CN101282232A - Method, equipment and system for managing far-end apparatus - Google Patents
Method, equipment and system for managing far-end apparatus Download PDFInfo
- Publication number
- CN101282232A CN101282232A CNA2007100739757A CN200710073975A CN101282232A CN 101282232 A CN101282232 A CN 101282232A CN A2007100739757 A CNA2007100739757 A CN A2007100739757A CN 200710073975 A CN200710073975 A CN 200710073975A CN 101282232 A CN101282232 A CN 101282232A
- Authority
- CN
- China
- Prior art keywords
- access
- described network
- equipment
- address
- termination device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An embodiment of the invention relates to a remote device management method in the field of communication technique, a device and a system thereof. The method is applied for the system in which the management device communicates and is connected with the network terminal through a network access device. The method comprises the following steps: receiving a first access address of the network terminal which is reported by the network terminal by the management device; obtaining a second access address corresponding with the first access address of the network terminal by the management device from the network access device, wherein, the network access device retransmits the data corresponding with an address correspondence relationship between the first access address and the second access address; and transmitting management requirement by the management device to the network terminal with the obtained second access address. In the embodiment of the invention, the alternation of address information through the management device can reduce the risk that the network terminal is easily attacked because of stealing of address.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of remote equipment management method, equipment and system.
Background technology
(Digital Subscriber Line DSL) has obtained extensive use as a kind of broadband access technology to Digital Subscriber Line.Corresponding D SL networking structure as shown in Figure 1, mainly comprise: Automatic Configuration Server (Auto-Configuration Server, ACS), and as customer premises equipment, CPE (Customer Premises Equipment, CPE) (as IPTV) etc. of wideband network terminal (as gateway) or lan device.
The networking structure based on the DSL technology as shown in Figure 1 can be supported the realization that various broadband services are used, for example VoIP (IP-based voice), IPTV (Internet Protocol Television) etc.; Wherein, be the IP-based equipment that is combined to form of using or using at each broadband services as the CPE of IP application terminal, ACS is responsible for CPE is disposed automatically, to realize that need not the user is provided with CPE, just can guarantee the operate as normal of CPE; ACS specifically can use remote procedure call, and (Remote Procedure Call, method RPC) realizes the modification of CPE parameter and setting.
At present, in the DSL system, with digital subscriber line access multiplex (Digital SubscriberLine Access Multiplexer, DSLAM) CPE as wideband network terminal of Lian Jieing (as gateway) can be directly and ACS finish the process of automatic configuration and management, and be positioned at local area network (LAN) can be finished automatic configuration and management by coupled gateway and ACS as the CPE (as IPTV) of lan device process.
Wherein, in the prior art, art methods flow chart as shown in Figure 2, CPE sends to gateway with self access address (as ConnectionRequest URL) by dhcp message by the DHCP agreement; Gateway is after receiving the access address that CPE sends here, what generate this access address correspondence acts on behalf of access address (GatewayProxy ConnectionRequest URL), this is acted on behalf of access address and is used to offer ACS initiatively visits CPE from public network address (be gateway after receiving that correspondence that ACS sends from public network is acted on behalf of the HTTP Get request of access address, can be forwarded to automatically on the connection request URL of CPE); The access address of acting on behalf of that gateway will generate sends to CPE; CPE receive act on behalf of access address after, judge whether with before received consistent, if it is inconsistent then notify ACS by the Inform mode, like this, when ACS initiatively communicates with CPE at needs, use http protocol to send HTTP GET request to the access address of acting on behalf of of CPE correspondence, after this request arrived gateway, gateway was redirected to this request on the connection request URL of CPE automatically.CPE is after the HTTP Get request of receiving gateway forwards, through processes such as authentications, CPE determines and will communicate with ACS, then CPE will send response message to ACS in the mode of HTTP " 200 (OK) " or " 204 (No Content) " conditional code, CPE sets up CPE wide area network management agreement (CPE WAN ManagementProtocol, CWMP) session by Inform RPC method and ACS afterwards.Wherein, URL (Uniform Resource Locator) expression uniform resource locator.Wherein, HTTP (Hypertext Transfer Protocol) expression HTML (Hypertext Markup Language).
But, in such scheme, because CPE and gateway adopt the mutual connection request URL of local area network (LAN) internal agreement (as DHCP), these internal agreement message interactions are expressly mutual, and carry out with broadcast mode, be easy to obtain the connection request URL information of CPE, thereby it is under attack to make that CPE is easy to by the monitoring means.In addition, for the variation of the public network address of monitoring gateway, CPE must obtain gateway proxy connection request URL to gateway by the mode of periodic training, has increased the weight of the burden of CPE and gateway like this.
Summary of the invention
The embodiment of the invention provides a kind of remote equipment management method, management equipment communicates to connect by network access equipment and network-termination device, comprise: first access address of the described network-termination device that management equipment reception network-termination device reports, and obtain second access address of the first access address correspondence of described network-termination device from described network access equipment, wherein, described network access equipment is transmitted data according to the address corresponding relation of described first access address and described second access address; Second access address that the management equipment utilization obtains sends the management request to described network-termination device.
The embodiment of the invention also provides a kind of management equipment, and described management equipment is connected to network-termination device via network access equipment, and wherein, described management equipment comprises:
First acquiring unit is used for obtaining from described network-termination device the information of first access address that comprises described network-termination device;
Second acquisition unit, be used for obtaining second access address of the first access address correspondence of described network-termination device from described network access equipment, wherein, described network access equipment is transmitted data according to the address corresponding relation of described first access address and described second access address;
The management request unit is used for initiating the management request according to described second access address to described network-termination device.
