CN104993993A - Message processing method, device, and system - Google Patents

Message processing method, device, and system Download PDF

Info

Publication number
CN104993993A
CN104993993A CN201510243026.3A CN201510243026A CN104993993A CN 104993993 A CN104993993 A CN 104993993A CN 201510243026 A CN201510243026 A CN 201510243026A CN 104993993 A CN104993993 A CN 104993993A
Authority
CN
China
Prior art keywords
gre
user
message
access device
tunnel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510243026.3A
Other languages
Chinese (zh)
Other versions
CN104993993B (en
Inventor
唐亮
蒋维廉
韩涛
王滨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201510243026.3A priority Critical patent/CN104993993B/en
Publication of CN104993993A publication Critical patent/CN104993993A/en
Priority to PCT/CN2015/097553 priority patent/WO2016180020A1/en
Application granted granted Critical
Publication of CN104993993B publication Critical patent/CN104993993B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are a message processing method, device, and system. The method comprises: an access device establishes at least one tunnel between the access device and a CGN device; the access device receives a first data message transmitted from a first user end; the access device acquires a first user identifier corresponding to the first user end according to a mapping relation between user end addresses and user identifiers, and performs GRE encapsulation on the first data message to obtain a first GRE message carrying the first user identifier; the access device transmits the first GRE message to the CGN device via the at least one tunnel. The method, the device, and the system reduce tunnel resource expense, simplify a configuration process, and save system overhead and network resources.

Description

A kind of message processing method, equipment and system
Technical field
The present invention relates to networking technology area, particularly a kind of message processing method, equipment and system.
Background technology
Tunneling technique (Tunneling) is a kind of mode by using the infrastructure of internet to transmit data between networks.Such as, access in scene domestic consumer, traditional client side apparatus (CustomerPremise Equipment, CPE) DHCP (the Dynamic HostConfiguration Protocol of control plane is integrated with, DHCP), UPnP server (Universal Plug and PlayServer, UPnP server), TR069 agreement (Technical Report 069), network address translation (the Network Address Translation of subscriber management function and Forwarding plane, NAT), the functions such as routing forwarding, these functions integrated based on CPE hardware supports.When operator will dispose new business, such as be upgraded to sixth version Internet Protocol (Internet Protocol version 6, IPv6), need the upgrading magnanimity CPE being distributed in each family being carried out to software and hardware, cause the increase of equipment investment cost; The multifunctional unit of CPE, also result in the O&M of existing network and the increase of management cost simultaneously.For solving this problem, can the difference in functionality of CPE be decomposed on different equipment, such as, by control plane Function Decomposition to Broadband Remote Access Server (Broadband Remote Access Server, BRAS), now two layers of client-side device L2-CPE only need to provide two layers of basic forwarding capability, the customer flow of L2-CPE is encapsulated into different Generic Routing Encapsulation (Generic Routing Encapsulation by BRAS equipment, GRE) in, carrier class networks address transition (Carrier Grade NAT is sent to by tunnel, CGN) equipment.
But, the said method of prior art needs to configure an independently gre tunneling for each user side, at least there are the following problems for it: (1), for the user side of magnanimity, needs to arrange magnanimity gre tunneling and supports, add the expense of tunnel resource; (2) gre tunneling is static configuration, significantly can increase the configuration effort of client for mass users end; (3) magnanimity gre tunneling enables keep-alive (Keep alive) detection, adds overhead, and takies a large amount of Internet resources.
Summary of the invention
In view of this, embodiments provide a kind of message processing method, equipment and system, so that when mass users accesses, reduce the expense of tunnel resource.
The technical scheme that the embodiment of the present invention provides is as follows:
First aspect, a kind of message processing method, comprising:
Access device sets up at least one tunnel between CGN equipment;
Described access device receives the first data message that first user end sends;
Described access device obtains the first user end address that described first data message carries, according to the mapping relations of user side address and user ID, obtain the first user corresponding with described first user end address to identify, the first data message that described first user end sends is carried out GRE encapsulation, obtain a GRE message, a described GRE message carries described first user mark;
Described access device sends a described GRE message by described at least one tunnel to described CGN equipment.
In the first possible implementation of first aspect, the method also comprises:
Described access device receives the 2nd GRE message that described CGN equipment is sent by described at least one tunnel, described 2nd GRE message carries out GRE by described CGN equipment to the second data message that server mails to the second user side to encapsulate and obtain, and described 2nd GRE message carries the second user ID corresponding to described second user side;
2nd GRE message described in described access device deblocking, obtains described second data message;
Described access device sends described second data message to described second user side.
In conjunction with above-mentioned first aspect, or the first possible implementation of first aspect, in the implementation that the second of first aspect is possible, the GRE head of a described GRE message carries described first user mark.
In conjunction with above-mentioned first aspect, or any one possible implementation of first aspect, in the third possible implementation of first aspect, before sending a described GRE message by described at least one tunnel, the method also comprises: carry out internet protocol secure (English full name: Internet Protocol Security, english abbreviation: IPsec) protocol encapsulation to a described GRE message.
Second aspect, a kind of message processing method, described method is applied to CGN equipment, and comprise at least one tunnel set up by described access device between described CGN equipment and access device, described method comprises:
Described CGN equipment receives the GRE message that described access device is sent by described at least one tunnel, a described GRE message carries out GRE encapsulation by described access device to the first data message from first user end to obtain, and a described GRE message carries first user mark corresponding to described first user end;
A GRE message described in described CGN equipment deblocking, obtains described first data message;
Described CGN device-to-server sends described first data message.
In the first possible implementation of second aspect, the method also comprises:
Described CGN equipment receives the second data message that described server mails to the second user side;
Described CGN equipment obtains the address of described second user side, according to the mapping relations of user side address and user ID, obtain described second user ID that described second user side is corresponding, described second data message is carried out GRE encapsulation, obtain the 2nd GRE message, described 2nd GRE message carries described second user ID;
Described CGN equipment sends described 2nd GRE message by described at least one tunnel to described access device.
In conjunction with above-mentioned second aspect, or the first possible implementation of second aspect, in the implementation that the second of second aspect is possible, the GRE head of a described GRE message carries described first user mark.
In conjunction with the first possible implementation of above-mentioned second aspect, or the implementation that the second of second aspect is possible, in the third possible implementation of second aspect, before sending described 2nd GRE message by described at least one tunnel, the method also comprises: carry out IPsec encapsulation to described 2nd GRE message.
The third aspect, a kind of access device, comprises at least one tunnel between described access device and CGN equipment; Described access device comprises:
First receiving element, for receiving the first data message that first user end sends;
Processing unit, for obtaining the address of first user end from described first data message, according to the mapping relations of user side address and user ID, obtain the first user corresponding with described first user end to identify, described first data message is carried out Generic Routing Encapsulation GRE encapsulation, obtain a GRE message, a described GRE message carries described first user mark;
First transmitting element, for sending a described GRE message by described at least one tunnel to described CGN equipment.
In the first possible implementation of the third aspect, this access device also comprises: the second receiving element and the second transmitting element, wherein:
Described second receiving element, for receiving the 2nd GRE message that described CGN equipment is sent by described at least one tunnel, described 2nd GRE message carries out GRE by described CGN equipment to the second data message that server mails to the second user side to encapsulate and obtain, and described 2nd GRE message carries the second user ID corresponding to described second user side;
Described processing unit, for the 2nd GRE message described in deblocking and described second user ID, obtains described second data message;
Described second transmitting element, for sending described second data message to described second user side.
In conjunction with the above-mentioned third aspect, or the first possible implementation of the third aspect, in the implementation that the second of the third aspect is possible, the GRE head of a described GRE message carries described first user mark.
In conjunction with the above-mentioned third aspect, or any one possible implementation of the third aspect, in the third possible implementation of the third aspect, described processing unit, also for before sending a described GRE message by described at least one tunnel, IPsec encapsulation is carried out to a described GRE message.
Fourth aspect, a kind of CGN equipment, comprises at least one tunnel set up by described access device between described CGN equipment and access device; Described CGN equipment comprises:
First receiving element, for receiving the first Generic Routing Encapsulation GRE message that described access device is sent by described at least one tunnel, a described GRE message carries out GRE encapsulation by described access device to the first data message from first user end to obtain, and a described GRE message carries first user mark corresponding to described first user end;
Processing unit, for a GRE message described in deblocking, obtains described first data message;
First transmitting element, for sending described first data message to server.
In the first possible implementation of fourth aspect, this CGN equipment also comprises the second receiving element and the second transmitting element, wherein:
Described second receiving element, mails to the second data message of the second user side for receiving described server;
Described processing unit, for the mapping relations according to user side address and user ID, obtain second user ID corresponding with described second user side, described second data message is carried out GRE encapsulation, obtain the 2nd GRE message, described 2nd GRE message carries described second user ID;
Described second transmitting element, for sending described 2nd GRE message by described at least one tunnel to described access device.
In conjunction with above-mentioned fourth aspect, or the first possible implementation of fourth aspect, in the implementation that the second of fourth aspect is possible, the GRE head of a described GRE message carries described first user mark.
In conjunction with the first possible implementation of above-mentioned fourth aspect, or the implementation that the second of fourth aspect is possible, in the third possible implementation of fourth aspect, described processing unit, also for before sending described 2nd GRE message by described at least one tunnel, IPsec encapsulation is carried out to described 2nd GRE message.
5th aspect, a kind of message handling system, comprising:
The CGN equipment that any one possible implementation of the access device that any one possible implementation of the above-mentioned third aspect or the third aspect provides and above-mentioned fourth aspect or fourth aspect provides.
Pass through such scheme, the message processing method that the embodiment of the present invention provides, equipment and system, at least one tunnel between CGN equipment is set up by access device, described access device receives the first data message that first user end sends, the address of described first user end is obtained from described first data message, according to the mapping relations of user side address and user ID, obtain the first user corresponding with described first user end address to identify, the first data message that described first user end sends is carried out GRE encapsulation, obtain a GRE message, a described GRE message carries described first user mark, described access device sends a described GRE message by described at least one tunnel to described CGN equipment, accordingly, described CGN equipment receives and a GRE message described in deblocking, obtains described first data message, then sends described first data message to server.The method, apparatus and system of the application embodiment of the present invention, thus, during mass users access network, the expense of tunnel resource can be reduced, simplify layoutprocedure, save overhead and Internet resources.
Accompanying drawing explanation
Fig. 1 is the flow chart of the message processing method of first embodiment of the invention;
Fig. 2 is the schematic diagram of GRE heading form in prior art;
Fig. 3 is the first schematic diagram of GRE heading form in the embodiment of the present invention;
Fig. 4 is the second schematic diagram of GRE heading form in the embodiment of the present invention;
Fig. 5 is the schematic diagram in the embodiment of the present invention, GRE message being carried out to IPsec encapsulation;
Fig. 6 is the flow chart of the message processing method of second embodiment of the invention;
Fig. 7 is to the application scenarios flow chart of the embodiment of the present invention;
Fig. 8 is the access device structural representation of the embodiment of the present invention;
Fig. 9 is the access device hardware configuration schematic diagram of the embodiment of the present invention;
Figure 10 is the CGN device structure schematic diagram of the embodiment of the present invention;
Figure 11 is the CGN device hardware structural representation of the embodiment of the present invention;
Figure 12 is the system configuration schematic diagram of the embodiment of the present invention.
Embodiment
The embodiment of the present invention provides a kind of message processing method, equipment and system, accesses in the business scenario of networking to realize user, for mass users reduce tunnel resource expense, simplify layoutprocedure, save overhead and Internet resources.
Below by specific embodiment, be described in detail respectively.
For making goal of the invention of the present invention, feature, advantage can be more obvious and understandable, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly described, obvious the embodiments described below are only the present invention's part embodiments, and the embodiment of not all.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain under the prerequisite not making creative work, all belongs to the scope of protection of the invention.
Term " first ", " second ", " the 3rd " and " the 4th " etc. in the specification of the application and claims and accompanying drawing are for distinguishing different object, instead of for describing particular order.In addition, term " comprises " and " having " is not exclusive.Such as include the process of series of steps or unit, method, system, product or equipment and be not defined in the step or unit listed, the step or unit do not listed can also be comprised.
Fig. 1 is the flow chart of the message processing method of first embodiment of the invention, and as shown in Figure 1, the method can comprise:
S102, access device sets up at least one tunnel between CGN equipment.
For example, access device is the bridge between broadband access network and backbone network, basic access means and the management function of broadband access network are provided, access device is positioned at the edge of network, broadband inserting service is provided, realizes the convergence of multiple business and forwarding, the requirement of different user to transmission capacity and bandwidth availability ratio can be met.Exemplary, access device can be BRAS equipment; The basic function of CGN equipment is that inner private internet agreement (Internet Protocol, IP) address translation is become public network IP address; Tunnel style can be adopted between access device and CGN equipment to transmit.Like this, access device can set up at least one tunnel between carrier class networks address transition CGN equipment, and wherein every bar tunnel can carry the data message of multiple user.It should be noted that, set up a tunnel between access device and CGN equipment and just can support mass users.Certainly, optionally, also can set up the tunnel more than between access device and CGN equipment, such as, to build 2 tunnels, now, a tunnel can as main tunnel, and another is as over run tunnel, forms hot backup redundancy mechanism; Or 2 tunnels are main tunnel, carry out load balancing to mass users.
S104, described access device receives the first data message that first user end sends.
For example, access device can provide the management function of access function and broadband access network for user side.Therefore, the side of access device is for connecting multiple user side, thus access device can receive the first data message that first user end sends.Wherein the first data message is not limited, this first data message service request that can be user side transmit to server end or data flow.Exemplary, the first data message can comprise access network request message, access the request message of certain network address or data, uploading data message etc.
S106, described access device obtains the first user end address that described first data message carries, according to the mapping relations of user side address and user ID, obtain the first user corresponding with described first user end address to identify, the first data message that described first user end sends is carried out Generic Routing Encapsulation GRE encapsulation, obtain a GRE message, a described GRE message carries described first user mark.
For example, have a unique user ID for each user side, user ID is used for identifying user end, like this, can distinguish different user sides by user ID.Optionally, user ID can be that user side directly distributes when user opens an account by operator.Accordingly, on access device, set up the mapping relations having user side address and user ID.Wherein, optionally, user side address can comprise the IP address of user side.Described mapping relations can be periodically updated or real-time update by operator.Such as, increased a user side newly, when user side is opened an account, operator is that user side distributes unique user side mark, and meanwhile, this user side mark is updated in the mapping relations of access device by the mode upgraded by operator.Therefore, access device is after the first data message receiving the transmission of first user end, obtain the first user end address that described first data message carries, according to the mapping relations of user side address and user ID, obtain the first user corresponding with described first user end address and identify.Then, the first data message that described first user end sends is carried out GRE encapsulation, obtains a GRE message.Wherein, GRE agreement is applicable to the encapsulation of the IP datagram of being carried out tunnel transmission by internet.GRE can as layer 3 Tunnel protocol, for the data of any agreement provide transparent transmission channel.A described GRE message carries described first user mark.Wherein, GRE encapsulation is carried out to the first data message, and make a GRE message carry first user mark corresponding to the described first user end address of described acquisition.In the present embodiment, the particular location be identified in a GRE message for first user does not limit.Exemplary, this first user mark can be arranged in the heading of GRE, or is arranged in the payload of GRE message or other positions of GRE message, as long as ensure that a GRE message carries first user and identifies.
S108, described access device sends a described GRE message by described at least one tunnel to described CGN equipment.
For example, access device, after the encapsulation completing a GRE message, can send a described GRE message by least one tunnel to CGN equipment.Owing to carrying first user mark in a GRE message, first user mark may be used for identifying unique user side, and a tunnel can allow multiple GRE message to share.That is, a tunnel allows simultaneously or the GRE message of the multiple user side of nonsimultaneous transmission, and because GRE message carries user ID, therefore when sharing a nozzle outlet, multiple GRE message can not be obscured.
The message processing method that the present embodiment provides, at least one tunnel between CGN equipment is set up by access device, access device is when receiving the data message of user side and carry out GRE encapsulation, GRE message is made to carry user ID corresponding to the data message of described user side, the data message from different user is distinguished by user ID, multiple GRE message is allowed to share same tunnel, thus, during mass users access network, the expense of tunnel resource can be reduced, simplify layoutprocedure, save overhead and Internet resources.
Optionally, described access device receives the 2nd GRE message that described CGN equipment is sent by described at least one tunnel, described 2nd GRE message carries out GRE by described CGN equipment to the second data message that server mails to the second user side to encapsulate and obtain, and described 2nd GRE message carries the second user ID corresponding to described second user side.
For example, access device can receive the first data message from first user termination, is sent to CGN equipment after process, if such data flow is called up direction.So corresponding, access device also can from second data message of CGN equipment reception from server, and such data flow can be called down direction.Wherein the second data message is not limited, the described second data message service request response message that can be server transmit to user side or data flow.Exemplary, described second data message can comprise access network request response message, access the request response message of certain network address or data, downloading data message etc.Described access device receives the 2nd GRE message that described CGN equipment is sent by described at least one tunnel.Described 2nd GRE message carries out GRE encapsulation by described CGN equipment to the second data message from server to obtain.Accordingly, described 2nd GRE message carries the second user ID of corresponding described second data message.For down direction, in order to the GRE message allowing a tunnel can carry multiple user, the same procedure that in the first embodiment, S106 provides can be used, make GRE message carry the user ID corresponding with user side, thus distinguish the data message that will be sent to different user end according to user ID.2nd GRE message described in described access device deblocking, obtains described second data message, and the user side corresponding to described second data message sends described second data message.
In addition, optionally, in the process of the second data message described in the 2nd GRE Receive message described in access device deblocking, verification means can be increased.That is, according to the mapping relations of the user side address that access device is set up and user ID, the 2nd GRE message of deblocking can be verified.Detailed process is: the 2nd GRE message carries the second user ID, and access device, according to the mapping relations of the user side address that access device is set up and user ID, obtains corresponding second user side address by the second user ID.
Wherein it should be noted that: " the first data message " and " the second data message " in embodiment, only for distinguishing the direction of data flow, uses " the first data message " to represent the data flow flowing to server from user side; Use the data flow of " the second data message " expression from server flows to user side.
Optionally, the GRE head of a described GRE message carries described first user mark.Similarly, described second user ID of GRE head carrying of described 2nd GRE message.
Alternatively, in the above-described first embodiment, user ID can be arranged in GRE heading, or is arranged in the payload of GRE message or other positions of GRE message.Further alternative, such as user ID can be arranged in the reserved field of GRE heading or the Optional Field of GRE heading.Fig. 2 shows GRE heading form of the prior art, and Fig. 3 show schematically show a kind of GRE heading form of the embodiment of the present invention, and Fig. 4 show schematically show the another kind of GRE heading form of the embodiment of the present invention.
As shown in Figure 2, the GRE heading of prior art comprises cipher key field (Key Field), length is 32, cipher key field is used for verifying end to end the message of tunnel encapsulation, when " K " in GRE heading indicates that place value is 1, then the checking of channel recognition keyword (key K ey also can be described as keyword) is carried out at passage two ends in tunnel, just by checking when the identidication key only having two ends, tunnel to arrange is completely the same, otherwise dropping packets.Visible, cipher key field provides a kind of weak authentication scheme.In addition, GRE heading also comprises recursion control field and attribute field, and these two fields can be set to reserved field, thus, exemplary, described reserved field can be used to carry user ID.
For example, user ID can be arranged in the Optional Field of GRE heading, further, alternatively, cipher key field can be used to carry user ID.As shown in Figure 3, whole field carrying user ID of cipher key field can be used, form user identification field.Like this, the length of user identification field is 32, and user identification field may be used for mark 2 32-1 user.This means, a tunnel can hold 2 32first data message of-1 user side, that is, carries different family marks by the user identification field of GRE heading, allows 2 32-1 user uses same tunnel simultaneously, therefore uses a tunnel to get final product the requirement of satisfying magnanimity user, saves tunnel resource.
For example, as shown in Figure 4, also can use the part field carrying user ID of cipher key field, form user identification field.Such as, in cipher key field 16 can be used to carry user ID, the length of such user identification field is 16, and user identification field may be used for mark 2 16-1 user.This means, a tunnel can hold 2 16first data message of-1 user side, that is, carries different family marks by the user identification field of GRE heading, allows 2 16-1 user uses same tunnel simultaneously, therefore a tunnel is used to get final product the requirement of satisfying magnanimity user, save tunnel resource, and, because user identification field occupies the part field of cipher key field, therefore, high 16 bit positions of cipher key field still can keep original weak authentication scheme function.
It should be noted that, implementation illustrated in fig. 4 is only a kind of form of expression of the part field carrying user ID using cipher key field, should be appreciated that the position that user identification field takies in cipher key field does not limit, such as, user identification field is positioned at high 16; Meanwhile, the length that user identification field takies in cipher key field does not also limit, and such as, user identification field takies 24 or 8.
For example, the mode above by cipher key field carrying user ID can make 2 at most 32-1 user side shares a tunnel, and therefore setting up a tunnel can the demand of satisfying magnanimity user.Certainly, optionally, the tunnel more than can also be set up between access device and CGN equipment.Such as, to build 2 tunnels, now, a tunnel can as main tunnel, and another is as over run tunnel, forms hot backup redundancy mechanism; Or 2 tunnels are main tunnel, carry out load balancing to mass users.Wherein, the concrete mode many tunnels being shared to customer volume does not limit, exemplary, and the mode using many tunnels to share mass users amount can be understood as: when a tunnel at full capacity time (such as carry 2 32-1 user), use Article 2 tunnel to carry unnecessary user; Even if or customer volume does not reach at full capacity, many tunnels also can be used to share customer volume; Or there is multiple CGN equipment, at least one tunnel is set up respectively for each CGN equipment.First data message is entered to the implementation in which bar tunnel concrete: can determine that this first data message enters the tunnel arriving different CGN by the source address of parsing first data message and destination address.
Optionally, before sending a described GRE message by described at least one tunnel, IPsec encapsulation is carried out to a described GRE message.
For example, although have cipher key field in GRE heading, a kind of weak authentication scheme is provided.But from its realization mechanism, this weak authentication scheme can not be identified as a kind of encryption measures reliably.In fact, in the reciprocal process of user side and server, some data flow, such as video, voice data etc., may need to carry out certain encryption measures and ensure safety.IPsec packaged type can by carrying out authentication and encryption to each IP bag in data flow, for IP datagram provide high-quality, interoperable, based on the fail safe of cryptographic technique, therefore for the data flow needing encryption, IPsec can be utilized to encapsulate, ensure Information Security.As shown in Figure 5, before sending GRE message by described tunnel, IPsec encapsulation is carried out to described GRE message, like this, being encrypted encapsulation by the mode of carrying out IPsec encapsulation at GRE encapsulated message skin to needing the data flow of encryption, ensure that Information Security.
In the usual implementation not adopting embodiment of the present invention scheme, user side and server carry out in mutual process, need to configure an independently gre tunneling for each user side, but in current network Development, the integrated level of the network equipment improves constantly, customer volume also constantly promotes, so like this, when in the face of mass users end, as adopted above-mentioned common implementation, just need to arrange magnanimity gre tunneling to support, obviously the expense of tunnel resource is which increased, and, gre tunneling is static configuration, magnanimity gre tunneling significantly adds configuration effort amount, in addition, gre tunneling will use keep-alive detection method usually, keep-alive is started for magnanimity gre tunneling detect, taking of overhead and Internet resources must be increased, therefore, above-mentioned implementation cannot meet the demand that customer volume also constantly promotes.
In the technical scheme that the embodiment of the present invention provides, at least one tunnel between CGN equipment is set up by access device, access device is when receiving the first data message of user side and carry out GRE encapsulation, GRE message is made to carry user ID corresponding to the first data message of described user side, the first data message from different user end is distinguished by user ID, the GRE message of multiple user is allowed to share same tunnel, thus, can when there being mass users access network, reduce the expense of tunnel resource, simplify layoutprocedure, save overhead and Internet resources.
Fig. 6 is the flow chart of the message processing method of second embodiment of the invention, second embodiment of the invention is the angle from CGN equipment, message processing method is described, as shown in Figure 6, described method is applied to CGN equipment, comprises at least one tunnel set up by described access device between described CGN equipment and access device; Described method can comprise:
S602, described CGN equipment receives the GRE message that described access device is sent by described at least one tunnel, a described GRE message carries out GRE encapsulation by described access device to the first data message from first user end to obtain, and a described GRE message carries first user mark corresponding to described first user end.
For example, the effect of CGN equipment is that inner private IP address is translated into public network IP address, CGN equipment receives the GRE message that described access device is sent by described at least one tunnel, wherein, a described GRE message carries out GRE encapsulation by described access device to the first data message from first user end to obtain, and a described GRE message carries first user mark.One GRE message encapsulation, the implementation of carrying first user mark refer to corresponding description in the first embodiment.
S604, a GRE message described in described CGN equipment deblocking, obtains described first data message.
For example, a GRE message described in CGN equipment deblocking, obtains described first data message.In addition, optionally, in the process of the first data message described in a GRE Receive message described in CGN equipment deblocking, verification means can be increased, that is, can according to the mapping relations of the user side address that CGN equipment is set up and user ID, one GRE message of deblocking is verified, detailed process is: a GRE message carries first user mark, CGN equipment is according to described mapping relations, corresponding first user end address is obtained by first user mark, the user side address corresponding with the first data message in a GRE message of deblocking with the first user end address obtained by these mapping relations is compared, thus verify out this first data message be belong to first user end send the first data message.
S606, described CGN device-to-server sends described first data message.
For example, CGN equipment, after acquisition first data message, translates into public network IP address inner private IP address, and the first data message is sent to server, and the request according to the first data message is accessed accordingly to server.Wherein, the IP address translation of private network, by five-tuple (source IP address, object IP address, source port number, destination slogan, protocol number) information searching NAT forward conversational list, is become public network IP address by CGN.
The message processing method that the present embodiment provides, sets up at least one tunnel between CGN equipment by access device, carries user ID in the GRE message that CGN receives, thus allows the GRE message of multiple user to share same tunnel.Adopt this embodiment, when there being mass users access network, the expense of tunnel resource can being reduced, simplify layoutprocedure, save overhead and Internet resources.
Optionally, described CGN equipment receives the second data message that described server mails to the second user side; Described CGN equipment obtains the address of described second user side, according to the mapping relations of user side address and user ID, obtain described second user ID that described second user side is corresponding, described second data message is carried out GRE encapsulation, obtain the 2nd GRE message, described 2nd GRE message carries described second user ID; Described CGN equipment sends described 2nd GRE message by described at least one tunnel to described access device.
For example, CGN equipment receives the second data message that described server sends, according to aforementioned, second data message is downstream direction relative to the first data message, CGN is by five-tuple (source IP address, object IP address, source port number, destination slogan, protocol number) the reverse conversational list of information searching NAT, public network IP address is translated into the IP address of private network, CGN equipment is set up the mapping relations having user side address and user ID, wherein, optionally, user side address can comprise IP address, the information of described mapping relations can by operator's cycle or real-time update.According to mapping relations, CGN equipment obtains the described first user corresponding with described first user end and identifies, and described second data message is carried out GRE encapsulation, obtains the 2nd GRE message, described 2nd GRE message carries described second user ID; Described CGN equipment sends described 2nd GRE message by described at least one tunnel to described access device.Wherein, the second user ID carried to the encapsulation of the 2nd GRE message, the 2nd GRE message and referred to the corresponding description in the first embodiment by the detailed process that tunnel sends data.Same, the particular location of the second user ID in GRE message is not limited, exemplary, such as it can be arranged in GRE heading, or be arranged in message payload or other positions, as long as ensure that GRE message carries user ID, all can the present embodiment be realized.
Optionally, the GRE head of a described GRE message carries described first user mark.Similarly, described second user ID of GRE head carrying of described 2nd GRE message.
For example, GRE message refers to the corresponding description in the first embodiment by the specific implementation of GRE head carrying user ID, it has identical principle and technique effect, no longer repeats herein.
Optionally, before sending described 2nd GRE message by described at least one tunnel, IPsec encapsulation is carried out to described 2nd GRE message.
For example, carry out the principle of IPsec encapsulation and implementation to GRE message and refer to corresponding description in the first embodiment, it has identical principle and technique effect, no longer repeats herein.
Fig. 7 is to the application scenarios flow chart of the embodiment of the present invention, described application scenarios flow chart can perform the message processing method of above-mentioned first embodiment and/or the second embodiment, as shown in Figure 7, equipment in described application scenarios comprises: business device, two layers of client-side device L2-CPE, access device, CGN equipment, server, wherein, optionally, access device can be BRAS equipment, and server can be Internet server.Concrete, L2-CPE provides two layers of basic forwarding capability, L2-CPE downstream as user side connects multiple concrete business device, business device can be but be not limited to PC, intelligent mobile terminal, IPTV, the equipment such as intelligent security guard, the upstream of L2-CPE is connected to BRAS equipment by communication network (such as metropolitan area network Metro Network), BRAS equipment has shared control plane function (the such as user management of traditional integrated CPE, data retransmission), like this by hanging the management of the mode completing user end of L2-CPE under BRAS, BRAS equipment is connected to CGN equipment by communication network (such as core net Core Network), BRAS equipment sets up at least one tunnel between CGN equipment, CGN equipment connection Internet.It should be noted that, the L2-CPE shown in Fig. 7 is not limited, also can use traditional CPE in actual applications.
As shown in Figure 7, up direction process and down direction process can be divided into according to the flow direction of data, be described respectively for different data flow direction below, it should be noted that, when not carrying out specified otherwise, the Tunnel-occurred in the present embodiment is equal to the user ID in the present invention.
For up direction process.
S700, BRAS equipment receives the first data message that user 1 sends;
S702, BRAS equipment obtains the Tunnel-1 corresponding with user 1, and carry out GRE encapsulation to described first data message, obtain a GRE message, a described GRE message carries described Tunnel-1;
Wherein, described BRAS equipment is set up the mapping relations having user side address and Tunnel-.
S704, BRAS equipment sends a GRE message via gre tunneling;
S706, CGN equipment receives a GRE message via gre tunneling;
A GRE message described in S708, CGN equipment deblocking, obtains described first data message;
S710, CGN equipment sends the first data message to Internet.
For down direction process.
S720, CGN equipment receives the second data message that Internet sends;
S722, CGN equipment obtains the Tunnel-2 corresponding with user 2, and carry out GRE encapsulation to described second data message, obtain the 2nd GRE message, described 2nd GRE message carries described Tunnel-2;
Wherein, described CGN equipment is set up the mapping relations having user side address and Tunnel-.
S724, CGN equipment sends the 2nd GRE message via gre tunneling;
S726, BRAS equipment receives the 2nd GRE message via gre tunneling;
S728, the 2nd GRE message described in BRAS equipment deblocking, obtains described second data message;
S730, BRAS equipment sends the second data message to user 2.
BRAS equipment shown in Fig. 7 and CGN equipment to may be used for performing in previous embodiment access device and the corresponding steps performed by CGN equipment in method.At least one tunnel between CGN equipment is set up by access device, thus allow the GRE message of multiple user to share same tunnel, and then, when there being mass users access network, the expense of tunnel resource can being reduced, simplify layoutprocedure, save overhead and Internet resources.
Fig. 8 is the access device structural representation of the embodiment of the present invention, as shown in Figure 8, comprises at least one tunnel between access device and CGN equipment; Described access device comprises the first receiving element 802, processing unit 804 and the first transmitting element 806:
Described first receiving element 802, for receiving the first data message that first user end sends;
Described processing unit 804, for obtaining the address of first user end from described first data message, according to the mapping relations of user side address and user ID, obtain the first user corresponding with described first user end to identify, described first data message is carried out GRE encapsulation, obtain a GRE message, a described GRE message carries described first user mark;
Described first transmitting element 806, for sending a described GRE message by described at least one tunnel to described CGN equipment.
Optionally, described access device also comprises the second receiving element 808 and the second transmitting element 810.Described second receiving element 808, for receiving the 2nd GRE message that described CGN equipment is sent by described at least one tunnel, described 2nd GRE message carries out GRE by described CGN equipment to the second data message that server mails to the second user side to encapsulate and obtain, and described 2nd GRE message carries the second user ID corresponding to described second user side; Described processing unit 804, also for the 2nd GRE message described in deblocking and described second user ID, obtains described second data message; Described second transmitting element 810, for sending described second data message to described second user side.
Optionally, the GRE head of a described GRE message carries described first user mark.Similarly, described second user ID of GRE head carrying of described 2nd GRE message.
Optionally, described processing unit 804, also for before sending a described GRE message by described at least one tunnel, carries out IPsec encapsulation to a described GRE message.
Access device shown in Fig. 8 may be used for performing the corresponding steps in previous embodiment in method performed by access device.By comprising at least one tunnel between access device and CGN equipment, the GRE message of multiple user is allowed to share same tunnel, thus, when there being mass users access network, the expense of tunnel resource can being reduced, simplify layoutprocedure, save overhead and Internet resources.
Fig. 9 is the access device hardware configuration schematic diagram of the embodiment of the present invention, as shown in Figure 9, access device comprises processor 901, memory 902, interface 903 and bus 904, wherein interface 903 can be realized by wireless or wired mode, specifically can be such as network interface card (Network InterfaceCard, the element such as NIC), above-mentioned processor 901, memory 902 are connected by bus 904 with interface 903.
Described memory 902 is for program code stored, and optionally, program code can comprise operating system program and application program.
Described interface 903, for receiving the first data message that first user end sends;
Described processor 901, for obtaining the address of first user end from described first data message, according to the mapping relations of user side address and user ID, obtain the first user corresponding with described first user end to identify, described first data message is carried out GRE encapsulation, obtain a GRE message, a described GRE message carries described first user mark;
Described interface 903, also for sending a described GRE message by described at least one tunnel to described CGN equipment.
Optionally, described interface 903, also for receiving the 2nd GRE message that described CGN equipment is sent by described at least one tunnel, described 2nd GRE message carries out GRE by described CGN equipment to the second data message that server mails to the second user side to encapsulate and obtain, and described 2nd GRE message carries the second user ID corresponding to described second user side; Described processor 901, also for the 2nd GRE message described in deblocking and described second user ID, obtains described second data message; Described interface 903, also for sending described second data message to described second user side.
Optionally, the GRE head of a described GRE message carries described first user mark.Similarly, described second user ID of GRE head carrying of described 2nd GRE message.
Optionally, described processor 901, also for before sending a described GRE message by described at least one tunnel, carries out IPsec encapsulation to a described GRE message.
Access device shown in Fig. 9 may be used for performing the corresponding steps in previous embodiment in method performed by access device.By comprising at least one tunnel between access device and CGN equipment, the GRE message of multiple user is allowed to share same tunnel, thus, when there being mass users access network, the expense of tunnel resource can being reduced, simplify layoutprocedure, save overhead and Internet resources.
Figure 10 is the CGN device structure schematic diagram of the embodiment of the present invention, as shown in Figure 10, comprises at least one tunnel between access device and CGN equipment; Described CGN equipment comprises the first receiving element 1002, processing unit 1004 and the first transmitting element 1006:
Described first receiving element 1002, for receiving the GRE message that described access device is sent by described at least one tunnel, a described GRE message carries out GRE encapsulation by described access device to the first data message from first user end to obtain, and a described GRE message carries described first user mark corresponding to described first user end;
Described processing unit 1004, for a GRE message described in deblocking, obtains described first data message;
Described first transmitting element 1006, for sending described first data message to server.
Optionally, described CGN equipment comprises the second receiving element equipment further and also comprises the second receiving element 1008 and the second transmitting element 1010.Described second receiving element 1008, mails to the second data message of the second user side for receiving described server; Described processing unit 1004, also for the mapping relations according to user side address and user ID, obtain second user ID corresponding with described second user side, described second data message is carried out GRE encapsulation, obtain the 2nd GRE message, described 2nd GRE message carries described second user ID; Described second transmitting element 1010, for sending described 2nd GRE message by described at least one tunnel to described access device.
Optionally, the GRE head of a described GRE message carries described first user mark.Similarly, described second user ID of GRE head carrying of described 2nd GRE message.
Optionally, described processing unit 1004, also for before sending described 2nd GRE message by described at least one tunnel, carries out IPsec encapsulation to described 2nd GRE message.
CGN equipment shown in Figure 10 may be used for performing the corresponding steps in previous embodiment in method performed by CGN equipment.By comprising at least one tunnel between access device and CGN equipment, the GRE message of multiple user is allowed to share same tunnel, thus, when there being mass users access network, the expense of tunnel resource can being reduced, simplify layoutprocedure, save overhead and Internet resources.
Figure 11 is the CGN device hardware structural representation of the embodiment of the present invention, as shown in figure 11, access device comprises processor 1101, memory 1102, interface 1103 and bus 1104, wherein interface 1103 can be realized by wireless or wired mode, specifically can be such as network interface card (NetworkInterface Card, the element such as NIC), above-mentioned processor 1101, memory 1102, interface 1103 are connected by bus 1104.
Described memory 1102 is for program code stored, and optionally, program code can comprise operating system program and application program.
Described interface 1103, for receiving the GRE message that described access device is sent by described at least one tunnel, a described GRE message carries out GRE encapsulation by described access device to the first data message from first user end to obtain, and a described GRE message carries described first user mark corresponding to described first user end;
Described processor 1101, for a GRE message described in deblocking, obtains described first data message;
Described interface 1103, also for sending described first data message to server.
Optionally, described interface 1103, mails to the second data message of the second user side for receiving described server; Described processor 1101, also for the mapping relations according to user side address and user ID, obtain second user ID corresponding with described second user side, described second data message is carried out GRE encapsulation, obtain the 2nd GRE message, described 2nd GRE message carries described second user ID; Described interface 1103, also for sending described second data message to described second user side.
Optionally, the GRE head of a described GRE message carries described first user mark.Similarly, described second user ID of GRE head carrying of described 2nd GRE message.
Optionally, described processor 1101, also for before sending described 2nd GRE message by described at least one tunnel, carries out IPsec encapsulation to described 2nd GRE message.
CGN equipment shown in Figure 11 may be used for performing the corresponding steps in previous embodiment in method performed by CGN equipment.By comprising at least one tunnel between access device and CGN equipment, the GRE message of multiple user is allowed to share same tunnel, thus, when there being mass users access network, the expense of tunnel resource can being reduced, simplify layoutprocedure, save overhead and Internet resources.
Figure 12 is the system configuration schematic diagram of the embodiment of the present invention, and as shown in figure 12, described system comprises access device and CGN equipment.This system can perform the technical scheme of the first embodiment and the second embodiment, and it realizes principle and technique effect is similar, repeats no more herein.
One of ordinary skill in the art will appreciate that the possible implementation of various aspects of the present invention or various aspects can be embodied as system, method or computer program.Therefore, the possible implementation of each aspect of the present invention or various aspects can adopt complete hardware embodiment, completely software implementation (comprising firmware, resident software etc.), or the form of the embodiment of integration software and hardware aspect, is all referred to as " circuit ", " module " or " system " here.In addition, the possible implementation of each aspect of the present invention or various aspects can adopt the form of computer program, and computer program refers to the computer readable program code be stored in computer-readable medium.
Computer-readable medium can be computer-readable signal media or computer-readable recording medium.Computer-readable recording medium is including but not limited to electronics, magnetic, optics, electromagnetism, infrared or semiconductor system, equipment or device, or it is aforesaid appropriately combined arbitrarily, as random access memory (English full name: Random access memory, english abbreviation: RAM), read-only memory (English full name: Read-only memory, english abbreviation: ROM), Erasable Programmable Read Only Memory EPROM ((English full name: Erasable programmable read only memory, english abbreviation: EPROM) or flash memory), optical fiber, portable read-only memory (English full name: Compact discread-only memory, english abbreviation: CD-ROM).
Processor in computer reads the computer readable program code be stored in computer-readable medium, makes processor can perform the function action specified in the combination of each step or each step in flow charts; Generate the device implementing the function action specified in the combination of each block of block diagram or each piece.
Computer readable program code can perform completely on the local computer of user, part performs on the local computer of user, as independent software kit, part on the local computer of user and part on the remote computer, or to perform on remote computer or server completely.Also it should be noted that in some alternate embodiment, in flow charts in each step or block diagram each piece the function that indicates may not according to occurring in sequence of indicating in figure.Such as, depend on involved function, in fact two steps illustrated in succession or two blocks may be executed substantially concurrently, or these blocks sometimes may be performed by with reverse order.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.

Claims (17)

1. a message processing method, is characterized in that, described method comprises:
Access device sets up at least one tunnel between carrier class networks address transition CGN equipment;
Described access device receives the first data message that first user end sends;
Described access device obtains the first user end address that described first data message carries, according to the mapping relations of user side address and user ID, obtain the first user corresponding with described first user end address to identify, the first data message that described first user end sends is carried out Generic Routing Encapsulation GRE encapsulation, obtain a GRE message, a described GRE message carries described first user mark;
Described access device sends a described GRE message by described at least one tunnel to described CGN equipment.
2. method according to claim 1, is characterized in that, also comprises:
Described access device receives the 2nd GRE message that described CGN equipment is sent by described at least one tunnel, described 2nd GRE message carries out GRE by described CGN equipment to the second data message that server mails to the second user side to encapsulate and obtain, and described 2nd GRE message carries the second user ID corresponding to described second user side;
2nd GRE message described in described access device deblocking, obtains described second data message;
Described access device sends described second data message to described second user side.
3. method according to claim 1 and 2, is characterized in that, the GRE head of a described GRE message carries described first user mark.
4. the method according to any one of claim 1-3, is characterized in that, before sending a described GRE message by described at least one tunnel, the method also comprises: carry out internet protocol secure IPsec protocol encapsulation to a described GRE message.
5. a message processing method, is characterized in that, described method is applied to carrier class networks address transition CGN equipment, comprises at least one tunnel set up by described access device between described CGN equipment and access device; Described method comprises:
Described CGN equipment receives the first Generic Routing Encapsulation GRE message that described access device is sent by described at least one tunnel, a described GRE message carries out GRE encapsulation by described access device to the first data message from first user end to obtain, and a described GRE message carries first user mark corresponding to described first user end;
A GRE message described in described CGN equipment deblocking, obtains described first data message;
Described CGN device-to-server sends described first data message.
6. method according to claim 5, is characterized in that, also comprises:
Described CGN equipment receives the second data message that described server mails to the second user side;
Described CGN equipment obtains the address of described second user side, according to the mapping relations of user side address and user ID, obtain described second user ID that described second user side is corresponding, described second data message is carried out GRE encapsulation, obtain the 2nd GRE message, described 2nd GRE message carries described second user ID;
Described CGN equipment sends described 2nd GRE message by described at least one tunnel to described access device.
7. the method according to claim 5 or 6, is characterized in that, the GRE head of a described GRE message carries described first user mark.
8. the method according to claim 6 or 7, is characterized in that, before sending described 2nd GRE message by described at least one tunnel, the method also comprises: carry out internet protocol secure IPsec protocol encapsulation to described 2nd GRE message.
9. an access device, is characterized in that, comprises at least one tunnel between described access device and carrier class networks address transition CGN equipment; Described access device comprises:
First receiving element, for receiving the first data message that first user end sends;
Processing unit, for obtaining the address of first user end from described first data message, according to the mapping relations of user side address and user ID, obtain the first user corresponding with described first user end to identify, described first data message is carried out Generic Routing Encapsulation GRE encapsulation, obtain a GRE message, a described GRE message carries described first user mark;
First transmitting element, for sending a described GRE message by described at least one tunnel to described CGN equipment.
10. access device according to claim 9, is characterized in that, also comprises the second receiving element and the second transmitting element, wherein:
Described second receiving element, for receiving the 2nd GRE message that described CGN equipment is sent by described at least one tunnel, described 2nd GRE message carries out GRE by described CGN equipment to the second data message that server mails to the second user side to encapsulate and obtain, and described 2nd GRE message carries the second user ID corresponding to described second user side;
Described processing unit, also for the 2nd GRE message described in deblocking and described second user ID, obtains described second data message;
Described second transmitting element, for sending described second data message to described second user side.
11. access devices according to claim 9 or 10, is characterized in that, the GRE head of a described GRE message carries described first user mark.
12. access devices according to any one of claim 9-11, it is characterized in that, described processing unit, also for before sending a described GRE message by described at least one tunnel, carries out internet protocol secure IPsec protocol encapsulation to a described GRE message.
13. 1 kinds of carrier class networks address transition CGN equipment, is characterized in that, comprise at least one tunnel set up by described access device between described CGN equipment and access device; Described CGN equipment comprises:
First receiving element, for receiving the first Generic Routing Encapsulation GRE message that described access device is sent by described at least one tunnel, a described GRE message carries out GRE encapsulation by described access device to the first data message from first user end to obtain, and a described GRE message carries first user mark corresponding to described first user end;
Processing unit, for a GRE message described in deblocking, obtains described first data message;
First transmitting element, for sending described first data message to server.
14. CGN equipment according to claim 13, is characterized in that, also comprise the second receiving element and the second transmitting element, wherein,
Described second receiving element, mails to the second data message of the second user side for receiving described server;
Described processing unit, also for the mapping relations according to user side address and user ID, obtain second user ID corresponding with described second user side, described second data message is carried out GRE encapsulation, obtain the 2nd GRE message, described 2nd GRE message carries described second user ID;
Described second transmitting element, for sending described 2nd GRE message by described at least one tunnel to described access device.
15. CGN equipment according to claim 13 or 14, is characterized in that, the GRE head of a described GRE message carries described first user mark.
16. CGN equipment according to claims 14 or 15, it is characterized in that, described processing unit, also for before sending described 2nd GRE message by described at least one tunnel, carries out internet protocol secure IPsec protocol encapsulation to described 2nd GRE message.
17. 1 kinds of message handling systems, is characterized in that, comprise the access device according to any one of claim 9-12 and the CGN equipment according to any one of claim 13-16.
CN201510243026.3A 2015-05-13 2015-05-13 A kind of message processing method, equipment and system Active CN104993993B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510243026.3A CN104993993B (en) 2015-05-13 2015-05-13 A kind of message processing method, equipment and system
PCT/CN2015/097553 WO2016180020A1 (en) 2015-05-13 2015-12-16 Message processing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510243026.3A CN104993993B (en) 2015-05-13 2015-05-13 A kind of message processing method, equipment and system

Publications (2)

Publication Number Publication Date
CN104993993A true CN104993993A (en) 2015-10-21
CN104993993B CN104993993B (en) 2018-06-15

Family

ID=54305749

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510243026.3A Active CN104993993B (en) 2015-05-13 2015-05-13 A kind of message processing method, equipment and system

Country Status (2)

Country Link
CN (1) CN104993993B (en)
WO (1) WO2016180020A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016180020A1 (en) * 2015-05-13 2016-11-17 华为技术有限公司 Message processing method, device and system
CN108667695A (en) * 2017-09-06 2018-10-16 新华三技术有限公司 A kind of BRAS turns the backup method and device of control separation
CN111490923A (en) * 2017-06-16 2020-08-04 华为技术有限公司 Message encapsulation method, device and system based on BRAS (broadband remote Access Server) system
CN112887211A (en) * 2021-01-26 2021-06-01 北京树米网络科技有限公司 Internet protocol message data forwarding system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112188301B (en) * 2019-07-04 2022-07-22 中国电信股份有限公司 Communication method, apparatus, system, terminal, and computer-readable storage medium
CN112217909A (en) * 2019-07-11 2021-01-12 奇安信科技集团股份有限公司 Data forwarding method and data forwarding device based on session
CN113965910B (en) * 2021-11-17 2024-03-15 交控科技股份有限公司 Redundant networking architecture for vehicle-ground communication

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101128013A (en) * 2006-08-14 2008-02-20 华为技术有限公司 A switching method for access gateway in mobile communication system
CN101325557A (en) * 2008-07-25 2008-12-17 华为技术有限公司 Method, system and apparatus for sharing tunnel load
CN102546362A (en) * 2010-12-20 2012-07-04 中兴通讯股份有限公司 Message processing method, message processing system and customer premises equipment
CN102546407A (en) * 2011-12-29 2012-07-04 中兴通讯股份有限公司 Message sending method and device
CN102624935A (en) * 2011-01-26 2012-08-01 华为技术有限公司 Method, device and system for forwarding packet
US20130083691A1 (en) * 2011-10-04 2013-04-04 Juniper Networks, Inc. Methods and apparatus for a self-organized layer-2 enterprise network architecture

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104993993B (en) * 2015-05-13 2018-06-15 华为技术有限公司 A kind of message processing method, equipment and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101128013A (en) * 2006-08-14 2008-02-20 华为技术有限公司 A switching method for access gateway in mobile communication system
CN101325557A (en) * 2008-07-25 2008-12-17 华为技术有限公司 Method, system and apparatus for sharing tunnel load
CN102546362A (en) * 2010-12-20 2012-07-04 中兴通讯股份有限公司 Message processing method, message processing system and customer premises equipment
CN102624935A (en) * 2011-01-26 2012-08-01 华为技术有限公司 Method, device and system for forwarding packet
US20130083691A1 (en) * 2011-10-04 2013-04-04 Juniper Networks, Inc. Methods and apparatus for a self-organized layer-2 enterprise network architecture
CN102546407A (en) * 2011-12-29 2012-07-04 中兴通讯股份有限公司 Message sending method and device

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016180020A1 (en) * 2015-05-13 2016-11-17 华为技术有限公司 Message processing method, device and system
CN111490923A (en) * 2017-06-16 2020-08-04 华为技术有限公司 Message encapsulation method, device and system based on BRAS (broadband remote Access Server) system
CN111490923B (en) * 2017-06-16 2021-10-01 华为技术有限公司 Message encapsulation method, device and system based on BRAS (broadband remote Access Server) system
US11606223B2 (en) 2017-06-16 2023-03-14 Huawei Technologies Co., Ltd. Broadband remote access server (BRAS) system-based packet encapsulation
US11909551B2 (en) 2017-06-16 2024-02-20 Huawei Technologies Co., Ltd. Broadband remote access server (BRAS) system-based packet encapsulation
CN108667695A (en) * 2017-09-06 2018-10-16 新华三技术有限公司 A kind of BRAS turns the backup method and device of control separation
CN108667695B (en) * 2017-09-06 2020-12-29 新华三技术有限公司 Backup method and device for BRAS transfer control separation
CN112887211A (en) * 2021-01-26 2021-06-01 北京树米网络科技有限公司 Internet protocol message data forwarding system

Also Published As

Publication number Publication date
WO2016180020A1 (en) 2016-11-17
CN104993993B (en) 2018-06-15

Similar Documents

Publication Publication Date Title
CN104993993A (en) Message processing method, device, and system
JP6619894B2 (en) Access control
WO2018040529A1 (en) Message processing method, device and system
CN106878199B (en) Configuration method and device of access information
US9654394B2 (en) Multi-tenant system, switch, controller and packet transferring method
CN105939239B (en) Data transmission method and device of virtual network card
CN103812960A (en) Network address translation for application of subscriber-aware services
ES2758779T3 (en) Broadband network system and its implementation procedure
CN110166414B (en) Communication method, device and system
CN107046506B (en) Message processing method, flow classifier and service function example
US20150381563A1 (en) Relay system for transmitting ip address of client to server and method therefor
EP3720075B1 (en) Data transmission method and virtual switch
CN109495594B (en) Data transmission method, PNF SDN controller, VNF SDN controller and system
CN106161225A (en) For processing method, the Apparatus and system of VXLAN message
CN109450905A (en) Transmit the method and apparatus and system of data
US10177973B2 (en) Communication apparatus, communication method, and communication system
WO2016107269A1 (en) Device and method for data transmission in virtual extensible local area network
CN104219160A (en) Method and device for generating input parameter
WO2016074478A1 (en) Method and device for identifying service chain path, and service chain
CN113472625B (en) Transparent bridging method, system, equipment and storage medium based on mobile internet
CN112422397B (en) Service forwarding method and communication device
CN111917650B (en) Method, equipment and system for determining Generic Routing Encapsulation (GRE) tunnel identifier
JP5992115B2 (en) Method for controlling simultaneous access to data generated by a device coupled to a mobile system coupled to a CPE
TW201517654A (en) Transmission path control system
US8036218B2 (en) Technique for achieving connectivity between telecommunication stations

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant