WO2007124679A1 - Method and system of network communication - Google Patents

Method and system of network communication Download PDF

Info

Publication number
WO2007124679A1
WO2007124679A1 PCT/CN2007/001314 CN2007001314W WO2007124679A1 WO 2007124679 A1 WO2007124679 A1 WO 2007124679A1 CN 2007001314 W CN2007001314 W CN 2007001314W WO 2007124679 A1 WO2007124679 A1 WO 2007124679A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
access
frame header
uplink
ethernet frame
Prior art date
Application number
PCT/CN2007/001314
Other languages
French (fr)
Chinese (zh)
Inventor
Zhenting Yang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007124679A1 publication Critical patent/WO2007124679A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling

Definitions

  • the present invention relates to the field of communications, and in particular, to a user access information providing method, a network communication method, a system, and a node device.
  • Ethernet has become one of the most popular solutions due to its low cost, easy deployment and good scalability. In fact, more than 4 operators currently implement Ethernet services on the metro network.
  • the large-scale deployment of Ethernet technology in metropolitan area networks and access aggregation networks is bound to face and solve many difficult problems, such as breaking the limit of 4096 VLANs (Virtual LANs), transparent LAN (Local Area Network, LAN) Network security issues such as service connection, quality of service guarantee, MAC address spoofing, DOS attack, etc.
  • VLAN Virtual LANs
  • LAN Local Area Network
  • Mac-in-Mac defines the format standard for the two-layer MAC stack, and encapsulates the carrier's Ethernet frame header in addition to the user data frame, since Mac-in-Mac completely shields the user.
  • Side information (such as MAC address, user VLAN, and generation t) implements transparent transmission of user data, improves operator network scalability and network security, and enhances service scalability.
  • Mac-in-Mac uses Layer 2 technology, without complex signaling mechanisms, and low equipment costs, network construction, and operation and maintenance costs. It can be seen that Mac-in-Mac technology provides MAC address isolation for user networks and carrier networks, seamless transparent transmission of user network control protocols, easy differentiation of service quality, and good network deployment scalability. Ethernet-based Mac- The in-Mac technology will be an effective solution to the problem of access aggregation networks.
  • P-MAC DA/SA Provider Destination/Source MAC Address, carrier destination/source MAC address
  • P-TAG Provider Tag, carrier label
  • P-ServiceLabel Provider service label, carrier monthly service label
  • P-MAC DA, P-MAC SA, P-TAG, and P-ServiceLabel form a layer of carrier Ethernet frame header, that is, carrier network identifier
  • P-MAC DA and P-MAC SA are mandatory fields
  • P -TAG and P-ServiceLabd are optional fields.
  • the Mac-in-Mac specified by IEEE 802.1ah defines the network boundary node, and the network border node performs the addition and removal of the MAC stack address.
  • the IEEE 802.1ah has great flexibility to implement a hierarchical network.
  • Customer Ethernet Frame User Ethernet frame, such as Ethernet frame in 801.1Q format, Ethernet frame in 802.3 format, etc.
  • the 801.1Q format is shown in Table 2 below:
  • C-MAC DA/SA Customer Destination/Source MAC Address, User Ethernet ⁇ /Source MAC address
  • C-TAG Customer Tag, user Ethernet ⁇ label
  • C-MAC DA, C-MAC SA and C-TAG constitute the user Ethernet frame header
  • C-MAC DA and C-MAC SA are mandatory fields
  • C-TAG is optional field.
  • the IEEE 802.1ah standard defines the system framework of Mac-in-Mac, it does not provide a solution for how to establish a Layer 2 connection channel inside the carrier network, especially the simple solution for establishing a connection channel for accessing the aggregation network application Mac-in-Mac. .
  • the IP DSLAM Digital Subscriber Line Access Multiplexer
  • the IP DSLAM uses Ethernet technology as the uplink interface transmission technology
  • the user PVC (Permanent Virtual Circuit) Access information such as ) and / or port can only be provided by the Ethernet VLAN ID (VLA identifier), and the range of VLAN ID is only 4096 in the IEEE protocol, so in more than 4 cases, the authentication is set.
  • the device can only obtain the fuzzy VLAN ID (the VLAN ID shared by multiple users).
  • the loss of user access information will bring many security problems to the operating broadband telecommunication network.
  • the provision of user access information is already the development of IP DSLAM. One of the urgent problems to be solved.
  • DHCP Option 82 Dynamic Host Configuration Protocol 82
  • PPPoE+ Point to Point Protocol over Ethernet
  • DHCP Option 82 and PPPoE+ can only be used in a unique scenario, that is, users can provide user access information when they use DHCP or PPPoE. They cannot provide a solution that adapts to various scenarios, and user location and location based on DHCP Option 82 and PPPoE+.
  • the location provided by the delivery solution is one-off and does not provide user access information at runtime.
  • the embodiment of the invention provides a network communication method and system, which provides an easy deployment solution for the MAC stack application, and implements MAC address isolation between the user network and the operator network through the MAC technology, and solves the MAC address of the Ethernet access network. Security issue.
  • the embodiment of the invention further provides a method for providing user access information, which provides user access information during operation, which facilitates management of the user by the authentication device.
  • the embodiment of the present invention further provides an access node and a sink node, which implement MAC address isolation between the user network and the carrier network through the MAC technology, and solve the security problem of the MAC address of the Ethernet access network.
  • the access node receives the uplink packet from the user, and adds the carrier Ethernet frame header to send the uplink packet;
  • the access aggregation node receives the uplink packet, removes the carrier Ethernet frame header in the uplink packet, and transmits the uplink packet to another network.
  • a secure transmission channel that is, a MAC stack tunnel, implements MAC address isolation between the user network and the carrier network, so that the carrier network does not need to perceive the user's MAC address, effectively solving the problem.
  • a method for providing user access information provided by the embodiment of the present invention includes:
  • Ethernet frame header including the user access information is added to the uplink packet at the access node, the Ethernet frame header including the user access information is analyzed at the access aggregation node to obtain the user access information, thereby simplifying The way to solve the problem of user access information provision. Since each uplink packet contains user access information, user access information can be provided in various scenarios.
  • a network communication system provided by an embodiment of the present invention includes: an access node and an access aggregation node connected through an Ethernet;
  • the access node is configured to receive an uplink message from the user, add a carrier Ethernet frame header to the received uplink message, and then send the uplink message to the Ethernet;
  • the access aggregation node is configured to remove the operator Ethernet frame header in the uplink message from the Ethernet, and transmit the uplink message to another network.
  • the network communication system in the embodiment of the present invention adopts an operator Ethernet frame header in an uplink packet at an access node, and an operator Ethernet frame header is deleted at an access aggregation node, thereby being in an Ethernet access node and
  • a secure transmission channel that is, a MAC stack tunnel, is established between the access aggregation nodes to implement MAC address isolation between the user network and the carrier network, so that the carrier network does not need to perceive the user's MAC address, thereby effectively solving the Ethernet access.
  • a receiving unit configured to receive an uplink message from the user and a downlink message from the Ethernet network, where the sending unit is configured to send the uplink message to the Ethernet, and send the downlink message to the user ;
  • An Ethernet frame header adding unit is configured to add an operator Ethernet frame header to the uplink message received by the receiving unit.
  • a receiving unit configured to receive an uplink packet from the local Ethernet network to which the access aggregation node belongs Downlink messages from other Ethernet networks;
  • a sending unit configured to send the uplink packet to the other Ethernet, and send the downlink packet to the local Ethernet
  • An Ethernet frame header adding unit is configured to add an operator Ethernet frame header and/or a user Ethernet frame header to the downlink packets of the other Ethernet.
  • the access node and the access aggregation node provided by the embodiment of the present invention implement MAC address isolation between the user network and the operator network through the MAC technology, and solve the security problem of the MAC address of the Ethernet access network.
  • FIG. 1 is a flowchart of a network communication method according to an embodiment of the present invention.
  • FIG. 2 is a schematic diagram showing the implementation of a network communication method according to an embodiment of the present invention.
  • 3A is a schematic diagram of networking of a network communication system, a user equipment, and other networks according to an embodiment of the present invention
  • 3B is a logic block diagram of a network communication system according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of an automatic allocation process of a source MAC address of an operator in an embodiment of the present invention
  • FIG. 5 is a schematic block diagram of an access node according to an embodiment of the present invention.
  • FIG. 6 is a flowchart of an access node processing an uplink packet in an embodiment of the present invention.
  • FIG. 7 is a flowchart of processing, by an access node, a downlink packet according to an embodiment of the present invention.
  • FIG. 8 is a schematic block diagram of an access aggregation node according to an embodiment of the present invention.
  • FIG. 9 is a flowchart of processing an uplink packet by an access aggregation node according to an embodiment of the present invention.
  • FIG. 10 is a flowchart of processing a downlink packet by an access aggregation node according to an embodiment of the present invention
  • FIG. 11 is a flowchart of an embodiment of a method for providing user access information according to an embodiment of the present invention. detailed description
  • FIG. 1 is a flow chart of a network communication method according to an embodiment of the present invention.
  • the method includes the following steps: 101.
  • An access node receives an uplink message from a user.
  • 102. The access node automatically adds a carrier Ethernet frame header to the received uplink packet, and then sends an uplink packet.
  • the access node generates a first field of the carrier Ethernet frame header according to the access information of the user, and generates a second field of the carrier Ethernet frame header by using the uplink forwarding parameter table.
  • the user's access information may be user location information and/or user identity, and may be other information that uniquely identifies the user.
  • the user location information includes at least one of the following: an identifier of the access node, a slot number of the user access board, a port number accessed by the user, and a logical link number accessed by the user; the user identifier includes at least one of the following: The IP address of the incoming user, the MAC address of the access user, the partial field of the EP address of the access user, the partial field of the MAC address of the access user, the user account of the access user, and a specified value of the access user. .
  • the access node generates the code of the first field of the carrier Ethernet frame header according to the access information of the user, including the carrier source MAC address of the uplink packet; the access node generates the carrier Ethernet by searching or adapting the uplink forwarding parameter table.
  • the encoding of the second field of the frame header includes the carrier's destination MAC address of the uplink packet; where, the uplink is the direction that the user sends to the access node.
  • the uplink is transmitted in the Ethernet.
  • the access aggregation node removes the carrier Ethernet frame header in the uplink packet from the Ethernet, and transmits the uplink packet to another network, such as an IP network, an Ethernet, or the like.
  • the access aggregation node also needs to remove the user Ethernet frame header from the uplink of the Ethernet.
  • the user access information may be obtained by parsing the code of the first field of the carrier Ethernet frame header.
  • a downlink from the access aggregation node in another network ⁇ Gen increase Carrier Ethernet packet header and / or user Ethernet header.
  • the Ethernet frame header includes: a destination MAC address and a source MAC address, and may further include: a VLAN tag and/or a type and/or a Service Label.
  • the access node is a broadband access device in a broadband network.
  • the access node transmits the downlink message to the user by checking the access node downlink forwarding parameter table.
  • the access node adds a corresponding field of the carrier Ethernet frame header to the uplink message from the user by checking the access node uplink forwarding parameter table.
  • the corresponding field includes the ViAC address of the upstream message carrier.
  • the access node uplink forwarding parameter table is a forwarding parameter table that includes an operator destination MAC address of the uplink packet and a user correspondence relationship.
  • the access node converts the access information of the access user into the same encoding as the MAC address encoding format; the access node automatically uses the above-mentioned encoding including the access user access information as the carrier source MAC of the MAC address stack application.
  • the carrier's destination MAC address of the uplink packet may be configured at the access node according to at least one of the following rules:
  • the carrier's destination MAC address of the uplink packet is configured for the logical link of each port of the access node, and all the packet services on the logical link of the port share the carrier's destination MAC address of the uplink packet.
  • the destination MAC address of the carrier that configures the upstream packet is the uplink forwarding parameter table of the carrier's destination MAC address to the access node.
  • the access node uplink forwarding parameter table may be configured at the access node by using at least one of the following rules, where the access node uplink forwarding parameter table is used to establish a mapping between the carrier's destination MAC address of the uplink packet and the user of the uplink packet. Relationship:
  • the method further includes the following steps:
  • the access node generates an access node uplink forwarding parameter table according to the carrier destination MAC address of the uplink message of the user and the user destination MAC address of the uplink message.
  • the downlink direction refers to the direction of the packet sent from the access node to the user or the direction of the packet sent by the access aggregation node to the user.
  • the operator that refreshes the uplink packet The destination MAC address of the destination MAC address and the uplink destination packet of the uplink packet in the upstream forwarding parameter list of the access node; if the destination MAC address of the upstream packet and the destination destination MAC address of the uplink packet are forwarded by the access node If the parameter table already exists but is inconsistent, the access node uplink forwarding parameter table is updated; and if the destination MAC address of the uplink message and the user destination MAC address of the uplink message do not exist in the uplink forwarding parameter table of the access node, Then, in the access node uplink forwarding parameter table, a mapping item of the carrier's destination MAC address of the uplink packet and the user destination MAC address of the uplink text is added.
  • the access node actively maintains an aging mechanism of the uplink forwarding parameter table of the access node. If the access node uplink forwarding parameter table entry of the carrier's destination MAC address of the uplink packet and the user destination MAC address of the uplink packet is not updated or refreshed within the specified period, the access node forwards the parameter from the access node. In the table, the carrier's destination MAC address of the upstream packet and the destination destination MAC address of the uplink text are deleted.
  • the access node can manage and maintain the user MAC address of the user in at least one of the following ways:
  • the user MAC address is configured on the access node; the access node learns the user's MAC address according to the uplink information of the user, and dynamically learns the user MAC address.
  • the user MAC address is maintained and managed by the aging mechanism.
  • the user MAC address is the user source MAC address of the uplink packet.
  • the user MAC address exists in the downlink forwarding parameter table of the access node.
  • the processing procedure of the access node processing the uplink packet is as follows: The access node receives the uplink packet from the user; the access node generates the carrier source of the uplink packet according to the source MAC address generation rule of the operator. The MAC address is obtained by the access node to find the uplink forwarding parameter table of the access node to obtain the destination MAC address of the carrier of the uplink packet.
  • the packet is processed according to the configuration policy, where the configuration policy includes At least one of the following: discards the packet, the carrier MAC address of the default upstream packet is the broadcast address of all Fs, and the default The destination MAC address of the carrier of the uplink packet is the specified default MAC address; the access node obtains the carrier label of the carrier tunnel header in the uplink direction; and the access node increases the carrier Ethernet according to the carrier Ethernet frame header forwarding. Ethernet header of the frame header.
  • the processing procedure of the access node processing the downlink packet is as follows: The access node receives the packet with the carrier Ethernet frame header sent from the upper layer device to the user; the access node removes the packet. The carrier Ethernet frame header; the access node searches the access node downlink forwarding parameter table according to the destination MAC address of the packet to obtain the port link or logical link where the user is located, and then sends the packet to the user.
  • the access aggregation node processes the downlink packet by using the user access address table, where the user access address table includes the source MAC address of the carrier of the uplink packet and the source MAC address of the user of the uplink packet. Correspondence between the source MAC address of the carrier or the source MAC address of the uplink packet and the IP address of the user.
  • the user access address table is in the form of static configuration or dynamic learning.
  • the access aggregation node can obtain the user's IP address or the user source MAC address of the uplink packet by using an address resolution protocol (ARP) packet.
  • ARP address resolution protocol
  • the source MAC address of the carrier of the uplink packet is obtained from the carrier source MAC of the uplink packet of the operator of the Ethernet frame header of the Ethernet frame header of the address resolution protocol packet.
  • the access aggregation node can manage the source MAC address of the carrier of the uplink packet in the following manner: Configuration mode, configuring the source MAC address of the carrier of the uplink packet to the designation of the access aggregation node On the link, the downlink source packet is forwarded by the source MAC address of the upstream packet.
  • Configuration mode configuring the source MAC address of the carrier of the uplink packet to the designation of the access aggregation node
  • the downlink source packet is forwarded by the source MAC address of the upstream packet.
  • the access aggregation node learns the source MAC address of the uplink packet according to the uplink user packet, and learns the uplink.
  • the source MAC address of the carrier is used as the basis for forwarding the downlink packets of the user.
  • the source MAC address of the carrier of the uplink packet is the destination MAC address of the carrier of the downlink packet.
  • the step of the access aggregation node processing the uplink Ethernet packet includes removing the Ethernet frame header in the uplink.
  • the access aggregation node processes the downlink packet by using the following process: the downlink packet is a packet from the access aggregation node to the user: the access aggregation node receives the IP packet or the Ethernet packet sent to the user; Destination IP or user MAC address to find the user access location
  • the address table obtains the destination MAC address of the carrier of the downlink packet and/or the destination destination MAC address of the downlink packet; adds the Ethernet frame header of the user and/or the Ethernet frame header of the operator in the downlink message; The user's Ethernet frame header and the carrier's Ethernet frame header.
  • FIG. 2 is a schematic diagram showing the implementation of a network communication method according to an embodiment of the present invention.
  • the transmission path from an access node (AN) to an access aggregation node is called an access aggregation network.
  • the process of processing the uplink packet in the access aggregation network is as follows: the user terminal sends an uplink packet to the access node, and adds a carrier Ethernet frame header to the uplink packet by using a policy such as a table lookup at the access node, for example, , P-MAC DA and P-MAC SA, etc.
  • the uplink packet of the carrier Ethernet frame header is transmitted in the Ethernet network by means of the carrier Ethernet frame header.
  • the access aggregation node terminates the Ethernet packet and simultaneously accesses the packet.
  • the aggregation node can obtain user access information from the Ethernet frame header and then transmit the message to an IP network or other network, such as an Ethernet or VPN (Virtual Private Network).
  • the process of processing the downlink packet in the access aggregation network is as follows:
  • the IP edge node receives the downlink packet sent to the user from the IP network, and adds the Ethernet frame header of the user to the downlink packet by checking the user access address table. / or the carrier's Ethernet frame header, and then the downlink ⁇ 1 ⁇ text is transmitted to the access aggregation network.
  • the downlink packet of the carrier Ethernet frame header is transmitted in the Ethernet network by means of the carrier Ethernet frame header.
  • the access node removes the carrier Ethernet frame header and then passes Check the downlink forwarding parameter table and other policies to send downlink packets to the user.
  • FIG. 3A is a schematic diagram of networking of a network communication system, a user equipment, and other networks according to an embodiment of the present invention:
  • the user equipment 21 accesses the Ethernet 301 through the access node 302 in the network communication system 30 of the embodiment of the present invention, and adds the uplink packet sent by the user to the carrier Ethernet frame header in the access node 302. Then, the uplink packet with the carrier Ethernet frame header is transmitted to the access aggregation node 303 in the network communication system 30 of the embodiment of the present invention through the Ethernet 301, and the access aggregation node 303 removes the Ethernet from the aggregation node 303.
  • the carrier Ethernet frame header in the uplink packet can also obtain user access information from the carrier Ethernet frame header in the uplink packet, and transmit the uplink packet to the other network 22.
  • the other network 22 may be an Ethernet network of another carrier or an IP network. If it is IP For the network, the access aggregation node 303 also needs to remove the user Ethernet frame header from the uplink temple of the Ethernet.
  • the carrier Ethernet frame header is added to the downlink information, or the carrier Ethernet frame header is added at the same time.
  • the user Ethernet frame header is then transmitted to the access node 302 via the Ethernet 301; the access node removes the carrier Ethernet frame header in the downlink message from the Ethernet network, and transmits the downlink message header.
  • the access node is a broadband access device in the broadband network.
  • Figure 3B shows a logical block diagram of a network communication system in accordance with an embodiment of the present invention:
  • the access node 302 includes: a mapping module 321, a carrier Ethernet frame header generating module 322, and an uplink packet encapsulating module 323.
  • the mapping module 321 is configured to store an access node uplink forwarding parameter table.
  • the carrier Ethernet frame header generating module 322 is configured to generate a carrier Ethernet frame header, including generating an operator Ethernet frame according to the user access information.
  • the carrier source MAC address field in the header and generates an operator destination MAC address field in the carrier Ethernet frame header by looking up the access node uplink forwarding parameter table;
  • the uplink packet encapsulating module 323 is configured to generate the generated operation
  • the MPLS Ethernet frame header is added to the uplink packet received by the access node.
  • the user's access information includes: user location information, and/or user identification, and/or other information that uniquely identifies the user.
  • the user location information includes at least one of the following: an identifier of the access node, a slot number of the board accessed by the user, a port number accessed by the user, and a logical link number accessed by the user;
  • the user identifier includes at least one of the following: The IP address of the access user, the MAC address of the access user, the partial field of the IP address of the access user, the partial field of the MAC address of the access user, the user account of the access user, and a specified user of the access user. value.
  • the access node compiles the user's access information into a 48-bit location information code according to the coding format of the MAC address.
  • the location information coding includes: an index of information required by the one or more of the broadband access device number, the device frame number, the slot number, and the port number, and the user's IP address, the user's MAC address, and the priority.
  • the access node automatically uses the above-mentioned code including the access information of the access user as the carrier source MAC of the MAC address stack application.
  • FIG. 4 is a flowchart of a process for automatically allocating a source MAC address of an operator in an embodiment of the present invention, including the following steps:
  • the network access device converts the identifier of the access user and/or the location information of the access user into an encoding that is the same as the encoding format of the MAC address.
  • the network access device automatically uses the foregoing encoding of the access information of the access user as the carrier source MAC of the MAC address stack application.
  • the user's access information may be an access user identifier and/or an access user location information.
  • the access user identifier includes an access user identity index.
  • the access user identity index includes at least one of the following: an IP address of the access user, a MAC address of the access user, a part of the IP address of the access user, a part of the MAC address of the access user, and a user account of the access user. And a specified value of the access user.
  • the access user location information includes at least one of the following: an identifier of the network access device that the user accesses the network, a frame number that the user accesses on the network access device, and a user board slot that the user accesses on the network access device.
  • the identifier of the network access device includes at least one of the following: an IP address of the network access device, a name of the network access device, a device identifier configured for the network entry device, a MAC address of the network access device, or a partial word in the MAC address. Section, and part of the MAC address or MAC address configured for the network access device. The identity of the access user and/or the correspondence between the location information of the access user and the MAC code is configured in the network access device.
  • the MAC address stack includes Mac-in-Mac.
  • the access user identity may be the user's IP address or a part of the user's MAC address or user IP address or a part of the user's MAC address or an account number or a specified value. Any combination between them may be combined. Configured in the access device.
  • the access user location information refers to the access location of the network where the user is located, including the identifier of the network access device that the user accesses the network, the slot number of the user interface board that the user accesses the device on the network, and the user access user.
  • the port number of the interface board which can also contain the logical link number.
  • the identifier of the network access device includes: an IP address of the device, a name of the device, a configured device identifier, a MAC address of the device, and a configured MAC address segment.
  • the access node is configured with one or more MAC address segments, such as: MAC address segment: OxOOEO-FCl 1-0000, MASK: 0xFFFF-FFFF-0000, the MAC address segment can identify the access segment.
  • the MAC address segment can be configured according to the network plan; the access node automatically combines the user's node user location information with the configured MAC address segment to generate the P-MAC SA of the user's Mac-in-Mac tunnel.
  • the user's node location information can be identified as follows: frame number / slot number / subslot / port number + [vpi, vci] + [vlan], frame number / slot number / subslot / port number + [vpi, vci] , frame number / slot number / subslot / port number + [vlan], frame number / slot number / subslot / port number, etc., node user location information is encoded according to a certain format, the length of the code is the length of the MAC segment allocation .
  • the frame number/slot number/sub-slot/port number is 0/1/0/63 format is 203f
  • the user's P-MAC SA is 0x00E0-FCll-203F
  • 0x00E0-FCll-203F can identify the user.
  • the P-MAC SA is an operator source MAC of the uplink packet.
  • the P-MAC DA of the uplink packet of the access node user can be generated by the following rules:
  • the network administrator can configure the P-MAC DA of the uplink packet on the access node.
  • the configuration method can be flexibly configured. For example, one access node uniformly configures an uplink packet for P-MAC DA, and all users share the uplink packet.
  • the P-MAC DA of the text is configured according to the port, and one port is configured with a P-MAC DA of the uplink packet, and all the packet services in the port share the P-MAC DA of the uplink packet, according to the port link configuration, one port
  • the logical link is configured with a P-MAC DA of the uplink packet, and all the packet services on the link share the P-MAC DA of the uplink packet.
  • the foregoing configuration is not mutually exclusive and can be used in combination.
  • the access node saves the P-MAC DA of the uplink packet to the uplink forwarding parameter list of the access node according to the actual configuration policy.
  • the network administrator can configure the uplink P-MAC DA and the uplink C-MAC DA uplink forwarding parameter list in the access node, and the configuration method can be flexibly configured, for example:
  • the parameter list is configured according to the port configuration, and one port is configured with an uplink P-MAC DA and an uplink C-MAC DA access node uplink forwarding parameter table, and all the packet services in the port share the uplink P-MAC DA and the uplink C- MAC DA access node uplink forwarding parameter table, according to port link configuration, one port logical link is configured with one or more uplink P-MAC DA and uplink C-MAC DA access node uplink forwarding parameter table, in the port All the packet services on the link share the uplink forwarding parameter table of the access nodes of the uplink P-MAC DA and the uplink C-MAC DA.
  • These configurations are not mutually exclusive.
  • the access node saves the uplink P-MAC DA and the uplink C-MAC DA in the access node uplink forwarding parameter table according to an actual configuration policy.
  • the access node learns the user's uplink P-MAC DA and uplink according to the downlink packet.
  • the uplink forwarding parameter table of the access node of the C-MAC DA refers to the direction from the access node to the user or the direction of the aggregation node to the access node.
  • the access node learns the P-MAC SA and the C-MAC SA of the downlink packet, and the P-MAC SA of the downlink packet is the P-MAC DA of the user uplink, and the C-MAC of the downlink packet.
  • the SA is the uplink C-MAC DA of the user. If the uplink P-MAC DA and the uplink C-MAC DA have already existed and are consistent in the uplink forwarding parameter table of the access node, the state is refreshed, if the uplink P-MAC DA and the uplink C- The MAC DA has already existed but is consistent in the access node uplink forwarding parameter table, and then updates the uplink P-MAC DA and the uplink C-MAC DA access node uplink forwarding parameter table. If not, the uplink P-MAC DA is added. And the uplink node of the uplink C-MAC DA forwards the parameter table item.
  • the access node actively maintains the aging mechanism of the uplink forwarding parameter list of the access node of the uplink P-MAC DA and the uplink C-MAC DA, and uplinks the uplink node of the uplink P-MAC DA and the uplink C-MAC DA in the specified period.
  • the parameter table item is not updated or refreshed, and the access node deletes the uplink forwarding parameter list item of the access node of the uplink P-MAC DA and the uplink C-MAC DA.
  • the access node moves the uplink P-MAC DA and the uplink C-MAC DA access node to forward the parameter table.
  • the learning form is flexible. For example: Based on the node learning, all users in the node share the uplink P-MAC DA and uplink. Dynamic mapping of C-MAC DA, based on port learning, all access nodes in the port manage and maintain the user's MAC address (downlink C-MAC DA, also known as uplink C-MAC SA) table, management and maintenance process with ordinary Ethernet The MAC address of the switch management user is the same. There are two ways:
  • the access node learns the user's MAC address (downstream C-MAC DA, that is, the uplink C-MAC SA) according to the uplink packet of the user, and the dynamically learned MAC address maintains and manages the user's MAC address table through the aging mechanism.
  • FIG. 5 is a schematic block diagram of an access node according to an embodiment of the present invention.
  • the access node includes a receiving unit 51, a transmitting unit 52, and an Ethernet frame header adding unit 53.
  • the receiving unit 51 is configured to receive an uplink packet from the user and a downlink packet from the Ethernet network, where the sending unit 52 is configured to send the uplink packet to the Ethernet, and send the downlink packet.
  • the Ethernet frame header adding unit 52 is configured to add a carrier Ethernet frame header to the uplink information received by the receiving unit 51.
  • the Ethernet frame header adding unit 53 can be implemented by using the principle shown in FIG. 5, including: a mapping module 531, a carrier Ethernet frame header generating module 532, and an uplink packet encapsulating module 533.
  • the mapping module 531 is configured to store an access node uplink forwarding parameter table.
  • the carrier Ethernet frame header generating module 532 is configured to generate a carrier Ethernet frame header, and generate an operator Ethernet according to the access information of the user.
  • the carrier source MAC address field in the frame header, and the operator destination MAC address field in the carrier Ethernet frame header is generated by searching the access node uplink forwarding parameter table; the uplink packet encapsulation module 533 is configured to generate the The carrier Ethernet frame header is added to the uplink message received by the access node.
  • the user's access information includes: user location information, and/or user identification, and/or other information that uniquely identifies the user.
  • the user location information includes at least one of the following: an identifier of the access node, a slot number of the board accessed by the user, a port number accessed by the user, and a logical link number accessed by the user;
  • the user identifier includes at least one of the following: The IP address of the access user, the MAC address of the access user, the partial field of the IP address of the access user, the partial field of the MAC address of the access user, the user account of the access user, and a specified user of the access user. value.
  • the access node may also process the received downlink text from the Ethernet network through its internal carrier Ethernet header removal unit 54 to remove the carrier Ethernet in the downlink packet. Net frame header.
  • the carrier Ethernet frame header removing unit 54 passes the processed user>3 ⁇ 4 text to the transmitting unit 52, and the transmitting unit 52 transmits the message to the user.
  • FIG. 6 is a flowchart of processing performed by an access node in an uplink direction (a user sends an access node) message according to an embodiment of the present invention.
  • the process flow includes the following steps: Step 601: The user access node receives the user packet.
  • Step 602 Generate an uplink P-MAC SA of the packet according to an uplink P-MAC SA generation rule of the Mac-in-Mac tunnel.
  • Step 603 Search for an uplink P-MAC DA of the packet by using an uplink forwarding parameter of the access node according to the configuration policy. If the uplink P-MAC DA fails to be processed, the packet is processed according to the configured policy, such as: discarding the user packet, or the uplink P-MAC DA defaults to the broadcast address of all Fs, and the uplink P-MAC DA defaults to the specified MAC address;
  • Step 604 Obtain other field data of the uplink carrier tunnel header, such as a P-TAG, according to the configured policy.
  • Step 605 The access node adds the obtained carrier tunnel header data to the received user packet header.
  • Step 606 The access node performs some other necessary processing on the packet, for example, performing assignment and/or mapping processing on the service label and/or the P-TAG.
  • Step 607 The Ethernet packet of the carrier Ethernet frame header is added according to the carrier Ethernet frame header forwarding.
  • FIG. 7 is a flowchart of a process for an access node to process a downlink packet according to an embodiment of the present invention. The process flow includes the following steps:
  • Step 701 The user access node receives a downlink packet that is sent by the upper-layer device to the user and has an operator Ethernet frame header.
  • Step 702 Remove the Mac-in-Mac tunnel information data of the downlink packet, such as a carrier Ethernet frame header.
  • Step 703 Obtain a link where the user (downlink C-MAC DA) is located according to the downlink C-MAC DA lookup entry of the packet (the downlink forwarding parameter table of the access node), and then perform some necessary processing according to the policy, for example, the service label And/or P-TAG for assignment and/or mapping processing;
  • Step 704 Forward the user packet to the port link or logical link where the user is located.
  • the method for obtaining the association relationship between the access aggregation node (IP Edge node) uplink P-MAC SA (downlink P-MAC DA) and the uplink C-MAC SA (downlink C-MAC DA) is as follows:
  • IP Edge node Configure the access aggregation node (IP Edge node) to configure the association between the uplink P-MAC SA and the uplink C-MAC SA or the relationship between the uplink P-MAC SA and the uplink C-MAC SA and the user IP address. Joint relationship
  • the access aggregation node dynamically learns the association between the uplink P-MAC SA and the uplink C-MAC SA or the association between the uplink P-MAC SA and the uplink C-MAC SA and the user IP address through the protocol. Relationships, such as the ARP protocol, the access aggregation node resolves the ARP protocol packets with the user, and obtains the user's IP, the user's MAC (uplink C-MAC SA), and the uplink P-MAC SA through the ARP packet.
  • the ARP entry of the aggregation node needs to be augmented as the user access address table.
  • the IP address of the user or the MAC address of the user (uplink C-MAC SA) or the uplink P-MAC SA needs to be recorded, but the ARP protocol does not need to be modified.
  • the upstream P-MAC SA is obtained from the carrier Ethernet frame header of the Ethernet frame header of the ARP packet.
  • IP Edge node IP Edge node
  • P-MAC DA upstream P-MAC SA
  • Dynamic learning As with the normal Ethernet MAC address learning mechanism, the access aggregation node learns the uplink P-MAC SA according to the uplink user packet, and the learned uplink P-MAC SA is used for user downlink packet forwarding.
  • FIG. 8 is a schematic block diagram of an access aggregation node according to an embodiment of the present invention:
  • the access aggregation node includes: a receiving unit 81, a transmitting unit 82, and an Ethernet frame header adding unit 83.
  • the receiving unit 81 is configured to receive an uplink packet from the local Ethernet network to which the access aggregation node belongs and a downlink packet from another Ethernet.
  • the sending unit 82 is configured to send the uplink packet to the other packet. Ethernet, and sending the downlink packet to the local Ethernet;
  • the Ethernet frame header adding unit 83 is configured to add a carrier Ethernet frame header and/or a user Ethernet frame to the other Ethernet downlink packets. head.
  • the Ethernet frame header adding unit 83 reference may be made to the Ethernet frame header adding unit 53 in the access node of the embodiment of the present invention shown in FIG.
  • an operator Ethernet frame header removing unit 84 may be further disposed in the access aggregation node, for removing the carrier Ethernet frame header in the uplink message.
  • FIG. 9 is a flowchart of processing an uplink packet by an access aggregation node according to an embodiment of the present invention. The process flow includes the following steps:
  • Step 901 The IP Edge node receives the uplink Ethernet packet of the user.
  • Step 902 processing a user's Ethernet message, such as removing an Ethernet frame header (user Ethernet frame header and / or carrier Ethernet frame header);
  • the IP Edge node can obtain the access information of the user from the carrier Ethernet frame header.
  • Step 903 Forward the processed user packet to the corresponding IP network or other network (such as Ethernet, VPN, etc.) according to the destination IP or Ethernet frame header.
  • IP network or other network such as Ethernet, VPN, etc.
  • FIG. 10 is a flowchart of processing a downlink packet by an access aggregation node according to an embodiment of the present invention. The process flow includes the following steps:
  • Step 1001 The IP Edge node receives the IP address or other message that needs to be sent to the user.
  • Step 1002 Search for the user access address table according to the destination IP address or the user MAC address, and obtain the downlink P-MAC DA and the downlink C- MAC DA;
  • Step 1003 Add a user's Ethernet frame header and an operator's Ethernet frame header according to the configured policy.
  • Step 1004 Find a downlink P-MAC DA entry according to the downlink P-MAC DA to obtain a destination port, and then perform some other necessary processing, for example, assigning a service label and/or a P-TAG, and sending an Ethernet with a user.
  • the header of the frame header and the carrier's Ethernet frame header is the header of the frame header and the carrier's Ethernet frame header.
  • FIG. 11 is a flowchart of a method for providing user access information according to an embodiment of the present invention. The method includes the following steps:
  • the access node acquires user access information.
  • the access node may extract the user access information from the received packet containing the user access information
  • the access node converts the obtained user access information into an information code of a predetermined format.
  • the user access information may be converted into a MAC address encoding format, or an 802.1 Q tag format, or a service tag format information according to an application environment requirement. coding.
  • the corresponding field includes a MAC address field or an 802.1Q Tag field or a service label field;
  • the access information of the user includes at least one of the following: an identifier of the access device accessed by the user, a frame number accessed by the user on the access device, and the user accessing the access device.
  • the predetermined format is a corresponding field coding format in the header.
  • the network access device converts the access information of the accessed user into the same information encoding as the MAC address encoding format or the 802.1Q Tag or Service Label in the packet header. Added headers including Mac-in-Mac headers. The corresponding fields are: P-Mac SA, P-Tag, Service Label, or other corresponding fields. If the new header is Mac-in-Mac, the network access device receives 4 messages from the user and adds a Mac-in-Mac header to the user's access information and Mac-in-Mac. The P-Mac SA in the text corresponds.
  • the network access device receives the message from the user and adds a Mac-in-Mac packet header to the user's access information and the Mac-in-Mac message.
  • the P-Mac SA in the middle corresponds to the P-tag.
  • the network access device is a broadband access device in a broadband network. The correspondence between the user's access information and the information encoding is configured in the broadband access device.
  • the network access device compiles the user's access information into a 48-bit MAC code according to the encoding format of the MAC address.
  • the access information coding includes: an index of one or more information required to mark the user's location in the broadband access device number, the device frame number, the slot number, and the port number; and the MAC address, priority, and protocol encapsulation method of the user An index of one or more of the user type, permanent virtual connection identifiers that describe the characteristics of the user.
  • an access node refers to a network device or device or a network element that an operator provides access to a user
  • the user access node mentioned in the present invention refers to a user that is closest to the user.
  • An access network node capable of providing the above functions of the present invention such as: DSLAM, LANSWITCH (Local Area Network Switch), and the like.
  • IP Edge node refers to a network device or device or network element that provides an aggregation function for the access network user. It is located at the edge of the IP network and can provide the aggregation network node of the above functions of the present invention, such as: BRAS (Broadband Remote Access Server), IP ROUTER (Internet Router), LANSWITCH (LAN Switch), BNG (Broadband Network Gateway), and so on.
  • BRAS Broadband Remote Access Server
  • IP ROUTER Internet Router
  • LANSWITCH LAN Switch
  • BNG Broadband Network Gateway

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This invention discloses a method and system of network communication, and the method includes the following steps: access node adds Ethernet frame header for subscriber uplink message; then uplink message is transmitted to the Ethernet; said uplink message is transmitted in said Ethernet according to said added Ethernet frame header;access sink node removes Ethernet frame header of said Ethernet uplink message and transmits said uplink message to another network.. This invention also discloses that a method of subscriber access information provided. This invention can be used to resolve the security problem of MAC address from Ethernet to sink network.

Description

网络通信的方法和系统 本申请要求于 2006 年 4 月 29 日提交中国专利局、 申请号为 200610078654.1 发明名称为"用户位置信息传递方法、 MAC地址自动分配方 法、 网络建立方法及系统"的中国专利申请的优先权, 其全部内容通过引用结 合在本申请中。  The present invention claims to be submitted to the Chinese Patent Office on April 29, 2006, and the application number is 200610078654.1. The invention titled "user location information transmission method, MAC address automatic allocation method, network establishment method and system" Chinese patent Priority of the application, the entire contents of which are incorporated herein by reference.
技术领域 Technical field
本发明涉及通信领域, 尤其涉及一种用户接入信息提供方法、 网络通信方 法、 系统、 及节点设备。  The present invention relates to the field of communications, and in particular, to a user access information providing method, a network communication method, a system, and a node device.
背景技术 Background technique
在当前的城域网和接入汇聚网领域, 以太网凭借低成本、 易部署、扩展性 好等特点已经成为最热门的解决技术之一。事实上, 当前 4艮多运营商都在城域 网上实施以太网业务。 然而, 以太网技术在城域网和接入汇聚网的大量部署必 然要面临和解决许多棘手的问题, 例如突破 4096个 VLAN ( Virtual LAN, 虚 拟局域网)数的限制、 透明 LAN ( Local Area Network, 局域网)业务连接、 服务质量保证、 MAC地址欺骗、 DOS攻击等网络安全问题。 在以太网中有三 种"服务透传"技术原理和服务模式, 即 IEEE 802.1Q VLAN Q- in-Q VLAN ( Stack VLAN, VLA 栈)和 MAC栈技术。  In the current metropolitan area network and access aggregation network, Ethernet has become one of the most popular solutions due to its low cost, easy deployment and good scalability. In fact, more than 4 operators currently implement Ethernet services on the metro network. However, the large-scale deployment of Ethernet technology in metropolitan area networks and access aggregation networks is bound to face and solve many difficult problems, such as breaking the limit of 4096 VLANs (Virtual LANs), transparent LAN (Local Area Network, LAN) Network security issues such as service connection, quality of service guarantee, MAC address spoofing, DOS attack, etc. There are three "service transparent transmission" technical principles and service modes in Ethernet, namely IEEE 802.1Q VLAN Q-in-Q VLAN (Stack VLAN, VLA stack) and MAC stack technology.
801. lah, 即 Mac-in-Mac标准, 定义了两层 MAC栈的格式标准, 在用户 数据帧之外再封装一层运营商的以太网帧头, 由于 Mac-in-Mac完全屏蔽了用 户侧的信息(如 MAC地址, 用户 VLAN和生成 t ), 实现了用户数据的透传, 提高了运营商网络扩展性和网络的安全性,增强了业务的扩展性。 Mac-in-Mac 采用二层技术, 没有复杂的信令机制, 设备成本、 建网和运营维护成本较低。 由此可见, Mac-in-Mac技术提供用户网络和运营商网络的 MAC地址隔离、用 户网络控制协议无缝透传、服务质量易于区分和网络部署扩展性好等特性,基 于以太网的 Mac-in-Mac技术将会是目前解决接入汇聚网络问题的有效方案。  801. lah, the Mac-in-Mac standard, defines the format standard for the two-layer MAC stack, and encapsulates the carrier's Ethernet frame header in addition to the user data frame, since Mac-in-Mac completely shields the user. Side information (such as MAC address, user VLAN, and generation t) implements transparent transmission of user data, improves operator network scalability and network security, and enhances service scalability. Mac-in-Mac uses Layer 2 technology, without complex signaling mechanisms, and low equipment costs, network construction, and operation and maintenance costs. It can be seen that Mac-in-Mac technology provides MAC address isolation for user networks and carrier networks, seamless transparent transmission of user network control protocols, easy differentiation of service quality, and good network deployment scalability. Ethernet-based Mac- The in-Mac technology will be an effective solution to the problem of access aggregation networks.
IEEE 802.1ah规定的 Mac-in-Mac帧格式如下表 1所示:
Figure imgf000003_0001
The format of the Mac-in-Mac frame specified by IEEE 802.1ah is shown in Table 1 below:
Figure imgf000003_0001
各字段的含义如下: P-MAC DA/SA: Provider Destination/Source MAC Address, 运营商目的 / 源 MAC地址; The meaning of each field is as follows: P-MAC DA/SA: Provider Destination/Source MAC Address, carrier destination/source MAC address;
P-TAG: Provider Tag, 运营商标签;  P-TAG: Provider Tag, carrier label;
P-ServiceLabel : Provider service label, 运营商月艮务标签;  P-ServiceLabel: Provider service label, carrier monthly service label;
其中, P-MAC DA、 P-MAC SA、 P-TAG以及 P-ServiceLabel构成了一层 运营商以太网帧头, 即运营商网络标识, P-MAC DA和 P-MAC SA为必须字 段, P-TAG和 P-ServiceLabd为可选字段。  Among them, P-MAC DA, P-MAC SA, P-TAG, and P-ServiceLabel form a layer of carrier Ethernet frame header, that is, carrier network identifier, P-MAC DA and P-MAC SA are mandatory fields, P -TAG and P-ServiceLabd are optional fields.
IEEE 802.1ah规定的 Mac-in-Mac定义了网络边界节点, 网络边界节点执 行 MAC栈地址的增加和移除, IEEE 802.1ah有很大的灵活性, 可以实现层次 化的网络。  The Mac-in-Mac specified by IEEE 802.1ah defines the network boundary node, and the network border node performs the addition and removal of the MAC stack address. The IEEE 802.1ah has great flexibility to implement a hierarchical network.
Customer Ethernet Frame: 用户以太网帧,如 801.1Q格式的以太网帧、 802.3 格式的以太网帧等。  Customer Ethernet Frame: User Ethernet frame, such as Ethernet frame in 801.1Q format, Ethernet frame in 802.3 format, etc.
801.1Q格式如下表 2所示:  The 801.1Q format is shown in Table 2 below:
表 2:
Figure imgf000004_0001
Table 2:
Figure imgf000004_0001
各字段的含义如下:  The meaning of each field is as follows:
C-MAC DA/SA: Customer Destination/Source MAC Address , 用户以太网 艮文目的 /源 MAC地址;  C-MAC DA/SA: Customer Destination/Source MAC Address, User Ethernet 艮文源/Source MAC address;
C-TAG: Customer Tag, 用户以太网 艮文标签;  C-TAG: Customer Tag, user Ethernet 艮 label;
其中, C-MAC DA、 C-MAC SA 以及 C-TAG构成了用户以太网帧头, C-MAC DA和 C-MAC SA为必须字段, C-TAG为可选字段。  Among them, C-MAC DA, C-MAC SA and C-TAG constitute the user Ethernet frame header, C-MAC DA and C-MAC SA are mandatory fields, and C-TAG is optional field.
虽然 IEEE 802.1ah标准定义了 Mac-in-Mac的系统框架, 但是没有提供如 何建立运营商网络内部二层连接通道的方案, 尤其是接入汇聚网络应用 Mac-in-Mac建立连接通道的简易方案。  Although the IEEE 802.1ah standard defines the system framework of Mac-in-Mac, it does not provide a solution for how to establish a Layer 2 connection channel inside the carrier network, especially the simple solution for establishing a connection channel for accessing the aggregation network application Mac-in-Mac. .
目前 IP DSLAM ( Digital Subscriber Line Access Multiplexer, 数字用户接 入复接器)已经成为宽带接入的主流设备, 由于 IP DSLAM采用以太网技术作 为上行接口传送技术, 用户 PVC ( Permanent Virtual Circuit, 永久虚电路)和 / 或端口等接入信息只能依靠以太网的 VLAN ID ( VLA 标识)提供, 而 VLAN ID的范围 居 IEEE协议规定最大只能 4096个, 所以在 4艮多情况下, 认证设 备只能得到模糊的 VLAN ID (多个用户共用的 VLAN ID ), 用户接入信息的 丟失,会给运营的宽带电信网带来诸多安全问题, 用户的接入信息的提供已经 是 IP DSLAM发展中急需解决的问题之一。 At present, the IP DSLAM (Digital Subscriber Line Access Multiplexer) has become the mainstream device for broadband access. Since the IP DSLAM uses Ethernet technology as the uplink interface transmission technology, the user PVC (Permanent Virtual Circuit) Access information such as ) and / or port can only be provided by the Ethernet VLAN ID (VLA identifier), and the range of VLAN ID is only 4096 in the IEEE protocol, so in more than 4 cases, the authentication is set. The device can only obtain the fuzzy VLAN ID (the VLAN ID shared by multiple users). The loss of user access information will bring many security problems to the operating broadband telecommunication network. The provision of user access information is already the development of IP DSLAM. One of the urgent problems to be solved.
在 IP DSLAM应用情况下, 提出了基于 DHCP Option82 ( Dynamic Host Configuration Protocol, 动态主机配置附加选项 82 )和 PPPoE+ ( Point to Point Protocol over Ethernet, 以太网承载 PPP协议) 的用户接入信息解决方案, 但 是 DHCP Option82和 PPPoE+只能应用在特有场景下,即在用户使用 DHCP或 PPPoE时才能提供用户接入信息, 不能提供一种适应各种场景的解决方案, 而 且基于 DHCP Option82和 PPPoE+的用户位置定位和传递解决方案提供的位置 是一次性的, 不能在运行中时刻提供用户接入信息。  In the case of IP DSLAM application, a user access information solution based on DHCP Option 82 (Dynamic Host Configuration Protocol 82) and PPPoE+ (Point to Point Protocol over Ethernet) is proposed. DHCP Option 82 and PPPoE+ can only be used in a unique scenario, that is, users can provide user access information when they use DHCP or PPPoE. They cannot provide a solution that adapts to various scenarios, and user location and location based on DHCP Option 82 and PPPoE+. The location provided by the delivery solution is one-off and does not provide user access information at runtime.
发明内容 Summary of the invention
本发明实施例提供一种网络通信方法及系统, 为 MAC栈应用提供一种筒 易的部署方案,通过 MAC技术实现用户网络和运营商网络的 MAC地址隔离, 解决以太网接入网的 MAC地址的安全问题。  The embodiment of the invention provides a network communication method and system, which provides an easy deployment solution for the MAC stack application, and implements MAC address isolation between the user network and the operator network through the MAC technology, and solves the MAC address of the Ethernet access network. Security issue.
本发明实施例还提供了一种用户接入信息提供方法,在运行中时刻提供用 户接入信息, 便于认证设备对用户的管理。  The embodiment of the invention further provides a method for providing user access information, which provides user access information during operation, which facilitates management of the user by the authentication device.
本发明实施例还提供了一种接入节点及一种汇聚节点, 通过 MAC技术实 现用户网络和运营商网络的 MAC地址隔离, 解决以太网接入网的 MAC地址 的安全问题。  The embodiment of the present invention further provides an access node and a sink node, which implement MAC address isolation between the user network and the carrier network through the MAC technology, and solve the security problem of the MAC address of the Ethernet access network.
本发明实施例提供的一种网络通信方法, 包括:  A network communication method provided by an embodiment of the present invention includes:
接入节点接收来自用户的上行报文,增加运营商以太网帧头后发送所述上 行报文;  The access node receives the uplink packet from the user, and adds the carrier Ethernet frame header to send the uplink packet;
根据所述运营商以太网帧头在以太网中传输所述上行报文;  Transmitting the uplink packet in an Ethernet according to the carrier Ethernet frame header;
接入汇聚节点接收所述上行报文,移除所述上行报文中的所述运营商以太 网帧头, 并将所述上行报文传送给另一网络。  The access aggregation node receives the uplink packet, removes the carrier Ethernet frame header in the uplink packet, and transmits the uplink packet to another network.
由于采用在接入节点处在上行^ 中增加运营商以太网帧头,在接入汇聚 节点处删除运营商以太网帧头,从而在以太网的接入节点和接入汇聚节点之间 建立起了安全的传输通道, 即 MAC栈隧道, 实现用户网絡和运营商网络的 MAC地址隔离, 使运营商网络不用感知用户的 MAC地址, 有效地解决了以 太网接入网的 MAC地址欺骗、 DOS (拒绝服务)攻击等相关的安全问题。 本发明实施例提供的一种用户接入信息提供方法 , 包括: Since the carrier Ethernet frame header is added in the uplink node at the access node, the carrier Ethernet frame header is deleted at the access aggregation node, thereby establishing between the Ethernet access node and the access aggregation node. A secure transmission channel, that is, a MAC stack tunnel, implements MAC address isolation between the user network and the carrier network, so that the carrier network does not need to perceive the user's MAC address, effectively solving the problem. MAC address spoofing, DOS (Denial of Service) attacks and other related security issues. A method for providing user access information provided by the embodiment of the present invention includes:
将用户接入信息转换成预定格式的信息编码;  Converting user access information into an information code of a predetermined format;
将所述信息编码作为报文头的相应字段插入来自所述用户的报文; 转发所述报文。  Transmitting the information as a corresponding field of the packet header into the packet from the user; forwarding the packet.
由于采用在接入节点处在上行报文中增加包含用户接入信息的以太网帧 头, 在接入汇聚节点处分析包含用户接入信息的以太网帧头得到用户接入信 息,从而以简单的方式解决了用户接入信息提供问题。 由于每个上行报文都包 含了用户接入信息, 因此能够在各种场景下提供用户接入信息。  Since the Ethernet frame header including the user access information is added to the uplink packet at the access node, the Ethernet frame header including the user access information is analyzed at the access aggregation node to obtain the user access information, thereby simplifying The way to solve the problem of user access information provision. Since each uplink packet contains user access information, user access information can be provided in various scenarios.
本发明实施例提供的一种网络通信系统, 包括: 通过以太网连接的接入节 点和接入汇聚节点;  A network communication system provided by an embodiment of the present invention includes: an access node and an access aggregation node connected through an Ethernet;
所述接入节点用于接收来自用户的上行报文,并为所接收到的上行报文增 加运营商以太网帧头, 然后将所述上行报文发送到以太网中;  The access node is configured to receive an uplink message from the user, add a carrier Ethernet frame header to the received uplink message, and then send the uplink message to the Ethernet;
所述接入汇聚节点用于移除来自所述以太网的所述上行^ R文中的所述运 营商以太网帧头, 并将所述上行报文传送给另一网络。  The access aggregation node is configured to remove the operator Ethernet frame header in the uplink message from the Ethernet, and transmit the uplink message to another network.
本发明实施例的网络通信系统采用在接入节点处在上行报文中增加运营 商以太网帧头,在接入汇聚节点处删除运营商以太网帧头,从而在以太网的接 入节点和接入汇聚节点之间建立起了安全的传输通道, 即 MAC栈隧道, 实现 用户网络和运营商网络的 MAC地址隔离,使运营商网络不用感知用户的 MAC 地址, 有效地解决了以太网接入网的 MAC地址欺骗、 DOS (拒绝服务)攻击 等相关的安全问题。  The network communication system in the embodiment of the present invention adopts an operator Ethernet frame header in an uplink packet at an access node, and an operator Ethernet frame header is deleted at an access aggregation node, thereby being in an Ethernet access node and A secure transmission channel, that is, a MAC stack tunnel, is established between the access aggregation nodes to implement MAC address isolation between the user network and the carrier network, so that the carrier network does not need to perceive the user's MAC address, thereby effectively solving the Ethernet access. Network related MAC address spoofing, DOS (Denial of Service) attacks and other related security issues.
本发明实施例提供的一种接入节点, 包括:  An access node provided by the embodiment of the present invention includes:
接收单元, 用于接收来自用户的上行报文和来自以太网络的下行报文; 发送单元, 用于将所述上行报文发送到所述以太网中, 并将所述下行报文 发送给用户;  a receiving unit, configured to receive an uplink message from the user and a downlink message from the Ethernet network, where the sending unit is configured to send the uplink message to the Ethernet, and send the downlink message to the user ;
以太网帧头添加单元,用于为所述接收单元接收的上行报文增加运营商以 太网帧头。  An Ethernet frame header adding unit is configured to add an operator Ethernet frame header to the uplink message received by the receiving unit.
本发明实施例提供的一种汇聚节点, 包括:  A convergence node provided by the embodiment of the present invention includes:
接收单元,用于接收来自所述接入汇聚节点所属的本以太网的上行报文和 来自其他以太网的下行报文; a receiving unit, configured to receive an uplink packet from the local Ethernet network to which the access aggregation node belongs Downlink messages from other Ethernet networks;
发送单元, 用于将所述上行报文发送给所述其他以太网, 并将所述下行报 文发送到本以太网;  a sending unit, configured to send the uplink packet to the other Ethernet, and send the downlink packet to the local Ethernet;
以太网帧头添加单元,用于在所述其他以太网的下行报文中增加运营商以 太网帧头和 /或用户以太网帧头。  An Ethernet frame header adding unit is configured to add an operator Ethernet frame header and/or a user Ethernet frame header to the downlink packets of the other Ethernet.
本发明实施例提供的接入节点和接入汇聚节点通过 MAC技术实现用户网 络和运营商网络的 MAC地址隔离, 解决了以太网接入网的 MAC地址的安全 问题。  The access node and the access aggregation node provided by the embodiment of the present invention implement MAC address isolation between the user network and the operator network through the MAC technology, and solve the security problem of the MAC address of the Ethernet access network.
附图说明 DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的不 当限定。 在附图中:  The drawings are intended to provide a further understanding of the present invention, and are intended to be illustrative of the invention, and are not intended to limit the invention. In the drawing:
图 1是本发明实施例网络通信方法的流程图;  1 is a flowchart of a network communication method according to an embodiment of the present invention;
图 2是本发明实施例网络通信方法的实现原理图;  2 is a schematic diagram showing the implementation of a network communication method according to an embodiment of the present invention;
图 3A是本发明实施例网络通信系统与用户设备及其他网络的组网示意 图;  3A is a schematic diagram of networking of a network communication system, a user equipment, and other networks according to an embodiment of the present invention;
图 3B是本发明实施例网絡通信系统的逻辑框图;  3B is a logic block diagram of a network communication system according to an embodiment of the present invention;
图 4是本发明实施例中运营商源 MAC地址自动分配过程的流程图; 图 5是本发明实施例的接入节点原理框图;  4 is a flowchart of an automatic allocation process of a source MAC address of an operator in an embodiment of the present invention; FIG. 5 is a schematic block diagram of an access node according to an embodiment of the present invention;
图 6是本发明实施例中接入节点处理上行报文的流程图;  6 is a flowchart of an access node processing an uplink packet in an embodiment of the present invention;
图 7是本发明实施例中接入节点处理下行报文的流程图;  7 is a flowchart of processing, by an access node, a downlink packet according to an embodiment of the present invention;
图 8是本发明实施例的接入汇聚节点原理框图;  8 is a schematic block diagram of an access aggregation node according to an embodiment of the present invention;
图 9是本发明实施例中接入汇聚节点处理上行报文的流程图;  FIG. 9 is a flowchart of processing an uplink packet by an access aggregation node according to an embodiment of the present invention;
图 10是本发明实施例中接入汇聚节点处理下行报文的流程图;  10 is a flowchart of processing a downlink packet by an access aggregation node according to an embodiment of the present invention;
图 11是本发明实施例用户接入信息提供方法的一个实施例的流程图。 具体实施方式  FIG. 11 is a flowchart of an embodiment of a method for providing user access information according to an embodiment of the present invention. detailed description
以下将详细描述本发明的实施例。  Embodiments of the present invention will be described in detail below.
图 1是本发明实施例网络通信方法的流程图。 该方法包括以下步驟: 101 , 接入节点接收来自用户的上行报文。 102, 接入节点自动为所接收到的上行报文增加运营商以太网帧头, 然后 发送上行报文。 1 is a flow chart of a network communication method according to an embodiment of the present invention. The method includes the following steps: 101. An access node receives an uplink message from a user. 102. The access node automatically adds a carrier Ethernet frame header to the received uplink packet, and then sends an uplink packet.
接入节点根据用户的接入信息生成运营商以太网帧头的第一字段,并通过 上行转发参数表生成运营商以太网帧头的第二字段。  The access node generates a first field of the carrier Ethernet frame header according to the access information of the user, and generates a second field of the carrier Ethernet frame header by using the uplink forwarding parameter table.
用户的接入信息可以是用户位置信息和 /或用户标识, 还可以是能够唯一 标识该用户的其他信息。 用户位置信息包括以下至少之一: 接入节点的标识、 用户接入板的槽位号、 用户接入的端口号、 以及用户接入的逻辑链路号; 用户 标识包括以下至少之一: 接入用户的 IP地址、 接入用户的 MAC地址、 接入 用户的 EP地址的部分字段、 接入用户的 MAC地址的部分字段、 接入用户的 用户帐号、 及接入用户的某一个指定的值。  The user's access information may be user location information and/or user identity, and may be other information that uniquely identifies the user. The user location information includes at least one of the following: an identifier of the access node, a slot number of the user access board, a port number accessed by the user, and a logical link number accessed by the user; the user identifier includes at least one of the following: The IP address of the incoming user, the MAC address of the access user, the partial field of the EP address of the access user, the partial field of the MAC address of the access user, the user account of the access user, and a specified value of the access user. .
接入节点根据用户的接入信息生成运营商以太网帧头的第一字段的编码 包括上行报文的运营商源 MAC地址; 接入节点通过查找或适配上行转发参数 表生成运营商以太网帧头的第二字段的编码包括上行报文的运营商目的 MAC 地址; 其中, 上行是用户发往接入节点的方向。  The access node generates the code of the first field of the carrier Ethernet frame header according to the access information of the user, including the carrier source MAC address of the uplink packet; the access node generates the carrier Ethernet by searching or adapting the uplink forwarding parameter table. The encoding of the second field of the frame header includes the carrier's destination MAC address of the uplink packet; where, the uplink is the direction that the user sends to the access node.
103 , 才艮据运营商以太网帧头在以太网中传输上行才艮文。  103. According to the carrier Ethernet frame header, the uplink is transmitted in the Ethernet.
104, 接入汇聚节点移除来自以太网的上行报文中的运营商以太网帧头, 将上行 ·ί艮文传送给另一网络, 比如 IP网络、 以太网等。  104. The access aggregation node removes the carrier Ethernet frame header in the uplink packet from the Ethernet, and transmits the uplink packet to another network, such as an IP network, an Ethernet, or the like.
如果需要将该上行报文在 IP网络中传送, 则接入汇聚节点还需要移除来 自以太网的上行 4艮文中的用户以太网帧头。  If the uplink packet needs to be transmitted in the IP network, the access aggregation node also needs to remove the user Ethernet frame header from the uplink of the Ethernet.
接入汇聚节点如果需要用户接入信息,可以通过解析运营商以太网帧头的 第一字段的编码获取用户接入信息。  If the access aggregation node needs user access information, the user access information may be obtained by parsing the code of the first field of the carrier Ethernet frame header.
在上述的网络通信方法中 , 还可以进一步包括以下步骤:  In the above network communication method, the following steps may be further included:
105 , 接入汇聚节点在来自另一网絡的下行^ :艮文中增加运营商以太网帧头 和 /或用户以太网帧头。 105, a downlink from the access aggregation node in another network ^: Gen increase Carrier Ethernet packet header and / or user Ethernet header.
106, 才艮据运营商以太网帧头在以太网中传输下行^ =艮文。  106, according to the carrier Ethernet frame header in the Ethernet transmission downlink ^ = 艮 text.
107, 接入节点移除来自以太网络的下行 ·^艮文中的运营商以太网帧头, 将 下行^ =艮文传送给用户。  107. The access node removes the carrier Ethernet frame header in the downlink from the Ethernet network, and transmits the downlink ^=艮 message to the user.
在上述的网络通信方法中, 以太网帧头包括: 目的 MAC地址和源 MAC 地址,除此之外,还可以进一步包括: VLAN标签和 /或类型和 /或 Service Label。 接入节点为宽带网络中的宽带接入设备。 In the above network communication method, the Ethernet frame header includes: a destination MAC address and a source MAC address, and may further include: a VLAN tag and/or a type and/or a Service Label. The access node is a broadband access device in a broadband network.
在上述的网络通信方法中,接入节点通过查接入节点下行转发参数表将下 行报文传送给用户。接入节点通过查接入节点上行转发参数表在来自用户的上 行报文中增加运营商以太网帧头的相应字段。相应字段包括上行报文运营商目 的] ViAC地址。 其中, 接入节点上行转发参数表是包含上行报文的运营商目的 MAC和用户对应关系的转发参数表。 接入节点将接入用户的接入信息转换成 与 MAC地址编码格式相同的编码; 接入节点自动将上述包含接入用户接入信 息的编码作为 MAC地址栈应用的运营商源 MAC。  In the above network communication method, the access node transmits the downlink message to the user by checking the access node downlink forwarding parameter table. The access node adds a corresponding field of the carrier Ethernet frame header to the uplink message from the user by checking the access node uplink forwarding parameter table. The corresponding field includes the ViAC address of the upstream message carrier. The access node uplink forwarding parameter table is a forwarding parameter table that includes an operator destination MAC address of the uplink packet and a user correspondence relationship. The access node converts the access information of the access user into the same encoding as the MAC address encoding format; the access node automatically uses the above-mentioned encoding including the access user access information as the carrier source MAC of the MAC address stack application.
可以在接入节点处按照以下规则中至少之一配置上行报文的运营商目的 MAC地址:  The carrier's destination MAC address of the uplink packet may be configured at the access node according to at least one of the following rules:
( 1 )为接入节点配置上行报文的运营商目的 MAC地址, 所有用户均共 用上行报文的运营商目的 MAC地址;  (1) Configure the destination MAC address of the carrier of the uplink packet for the access node, and all users share the destination MAC address of the carrier of the uplink packet;
( 2 ) 为接入节点的每个端口配置上行报文的运营商目的 MAC地址, 端 口内的所有报文业务均共用上行报文的运营商目的 MAC地址;  (2) Configuring the carrier's destination MAC address for the uplink packet for each port of the access node, and all the packet services in the port share the carrier's destination MAC address of the uplink packet;
( 3 )为接入节点的每个端口的逻辑链路配置上行报文的运营商目的 MAC 地址, 端口的逻辑链路上的所有报文业务均共用上行报文的运营商目的 MAC 地址。  (3) The carrier's destination MAC address of the uplink packet is configured for the logical link of each port of the access node, and all the packet services on the logical link of the port share the carrier's destination MAC address of the uplink packet.
其中, 配置上行报文的运营商目的 MAC地址是指配置上行报文的运营商 目的 MAC地址到接入节点上行转发参数表。  The destination MAC address of the carrier that configures the upstream packet is the uplink forwarding parameter table of the carrier's destination MAC address to the access node.
可以通过以下规则至少之一在接入节点处配置接入节点上行转发参数表, 所述接入节点上行转发参数表用于在上行报文的运营商目的 MAC地址和上行 报文的用户建立映射关系:  The access node uplink forwarding parameter table may be configured at the access node by using at least one of the following rules, where the access node uplink forwarding parameter table is used to establish a mapping between the carrier's destination MAC address of the uplink packet and the user of the uplink packet. Relationship:
( 1 )为接入节点配置至少一个接入节点上行转发参数表, 所有用户共用 至少一个接入节点上行转发参数表;  (1) Configuring at least one access node uplink forwarding parameter table for the access node, and all users sharing at least one access node uplink forwarding parameter table;
( 2 )为接入节点的每个端口配置至少一个接入节点上行转发参数表, 端 口内的所有报文业务均共用至少一个接入节点上行转发参数表;  (2) Configuring at least one access node uplink forwarding parameter table for each port of the access node, and all packet services in the port share at least one access node uplink forwarding parameter table;
( 3 )为接入节点的每个端口的逻辑链路配置至少一个接入节点上行转发 参数表,端口的逻辑链路上的所有报文业务均共用至少一个接入节点上行转发 参数表。 在上述的网络通信方法中,进一步包括以下步骤: 接入节点根据下行报文 学习用户的上行报文的运营商目的 MAC地址和上行 ^艮文的用户目的 MAC地 址生成接入节点上行转发参数表,其中, 下行方向是指从接入节点发往用户的 方向或者接入汇聚节点发往用户的报文方向。 (3) Configuring at least one access node uplink forwarding parameter table for the logical link of each port of the access node, and all packet services on the logical link of the port share at least one access node uplink forwarding parameter table. In the above network communication method, the method further includes the following steps: The access node generates an access node uplink forwarding parameter table according to the carrier destination MAC address of the uplink message of the user and the user destination MAC address of the uplink message. The downlink direction refers to the direction of the packet sent from the access node to the user or the direction of the packet sent by the access aggregation node to the user.
在上述的网络通信方法中, 如果上行 4艮文的运营商目的 MAC地址和上行 报文的用户目的 MAC地址在接入节点上行转发参数表中已经存在并且一致, 则刷新上行报文的运营商目的 MAC地址和上行报文的用户目的 MAC地址在 接入节点上行转发参数表中的超时状态; 如果上行报文的运营商目的 MAC地 址和上行报文的用户目的 MAC地址在接入节点上行转发参数表中已经存在但 不一致, 则更新接入节点上行转发参数表; 以及如果上行报文的运营商目的 MAC地址和上行报文的用户目的 MAC地址在接入节点上行转发参数表中不 存在, 则在接入节点上行转发参数表中增加上行报文的运营商目的 MAC地址 和上行艮文的用户目的 MAC地址的映射项目。  In the foregoing network communication method, if the carrier's destination MAC address of the uplink packet and the user destination MAC address of the uplink packet already exist and are consistent in the uplink forwarding parameter table of the access node, the operator that refreshes the uplink packet The destination MAC address of the destination MAC address and the uplink destination packet of the uplink packet in the upstream forwarding parameter list of the access node; if the destination MAC address of the upstream packet and the destination destination MAC address of the uplink packet are forwarded by the access node If the parameter table already exists but is inconsistent, the access node uplink forwarding parameter table is updated; and if the destination MAC address of the uplink message and the user destination MAC address of the uplink message do not exist in the uplink forwarding parameter table of the access node, Then, in the access node uplink forwarding parameter table, a mapping item of the carrier's destination MAC address of the uplink packet and the user destination MAC address of the uplink text is added.
在上述的网络通信方法中,接入节点主动维护接入节点上行转发参数表老 化机制。 如果在指定周期内, 上行报文的运营商目的 MAC地址和上行报文的 用户目的 MAC地址的接入节点上行转发参数表项目没有得到更新或刷新, 则 接入节点从接入节点上行转发参数表中删除上行报文的运营商目的 MAC地址 和上行艮文的用户目的 MAC地址。  In the above network communication method, the access node actively maintains an aging mechanism of the uplink forwarding parameter table of the access node. If the access node uplink forwarding parameter table entry of the carrier's destination MAC address of the uplink packet and the user destination MAC address of the uplink packet is not updated or refreshed within the specified period, the access node forwards the parameter from the access node. In the table, the carrier's destination MAC address of the upstream packet and the destination destination MAC address of the uplink text are deleted.
接入节点可以按照以下至少一种方式管理和维护用户的用户 MAC地址: 在接入节点配置用户 MAC地址; 接入节点根据用户上行的 4艮文学习用户的 MAC地址, 动态学习的用户 MAC地址通过老化机制维护和管理用户 MAC 地址,用户 MAC地址为上行报文的用户源 MAC,用户 MAC地址存在于接入 节点下行转发参数表中。  The access node can manage and maintain the user MAC address of the user in at least one of the following ways: The user MAC address is configured on the access node; the access node learns the user's MAC address according to the uplink information of the user, and dynamically learns the user MAC address. The user MAC address is maintained and managed by the aging mechanism. The user MAC address is the user source MAC address of the uplink packet. The user MAC address exists in the downlink forwarding parameter table of the access node.
在上述的网络通信方法中,接入节点处理上行报文的处理过程如下: 接入 节点接收来自用户的上行报文; 接入节点根据运营商源 MAC地址产生规则生 成上行报文的运营商源 MAC地址; 接入节点查找接入节点上行转发参数表得 到上行报文的运营商目的 MAC地址; 如果没有找到上行报文的运营商目的 MAC地址, 则根据配置策略处理报文, 其中配置策略包括以下至少之一: 丟 弃报文、 默认上行报文的运营商目的 MAC地址为全 F的广播地址、 以及默认 上行报文的运营商目的 MAC地址为指定的默认 MAC地址; 接入节点得到上 行方向的运营商隧道头的运营商标签;以及接入节点根据运营商以太网帧头转 发增加有运营商以太网帧头的以太网 文。 In the above network communication method, the processing procedure of the access node processing the uplink packet is as follows: The access node receives the uplink packet from the user; the access node generates the carrier source of the uplink packet according to the source MAC address generation rule of the operator. The MAC address is obtained by the access node to find the uplink forwarding parameter table of the access node to obtain the destination MAC address of the carrier of the uplink packet. If the destination MAC address of the carrier of the uplink packet is not found, the packet is processed according to the configuration policy, where the configuration policy includes At least one of the following: discards the packet, the carrier MAC address of the default upstream packet is the broadcast address of all Fs, and the default The destination MAC address of the carrier of the uplink packet is the specified default MAC address; the access node obtains the carrier label of the carrier tunnel header in the uplink direction; and the access node increases the carrier Ethernet according to the carrier Ethernet frame header forwarding. Ethernet header of the frame header.
在上述的网络通信方法中,接入节点处理下行报文的处理过程如下: 接入 节点接收从上层设备发往用户的具有运营商以太网帧头的报文;接入节点移除 报文中的运营商以太网帧头; 接入节点根据报文的目的 MAC地址查找接入节 点下行转发参数表得到用户所在的端口链路或逻辑链路 ,然后将报文发送到用 户。  In the above network communication method, the processing procedure of the access node processing the downlink packet is as follows: The access node receives the packet with the carrier Ethernet frame header sent from the upper layer device to the user; the access node removes the packet. The carrier Ethernet frame header; the access node searches the access node downlink forwarding parameter table according to the destination MAC address of the packet to obtain the port link or logical link where the user is located, and then sends the packet to the user.
在上述的网络通信方法中,接入汇聚节点通过用户接入地址表处理下行报 文, 用户接入地址表包括上行报文的运营商源 MAC地址和上行报文的用户源 MAC地址之间的对应关系或者上行报文的运营商源 MAC地址和上行报文的 用户源 MAC地址以及用户的 IP地址三者之间的对应关系。 用户接入地址表 是静态配置或动态学习形式的。  In the foregoing network communication method, the access aggregation node processes the downlink packet by using the user access address table, where the user access address table includes the source MAC address of the carrier of the uplink packet and the source MAC address of the user of the uplink packet. Correspondence between the source MAC address of the carrier or the source MAC address of the uplink packet and the IP address of the user. The user access address table is in the form of static configuration or dynamic learning.
在上述的网络通信方法中, 如果建立的用户接入地址表是动态学习形式 的, 则接入汇聚节点可以通过地址解析协议 ( ARP )报文得到用户的 IP地址 或上行报文的用户源 MAC地址或上行报文的运营商源 MAC地址。 其中, 上 行报文的运营商源 MAC地址是从地址解析协议报文的以太网帧头的运营商以 太网帧头的上行报文的运营商源 MAC得到的。  In the foregoing network communication method, if the established user access address table is in a dynamic learning form, the access aggregation node can obtain the user's IP address or the user source MAC address of the uplink packet by using an address resolution protocol (ARP) packet. Carrier source MAC address of the address or uplink packet. The source MAC address of the carrier of the uplink packet is obtained from the carrier source MAC of the uplink packet of the operator of the Ethernet frame header of the Ethernet frame header of the address resolution protocol packet.
在上述的网络通信方法中,接入汇聚节点可以通过以下方式对上行报文的 运营商源 MAC地址进行管理: 配置方式, 将上行报文的运营商源 MAC地址 配置到接入汇聚节点的指定链路上, 通过上行报文的运营商源 MAC地址进行 转发下行报文; 动态学习方式,接入汇聚节点根据上行的用户报文学习上行报 文的运营商源 MAC地址, 将学习到的上行报文的运营商源 MAC地址作为用 户下行报文转发依据。 其中, 上行报文的运营商源 MAC地址是下行报文的运 营商目的 MAC地址。  In the above network communication method, the access aggregation node can manage the source MAC address of the carrier of the uplink packet in the following manner: Configuration mode, configuring the source MAC address of the carrier of the uplink packet to the designation of the access aggregation node On the link, the downlink source packet is forwarded by the source MAC address of the upstream packet. In the dynamic learning mode, the access aggregation node learns the source MAC address of the uplink packet according to the uplink user packet, and learns the uplink. The source MAC address of the carrier is used as the basis for forwarding the downlink packets of the user. The source MAC address of the carrier of the uplink packet is the destination MAC address of the carrier of the downlink packet.
在上述的网络通信方法中 ,接入汇聚节点处理上行以太网报文的步驟包括 移除上行^ =艮文中的以太网帧头。接入汇聚节点通过以下过程处理下行报文,其 中, 下行报文是从接入汇聚节点到用户的方向的报文:接入汇聚节点接收发往 用户的 IP报文或以太网报文; 根据目的 IP或用户 MAC地址查找用户接入地 址表, 得到下行报文的运营商目的 MAC地址和 /或下行报文的用户目的 MAC 地址; 在下行 ^艮文中增加用户的以太网帧头和 /或运营商的以太网帧头; 发送 具有用户的以太网帧头和运营商的以太网帧头的 ·ί艮文。 In the above network communication method, the step of the access aggregation node processing the uplink Ethernet packet includes removing the Ethernet frame header in the uplink. The access aggregation node processes the downlink packet by using the following process: the downlink packet is a packet from the access aggregation node to the user: the access aggregation node receives the IP packet or the Ethernet packet sent to the user; Destination IP or user MAC address to find the user access location The address table obtains the destination MAC address of the carrier of the downlink packet and/or the destination destination MAC address of the downlink packet; adds the Ethernet frame header of the user and/or the Ethernet frame header of the operator in the downlink message; The user's Ethernet frame header and the carrier's Ethernet frame header.
图 2是本发明实施例的网络通信方法的实现原理图。在图中,从接入节点 ( Access Node, AN )到接入汇聚节点(例如 IP Edge节点, IP边沿节点)之 间的传输路径称之为接入汇聚网络。  2 is a schematic diagram showing the implementation of a network communication method according to an embodiment of the present invention. In the figure, the transmission path from an access node (AN) to an access aggregation node (such as an IP Edge node, an IP edge node) is called an access aggregation network.
在接入汇聚网络中对上行报文的处理过程如下:用户终端发送上行报文给 接入节点, 在接入节点处通过查表等策略在上行报文中增加运营商以太网帧 头, 例如, P-MAC DA和 P-MAC SA等。 增加了运营商以太网帧头的上行报 文借助于运营商以太网帧头在以太网络中传输,当上行报文到达接入汇聚节点 后,接入汇聚节点终结以太网报文, 同时接入汇聚节点可以从以太网帧头中获 取用户接入信息,然后将报文传送给 IP网络或者其他网络,例如以太网或 VPN ( Virtual private network, 虚拟专用网 )。  The process of processing the uplink packet in the access aggregation network is as follows: the user terminal sends an uplink packet to the access node, and adds a carrier Ethernet frame header to the uplink packet by using a policy such as a table lookup at the access node, for example, , P-MAC DA and P-MAC SA, etc. The uplink packet of the carrier Ethernet frame header is transmitted in the Ethernet network by means of the carrier Ethernet frame header. When the uplink packet arrives at the access aggregation node, the access aggregation node terminates the Ethernet packet and simultaneously accesses the packet. The aggregation node can obtain user access information from the Ethernet frame header and then transmit the message to an IP network or other network, such as an Ethernet or VPN (Virtual Private Network).
在接入汇聚网络中对下行报文的处理过程如下: IP边沿节点从 IP网络接 收发往用户的下行报文,通过查用户接入地址表在下行报文中增加用户的以太 网帧头和 /或运营商的以太网帧头, 然后将下行^ 1艮文传送到接入汇聚网络。 增 加了运营商以太网帧头的下行报文借助于运营商以太网帧头在以太网络中传 输, 当下行报文到达接入节点后,接入节点移除运营商以太网帧头, 然后通过 查下行转发参数表等策略向用户发送下行报文。通过上述过程, 实现了二层网 络连接通道的建立。 The process of processing the downlink packet in the access aggregation network is as follows: The IP edge node receives the downlink packet sent to the user from the IP network, and adds the Ethernet frame header of the user to the downlink packet by checking the user access address table. / or the carrier's Ethernet frame header, and then the downlink ^ 1艮 text is transmitted to the access aggregation network. The downlink packet of the carrier Ethernet frame header is transmitted in the Ethernet network by means of the carrier Ethernet frame header. After the downlink packet arrives at the access node, the access node removes the carrier Ethernet frame header and then passes Check the downlink forwarding parameter table and other policies to send downlink packets to the user. Through the above process, the establishment of a Layer 2 network connection channel is realized.
图 3A是本发明实施例网络通信系统与用户设备及其他网络的组网示意 图:  FIG. 3A is a schematic diagram of networking of a network communication system, a user equipment, and other networks according to an embodiment of the present invention:
由该图可见,用户设备 21通过本发明实施例的网络通信系统 30中的接入 节点 302接入以太网 301 , 在接入接点 302中将用户发送的上行报文增加运营 商以太网帧头, 然后将增加了运营商以太网帧头的上行报文通过以太网 301 传送到本发明实施例的网络通信系统 30中的接入汇聚节点 303, 由接入汇聚 节点 303移除来自以太网的上行报文中的运营商以太网帧头,同时可以从上行 报文中的运营商以太网帧头获取用户接入信息,并将上行报文传送给其他网络 22。 其他网络 22可以是其他运营商的以太网络, 也可以是 IP网絡。 如果是 IP 网络,则接入汇聚节点 303还需要移除来自以太网的上行寺艮文中的用户以太网 帧头。 As shown in the figure, the user equipment 21 accesses the Ethernet 301 through the access node 302 in the network communication system 30 of the embodiment of the present invention, and adds the uplink packet sent by the user to the carrier Ethernet frame header in the access node 302. Then, the uplink packet with the carrier Ethernet frame header is transmitted to the access aggregation node 303 in the network communication system 30 of the embodiment of the present invention through the Ethernet 301, and the access aggregation node 303 removes the Ethernet from the aggregation node 303. The carrier Ethernet frame header in the uplink packet can also obtain user access information from the carrier Ethernet frame header in the uplink packet, and transmit the uplink packet to the other network 22. The other network 22 may be an Ethernet network of another carrier or an IP network. If it is IP For the network, the access aggregation node 303 also needs to remove the user Ethernet frame header from the uplink temple of the Ethernet.
在上述网络通信系统中, 当接入汇聚节点 303接收到来自其他网络 22的 下行报文后,在该下行^ =艮文中增加运营商以太网帧头、或者同时增加运营商以 太网帧头和用户以太网帧头,然后通过以太网 301将下行报文传送给接入节点 302; 再由接入节点移除来自以太网络的下行报文中的运营商以太网帧头, 将 下行报文传送给用户设备 21。  In the network communication system, after the access aggregation node 303 receives the downlink packet from the other network 22, the carrier Ethernet frame header is added to the downlink information, or the carrier Ethernet frame header is added at the same time. The user Ethernet frame header is then transmitted to the access node 302 via the Ethernet 301; the access node removes the carrier Ethernet frame header in the downlink message from the Ethernet network, and transmits the downlink message header. User equipment 21.
在上述网絡通信系统中, 接入节点为宽带网络中的宽带接入设备。  In the above network communication system, the access node is a broadband access device in the broadband network.
图 3B示出了本发明实施例网络通信系统的逻辑框图:  Figure 3B shows a logical block diagram of a network communication system in accordance with an embodiment of the present invention:
在该实施例中, 接入节点 302包括: 映射模块 321、 运营商以太网帧头生 成模块 322和上行报文封装模块 323。 其中, 映射模块 321用于存储接入节点 上行转发参数表; 运营商以太网帧头生成模块 322 用于生成运营商以太网帧 头, 包括根据所述用户的接入信息生成运营商以太网帧头中的运营商源 MAC 地址字段,并通过查找接入节点上行转发参数表生成运营商以太网帧头中的运 营商目的 MAC地址字段; 上行报文封装模块 323用于将生成的所述运营商以 太网帧头增加到所述接入节点接收的上行报文中。  In this embodiment, the access node 302 includes: a mapping module 321, a carrier Ethernet frame header generating module 322, and an uplink packet encapsulating module 323. The mapping module 321 is configured to store an access node uplink forwarding parameter table. The carrier Ethernet frame header generating module 322 is configured to generate a carrier Ethernet frame header, including generating an operator Ethernet frame according to the user access information. The carrier source MAC address field in the header, and generates an operator destination MAC address field in the carrier Ethernet frame header by looking up the access node uplink forwarding parameter table; the uplink packet encapsulating module 323 is configured to generate the generated operation The MPLS Ethernet frame header is added to the uplink packet received by the access node.
用户的接入信息包括: 用户位置信息, 和 /或用户标识, 和 /或能够唯一标 识该用户的其他信息。 用户位置信息包括以下至少之一: 接入节点的标识、 用 户接入的板的槽位号、 用户接入的端口号、 以及用户接入的逻辑链路号; 用户 标识包括以下至少之一: 接入用户的 IP地址、 接入用户的 MAC地址、 接入 用户的 IP地址的部分字段、 接入用户的 MAC地址的部分字段、 接入用户的 用户帐号、 及接入用户的某一个指定的值。  The user's access information includes: user location information, and/or user identification, and/or other information that uniquely identifies the user. The user location information includes at least one of the following: an identifier of the access node, a slot number of the board accessed by the user, a port number accessed by the user, and a logical link number accessed by the user; the user identifier includes at least one of the following: The IP address of the access user, the MAC address of the access user, the partial field of the IP address of the access user, the partial field of the MAC address of the access user, the user account of the access user, and a specified user of the access user. value.
在上述网络通信系统中,接入节点将用户的接入信息按照 MAC地址的编 码格式编制成 48位的位置信息编码。 位置信息编码包括: 宽带接入设备号、 设备框号、槽位号、端口号中的一个或多个标志用户位置所 要的信息的索引; 以及用户的 IP地址、 用户的 MAC地址、 优先级、 协议封装方法、 用户类型、 永久虚连接标识中的一个或多个描述用户特征的信息的索引。在上述网络通信 系统中,接入节点自动将上述包含接入用户的接入信息的编码作为 MAC地址 栈应用的运营商源 MAC。 上述接入节点中各单元的工作原理与前面对本发明 实施例的网絡通信方法中的描述类似, 在此不再赘述。 In the above network communication system, the access node compiles the user's access information into a 48-bit location information code according to the coding format of the MAC address. The location information coding includes: an index of information required by the one or more of the broadband access device number, the device frame number, the slot number, and the port number, and the user's IP address, the user's MAC address, and the priority. An index of one or more of the protocol encapsulation methods, user types, permanent virtual connection identifiers, and information describing the characteristics of the user. In the above network communication system, the access node automatically uses the above-mentioned code including the access information of the access user as the carrier source MAC of the MAC address stack application. The working principle of each unit in the above access node and the foregoing invention The description in the network communication method of the embodiment is similar, and details are not described herein again.
图 4是本发明实施例中运营商源 MAC地址自动分配过程的流程, 包括以 下步骤:  FIG. 4 is a flowchart of a process for automatically allocating a source MAC address of an operator in an embodiment of the present invention, including the following steps:
401 , 网络接入设备将接入用户的标识和 /或接入用户的位置信息转换成与 MAC地址编码格式相同的编码;  401. The network access device converts the identifier of the access user and/or the location information of the access user into an encoding that is the same as the encoding format of the MAC address.
402,网络接入设备自动将上述包含接入用户的接入信息的编码作为 MAC 地址栈应用的运营商源 MAC。  402. The network access device automatically uses the foregoing encoding of the access information of the access user as the carrier source MAC of the MAC address stack application.
在上述 MAC地址自动分配方法中, 用户的接入信息可以是接入用户标识 和 /或接入用户位置信息。 其中, 接入用户标识包括接入用户身份标识索引。 接入用户身份标识索引包括以下至少之一: 接入用户的 IP地址、 接入用户的 MAC地址、 接入用户的 IP地址的一部分、 接入用户的 MAC地址的一部分、 接入用户的用户帐号、及接入用户的某一个指定的值。接入用户位置信息包括 以下至少之一: 用户接入网络的网络接入设备的标识、用户在网络接入设备上 接入的框号、用户在网络接入设备上接入的用户板槽位号、 以及用户接入用户 接口板的端口号。 网络接入设备的标识包括以下至少之一: 网络接入设备的 IP 地址、 网络接入设备的名称、 为网^ 入设备配置的设备标识、 网络接入设备 的 MAC地址或 MAC地址中部分字节、 以及为网络接入设备配置的 MAC地 址或 MAC地址中部分字节。在网络接入设备中配置接入用户的标识和 /或接入 用户的位置信息与 MAC编码之间的对应关系。 MAC地址栈包括 Mac-in-Mac。  In the above automatic MAC address allocation method, the user's access information may be an access user identifier and/or an access user location information. The access user identifier includes an access user identity index. The access user identity index includes at least one of the following: an IP address of the access user, a MAC address of the access user, a part of the IP address of the access user, a part of the MAC address of the access user, and a user account of the access user. And a specified value of the access user. The access user location information includes at least one of the following: an identifier of the network access device that the user accesses the network, a frame number that the user accesses on the network access device, and a user board slot that the user accesses on the network access device. No., and the port number of the user accessing the user interface board. The identifier of the network access device includes at least one of the following: an IP address of the network access device, a name of the network access device, a device identifier configured for the network entry device, a MAC address of the network access device, or a partial word in the MAC address. Section, and part of the MAC address or MAC address configured for the network access device. The identity of the access user and/or the correspondence between the location information of the access user and the MAC code is configured in the network access device. The MAC address stack includes Mac-in-Mac.
接入用户身份标识可以是用户的 IP地址或者用户的 MAC地址或用户 IP 地址的一部分或者用户的 MAC地址的一部分或者帐号或者某一个指定的值, 他们之间可以任何組合, 组合的规则可以在接入设备中配置。  The access user identity may be the user's IP address or a part of the user's MAC address or user IP address or a part of the user's MAC address or an account number or a specified value. Any combination between them may be combined. Configured in the access device.
接入用户位置信息是指用户所在的网络的接入位置 ,包含用户接入网络的 网络接入设备的标识、用户在网 娄入设备上接入的用户接口板槽位号、用户 接入用户接口板的端口号, 还可以包含逻辑链路号。  The access user location information refers to the access location of the network where the user is located, including the identifier of the network access device that the user accesses the network, the slot number of the user interface board that the user accesses the device on the network, and the user access user. The port number of the interface board, which can also contain the logical link number.
所述的网络接入设备的标识包括: 设备的 IP地址、 设备的名称、 配置的 设备标识、 设备的 MAC地址、 配置的 MAC地址段。  The identifier of the network access device includes: an IP address of the device, a name of the device, a configured device identifier, a MAC address of the device, and a configured MAC address segment.
例如, 接入节点配置一个或者多个 MAC地址段, 如: MAC 地址段: OxOOEO-FCl 1-0000, MASK: 0xFFFF-FFFF-0000, MAC地址段可以标识接入节 点, MAC地址段可以根据网络规划配置; 接入节点自动通过用户的节点用户 位置信息和配置的 MAC地址段结合生成用户的 Mac- in-Mac隧道的 P-MAC SA。 用户的节点位置信息可以标识为如下形式,框号 /槽号 /子槽 /端口号 + [vpi, vci]+[vlan]、 框号 /槽号 /子槽 /端口号 + [vpi, vci]、 框号 /槽号 /子槽 /端口号 + [vlan]、 框号 /槽号 /子槽 /端口号等等, 节点用户位置信息按一定的格式编码, 编码的长度为 MAC段分配的长度。 如: 框号 /槽号 /子槽 /端口号为 0/1/0/63格 式为 203f , 那 么 用 户 的 P-MAC SA 为 0x00E0-FCll-203F, 同 时 0x00E0-FCll-203F可以标识该用户, 所述的 P-MAC SA是上行报文的运营商 源 MAC。 For example, the access node is configured with one or more MAC address segments, such as: MAC address segment: OxOOEO-FCl 1-0000, MASK: 0xFFFF-FFFF-0000, the MAC address segment can identify the access segment. Point, the MAC address segment can be configured according to the network plan; the access node automatically combines the user's node user location information with the configured MAC address segment to generate the P-MAC SA of the user's Mac-in-Mac tunnel. The user's node location information can be identified as follows: frame number / slot number / subslot / port number + [vpi, vci] + [vlan], frame number / slot number / subslot / port number + [vpi, vci] , frame number / slot number / subslot / port number + [vlan], frame number / slot number / subslot / port number, etc., node user location information is encoded according to a certain format, the length of the code is the length of the MAC segment allocation . For example, the frame number/slot number/sub-slot/port number is 0/1/0/63 format is 203f, then the user's P-MAC SA is 0x00E0-FCll-203F, and 0x00E0-FCll-203F can identify the user. The P-MAC SA is an operator source MAC of the uplink packet.
接入节点用户上行报文的 P-MAC DA可以通过以下规则产生:  The P-MAC DA of the uplink packet of the access node user can be generated by the following rules:
一. 配置  I. Configuration
1、 网络管理者可以在接入节点配置上行报文的 P- MAC DA, 配置方法可 以灵活配置, 如: 一个接入节点统一配置一个上行报文的 P-MAC DA, 所有用 户共用这个上行报文的 P-MAC DA,按照端口配置,一个端口配置一个上行报 文的 P-MAC DA, 端口内所有报文业务共用这个上行报文的 P-MAC DA, 按 照端口链路配置,一个端口的逻辑链路配置一个上行报文的 P-MAC DA,端口 内该链路上的所有报文业务共用这个上行报文的 P-MAC DA。上述这些配置不 是互斥, 可以结合使用, 接入节点根据实际配置策略保存这些上行报文的 P-MAC DA于接入节点上行转发参数表。  1. The network administrator can configure the P-MAC DA of the uplink packet on the access node. The configuration method can be flexibly configured. For example, one access node uniformly configures an uplink packet for P-MAC DA, and all users share the uplink packet. The P-MAC DA of the text is configured according to the port, and one port is configured with a P-MAC DA of the uplink packet, and all the packet services in the port share the P-MAC DA of the uplink packet, according to the port link configuration, one port The logical link is configured with a P-MAC DA of the uplink packet, and all the packet services on the link share the P-MAC DA of the uplink packet. The foregoing configuration is not mutually exclusive and can be used in combination. The access node saves the P-MAC DA of the uplink packet to the uplink forwarding parameter list of the access node according to the actual configuration policy.
2、 网络管理者可以在接入节点配置上行 P-MAC DA和上行 C-MAC DA 的接入节点上行转发参数表, 配置方法可以灵活配置, 如: 一个接入节点统一  2. The network administrator can configure the uplink P-MAC DA and the uplink C-MAC DA uplink forwarding parameter list in the access node, and the configuration method can be flexibly configured, for example:
发参数表,按照端口配置,一个端口配置一个或上行 P-MAC DA和上行 C-MAC DA 的接入节点上行转发参数表, 端口内所有报文业务共用这些上行 P-MAC DA和上行 C-MAC DA的接入节点上行转发参数表, 按照端口链路配置, 一 个端口的逻辑链路配置一个或多个上行 P-MAC DA和上行 C-MAC DA的接入 节点上行转发参数表, 端口内该链路上的所有报文业务共用这些上行 P-MAC DA和上行 C-MAC DA的接入节点上行转发参数表。 上述这些配置不是互斥, 可以结合使用, 接入节点根据实际配置策略保存这些上行 P-MAC DA和上行 C-MAC DA于接入节点上行转发参数表。 The parameter list is configured according to the port configuration, and one port is configured with an uplink P-MAC DA and an uplink C-MAC DA access node uplink forwarding parameter table, and all the packet services in the port share the uplink P-MAC DA and the uplink C- MAC DA access node uplink forwarding parameter table, according to port link configuration, one port logical link is configured with one or more uplink P-MAC DA and uplink C-MAC DA access node uplink forwarding parameter table, in the port All the packet services on the link share the uplink forwarding parameter table of the access nodes of the uplink P-MAC DA and the uplink C-MAC DA. These configurations are not mutually exclusive. In combination, the access node saves the uplink P-MAC DA and the uplink C-MAC DA in the access node uplink forwarding parameter table according to an actual configuration policy.
上述两种方法不是互斥的, 可以结合灵活使用。  The above two methods are not mutually exclusive and can be combined and used flexibly.
二. 动态学习机制  2. Dynamic learning mechanism
1、 接入节点根据下行方向的报文学习用户的上行 P-MAC DA 和上行 1. The access node learns the user's uplink P-MAC DA and uplink according to the downlink packet.
C-MAC DA的接入节点上行转发参数表。 下行方向指从接入节点发往用户的 方向或者汇聚节点发往接入节点方向。 The uplink forwarding parameter table of the access node of the C-MAC DA. The downlink direction refers to the direction from the access node to the user or the direction of the aggregation node to the access node.
2、 接入节点学习下行方向的报文的 P-MAC SA和 C-MAC SA, 下行方向 的报文的 P-MAC SA就是用户上行的 P-MAC DA, 下行方向的报文的 C-MAC SA就是用户上行的 C-MAC DA如果上行 P-MAC DA和上行 C-MAC DA已经 在接入节点上行转发参数表中已经存在而且一致, 则刷新状态, 如果上行 P-MAC DA和上行 C-MAC DA已经在接入节点上行转发参数表中已经存在但 是一致,则更新上行 P-MAC DA和上行 C-MAC DA的接入节点上行转发参数 表, 如果不存在, 则增加上行 P-MAC DA和上行 C-MAC DA的接入节点上行 转发参数表项目。  2. The access node learns the P-MAC SA and the C-MAC SA of the downlink packet, and the P-MAC SA of the downlink packet is the P-MAC DA of the user uplink, and the C-MAC of the downlink packet. The SA is the uplink C-MAC DA of the user. If the uplink P-MAC DA and the uplink C-MAC DA have already existed and are consistent in the uplink forwarding parameter table of the access node, the state is refreshed, if the uplink P-MAC DA and the uplink C- The MAC DA has already existed but is consistent in the access node uplink forwarding parameter table, and then updates the uplink P-MAC DA and the uplink C-MAC DA access node uplink forwarding parameter table. If not, the uplink P-MAC DA is added. And the uplink node of the uplink C-MAC DA forwards the parameter table item.
3、 接入节点主动维护上行 P-MAC DA和上行 C-MAC DA的接入节点上 行转发参数表老化机制 ,在指定周期内上行 P-MAC DA和上行 C-MAC DA的 接入节点上行转发参数表项目没有得到更新或刷新, 接入节点删除上行 P-MAC DA和上行 C-MAC DA的接入节点上行转发参数表项目。  3. The access node actively maintains the aging mechanism of the uplink forwarding parameter list of the access node of the uplink P-MAC DA and the uplink C-MAC DA, and uplinks the uplink node of the uplink P-MAC DA and the uplink C-MAC DA in the specified period. The parameter table item is not updated or refreshed, and the access node deletes the uplink forwarding parameter list item of the access node of the uplink P-MAC DA and the uplink C-MAC DA.
4、 接入节点方向用户的上行 P-MAC DA和上行 C-MAC DA的接入节点 上行转发参数表学习形式灵活配置, 如: 基于节点学习, 节点内所有用户共用 上行 P-MAC DA和上行 C-MAC DA的动态映射, 基于端口学习, 端口内所有 接入节点管理和维护用户的 MAC地址 (下行 C-MAC DA, 也就是上行 C-MAC SA)表,管理和维护过程跟普通以太网交换机管理用户的 MAC地址一 致, 具体有两种方式:  4. The access node moves the uplink P-MAC DA and the uplink C-MAC DA access node to forward the parameter table. The learning form is flexible. For example: Based on the node learning, all users in the node share the uplink P-MAC DA and uplink. Dynamic mapping of C-MAC DA, based on port learning, all access nodes in the port manage and maintain the user's MAC address (downlink C-MAC DA, also known as uplink C-MAC SA) table, management and maintenance process with ordinary Ethernet The MAC address of the switch management user is the same. There are two ways:
配置 MAC地址 (下行 C-MAC DA、 也就是上行 C-MAC S A)表: 在接入节 点配置用户的 MAC地址; 以及  Configure the MAC address (downlink C-MAC DA, that is, the uplink C-MAC S A) table: Configure the user's MAC address on the access node;
动态学习用户的 MAC地址 (下行 C-MAC DA、 也就是上行 C-MAC SA) , 接入节点根据用户上行的报文学习用户的 MAC地址 (下行 C-MAC DA、 也就 是上行 C-MAC SA), 动态学习的 MAC地址通过老化机制维护和管理用户的 MAC地址表。 Dynamically learn the user's MAC address (downstream C-MAC DA, that is, the uplink C-MAC SA), The access node learns the user's MAC address (downlink C-MAC DA, that is, the uplink C-MAC SA) according to the uplink packet of the user, and the dynamically learned MAC address maintains and manages the user's MAC address table through the aging mechanism.
图 5是本发明实施例的接入节点原理框图;  FIG. 5 is a schematic block diagram of an access node according to an embodiment of the present invention; FIG.
在该实施例中, 接入节点包括接收单元 51、 发送单元 52和以太网帧头添 加单元 53。 其中, 接收单元 51用于接收来自用户的上行报文和来自以太网络 的下行报文; 发送单元 52用于将所述上行报文发送到所述以太网中, 并将所 述下行报文发送给用户;以太网帧头添加单元 52用于为接收单元 51接收的上 行^ =艮文增加运营商以太网帧头。  In this embodiment, the access node includes a receiving unit 51, a transmitting unit 52, and an Ethernet frame header adding unit 53. The receiving unit 51 is configured to receive an uplink packet from the user and a downlink packet from the Ethernet network, where the sending unit 52 is configured to send the uplink packet to the Ethernet, and send the downlink packet. To the user; the Ethernet frame header adding unit 52 is configured to add a carrier Ethernet frame header to the uplink information received by the receiving unit 51.
以太网帧头添加单元 53可以通过图 5中所示的原理来实现, 包括: 映射 模块 531、 运营商以太网帧头生成模块 532和上行报文封装模块 533。 其中, 映射模块 531用于存储接入节点上行转发参数表;运营商以太网帧头生成模块 532用于生成运营商以太网帧头, 包括 ^据所述用户的接入信息生成运营商以 太网帧头中的运营商源 MAC地址字段, 并通过查找接入节点上行转发参数表 生成运营商以太网帧头中的运营商目的 MAC地址字段; 上行报文封装模块 533 用于将生成的所述运营商以太网帧头增加到所述接入节点接收的上行 4艮 文中。  The Ethernet frame header adding unit 53 can be implemented by using the principle shown in FIG. 5, including: a mapping module 531, a carrier Ethernet frame header generating module 532, and an uplink packet encapsulating module 533. The mapping module 531 is configured to store an access node uplink forwarding parameter table. The carrier Ethernet frame header generating module 532 is configured to generate a carrier Ethernet frame header, and generate an operator Ethernet according to the access information of the user. The carrier source MAC address field in the frame header, and the operator destination MAC address field in the carrier Ethernet frame header is generated by searching the access node uplink forwarding parameter table; the uplink packet encapsulation module 533 is configured to generate the The carrier Ethernet frame header is added to the uplink message received by the access node.
用户的接入信息包括: 用户位置信息, 和 /或用户标识, 和 /或能够唯一标 识该用户的其他信息。 用户位置信息包括以下至少之一: 接入节点的标识、 用 户接入的板的槽位号、 用户接入的端口号、 以及用户接入的逻辑链路号; 用户 标识包括以下至少之一: 接入用户的 IP地址、 接入用户的 MAC地址、 接入 用户的 IP地址的部分字段、 接入用户的 MAC地址的部分字段、 接入用户的 用户帐号、 及接入用户的某一个指定的值。  The user's access information includes: user location information, and/or user identification, and/or other information that uniquely identifies the user. The user location information includes at least one of the following: an identifier of the access node, a slot number of the board accessed by the user, a port number accessed by the user, and a logical link number accessed by the user; the user identifier includes at least one of the following: The IP address of the access user, the MAC address of the access user, the partial field of the IP address of the access user, the partial field of the MAC address of the access user, the user account of the access user, and a specified user of the access user. value.
除此之外, 该接入节点还可以通过其内部的运营商以太网帧头移除单元 54对接收的来自以太网络的下行 文进行处理, 即移除所述下行报文中的运 营商以太网帧头。 运营商以太网帧头移除单元 54将处理后的用户 >¾文交给发 送单元 52, 由发送单元 52将该报文发送给用户。  In addition, the access node may also process the received downlink text from the Ethernet network through its internal carrier Ethernet header removal unit 54 to remove the carrier Ethernet in the downlink packet. Net frame header. The carrier Ethernet frame header removing unit 54 passes the processed user>3⁄4 text to the transmitting unit 52, and the transmitting unit 52 transmits the message to the user.
图 6是本发明实施例中接入节点处理上行方向 (用户发往接入节点)报文的 处理流程图。 该处理流程包括以下步骤: 步骤 601 , 用户接入节点收到用户报文; FIG. 6 is a flowchart of processing performed by an access node in an uplink direction (a user sends an access node) message according to an embodiment of the present invention. The process flow includes the following steps: Step 601: The user access node receives the user packet.
步骤 602, 根据 Mac-in-Mac隧道的上行 P-MAC SA产生规则生成报文的 上行 P-MAC SA;  Step 602: Generate an uplink P-MAC SA of the packet according to an uplink P-MAC SA generation rule of the Mac-in-Mac tunnel.
步骤 603 , 根据配置策略查找接入节点上行转发参数得到报文的上行 P-MAC DA。 如果查找上行 P-MAC DA失败, 根据配置的策略处理报文, 如: 丢弃用户报文,或者上行 P-MAC DA默认为全 F的广播地址,上行 P-MAC DA 默认为指定的 MAC地址;  Step 603: Search for an uplink P-MAC DA of the packet by using an uplink forwarding parameter of the access node according to the configuration policy. If the uplink P-MAC DA fails to be processed, the packet is processed according to the configured policy, such as: discarding the user packet, or the uplink P-MAC DA defaults to the broadcast address of all Fs, and the uplink P-MAC DA defaults to the specified MAC address;
步骤 604, 根据配置的策略得到上行方向运营商隧道头的其他字段数据, 如 P-TAG等;  Step 604: Obtain other field data of the uplink carrier tunnel header, such as a P-TAG, according to the configured policy.
步骤 605, 接入节点将得到的运营商隧道头数据增加到收到的用户报文头 部;  Step 605: The access node adds the obtained carrier tunnel header data to the received user packet header.
步骤 606,接入节点对报文进行一些其他必要的处理,例如,对 service label 和 /或 P-TAG进行赋值和 /映射处理;  Step 606: The access node performs some other necessary processing on the packet, for example, performing assignment and/or mapping processing on the service label and/or the P-TAG.
步骤 607 , 根据运营商以太网帧头转发增加了运营商以太网帧头的以太网 报文。  Step 607: The Ethernet packet of the carrier Ethernet frame header is added according to the carrier Ethernet frame header forwarding.
图 7是本发明实施例中接入节点处理下行报文的处理流程图。该处理流程 包括以下步骤:  FIG. 7 is a flowchart of a process for an access node to process a downlink packet according to an embodiment of the present invention. The process flow includes the following steps:
步骤 701, 用户接入节点收到上层设备发往用户的具有运营商以太网帧头 的下行报文;  Step 701: The user access node receives a downlink packet that is sent by the upper-layer device to the user and has an operator Ethernet frame header.
步骤 702, 移除下行报文的 Mac-in-Mac隧道信息数据, 如运营商以太网 帧头;  Step 702: Remove the Mac-in-Mac tunnel information data of the downlink packet, such as a carrier Ethernet frame header.
步骤 703 , 根据报文的下行 C-MAC DA查找表项 (接入节点下行转发参 数表 )得到用户(下行 C-MAC DA)所在链路, 然后根据策略做一些必要处理, 例如, 对 service label和 /或 P-TAG进行赋值和 /映射处理;  Step 703: Obtain a link where the user (downlink C-MAC DA) is located according to the downlink C-MAC DA lookup entry of the packet (the downlink forwarding parameter table of the access node), and then perform some necessary processing according to the policy, for example, the service label And/or P-TAG for assignment and/or mapping processing;
步骤 704, 转发用户报文到用户所在端口链路或逻辑链路。  Step 704: Forward the user packet to the port link or logical link where the user is located.
接入汇聚节点 (IP Edge 节点)上行 P-MAC SA (下行 P-MAC DA)和上行 C-MAC SA(下行 C-MAC DA)的关联关系获取方法如下:  The method for obtaining the association relationship between the access aggregation node (IP Edge node) uplink P-MAC SA (downlink P-MAC DA) and the uplink C-MAC SA (downlink C-MAC DA) is as follows:
1、配置,接入汇聚节点 (IP Edge节点)配置上行 P-MAC SA和上行 C-MAC SA的关联关系或者上行 P-MAC SA和上行 C-MAC SA以及用户 IP地址的关 联关系; 1. Configure the access aggregation node (IP Edge node) to configure the association between the uplink P-MAC SA and the uplink C-MAC SA or the relationship between the uplink P-MAC SA and the uplink C-MAC SA and the user IP address. Joint relationship
2、动态学习,接入汇聚节点 (IP Edge节点)通过协议动态学习上行 P-MAC SA和上行 C-MAC SA的关联关系或者上行 P-MAC SA和上行 C-MAC SA以 及用户 IP地址的关联关系, 如通过 ARP协议, 接入汇聚节点解析与用户之间 的 ARP协议报文,可以通过 ARP报文得到用户的 IP、用户的 MAC (上行 C-MAC SA)、上行 P-MAC SA;接入汇聚节点的 ARP表项需要做一定的扩充作为用户 接入地址表, 需要记录用户的 IP、 或用户的 MAC (上行 C-MAC SA)、 或上行 P-MAC SA, 但是不需要修改 ARP协议本身, 上行 P-MAC SA是从 ARP报文 的以太网帧头的运营商以太网帧头得到的。  2. Dynamic learning, the access aggregation node (IP Edge node) dynamically learns the association between the uplink P-MAC SA and the uplink C-MAC SA or the association between the uplink P-MAC SA and the uplink C-MAC SA and the user IP address through the protocol. Relationships, such as the ARP protocol, the access aggregation node resolves the ARP protocol packets with the user, and obtains the user's IP, the user's MAC (uplink C-MAC SA), and the uplink P-MAC SA through the ARP packet. The ARP entry of the aggregation node needs to be augmented as the user access address table. The IP address of the user or the MAC address of the user (uplink C-MAC SA) or the uplink P-MAC SA needs to be recorded, but the ARP protocol does not need to be modified. In itself, the upstream P-MAC SA is obtained from the carrier Ethernet frame header of the Ethernet frame header of the ARP packet.
接入汇聚节点 ( IP Edge节点)下行 P-MAC DA (上行 P-MAC SA)管理: Access aggregation node (IP Edge node) downlink P-MAC DA (upstream P-MAC SA) management:
1、 配置, 下行 P-MAC DA配置到接入汇聚节点 (IP Edge节点)的指定链路 上, 然后用于下行报文转发; 1. Configure the downlink P-MAC DA to be configured on the specified link of the access aggregation node (IP Edge node), and then used for downlink packet forwarding.
2、 动态学习: 同普通的以太网 MAC地址学习机制一样, 接入汇聚节点 根据上行的用户报文学习上行 P-MAC SA, 学习到的上行 P-MAC SA用于用 户下行报文转发。  2. Dynamic learning: As with the normal Ethernet MAC address learning mechanism, the access aggregation node learns the uplink P-MAC SA according to the uplink user packet, and the learned uplink P-MAC SA is used for user downlink packet forwarding.
图 8是本发明实施例的接入汇聚节点的原理框图:  FIG. 8 is a schematic block diagram of an access aggregation node according to an embodiment of the present invention:
该接入汇聚节点包括: 接收单元 81、 发送单元 82和以太网帧头添加单元 83。 其中, 接收单元 81用于接收来自所述接入汇聚节点所属的本以太网的上 行报文和来自其他以太网的下行报文; 发送单元 82用于将所述上行报文发送 给所述其他以太网, 并将所述下行报文发送到本以太网; 以太网帧头添加单元 83用于在所述其他以太网的下行报文中增加运营商以太网帧头和 /或用户以太 网帧头。 以太网帧头添加单元 83的具体实现方式可以参照图 5所示本发明实 施例的接入节点中的以太网帧头添加单元 53, 在此不再赘述。  The access aggregation node includes: a receiving unit 81, a transmitting unit 82, and an Ethernet frame header adding unit 83. The receiving unit 81 is configured to receive an uplink packet from the local Ethernet network to which the access aggregation node belongs and a downlink packet from another Ethernet. The sending unit 82 is configured to send the uplink packet to the other packet. Ethernet, and sending the downlink packet to the local Ethernet; the Ethernet frame header adding unit 83 is configured to add a carrier Ethernet frame header and/or a user Ethernet frame to the other Ethernet downlink packets. head. For the specific implementation of the Ethernet frame header adding unit 83, reference may be made to the Ethernet frame header adding unit 53 in the access node of the embodiment of the present invention shown in FIG.
另外, 在该接入汇聚节点中还可以设置有运营商以太网帧头移除单元 84, 用于移除所述上行 4艮文中的运营商以太网帧头。  In addition, an operator Ethernet frame header removing unit 84 may be further disposed in the access aggregation node, for removing the carrier Ethernet frame header in the uplink message.
图 9是本发明实施例的接入汇聚节点处理上行报文的流程图。该处理流程 包括以下步骤:  FIG. 9 is a flowchart of processing an uplink packet by an access aggregation node according to an embodiment of the present invention. The process flow includes the following steps:
步骤 901 , IP Edge节点收到用户的上行以太网报文;  Step 901: The IP Edge node receives the uplink Ethernet packet of the user.
步驟 902,处理用户的以太网报文,如移除以太网帧头 (用户以太网帧头和 /或运营商以太网帧头); Step 902, processing a user's Ethernet message, such as removing an Ethernet frame header (user Ethernet frame header and / or carrier Ethernet frame header);
其中, 如果需要获取用户接入信息, IP Edge节点可以从运营商以太网帧 头获取用户的接入信息。  If the user access information needs to be obtained, the IP Edge node can obtain the access information of the user from the carrier Ethernet frame header.
步骤 903, 将处理后的用户报文根据目的 IP或以太网帧头转发到相应的 IP网络或者其他网络(例如以太网, VPN等)。  Step 903: Forward the processed user packet to the corresponding IP network or other network (such as Ethernet, VPN, etc.) according to the destination IP or Ethernet frame header.
图 10是本发明实施例的接入汇聚节点处理下行报文的流程图。 该处理流 程包括以下步骤:  FIG. 10 is a flowchart of processing a downlink packet by an access aggregation node according to an embodiment of the present invention. The process flow includes the following steps:
步骤 1001 , IP Edge节点收到需要发往用户的 IP ^艮文或其他报文; 步驟 1002, 根据目的 IP地址或者用户 MAC地址查找用户接入地址表, 得到下行 P-MAC DA和下行 C-MAC DA;  Step 1001: The IP Edge node receives the IP address or other message that needs to be sent to the user. Step 1002: Search for the user access address table according to the destination IP address or the user MAC address, and obtain the downlink P-MAC DA and the downlink C- MAC DA;
步骤 1003, 按照配置的策略给 文增加用户的以太网帧头和运营商的以 太网帧头;  Step 1003: Add a user's Ethernet frame header and an operator's Ethernet frame header according to the configured policy.
步驟 1004,根据下行 P-MAC DA查找下行 P-MAC DA表项得到目的端口, 然后做一些其他必要的处理, 例如, 对 service label和 /或 P-TAG进行赋值处 理, 发送具有用户的以太网帧头和运营商的以太网帧头的报文。  Step 1004: Find a downlink P-MAC DA entry according to the downlink P-MAC DA to obtain a destination port, and then perform some other necessary processing, for example, assigning a service label and/or a P-TAG, and sending an Ethernet with a user. The header of the frame header and the carrier's Ethernet frame header.
图 11是本发明实施例的用户接入信息提供方法的流程图。 该方法包括以 下步骤:  FIG. 11 is a flowchart of a method for providing user access information according to an embodiment of the present invention. The method includes the following steps:
111 , 用户接入网络时, 接入节点获取用户接入信息;  111. When the user accesses the network, the access node acquires user access information.
接入节点可以从收到的包含用户接入信息的报文中提取出该用户接入信 息;  The access node may extract the user access information from the received packet containing the user access information;
112, 接入节点将获取的用户接入信息转换成预定格式的信息编码; 可以根据应用环境需求, 将用户接入信息转换成 MAC地址编码格式, 或 802.1 Q Tag格式, 或服务标签格式的信息编码。  112. The access node converts the obtained user access information into an information code of a predetermined format. The user access information may be converted into a MAC address encoding format, or an 802.1 Q tag format, or a service tag format information according to an application environment requirement. coding.
113 , 将所述信息编码作为报文头的相应字段插入来自用户的报文; 所述相应字段包括 MAC地址字段或 802.1Q Tag字段或服务标签字段; 113. Insert the information encoding as a corresponding field of the packet header into the packet from the user; the corresponding field includes a MAC address field or an 802.1Q Tag field or a service label field;
114, 转发插入了所述信息编码的用户报文。 114. Forward a user message with the information code inserted.
在上述用户接入信息提供方法中, 用户的接入信息包括以下至少之一: 用 户接入的接入设备的标识、用户在接入设备上接入的框号、用户在接入设备上 接入的板的槽位号、用户在接入设备上接入的板的端口号、 以及用户在接入设 备上接入的逻辑链路号。 In the foregoing user access information providing method, the access information of the user includes at least one of the following: an identifier of the access device accessed by the user, a frame number accessed by the user on the access device, and the user accessing the access device. The slot number of the incoming board, the port number of the board that the user accesses on the access device, and the user's access settings. The logical link number of the access device.
在上述用户接入信息提供方法中, 预定格式是报文头中相应字段编码格 式。 网络接入设备将所接入的用户的接入信息转换成与报文头中的 MAC地址 编码格式或 802.1Q Tag或 Service Label相同的信息编码。 新增艮文头包括 Mac-in-Mac报文头。 相应字段包括: P-Mac SA、 P-Tag、 Service Label, 或其 他相应字段。 若新增报文头为 Mac-in-Mac, 则网络接入设备接收来自用户的 4艮文并新增 Mac-in-Mac报文头, 将用户的接入信息与 Mac-in-Mac报文中的 P-Mac SA相对应。 若新增报文头为 Mac-in-Mac, 则网络接入设备接收来自用 户的报文并新增 Mac-in-Mac报文头,将用户的接入信息与 Mac-in- Mac报文中 的 P-Mac SA和 P-tag相对应。 网络接入设备为宽带网络中的宽带接入设备。 在宽带接入设备中配置用户的接入信息与信息编码之间的对应关系。网絡接入 设备将用户的接入信息按照 MAC地址的编码格式编制为 48位的 MAC编码。 接入信息编码包括: 宽带接入设备号、设备框号、 槽位号、 端口号中的一个或 多个标志用户位置所需要的信息的索引; 以及用户的 MAC地址、 优先级、 协 议封装方法、用户类型、永久虚连接标识中的一个或多个描迷用户特征的信息 的索引。  In the above method for providing user access information, the predetermined format is a corresponding field coding format in the header. The network access device converts the access information of the accessed user into the same information encoding as the MAC address encoding format or the 802.1Q Tag or Service Label in the packet header. Added headers including Mac-in-Mac headers. The corresponding fields are: P-Mac SA, P-Tag, Service Label, or other corresponding fields. If the new header is Mac-in-Mac, the network access device receives 4 messages from the user and adds a Mac-in-Mac header to the user's access information and Mac-in-Mac. The P-Mac SA in the text corresponds. If the newly added packet header is Mac-in-Mac, the network access device receives the message from the user and adds a Mac-in-Mac packet header to the user's access information and the Mac-in-Mac message. The P-Mac SA in the middle corresponds to the P-tag. The network access device is a broadband access device in a broadband network. The correspondence between the user's access information and the information encoding is configured in the broadband access device. The network access device compiles the user's access information into a 48-bit MAC code according to the encoding format of the MAC address. The access information coding includes: an index of one or more information required to mark the user's location in the broadband access device number, the device frame number, the slot number, and the port number; and the MAC address, priority, and protocol encapsulation method of the user An index of one or more of the user type, permanent virtual connection identifiers that describe the characteristics of the user.
在本发明实施例中, 接入节点 (AN, Access Node )是指运营商为用户提 供接入的网络设备或装置或网元,本发明所提到的用户接入节点是指距离用户 最近的、能够提供本发明上面功能的接入网络节点,如: DSLAM, LANSWITCH (局域网交换机)等。  In the embodiment of the present invention, an access node (AN, Access Node) refers to a network device or device or a network element that an operator provides access to a user, and the user access node mentioned in the present invention refers to a user that is closest to the user. An access network node capable of providing the above functions of the present invention, such as: DSLAM, LANSWITCH (Local Area Network Switch), and the like.
接入汇聚节点 (IP Edge 节点)是指运营商为接入网用户提供汇聚功能的网 络设备或装置或网元, 它处于 IP网络边沿、 能够提供本发明上面功能的汇聚 的网络节点, 如: BRAS ( Broadband Remote Access Server, 宽带远程接入服 务器)、 IP ROUTER (因特网路由器)、 LANSWITCH (局域网交换机)、 BNG ( Broadband Network Gateway, 宽带网关)等。 以上所述仅为本发明的优选实 施例而已, 并不用于限制本发明, 对于本领域的技术人员来说, 本发明可以有 各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、 改进等, 均应包含在本发明的保护范围之内。  The access aggregation node (IP Edge node) refers to a network device or device or network element that provides an aggregation function for the access network user. It is located at the edge of the IP network and can provide the aggregation network node of the above functions of the present invention, such as: BRAS (Broadband Remote Access Server), IP ROUTER (Internet Router), LANSWITCH (LAN Switch), BNG (Broadband Network Gateway), and so on. The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 Rights request
1.一种网络通信方法, 其特征在于, 包括:  A network communication method, comprising:
接入节点接收来自用户的上行报文,增加运营商以太网帧头后发送所述上 行报文;  The access node receives the uplink packet from the user, and adds the carrier Ethernet frame header to send the uplink packet;
根据所述运营商以太网帧头在以太网中传输所述上行报文;  Transmitting the uplink packet in an Ethernet according to the carrier Ethernet frame header;
接入汇聚节点接收所述上行报文,移除所述上行 ^艮文中的所述运营商以太 网帧头, 并将所述上行报文传送给另一网络。  The access aggregation node receives the uplink packet, removes the carrier Ethernet frame header in the uplink packet, and transmits the uplink packet to another network.
2.根据权利要求 1 所述的网络通信方法, 其特征在于, 所述增加运营商 以太网帧头的步骤包括:  The network communication method according to claim 1, wherein the step of increasing a carrier Ethernet frame header comprises:
所述接入节点 居所述用户的接入信息生成运营商以太网帧头中的运营 商源 MAC地址字段。  The access node of the access node generates an operator source MAC address field in an operator Ethernet frame header.
3.根据权利要求 2所述的网絡通信方法, 其特征在于, 所述用户的接入 信息包括: 用户位置信息和 /或用户标识。  The network communication method according to claim 2, wherein the access information of the user comprises: user location information and/or user identity.
4.根据权利要求 2所述的网络通信方法, 其特征在于,  The network communication method according to claim 2, characterized in that
所述接入节点将接入用户的用户标识和 /或接入用户的位置信息转换成与 The access node converts the user identifier of the access user and/or the location information of the access user into
MAC地址编码格式相同的编码; 以及 The encoding of the same MAC address encoding format;
所述接入节点将所述包含接入用户标识和 /或接入用户位置信息的编码作 为 MAC地址栈应用的运营商源 MAC。  The access node uses the code containing the access user identity and/or the access user location information as the carrier source MAC of the MAC address stack application.
5.根据权利要求 1所述的网絡通信方法,其特征在于, 所述增加运营商以 太网帧头的步骤还包括:  The network communication method according to claim 1, wherein the step of adding an operator Ethernet frame header further comprises:
所述接入节点通过接入节点上行转发参数表生成以太网帧头的运营商目 的 MAC地址字段, 所述接入节点上行转发参数表包括上行报文的运营商目的 MAC地址和用户的对应关系。  The access node generates an operator destination MAC address field of the Ethernet frame header by using an access node uplink forwarding parameter table, where the uplink forwarding parameter table of the access node includes the carrier's destination MAC address of the uplink packet and the corresponding relationship of the user. .
6.根据权利要求 5所述的网络通信方法, 其特征在于, 所述方法还包括: 所述接入节点根据下行报文学习用户的上行报文的运营商目的 MAC地址 和上行 ^艮文的用户目的 MAC地址, 并根据学习到的运营商目的 MAC地址和 上行报文的用户目的 MAC地址生成所述接入节点。  The network communication method according to claim 5, wherein the method further comprises: the access node learning an operator's destination MAC address and an uplink message of the uplink message of the user according to the downlink message The user destination MAC address is generated, and the access node is generated according to the learned carrier MAC address and the user destination MAC address of the uplink packet.
7.根据权利要求 1至 6任一项所述的网络通信方法, 其特征在于, 所述 方法还包括: 所述接入汇聚节点在来自所述另一网络的下行报文中增加运营商以太网 帧头和 /或用户以太网帧头; The network communication method according to any one of claims 1 to 6, wherein the method further comprises: Adding, by the access aggregation node, a carrier Ethernet frame header and/or a user Ethernet frame header in a downlink message from the another network;
根据所述运营商以太网帧头在以太网中传输所述下行报文;  Transmitting the downlink packet in an Ethernet according to the carrier Ethernet frame header;
所述接入节点移除来自所述以太网络的所述下行^ ^文中的运营商以太网 帧头, 并将所述下行艮文传送给所述用户。  The access node removes a carrier Ethernet frame header from the downlink network of the Ethernet network, and transmits the downlink message to the user.
8.根据权利要求 7所述的网絡通信方法, 其特征在于, 所述接入节点通 过查接入节点下行转发参数表将所述下行报文传送给所述用户。  The network communication method according to claim 7, wherein the access node transmits the downlink message to the user by checking a downlink forwarding parameter table of the access node.
9.一种用户接入信息提供方法, 其特征在于, 包括:  A user access information providing method, comprising:
将用户接入信息转换成预定格式的信息编码;  Converting user access information into an information code of a predetermined format;
将所述信息编码作为报文头的相应字段插入来自所述用户的报文; 转发所述报文。  Transmitting the information as a corresponding field of the packet header into the packet from the user; forwarding the packet.
10. 根据权利要求 9所述的用户接入信息提供方法, 其特征在于, 将所 述用户接入信息转换成 MAC地址编码格式或 802.1Q Tag格式或服务标签格式 的信息编码。  The user access information providing method according to claim 9, wherein the user access information is converted into an information encoding of a MAC address encoding format or an 802.1Q Tag format or a service tag format.
11.根据权利要求 9所述的用户接入信息提供方法, 其特征在于, 所述相 应字段包括 MAC地址字段或 802.1Q Tag字段或服务标签字段。  The user access information providing method according to claim 9, wherein the corresponding field comprises a MAC address field or an 802.1Q Tag field or a service tag field.
12. 根据权利要求 9所述的用户接入信息提供方法, 其特征在于, 所述方 法还包括:  The method for providing user access information according to claim 9, wherein the method further comprises:
接入服务器从收到的包含所述用户接入信息的报文中提取用户接入信息。  The access server extracts user access information from the received message containing the user access information.
13. 一种网络通信系统, 其特征在于, 包括: 通过以太网连接的接入节点 和接入汇聚节点; A network communication system, comprising: an access node and an access aggregation node connected through an Ethernet;
所述接入节点用于接收来自用户的上行报文,并为所接收到的上行报文增 加运营商以太网帧头, 然后将所述上行报文发送到以太网中;  The access node is configured to receive an uplink message from the user, add a carrier Ethernet frame header to the received uplink message, and then send the uplink message to the Ethernet;
所述接入汇聚节点用于移除来自所述以太网的所述上行报文中的所述运 营商以太网帧头, 并将所述上行报文传送给另一网络。  The access aggregation node is configured to remove the operator Ethernet frame header in the uplink packet from the Ethernet, and transmit the uplink packet to another network.
14.根据权利要求 13 所述的网络通信系统, 其特征在于, 所述接入节点 包括:  The network communication system according to claim 13, wherein the access node comprises:
映射模块, 用于存储接入节点上行转发参数表;  a mapping module, configured to store an access node uplink forwarding parameter table;
运营商以太网帧头生成模块,用于生成运营商以太网帧头, 包括根据所述 用户的接入信息生成运营商以太网帧头中的运营商源 MAC地址字段, 并通过 所述接入节点上行转发参数表生成运营商以太网帧头中的运营商目的 MAC地 址字段; a carrier Ethernet frame header generating module, configured to generate a carrier Ethernet frame header, including according to the The user's access information generates an operator source MAC address field in the carrier Ethernet frame header, and generates an operator destination MAC address field in the carrier Ethernet frame header by using the access node uplink forwarding parameter table;
上行报文封装模块,用于将生成的所述运营商以太网帧头增加到所述接入 节点接收的上行报文中。  The uplink packet encapsulating module is configured to add the generated carrier Ethernet frame header to the uplink packet received by the access node.
15.根据权利要求 13所述的网络通信系统, 其特征在于, 所述接入汇聚 节点进一步用于在来自所述另一网络的下行报文中增加运营商以太网帧头和 / 或用户以太网帧头, 并通过所述以太网将所述下行^ =艮文发送给所述接入节点。  The network communication system according to claim 13, wherein the access aggregation node is further configured to add a carrier Ethernet frame header and/or a user Ethernet in a downlink message from the another network. And a network frame header, and sending the downlink information to the access node by using the Ethernet.
16.根据权利要求 15所述的网络通信系统, 其特征在于, 所述接入节点 进一步用于移除来自所述以太网络的所述下行^ ¾文中的所述运营商以太网帧 头, 并将所述下行报文传送给所述用户。  The network communication system according to claim 15, wherein the access node is further configured to remove the carrier Ethernet frame header in the downlink message from the Ethernet network, and Transmitting the downlink message to the user.
17. 一种接入节点, 包括:  17. An access node, comprising:
接收单元, 用于接收来自用户的上行报文和来自以太网络的下行报文; 发送单元, 用于将所述上行 4艮文发送到所述以太网中, 并将所述下行报文 发送给用户;  a receiving unit, configured to receive an uplink message from the user and a downlink message from the Ethernet network, where the sending unit is configured to send the uplink message to the Ethernet, and send the downlink message to User
其特征在于, 还包括:  It is characterized in that it further comprises:
以太网帧头添加单元,用于为所述接收单元接收的上行 4艮文增加运营商以 太网帧头。  An Ethernet frame header adding unit is configured to add an operator Ethernet frame header to the uplink message received by the receiving unit.
18. 根据权利要求 17所述的接入节点, 其特征在于, 所述以太网帧头添 力口单元包括:  The access node according to claim 17, wherein the Ethernet frame header adding port unit comprises:
映射模块, 用于存储接入节点上行转发参数表;  a mapping module, configured to store an access node uplink forwarding parameter table;
运营商以太网帧头生成模块, 用于生成运营商以太网帧头, 包括根据所述 用户的接入信息生成运营商以太网帧头中的运营商源 MAC地址字段, 并通过 所述接入节点上行转发参数表生成运营商以太网帧头中的运营商目的 MAC地 址字段;  The carrier Ethernet frame header generating module is configured to generate a carrier Ethernet frame header, and generate an operator source MAC address field in the carrier Ethernet frame header according to the access information of the user, and pass the access The node uplink forwarding parameter table generates a carrier destination MAC address field in the carrier Ethernet frame header;
上行报文封装模块,用于将生成的所述运营商以太网帧头增加到所述接入 节点接收的上行报文中。  The uplink packet encapsulating module is configured to add the generated carrier Ethernet frame header to the uplink packet received by the access node.
19.根据权利要求 17或 18所述的接入节点, 其特征在于, 所述接入节点 还包括: 运营商以太网帧头移除单元 ,用于移除所述下行报文中的运营商以太网帧 头。 The access node according to claim 17 or 18, wherein the access node further comprises: The carrier Ethernet frame header removing unit is configured to remove a carrier Ethernet frame header in the downlink packet.
20. 一种接入汇聚节点, 包括:  20. An access aggregation node, comprising:
接收单元,用于接收来自所述接入汇聚节点所属的本以太网的上行报文和 来自其他以太网的下行报文;  a receiving unit, configured to receive an uplink packet from the local Ethernet to which the access aggregation node belongs and a downlink packet from another Ethernet;
发送单元, 用于将所述上行报文发送给所述其他以太网, 并将所述下行报 文发送到本以太网;  a sending unit, configured to send the uplink packet to the other Ethernet, and send the downlink packet to the local Ethernet;
其特征在于, 还包括:  It is characterized in that it further comprises:
以太网帧头添加单元,用于在所述其他以太网的下行报文中增加运营商以 太网帧头和 /或用户以太网帧头。  An Ethernet frame header adding unit is configured to add an operator Ethernet frame header and/or a user Ethernet frame header to the downlink packets of the other Ethernet.
21. 根据权利要求 20所述的接入汇聚节点, 其特征在于, 所述接入汇聚 节点还包括:  The access aggregation node according to claim 20, wherein the access aggregation node further comprises:
运营商以太网帧头移除单元,用于移除所述上行艮文中的运营商以太网帧 头。  A carrier Ethernet frame header removing unit is configured to remove a carrier Ethernet frame header in the uplink message.
PCT/CN2007/001314 2006-04-29 2007-04-20 Method and system of network communication WO2007124679A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2006100786541A CN101047631A (en) 2006-04-29 2006-04-29 Customer position information transmitting method, MAC address automatic allocating method, network creating method and system
CN200610078654.1 2006-04-29

Publications (1)

Publication Number Publication Date
WO2007124679A1 true WO2007124679A1 (en) 2007-11-08

Family

ID=38655070

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001314 WO2007124679A1 (en) 2006-04-29 2007-04-20 Method and system of network communication

Country Status (2)

Country Link
CN (1) CN101047631A (en)
WO (1) WO2007124679A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124566A (en) * 2021-12-07 2022-03-01 广州尚航信息科技股份有限公司 Network attack remote real-time monitoring method and system for exchange unit

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101772027A (en) * 2008-12-31 2010-07-07 华为技术有限公司 Method for allocating user identifier for terminal and paging controller
CN102377632B (en) * 2010-08-06 2014-08-20 北京乾唐视联网络科技有限公司 Method and system compatible with Ethernet
CN102318322B (en) * 2011-07-28 2013-10-09 华为技术有限公司 Device and method for distributing MAC address
CN102868761B (en) * 2012-09-28 2014-10-22 无锡江南计算技术研究所 Cluster network automatic configuration and management method based on space coordinates
CN103731352B (en) * 2013-12-26 2017-12-22 华为技术有限公司 A kind of message processing method and device
CN104780121B (en) * 2015-04-30 2018-05-08 新华三技术有限公司 A kind of file transmitting method and device
CN106487683A (en) * 2015-08-27 2017-03-08 中兴通讯股份有限公司 A kind of processing method and processing device of message
CN106856454A (en) * 2015-12-09 2017-06-16 北京华为数字技术有限公司 A kind of method of message forwarding, equipment and system
WO2018049690A1 (en) * 2016-09-19 2018-03-22 华为技术有限公司 Packet transmission method, apparatus and system
CN109547487A (en) * 2018-12-28 2019-03-29 北京奇安信科技有限公司 Message treatment method, apparatus and system
CN112532501B (en) * 2019-09-18 2023-04-18 中国电信股份有限公司 Host physical address processing method and device and computer readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040184408A1 (en) * 2003-03-22 2004-09-23 Sbc Properties, L.P. Ethernet architecture with data packet encapsulation
US20040202199A1 (en) * 2003-04-11 2004-10-14 Alcatel Address resolution in IP interworking layer 2 point-to-point connections
CN1549503A (en) * 2003-05-07 2004-11-24 ��Ϊ�������޹�˾ Method for transmitting user position information in network communication system
CN1571395A (en) * 2003-07-17 2005-01-26 华为技术有限公司 A method for bearing IP message protocol on ATM network supported by broadband access equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040184408A1 (en) * 2003-03-22 2004-09-23 Sbc Properties, L.P. Ethernet architecture with data packet encapsulation
US20040202199A1 (en) * 2003-04-11 2004-10-14 Alcatel Address resolution in IP interworking layer 2 point-to-point connections
CN1549503A (en) * 2003-05-07 2004-11-24 ��Ϊ�������޹�˾ Method for transmitting user position information in network communication system
CN1571395A (en) * 2003-07-17 2005-01-26 华为技术有限公司 A method for bearing IP message protocol on ATM network supported by broadband access equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124566A (en) * 2021-12-07 2022-03-01 广州尚航信息科技股份有限公司 Network attack remote real-time monitoring method and system for exchange unit

Also Published As

Publication number Publication date
CN101047631A (en) 2007-10-03

Similar Documents

Publication Publication Date Title
WO2007124679A1 (en) Method and system of network communication
EP1875668B1 (en) Scalable system method for dsl subscriber traffic over an ethernet network
US7835370B2 (en) System and method for DSL subscriber identification over ethernet network
US6993026B1 (en) Methods, apparatus and data structures for preserving address and service level information in a virtual private network
US8243627B2 (en) Methods, apparatus and data structures for preserving address and service level information in a virtual private network
US6771673B1 (en) Methods and apparatus and data structures for providing access to an edge router of a network
US7801123B2 (en) Method and system configured for facilitating residential broadband service
US9088619B2 (en) Quality of service based on logical port identifier for broadband aggregation networks
JP4236398B2 (en) Communication method, communication system, and communication connection program
EP3499809B1 (en) Point-to-multipoint functionality in a network with bridges
WO2007147340A1 (en) Method, system and device of the ethernet technique exchanging and forwarding
WO2011069419A1 (en) Method, device and system for processing ipv6 messages
WO2008058477A1 (en) Location information management method, apparatus and system
WO2006122502A1 (en) A transmission method for message in layer 2 and an access device
WO2011032450A1 (en) Implement method and system for networks interworking
US20070258464A1 (en) Method and system for IP addressing
JP2004304574A (en) Communication equipment
EP2073506B1 (en) Method for resolving a logical user address in an aggregation network
JP3911223B2 (en) Packet transfer device
KR20060059877A (en) An arrangement and a method relating to ethernet access systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720887

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07720887

Country of ref document: EP

Kind code of ref document: A1