The embodiment of the invention also provides a kind of remote equipment management system, and described system comprises: described system comprises: management equipment, communicate to connect by network access equipment and network-termination device, wherein,
Described management equipment, be used for obtaining first access address of described network-termination device from described network-termination device, obtain second access address of the first access address correspondence of described network-termination device from described network access equipment, utilize second access address that obtains to send the management request to described network-termination device; Described first access address is transmitted and/or is redirected in the described management request that described network access equipment will receive.
The embodiment of the invention also provides a kind of network access equipment, and this networking access device comprises:
Correspondence relation storage is used to store the address corresponding relation of second access address of first access address of described network-termination device and the described network-termination device of described management apparatus access;
The data forwarding unit is used for transmitting data according to the address corresponding relation of described address correspondence relation storage;
The address provides the unit, is used for providing second access address of the first access address correspondence of described network-termination device to described management equipment.
The technical scheme that is provided by the invention described above embodiment as can be seen, the embodiment of the invention mainly is first access address that obtains network-termination device by management equipment (Automatic Configuration Server or business configuration server or OSS), and obtain second access address of this first access address correspondence from network access equipment, utilize second access address that obtains to initiate the management request to described network-termination device.Because the agreement that interactive information adopts between management equipment and the network terminal and network access equipment has higher safety guarantee than the agreement (typical in DHCP) of the inner employing of local area network (LAN), access address information can be reduced the stolen network-termination device risk under attack easily that causes in address alternately by management equipment.
Description of drawings
Fig. 1 is a prior art DSL networking structure schematic diagram;
Fig. 2 is the art methods flow chart;
Fig. 3 is the method flow diagram of one embodiment of the invention;
Fig. 4 is the method flow diagram of another embodiment of the present invention;
Fig. 5 is the system block diagram of the embodiment of the invention.
Embodiment
The embodiment of the invention realized management equipment (as Automatic Configuration Server, business configuration server or OSS OSS) to the visit of the terminal equipment in the local area network (LAN), dispose, administer and maintain, can reduce the stolen network-termination device risk under attack easily that makes in the local area network (LAN) in address.
Access way in the embodiment of the invention includes but are not limited to following one or more combinations: cable/digital subscribers feeder (Cable/DSL) inserts, EPON (PON) inserts (comprising various types of PON), Internet protocol (IP) access, the coaxial twisted-pair feeder access of fiber mix, wireless access (as WAN, WiMax, WiFi) etc.Accordingly, the network access equipment of local area network (LAN) has map addresses (or conversion) function in the embodiment of the invention, can also have functions such as protocol conversion, includes but are not limited to: IP gateway, home gateway, PBX, radio network gateway etc.Accordingly, the management equipment of the embodiment of the invention can have carries out functions such as device parameter disposes, revises, administers and maintains to remote equipment, can be that independent community's (as Automatic Configuration Server, business configuration server etc.) also can be OSS (Operations Support System, OSS) functional unit in; The equipment that can manage includes but are not limited to equipment (as customer premises equipment, CPE) in wideband network terminal (as various gateways) or the local area network (LAN), and these equipment can be that the terminal equipment with fixed interface can be the terminal equipment of supporting wireless protocols and/or having wave point.
The remote equipment management method that the embodiment of the invention provides, the system that this method is used comprises management equipment, is coupled to network-termination device via network access equipment, wherein
First access address (as the access address ConnectionRequest URL of CPE) of the described network-termination device that management equipment reception network-termination device reports; Management equipment obtains second access address (as acting on behalf of access address GatewayProxy ConnectionRequest URL) of the first access address correspondence of described network-termination device from described network access equipment, wherein, described network access equipment is transmitted data according to the address corresponding relation of described first access address and described second access address; Second access address that the management equipment utilization obtains sends the management request to described network-termination device.
Wherein, incidence relation is set up in described network-termination device and described network access equipment exchange both sides' identify label.
Wherein, described method also comprises: the identify label of the identify label of the described network-termination device that management equipment relatively obtains from described network-termination device and the described network-termination device that obtains from described network access equipment, determine the incidence relation of described network-termination device and described network access equipment.
Wherein, described method also comprises: if described network access equipment does not have the address corresponding relation of described network-termination device, then set up corresponding address corresponding relation.
Wherein, management equipment determines that described network access equipment is not that described network-termination device is set up the address corresponding relation at described first address, and then first access address according to described network-termination device carries out the corresponding relation configuration of corresponding address to described network access equipment.
Wherein, described method also comprises: management equipment is carried out the corresponding relation configuration of corresponding address according to first access address of the described network-termination device that described network-termination device reports to described network access equipment.
Wherein, first access address of the described network-termination device that reports with described network-termination device of described management equipment upgrades the corresponding address corresponding relation in the described network access equipment.
Wherein, described management equipment is according to second address that the configuration of described network access equipment is obtained the first address correspondence of described network-termination device.
Wherein, first access address of management equipment described network-termination device that described network-termination device is reported sends to described network access equipment; And receive second access address of the first access address correspondence of the described network-termination device that described network access equipment returns.
Wherein, described management equipment comprises from the mode of acquired information between described network access equipment, the described network-termination device: adopt customer premises equipment, CPE wide area network management agreement and/or remote procedure call.
Below, further specify in conjunction with the technical scheme of example the embodiment of the invention.
