CN110493057B - Wireless access equipment and forwarding control method thereof - Google Patents

Wireless access equipment and forwarding control method thereof Download PDF

Info

Publication number
CN110493057B
CN110493057B CN201910790077.6A CN201910790077A CN110493057B CN 110493057 B CN110493057 B CN 110493057B CN 201910790077 A CN201910790077 A CN 201910790077A CN 110493057 B CN110493057 B CN 110493057B
Authority
CN
China
Prior art keywords
interface
strategy
message
binding
forwarding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910790077.6A
Other languages
Chinese (zh)
Other versions
CN110493057A (en
Inventor
黄川�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maipu Communication Technology Co Ltd
Original Assignee
Maipu Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maipu Communication Technology Co Ltd filed Critical Maipu Communication Technology Co Ltd
Priority to CN201910790077.6A priority Critical patent/CN110493057B/en
Publication of CN110493057A publication Critical patent/CN110493057A/en
Application granted granted Critical
Publication of CN110493057B publication Critical patent/CN110493057B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the field of wireless data communication, and discloses a wireless access device and a forwarding control method thereof, which can reduce the configuration quantity of APs under the scene of separation of internal and external networks and realize that terminals associated with radio frequency under the same wireless access point device can access different networks. The access device includes: the strategy configuration module is used for acquiring and analyzing the radio frequency binding information of the wireless access equipment configured by the user and configuring the analyzed radio frequency binding information to the strategy control module; the strategy control module is used for generating a corresponding binding strategy according to the radio frequency binding information configured by the user, providing interfaces for adding, deleting and displaying the strategy for upper-layer application, carrying out binding strategy check according to an outlet interface and an inlet interface of the message and transmitting the check result to the forwarding module; and the forwarding module is used for forwarding the message which accords with the binding strategy according to the checking result of the strategy control module and discarding the message which does not accord with the binding strategy.

Description

Wireless access equipment and forwarding control method thereof
Technical Field
The invention relates to the field of wireless data communication, in particular to wireless access equipment and a forwarding control method thereof.
Background
In the whole network topology of the internet +, for a wireless Access Point (AP for short), the terminal itself has a 2G and/or 5G radio frequency module, and the terminal can perform related operations such as Access, transmission and the like through a wireless signal sent by the radio frequency module; the data message is finally sent to an upper network through a wired interface through an embedded distributed system of the AP, and finally the function of interaction between the wireless terminal and the upper network is realized.
In a network scene with separated internal and external networks, a wireless terminal interacts data with an uplink network through an AP, the wireless terminal can always interact with an opposite terminal only through an uplink network outlet of the currently associated AP, and the wireless terminal can only perform configuration operation through other APs when needing to use another network. As shown in fig. 1, since a current AP cannot support multiple network uplinks, in an intranet and extranet scenario, multiple APs need to cooperate together, which is costly.
For an AP that supports multiple ethernet ports, when dual-port uplink is adopted, a typical logical interface inside the AP is shown in fig. 2. After the terminal associates with the AP through the ath0 interface, the terminal first obtains an IP address through a DHCP discovery message, which is a broadcast message, and according to the principle of two-layer switching, the message is sent to eth0.10 and eth1.10, so both the internal and external networks can receive the message. If the internal and external networks both have the same vlan10 DHCP server, both the servers will respond and feed back a DHCP offer message to the terminal, and the terminal finally selects which DHCP server after receiving the two offer messages cannot be determined. Even if the terminal selects the correct network, the broadcast message sent by the terminal is broadcast to another network, and similarly, the broadcast message from other networks is received by the terminal, so that the information data security risk exists.
In summary, the prior art solutions have the following drawbacks: 1. a plurality of APs need to be arranged in the separation scene of the internal network and the external network, so that the cost is high; 2. for an AP supporting dual Ethernet interfaces, the use of users is influenced by broadcast messages and networking constraints, all terminal users of radio frequency under the current AP can only be accessed into one network, and users of different radio frequencies cannot be accessed into different network environments.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: a wireless access device and a forwarding control method thereof are provided, which reduce the configuration quantity of APs in a scene of separation of internal and external networks and realize that terminals associated with radio frequency under the same wireless access point device can access different networks.
To solve the foregoing technical problem, in one aspect, an embodiment of the present invention provides a wireless access device, where the wireless access device has at least two ethernet interfaces, and the at least two ethernet interfaces are used for accessing different networks; the wireless access device includes: the system comprises a strategy configuration module, a strategy control module and a forwarding module;
the strategy configuration module is used for acquiring and analyzing the radio frequency binding information of the wireless access equipment configured by the user and configuring the analyzed radio frequency binding information to the strategy control module;
the strategy control module is used for generating a corresponding binding strategy according to the radio frequency binding information configured by the user, carrying out binding strategy check according to the outgoing interface and the incoming interface of the message and transmitting the check result to the forwarding module;
the forwarding module is used for providing the information of an interface for entering and an interface for exiting the message to the strategy control module through the strategy checking interface provided by the strategy control module, forwarding the message which accords with the binding strategy according to the checking result of the strategy control module, and discarding the message which does not accord with the binding strategy.
As a further optimization, the policy control module is an independent module in the kernel of the wireless access device, and is loaded when the radio frequency binding function is started and unloaded when the radio frequency binding function is closed.
As a further optimization, the strategy control module comprises a strategy configuration maintenance submodule and a strategy control module, wherein the strategy configuration maintenance submodule is used for generating a corresponding strategy according to radio frequency binding information configured by a user and providing an ioctl interface for adding, deleting and displaying the strategy for upper-layer application;
and the strategy checking submodule is used for carrying out binding strategy checking according to the outgoing interface and the incoming interface of the message and transmitting the checking result to the forwarding module through the strategy checking interface.
As a further optimization, the forwarding module comprises a fast forwarding decision sub-module and a bridge forwarding sub-module,
the fast forwarding judging submodule is used for judging whether the downlink message accords with a fast forwarding rule or not, determining an outgoing interface of the message according to the fast forwarding table for the downlink message which accords with the fast forwarding rule, providing information of the incoming interface and the outgoing interface of the message to the strategy control module through a strategy checking interface provided by the strategy control module, and submitting the downlink message which does not accord with the fast forwarding rule to the bridge forwarding module;
the bridge forwarding submodule is used for determining an outgoing interface of a message for an uplink message or a downlink message entering a bridge according to a bridge forwarding table, providing incoming interface and outgoing interface information of the message for the policy control module through a policy check interface provided by the policy control module, forwarding the message conforming to the binding policy according to a check result of the policy control module, and discarding the message not conforming to the binding policy.
As a further optimization, the at least two ethernet interfaces include a first ethernet interface and a second ethernet interface, and the first ethernet interface and the second ethernet interface are respectively connected to different networks; the wireless access equipment supports a first radio frequency and a second radio frequency; the strategy control module stores radio frequency binding information configured by a user through strategy table grouping, and interfaces under the interface types with the same group value have a radio frequency binding relationship;
the interface types at least include: a first Ethernet interface class, a second Ethernet interface class, a first radio frequency class and a second radio frequency class; wherein the content of the first and second substances,
the first Ethernet interface class comprises a first Ethernet interface and uplink vlan equipment which establishes connection with the first Ethernet interface;
the second Ethernet interface class comprises a second Ethernet interface and uplink vlan equipment which establishes connection with the second Ethernet interface;
the first radio frequency class comprises terminal equipment which is associated with the wireless access equipment through a first radio frequency;
as a further optimization, the policy configuration module is specifically configured to obtain the configuration packet from the application layer and analyze the radio frequency binding information, generate a group value of each interface type, then load the policy control module, and configure the group value of each interface type to the policy control module.
As a further optimization, the policy checking sub-module is specifically configured to, according to the name matching of the outgoing interface and the incoming interface of the packet, match the corresponding interface type, check whether the outgoing interface and the incoming interface conform to the binding policy according to the group value of the interface type, and transmit the check result to the forwarding module through the policy checking interface.
On the other hand, an embodiment of the present invention further provides a forwarding control method for the wireless access device, including:
the wireless access equipment judges the sending direction of the message after receiving the message, if the message is an uplink message, the wireless access equipment carries out binding strategy check on an outgoing interface and an incoming interface of the message before a bridge forwarding module forwards the message, forwards the message which accords with the binding strategy, and discards the message which does not accord with the binding strategy;
if the message is a downlink message, firstly judging whether the downlink message conforms to a fast forwarding rule, and for the downlink message conforming to the fast forwarding rule, before fast forwarding, performing binding policy check on an outgoing interface and an incoming interface of the message, forwarding the message conforming to the binding policy, and discarding the message not conforming to the binding policy;
and for the downlink message which does not accord with the rapid forwarding rule, the bridge forwarding module is used for forwarding, before the bridge forwarding module forwards the downlink message, the bridge forwarding module is used for checking the binding strategy of the outgoing interface and the incoming interface of the downlink message, forwarding the downlink message which accords with the binding strategy, and discarding the downlink message which does not accord with the binding strategy.
As a further optimization, the performing of the binding policy check on the outgoing interface and the incoming interface of the packet specifically includes:
determining the interface types of the interface and the input interface according to the names of the output interface and the input interface of the message, and checking whether the output interface and the input interface accord with the binding strategy according to the group values of the interface types of the output interface and the input interface in the strategy table.
As a further optimization, the checking whether the outbound interface and the inbound interface conform to the binding policy according to the group value of the interface type of the outbound interface and the inbound interface in the policy table specifically includes:
and performing AND operation on the group value of the interface type of the outgoing interface and the group value of the interface type of the incoming interface, if the operation result is 0, judging that the interface and the incoming interface do not accord with the binding strategy, and if the operation result is not 0, judging that the interface and the incoming interface accord with the binding strategy.
The invention has the beneficial effects that: the terminal of the wireless access point can check whether the binding rule is met or not according to the binding rule of the wireless access point radio frequency through a policy check function, the message which meets the rule is released, and the message which does not meet the rule is discarded. Therefore, the terminal under different radio frequencies in one wireless access point device can be effectively and physically separated according to the binding rule, two or more Ethernet ports can be simultaneously used as uplink interfaces, different radio frequency users can be respectively accessed to different networks, and multi-network deployment can be realized only through one AP, so that the AP deployment cost is reduced, and the method is suitable for a scene of separation of internal and external networks and a multi-subnet deployment scene.
Drawings
Fig. 1 is a networking topology structure diagram in an internal and external network scene in the prior art;
fig. 2 is a diagram of logical interfaces inside an AP when dual network ports are used for uplink in the prior art;
FIG. 3 is a diagram of a networking topology structure under internal and external scenarios in the solution of the present invention;
fig. 4 is a block diagram of a wireless access device according to the present invention.
Detailed Description
The invention aims to provide wireless access equipment and a forwarding control method thereof, which can reduce the configuration quantity of APs under the scene of separation of internal and external networks and realize that terminals related to radio frequency under the same wireless access point equipment can access different networks.
In order to reduce the configuration number of APs in a scenario of separating an internal network from an external network, the wireless access device of the present invention supports at least 2 ethernet interfaces as uplink interfaces in hardware design, and in a scenario of isolating the internal network from the external network, as shown in fig. 3, the first ethernet interface and the second ethernet interface can be respectively accessed to the internal network and the external network, and the supported first radio frequency (2G) and the supported second radio frequency (5G) can be respectively bound to one ethernet interface, so that users accessing different radio frequencies can respectively access different networks.
To realize the internal and external network isolation, firstly, the radio frequency binding of the outgoing interface and the incoming interface needs to be carried out, and in addition, policy control is added in the forwarding process, namely whether the outgoing interface of the message accords with the binding rule of the incoming interface is checked at a certain check point in the message forwarding process, if so, the forwarding is allowed, and if not, the outgoing interface is not sent to the outgoing interface.
Based on the above principle, the wireless access device in the present invention is shown in fig. 4, and includes: the system comprises a strategy configuration module, a strategy control module and a forwarding module;
the strategy configuration module is used for acquiring and analyzing the radio frequency binding information of the wireless access equipment configured by the user and configuring the analyzed radio frequency binding information to the strategy control module;
the strategy control module is used for generating a corresponding binding strategy according to the radio frequency binding information configured by the user, carrying out binding strategy check according to the outgoing interface and the incoming interface of the message and transmitting the check result to the forwarding module;
the forwarding module is used for calling the strategy control module through a strategy checking interface provided by the strategy control module, providing the information of an input interface and an output interface of the message to the strategy control module, forwarding the message which accords with the binding strategy according to the checking result of the strategy control module, and discarding the message which does not accord with the binding strategy.
In the embodiment of the invention, after configuring the radio frequency binding information, a strategy configuration module at an application layer analyzes the configured radio frequency binding information, the analyzed radio frequency binding information is sent to a strategy control module in a kernel, a corresponding binding strategy is generated and maintained by the strategy control module, and the radio frequency binding strategy is obtained by calling an inspection interface provided by the strategy control module when equipment performs bridge forwarding, so that an outgoing interface and an incoming interface of a message are inspected, and whether the binding strategy is met is inspected.
In the embodiment of the invention, the strategy control module comprises a strategy configuration maintenance sub-module and a strategy checking sub-module;
the strategy configuration maintenance submodule is used for generating a corresponding strategy according to the radio frequency binding information configured by the user and providing an ioctl interface for adding, deleting and displaying the strategy for the upper-layer application;
and the strategy checking submodule is used for carrying out binding strategy checking according to the outgoing interface and the incoming interface of the message and transmitting the checking result to the forwarding module through the strategy checking interface.
Example (b):
the AP comprises dual Ethernet interfaces eth0 and eth1 as uplink interfaces, wherein eth0 and eth1 are respectively connected with different networks; and the AP supports the first radio frequency and the second radio frequency as radio1 and radio2, respectively, as an example, the forwarding control implementation scheme in this embodiment involves the following parts:
1. radio frequency binding:
the radio frequency binding in this embodiment relates to 4 interface types, including: eth0, eth1, radio1 and radio 2;
the eth0 type comprises eth0 and upstream vlan equipment connected with eth 0;
the eth1 type comprises eth1 and upstream vlan equipment connected with eth 1;
the radio1 class includes terminal devices associated with the AP by radio frequency 1;
the radio2 class includes terminal devices that associate with an AP over radio 2.
In the embodiment of the present invention, if an AP includes more than two ethernet interfaces, such as ethernet interfaces eth2 and eth3, the AP may be categorized into different interface types according to different networks connected thereto, for example, eth2 and eth0 are connected to the same network, and eth2 is also categorized into eth 0; if eth3 and eth1 are connected to the same network, then eth3 is also classified as eth1. Since all the vlans support the same binding relationship, the policy control module only needs to store one policy table for recording the binding relationship between the 4 interface types, and does not need to record one table for each vlan.
The policy table describes the transmission rules of various interface types, specifically "which interface types are allowed to go out when a packet enters from one interface type". For this purpose, the present invention uses group (group) to classify the policy table and records the group value (group value) of each interface type, the group value is a 32-bit integer value, each bit (bit) of the group value represents a group, and there are 32 groups at most. Assuming that the interface types corresponding to eth0.9 and ath0101 are added to the group represented by bit 0, then there is a binding policy rule: the incoming message from eth0.9 may be sent from ath0101, and the incoming message from ath0101 may also be sent from eth 0.9.
The current design uses 4 groups, which are group _ r1, group _ r2, group _ ether and group _ wlan respectively; the group _ r1 describes the binding relationship of the radio frequency 1, the group _ r2 describes the binding relationship of the radio frequency 2, the group _ ether describes the binding relationship between the ethernet ports, and the group _ wlan describes the binding relationship between the terminal devices.
The configuration is divided into 4 configuration conditions according to different radio frequency binding configurations, and the detailed policy tables of each configuration are shown in tables 1 to 4
Table 1: radio frequency 1 bonding eth0, radio frequency 2 bonding eth1
Figure BDA0002179288020000061
Table 2: RF 1 bound eth0, RF 2 unbound
Figure BDA0002179288020000062
Table 3: radio frequency 1 bonding eth0, radio frequency 2 bonding eth0
Figure BDA0002179288020000063
Table 4.: RF 1 unbound and RF 2 unbound
Figure BDA0002179288020000064
2. Policy configuration:
after configuring radio frequency binding information, a strategy configuration module at an application layer analyzes the configured radio frequency binding information and configures the radio frequency binding information to a strategy control module, the strategy configuration module generates group values (group values) of 4 interface types after analyzing configuration messages to acquire the radio frequency binding configuration information, and configures the group values to the strategy control module after loading the strategy control module of a kernel.
The specific configuration function processing flow is as follows: after the configuration message is analyzed to obtain the configuration information of radio frequency binding, if the two radio frequencies are found to close the binding function, the strategy control module is unloaded, otherwise, group values of 4 interface types are generated according to the configuration information, the group values are configured to the strategy control module after the strategy control module of the kernel is loaded, and then the configuration result is returned.
3. Management and isolation:
when dual ethernet interfaces are used for uplink in a scenario of separation of internal and external networks, a management frame of an AP needs to be bound to an eth0 interface, so as to avoid network connection from the AP to an eth1. The binding policy check is performed by the forwarding module using the management isolation function, and the forwarding module is embedded in the cable drive, and the forwarding module can conveniently identify the message sent from the management port (which is the br1 by default) and the message sent to the management port. When a message enters a forwarding module, if the vlan tag of the message is determined to be the management vlan and the source MAC address is the MAC address of the AP, the binding strategies of the outgoing interface and the incoming interface of the message are checked, the message which accords with the binding strategies is subjected to capwap encapsulation and is forwarded, and the message which does not accord with the binding strategies is discarded.
The principle of management isolation of the AP receiving direction is as follows: when a message enters a forwarding module, capwap decapsulation is firstly carried out on the message and a default vlan tag is added, if the vlan tag of the message is determined to be a management vlan and the destination MAC address is the MAC address of the AP, the binding strategy of the outgoing interface and the incoming interface of the message is checked, and the check is passed and then submitted to a protocol stack for processing.
The policy control module is responsible for maintaining the configuration required by management isolation, including the isolation switch and the bound interface type, and simultaneously provides a check interface for management isolation for the forwarding module to call. After the radio frequency binding is started, the management isolation function is also started by default, and an eth0 interface is bound by default.
The function processing flow of the management isolation function is as follows: under the condition that management isolation is not started, the default message conforms to the management isolation rule, under the condition that the management isolation is started, according to the direction of the message, if the message is in the AP sending direction, whether the interface type of the outgoing interface of the message conforms to the bound interface type set of the management interface is identified, if so, the outgoing interface of the message is returned to conform to the management isolation rule, and if not, the outgoing interface of the message does not conform to the management isolation rule; and similarly, according to the direction of the message, if the message is in the AP receiving direction, identifying whether the interface type of the incoming interface of the message conforms to the bound interface type set of the management interface.
4. Policy checking
For the uplink message, because the message is forwarded by the forwarding module through the bridge, an incoming interface and an outgoing interface of the message can be obtained at the forwarding point of the bridge forwarding, so that the incoming interface and the outgoing interface can be transmitted into the inspection interface provided by the policy control module, and an inspection result can be obtained; after the message enters the bridge, the strategy is checked at the forwarding point by calling the checking interface of the strategy control module.
The processing flow of the forwarding point of the forwarding module comprises the following steps: after the message enters the bridge, at the forwarding point of the forwarding module, determining an outgoing interface of the message according to the bridge forwarding table, then carrying out binding strategy check on the outgoing interface and the incoming interface of the message, if the outgoing interface and the incoming interface of the message accord with the binding strategy, carrying out message bridge exit, and if the outgoing interface and the incoming interface do not accord with the binding strategy, discarding the message.
For the downlink message, because a fast forwarding function is introduced, there are two check points, which are respectively at the fast forwarding decision point and the forwarding point forwarded by the forwarding module, i.e. the corresponding fast forwarding decision sub-module and the bridge forwarding sub-module.
The processing flow of the fast turn judgment submodule comprises the following steps: firstly, checking whether the message meets the condition of fast forwarding, if so, searching a fast forwarding table, acquiring an outgoing interface of the message, then calling a checking interface of a policy control module to check a binding policy of the outgoing interface and the incoming interface of the message, and if so, directly sending the message from a wired drive to a wireless drive; if the message does not conform to the binding strategy, the message is discarded.
If the message does not accord with the fast forwarding condition, the message needs to enter the bridge after being processed by the 802.1Q protocol, and a check interface of the strategy control module is called at the forwarding point forwarded by the forwarding submodule to check the binding strategy of the outgoing interface and the incoming interface of the message. In the checking process of the binding strategy, the forwarding submodule firstly identifies the interface types of an input interface and an output interface of a message, if the identification fails, the binding strategy is met by default, if the identification succeeds, the group vlue of the input interface and the output interface is searched in a strategy table, then the group vlue of the input interface and the group vlue of the output interface are subjected to AND operation, if the result of the AND operation is 0, the binding strategy is judged to be met, and if the result of the AND operation is not 0, the binding strategy is judged not to be met.

Claims (10)

1. A wireless access device having at least two ethernet interfaces for accessing different networks; the wireless access device includes: the system comprises a strategy configuration module, a strategy control module and a forwarding module;
the strategy configuration module is used for acquiring and analyzing the radio frequency binding information of the wireless access equipment configured by the user and configuring the analyzed radio frequency binding information to the strategy control module;
the strategy control module is used for generating a corresponding binding strategy according to the radio frequency binding information configured by the user, carrying out binding strategy check according to the outgoing interface and the incoming interface of the message and transmitting the check result to the forwarding module;
the forwarding module is used for providing the input interface and the output interface information of the message to the strategy control module through the strategy checking interface provided by the strategy control module, forwarding the message which accords with the binding strategy according to the checking result of the strategy control module, and discarding the message which does not accord with the binding strategy.
2. The wireless access device of claim 1, wherein the policy control module is a separate module in a kernel of the wireless access device, and is loaded when the radio frequency binding function is turned on and unloaded when the radio frequency binding function is turned off.
3. The wireless access device of claim 1, wherein the policy control module comprises:
the strategy configuration maintenance submodule is used for generating a corresponding strategy according to the radio frequency binding information configured by the user and providing an ioctl interface for adding, deleting and displaying the strategy for the upper-layer application;
and the strategy checking submodule is used for carrying out binding strategy checking according to the outgoing interface and the incoming interface of the message and transmitting the checking result to the forwarding module through the strategy checking interface.
4. The wireless access device of claim 1, wherein the forwarding module includes a fast turn decision sub-module and a bridge forwarding sub-module,
the fast forwarding judging submodule is used for judging whether the downlink message accords with a fast forwarding rule or not, determining an outgoing interface of the message according to the fast forwarding table for the downlink message which accords with the fast forwarding rule, providing information of an incoming interface and an outgoing interface of the message to the strategy control module through a strategy checking interface provided by the strategy control module, and submitting the downlink message which does not accord with the fast forwarding rule to the bridge forwarding submodule;
the bridge forwarding sub-module is used for determining an outgoing interface of a message for an uplink message or a downlink message entering a bridge according to a bridge forwarding table, providing incoming interface and outgoing interface information of the message for the policy control module through a policy check interface provided by the policy control module, forwarding the message conforming to the binding policy according to a check result of the policy control module, and discarding the message not conforming to the binding policy.
5. The wireless access device of claim 1, wherein the at least two ethernet interfaces include a first ethernet interface and a second ethernet interface, the first ethernet interface and the second ethernet interface respectively connecting to different networks; the wireless access equipment supports a first radio frequency and a second radio frequency; the strategy control module stores radio frequency binding information configured by a user through strategy table grouping, and interfaces under the interface types with the same group value have a radio frequency binding relationship;
the interface types at least include: a first Ethernet interface class, a second Ethernet interface class, a first radio frequency class and a second radio frequency class; wherein the content of the first and second substances,
the first Ethernet interface class comprises a first Ethernet interface and uplink vlan equipment which establishes connection with the first Ethernet interface;
the second Ethernet interface class comprises a second Ethernet interface and uplink vlan equipment which establishes connection with the second Ethernet interface;
the first radio frequency class comprises terminal equipment which is associated with the wireless access equipment through a first radio frequency;
the second radio frequency class includes terminal devices associated with the wireless access device by a second radio frequency.
6. The wireless access device of claim 5, wherein the policy configuration module is specifically configured to obtain the configuration packet from the application layer and parse out the radio frequency binding information, generate a group value for each interface type, then load the policy control module, and configure the group value for each interface type to the policy control module.
7. The wireless access device of claim 5, wherein the policy checking sub-module is specifically configured to, according to the name matching of the outgoing interface and the incoming interface of the packet, check whether the outgoing interface and the incoming interface conform to the binding policy according to the group value of the interface type, and transmit the check result to the forwarding module through the policy checking interface.
8. The forwarding control method of the wireless access device, applied to the wireless access device according to any one of claims 1 to 7, includes:
the wireless access equipment judges the sending direction of the message after receiving the message, if the message is an uplink message, the wireless access equipment carries out binding strategy check on an outgoing interface and an incoming interface of the message before a bridge forwarding module forwards the message, forwards the message which accords with the binding strategy, and discards the message which does not accord with the binding strategy;
if the message is a downlink message, firstly judging whether the downlink message conforms to a fast forwarding rule, and for the downlink message conforming to the fast forwarding rule, before fast forwarding, performing binding policy check on an outgoing interface and an incoming interface of the message, forwarding the message conforming to the binding policy, and discarding the message not conforming to the binding policy;
and for the downlink message which does not accord with the rapid forwarding rule, the bridge forwarding module is used for forwarding, before the bridge forwarding module forwards the downlink message, the bridge forwarding module is used for checking the binding strategy of the outgoing interface and the incoming interface of the downlink message, forwarding the downlink message which accords with the binding strategy, and discarding the downlink message which does not accord with the binding strategy.
9. The forwarding control method of wireless access equipment according to claim 8, wherein the performing of the binding policy check on the outgoing interface and the incoming interface of the packet specifically includes:
determining the interface types of the interface and the input interface according to the names of the output interface and the input interface of the message, and checking whether the output interface and the input interface accord with the binding strategy according to the group values of the interface types of the output interface and the input interface in the strategy table.
10. The forwarding control method of wireless access equipment according to claim 9, wherein said checking whether the outbound interface and the inbound interface conform to the binding policy according to the group value of the interface type of the outbound interface and the inbound interface in the policy table specifically comprises:
and performing AND operation on the group value of the interface type of the outgoing interface and the group value of the interface type of the incoming interface, if the operation result is 0, judging that the interface and the incoming interface do not accord with the binding strategy, and if the operation result is not 0, judging that the interface and the incoming interface accord with the binding strategy.
CN201910790077.6A 2019-08-26 2019-08-26 Wireless access equipment and forwarding control method thereof Active CN110493057B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910790077.6A CN110493057B (en) 2019-08-26 2019-08-26 Wireless access equipment and forwarding control method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910790077.6A CN110493057B (en) 2019-08-26 2019-08-26 Wireless access equipment and forwarding control method thereof

Publications (2)

Publication Number Publication Date
CN110493057A CN110493057A (en) 2019-11-22
CN110493057B true CN110493057B (en) 2022-01-28

Family

ID=68554077

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910790077.6A Active CN110493057B (en) 2019-08-26 2019-08-26 Wireless access equipment and forwarding control method thereof

Country Status (1)

Country Link
CN (1) CN110493057B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111800344A (en) * 2020-07-08 2020-10-20 深圳市共进电子股份有限公司 Data forwarding method and device, router and readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753640A (en) * 2009-12-28 2010-06-23 电子科技大学 Multi-interface fusion method of communication node
CN202406138U (en) * 2011-12-21 2012-08-29 北京鹏博佳讯信息技术有限公司 Network connecting device for connecting remote synchronous digital system with intranet
CN103313350A (en) * 2013-06-24 2013-09-18 京信通信技术(广州)有限公司 Dual-frequency network access method and device, and access point equipment
CN107182080A (en) * 2017-06-16 2017-09-19 锐捷网络股份有限公司 A kind of method and apparatus of the speed of adaptive configuration in a wireless local area network
CN107370842A (en) * 2017-08-20 2017-11-21 中国人民解放军理工大学 The distribution of multiplex roles address and routing policy based on isomery wave point
CN108347351A (en) * 2018-01-26 2018-07-31 广州视源电子科技股份有限公司 The method, apparatus and system of equipment Dual-Ethernet card compatibility

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7613160B2 (en) * 2002-12-24 2009-11-03 Intel Corporation Method and apparatus to establish communication with wireless communication networks
US9743450B2 (en) * 2014-09-05 2017-08-22 Apple Inc. Learned dual band WiFi network association method
US10278230B2 (en) * 2016-08-24 2019-04-30 Google Llc Methods, systems, and media for managing network connections

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753640A (en) * 2009-12-28 2010-06-23 电子科技大学 Multi-interface fusion method of communication node
CN202406138U (en) * 2011-12-21 2012-08-29 北京鹏博佳讯信息技术有限公司 Network connecting device for connecting remote synchronous digital system with intranet
CN103313350A (en) * 2013-06-24 2013-09-18 京信通信技术(广州)有限公司 Dual-frequency network access method and device, and access point equipment
CN107182080A (en) * 2017-06-16 2017-09-19 锐捷网络股份有限公司 A kind of method and apparatus of the speed of adaptive configuration in a wireless local area network
CN107370842A (en) * 2017-08-20 2017-11-21 中国人民解放军理工大学 The distribution of multiplex roles address and routing policy based on isomery wave point
CN108347351A (en) * 2018-01-26 2018-07-31 广州视源电子科技股份有限公司 The method, apparatus and system of equipment Dual-Ethernet card compatibility

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"How to build a Campus Netwrok using TP-LINK products";佚名;《https://www.tp-link.com/uk/support/faq/1218/》;20160825;全文 *
"Internet,Intranets and Extranets in Organization: An Integrative Literature Review";Mahmoud Moussa;《SIU Journal of Management》;20160630;全文 *
"利用双网卡+路由器实现内网外网互联";佚名;《www.cpplog.com/yehao/articles/162379.html》;20111219;全文 *
"双网卡汇聚详细图文教程";佚名;《https://wenku.baidu.com/view/885c76310a1c59eef8c75fbfc77da26925c59695.html》;20180927;全文 *

Also Published As

Publication number Publication date
CN110493057A (en) 2019-11-22

Similar Documents

Publication Publication Date Title
US7460542B2 (en) Tagging rules for hybrid ports
US9729441B2 (en) Service function bundling for service function chains
EP2725749B1 (en) Method, apparatus and system for processing service flow
CN101573913B (en) Method and apparatus for improved multicast routing
CN100525237C (en) Data transferring system, method and network transferring apparatus
CN106685827B (en) Downlink message forwarding method and AP (access point) equipment
US8527674B2 (en) Data packet switching
CN109510785B (en) Method and device for mirroring message
CN110855568B (en) Message forwarding method and system
CN109639552B (en) Three-layer forwarding method and device
US20110110372A1 (en) Systems and methods to perform hybrid switching and routing functions
CN110932992A (en) Load balancing communication method based on tunnel mode
US7394810B2 (en) Layer 2 switch and method of processing expansion VLAN tag of layer 2 frame
CN110493057B (en) Wireless access equipment and forwarding control method thereof
US20040001513A1 (en) Network element, and associated method, for facilitating communication of data between elemental devices
EP1756719B1 (en) Data communication system, router and method for routing data
CN110995744B (en) Message transmission method and device, software defined network switch and storage medium
CN100435544C (en) Modem system and collector for transmission routes with different characteristics
US20230336377A1 (en) Packet forwarding method and apparatus, and network system
CN112367263A (en) Multicast data message forwarding method and equipment
US9240898B1 (en) Integrating VLAN-unaware devices into VLAN-enabled networks
US20060126643A1 (en) Subscriber loop remote control apparatus, subscriber loop remote control method, and subscriber loop remote control program
WO2003073283A1 (en) System and method for routing a cross segments of a network switch
CN107094113B (en) Standard mobile terminal data forwarding system and method under wireless multi-hop topological network
US9008083B2 (en) Network intermediate apparatus and method for ubiquitous network and ubiquitous network system using the intermediary apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant