigger the second device to send an EAP Request message. Alternatively, the first device may send the first packet during an authentication interaction with the second device. For example, the first device sends an EAP Start message to the second device to start the authentication process, and after receiving the EAP Request message of the second device, sends the second identifier to the second device. And the first identified EAP Response message.

可选地，所述第一设备获得第一报文之前，所述方法还包括：所述第一设备接收所述第二设备发送的第二报文，所述第二报文用于指示所述第一设备通过所述第二设备的认证。所述第一设备获得第一报文包括：在所述第一设备接收到所述第二报文后，获得第一报文。在这一种实现方式中，所述第一设备与第二设备进行认证且所述第一设备通过认证后，所述第一设备获得第一报文。当然，也可以是第一设备与另一设备进行认证且所述第一设备通过认证后，所述第一设备获得第一报文。Optionally, before the first device obtains the first packet, the method further includes: the first device receiving the second packet sent by the second device, where the second packet is used to indicate the location The first device is authenticated by the second device. The obtaining, by the first device, the first packet includes: after the first device receives the second packet, obtaining the first packet. In this implementation, after the first device and the second device perform authentication, and the first device passes the authentication, the first device obtains the first packet. Of course, after the first device is authenticated with another device and the first device passes the authentication, the first device obtains the first packet.

S302，所述第一设备向第二设备发送所述第一报文。S302. The first device sends the first packet to a second device.

举例来说，所述第一报文包括的所述第一标识用于标识请求带宽调整的类型，所述请求带宽调整的类型可以包括提高带宽、终止提高带宽、降低带宽或终止降低带宽。图3对应的实施例中的第一报文与图1对应的实施例中的第一报文相同，在此不再赘述。For example, the first identifier included in the first packet is used to identify a type of request bandwidth adjustment, and the type of request bandwidth adjustment may include increasing bandwidth, terminating increasing bandwidth, reducing bandwidth, or terminating reducing bandwidth. The first packet in the embodiment corresponding to FIG. 3 is the same as the first packet in the embodiment corresponding to FIG. 1, and details are not described herein again.

可选地，本发明实施例提供的方法还包括：所述第一设备接收来自服务器的第三报文，所述第三报文包括认证矢量中的随机数，所述服务器为对所第一设备进行认证的设备；所述第一设备根据所述认证矢量中的随机数以及对应所述第二标识的共享密钥，进行运算得到认证运算结果，向所述服务器发送包含第四报文，所述第四报文包括所述认证运算结果；所述第一设备接收所述第二设备发送的第五报文，所述第五报文包括第三标识，所述第三标识用于指示所述第二设备，已终止对所述用户的身份标识对应的用户进行带宽调整。具体实现可以参照图6对应的实施例的方法实现。Optionally, the method provided by the embodiment of the present invention further includes: the first device receives a third packet from a server, where the third packet includes a random number in an authentication vector, and the server is the first one. The device performs authentication according to the random number in the authentication vector and the shared key corresponding to the second identifier, and obtains an authentication operation result, and sends a fourth packet to the server, The fourth packet includes the result of the authentication operation; the first device receives a fifth packet sent by the second device, and the fifth packet includes a third identifier, where the third identifier is used to indicate The second device has terminated bandwidth adjustment for the user corresponding to the identity of the user. The specific implementation can be implemented by referring to the method of the embodiment corresponding to FIG. 6.

可选地，本发明实施例提供的方法还包括：所述第一设备接收所述第二设备发送的第六报文，所述第六报文包括第四标识，所述第四标识用于标识请求带宽调整的结果。Optionally, the method provided by the embodiment of the present invention further includes: the first device receives a sixth packet sent by the second device, where the sixth packet includes a fourth identifier, where the fourth identifier is used to Identification The result of requesting bandwidth adjustment.

在本发明实施例提供的按需分配带宽的方法中，所述第一设备在需要进行带宽调整时，获得包含第一标识和第二标识的第一报文，所述第一标识用于标识所述请求带宽调整的类型，所述第二标识用于标识所述第一设备对应的用户；所述第一设备向第二设备发送所述第一报文。第二设备可将接收到的第一报文中的第一标识和第二标识转发至服务器，由所述服务器在确认所述第二标识对应的用户具有带宽调整权限时对所述用户的带宽进行调整。本发明实施例通过第二标识的来确定第二设备对应的用户是否有进行带宽调整的权限，而不是通过用户的接入位置确定是否对带宽进行调整，使得用户设备的接入位置发生变化时，仍能够进行带宽调整。In the method for allocating bandwidth according to the embodiment of the present invention, the first device obtains a first packet that includes a first identifier and a second identifier, where the first identifier is used to identify The requesting bandwidth adjustment type, the second identifier is used to identify a user corresponding to the first device, and the first device sends the first packet to a second device. The second device may forward the first identifier and the second identifier in the received first packet to the server, where the bandwidth is used by the server when confirming that the user corresponding to the second identifier has bandwidth adjustment authority Make adjustments. The embodiment of the present invention determines, by using the second identifier, whether the user corresponding to the second device has the right to perform bandwidth adjustment, instead of determining whether the bandwidth is adjusted by using the access location of the user, so that the access location of the user equipment changes. , still able to make bandwidth adjustments.

下面结合图4至图9对本发明实施例提供的按需分配带宽的方法进行详细地介绍。下面以请求带宽调整的设备为用户设备，服务器为AAA服务器，第二标识为用户的身份标识为例进行介绍，以下仅为示例性说明，不视为对本发明的限制。The method for allocating bandwidth on demand according to the embodiment of the present invention is described in detail below with reference to FIG. 4 to FIG. The following is a description of the device that requests the bandwidth adjustment as the user equipment, the server is the AAA server, and the second identifier is the identity of the user. The following is merely an illustrative description and is not to be construed as limiting the present invention.

其中，图5至图8所示的方法可以应用到图4所示的应用场景中。其中，请求带宽调整的设备为用户设备，所述用户设备通过RG与BRAS通信连接，BRAS可以与AAA服务器连接，所述AAA服务器可以集成策略变更功能，用于向BRAS发送COA报文，以便所述BRAS执行带宽调整。若AAA服务器不具备策略服务器的功能，AAA服务器还需要将接收到的第一标识和第二标识发送值策略服务器。图5和图8以集成策略变更功能的AAA服务器为例进行说明。图4所示的用户设备可以是包含SIM或USIM的设备，或者是携带有身份标识的设备。下面可以介绍用户设备的几种可能的实现方式，以下仅为示例性介绍，不视为对本发明实施例限制。The methods shown in FIG. 5 to FIG. 8 can be applied to the application scenario shown in FIG. 4. The device that requests the bandwidth adjustment is a user equipment, and the user equipment is connected to the BRAS through the RG, and the BRAS can be connected to the AAA server. The AAA server can integrate the policy change function, and is used to send the COA message to the BRAS. The BRAS performs bandwidth adjustment. If the AAA server does not have the function of the policy server, the AAA server also needs to send the received first identifier and the second identifier to the value policy server. FIG. 5 and FIG. 8 illustrate an AAA server with an integrated policy change function as an example. The user equipment shown in FIG. 4 may be a device including a SIM or a USIM, or a device carrying an identity. The following is a description of several possible implementations of the user equipment. The following is merely an exemplary description and is not to be construed as limiting the embodiments of the present invention.

(1)用户设备可以是一个带SIM模块的电视棒，所述电视棒包含了SIM卡槽，USB和高清晰度多媒体接口(英文全称为High Definition Multimedia Interface，英文缩写为HDMI)。或者所述电视棒包含了SIM卡槽、USB和移动终端高清影音标准接口(英文全称为Mobile High-Definition Link，英文简称为MHL)连接线。所述电视棒可使用Android***。所述电视棒还可包含通信模块，所述通信模块例如可以是WiFi模块。可选地，所述电视棒可以具备遥控器的功能。(1) The user equipment can be a TV stick with a SIM module, and the TV stick includes a SIM card slot, a USB and a high-definition multimedia interface (English name is High Definition Multimedia Interface, English abbreviation HDMI). Or the TV stick includes a SIM card slot, a USB and a mobile terminal high-definition video and audio standard interface (English full name is Mobile High-Definition Link, English abbreviation For the MHL) cable. The TV stick can use an Android system. The television stick may also include a communication module, which may be, for example, a WiFi module. Alternatively, the television stick may have the function of a remote controller.

(2)用户设备可以是一个带SIM模块的具有USB接口的便携设备，包括SIM卡槽和USB接口。该具有USB接口的便携设备使用Android***。该具有USB接口的便携设备还可包含通信模块，所述通信模块例如可以是WiFi模块。该具有USB接口的便携设备可以独立工作，也可以不独立工作，而是***到支持相关驱动的设备中。(2) The user equipment can be a portable device with a SIM interface and a USB interface, including a SIM card slot and a USB interface. The portable device with a USB interface uses an Android system. The portable device with a USB interface may also include a communication module, which may be, for example, a WiFi module. The portable device with a USB interface can work independently or not, but is inserted into a device that supports the relevant driver.

(3)用户设备可以是一个带SIM模块的具有USB接口的便携设备，它包含了SIM卡槽和USB接口。具有USB接口的便携设备可***到支持相关的驱动的设备中，如各种电视盒子。具有USB接口的便携设备没有Android***，不具备独立工作的能力。(3) The user equipment can be a portable device with a SIM interface and a USB interface, which includes a SIM card slot and a USB interface. Portable devices with a USB interface can be plugged into devices that support related drivers, such as various TV boxes. Portable devices with a USB interface do not have an Android system and do not have the ability to work independently.

(4)用户设备可以是一个SIM卡，配合一个支持相关的驱动、包含了SIM卡槽的设备，例如被扩展了支持SIM卡插槽的电视盒子。(4) The user equipment can be a SIM card, with a device supporting the related driver, including the SIM card slot, for example, a TV box that supports the SIM card slot.

参见图5，为本发明实施例一种按需分配带宽的方法的信令图。FIG. 5 is a signaling diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention.

其中，请求带宽调整的设备具体为用户设备，接收所述用户设备的请求报文的设备为无线局域网络(英文全称为Wireless Local Area Networks，英文缩写为WLAN)中的802.1X认证设备。本发明实施例中以802.1X作为电气和电子工程师学会(英文全称为Institute of Electrical and Electronics Engineers，英文缩写为IEEE)802.1X的简称。所述WLAN网络中的802.1X认证设备可以是RG设备，还可以是BRAS。在这一实施例中，用户设备在向认证设备发送认证请求认证通过后，则向认证设备发送EAP Request，以请求带宽调整。其中，EAP Request为新定义的报文格式。图5对应的实施例由用户设备主动发送EAP Request报文，有助于节省信令交互、***和网络资源。The device that requests bandwidth adjustment is specifically a user equipment, and the device that receives the request message of the user equipment is an 802.1X authentication device in a wireless local area network (English name is Wireless Local Area Networks, abbreviated as WLAN). In the embodiment of the present invention, 802.1X is used as an abbreviation of 802.1X, Institute of Electrical and Electronics Engineers (English abbreviation for IEEE). The 802.1X authentication device in the WLAN network may be an RG device or a BRAS. In this embodiment, after the user equipment sends an authentication request to the authentication device, the user equipment sends an EAP Request to the authentication device to request bandwidth adjustment. The EAP Request is a newly defined packet format. The corresponding embodiment of FIG. 5 actively sends an EAP Request message by the user equipment, which helps save signaling interaction, system and network resources.

S501，所述用户设备向WLAN网络中的802.1X认证设备发送可扩展身份验证协议请求(英文名称为EAP Request)，所述EAP Request携带第一标识和用户的身份标识。 S501: The user equipment sends an extensible authentication protocol request (English name is EAP Request) to the 802.1X authentication device in the WLAN network, where the EAP Request carries the first identifier and the identity of the user.

举例来说，所述WLAN网络中的802.1X认证设备可以是RG，还可以是BRAS或者其他认证设备。For example, the 802.1X authentication device in the WLAN network may be an RG, or may be a BRAS or other authentication device.

举例来说，所述EAP Request报文的Subtype为BOD Request。用户的身份标识可以是国际移动用户识别码(英文全称为International Mobile Subscriber Identification Number，英文缩写为IMSI)。所述第一标识用于标识请求带宽调整的类型，例如提高带宽。所述EAP Request报文包括子类型Subtype和属性类型Attribute Type，所述Subtype用于携带所述第一标识，所述Attribute Type至少包含一个TLV字段，所述TLV字段用于携带所述用户的身份标识。For example, the Subtype of the EAP Request message is a BOD Request. The user's identity can be an international mobile subscriber identity (English full name is International Mobile Subscriber Identification Number, English abbreviation is IMSI). The first identifier is used to identify a type of request bandwidth adjustment, such as increasing bandwidth. The EAP Request message includes a subtype Subtype and an attribute type Attribute Type, where the Subtype is used to carry the first identifier, and the Attribute Type includes at least one TLV field, where the TLV field is used to carry the identity of the user. Logo.

举例来说，在本发明实施例中，定义了新的EAP报文格式，所述EAP报文可以包括EAP Request报文、EAP Response报文和EAP Success报文。所述EAP报文的Method Type可用于标识EAP采用的认证方法，例如可以是Method Type＝100，具体实现时Method Type的数值可以是其他数值，在此不限定。所述EAP报文的Subtype用于表示该方法中的不同消息类型，例如：For example, in the embodiment of the present invention, a new EAP packet format is defined, and the EAP packet may include an EAP Request message, an EAP Response message, and an EAP Success message. The method type of the EAP packet may be used to identify the authentication method used by the EAP. For example, the method may be a Method Type=100. The value of the Method Type may be other values, which is not limited herein. The Subtype of the EAP message is used to indicate different message types in the method, for example:

Subtype＝1，用于表示BOD Request；Subtype=1, used to indicate BOD Request;

Subtype＝2，用于表示BOD Response；Subtype=2, used to indicate BOD Response;

Subtype＝3，用于表示EndBOD Request；Subtype=3, used to indicate EndBOD Request;

Subtype＝4，用于表示EndBOD Response。Subtype=4, used to represent EndBOD Response.

本发明实施例具体实现时，可以利用所述Subtype携带用于标识请求带宽调整类型的第一标识，例如携带的第一标识的取值为1的报文为BOD Request报文，携带的第一标识的取值为2的报文为BOD Response报文，携带的第一标识的取值为3的报文为EndBOD Request，携带的第一标识的取值为4的报文为EndBOD Response报文。When the embodiment of the present invention is implemented, the Subtype may be configured to carry the first identifier for identifying the type of the bandwidth to be requested. For example, the packet with the first identifier of the first identifier is a BOD Request packet, and the first packet is carried. The packet whose value is 2 is the BOD Response packet. The packet with the value of 3 in the first identifier is the EndBOD Request. The packet with the value of 4 in the first identifier is the EndBOD Response packet. .

所述EAP报文的Attribute Type可以包含一个TLV字段，所述TLV字段用于携带所述用户的身份标识。当然，所述Attribute Type还可以包括多个TLV字段，其中一个TLV字段还用于指示请求带宽调整的类型。例如：The Attribute Type of the EAP packet may include a TLV field, where the TLV field is used to carry the identity of the user. Of course, the Attribute Type may further include multiple TLV fields, where one TLV field is also used to indicate the type of bandwidth adjustment requested. E.g:

(1)Attribute Type＝1，value可以为0，用于表示请求提高带宽。(1) Attribute Type=1, value can be 0, used to indicate that the request increases bandwidth.

(2)Attribute Type＝2，value可以为0，用于表示请求提高带宽成功。 (2) Attribute Type = 2, value can be 0, used to indicate that the request to increase bandwidth success.

(3)Attribute Type＝3，value可以为0，用于表示请求终止提高带宽。(3) Attribute Type = 3, value can be 0, used to indicate that the request terminates to increase the bandwidth.

(4)Attribute Type＝4，value可以为0，用于表示终止提高带宽成功；当value＝1时，表示异常终止提高带宽成功。(4) Attribute Type=4, value can be 0, which is used to indicate that the termination of bandwidth improvement is successful; when value=1, it means abnormal termination to improve bandwidth success.

(5)Attribute Type＝5，value可以为用户的身份标识。(5) Attribute Type=5, value can be the identity of the user.

参见图16，为本发明实施例提供的EAP Request报文的一种实现方式示意图。所述EAP Request报文可以包括代码值(英文为Code)，标识符(英文为Identifier)，长度(英文为Length)，类型(英文为Type)，Subtype，保留(英文为Reserved)，Attribute Type，Length，值(英文为Value)等字段。其中，Type可以取值100，用于标识EAP采用的认证方法，即Type可以是Method Type。FIG. 16 is a schematic diagram of an implementation manner of an EAP Request message according to an embodiment of the present invention. The EAP Request message may include a code value (Code in English), an identifier (Identifier in English), a length (Length in English), a type (English type), a Subtype, a reserved (English is Reserved), an Attribute Type, Length, value (English is Value) and other fields. The value of the Type can be 100, which is used to identify the authentication method used by the EAP. That is, the Type can be a Method Type.

举例予以说明，在用于请求提高带宽的EAP Request报文中，Method Type＝100，Subtype＝1，包含一个Attribute Type＝5的TLV以及一个Attribute Type＝1的TLV。其中，所述Attribute Type＝5的TLV的value为用户的身份标识，例如IMSI。所述Attribute Type＝1的TLV是可选地。For example, in an EAP Request message for requesting bandwidth increase, Method Type=100, Subtype=1, including a TLV of Attribute Type=5 and a TLV of Attribute Type=1. The value of the TLV of the Attribute Type=5 is an identity of the user, such as an IMSI. The TLV of Attribute Type=1 is optional.

又如，在用于请求终止提高带宽的EAP Request报文中，Method Type＝100，Subtype＝3，包含一个Attribute Type＝5的TLV以及一个Attribute Type＝3的TLV。其中，所述Attribute Type＝5的TLV的value为用户的身份标识，例如IMSI。所述Attribute Type＝1的TLV是可选地。For example, in the EAP Request message for requesting termination of the increased bandwidth, Method Type=100, Subtype=3, including a TLV of Attribute Type=5 and a TLV of Attribute Type=3. The value of the TLV of the Attribute Type=5 is an identity of the user, such as an IMSI. The TLV of Attribute Type=1 is optional.

具体实现时，Method Type、Subtype以及Attribute Type均可以根据需要设置。In the specific implementation, the Method Type, Subtype, and Attribute Type can be set as needed.

S502，所述WLAN网络中的802.1X认证设备向所述AAA服务器发送远程用户拨号认证***访问请求(英文名称为Radius Access Request)报文。S502: The 802.1X authentication device in the WLAN network sends a remote user dialing authentication system access request (English name is a Radius Access Request) message to the AAA server.

所述WLAN网络中的802.1X认证设备在接收到所述用户设备发送的EAP Request报文后，对所述EAP Request报文进行解析，在解析到其Method Type和Subtype后，则按照预置的处理逻辑对所述报文进行封装转换处理。其中，所述Radius Access Request报文中携带封装的EAP Request报文，所述Radius Access Request报文的Attribute Type可以包含一个TLV字段，所述TLV字段用于携带封装后的所述EAP Request报文。After receiving the EAP Request message sent by the user equipment, the 802.1X authentication device in the WLAN network parses the EAP Request message, and after parsing the Method Type and Subtype, according to the preset The processing logic performs a package conversion process on the message. The RADIUS Type of the Radius Access Request packet may include a TLV field, and the TLV field is used by the Radius Access Request packet. The carrying the encapsulated EAP Request message.

S503，所述AAA服务器向所述BRAS发送远程用户拨号认证***策略变更请求(英文名称为Radius COA Request)报文。S503. The AAA server sends a remote user dialing authentication system policy change request (English name is a Radius COA Request) message to the BRAS.

举例来说，所述AAA服务器接收所述Radius Access Request报文，根据所述Radius Access Request报文中携带的用户的身份标识确定对应所述用户是否具有带宽调整权限，如果有，则向所述BRAS发送远程用户拨号认证***策略变更请求(英文名称为Radius COA Request)报文，所述Radius COA Request报文可携带计费会话标识(英文名称为Accouting Session ID)以及带宽调整策略。所述计费会话标识与所述第二标识对应，所述带宽调整策略与第一标识所标识的请求带宽调整的类型相对应。For example, the AAA server receives the Radius Access Request message, and determines, according to the identity of the user carried in the Radius Access Request message, whether the user has bandwidth adjustment authority, and if so, to the The BRAS sends a remote user dial-up authentication system policy change request (English name is a Radius COA Request) message, and the Radius COA Request message can carry a charging session identifier (English name is Accouting Session ID) and a bandwidth adjustment policy. The charging session identifier corresponds to the second identifier, and the bandwidth adjustment policy corresponds to a type of request bandwidth adjustment identified by the first identifier.

S504，所述BRAS执行所述Radius COA Request报文携带的带宽调整策略。S504: The BRAS performs a bandwidth adjustment policy carried by the Radius COA Request message.

举例来说，所述BRAS可根据所述Radius COA Request报文中携带的计费会话标识和带宽调整策略，更新ACL中与计费会话标识对应的表项。For example, the BRAS may update the entry corresponding to the charging session identifier in the ACL according to the charging session identifier and the bandwidth adjustment policy carried in the Radius COA Request message.

S505，所述BRAS向所述AAA服务器发送远程用户拨号认证***策略变更确认(英文名称为Radius COA ACK)报文。S505. The BRAS sends a remote user dialing authentication system policy change confirmation (English name is a Radius COA ACK) message to the AAA server.

S506，所述AAA服务器向所述WLAN网络中的802.1X认证设备发送远程用户拨号认证***访问接受(英文名称为Radius Access Accept)报文。S506. The AAA server sends a remote user dialing authentication system access acceptance (English name: Radius Access Accept) message to the 802.1X authentication device in the WLAN network.

举例来说，所述AAA服务器接收到所述Radius COA ACK报文后，向所述WLAN网络中的802.1X认证设备发送远程用户拨号认证***访问接受(英文名称为Radius Access Accept)报文，所述Radius Access Accept报文携带封装的EAP报文。For example, after receiving the Radius COA ACK message, the AAA server sends a remote user dialing authentication system access acceptance (English name: Radius Access Accept) message to the 802.1X authentication device in the WLAN network. The Radius Access Accept message carries the encapsulated EAP packet.

举例来说，所述AAA服务器可根据所述Radius COA ACK报文，生成用以响应调整带宽请求的EAP报文，将用以响应调整带宽请求的EAP报文封装在Radius报文中。所述Radius Access Accept报文携带请求带宽调整的结果，例如调整成功。For example, the AAA server may generate an EAP message in response to the adjustment of the bandwidth request according to the Radius COA ACK message, and encapsulate the EAP message in response to the adjustment of the bandwidth request in the Radius message. The Radius Access Accept message carries the result of requesting bandwidth adjustment, for example, the adjustment is successful.

S507，所述WLAN网络中的802.1X认证设备向所述用户设备发送可扩展身份验证协议响应(英文名称为EAP Response)报文。 S507. The 802.1X authentication device in the WLAN network sends an extensible identity verification protocol response (English name is an EAP Response) message to the user equipment.

举例来说，所述EAP Response报文携带第二标识，所述第二标识用于标识请求带宽调整的结果。所述EAP Response报文的Subtype可以为2，即所述EAP Response报文属于BOD Response报文。For example, the EAP Response packet carries a second identifier, and the second identifier is used to identify a result of requesting bandwidth adjustment. The Subtype of the EAP Response packet may be 2, that is, the EAP Response packet belongs to the BOD Response packet.

本发明实施例中，所述用户设备向所述认证设备发送的EAP Request报文中包含的第一标识用于标识带宽调整的类型为终止提高带宽，则所述EAP Request报文属于End BOD Request报文。举例来说，End BOD Request报文包括：Method Type＝100，Subtype＝2，一个Attribute Type＝5的TLV以及一个Attribute Type＝2的TLV。所述Attribute Type＝5的TLV的value为用户的身份标识，如IMSI；所述Attribute Type＝2的TLV是可选地。Subtype＝2用于标识End BOD Request。所述WLAN网络中的802.1X认证设备在接收到所述用户设备发送的End BOD Request报文后，对所述End BOD Request报文进行解析，在解析到其Method Type和Subtype后，则按照预置的处理逻辑对所述报文进行封装转换处理，即所述WLAN网络中的802.1X认证设备获得的所述Radius Access Request报文中携带封装的End BOD Response报文，比如所述Radius Access Request报文的Attribute Type可以包含一个TLV字段，所述TLV字段用于携带封装后的所述End BOD Response报文。所述AAA服务器也可以根据所述第一标识对应的带宽调整类型生成相应的COA报文，以指示所述BRAS执行相应的带宽调整，例如终止提高带宽。In the embodiment of the present invention, the first identifier included in the EAP Request message sent by the user equipment to the authentication device is used to identify that the type of the bandwidth adjustment is to terminate the bandwidth, and the EAP Request message belongs to the End BOD Request. Message. For example, the End BOD Request message includes: Method Type=100, Subtype=2, a TLV of Attribute Type=5, and a TLV of Attribute Type=2. The value of the TLV of the Attribute Type=5 is the identity of the user, such as the IMSI; the TLV of the Attribute Type=2 is optionally. Subtype=2 is used to identify the End BOD Request. After receiving the End BOD Request message sent by the user equipment, the 802.1X authentication device in the WLAN network parses the End BOD Request message, and after parsing the Method Type and Subtype, The processing logic performs the encapsulation and transformation process on the packet, that is, the Radius Access Request packet obtained by the 802.1X authentication device in the WLAN network carries the encapsulated End BOD Response packet, such as the Radius Access Request. The Attribute Type of the packet may include a TLV field, where the TLV field is used to carry the encapsulated End BOD Response message. The AAA server may also generate a corresponding COA packet according to the bandwidth adjustment type corresponding to the first identifier, to instruct the BRAS to perform corresponding bandwidth adjustment, for example, to terminate the bandwidth improvement.

参见图6，为本发明实施例一种按需分配带宽的方法的信令图。FIG. 6 is a signaling diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention.

在图6对应的实施例中，所述AAA服务器和/或所述WLAN网络中的802.1X认证设备还可以在所述用户设备发生异常时，终止对所述用户设备进行带宽调整。所述用户设备发生异常可以包括：所述用户设备不在线、关机、没有响应、用户设备的SIM或者USIM不在设备中等。在一种可能的实现方式中，所述所述AAA服务器和/或所述WLAN网络中的802.1X认证设备通过对所述用户设备进行认证，根据所述用户设备是否响应以及响应报文确定是否终止对所述用户设备进行带宽调整。这一实施例适用于使用可扩展身份认证协议-认证与密钥协商(英文全称为Extensible Authentication Protocol- Authentication and Key Agreement，英文缩写为EAP-AKA)认证的场景。当然，还可以是其他认证方式。In the embodiment corresponding to FIG. 6, the 802.1X authentication device in the AAA server and/or the WLAN network may also terminate bandwidth adjustment on the user equipment when an abnormality occurs in the user equipment. The abnormality of the user equipment may include: the user equipment is offline, powered off, has no response, the SIM of the user equipment, or the USIM is not in the medium. In a possible implementation, the AAA server and/or the 802.1X authentication device in the WLAN network, by authenticating the user equipment, determining whether the user equipment responds or responds to the message Terminating the bandwidth adjustment of the user equipment. This embodiment is suitable for use with Extensible Authentication Protocol - Authentication and Key Agreement (English full name Extensible Authentication Protocol - Authentication and Key Agreement, abbreviated as EAP-AKA). Of course, it can be other authentication methods.

S601，所述AAA服务器向所述WLAN网络中的802.1X认证设备发送远程用户拨号认证***访问挑战(英文名称为Radius Access Challenge)报文。S601. The AAA server sends a remote user dialing authentication system access challenge (English name: Radius Access Challenge) message to the 802.1X authentication device in the WLAN network.

所述Radius Access Challenge报文包含用于认证运算的认证矢量中的随机数。具体实现时，在用户设备的USIM和网络侧的HLR或者HSS中维护了一个共享密钥。所述HLR或者HSS可以根据IMSI寻找到与USIM共享的密钥，并产生多个随机数。然后利用每一个随机数按照一定的算法计算出多组认证矢量，所述认证矢量也称为五元组。一组认证矢量由RAND、期望响应(英文名称为expected response，英文缩写为XRES)、加密密钥(英文名称为cipher key，英文缩写为CK)、完整性校验密钥(英文全称为integrity key，英文缩写为IK)和AUTN组成。所述AUTN由被隐藏的计数器、AMF和消息鉴权码MAC连接组成。所述AAA服务器可以选取其中一组认证向量，将RAND和AUTN发送给用户设备。The Radius Access Challenge message contains a random number in an authentication vector used for the authentication operation. In a specific implementation, a shared key is maintained in the USIM of the user equipment and the HLR or HSS on the network side. The HLR or HSS may find a key shared with the USIM according to the IMSI and generate a plurality of random numbers. Then, using each random number, a plurality of sets of authentication vectors are calculated according to a certain algorithm, and the authentication vectors are also called quintuples. A set of authentication vectors consists of RAND, expected response (English name is expected response, English abbreviation is XRES), encryption key (English name is cipher key, English abbreviation is CK), integrity check key (English full name integrity key) , abbreviated as IK) and AUTN. The AUTN consists of a hidden counter, an AMF, and a message authentication code MAC connection. The AAA server may select one of the authentication vectors to send the RAND and the AUTN to the user equipment.

S602，所述WLAN网络中的802.1X认证设备向所述用户设备发送可扩展身份验证协议请求(英文名称为EAP Request)报文。S602. The 802.1X authentication device in the WLAN network sends an extensible identity verification protocol request (English name is an EAP Request) message to the user equipment.

举例来说，所述EAP Request报文包括所述认证矢量中的随机数，所述EAP Request报文的子类型为认证与密钥协商挑战(英文为AKA-Challenge)，所述EAP Request报文用于进行认证与密钥协商。For example, the EAP Request message includes a random number in the authentication vector, and the subtype of the EAP Request message is an authentication and key agreement challenge (AKA-Challenge in English), and the EAP Request message is used. Used for authentication and key negotiation.

举例来说，所述用户设备接收所述EAP Request报文，根据所述报文包含的认证矢量中的认证令牌AUTN恢复出计数器。然后再根据接收到的随机数以及对于所述用户的身份标识的共享密钥进行认证算法计算出期待的鉴权值XMAC、对随机数的响应RES、加密密钥CK，完整性校验密钥IK。USIM比较MAC和XMAC两个值，如果相同，USIM验证接收到的SQN是否在正确的范围内，如果USIM认为SQN在正确的范围内，则将计算出的认证运算结果发送给AAA服务器，所述认证运算结果可以是所述随机数的响应RES，由AAA服务器比较所述RES以及所述服务器保存的XRES，如果相同，则完成对用户设备的认证。For example, the user equipment receives the EAP Request message, and recovers the counter according to the authentication token AUTN in the authentication vector included in the packet. Then, according to the received random number and the shared key for the identity of the user, an authentication algorithm calculates an expected authentication value XMAC, a response RES to the random number, an encryption key CK, and an integrity check key. IK. The USIM compares the two values of the MAC and the XMAC. If the same, the USIM verifies whether the received SQN is in the correct range. If the USIM considers that the SQN is in the correct range, the USIM sends the calculated authentication operation result to the AAA server. The result of the authentication operation may be the response RES of the random number, and the RES is compared by the AAA server and the XRES saved by the server. If they are the same, the pair is completed. User device authentication.

S603，所述用户设备向所述WLAN网络中的802.1X认证设备发送可扩展身份验证协议响应(英文名称为EAP Response)报文。S603. The user equipment sends an extensible identity verification protocol response (English name is EAP Response) message to the 802.1X authentication device in the WLAN network.

举例来说，所述EAP Response报文包括所述认证运算结果，所述EAP Response报文的子类型为认证与密钥协商挑战(英文为AKA-Challenge)，所述EAP Response报文用于进行响应认证与密钥协商请求。For example, the EAP Response packet includes the authentication operation result, and the subtype of the EAP Response packet is an authentication and key agreement challenge (AKA-Challenge in English), and the EAP Response packet is used for performing Respond to authentication and key negotiation requests.

S604，所述WLAN网络中的802.1X认证设备向所述AAA服务器发送Radius Access Request报文，所述Radius Access Request报文包括所述认证运算结果。S604. The 802.1X authentication device in the WLAN network sends a Radius Access Request message to the AAA server, where the Radius Access Request message includes the authentication operation result.

S605，所述AAA服务器对所述认证运算结果进行认证，当认证失败或者所述用户设备持续无响应时，执行S606。S605. The AAA server authenticates the authentication operation result. When the authentication fails or the user equipment continues to be unresponsive, S606 is performed.

举例来说，在用户设备持续无响应的情景下，所述方法可不执行S603和S604。For example, in the case where the user equipment continues to be unresponsive, the method may not perform S603 and S604.

S606，所述AAA服务器向所述BRAS发送远程用户拨号认证***策略变更请求(英文名称为Radius COA Request)报文，所述报文携带带宽调整策略和所述用户的身份标识。S606, the AAA server sends a remote user dialing authentication system policy change request (English name is a Radius COA Request) message to the BRAS, where the packet carries a bandwidth adjustment policy and an identity of the user.

举例来说，所述带宽调整策略为终止对所述用户的身份标识对应的用户进行带宽调整。For example, the bandwidth adjustment policy is to terminate bandwidth adjustment for a user corresponding to the identity of the user.

S607，所述BRAS执行所述Radius COA Request报文携带的带宽调整策略。S607. The BRAS performs a bandwidth adjustment policy carried by the Radius COA Request message.

S608，所述BRAS向所述AAA服务器发送远程用户拨号认证***策略变更确认(英文名称为Radius COA ACK)报文。S608. The BRAS sends a remote user dialing authentication system policy change confirmation (English name is a Radius COA ACK) message to the AAA server.

S609，所述AAA服务器向所述WLAN网络中的802.1X认证设备发送远程用户拨号认证***访问拒绝(英文名称为Radius Access Reject)报文。S609. The AAA server sends a remote user dialing authentication system access rejection (English name: Radius Access Reject) message to the 802.1X authentication device in the WLAN network.

举例来说，所述Radius Access Reject报文携带请求带宽调整的结果，例如终止提高带宽成功。For example, the Radius Access Reject message carries the result of requesting bandwidth adjustment, for example, terminating the improvement of bandwidth success.

S610，所述WLAN网络中的802.1X认证设备向所述用户设备发送可扩展身份验证协议失败(英文名称为EAP Failure)报文。 S610. The 802.1X authentication device in the WLAN network sends a message that the scalable identity verification protocol fails (English name is EAP Failure) to the user equipment.

举例来说，所述EAP Failure报文携带第三标识，所述第三标识用于指示所述用户设备，已终止对所述用户的身份标识对应的用户进行带宽调整。所述EAP Failure报文还可以携带用户的身份标识。其中，所述EAP Failure报文的第三标识携带在所述报文的TLV字段中。For example, the EAP Failure packet carries a third identifier, where the third identifier is used to indicate that the user equipment has terminated bandwidth adjustment for a user corresponding to the identity identifier of the user. The EAP Failure packet may also carry the identity of the user. The third identifier of the EAP Failure packet is carried in a TLV field of the packet.

下面结合图7-图8对扩展的EAP报文进行按需带宽分配的方法进行介绍。在这一实现方式中，使用对SIM卡进行AKA认证的方法，例如采用EAP-AKA认证，Type＝23。所述扩展的EAP报文可包括Subtype和Attribute Type，例如可以包括：The method for performing bandwidth allocation on an extended EAP packet is described below with reference to FIG. 7-8. In this implementation, a method of AKA authentication for the SIM card is used, for example, EAP-AKA authentication, Type=23. The extended EAP packet may include a Subtype and an Attribute Type, and may include, for example:

(1)Attribute Type＝201，value可以为0，用于表示请求提高带宽。(1) Attribute Type = 201, value can be 0, used to indicate that the request increases bandwidth.

(2)Attribute Type＝202，value可以为0，用于表示请求提高带宽成功。(2) Attribute Type = 202, value can be 0, used to indicate that the request to increase bandwidth success.

(3)Attribute Type＝203，value可以为0，用于表示请求终止提高带宽。(3) Attribute Type=203, value can be 0, used to indicate that the request terminates to increase the bandwidth.

(4)Attribute Type＝204，value可以为0，用于表示终止提高带宽成功；当value＝1时，表示异常终止提高带宽成功。(4) Attribute Type=204, value can be 0, which is used to indicate that the termination of bandwidth improvement is successful; when value=1, it means abnormal termination to improve bandwidth success.

参见图7，为本发明实施例一种按需分配带宽的方法的信令图。在图7对应的实施例中，用户设备可在认证成功后，发起带宽调整请求。FIG. 7 is a signaling diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention. In the embodiment corresponding to FIG. 7, the user equipment may initiate a bandwidth adjustment request after the authentication succeeds.

S701，所述用户设备向WLAN网络中的802.1X认证设备发送可扩展身份验证协议初始化请求(英文名称为EAPOL-Start)。S701. The user equipment sends an Extensible Authentication Protocol Initialization Request (English name is EAPOL-Start) to an 802.1X authentication device in the WLAN network.

所述用户设备在通过网络侧的认证后，例如接收到所述WLAN网络中的802.1X认证设备向所述用户设备发送可扩展身份验证协议成功(英文名称为EAP Success)报文后，即执行步骤S701。After the user equipment is authenticated by the network, for example, after receiving the 802.1X authentication device in the WLAN network, the user equipment sends an extensible authentication protocol (EAP Success) message to the user equipment, Step S701.

S702，所述WLAN网络中的802.1X认证设备向所述用户设备发送可扩展身份验证协议请求(英文名称为EAP Request)报文，用于请求用户的身份标识。S702: The 802.1X authentication device in the WLAN network sends an extensible identity verification protocol request (English name is EAP Request) message to the user equipment, and is used to request the identity of the user.

S703，所述用户设备向所述WLAN网络中的802.1X认证设备发送可扩展身份验证协议响应(英文名称为EAP Response)报文，携带第一标识和用户的身份标识。S703. The user equipment sends an extensible identity verification protocol response (EAP Response) message to the 802.1X authentication device in the WLAN network, and carries the first identifier and the identity of the user.

在这种实现方式中，是在所述EAP Response报文的Attribute Type包含TLV 字段，其中一个TLV字段用于携带所述第一标识，其中一个TLV字段用于携带所述用户的身份标识，比如IMSI。In this implementation, the Attribute Type of the EAP Response packet includes a TLV. a field, where a TLV field is used to carry the first identifier, where a TLV field is used to carry the identity of the user, such as an IMSI.

S704，所述WLAN网络中的802.1X认证设备向所述AAA服务器发送远程用户拨号认证***访问请求(英文名称为Radius Access Request)报文。S704: The 802.1X authentication device in the WLAN network sends a remote user dialing authentication system access request (English name: Radius Access Request) message to the AAA server.

举例来说，所述Radius Access Request报文携带封装的EAP报文，包括第一标识和用户的身份标识。For example, the Radius Access Request packet carries the encapsulated EAP packet, including the first identifier and the identity of the user.

S705，所述AAA服务器向所述BRAS发送远程用户拨号认证***策略变更请求(英文名称为Radius COA Request)报文。S705. The AAA server sends a remote user dialing authentication system policy change request (English name is a Radius COA Request) message to the BRAS.

举例来说，所述AAA服务器接收所述Radius Access Request报文，根据所述Radius Access Request报文中携带的用户的身份标识确定对应所述用户是否具有带宽调整权限，如果有，则向所述BRAS发送Radius COA Request报文，所述Radius COA Request报文携带带宽调整策略和所述用户的身份标识。所述用户的身份标识可以是Accouting Session ID。所述带宽调整策略与第一标识所标识的请求带宽调整的类型相对应。For example, the AAA server receives the Radius Access Request message, and determines, according to the identity of the user carried in the Radius Access Request message, whether the user has bandwidth adjustment authority, and if so, to the The BRAS sends a Radius COA Request message, and the Radius COA Request message carries a bandwidth adjustment policy and an identity of the user. The identity of the user may be an Accouting Session ID. The bandwidth adjustment policy corresponds to a type of request bandwidth adjustment identified by the first identifier.

S706，所述BRAS执行所述Radius COA Request报文携带的带宽调整策略。S706. The BRAS performs a bandwidth adjustment policy carried by the Radius COA Request message.

S707，所述BRAS向所述AAA服务器发送远程用户拨号认证***策略变更确认(英文名称为Radius COA ACK)报文。S707. The BRAS sends a remote user dialing authentication system policy change confirmation (English name is a Radius COA ACK) message to the AAA server.

S708，所述AAA服务器向所述WLAN网络中的802.1X认证设备发送远程用户拨号认证***访问接受(英文名称为Radius Access Accept)报文。S708. The AAA server sends a remote user dialing authentication system access acceptance (English name: Radius Access Accept) message to the 802.1X authentication device in the WLAN network.

其中，所述Radius Access Accept报文携带请求带宽调整的结果，例如调整成功。The Radius Access Accept message carries the result of requesting bandwidth adjustment, for example, the adjustment succeeds.

S709，所述WLAN网络中的802.1X认证设备向所述用户设备发送EAP Success报文。S709. The 802.1X authentication device in the WLAN network sends an EAP Success packet to the user equipment.

其中，所述EAP Success报文携带第二标识，所述第二标识用于标识请求带宽调整的结果，例如调整成功。The EAP Success packet carries a second identifier, where the second identifier is used to identify a result of requesting bandwidth adjustment, for example, the adjustment succeeds.

参见图8，为本发明实施例一种按需分配带宽的方法的信令图。与图8对应的实施例不同的时，在图8对应的实施例中，用户设备在认证过程中请求带宽调整。FIG. 8 is a signaling diagram of a method for allocating bandwidth on demand according to an embodiment of the present invention. When the embodiment corresponding to FIG. 8 is different, in the embodiment corresponding to FIG. 8, the user equipment requests the tape during the authentication process. Wide adjustment.

S801，用户设备向WLAN网络中的802.1X认证设备发送可扩展身份验证协议初始化请求(英文名称为EAPOL-Start)。S801. The user equipment sends an Extensible Authentication Protocol Initialization Request (English name is EAPOL-Start) to the 802.1X authentication device in the WLAN network.

S802，所述WLAN网络中的802.1X认证设备向所述用户设备发送第一可扩展身份验证协议请求(英文名称为EAP Request)报文。S802. The 802.1X authentication device in the WLAN network sends a first extensible identity verification protocol request (English name is an EAP Request) message to the user equipment.

举例来说，第一EAP Request)报文用于请求用户的身份标识。For example, the first EAP Request message is used to request the identity of the user.

S803，所述用户设备向所述WLAN网络中的802.1X认证设备发送第一可扩展身份验证协议响应(英文名称为EAP Response)报文。S803. The user equipment sends a first extensible identity verification protocol response (English name is EAP Response) message to the 802.1X authentication device in the WLAN network.

举例来说，第一EAP Response报文携带第一标识和用户的身份标识。For example, the first EAP Response packet carries the first identifier and the identity of the user.

在这种实现方式中，是在所述第一EAP Response报文的Attribute Type包含TLV字段，其中一个TLV字段用于携带所述第一标识，其中一个TLV字段用于携带所述用户的身份标识。In this implementation, the Attribute Type of the first EAP Response packet includes a TLV field, where a TLV field is used to carry the first identifier, where a TLV field is used to carry the identifier of the user. .

S804，所述WLAN网络中的802.1X认证设备向所述AAA服务器发送第一远程用户拨号认证***访问请求(英文名称为Radius Access Request)报文。S804. The 802.1X authentication device in the WLAN network sends a first remote user dialing authentication system access request (English name is a Radius Access Request) message to the AAA server.

举例来说，所述第一Radius Access Request报文携带封装的EAP报文，包括第一标识和用户的身份标识。For example, the first Radius Access Request message carries the encapsulated EAP message, including the first identifier and the identity of the user.

S805，所述AAA服务器向所述WLAN网络中的802.1X认证设备发送远程用户拨号认证***访问挑战(英文名称为Radius Access Challenge)报文。S805. The AAA server sends a remote user dialing authentication system access challenge (English name: Radius Access Challenge) message to the 802.1X authentication device in the WLAN network.

举例来说，所述Radius Access Challenge包括所述认证矢量中的随机数。For example, the Radius Access Challenge includes a random number in the authentication vector.

S806，所述WLAN网络中的802.1X认证设备向所述用户设备发送第二可扩展身份验证协议请求(英文名称为EAP Request)报文。S806. The 802.1X authentication device in the WLAN network sends a second extensible identity verification protocol request (English name is an EAP Request) message to the user equipment.

举例来说，所述第二EAP Request报文包括所述认证矢量中的随机数。For example, the second EAP Request message includes a random number in the authentication vector.

S807，所述用户设备向所述WLAN网络中的802.1X认证设备发送第二可扩展身份验证协议响应(英文名称为EAP Response)报文。S807. The user equipment sends a second extensible identity verification protocol response (English name is EAP Response) message to the 802.1X authentication device in the WLAN network.

举例来说，所述第二EAP Response报文包括所述认证运算结果。For example, the second EAP Response message includes the result of the authentication operation.

S808，所述WLAN网络中的802.1X认证设备向所述AAA服务器发送第二远程用户拨号认证***访问请求(英文名称为Radius Access Request报文。 S808: The 802.1X authentication device in the WLAN network sends a second remote user dialing authentication system access request to the AAA server (the English name is a Radius Access Request message).

举例来说，所述第二Radius Access Request报文包括所述认证运算结果。For example, the second Radius Access Request message includes the result of the authentication operation.

S809，所述AAA服务器向所述BRAS发送远程用户拨号认证***策略变更请求(英文名称为Radius COA Request)报文。S809. The AAA server sends a remote user dialing authentication system policy change request (English name is a Radius COA Request) message to the BRAS.

所述AAA服务器根据所述第二Radius Access Request报文包含的所述认证运算结果，确定认证通过时，根据接收的所述第一Radius Access Request报文中携带的用户的身份标识确定对应所述用户是否具有带宽调整权限，如果有，则向所述BRAS发送远程用户拨号认证***策略变更请求(英文名称为Radius COA Request)报文，所述报文携带带宽调整策略和所述用户的身份标识。这时，所述用户的身份标识可以是Accouting session ID。所述带宽调整策略与第一标识所标识的请求带宽调整的类型相对应。The AAA server determines, according to the authentication operation result included in the second Radius Access Request message, that the authentication is determined according to the identifier of the user carried in the received first Radius Access Request message, Whether the user has the bandwidth adjustment authority, and if so, sends a remote user dial-up authentication system policy change request (English name is a Radius COA Request) message to the BRAS, where the packet carries the bandwidth adjustment policy and the identity of the user. . At this time, the identity of the user may be an Accouting session ID. The bandwidth adjustment policy corresponds to a type of request bandwidth adjustment identified by the first identifier.

S810，所述BRAS执行所述Radius COA Request报文携带的带宽调整策略。S810. The BRAS performs a bandwidth adjustment policy carried by the Radius COA Request message.

S811，所述BRAS向所述AAA服务器发送远程用户拨号认证***策略变更确认(英文名称为Radius COA ACK)报文。S811. The BRAS sends a remote user dialing authentication system policy change confirmation (English name is a Radius COA ACK) message to the AAA server.

S812，所述AAA服务器向所述WLAN网络中的802.1X认证设备发送远程用户拨号认证***访问接受(英文名称为Radius Access Accept)报文。S812: The AAA server sends a remote user dialing authentication system access acceptance (English name: Radius Access Accept) message to the 802.1X authentication device in the WLAN network.

S813，所述WLAN网络中的802.1X认证设备向所述用户设备发送可扩展身份验证协议成功(英文名称为EAP Success)报文。S813, the 802.1X authentication device in the WLAN network sends a successfully scalable (Authentication Authentication Protocol) packet to the user equipment.

以上结合图4-图8对本发明实施例使用EAP报文进行按需调整带宽的方法进行了详细地介绍。本发明实施例提供的按需调整带宽的方法也可以应用到其他应用场景中。例如，所述请求带宽调整的设备为RG，所述RG具有SIM或者USIM模块，例如RG支持SIM卡槽，也可以是RG支持USB接口并具有相应的驱动，用于驱动U盘SIM。所述RG可以基于SIM卡发起认证接入网络，也可以是已经接入网络的RG在***U盘SIM后触发请求带宽调整。所述RG与BRAS 通信连接，所述BRAS与AAA服务器通信连接。AAA服务器可以与策略服务器为同一物理设备，也可以是不同的物理设备。所述AAA服务器还可以与归属位置服务器(英文全称为Home Subscriber Server，英文缩写为HSS)通信连接，或者，所述AAA服务器可以与归属位置寄存器(英文全称为Home Location Register，英文缩写为HLR)通信连接。其中，所述HSS或者HLR用于生成认证矢量，所述认证矢量用于进行网络侧设备与用户设备的认证与密钥协商，所述网络侧设备具体可以是AAA服务器。The method for adjusting bandwidth by using EAP packets in the embodiment of the present invention is described in detail above with reference to FIG. 4-8. The method for adjusting bandwidth on demand according to the embodiment of the present invention can also be applied to other application scenarios. For example, the device that requests bandwidth adjustment is an RG, and the RG has a SIM or USIM module, for example, the RG supports a SIM card slot, or the RG supports a USB interface and has a corresponding driver for driving the USB flash drive SIM. The RG may initiate an authentication access network based on the SIM card, or the RG that has accessed the network triggers the request bandwidth adjustment after inserting the USB flash drive SIM. The RG and BRAS A communication connection, the BRAS being in communication with the AAA server. The AAA server can be the same physical device as the policy server or a different physical device. The AAA server may also be in communication with a home location server (English name is Home Subscriber Server, abbreviated as HSS), or the AAA server may be associated with a home location register (English name is Home Location Register, abbreviated as HLR) Communication connection. The HSS or the HLR is configured to generate an authentication vector, where the authentication vector is used for performing authentication and key negotiation between the network side device and the user equipment, and the network side device may be an AAA server.

图5-图8对应的实施例中的用户设备均可以替换为RG，这时，图5-图8所示的WLAN网络中的802.1X设备可以替换为固定网络中的802.1X认证设备，也可以实现按需调整带宽的方法。其中，所述固定网络中的802.1X认证设备可以是BRAS、DSLAM或者其他AC设备等。其具体实现流程与图5-图8对应的实施例类似。The user equipment in the corresponding embodiment of FIG. 5 - FIG. 8 can be replaced by RG. In this case, the 802.1X device in the WLAN network shown in FIG. 5 - FIG. 8 can be replaced with the 802.1X authentication device in the fixed network. A method of adjusting bandwidth as needed can be implemented. The 802.1X authentication device in the fixed network may be a BRAS, a DSLAM, or other AC device. The specific implementation flow is similar to the embodiment corresponding to FIG. 5 to FIG. 8.

以上结合EAP认证过程对本发明实施例提供的按需分配带宽的方法进行了介绍。本发明实施例提供的方法也可以具有其他应用场景，例如第一设备为请求带宽调整的设备，接收第一设备的请求报文的设备除了认证设备外，还可以是超文本传输协议(英文全称为Hypertext Transfer Protocol，英文缩写为HTTP)服务器。在请求带宽调整的第一设备向所述HTTP服务器发送的报文为HTTP请求，所述HTTP请求中携带第一标识和所述第一设备对应的用户的身份标识，所述第一标识用于标识请求带宽调整的类型。下面结合图9对所示方法进行介绍。其中，第一设备具体为用户设备，当然，将图9中的用户设备替换为RG也可以实现本发明实施例提供的方法。The method for allocating bandwidth on demand according to the embodiment of the present invention is described above in conjunction with the EAP authentication process. The method provided by the embodiment of the present invention may also have other application scenarios. For example, the first device is a device that requests bandwidth adjustment, and the device that receives the request message of the first device may be a hypertext transfer protocol in addition to the authentication device. It is the Hypertext Transfer Protocol, abbreviated as HTTP) server. The packet sent by the first device that requests the bandwidth adjustment to the HTTP server is an HTTP request, where the HTTP request carries the first identifier and the identity of the user corresponding to the first device, where the first identifier is used for Identifies the type of request bandwidth adjustment. The method shown is described below in conjunction with FIG. The first device is specifically a user equipment. Of course, the method provided by the embodiment of the present invention may be implemented by replacing the user equipment in FIG. 9 with the RG.

参见图9，图9为本发明实施例提供的一种按需调整带宽的方法信令图。Referring to FIG. 9, FIG. 9 is a signaling diagram of a method for adjusting bandwidth on demand according to an embodiment of the present invention.

在所述用户设备通过认证设备的认证后，可以执行图9所示的方法。所述用户设备通过认证设备的认证后已接入网络，且物理链路有富余的带宽可以执行带宽调整。下面以第一设备为具有SIM的用户设备为例进行说明所述用户设备基于SIM的认证过程。用户设备通过RG的认证后，接入网络。具有相应驱动的用户设备按照SIM卡中的信息向运营商部署的HTTP服务器发起连接，进行基于认证与密钥协商协议的HTTP摘要认证(英文名称为HTTP Digest AKA)的双向认证。所述如果用户设备通过认证，HTTP服务器通过用户的IP地址确定与其对应的AAA服务器，通知AAA服务器该用户对应的策略，由AAA下发BRAS执行所述策略。After the user equipment passes the authentication of the authentication device, the method shown in FIG. 9 can be performed. The user equipment accesses the network after being authenticated by the authentication device, and the physical link has a surplus bandwidth to perform bandwidth adjustment. The SIM-based authentication process of the user equipment is described below by taking the first device as a user equipment with a SIM as an example. After the user equipment is authenticated by the RG, it accesses the network. The user equipment with the corresponding driver initiates a connection to the HTTP server deployed by the operator according to the information in the SIM card. Perform two-way authentication based on HTTP digest authentication (HTTP Digest AKA) based on authentication and key agreement protocol. If the user equipment is authenticated, the HTTP server determines the AAA server corresponding to the AAA server by using the IP address of the user, and notifies the AAA server of the policy corresponding to the user, and the AAA delivers the BRAS to execute the policy.

S901，所述用户设备向HTTP服务器发送HTTP请求，所述HTTP请求包括第一标识和用户的身份标识。S901. The user equipment sends an HTTP request to an HTTP server, where the HTTP request includes a first identifier and an identity of the user.

其中，所述用户设备为请求带宽调整的设备，所述第一标识用于标识请求带宽调整的类型，所述用户的身份标识用于标识所述用户设备对应的用户。The user equipment is a device that requests bandwidth adjustment, and the first identifier is used to identify a type of bandwidth adjustment request, and the identifier of the user is used to identify a user corresponding to the user equipment.

S902，所述HTTP服务器向所述AAA服务器发送简单对象访问协议(英文全称Simple Object Access Protocol，英文简称SOAP)请求报文。S902. The HTTP server sends a Simple Object Access Protocol (SOAP) request message to the AAA server.

所述HTTP服务器在接收到所述用户设备发送的HTTP请求后，对所述HTTP请求进行解析，在解析到第一标识和用户的身份标识后，则按照预置的处理逻辑对所述请求进行处理。其中，所述SOAP请求报文中包括第一标识和所述用户的身份标识。After receiving the HTTP request sent by the user equipment, the HTTP server parses the HTTP request, and after parsing the first identifier and the identity of the user, performing the request according to preset processing logic. deal with. The SOAP request packet includes a first identifier and an identity of the user.

S903，所述AAA服务器接收所述SOAP请求报文，根据所述SOAP请求报文中携带的用户的身份标识确定对应所述用户是否具有带宽调整权限，如果有，则向所述BRAS发送Radius COA Request报文，所述报文携带带宽调整策略和所述用户的身份标识。所述带宽调整策略与第一标识所标识的请求带宽调整的类型相对应。S903, the AAA server receives the SOAP request message, and determines, according to the identity of the user carried in the SOAP request message, whether the user has bandwidth adjustment authority, and if yes, sends a Radius COA to the BRAS. A request packet carrying a bandwidth adjustment policy and an identity of the user. The bandwidth adjustment policy corresponds to a type of request bandwidth adjustment identified by the first identifier.

S904，所述BRAS执行所述Radius COA Request报文携带的带宽调整策略。S904. The BRAS performs a bandwidth adjustment policy carried by the Radius COA Request message.

S905，所述BRAS向所述AAA服务器发送Radius COA ACK报文。S905. The BRAS sends a Radius COA ACK message to the AAA server.

S906，所述AAA服务器向所述HTTP服务器发送SOAP响应报文。其中，所述SOAP响应报文携带请求带宽调整的结果，例如调整成功。S906. The AAA server sends a SOAP response message to the HTTP server. The SOAP response packet carries a result of requesting bandwidth adjustment, for example, the adjustment succeeds.

S907，所述HTTP服务器向所述用户设备发送HTTP响应，所述HTTP响应携带第二标识，所述第二标识用于标识请求带宽调整的结果。S907. The HTTP server sends an HTTP response to the user equipment, where the HTTP response carries a second identifier, where the second identifier is used to identify a result of requesting bandwidth adjustment.

举例来说，所述HTTP请求中的第一标识所述标识的请求带宽调整的类型可以包括提高带宽、终止提高带宽、降低带宽、终止降低带宽中的一种或多种。For example, the type of the request bandwidth adjustment that identifies the identifier in the HTTP request may include one or more of increasing bandwidth, terminating increasing bandwidth, reducing bandwidth, and terminating reducing bandwidth. Kind.

在上述实施例中，所述HTTP服务器还可以作为对所述用户设备进行802.1X认证的设备，在认证通过后，由用户设备向所述HTTP服务器发送请求以请求带宽调整。当然，也可以由其他设备对用户设备进行认证，仅由HTTP服务器接收请求带宽调整的HTTP请求，这时，AAA服务器需要在接收到携带用户的身份标识和带宽调整类型的标识的请求后，需要确定所述用户的身份标识对应的用户是否认证通过，如果认证通过才进一步确认所述用户是否具有带宽调整权限。当然，也可以由HTTP服务器在接收到所述请求带宽调整的HTTP请求后，确定所述用户是否通过认证，如果所述用户通过认证，HTTP服务器向所述AAA服务器发送相应请求。图9所示AAA服务器也可以是策略服务器。In the above embodiment, the HTTP server may also be used as a device for performing 802.1X authentication on the user equipment. After the authentication is passed, the user equipment sends a request to the HTTP server to request bandwidth adjustment. Of course, the user equipment can be authenticated by other devices, and only the HTTP server receives the HTTP request for bandwidth adjustment. In this case, the AAA server needs to receive the request for carrying the identifier of the user and the identifier of the bandwidth adjustment type. Determining whether the user corresponding to the identity of the user passes the authentication, and if the authentication passes, further confirming whether the user has the bandwidth adjustment authority. Of course, after receiving the HTTP request for bandwidth adjustment, the HTTP server may determine whether the user passes the authentication. If the user passes the authentication, the HTTP server sends a corresponding request to the AAA server. The AAA server shown in Figure 9 can also be a policy server.

在这种实现方式中，例如终止提高带宽的应用场景可以参照前述实施例所示方法实现，只需替换相应的执行主体即可，在此不再赘述。In this implementation, for example, the application scenario in which the bandwidth is increased can be implemented by referring to the method shown in the foregoing embodiment, and only the corresponding execution entity is required to be replaced, and details are not described herein again.

参见图10，为本发明实施例提供的一种第一设备示意图，所述第一设备可以用于实现图1-图3、图5-图9所示的按需分配带宽的方法。所述第一设备1000可以是图1和图2对应的实施例中的第一设备，也可以是图3对应的实施例中的第二设备，可以是图5-图8对应的实施例中的WLAN网络中的802.1X认证设备，也可以是固定网络中的802.1X认证设备，还可以是图9对应的实施例中的HTTP服务器。FIG. 10 is a schematic diagram of a first device according to an embodiment of the present invention. The first device may be used to implement the method for allocating bandwidth on demand according to FIG. 1 to FIG. 3 and FIG. The first device 1000 may be the first device in the embodiment corresponding to FIG. 1 and FIG. 2, or may be the second device in the embodiment corresponding to FIG. 3, and may be in the embodiment corresponding to FIG. 5-8. The 802.1X authentication device in the WLAN network may also be an 802.1X authentication device in the fixed network, or may be an HTTP server in the embodiment corresponding to FIG.

图10所示的第一设备1000包括：The first device 1000 shown in FIG. 10 includes:

第一接收单元1001，用于接收第二设备发送的包含带宽调整请求的第一报文，所述第二设备为请求带宽调整的设备，所述第一报文包括第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识所述第二设备对应的用户。The first receiving unit 1001 is configured to receive, by the second device, a first packet that includes a bandwidth adjustment request, where the second device is a device that requests bandwidth adjustment, where the first packet includes a first identifier and a second identifier. The first identifier is used to identify a type of requesting bandwidth adjustment, and the second identifier is used to identify a user corresponding to the second device.

第一获得单元1002，用于在所述接收单元接收的所述第一报文包括所述第一标识时，根据所述第一报文获得第二报文，所述第二报文包括所述第一标识和所述第二标识； The first obtaining unit 1002 is configured to: when the first packet received by the receiving unit includes the first identifier, obtain a second packet according to the first packet, where the second packet includes Describe the first identifier and the second identifier;

第一发送单元1003，用于向服务器发送所述获得单元获得的所述第二报文，所述服务器用于响应带宽调整请求。The first sending unit 1003 is configured to send, to the server, the second packet obtained by the obtaining unit, where the server is configured to respond to a bandwidth adjustment request.

其中，所述第一报文是可扩展身份验证协议请求EAP Request报文，所述EAP Request报文的包括子类型Subtype和属性类型AttributeType，所述Subtype用于携带所述第一标识，所述Attribute type携带所述第二标识。The first packet is an extensible authentication protocol request EAP Request packet, and the EAP Request packet includes a subtype Subtype and an attribute type AttributeType, where the Subtype is used to carry the first identifier, The Attribute type carries the second identifier.

其中，所述第一报文是可扩展身份验证协议响应EAP Response报文，所述EAP Response报文的属性类型Attribute Type包括第一类型、长度和值TLV字段和第二TLV字段，所述第一TLV字段用于携带所述第一标识，所述第二TLV字段用于携带所述第二标识。The first packet is an extensible authentication protocol response EAP Response packet, and the attribute type Attribute Type of the EAP Response packet includes a first type, a length and value TLV field, and a second TLV field, where the A TLV field is used to carry the first identifier, and the second TLV field is used to carry the second identifier.

其中，所述第二报文是远程用户拨号认证***协议RADIUS报文，所述RADIUS报文的AttributeType包含一个TLV字段，所述TLV字段用于携带封装后的所述第一报文。The second packet is a remote user dialing authentication system protocol RADIUS packet, and the AttributeType of the RADIUS packet includes a TLV field, where the TLV field is used to carry the encapsulated first packet.

参见图11，图11为本发明实施例提供的一种第一设备1100示意图。所述第一设备1100可以用于实现图1-图3、图5-图9所示的按需分配带宽的方法。所述第一设备1100可以是图1和图2对应的实施例中的第一设备，也可以是图3对应的实施例中的第二设备，可以是图5-图8对应的实施例中的WLAN网络中的802.1X认证设备，也可以是固定网络中的802.1X认证设备，还可以是图9对应的实施例中的HTTP服务器。Referring to FIG. 11, FIG. 11 is a schematic diagram of a first device 1100 according to an embodiment of the present invention. The first device 1100 can be used to implement the method for allocating bandwidth on demand as shown in FIG. 1 to FIG. 3 and FIG. The first device 1100 may be the first device in the embodiment corresponding to FIG. 1 and FIG. 2, or may be the second device in the embodiment corresponding to FIG. 3, and may be in the embodiment corresponding to FIG. 5-8. The 802.1X authentication device in the WLAN network may also be an 802.1X authentication device in the fixed network, or may be an HTTP server in the embodiment corresponding to FIG.

该第一设备1100可包括处理器1101，网络接口1102，存储器1103，和通信总线1104，所述通信总线用于实现处理器1101，网络接口1102，存储器1103之间的连接通信。该处理器1101可以为CPU，存储器1103可能包含高速随机存取存储器(英文全称为Random Access Memory，英文缩写为RAM)，也可能还包括非易失性的存储器(英文名称为non-volatile memory)，例如至少一个磁盘存储器。所述存储器1103用于存储一组程序指令，所述处理器1101用于调用所述存储器1103存储的程序指令执行相应操作。The first device 1100 can include a processor 1101, a network interface 1102, a memory 1103, and a communication bus 1104 for implementing connection communication between the processor 1101, the network interface 1102, and the memory 1103. The processor 1101 may be a CPU, and the memory 1103 may include a high-speed random access memory (English name is called Random Access Memory, abbreviated as RAM in English), and may also include non-volatile memory (English name is non-volatile memory). , for example, at least one disk storage. The memory 1103 is configured to store a set of program instructions, and the processor 1101 is configured to invoke a program instruction stored by the memory 1103 to perform a corresponding operation.

其中，所述处理器1101调用所述存储器1103中的程序指令以用于：The processor 1101 calls a program instruction in the memory 1103 for:

接收第二设备发送的第一报文，所述第二设备为请求带宽调整的设备，所述第一报文包括第一标识和第二标识，所述第一标识用于标识所述请求带宽调整的类型，所述第二标识用于标识所述第二设备对应的用户；Receiving, by the second device, the first packet sent by the second device, where the second device is a device that requests bandwidth adjustment, The first packet includes a first identifier and a second identifier, where the first identifier is used to identify the type of the requested bandwidth adjustment, and the second identifier is used to identify a user corresponding to the second device.

在所述第一报文包括所述第一标识时，根据所述第一报文获得第二报文，所述第二报文包括所述第一标识和所述第二标识；And when the first packet includes the first identifier, obtaining a second packet according to the first packet, where the second packet includes the first identifier and the second identifier;

向服务器发送所述第二报文，所述服务器用于响应所述带宽调整请求。Sending the second packet to the server, the server is configured to respond to the bandwidth adjustment request.

其中，所述第一报文是可扩展身份验证协议响应EAP Response报文，所述EAP Response报文的属性类型Attribute Type包含第一类型、长度和值TLV字段和第二TLV字段，所述第一TLV字段用于携带所述第一标识，所述第二TLV字段用于携带所述第二标识。The first packet is an extensible authentication protocol response EAP Response packet, and the attribute type Attribute Type of the EAP Response packet includes a first type, a length and value TLV field, and a second TLV field, where the A TLV field is used to carry the first identifier, and the second TLV field is used to carry the second identifier.

其中，所述第一报文是可扩展身份验证协议请求EAP Request报文，所述EAP Request报文包括子类型Subtype和属性类型Attribute Type，所述Subtype用于携带所述第一标识，所述Attribute Type携带所述第二标识。The first packet is an extensible authentication protocol requesting an EAP Request packet, and the EAP Request packet includes a subtype Subtype and an attribute type Attribute Type, where the Subtype is used to carry the first identifier, The Attribute Type carries the second identifier.

其中，所述第二报文是远程用户拨号认证***协议RADIUS报文，所述RADIUS报文的Attribute Type至少包含一个TLV字段，所述TLV字段用于携带封装后的所述第一报文。The second packet is a remote user dialing authentication system protocol RADIUS packet, and the Attribute Type of the RADIUS packet includes at least one TLV field, where the TLV field is used to carry the encapsulated first packet.

在图10和图11示出的本发明实施例提供的第一设备，接收请求带宽调整的第二设备发送的包含第一标识和第二标识的第一报文，所述第一标识用于标识所述请求带宽调整的类型，所述第二标识用于标识所述第二设备对应的用户；所述第一设备根据所述第一报文获得包括所述第一标识和所述第二标识的第二报文，向服务器发送所述第二报文，以使得所述服务器在确认所述用户具有带宽调整权限时对所述用户的带宽进行调整。The first device provided by the embodiment of the present invention shown in FIG. 10 and FIG. 11 receives a first packet that includes a first identifier and a second identifier that is sent by a second device that requests bandwidth adjustment, where the first identifier is used for Identifying the type of the requested bandwidth adjustment, the second identifier is used to identify a user corresponding to the second device, and the first device obtains the first identifier and the second according to the first packet And sending the second packet to the server, so that the server adjusts the bandwidth of the user when confirming that the user has bandwidth adjustment authority.

参见图12，图12为本发明实施例提供的一种服务器示意图。所述服务器可以用于实现图1-图3、图5-图9所示的按需分配带宽的方法。所述服务器可以是具有策略变更功能的AAA服务器，还可以是策略服务器。图12对应的实施例中的第一设备是能够与服务器和第二设备通信的设备，第二设备是请求带宽调整的设备。Referring to FIG. 12, FIG. 12 is a schematic diagram of a server according to an embodiment of the present invention. The server can be used to implement the method for allocating bandwidth on demand as shown in FIG. 1 to FIG. 3 and FIG. The server may be an AAA server with a policy change function or a policy server. The first device in the corresponding embodiment of FIG. 12 is a device capable of communicating with a server and a second device, and the second device is a device requesting bandwidth adjustment.

所述服务器1200包括： The server 1200 includes:

第一接收单元1201，用于接收第一设备发送的第一报文，所述第一报文包含第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识第二设备对应的用户，所述第二设备为请求带宽调整的设备；The first receiving unit 1201 is configured to receive a first packet sent by the first device, where the first packet includes a first identifier and a second identifier, where the first identifier is used to identify a type of request bandwidth adjustment, The second identifier is used to identify a user corresponding to the second device, and the second device is a device that requests bandwidth adjustment;

确定单元1202，用于根据所述第二标识判断所述用户是否具有带宽调整的权限；a determining unit 1202, configured to determine, according to the second identifier, whether the user has the right to adjust bandwidth;

第一获得单元1203，用于当确定所述用户具有带宽调整的权限时，根据所述第一标识，获得第一COA报文，所述第一COA报文包括所述第二标识，所述第一COA报文用于指示宽带接入服务器BRAS执行与所述第一标识对应的带宽调整；The first obtaining unit 1203 is configured to: when determining that the user has the right to adjust the bandwidth, obtain the first COA message according to the first identifier, where the first COA message includes the second identifier, The first COA message is used to instruct the broadband access server BRAS to perform bandwidth adjustment corresponding to the first identifier;

第一发送单元1204，用于向所述BRAS发送所述第一COA报文。The first sending unit 1204 is configured to send the first COA message to the BRAS.

其中，所述服务器还包括：The server further includes:

第二发送单元，用于向所述第一设备发送第二报文，所述第二报文包括认证矢量中的随机数；a second sending unit, configured to send a second packet to the first device, where the second packet includes a random number in the authentication vector;

第三发送单元，用于当确定未收到所述第二设备发送的与所述第二报文对应的响应报文，或者根据所述第二报文对应的响应报文确定认证失败时，向所述BRAS发送第二COA报文，所述第二COA报文包括所述第二标识，用于指示所述BRAS停止执行与所述第一标识对应的带宽调整。a third sending unit, configured to: when it is determined that the response packet corresponding to the second packet sent by the second device is not received, or when the authentication failure is determined according to the response packet corresponding to the second packet, Sending a second COA message to the BRAS, where the second COA message includes the second identifier, and is used to instruct the BRAS to stop performing bandwidth adjustment corresponding to the first identifier.

参见图13，图13为本发明实施例提供的一种服务器示意图。所述服务器1300可以用于实现图1-图3、图5-图9所示的按需分配带宽的方法。所述服务器1300可以是具有策略变更功能的AAA服务器，还可以是策略服务器。图13对应的实施例中的第一设备是能够与服务器和第二设备通信的设备，第二设备是请求带宽调整的设备。Referring to FIG. 13, FIG. 13 is a schematic diagram of a server according to an embodiment of the present invention. The server 1300 can be used to implement the method for allocating bandwidth on demand as shown in FIG. 1 to FIG. 3 and FIG. The server 1300 may be an AAA server with a policy change function, or may be a policy server. The first device in the embodiment corresponding to FIG. 13 is a device capable of communicating with a server and a second device, and the second device is a device requesting bandwidth adjustment.

该服务器1300可包括处理器1301，网络接口1302，存储器1303，和通信总线1304，所述通信总线用于实现处理器1301，网络接口1302，存储器1303之间的连接通信。该处理器1301可以为CPU，存储器1303可能包含RAM，也可能还包括non-volatile memory，例如至少一个磁盘存储器。所述存储器1303 用于存储一组程序指令，所述处理器1301用于调用所述存储器1303存储的程序指令执行相应操作。The server 1300 can include a processor 1301, a network interface 1302, a memory 1303, and a communication bus 1304 for implementing connection communication between the processor 1301, the network interface 1302, and the memory 1303. The processor 1301 may be a CPU, the memory 1303 may include a RAM, and may also include a non-volatile memory, such as at least one disk storage. The memory 1303 For storing a set of program instructions, the processor 1301 is configured to invoke a program instruction stored by the memory 1303 to perform a corresponding operation.

其中，所述处理器1301调用所述存储器1303中的程序指令以用于：The processor 1301 invokes program instructions in the memory 1303 for:

接收第一设备发送的第一报文，所述第一报文包含第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识第二设备对应的用户，所述第二设备为请求带宽调整的设备；And receiving, by the first device, the first packet, where the first packet includes a first identifier and a second identifier, where the first identifier is used to identify a type of request bandwidth adjustment, and the second identifier is used to identify a second identifier. a user corresponding to the device, where the second device is a device that requests bandwidth adjustment;

根据所述第二标识判断所述用户是否具有带宽调整的权限；Determining, according to the second identifier, whether the user has the right to adjust bandwidth;

当确定所述用户具有带宽调整的权限时，根据所述第一标识，获得第一COA报文，所述第一COA报文包括所述第二标识，所述第一COA报文用于指示宽带接入服务器BRAS执行与所述第一标识对应的带宽调整；When the user is determined to have the right to adjust the bandwidth, the first COA packet is obtained according to the first identifier, where the first COA packet includes the second identifier, and the first COA packet is used to indicate The broadband access server BRAS performs bandwidth adjustment corresponding to the first identifier;

向所述BRAS发送所述第一COA报文。Sending the first COA message to the BRAS.

其中，所述处理器1301调用所述存储器1303中的程序指令还用于：The program instruction in the memory 1303 is further used by the processor 1301 to:

向所述第二设备发送第二报文，所述第二报文包括认证矢量中的随机数；Sending, to the second device, a second packet, where the second packet includes a random number in the authentication vector;

当确定未收到所述第二设备发送的与所述第二报文对应的响应报文，或者根据所述第二报文对应的响应报文确定认证失败时，向所述BRAS发送第二COA报文，所述第二COA报文包括所述第二标识，所述第二COA报文用于指示所述BRAS停止执行与所述第一标识对应的带宽调整。When it is determined that the response packet corresponding to the second packet sent by the second device is not received, or the authentication failure is determined according to the response packet corresponding to the second packet, sending a second message to the BRAS The second COA message includes the second identifier, and the second COA message is used to instruct the BRAS to stop performing bandwidth adjustment corresponding to the first identifier.

在图12和图13示出的本发明实施例提供的服务器，根据接收的一设备发送的第一报文中的第二标识确认所述第二标识对应的用户是否具有带宽调整权限，当确定所述用户具有带宽调整权限时，根据所述第一报文中的第一标识所标识的请求带宽调整的类型，对所述用户的带宽进行调整。The server provided by the embodiment of the present invention shown in FIG. 12 and FIG. 13 confirms whether the user corresponding to the second identifier has bandwidth adjustment authority according to the second identifier in the first packet sent by the received device, when determining When the user has the bandwidth adjustment authority, the bandwidth of the user is adjusted according to the type of the requested bandwidth adjustment identified by the first identifier in the first packet.

参见图14，为本发明实施例提供的一种请求带宽调整的设备示意图。所述请求带宽调整的设备可以是第一设备1400，图14对应的实施例中的第二设备是能够与第一设备1400和服务器进行通信的设备。所述第一设备1400可以用于实现图1-图3、图5-图9所示的按需分配带宽的方法。所述第一设备1400可以是图1和图2对应的实施例中的第二设备，也可以是图3对应的实施例中的第一设备，可以是图5-图8对应的实施例中的用户设备，也可以RG设备，还可以是图9对应的实施例中的第一设备。FIG. 14 is a schematic diagram of an apparatus for requesting bandwidth adjustment according to an embodiment of the present invention. The device requesting bandwidth adjustment may be the first device 1400, and the second device in the corresponding embodiment of FIG. 14 is a device capable of communicating with the first device 1400 and the server. The first device 1400 can be used to implement the method for allocating bandwidth on demand as shown in FIG. 1 to FIG. 3 and FIG. The first device 1400 may be the second device in the embodiment corresponding to FIG. 1 and FIG. 2, or may be the first device in the embodiment corresponding to FIG. 3, and may be in the embodiment corresponding to FIG. 5-8. User equipment, also RG equipment, but also It is the first device in the embodiment corresponding to FIG. 9.

所述请求带宽调整的第一设备1400包括：The first device 1400 requesting bandwidth adjustment includes:

获得单元1401，用于获得第一报文，所述第一报文包括所述第一设备的第一标识和第二标识，所述第一标识用于标识所述请求带宽调整的类型，所述第二标识用于标识所述第一设备对应的用户。The obtaining unit 1401 is configured to obtain a first packet, where the first packet includes a first identifier and a second identifier of the first device, where the first identifier is used to identify a type of the requested bandwidth adjustment, where The second identifier is used to identify a user corresponding to the first device.

第一发送单元1402，用于向第二设备发送所述第一报文。The first sending unit 1402 is configured to send the first packet to the second device.

在一个实施方式中，所述第一设备1400还包括：In an embodiment, the first device 1400 further includes:

第一接收单元，用于接收所述第二设备发送的可扩展身份验证协议请求EAP Request报文；a first receiving unit, configured to receive an extensible identity verification protocol request EAP Request message sent by the second device;

在所述第一接收单元接收到所述EAP Request报文后，获得可扩展身份验证协议响应EAP Response报文，所述EAP Response报文包括所述第一标识和所述第二标识。After receiving the EAP Request message, the first receiving unit obtains an Extensible Identity Verification Protocol (EAP Response) message, where the EAP Response message includes the first identifier and the second identifier.

第三接收单元，用于接收来自服务器的第三报文，所述第三报文包括认证矢量中的随机数；a third receiving unit, configured to receive a third packet from the server, where the third packet includes a random number in the authentication vector;

计算单元，用于用于根据所述认证矢量中的随机数以及与所述第二标识对应的共享密钥，获得认证运算结果，a calculating unit, configured to obtain an authentication operation result according to a random number in the authentication vector and a shared key corresponding to the second identifier,

在一个实施方式中，所述请求带宽调整的类型包括提高带宽、终止提高带宽、降低带宽或终止降低带宽。In one embodiment, the type of request bandwidth adjustment includes increasing bandwidth, terminating increased bandwidth, reducing bandwidth, or terminating reduced bandwidth.

参见图15，为本发明实施例提供的一种请求带宽调整的设备示意图。该请求带宽调整的设备可以是第一设备1500，图15对应的实施例中的第二设备可以是能够与第一设备1500和服务器通信的设备。FIG. 15 is a schematic diagram of an apparatus for requesting bandwidth adjustment according to an embodiment of the present invention. The The device requesting bandwidth adjustment may be the first device 1500, and the second device in the embodiment corresponding to FIG. 15 may be a device capable of communicating with the first device 1500 and the server.

第一设备1500可包括处理器1501，网络接口1502，存储器1503，和通信总线1504，所述通信总线用于实现处理器1501，网络接口1502，存储器1503之间的连接通信。该处理器1501可以为CPU，存储器1503可能包含RAM，也可能还包括non-volatile memory，例如至少一个磁盘存储器。所述存储器1503用于存储一组程序指令，所述处理器1501用于调用所述存储器1503存储的程序指令执行相应操作。The first device 1500 can include a processor 1501, a network interface 1502, a memory 1503, and a communication bus 1504 for implementing connection communication between the processor 1501, the network interface 1502, and the memory 1503. The processor 1501 may be a CPU, the memory 1503 may include a RAM, and may also include a non-volatile memory, such as at least one disk storage. The memory 1503 is configured to store a set of program instructions, and the processor 1501 is configured to invoke a program instruction stored by the memory 1503 to perform a corresponding operation.

其中，所述处理器1501调用所述存储器1503中的程序指令以用于：The processor 1501 invokes program instructions in the memory 1503 for:

获得第一报文，所述第一报文包括第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识所述第一设备对应的用户；Obtaining a first packet, where the first packet includes a first identifier and a second identifier, where the first identifier is used to identify a type of bandwidth adjustment request, and the second identifier is used to identify a corresponding identifier of the first device. user;

向第二设备发送所述第一报文。Sending the first packet to the second device.

其中，所述处理器1501调用所述存储器1503中的程序指令还用于：The program instruction in the memory 1503 is further used by the processor 1501 to:

接收所述第二设备发送的可扩展身份验证协议请求EAP Request报文；Receiving an extensible identity verification protocol request EAP Request message sent by the second device;

则获得第一报文包括：接收到所述EAP Request报文后，获得可扩展身份验证协议响应EAP Response报文，所述EAP Response报文包括所述第一标识和所述第二标识。The obtaining the first packet includes: after receiving the EAP Request message, obtaining an extensible authentication protocol response EAP Response packet, where the EAP Response packet includes the first identifier and the second identifier.

接收所述第二设备发送的第二报文，所述第二报文用于指示所述第一设备通过所述第二设备的认证。Receiving a second packet sent by the second device, where the second packet is used to indicate that the first device is authenticated by the second device.

接收来自服务器的第三报文，所述第三报文包括认证矢量中的随机数，所述服务器为对所述第一设备进行认证的设备；Receiving a third packet from the server, the third packet includes a random number in the authentication vector, and the server is a device that authenticates the first device;

根据所述认证矢量中的随机数以及与所述第二标识对应的共享密钥，获得认证运算结果；Obtaining an authentication operation result according to a random number in the authentication vector and a shared key corresponding to the second identifier;

向所述服务器发送第四报文，所述第四报文包含所述认证运算结果。 Sending a fourth packet to the server, where the fourth packet includes the authentication operation result.

其中，所述请求带宽调整的类型包括提高带宽、终止提高带宽、降低带宽、终止降低带宽中的一种或多种。The type of the request bandwidth adjustment includes one or more of increasing bandwidth, terminating increasing bandwidth, reducing bandwidth, and terminating reducing bandwidth.

在图14和图15示出的本发明实施例提供的按需分配带宽设备，在需要进行带宽调整时，获得包含第一标识和第二标识的第一报文，所述第一标识用于标识所述请求带宽调整的类型，所述第二标识用于标识所述第一设备对应的用户；所述第一设备向第二设备发送所述第一报文，以使得所述第二设备根据所述第一报文获得第二报文，并向服务器发送所述第二报文，由所述服务器在确认所述第二标识对应的用户具有带宽调整权限时对所述用户的带宽进行调整。The device according to the embodiment of the present invention shown in FIG. 14 and FIG. 15 obtains a first packet including a first identifier and a second identifier, where the first identifier is used for bandwidth adjustment. Identifying the type of the requested bandwidth adjustment, the second identifier is used to identify a user corresponding to the first device, and the first device sends the first packet to the second device, so that the second device Obtaining a second packet according to the first packet, and sending the second packet to the server, where the server performs bandwidth on the user when confirming that the user corresponding to the second identifier has bandwidth adjustment authority Adjustment.

本发明实施例提供的方案可以在由计算机执行的计算机可执行指令的一般上下文中描述，例如程序单元。一般地，程序单元包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本发明实施例提供的方案，在这些分布式计算环境中，由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中，程序单元可以位于包括存储设备在内的本地和远程计算机存储介质中。The aspects provided by embodiments of the present invention may be described in the general context of computer-executable instructions executed by a computer, such as a program element. Generally, program units include routines, programs, objects, components, data structures, and the like that perform particular tasks or implement particular abstract data types. The solutions provided by embodiments of the present invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are connected through a communication network. In a distributed computing environment, program units can be located in both local and remote computer storage media including storage devices.

本说明书中的各个实施例均采用递进的方式描述，各个实施例之间相同相似的部分互相参见即可，每个实施例重点说明的都是与其它实施例的不同之处。尤其，对于装置实施例而言，由于其基本相似于方法实施例，所以描述得比较简单，相关之处参见方法实施例的部分说明即可。以上所描述的装置实施例仅仅是示意性的，其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性劳动的情况下，即可以理解并实施。The various embodiments in the specification are described in a progressive manner, and the same or similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment. The device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, ie may be located A place, or it can be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without any creative effort.

以上对本发明实施例进行了详细介绍，本文中应用了具体实施方式对本发明进行了阐述，以上实施例的说明只是用于帮助理解本发明的方法及设备；同时，对于本领域的一般技术人员，依据本发明的思想，在具体实施方式及应用范围上均会有改变之处，综上所述，本说明书内容不应理解为对本发明的限制。 The embodiments of the present invention have been described in detail above, and the present invention has been described with reference to the specific embodiments. The description of the above embodiments is only for facilitating understanding of the method and device of the present invention. Meanwhile, for those skilled in the art, According to the idea of the present invention, in a specific embodiment and There is a change in the scope of the application, and the contents of the present specification should not be construed as limiting the invention.

Claims

一种按需分配带宽的方法，其特征在于，所述方法包括：A method for allocating bandwidth on demand, characterized in that the method comprises:

第一设备接收第二设备发送的包含带宽调整请求的第一报文，所述第二设备为请求带宽调整的设备，所述第一报文包括第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识所述第二设备对应的用户；The first device receives a first packet that is sent by the second device and includes a bandwidth adjustment request, where the second device is a device that requests bandwidth adjustment, where the first packet includes a first identifier and a second identifier, where the first device Identifying a type for identifying a bandwidth adjustment request, where the second identifier is used to identify a user corresponding to the second device;

所述第一设备在所述第一报文包括所述第一标识时，根据所述第一报文获得第二报文，所述第二报文包括所述第一标识和所述第二标识；When the first packet includes the first identifier, the first device obtains a second packet according to the first packet, where the second packet includes the first identifier and the second packet Identification

所述第一设备向服务器发送所述第二报文，所述服务器用于响应所述带宽调整请求。The first device sends the second packet to a server, where the server is configured to respond to the bandwidth adjustment request.
根据权利要求1所述的方法，其特征在于，所述第一报文是可扩展身份验证协议请求EAP Request报文，所述EAP Request报文包括子类型Subtype和属性类型Attribute Type，所述Subtype用于携带所述第一标识，所述Attribute Type用于携带所述第二标识。The method according to claim 1, wherein the first packet is an extensible authentication protocol request EAP Request message, and the EAP Request message includes a subtype Subtype and an attribute type Attribute Type, the Subtype And the Attribute Type is used to carry the second identifier.
根据权利要求1所述的方法，其特征在于，所述第一报文是可扩展身份验证协议响应EAP Response报文，所述EAP Response报文的Attribute Type用于携带所述第一标识和所述第二标识。The method according to claim 1, wherein the first packet is an extensible authentication protocol response EAP Response packet, and an Attribute Type of the EAP Response packet is used to carry the first identifier and the identifier. The second identifier is described.
根据权利要求1至3任意一项所述的方法，其特征在于，所述第二报文是远程用户拨号认证***协议RADIUS报文，所述RADIUS报文的Attribute Type用于携带所述第一报文。The method according to any one of claims 1 to 3, wherein the second packet is a remote user dialing authentication system protocol RADIUS packet, and the Attribute Type of the RADIUS packet is used to carry the first packet. Message.
一种按需分配带宽的方法，其特征在于，所述方法包括：A method for allocating bandwidth on demand, characterized in that the method comprises:

服务器接收第一设备发送的第一报文，所述第一报文包含第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识第二设备对应的用户，所述第二设备为请求带宽调整的设备；The server receives the first packet sent by the first device, where the first packet includes a first identifier and a second identifier, where the first identifier is used to identify a type of bandwidth adjustment request, and the second identifier is used to identify a user corresponding to the second device, where the second device is a device that requests bandwidth adjustment;

所述服务器根据所述第二标识判断所述用户是否具有带宽调整的权限；Determining, by the server, whether the user has the right to adjust bandwidth according to the second identifier;

当所述服务器确定所述用户具有带宽调整的权限时，所述服务器根据所述第一标识，获得第一策略变更COA报文，所述第一COA报文包括所述第二标识，所述第一COA报文用于指示宽带接入服务器BRAS执行与所述第一标识对应的带宽调整；When the server determines that the user has the right to adjust bandwidth, the server is configured according to the Determining, by the first identifier, a first policy change COA message, where the first COA message includes the second identifier, where the first COA message is used to indicate that the broadband access server BRAS performs the first identifier Corresponding bandwidth adjustment;

所述服务器向所述BRAS发送所述第一COA报文。The server sends the first COA message to the BRAS.
根据权利要求5所述的方法，其特征在于，所述方法还包括：The method of claim 5, wherein the method further comprises:

所述服务器向所述第二设备发送第二报文，所述第二报文包括认证矢量中的随机数；The server sends a second packet to the second device, where the second packet includes a random number in the authentication vector;

当所述服务器确定未收到所述第二设备发送的与所述第二报文对应的响应报文，或者所述服务器根据所述第二报文对应的响应报文确定认证失败时，向所述BRAS发送第二COA报文，所述第二COA报文包括所述第二标识，所述第二COA报文用于指示所述BRAS停止执行与所述第一标识对应的带宽调整。When the server determines that the response packet corresponding to the second packet sent by the second device is not received, or the server determines that the authentication fails according to the response packet corresponding to the second packet, The BRAS sends a second COA message, where the second COA message includes the second identifier, and the second COA message is used to instruct the BRAS to stop performing bandwidth adjustment corresponding to the first identifier.
一种按需分配带宽的方法，其特征在于，所述方法包括：A method for allocating bandwidth on demand, characterized in that the method comprises:

第一设备获得第一报文，所述第一设备为请求带宽调整的设备，所述第一报文包括第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识所述第一设备对应的用户；The first device obtains a first packet, where the first device is a device that requests bandwidth adjustment, and the first packet includes a first identifier and a second identifier, where the first identifier is used to identify a type of request bandwidth adjustment. The second identifier is used to identify a user corresponding to the first device;

所述第一设备向第二设备发送所述第一报文。The first device sends the first packet to the second device.
根据权利要求7所述的方法，其特征在于，所述第一设备获得第一报文之前，所述方法还包括：The method according to claim 7, wherein before the first device obtains the first packet, the method further includes:

所述第一设备接收所述第二设备发送的可扩展身份验证协议请求EAP Request报文；Receiving, by the first device, an extensible identity verification protocol request EAP Request message sent by the second device;

所述第一设备获得第一报文包括：The obtaining, by the first device, the first packet includes:

所述第一设备接收到所述EAP Request报文后，获得可扩展身份验证协议响应EAP Response报文，所述EAP Response报文包括所述第一标识和所述第二标识。After receiving the EAP Request message, the first device obtains an extensible authentication protocol response EAP Response message, where the EAP Response message includes the first identifier and the second identifier.
根据权利要求7所述的方法，其特征在于，所述第一设备获得第一报文之前，所述方法还包括： The method according to claim 7, wherein before the first device obtains the first packet, the method further includes:

所述第一设备接收到所述第二设备发送的第二报文，所述第二报文用于指示所述第一设备通过所述第二设备的认证。The first device receives the second packet sent by the second device, where the second packet is used to indicate that the first device is authenticated by the second device.
根据权利要求7至9任意一项所述的方法，其特征在于，所述方法还包括：The method according to any one of claims 7 to 9, wherein the method further comprises:

所述第一设备接收来自服务器的第三报文，所述服务器用于响应所述带宽调整请求，所述第三报文包括认证矢量中的随机数；The first device receives a third packet from a server, where the server is configured to respond to the bandwidth adjustment request, where the third packet includes a random number in an authentication vector;

所述第一设备根据所述认证矢量中的随机数以及与所述第二标识对应的共享密钥，获得认证运算结果；The first device obtains an authentication operation result according to a random number in the authentication vector and a shared key corresponding to the second identifier;

所述第一设备向所述服务器发送第四报文，所述第四报文包含所述认证运算结果。The first device sends a fourth packet to the server, where the fourth packet includes the authentication operation result.
一种第一设备，其特征在于，所述第一设备包括：A first device, wherein the first device comprises:

第一接收单元，用于接收第二设备发送的包含带宽调整请求的第一报文，所述第二设备为请求带宽调整的设备，所述第一报文包括第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识所述第二设备对应的用户；a first receiving unit, configured to receive, by the second device, a first packet that includes a bandwidth adjustment request, where the second device is a device that requests bandwidth adjustment, where the first packet includes a first identifier and a second identifier, where The first identifier is used to identify a type of requesting bandwidth adjustment, and the second identifier is used to identify a user corresponding to the second device;

第一获得单元，用于在所述接收单元接收的所述第一报文包括所述第一标识时，根据所述第一报文获得第二报文，所述第二报文包括所述第一标识和所述第二标识；a first obtaining unit, configured to: when the first packet received by the receiving unit includes the first identifier, obtain a second packet according to the first packet, where the second packet includes the a first identifier and the second identifier;

第一发送单元，用于向服务器发送所述获得单元获得的所述第二报文，所述服务器用于响应带宽调整请求。a first sending unit, configured to send, to the server, the second packet obtained by the obtaining unit, where the server is configured to respond to a bandwidth adjustment request.
根据权利要求11所述的第一设备，其特征在于，所述第一报文是可扩展身份验证协议请求EAP Request报文，所述EAP Request报文包括子类型Subtype和属性类型AttributeType，所述Subtype用于携带所述第一标识，所述Attribute type携带所述第二标识。The first device according to claim 11, wherein the first packet is an extensible authentication protocol request EAP Request packet, and the EAP Request packet includes a subtype Subtype and an attribute type AttributeType, The Subtype is configured to carry the first identifier, and the Attribute type carries the second identifier.
根据权利要求11所述的第一设备，其特征在于，所述第一报文是可扩展身份验证协议响应EAP Response报文，所述EAP Response报文的Attribute Type用于携带所述第一标识和所述第二标识。 The first device according to claim 11, wherein the first packet is an extensible authentication protocol response EAP Response packet, and an Attribute Type of the EAP Response packet is used to carry the first identifier. And the second identifier.
根据权利要求11至13任意一项所述的第一设备，其特征在于，所述第二报文是远程用户拨号认证***协议RADIUS报文，所述RADIUS报文的AttributeType用于携带所述第一报文。The first device according to any one of claims 11 to 13, wherein the second packet is a remote user dialing authentication system protocol RADIUS packet, and the AttributeType of the RADIUS packet is used to carry the first A message.
一种服务器，其特征在于，所述服务器包括：A server, wherein the server comprises:

第一接收单元，用于接收第一设备发送的第一报文，所述第一报文包含第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识第二设备对应的用户，所述第二设备为请求带宽调整的设备；a first receiving unit, configured to receive a first packet sent by the first device, where the first packet includes a first identifier and a second identifier, where the first identifier is used to identify a type of request bandwidth adjustment, where The second identifier is used to identify a user corresponding to the second device, and the second device is a device that requests bandwidth adjustment;

确定单元，用于根据所述第二标识判断所述用户是否具有带宽调整的权限；a determining unit, configured to determine, according to the second identifier, whether the user has the right to adjust bandwidth;

第一获得单元，用于当确定所述用户具有带宽调整的权限时，根据所述第一标识，获得第一策略变更COA报文，所述第一COA报文包括所述第二标识，所述第一COA报文用于指示宽带接入服务器BRAS执行与所述第一标识对应的带宽调整；a first obtaining unit, configured to: when determining that the user has the right to adjust the bandwidth, obtain a first policy change COA message according to the first identifier, where the first COA message includes the second identifier, where The first COA message is used to instruct the broadband access server BRAS to perform bandwidth adjustment corresponding to the first identifier;

第一发送单元，用于向所述BRAS发送所述第一COA报文。The first sending unit is configured to send the first COA message to the BRAS.
根据权利要求15所述的服务器，其特征在于，所述服务器还包括：The server according to claim 15, wherein the server further comprises:

第二发送单元，用于向所述第二设备发送第二报文，所述第二报文包括认证矢量中的随机数；a second sending unit, configured to send a second packet to the second device, where the second packet includes a random number in the authentication vector;

第三发送单元，用于当确定未收到所述第二设备发送的与所述第二报文对应的响应报文，或者根据所述第二报文对应的响应报文确定认证失败时，向所述BRAS发送第二COA报文，所述第二COA报文包括所述第二标识，所述第二COA用于指示所述BRAS停止执行与所述第一标识对应的带宽调整。a third sending unit, configured to: when it is determined that the response packet corresponding to the second packet sent by the second device is not received, or when the authentication failure is determined according to the response packet corresponding to the second packet, Sending a second COA message to the BRAS, where the second COA message includes the second identifier, where the second COA is used to instruct the BRAS to stop performing bandwidth adjustment corresponding to the first identifier.
一种请求带宽调整的设备，其特征在于，所述请求带宽调整的设备为第一设备，所述第一设备包括：A device for requesting bandwidth adjustment, wherein the device for requesting bandwidth adjustment is a first device, and the first device includes:

获得单元，用于获得第一报文，所述第一报文包括所述第一标识和第二标识，所述第一标识用于标识请求带宽调整的类型，所述第二标识用于标识所述第一设备对应的用户； An obtaining unit, configured to obtain a first packet, where the first packet includes the first identifier and the second identifier, where the first identifier is used to identify a type of request bandwidth adjustment, and the second identifier is used to identify a user corresponding to the first device;

第一发送单元，用于向第二设备发送所述第一报文。The first sending unit is configured to send the first packet to the second device.
根据权利要求17所述的请求带宽调整的设备，其特征在于，所述请求带宽调整的设备还包括：The device for requesting bandwidth adjustment according to claim 17, wherein the device for requesting bandwidth adjustment further comprises:

第一接收单元，用于接收所述第二设备发送的可扩展身份验证协议请求EAP Request报文；a first receiving unit, configured to receive an extensible identity verification protocol request EAP Request message sent by the second device;

所述获得单元具体用于：The obtaining unit is specifically configured to:

在所述第一接收单元接收到所述EAP Request报文后，获得可扩展身份验证协议响应EAP Response报文，所述EAP Response报文包括所述第一标识和所述第二标识。After receiving the EAP Request message, the first receiving unit obtains an Extensible Identity Verification Protocol (EAP Response) message, where the EAP Response message includes the first identifier and the second identifier.
根据权利要求17所述的设备，其特征在于，所述设备还包括：The device according to claim 17, wherein the device further comprises:

第二接收单元，用于接收所述第二设备发送的第二报文，所述第二报文用于指示所述第一设备通过所述第二设备的认证。The second receiving unit is configured to receive the second packet sent by the second device, where the second packet is used to indicate that the first device is authenticated by the second device.
根据权利要求17至19任意一项所述的设备，其特征在于，所述设备还包括：The device according to any one of claims 17 to 19, further comprising:

第三接收单元，用于接收来自服务器的第三报文，所述服务器用于响应所述带宽调整请求，所述第三报文包括认证矢量中的随机数；a third receiving unit, configured to receive a third packet from the server, where the server is configured to respond to the bandwidth adjustment request, where the third packet includes a random number in the authentication vector;

计算单元，用于根据所述认证矢量中的随机数以及与所述第二标识对应的共享密钥，获得认证运算结果；a calculating unit, configured to obtain an authentication operation result according to a random number in the authentication vector and a shared key corresponding to the second identifier;

第二发送单元，用于向所述第二设备发送第四报文，所述第四报文包含所述认证运算结果。 a second sending unit, configured to send a fourth packet to the second device, where the fourth packet includes the authentication operation result.