DE102015110494B4 - Network access device and network service device for providing network access - Google Patents

Abstract

Network access device (100, 801) for providing communication access from a subscriber device (111) to a communication network (113), the network access device (100, 801) comprising:
a subscriber-side communication interface (101) for receiving data packets (810, 812) from the subscriber device (111);
a network-side communication interface (113) for transmitting data packets (810, 812, 814) to the communication network (113); and
a processor (105) for switching the communication access of the subscriber device (111) to the communication network (113), the processor (105) being designed:
in response to receipt of a first data packet (810, 812) with dial-in information (807) from the subscriber device (111), insert port status information (809b) into the first data packet (810, 812) and send the first data packet (810, 812) to the Forward communication network (113),
wherein the processor (105) is further designed to insert the port status information (809b) in response to an enable signal (802) in the first data packet (810, 812),
wherein the processor (105) is designed to generate the enable signal (802) based on an adjustable delay.

Description

The present invention relates to a network access device and a network service device for arranging communication access of a subscriber device to a communication network as well as corresponding methods for arranging communication access. In particular, the invention relates to a port release control for networks whose network elements Access Node (e.g. MSAN, GE-DSLAM, OLT) are in communication with a service gateway (BNG) and policy server and exchange information for the purpose of QoS and network control, in particular L2C networks.

The transmission of status information between access nodes and service gateways via ANCP is the current state of the art and is on the one hand in the IETF standards "RFC 5851 Architectural Framework", "RFC 6320 Access Node Control Protocol" and "RFC 6934 ANCP for PON" and on the other in the BBF standards "TR-147 Layer 2 Control Mechanism For Broadband Multi-Service Architectures" and "TR-207 Layer 2 Control Mechanism For Broadband Multi-Service Architectures II". These standards describe and make specifications for operating states with regard to transmission methods at the access ports and the transmission of port states and control information as well as requirements for access nodes and BNG.

None of the work and standards listed above take into account the temporal interaction of ANCP port information and session structure. The uncoordinated interaction of session-dependent control information that is fed from the access node via the data plane to the BNG and the exchange of control plane (control level) information via ANCP sometimes leads to implausible dial-in (session) states in the network. These occur when the port information is not yet available at the BNG via ANCP, but the session establishment is already triggered via PADI, DHCP Discover (IPv4), Neighbor Discovery (IPv6) at the BNG. This leads to malfunctions or functional restrictions with regard to QoS control in today's communication networks.

There is therefore a need for an interaction between ANCP port information and the session structure.

The pamphlet DE 10 2007 008 463 A1 relates to a broadband access system 10 (see 1 ) for subscriber-related interface control of an access node 40, the remote-controllable voice interfaces 41, 42 and a remote-controllable test device 49 for testing subscriber connection lines 100 , 101 having.

The pamphlet US 2010/0131 660 A1 relates to deterministic session load balance and redundancy of access servers in a computer network 100 (please refer 1 ). The computer network 100 includes an access node 200 , for example a DSLAM, via which a plurality of subscriber devices 105 Get access to the network.

The pamphlet DE 10 2010 037 501 A1 relates to methods for automatic port status and configuration control for optical access networks.

It is the object of the present invention to create a more efficient access of a subscriber device to a communication network.

This object is achieved by the features of the independent claims. Advantageous forms of further training are the subject of the dependent claims.

A core idea of the invention is to provide a control function that controls the interaction of session-dependent functions and ANCP control information both in terms of time and in the process.

The abbreviations defined below are used for the detailed description of the invention: ON: Access Node ANCP: Access Node Control Protocol BNG: Broadband Network Gateway CP: Control Point ANCP CPE: Customer Premise Equipment DHCP: Dynamic Host Control Protocol IA: Intermediate agent RA: Relay agent OLT: Optical line termination PPPoE: Point to Point Protocol over Ethernet TLV: Type Length Value QoS: Quality of Service DSLAM: Digital Subscriber Line Access Module OLT: Optical line termination L2C: Layer 2 control IPv4, IPv6: Internet Protocol, V4, V6 PADI: PPPoE Active Discovery Initiation RS: Router solicitation ND: Neighbor Discovery NS: Neighbor solicitation LinelD: Identification of a subscriber line or a subscriber port LDRA: Lightweight Relay Agent (IPv6 pedant to RA for IPv4) LIO Line ID Insertion Option (RFC6788)

The communication interfaces presented below between network elements such as subscriber device, network access device, network service device, authentication server and others can be based on wired networks, for example using Ethernet, USB, cables, etc. The communication channels can also be based on wireless networks, for example using WLAN , WiFi, Bluetooth, infrared or other short-range communication standards. Voice-over-IP (VoIP) using IPv4 or IPv6, for example, can be used as protocols for data transmission. The communication channels can be established by means of the public network, for example via the Internet, a telephone network of a telephone operator, e.g. a wired network such as a POTS, ISDN, DSL or cable network, or a wireless network, such as a cellular network of a cellular operator, e.g. a cellular network, for example using a mobile radio standard such as LTE, UMTS, GSM, etc. Voice-over-IP using IPv4 or IPv6 or ATM, STM or other wide-area standards can be used as protocols for data or voice transmission via the communication network.

The network facilities presented below. such as network access device, network service device, authentication server and others can be provided in the cloud. Cloud or cloud computing is to be understood here as the approach of providing abstracted IT infrastructures such as computing capacity, data storage, network capacities, finished software or, here, the server dynamically adapted to requirements via a network. The abstract IT infrastructure made available is also referred to as the cloud or “cloud”.

The facilities, processes and systems presented below can be of various types. The individual elements or devices described can be implemented by hardware or software components, for example electronic components that can be manufactured using various technologies and, for example, semiconductor chips, ASICs, microprocessors, digital signal processors, integrated electrical circuits, electro-optical circuits and / or passive components include.

The facilities, processes and systems presented below can provide services. The term “service” describes a technical, self-sufficient unit that bundles related functionalities into a complex of topics and makes them available via a clearly defined interface. Examples of this are web services, network services, system services or telecommunication services. In the following description, the services can be assigned to individual network devices or modules.