In the scheme that embodiment below describes, ConnectionRequest URL represents the access address of customer premises equipment, CPE CPE, and this address is generally private net address, also can be public network address.We suppose that the IP address of CPE is 192.168.0.2, the access address ConnectionRequest URL of CPE is 192.168.0.2:1234/RemoteManagement, the private network side of the gateway that is connected with CPE (or local area network (LAN) LAN side) address is 192.168.0.1, and public network side (or wide area network WAN side) IP address is 202.96.123.124.
Embodiment one
In the present embodiment, (ACS) is example with Automatic Configuration Server, is used to CPE and gateway that configuration management function is provided.The technical scheme of present embodiment comprises: ACS obtains the access address ConnectionRequest URL of CPE; ACS is according to the GatewayProxyConnectionRequest URL of the access address ConnectionRequest URL correspondence of the CPE that the configuration of described network access equipment is obtained described network-termination device; Like this, when ACS initiatively communicates with CPE at needs, use http protocol to send HTTP GET request to the access address of acting on behalf of of CPE correspondence, after this request arrives gateway, gateway will ask to transmit or be redirected on the connection request URL of CPE automatically.CPE is after the HTTP GET of the ACS that receives gateway mapping request, subsequent step can adopt the communication between generalized flowsheet realization and the ACS, for example, through processes such as authentications, CPE determines and will communicate with ACS, then CPE will send response message to ACS in the mode of HTTP " 200 (OK) " or " 204 (No Content) " conditional code, and CPE sets up the CWMP session by Inform RPC method and ACS afterwards.
Referring to the method flow diagram that Figure 3 shows that the embodiment of the invention one.
Set up communication interaction both sides' identify label between step 301:CPE and the gateway, realize related.
Here, realize that by the DHCP agreement CPE is connected with gateway communication between CPE and the gateway, the realization association.Comprised both sides' identify label in the mutual DHCP message, wherein identify label can be the production number of device id, equipment etc.Gateway is by this step, can obtain the identify label (as the device id of CPE) of CPE, and the identify label of the CPE that preserve to obtain, wherein, gateway can add these information in the ManageableDevice table of gateway data model so that external equipment inquiry, management maintenance are provided.Simultaneously, CPE also can get access to the identify label (as the device id of gateway) of gateway by this step.
In addition, it should be noted that, if gateway did not have the access address ConnectionRequest URL of CPE originally, then the access address ConnectionRequest URL information of the CPE that preserves on the gateway this moment is for empty, do not issue gateway because CPE has this information is placed in the DHCP message.
Wherein, step 301 is an option, if because ACS does not need to determine the incidence relation of CPE and gateway in subsequent step, then can not need to exchange both sides' identity information.
Step 302:CPE and ACS connect, and CPE reports the access address ConnectionRequest URL of CPE to ACS; In addition, CPE can also report the identify label (as the ID of CPE) of CPE and the identify label (as the device id of gateway) of gateway to ACS.
Here, since on the CPE can by operator or equipment supplier preset ACS the address or, perhaps CPE can obtain the address of ACS by broadcast mode, or can initiatively obtain the address of ACS from network, therefore CPE can initiate to connect to ACS, ACS can use CPE wide area network management agreement by this connection, and (CPE WAN Management Protocol, CWMP) agreement is obtained the access address ConnectionRequest URL information of CPE.ACS can also obtain the id information of CPE ID and gateway by this connection simultaneously.In specific implementation, ACS can also obtain CPE by TR-069 RPC and go up ConnectionRequest URL information in the data model.
Step 303:ACS and gateway connect, and obtain the information that is associated with CPE from gateway.
Here, the identify label (as the device id of gateway) of the gateway that ACS reports according to CPE, connect with this gateway, use the CWMP agreement to obtain the information of the CPE associated therewith that the ManageableDevice table is preserved the gateway data model, comprise ID, the CPEConnectionRequest URL information of CPE from gateway.Wherein, as described in step 301, the access address ConnectionRequest URL information of the CPE that preserve on the gateway this moment is for empty, and then the ConnectionRequest URL information of ACS acquisition also is empty.
The incidence relation of this CPE and gateway is determined in the identify label (as the device id of CPE) of the CPE that step 304:ACS obtains from CPE and gateway more respectively.
Whether step 305:ACS relatively goes up consistent with the access address ConnectionRequest URL of the CPE that obtains from gateway from CPE, if unanimity then execution in step 305.1, otherwise commentaries on classics step 305.2.
Step 305.1:, determine that then gateway has been the access address ConnectionRequest URL implementation map addresses of this CPE if upward consistent with the access address ConnectionRequest URL of the CPE that obtains from gateway from CPE.
Here, according to address mapping relation, ACS use the CWMP agreement from gateway find gateway preserve the ConnectionReques URL (IP address and port) of (as the NAT table of gateway) corresponding act on behalf of access address (or public network side or wide area network WAN side) mapping address or mapped port, such as 4321 ports.Access address (ConnectionRequest URL) 192.168.0.2:1234/RemoteManagement that ACS determines CPE is in view of the above acted on behalf of access address (GatewayProxy ConnectionRequest URL) 202.96.123.124:4321/RemoteManagement by what gateway was mapped to public network side or wide area network WAN side.
