CN105472048A

CN105472048A - Address allocating method, information aggregation method and related equipment

Info

Publication number: CN105472048A
Application number: CN201410334643.XA
Authority: CN
Inventors: 阎锋; 李军
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2014-07-14
Filing date: 2014-07-14
Publication date: 2016-04-06
Anticipated expiration: 2034-07-14
Also published as: CN105472048B

Abstract

An embodiment of the invention discloses an address allocating method, an information aggregation method and related equipment. The address allocating method comprises the steps of receiving a first request by a dynamic host configuration protocol server, wherein the first request is forwarded by network equipment and is transmitted by a client for requesting network address allocation, and the first request carries the destination identity identification of the client, and the destination identity identification of the client is inserted by the network equipment; determining an address segment which corresponds with the destination identity identification of the client by the dynamic host configuration protocol server, and allocating a network address for the client by the dynamic host configuration protocol server according to the address segment which corresponds with the destination identity identification of the client, wherein the network address allocated to the client belongs to the address segment which corresponds with the destination identity identification of the client. The address allocating method, the information aggregation method and the related equipment have advantages of reducing the number of items for storing a correspondence between the network address and the destination identity identification in the network equipment, saving storage resource of the equipment, and realizing simple storage.

Description

A kind of address distribution method, information aggregation method and relevant device

Technical field

The present invention relates to networking technology area, particularly relate to a kind of address distribution method, information aggregation method and relevant device.

Background technology

Along with the development of network technology, information security seems more and more important, usually client-based target identities mark network security control can be carried out, target identities mark can be secure group belonging to client, namely be the client with same target identify label be belong to same secure group, in the security strategy that the client executing of same secure group is identical.Policy control performs primarily of the network equipment, the corresponding relation between the network address of all clients and identify label is stored in a network equipment, after a data message arrives this network equipment, the network equipment is according to the identify label of the client that the network address in this data message obtains and this network address is corresponding, and in data message, inserting the identify label of client, other network equipments perform network security policy based on this identify label.

Usually, it is (English: DynamicHostConfigurationProtocol that DynamicHost arranges agreement, abbreviation: DHCP) network address of server-assignment client is Random assignment, therefore the network equipment is between storing client network address and target identities and identifying during corresponding relation, the corresponding relation of each network address and identify label is needed to enumerate out, this method can produce the list item that a large amount of network addresss and target identities identify corresponding relation when client is more, waste device storage resource, storage complexity is high.

Summary of the invention

The embodiment of the present invention provides a kind of address distribution method, information aggregation method and relevant device, the network address with the client of same target identify label is at an address field, therefore can reduce storage networking address and target identities in the network equipment and identify the list item of corresponding relation, save device storage resource, store simple.

Embodiment of the present invention first aspect provides a kind of address distribution method, can comprise:

First request of the request dispatching network address that the client that DynamicHost arranges the forwarding of the protocol server reception network equipment sends, the target identities mark of the described client inserted by the described network equipment is carried in described first request;

Described DynamicHost arranges protocol server and determines the address field corresponding with the target identities mark of described client, described DynamicHost arrange protocol server according to and address field corresponding to the target identities mark of described client be described client distribution network address, wherein, the network address distributed for described client belongs to the address field corresponding with the target identities mark of described client.

Based on first aspect, in the first execution mode of first aspect, described DynamicHost arranges protocol server and determines the address field corresponding with the target identities mark of described client, comprising:

If described DynamicHost arranges protocol server for the target identities mark of described client is assigned with corresponding address field, and have the unallocated network address in the address field of described correspondence of having distributed for the target identities mark of described client, then corresponding with the target identities of described client mark address field for described in be the address field of the correspondence of the target identities mark distribution of described client;

If all network addresss are all distribution network addresses in the address field of described correspondence of having distributed for the target identities mark of described client, or described DynamicHost arranges protocol server not yet for the target identities mark of described client distributes corresponding address field, then described DynamicHost arranges protocol server and arranges at described DynamicHost for the target identities of described client identifies new allocation address section in the ALARA Principle network address of protocol server, using this new allocation address section as and address field corresponding to the target identities mark of described client.

Based on the first feasible execution mode of first aspect, in the execution mode that the second of first aspect is feasible, described DynamicHost arranges protocol server and to arrange at described DynamicHost in the ALARA Principle network address of protocol server as the target identities of described client identifies new allocation address section, comprising:

If there is not distribution network address in the described ALARA Principle network address, described DynamicHost arranges protocol server and the address field that the set of all ALARA Principle network addresss is formed is defined as the address field corresponding with the described target identities mark of described client.

Based on the execution mode that the second of first aspect is feasible, in the third feasible execution mode of first aspect, described DynamicHost arranges protocol server and to arrange at described DynamicHost in the ALARA Principle network address of protocol server as the target identities of described client identifies new allocation address section, also comprises:

If there is distribution network address in the described ALARA Principle network address, described DynamicHost arranges protocol server and determines the continuous unallocated network address the longest in the described ALARA Principle network address, and the longest described continuous unallocated network address is divided into the first address field and the second address field, wherein the first address field is made up of the unallocated network address of partial continuous in the longest described continuous unallocated network address, second address field is made up of the continuous unallocated network address in the longest described continuous unallocated network address except described first address field, described first address field with belong to described in the address of distribution network of identify label corresponding to the longest continuous unallocated network address adjacent,

Described DynamicHost arranges protocol server and described second address field is defined as described new allocation address section.

Based on the first feasible execution mode of first aspect, in the 4th kind of feasible execution mode of first aspect, described DynamicHost arranges protocol server and to arrange at described DynamicHost in the ALARA Principle network address of protocol server as the target identities of described client identifies new allocation address section, comprising:

According to default size, described DynamicHost is arranged for the target identities of described client identifies new allocation address section in protocol server arranges in the ALARA Principle network address of protocol server except the allocation address section network address at described DynamicHost, and the size of described new allocation address section equals described default size.

Second aspect present invention provides a kind of information aggregation method, can comprise:

The network equipment receives the first request of the request dispatching network address that the first client sends, and described first request comprises medium access control (English: mediaaccesscontrol, the abbreviation: MAC) address of described first client;

The described network equipment is according to the mapping table of the MAC Address prestored and identify label, and the described network equipment is searched the target identities corresponding with the MAC Address of described first client and identified as first object identify label;

Described first object identify label is inserted in described first request by the described network equipment, to obtain the second request;

The described network equipment forwards described second request to server;

The described network equipment obtains the first network address distributed for described first client according to described first object identify label that described server sends.

Based on second aspect, in the first feasible execution mode of second aspect, the described network equipment also comprises after obtaining the first network address distributed for described first client according to described first object identify label that described server sends:

What the described network equipment obtained that described server sends is designated according to the second target identities the second network address that the second client distributes, described second target identities is designated according to target identities mark corresponding with the MAC Address of described second client in described mapping table, and described second target identities mark is identical with the value of described first object identify label;

Described first network address and described second network address are divided into a classification according to described second target identities mark and described first object identify label by the described network equipment, wherein, the value of the target identities mark that the MAC Address of client belonging to the all-network address in described classification is corresponding in described mapping table is identical;

The network address in described classification is polymerized, to obtain a subnet prefix by the described network equipment;

The described network equipment sets up the corresponding relation list item between described first object identify label and described subnet prefix.

Based on the first feasible execution mode of second aspect, in the execution mode that the second of second aspect is feasible, described method also comprises:

The described network equipment is by the network address polymerization in described classification, obtain subnet set, described subnet set comprises subnet prefix, all elements in described subnet set covers the all-network address in described classification, and all elements in described subnet set does not cover any network address except the all-network address in described classification;

The described network equipment sets up the corresponding relation list item in described first object identify label and described subnet set between each element.

Third aspect present invention provides a kind of DynamicHost to arrange protocol server, can comprise:

First receiver module, for receiving the first request of the request dispatching network address of the client that the network equipment forwards, the target identities mark of the described client inserted by the described network equipment is carried in described first request;

Determine distribution module, for determining the address field corresponding with the target identities mark of described client, the address field corresponding according to the target identities mark with described client is described client distribution network address, wherein, the network address distributed for described client belongs to the address field corresponding with the target identities mark of described client.

Based on the third aspect, in the first feasible execution mode of the third aspect, if for the target identities mark of described client is assigned with corresponding address field, and have the unallocated network address in the address field of described correspondence of having distributed for the target identities mark of described client, then described determine distribution module also for determine the address field corresponding with the target identities of described client mark for described in the address field of correspondence that distributed for the target identities mark of described client;

If all network addresss are all distribution network addresses in the address field of described correspondence of having distributed for the target identities mark of described client, or described Dynamic Host Configuration Protocol server is not yet that the target identities mark of described client distributes corresponding address field, then described determine distribution module also in the ALARA Principle network address of described Dynamic Host Configuration Protocol server for the target identities of described client identifies new allocation address section, using this new allocation address section as and address field corresponding to the target identities mark of described client.

Based on the first feasible execution mode of the third aspect, in the execution mode that the second of the third aspect is feasible, determining distribution module if described also for there is not distribution network address in the described ALARA Principle network address, the address field that the set of all ALARA Principle network addresss is formed being defined as the address field corresponding with the described target identities mark of described client.

Based on the execution mode that the second of the third aspect is feasible, in the third feasible execution mode of the third aspect;

If there is distribution network address in the described ALARA Principle network address, describedly determine distribution module also for determining the continuous unallocated network address the longest in the described ALARA Principle network address, and the longest described continuous unallocated network address is divided into the first address field and the second address field, wherein the first address field is made up of the unallocated network address of partial continuous in the longest described continuous unallocated network address, second address field is made up of the continuous unallocated network address in the longest described continuous unallocated network address except described first address field, described first address field with belong to described in the address of distribution network of identify label corresponding to the longest continuous unallocated network address adjacent,

Describedly determine distribution module also for described second address field is defined as described new allocation address section.

Based on the first feasible execution mode of the third aspect, in the 4th kind of feasible execution mode of the third aspect, described determine distribution module also for, according to default size, target identities for described client in the network address in the ALARA Principle network address of described server except allocation address section identifies new allocation address section, and the size of described new allocation address section equals described default size.

Fourth aspect present invention provides a kind of network equipment, can comprise:

Second receiver module, for receiving the first request of the request dispatching network address that the first client sends, described first request comprises the MAC Address of described first client;

Search module, the MAC Address prestored for basis and identify label mapping table, the described network equipment is searched the target identities corresponding with the MAC Address of described first client and is identified as first object identify label;

Insert module, for described first object identify label being inserted in described first request, to obtain the second request;

Forwarding module, for forwarding described second request to server;

Acquisition module, for obtaining the first network address distributed for described first client according to described first object identify label that described server sends.

Based on fourth aspect, in the first feasible execution mode of fourth aspect;

Described acquisition module is also designated according to the second target identities the second network address that the second client distributes for what obtain that described server sends, described second target identities is designated according to target identities mark corresponding with the Media Access Control address of described second client in described mapping table, and described second target identities mark is identical with the value of described first object identify label;

The described network equipment also comprises division module, described division module is used for, according to described second target identities mark and described first object identify label, described first network address and described second network address are divided into a classification, wherein, the value of the target identities mark that the MAC Address of client belonging to the all-network address in described classification is corresponding in described mapping table is identical;

The described network equipment also comprises aggregation module, and described aggregation module is used for the network address polymerization in described classification, to obtain a subnet prefix;

The described network equipment also comprises sets up module, and described module of setting up is for setting up the corresponding relation list item between described first object identify label and described subnet prefix.

Based on the first feasible execution mode of fourth aspect, in the execution mode that the second of fourth aspect is feasible, the described network equipment also comprises:

Described aggregation module is also for being polymerized the network address in described classification, obtain subnet set, described subnet set comprises subnet prefix, all elements in described subnet set covers the all-network address in described classification, and all elements in described subnet set does not cover any network address except the all-network address in described classification;

Describedly set up module also for setting up the corresponding relation list item in described first object identify label and described subnet set between each element.

In the embodiment of the present invention, DynamicHost arranges the first request that protocol server receives network equipment forwarding, the target identities mark of the client that the network equipment inserts is carried in this first request, DynamicHost arranges protocol server and determines the address field corresponding with the target identities mark of client, and the address field corresponding according to the target identities mark of client is client distribution network address, the network address distributed belongs to the address field of the target identities mark correspondence of this client, in the embodiment of the present invention, for the client with common identity mark distributes the network address belonging to same address field, be convenient to the network equipment when storage networking address and target identities identify corresponding relation, the network address can be carried out being polymerized rear storage, thus reduce corresponding relation list item, save device storage resource.

Accompanying drawing explanation

In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

Fig. 1 is the schematic flow sheet of a kind of address distribution method that the embodiment of the present invention provides;

Fig. 2 is the schematic flow sheet of a kind of address field defining method that the embodiment of the present invention provides;

Fig. 3 is the schematic flow sheet of the method for a kind of new allocation address section that the embodiment of the present invention provides;

Fig. 4 is the schematic flow sheet of a kind of information aggregation method that the embodiment of the present invention provides;

Fig. 5 is the schematic flow sheet of a kind of network address polymerization that the embodiment of the present invention provides;

Fig. 6 is the schematic flow sheet of the another kind of network address polymerization that the embodiment of the present invention provides;

Fig. 7 is a kind of network address allocation scenarios figure that the embodiment of the present invention provides;

Fig. 8 is the another kind of network address allocation scenarios figure that the embodiment of the present invention provides;

Fig. 9 is the structural representation of a kind of Dynamic Host Configuration Protocol server that the embodiment of the present invention provides;

Figure 10 is the structural representation of a kind of network equipment that the embodiment of the present invention provides;

Figure 11 is the structural representation of the another kind of Dynamic Host Configuration Protocol server that the embodiment of the present invention provides;

Figure 12 is the structural representation of the another kind of network equipment that the embodiment of the present invention provides.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, clearly describe the technical scheme in the embodiment of the present invention, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.

Address distribution method described in the embodiment of the present invention, information aggregation method and relevant device can be applied in network security policy control, concrete, the identify label of client can identify secure group belonging to this client, different clients may belong to identical secure group, also different secure group may be belonged to, therefore the identify label of two different clients may be identical, also may be different, namely the security strategy that client executing in identical secure group is identical is the identical security strategy of client executing with common identity mark.In the network device, store the list item of the corresponding relation between the network address of each client and identify label, and the security strategy that the client executing controlling to belong to same secure group is identical.In order to reduce the quantity of the corresponding relation list item in the network equipment between the network address and identify label, can when for client distribution network address, the network address belonging to an address field is distributed by the client with common identity mark, the network equipment is when storage networking address and identify label corresponding relation, store after first the network address can being polymerized, thus reduce corresponding relation list item.The method that concrete implementation method can adopt the embodiment of the present invention to provide.

Please refer to Fig. 1, is the schematic flow sheet of a kind of address distribution method that the embodiment of the present invention provides; As described in Figure 1, a kind of address distribution method described in the present embodiment comprises step:

S100, Dynamic Host Configuration Protocol server receives the first request of the request dispatching network address of the client that the network equipment forwards, and the target identities mark of the described client inserted by the described network equipment is carried in described first request.

In one embodiment, Dynamic Host Configuration Protocol server receives the first request that the network equipment forwards, and this first request is that client sends, and this first request is for asking Dynamic Host Configuration Protocol server to be this client distribution network address.The network address refers to Internet protocol (English: InternetProtocol, abbreviation: IP) address.This first request can be DHCP find (English: DHCPDISCOVER) or DHCP request (English: DHCPREQUEST) message.In order to be polymerized the network address of the client with same target identify label, the client-based target identities of Dynamic Host Configuration Protocol server is designated client distribution network address.Therefore, the network equipment is when forwarding first is asked, and the first request needs the target identities mark comprising client, and server receives the first request that the network equipment forwards.

The target identities mark of client is the identify label that the network equipment obtains according to the client query of asking for transmission first in the MAC Address of the client prestored and identify label mapping table.The MAC Address of client and the foundation of identify label mapping table are that the network equipment is when initiating certification to certificate server, certificate server is that client distributes identify label, the network equipment obtains the identify label that certificate server distributes, and sets up the mapping between the MAC Address of client and identify label.After the network equipment inserts this target identities mark in the first request, this first request is sent to Dynamic Host Configuration Protocol server.

S101, described Dynamic Host Configuration Protocol server determines the address field corresponding with the target identities mark of described client, described Dynamic Host Configuration Protocol server according to and address field corresponding to the target identities mark of described client be described client distribution network address, wherein, the network address distributed for described client belongs to the address field corresponding with the target identities mark of described client.

Dynamic Host Configuration Protocol server when for client distribution network address, for multiple clients with same target identify label distribute the multiple network addresss belonging to same address field respectively.It is multiple client distribution network addresses with same target identify label that Dynamic Host Configuration Protocol server generally identifies continuous print in corresponding address field in the target identities with described client, and the allocation address be in the address field of the network address of new client distribution and the target identities mark correspondence of this new client is adjacent.

The network equipment obtain Dynamic Host Configuration Protocol server be client distribute the network address, and the target identities of the network address and this client of setting up this client identify between corresponding relation.If it is (English: DHCPrelayagent) that this network equipment is dhcp relay agent, this network equipment receives the response of Dynamic Host Configuration Protocol server, this response can be DHCP provide (English: DHCPOFFER) or DHCP confirm (English: DHCPACK) message.It is (English: DHCPsnooping) intercepting and capturing Dynamic Host Configuration Protocol server in the response of Dynamic Host Configuration Protocol server is the network address that client is distributed that interchangeable, if this network equipment is not dhcp relay agent, this network equipment can be intercepted by DHCP.

Dynamic Host Configuration Protocol server is when distribution network address, first the address field of the target identities mark correspondence determining client is needed, the all corresponding one or more address field of each target identities mark, Dynamic Host Configuration Protocol server according to and address field corresponding to the target identities mark of client be client distribution network address, the network address that Dynamic Host Configuration Protocol server distributes belongs to the address field corresponding with the target identities mark of client.Address field, also can be called as address block, refers to the set of at least two continuous print network addresss.It is (English: subnetwork) that all-network address in this set belongs to same subnet.

The network address that target identities identifies identical client is same address field, and therefore the network equipment can be polymerized the network address of the client with same target identify label, to obtain subnet prefix.Corresponding relation list item is set up again according to the corresponding relation between the target identities of being polymerized client in the subnet prefix that obtains and this subnet prefix identifies.This corresponding relation list item comprises the mapping that this subnet prefix identifies to this target identities.Because the subnet prefix in a corresponding relation list item can represent multiple network address, set up the quantity that the corresponding relation list item represented with subnet prefix can reduce corresponding relation list item, thus save device storage resource.

Concrete, server is when distributing the network address of client, can carry out determining the address field corresponding with the target identities mark of client according to special algorithm, thus make the network address of the client with same target identify label belong to same address field.Optionally, determine that the special algorithm of the address field corresponding with the target identities mark of client can have following implementation, concrete steps please refer to S200-S201 in Fig. 2.

S200, if described Dynamic Host Configuration Protocol server is for the target identities mark of described client is assigned with corresponding address field, and have the unallocated network address in the address field of described correspondence of having distributed for the target identities mark of described client, then corresponding with the target identities of described client mark address field for described in be the address field of the correspondence of the target identities mark distribution of described client.

Whether judge in all ALARA Principle network addresss of Dynamic Host Configuration Protocol server as the target identities mark of client is assigned with corresponding address field, namely be judge whether other client with this target identities mark requests the network address before this, if Dynamic Host Configuration Protocol server is for the target identities mark of this client is assigned with corresponding address field, and there is the unallocated network address in the address field for the correspondence of this target identities mark distribution, then the address field distributed for this target identities mark is before defined as the address field that the target identities mark of client is corresponding.The above-mentioned ALARA Principle network address refers to and has permission at this Dynamic Host Configuration Protocol server the network address carrying out distributing.The above-mentioned unallocated network address refers to the network address be not assigned with in this address field.

S201, if all network addresss are all distribution network addresses in the address field of described correspondence of having distributed for the target identities mark of described client, or described Dynamic Host Configuration Protocol server is not yet that the target identities mark of described client distributes corresponding address field, then the target identities of described Dynamic Host Configuration Protocol server for described client in the ALARA Principle network address of described Dynamic Host Configuration Protocol server identifies new allocation address section, using the address field of this newly assigned address field as the target identities mark correspondence with described client.

If before for the target identities mark of client is assigned with corresponding address field, but because the client with this target identities mark is more, in the address field of this target identities mark, all network addresss are all distribution network addresses, or Dynamic Host Configuration Protocol server is not yet for this target identities mark distributes corresponding address field, namely the client-requested network address with this target identities mark was not had, thus in the manageable network address of Dynamic Host Configuration Protocol server, there is not address field corresponding to this target identities mark, the then new allocation address section of described Dynamic Host Configuration Protocol server, and using the address field of newly assigned address field as the target identities mark correspondence with client.The above-mentioned address of distribution network refers to the network address be assigned with in address field.

Dynamic Host Configuration Protocol server needs for this target identities identifies new allocation address section in the ALARA Principle network address of Dynamic Host Configuration Protocol server, and using the address field of this newly assigned address field as the target identities mark correspondence with client.New allocation address section is the continuous unallocated network address, and after being assigned, this newly assigned address field only and the target identities mark correspondence of client, namely do not belong to any other identify label.

Further, two kinds of optional implementations can be had for the target identities of client identifies new allocation address section.

In the first optional execution mode, as shown in Figure 3, step S300-S302 can be comprised;

S300, if there is not distribution network address in the described ALARA Principle network address, the address field that the set of all ALARA Principle network addresss is formed is defined as the address field corresponding with the described target identities mark of described client by described Dynamic Host Configuration Protocol server.

If there is not distribution network address in the ALARA Principle network address of Dynamic Host Configuration Protocol server, namely be that Dynamic Host Configuration Protocol server is also for any one client distribution network address, then when client-requested distribution network address, the address field that the set of all ALARA Principle network addresss is formed is defined as by Dynamic Host Configuration Protocol server and the target identities of this client identifies corresponding address field, is namely the new allocation address section for the distribution of this target identities mark.The set of all ALARA Principle network addresss may form one or more address field.

S301, if there is distribution network address in the described ALARA Principle network address, described Dynamic Host Configuration Protocol server determines the continuous unallocated network address the longest in the described ALARA Principle network address, and the longest described continuous unallocated network address is divided into the first address field and the second address field, wherein the first address field is made up of the unallocated network address of partial continuous in the longest described continuous unallocated network address, second address field is made up of the continuous unallocated network address in the longest described continuous unallocated network address except described first address field, described first address field with belong to described in the address of distribution network of identify label corresponding to the longest continuous unallocated network address adjacent.

If there is distribution network address in the ALARA Principle network address, the continuous unallocated network address the longest in the Dynamic Host Configuration Protocol server determination ALARA Principle network address.Dynamic Host Configuration Protocol server is distribution network address successively in the address field that target identities mark is corresponding when distribution network address, and in the address field that therefore each target identities mark is corresponding, the remaining unallocated network address is also continuous print.In the network address that relatively Dynamic Host Configuration Protocol server manages, multiple target identities identifies the quantity of the continuous unallocated network address in each self-corresponding address field, and choose the continuous unallocated network address in address field corresponding to the maximum target identities mark of quantity, be namely the continuous unallocated network address grown most.Such as, in the address field that first object identify label is corresponding, continuous unallocated network address quantity is maximum, then obtain the continuous unallocated network address in first object identify label.

The longest continuous unallocated network address is divided into the first address field and the second address field.Such as, the longest continuous unallocated network address on average can be divided into the first address field and the second address field.The address of distribution network of the identify label that the first address field is corresponding with belonging to the longest continuous unallocated network address is adjacent, is namely adjacent with the address of distribution network of first object identify label.

S302, described second address field is defined as described new allocation address section by described Dynamic Host Configuration Protocol server.

Second address field is defined as new allocation address section by Dynamic Host Configuration Protocol server.Dynamic Host Configuration Protocol server removes the second address field from the original corresponding address field of first object identify label.The address field that the network address in the address of distribution network in address field corresponding for first object identify label and above-mentioned first address field is formed is defined as address field corresponding to new first object identify label.

In the optional execution mode of the second, step S400 can be comprised.

S400, according to default size, for the target identities of described client identifies new allocation address section in the network address of described Dynamic Host Configuration Protocol server in the ALARA Principle network address of described Dynamic Host Configuration Protocol server except allocation address section, the size of described new allocation address section equals described default size.

In this execution mode, Dynamic Host Configuration Protocol server is when for each identify label allocation address section, all distribute according to default size, such as, when having the client-requested distribution network address of first object identify label, then in the ALARA Principle network address of Dynamic Host Configuration Protocol server, divide size equal the network address section of default size (such as 50 network addresss) to first object identify label.When having the client-requested distribution network address of the second target identities mark, address field corresponding to first object identify label is allocation address section, divides size and equal the network address section of default size (such as 50 network addresss) to the second target identities mark in the network address of Dynamic Host Configuration Protocol server in the ALARA Principle network address except this allocation address section.

In the embodiment of the present invention, Dynamic Host Configuration Protocol server receives the first request that the network equipment forwards, the target identities mark of the client that the network equipment inserts is carried in this first request, Dynamic Host Configuration Protocol server determines the address field corresponding with the target identities mark of client, and the address field corresponding according to the target identities mark of client is client distribution network address, the network address distributed belongs to the address field of the target identities mark correspondence of this client, in the embodiment of the present invention, for the client with common identity mark distributes the network address belonging to same address field, be convenient to the network equipment when storage networking address and target identities identify corresponding relation, the network address can be carried out being polymerized rear storage, thus reduce corresponding relation list item, save device storage resource.

Please refer to Fig. 4, is the schematic flow sheet of a kind of information aggregation method that the embodiment of the present invention provides; The embodiment of the present invention is described from network equipment side, and as described in Figure 4, a kind of information aggregation method described in the present embodiment comprises step:

S401, the network equipment receives the first request of the request dispatching network address that the first client sends, and described first request comprises the MAC Address of described first client.

The network equipment can be the relay agent of transmission information between client and Dynamic Host Configuration Protocol server, is equivalent to the message that forwarding client sends.When the first client needs the request dispatching network address, namely send the first request to the network equipment.The network equipment receives the first request of the request dispatching network address that the first client sends.The source MAC of this first request is the MAC Address of the first client.

S402, the described network equipment is according to the mapping table of the MAC Address prestored and identify label, and the described network equipment is searched the target identities corresponding with the MAC Address of described first client and identified as first object identify label.

The mapping table of MAC Address and identify label is prestored in the network equipment, this mapping table is that client stored when carrying out certification, concrete, when client sends authentication request, the network equipment sends authentication request to certificate server, after authentication success, certificate server can distribute identify label for client, and distributed identify label is sent to the network equipment.The network equipment receives the identify label of the client that certificate server returns, and sets up a mapping table, and this table comprises the mapping between the MAC Address of client and identify label.

The network equipment is according to the MAC Address prestored and identify label mapping table, and the network equipment is searched target identities corresponding with the MAC Address of the first client in mapping table and identified as first object identify label.

S403, described first object identify label is inserted in described first request by the described network equipment, to obtain the second request.

Inquired about first object identify label is inserted in the first request by the network equipment, to obtain the second request, first request can be DHCP request, method first object identify label being inserted the first request can be option first object identify label inserted in DHCP request message, such as DHCPoption, DHCPoption is variable length field, contains partial charter party information, type of message etc.After first object identify label being inserted DHCP request message, obtain the second request so that the network equipment by the second request forward to Dynamic Host Configuration Protocol server.

S404, the described network equipment forwards described second request to server.

The network equipment forwards the second request to server, the first object identify label of the first client is carried in second request, to make server according to the first object identify label of the first client to the first client distribution network address, it should be noted that, the network address that server distributes to the first client belongs to the network address in first object identify label address field.

S405, the described network equipment obtains the first network address distributed for described first client according to described first object identify label that described server sends.

The network equipment obtains the first network address distributed for the first client according to first object identify label that Dynamic Host Configuration Protocol server sends, Dynamic Host Configuration Protocol server distributes the client with same target identify label the network address belonging to same address field, therefore, the first network address distributed for the first client belongs to address field corresponding to first object identify label.

Concrete, the method that the network equipment obtains the first network address that Dynamic Host Configuration Protocol server sends can be, if it is (English: DHCPrelayagent) that this network equipment is dhcp relay agent, the method that this network equipment obtains first network address can be, receive the response of Dynamic Host Configuration Protocol server, this response can be DHCP provide (English: DHCPOFFER) or DHCP confirm (English: DHCPACK) message.It is (English: DHCPsnooping) intercepting and capturing Dynamic Host Configuration Protocol server in the response of Dynamic Host Configuration Protocol server is the first network address that the first client is distributed that interchangeable, if this network equipment is not dhcp relay agent, this network equipment can be intercepted by DHCP.

S406, what the described network equipment obtained that described server sends is designated according to the second target identities the second network address that the second client distributes, described second target identities is designated according to target identities mark corresponding with the MAC Address of described second client in described mapping table, and described second target identities mark is identical with the value of described first object identify label;

Server end can be each client distribution network address, and such as, when the network equipment is to the second network address of server request second client, server is designated the second client according to the second target identities of the second client and distributes second network address.When the value of the second target identities mark is identical with the value of first object identify label, then distributed first network address and second network address belong to an address field.

What the network equipment obtained that server sends is designated according to the second target identities the second network address that the second client distributes, in order to reduce the list item of corresponding relation between the network address of client in the network equipment and identify label, the network equipment also needs the network address of each obtained client to be carried out the polymerization process of the further network address, such as, the network address belonging to an address field in each client is polymerized, to save in the network equipment memory source storing corresponding relation list item.

S407, described first network address and described second network address are divided into a classification according to described second target identities mark and described first object identify label by the described network equipment, wherein, the value of the target identities mark that the MAC Address of client belonging to the all-network address in described classification is corresponding in described mapping table is identical.

Because first object identify label is identical with the value that the second target identities identifies, therefore the network equipment can identify at one's side to identify with the second target identities according to first object and first network address and second network address are divided into a classification.It should be noted that, the value of the target identities mark that in the classification divided, the MAC Address of client belonging to all-network address is corresponding is in the mapping table identical.Network address quantity included in the classification divided can have multiple, the all-network address in this classification is carried out polymerization process, to reduce the list item of the network address and identify label corresponding relation.

Concrete, be polymerized the network address in each classification, polymerization methods can have following two kinds of optional execution modes;

In the first optional execution mode, please refer to shown in Fig. 5, comprise step S500-S501;

S500, the network address in described classification is polymerized, to obtain a subnet prefix by the described network equipment;

As the optional execution mode of one, in controlled network (network could accessed after only having certification to pass through), the network address that permission part is not assigned with is aggregated to one piece with the network address be assigned with, the unappropriated network address can not produce flow, therefore normal network can not be affected, therefore the all-network address in this classification is polymerized by the network equipment, obtain a subnet prefix, this subnet prefix covers all network addresss distributed in this classification, also the unappropriated network address of part in this classification can be covered, but the subnet prefix obtained is to cover the longest subnet prefix in the subnet prefix of distribution network address in this classification.

Here the value identified for first object identify label and the second target identities is all that PG10 is described, first network address is 10.1.1.136, second network address is 10.1.1.137, the value of target identities mark is the 3rd network address 10.1.1.138 that the client of PG10 also comprises the 3rd client, by network address 10.1.1.136, 10.1.1.137, 10.1.1.138 a PG10 classification is divided into, the network address in PG10 classification is three connected network addresss, and be distribution network address, for in controlled network, unappropriated network address 10.1.1.139 can carry out network address polymerization together, obtaining a subnet prefix is 10.1.1.136/30, this subnet prefix is to cover the longest subnet prefix in the subnet prefix of distribution network address.Such as, subnet prefix 10.1.1.128/29 also can cover these three distribution network addresses, but subnet prefix 10.1.1.136/30 is longer than subnet prefix 10.1.1.128/29, therefore subnet prefix 10.1.1.136/30 can cover the longest subnet prefix in the subnet prefix of these three distribution network addresses.

S501, the described network equipment sets up the corresponding relation list item between described first object identify label and described subnet prefix.

As the optional execution mode of one, the value of all identify labels in this classification is identical with the value of first object identify label, therefore first object identify label directly can be utilized to replace all identify labels in this classification, set up the corresponding relation between first object identify label and subnet prefix.

Such as, subnet prefix is 10.1.1.136/30, the first object identify label that then this subnet prefix is corresponding is PG10, sets up the corresponding relation list item of PG10 and 10.1.1.136/30, owing to including four network addresss in this subnet prefix, wherein, a network address is unallocated, and three network addresss are distributed, compared to usually setting up corresponding relation list item between each network address and identify label, decrease the quantity of list item, be namely the reduction of network equipment memory source.

In the optional execution mode of the second, please refer to shown in Fig. 6, comprise step S600-S601;

S600, the described network equipment is by the network address polymerization in described classification, obtain subnet set, described subnet set comprises subnet prefix, all elements in described subnet set covers the all-network address in described classification, and all elements in described subnet set does not cover any network address except the all-network address in described classification.

As the optional execution mode of one, in not controlled network (not needing certification and addressable network), together with not allowing the unappropriated network address to be aggregated to the network address distributed, avoid affecting normal access to netwoks.Such as, identify label is that the network address in the classification of PG10 comprises 3 distribution network address 10.1.1.136,10.1.1.137,10.1.1.138, when being polymerized, unappropriated network address 10.1.1.139 just can not be polymerized to a subnet prefix with the network address distributed.Therefore, different from controlled network for polymerization in not controlled network, concrete method can be, the network address in this classification is polymerized, obtain subnet set, subnet set comprises multiple element, and element can be subnet prefix and the network address, all elements in subnet set covers the all-network address in this classification, and all elements in subnet set does not cover any network address except the all-network address in this classification.

Concrete polymerization can be, first judge whether comprise the unappropriated network address in the subnet prefix that the all-network Address Aggregation in this classification becomes, if do not comprise the unappropriated network address, then namely this subnet prefix is subnet set.If this subnet prefix comprises the unappropriated network address, then using the network address adjacent with the unappropriated network address as the element of in subnet set, being carried out regrouping in rest network address in this classification is again a subnet prefix, and the subnet prefix regrouped also is an element in subnet set.

Here be polymerized to example with the network address in the first object identify label PG10 classification that is PG10 to be described, if be subnet prefix 10.1.1.136/30 by all-network Address Aggregation in this classification, then comprise unallocated network address 10.1.1.139, then using the network address 10.1.1.138 adjacent with network address 10.1.1.139 separately as the element of in subnet set, again rest network address 10.1.1.136,10.1.1.137 are polymerized to a subnet prefix 10.1.1.136/31, subnet prefix 10.1.1.136/31 is an element in subnet set.After aforesaid operations, subnet set comprises two elements: network address 10.1.1.138 and subnet prefix 10.1.1.136/31.These two elements can cover above-mentioned 3 distribution network address 10.1.1.136,10.1.1.137,10.1.1.138, and can not cover these 3 any other the network addresss outside distribution network address.

S601, the described network equipment sets up the corresponding relation list item in described first object identify label and described subnet set between each element.

If only have an element in subnet set, the network equipment sets up a corresponding relation list item, and this corresponding relation list item comprises the mapping of this only element in first object identify label to subnet set.If have multiple element in subnet set, the network equipment sets up the multiple corresponding relation list items in first object identify label and subnet set between all elements, each in the plurality of corresponding relation list item comprises the mapping of first object identify label to one of them element in subnet set, and element in subnet set in any two corresponding relation list items is different.Here continue to be described for the subnet set that the network address in PG10 classification is polymerized, the network equipment sets up the corresponding relation list item between the corresponding relation list item of first object identify label PG10 and network address 10.1.1.138 and first object identify label PG10 and subnet prefix 10.1.1.136/31 successively.

Please refer to Fig. 7, be a kind of network address allocation scenarios figure that the embodiment of the present invention provides, the information fusion scheme of this embodiment is mainly used in client first certification, the scene of the rear request dispatching network address; Step in the program mainly comprises:

1, client access Dynamic Host Configuration Protocol server feedforward network equipment initiates certification;

Concrete, client initiates access authentication to the network equipment, as 802.1x certification.

2, the network equipment initiates certification to certificate server;

3, certificate server response (carrying target identities mark);

Concrete, after authentication success, certificate server returns to the network equipment the response identified with target identities, establishes mapping table in the network equipment, comprises the corresponding relation of MAC Address, the network address (temporarily for empty), authentication mode etc.

4, client initiates DHCP request;

Concrete, client initiates the DHCP request of the request dispatching network address to the network equipment.

5, the network equipment initiates DHCP request (carrying target identities mark);

Concrete, after the network equipment receives the DHCP request that client initiates, as DHCP relay, by option target identities mark is encapsulated in DHCP request and issues Dynamic Host Configuration Protocol server in the lump.

6, Dynamic Host Configuration Protocol server distribution network address;

Concrete, after Dynamic Host Configuration Protocol server receives request, extract the target identities mark in request, and according to this target identities mark distribution network address, namely be that the distributed network address belongs to address field corresponding to this target identities mark, finally the distributed network address returned to the network equipment.

7, the network address is issued to client by the network equipment.

Follow-up network address polymerization has come primarily of the list item aggregation module in the network equipment.

Please refer to Fig. 8, is the another kind of network address allocation scenarios figure that the embodiment of the present invention provides, and the network address distribution of this embodiment is mainly used in the first request dispatching temporary network address of client, the scene of then certification; As shown in the figure, the step in this scene graph mainly comprises:

1, client initiates DHCP request to the network equipment;

2, the network equipment initiates DHCP request to Dynamic Host Configuration Protocol server;

Concrete, when the network equipment receives the DHCP request of client initiation, initiate request as DHCP relay to Dynamic Host Configuration Protocol server, do not carry target identities mark.

3, Dynamic Host Configuration Protocol server distribution network address;

Concrete, after Dynamic Host Configuration Protocol server receives request, because extract fall short identify label, therefore according to the Generic Address algorithm assigns network address, now distributed is temporary network address, and is returned to the network equipment.

4, the network address is issued to client by the network equipment;

5, client initiates authentication request;

6, the network equipment initiates certification to certificate server;

7, certificate server response (carrying target identities mark);

Concrete, after authentication success, certificate server returns to the network equipment the response identified with target identities, and the network equipment sets up subscriber's meter, comprises the corresponding relation of MAC Address, target identities mark, the network address, authentication mode etc.

8, the network equipment cancels the network address to Dynamic Host Configuration Protocol server;

Concrete, network address polymerization is not suitable for due to the network address distributed before, therefore after obtaining target identities mark, the network equipment needs the request cancelling the network address to Dynamic Host Configuration Protocol server, after the network address of client is cancelled, need again to initiate DHCP request distribution network address to the network equipment, concrete method, please refer to the step 4-7 of Fig. 7.

Set forth the specific implementation of the relevant device that the embodiment of the present invention provides below.

Please refer to Fig. 9, is the structural representation of a kind of Dynamic Host Configuration Protocol server that the embodiment of the present invention provides.As shown in Figure 9, a kind of Dynamic Host Configuration Protocol server described in the present embodiment comprises: the first receiver module 100 and determine distribution module 101.

First receiver module 100, for receiving the first request of the request dispatching network address of the client that the network equipment forwards, the target identities mark of the described client inserted by the described network equipment is carried in described first request;

In one embodiment, Dynamic Host Configuration Protocol server first receiver module 100 receives the first request that the network equipment forwards, this first request is that client sends, this first request is for asking Dynamic Host Configuration Protocol server to be this client distribution network address, the network address refers to Internet protocol (English: InternetProtocol, abbreviation: IP) address.This first request can be DHCP find (English: DHCPDISCOVER) or DHCP request (English: DHCPREQUEST) message.In order to be polymerized the network address of the client with same target identify label, the client-based target identities of Dynamic Host Configuration Protocol server is designated client distribution network address.Therefore, the network equipment is when forwarding first is asked, and the first request needs the target identities mark comprising client, and server receives the first request that the network equipment forwards.

Determine distribution module 101, for determining the address field corresponding with the target identities mark of described client, the address field corresponding according to the target identities mark with described client is described client distribution network address, wherein, the network address distributed for described client belongs to the address field corresponding with the target identities mark of described client.

Concrete, server is when distributing the network address of client, can carry out determining the address field corresponding with the target identities mark of client according to special algorithm, thus make the network address of the client with same target identify label belong to same address field.

Optionally, determine that distribution module 101 determines that the execution mode of the address field corresponding with the target identities mark of client can have following two kinds of optional execution modes:

In the first optional execution mode, if for the target identities mark of described client is assigned with corresponding address field, and have the unallocated network address in the address field of described correspondence of having distributed for the target identities mark of described client, then described determine distribution module 101 also for determine the address field corresponding with the target identities of described client mark for described in the address field of correspondence that distributed for the target identities mark of described client.

As the optional execution mode of one, whether judge in all manageable network addresss of Dynamic Host Configuration Protocol server as the target identities mark of client is assigned with corresponding address field, namely be judge whether other client with this target identities mark requests the network address before this, if Dynamic Host Configuration Protocol server is for the target identities mark of this client is assigned with corresponding address field, and there is the unallocated network address in the address field for the correspondence of this target identities mark distribution, then determine that the address field distributed for this target identities mark is before defined as the address field of the target identities mark correspondence of client by distribution module 101.The above-mentioned ALARA Principle network address refers to and has permission at this Dynamic Host Configuration Protocol server the network address carrying out distributing.The above-mentioned unallocated network address refers to the network address be not assigned with in this address field.

In the optional execution mode of the second, if all network addresss are all distribution network addresses in the address field of described correspondence of having distributed for the target identities mark of described client, or described Dynamic Host Configuration Protocol server is not yet that the target identities mark of described client distributes corresponding address field, then described determine distribution module also in the ALARA Principle network address of described Dynamic Host Configuration Protocol server for the target identities of described client identifies new allocation address section, using the address field of this newly assigned address field as the target identities mark correspondence with described client.

Dynamic Host Configuration Protocol server determination distribution module 101 needs for this target identities identifies new allocation address section in the ALARA Principle network address of Dynamic Host Configuration Protocol server, and using the address field of this newly assigned address field as the target identities mark correspondence with client.New allocation address section is the continuous unallocated network address, and after being assigned, this newly assigned address field only and the target identities mark correspondence of client, namely do not belong to any other identify label.

Concrete, the mode that the target identities for client identifies new allocation address section can have two kinds of optional execution modes:

In the first optional execution mode, determining distribution module 101 if described also for there is not distribution network address in the described ALARA Principle network address, the address field that the set of all ALARA Principle network addresss is formed being defined as the address field corresponding with the described target identities mark of described client.

If there is not distribution network address in the ALARA Principle network address of Dynamic Host Configuration Protocol server, namely be that Dynamic Host Configuration Protocol server is also for any one client distribution network address, then when client-requested distribution network address, the address field that the set of all ALARA Principle network addresss is formed is defined as by Dynamic Host Configuration Protocol server determination distribution module 101 and the target identities of this client identifies corresponding address field, is namely the new allocation address section for the distribution of this target identities mark.The set of all ALARA Principle network addresss may form one or more address field.

If there is distribution network address in the described ALARA Principle network address, describedly determine distribution module 101 also for determining the continuous unallocated network address the longest in the described ALARA Principle network address, and the longest described continuous unallocated network address is divided into the first address field and the second address field, wherein the first address field is made up of the unallocated network address of partial continuous in the longest described continuous unallocated network address, second address field is made up of the continuous unallocated network address in the longest described continuous unallocated network address except described first address field, described first address field with belong to described in the address of distribution network of identify label corresponding to the longest continuous unallocated network address adjacent,

If there is distribution network address in the ALARA Principle network address, the determination distribution module 101 of Dynamic Host Configuration Protocol server determines the continuous unallocated network address the longest in the ALARA Principle network address, determine that distribution module 101 is distribution network address successively in the address field that target identities mark is corresponding when distribution network address, in the address field that therefore each target identities mark is corresponding, the remaining unallocated network address is also continuous print.Determine that distribution module 101 compares the quantity of the continuous unallocated network address in each self-corresponding address field of multiple target identities mark in the network address that Dynamic Host Configuration Protocol server manages, and choose the continuous unallocated network address in address field corresponding to the maximum target identities mark of quantity, namely be obtain the longest continuous unallocated network address, such as, in the address field that first object identify label is corresponding, continuous unallocated network address quantity is maximum, then obtain the continuous unallocated network address in first object identify label.

Determine that the longest continuous unallocated network address is divided into the first address field and the second address field by distribution module 101.Such as, the longest continuous unallocated network address on average can be divided into the first address field and the second address field.The address of distribution network of the identify label that the first address field is corresponding with belonging to the longest continuous unallocated network address is adjacent, is namely adjacent with the address of distribution network of first object identify label.

Describedly determine distribution module 101 also for described second address field is defined as described new allocation address section.

Second address field is defined as new allocation address section by Dynamic Host Configuration Protocol server determination distribution module 101, and Dynamic Host Configuration Protocol server removes the second address field from the original corresponding address field of first object identify label.The address field that the network address in the address of distribution network in address field corresponding for first object identify label and above-mentioned first address field is formed is defined as address field corresponding to new first object identify label.

In the optional execution mode of the second, described determine distribution module 101 also for according to preset size, target identities for described client in the network address in the ALARA Principle network address of described server except allocation address section identifies new allocation address section, and the size of described new allocation address section equals described default size.

In this execution mode, Dynamic Host Configuration Protocol server is when for each identify label allocation address section, all distribute according to default size, such as, when having the client-requested distribution network address of first object identify label, then in the ALARA Principle network address of Dynamic Host Configuration Protocol server, divide size equal the network address section of default size (such as 50 network addresss) to first object identify label.When having the client-requested distribution network address of the second target identities mark, address field corresponding to first object identify label is allocation address section, divides size and equal the network address section of default size (such as 50 network addresss) to the second target identities mark in the network address of Dynamic Host Configuration Protocol server determination distribution module 101 in the ALARA Principle network address except this allocation address section.

Please refer to Figure 10, is the structural representation of a kind of network equipment that the embodiment of the present invention provides.As shown in Figure 10, a kind of network equipment described in the present embodiment comprises: the second receiver module 200, search module 201, insert module 202, forwarding module 203, acquisition module 204, further alternative, the network equipment can also comprise division module 205, aggregation module 206 and set up module 207.Acquisition module with search model calling, after acquisition module in the network equipment gets the first network address of the first client, according to the mapping table that MAC Address and target identities identify, set up the corresponding relation of first object identify label and first network address, network address polymerization is carried out in the network address being convenient to the client by having same target identify label.

Second receiver module 200, for receiving the first request of the request dispatching network address that the first client sends, described first request comprises the MAC Address of described first client;

The network equipment can be the relay agent of the transmission information between client and Dynamic Host Configuration Protocol server, is equivalent to the message that forwarding client sends.When the first client needs the request dispatching network address, namely send the first request to the network equipment.The network equipment second receiver module 200 receives the first request of the request dispatching network address that the first client sends, and the source MAC of this first request is the MAC Address of the first client.

Search module 201, for the mapping table according to the MAC Address prestored and identify label, the described network equipment is searched the target identities corresponding with the MAC Address of described first client and is identified as first object identify label.

The network equipment searches module 201 according to the MAC Address prestored and identify label mapping table, searches target identities corresponding with the MAC Address of the first client in mapping table and identifies as first object identify label.

Insert module 202, for described first object identify label being inserted in described first request, to obtain the second request.

Inquired about first object identify label is inserted in the first request by network equipment insert module 202, to obtain the second request, first request can be DHCP request, the method that the first request is inserted in first object identify label by insert module 202 can be option first object identify label inserted in DHCP request message, such as DHCPoption, DHCPoption is variable length field, contains partial charter party information, type of message etc.Insert module 202 will obtain the second request after first object identify label being inserted DHCP request message so that the network equipment by the second request forward to Dynamic Host Configuration Protocol server.

Forwarding module 203, for forwarding described second request to server;

Network equipment forwarding module 203 forwards the second request to server, the first object identify label of the first client is carried in second request, to make server according to the first object identify label of the first client to the first client distribution network address, it should be noted that, the network address that server distributes to the first client belongs to the network address in first object identify label address field.

Acquisition module 204, for obtaining the first network address distributed for described first client according to described first object identify label that described server sends.

Network equipment acquisition module 204 obtains the first network address distributed for the first client according to first object identify label that Dynamic Host Configuration Protocol server sends, Dynamic Host Configuration Protocol server distributes the client with same target identify label the network address belonging to same address field, therefore, the first network address distributed for the first client belongs to address field corresponding to first object identify label.

Concrete, the method that network equipment acquisition module 204 obtains the first network address that Dynamic Host Configuration Protocol server sends can be, if it is (English: DHCPrelayagent) that this network equipment is dhcp relay agent, the method that this network equipment obtains first network address can be, receive the response of Dynamic Host Configuration Protocol server, this response can be DHCP provide (English: DHCPOFFER) or DHCP confirm (English: DHCPACK) message.It is (English: DHCPsnooping) intercepting and capturing Dynamic Host Configuration Protocol server in the response of Dynamic Host Configuration Protocol server is the first network address that the first client is distributed that interchangeable, if this network equipment is not dhcp relay agent, this network equipment can be intercepted by DHCP.

Further, after acquisition module 204 gets the first network address of the first client, by the mapping table searched module 201 and identify according to MAC Address and target identities, search the first object identify label of the first client, set up the corresponding relation of first object identify label and first network address again, network address polymerization is carried out in the network address being convenient to the client by having same target identify label.

Optionally, described acquisition module 204 is also designated according to the second target identities the second network address that the second client distributes for what obtain that described server sends, described second target identities is designated according to target identities mark corresponding with the MAC Address of described second client in described mapping table, and described second target identities mark is identical with the value of described first object identify label;

What network equipment acquisition module 204 obtained that server sends is designated according to the second target identities the second network address that the second client distributes, in order to reduce the list item of corresponding relation between the network address of client in the network equipment and identify label, the network equipment also needs the network address of each obtained client to be carried out the polymerization process of the further network address, such as, the network address belonging to an address field in each client is polymerized, to save in the network equipment memory source storing corresponding relation list item.

Further alternative, the network equipment can also comprise division module 205, aggregation module 206 and set up module 207.

Divide module 205, for described first network address and described second network address being divided into a classification according to described second target identities mark and described first object identify label, wherein, the value of the target identities mark that the MAC Address of client belonging to the all-network address in described classification is corresponding in described mapping table is identical.

Because first object identify label is identical with the value that the second target identities identifies, therefore the network equipment divides module 205 and can identify at one's side to identify with the second target identities according to first object first network address and second network address are divided into a classification.It should be noted that, the value of the target identities mark that in the classification divided, the MAC Address of client belonging to all-network address is corresponding is in the mapping table identical.Network address quantity included in the classification divided can have multiple, the all-network address in this classification is carried out polymerization process, to reduce the list item of the network address and identify label corresponding relation.

Concrete, be polymerized the network address in each classification, polymerization methods can have following two kinds of optional execution modes, and these two kinds of execution modes are by aggregation module 206 and set up module 207 and complete:

In the first optional execution mode, aggregation module 206, for by the network address polymerization in described classification, to obtain a subnet prefix;

As the optional execution mode of one, in controlled network (network could accessed after only having certification to pass through), the network address that permission part is not assigned with is aggregated to one piece with the network address be assigned with, the unappropriated network address can not produce flow, therefore normal network can not be affected, therefore the all-network address in this classification is polymerized by the network equipment first aggregation module 206, obtain a subnet prefix, this subnet prefix covers all network addresss distributed in this classification, also the unappropriated network address of part in this classification can be covered, but the subnet prefix obtained is to cover the longest subnet prefix in the subnet prefix of distribution network address in this classification.

Here the value identified for first object identify label and the second target identities is all that PG10 is described, first network address is 10.1.1.136, second network address is 10.1.1.137, the value of target identities mark is the 3rd network address 10.1.1.138 that the client of PG10 also comprises the 3rd client, by network address 10.1.1.136, 10.1.1.137, 10.1.1.138 a PG10 classification is divided into, the network address in PG10 classification is three connected network addresss, and be distribution network address, for in controlled network, unappropriated network address 10.1.1.139 can be carried out network address polymerization by aggregation module 206 together, obtaining a subnet prefix is 10.1.1.136/30, this subnet prefix is to cover the longest subnet prefix in the subnet prefix of distribution network address.Such as, subnet prefix 10.1.1.128/29 also can cover these three distribution network addresses, but subnet prefix 10.1.1.136/30 is longer than subnet prefix 10.1.1.128/29, therefore subnet prefix 10.1.1.136/30 can cover the longest subnet prefix in the subnet prefix of these three distribution network addresses.

Set up module 207, for setting up the corresponding relation list item between described first object identify label and described subnet prefix.

As the optional execution mode of one, the value of all identify labels in this classification is identical with the value of first object identify label, therefore first object identify label directly can be utilized to replace all identify labels in this classification, set up module 207 and set up corresponding relation between first object identify label and subnet prefix.

Such as, subnet prefix is 10.1.1.136/30, the first object identify label that then this subnet prefix is corresponding is PG10, sets up the corresponding relation list item that module 207 sets up PG10 and 10.1.1.136/30, owing to including four network addresss in this subnet prefix, wherein, a network address is unallocated, and three network addresss are distributed, compared to usually setting up corresponding relation list item between each network address and identify label, decrease the quantity of list item, be namely the reduction of network equipment memory source.

In the optional execution mode of the second, aggregation module 206, for the network address in described classification is polymerized, obtain subnet set, described subnet set comprises subnet prefix, all elements in described subnet set covers the all-network address in described classification, and all elements in described subnet set does not cover any network address except the all-network address in described classification.

As the optional execution mode of one, in not controlled network (not needing certification and addressable network), together with not allowing the unappropriated network address to be aggregated to the network address distributed, avoid affecting normal access to netwoks, such as, identify label is that the network address in the classification of PG10 comprises 3 distribution network address 10.1.1.136,10.1.1.137,10.1.1.138, when being polymerized, unappropriated network address 10.1.1.139 just can not be polymerized to a subnet prefix with the network address distributed.Therefore, different from controlled network for polymerization in not controlled network, concrete method can be, the network address in this classification is polymerized by aggregation module 206, obtain subnet set, subnet set comprises multiple element, and element can be subnet prefix and the network address, all elements in subnet set covers the all-network address in this classification, and all elements in subnet set does not cover any network address except the all-network address in this classification.

Concrete polymerization can be, first aggregation module 206 judges whether comprise the unappropriated network address in the subnet prefix that the all-network Address Aggregation in this classification becomes, if do not comprise the unappropriated network address, then namely this subnet prefix is subnet set.If this subnet prefix comprises the unappropriated network address, then using the network address adjacent with the unappropriated network address as the element of in subnet set, being carried out regrouping in rest network address in this classification is again a subnet prefix, and the subnet prefix regrouped also is an element in subnet set.

Set up module 207, for setting up the corresponding relation list item in described first object identify label and described subnet set between each element.

If only have an element in subnet set, the network equipment is set up module 207 and is set up a corresponding relation list item, and this corresponding relation list item comprises the mapping of this only element in first object identify label to subnet set.If have multiple element in subnet set, the network equipment is set up module 207 and is set up multiple corresponding relation list items in first object identify label and subnet set between all elements, each in the plurality of corresponding relation list item comprises the mapping of first object identify label to one of them element in subnet set, and element in subnet set in any two corresponding relation list items is different.Here continue to be described for the subnet set that the network address in PG10 classification is polymerized, the network equipment sets up the corresponding relation list item between the corresponding relation list item of first object identify label PG10 and network address 10.1.1.138 and first object identify label PG10 and subnet prefix 10.1.1.136/31 successively.

Figure 11 is the structural representation of a kind of Dynamic Host Configuration Protocol server that the embodiment of the present invention provides, and as shown in figure 11, Dynamic Host Configuration Protocol server comprises processor 300, memory 301 and interface 302.Memory 301 is connected with bus respectively with processor 300, processor 300 is connected with interface 302 by bus, memory 301 is connected with processor 300 by bus, and memory 301 is for program code stored, and processor 300 program code called in memory 301 performs corresponding operation.

First request of the request dispatching network address of the client that described processor is forwarded by the interface network equipment, the target identities mark of the described client inserted by the described network equipment is carried in described first request;

Described processor, for determining the address field corresponding with the target identities mark of described client, the address field corresponding according to the target identities mark with described client is described client distribution network address, wherein, the network address distributed for described client belongs to the address field corresponding with the target identities mark of described client.

Optionally, Dynamic Host Configuration Protocol server receives the first request that the network equipment forwards, and this first request is that client sends, and this first request is for asking Dynamic Host Configuration Protocol server to be this client distribution network address.The network address refers to Internet protocol (English: InternetProtocol, abbreviation: IP) address.This first request can be DHCP find (English: DHCPDISCOVER) or DHCP request (English: DHCPREQUEST) message.In order to be polymerized the network address of the client with same target identify label, the client-based target identities of Dynamic Host Configuration Protocol server is designated client distribution network address.Therefore, the network equipment is when forwarding first is asked, and the first request needs the target identities mark comprising client, and server receives the first request that the network equipment forwards.

Optionally, Dynamic Host Configuration Protocol server when for client distribution network address, for multiple clients with same target identify label distribute the multiple network addresss belonging to same address field respectively.It is multiple client distribution network addresses with same target identify label that Dynamic Host Configuration Protocol server generally identifies continuous print in corresponding address field in the target identities with described client, and the allocation address be in the address field of the network address of new client distribution and the target identities mark correspondence of this new client is adjacent.

Described processor, if be also assigned with corresponding address field for the target identities mark for described client, and have the unallocated network address in the address field of described correspondence of having distributed for the target identities mark of described client, then corresponding with the target identities of described client mark address field for described in be the address field of the correspondence of the target identities mark distribution of described client;

If described processor is also all distribution network address for all network addresss in the address field of described correspondence of having distributed for the target identities mark of described client, or described Dynamic Host Configuration Protocol server is not yet that the target identities mark of described client distributes corresponding address field, then described Dynamic Host Configuration Protocol server in the ALARA Principle network address of described Dynamic Host Configuration Protocol server for the target identities of described client identifies new allocation address section, using this new allocation address section as and address field corresponding to the target identities mark of described client.

Optionally, whether judge in all ALARA Principle network addresss of Dynamic Host Configuration Protocol server as the target identities mark of client is assigned with corresponding address field, namely be judge whether other client with this target identities mark requests the network address before this, if Dynamic Host Configuration Protocol server is for the target identities mark of this client is assigned with corresponding address field, and there is the unallocated network address in the address field for the correspondence of this target identities mark distribution, then the address field distributed for this target identities mark is before defined as the address field that the target identities mark of client is corresponding.The above-mentioned ALARA Principle network address refers to and has permission at this Dynamic Host Configuration Protocol server the network address carrying out distributing.The above-mentioned unallocated network address refers to the network address be not assigned with in this address field.

Optionally, if before for the target identities mark of client is assigned with corresponding address field, but because the client with this target identities mark is more, in the address field of this target identities mark, all network addresss are all distribution network addresses, or Dynamic Host Configuration Protocol server is not yet for this target identities mark distributes corresponding address field, namely the client-requested network address with this target identities mark was not had, thus in the manageable network address of Dynamic Host Configuration Protocol server, there is not address field corresponding to this target identities mark, the then new allocation address section of described Dynamic Host Configuration Protocol server, and using the address field of newly assigned address field as the target identities mark correspondence with client.The above-mentioned address of distribution network refers to the network address be assigned with in address field.

If described processor is not also for existing distribution network address in the described ALARA Principle network address, the address field that the set of all ALARA Principle network addresss is formed is defined as the address field corresponding with the described target identities mark of described client.

If also for there is distribution network address in the described ALARA Principle network address in described processor, determine the continuous unallocated network address the longest in the described ALARA Principle network address, and the longest described continuous unallocated network address is divided into the first address field and the second address field, wherein the first address field is made up of the unallocated network address of partial continuous in the longest described continuous unallocated network address, second address field is made up of the continuous unallocated network address in the longest described continuous unallocated network address except described first address field, described first address field with belong to described in the address of distribution network of identify label corresponding to the longest continuous unallocated network address adjacent,

Described processor is also for being defined as described new allocation address section by described second address field.

Optionally, if there is not distribution network address in the ALARA Principle network address of Dynamic Host Configuration Protocol server, namely be that Dynamic Host Configuration Protocol server is also for any one client distribution network address, then when client-requested distribution network address, the address field that the set of all ALARA Principle network addresss is formed is defined as by Dynamic Host Configuration Protocol server and the target identities of this client identifies corresponding address field, is namely the new allocation address section for the distribution of this target identities mark.The set of all ALARA Principle network addresss may form one or more address field.

Optionally, if there is distribution network address in the ALARA Principle network address, the continuous unallocated network address the longest in the Dynamic Host Configuration Protocol server determination ALARA Principle network address.Dynamic Host Configuration Protocol server is distribution network address successively in the address field that target identities mark is corresponding when distribution network address, and in the address field that therefore each target identities mark is corresponding, the remaining unallocated network address is also continuous print.In the network address that relatively Dynamic Host Configuration Protocol server manages, multiple target identities identifies the quantity of the continuous unallocated network address in each self-corresponding address field, and choose the continuous unallocated network address in address field corresponding to the maximum target identities mark of quantity, be namely the continuous unallocated network address grown most.Such as, in the address field that first object identify label is corresponding, continuous unallocated network address quantity is maximum, then obtain the continuous unallocated network address in first object identify label.

Optionally, the second address field is defined as new allocation address section by Dynamic Host Configuration Protocol server.Dynamic Host Configuration Protocol server removes the second address field from the original corresponding address field of first object identify label.The address field that the network address in the address of distribution network in address field corresponding for first object identify label and above-mentioned first address field is formed is defined as address field corresponding to new first object identify label.

Described processor also presets size for basis, target identities for described client in the network address in the ALARA Principle network address of described server except allocation address section identifies new allocation address section, and the size of described new allocation address section equals described default size.

Optionally, Dynamic Host Configuration Protocol server is when for each identify label allocation address section, all distribute according to default size, such as, when having the client-requested distribution network address of first object identify label, then in the ALARA Principle network address of Dynamic Host Configuration Protocol server, divide size equal the network address section of default size (such as 50 network addresss) to first object identify label.When having the client-requested distribution network address of the second target identities mark, address field corresponding to first object identify label is allocation address section, divides size and equal the network address section of default size (such as 50 network addresss) to the second target identities mark in the network address of Dynamic Host Configuration Protocol server in the ALARA Principle network address except this allocation address section.

Figure 12 is the structural representation of a kind of network equipment that the embodiment of the present invention provides, and as shown in figure 12, the concrete form of this network equipment can be router, the network switch, gateway device, firewall box etc.This network equipment comprises processor 400, interface 401, memory 402.Processor 400 is connected with interface 401 by bus.Memory 402 is connected with processor 400 by bus, and memory 402 is for program code stored, and processor 400 performs corresponding operation, as represented bus with thick line in Figure 12 for the program code called in memory 402.

First request of the request dispatching network address that described processor is sent by interface first client, described first request comprises the MAC Address of described first client;

Described processor is used for the mapping table according to the MAC Address prestored and identify label, and the described network equipment is searched the target identities corresponding with the MAC Address of described first client and identified as first object identify label;

Described processor also for described first object identify label being inserted in described first request, to obtain the second request;

Described processor forwards described second request by interface to server;

Described processor is also for obtaining the first network address distributed for described first client according to described first object identify label that described server sends.

Optionally, the network equipment can be the relay agent of transmission information between client and Dynamic Host Configuration Protocol server, is equivalent to the message that forwarding client sends.When the first client needs the request dispatching network address, namely send the first request to the network equipment.The network equipment receives the first request of the request dispatching network address that the first client sends.The source MAC of this first request is the MAC Address of the first client.

Optionally, the mapping table of MAC Address and identify label is prestored in the network equipment, this mapping table is that client stored when carrying out certification, concrete, when client sends authentication request, the network equipment sends authentication request to certificate server, after authentication success, certificate server can distribute identify label for client, and distributed identify label is sent to the network equipment.The network equipment receives the identify label of the client that certificate server returns, and sets up a mapping table, and this table comprises the mapping between the MAC Address of client and identify label.

Optionally, inquired about first object identify label is inserted in the first request by the network equipment, to obtain the second request, first request can be DHCP request, method first object identify label being inserted the first request can be option first object identify label inserted in DHCP request message, such as DHCPoption, DHCPoption are variable length field, contain partial charter party information, type of message etc.After first object identify label being inserted DHCP request message, obtain the second request so that the network equipment by the second request forward to Dynamic Host Configuration Protocol server.

Optionally, the network equipment forwards the second request to server, the first object identify label of the first client is carried in second request, to make server according to the first object identify label of the first client to the first client distribution network address, it should be noted that, the network address that server distributes to the first client belongs to the network address in first object identify label address field.

Optionally, the network equipment obtains the first network address distributed for the first client according to first object identify label that Dynamic Host Configuration Protocol server sends, Dynamic Host Configuration Protocol server distributes the client with same target identify label the network address belonging to same address field, therefore, the first network address distributed for the first client belongs to address field corresponding to first object identify label.

Described processor is also designated according to the second target identities the second network address that the second client distributes for what obtain that described server sends, described second target identities is designated according to target identities mark corresponding with the MAC Address of described second client in described mapping table, and described second target identities mark is identical with the value of described first object identify label;

Described processor is also for being divided into a classification according to described second target identities mark and described first object identify label by described first network address and described second network address, wherein, the value of the target identities mark that the MAC Address of client belonging to the all-network address in described classification is corresponding in described mapping table is identical;

Described processor is also for being polymerized the network address in described classification, to obtain a subnet prefix;

Described processor is also for setting up the corresponding relation list item between described first object identify label and described subnet prefix.

Optionally, server end can be each client distribution network address, such as, when the network equipment is to the second network address of server request second client, server is designated the second client according to the second target identities of the second client and distributes second network address.When the value of the second target identities mark is identical with the value of first object identify label, then distributed first network address and second network address belong to an address field.

Optionally, because first object identify label is identical with the value that the second target identities identifies, therefore the network equipment can identify at one's side to identify with the second target identities according to first object and first network address and second network address are divided into a classification.It should be noted that, the value of the target identities mark that in the classification divided, the MAC Address of client belonging to all-network address is corresponding is in the mapping table identical.Network address quantity included in the classification divided can have multiple, the all-network address in this classification is carried out polymerization process, to reduce the list item of the network address and identify label corresponding relation.

Optionally, in controlled network (network could accessed after only having certification to pass through), the network address that permission part is not assigned with is aggregated to one piece with the network address be assigned with, the unappropriated network address can not produce flow, therefore normal network can not be affected, therefore the all-network address in this classification is polymerized by the network equipment, obtain a subnet prefix, this subnet prefix covers all network addresss distributed in this classification, also the unappropriated network address of part in this classification can be covered, but the subnet prefix obtained is to cover the longest subnet prefix in the subnet prefix of distribution network address in this classification.

Optionally, the value of all identify labels in this classification is identical with the value of first object identify label, therefore first object identify label directly can be utilized to replace all identify labels in this classification, set up the corresponding relation between first object identify label and subnet prefix.

Described processor is also for being polymerized the network address in described classification, obtain subnet set, described subnet set comprises subnet prefix, all elements in described subnet set covers the all-network address in described classification, and all elements in described subnet set does not cover any network address except the all-network address in described classification;

Described processor is also for setting up the corresponding relation list item in described first object identify label and described subnet set between each element.

Optionally, in not controlled network (not needing certification and addressable network), together with not allowing the unappropriated network address to be aggregated to the network address distributed, avoid affecting normal access to netwoks.Such as, identify label is that the network address in the classification of PG10 comprises 3 distribution network address 10.1.1.136,10.1.1.137,10.1.1.138, when being polymerized, unappropriated network address 10.1.1.139 just can not be polymerized to a subnet prefix with the network address distributed.Therefore, different from controlled network for polymerization in not controlled network, concrete method can be, the network address in this classification is polymerized, obtain subnet set, subnet set comprises multiple element, and element can be subnet prefix and the network address, all elements in subnet set covers the all-network address in this classification, and all elements in subnet set does not cover any network address except the all-network address in this classification.

Optionally, if only have an element in subnet set, the network equipment sets up a corresponding relation list item, and this corresponding relation list item comprises the mapping of this only element in first object identify label to subnet set.If have multiple element in subnet set, the network equipment sets up the multiple corresponding relation list items in first object identify label and subnet set between all elements, each in the plurality of corresponding relation list item comprises the mapping of first object identify label to one of them element in subnet set, and element in subnet set in any two corresponding relation list items is different.Here continue to be described for the subnet set that the network address in PG10 classification is polymerized, the network equipment sets up the corresponding relation list item between the corresponding relation list item of first object identify label PG10 and network address 10.1.1.138 and first object identify label PG10 and subnet prefix 10.1.1.136/31 successively.

One of ordinary skill in the art will appreciate that all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-OnlyMemory, ROM) or random store-memory body (RandomAccessMemory, RAM) etc.

Step in embodiment of the present invention method can be carried out order according to actual needs and be adjusted, merges and delete.

Module in embodiment of the present invention terminal or unit can carry out merging, divide and deleting according to actual needs.

Above disclosedly be only present pre-ferred embodiments, certainly can not limit the interest field of the present invention with this, therefore according to the equivalent variations that the claims in the present invention are done, still belong to the scope that the present invention is contained.

Claims

1. an address distribution method, is characterized in that, described method comprises:

Dynamic Host Configuration Protocol server receives the first request of the request dispatching network address of the client that the network equipment forwards, and the target identities mark of the described client inserted by the described network equipment is carried in described first request;

Described Dynamic Host Configuration Protocol server determines the address field corresponding with the target identities mark of described client, described Dynamic Host Configuration Protocol server according to and address field corresponding to the target identities mark of described client be described client distribution network address, wherein, the network address distributed for described client belongs to the address field corresponding with the target identities mark of described client.

2. the method for claim 1, is characterized in that, described Dynamic Host Configuration Protocol server determines the address field corresponding with the target identities mark of described client, comprising:

If described Dynamic Host Configuration Protocol server is for the target identities mark of described client is assigned with corresponding address field, and have the unallocated network address in the address field of described correspondence of having distributed for the target identities mark of described client, then corresponding with the target identities of described client mark address field for described in be the address field of the correspondence of the target identities mark distribution of described client;

If all network addresss are all distribution network addresses in the address field of described correspondence of having distributed for the target identities mark of described client, or described Dynamic Host Configuration Protocol server is not yet that the target identities mark of described client distributes corresponding address field, then described Dynamic Host Configuration Protocol server in the ALARA Principle network address of described Dynamic Host Configuration Protocol server for the target identities of described client identifies new allocation address section, using this new allocation address section as and address field corresponding to the target identities mark of described client.

3. method as claimed in claim 2, is characterized in that, described Dynamic Host Configuration Protocol server for the target identities of described client identifies new allocation address section, comprising in the ALARA Principle network address of described Dynamic Host Configuration Protocol server:

If there is not distribution network address in the described ALARA Principle network address, the address field that the set of all ALARA Principle network addresss is formed is defined as the address field corresponding with the described target identities mark of described client by described Dynamic Host Configuration Protocol server.

4. method as claimed in claim 3, is characterized in that, described Dynamic Host Configuration Protocol server for the target identities of described client identifies new allocation address section, also comprises in the ALARA Principle network address of described Dynamic Host Configuration Protocol server:

If there is distribution network address in the described ALARA Principle network address, described Dynamic Host Configuration Protocol server determines the continuous unallocated network address the longest in the described ALARA Principle network address, and the longest described continuous unallocated network address is divided into the first address field and the second address field, wherein the first address field is made up of the unallocated network address of partial continuous in the longest described continuous unallocated network address, second address field is made up of the continuous unallocated network address in the longest described continuous unallocated network address except described first address field, described first address field with belong to described in the address of distribution network of identify label corresponding to the longest continuous unallocated network address adjacent,

Described second address field is defined as described new allocation address section by described Dynamic Host Configuration Protocol server.

5. method as claimed in claim 2, is characterized in that, described Dynamic Host Configuration Protocol server for the target identities of described client identifies new allocation address section, comprising in the ALARA Principle network address of described Dynamic Host Configuration Protocol server:

According to default size, for the target identities of described client identifies new allocation address section in the network address of described Dynamic Host Configuration Protocol server in the ALARA Principle network address of described Dynamic Host Configuration Protocol server except allocation address section, the size of described new allocation address section equals described default size.

6. an information aggregation method, is characterized in that, described method comprises:

The network equipment receives the first request of the request dispatching network address that the first client sends, and described first request comprises the Media Access Control address of described first client;

The described network equipment is according to the mapping table of the Media Access Control address prestored and identify label, and the described network equipment is searched the target identities corresponding with the Media Access Control address of described first client and identified as first object identify label;

The described network equipment forwards described second request to server;

7. method as claimed in claim 6, is characterized in that, after the first network address distributed for described first client according to described first object identify label that the described network equipment obtains that described server sends, also comprises:

What the described network equipment obtained that described server sends is designated according to the second target identities the second network address that the second client distributes, described second target identities is designated according to target identities mark corresponding with the Media Access Control address of described second client in described mapping table, and described second target identities mark is identical with the value of described first object identify label;

Described first network address and described second network address are divided into a classification according to described second target identities mark and described first object identify label by the described network equipment, wherein, the value of the target identities mark that the Media Access Control address of client belonging to the all-network address in described classification is corresponding in described mapping table is identical;

8. method as claimed in claim 7, it is characterized in that, described method also comprises:

9. a Dynamic Host Configuration Protocol server, is characterized in that, described Dynamic Host Configuration Protocol server comprises:

10. server as claimed in claim 9, is characterized in that,

If for the target identities mark of described client is assigned with corresponding address field, and have the unallocated network address in the address field of described correspondence of having distributed for the target identities mark of described client, then described determine distribution module also for determine the address field corresponding with the target identities of described client mark for described in the address field of correspondence that distributed for the target identities mark of described client;

11. servers as claimed in claim 10, is characterized in that,

Determining distribution module if described also for there is not distribution network address in the described ALARA Principle network address, the address field that the set of all ALARA Principle network addresss is formed being defined as the address field corresponding with the described target identities mark of described client.

12. servers as claimed in claim 11, is characterized in that,

13. servers as claimed in claim 10, it is characterized in that, described determine distribution module also for according to preset size, target identities for described client in the network address in the ALARA Principle network address of described server except allocation address section identifies new allocation address section, and the size of described new allocation address section equals described default size.

14. 1 kinds of network equipments, is characterized in that, the described network equipment comprises:

Second receiver module, for receiving the first request of the request dispatching network address that the first client sends, described first request comprises the Media Access Control address of described first client;

Search module, for according to the Media Access Control address prestored and identify label mapping table, search the target identities corresponding with the Media Access Control address of described first client and identify as first object identify label;

Forwarding module, for forwarding described second request to server;

15. network equipments as claimed in claim 14, is characterized in that;

Divide module, for described first network address and described second network address being divided into a classification according to described second target identities mark and described first object identify label, wherein, the value of the target identities mark that the Media Access Control address of client belonging to the all-network address in described classification is corresponding in described mapping table is identical;

Aggregation module, for by the network address polymerization in described classification, to obtain a subnet prefix;

Set up module, for setting up the corresponding relation list item between described first object identify label and described subnet prefix.

16. network equipments as claimed in claim 15, is characterized in that;