The devices, methods and systems presented below can exchange data in a packet-based manner via various communication protocols. A communication protocol describes an agreement according to which data transmission between two or more network elements takes place. The protocol can be defined as the rules that determine the syntax, semantics and synchronization of communication. Protocols can be implemented by hardware, software, or a combination of both. For example, communication protocols can be based on the OSI layer model.

According to a first aspect, the invention relates to a network access device for switching a communication access of a subscriber device to a communication network, the network access device comprising: a subscriber-side communication interface for receiving data packets from the subscriber device; a network-side communication interface for transmitting data packets to the communication network; and a processor for switching the communication access of the subscriber device to the communication network, the processor being designed to: in response to receipt of a first data packet with dial-in information from the subscriber device, insert port status information into the first data packet and forward the first data packet to the communication network, the Processor is further designed to insert the port status information in response to an enable signal in the first data packet.

A particular advantage of such a network access device is the implementation of a control function, i.e. the release signal, in the processor that regulates a time sequence between sending the port status information to the communication network and sending the dial-in information to the communication network, so that the dial-in information with valid port status information is available in the communication network .

This is particularly advantageous for the case of implementation with an ANCP protocol, because here port release (with the release signal) is only possible after ANCP communication has taken place, ie after the ANCP port up message has been sent to this port. Here, the ANCP port up message is first sent from the AN to the BNG and then the transfer of the valid PADI or DHCP Discover / Neighbor Solicitation to the BNG is enabled, which is achieved by unlocking the LinelD with the release signal.

The line ID block is therefore only released at the point in time when the port is synchronous and ANCP has transmitted the port information to the BNG. By blocking the Line ID in the Intermediate Agent / Relay Agent 803 or processor is the dial-in message of the port 810 , 812 as long as the lack of a valid Line ID 809b unusable for the policy server until it is blocked by sending the port up message at the same time 814 will be annulled. This means that the BNG does not have valid dial-in information 807 before it receives the associated ANCP port information 809b had received.

In one embodiment according to the first aspect, the processor is designed, in response to receipt of a third data packet with the port status information from the subscriber device, to generate a second data packet based on the port status information and to transmit it to the communication network.

This has the advantage that the processor has access to both the port status information and the connection information and can thus only implement a time control of the transmission of both items of information via the release signal.

In one embodiment according to the first aspect, the processor is designed to generate the release signal based on an adjustable delay.

This has the advantage that different transmission paths for transmitting the port status information to the communication network can be taken into account, so that the delay can be selected flexibly in order to take into account the respective transmission environment.

In one embodiment according to the first aspect, the adjustable delay specifies a time interval from the transmission of the second data packet to the communication network to the generation of the release signal.

This has the advantage that the delay is set in such a way that it can be ensured that the second data packet with the port information has also reached the communication network before the first data packet with the connection information is forwarded.

In one embodiment according to the first aspect, the processor is designed to forward the first data packet without inserted port status information to the communication network if the port status information is not available to the processor.

This has the advantage that the processor does not have to wait too long before forwarding the first data packet, so that the delay in the communication system can be kept as low as possible.

In one embodiment according to the first aspect, the processor is designed to insert blocking information in the first data packet if the port status information is not available to the processor.

This also has the advantage that the processor does not have to wait too long before forwarding the first data packet, so that the delay in the communication system can be kept as low as possible.

Furthermore, the following advantage is achieved in the case of implementation with an ANCP protocol: Since a session with invalid port status information or LinelD does not come about, the subscriber device or the client will start a new dialing attempt, which will then be successful, ie with a valid one Port status information or LinelD, since the port has sent the ANCP port message and the port lock has been lifted. The advantage here is that the processes in the subscriber device or CPE / client, in the network access device or AN and in the network service device or BNG can be carried out stateless and do not require synchronization with one another.

In one embodiment according to the first aspect, the first data packet is formatted according to a first communication protocol and the second data packet is formatted according to a second communication protocol.

This has the advantage that the processor in the network access device can synchronize two processes with different communication protocols / network protocols in terms of time and sequence.

In one embodiment according to the first aspect, the port status information includes a connection identifier of the subscriber device. In one embodiment according to the first aspect, the dial-in information from the subscriber device comprises at least one of the following information about the subscriber device: a port status, a bandwidth, an error message.

This has the advantage that the processor can synchronize the connection IDs with the dial-in information such as port status, bandwidth, error messages individually for each subscriber port.

According to a second aspect, the invention relates to a network service device for providing communication access of a subscriber device via a network access device to a communication network, the network service device comprising: a network access-side communication interface for receiving data packets from the network access device; and a processor for controlling the communication access of the subscriber device, wherein the processor is designed to: in response to a receipt of a first data packet with dial-in information from the subscriber device to check whether a predetermined data field in the first data packet includes information that corresponds to port status information of a second received data packets match, and if they match, enable the communication access of the subscriber device to the communication network.

This achieves the advantage that, in cooperation with a network access device according to the first aspect, dial-in information with valid port status information is present in the network service device.

In one embodiment according to the second aspect, the processor is designed to wait until the second data packet with the port status information has been received in the event of a lack of agreement with the activation of the communication access of the subscriber device.

This has the advantage that, by comparing the port status information, it can be recognized whether there is valid port status information or LinelD and, if they do not match, the client can wait for another attempt to dial in, so that valid port status information is always available.

In one embodiment according to the second aspect, the network service facility further comprises a network-side communication interface for transmitting data packets to an authentication server, the activation of the communication access of the subscriber facility comprising a transmission of a third data packet with authentication information from the subscriber facility to the authentication server.

This has the advantage that the client is authenticated in the communication network before it is granted access.

In one embodiment according to the second aspect, the first data packet is formatted in accordance with a first communication protocol, in particular in accordance with a session protocol, in particular in accordance with one of the following communication protocols: DHCP, PPP, PPPoE. In one embodiment according to the second aspect, the second data packet is formatted in accordance with a second communication protocol, in particular in accordance with an access network control protocol, in particular in accordance with an ANCP communication protocol.

This has the advantage that the processor in the network service facility can process two processes with different communication protocols / network protocols in terms of time and sequence.

In one embodiment according to the second aspect, the port status information includes a connection identifier of the subscriber device, in particular a line identification of the subscriber device.

This has the advantage that the processor can enable access to the communication network individually for each subscriber port and can take into account individual capabilities of the client such as bandwidth, etc.

According to a third aspect, the invention relates to a communication system for switching communication access of a subscriber device to a communication network, comprising: a network access device according to the first aspect as such or one of the embodiments of the first aspect; and a network service facility according to the second aspect as such or one of the embodiments of the second aspect.

Such a communication system has the advantage that it regulates a time sequence between the sending of the port status information and the sending of the dial-in information, so that the dial-in information with valid port status information is available in the communication network.

According to a fourth aspect, the invention relates to a method for switching communication access of a subscriber device to a communication network, having the following steps: receiving a first data packet with dial-in information from the subscriber device; and in response to receipt of the first data packet: inserting port status information into the first data packet and forwarding the first data packet to the communication network, the port status information being inserted into the first data packet in response to an enable signal.

A particular advantage of such a method is the implementation of a control function, i.e. the release signal, so that a time sequence between sending the port status information to the communication network and sending the dial-in information to the communication network can be synchronized so that the dial-in information with valid port status information is available in the communication network .

According to a fifth aspect, the invention relates to a method for activating a communication access of a subscriber device to a communication network, with the following steps: receiving a first data packet with dial-in information from the subscriber device; Receiving a second data packet with port status information of the subscriber device; and in response to the receipt of the first data packet: checking whether a predetermined data field in the first data packet includes information that matches the port status information of the second received data packet, and if they match: enabling the communication access of the subscriber device to the communication network.

This has the advantage that, in cooperation with a method according to the fourth aspect, dial-in information with valid port status information is available.

• 1 eine schematische Darstellung einer Netzwerkzugangseinrichtung 100 zum Vermitteln eines Kommunikationszugangs einer Teilnehmereinrichtung 111 zu einem Kommunikationsnetz 113 gemäß einer Ausführungsform;
• 2 eine schematische Darstellung einer Netzwerkserviceeinrichtung 200 zum Vermitteln eines Kommunikationszugangs einer Teilnehmereinrichtung 111 zu einem Kommunikationsnetz 113 gemäß einer Ausführungsform;
• 3 eine schematische Darstellung eines Verfahrens 300 zum Vermitteln eines Kommunikationszugangs einer Teilnehmereinrichtung 111 zu einem Kommunikationsnetz 113 gemäß einer Ausführungsform;
• 4 eine schematische Darstellung eines Verfahrens 400 zum Freischalten eines Kommunikationszugangs einer Teilnehmereinrichtung 111 zu einem Kommunikationsnetz 113 gemäß einer Ausführungsform;
• 5 ein beispielhaftes Nachrichtenflussdiagramm in einem Kommunikationssystem 500 zum Vermitteln eines Kommunikationszugangs einer Teilnehmereinrichtung, CPE 505 zu einem Kommunikationsnetzwerk, BNG gemäß einer Ausführungsform;
• 6 ein beispielhaftes Nachrichtenflussdiagramm 600 für ein Verfahren 300, das in einer Netzwerkzugangseinrichtung, AN ausgeführt werden kann gemäß einer Ausführungsform;
• 7 ein beispielhaftes Nachrichtenflussdiagramm 700 für ein Verfahren 400, das in einer Netzwerkserviceeinrichtung, BNG ausgeführt werden kann gemäß einer Ausführungsform; und
• 8: eine schematische Darstellung 800 einer Netzwerkzugangseinrichtung AN 801 mit ein- und ausgehenden Datenpaketen 810, 812, 814 gemäß einer Ausführungsform.

Further exemplary embodiments are explained with reference to the accompanying drawings. Show it:

• 1 a schematic representation of a network access device 100 for switching a communication access of a subscriber device 111 to a communication network 113 according to one embodiment;
• 2 a schematic representation of a network service facility 200 for switching a communication access of a subscriber device 111 to a communication network 113 according to one embodiment;
• 3 a schematic representation of a process 300 for switching a communication access of a subscriber device 111 to a communication network 113 according to one embodiment;
• 4th a schematic representation of a process 400 for activating a communication access of a subscriber device 111 to a communication network 113 according to one embodiment;
• 5 an exemplary message flow diagram in a communication system 500 for switching a communication access of a subscriber equipment, CPE 505 to a communication network, BNG according to an embodiment;
• 6th an exemplary message flow diagram 600 for a procedure 300 that can be executed in a network access device, AN according to one embodiment;
• 7th an exemplary message flow diagram 700 for a procedure 400 which can be executed in a network service facility, BNG, according to one embodiment; and
• 8th : a schematic representation 800 a network access device AN 801 with incoming and outgoing data packets 810 , 812 , 814 according to one embodiment.

In the following detailed description, reference is made to the accompanying drawings, which form a part hereof, and in which there is shown, by way of illustration, specific embodiments in which the invention may be carried out. It goes without saying that other embodiments can also be used and structural or logical changes can be made without deviating from the concept of the present invention. The following detailed description is therefore not to be taken in a limiting sense. Furthermore, it goes without saying that the features of the various exemplary embodiments described herein can be combined with one another, unless specifically stated otherwise.

The aspects and embodiments are described with reference to the drawings, wherein like reference characters generally refer to like elements. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of one or more aspects of the invention. However, it may be obvious to a person skilled in the art that one or more aspects or embodiments are related to a lesser degree of specific detail can be performed. In other instances, known structures and elements are shown in schematic form to facilitate describing one or more aspects or embodiments. It goes without saying that other embodiments can be used and structural or logical changes can be made without departing from the concept of the present invention.

In addition, although a particular feature or aspect of an embodiment may have been disclosed with respect to only one of a plurality of implementations, such a feature or aspect may be combined with one or more other features or aspects of the other implementations, as for a given or particular one Application can be desirable and beneficial. Furthermore, to the extent that the terms “including,” “having,” “having” or other variations thereof are used in either the detailed description or the claims, such terms are intended to be inclusive of in a manner similar to the term “comprising”. The terms “coupled” and “connected” together with derivatives thereof may have been used. It will be understood that such terms are used to indicate that two elements cooperate or interact with one another regardless of whether or not they are in direct physical or electrical contact with one another. In addition, the term “exemplary” should only be taken as an example instead of the designation for the best or the best. The following description is therefore not to be understood in a restrictive sense.

