CN111478788B - Abnormal offline recovery method, device and equipment and machine-readable storage medium - Google Patents

Abnormal offline recovery method, device and equipment and machine-readable storage medium Download PDF

Info

Publication number
CN111478788B
CN111478788B CN202010132941.6A CN202010132941A CN111478788B CN 111478788 B CN111478788 B CN 111478788B CN 202010132941 A CN202010132941 A CN 202010132941A CN 111478788 B CN111478788 B CN 111478788B
Authority
CN
China
Prior art keywords
abnormal
user
ipoe
message
table entry
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010132941.6A
Other languages
Chinese (zh)
Other versions
CN111478788A (en
Inventor
王阳
廖以顺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN202010132941.6A priority Critical patent/CN111478788B/en
Publication of CN111478788A publication Critical patent/CN111478788A/en
Application granted granted Critical
Publication of CN111478788B publication Critical patent/CN111478788B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • H04L12/2869Operational details of access network equipments
    • H04L12/287Remote access server, e.g. BRAS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method, a device, equipment and a machine readable storage medium for recovering abnormal offline, wherein the method comprises the steps of obtaining abnormal user information and recovering the abnormal user to an IPOE user table, wherein the domain name information of a table entry corresponding to the abnormal user is a default abnormal domain; according to the IPOE user table, providing network service for the abnormal users of the default abnormal domain for the domain name information of the corresponding table entry; receiving a renewal message sent by an abnormal user, setting the aging time of the table entry corresponding to the abnormal user in the IPOE user table according to the renewal message, and aging the table entry when the aging time of the table entry corresponding to the abnormal user in the IPOE user table is zero, so that the renewal of the abnormal user fails in the current renewal period. By the technical scheme, the network service can be continuously provided for the user after the user is abnormally off-line and the network is recovered, and the problem of service cutoff caused by network obstruction before the user is re-authenticated after the user is abnormally off-line is solved.

Description

Abnormal offline recovery method, device and equipment and machine-readable storage medium
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a machine-readable storage medium for recovering an abnormal offline.
Background
DHCP (Dynamic Host Configuration Protocol) is a network Protocol of a local area network, and means that a server controls an ip (Internet Protocol) address range, and a client can automatically obtain an ip address and a subnet mask allocated by the server when logging in the server.
The BRAS (Broadband Remote Access Server) is a novel Access gateway facing Broadband Network application, is located at an edge layer of a backbone Network, can complete data Access of an IP/ATM (Asynchronous Transfer Mode) Network of a user bandwidth, and can implement Broadband Internet Access of a terminal, IP VPN (Virtual Private Network) Service based on IPSec (Internet Security Protocol), build an enterprise internal Intranet, support ISP (Internet Service Provider ) to wholesale services to users, and other applications.
AAA (Authentication, Authorization, Accounting, Authentication, Authorization, Accounting) is a server program capable of processing user access requests, providing Authentication Authorization and account services, and mainly aims to manage user access to a network server and provide services for users with access rights.
The IP over ethernet (ipoe) uses DHCP technology as core, and closely combines with general RADIUS (Remote Authentication Dial In User Service), to implement broadband access Authentication system of IP User session mechanism, IP data stream classification mechanism, IP session Authentication and management mechanism.
In the current network system, in order to ensure reliability and security, the continuation message is encrypted, and the BRAS equipment cannot analyze the continuation message. The BRAS equipment provides network service for a corresponding user according to the entries recorded in the IPOE user table, when the network of a certain terminal equipment has a problem and is abnormally off-line, the BRAS equipment deletes the entries corresponding to the terminal equipment in the IPOE user table and records the information of the terminal equipment in the IPOE abnormal recovery table, when the flow of the terminal equipment on the IPOE abnormal recovery table of the BRAS reaches the BRAS equipment after the network is recovered to be normal, the BRAS equipment tries to recover the corresponding entries in the IPOE user table according to the IPOE abnormal recovery table, and the recovery fails due to the fact that the continuation message is encrypted, so that the recovery of the terminal equipment in the IPOE abnormal recovery table fails, user service is influenced, and service interruption is caused.
Disclosure of Invention
In view of the above, the present disclosure provides a method and an apparatus for recovering an abnormal offline, an electronic device, and a machine-readable storage medium, so as to solve the problem of service interruption caused by re-authentication before passing through a network after the user is abnormally offline.
The specific technical scheme is as follows:
the present disclosure provides an abnormal offline recovery method, which is applied to a BRAS device, and the method includes: acquiring abnormal user information, and recovering the abnormal user to an IPOE user table, wherein the domain name information of the table entry corresponding to the abnormal user is a default abnormal domain; according to the IPOE user table, providing network service for the abnormal users of the default abnormal domain for the domain name information of the corresponding table entry; receiving a renewal message sent by an abnormal user, setting the aging time of the table entry corresponding to the abnormal user in the IPOE user table according to the renewal message, and aging the table entry when the aging time of the table entry corresponding to the abnormal user in the IPOE user table is zero, so that the renewal of the abnormal user fails in the current renewal period.
As a technical solution, the received renewal message is a unicast renewal message; the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes: analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
As a technical scheme, the received appointment continuation message is a broadcast appointment continuation message; the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes: analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
As a technical solution, the providing network services for the abnormal user according to the entry corresponding to the abnormal user in the IPOE user table includes: and providing network services for limiting the network speed for abnormal users.
The present disclosure also provides an abnormal offline recovery device, which is applied to BRAS equipment, the device includes: the table entry module is used for acquiring abnormal user information and recovering the abnormal user to the IPOE user table, wherein the domain name information of the table entry corresponding to the abnormal user is a default abnormal domain; the service module is used for providing network service for the abnormal users of the default abnormal domain according to the domain name information of the corresponding table entry; the message module is used for receiving a continuation message sent by an abnormal user; the entry module is further configured to set an aging time of the entry corresponding to the abnormal user in the IPOE user table according to the continuation message, and age the entry when the aging time of the entry corresponding to the abnormal user in the IPOE user table is zero, so that the continuation of the abnormal user in the current continuation period fails.
As a technical scheme, a renewal message received by a message module is a unicast renewal message; the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes: analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
As a technical scheme, a contract continuation message received by a message module is a broadcast contract continuation message; the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes: analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
As a technical solution, the providing network service for the abnormal user of the default abnormal domain according to the domain name information of the corresponding table entry according to the IPOE user table includes: and providing network services for limiting the network speed for abnormal users.
The present disclosure also provides an electronic device, including a processor and a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions executable by the processor, and the processor executes the machine-executable instructions to implement the foregoing abnormal offline recovery method.
The present disclosure also provides a machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the aforementioned exception downline restoration method.
The technical scheme provided by the disclosure at least brings the following beneficial effects:
after the flow of the terminal equipment which is off line abnormally is sent to the BRAS equipment again, the BRAS equipment restores the abnormal user information corresponding to the terminal equipment to the IPOE user table, and sets the domain name as a default abnormal domain which does not need authentication, thereby providing network service for the BRAS equipment, and meanwhile, the aging time is set according to lease information in a lease message, so that the terminal equipment resends a DHCP discovery message as soon as possible while maintaining the network service, and the authentication process is completed again to restore normal use.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present disclosure or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and other drawings can be obtained by those skilled in the art according to the drawings of the embodiments of the present disclosure.
FIG. 1 is a flow chart of an abnormal offline recovery method in one embodiment of the present disclosure;
FIG. 2 is a block diagram of an abnormal offline recovery apparatus according to an embodiment of the present disclosure;
FIG. 3 is a hardware block diagram of an electronic device in one embodiment of the disclosure;
FIG. 4 is a networking of IPOE access authentication of the present disclosure.
Detailed Description
The terminology used in the embodiments of the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information in the embodiments of the present disclosure, such information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
As shown in fig. 4, a typical networking of IPOE access authentication is performed, a user connects to a BRAS device through a switch to perform IPOE authentication, and after the authentication is passed, an IP address is obtained to enable normal internet access, so that the BRAS device in the network system can complete the function of a DHCP device.
The IPOE authentication selects IP or MAC as a user name, and a DHCP protocol message cannot carry the domain name, so that the user name cannot be customized, the cost for collecting the user name is high, meanwhile, the BRAS equipment cannot flexibly control the access of the user according to the domain name, the IPOE authentication requires that the terminal equipment carries the option60, the BRAS equipment accesses the domain name according to the information record of the option60, and the problem that the IPOE user cannot carry the domain name and cannot flexibly access is solved.
The ISP requires the option60 to encapsulate information such as user name, password, domain name, etc. based on the option60 as domain name, and the user must encrypt the information for security, and the decryption is performed by the AAA device.
At this time, the whole IPOE authentication flow is adjusted into the following two stages:
in the first stage, after receiving a DHCP protocol message of a terminal device, a BRAS device cannot resolve an option60 as a domain name, so that the BRAS device enters a default domain for authentication, encapsulates the option60 in a user name and carries the option60 to an AAA device, and after receiving the option60, the AAA device decrypts the option60 to obtain information such as the user name, a password, a domain and the like, and simultaneously checks whether the user name and the password are legal;
and in the second stage, the AAA device informs the BRAS device that the authentication fails after checking the AAA device, authorizes the BRAS device with information such as a user name and a domain name after checking the AAA device to be legal, the user name, the domain name and other information filled in a user table of the BRAS device are authorized information, and an address allocated to the terminal device is also allocated from an address pool of the authorized domain name.
The IPOE authentication is triggered by a DHCP protocol, if a network abnormity occurs, a user is offline on a BRAS, but the terminal equipment is actually online, and after the network abnormity is recovered, the traffic of the terminal equipment cannot be forwarded to the BRAS, so that the BRAS needs to support an abnormal traffic recovery function under a general condition, and when the abnormal offline is caused by the network abnormity of the terminal equipment, the BRAS records the related information of the terminal equipment into an IPOE abnormity recovery table. After the network exception is recovered, the flow of the terminal equipment is sent to the BRAS equipment, the BRAS equipment inquires and matches the table entry of the IPOE exception recovery table according to the related information such as the IP address, the MAC address and the like of the flow, if the table entry exists and hits the table entry, the interaction process of the whole user is simulated to generate the IPOE user table, and therefore the normal forwarding of the user flow is achieved.
As mentioned above, the option60 field carried in the DHCP protocol message sent by the terminal device is encrypted, and when the BRAS device performs authentication with the AAA server according to the information recorded in the abnormal user recovery table, the check of the option60 may be failed, which may result in abnormal traffic recovery failure, thereby affecting user services.
Therefore, a need exists for a method and a system for ensuring that the terminal device continuously obtains network service after the entry recovery of the IPOE user table fails, and service interruption of the terminal device caused by service interruption by the BRAS device is avoided as much as possible.
In view of the above, the present disclosure provides a method and an apparatus for recovering an abnormal offline, an electronic device, and a machine-readable storage medium, so as to solve the problem of service interruption caused by the failure of recovering the abnormal offline of the terminal device.
After the terminal equipment passes the AAA authentication, the BRAS equipment records the user information corresponding to the terminal equipment into the IPOE user table. When receiving the flow, the BRAS device firstly queries the IPOE user table according to the address information carried in the message, such as an IP address, an MAC address and the like, and forwards the message if the address information is hit.
The specific technical scheme is as follows.
In an actual network system, one or more terminal devices may be directly connected to a BRAS device or indirectly connected to the BRAS device through other network devices, such as switches, and when any terminal device is in a network abnormality, the technical scheme provided by the present disclosure may be used to provide network service for the terminal device that is abnormally offline, and recover the network as soon as possible, and recover the table entry of the IPOE user table.
