WO2012089027A1 - Method and device for external network interworking for user terminals with multiple access methods - Google Patents

Method and device for external network interworking for user terminals with multiple access methods Download PDF

Info

Publication number
WO2012089027A1
WO2012089027A1 PCT/CN2011/084026 CN2011084026W WO2012089027A1 WO 2012089027 A1 WO2012089027 A1 WO 2012089027A1 CN 2011084026 W CN2011084026 W CN 2011084026W WO 2012089027 A1 WO2012089027 A1 WO 2012089027A1
Authority
WO
WIPO (PCT)
Prior art keywords
port number
external network
data packet
user terminal
identity
Prior art date
Application number
PCT/CN2011/084026
Other languages
French (fr)
Chinese (zh)
Inventor
张世伟
符涛
王晓明
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012089027A1 publication Critical patent/WO2012089027A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/102Gateways
    • H04L65/1033Signalling gateways
    • H04L65/1036Signalling gateways at the edge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/06Terminal devices adapted for operation in multiple networks or having at least two operational modes, e.g. multi-mode terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/04Interfaces between hierarchically different network devices
    • H04W92/14Interfaces between hierarchically different network devices between access point controllers and backbone network device

Definitions

  • the present invention relates to the field of communications technologies, and relates to a method and device for interworking between a user terminal and an external network in multiple access modes.
  • the IP address has a dual function, namely: the communication terminal host network interface as the network layer is in the network topology.
  • the location identifier which is also the identity of the transport layer host network interface.
  • the TCP/IP design did not consider the case of host mobility at the beginning. However, as host mobility becomes more prevalent, the semantic overload defects of IP addresses are becoming increasingly apparent. When the IP address of the host changes, not only the route changes, but also the identity of the communication terminal host changes. As a result, the routing load becomes heavier and the change of the host ID causes the application and connection to be interrupted.
  • the purpose of separating the identity and location identifiers is to solve the problem of semantic overload and severe routing overload of IP addresses in TCP/IP, as well as security, so as to separate the dual functions of IP addresses, to achieve mobility, multiple townships, Support for dynamic redistribution of IP addresses, mitigation of routing load, and mutual visits between different network areas in the next generation of the Internet.
  • HIP Host Identity Protocol
  • LISP Location Identity Separation Protocol
  • SILSN Subscriber Identifier & Locator Separation Network
  • SILSN includes an Access Service Node (ASN), a User Equipment (UE), and an Identification and Locater Register (IRR).
  • ASN Access Service Node
  • UE User Equipment
  • IRR Identification and Locater Register
  • the ASN is used to access the user equipment, is responsible for accessing the user equipment, and is responsible for charging and switching functions.
  • the ILR assumes the user's location registration and identity recognition functions.
  • ASN is a logical entity, which can be a general packet radio service (General Packet) Radio Service, GPRS) Serving GPRS Support Node (SGSN), Gateway GPRS Support Node (GGSN), Packet Data Serving Node (PDSN) and Broadband Access Access (Broadband Remote Access) Server, BRAS) and other devices.
  • the above ILR may be a Key Management System (KMS), a Home Location Register (HLR), a Home Subscriber Server (HSS), an Authorization/Authentication/Payment Month in a specific application scenario. Servers (Authorization, Authentication, Accounting, AAA), and other entities that undertake end-to-end key management and negotiation functions.
  • KMS Key Management System
  • HLR Home Location Register
  • HSS Home Subscriber Server
  • AAA Authorization/Authentication/Payment Month
  • the user is identified by an Access Identification (AID) (used to identify the identity of the user), and the ASN is identified by a Route Identification (RID) (used to identify the location of the user), each Both the user and the ASN have their own independent AID or RID.
  • AID Access Identification
  • RID Route Identification
  • a user in the SILSN accesses the network through the user terminal (such as UE1), first register its location with the ILR through the ASN (ie, register the ASN under which the UE1 is located), and the ILR saves the identity AID of the user and the accessed ASN. Correspondence between route identifiers and RIDs. After the UE registers with the UE, the correspondence between the AID of the user and the RID of the accessed ASN is established.
  • UE1 needs to communicate with UE2, UE1 sends a data message, and ASN1 queries the ILR for the location of UE2, that is, which ASN UE2 is located in, and ASN9 in FIG. Then, the ASN1 sends the data packet to the corresponding ASN9, and the ASN9 sends the processed data packet to the UE2.
  • the foregoing network well implements the separation of the identity identifier and the location identifier of the UE.
  • the identity identifier does not need to be changed, and the continuity of the service in the mobile process is ensured. Route scalability and security have also improved significantly.
  • each user equipment can only access the network in one way.
  • the SILSN is not designed for simultaneous access of multiple access methods. When users access multiple networks, they can only access the network.
  • a different AID is assigned to each access mode of each terminal, which results in a situation in which a user corresponds to multiple identity identifiers, which violates the basic requirements of the uniqueness of the user identity in the SILSN. Summary of the invention
  • the object of the present invention is to provide a method for interworking between a user terminal and an external network in multiple access modes, which is applied to a network in which identity identification and location identification are separated, so that the identity and location identification are separated into multiple networks. Users entering the network can access other external networks normally.
  • the present invention provides a method for interworking between a user terminal and an external network in multiple access modes, and is applied to a network in which identity identification and location identification are separated.
  • the method includes:
  • the access node sends, to the interworking gateway node, a data packet that is sent by the source user terminal to the external network and carries the identity of the source user corresponding to the source user terminal, where the access node adds the information in the data Describe the location identifier of the access node and the address of the interworking gateway node;
  • the interworking gateway node receives the data packet, strips the location identifier of the access node, and the address of the interworking gateway node, and records the mapping relationship between the location identifier of the access node and the identity identifier of the source user;
  • the interworking gateway node sends the data packet to the external network.
  • the method further includes: the interworking gateway node mapping the port number of the source user terminal to a port number for the external network And recording the port number of the source user terminal and the port number for the external network into the mapping relationship;
  • the step of the interworking gateway node transmitting the data to the external network includes: the interworking gateway node transmitting the data packet after performing port number mapping.
  • the interworking gateway node mapping the port number of the source user terminal to The steps for the port number of the external network include:
  • the interworking gateway node checks whether there is a received data packet with the identity of the same source user, the port number of the same source user terminal, and the location identifier of the different access node.
  • the interworking gateway node looks up the identity and source user that includes the source user Mapping the port number of the terminal, if not found, mapping the port number of the source user terminal of the received data packet to the port number for the external network; if found, the datagram received this time The port number of the source user terminal in the text is mapped to a port number for the external network different from the port number of the external network corresponding to the identity of the source user in the found mapping relationship;
  • the method further includes: if the interworking gateway node detects that there is no identity identifier of the same source user, a port number of the same source user terminal, and a location identifier of a different access node that is received by the data packet received this time
  • the data packet to be sent does not perform the step of mapping the port number of the source user terminal to the port number for the external network, and directly transmits the data packet received this time to the external network.
  • the step of the interworking gateway node mapping the port number of the source user terminal to the port number for the external network includes:
  • the interworking gateway node sequentially maps the port numbers of the source user terminals in the data packets of the same source user, the port number of the same source user terminal, and the location identifier of the different source users to different external networks.
  • the port number also includes:
  • the interworking gateway node After receiving the data packet, the interworking gateway node checks whether there is a mapping relationship between the identity identifier of the source user, the port number of the source user terminal, and the location identifier of the access node in the data packet received this time. If yes, the port number of the source user terminal of the received data packet is mapped to the port number of the external network according to the detected mapping relationship, and the data packet received this time is directly sent to the external network. .
  • the method also includes:
  • the interworking gateway node searches for the location identifier of the destination user corresponding to the identity of the destination user of the data message sent by the external network, and sends the data packet sent by the external network to the location identifier of the destination user. Corresponding access node.
  • the interworking gateway node is configured to search for a location identifier of the destination user from an authentication node that is stored by the destination user and that stores the location identifier of the destination user; or
  • the interworking gateway node searches for a location identifier of the destination user from the recorded mapping relationship.
  • the method further includes:
  • the interworking gateway node checks whether the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal of the data packet sent by the external network is saved on the interworking gateway node, if yes, according to the checked The mapping relationship is performed by port number mapping.
  • the method further includes:
  • the interworking gateway node checks that the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal of the data packet sent by the external network is not saved on the interworking gateway node, the destination user is added. a mapping relationship between the identity identifier and the port number of the destination user terminal, and the identity of the destination user, the location identifier of the destination user, the port number of the destination user terminal, and the port number for the external network are saved to The added mapping relationship; wherein the port number of the destination user terminal is the same as the port number for the external network.
  • the steps of the access node include:
  • the interworking gateway node adds a destination address to the received data packet, where the destination address is the location identifier of the discovered destination user, and then sends the data packet with the destination address added to the access node corresponding to the destination address.
  • the network in which the identity identifier and the location identifier are separated is a user identity identifier and a location separation network (SILSN);
  • the access node is an access server (ASN), and the authentication node is an identity identifier and a location registration register.
  • ILR identity is an Access Identifier (AID), and the location identifier is a Route Identifier (RID).
  • the present invention also provides an interworking gateway device, which is applied to a network in which identity identification and location identification are separated, and the interworking gateway device includes:
  • a receiving module configured to receive, by the source user terminal, a data packet that is sent by the source user terminal to the external network and that carries the identity of the source user corresponding to the source user terminal, where the access node is in the datagram
  • the location identifier of the access node and the address of the interworking gateway device are added;
  • a message processing module configured to: after the location identifier of the access node and the address of the interworking gateway device are stripped from the data packet, the location identifier of the access node and the identity identifier of the source user Sending to the storage module, and sending the data packet to the sending module;
  • a storage module configured to record a mapping relationship between a location identifier of the access node and an identity identifier of the source user
  • a sending module configured to send the data message to an external network.
  • the packet processing module is further configured to: map the port number of the source user terminal to a port number for the external network, and send the port number of the source user terminal and the port number for the external network to the storage module, and set to be Transmitting, by the port number, the data packet to the sending module;
  • the storage module is further configured to record the port number of the source user terminal and the port number for the external network into the mapping relationship;
  • the sending module is configured to send the data packet after the port number mapping to the external network.
  • the packet processing module is configured to map the port number of the source user terminal to the port number for the external network as follows: After receiving the data packet, check whether there is the same source as the data packet received this time. The received data packet of the user's identity, the port number of the same source user terminal, and the location identifier of the different access node.
  • the mapping between the identity of the source user and the port number of the source user terminal is searched in the storage module. If not found, the port number of the source user terminal of the received data packet is mapped to Port number for the external network; if the mapping between the identity of the source user and the port number of the source user terminal is found, the source in the data packet received this time is used. The port number of the user terminal is mapped to a port number for the external network different from the port number of the external network corresponding to the identity of the source user in the found mapping relationship;
  • the packet processing module is further configured to: if it is found that there is no identity identifier of the same source user, a port number of the same source user terminal, and a location identifier of a different access node that is received by the data packet received this time
  • the data packet to be sent directly sends the data packet without the port number mapping to the sending module.
  • the message processing module is configured to map the port number of the source user terminal to a port number for the external network as follows:
  • the port numbers of the source user terminals in the data packets of the same source user, the port number of the same source user terminal, and the location identifier of the different source users are sequentially mapped to different port numbers for the external network.
  • the packet processing module is further configured to: after receiving the data packet, check whether the identity identifier of the source user, the port number of the source user terminal, and the source user terminal in the data packet received by the current storage module are The mapping of the location identifier of the access node, if any, maps the source user port number of the received data packet to the port number for the external network according to the detected mapping relationship.
  • the receiving module is further configured to receive a data message sent by an external network
  • the packet processing module is further configured to: search for a location identifier of the destination user corresponding to the identity identifier of the destination user of the data packet sent by the external network, and send the location identifier of the destination user to the sending module ;
  • the sending module is further configured to send the data packet sent by the external network to the access node corresponding to the location identifier of the target user.
  • the packet processing module is further configured to check whether a mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal of the data packet sent by the external network is saved in the storage module, if yes, The port number mapping is performed according to the checked mapping relationship.
  • the packet processing module is further configured to: when the storage module does not save the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal in the data packet sent by the external network, Describe the identity of the destination user, and find the location identifier of the destination user The port number of the destination user terminal and the port number for the external network are sent to the storage module; the storage module is further configured to increase the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal, The identity identifier of the destination user, the location identifier of the destination user, the port number of the destination user terminal, and the port number for the external network are saved in the added mapping relationship; wherein the port number of the destination user terminal is The port number for the external network is the same.
  • the sending module is configured to send the data packet sent by the external network to the access node corresponding to the location identifier of the destination user as follows:
  • the same AID can be used to successfully access the external network, so that basic services based on the external network can be implemented normally. Moreover, no matter how many access modes the user accesses, it is still the same IP address identifier in the external network, which is convenient for monitoring and traceability, and improves system security.
  • FIG. 1 is a schematic diagram of the SILSN architecture
  • FIG. 2 is a schematic diagram of a method for interworking between a user terminal and an external network when multiple access modes are used;
  • FIG. 3 is a schematic diagram of a data packet encapsulation format of an ASN to an ISN according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of a data packet port number of different ASNs to ISNs may be repeated;
  • FIG. 5 is a schematic diagram of port mapping of an ISN in a forward transmission according to an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of port mapping of an ISN in reverse transmission according to the present invention.
  • FIG. 7 is a schematic diagram of port mapping of all data packets by an ISN in a forward transmission according to another embodiment of the present invention.
  • FIG. 8 is a flowchart of processing a data packet sent by an ISN to an ASN according to an application example of the present invention
  • FIG. 9 is a flowchart of processing a data packet sent by an ISN to an external network according to an application example of the present invention
  • FIG. 10 is a schematic structural diagram of an interworking gateway device according to an embodiment of the present invention.
  • each user has two identifiers, AID and
  • RID where AID represents the identity of the user and RID represents the location of the user.
  • AID represents the identity of the user
  • RID represents the location of the user.
  • a user terminal can implement multiple access modes in a network with separate identity and location identifiers.
  • the technical solutions for accessing the network include: When the user terminal accesses the network by using different access methods, it must register with different access nodes. More precisely, the same user accesses when accessing different access modes. The incoming access nodes must have different RIDs, and the RIDs corresponding to the various access modes must be different.
  • the access node when the user registers, the access node should simultaneously carry the user's access mode when reporting the location information of the user terminal to the authentication node, such as a wireless local area network (Wireless Local Area Network, WLAN) access or Wide Code Division Multiplexing Access (WCDMA) access, etc., so that when the user accesses the network by using multiple access methods at the same time, the access node reports each access to the authentication node.
  • the location information of the mode will not cover each other, and the basic conditions are created for the user to access the network in multiple ways.
  • an external network When a user in the SILSN needs to communicate with an external network (referred to as an external network), it needs to communicate with an Interconnect Service Node (ISN) and an external network.
  • ISN Interconnect Service Node
  • Multiple access methods use the same AID because users access the network in multiple ways. Therefore, when sending and receiving data messages, data messages of different access modes are sent with the same AID. These data messages are easily confused in the ASN, and the original method will cause problems.
  • the data packet sent by the user terminal is not encapsulated and directly forwarded to the ISN.
  • the ISN After receiving the data packet, the ISN sends the data packet directly to the external network.
  • This is a faster and more efficient implementation method in the single access mode.
  • data packets with the same AID sent by the user terminal are forwarded to the ISN through multiple ASNs, and are sent by the ISN to the external network (hereinafter referred to as forward transmission), and the ASN is sent to the ISN.
  • the forwarded data packet does not carry the RID of the ASN.
  • one AID may correspond to the RID of multiple ASNs. Therefore, when the external network user terminal replies to the local user terminal (hereinafter referred to as reverse transmission), the ISN does not know which ASN should be forwarded after receiving the replied data message, and if it is randomly forwarded, it will result in a datagram. The text is confusing and the business cannot proceed normally.
  • the user terminals UE1 and UE2 that use the same user's identity AID1 access the network in three access modes via ASN1, ASN2, and ASN3, and one access mode corresponds to one ASN.
  • the interworking gateway ISN When the three access modes communicate with the external network at the same time, the interworking gateway ISN will receive the data packets sent by the same user from ASN1, ASN2 and ASN3 respectively.
  • the ISN When the original mode is used to communicate with the external network, the ISN is directly Send data packets to the external network.
  • the data packets forwarded by the three access modes of UE1 and UE2 via ASN1 and ASN3 are sent by the same IP address (IP3) on the external network because the identity of the same user is used.
  • IP3 IP address
  • the ISN does not know which ASN to send.
  • the original SILSN is designed to communicate with the external network.
  • the present invention modifies the original mechanism of the SILSN and the external network interworking to meet the SILSN interworking with other networks in multiple access modes. Need to ensure that the external network business can be carried out normally.
  • the present invention provides a method for interworking between a user terminal and an external network in multiple access modes.
  • the method is applied to a network in which identity identification and location identification are separated.
  • the method includes:
  • the access node sends, to the interworking gateway node, a data packet of the identity of the active user that is sent by the source user terminal to the external network, where the access node adds the location identifier of the access node and the interworking gateway in the data packet. the address of;
  • the interworking gateway node receives the data packet, strips the location identifier of the access node added by the access node, and the address of the interworking gateway, and records the mapping between the location identifier of the access node in the data packet and the identity identifier corresponding to the user terminal. Relationship;
  • the interworking gateway node sends a data packet to the external network.
  • the method further includes:
  • the interworking gateway node maps the port number of the source user terminal to a port number for the external network, and Recording the port number of the source user terminal and the port number for the external network to the mapping relationship of the identity of the source user corresponding to the source user terminal;
  • the data packet is a data packet after port mapping.
  • the step of the interworking gateway node mapping the port number of the source user terminal to the port number for the external network includes:
  • the interworking gateway node checks whether there is a received data packet with the identity of the same source user, the port number of the same source user terminal, and the location identifier of the different access node.
  • the interworking gateway node determines whether the mapping relationship between the identity identifier of the source user and the port number of the source user terminal exists in the mapping relationship saved by the interworking gateway node. If not, the data packet received this time is received.
  • the port number of the source user terminal is mapped to the port number of the external network; if it exists, the port number of the source user terminal in the data packet is mapped to the identity of the same user as the existing mapping relationship.
  • the port number for the external network that is different for the port number of the external network;
  • the method further includes: if the interworking gateway node detects that there is no identity identifier of the same source user, a port number of the same source user terminal, and a location identifier of a different access section that is received by the data packet received this time
  • the data packet to be sent does not perform the step of mapping the port number of the source user terminal to the port number for the external network, and directly performs the step of transmitting the data packet to the external network.
  • the steps of the interworking gateway node mapping the port number of the source user terminal to the port number for the external network include:
  • the interworking gateway node maps the port numbers of the source user terminals in the data packets of the same source user, the port number of the same user terminal, and the location identifier of the different source users to different port numbers for the external network.
  • the method also includes:
  • the interworking gateway node receives the data packet sent by the external network
  • the identity of the destination user of the data message sent by the interworking gateway node to the external network The location identifier of the corresponding destination user sends the data packet sent by the external network to the access node corresponding to the location identifier of the destination user.
  • the interworking gateway node is a location identifier of the destination user corresponding to the identity identifier of the destination user that searches for the data packet sent by the external network from the authentication node to which the destination user belongs and stores the location identifier corresponding to the identity identifier of the destination user; or
  • the interworking gateway node is a location identifier of the destination user corresponding to the identity of the destination user that searches for the data packet sent by the external network from the stored mapping relationship.
  • the method further includes: before the step of sending the data packet sent by the external network to the access node corresponding to the location identifier of the destination user, the method further includes:
  • the interworking gateway node checks whether the mapping relationship between the identity identifier of the destination user and the destination port of the data packet sent by the external network is saved on the interworking gateway node. If yes, the interworking network joint point performs port mapping according to the port mapping relationship. Before the steps of the access node, the method further includes:
  • the interworking gateway node checks whether the mapping between the identity of the destination user and the port number of the destination user terminal is not saved on the interworking gateway node, and the identity of the destination user and the destination user terminal are increased.
  • the mapping of the port number, and the identity of the destination user, the location identifier of the destination user, the port number of the destination user terminal, and the port number for the external network are saved in the added mapping relationship;
  • the port number of the user terminal is the same as the port number for the external network.
  • the steps to enter the node include:
  • the interworking gateway node adds a destination address to the data packet, where the destination address is a location identifier of the user that is found, and then sends the data packet with the destination address added to the corresponding access node.
  • the data packet sent by the user terminal in the SILSN to the external network is forwarded directly by the ASN to the ISN.
  • the ASN forwards the data packet to the ISN
  • the ASN does not perform any encapsulation or In the replacement work
  • the data packet has only the destination IP address and the source IP address, and does not carry the location information of the ASN.
  • the ISN forwards the data packet (ie, the reverse data packet) of the user terminal replied to the SILSN, it cannot know which ASN the data packet is sent from, so the reverse data packet cannot be replied normally.
  • the present invention modifies the data packet processing mechanism of the ASN to the external network, that is, the ASN sends the data packet sent by the user terminal to the external network to the ISN to enable the ISN to distinguish the data packet from which the outgoing network is sent to the ISN.
  • the RID of the ASN and the address of the ISN are added before the original IP packet header (including the UE identifier and the external network address) of the data packet. Therefore, in the present invention, the ASN needs to encapsulate the outer data packet with the data packet sent by the UE to the external network, that is, add a new packet header.
  • the ASN uses the entire data packet (ie, IP packet) sent by the UE as the payload of a new data packet, that is, the original IP packet payload and the original IP header (the identifier of the UE (the UE).
  • the identifier includes the user's identity AID and the UE's port number) and the external network address), and a new IP is added to the data payload, and the source address of the new IP address is
  • the location identifier of the ASN accessed by the user terminal, that is, the RID, the destination address of the new data is set to the address of the ISN, and the format of the data packet is as shown in FIG.
  • the ISN can distinguish which ASN the data packet is sent from, so that it is possible to send the data packet returned by the external network. Go to the right ASN.
  • both UE1 and UE2 send a data packet with a source AID of AID1 and a source port number of 5000.
  • the ISN records the source RID of the two data packets, since the IP address and the port are the same, the ISN sends the data message to the external network after receiving the data message.
  • the destination address (ie AID1) and the destination port will be identical, this The ISN still cannot distribute reverse data packets of the same address and the same port to the correct ASN.
  • the present invention further improves the mechanism for processing the data message by the ISN, and performs port conversion on the ISN, including:
  • the ISN For a data message transmitted in the forward direction (that is, a data message transmitted by the user terminal to the external network in the SILSN), when the ISN receives a new data packet from the ASN, it first checks whether another ASN has sent it. The data packet of the same source AID, if any, indicates that the user accesses the network by using multiple access methods. At this time, the ISN will check whether the source port in the new data file is the same as the AID data sent by other ASNs. The source port is the same as that of the port. If the port is duplicated, the port is mapped to a different port. The port mapping relationship is saved. Then, the port-mapped data packet is sent out.
  • the ISN when the ISN receives the data packet sent by RID2 and RID5, it checks that RID1 sends the same source AID1 and the same source port 23 data packet, and maps the duplicate port of RID2 to the source port. 9001, mapping the duplicate port of RID5 to source port 9002, and then sending it out.
  • the ISN When the ISN receives a data packet from the external network, it remaps the port number based on the existing mapping relationship. As shown in Figure 6, when the ISN receives the data packet of the destination AID1, the destination port 9001, and the data packet of the destination AID1 and the destination port 9002, the ISN uses the mapping relationship to the destination port of the data packet. Both the 9001 and the destination port 9002 are modified to the destination port 23, and then the data message is sent out.
  • the ISN can also perform port mapping processing in sequence on the source ports in the data packets sent by all the ASNs carrying the AID of the same user. As shown in Figure 7, the ISN performs a uniform port mapping for data packets sent from the same AID. For example, for AID1, the IID will be located in RID1, and the source port is 23, which translates to 4 ports. ⁇ ; The packet with the source port of 23 in RID9 is converted to the packet with port 9001. In this way, even if the data packets of the same source AID and source port sent by different ASNs can be processed correctly by the ISN and the external network server, the data will not be confused.
  • the ISN does not find a mapping in the local source port mapping table, the port is not directly translated and sent to the corresponding ASN.
  • the destination port number carried in the data packet can also find the destination port number of the data packet in the local source port mapping table, indicating that the user uses the destination port number to The external network sends a data packet.
  • the destination port number in the data packet is directly mapped according to the local source port mapping table, and the data packet is sent.
  • the ILR needs to query the ILR for the RID of the ASN accessed by the user terminal corresponding to the destination AID. At this time, if the AIR is queried to the ILR, the data message is sent to the user terminal corresponding to the destination AID according to the default priority sequence returned by the ILR or randomly selecting an ASN corresponding to the RID.
  • the ISN needs to process data packets in both directions.
  • the first is the data packet sent by the internal network to the external network, which is referred to as forward data packet processing.
  • the second is the data packet sent by the external network to the internal network, which is hereinafter referred to as reverse data packet processing.
  • the processing flow of the forward data packet sent by the ISN to the ASN is as shown in FIG. 7, and includes:
  • Step 801 The ISN receives a data packet sent by the ASN in the SILSN to the external network, and the process begins.
  • the data packet sent by the ASN encapsulates a new IP header, and the new IP header includes: The RID of the ASN, that is, the source RID, and the address of the ISN, and the data packet also carries the active AID and the source port number.
  • Step 802 The ISN decapsulates the data packet, and extracts a source RID, a source AID, and a source port number in the data packet.
  • Step 803 The ISN searches for the same mapping relationship in the local port mapping table by using the source AID and the source port number carried in the data packet. If the search fails, the process proceeds to step 804. If the search is performed, the step is performed. 805;
  • Step 804 If the mapping between the source AID and the source port number is not found in the local port mapping table, the source port number is mapped, and the mapping relationship is saved in the local port mapping table. Go to step 806.
  • Step 805 Map the source port of the data packet according to the port mapping relationship in the local port mapping table.
  • Step 806 Send the port-mapped data to the external network, and the process ends.
  • the location information of the destination AID in the data packet is not necessarily saved on the ISN due to the data packet sent from the external network. If the ISN does not have location information for the destination AID, a location query operation needs to be initiated to the ILR. In addition, for data packets directly initiated from the external network, no port conversion is performed, or the port numbers before and after conversion are the same. In this application example, the process of processing data packets sent by the ISN to the external network is as shown in FIG. 9, including:
  • Step 901 The ISN receives the data packet sent by the external network, and the process begins.
  • Step 902 The ISN checks whether the location information of the AID (that is, the destination IP address in the data packet) exists in the ISN, that is, the mapping relationship between the AID and the RID of the data packet. If yes, go to step 903. If yes, go to step 910.
  • Step 903 If the location information of the destination AID already exists, further check whether the destination AID and the destination port carried in the data packet are already in the local port mapping table. If not, go to step 904, if yes, Go to step 920.
  • Step 904 The destination AID and the destination port carried in the data packet are stored in the local mapping table, and the port numbers before and after the conversion are set to be the same.
  • the ISN can directly find the RID corresponding to the destination AID from the local mapping table, so that the location information of the destination AID does not need to be queried from the ILR.
  • Step 905 The ISN adds an outer IP packet header to the data packet according to the prior art.
  • the IP packet header sets the destination address to the ASN address, and then sends the packet to the corresponding ASN, and the process ends.
  • Step 910 If the mapping between the AID and the RID is not saved in the ISN, the ISN initiates a location query operation to the ILR, and queries the RID corresponding to the AID. After receiving the correspondence between the AID and the RID returned by the ILR, step 904 is performed.
  • Step 920 After the port mapping is performed according to the local port mapping table, the data packet is about to be translated. The address is replaced with the port detected in the port mapping table, and then the outer IP header encapsulation is added to the data file, and the destination address of the outer IP header encapsulation is set to the RID of the queried ASN, and then sent to the corresponding ASN. The process ends.
  • the embodiment further provides an interworking gateway device, as described in FIG. 10, which is applied to a network in which an identity identifier and a location identifier are separated, and the interworking gateway device includes:
  • a receiving module configured to receive a data packet that is sent by the source user terminal and sent by the source user terminal to the external network, and the access node adds the location of the access node to the data packet. Identify and address the interworking gateway device;
  • a message processing module configured to strip the location identifier of the access node added by the access node and the address of the interworking gateway node, and associate the location identifier of the access node of the data packet with the user terminal
  • the identity identifier is sent to the storage module, and the processed data packet is sent to the sending module;
  • a storage module configured to record a mapping relationship between a location identifier of the access node of the data packet and an identity identifier corresponding to the user terminal;
  • a sending module configured to send the data message to an external network.
  • the message processing module is further configured to map the port number of the source user terminal to a port number for the external network, and send the port number of the source user terminal and the port number for the external network to the storage module, and map the port.
  • the data packet is sent to the sending module;
  • the storage module is further configured to record the port number of the source user terminal and the port number for the external network to the mapping relationship of the identity of the source user corresponding to the source user terminal;
  • the sending module sends a data packet after port mapping to the external network.
  • the message processing module is configured to map the port number of the source user terminal to the port number for the external network as follows:
  • the module searches the storage module for the mapping relationship between the identity of the source user and the port number of the source user terminal. If not found, the port number of the source user terminal of the received data packet is mapped to the external network. Port number; if found, this data will be The port number of the source user terminal in the packet is mapped to a port number for the external network different from the port number of the source network corresponding to the identity of the source user in the found mapping relationship;
  • the packet processing module detects that there is no received data packet with the identity of the same source user, the port number of the same source user terminal, and the location identifier of the different access node, the data packet received by the packet is not present. Then, the data packet that is not port mapped is sent to the sending module.
  • the message processing module is configured to map the port number of the source user terminal to the port number for the external network as follows:
  • the port numbers of the source user terminals in the data packets of the same source user, the port number of the same user terminal, and the location identifier of the different source users are sequentially mapped to different port numbers for the external network.
  • the packet processing module is further configured to: after receiving the data packet, check whether the identity identifier of the source user, the port number of the source user terminal, and the access in the data module that are received in the current storage module are included in the storage module. A mapping relationship between the location identifiers of the nodes, if yes, mapping the source user port number to a corresponding port number for the external network according to the checked mapping relationship.
  • the receiving module is further configured to receive the data message sent by the external network; and the message processing module is further configured to: find the location identifier of the destination user corresponding to the identity of the destination user of the data message sent by the external network, and Sending the location identifier of the destination user to the sending module;
  • the sending module is further configured to send the data packet sent by the external network to the access node corresponding to the location identifier of the destination user.
  • the message processing module is further configured to check whether the mapping relationship between the identity identifier of the destination user and the destination port of the data packet sent by the external network is saved in the storage module, and if yes, port mapping is performed according to the mapping relationship.
  • the message processing module is further configured to: when it is checked that the interworking gateway node does not save the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal in the data packet sent by the external network, the destination user
  • the identity identifier, the location identifier of the destination user, the port number of the destination user terminal, and the port number for the external network are sent to the storage module;
  • the storage module is further configured to increase a mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal in the data packet sent by the external network, and identify the identity of the destination user, and locate the location identifier of the destination user.
  • the port number of the user terminal and the port number for the external network are saved in the added mapping relationship; wherein the port number of the destination user terminal is the same as the port number for the external network.
  • the sending module is configured to send the data packet sent by the external network to the access node corresponding to the location identifier of the destination user as follows:
  • the destination address is added to the data, and the destination address is a location identifier of the destination user, and then the data packet with the destination address added is sent to the corresponding access node.
  • the present invention enables the user to smoothly access the external network by using the same AID when accessing multiple access modes, so that the basic services based on the external network can be implemented normally, and the monitoring and traceability are facilitated. System security.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed is an external network interworking method for user terminals having multiple access methods, for use on identifier/locator separation networks. The method comprises: an access node sends to an interworking gateway node a data packet carrying the original user identifier sent by the original user terminal to an external network, the access node adding to the data packet the locator of said access node and the address of the interworking gateway node. Upon reception of the data packet, the interworking gateway node strips away the locator of the access node and the address of the interworking gateway node, and records the mapping relation between the locator of the access node and the identifier corresponding to the user terminal; the interworking gateway node then sends the data packet to the external network. Also disclosed is an interworking gateway device. The present invention enables normal implementation of basic services based on external networks.

Description

用户终端在多种接入方式时和外部网络的互通方法和设备  Method and device for interworking between a user terminal and an external network in multiple access modes
技术领域 Technical field
本发明涉及通信技术领域, 涉及一种用户终端在多种接入方式时和外部 网络的互通方法和设备。  The present invention relates to the field of communications technologies, and relates to a method and device for interworking between a user terminal and an external network in multiple access modes.
背景技术 Background technique
现有因特网广泛使用的传输控制协议 /因特网互联协议 ( Transmission Control Protocol/Internet Protocol, TCP/IP ) 中, IP地址具有双重功能, 即: 既作为网络层的通信终端主机网络接口在网络拓朴中的位置标识, 又作为传 输层主机网络接口的身份标识。 TCP/IP设计之初并未考虑主机移动的情况。 但是, 当主机移动越来越普遍时, IP地址的语义过载缺陷日益明显。 当主机 的 IP地址发生变化时, 不仅路由要发生变化, 通信终端主机的身份标识也发 生变化, 从而会导致路由负载越来越重, 而且主机标识的变化会导致应用和 连接的中断。 身份标识和位置标识分离的目的是为了解决 TCP/IP中 IP地址 的语义过载和路由负载严重, 以及安全性等问题, 从而将 IP地址的双重功能 进行分离, 实现对移动性、 多家乡性、 IP地址动态重分配、 减轻路由负载及 下一代互联网中不同网络区域之间的互访等问题的支持。  In the Transmission Control Protocol/Internet Protocol (TCP/IP) widely used in the Internet, the IP address has a dual function, namely: the communication terminal host network interface as the network layer is in the network topology. The location identifier, which is also the identity of the transport layer host network interface. The TCP/IP design did not consider the case of host mobility at the beginning. However, as host mobility becomes more prevalent, the semantic overload defects of IP addresses are becoming increasingly apparent. When the IP address of the host changes, not only the route changes, but also the identity of the communication terminal host changes. As a result, the routing load becomes heavier and the change of the host ID causes the application and connection to be interrupted. The purpose of separating the identity and location identifiers is to solve the problem of semantic overload and severe routing overload of IP addresses in TCP/IP, as well as security, so as to separate the dual functions of IP addresses, to achieve mobility, multiple townships, Support for dynamic redistribution of IP addresses, mitigation of routing load, and mutual visits between different network areas in the next generation of the Internet.
为解决上述问题, 目前已经提出了多种身份标识与位置标识分离的网络 架构, 包括主机标识协议( Host Identity Protocol , HIP ) 、 位置身份分离协议 (LISP), 均属身份标识和位置分离网络。  In order to solve the above problems, a network architecture in which multiple identity identifiers and location identifiers are separated has been proposed, including a Host Identity Protocol (HIP) and a Location Identity Separation Protocol (LISP), which are both identity identifiers and location separation networks.
图 1所示的身份标识和位置分离网络架构(申请号为 CN200910174826.9 的中国专利申请, 申请日为 2009年 10月 17日), 为描述方便, 下文将此用 户身份标识和位置分离网络简称为 SILSN ( Subscriber Identifier & Locator Separation Network ); SILSN包括接入服务器( Access Service Node, ASN )、 用户设备 ( User Equipment, UE )和身份标识和位置登记寄存器( Identification & Locater Register, ILR )等。 其中 ASN用来接入用户设备, 负责实现用户设 备的接入, 并承担计费与切换等功能, ILR承担用户的位置注册和身份识别 功能。其中, ASN是逻辑实体,可以是服务通用分组无线业务(General Packet Radio Service, GPRS )支持节点 ( Serving GPRS Support Node , SGSN ) 、 网 关 GPRS支持节点 (Gateway GPRS Support Node, GGSN ) 、 分组数据业务 节点( Packet Data Serving Node, PDSN )和宽带接入服务器( Broadband Remote Access Server, BRAS )等设备。 上述 ILR在具体应用场景中可以是密钥管理 系统 ( Key Management System, KMS ) 、 归属位置寄存器(Home Location Register, HLR ) 、 归属用户服务器( Home Subscriber Server, HSS ) 、 授权 / 认证 /计费月良务器 ( Authorization、 Authentication、 Accounting, AAA ) 、 以及 其他承担端到端密钥管理和协商功能的实体。 The identity identification and location separation network architecture shown in Figure 1 (Chinese patent application with application number CN200910174826.9, application date is October 17, 2009). For convenience of description, the following is the short name of this user identity and location separation network. SILSN (Subscriber Identifier & Locator Separation Network); SILSN includes an Access Service Node (ASN), a User Equipment (UE), and an Identification and Locater Register (IRR). The ASN is used to access the user equipment, is responsible for accessing the user equipment, and is responsible for charging and switching functions. The ILR assumes the user's location registration and identity recognition functions. Among them, ASN is a logical entity, which can be a general packet radio service (General Packet) Radio Service, GPRS) Serving GPRS Support Node (SGSN), Gateway GPRS Support Node (GGSN), Packet Data Serving Node (PDSN) and Broadband Access Access (Broadband Remote Access) Server, BRAS) and other devices. The above ILR may be a Key Management System (KMS), a Home Location Register (HLR), a Home Subscriber Server (HSS), an Authorization/Authentication/Payment Month in a specific application scenario. Servers (Authorization, Authentication, Accounting, AAA), and other entities that undertake end-to-end key management and negotiation functions.
在 SILSN中, 用户以接入标识符( Access Identification, AID )标识(用 于标识用户的身份) , ASN以路由标识符(Route Identification, RID )标识 (用于标识用户所在的位置 ) ,每个用户和 ASN都有自己独立的 AID或 RID。 当 SILSN中的一个用户通过用户终端 (如 UE1 )接入网络时, 先通过 ASN 向 ILR登记其位置(即登记该 UE1位于哪个 ASN下), ILR保存用户的身份 标识 AID和所接入的 ASN路由标识 RID的对应关系。 ILR在 UE登记后 , 建 立用户的 AID和所接入的 ASN的 RID的对应关系。之后如果 UE1需要和 UE2 通讯, UE1发出数据报文后, 由 ASN1向 ILR查询 UE2的位置, 即 UE2位 于哪个 ASN下,图 1中为 ASN9。然后 ASN1将数据报文发送到对应的 ASN9, ASN9再将处理后的数据报文发送给 UE2。  In the SILSN, the user is identified by an Access Identification (AID) (used to identify the identity of the user), and the ASN is identified by a Route Identification (RID) (used to identify the location of the user), each Both the user and the ASN have their own independent AID or RID. When a user in the SILSN accesses the network through the user terminal (such as UE1), first register its location with the ILR through the ASN (ie, register the ASN under which the UE1 is located), and the ILR saves the identity AID of the user and the accessed ASN. Correspondence between route identifiers and RIDs. After the UE registers with the UE, the correspondence between the AID of the user and the RID of the accessed ASN is established. Then, if UE1 needs to communicate with UE2, UE1 sends a data message, and ASN1 queries the ILR for the location of UE2, that is, which ASN UE2 is located in, and ASN9 in FIG. Then, the ASN1 sends the data packet to the corresponding ASN9, and the ASN9 sends the processed data packet to the UE2.
上述网络很好的实现了 UE的身份标识和位置标识的分离, 用户设备移 动和漫游时, 不需要再更改身份标识, 保证了移动过程中业务的连续性。 路 由扩展性和安全性也得到显著改善。  The foregoing network well implements the separation of the identity identifier and the location identifier of the UE. When the user equipment moves and roams, the identity identifier does not need to be changed, and the continuity of the service in the mobile process is ensured. Route scalability and security have also improved significantly.
最初的 SILSN中, 每个用户设备只能以一种方式接入网络, SILSN并没 有针对多种接入方式同时接入而设计, 当用户釆用多种接入方式接入网络时, 只能为每个终端的各种接入方式都分配一个不同的 AID, 这就出现了一个用 户对应多个身份标识的情况, 违背了 SILSN中用户身份标识唯一性的基本要 求。 发明内容  In the original SILSN, each user equipment can only access the network in one way. The SILSN is not designed for simultaneous access of multiple access methods. When users access multiple networks, they can only access the network. A different AID is assigned to each access mode of each terminal, which results in a situation in which a user corresponds to multiple identity identifiers, which violates the basic requirements of the uniqueness of the user identity in the SILSN. Summary of the invention
现有技术中, 当用户终端釆用多种接入方式接入网络时, 原有的用户终 端与外部网络之间传输数据报文的方式容易发生混乱。 In the prior art, when the user terminal accesses the network by using multiple access methods, the original user ends. The way in which data packets are transmitted between the end and the external network is prone to confusion.
本发明的目的是提供一种用户终端在多种接入方式时和外部网络的互通 方法, 应用于身份标识和位置标识分离的网络, 从而使身份和位置标识分离 网络中釆用多种方式接入网络的用户, 能正常访问其他外部网络。  The object of the present invention is to provide a method for interworking between a user terminal and an external network in multiple access modes, which is applied to a network in which identity identification and location identification are separated, so that the identity and location identification are separated into multiple networks. Users entering the network can access other external networks normally.
为了解决上述技术问题, 本发明提供了一种用户终端在多种接入方式时 和外部网络的互通方法, 应用于身份标识和位置标识分离的网络, 该方法包 括:  In order to solve the above technical problem, the present invention provides a method for interworking between a user terminal and an external network in multiple access modes, and is applied to a network in which identity identification and location identification are separated. The method includes:
接入节点向互通网关节点发送源用户终端发送给外部网络的携带有该源 用户终端对应的源用户的身份标识的数据报文, 其中, 所述接入节点在该数 据 ^艮文中添加了所述接入节点的位置标识以及互通网关节点的地址;  The access node sends, to the interworking gateway node, a data packet that is sent by the source user terminal to the external network and carries the identity of the source user corresponding to the source user terminal, where the access node adds the information in the data Describe the location identifier of the access node and the address of the interworking gateway node;
互通网关节点接收所述数据报文, 剥离所述接入节点的位置标识以及互 通网关节点的地址, 记录所述接入节点的位置标识与所述源用户的身份标识 的映射关系; 以及  The interworking gateway node receives the data packet, strips the location identifier of the access node, and the address of the interworking gateway node, and records the mapping relationship between the location identifier of the access node and the identity identifier of the source user;
互通网关节点向外部网络发送所述数据报文。 该方法在记录所述接入节点的位置标识与所述源用户的身份标识的映射 关系的步骤之后, 还包括: 所述互通网关节点将源用户终端的端口号映射为针对外部网络的端口 号, 并将所述源用户终端的端口号和针对外部网络的端口号记录到所述映射 关系中;  The interworking gateway node sends the data packet to the external network. After the step of recording the mapping relationship between the location identifier of the access node and the identity identifier of the source user, the method further includes: the interworking gateway node mapping the port number of the source user terminal to a port number for the external network And recording the port number of the source user terminal and the port number for the external network into the mapping relationship;
互通网关节点向外部网络发送所述数据 "^文的步骤包括: 所述互通网关 节点在进行端口号映射后发送所述数据报文。 所述互通网关节点将源用户终端的端口号映射为针对外部网络的端口号 的步骤包括:  The step of the interworking gateway node transmitting the data to the external network includes: the interworking gateway node transmitting the data packet after performing port number mapping. The interworking gateway node mapping the port number of the source user terminal to The steps for the port number of the external network include:
所述互通网关节点检查是否存在与本次接收到的数据报文具有相同源用 户的身份标识、 相同源用户终端的端口号和不同接入节点的位置标识的已接 收到的数据报文,  The interworking gateway node checks whether there is a received data packet with the identity of the same source user, the port number of the same source user terminal, and the location identifier of the different access node.
如果存在, 所述互通网关节点查找包含所述源用户的身份标识和源用户 终端的端口号的映射关系, 如果未找到, 将本次接收到的数据报文的源用户 终端的端口号映射为针对外部网络的端口号; 如果查找到, 则将本次接收到 的数据报文中的源用户终端的端口号映射为与所查找到的映射关系中所述源 用户的身份标识对应的针对外部网络的端口号所不同的针对外部网络的端口 号; If present, the interworking gateway node looks up the identity and source user that includes the source user Mapping the port number of the terminal, if not found, mapping the port number of the source user terminal of the received data packet to the port number for the external network; if found, the datagram received this time The port number of the source user terminal in the text is mapped to a port number for the external network different from the port number of the external network corresponding to the identity of the source user in the found mapping relationship;
该方法还包括: 如果所述互通网关节点检查到不存在与本次接收到的数 据报文具有相同源用户的身份标识、 相同源用户终端的端口号和不同接入节 点的位置标识的已接收到的数据报文, 则不执行将源用户终端的端口号映射 为针对外部网络的端口号的步骤, 直接向外部网络发送本次接收到的数据报 文。 所述互通网关节点将源用户终端的端口号映射为针对外部网络的端口号 的步骤包括:  The method further includes: if the interworking gateway node detects that there is no identity identifier of the same source user, a port number of the same source user terminal, and a location identifier of a different access node that is received by the data packet received this time The data packet to be sent does not perform the step of mapping the port number of the source user terminal to the port number for the external network, and directly transmits the data packet received this time to the external network. The step of the interworking gateway node mapping the port number of the source user terminal to the port number for the external network includes:
所述互通网关节点将所有具有同一源用户的身份标识、 同一源用户终端 的端口号和不同源用户的位置标识的数据报文中的源用户终端的端口号依次 映射为不同的针对外部网络的端口号。 该方法还包括:  The interworking gateway node sequentially maps the port numbers of the source user terminals in the data packets of the same source user, the port number of the same source user terminal, and the location identifier of the different source users to different external networks. The port number. The method also includes:
所述互通网关节点接收到数据报文后, 检查是否存在包含本次接收到的 数据报文中的源用户的身份标识、 源用户终端的端口号和接入节点的位置标 识的映射关系, 如果存在, 则根据所检查到的映射关系, 将本次接收到的数 据报文的源用户终端的端口号映射为针对外部网络的端口号后, 直接向外部 网络发送本次接收到的数据报文。 该方法还包括:  After receiving the data packet, the interworking gateway node checks whether there is a mapping relationship between the identity identifier of the source user, the port number of the source user terminal, and the location identifier of the access node in the data packet received this time. If yes, the port number of the source user terminal of the received data packet is mapped to the port number of the external network according to the detected mapping relationship, and the data packet received this time is directly sent to the external network. . The method also includes:
所述互通网关节点接收到外部网络发送来的数据报文; 以及  Receiving, by the interworking gateway node, a data packet sent by an external network;
所述互通网关节点查找到所述外部网络发送来的数据 文的目的用户的 身份标识对应的目的用户的位置标识, 将所述外部网络发送来的数据报文发 送给所述目的用户的位置标识对应的接入节点。 所述互通网关节点查找到所述目的用户的位置标识的步骤中, 所述互通网关节点是从所述目的用户归属的存储有所述目的用户的位置 标识的认证节点查找所述目的用户的位置标识; 或者 The interworking gateway node searches for the location identifier of the destination user corresponding to the identity of the destination user of the data message sent by the external network, and sends the data packet sent by the external network to the location identifier of the destination user. Corresponding access node. In the step of the interworking gateway node finding the location identifier of the destination user, The interworking gateway node is configured to search for a location identifier of the destination user from an authentication node that is stored by the destination user and that stores the location identifier of the destination user; or
所述互通网关节点是从已记录的映射关系中查找所述目的用户的位置标 识。  The interworking gateway node searches for a location identifier of the destination user from the recorded mapping relationship.
标识对应的接入节点的步骤之前, 还包括: Before the step of identifying the corresponding access node, the method further includes:
所述互通网关节点检查该互通网关节点上是否保存有所述目的用户的身 份标识和所述外部网络发送来的数据报文的目的用户终端的端口号的映射关 系, 如果存在, 根据检查到的映射关系进行端口号映射。  The interworking gateway node checks whether the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal of the data packet sent by the external network is saved on the interworking gateway node, if yes, according to the checked The mapping relationship is performed by port number mapping.
标识对应的接入节点的步骤之前, 还包括: Before the step of identifying the corresponding access node, the method further includes:
所述互通网关节点检查该互通网关节点上没有保存所述目的用户的身份 标识和所述外部网络发送来的数据报文的目的用户终端的端口号的映射关系 时, 则增加所述目的用户的身份标识和目的用户终端的端口号的映射关系, 并将所述目的用户的身份标识, 查找到的所述目的用户的位置标识, 目的用 户终端的端口号, 和针对外部网络的端口号保存到所增加的映射关系中; 其 中所述目的用户终端的端口号和针对外部网络的端口号相同。  When the interworking gateway node checks that the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal of the data packet sent by the external network is not saved on the interworking gateway node, the destination user is added. a mapping relationship between the identity identifier and the port number of the destination user terminal, and the identity of the destination user, the location identifier of the destination user, the port number of the destination user terminal, and the port number for the external network are saved to The added mapping relationship; wherein the port number of the destination user terminal is the same as the port number for the external network.
的接入节点的步骤包括: The steps of the access node include:
所述互通网关节点在接收到的数据报文中增加目的地址, 该目的地址为 查找到的目的用户的位置标识, 然后将增加了目的地址的数据报文发送到该 目的地址对应的接入节点。 上述方法中, 所述身份标识和位置标识分离的网络为用户身份标识和位 置分离网络(SILSN ) ; 所述接入节点为接入服务器 (ASN ) , 所述认证节 点为身份标识和位置登记寄存器( ILR ) ,所述身份标识为接入标识符( AID ) , 所述位置标识为路由标识符(RID ) 。 本发明还提供一种互通网关设备, 应用于身份标识和位置标识分离的网 络, 该互通网关设备包括: The interworking gateway node adds a destination address to the received data packet, where the destination address is the location identifier of the discovered destination user, and then sends the data packet with the destination address added to the access node corresponding to the destination address. . In the above method, the network in which the identity identifier and the location identifier are separated is a user identity identifier and a location separation network (SILSN); the access node is an access server (ASN), and the authentication node is an identity identifier and a location registration register. (ILR), the identity is an Access Identifier (AID), and the location identifier is a Route Identifier (RID). The present invention also provides an interworking gateway device, which is applied to a network in which identity identification and location identification are separated, and the interworking gateway device includes:
接收模块, 其设置成接收接入节点发送的源用户终端发送给外部网络的 携带有该源用户终端所对应的源用户的身份标识的数据报文, 其中, 所述接 入节点在该数据报文添加了所述接入节点的位置标识以及互通网关设备的地 址;  a receiving module, configured to receive, by the source user terminal, a data packet that is sent by the source user terminal to the external network and that carries the identity of the source user corresponding to the source user terminal, where the access node is in the datagram The location identifier of the access node and the address of the interworking gateway device are added;
报文处理模块, 其设置成将所述接入节点的位置标识以及互通网关设备 的地址从所述数据报文中剥离后, 将所述接入节点的位置标识与所述源用户 的身份标识发送给存储模块, 将所述数据报文发送给发送模块;  a message processing module, configured to: after the location identifier of the access node and the address of the interworking gateway device are stripped from the data packet, the location identifier of the access node and the identity identifier of the source user Sending to the storage module, and sending the data packet to the sending module;
存储模块, 其设置成记录所述接入节点的位置标识与所述源用户的身份 标识的映射关系; 以及  a storage module, configured to record a mapping relationship between a location identifier of the access node and an identity identifier of the source user;
发送模块, 其设置成向外部网络发送所述数据报文。  And a sending module, configured to send the data message to an external network.
所述报文处理模块还设置成: 将源用户终端的端口号映射为针对外部网 络的端口号, 并将源用户终端的端口号和针对外部网络的端口号发送给存储 模块, 并设置成是将经过端口号映射后的数据报文发送给所述发送模块; 所述存储模块还设置成将源用户终端的端口号和针对外部网络的端口号 记录到所述映射关系中;  The packet processing module is further configured to: map the port number of the source user terminal to a port number for the external network, and send the port number of the source user terminal and the port number for the external network to the storage module, and set to be Transmitting, by the port number, the data packet to the sending module; the storage module is further configured to record the port number of the source user terminal and the port number for the external network into the mapping relationship;
所述发送模块是设置成向外部网络发送所述经过端口号映射后的数据报 文。 所述报文处理模块是设置成按如下方式将源用户终端的端口号映射为针 对外部网络的端口号: 接收到数据报文后, 检查是否存在与本次接收到的数据报文具有相同源 用户的身份标识、 相同源用户终端的端口号和不同接入节点的位置标识的已 接收到的数据报文,  The sending module is configured to send the data packet after the port number mapping to the external network. The packet processing module is configured to map the port number of the source user terminal to the port number for the external network as follows: After receiving the data packet, check whether there is the same source as the data packet received this time. The received data packet of the user's identity, the port number of the same source user terminal, and the location identifier of the different access node.
如果存在, 在所述存储模块中查找包含该源用户的身份标识和源用户终 端的端口号的映射关系, 如果未找到, 将本次接收到的数据报文的源用户终 端的端口号映射为针对外部网络的端口号; 如果找到包含该源用户的身份标 识和源用户终端的端口号的映射关系, 则将本次接收到的数据报文中的源用 户终端的端口号映射为与所查找到的映射关系中源用户的身份标识对应的针 对外部网络的端口号所不同的针对外部网络的端口号; If yes, the mapping between the identity of the source user and the port number of the source user terminal is searched in the storage module. If not found, the port number of the source user terminal of the received data packet is mapped to Port number for the external network; if the mapping between the identity of the source user and the port number of the source user terminal is found, the source in the data packet received this time is used. The port number of the user terminal is mapped to a port number for the external network different from the port number of the external network corresponding to the identity of the source user in the found mapping relationship;
所述报文处理模块还设置成: 如果检查到不存在与本次接收到的数据报 文具有相同源用户的身份标识、 相同源用户终端的端口号和不同接入节点的 位置标识的已接收到的数据报文, 则直接向所述发送模块发送未经端口号映 射的数据报文。 所述报文处理模块是设置成按如下方式将源用户终端的端口号映射为针 对外部网络的端口号:  The packet processing module is further configured to: if it is found that there is no identity identifier of the same source user, a port number of the same source user terminal, and a location identifier of a different access node that is received by the data packet received this time The data packet to be sent directly sends the data packet without the port number mapping to the sending module. The message processing module is configured to map the port number of the source user terminal to a port number for the external network as follows:
将所有具有同一源用户的身份标识、 同一源用户终端的端口号和不同源 用户的位置标识的数据报文中的源用户终端的端口号依次映射为不同的针对 外部网络的端口号。  The port numbers of the source user terminals in the data packets of the same source user, the port number of the same source user terminal, and the location identifier of the different source users are sequentially mapped to different port numbers for the external network.
所述报文处理模块还设置成: 在接收到数据报文后, 检查所述存储模块 中是否存在包含本次接收到的数据报文中的源用户的身份标识、 源用户终端 的端口号和接入节点的位置标识的映射关系, 如果存在, 则根据所检查到的 映射关系, 将本次接收到的数据报文的源用户端口号映射为针对外部网络的 端口号。  The packet processing module is further configured to: after receiving the data packet, check whether the identity identifier of the source user, the port number of the source user terminal, and the source user terminal in the data packet received by the current storage module are The mapping of the location identifier of the access node, if any, maps the source user port number of the received data packet to the port number for the external network according to the detected mapping relationship.
所述接收模块还设置成接收外部网络发送来的数据报文; 以及  The receiving module is further configured to receive a data message sent by an external network;
所述报文处理模块还设置成: 查找所述外部网络发送来的数据报文的目 的用户的身份标识对应的目的用户的位置标识, 并将所述目的用户的位置标 识发送给所述发送模块;  The packet processing module is further configured to: search for a location identifier of the destination user corresponding to the identity identifier of the destination user of the data packet sent by the external network, and send the location identifier of the destination user to the sending module ;
所述发送模块还设置成将所述外部网络发送来的数据报文发送给所述目 的用户的位置标识对应的接入节点。  The sending module is further configured to send the data packet sent by the external network to the access node corresponding to the location identifier of the target user.
所述报文处理模块还设置成检查所述存储模块中是否保存有所述目的用 户的身份标识和所述外部网络发送来的数据报文的目的用户终端的端口号的 映射关系, 如果有, 根据所检查到的映射关系进行端口号映射。  The packet processing module is further configured to check whether a mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal of the data packet sent by the external network is saved in the storage module, if yes, The port number mapping is performed according to the checked mapping relationship.
所述报文处理模块还设置成: 检查到所述存储模块上没有保存所述外部 网络发送来的数据报文中的目的用户的身份标识和目的用户终端的端口号的 映射关系时, 将所述目的用户的身份标识, 查找到的所述目的用户的位置标 识, 目的用户终端的端口号, 和针对外部网络的端口号发送给所述存储模块; 所述存储模块还设置成增加所述目的用户的身份标识和目的用户终端的 端口号的映射关系, 将所述目的用户的身份标识, 查找到的目的用户的位置 标识, 目的用户终端的端口号, 和针对外部网络的端口号保存到所增加的映 射关系中; 其中所述目的用户终端的端口号和针对外部网络的端口号相同。 The packet processing module is further configured to: when the storage module does not save the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal in the data packet sent by the external network, Describe the identity of the destination user, and find the location identifier of the destination user The port number of the destination user terminal and the port number for the external network are sent to the storage module; the storage module is further configured to increase the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal, The identity identifier of the destination user, the location identifier of the destination user, the port number of the destination user terminal, and the port number for the external network are saved in the added mapping relationship; wherein the port number of the destination user terminal is The port number for the external network is the same.
所述发送模块是设置成按如下方式将所述外部网络发送来的数据报文发 送给所述目的用户的位置标识对应的接入节点:  The sending module is configured to send the data packet sent by the external network to the access node corresponding to the location identifier of the destination user as follows:
在所述外部网络发送来的数据报文中增加目的地址, 该目的地址为查找 到的目的用户的位置标识, 然后将增加了目的地址的数据报文发送到该目的 地址对应的接入节点。  And adding a destination address to the data packet sent by the external network, where the destination address is the location identifier of the destination user, and then sending the data packet with the destination address added to the access node corresponding to the destination address.
釆用本发明的技术方案, 用户釆用多种接入方式接入时, 使用同一 AID 可以顺利访问外部网络, 使基于外网的基本业务可以正常实现。 并且, 不管 用户从多少种接入方式接入, 在外网看来, 仍然是同一个 IP地址标识, 便于 监听和溯源, 提高了系统安全性。 With the technical solution of the present invention, when the user accesses multiple access modes, the same AID can be used to successfully access the external network, so that basic services based on the external network can be implemented normally. Moreover, no matter how many access modes the user accesses, it is still the same IP address identifier in the external network, which is convenient for monitoring and traceability, and improves system security.
附图概述 BRIEF abstract
图 1为 SILSN架构的示意图;  Figure 1 is a schematic diagram of the SILSN architecture;
图 2为釆用多种接入方式时用户终端和外部网络的互通的方法存在的问 题示意图;  FIG. 2 is a schematic diagram of a method for interworking between a user terminal and an external network when multiple access modes are used;
图 3为本发明实施例中 ASN到 ISN的数据报文的封装格式的示意图; 图 4为不同 ASN到 ISN的数据报文端口号可能重复的示意图;  3 is a schematic diagram of a data packet encapsulation format of an ASN to an ISN according to an embodiment of the present invention; FIG. 4 is a schematic diagram of a data packet port number of different ASNs to ISNs may be repeated;
图 5为本发明一实施例正向传输时 ISN的端口映射的示意图;  FIG. 5 is a schematic diagram of port mapping of an ISN in a forward transmission according to an embodiment of the present invention; FIG.
图 6为本发明反向传输时 ISN的端口映射的示意图;  6 is a schematic diagram of port mapping of an ISN in reverse transmission according to the present invention;
图 7为本发明另一实施例正向传输时 ISN对所有数据报文进行端口映射 的示意图;  FIG. 7 is a schematic diagram of port mapping of all data packets by an ISN in a forward transmission according to another embodiment of the present invention; FIG.
图 8为本发明应用示例中 ISN对 ASN发来的数据报文的处理的流程图; 图 9为本发明应用示例中 ISN对外网发来的数据报文的处理的流程图; 图 10为本发明实施例中互通网关设备的结构示意图。 FIG. 8 is a flowchart of processing a data packet sent by an ISN to an ASN according to an application example of the present invention; FIG. 9 is a flowchart of processing a data packet sent by an ISN to an external network according to an application example of the present invention; FIG. 10 is a schematic structural diagram of an interworking gateway device according to an embodiment of the present invention.
本发明的较佳实施方式 Preferred embodiment of the invention
在身份标识和位置标识分离的网络中, 每个用户有两个标识符, AID和 In a network where identity and location are separated, each user has two identifiers, AID and
RID, 其中 AID代表用户的身份, RID代表用户的位置。 当用户釆用多种接 入方式接入网络时, 为了保持用户身份 AID的唯一性, AID必须保持不变, 一种在身份标识和位置标识分离的网络中实现用户终端通过多种接入方式接 入网络的技术方案包括: 用户终端使用不同接入方式接入网络时, 必须在不 同的接入节点注册, 更准确地说, 就是同一用户在釆用不同接入方式接入时, 所接入的接入节点必须具备不同的 RID,各种接入方式对应的 RID必须不同。 在该技术方案的基础上, 相应的还提出: 当用户注册时, 接入节点在向认证 节点上报用户终端的位置信息时应同时携带用户的接入方式, 如无线局域网 ( Wireless Local Area Network, WLAN )接入或宽带码分多址(Wide Code Division Multiplexing Access , WCDMA )接入等, 这样用户在同时釆用多种 接入方式接入网络时, 接入节点向认证节点上报的各个接入方式的位置信息 就不会相互覆盖, 为用户釆用多种方式接入网络创造了基本条件。 RID, where AID represents the identity of the user and RID represents the location of the user. When a user accesses the network by using multiple access methods, in order to maintain the uniqueness of the user identity AID, the AID must remain unchanged. A user terminal can implement multiple access modes in a network with separate identity and location identifiers. The technical solutions for accessing the network include: When the user terminal accesses the network by using different access methods, it must register with different access nodes. More precisely, the same user accesses when accessing different access modes. The incoming access nodes must have different RIDs, and the RIDs corresponding to the various access modes must be different. On the basis of the technical solution, it is also proposed that: when the user registers, the access node should simultaneously carry the user's access mode when reporting the location information of the user terminal to the authentication node, such as a wireless local area network (Wireless Local Area Network, WLAN) access or Wide Code Division Multiplexing Access (WCDMA) access, etc., so that when the user accesses the network by using multiple access methods at the same time, the access node reports each access to the authentication node. The location information of the mode will not cover each other, and the basic conditions are created for the user to access the network in multiple ways.
当 SILSN内的用户需要和外部网络(简称外网 )通信时, 需要经过互通 网关(Interconnect Service Node, ISN )和夕卜网通信。 由于用户在釆用多种方 式接入网络时, 多种接入方式使用同一个 AID。 因此, 在发送和接收数据报 文时, 不同接入方式的数据报文都以相同 AID发送, 这些数据报文在 ASN 很容易被混淆到一起, 釆用原有的方法就会出现问题。  When a user in the SILSN needs to communicate with an external network (referred to as an external network), it needs to communicate with an Interconnect Service Node (ISN) and an external network. Multiple access methods use the same AID because users access the network in multiple ways. Therefore, when sending and receiving data messages, data messages of different access modes are sent with the same AID. These data messages are easily confused in the ASN, and the original method will cause problems.
在原来的方法中, 当用户终端和外网通讯时, 如果 ASN发现数据报文是 发往外网时, 就不再对用户终端发出的数据报文进行封装而直接转发到 ISN。 ISN收到数据报文后, 直接将该数据报文发送到外网。 这在单接入方式的时 候是一种比较快捷高效的实现方法。 但在多种接入方式情况下, 用户终端发 出的具有相同 AID的数据报文会经过多个 ASN转发给 ISN,由 ISN统一向外 网发送(下文称为正向传输) , 而且 ASN向 ISN转发的数据报文中未携带 ASN的 RID。 而在多接入方式下, 一个 AID可能会对应多个 ASN的 RID。 所以当外网用户终端向本网用户终端回复时(下文称为反向传输) , ISN收 到回复的数据报文后就不知道应该转发给哪一个 ASN, 如果随机转发, 将会 导致数据报文发送混乱, 业务无法正常进行。 如图 2所示, 使用同一用户的 身份标识 AID1的用户终端 UE1和 UE2分别经由 ASN1、 ASN2和 ASN3以 三种接入方式接入网络, 其中一种接入方式对应一个 ASN。 当在三种接入方 式同时和外网通讯时, 互通网关 ISN将收到同一个用户分别发自于 ASN1、 ASN2和 ASN3的数据报文, 当使用原来的方式和外网互通时, ISN直接将数 据报文发送到外网。 UE1和 UE2的三种接入方式经由 ASN1和 ASN3等转发 的数据报文由于使用了同一用户的身份标识, 因此, 在外网上是表现为同一 个 IP地址(IP3 )发送出去的, 这样 ISN再收到外网向 AID1回复的反向数据 报文时, ISN就不知道发给哪一个 ASN。 In the original method, when the user terminal communicates with the external network, if the ASN discovers that the data packet is sent to the external network, the data packet sent by the user terminal is not encapsulated and directly forwarded to the ISN. After receiving the data packet, the ISN sends the data packet directly to the external network. This is a faster and more efficient implementation method in the single access mode. However, in the case of multiple access modes, data packets with the same AID sent by the user terminal are forwarded to the ISN through multiple ASNs, and are sent by the ISN to the external network (hereinafter referred to as forward transmission), and the ASN is sent to the ISN. The forwarded data packet does not carry the RID of the ASN. In the multiple access mode, one AID may correspond to the RID of multiple ASNs. Therefore, when the external network user terminal replies to the local user terminal (hereinafter referred to as reverse transmission), the ISN does not know which ASN should be forwarded after receiving the replied data message, and if it is randomly forwarded, it will result in a datagram. The text is confusing and the business cannot proceed normally. As shown in FIG. 2, the user terminals UE1 and UE2 that use the same user's identity AID1 access the network in three access modes via ASN1, ASN2, and ASN3, and one access mode corresponds to one ASN. When the three access modes communicate with the external network at the same time, the interworking gateway ISN will receive the data packets sent by the same user from ASN1, ASN2 and ASN3 respectively. When the original mode is used to communicate with the external network, the ISN is directly Send data packets to the external network. The data packets forwarded by the three access modes of UE1 and UE2 via ASN1 and ASN3 are sent by the same IP address (IP3) on the external network because the identity of the same user is used. When the external network replies to the AID1 reverse data packet, the ISN does not know which ASN to send.
从上面分析可以看出, 当用户釆用多种接入方式接入后, 原来 SILSN为 单接入设计的和外网互通的方法已不能正常工作。 为了解决用户在釆用多种 接入方式时和外网互通的问题, 本发明对 SILSN和外网互通的原有机制进行 了修改, 以满足 SILSN在多种接入方式时和其他网络互通的需要, 保证外网 业务能正常进行。  It can be seen from the above analysis that after the user accesses multiple access methods, the original SILSN is designed to communicate with the external network. In order to solve the problem that the user communicates with the external network when using multiple access modes, the present invention modifies the original mechanism of the SILSN and the external network interworking to meet the SILSN interworking with other networks in multiple access modes. Need to ensure that the external network business can be carried out normally.
本发明提供了一种用户终端在多种接入方式时和外部网络的互通方法, 该方法应用于身份标识和位置标识分离的网络, 该方法包括:  The present invention provides a method for interworking between a user terminal and an external network in multiple access modes. The method is applied to a network in which identity identification and location identification are separated. The method includes:
接入节点向互通网关节点发送源用户终端发送给外部网络的携带有源用 户的身份标识的数据报文, 其中, 接入节点在该数据报文添加了该接入节点 的位置标识以及互通网关的地址;  The access node sends, to the interworking gateway node, a data packet of the identity of the active user that is sent by the source user terminal to the external network, where the access node adds the location identifier of the access node and the interworking gateway in the data packet. the address of;
互通网关节点接收该数据报文, 剥离接入节点添加的接入节点的位置标 识以及互通网关的地址, 记录数据报文中的接入节点的位置标识与所述用户 终端对应的身份标识的映射关系; 以及  The interworking gateway node receives the data packet, strips the location identifier of the access node added by the access node, and the address of the interworking gateway, and records the mapping between the location identifier of the access node in the data packet and the identity identifier corresponding to the user terminal. Relationship;
互通网关节点向外部网络发送数据报文。  The interworking gateway node sends a data packet to the external network.
优选地, 记录数据报文的接入节点的位置标识与用户终端对应的身份标 识的映射关系步骤之后, 该方法还包括:  Preferably, after the step of mapping the location identifier of the access node of the data packet with the identity identifier corresponding to the user terminal, the method further includes:
互通网关节点将源用户终端的端口号映射为针对外部网络的端口号, 并 将源用户终端的端口号和针对外部网络的端口号记录到与该源用户终端对应 的源用户的身份标识的映射关系中; The interworking gateway node maps the port number of the source user terminal to a port number for the external network, and Recording the port number of the source user terminal and the port number for the external network to the mapping relationship of the identity of the source user corresponding to the source user terminal;
互通网关节点向外部网络发送所述数据报文的步骤中, 所述数据报文为 进行端口映射后的数据报文。  In the step of the interworking gateway node transmitting the data packet to the external network, the data packet is a data packet after port mapping.
其中, 互通网关节点将源用户终端的端口号映射为针对外部网络的端口 号的步骤包括:  The step of the interworking gateway node mapping the port number of the source user terminal to the port number for the external network includes:
互通网关节点检查是否存在与本次接收到的数据报文具有相同源用户的 身份标识、 相同源用户终端的端口号和不同接入节点的位置标识的已接收到 的数据报文,  The interworking gateway node checks whether there is a received data packet with the identity of the same source user, the port number of the same source user terminal, and the location identifier of the different access node.
如果存在, 互通网关节点判断本互通网关节点保存的映射关系中, 是否 存在包含该源用户的身份标识和源用户终端的端口号的映射关系, 如果不存 在, 将本次接收到的数据报文的源用户终端的端口号映射为针对外部网络的 端口号; 如果存在, 则将本数据报文中的源用户终端的端口号映射为与已存 在的映射关系中相同的用户的身份标识对应的针对外网的端口号所不同的针 对外网的端口号;  If yes, the interworking gateway node determines whether the mapping relationship between the identity identifier of the source user and the port number of the source user terminal exists in the mapping relationship saved by the interworking gateway node. If not, the data packet received this time is received. The port number of the source user terminal is mapped to the port number of the external network; if it exists, the port number of the source user terminal in the data packet is mapped to the identity of the same user as the existing mapping relationship. The port number for the external network that is different for the port number of the external network;
该方法还包括: 如果所述互通网关节点检查到不存在与本次接收到的数 据报文具有相同源用户的身份标识、 相同源用户终端的端口号和不同接入节 的位置标识的已接收到的数据报文, 则不执行将源用户终端的端口号映射为 针对外部网络的端口号的步骤, 直接执行向外部网络发送数据报文的步骤。  The method further includes: if the interworking gateway node detects that there is no identity identifier of the same source user, a port number of the same source user terminal, and a location identifier of a different access section that is received by the data packet received this time The data packet to be sent does not perform the step of mapping the port number of the source user terminal to the port number for the external network, and directly performs the step of transmitting the data packet to the external network.
或者,  Or,
互通网关节点将源用户终端的端口号映射为针对外部网络的端口号的步 骤包括:  The steps of the interworking gateway node mapping the port number of the source user terminal to the port number for the external network include:
互通网关节点将所有具有同一源用户的身份标识、 同一用户终端的端口 号和不同源用户的位置标识的数据报文中的源用户终端的端口号依次映射为 不同的针对外网的端口号。  The interworking gateway node maps the port numbers of the source user terminals in the data packets of the same source user, the port number of the same user terminal, and the location identifier of the different source users to different port numbers for the external network.
该方法还包括:  The method also includes:
互通网关节点接收到外部网络发送来的数据报文; 以及  The interworking gateway node receives the data packet sent by the external network;
互通网关节点查找到外部网络发送来的数据报文的目的用户的身份标识 对应的目的用户的位置标识, 将外部网络发送来的数据报文发送给目的用户 的位置标识对应的接入节点。 The identity of the destination user of the data message sent by the interworking gateway node to the external network The location identifier of the corresponding destination user sends the data packet sent by the external network to the access node corresponding to the location identifier of the destination user.
所述互通网关节点查找到所述外部网络发送来的数据 文的目的用户的 身份标识对应的目的用户的位置标识的步骤中,  And the step of the interworking gateway node searching for the location identifier of the destination user corresponding to the identity of the destination user of the data sent by the external network,
互通网关节点是从目的用户归属的存储有该目的用户的身份标识所对应 的位置标识的认证节点查找外部网络发送来的数据报文的目的用户的身份标 识对应的目的用户的位置标识; 或者  The interworking gateway node is a location identifier of the destination user corresponding to the identity identifier of the destination user that searches for the data packet sent by the external network from the authentication node to which the destination user belongs and stores the location identifier corresponding to the identity identifier of the destination user; or
互通网关节点是从其存储的映射关系中查找外部网络发送来的数据报文 的目的用户的身份标识对应的目的用户的位置标识。  The interworking gateway node is a location identifier of the destination user corresponding to the identity of the destination user that searches for the data packet sent by the external network from the stored mapping relationship.
其中, 将外部网络发送来的数据报文发送给目的用户的位置标识对应的 接入节点的步骤之前, 所述方法还包括:  The method further includes: before the step of sending the data packet sent by the external network to the access node corresponding to the location identifier of the destination user, the method further includes:
互通网关节点检查该互通网关节点上是否保存有目的用户的身份标识和 外部网络发送来的数据报文的目的端口的映射关系, 如果存在, 互通网关节 点根据端口映射关系进行端口映射。 的接入节点的步骤之前, 该方法还包括:  The interworking gateway node checks whether the mapping relationship between the identity identifier of the destination user and the destination port of the data packet sent by the external network is saved on the interworking gateway node. If yes, the interworking network joint point performs port mapping according to the port mapping relationship. Before the steps of the access node, the method further includes:
互通网关节点检查该互通网关节点上没有保存外部网络发送来的数据才艮 文中的目的用户的身份标识和目的用户终端的端口号的映射关系时, 增加该 目的用户的身份标识和目的用户终端的端口号的映射关系, 并将所述目的用 户的身份标识, 查找到的目的用户的位置标识, 目的用户终端的端口号, 和 针对外网的端口号保存到所增加的映射关系中; 其中目的用户终端的端口号 和针对外网的端口号相同。  The interworking gateway node checks whether the mapping between the identity of the destination user and the port number of the destination user terminal is not saved on the interworking gateway node, and the identity of the destination user and the destination user terminal are increased. The mapping of the port number, and the identity of the destination user, the location identifier of the destination user, the port number of the destination user terminal, and the port number for the external network are saved in the added mapping relationship; The port number of the user terminal is the same as the port number for the external network.
入节点的步骤包括: The steps to enter the node include:
所述互通网关节点在数据报文中增加目的地址, 该目的地址为查找到目 的用户的位置标识, 然后将增加了目的地址的数据报文发送到对应的接入节 点。  The interworking gateway node adds a destination address to the data packet, where the destination address is a location identifier of the user that is found, and then sends the data packet with the destination address added to the corresponding access node.
下文中将结合附图对本发明的实施例进行详细说明。 需要说明的是, 在 不冲突的情况下, 本申请中的实施例及实施例中的特征可以相互任意组合。 此外, 本发明的实施例中, 以 SILSN为例进行说明, 但本发明并不限于此, 同样可以应用于其他身份标识和位置标识分离的网络。 Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that In the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other. In addition, in the embodiment of the present invention, the SILSN is taken as an example for description, but the present invention is not limited thereto, and the same can be applied to other networks in which identity and location identification are separated.
现有的 SILSN和外网的互通方法中, SILSN中的用户终端向外网发送的 数据报文由 ASN直接交由 ISN转发, ASN在将数据报文转交给 ISN的时候, 不进行任何封装或替换工作, 数据报文只有目的 IP地址和源 IP地址, 没有 携带 ASN的位置信息。 这样当 ISN在转发回复给该 SILSN的用户终端的数 据报文(即反向数据报文) 时, 无法了解数据报文是从哪一个 ASN发出的, 所以反向数据报文也无法正常回复。  In the existing SILSN and the external network interworking method, the data packet sent by the user terminal in the SILSN to the external network is forwarded directly by the ASN to the ISN. When the ASN forwards the data packet to the ISN, the ASN does not perform any encapsulation or In the replacement work, the data packet has only the destination IP address and the source IP address, and does not carry the location information of the ASN. In this way, when the ISN forwards the data packet (ie, the reverse data packet) of the user terminal replied to the SILSN, it cannot know which ASN the data packet is sent from, so the reverse data packet cannot be replied normally.
为了使 ISN能够区分出发向外网的数据报文是经由哪个 ASN发到 ISN 的, 本发明修改了 ASN对外网的数据报文处理机制, 即 ASN向 ISN发送用 户终端发送给外部网络的数据报文时, 在该数据报文原有的 IP报文头(包括 UE标识和外网地址 )前添加该 ASN的 RID以及 ISN的地址。 因此, 本发明 中, ASN需要对 UE发往外网的数据报文加上外层的数据报文封装, 即增加 一个新的报文头。 具体来说, 就是 ASN把 UE发出的整个数据报文(即 IP 报文)作为一个新的数据报文的净荷, 即包括原 IP报文净荷和原 IP头 (UE 的标识(该 UE的标识包含有用户的身份标识 AID以及 UE的端口号)和外 网地址) , 在该数据 ^艮文净荷上增加新的 IP · ^艮文头, 而新 IP ^艮文头的源地 址, 设为用户终端所接入的 ASN的位置标识, 即 RID, 新数据 ^艮文的目的地 址设为 ISN的地址, 该数据报文的格式如图 3所示。  The present invention modifies the data packet processing mechanism of the ASN to the external network, that is, the ASN sends the data packet sent by the user terminal to the external network to the ISN to enable the ISN to distinguish the data packet from which the outgoing network is sent to the ISN. In this case, the RID of the ASN and the address of the ISN are added before the original IP packet header (including the UE identifier and the external network address) of the data packet. Therefore, in the present invention, the ASN needs to encapsulate the outer data packet with the data packet sent by the UE to the external network, that is, add a new packet header. Specifically, the ASN uses the entire data packet (ie, IP packet) sent by the UE as the payload of a new data packet, that is, the original IP packet payload and the original IP header (the identifier of the UE (the UE). The identifier includes the user's identity AID and the UE's port number) and the external network address), and a new IP is added to the data payload, and the source address of the new IP address is The location identifier of the ASN accessed by the user terminal, that is, the RID, the destination address of the new data is set to the address of the ISN, and the format of the data packet is as shown in FIG.
这样, 当数据报文从 ASN发往 ISN时, ISN在剥离新 IP报文头后, 就 可以分辨出此数据报文是从哪个 ASN发出的,从而有可能将外网返回的数据 报文发送到合适的 ASN。  In this way, when the data packet is sent from the ASN to the ISN, after the ISN strips the new IP packet header, the ISN can distinguish which ASN the data packet is sent from, so that it is possible to send the data packet returned by the external network. Go to the right ASN.
考虑到不同 ASN发来的相同源 AID的报文, 有可能来自于不同的用户 终端 (即不同的用户终端使用同一用户的身份标识接入网络) , 因此其端口 号也可能会重复。 如图 4所示, UE1和 UE2都发出了源 AID为 AID1 , 源端 口号为 5000的数据报文。对于这种情况,尽管 ISN记录了两个数据报文的源 RID , 但由于 IP地址和端口都一样, ISN将数据 4艮文发送到外网后, 所收到 的反向回复的数据报文的目的地址(即 AID1 )和目的端口就会完全相同, 这 样 ISN仍然无法把这些相同地址和相同端口的反向数据报文分发到正确的 ASN。 Considering that packets of the same source AID sent by different ASNs may come from different user terminals (that is, different user terminals use the same user's identity to access the network), the port number may also be duplicated. As shown in FIG. 4, both UE1 and UE2 send a data packet with a source AID of AID1 and a source port number of 5000. In this case, although the ISN records the source RID of the two data packets, since the IP address and the port are the same, the ISN sends the data message to the external network after receiving the data message. The destination address (ie AID1) and the destination port will be identical, this The ISN still cannot distribute reverse data packets of the same address and the same port to the correct ASN.
为解决这种特殊情况存在的问题, 本发明对 ISN处理数据报文的机制做 了进一步的改进, 在 ISN进行端口转换, 包括:  In order to solve the problem of the special case, the present invention further improves the mechanism for processing the data message by the ISN, and performs port conversion on the ISN, including:
对于正向传输的数据报文(即本 SILSN中的用户终端向外部网络传输的 数据报文), 当 ISN收到来自 ASN的新的数据报文时, 首先检查是否已有其 他 ASN发来的相同源 AID的数据报文, 如果有, 说明该用户釆用了多种接 入方式接入网络, 此时 ISN将检查此新的数据 文中的源端口是否和其他 ASN发来的相同 AID的数据报文中携带的源端口重复, 如果重复, 则将重复 的端口映射为一个不同的端口, 保存端口映射关系, 然后将进行端口映射后 的数据报文发送出去。 如图 5所示, 当 ISN收到 RID2和 RID5发来的数据报 文时, 检查到 RID1发来有相同源 AID1 以及相同源端口 23的数据报文, 将 RID2的重复的端口映射为源端口 9001 ,将 RID5的重复的端口映射为源端口 9002, 然后发送出去。  For a data message transmitted in the forward direction (that is, a data message transmitted by the user terminal to the external network in the SILSN), when the ISN receives a new data packet from the ASN, it first checks whether another ASN has sent it. The data packet of the same source AID, if any, indicates that the user accesses the network by using multiple access methods. At this time, the ISN will check whether the source port in the new data file is the same as the AID data sent by other ASNs. The source port is the same as that of the port. If the port is duplicated, the port is mapped to a different port. The port mapping relationship is saved. Then, the port-mapped data packet is sent out. As shown in Figure 5, when the ISN receives the data packet sent by RID2 and RID5, it checks that RID1 sends the same source AID1 and the same source port 23 data packet, and maps the duplicate port of RID2 to the source port. 9001, mapping the duplicate port of RID5 to source port 9002, and then sending it out.
当 ISN收到外网发来的数据报文时, 再根据已有的映射关系, 将端口号 重新映射回来。 如图 6所示, 当 ISN分别收到目的 AID1、 目的端口 9001的 数据报文, 和目的 AID1、 目的端口 9002的数据报文时, ISN根据已有的映 射关系,将数据报文的目的端口 9001和目的端口 9002均修改为目的端口 23 , 然后将数据报文发送出去。  When the ISN receives a data packet from the external network, it remaps the port number based on the existing mapping relationship. As shown in Figure 6, when the ISN receives the data packet of the destination AID1, the destination port 9001, and the data packet of the destination AID1 and the destination port 9002, the ISN uses the mapping relationship to the destination port of the data packet. Both the 9001 and the destination port 9002 are modified to the destination port 23, and then the data message is sent out.
其中, 在端口映射的时候 , 应该避开已被互联网工程任务组 ( Internet Among them, when port mapping, you should avoid the Internet Engineering Task Force (Internet)
Engineering Task Force , IETF )分西己々 口名端口。 Engineering Task Force, IETF) is divided into the name of the port.
为了简化处理, ISN也可以一开始就将携带同一用户的 AID 的所有的 ASN发来的数据报文中的源端口, 都依次进行端口映射处理。 如图 7所示, ISN对于从同一个 AID主动发出的数据报文, 都进行统一的端口映射, 比如 对 AID1 , 将位于 RID1 , 源端口为 23的 4艮文, 转换为端口为 9000的 4艮文; 将位于 RID9, 源端口为 23的报文, 转换为端口为 9001的报文。 这样, 即使 不同 ASN发来的相同源 AID和源端口的数据报文, ISN和外网服务器都能够 正确处理, 不至于导致数据"¾文混乱。 同时, 由于用户仍釆用自己的 AID, 所以不影响溯源和合法监听等安全性功能。 对于外网发起的数据报文,如果 ISN在本地源端口映射表中找不到对应 关系, 则不进行端口转换, 而直接封装后发送到对应的 ASN。 对于虽然是外 网发起的数据报文, 但是该数据报文携带的目的端口号也能够在本地源端口 映射表中找到该数据报文的目的端口号, 则说明该用户使用该目的端口号向 外网发送过数据报文, 此时, 直接将数据报文中的目的端口号根据本地源端 口映射表进行映射后, 发送数据报文。 如果 ISN上查询不到该数据报文的目 的 AID对应的 RID,需要向 ILR查询该目的 AID对应的用户终端接入的 ASN 的 RID。 此时, 如果向 ILR查询到该 AID对应多个 RID时, 可以按照 ILR返 回的缺省的优先级顺序或随机选取一个 RID对应的 ASN将该数据报文发送给 目的 AID对应的用户终端。 In order to simplify the processing, the ISN can also perform port mapping processing in sequence on the source ports in the data packets sent by all the ASNs carrying the AID of the same user. As shown in Figure 7, the ISN performs a uniform port mapping for data packets sent from the same AID. For example, for AID1, the IID will be located in RID1, and the source port is 23, which translates to 4 ports.艮文; The packet with the source port of 23 in RID9 is converted to the packet with port 9001. In this way, even if the data packets of the same source AID and source port sent by different ASNs can be processed correctly by the ISN and the external network server, the data will not be confused. At the same time, since the user still uses his own AID, It does not affect security functions such as traceability and lawful interception. If the ISN does not find a mapping in the local source port mapping table, the port is not directly translated and sent to the corresponding ASN. For the data packet initiated by the external network, but the destination port number carried in the data packet can also find the destination port number of the data packet in the local source port mapping table, indicating that the user uses the destination port number to The external network sends a data packet. At this time, the destination port number in the data packet is directly mapped according to the local source port mapping table, and the data packet is sent. If the RID corresponding to the destination AID of the data packet is not queried, the ILR needs to query the ILR for the RID of the ASN accessed by the user terminal corresponding to the destination AID. At this time, if the AIR is queried to the ILR, the data message is sent to the user terminal corresponding to the destination AID according to the default priority sequence returned by the ILR or randomly selecting an ASN corresponding to the RID.
下面结合附图给出 ISN进行端口映射的应用示例。 ISN需要对两个方向 的数据报文进行处理, 第一是内网发到外网的数据报文, 下文称为正向数据 报文处理。 第二是外网发到内网的数据报文, 下文称为反向数据报文处理。 An application example of port mapping by the ISN is given below with reference to the accompanying drawings. The ISN needs to process data packets in both directions. The first is the data packet sent by the internal network to the external network, which is referred to as forward data packet processing. The second is the data packet sent by the external network to the internal network, which is hereinafter referred to as reverse data packet processing.
应用示例一, 正向数据报文处理流程  Application example 1, forward data packet processing flow
本应用示例中, ISN对 ASN发来的正向数据报文的处理流程如图 7所示, 包括:  In this application example, the processing flow of the forward data packet sent by the ISN to the ASN is as shown in FIG. 7, and includes:
步骤 801 : ISN收到 SILSN中的 ASN发来发送给外网的数据报文, 流程 开始, 其中, 该 ASN发来的数据报文中封装了一个新的 IP头, 该新的 IP头 包括: ASN的 RID, 即源 RID, 以及 ISN的地址, 并且该数据报文中还携带 有源 AID以及源端口号。  Step 801: The ISN receives a data packet sent by the ASN in the SILSN to the external network, and the process begins. The data packet sent by the ASN encapsulates a new IP header, and the new IP header includes: The RID of the ASN, that is, the source RID, and the address of the ISN, and the data packet also carries the active AID and the source port number.
步骤 802: ISN对数据报文解封装, 提取数据报文中的源 RID, 以及源 AID和源端口号;  Step 802: The ISN decapsulates the data packet, and extracts a source RID, a source AID, and a source port number in the data packet.
步骤 803: ISN以该数据报文中携带的源 AID以及源端口号为索引, 搜 索本地端口映射表中是否已有相同映射关系存在; 如果搜索不到, 执行步骤 804; 如果搜索到, 执行步骤 805;  Step 803: The ISN searches for the same mapping relationship in the local port mapping table by using the source AID and the source port number carried in the data packet. If the search fails, the process proceeds to step 804. If the search is performed, the step is performed. 805;
步骤 804: 如果在本地端口映射表中没有找到该源 AID与源端口号的映 射关系, 则对源端口号进行映射, 并将映射关系保存于本地端口映射表中, 执行步骤 806。 Step 804: If the mapping between the source AID and the source port number is not found in the local port mapping table, the source port number is mapped, and the mapping relationship is saved in the local port mapping table. Go to step 806.
步骤 805: 根据本地端口映射表中的端口映射关系, 将数据报文的源端 口进行映射;  Step 805: Map the source port of the data packet according to the port mapping relationship in the local port mapping table.
步骤 806: 将端口映射后的数据 "^文发送到外网, 流程结束。  Step 806: Send the port-mapped data to the external network, and the process ends.
应用示例二, 反向数据报文处理流程  Application example 2, reverse data packet processing flow
反向数据报文处理时, 由于对于外网发来的数据报文, ISN上不一定保 存有该数据报文中目的 AID的位置信息。如果 ISN没有该目的 AID的位置信 息, 需要向 ILR发起位置查询操作。 另外, 对于从外网直接发起的数据报文, 不进行端口转换, 或者说转换前和转换后的端口号相同。 本应用施例中, ISN 对外网发来的数据报文的处理的流程如图 9所示, 包括:  When the reverse data packet is processed, the location information of the destination AID in the data packet is not necessarily saved on the ISN due to the data packet sent from the external network. If the ISN does not have location information for the destination AID, a location query operation needs to be initiated to the ILR. In addition, for data packets directly initiated from the external network, no port conversion is performed, or the port numbers before and after conversion are the same. In this application example, the process of processing data packets sent by the ISN to the external network is as shown in FIG. 9, including:
步骤 901 : ISN收到外网发送的数据报文, 流程开始。  Step 901: The ISN receives the data packet sent by the external network, and the process begins.
步骤 902: ISN检查本 ISN中是否已经存在 AID (即数据报文中的目的 IP地址)的位置信息, 即与该数据报文目的 AID与 RID的对应关系; 如果存 在, 执行步骤 903 , 如果不存在, 执行步骤 910。  Step 902: The ISN checks whether the location information of the AID (that is, the destination IP address in the data packet) exists in the ISN, that is, the mapping relationship between the AID and the RID of the data packet. If yes, go to step 903. If yes, go to step 910.
步骤 903: 如果已经存在该目的 AID的位置信息, 则进一步检查本数据 报文中携带的目的 AID和目的端口是否已经存在于本地端口映射表中, 如果 不存在, 转到步骤 904, 如果存在, 转到步骤 920。  Step 903: If the location information of the destination AID already exists, further check whether the destination AID and the destination port carried in the data packet are already in the local port mapping table. If not, go to step 904, if yes, Go to step 920.
步骤 904: 将本数据报文中携带的目的 AID和目的端口存储于本地映射 表中, 将转换前和转换后的端口号设为相同。  Step 904: The destination AID and the destination port carried in the data packet are stored in the local mapping table, and the port numbers before and after the conversion are set to be the same.
执行本步骤之后, 如果后续 ISN接收到发送给该目的 AID的数据报文, After performing this step, if the subsequent ISN receives the data packet sent to the destination AID,
ISN可以直接从本地映射表中查找到该目的 AID对应的 RID,从而无需从 ILR 上查询该目的 AID的位置信息。 The ISN can directly find the RID corresponding to the destination AID from the local mapping table, so that the location information of the destination AID does not need to be queried from the ILR.
步骤 905: ISN按照现有技术直接在数据报文上增加外层的 IP报文头, 该 IP报文头将目的地址设为 ASN地址, 然后发送到对应的 ASN, 流程结束。  Step 905: The ISN adds an outer IP packet header to the data packet according to the prior art. The IP packet header sets the destination address to the ASN address, and then sends the packet to the corresponding ASN, and the process ends.
步骤 910: 如果 ISN中未保存 AID和 RID的对应关系, ISN向 ILR发起 位置查询操作 , 查询 AID对应的 RID , 当接收到 ILR返回的 AID和 RID的 对应关系后, 执行步骤 904。  Step 910: If the mapping between the AID and the RID is not saved in the ISN, the ISN initiates a location query operation to the ILR, and queries the RID corresponding to the AID. After receiving the correspondence between the AID and the RID returned by the ILR, step 904 is performed.
步骤 920: 根据本地端口映射表, 进行端口映射后, 即将数据报文的目 的地址置换为端口映射表中查出的端口, 然后在数据 文上增加外层 IP头封 装后, 将外层 IP头封装的目的地址设为查询到的 ASN的 RID, 然后发送到 对应 ASN, 流程结束。 Step 920: After the port mapping is performed according to the local port mapping table, the data packet is about to be translated. The address is replaced with the port detected in the port mapping table, and then the outer IP header encapsulation is added to the data file, and the destination address of the outer IP header encapsulation is set to the RID of the queried ASN, and then sent to the corresponding ASN. The process ends.
本实施例还提供了一种互通网关设备, 如图 10所述, 应用于身份标识和 位置标识分离的网络, 该互通网关设备包括:  The embodiment further provides an interworking gateway device, as described in FIG. 10, which is applied to a network in which an identity identifier and a location identifier are separated, and the interworking gateway device includes:
接收模块, 其设置成接收接入节点发送的源用户终端发送给外部网络的 携带有源用户的身份标识的数据报文, 其中, 接入节点在该数据报文添加了 该接入节点的位置标识以及互通网关设备的地址;  a receiving module, configured to receive a data packet that is sent by the source user terminal and sent by the source user terminal to the external network, and the access node adds the location of the access node to the data packet. Identify and address the interworking gateway device;
报文处理模块, 其设置成将接入节点添加的接入节点的位置标识以及互 通网关节点的地址剥离, 并将所述数据报文的所述接入节点的位置标识与所 述用户终端对应的身份标识发送给存储模块, 将处理后的数据报文发送给发 送模块; 以及  a message processing module, configured to strip the location identifier of the access node added by the access node and the address of the interworking gateway node, and associate the location identifier of the access node of the data packet with the user terminal The identity identifier is sent to the storage module, and the processed data packet is sent to the sending module;
存储模块, 其设置成记录所述数据报文的所述接入节点的位置标识与所 述用户终端对应的身份标识的映射关系; 以及  a storage module, configured to record a mapping relationship between a location identifier of the access node of the data packet and an identity identifier corresponding to the user terminal;
发送模块, 其设置成向外部网络发送所述数据报文。  And a sending module, configured to send the data message to an external network.
优选地, 报文处理模块还设置成将源用户终端的端口号映射为针对外部 网络的端口号, 并将源用户终端的端口号和针对外部网络的端口号发送给存 储模块, 将端口映射后的数据报文发送给发送模块;  Preferably, the message processing module is further configured to map the port number of the source user terminal to a port number for the external network, and send the port number of the source user terminal and the port number for the external network to the storage module, and map the port. The data packet is sent to the sending module;
存储模块还设置成将源用户终端的端口号和针对外部网络的端口号记录 到与该源用户终端对应的源用户的身份标识的映射关系中;  The storage module is further configured to record the port number of the source user terminal and the port number for the external network to the mapping relationship of the identity of the source user corresponding to the source user terminal;
发送模块是向外部网络发送进行端口映射后的数据报文。  The sending module sends a data packet after port mapping to the external network.
其中, 报文处理模块是用于按如下方式将源用户终端的端口号映射为针 对外部网络的端口号:  The message processing module is configured to map the port number of the source user terminal to the port number for the external network as follows:
检查是否存在与本次接收到的数据报文具有相同源用户的身份标识、 相 同源用户终端的端口号和不同接入节点的位置标识的已接收到的数据报文, 如果存在, 报文处理模块在存储模块中查找包含该源用户的身份标识和 源用户终端的端口号的映射关系, 如果未找到, 将本次接收到的数据报文的 源用户终端的端口号映射为针对外部网络的端口号; 如果找到, 则将本数据 报文中的源用户终端的端口号映射为与所找到的映射关系中相同的源用户的 身份标识对应的针对外网的端口号所不同的针对外网的端口号; Check whether there is a received data packet with the identity of the same source user, the port number of the same source user terminal, and the location identifier of the different access node. The module searches the storage module for the mapping relationship between the identity of the source user and the port number of the source user terminal. If not found, the port number of the source user terminal of the received data packet is mapped to the external network. Port number; if found, this data will be The port number of the source user terminal in the packet is mapped to a port number for the external network different from the port number of the source network corresponding to the identity of the source user in the found mapping relationship;
如果报文处理模块检查到不存在与本次接收到的数据报文具有相同源用 户的身份标识、 相同源用户终端的端口号和不同接入节的位置标识的已接收 到的数据报文, 则向发送模块发送未经端口映射的数据报文。  If the packet processing module detects that there is no received data packet with the identity of the same source user, the port number of the same source user terminal, and the location identifier of the different access node, the data packet received by the packet is not present. Then, the data packet that is not port mapped is sent to the sending module.
或者  Or
报文处理模块是设置成按如下方式将源用户终端的端口号映射为针对外 部网络的端口号:  The message processing module is configured to map the port number of the source user terminal to the port number for the external network as follows:
将所有具有同一源用户的身份标识、 同一用户终端的端口号和不同源用 户的位置标识的数据报文中的源用户终端的端口号依次映射为不同的针对外 网的端口号。  The port numbers of the source user terminals in the data packets of the same source user, the port number of the same user terminal, and the location identifier of the different source users are sequentially mapped to different port numbers for the external network.
其中, 报文处理模块还设置成在接收所述数据报文后, 检查存储模块中 是否存在包含本次接收到的数据报文中的源用户的身份标识、 源用户终端的 端口号和接入节点的位置标识的映射关系, 如果存在, 则根据检查到的映射 关系将所述源用户端口号映射为对应的针对外网的端口号。  The packet processing module is further configured to: after receiving the data packet, check whether the identity identifier of the source user, the port number of the source user terminal, and the access in the data module that are received in the current storage module are included in the storage module. A mapping relationship between the location identifiers of the nodes, if yes, mapping the source user port number to a corresponding port number for the external network according to the checked mapping relationship.
优选地, 接收模块还设置成接收外部网络发送来的数据报文; 以及 报文处理模块还设置成查找外部网络发送来的数据报文的目的用户的身 份标识对应的目的用户的位置标识, 并将目的用户的位置标识发送给发送模 块;  Preferably, the receiving module is further configured to receive the data message sent by the external network; and the message processing module is further configured to: find the location identifier of the destination user corresponding to the identity of the destination user of the data message sent by the external network, and Sending the location identifier of the destination user to the sending module;
发送模块还设置成将外部网络发送来的数据报文发送给目的用户的位置 标识对应的接入节点。  The sending module is further configured to send the data packet sent by the external network to the access node corresponding to the location identifier of the destination user.
其中, 报文处理模块还设置成检查所述存储模块中是否保存有目的用户 的身份标识和外部网络发送来的数据报文的目的端口的映射关系, 如果有, 根据映射关系进行端口映射。  The message processing module is further configured to check whether the mapping relationship between the identity identifier of the destination user and the destination port of the data packet sent by the external network is saved in the storage module, and if yes, port mapping is performed according to the mapping relationship.
其中, 报文处理模块还设置成在检查到该互通网关节点上没有保存外部 网络发送来的数据报文中的目的用户的身份标识和目的用户终端的端口号的 映射关系时, 将目的用户的身份标识, 查找到的目的用户的位置标识, 目的 用户终端的端口号, 和针对外网的端口号发送给存储模块; 存储模块还设置成增加外部网络发送来的数据报文中的目的用户的身份 标识和目的用户终端的端口号的映射关系, 并将目的用户的身份标识, 查找 到的目的用户的位置标识, 目的用户终端的端口号, 和针对外网的端口号保 存到所增加的映射关系中; 其中目的用户终端的端口号和针对外网的端口号 相同。 The message processing module is further configured to: when it is checked that the interworking gateway node does not save the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal in the data packet sent by the external network, the destination user The identity identifier, the location identifier of the destination user, the port number of the destination user terminal, and the port number for the external network are sent to the storage module; The storage module is further configured to increase a mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal in the data packet sent by the external network, and identify the identity of the destination user, and locate the location identifier of the destination user. The port number of the user terminal and the port number for the external network are saved in the added mapping relationship; wherein the port number of the destination user terminal is the same as the port number for the external network.
其中, 发送模块是设置成按如下方式将所述外部网络发送来的数据报文 发送给目的用户的位置标识对应的接入节点:  The sending module is configured to send the data packet sent by the external network to the access node corresponding to the location identifier of the destination user as follows:
在数据 中增加目的地址,该目的地址为查找到目的用户的位置标识, 然后将增加了目的地址的数据报文发送到对应的接入节点。  The destination address is added to the data, and the destination address is a location identifier of the destination user, and then the data packet with the destination address added is sent to the corresponding access node.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序 来指令相关硬件完成, 所述程序可以存储于计算机可读存储介质中, 如只读 存储器、 磁盘或光盘等。 可选地, 上述实施例的全部或部分步骤也可以使用 一个或多个集成电路来实现。 相应地, 上述实施例中的各模块 /单元可以釆用 硬件的形式实现, 也可以釆用软件功能模块的形式实现。 本发明不限制于任 何特定形式的硬件和软件的结合。 One of ordinary skill in the art will appreciate that all or a portion of the above steps may be accomplished by a program instructing the associated hardware, such as a read-only memory, a magnetic disk, or an optical disk. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiment may be implemented in the form of hardware or in the form of a software function module. The invention is not limited to any specific form of combination of hardware and software.
以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围并不局限 于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易 想到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护 范围应以权利要求所述的保护范围为准。  The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the claims.
工业实用性 Industrial applicability
与现有技术相比, 本发明使得用户在釆用多种接入方式接入时, 用同一 AID 可以顺利访问外部网络, 使基于外网的基本业务可以正常实现, 且便于 监听和溯源, 提高了系统安全性。  Compared with the prior art, the present invention enables the user to smoothly access the external network by using the same AID when accessing multiple access modes, so that the basic services based on the external network can be implemented normally, and the monitoring and traceability are facilitated. System security.

Claims

权 利 要 求 书 Claim
1、一种用户终端在多种接入方式时和外部网络的互通方法,其特征在于, 所述方法应用于身份标识和位置标识分离的网络, 该方法包括: A method for interworking between a user terminal and an external network in a plurality of access modes, wherein the method is applied to a network in which identity identification and location identification are separated, and the method includes:
接入节点向互通网关节点发送源用户终端发送给外部网络的携带有该源 用户终端对应的源用户的身份标识的数据报文, 其中, 所述接入节点在该数 据才艮文中添加了所述接入节点的位置标识以及互通网关节点的地址;  The access node sends, to the interworking gateway node, a data packet that is sent by the source user terminal to the external network and carries the identity of the source user corresponding to the source user terminal, where the access node adds the information in the data Describe the location identifier of the access node and the address of the interworking gateway node;
互通网关节点接收所述数据报文, 剥离所述接入节点的位置标识以及互 通网关节点的地址, 记录所述接入节点的位置标识与所述源用户的身份标识 的映射关系; 以及  The interworking gateway node receives the data packet, strips the location identifier of the access node, and the address of the interworking gateway node, and records the mapping relationship between the location identifier of the access node and the identity identifier of the source user;
互通网关节点向外部网络发送所述数据报文。  The interworking gateway node sends the data packet to the external network.
2、如权利要求 1所述的方法, 其在记录所述接入节点的位置标识与所述 源用户的身份标识的映射关系的步骤之后, 还包括: 所述互通网关节点将源用户终端的端口号映射为针对外部网络的端口 号, 并将所述源用户终端的端口号和针对外部网络的端口号记录到所述映射 关系中; The method of claim 1, after the step of recording the mapping relationship between the location identifier of the access node and the identity identifier of the source user, the method further includes: the interworking gateway node is the source user terminal The port number is mapped to a port number for the external network, and the port number of the source user terminal and the port number for the external network are recorded in the mapping relationship;
互通网关节点向外部网络发送所述数据"¾文的步骤包括: 所述互通网关 节点在进行端口号映射后发送所述数据报文。  The step of the interworking gateway node transmitting the data to the external network includes: the interworking gateway node transmitting the data packet after performing port number mapping.
3、 如权利要求 2所述的方法, 其中, 所述互通网关节点将源用户终端的 端口号映射为针对外部网络的端口号的步骤包括: 3. The method according to claim 2, wherein the step of the interworking gateway node mapping the port number of the source user terminal to the port number for the external network comprises:
所述互通网关节点检查是否存在与本次接收到的数据报文具有相同源用 户的身份标识、 相同源用户终端的端口号和不同接入节点的位置标识的已接 收到的数据报文,  The interworking gateway node checks whether there is a received data packet with the identity of the same source user, the port number of the same source user terminal, and the location identifier of the different access node.
如果存在, 所述互通网关节点查找包含所述源用户的身份标识和源用户 终端的端口号的映射关系, 如果未找到, 将本次接收到的数据报文的源用户 终端的端口号映射为针对外部网络的端口号; 如果查找到, 则将本次接收到 的数据报文中的源用户终端的端口号映射为与所查找到的映射关系中所述源 用户的身份标识对应的针对外部网络的端口号所不同的针对外部网络的端口 号; If yes, the interworking gateway node searches for a mapping relationship between the identity identifier of the source user and the port number of the source user terminal. If not found, the port number of the source user terminal of the received data packet is mapped to Port number of the external network; if found, mapping the port number of the source user terminal in the data packet received this time to the source in the found mapping relationship The port number of the user corresponding to the external network corresponding to the port number of the external network;
所述方法还包括: 如果所述互通网关节点检查到不存在与本次接收到的 数据报文具有相同源用户的身份标识、 相同源用户终端的端口号和不同接入 节点的位置标识的已接收到的数据报文, 则不执行将源用户终端的端口号映 射为针对外部网络的端口号的步骤, 直接向外部网络发送本次接收到的数据 报文。  The method further includes: if the interworking gateway node detects that there is no identity identifier of the same source user, a port number of the same source user terminal, and a location identifier of a different access node that is different from the data packet received this time. The received data packet does not perform the step of mapping the port number of the source user terminal to the port number of the external network, and directly transmits the data packet received this time to the external network.
4、 如权利要求 2所述的方法, 其中, 所述互通网关节点将源用户终端的 端口号映射为针对外部网络的端口号的步骤包括: 4. The method according to claim 2, wherein the step of the interworking gateway node mapping the port number of the source user terminal to the port number for the external network comprises:
所述互通网关节点将所有具有同一源用户的身份标识、 同一源用户终端 的端口号和不同源用户的位置标识的数据报文中的源用户终端的端口号依次 映射为不同的针对外部网络的端口号。  The interworking gateway node sequentially maps the port numbers of the source user terminals in the data packets of the same source user, the port number of the same source user terminal, and the location identifier of the different source users to different external networks. The port number.
5、 如权利要求 2所述的方法, 还包括: 5. The method of claim 2, further comprising:
所述互通网关节点接收到数据报文后, 检查是否存在包含本次接收到的 数据报文中的源用户的身份标识、 源用户终端的端口号和接入节点的位置标 识的映射关系, 如果存在, 则根据所检查到的映射关系, 将本次接收到的数 据报文的源用户终端的端口号映射为针对外部网络的端口号后, 直接向外部 网络发送本次接收到的数据报文。  After receiving the data packet, the interworking gateway node checks whether there is a mapping relationship between the identity identifier of the source user, the port number of the source user terminal, and the location identifier of the access node in the data packet received this time. If yes, the port number of the source user terminal of the received data packet is mapped to the port number of the external network according to the detected mapping relationship, and the data packet received this time is directly sent to the external network. .
6、 如权利要求 1或 2或 3所述的方法, 还包括: 6. The method of claim 1 or 2 or 3, further comprising:
所述互通网关节点接收到外部网络发送来的数据报文; 以及  Receiving, by the interworking gateway node, a data packet sent by an external network;
所述互通网关节点查找到所述外部网络发送来的数据 文的目的用户的 身份标识对应的目的用户的位置标识, 将所述外部网络发送来的数据报文发 送给所述目的用户的位置标识对应的接入节点。  The interworking gateway node searches for the location identifier of the destination user corresponding to the identity of the destination user of the data message sent by the external network, and sends the data packet sent by the external network to the location identifier of the destination user. Corresponding access node.
7、 如权利要求 6所述的方法, 其中, 所述互通网关节点查找到所述目的 用户的位置标识的步骤中, 7. The method according to claim 6, wherein the step of the interworking gateway node finding the location identifier of the destination user,
所述互通网关节点是从所述目的用户归属的存储有所述目的用户的位置 标识的认证节点查找所述目的用户的位置标识; 或者 所述互通网关节点是从已记录的映射关系中查找所述目的用户的位置标 识。 The interworking gateway node is configured to search for a location identifier of the destination user from an authentication node that is stored by the destination user and that stores the location identifier of the destination user; or The interworking gateway node searches for a location identifier of the destination user from the recorded mapping relationship.
8、如权利要求 6所述的方法, 其在将所述外部网络发送来的数据报文发 送给所述目的用户的位置标识对应的接入节点的步骤之前, 还包括: The method of claim 6, before the step of sending the data packet sent by the external network to the access node corresponding to the location identifier of the destination user, the method further includes:
所述互通网关节点检查该互通网关节点上是否保存有所述目的用户的身 份标识和所述外部网络发送来的数据报文的目的用户终端的端口号的映射关 系, 如果存在, 根据检查到的映射关系进行端口号映射。  The interworking gateway node checks whether the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal of the data packet sent by the external network is saved on the interworking gateway node, if yes, according to the checked The mapping relationship is performed by port number mapping.
9、如权利要求 7或 8所述的方法, 其在将所述外部网络发送来的数据报 文发送给所述目的用户的位置标识对应的接入节点的步骤之前, 还包括: 所述互通网关节点检查该互通网关节点上没有保存所述目的用户的身份 标识和所述外部网络发送来的数据报文的目的用户终端的端口号的映射关系 时, 则增加所述目的用户的身份标识和目的用户终端的端口号的映射关系, 并将所述目的用户的身份标识, 查找到的所述目的用户的位置标识, 目的用 户终端的端口号, 和针对外部网络的端口号保存到所增加的映射关系中; 其 中所述目的用户终端的端口号和针对外部网络的端口号相同。 The method of claim 7 or 8, before the step of transmitting the data packet sent by the external network to the access node corresponding to the location identifier of the destination user, the method further includes: the interworking When the gateway node checks that the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal of the data packet sent by the external network is not saved on the interworking gateway node, the identity identifier of the destination user is increased. The mapping of the port number of the destination user terminal, and the identity of the destination user, the location identifier of the destination user, the port number of the destination user terminal, and the port number for the external network are saved to the added In the mapping relationship, the port number of the destination user terminal is the same as the port number for the external network.
10、 如权利要求 6所述的方法, 其中, 将所述外部网络发送来的数据报 文发送给所述目的用户的位置标识对应的接入节点的步骤包括: The method of claim 6, wherein the step of transmitting the data message sent by the external network to the access node corresponding to the location identifier of the destination user comprises:
所述互通网关节点在接收到的数据报文中增加目的地址, 该目的地址为 查找到的目的用户的位置标识, 然后将增加了目的地址的数据报文发送到该 目的地址对应的接入节点。  The interworking gateway node adds a destination address to the received data packet, where the destination address is the location identifier of the discovered destination user, and then sends the data packet with the destination address added to the access node corresponding to the destination address. .
11、 如权利要求 7所述的方法, 其中, 所述身份标识和位置标识分离的 网络为用户身份标识和位置分离网络(SILSN ) ; 所述接入节点为接入服务 器(ASN ) , 所述认证节点为身份标识和位置登记寄存器(ILR ) , 所述身份 标识为接入标识符(AID ) , 所述位置标识为路由标识符(RID ) 。 The method according to claim 7, wherein the network in which the identity identifier and the location identifier are separated is a user identity identifier and a location separation network (SILSN); the access node is an access server (ASN), The authentication node is an identity and location registration register (ILR), the identity is an access identifier (AID), and the location identifier is a route identifier (RID).
12、 一种互通网关设备, 其特征在于, 应用于身份标识和位置标识分离 的网络, 该互通网关设备包括: 接收模块, 其设置成接收接入节点发送的源用户终端发送给外部网络的 携带有该源用户终端所对应的源用户的身份标识的数据报文, 其中, 所述接 入节点在该数据报文添加了所述接入节点的位置标识以及互通网关设备的地 址; An interworking gateway device, which is characterized in that it is applied to a network in which an identity identifier and a location identifier are separated, and the interworking gateway device includes: a receiving module, configured to receive, by the source user terminal, a data packet that is sent by the source user terminal to the external network and that carries the identity of the source user corresponding to the source user terminal, where the access node is in the datagram The location identifier of the access node and the address of the interworking gateway device are added;
报文处理模块, 其设置成将所述接入节点的位置标识以及互通网关设备 的地址从所述数据报文中剥离后, 将所述接入节点的位置标识与所述源用户 的身份标识发送给存储模块, 将所述数据报文发送给发送模块;  a message processing module, configured to: after the location identifier of the access node and the address of the interworking gateway device are stripped from the data packet, the location identifier of the access node and the identity identifier of the source user Sending to the storage module, and sending the data packet to the sending module;
存储模块, 其设置成记录所述接入节点的位置标识与所述源用户的身份 标识的映射关系; 以及  a storage module, configured to record a mapping relationship between a location identifier of the access node and an identity identifier of the source user;
发送模块, 其设置成向外部网络发送所述数据报文。  And a sending module, configured to send the data message to an external network.
13、 如权利要求 12所述的互通网关设备, 其中, 13. The interworking gateway device according to claim 12, wherein
所述报文处理模块还设置成: 将源用户终端的端口号映射为针对外部网 络的端口号, 并将源用户终端的端口号和针对外部网络的端口号发送给存储 模块, 并设置成是将经过端口号映射后的数据报文发送给所述发送模块; 所述存储模块还设置成将源用户终端的端口号和针对外部网络的端口号 记录到所述映射关系中;  The packet processing module is further configured to: map the port number of the source user terminal to a port number for the external network, and send the port number of the source user terminal and the port number for the external network to the storage module, and set to be Transmitting, by the port number, the data packet to the sending module; the storage module is further configured to record the port number of the source user terminal and the port number for the external network into the mapping relationship;
所述发送模块是设置成向外部网络发送所述经过端口号映射后的数据报 文。  The sending module is configured to send the data packet after the port number mapping to the external network.
14、 如权利要求 13所述的互通网关设备, 其中, 所述报文处理模块是设 置成按如下方式将源用户终端的端口号映射为针对外部网络的端口号: The interworking gateway device according to claim 13, wherein the message processing module is configured to map the port number of the source user terminal to a port number for the external network as follows:
接收到数据报文后, 检查是否存在与本次接收到的数据报文具有相同源 用户的身份标识、 相同源用户终端的端口号和不同接入节点的位置标识的已 接收到的数据报文,  After receiving the data packet, check whether there is a received data packet with the identity of the same source user, the port number of the same source user terminal, and the location identifier of the different access node. ,
如果存在, 在所述存储模块中查找包含该源用户的身份标识和源用户终 端的端口号的映射关系, 如果未找到, 将本次接收到的数据报文的源用户终 端的端口号映射为针对外部网络的端口号; 如果找到包含该源用户的身份标 识和源用户终端的端口号的映射关系, 则将本次接收到的数据报文中的源用 户终端的端口号映射为与所查找到的映射关系中源用户的身份标识对应的针 对外部网络的端口号所不同的针对外部网络的端口号; If yes, the mapping between the identity of the source user and the port number of the source user terminal is searched in the storage module. If not found, the port number of the source user terminal of the received data packet is mapped to Port number for the external network; if the mapping between the identity of the source user and the port number of the source user terminal is found, the source in the data packet received this time is used. The port number of the user terminal is mapped to a port number for the external network different from the port number of the external network corresponding to the identity of the source user in the found mapping relationship;
所述报文处理模块还设置成: 如果检查到不存在与本次接收到的数据报 文具有相同源用户的身份标识、 相同源用户终端的端口号和不同接入节点的 位置标识的已接收到的数据报文, 则直接向所述发送模块发送未经端口号映 射的数据报文。  The packet processing module is further configured to: if it is found that there is no identity identifier of the same source user, a port number of the same source user terminal, and a location identifier of a different access node that is received by the data packet received this time The data packet to be sent directly sends the data packet without the port number mapping to the sending module.
15、 如权利要求 13所述的互通网关设备, 其中, 所述报文处理模块是设 置成按如下方式将源用户终端的端口号映射为针对外部网络的端口号: The interworking gateway device according to claim 13, wherein the message processing module is configured to map the port number of the source user terminal to a port number for the external network as follows:
将所有具有同一源用户的身份标识、 同一源用户终端的端口号和不同源 用户的位置标识的数据报文中的源用户终端的端口号依次映射为不同的针对 外部网络的端口号。  The port numbers of the source user terminals in the data packets of the same source user, the port number of the same source user terminal, and the location identifier of the different source users are sequentially mapped to different port numbers for the external network.
16、 如权利要求 13所述的互通网关设备, 其中, 16. The interworking gateway device of claim 13, wherein
所述报文处理模块还设置成: 在接收到数据报文后, 检查所述存储模块 中是否存在包含本次接收到的数据报文中的源用户的身份标识、 源用户终端 的端口号和接入节点的位置标识的映射关系, 如果存在, 则根据所检查到的 映射关系, 将本次接收到的数据报文的源用户端口号映射为针对外部网络的 端口号。  The packet processing module is further configured to: after receiving the data packet, check whether the identity identifier of the source user, the port number of the source user terminal, and the source user terminal in the data packet received by the current storage module are The mapping of the location identifier of the access node, if any, maps the source user port number of the received data packet to the port number for the external network according to the detected mapping relationship.
17、 如权利要求 12或 13或 14所述的互通网关设备, 其中, 17. The interworking gateway device according to claim 12 or 13 or 14, wherein
所述接收模块还设置成接收外部网络发送来的数据报文; 以及  The receiving module is further configured to receive a data message sent by an external network;
所述报文处理模块还设置成: 查找所述外部网络发送来的数据报文的目 的用户的身份标识对应的目的用户的位置标识, 并将所述目的用户的位置标 识发送给所述发送模块;  The packet processing module is further configured to: search for a location identifier of the destination user corresponding to the identity identifier of the destination user of the data packet sent by the external network, and send the location identifier of the destination user to the sending module ;
所述发送模块还设置成将所述外部网络发送来的数据报文发送给所述目 的用户的位置标识对应的接入节点。  The sending module is further configured to send the data packet sent by the external network to the access node corresponding to the location identifier of the target user.
18、 如权利要求 17所述的互通网关设备, 其中, 18. The interworking gateway device of claim 17, wherein
所述报文处理模块还设置成检查所述存储模块中是否保存有所述目的用 户的身份标识和所述外部网络发送来的数据报文的目的用户终端的端口号的 映射关系, 如果有, 根据所检查到的映射关系进行端口号映射。 The message processing module is further configured to check whether the destination is saved in the storage module The mapping relationship between the identity of the user and the port number of the destination user terminal of the data packet sent by the external network, if yes, the port number mapping according to the checked mapping relationship.
19、 如权利要求 17或 18所述的互通网关设备, 其中,  19. The interworking gateway device according to claim 17 or 18, wherein
所述报文处理模块还设置成: 检查到所述存储模块上没有保存所述外部 网络发送来的数据报文中的目的用户的身份标识和目的用户终端的端口号的 映射关系时, 将所述目的用户的身份标识, 查找到的所述目的用户的位置标 识, 目的用户终端的端口号, 和针对外部网络的端口号发送给所述存储模块; 所述存储模块还设置成增加所述目的用户的身份标识和目的用户终端的 端口号的映射关系, 将所述目的用户的身份标识, 查找到的目的用户的位置 标识, 目的用户终端的端口号, 和针对外部网络的端口号保存到所增加的映 射关系中; 其中所述目的用户终端的端口号和针对外部网络的端口号相同。  The packet processing module is further configured to: when the storage module does not save the mapping relationship between the identity identifier of the destination user and the port number of the destination user terminal in the data packet sent by the external network, Determining the identity of the destination user, the location identifier of the destination user, the port number of the destination user terminal, and the port number for the external network are sent to the storage module; the storage module is further configured to increase the purpose The mapping between the identity of the user and the port number of the destination user terminal, the identity of the destination user, the location identifier of the destination user, the port number of the destination user terminal, and the port number for the external network are saved to the location. In the added mapping relationship, the port number of the destination user terminal is the same as the port number for the external network.
20、 如权利要求 17所述的互通网关设备, 其中, 20. The interworking gateway device of claim 17, wherein
所述发送模块是设置成按如下方式将所述外部网络发送来的数据报文发 送给所述目的用户的位置标识对应的接入节点:  The sending module is configured to send the data packet sent by the external network to the access node corresponding to the location identifier of the destination user as follows:
在所述外部网络发送来的数据>¾文中增加目的地址, 该目的地址为查找 到的目的用户的位置标识, 然后将增加了目的地址的数据报文发送到该目的 地址对应的接入节点。  The destination address is added to the data sent by the external network, and the destination address is the location identifier of the discovered destination user, and then the data packet with the destination address added is sent to the access node corresponding to the destination address.
PCT/CN2011/084026 2010-12-27 2011-12-15 Method and device for external network interworking for user terminals with multiple access methods WO2012089027A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010607722.5A CN102546555B (en) 2010-12-27 2010-12-27 User terminal is when plurality of access modes and the interoperability methods of external network and equipment
CN201010607722.5 2010-12-27

Publications (1)

Publication Number Publication Date
WO2012089027A1 true WO2012089027A1 (en) 2012-07-05

Family

ID=46352525

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/084026 WO2012089027A1 (en) 2010-12-27 2011-12-15 Method and device for external network interworking for user terminals with multiple access methods

Country Status (2)

Country Link
CN (1) CN102546555B (en)
WO (1) WO2012089027A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104640064A (en) * 2013-11-08 2015-05-20 中兴通讯股份有限公司 Method and device for processing identifier and locator separation data
CN111585842B (en) * 2020-04-30 2021-08-24 烽火通信科技股份有限公司 Network quality monitoring and diagnosing method and system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801764A (en) * 2006-01-23 2006-07-12 北京交通大学 Internet access method based on identity and location separation

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7676579B2 (en) * 2002-05-13 2010-03-09 Sony Computer Entertainment America Inc. Peer to peer network communication

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801764A (en) * 2006-01-23 2006-07-12 北京交通大学 Internet access method based on identity and location separation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DONG, PING: "Study on scalable routing architecture based on indentity-locator separation mapping", CHINA DOCTORAL DISSERTATIONS FULL-TEXT DATABASE CDFD, 22 August 2009 (2009-08-22), pages 28 - 30 *
FARINACCI, D. ET AL.: "Locator/ID Separation Protocol (LISP)", DRAFT-IETF-LISP-09, 11 October 2010 (2010-10-11) *

Also Published As

Publication number Publication date
CN102546555B (en) 2015-12-16
CN102546555A (en) 2012-07-04

Similar Documents

Publication Publication Date Title
EP2477428B1 (en) Method for anonymous communication, method for registration, method and system for transmitting and receiving information
JP5335886B2 (en) Method and apparatus for communicating data packets between local networks
US8665849B2 (en) Methods and systems for implementing inter-network roam, querying and attaching network
WO2011044808A1 (en) Method and system for tracing anonymous communication
WO2017147772A1 (en) Method of transmitting information and core network access apparatus
WO2011035615A1 (en) Method, system and apparatus for transmitting data
CN102571999B (en) A kind of data transmission method, system and IAD
US10110554B2 (en) Method and apparatus for supporting mobility of user equipment
WO2011032462A1 (en) Method for data transmission and receiving, system and router thereof
WO2013060225A1 (en) System and method for acquiring user location through user bearer identifier
WO2011050676A1 (en) Anonymous communication method, registration and cancellation method, and access node
WO2011041964A1 (en) Method, network system and network access node for network device management
CN114125995A (en) Data transmission method and device
EP2477372A1 (en) Method, device and terminal for obtaining terminal identifier
WO2012089032A1 (en) Data transmission method using multiple access methods, and access device
WO2011044807A1 (en) Method for registration and communication of anonymous communication and transceiver system for data message
WO2012089027A1 (en) Method and device for external network interworking for user terminals with multiple access methods
WO2012088830A1 (en) Communication method, method and system for processing message
WO2013026299A1 (en) Address resolution method and device, and information transmission method
WO2012089030A1 (en) Method, access device and authentication device for network access by multiple access methods
WO2011120276A1 (en) Method and system for establishing connection between terminals
WO2018101452A1 (en) Communication method and relay apparatus
US9749201B2 (en) Method and system for monitoring locator/identifier separation network
CN103096461B (en) System and method of acquiring user location information
CN113498083A (en) Communication method, device and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11854230

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11854230

Country of ref document: EP

Kind code of ref document: A1