1 shows a schematic representation of a network access device 100 for switching a communication access of a subscriber device 111 to a communication network 113 according to one embodiment. The network access device 100 includes a communication interface on the subscriber side 101 for receiving data packets from the subscriber equipment 111 ; a network communication interface 113 for transmitting data packets to the communication network 113 ; and a processor 105 for switching the communication access of the subscriber device 111 to the communication network 113 .

The processor 105 is designed to respond to receipt of a first data packet, for example a first data packet 810 , 812 as shown in 8th with dial-in information, for example dial-in information 807 as shown in 8th , from the subscriber facility 111 port status information, for example port status information 809b as shown in 8th to insert into the first data packet and the first data packet to the communication network 113 forward. The processor 105 is also designed to provide the port status information in response to an enable signal, for example an enable signal 802 as shown in 8th or a release signal 502 as shown in 5 or a release signal 620 as shown in 6th to insert into the first data packet.

The processor 105 can also be designed to respond to receipt of a third data packet with the port status information from the subscriber device 111 , for example according to a port synchronization protocol 508 as shown in 5 , a second data packet, for example a second data packet 814 as shown in 8th , based on the port status information and sent to the communication network 113 to submit.

The processor 105 can generate the enable signal based on an adjustable delay. The adjustable delay can be a time interval from the transmission of the second data packet to the communication network 113 specify until the release signal is generated.

The processor 105 can send the first data packet to the communication network without inserted port status information 113 forward when the port status information to the processor 105 not available. The processor 105 can block information, for example block information 809a as shown in 8th , insert into the first data packet when the port status information is sent to the processor 105 not available.

The first data packet can be formatted according to a first communication protocol, for example according to a PPPoE communication protocol or according to a DHCP communication protocol. The second data packet can be formatted according to a second communication protocol, for example according to an ANCP communication protocol.

The port status information can be a connection identifier, for example a LinelD of the subscriber device 111 include. The dial-in information 807 from the subscriber facility 111 can be a port status, a bandwidth or an error message from the subscriber device 111 include.

2 Figure 3 shows a schematic representation of a network service facility 200 for conveying a communication access of a Subscriber facility 111 to a communication network 113 according to one embodiment. The network service facility 200 comprises a communication interface on the network access side 203 for receiving data packets, for example data packets 810 , 812 , 814 as shown in 8th , from the network access facility 100 ; and a processor 205 for controlling the communication access of the subscriber equipment 111 .

The processor 205 is designed to: in response to receipt of a first data packet, for example a first data packet 810 , 812 as shown in 8th with dial-in information, for example dial-in information 807 as shown in 8th , from the subscriber facility 111 to check whether a specified data field in the first data packet includes information that is linked to port status information, for example port status information 809b as shown in 8th , a second received data packet, for example a second data packet 814 as shown in 8th , matches. The processor 205 is designed, if they match, the communication access of the subscriber device 111 to the communication network 113 unlock.

The processor 205 can in the event of a lack of agreement with the activation of the communication access of the subscriber device 111 wait until the second data packet with the port status information has been received.

The network service facility 200 can also have a network-side communication interface 201 for transmitting data packets to an authentication server 207 include. The activation of the communication access of the subscriber device 111 can by transmitting a third data packet, for example a RADIUS request 722 as shown in 7th , with authentication information of the subscriber device 111 to the authentication server 207 , for example a policy server 509 or a RADIUS server as shown in 5 , be effected.

The first data packet can be formatted according to a first communication protocol, for example according to a session protocol or according to one of the following communication protocols: DHCP, PPP, PPPoE. The second data packet can be formatted according to a second communication protocol, for example according to an access network control protocol, for example according to an ANCP communication protocol. The port status information can be a connection identifier, for example a LinelD or line identification of the subscriber device 111 include.

3 shows a schematic representation of a method 300 for switching a communication access of a subscriber device 111 to a communication network 113 according to one embodiment. The procedure 300 includes the following steps: Receive 301 a first data packet, for example a first data packet 810 , 812 as shown in 8th , with a dial-in information 807 , for example dial-in information 807 as shown in 8th , from the subscriber facility 111 ; and appealing 302 on receipt of the first data packet: inserting port status information, for example port status information 809b as shown in 8th into the first data packet and forwarding the first data packet to the communication network 113 ,
wherein the port status information is inserted into the first data packet in response to an enable signal.

The procedure 300 for example, after the in 6th message sequence diagram described 600 expire or include the steps described there.

4th shows a schematic representation of a method 400 for activating a communication access of a subscriber device 111 to a communication network 113 according to one embodiment.

The procedure 400 includes the following steps: Receive 401 a first data packet, for example a first data packet 810 , 812 as shown in 8th , with a dial-in information 807 , for example dial-in information 807 as shown in 8th , from the subscriber facility 111 ; Receive 402 a second data packet, for example a second data packet 814 as shown in 8th , with port status information, for example port status information 809b as shown in 8th , the subscriber facility 111 ; and responsive to reception 401 of the first data packet: Check whether a specified data field in the first data packet includes information that matches the port status information of the second received data packet, and if they match: enabling the communication access of the subscriber device 111 to the communication network 113 .

The specified data field in the first data packet can be located at the point within the first data packet at which the port status information or the LinelD is located according to an ANCP communication protocol.

5 shows an exemplary message flow diagram in a communication system 500 for switching a communication access of a subscriber equipment, CPE 505 to a communication network, BNG according to one embodiment.

The communication system 500 comprises a subscriber facility or CPE 505 , a network access device or access node (AN) 501 , a network service facility or BNG 507 and an authentication server or policy server 509 as well as a relay agent / intermediate agent, which is part of the access node 501 can be implemented.

Between AN 501 and BNG 507 First, data transmission is carried out according to an ANCP communication protocol 504 initiated. Then a topology discovery takes place 506 between CPE 505 and BNG 507 ; then a port synchronization 508 between CPE 505 and on 501 , for example via a DSL protocol, which can bring about synchronization via training signals and which can be terminated with a "Showtime" signal. After the port synchronization has been carried out 508 can be a port status message 510 from to 501 to BNG 507 transmitted in order to notify a PortUp signal to the BG.

After the port status message has been transmitted 510 to BNG 507 becomes an enable signal 502 and the relay agent / intermediate agent 503 communicated. This release signal 502 can also be used internally in the relay agent / intermediate agent 503 are generated to the processor of the AN 501 indicate that port synchronization has been achieved.

In the relay agent / intermediate agent 503 a PPPoE communication protocol or a DHCP communication protocol is implemented. The relay agent / intermediate agent 503 adds in response to the enable signal 502 a LinelD that comes from the port synchronization 508 and via the port status message 510 the BNG 507 was communicated in the PPPoE Request / DHCP Request 512a and transmits the PPPoE request / DHCP request 512b with inserted LinelD to the BNG 507 . The BNG 507 responds with a DHCP offer with LinelD 514a or a corresponding PPPoE answer, which answer 514b by the relay agent / IA 503 back to the CPE 505 is sent.

• Der DSL oder PON Kundenport wird synchronisiert mit dem Netz und die Anschlussbeziehung auf Layer 1 und 2 mit dem Access Knoten 501 (z.B. MSAN, GE-DSLAM, OLT) aufgebaut. Das Ergebnis wird per ANCP 504, 506, 508, 510 dem BNG 507 mitgeteilt, sodass das BNG 507 die Informationen über Portzustand, Bandbreiten und ggf. Fehlermeldungen erhält. Sobald der L2 Netzbezug hergestellt ist, baut das IAD (bzw. CPE 505) des Teilnehmers beginnend mit einem PADI bzw. DHCP Discover 512a oder Router Solicitation oder Neighbour Solicitation eine Verbindung zum Service Gateway - üblicherweise als BNG 507 bezeichnet - auf.

In one embodiment, the functionality of the communication system 500 describe as follows:

• The DSL or PON customer port is synchronized with the network and the connection relationship on layers 1 and 2 with the access node 501 (e.g. MSAN, GE-DSLAM, OLT). The result is via ANCP 504 , 506 , 508 , 510 the BNG 507 communicated so that the BNG 507 receives information about port status, bandwidths and, if applicable, error messages. As soon as the L2 grid connection is established, the IAD (or CPE 505 ) of the participant starting with a PADI or DHCP Discover 512a or Router Solicitation or Neighbor Solicitation establishes a connection to the Service Gateway - usually as a BNG 507 referred to - on.

The BNG 507 takes over the connection information transmitted via ANCP when the dial-in information arrives from the customer and forwards it to the policy server 509 further, who takes over the service control based on the transmitted Line ID and connection properties and the BNG 507 communicates the corresponding properties. The port information transmitted via ANCP between access nodes 501 and BNG 507 can occasionally later at the BNG 507 arrive as the via PADI, DHCP Discover, RS, NS 512a , 512b information sent. This delay leads to the policy server 509 no connection properties through ANCP 504 , 506 , 508 , 510 when the PADI, DHCP Discover, RS, NS messages arrive 512a , 512b are present. This is the policy server 509 unable to balance the true connection properties.

In the access node 501 is the intermediate agent (IA) 503 for PPPoE, the Relay Agent (RA) 503 for DHCPv4 and the LDRA (Light Weight Relay Agent) for IPv6. It is a stateless instance, which can be found in PADI Messages, DHCP Discover, Router Solicitation or Neighbor Solicitation Messages in upstream 512a , 512b inserts the port information (Line ID). In 5 the phases are shown. First phase 504 , 506 , 508 , 510 is the transmission of the bandwidth information to the AN 501 to the BNG 507 via ANCP. Second phase 512a , 512b consists of dialing in using the Relay Agents / Intermediate Agents / Lightweigt Relay Agents 503 .

6th shows an exemplary message flow diagram 600 for a procedure 300 , which can be executed in a network access device, AN according to one embodiment.

The flowchart 600 comprises a first message flow block 601 for processing the 1st communication protocol (PPPoE, DHCP), a 2nd message flow block 610 for processing the 2nd communication protocol (ANCP) and an enable signal between the 1st block 601 and the 2nd block 610 . The first message flow block 601 can for example be in an RA / IA / LDRA 803 of an AN 801 as shown in 8th be realized. The second message flow block 610 can for example in an ANCP agent 805 of an AN 801 as shown in 8th be realized.

In the first message flow block 601 becomes the RA / IA / LDRA 602 called, which inspects an incoming packet 603 and checks for a session initiation 604 . If a session has been initiated (Yes), you will be asked 605 whether ANCP is ready, ie whether an enable signal 620 from the 2nd block 610 was received. When the release signal is received 620 a LinelD is inserted 606 and forward the received packet 607 . If no session initiation 604 was received (No), the received packet is forwarded without LinelD 607 .

In the second message flow block 610 the ON port status is determined 611 and checked for a PortUp status 612 . With PortUp (Yes) an enable signal is generated 613 and possibly with an adjustable delay to the first block 610 transfer. If no PortUp 612 is present (No), the port status is determined again 611 .

• Die Anschlusskennung, die sog. Line ID, die über das TLV3 bzw. 6 in ANCP und in Option 105 für PPPoE oder Option 82 für DHCPv4 oder Option 37 für DHCPv6 je Kundenport übermittelt wird, spielt eine entscheidende Rolle für die Erkennung des Anschlusses durch den Policy Server. Diese Line ID ist eine Anschlusskennung, die im Access Node je Port und im gesamten Netz eineindeutig ist und einmalig vergeben wird. Diese wird je Kundenport provisioniert. Anhand dieser Kennung wird der Kunde in der Plattform vom Policy Server erkannt. Diese Information wird in den zugehörigen TLVs gesetzt die für die Remote Circuit ID bestimmt sind. Ein Nichtvorhandensein der Line ID am BNG, führt zu einem Zustand, dass der Kundenport nicht durch den Policy Server in Session gehen kann.

In one embodiment, the functionality of the method 300 describe as follows:

• The connection identifier, the so-called Line ID, which is transmitted via the TLV3 or 6 in ANCP and in option 105 for PPPoE or option 82 for DHCPv4 or option 37 for DHCPv6 per customer port plays a decisive role in the detection of the connection by the policy server. This line ID is a connection identifier that is unique in the access node for each port and in the entire network and is assigned once. This is provisioned for each customer port. The policy server recognizes the customer in the platform using this identifier. This information is set in the associated TLVs that are intended for the remote circuit ID. The absence of the Line ID at the BNG leads to a state that the customer port cannot enter a session through the policy server.

In the method according to the invention 300 a control function is implemented 605 , 613 which only releases an IA / RA when the first ANCP port up message is sent to the BNG. A release is linked to either inserting a valid LinelD or inserting a Line ID at all (otherwise the field remains empty). As a result, the IAD periodically attempts to establish a connection in the upstream, but this remains ineffective on the BNG as long as the line ID is not used in the corresponding data field. If a port up message has been sent from the access node to the BNG, the line ID is released in the IA / RA / LDRA for the corresponding port, the BNG receives a complete PADI or comparable dial-in message and can assign the dial-in to the Meet at port.

This guarantees dial-in as soon as the connection information is available via ANCP in the BNG and the connection accounting has been carried out correctly. This means that the situation where there is a dial-in without ANCP information at the BNG can no longer occur.

For example, the TLV 3/6 can be filled with a character string “FFFFFFFF” or “blancs (Hex 20)” as long as the port has not sent the information to the BNG via ANCP. As soon as this is done, the TLV 3/6 for that of the port is overwritten with the actual LinelD (see 8th ) and the valid Line ID leads to the establishment of the session.

7th shows an exemplary message flow diagram 700 for a procedure 400 , which can be executed in a network service facility, BNG, according to one embodiment.

The flowchart 700 comprises a first message flow block 701 for processing the 1st communication protocol (PPPoE, DHCP), a second message flow block 710 for processing the second communication protocol (ANCP) and session / port monitoring 720 with receiving first or second data packets, checking 721 the port status information and requests 722 to the policy server or authentication server.

When a first data packet is received in accordance with PPPoE or DHCP, a receive session is initiated 702 and checked 703 whether a session ID or a selection information, e.g. a PADI / DHCP Discover / RS / NS message 807 as shown in 8th , was received. If the session ID was received, this is reported to the test module 721 communicated. Otherwise the system waits for another data packet to be received in accordance with PPPoE or DHCP 702 .

When a second data packet is received in accordance with ANCP, receiving port information is read out 711 and checked 712 whether an ANCP Port Up or port status information, e.g. a LinelD 809b as shown in 8th was received. If an ANCP Port Up was received, this is reported to the test module 721 communicated. Otherwise, a further data packet is waited for in accordance with ANCP 711 .

• Das BNG terminiert die ANCP Verbindung vom Access Node und terminiert ebenso die Verbindungen für PPPoE, DHCP. In allen Verbindungen sind die Datenfelder (TLVs) für die Portidentifizierung gleich (TLV1, 2, 3, 6). Das BNG vergleicht beim Eintreffen einer Session Initiierungsnachricht (z.B. PADI, DHCP Discovery(IPv4), Neighbour Solicitation (IPv6), Router Solicitation (IPv6)) diese Datenfelder mit der ANCP Nachricht, die ebenfalls diese Datenfelder enthält und führt einen sogenannten „String Match“ durch. Im Falle von Abweichungen schlägt dieser String Vergleich fehl und die Session am Policy Server kommt nicht zustande (Block 721).

In one embodiment, the functionality of the method 400 describe as follows:

• The BNG terminates the ANCP connection from the access node and also terminates the connections for PPPoE, DHCP. The data fields (TLVs) for port identification are the same in all connections (TLV1, 2, 3, 6). When a session initiation message arrives, the BNG compares these data fields with the ANCP message, which also contains these data fields, and performs a so-called "string match" through. In the event of discrepancies, this string comparison fails and the session on the policy server does not take place (block 721 ).

This mechanism always intervenes if, for example, the line ID is not inserted into TLV 3/6 in the PPPoE or DHCP message at the access node. Because the BNG receives the Line ID via the ANCP protocol via TLV3 / 6, whereby this field is not blocked in ANCP. This ensures that authentication of a participant is prevented as long as the BNG has not received an ANCP port up message, since the string match 721 fails and no valid line ID is transmitted to the policy server. As a result, no service can be assigned to the customer and the customer does not come into session.

8th shows a schematic representation 800 a network access device AN 801 with incoming and outgoing data packets 810 , 812 , 814 according to one embodiment.

The network access device 801 is an embodiment of the 1 and 2 described network access device 100 . It is used to provide communication access for a subscriber device, for example a subscriber device 111 according to the 1 and 2 to a communication network, for example a communication network 113 according to the 1 and 2 . The network access device 801 comprises a subscriber-side communication interface, for example a subscriber-side communication interface 101 according to the 1 and 2 , for receiving data packets 810 , 812 from the subscriber facility; a network-side communication interface, for example a network-side communication interface 103 according to the figure, for transmitting data packets 810 , 812 , 814 to the communication network; and a processor, such as a processor 105 according to the 1 and 2 .

The network access device 801 includes a relay agent / intermediate agent 803 , for example an RA / IA / LDRA 503 according to 5 in which the message flow block 601 according to 6th for processing the PPPoE / DHCP protocol can be implemented. The network access device 801 also includes an ANCP agent 805 , for example one that appears in the AN 501 according to 5 can be implemented. In the ANCP agent 805 can the message flow block 610 according to 6th can be implemented for processing the ANCP protocol. Both agents 803 , 805 can be implemented as software blocks or as hardware circuits and implemented in the processor. The processor can be a multi-processor, in which, for example, a processor core is the RA / IA / LDRA 803 and another processor core implements the ANCP agent 805 . Alternatively, you can use RA / IA / LDRA agent 803 and ANCP agent 805 run as different processes or tasks on a single processor or a multi-processor system.

The processor or the respective blocks RA / IA agent 803 and ANCP agent 805 serve to convey the communication access of the subscriber device to the communication network.

The processor or the respective blocks RA / IA / LDRA Agent 803 and ANCP agent 805 are designed to be responsive to receipt of a first data packet 810 , 812 with a dial-in information 807 , for example a PADI / DHCP Discover / RS / NS data field, port status information from the subscriber device 809b , for example a LinelD of the subscriber device in the first data packet 810 , 812 insert and the first data packet 810 , 812 forward to the communication network. The processor or the respective blocks RA / IA / LDRA Agent 803 and ANCP agent 805 are also designed to provide the port status information 809b in response to an enable signal 802 in the first data packet 810 , 812 to insert.

The processor or the respective blocks RA / IA / LDRA Agent 803 and ANCP agent 805 can also be designed to respond to receipt of a third data packet with the port status information 809b , for example via synchronization 508 according to 5 , a second data packet from the subscriber device 814 based on the port status information 809b to generate and to transmit to the communication network.

The processor or the respective blocks RA / IA / LDRA Agent 803 and ANCP agent 805 can use the enable signal 802 based on an adjustable delay. The adjustable delay can be a time interval from the transmission of the second data packet 814 to the communication network until the release signal is generated 802 specify. For example, the delay can include a value x, as in FIG 8th shown, so that the first data packet provided with the LinelD 810 , 812 not until this delay later is sent as the second data packet 814 . This applies to 8th for repetition 812 of the first data packet 810 to, but not for the first data packet originally sent 810 .

The processor or the respective blocks RA / IA / LDRA Agent 803 and ANCP agent 805 can the first data packet 810 , 812 without inserted port status information 809b forward to the communication network when the port status information 809a , 809b is not available to the processor. The processor or the respective blocks RA / IA / LDRA Agent 803 and ANCP agent 805 can also include blocking information 809a in the first data packet 810 , 812 to be inserted when the port status information 809b is not available to the processor. This applies to 8th for the first data packet originally sent 810 to that before the transmission of the second data packet 814 has already been forwarded to the communication network. In this forwarded first data packet 810 is the LinelD 809a invalid or a blocking information was given at this point 809a inserted. In contrast, there was repetition 812 of the first data packet 810 after the second data packet has been transmitted 814 forwarded to the communication network, so that the correct Lineld 809b is present from the second data packet 814 could be taken.

The first data packet 810 , 812 can be formatted according to a first communication protocol, for example PPPoE, DHCP, RS, NS. The second data packet 814 may be formatted according to a second communication protocol, e.g. ANCP, as in 8th shown.

The port status information 809b may include a connection identifier of the subscriber device, for example a LinelD as in FIG 8th shown.

The dial-in information 807 from the subscriber device can display, for example, a port status, a bandwidth and / or an error message from the subscriber device.

• In einer Implementierung ohne die in diesem Dokument beschriebene erfindungsgemäße Freigabesteuerung treten Zustände auf, dass das BNG (Broadband Network Gateway) eine Einwahlinformation vom Kundenport (ein Port der Teilnehmereinrichtung) erhält, ohne die zugehörige ANCP Port Information mit z.B. der synchronisierten Bandbreite des Kundenports zu kennen. Das führt in der QoS Bilanzierung des Policy Servers zu undefinierten Zuständen. Das bedeutet, dass der Policy Server keine Information über die Anschlussbandbreite bei der Einwahl hat. Dieser Zustand kann mit in der Datenbank hinterlegten default Werten abgefangen werden, um einen Sessionaufbau überhaupt zu ermöglichen. Das löst allerdings das eigentliche Problem nicht, denn es liegen nicht die tatsächlichen Bandbreitenwerte bei der Erstsynchronisierung vor. Dieser Zustand tritt einerseits im Betrieb und andererseits bei Umschaltungen von BNG A auf BNG B auf.

In one embodiment, the functionality of the network access device 801 describe as follows:

• In an implementation without the release control according to the invention described in this document, states occur that the BNG (Broadband Network Gateway) receives dial-in information from the customer port (a port of the subscriber device) without knowing the associated ANCP port information with, for example, the synchronized bandwidth of the customer port . This leads to undefined states in the QoS accounting of the policy server. This means that the policy server has no information about the connection bandwidth when dialing in. This state can be intercepted with default values stored in the database in order to enable a session to be established at all. However, this does not solve the actual problem, because the actual bandwidth values are not available during the initial synchronization. This condition occurs on the one hand during operation and on the other hand when switching from BNG A to BNG B.

Only after the customer ports have been synchronized again does the platform or the network service facility receive the current bandwidth values.

Essential features of the invention described here are therefore the control function that regulates this time sequence in the Access Node (AN) using a mechanism that enables port release only after ANCP communication has taken place, i.e. the ANCP port up message sent to this port.

This means that first the ANCP port up message is sent from the AN to the BNG and then the transfer of the valid PADI or DHCP Discover / Neighbor Solicitation / Router Solicitation to the BNG is possible. This is achieved by unlocking the LinelD (= release for inclusion in the dial-in message) (see 8th ).

The line ID block is only released when the port synchronously and ANCP has transmitted the port information to the BNG. By blocking the Line ID in the Intermediate Agent / Relay Agent 803 becomes the dial-in message of the port 810 , 812 as long as the lack of a valid Line ID 809b unusable for the policy server until it is blocked by sending the port up message at the same time 814 will be annulled. This means that the BNG does not have valid dial-in information 807 before it receives the associated ANCP port information 809b had received.

Since a session with an invalid Line ID 809a does not come about, the client will start a new attempt to dial, which is then successful, with a valid LinelD 809b because the port is the ANCP port message 814 and the port lock has been released. The advantage here is that the processes in the CPE / client, in the AN and in the BNG are stateless (stateless) and do not require any synchronization with one another.

One aspect of the invention also comprises a computer program product which can be loaded directly into the internal memory of a digital computer and comprises software code sections with which the 3 until 8th can be performed when the product is running on a computer. That Computer program product can be stored on a computer-compatible medium and comprise the following: computer-readable program means which cause a computer to perform the method 300 or the procedure 400 to execute.

The computer can be a PC, for example a PC on a computer network. The computer can be implemented as a chip, an ASIC, a microprocessor or a signal processor and in a computer network, for example as a processor of a network access device or a processor of a network service device as described above 1 until 8th described, be arranged.

It goes without saying that the features of the various exemplary embodiments described herein can be combined with one another, unless specifically stated otherwise. As shown in the description and the drawings, individual elements that have been shown in connection need not be directly connected to one another; Intermediate elements can be provided between the connected elements. Furthermore, it goes without saying that embodiments of the invention can be implemented in individual circuits, partially integrated circuits or completely integrated circuits or programming means. The term "for example" is meant as an example only and not as the best or optimal. Certain embodiments have been illustrated and described herein, but it will be apparent to those skilled in the art that a variety of alternative and / or similar implementations can be made in lieu of the embodiments shown and described without departing from the concept of the present invention.

List of reference symbols

100

Network access device

101

communication interface on the subscriber side

103

network-side communication interface (of the network access device)

105

processor

111

Subscriber facility

113

Communication network

200

Network service facility

201

network-side communication interface (of the network service facility)

203

communication interface on the network access side

205

processor

207

Authentication server

300

Method for arranging communication access of a subscriber device to a communication network

301

1st step: Receive 1st data packet

302

Step 2: insert and forward

400

Method for activating communication access of a subscriber device to a communication network

401

1st step: Receive 1st data packet

402

2nd step: Receive 2nd data packet

403

3rd step: check

404

4th step: unlock

500

Communication system for arranging communication access of a subscriber device to a communication network

501

Network access device, access node

502

Release signal

503

Relay Agent / Intermediate Agent / Lightweight Relay Agent

505

Subscriber Facility, CPE

507

Network service facility, BNG

509

Authentication server, policy server

504

second communication protocol, ANCP

506

Topology communication protocol, topology discovery

508

third communication protocol, port synchronization protocol, DSL

510

Port status message (Up)

512a

first communication protocol, PPPoE, DHCP, request to relay agent

512b

first communication protocol, PPPoE, DHCP, request to BNG

514a

first communication protocol, PPPoE, DHCP, response from BNG

514b

first communication protocol, PPPoE, DHCP, response from relay agent

600

Message flow to the procedure 300 for the network access device, AN

601

1st message flow block for processing the 1st communication protocol (PPPoE, DHCP)

602-607

Steps of the 1st message flow block

610

2nd message flow block for processing the 2nd communication protocol (ANCP)

611-613

Steps of the 2nd message flow block

620

Release signal

700

Message flow to the procedure 400 for the network service facility, BNG

701

1st message flow block for processing the 1st communication protocol (PPPoE, DHCP)

702, 703

Steps of the 1st message flow block

710

2nd message flow block for processing the 2nd communication protocol (ANCP)

711, 712

Steps of the 2nd message flow block

720

Session / port monitoring, receiving (1st / 2nd) data packets

721

Check the port status information

722

Request to policy server or authentication server

800

Network access device, AN with incoming and outgoing data packets

810

first data packet (according to PPPoE, DHCP)

812

Repetition of the first data packet

814

second data package (according to ANCP)

807

Dial-in information

809a

invalid LinelD, lock information

809b

Port status information, valid LinelD

802

Release signal

801

Network access device, AN

803

Relay agent / intermediate agent

805

ANCP agent

804

Trigger signal

Claims (11)

Network access device (100, 801) for providing communication access from a subscriber device (111) to a communication network (113), the network access device (100, 801) comprising: a subscriber-side communication interface (101) for receiving data packets (810, 812) from the subscriber device (111); a network-side communication interface (113) for transmitting data packets (810, 812, 814) to the communication network (113); and a processor (105) for switching the communication access of the subscriber device (111) to the communication network (113), the processor (105) being designed: in response to receipt of a first data packet (810, 812) with dial-in information (807) from the subscriber device (111), insert port status information (809b) into the first data packet (810, 812) and send the first data packet (810, 812) to the Forward communication network (113), wherein the processor (105) is further designed to insert the port status information (809b) in response to an enable signal (802) in the first data packet (810, 812), wherein the processor (105) is designed to generate the enable signal (802) based on an adjustable delay. Network access device (100) according to Claim 1 , wherein the processor (105) is designed, in response to receipt of a third data packet with the port status information (809b) from the subscriber device (111), to generate a second data packet (814) based on the port status information (809b) and to send it to the communication network (113 ) to transmit. Network access device (100) according to Claim 1 or 2 wherein the adjustable delay specifies a time interval from the transmission of the second data packet (814) to the communication network (113) to the generation of the release signal (802). Network access device (100) according to one of the preceding claims, wherein the processor (105) is designed to forward the first data packet (810, 812) without inserted port status information (809b) to the communication network (113) if the port status information (809a, 809b) is Processor (105) is absent. Network access device (100) according to one of the preceding claims, wherein the processor (105) is designed to insert blocking information (809a) in the first data packet (810, 812) if the port status information (809b) is not available to the processor (105). Network access device (100) according to one of the preceding claims, wherein the first data packet (810, 812) is formatted according to a first communication protocol (PPPoE) and the second data packet (814) is formatted according to a second communication protocol (ANCP). Network access device (100) according to one of the preceding claims, wherein the port status information (809b) comprises a connection identifier (LineID) of the subscriber device (111). Network access device (100) according to one of the preceding claims, wherein the dial-in information (807) from the subscriber device (111) comprises at least one of the following information about the subscriber device (111): a port state, a range, an error message. A communication system (500) for switching a communication access of a subscriber device (111, 505) to a communication network (113), comprising: a network access device (100, 501) according to one of the Claims 1 until 8th ; and a network service facility (200, 507). Method (300) for arranging communication access of a subscriber device (111) to a communication network (113), comprising the following steps: Receiving (301) a first data packet (810, 812) with dial-in information (807) from the subscriber device (111); Generating an enable signal (802) based on an adjustable delay and responsive (302) to the receipt of the first data packet (810, 812): inserting port status information (809b) into the first data packet (810, 812) and forwarding the first data packet (810, 812) to the communication network (113), wherein the insertion of the port status information (809b) into the first data packet (810, 812) takes place in response to the release signal (802). A method (400) for activating a communication access of a subscriber device (111) to a communication network (113), comprising the following steps: receiving (401) a first data packet (810, 812), sent out by a network access device (100, 501) according to one of the Claims 1 until 8th according to the procedure of Claim 10 wherein the first data packet (810, 812) has dial-in information (807) from the subscriber device (111); Receiving (402) a second data packet (814) sent out by the network access device (100, 501), the second data packet (814) having port status information (809b) of the subscriber device (111); and in response to the receipt (401) of the first data packet (810, 812): Checking whether a predetermined data field in the first data packet (810, 812) includes information that corresponds to the port status information (809b) of the second received data packet (814) matches, and if they match: enabling the communication access of the subscriber device (111) via the network access device (100, 501) to the communication network (113).

Images