Step 305.2: if the access address ConnectionRequest URL of the CPE that goes up and obtain from gateway from CPE is inconsistent, then determine to carry out port mapping, this moment in two kinds of situation:
1) if the access address ConnectionRequest URL of the CPE that obtains from gateway for empty, show that gateway does not have to carry out port mapping for the access address ConnectionRequest URL of this CPE, then ACS can pass through the CWMP method, sets up a port mapping according to IP address and port among the access address ConnectionRequest URL of CPE for this CPE.Then, ACS uses the ConnectionRequest URL that obtains from CPE to come the access address ConnectionRequest URL of this CPE that new gateway more preserves.For example with 4321 port mapping of gateway to 1234 ports of CPE, the access address of CPE (ConnectionRequest URL) 192.168.0.2:1234/RemoteManagement is acted on behalf of access address (GatewayProxy ConnectionRequest URL) 202.96.123.124:4321/RemoteManagement by what gateway was mapped to public network side or wide area network WAN side like this.
2) if the access address ConnectionRequest URL of the CPE that obtains from gateway for empty, illustrate that gateway formerly done port mapping for the old ConnectionRequest URL of this CPE, but because CPE has changed the ConnectionRequest URL of self, produced new ConnectionRequest URL, so ACS preserves at gateway according to IP address and port the old ConnectionRequest URL of the CPE that finds from gateway, as finding corresponding clauses and subclauses in the NAT table, and, refresh the content of these clauses and subclauses according to IP address and port information the new ConnectionRequest URL that obtains from CPE.Then, ACS uses the new ConnectionRequest URL that obtains from CPE to come the old ConnectionRequestURL of this CPE that new gateway more preserves.
For example:
The new ConnectionRequest URL that obtains from CPE is: 192.168.0.2:1234/RemoteManagement
The old ConnectionRequest URL of the CPE that obtains from gateway is: 192.168.0.5:5678/RemoteManagement
ACS finds corresponding clauses and subclauses according to IP address 192.168.0.5 and the port 5678 of the old ConnectionRequest URL of the CPE that obtains from gateway in the NAT table on gateway so, as
*: 4321->192.168.0.5:5678, (the IP address that the message that expression will be dealt into gateway WAN side 4321 ports is mapped to the LAN side is 5678 ports of 192.168.0.5)
Come the clauses and subclauses of more new-found NAT in showing according to the IP address 192.168.0.2 the new ConnectionRequest URL that obtains from CPE and port one 234 after the ACS, make into
*: 4321->192.168.0.2:1234, (the IP address that the message that sign will be dealt into gateway WAN side 4321 ports is mapped to the LAN side is 1234 ports of 192.168.0.2)
Like this, the access address of CPE (ConnectionRequest URL) 192.168.0.2:1234/RemoteManagement is acted on behalf of access address (GatewayProxy ConnectionRequest URL) 202.96.123.124:4321/RemoteManagement by what gateway was mapped to public network side or wide area network WAN side.
When step 306:ACS initiatively communicates with CPE at needs, use http protocol to act on behalf of access address GatewayProxy ConnectionRequest URL and send HTTP GET request to this.
ACS determine by above-mentioned steps CPE access address ConnectionRequest URL correspondence act on behalf of access address GatewayProxy ConnectionRequest URL.When ACS needs initiatively with the CPE communication, ACS sends HTTP GET request with http protocol to acting on behalf of access address GatewayProxy ConnectionRequestURL, gateway is after receiving this request, according to the address mapping relation of preserving on the gateway (as Network Address Translation, the clauses and subclauses of NAT table), automatically this request is mapped to the access address ConnectionRequest URL of CPE, promptly gateway will ask to transmit or be redirected on the access address ConnectionRequest URL of CPE automatically.CPE is after the HTTPGET request of receiving ACS, and subsequent step just can be continued to use the method realization of present TR-069 and the communication between the ACS.For example, through processes such as authentications, CPE determines and will communicate with ACS that then CPE will send response message to ACS in the mode of HTTP " 200 (OK) " or " 204 (No Content) " conditional code, and CPE sets up the CWMP session by Inform RPC method and ACS afterwards.
Wherein, the incidence relation of CPE and gateway can adopt the data model shown in the table 1 (or claiming the ManageableDevice table) to describe in the such scheme.Certainly, the description of the incidence relation of CPE and gateway is not limited only to the mode shown in the table 1, as long as comprise public network side address and CPE address corresponding relation, adopts that other form or increase/the minimizing option can.
Table 1
| Internet Gateway Device Management Server Manageable Device | Object | - | Preserved the information of the CPE related with gateway | - | 1.2 |
| Manufacturer UI | Length is the character string of 6 bytes | - | The unique identifier of CPE | - | 1.2 |
| Serial number | Length is the character string of 64 bytes | - | The product ID of CPE | - | 1.2 |
| Product Class | Length is the character string of 64 bytes | - | The device type of CPE | - | 1.2 |
| ConnectionRequest URL | Length is the character string of 256 bytes | The ConnectionRequest URL of CPE |
Embodiment two
In the present embodiment, (ACS) is example with Automatic Configuration Server, is used to CPE and gateway that configuration management function is provided.The technical scheme of present embodiment comprises: ACS obtains the address ConnectionRequest URL of CPE, and the address ConnectionRequest URL of this CPE offered gateway, be responsible for port mapping or the URL of the address ConnectionRequest URL of this CPE are redirected by gateway, be that gateway is behind the address ConnectionRequest URL that receives the CPE that ACS provides, if not for this CPE sets up the address corresponding relation, what then generate this ConnectionRequest URL correspondence acts on behalf of access address GatewayProxy ConnectionRequest URL; And this is acted on behalf of access address GatewayProxy ConnectionRequest URL feed back to ACS.
Referring to the method flow diagram that Figure 4 shows that the embodiment of the invention two.
Wherein step 301~step 304 is basic identical among step 401~step 404 and the embodiment one, does not repeat them here.Following mask body is introduced the difference part of present embodiment and embodiment one.
After step 405:ACS has established the incidence relation of CPE and gateway, will offer gateway from the identify label (as the device id of CPE) of CPE acquisition ConnectionRequest URL and CPE.
Here, AC S uses the CWMP agreement to send to gateway from the ConnectionRequest URL of CPE acquisition and the identify label (as the device id of CPE) of CPE.
Step 406: gateway is determined the address ConnectionRequest URL of CPE and mapping relations or the corresponding relation that the public network side is acted on behalf of access address GatewayProxy ConnectionRequest URL at identify label of receiving the CPE that ACS sends (as the device id of CPE) and ConnectionRequest URL.
Here, gateway is sought corresponding clauses and subclauses according to the identify label (as the device id of CPE) of CPE behind identify label of receiving the CPE that ACS sends (as the device id of CPE) and ConnectionRequest URL, comprise following two kinds of situations:
A) if do not find the body of CPE to set up the mapping relations or the corresponding relation of this equipment and gateway, then gateway is acted on behalf of access address GatewayProxy ConnectionRequest URL for the address ConnectionRequest URL generation correspondence of this CPE, and the access address ConnectionRequest URL of the identify label of CPE, CPE and the corresponding access address GatewayProxyConnectionRequest URL that acts on behalf of be saved in part sign (as the device id of CPE) in the table, show that gateway does not also have.
B), following two kinds of possibilities are arranged then if find the corresponding clauses and subclauses of identify label (as the device id of CPE) of CPE:
B-1) if the access address ConnectionRequest URL that access address ConnectionRequest URL in these clauses and subclauses and gateway are received is inequality, the access address ConnectionRequestURL that shows CPE changes, the gateway address ConnectionRequest URL information of CPE old in the ConnectionRequest URL information updating clauses and subclauses of receiving.
B-2) if the ConnectionRequest URL that the access address ConnectionRequest URL in these clauses and subclauses and gateway are received is identical, the access address ConnectionRequest URL that shows CPE does not change, and gateway does not need to refresh the access address ConnectionRequest URL information of the CPE in the clauses and subclauses.
Step 407: gateway feeds back to ACS with public network side address after having determined the mapping relations or corresponding relation of the address of CPE and public network side address.
Here, gateway can use the CWMP agreement that the public network side address GatewayProxy ConnectionRequest URL of the address ConnectionRequest URL correspondence of CPE is issued ACS.
ACS obtains to act on behalf of access address GatewayProxy ConnectionRequestURL by above-mentioned steps.
When step 408:ACS initiatively communicates with CPE at needs, use http protocol to act on behalf of access address GatewayProxy ConnectionRequest URL and send HTTP GET request to this.
After this request arrives gateway, according to address mapping relation (as the clauses and subclauses of NAT table), gateway will ask to transmit or be redirected on the address ConnectionRequest URL of CPE automatically.CPE is after the HTTP GET of the ACS that receives gateway mapping request, subsequent step can adopt the communication between generalized flowsheet realization and the ACS, for example, through processes such as authentications, CPE determines and will communicate with ACS, then CPE will send response message to ACS in the mode of HTTP " 200 (OK) " or " 204 (No Content) " conditional code, and CPE sets up the CWMP session by Inform RPC method and ACS afterwards.
Table 2
| CPE ID | GatewayProxy ConnectionRequest URL | ConnectionRequest URL |
| CPE1 ID | 202.96.123.124:4321 | 192.168.0.2:1234/RemoteManagement |
| CPE2 ID | 202.96.123.124:5678 | 192.168.0.6:6543/RemoteManagementDre1 |
| CPE3 ID | 202.96.123.124:8543 | 192.168.0.8:2645/RemoteManagementDre2 |
Table 3
| Internet Gateway Device Management Server Manageable Device | Object | - | Preserved the information of the CPE related with gateway | - | 1.2 |
| Manufacturer OUI | Length is the character string of 6 bytes | - | The unique identifier of CPE | - | 1.2 |
| Serial Number | Length is the character string of 64 bytes | - | The product ID of CPE | - | 1.2 |
| Product Class | Length is the character string of 64 bytes | - | The device type of CPE | - | 1.2 |
| ConnectionRequest URL | Length is the character string of 256 bytes | The ConnectionRequestURL of CPE | |||
| GatewayProxy ConnectionRequestURL | Length is the character string of 256 bytes | The GatewayProxyConnecti on RequestU RL of CPE |
In this embodiment, but shown in the corresponding relation reference table 2 of acting on behalf of access address GatewayProxy ConnectionRequest URL that the mapping of the access address ConnectionRequest URL of CPE and gateway generates on the gateway.Gateway is according to this corresponding relation, will be sent to the message mapping of acting on behalf of access address GatewayProxy ConnectionRequest URL or be redirected on the corresponding ConnectionRequest URL from what public network side (or wide area network WAN side) received.In addition, among the embodiment one, but the corresponding relation of acting on behalf of access address GatewayProxy ConnectionRequest URL that the mapping of the access address ConnectionRequest URL of CPE and gateway generates on the gateway is also shown in the reference table 2.
In this embodiment, can be with the access address of the network terminal and corresponding agency in the data model that access address adds gateway to so that the access queries of management equipment, management, maintenance, the gateway data model that ginseng is shown in Table 3 (or claiming the ManageableDevice table) is described.
System block diagram referring to the embodiment of the invention shown in Figure 5.
The embodiment of the invention also provides a kind of management equipment, communicates to connect by network access equipment and network-termination device, and wherein, this management equipment comprises:
First acquiring unit is used for obtaining from described network-termination device the information of first access address that comprises described network-termination device, and wherein, described network access equipment is transmitted data according to the corresponding relation of described first access address and described second access address;
Second acquisition unit is used for obtaining from described network access equipment second access address of the first access address correspondence of described network-termination device;
The management request unit is used for initiating the management request according to described second access address to described network-termination device.
Optionally, this management equipment also comprises:
The address configuration unit, first access address that is used for the described network-termination device that obtains according to described first acquiring unit carries out the corresponding relation configuration of corresponding address to described network access equipment;
Address acquisition unit is used for obtaining according to the configuration result of dispensing unit second access address of the first access address correspondence of described network-termination device.
Optionally, this address setting unit comprises:
The address updating block is used to upgrade described network access equipment address corresponding relation.
Optionally, this second acquisition unit comprises:
Sending module, first access address that is used for described network-termination device that described first acquiring unit is obtained sends to described network access equipment;
Receiver module is used to receive second access address of the first access address correspondence of the described network-termination device that described network access equipment returns.
Optionally, this management equipment also comprises:
Associative cell is used for more respectively the identify label of the described network-termination device that obtains from described network-termination device and described network access equipment, determines the incidence relation of described network-termination device and described network access equipment.
The embodiment of the invention also provides a kind of remote equipment management system, and this remote side administration system comprises: management equipment, be coupled to network-termination device via network access equipment, wherein,
This management equipment, be used for obtaining first access address of described network-termination device from described network-termination device, obtain second access address of the first access address correspondence of described network-termination device from described network access equipment, utilize described second access address to send the management request to described network-termination device;
This network access equipment is used for described management request forwarding that will receive and/or the network-termination device that is redirected to described first access address.
The embodiment of the invention also provides a kind of network access equipment, and this network access equipment is coupled to respectively on the network terminal facilities and administration equipment, wherein
Correspondence relation storage is used to store the address corresponding relation of second access address of first access address of described network-termination device and the described network-termination device of described management apparatus access;
The data forwarding unit is used for transmitting data according to the address corresponding relation of described correspondence relation storage;
The address provides the unit, is used for providing described second access address of the first access address correspondence of described network-termination device to described management equipment.
Wherein, the management equipment mentioned of the foregoing description includes but are not limited to: Automatic Configuration Server, business configuration server, OSS (OSS) etc.
Wherein, above-mentioned first access address of mentioning can be represented the access address of network-termination device, as the access address ConnectionRequest URL of CPE, what second access address can represent on the network access equipment that the access address ConnectionRequest URL with CPE has a corresponding relation acts on behalf of access address GatewayProxy ConnectionRequest URL.
The technical scheme that provides from the invention described above embodiment can reduces alternately the stolen network-termination device risk under attack easily that makes in the local area network (LAN) in address with the access address information of the access address information of network-termination device and network access equipment by management equipment as can be seen.In addition, the technical scheme that adopts the embodiment of the invention to provide does not need network access equipment (as gateway) is carried out training in rotation, can effectively alleviate the burden of network-termination device (CPE) and network access equipment (as gateway).
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (15)
1. a remote equipment management method is characterized in that, this method is applied to the system that management equipment communicates to connect by network access equipment and network-termination device, and this method comprises:
First access address of the described network-termination device that management equipment reception network-termination device reports;
Management equipment obtains second access address of the first access address correspondence of described network-termination device from described network access equipment, wherein, described network access equipment is transmitted data according to the address corresponding relation of described first access address and described second access address;
Second access address that the management equipment utilization obtains sends the management request to described network-termination device.
2. method according to claim 1 is characterized in that, described method also comprises:
Incidence relation is set up in described network-termination device and described network access equipment exchange both sides' identify label.
3. method according to claim 2 is characterized in that, described method also comprises:
The incidence relation of described network-termination device and described network access equipment is determined in the identify label of the identify label of the described network-termination device that management equipment relatively obtains from described network-termination device and the described network-termination device that obtains from described network access equipment.
4. method according to claim 1 is characterized in that, described method also comprises:
Described management equipment is carried out the corresponding relation configuration of corresponding address according to first access address of described network-termination device to described network access equipment.
5. according to any described method of claim 1 to 4, it is characterized in that described management equipment obtains second access address of the first access address correspondence of described network-termination device according to configuration result.
6. method according to claim 1 is characterized in that, first access address of the described network-termination device that described management equipment reports with described network-termination device upgrades the corresponding address corresponding relation in the described network access equipment.
7. according to any described method of claim 1 to 4, it is characterized in that described management equipment obtains the first access address correspondence of described network-termination device from described network access equipment the step of second access address specifically comprises:
Described management equipment obtains second address of the first address correspondence of described network-termination device from described network access equipment.
8. according to any described method of claim 1 to 4, it is characterized in that described management equipment obtains the first access address correspondence of described network-termination device from described network access equipment the step of second access address specifically comprises:
Management equipment sends to described network access equipment with first access address of the described network-termination device that described network-termination device reports;
Management equipment receives second access address of the first access address correspondence of the described network-termination device that described network access equipment returns.
9. a management equipment communicates to connect by network access equipment and network-termination device, it is characterized in that, described management equipment comprises:
First acquiring unit is used for obtaining from described network-termination device the information of first access address that comprises described network-termination device;
Second acquisition unit, be used for obtaining from described network access equipment second access address of the first access address correspondence of described network-termination device, wherein said network access equipment is transmitted data according to the corresponding relation of described first access address and described second access address;
The management request unit is used for initiating the management request according to described second access address to described network-termination device.
10. management equipment according to claim 9 is characterized in that, described second acquisition unit comprises:
Dispensing unit, first access address that is used for the described network-termination device that obtains according to described first acquiring unit carries out the corresponding relation configuration of corresponding address to described network access equipment;
Address acquisition unit is used for obtaining according to the configuration result of dispensing unit second access address of the first access address correspondence of described network-termination device.
11. management equipment according to claim 10 is characterized in that, described management equipment also comprises:
The address updating block is used to upgrade described network access equipment address corresponding relation.
12. management equipment according to claim 9 is characterized in that, described second acquisition unit comprises:
Sending module, first access address that is used for described network-termination device that described first acquiring unit is obtained sends to described network access equipment;
Receiver module is used to receive second access address of the first access address correspondence of the described network-termination device that described network access equipment returns.
13., it is characterized in that described management equipment also comprises according to claim 9 to 11,12 any described management equipments:
Associative cell is used for more respectively the identify label of the described network-termination device that obtains from described network-termination device and described network access equipment, determines the incidence relation of described network-termination device and described network access equipment.
14. a remote equipment management system, described system comprises: management equipment, communicate to connect by network access equipment and network-termination device, and it is characterized in that,
Described management equipment, be used for obtaining first access address of described network-termination device from described network-termination device, obtain second access address of the first access address correspondence of described network-termination device from described network access equipment, utilize described second access address to send the management request to described network-termination device;
Described network access equipment is used for described first access address is transmitted and/or is redirected in the described management request that receives.
15. a network access equipment is characterized in that, described networking access device comprises:
Correspondence relation storage is used to store the address corresponding relation of second access address of first access address of described network-termination device and the described network-termination device of described management apparatus access;
The data forwarding unit is used for transmitting data according to the described address corresponding relation of memory cell that concerns;
The address provides the unit, is used for providing described second access address of the first access address correspondence of described network-termination device to described management equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100739757A CN101282232A (en) | 2007-04-05 | 2007-04-05 | Method, equipment and system for managing far-end apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100739757A CN101282232A (en) | 2007-04-05 | 2007-04-05 | Method, equipment and system for managing far-end apparatus |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013102109199A Division CN103346899A (en) | 2007-04-05 | 2007-04-05 | Network terminal equipment managing method, network terminal equipment managing device and network terminal equipment managing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101282232A true CN101282232A (en) | 2008-10-08 |
Family
ID=40014527
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007100739757A Pending CN101282232A (en) | 2007-04-05 | 2007-04-05 | Method, equipment and system for managing far-end apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101282232A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101702718A (en) * | 2009-11-18 | 2010-05-05 | 中兴通讯股份有限公司 | Method and device for managing user terminal equipment |
| CN101902741A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Mobile terminal and network access method thereof |
| CN102571704A (en) * | 2010-12-24 | 2012-07-11 | 华为终端有限公司 | Management conversation initiating and notifying method, managed terminal and management server |
| CN101998684B (en) * | 2009-08-26 | 2014-05-21 | 中国移动通信集团公司 | Method, system and equipment for accessing terminal |
| CN104426701A (en) * | 2013-09-09 | 2015-03-18 | 鼎点视讯科技有限公司 | Device treatment method and system for cable modem terminal system (CMTS) |
| CN104821891A (en) * | 2009-11-23 | 2015-08-05 | 皇家Kpn公司 | Method and system for remote equipment management |
| CN105357332A (en) * | 2015-10-30 | 2016-02-24 | 北京数码视讯科技股份有限公司 | Network address translation method and device |
| CN106487864A (en) * | 2015-09-02 | 2017-03-08 | 华为终端(东莞)有限公司 | The method for building up of data cube computation, service end and mobile terminal |
| CN106888117A (en) * | 2017-02-15 | 2017-06-23 | 金钱猫科技股份有限公司 | A kind of method and system for obtaining network element IP |
| WO2017107827A1 (en) * | 2015-12-23 | 2017-06-29 | 阿里巴巴集团控股有限公司 | Method and apparatus for isolating environment |
| WO2017211235A1 (en) * | 2016-06-06 | 2017-12-14 | 中兴通讯股份有限公司 | Client device management method and system, automatic configuration server, and storage medium |
| CN111130901A (en) * | 2019-12-30 | 2020-05-08 | 京信通信系统(中国)有限公司 | Device management method, device, communication device and storage medium |
| WO2021018210A1 (en) * | 2019-07-30 | 2021-02-04 | 华为技术有限公司 | Communication method and electronic device |
| CN113038594A (en) * | 2021-04-14 | 2021-06-25 | 深圳市共进电子股份有限公司 | Network management registration method and device for MESH extended equipment |
-
2007
- 2007-04-05 CN CNA2007100739757A patent/CN101282232A/en active Pending
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101998684B (en) * | 2009-08-26 | 2014-05-21 | 中国移动通信集团公司 | Method, system and equipment for accessing terminal |
| CN101702718A (en) * | 2009-11-18 | 2010-05-05 | 中兴通讯股份有限公司 | Method and device for managing user terminal equipment |
| CN104821891B (en) * | 2009-11-23 | 2018-11-30 | 皇家Kpn公司 | method and system for remote device management |
| CN104821891A (en) * | 2009-11-23 | 2015-08-05 | 皇家Kpn公司 | Method and system for remote equipment management |
| CN101902741A (en) * | 2010-07-21 | 2010-12-01 | 中兴通讯股份有限公司 | Mobile terminal and network access method thereof |
| CN101902741B (en) * | 2010-07-21 | 2014-07-02 | 中兴通讯股份有限公司 | Mobile terminal and network access method thereof |
| CN102571704A (en) * | 2010-12-24 | 2012-07-11 | 华为终端有限公司 | Management conversation initiating and notifying method, managed terminal and management server |
| CN102571704B (en) * | 2010-12-24 | 2015-05-27 | 华为终端有限公司 | Management conversation initiating and notifying method, managed terminal and management server |
| CN104426701A (en) * | 2013-09-09 | 2015-03-18 | 鼎点视讯科技有限公司 | Device treatment method and system for cable modem terminal system (CMTS) |
| US10693967B2 (en) | 2015-09-02 | 2020-06-23 | Huawei Technologies Co., Ltd. | Data connection establishment method, server, and mobile terminal |
| CN106487864A (en) * | 2015-09-02 | 2017-03-08 | 华为终端(东莞)有限公司 | The method for building up of data cube computation, service end and mobile terminal |
| CN106487864B (en) * | 2015-09-02 | 2019-09-27 | 华为终端有限公司 | Method for building up, server-side and the mobile terminal of data connection |
| CN105357332A (en) * | 2015-10-30 | 2016-02-24 | 北京数码视讯科技股份有限公司 | Network address translation method and device |
| US10798218B2 (en) | 2015-12-23 | 2020-10-06 | Alibaba Group Holding Limited | Environment isolation method and device |
| CN106911648A (en) * | 2015-12-23 | 2017-06-30 | 阿里巴巴集团控股有限公司 | One kind is environmentally isolated method and apparatus |
| CN106911648B (en) * | 2015-12-23 | 2019-12-24 | 阿里巴巴集团控股有限公司 | Environment isolation method and equipment |
| WO2017107827A1 (en) * | 2015-12-23 | 2017-06-29 | 阿里巴巴集团控股有限公司 | Method and apparatus for isolating environment |
| WO2017211235A1 (en) * | 2016-06-06 | 2017-12-14 | 中兴通讯股份有限公司 | Client device management method and system, automatic configuration server, and storage medium |
| CN106888117A (en) * | 2017-02-15 | 2017-06-23 | 金钱猫科技股份有限公司 | A kind of method and system for obtaining network element IP |
| WO2021018210A1 (en) * | 2019-07-30 | 2021-02-04 | 华为技术有限公司 | Communication method and electronic device |
| CN111130901A (en) * | 2019-12-30 | 2020-05-08 | 京信通信系统(中国)有限公司 | Device management method, device, communication device and storage medium |
| WO2021136175A1 (en) * | 2019-12-30 | 2021-07-08 | 京信网络系统股份有限公司 | Device management method, apparatus, communication device, and storage medium |
| CN111130901B (en) * | 2019-12-30 | 2021-12-21 | 京信网络系统股份有限公司 | Device management method, device, communication device and storage medium |
| CN113038594A (en) * | 2021-04-14 | 2021-06-25 | 深圳市共进电子股份有限公司 | Network management registration method and device for MESH extended equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101282232A (en) | Method, equipment and system for managing far-end apparatus | |
| CN101222519B (en) | Remote activation of home devices | |
| US20160294575A1 (en) | System, Apparatus, and Method for Automatically Configuring Application Terminals in Home Network | |
| US8085808B2 (en) | Automatic configuration of network devices for network services | |
| CN101296203B (en) | Device, system and method for automatically configuring application terminal in family network | |
| US8321654B2 (en) | Methods for initial bootstrap during activation and initial configuration of user terminals in network | |
| CN100486176C (en) | Method for managing user side equipment through network address translation gateway | |
| US6058421A (en) | Method and system for addressing network host interfaces from a cable modem using DHCP | |
| US8543674B2 (en) | Configuration of routers for DHCP service requests | |
| CN104639413B (en) | The method and agent node of access net virtualization | |
| US20030208609A1 (en) | Automatic configuration of advanced services over DSL | |
| KR20070094768A (en) | Remote management method, a related auto configuration server, a related further auto configuration server, a related routing gateway and a related device | |
| CN101702718A (en) | Method and device for managing user terminal equipment | |
| CN105049888B (en) | A kind of wechat remotely pushes the implementation method of set top box program source | |
| CN101668049A (en) | Method and device for reporting address, method and device for establishing connection and communication system | |
| CN101783774A (en) | Network device connection method, system and device | |
| CN101552802A (en) | Information processing method, gateway and network system | |
| EP1881639B1 (en) | A method and system for cpecf (customer premises equipment configuration function) obtaining the terminal equipment information and configuring the terminal equipment | |
| CN100454828C (en) | Method for implementing terminal management in network equipment | |
| CN103346899A (en) | Network terminal equipment managing method, network terminal equipment managing device and network terminal equipment managing system | |
| CN106209416A (en) | A kind of discovery operation management ADOA system automatically | |
| CN103166771A (en) | Method and system for managing gateway and under hanging device | |
| CN101938458A (en) | Equipment management method, management equipment, proxy equipment and management system | |
| CN102201925A (en) | Management method of terminal equipment and agent equipment | |
| WO2009024064A1 (en) | Method of client accessing to third-party server, device and its system using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20081008 |