In one embodiment, the present disclosure provides an abnormal offline recovery method, applied to a BRAS device, the method including: acquiring abnormal user information, and recovering the abnormal user to an IPOE user table, wherein the domain name information of the table entry corresponding to the abnormal user is a default abnormal domain; according to the IPOE user table, providing network service for the abnormal users of the default abnormal domain for the domain name information of the corresponding table entry; receiving a renewal message sent by an abnormal user, setting the aging time of the table entry corresponding to the abnormal user in the IPOE user table according to the renewal message, and aging the table entry when the aging time of the table entry corresponding to the abnormal user in the IPOE user table is zero, so that the renewal of the abnormal user fails in the current renewal period.
Specifically, as shown in fig. 1, the present embodiment includes the steps of:
and step S11, acquiring abnormal user information, and restoring the abnormal user to the IPOE user table, wherein the domain name information of the table entry corresponding to the abnormal user is a default abnormal domain.
When the terminal equipment is abnormal in network, the BRAS equipment can know that the terminal equipment is abnormally off-line, and at the moment, the BRAS equipment deletes the table entry corresponding to the terminal equipment in the IPOE user table and records the corresponding user information into the IPOE abnormal recovery table.
In this embodiment, the BRAS device queries an IPOE user according to information carried in the traffic message, and does not query a table entry corresponding to the traffic, and then queries a corresponding table entry in an IPOE exception recovery table.
The BRAS device obtains abnormal user information according to the table entry, and then restores the corresponding information of the abnormal user, namely the terminal device with the network abnormality, to the IPOE user table, wherein the domain name information of the corresponding table entry is a default abnormal domain, as shown in table 1 below.
Index IP MAC Aging Domain
1 ip1 mac1 t0 defaultoption60
TABLE 1
Table 1 includes fields of the IPOE user table, such as the Index field, IP field, MAC field, Aging field, Domain field.
In particular, the amount of the solvent to be used,
the Index field is a sequence number;
the IP field is the IP address of the terminal device, and IP1 is the IP address allocated by the DHCP service for the terminal device with network abnormality in this embodiment;
the MAC field is the MAC address of the terminal device, and MAC1 is the MAC address of the terminal device in which the network abnormality occurs according to this embodiment;
the Aging field is Aging time, when the Aging time is counted down to 0, the table entry is aged, the BRAS device does not provide network service for the terminal device corresponding to the table, and t0 is a preset value to ensure that the table entry is not aged before being operated next;
the Domain field is the Domain name information, and default section 60 is the default exception Domain.
And step S12, according to the IPOE user table, providing network service for the abnormal user of the default abnormal domain for the domain name information of the corresponding table entry.
In general, after the network of the terminal device which is abnormally offline is recovered, the BRAS device removes the AAA server for authentication according to the IPOE abnormal recovery table and attempts to recover the IPOE user table, and for the reasons described above, the authentication fails and the recovery fails.
In this embodiment, when traffic or a packet arrives at the BRAS device, the BRAS device queries the IPOE user table and hits the entry in the IPOE user table in the above step, that is, when the entry corresponds to an abnormal user in this embodiment, the BRAS device still forwards the traffic or the packet, that is, provides network service for the abnormal user, and ensures that the network does not cut off, and the service can continue.
Step S13, receiving the renewal message sent by the abnormal user, setting the aging time of the table entry corresponding to the abnormal user in the IPOE user table according to the renewal message, and aging the table entry when the aging time of the table entry corresponding to the abnormal user in the IPOE user table is zero.
According to the DHCP protocol, when a specified time point is reached, the terminal equipment with the network abnormality, namely the abnormal user, sends a lease message to the BRAS equipment, wherein the lease message contains lease information comprising lease duration T, after the BRAS receives the lease message sent by the abnormal user, the BRAS analyzes the message and extracts the lease information, and the aging time T1 of the table entry corresponding to the abnormal user in the IPOE user table, such as the table 2, is set according to the lease duration T and the time point in the current lease period, so that the table entry is aged in the current lease period but is not aged immediately, and the terminal equipment can continuously obtain the network service provided by the BRAS equipment.
Index IP MAC Aging Domain
1 ip1 mac1 t1 defaultoption60
TABLE 2
When the entry corresponding to the abnormal user in the IPOE user table is aged, the terminal device will resend the DHCP Discover message (DHCP Discover message) and complete the authentication process again, so as to recover the corresponding entry in the IPOE user table, and thus all entries are recovered to normal.
In one embodiment, the received renewal message is a unicast renewal message; the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes: analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
The lease duration of a lease period is T, according to the current protocol, in a lease period, when the time point reaches 0.5T, the terminal equipment sends a unicast lease message to the BRAS equipment, and when the time point reaches 0.75T, the terminal equipment sends a broadcast lease message to the BRAS equipment.
If the network recovery time of the terminal equipment is in a time point of 0 to 0.5T in a duration period, the terminal equipment sends a unicast duration message to the BRAS equipment when the time point of 0.5T is reached. When the BRAS device receives the continuation message as a unicast message, it indicates that the current time point is at 0.5T, and at this time, the aging time of the entry corresponding to the abnormal user in the IPOE user table is set to be less than or equal to 0.25T, such as 0.25T, 0.24T, 0.23T, and the like, and is selected as needed, so that the entry corresponding to the abnormal user in the IPOE user table is aged when the terminal device sends the broadcasted continuation message to the BRAS device at the time point of 0.75T, so that the continuation fails, and the BRAS device sends a Negative Acknowledgement (NAK) message to the terminal device.
After the terminal equipment fails to continue to contract, the terminal equipment resends the DHCP Discover message (DHCP discovery message) and completes the authentication process again.
In one embodiment, the received continuation message is a broadcast continuation message; the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes: analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
As mentioned above, the lease duration of a lease period is T, according to the current protocol, in a lease period, when the time point reaches 0.5T, the terminal device sends a unicast lease message to the BRAS device, and when the time point reaches 0.75T, the terminal device sends a broadcast lease message to the BRAS device.
If the network recovery time of the terminal equipment is in a time point of 0.5T to 0.75T in a duration period, the terminal equipment sends a broadcast duration message to the BRAS equipment when the time point of 0.75T is reached. When the BRAS equipment receives the continuation message which is a broadcast message, the fact that the current time point is 0.75T is indicated, at this time, the aging time of the table entry corresponding to the abnormal user in the IPOE user table is set to be less than or equal to 0.25T, such as 0.25T, 0.24T, 0.23T and the like, and the table entry is selected according to needs, so that the table entry corresponding to the abnormal user in the IPOE user table is aged before the current continuation period expires. After that, the terminal device will resend the DHCP Discover message (DHCP Discover message), and complete the authentication procedure again.
In one embodiment, the providing network services for the abnormal user according to the entry corresponding to the abnormal user in the IPOE user table includes: and providing network services for limiting the network speed for abnormal users.
When the BRAS device forwards traffic, if the Domain field of the entry corresponding to the user in the IPOE user table is the default abnormal Domain default 60, the network speed of the user is limited, that is, the network service provided by the abnormal user is limited, for example, only the basic network speed is provided for the user, or other arbitrary values and modes are selected as required, so that the abnormal user is distinguished from the normal user, the abnormal user cannot obtain complete network service, and under the condition that the abnormal user service is not interrupted, the problems such as safety and the like are avoided.
In one embodiment, the present disclosure provides an abnormal offline recovery apparatus, as shown in fig. 2, applied to a BRAS device, the apparatus including: the table entry module 51 is configured to obtain abnormal user information, and restore the abnormal user to the IPOE user table, where domain name information of a table entry corresponding to the abnormal user is a default abnormal domain; the service module 52 is configured to provide network services for the abnormal users in the default abnormal domain according to the IPOE user table and the domain name information of the corresponding table entry; the message module 53 is configured to receive a continuation message sent by an abnormal user; the entry module is further configured to set an aging time of the entry corresponding to the abnormal user in the IPOE user table according to the continuation message, and age the entry when the aging time of the entry corresponding to the abnormal user in the IPOE user table is zero, so that the continuation of the abnormal user in the current continuation period fails.
The table entry module 51 is configured to obtain abnormal user information, and restore the abnormal user to the IPOE user table, where domain name information of a table entry corresponding to the abnormal user is a default abnormal domain.
When the terminal equipment is abnormal in network, the BRAS equipment can know that the terminal equipment is abnormally off-line, and at the moment, the BRAS equipment deletes the table entry corresponding to the terminal equipment in the IPOE user table and records the corresponding user information into the IPOE abnormal recovery table.
In this embodiment, the BRAS device queries an IPOE user according to information carried in the traffic message, and does not query a table entry corresponding to the traffic, and then queries a corresponding table entry in an IPOE exception recovery table.
The BRAS device obtains the abnormal user information according to the table entry, and then restores the corresponding information of the abnormal user, namely the terminal device with the network abnormality, to the IPOE user table, wherein the domain name information of the corresponding table entry is a default abnormal domain, as shown in table 3 below.
Index IP MAC Aging Domain
1 ip1 mac1 t0 defaultoption60
TABLE 3
Table 3 includes fields of the IPOE user table, such as Index field, IP field, MAC field, Aging field, Domain field.
In particular, the amount of the solvent to be used,
the Index field is a sequence number;
the IP field is the IP address of the terminal device, and IP1 is the IP address allocated by the DHCP service for the terminal device with network abnormality in this embodiment;
the MAC field is the MAC address of the terminal device, and MAC1 is the MAC address of the terminal device in which the network abnormality occurs according to this embodiment;
the Aging field is Aging time, when the Aging time is counted down to 0, the table entry is aged, the BRAS device does not provide network service for the terminal device corresponding to the table, and t0 is a preset value to ensure that the table entry is not aged before being operated next;
the Domain field is the Domain name information, and default section 60 is the default exception Domain.
The service module 52 is configured to provide network services for the abnormal users in the default abnormal domain according to the IPOE user table and the domain name information of the corresponding table entry.
In general, after the network of the terminal device which is abnormally offline is recovered, the BRAS device removes the AAA server for authentication according to the IPOE abnormal recovery table and attempts to recover the IPOE user table, and for the reasons described above, the authentication fails and the recovery fails.
In this embodiment, when traffic or a packet arrives at the BRAS device, the BRAS device queries the IPOE user table and hits the entry in the IPOE user table in the above step, that is, when the entry corresponds to an abnormal user in this embodiment, the BRAS device still forwards the traffic or the packet, that is, provides network service for the abnormal user, and ensures that the network does not cut off, and the service can continue.
The message module 53 is configured to receive a continuation message sent by an abnormal user; the entry module is further configured to set an aging time of the entry corresponding to the abnormal user in the IPOE user table according to the continuation message, and age the entry when the aging time of the entry corresponding to the abnormal user in the IPOE user table is zero.
According to the DHCP protocol, when a specified time point is reached, the terminal equipment with the network abnormality, namely the abnormal user, sends a lease message to the BRAS equipment, wherein the lease message contains lease information comprising lease duration T, after the BRAS receives the lease message sent by the abnormal user, the BRAS analyzes the message and extracts the lease information, and the aging time T1 of the table entry corresponding to the abnormal user in the IPOE user table is set according to the lease duration T and the time point in the current lease period, such as the table 4, so that the table entry is aged in the current lease period but is not aged immediately, and the terminal equipment can continuously obtain the network service provided by the BRAS equipment.
Index IP MAC Aging Domain
1 ip1 mac1 t1 defaultoption60
TABLE 4
When the entry corresponding to the abnormal user in the IPOE user table is aged, the terminal device will resend the DHCP Discover message (DHCP Discover message) and complete the authentication process again, so as to recover the corresponding entry in the IPOE user table, and thus all entries are recovered to normal.
In one embodiment, the received renewal message is a unicast renewal message; the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes: analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
The lease duration of a lease period is T, according to the current protocol, in a lease period, when the time point reaches 0.5T, the terminal equipment sends a unicast lease message to the BRAS equipment, and when the time point reaches 0.75T, the terminal equipment sends a broadcast lease message to the BRAS equipment.
If the network recovery time of the terminal equipment is in a time point of 0 to 0.5T in a duration period, the terminal equipment sends a unicast duration message to the BRAS equipment when the time point of 0.5T is reached. When the BRAS device receives the continuation message as a unicast message, it indicates that the current time point is at 0.5T, and at this time, the aging time of the entry corresponding to the abnormal user in the IPOE user table is set to be less than or equal to 0.25T, such as 0.25T, 0.24T, 0.23T, and the like, and is selected as needed, so that the entry corresponding to the abnormal user in the IPOE user table is aged when the terminal device sends the broadcasted continuation message to the BRAS device at the time point of 0.75T, so that the continuation fails, and the BRAS device sends a Negative Acknowledgement (NAK) message to the terminal device.
After the terminal equipment fails to continue to contract, the terminal equipment resends the DHCP Discover message (DHCP discovery message) and completes the authentication process again.
In one embodiment, the received continuation message is a broadcast continuation message; the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes: analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
As mentioned above, the lease duration of a lease period is T, according to the current protocol, in a lease period, when the time point reaches 0.5T, the terminal device sends a unicast lease message to the BRAS device, and when the time point reaches 0.75T, the terminal device sends a broadcast lease message to the BRAS device.
If the network recovery time of the terminal equipment is in a time point of 0.5T to 0.75T in a duration period, the terminal equipment sends a broadcast duration message to the BRAS equipment when the time point of 0.75T is reached. When the BRAS equipment receives the continuation message which is a broadcast message, the fact that the current time point is 0.75T is indicated, at this time, the aging time of the table entry corresponding to the abnormal user in the IPOE user table is set to be less than or equal to 0.25T, such as 0.25T, 0.24T, 0.23T and the like, and the table entry is selected according to needs, so that the table entry corresponding to the abnormal user in the IPOE user table is aged before the current continuation period expires. After that, the terminal device will resend the DHCP Discover message (DHCP Discover message), and complete the authentication procedure again.
In one embodiment, the providing network services for the abnormal user according to the entry corresponding to the abnormal user in the IPOE user table includes: and providing network services for limiting the network speed for abnormal users.
When the BRAS device forwards traffic, if the Domain field of the entry corresponding to the user in the IPOE user table is the default abnormal Domain default 60, the network speed of the user is limited, that is, the network service provided by the abnormal user is limited, for example, only the basic network speed is provided for the user, or other arbitrary values and modes are selected as required, so that the abnormal user is distinguished from the normal user, the abnormal user cannot obtain complete network service, and under the condition that the abnormal user service is not interrupted, the problems such as safety and the like are avoided.
In an embodiment, the present disclosure provides an electronic device, including a processor and a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions executable by the processor, and the processor executes the machine-executable instructions to implement the foregoing abnormal offline recovery method, and from a hardware level, a schematic diagram of a hardware architecture may be as shown in fig. 3.
In one embodiment, the present disclosure provides a machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the aforementioned exception downline restoration.
Here, a machine-readable storage medium may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and so forth. For example, the machine-readable storage medium may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
The systems, devices, modules or units described in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in practicing the disclosure.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (which may include, but is not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an embodiment of the present disclosure, and is not intended to limit the present disclosure. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the scope of the claims of the present disclosure.

Claims (10)

1. An abnormal offline recovery method is applied to BRAS equipment, and comprises the following steps:
acquiring abnormal user information, and recovering the abnormal user to an IPOE user table, wherein the domain name information of the table entry corresponding to the abnormal user is a default abnormal domain;
according to the IPOE user table, providing network service for the abnormal users of the default abnormal domain for the domain name information of the corresponding table entry;
receiving a renewal message sent by an abnormal user, setting the aging time of the table entry corresponding to the abnormal user in the IPOE user table according to the renewal message, and aging the table entry when the aging time of the table entry corresponding to the abnormal user in the IPOE user table is zero, so that the renewal of the abnormal user fails in the current renewal period.
2. The method of claim 1, wherein the received continuation message is a unicast continuation message;
the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes:
analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
3. The method of claim 1, wherein the received continuation message is a broadcast continuation message;
the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes:
analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
4. The method of claim 1, wherein providing network services for the abnormal users of the default abnormal domain according to the domain name information of the corresponding entry in the IPOE user table comprises:
and providing network services for limiting the network speed for abnormal users.
5. An abnormal offline recovery device, which is applied to BRAS equipment, and comprises:
the table entry module is used for acquiring abnormal user information and recovering the abnormal user to the IPOE user table, wherein the domain name information of the table entry corresponding to the abnormal user is a default abnormal domain;
the service module is used for providing network service for the abnormal users of the default abnormal domain according to the domain name information of the corresponding table entry;
the message module is used for receiving a continuation message sent by an abnormal user;
the entry module is further configured to set an aging time of the entry corresponding to the abnormal user in the IPOE user table according to the continuation message, and age the entry when the aging time of the entry corresponding to the abnormal user in the IPOE user table is zero, so that the continuation of the abnormal user in the current continuation period fails.
6. The apparatus of claim 5, wherein the renewal message received by the message module is a unicast renewal message;
the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes:
analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
7. The apparatus of claim 5, wherein the continuation message received by the message module is a broadcast continuation message;
the setting of the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table according to the continuation message includes:
analyzing the continuation message to obtain lease duration T, and setting the aging time of the table entry corresponding to the abnormal user in the IPOE abnormal recovery table to be less than or equal to 0.25T.
8. The apparatus of claim 5, wherein the providing network services for the abnormal users of the default abnormal domain according to the domain name information of the corresponding table entry in the IPOE user table comprises:
and providing network services for limiting the network speed for abnormal users.
9. An electronic device, comprising: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor to perform the method of any one of claims 1 to 4.
10. A machine-readable storage medium having stored thereon machine-executable instructions which, when invoked and executed by a processor, cause the processor to implement the method of any of claims 1-4.
CN202010132941.6A 2020-02-29 2020-02-29 Abnormal offline recovery method, device and equipment and machine-readable storage medium Active CN111478788B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010132941.6A CN111478788B (en) 2020-02-29 2020-02-29 Abnormal offline recovery method, device and equipment and machine-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010132941.6A CN111478788B (en) 2020-02-29 2020-02-29 Abnormal offline recovery method, device and equipment and machine-readable storage medium

Publications (2)

Publication Number Publication Date
CN111478788A CN111478788A (en) 2020-07-31
CN111478788B true CN111478788B (en) 2022-02-22

Family

ID=71747152

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010132941.6A Active CN111478788B (en) 2020-02-29 2020-02-29 Abnormal offline recovery method, device and equipment and machine-readable storage medium

Country Status (1)

Country Link
CN (1) CN111478788B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114650147A (en) * 2020-12-02 2022-06-21 成都鼎桥通信技术有限公司 Login method and device
CN114596681B (en) * 2022-03-29 2023-03-10 中国工商银行股份有限公司 Method and device for processing exception of circulator

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889577A (en) * 2006-07-18 2007-01-03 Ut斯达康通讯有限公司 IP address distributing method based on DHCP extended attribute
CN103246746A (en) * 2013-05-23 2013-08-14 百度在线网络技术(北京)有限公司 Method, device and system for searching information
CN103825974A (en) * 2014-02-24 2014-05-28 杭州华三通信技术有限公司 DHCP contract extension processing method and device
CN105677815A (en) * 2015-12-30 2016-06-15 广东欧珀移动通信有限公司 Webpage bookmark addition method and terminal
CN108206765A (en) * 2018-03-30 2018-06-26 新华三技术有限公司 PPPoE reaches the standard grade restoration methods, BRAS equipment and aaa server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889577A (en) * 2006-07-18 2007-01-03 Ut斯达康通讯有限公司 IP address distributing method based on DHCP extended attribute
CN103246746A (en) * 2013-05-23 2013-08-14 百度在线网络技术(北京)有限公司 Method, device and system for searching information
CN103825974A (en) * 2014-02-24 2014-05-28 杭州华三通信技术有限公司 DHCP contract extension processing method and device
CN105677815A (en) * 2015-12-30 2016-06-15 广东欧珀移动通信有限公司 Webpage bookmark addition method and terminal
CN108206765A (en) * 2018-03-30 2018-06-26 新华三技术有限公司 PPPoE reaches the standard grade restoration methods, BRAS equipment and aaa server

Also Published As

Publication number Publication date
CN111478788A (en) 2020-07-31

Similar Documents

Publication Publication Date Title
US7894359B2 (en) System and method for distributing information in a network environment
US7734770B2 (en) System and method for monitoring information in a network environment
US8125980B2 (en) User terminal connection control method and apparatus
US11546308B2 (en) Message processing for subscriber sessions which stretch over different network domains
CN111478879B (en) DHCP (dynamic host configuration protocol) continuation method and device, electronic equipment and machine-readable storage medium
CN109104475B (en) Connection recovery method, device and system
CN107040389B (en) Result reporting for authentication, authorization, and accounting protocols
CN111478788B (en) Abnormal offline recovery method, device and equipment and machine-readable storage medium
CN107547550B (en) Authentication method and device
WO2014124593A1 (en) Network session control
US9553861B1 (en) Systems and methods for managing access to services provided by wireline service providers
US8615591B2 (en) Termination of a communication session between a client and a server
CN111628963B (en) Anti-attack method, device, equipment and machine readable storage medium
US8271678B2 (en) Independent detection and filtering of undesirable packets
CN116388998A (en) Audit processing method and device based on white list
CN111478939B (en) Abnormal offline recovery method, device and equipment and machine-readable storage medium
CN102932245A (en) Method and device for processing and tracking terminal access controller access control system (TACACS)+ session
CN108259454B (en) Portal authentication method and device
CN111447293B (en) User statistical method, device, equipment and machine readable storage medium
EP4169219B1 (en) Methods, system and communication devices related to lawful interception
CN114499965B (en) Internet surfing authentication method and system based on POP3 protocol
CN109120417B (en) Charging message copying method and device, charging server and access equipment
CN108683637B (en) Registration method and device for group members
AU2003262120B2 (en) Monitoring of information in a network environment
CN117544395A (en) IPv6 network threat person tracing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant