CN105871782A - Method and device for processing network service, service router and platform authentication system - Google Patents

Abstract

The invention provides a method and a device for processing network service, a service router and a platform authentication system. The network service processing method comprises steps: a request packet of a client is acquired; network parameters corresponding to the request packet are acquired from the authentication platform; and the network parameters are issued to the client. According to the scheme of the invention, the request packet of the client is acquired, the network parameters corresponding to the request packet are acquired from the authentication platform, the network parameters are issued to the client, and thus, dynamic user IP configuration is realized, and problems of tedious and inconvenient service opening, user IP change and user migration due to static user IP configuration in the prior art can be solved.

Description

Network processing method, device, business router and platform authentication system

Technical field

The present invention relates to data communication service technical field, particularly relate to a kind of Network processing method, dress Put, business router and platform authentication system.

Background technology

Existing big customer's private line service is all to use static mode configuration to form, and i.e. completes client device The thing of the SR (business router) of (usually one main frame or router, switch) and telecom operators After reason connection (usually ethernet line), SR distributes an interface/sub-interface for user With gateway address, static configuration user profile, and it route issue as user, on the client configuration and gateway The IP of same network segment and the default route and the DNS (domain name system) that point to gateway, it is achieved client is surfed the Net.

But, owing to the IP of user needs static configuration, so it is cumbersome to activate the service；Because network adjusts Or user's dilatation carry out User IP change time, need revise configuration at SR and client simultaneously, the numbest Tired；When user is moved to other SR, in addition to making physical circuit and migrating, in addition it is also necessary to first delete old SR On data, reset Configuration Data on new SR the most again.Meanwhile, under static configuration, gather user Data on flows (as above, the byte number of downlink traffic, bag number) relatively difficult, it is achieved charge by flow non- The most inconvenient.

Summary of the invention

The technical problem to be solved in the present invention is to provide a kind of Network processing method, device, business route Device and platform authentication system, solve in prior art owing to User IP static configuration causes activating the service, revising User IP and user migrate loaded down with trivial details inconvenience, and the problem being difficult to realize charging by flow.

In order to solve above-mentioned technical problem, the embodiment of the present invention provides a kind of Network processing method, including:

Obtain the request data package of client；

The network parameter corresponding with described request data package is obtained from authentication platform；

Described network parameter is handed down to described client.

Wherein, obtain the step of the network parameter corresponding with described request data package from authentication platform to include:

Obtain locally stored preset password；

Ask according to the solicited message generating platform certification in described preset password and request data package；

The request of described platform authentication is sent to authentication platform；

Receive the network parameter issued in certification by rear described authentication platform.

Wherein, ask according to the solicited message generating platform certification in described preset password and request data package Step includes:

Line information in described request data package is assigned to the user name ginseng in the platform authentication request to be generated Number.

Wherein, also include:

Described line information is input in background data base.

Wherein, the step that described network parameter is handed down to described client includes:

The notice allowing online is issued to described client；

Receive the request of the upper network parameters of application that described client sends according to described notice；

Described network parameter is issued to described client according to the request of network parameters in described application.

Wherein, from authentication platform obtain the network parameter corresponding with described request data package step particularly as follows:

The network parameter corresponding with described request data package is obtained from authentication platform by internet.

Wherein, also include:

Obtain the message of reaching the standard grade of client；

Send, to described authentication platform, user profile of reaching the standard grade according to described message of reaching the standard grade.

Wherein, also include:

Obtain the message that rolls off the production line of client；

Charge information is sent to described authentication platform according to the described message that rolls off the production line.

Wherein, also include before obtaining the message that rolls off the production line of client:

Intermediate Charging ICH message is sent to described authentication platform according to predetermined period.

Present invention also offers a kind of Network processing means, including:

First acquisition module, for obtaining the request data package of client；

Second acquisition module, for obtaining the network parameter corresponding with described request data package from authentication platform；

First issues module, for described network parameter is handed down to described client.

Present invention also offers a kind of business router, including: above-mentioned Network processing means.

Present invention also offers a kind of Network processing method, including:

Obtain the platform authentication request that business router sends；

The request of described platform authentication is authenticated；

When certification is passed through, issue the network parameter of correspondence to described business router.

Wherein, the step being authenticated the request of described platform authentication includes:

Obtain the username and password in the request of described platform authentication；

Username and password in being asked by described platform authentication enters respectively with locally stored username and password Row contrast；

When comparing result is all consistent, then it is judged as that certification is passed through, otherwise, otherwise.

Wherein, also include:

Obtain user name and the password of correspondence and network parameter, and store.

Wherein, also include:

Obtain the user profile of reaching the standard grade that described business router sends, and store.

Wherein, also include:

Obtain the charge information that described business router sends, and store.

Wherein, also include before obtaining the charge information that described business router sends:

Obtain the Intermediate Charging ICH message that described business router sends according to predetermined period, and store.

Present invention also offers a kind of Network processing means, including:

3rd acquisition module, for obtaining the platform authentication request that business router sends；

Authentication module, for being authenticated the request of described platform authentication；

Second issues module, for when certification is passed through, issues the network ginseng of correspondence to described business router Number.

Present invention also offers a kind of platform authentication system, including: above-mentioned Network processing means.

Having the beneficial effect that of the technique scheme of the present invention:

In such scheme, described Network processing method by obtain client request data package, and from Authentication platform obtains the network parameter corresponding with request data package, then network parameter is handed down to client； Achieve the dynamic configuration of User IP, solve in prior art owing to User IP static configuration causes opening industry The problem that business, amendment User IP and user migrate loaded down with trivial details inconvenience.

Accompanying drawing explanation

Fig. 1 is the Network process method step schematic diagram one of the embodiment of the present invention；

Fig. 2 is the Network processing means structural representation one of the embodiment of the present invention；

Fig. 3 is the Network process method step schematic diagram two of the embodiment of the present invention；

Fig. 4 is the Network processing means structural representation two of the embodiment of the present invention；

Fig. 5 is the Network handling process schematic diagram of the embodiment of the present invention.

Detailed description of the invention

For making the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with attached Figure and specific embodiment are described in detail.

The present invention is directed in existing technology owing to User IP static configuration causes activating the service, revising User IP And user migrates loaded down with trivial details inconvenience, and the problem being difficult to realize charging by flow, it is provided that at a kind of Network Reason method, as it is shown in figure 1, include:

Step 11: obtain the request data package of client；

Step 12: obtain the network parameter corresponding with described request data package from authentication platform；

Step 13: described network parameter is handed down to described client.

The described Network processing method of the embodiment of the present invention offer request data package by acquisition client, And obtain the network parameter corresponding with request data package from authentication platform, then network parameter is handed down to visitor Family end；Achieve the dynamic configuration of User IP, solve in prior art owing to User IP static configuration causes Activate the service, revise User IP and problem that user migrates loaded down with trivial details inconvenience.

Wherein, data request packet is equivalent to the DHCP (DHCP) in Fig. 5 and finds message, Radius during authentication platform can use AAA (checking, authorization and accounting) platform in the present embodiment is (remotely Certification dial-in user service, is a kind of network authentication, mandate, charging protocol) certification.

Concrete, the step obtaining the network parameter corresponding with described request data package from authentication platform includes: Obtain locally stored preset password；Generate according to the solicited message in described preset password and request data package Platform authentication is asked；The request of described platform authentication is sent to authentication platform；Receive in certification by rear described The network parameter that authentication platform issues.Wherein, the Radius-access that platform authentication request is equivalent in Fig. 5 please Asking (containing line information), network parameter is equivalent to the Radius-access permission in Fig. 5 (containing ID and use Family attribute).

In order to implement physical certifying, preliminary solve access authentication safety problem, according to described preset password and please The step asking the solicited message generating platform certification in packet to ask includes: by described request data package Line information is assigned to the user name parameter in the platform authentication request to be generated.

Further, described Network processing method also includes: described line information is input to rear number of units According in storehouse.

Concrete, the step that described network parameter is handed down to described client is included: under described client Send out the notice allowing online；Receive the request of the upper network parameters of application that described client sends according to described notice； Described network parameter is issued to described client according to the request of network parameters in described application.Wherein, it is allowed on The DHCP-that the notice of net is equivalent in Fig. 5 authorizes, and in application, the request of network parameters is equivalent in Fig. 5 DHCP-asks, and network parameter herein is equivalent to the DHCP-in Fig. 5 and confirms (configuring containing IP), user Just business of networking can be realized by sending the IP message in Fig. 5 to internet.

In view of transmission path situation farther out, obtain corresponding with described request data package from authentication platform The step of network parameter is particularly as follows: obtain corresponding with described request data package by internet from authentication platform Network parameter.Internet is only forwarding effect.

In order to realize billing operation, when user reaches the standard grade, at the described Network that the embodiment of the present invention provides Reason method also includes: obtain the message of reaching the standard grade of client；Send out to described authentication platform according to described message of reaching the standard grade Serve line user profile.

When user offline, the described Network processing method that the embodiment of the present invention provides also includes: obtain The message that rolls off the production line of client；Charge information is sent to described authentication platform according to the described message that rolls off the production line.

Further, also include before obtaining the message that rolls off the production line of client: according to predetermined period to described certification Platform sends Intermediate Charging ICH message.

In order to solve above-mentioned technical problem, the embodiment of the present invention additionally provides a kind of Network processing means, As in figure 2 it is shown, include:

First acquisition module, for obtaining the request data package of client；

Second acquisition module, for obtaining the network parameter corresponding with described request data package from authentication platform；

First issues module, for described network parameter is handed down to described client.

The described Network processing means of the embodiment of the present invention offer request data package by acquisition client, And obtain the network parameter corresponding with request data package from authentication platform, then network parameter is handed down to visitor Family end；Achieve the dynamic configuration of User IP, solve in prior art owing to User IP static configuration causes Activate the service, revise User IP and problem that user migrates loaded down with trivial details inconvenience.

Concrete, described second acquisition module includes: first obtains submodule, locally stored for obtaining Preset password；Generate submodule, for raw according to the solicited message in described preset password and request data package Become platform authentication request；Send submodule, for sending the request of described platform authentication to authentication platform；The One receives submodule, for receiving the network parameter issued in certification by rear described authentication platform.

In order to implement physical certifying, preliminary solution access authentication safety problem, described generation submodule includes: Process submodule, for the line information in described request data package being assigned to the platform authentication request to be generated In user name parameter.

Further, described Network processing means also includes: input module, for being believed by described circuit Breath is input in background data base.

Concrete, described first issues module includes: first issues submodule, under described client Send out the notice allowing online；Second receives submodule, is used for receiving described client and sends according to described notice The request of the upper network parameters of application；Second issues submodule, for according to the request of network parameters in described application Described network parameter is issued to described client.

In view of transmission path situation farther out, described second acquisition module specifically for: by internet from Authentication platform obtains the network parameter corresponding with described request data package.

In order to realize billing operation, when user reaches the standard grade, at the described Network that the embodiment of the present invention provides Reason device also includes: the 4th acquisition module, for obtaining the message of reaching the standard grade of client；First sending module, For reaching the standard grade described in basis, message sends, to described authentication platform, user profile of reaching the standard grade.

When user offline, the described Network processing means that the embodiment of the present invention provides also includes: the 5th Acquisition module, for obtaining the message that rolls off the production line of client；Second sending module, for according to described lower report from a liner Literary composition sends charge information to described authentication platform.

Further, the described Network processing means that the embodiment of the present invention provides also includes: the 3rd sends Module, before described 5th acquisition module performs operation, sends out to described authentication platform according to predetermined period Send Intermediate Charging ICH message.

In order to solve above-mentioned technical problem, the embodiment of the present invention additionally provides a kind of business router, including: Above-mentioned Network processing means.

Wherein, the described embodiment that realizes of above-mentioned Network processing means is all applicable to this business router In embodiment, also can reach identical technique effect.

In order to solve above-mentioned technical problem, the embodiment of the present invention additionally provides a kind of Network processing method, As it is shown on figure 3, include:

Step 31: obtain the platform authentication request that business router sends；

Step 32: the request of described platform authentication is authenticated；

Step 33: when certification is passed through, issues the network parameter of correspondence to described business router.

The described Network processing method that the embodiment of the present invention provides is by obtaining the flat of business router transmission Platform certification is asked, and is authenticated platform authentication request, and when certification is passed through, it is right to issue to business router The network parameter answered；Coordinate business router to complete the dynamic configuration of User IP, solve in prior art Owing to User IP static configuration causes activating the service, revises User IP and problem that user migrates loaded down with trivial details inconvenience.

Concrete, the step being authenticated the request of described platform authentication includes: obtaining described platform authentication please Username and password in asking；Username and password during described platform authentication is asked and locally stored use Name in an account book and password contrast respectively；When comparing result is all consistent, then it is judged as that certification is passed through, otherwise, Otherwise.

Wherein, password is to be previously stored in business router (by business router Administrator on business road In being configured by device) and authentication platform, it is desirable to it is consistent.On the premise of fully trusting, authentication platform is only Verify user name (line information), do not verify that password is also possible, but this needs authentication platform to make accordingly Setting.Meanwhile, username and password is not to exist in pairs.Password is in the certification policy of router Arranging, a certification policy can only arrange a password, but a certification policy may be multiple user Service, thus multiple user likely can corresponding same password, and password is mainly used for certification, and Charging is unrelated.

Separately, described Network processing method also includes: obtain user name and the password of correspondence and network ginseng Number, and store.

In order to complete billing operation, in case future query or provide the bill of user, the embodiment of the present invention provides Described Network processing method also include: obtain described business router send user profile of reaching the standard grade, And store；Obtain the charge information that described business router sends, and store；And, obtain Before the charge information that described business router sends, obtain what described business router sent according to predetermined period Intermediate Charging ICH message, and store.

In order to solve above-mentioned technical problem, the embodiment of the present invention additionally provides a kind of Network processing means, As shown in Figure 4, including:

3rd acquisition module, for obtaining the platform authentication request that business router sends；

Authentication module, for being authenticated the request of described platform authentication；

Second issues module, for when certification is passed through, issues the network ginseng of correspondence to described business router Number.

The described Network processing means that the embodiment of the present invention provides is by obtaining the flat of business router transmission Platform certification is asked, and is authenticated platform authentication request, and when certification is passed through, it is right to issue to business router The network parameter answered；Coordinate business router to complete the dynamic configuration of User IP, solve in prior art Owing to User IP static configuration causes activating the service, revises User IP and problem that user migrates loaded down with trivial details inconvenience.

Concrete, described authentication module includes: second obtains submodule, and being used for obtaining described platform authentication please Username and password in asking；Contrast submodule, the user name and close in described platform authentication is asked Code contrasts respectively with locally stored username and password；Judge submodule, for equal at comparing result Time consistent, then it is judged as that certification is passed through, otherwise, otherwise.

Separately, described Network processing means also includes: the first processing module, be used for obtaining user name and Corresponding password and network parameter, and store.

In order to complete billing operation, in case future query or provide the bill of user, the embodiment of the present invention provides Described Network processing means also include: the second processing module, be used for obtaining described business router and send out The user profile of reaching the standard grade sent, and store；3rd processing module, is used for obtaining described business router and sends out The charge information sent, and store；Fourth processing module, performs acquisition for described 3rd processing module Before operation, obtain the Intermediate Charging ICH message that described business router sends according to predetermined period, and deposit Storage.

In order to solve above-mentioned technical problem, the embodiment of the present invention additionally provides a kind of platform authentication system, including: Above-mentioned Network processing means.

It should be noted that the described embodiment that realizes of above-mentioned Network processing means is all applicable to this platform In the embodiment of Verification System, also can reach identical technique effect.

The scheme provided inventive embodiments below carries out concrete example explanation.

The demand that in the application, DHCP can meet User IP and relevant information dynamically obtains.It is thus desirable to On common DHCP basis, add Collective qualification, address fixed allocation function.Although DHCP itself is also There is no authentication function, but in the DHCP request message of standard, contain a lot of option (option), logical Crossing option, server it will be seen that (client network device connects and has multiple user eventually dhcp client End) the necessary information of each side and demand.Where it is possible to for the option of certification include option60, option61、option82.Option60 is to be filled in by client oneself, typically reflects terminal or business Type, is equivalent to the P/N (numbering) of equipment, such as windows PC and (runs Microsoft's " form " behaviour Make the PC of system) it is exactly character string " MSFT 5.0 " in the DHCP/option60 that sends；Option61 Also it is to be filled in by client oneself, has generally comprised client sequence number information, be equivalent to the S/N of equipment, often Individual client device is proprietary, such as MAC (hardware) address；Option82 is then by client and SR Between access device (middle access device, the access equipment of operators as in Fig. 5) add, reflection The access physical location of client and path.Additionally also have MAC Address, be also that each client is proprietary, Similar with option61.These option and MAC can serve as the foundation of certification, leads to DHCP With identifying procedure as shown in Figure 5.

Therefore, in order to be sufficiently accurate it may be desired to SR equipment can be by the concerned MAC address in DHCP request message or option Information is taken out, and delivers to AAA (checking, authorization and accounting) platform as the attribute carried in message identifying and makees Certification, after certification is passed through, AAA can authorize to user by issuing association attributes, and such as bandwidth controls, If it is required, IP address can also be issued by aaa authorization, thus ensure that user reaches the standard grade every time and can obtain Fixing IP.

To realize the certification of individual line subscriber, it is also possible to utilize three above option and MAC information as recognizing Card foundation, delivers to AAA platform and goes to make certification.Wherein option60, option61, MAC be all with specifically Terminal be correlated with, once user has changed terminal, is just likely to pass through certification, and these information It is difficult to automatically to gather, if user buys equipment by oneself, the most more cannot acquire in advance.Therefore, For private line service, being unsuitable for using these information to be authenticated, the most remaining last option82 is available.

Option82 is then well suited for for this scene as certification foundation, this is because Option82 be by Between access device add, reflect the situation of physical circuit, and circuit have security physically.It is It is difficult to be palmed off by disabled user.No matter user uses any terminal, as long as the circuit from regulation in advance connects Enter, it is possible to serviced.Therefore, use DHCP+option82 authentication mode, be equivalent to implement Physical certifying, can tentatively solve big customer's access via telephone line certification safety problem.And complete big customer After circuit debugging, the information of circuit is the most it was determined that can be input in background data base.

This programme mainly includes following 2 points:

1, directly option82 value is become authentication username from SR, if middle access device is at DHCP The option82 value inserted in bag is " ZS-YLN-MA5680-1:0/1/1/0:4001.100 ", then SR is DHCP When request is converted into Radius (authentication platform) certification request, with this value as user name, delivers to Radius and go Making certification, authentication request packet example is as follows:

User-Name=" ZS-YLN-MA5680-1:0/1/1/0:4001.100 "

User-Password=" src "

NAS-IP-Address=120.196.32.22

ADSL-Agent-Circuit-Id=" ZS-YLN-MA5680-1:0/1/1/0:4001.100 "

NAS-Port-Type=Ethernet

NAS-Port-Id=" port-1/1/3:4001.100 "

NAS-Identifier=" GDZS-MS-IPMAN-DSJL-SR01-7750 "

Alc-Client-Hardware-Addr=" 3c:97:0e:6a:0b:05 "

Acct-Session-Id=" 4407E20000129651C13210 "

Message description, above often row "=" left side is attribute-name, the right is its value, and each attribute-name implication is such as Under:

User-Name is user name；

User-Password is password；

NAS-IP-Address is the system ip address of SR；

ADSL-Agent-Circuit-Id is line identification, containing access device name, port, vlan information；

NAS-Port-Type is interface type, and Ethernet represents it is Ethernet interface；

NAS-Port-Id is the interface on SR, comprises the corresponding ports on SR, vlan information；

NAS-Identifier is the implementor name of SR；

Alc-Client-Hardware-Addr is the physical address of user, and the MAC Address of user interface；

Acct-Session-Id is the session number of user, SR distribute, unique on SR, along with session is created Build and create, and cancel along with cancelling of session.

Separately, ADSL-Agent-Circuit-Id=therein " ZS-YLN-MA5680-1:0/1/1/0:4001.100 ", ADSL-Agent-Circuit-Id represents a Radius attribute being widely supported, in RFC 4679 Definition, attribute codes is 26-3561-1；Its value " ZS-YLN-MA5680-1:0/1/1/0:4001.100 " then table Show that access device accesses the implementor name of user, port, VLAN.

In order to enable user authentication to pass through, Radius database needs in advance the circuit-id (line of validated user Address, road) add, owing to circuit-id value is according to oneself equipment by OLT (optical line terminal) Name and the access interface of user and vlan information are added, and therefore these information anticipated that in advance. Can also apply for being reported to Radius after private line service success, net dimension personnel distribute port resource for user user Platform also inputs.So, just can pass through certification when the actual connection of user, commence business, Further increase service security.

When for various reasons, having changed SR equipment or SR connects access device port, due to connecing of user Entering equipment not change, option82 or the circuit-id information of DHCP is just not changed in, user Also can be by certification, the most traffic affecting is not properly functioning.

2 so that user obtains fixing IP, can be by AAA platform (using Radius in the present embodiment) Issuing User IP in entitlement message (access-accept), at this moment, SR is actual not by DHCP request Message is forwarded to Dynamic Host Configuration Protocol server, but the IP directly issued by AAA platform is by under DHCP offer Issue user, so SR in fact provides DHCP proxy (agency) function.AAA platform issues Certification acceptance and user's entitlement message are as follows:

Sending Access-Accept of id 113to 10.202.57.158port 46218

Framed-IP-Address=183.238.85.11

Framed-IP-Netmask=255.255.255.240

User-Name=" ShuJuShiONU "

Alc-Subsc-ID-Str=" ShuJuShiONU "

Alc-SLA-Prof-Str=" 10M "

Alc-Default-Router=183.238.85.1

Alc-Primary-Dns=211.136.192.6

Alc-Secondary-Dns=221.179.38.7

Above certification and authorization attribute include User IP, DNS, gateway, bandwidth etc. set information.

Message description, above often row "=" left side is attribute-name, the right is its value, and each attribute-name implication is such as Under:

Framed-IP-Address is the IP address to user's distribution；

Framed-IP-Netmask is the subnet mask of IP address；

User-Name is user name；

Alc-Subsc-ID-Str be SR be the mark that user distributes, unique in SR；

Alc-SLA-Prof-Str is the grade of service mark of user, can control bandwidth and the access rights of user；

Alc-Default-Router is the gateway address of user；

Alc-Primary-Dns is DNS (domain name resolution server) address that user is primary；

Alc-Secondary-Dns is DNS (domain name resolution server) address that user is standby.

For the scheme provided with the embodiment of the present invention, as it is shown in figure 5, this certification, authorization generation Individual line subscriber, it is also possible to carry out charging, when user reaches the standard grade, SR will send accounting-start (meter Expense starts) message, the information of report of user；At user offline (as user's dhcp state is released), SR Accounting-stop (charging stopping) message will be sent, charge information can be reported, as upper and lower in use Row byte number, bag number, and online duration etc..Periodically can also report according to the setting on SR Intermediate Charging ICH message.

Wherein, to Fig. 5 relating to parameter and step is exemplified below:

1, Radius user data:

ZS-YLN-MA5680-1:0/1/1/0:4001.100Auth-Type:=local, User-Password== "src"

Framed-IP-Address=183.238.85.11

Framed-IP-Netmask=255.255.255.240

User-Name=" ShuJuShiONU "

Alc-Default-Router=183.238.85.1

Alc-Primary-Dns=211.136.192.6

Alc-Secondary-Dns=221.179.38.7

Message description, above often row "=" left side is attribute-name, the right is its value, and each attribute-name implication is such as Under:

Framed-IP-Address is the IP address to user's distribution；

Framed-IP-Netmask is the subnet mask of IP address；

User-Name is user name；

Alc-Default-Router is the gateway address of user；

Alc-Primary-Dns is DNS (domain name resolution server) address that user is primary；

Alc-Secondary-Dns is DNS (domain name resolution server) address that user is standby.

2, user's DHCP request message:

instance 1(Base),interface index 122(YLNOLTTest)

received DHCP Boot Request on Interface YLNOLTTest(1/1/3:4001.100)Port 67

H/W Type:Ethernet(10Mb) H/W Address Length:6

ciaddr:0.0.0.0 yiaddr:0.0.0.0

siaddr:0.0.0.0 giaddr:0.0.0.0

chaddr:3c:97:0e:6a:0b:05 xid:0x5554ce4d

DHCP options:

[82] Relay agent information:len=36

[1]Circuit-id:ZS-YLN-MA5680-1:0/1/1/0:4001.100

[2]Remote-id:

[53]Message type:Request

[61]Client id:(hex)013c 970e 6a 0b 05

[50]Requested IP addr:183.238.85.11

[12]Host name:PGZBFAXH

[60]Class id:MSFT 5.0

[55] Param request list:len=12

1 Subnet mask

15 Domain name

3 Router

6 Domain name server

44 NETBIOS name server

46 NETBIOS type

47 NETBIOS scope

31 Router discovery

33 Static route

121 nknown option

Message description, each attribute-name implication is as follows:

Ciaddr: client IP address yiaddr: client intends distributing address

Siaddr: server ip address giaddr: gateway ip address

Chaddr: the session number of guest-physical addresses xid:DHCP

DHCP options:DHCP optional attribute；

[82] Relay agent information:82 option, forwards proxy information；

[1] Circuit-id:1 work song information, circuit identifier；

[2] Remote-id:2 work song information, distal marker；

[53] Message type:53 option, type of message (application information)；

[61] Client id:(hex) No. 61 options, ID；

[50] Requested IP addr:50 option, the IP of user's application；

[12] Host name:12 option, subscriber's main station name；

[60] Class id:60 option, type ID, refer generally to operating system；

[55] Param request list:55 option, parameter application list,

1 Subnet mask:1 represents subnet mask；

15 Domain name:15 represent domain name；

3 Router:3 represent router；

6 Domain name server:6 represent name server；

It is the most defeated that 44 NETBIOS name server:44 represent NETBIOS network

Enter output protocol name server；

46 NETBIOS type:46 represent network basic input and output protocol type；

47 NETBIOS scope:47 represent network basic input and output area covered by agreement；

31 Router discovery:31 represent router and find；

33 Static route:32 represent static routing；

121 nknown option:121 options, unknown option.

The certification that this programme carries out big customer's special line based on line information controls to be that a kind of new big customer's special line is real Existing scheme so that big customer can obtain IP information automatically, becoming big customer's special line static configuration is dynamic creation, And the legitimacy of user can be authenticated and check, and centralized management can be realized, it is every for being not required on SR Individual user makees concrete IP configuration, and therefore management is got up convenient.Meanwhile, by line information is recognized Card, the situation having stopped service theft occurs.

It addition, existing private-line mode carrys out static configuration based on port and VLAN, want to obtain user Data on flows can only use and manually perform order or SNMP (Simple Network Management Protocol) mode on road Read by under the IP interface of device.And this programme can support to utilize RADIUS account technology, business router Can the data on flows of regular report of user in RADIUS message automatically.Business router is by charging message After reporting RADIUS platform, RADIUS platform can be stored in these data in database, in case in the future Inquiry or go out the bill of user, be similar to home broadband business.

It is to say, customer flow can also be reported and charging by this programme flexibly and easily, carry out base In duration and the charging of flow so that individual line subscriber is possibly realized by usage amount charge, even if or using Flat rate system charges, and because of charge information, the business service condition of oneself can be solved more by user Clear, improve Consumer's Experience.

Above-described is the preferred embodiment of the present invention, it should be pointed out that for the ordinary people of the art For Yuan, without departing under principle premise of the present invention, it is also possible to make some improvements and modifications, these Improvements and modifications also should be regarded as protection scope of the present invention.

Claims (19)

1. a Network processing method, it is characterised in that including:

Obtain the request data package of client；

The network parameter corresponding with described request data package is obtained from authentication platform；

Described network parameter is handed down to described client.

2. Network processing method as claimed in claim 1, it is characterised in that obtain from authentication platform The step of the network parameter corresponding with described request data package includes:

Obtain locally stored preset password；

Ask according to the solicited message generating platform certification in described preset password and request data package；

The request of described platform authentication is sent to authentication platform；

Receive the network parameter issued in certification by rear described authentication platform.

3. Network processing method as claimed in claim 2, it is characterised in that according to described default close The step of the solicited message generating platform certification request in code and request data package includes:

Line information in described request data package is assigned to the user name ginseng in the platform authentication request to be generated Number.

4. Network processing method as claimed in claim 3, it is characterised in that also include:

Described line information is input in background data base.

5. Network processing method as claimed in claim 1, it is characterised in that by described network parameter The step being handed down to described client includes:

The notice allowing online is issued to described client；

Receive the request of the upper network parameters of application that described client sends according to described notice；

Described network parameter is issued to described client according to the request of network parameters in described application.

6. Network processing method as claimed in claim 1, it is characterised in that obtain from authentication platform The step of the network parameter corresponding with described request data package particularly as follows:

The network parameter corresponding with described request data package is obtained from authentication platform by internet.

7. Network processing method as claimed in claim 1, it is characterised in that also include:

Obtain the message of reaching the standard grade of client；

Send, to described authentication platform, user profile of reaching the standard grade according to described message of reaching the standard grade.

8. Network processing method as claimed in claim 7, it is characterised in that also include:

Obtain the message that rolls off the production line of client；

Charge information is sent to described authentication platform according to the described message that rolls off the production line.

9. Network processing method as claimed in claim 8, it is characterised in that obtain under client Also include before report from a liner literary composition:

Intermediate Charging ICH message is sent to described authentication platform according to predetermined period.

10. a Network processing means, it is characterised in that including:

First acquisition module, for obtaining the request data package of client；

Second acquisition module, for obtaining the network parameter corresponding with described request data package from authentication platform；

First issues module, for described network parameter is handed down to described client.

11. 1 kinds of business routers, it is characterised in that including: Network as claimed in claim 10 Processing means.

12. 1 kinds of Network processing methods, it is characterised in that including:

Obtain the platform authentication request that business router sends；

The request of described platform authentication is authenticated；

When certification is passed through, issue the network parameter of correspondence to described business router.

13. Network processing methods as claimed in claim 12, it is characterised in that described platform is recognized The step that card request is authenticated includes:

Obtain the username and password in the request of described platform authentication；

Username and password in being asked by described platform authentication enters respectively with locally stored username and password Row contrast；

When comparing result is all consistent, then it is judged as that certification is passed through, otherwise, otherwise.

14. Network processing methods as claimed in claim 12, it is characterised in that also include:

Obtain user name and the password of correspondence and network parameter, and store.

15. Network processing methods as claimed in claim 12, it is characterised in that also include:

Obtain the user profile of reaching the standard grade that described business router sends, and store.

16. Network processing methods as claimed in claim 15, it is characterised in that also include:

Obtain the charge information that described business router sends, and store.

17. Network processing methods as claimed in claim 16, it is characterised in that obtain described business Also include before the charge information that router sends:

Obtain the Intermediate Charging ICH message that described business router sends according to predetermined period, and store.

18. 1 kinds of Network processing meanss, it is characterised in that including:

3rd acquisition module, for obtaining the platform authentication request that business router sends；

Authentication module, for being authenticated the request of described platform authentication；

Second issues module, for when certification is passed through, issues the network ginseng of correspondence to described business router Number.

19. 1 kinds of platform authentication systems, it is characterised in that including: network industry as claimed in claim 18 Business processing means.