CN106506457B - A kind of method and system of accessing terminal to network - Google Patents
A kind of method and system of accessing terminal to network Download PDFInfo
- Publication number
- CN106506457B CN106506457B CN201610891382.0A CN201610891382A CN106506457B CN 106506457 B CN106506457 B CN 106506457B CN 201610891382 A CN201610891382 A CN 201610891382A CN 106506457 B CN106506457 B CN 106506457B
- Authority
- CN
- China
- Prior art keywords
- stack
- double stack
- double
- bng
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000013475 authorization Methods 0.000 claims description 4
- 238000012217 deletion Methods 0.000 claims 2
- 230000037430 deletion Effects 0.000 claims 2
- 230000008569 process Effects 0.000 abstract description 21
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000004891 communication Methods 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 10
- 230000009466 transformation Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 101000869592 Daucus carota Major allergen Dau c 1 Proteins 0.000 description 3
- 101000650136 Homo sapiens WAS/WASL-interacting protein family member 3 Proteins 0.000 description 3
- 102100027539 WAS/WASL-interacting protein family member 3 Human genes 0.000 description 3
- 238000009826 distribution Methods 0.000 description 3
- 238000004806 packaging method and process Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 210000000988 bone and bone Anatomy 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/167—Adaptation for transition between two IP versions, e.g. between IPv4 and IPv6
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of method and system of accessing terminal to network, are related to field of communication technology, are able to solve during conventional network equipment upgrading, the problem of be easy to causeing network failure, bring loss to network service.The method comprise the steps that single stack BNG obtains the corresponding double stack addressing strategies of double stack terminals from double stack aaa servers when single stack BNG receives the access request that double stack terminals are sent;Single stack BNG obtains the address information of double stack terminals by the tunnel VxLAN according to double stack addressing strategies from double stack vBNG;Single stack BNG sends address information to double stack terminals;When single stack BNG receives the network access request that double stack terminals are sent, single stack BNG sends network access request to double stack vBNG by the tunnel VxLAN, in order to which network access request is sent to backbone network by double stack CR by double stack vBNG.The present invention is suitable for the process of double stack accessing terminal to network.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of method and system of accessing terminal to network.
Background technique
As IPv4 (English: Internet Protocol version4, Chinese: internet protocol version 4) address disappears
Consumption totally, is based on the next generation of IPv6 (English: Internet Protocol version6, Chinese: internet protocol version 6)
Internet Construction becomes future development inexorable trend.And the heading of IPv4 and IPv6 is incompatible, causes in existing IPv4 network
Equipment and terminal need to carry out upgrading and could support IPv6.
Currently, being the process of IPv6 network by IPv4 Internet eco- crisis are as follows: be first to support IPv4 by part terminal upgrade
It is then that the BNG of all Metropolitan Area Network (MAN)s is (English: Broadband Network Gateway, Chinese: wide with double stack terminals of IPv6
Band gateway) and the device upgrades such as CR (English: Coer Router, Chinese: core router) or replace with support IPv6 and set
It is standby, finally pass through long term evolution, realizes the construction of IPv6 network.
The process of above-mentioned upgrading network needs disposable upgrading, replaces all-network equipment, and conventional network equipment
Substantial amounts, this will lead to the higher cost of upgrading, and carry out extensive net under product and the jejune situation of scheme
Network transformation, be easy to cause network failure, brings loss to network service.
Summary of the invention
The present invention provides a kind of method and system of accessing terminal to network, is able to solve conventional network equipment upgrading mistake
The problem of Cheng Zhong be easy to cause network failure, brings loss to network service.
In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that
In a first aspect, the present invention provides a kind of method of accessing terminal to network, the method is applied to accessing terminal to network
System, the system of the accessing terminal to network include support IPv4 and IPv6 double stack terminals, support IPv4 single stack BNG,
Support double stack vBNG (English: Virtual Broadband Network Gateway, Chinese: virtual broadband of IPv4 and IPv6
Gateway), support double stack CR of IPv4 and IPv6, and support double stack AAA (English: Authentication of IPv4 and IPv6
Authorization Accounting, Chinese: verifying authorization book keeping operation) server, which comprises
When the list stack BNG receives the access request that the double stack terminals are sent, the list stack BNG is from double stacks
Aaa server obtains the corresponding double stack addressing strategies of double stack terminals, and double stack addressing strategies are whole for making double stacks
End accesses network by double stack vBNG;
The list stack BNG passes through VxLAN (English: Virtual Broadband according to double stack addressing strategies
Network Gateway, Chinese: virtual expansible local area network) tunnel from double stack vBNG obtains double stack terminals
The address information of IPv4 and IPv6;
The list stack BNG sends the address information to double stack terminals, in order to which double stack terminals are described in
Address information accesses network;
When the list stack BNG receives the network access request that double stack terminals are sent, the list stack BNG passes through institute
It states the tunnel VxLAN and sends the network access request to double stack vBNG, in order to which double stack vBNG pass through double stacks
The network access request is sent to backbone network by CR.
Second aspect, the present invention provide a kind of system of accessing terminal to network, and the system comprises support IPv4 and IPv6
Double stack terminals, support IPv4 single stack BNG, support IPv4 and IPv6 double stack vBNG, support IPv4 and IPv6 double stack CR,
And double stack aaa servers of IPv4 and IPv6, the list stack BNG is supported to be used to receive double stacks as the list stack BNG
When the access request that terminal is sent, the corresponding double stack addressing strategies of double stack terminals, institute are obtained from double stack aaa servers
Double stack addressing strategies are stated for making double stack terminals access network by double stack vBNG;According to double stack addressing plans
Slightly, the IPv4 and IPv6 of double stack terminals are obtained from double stack vBNG by the virtual tunnel expansible local area network VxLAN
Address information;The address information is sent to double stack terminals, in order to which double stack terminals are visited by the address information
Ask network;When receiving the network access request that the double stack terminals are sent, by the tunnel VxLAN to double stacks
VBNG sends the network access request, in order to which double stack vBNG are sent out the network access request by double stack CR
It send to backbone network.
The method and system of accessing terminal to network provided by the invention are compared to disposable upgrading replacement in the prior art
All devices, the present invention increases in existing network system to be supported double stack vBNG of IPv4 and IPv6, supports IPv4's and IPv6
Double stack CR, and support double stack aaa servers of IPv4 and IPv6.When double stack terminals need to access network or access network,
Single stack BNG and double stack vBNG carries out information exchange by the tunnel VxLAN, and double stack terminals is allow to pass through double stack vBNG and double stack CR
Network is accessed, and mutually indepedent with the process of mono-stack terminal access network or access network.In this way, since legacy network being transformed
It is less, a possibility that reducing failure risk in transformation process, and transformation when something goes wrong, will not influence original mono-stack terminal
Access to network, double stack terminals quickly switchback legacy network equipment can also execute original IPv4 network browsing process, keep away
Exempt from customs examination network service brings loss.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ability
For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 is the system architecture diagram of accessing terminal to network provided in an embodiment of the present invention;
Fig. 2 is a kind of method flow diagram of accessing terminal to network provided in an embodiment of the present invention;
Fig. 3 is the structural schematic diagram of heading in VxLAN message provided in an embodiment of the present invention;
Fig. 4 is the method flow diagram of another accessing terminal to network provided in an embodiment of the present invention;
Fig. 5 is the composition schematic diagram of heading during accessing terminal to network provided in an embodiment of the present invention;
Fig. 6 is a kind of system schematic of accessing terminal to network provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts all other
Embodiment shall fall within the protection scope of the present invention.
The embodiment of the present invention can be used for system as shown in Figure 1, which includes: only to support the mono-stack terminal of IPv4
11, list stack BNG12 and single stack CR13, supports double stack terminals 14, the double stack vBNG15, double stack CR16, double stack AAA of IPv4 and IPv6
Server 17, double stack SDN (English: Software Defined Network, Chinese: software defined network) controller 18, bone
Dry net 19 and access net 20, connection relationship is as shown in fig. 1 between each equipment.Wherein, single stack BNG12 and list stack CR13 is existing
Equipment in network, single stack BNG12 are used to distribute IP (English: Internet Protocol, Chinese: interconnection for mono-stack terminal 11
FidonetFido) address, mono-stack terminal 11, which can pass through, accesses net 20, list stack BNG12 and list stack CR13 access backbone network 19;Double stacks
Aaa server 17 and double stack terminals 14 can be double stack vBNG15, double by carrying out software upgrading realization to equipment in existing network
Stack CR16 and double stack SDN controllers 18 are increased equipment on the basis of existing network;Double stack aaa servers 17 are for completing institute
There is the authentication and accounting of terminal, and reports offline information in double stack terminals 14 to double stack SDN controllers 18;Double stack SDN controllers 18
For being that list stack BNG12 and double stack vBNG15 issue VxLAN tunnel configuration information according to offline information in terminal;Double stack vBNG15
For distributing IP address for double stack terminals 14, double stack terminals 14 can by access net 20, single stack BNG12, double stack vBNG15 and
Double stack CR16 access backbone network 19.
The embodiment of the present invention provides a kind of method of accessing terminal to network, as shown in Fig. 2, this method can be applied to such as figure
System shown in 1, this method process specifically include:
101, when single stack BNG receives the access request that double stack terminals are sent, single stack BNG is obtained from double stack aaa servers
Take the corresponding double stack addressing strategies of double stack terminals.
Wherein, double stack addressing strategies access network for making double stack terminals pass through double stack vBNG.
After single stack BNG receives the access request of terminal transmission, it is necessary first to be authenticated to terminal, single stack BNG is to double
Stack aaa server, which is sent, carries the certification request of access information, after double stack aaa servers receive certification request, according to recognizing
The access information carried in card request determines the type of terminal.It is default for different types of terminal in double stack aaa servers
Different access strategy, for determining the mode of different types of terminal access network.Access strategy specifically includes single stack addressing
Strategy and double stack addressing strategies, single stack addressing strategy correspond to mono-stack terminal, and double stack addressing strategies correspond to double stack terminals, single stack
For access strategy for making mono-stack terminal access backbone network by list stack BNG and list stack CR, double stack addressing strategies are whole for making double stacks
End accesses backbone network by single stack BNG, double stack vBNG and double stack CR.
It should be noted that in embodiments of the present invention, terminal can be mobile phone, computer, traditional-family's gateway and intelligence
The equipment such as energy home gateway.
102, list stack BNG obtains the IPv4 of double stack terminals by the tunnel VxLAN according to double stack addressing strategies from double stack vBNG
With the address information of IPv6.
Wherein, the tunnel VxLAN is list stack BNG and double stack vBNG are established, for the letter between single stack BNG and double stack vBNG
Breath interaction.
BNG is the offer point of the destination node that terminal accesses in Metropolitan Area Network (MAN) and infrastructure service, and traditional BNG is based on software and hardware
What integrated equipment was realized, the BNG of different times deployment can not realize same function by software upgrading mode.With network
Business is increasing, and traditional BNG merges more and more business, so that the software of traditional BNG is become increasingly complex, is led to software not
The problems such as stable, software development cost increases, software upgrade cycle is elongated, so that network performance be made to be severely impacted.
And network function virtualization technology can be very good to solve the above problems.Network function virtualization refer to by using
General purpose hardware and virtualization technology, it is proprietary with general substitution to carry very multi-functional software processing, specially by original tradition
After network function on network element device extracts virtualization, software implementation, operate on general hardware platform.Network function
Can virtualize can either reduce network equipment cost, and can make the function of the network equipment by software and hardware decoupling and function modeling
It can be no longer dependent on specialized hardware, resource is sufficiently flexibly shared, to realize the quick exploitation and deployment of new business;Network function
Virtualization is also based on practical business demand and carries out automatic deployment, elastic telescopic, Fault Isolation and self-healing etc..
Therefore, in order to realize the quick exploitation of IPv6 network, it is empty that BNG business function can be used in embodiments of the present invention
The vBNG obtained after quasi-ization.VBNG has programmability, is capable of providing flexible funcall, and pass through double stack SDN controls
Device configures related service function, to realize that terminal is developed to the on-demand customization of IPv6 network service and quickly.
103, list stack BNG sends address information to double stack terminals, in order to which double stack terminals access network by address information.
104, when single stack BNG receives the network access request that double stack terminals are sent, single stack BNG passes through the tunnel VxLAN
Network access request is sent to double stack vBNG, in order to which network access request is sent to backbone by double stack CR by double stack vBNG
Net.
At the initial stage of the network rebuilding, IPv6 terminal is less and disperses, and when the investment of the network rebuilding is lower, the present invention is implemented
The method of example is few to the transformation of existing net, and improvement cost is low, economical can quickly realize access of the IPv6 terminal to network.
It should be noted that the heading due to VxLAN message amounts to 8 bytes, as shown in figure 3, and used at present
Be 8 bits marker and 24 bits VNI (English: VxLAN Network Identifier, Chinese: can virtually expand
Open up LAN ID), rest part does not define, and therefore, can use a VNI in the present invention and represents an IPv6 terminal
Establish tunnel.The VNI of 24 bits just represents 16,000,000 unique tunnels, with constantly pushing away for network rebuilding process
Into IPv6 terminal is continuously increased, and the embodiment of the present invention still is able to meet the access of terminal in Metropolitan Area Network (MAN), is not needed to meet eventually
It holds quantity and is superimposed multi-layer tunnel.And although other standards can encapsulate MAC in IP, they can only use most 4096
A different channel, and VxLAN passes through the VNI of 24 bits, may be implemented to dispose million autonomous channels in a network.
The method of accessing terminal to network provided in an embodiment of the present invention is compared to disposable upgrading replacement in the prior art
All devices, the present invention increases in existing network system to be supported double stack vBNG of IPv4 and IPv6, supports IPv4's and IPv6
Double stack CR, and support double stack aaa servers of IPv4 and IPv6.When double stack terminals need to access network or access network,
Single stack BNG and double stack vBNG carries out information exchange by the tunnel VxLAN, and double stack terminals is allow to pass through double stack vBNG and double stack CR
Network is accessed, and mutually indepedent with the process of mono-stack terminal access network or access network.In this way, since legacy network being transformed
It is less, a possibility that reducing failure risk in transformation process, and transformation when something goes wrong, will not influence original mono-stack terminal
Access to network, double stack terminals quickly switchback legacy network equipment can also execute original IPv4 network browsing process, keep away
Exempt from customs examination network service brings loss.
Further embodiment of this invention provides a kind of method of accessing terminal to network, as shown in figure 4, this method can be applied to
System as shown in Figure 1, this method specifically include:
201, double stack terminals send access request to single stack BNG.
Due to the network that access net is two layers of transparent transmission, for IPv6 message unaware, therefore, mono-stack terminal and double stack terminals
Access request can be sent to single stack BNG by access net.In embodiments of the present invention, mono-stack terminal and double stack terminals are referred to as
For terminal.When terminal needs to access network, first by related protocol, such as: PPPoE (English: Point to Point
Protocol Over Ethernet, Chinese: Point-to-Point Protocol over Ethernet), single stack BNG is accessed, terminal and list stack BNG are carried out
PPPoE negotiates, i.e., sends message mutually by the tunnel PPPoE.Wherein, access information is carried in access request, such as: terminal
The domain name etc. in domain where mark, terminal.
As shown in figure 5, terminal by the tunnel PPPoE to single stack BNG send message process are as follows: the IPv4 of double stack terminals and
IPv6 message packaging V LAN (English: Virtual Local Area Network, Chinese: virtual LAN) head, PPPoE and
After PPP (English: Point to Point Protocol, Chinese: point-to-point protocol) head, accessed by the same tunnel PPPoE single
Stack BNG.
202, list stack BNG sends terminal authentication request to double stack aaa servers.
Wherein, access information is carried in certification request.
After not supporting IPv6, list stack BNG to receive the access request that double stack terminals are sent due to single stack BNG, need
Terminal is authenticated by double stack aaa servers, so that it is determined that corresponding access strategy.
In embodiments of the present invention, presetting different access strategies also for different types of terminal can be set in single stack
In BNG.When access strategy is arranged in single stack BNG, after double stack aaa servers determine terminal type according to access information, only
It needs to send the mark that terminal type corresponds to access strategy to single stack BNG;When access strategy is arranged in double stack aaa servers
When middle, double stack aaa servers need the particular content for issuing access strategy to be issued in single stack BNG.
203, after double stack aaa servers pass through double stack terminal authentications, double stack addressing strategies are sent to single stack BNG.
After double stack aaa servers receive the certification request of single stack BNG, determined eventually according to the information carried in certification request
The type at end, such as: determine that terminal is mono-stack terminal or double stacks according to the information such as the domain name in domain where terminal iidentification or terminal
Terminal.
204, double stack aaa servers send double stack terminal access informations to double stack SDN controllers.
SDN is a kind of implementation of network virtualization, and core technology is by by network equipment control plane and data
Face separates, to realize the flexible control of network flow, network is made to become more intelligent as pipeline.Of the invention real
It applies in example, when double stack aaa servers determine that the terminal for sending access request is double stack terminals, single stack BNG is needed to double stacks
The access request that vBNG is transmitted and received, in order to which double stack vBNG are double stack terminal distribution I P address.Wherein, single stack BNG can be with
The configuration information of the access request transmitted and received by the tunnel VxLAN to double stack vBNG, the tunnel VxLAN is controlled by double stack SDN
Device is sent.
205, double stack SDN controllers send VxLAN tunnel configuration information to single stack BNG.
Wherein, double stack SDN controllers include at least VxLAN message into the VxLAN tunnel configuration information that single stack BNG is sent
Packaging method.
206, double stack SDN controllers send VxLAN tunnel configuration information to double stack vBNG.
Wherein, double stack SDN controllers include at least VxLAN into the VxLAN tunnel configuration information that double stack vBNG are sent and report
The de-encapsulation method of text.
207, list stack BNG and double stack vBNG establishes the tunnel VxLAN according to VxLAN tunnel configuration information.
208, list stack BNG obtains the IPv4 of double stack terminals by the tunnel VxLAN according to double stack addressing strategies from double stack vBNG
With the address information of IPv6.
After the message received removing VLAN and PPPoE heading is obtained PPP message by single stack BNG, visited according to double stacks
It asks strategy, PPP message is sent to double stack vBNG by the tunnel VxLAN.
As shown in figure 5, list stack BNG sends the process of message by the tunnel VxLAN to double stack vBNG are as follows: single stack BNG is by PPP
Message packaging V xLAN, UDP (English: User Datagram Protocol, Chinese: User Datagram Protocol) head and IPv4
After heading, by being sent to double stack vBNG after VxLAN Tunnel Passing IPv4 three-layer network.Double stack vBNG pass through the tunnel VxLAN
After receiving message, VxLAN, UDP and IPv4 are removed, the PPP message of stack terminal in pairs is restored.Double stack vBNG are whole
The PPP message for tying double stack terminals removes the PPP IPv4/IPv6 messages for restoring double stack terminals, thus for double stack terminal distributions
The address information of IPv4 and IPv6.The PPP message of mono-stack terminal it should be noted that list stack BNG can terminate removes PPP head
Restore the IPv4 message of mono-stack terminal, to distribute the address information of IPv4 for mono-stack terminal.
Wherein, the address information that double stack vBNG are the IPv4 and IPv6 of double stack terminal distributions can be the address IPv4 or address
Prefix and the address IPv6 or address prefix, and the allocation order of the address IPv4 and the address IPv6 is not required.
209, list stack BNG sends address information to double stack terminals.
210, double stack vBNG send accounting start request to double stack aaa servers.
The charging of double stack terminals will be since double stack terminals obtain first address, therefore, and single stack BNG is sent out to double stack terminals
After sending address information, double stack vBNG will send accounting start request to double stack aaa servers.Wherein, it is taken in accounting start request
The information such as mark and charging time started with double stack terminals.
211, double stack aaa servers start charging to double stack terminals.
212, double stack terminals send the network access request for carrying address information to single stack BNG.
213, list stack BNG judges the type of double stack terminals according to the address information that network access request carries.
In embodiments of the present invention, the access plan sent in access request stage, single stack BNG according to double stack aaa servers
After slightly determining terminal type, the corresponding relationship between the address information carried in terminal type and access request can store.This
Sample, in network dial-tone stage, single stack BNG can believe the address information carried in network access request and the address being locally stored
Breath compares, so that it is determined that terminal type.
214, when single stack BNG determines that terminal type is double stack terminals, single stack BNG passes through the tunnel VxLAN to double stack vBNG
Send network access request.
215, double stack vBNG send network access request to double stack CR.
Double stack vBNG send network access request to double stack CR, in order to which network access request is sent to accordingly by double stack CR
Backbone network.
It should be noted that as shown in figure 5, IPv4/IPv6 message is sent after double stack CR receive network access request
To backbone network.
216, when double stack terminals stop network access, double stack terminals send offline ask to double stack vBNG by list stack BNG
It asks.
217, double stack vBNG send charging ending request to double stack aaa servers.
218, double stack aaa servers send terminal offline information to double stack SDN controllers.
219, double stack SDN controllers send to single stack BNG and delete VxLAN tunnel configuration information.
220, double stack SDN controllers send to double stack vBNG and delete VxLAN tunnel configuration information.
221, double stack aaa servers stop the charging to double stack terminals.
After double stack terminals discharge all addresses, double stack aaa servers stop the charging to double stack terminals.
It should be noted that in order to reduce the time of double stack accessing terminal to network, the double stack terminals more for business are stopped
Only after network access, it can be left the tunnel VxLAN of its foundation, do not need to execute step 218 to step 220.
The method of accessing terminal to network provided in an embodiment of the present invention is compared to disposable upgrading replacement in the prior art
All devices, the present invention increases in existing network system to be supported double stack vBNG of IPv4 and IPv6, supports IPv4's and IPv6
Double stack CR, and support double stack aaa servers of IPv4 and IPv6.When double stack terminals need to access network or access network,
Single stack BNG and double stack vBNG carries out information exchange by the tunnel VxLAN, and double stack terminals is allow to pass through double stack vBNG and double stack CR
Network is accessed, and mutually indepedent with the process of mono-stack terminal access network or access network.In this way, since legacy network being transformed
It is less, a possibility that reducing failure risk in transformation process, and transformation when something goes wrong, will not influence original mono-stack terminal
Access to network, double stack terminals quickly switchback legacy network equipment can also execute original IPv4 network browsing process, keep away
Exempt from customs examination network service brings loss.
The embodiment of the present invention also provides a kind of system 30 of accessing terminal to network, as shown in fig. 6, the system 30 includes supporting
Double stack terminals 31 of IPv4 and IPv6, the single stack BNG32 for supporting IPv4, the double stack vBNG33 for supporting IPv4 and IPv6, are supported
Double stack CR34 of IPv4 and IPv6, and double stack aaa servers 35 of IPv4 and IPv6, single stack BNG32 is supported to be used for when single stack
When BNG32 receives the access request that double stack terminals 31 are sent, the corresponding double stacks of double stack terminals are obtained from double stack aaa servers 35
Access strategy, double stack addressing strategies access network for making double stack terminals pass through double stack vBNG;According to double stack addressing strategies, pass through
The tunnel VxLAN obtains the address information of the IPv4 and IPv6 of double stack terminals from double stack vBNG33;Address is sent to double stack terminals 31
Information, in order to which double stack terminals access network by address information;When the network access request for receiving double 31 transmissions of stack terminals
When, network access request is sent to double stack vBNG33 by the tunnel VxLAN, in order to which double stack vBNG are visited network by double stack CR
Ask that request is sent to backbone network.
In an implementation of the embodiment of the present invention, system 30 further includes supporting double stack SDN control of IPv4 and IPv6
Device 36 processed, single stack BNG32 are specifically used for sending terminal authentication request to double stack aaa servers.
Double stack aaa servers 35, the terminal authentication request sent for receiving single stack BNG32;When determining that terminal authentication asks
When asking corresponding to double stack terminals, double stack addressing strategies are sent to single stack BNG32;Double stack terminals are sent to double stack SDN controllers 36
Access information.
In an implementation of the embodiment of the present invention, double stack SDN controls 36 are for receiving double stack aaa servers
After the 35 double stack terminal access informations sent, VxLAN tunnel configuration information is sent to single stack BNG32 and double stack vBNG33, so as to
In single stack BNG and double stack vBNG according to VxLAN tunnel configuration information, the tunnel VxLAN is established for double stack terminals.
In an implementation of the embodiment of the present invention, double stack vBNG33 to double stack aaa servers 35 based on sending
Expense starts to request, in order to which double stack aaa servers start charging to double stack terminals;When the terminal for receiving single stack BNG32 transmission
Offline request when, to double stack aaa servers 35 send charging ending request, in order to double stack aaa servers stop to double stacks
The charging of terminal.
In an implementation of the embodiment of the present invention, double stack aaa servers 35 are also used to double stack SDN controllers 36
Send terminal offline information.
Double stack SDN controllers 36 are also used to send to single stack BNG32 and double stack vBNG33 and delete VxLAN tunnel configuration letter
Breath deletes the VxLAN established for double stack terminals in order to which single stack BNG and double stack vBNG is according to VxLAN tunnel configuration information is deleted
Tunnel.
The system of accessing terminal to network provided in an embodiment of the present invention is compared to disposable upgrading replacement in the prior art
All devices, the present invention increases in existing network system to be supported double stack vBNG of IPv4 and IPv6, supports IPv4's and IPv6
Double stack CR, and support double stack aaa servers of IPv4 and IPv6.When double stack terminals need to access network or access network,
Single stack BNG and double stack vBNG carries out information exchange by the tunnel VxLAN, and double stack terminals is allow to pass through double stack vBNG and double stack CR
Network is accessed, and mutually indepedent with the process of mono-stack terminal access network or access network.In this way, since legacy network being transformed
It is less, a possibility that reducing failure risk in transformation process, and transformation when something goes wrong, will not influence original mono-stack terminal
Access to network, double stack terminals quickly switchback legacy network equipment can also execute original I Pv4 network browsing process, keep away
Exempt from customs examination network service brings loss.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device reality
For applying example, since it is substantially similar to the method embodiment, so describing fairly simple, related place is referring to embodiment of the method
Part explanation.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (English: Read-Only Memory, referred to as: ROM) or random access memory (English:
Random Access Memory, referred to as: RAM) etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by those familiar with the art, all answers
It is included within the scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (10)
1. a kind of method of accessing terminal to network, which is characterized in that the system that the method is applied to accessing terminal to network, it is described
The system of accessing terminal to network include support internet protocol version 4IPv4 and internet protocol version 6IPv6 double stack terminals,
It supports single stack wideband network gateway BNG of IPv4, support double stack virtual broadband network gateway vBNG of IPv4 and IPv6, support
Double stack core router CR of IPv4 and IPv6, and support double stacks verifying authorization book keeping operation aaa server of IPv4 and IPv6, institute
The method of stating includes:
When the list stack BNG receives the access request that the double stack terminals are sent, the list stack BNG is from double stack AAA
Server obtains the corresponding double stack addressing strategies of double stack terminals, and double stack addressing strategies are for keeping double stack terminals logical
Cross double stack vBNG access networks;
The list stack BNG is according to double stack addressing strategies, by the virtual tunnel expansible local area network VxLAN from double stacks
VBNG obtains the address information of the IPv4 and IPv6 of double stack terminals;
The list stack BNG sends the address information to double stack terminals, in order to which double stack terminals pass through the address
Message reference network;
When the list stack BNG receives the network access request that double stack terminals are sent, the list stack BNG passes through described
The tunnel VxLAN sends the network access request to double stack vBNG, in order to which double stack vBNG pass through double stack CR
The network access request is sent to backbone network.
2. the method according to claim 1, wherein the system of the accessing terminal to network further includes supporting IPv4
With double stack software defined network SDN controllers of IPv6, the list stack BNG obtains double stacks from double stack aaa servers
The corresponding double stack addressing strategies of terminal, comprising:
The list stack BNG sends terminal authentication request to double stack aaa servers;
Double stack aaa servers receive the terminal authentication request;
If double stack aaa servers determine that the terminal authentication request corresponds to double stack terminals, double stack AAA services
Device sends double stack addressing strategies to the list stack BNG;
After double stack aaa servers send double stack addressing strategies to the list stack BNG, the method also includes:
Double stack aaa servers send double stack terminal access informations to double stack SDN controllers.
3. according to the method described in claim 2, it is characterized in that, being controlled in double stack aaa servers to double stack SDN
After device sends double stack terminal access informations, the method also includes:
After double stack SDN controllers receive double stack terminal access informations, double stack SDN controllers are to the list
Stack BNG and the double stack vBNG send VxLAN tunnel configuration information, in order to the list stack BNG and double stack vBNG according to
The VxLAN tunnel configuration information establishes the tunnel VxLAN for double stack terminals.
4. the method according to claim 1, wherein the address information is sent to institute in the list stack BNG
After stating double stack terminals, the method also includes:
Double stack vBNG send accounting start request to double stack aaa servers, in order to double stack aaa servers pair
Double stack terminals start charging;
After the network access request is sent to double stack vBNG by the tunnel VxLAN by the list stack BNG, institute
State method further include:
When double stack vBNG receive the offline request for the terminal that the list stack BNG is sent, double stack vBNG are to described
Double stack aaa servers send charging ending request, stop the meter to double stack terminals in order to double stack aaa servers
Take.
5. according to the method described in claim 4, it is characterized in that, sending meter to double stack aaa servers in the vBNG
After taking ending request, the method also includes:
Double stack aaa servers send terminal offline information to double stack SDN controllers;
Double stack SDN controllers send to the list stack BNG and double stack vBNG and delete VxLAN tunnel configuration information, with
Convenient for the list stack BNG and double stack vBNG according to the deletion VxLAN tunnel configuration information, delete as double stack terminals
The tunnel VxLAN of foundation.
6. a kind of system of accessing terminal to network, which is characterized in that the system comprises support internet protocol version 4IPv4 and
Double stack terminals of internet protocol version 6IPv6, support IPv4's and IPv6 at the single stack wideband network gateway BNG for supporting IPv4
Double stack virtual broadband network gateway vBNG support double stack core router CR of IPv4 and IPv6, and support IPv4 and IPv6
Double stacks verifying authorization book keeping operation aaa server, the list stack BNG is used to send out when the list stack BNG receives the double stack terminals
When the access request sent, the corresponding double stack addressing strategies of double stack terminals, double stacks are obtained from double stack aaa servers
Access strategy is for making double stack terminals access network by double stack vBNG;According to double stack addressing strategies, pass through
Believe from the address of double stack vBNG IPv4 and IPv6 for obtaining double stack terminals in the virtual tunnel expansible local area network VxLAN
Breath;The address information is sent to double stack terminals, in order to which double stack terminals access network by the address information;
When receiving the network access request that double stack terminals are sent, sent by the tunnel VxLAN to double stack vBNG
The network access request, in order to which the network access request is sent to backbone by double stack CR by double stack vBNG
Net.
7. system according to claim 6, which is characterized in that the system also includes support double stacks of IPv4 and IPv6 soft
Part defines network SDN controller, and the list stack BNG is specifically used for sending terminal authentication request to double stack aaa servers;
Double stack aaa servers, the terminal authentication request sent for receiving the list stack BNG;When determining that the terminal recognizes
When card request corresponds to double stack terminals, double stack addressing strategies are sent to the list stack BNG;To double stack SDN controllers
Send double stack terminal access informations.
8. system according to claim 7, which is characterized in that double stack SDN controls, for receiving double stacks
After double stack terminal access informations that aaa server is sent, the tunnel VxLAN is sent to the list stack BNG and double stack vBNG and is matched
Confidence breath, it is whole for double stacks in order to which the list stack BNG and double stack vBNG is according to the VxLAN tunnel configuration information
The tunnel VxLAN is established at end.
9. system according to claim 6, which is characterized in that double stack vBNG are used for double stack aaa servers
Accounting start request is sent, in order to which double stack aaa servers start charging to double stack terminals;When receiving the list
It is described to send charging ending request to double stack aaa servers when the offline request for the terminal that stack BNG is sent, in order to institute
State charging of double stack aaa servers stoppings to double stack terminals.
10. system according to claim 9, which is characterized in that double stack aaa servers are also used to double stacks
SDN controller sends terminal offline information;
Double stack SDN controllers are also used to send to the list stack BNG and double stack vBNG and delete VxLAN tunnel configuration
Information, in order to which the list stack BNG and double stack vBNG is according to the deletion VxLAN tunnel configuration information, it is described for deleting
The tunnel VxLAN that double stack terminals are established.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610891382.0A CN106506457B (en) | 2016-10-12 | 2016-10-12 | A kind of method and system of accessing terminal to network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610891382.0A CN106506457B (en) | 2016-10-12 | 2016-10-12 | A kind of method and system of accessing terminal to network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106506457A CN106506457A (en) | 2017-03-15 |
| CN106506457B true CN106506457B (en) | 2019-11-26 |
Family
ID=58295208
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610891382.0A Active CN106506457B (en) | 2016-10-12 | 2016-10-12 | A kind of method and system of accessing terminal to network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106506457B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109327375B (en) * | 2017-08-01 | 2021-04-30 | 中国电信股份有限公司 | Method, device and system for establishing VXLAN tunnel |
| CN109428780B (en) * | 2017-08-30 | 2022-05-06 | 中兴通讯股份有限公司 | Traffic monitoring scheduling method and device, server and storage medium |
| CN112243576B (en) | 2018-09-30 | 2022-02-18 | Oppo广东移动通信有限公司 | Information transmission method and device and communication equipment |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8875237B2 (en) * | 2007-10-31 | 2014-10-28 | Microsoft Corporation | Private network access using IPv6 tunneling |
| CN101848195A (en) * | 2009-03-27 | 2010-09-29 | 华为技术有限公司 | Light-weight dual-stack negotiation processing method and device, communication device and communication system |
| CN101707605A (en) * | 2009-11-20 | 2010-05-12 | 中国电信股份有限公司 | IPv4/ IPv6 protocol translation based IPSec crossing interconnection method |
| CN102938940A (en) * | 2012-11-02 | 2013-02-20 | 中兴通讯股份有限公司 | Wireless data terminal and method for supporting internet protocol version 4 (IPv4)/internet protocol version 6 (IPV6) double stacks |
| CN105049241B (en) * | 2015-06-29 | 2019-03-05 | 中国联合网络通信集团有限公司 | The method and system of accessing terminal to network |
-
2016
- 2016-10-12 CN CN201610891382.0A patent/CN106506457B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN106506457A (en) | 2017-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103580980B (en) | The method and device thereof that virtual network finds and automatically configures automatically | |
| CN101453399B (en) | Virtual network configuration method and apparatus | |
| CN105264835B (en) | Gre tunneling implementation method, access device and aggregation gateway | |
| CN104426680B (en) | Data transmission method, device and system | |
| US9264403B2 (en) | Virtualization platform | |
| CN104468368B (en) | Configure the method and device of bgp neighbor | |
| CN103067416A (en) | Virtual private cloud (VPC) access authentication method and correlation apparatus | |
| CN112688814B (en) | Equipment access method, device, equipment and machine readable storage medium | |
| US20090089431A1 (en) | System and method for managing resources in access network | |
| EP2547043B1 (en) | Method, apparatus and system for deploying layer 2 network device | |
| CN107493297B (en) | VxLAN tunnel access authentication method | |
| CN107800603B (en) | Intranet user accesses the method and storage medium of headend equipment based on VPN | |
| CN106506457B (en) | A kind of method and system of accessing terminal to network | |
| CN102571729A (en) | Internet protocol version (IPV)6 network access authentication method, device and system | |
| CN104144096A (en) | Virtual network layer construction method, device and system | |
| CN102136938A (en) | Method and device for providing user information for carried grade network address translation (CGN) equipment | |
| CN106789527A (en) | The method and system that a kind of private line network is accessed | |
| EP2901630A2 (en) | Method operating in a fixed access network and ues | |
| US20220030438A1 (en) | Bearer side network system, fixed-mobile coexistence and convergence system, and deployment method therefor | |
| CN104135446A (en) | System and method of implementing transition from IPv4 (Internet Protocol Version4) to IPv6 (Internet Protocol Version6) based on SDN (Software Defined Network) | |
| CN108418907A (en) | IP address distribution method and device | |
| CN101425963A (en) | Data service processing system and method | |
| CN107734037A (en) | A kind of NAS clusters and data access method | |
| CN112688817B (en) | Network service issuing method, system and device based on government affair cloud and storage medium | |
| CN107528788A (en) | Realize the method and apparatus stacked automatically between the network equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |