CN101030882A - Method for accessing user network management platform - Google Patents
Method for accessing user network management platform Download PDFInfo
- Publication number
- CN101030882A CN101030882A CN 200610057919 CN200610057919A CN101030882A CN 101030882 A CN101030882 A CN 101030882A CN 200610057919 CN200610057919 CN 200610057919 CN 200610057919 A CN200610057919 A CN 200610057919A CN 101030882 A CN101030882 A CN 101030882A
- Authority
- CN
- China
- Prior art keywords
- network management
- management platform
- vpn
- user network
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention features the following: setting a private network address in range of virtual private network (VPN); taking the client network management platform as a sit in the VPV; when a working station in the VPN accesses the client network management platform, according to its own private network address and the network management platform private address, the working station uses a method of accessing a sit in the VPN to access the client network management platform. By the invention, user can directly access the client network management platform from inner place of VPN where the working station locates at.
Description
Technical field
The present invention relates to virtual proprietary network technology, particularly relate to a kind of method of access customer network management platform.
Background technology
Virtual proprietary network (VPN, Virtual Private Network) is methods such as employing tunneling technique, encryption technology and authentication make up private network on public network a technology, as making up enterprise's proprietary network.For operator, public network comprises public backbone network and Provider Edge (PE, ProviderEdge) equipment; And geographical VPN member's website separated from one another is connected on the corresponding PE by customer rs premise equipment (CPE, Customer Premise Equipment), forms the VPN network by the public network of operator then.Wherein, VPN member's website is a VPN communication place just, generally is made of a plurality of teller work stations.VPN communication place is commonly called the place, and the teller work station is commonly called work station or VPN user.Because in a VPN, different work stations can utilize directly that the private net address of VPN communicates under self, so from user's angle, VPN is a proprietary network.
Fig. 1 is a typical VPN topological structure schematic diagram.As shown in Figure 1,3 places are arranged among the VPN, each place all becomes member among the VPN by vpn gateway, and vpn gateway then interconnects by the tunnel, and a plurality of places are coupled together, and forms a common VPN.Wherein, work station carries out the equipment that VPN experiences for the user, as personal computer etc.; The place is the zone that need not just can realize by vpn gateway the network interconnection intercommunication, as the local area network (LAN) in same building etc.; Vpn gateway is a network node of being responsible for the place is inserted VPN, is provider edge equipment; The tunnel is that a kind of logic on the public network infrastructure connects, and the packet that in fact sends from the source work station may need repeatedly forwarding or route through public network, could arrive the purpose work station.
If the workstation1 in the place 1 is as the source work station, with the work station in the place 22 as the purpose work station, to basic procedure that realize VPN be described with the process of source work station visit purpose work station below: the source work station with self private net address and the private net address of purpose work station respectively as source address and destination address, and the access request message that will carry source address and destination address sends to vpn gateway 1, vpn gateway 1 carries out VPN with the packet that receives to be handled, and the purpose vpn gateway address of definite this packets need arrival, be vpn gateway 2, again packet sent to vpn gateway 2 by tunnel A; Vpn gateway 2 unpacks processing with the packet that receives, and sends to the purpose work station.Then, the purpose work station is handled according to access request message, and result is returned to the source work station, and method and said process that it returns are similar, repeat no more herein.
In the prior art,, generally also comprise a user network management platform, generally comprise the miscellaneous equipment in Customer Network Management (CNM, Customer Network Management) server and the place subnet thereof in order to strengthen management to VPN.Operator provides the CNM service that dual mode is generally arranged to VPN user: a kind of is the client/server mode, and another kind is the browser/server mode.In actual applications, work station can the access customer network management platform be understood the information such as topological structure, network configuration, network state and network performance of VPN under self.
Here, the function of CNM server may be very simple, and an interface function only is provided, and all VPN data are all passed through systems such as vpn service management system, operation support system and obtained; The CNM server is the possibility more complicated also, and data such as its VPN configuration and performance are consistent with systems such as vpn service management system, operation support systems at a certain time interval or in real time; The CNM server also may be very complicated, itself is exactly systems such as operator's vpn service management system or operation support system.
In the prior art, work station generally needs by a special interface accessing user network management platform.Because user network management platform is arranged in public network, has public network address, and work station is a VPN inside network element, only has private net address.When work station needed the access customer network management platform, work station earlier sent the business request information that carries self private net address to self place vpn gateway; Vpn gateway is converted to public network address with the private net address of work station in the business request information, and amended business request information is sent to user network management platform; User network management platform is handled this business request information, and the result after will handling is carried on the service request response message and returns to vpn gateway; Vpn gateway is converted to the public network address in the service request response message private net address of work station again, and this service request response message is returned to work station.
The shortcoming of prior art is: because user network management platform is the network element in the public network, not only the work station among the VPN can the access customer network management platform, and the user in all public networks also can visit it, brings great potential safety hazard to user network management platform.In addition, because the work station among the VPN need conduct interviews to user network management platform by public network, this communication is under attack easily, is blocked, distorts and playback etc. as information.
This shows that prior art can't be by the access customer network management platform safely of the work station among the VPN.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method of access customer network management platform, to improve the fail safe of the work station access customer network management platform among the VPN.In order to achieve the above object, the technical scheme of the present invention's proposition is:
A kind of method of access customer network management platform, be the private net address in the user network management platform configuration virtual proprietary network VPN address realm, with user network management platform as a place in the VPN after, work station among the VPN is according to the private net address of user network management platform, and according to the access method in place in the visit VPN user network management platform conducted interviews.
Preferably, the work station among the described VPN is according to the private net address of user network management platform, and according to the access method in place in the visit VPN to the method that user network management platform conducts interviews is:
A, work station send to user network management platform according to the private net address of self and the private net address of user network management platform with business request information;
B, user network management platform carry out the Business Processing process, and the private net address and the private net address of work station according to self is carried on service response message with result and returns to work station again.
Preferably, describedly as the method in a place in the VPN be with user network management platform:
With vpn gateway that network management platform links to each other on be that user network management platform starts route and forwarding instance.
Preferably, the described vpn gateway that links to each other with user network management platform is: the vpn gateway among the VPN Already in perhaps is the vpn gateway of user network management platform special configuration.
Preferably, when the described vpn gateway that links to each other with user network management platform is the vpn gateway of user network management platform special configuration, the then described private net address that is in the user network management platform configuration VPN address realm, and describedly further comprising between for user network management platform startup route and forwarding instance on for the vpn gateway of the new configuration of user network management platform:
For the vpn gateway of user network management platform special configuration and Already in set up the tunnel between the one or more vpn gateways among the VPN.
Preferably, described step a is:
As destination address, as source address, and the business request information that will carry source address and destination address sends to the vpn gateway in place, work station self place with self private net address with the user network management platform private net address for a1, work station;
The vpn gateway in a2, place, work station self place carries out VPN with the business request information that receives to be handled, obtain packet, and with self public network address and be the public network address of vpn gateway of user network management platform special configuration respectively as source data packet address and destination address, according to source address and destination address packet is sent to vpn gateway into the user network management platform special configuration by the tunnel again;
A3, for the vpn gateway of user network management platform special configuration unpacks processing with the packet that receives, obtain business request information, according to the destination address in the business request information business request information is sent to user network management platform again.
Preferably, described step b is:
B1, user network management platform carry out the Business Processing process, with the private net address of work station as destination address, as source address, the service response message that will carry result, source address and destination address again sends to the vpn gateway into the user network management platform special configuration with self private net address;
B2,, handles the vpn gateway of user network management platform special configuration for carrying out VPN with the business request information that receives, obtain packet, and with the public network address of the vpn gateway in self public network address and place, work station place respectively as the source address and the destination address of packet, according to source address and destination address packet is sent to the vpn gateway in place, work station place again by the tunnel;
The vpn gateway in b3, place, work station place unpacks processing with the packet that receives, and obtains service response message, according to the destination address in the service response message service response message is sent to work station again.
Preferably, further comprise between described step a and the step b:
User network management platform is according to the user capture control information judgment task station of preserving the in advance visit of whether having the right, if having, and execution in step b then; Otherwise, direct process ends.
Preferably, described user network management platform is all devices in Customer Network Management server CNM, CNM acting server, the CNM server place subnet, perhaps is the equipment component in CNM and the place subnet.
Preferably, when described user network management platform was the CNM server, this CNM server had been for having closed transmission network layer message function, and had the CNM server that is used to connect the background support system interface.
Preferably, when described user network management platform was the CNM acting server, the method that the described user network management platform of step b carries out the Business Processing process was:
The CNM acting server sends to the CNM server with business request information, receives then by the CNM server to carry out the result that obtains after the Business Processing process.
Preferably, as described VPN during for a plurality of VPN that different business is provided, described is the interior private net address of user network management platform configuration virtual proprietary network VPN address realm, with user network management platform be as the method in a place in the VPN: for user network management platform disposes private net address in each VPN address realm respectively, and each with vpn gateway that user network management platform links to each other on be respectively user network management platform and start route and forwarding instance;
Further comprise between described step a and the step b: user network management platform is determined VPN under the work station according to business request information;
Described user network management platform carries out the Business Processing process: user network management platform is according to the situation of VPN under the work station, and carries out the Business Processing process according to business request information.
Preferably, described user network management platform is determined further to comprise between VPN under the work station and the step b according to business request information:
User network management platform is according to the user capture control information judgment task station of preserving the in advance visit of whether having the right, if having, and execution in step b then; Otherwise, direct process ends.
In sum, the method of a kind of access customer network management platform that the present invention proposes, owing to the private net address that has disposed to user network management platform in the VPN address realm, can make work station in the VPN need not to reach the purpose of secure access user network management platform through public network direct access customer network management platform just.
Description of drawings
Fig. 1 is the topological structure schematic diagram of typical virtual proprietary network;
Fig. 2 is the present invention program's a flow chart;
Fig. 3 is a flow chart of using the present invention program's embodiment one;
Fig. 4 is a network topology structure schematic diagram of using the present invention program's embodiment two;
Fig. 5 is a flow chart of using the present invention program's embodiment two;
Fig. 6 is a network topology structure schematic diagram of using the present invention program's embodiment three;
Fig. 7 is a flow chart of using the present invention program's embodiment three.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with the accompanying drawings and the specific embodiments.
Basic thought of the present invention is: be the private net address in user network management platform configuration virtual proprietary network (VPN) address realm, with user network management platform as a place in the VPN, when the work station among the VPN is wanted the access customer network management platform, work station utilizes the private net address of network management platform, and user network management platform is directly conducted interviews as a place in the VPN.
Fig. 2 is the flow chart that the present invention program realizes the access customer network platform.As shown in Figure 2, the present invention includes following steps:
Step 201: be the private net address in the user network management platform configuration VPN address realm, and with user network management platform as a place in the VPN.
Work station among the step 202:VPN is according to the private net address of user network management platform, and according to the access method in place in the visit VPN user network management platform conducted interviews.
In the present invention, user network management platform refers to network element or the subnet that Customer Network Management (CNM) service is provided that the work station among the VPN can have access to.User network management platform can be a CNM server, can be all devices in the subnet at CNM server place, can also be the equipment component in CNM server and the place, place.But no matter be which kind of situation, all should be for user network management platform dispose private net address in the VPN address realm, as long as existing private net address does not conflict mutually among the private net address that is disposed and the VPN.If user network management platform is the CNM server, then only need be CNM server configuration private net address; If user network management platform is all devices in the place, CNM server place, then needing is that all devices that comprises the CNM server disposes private net address respectively; And if CNM server and other parts equipment then need to be CNM server and other parts equipment disposition private net address.
Among the present invention, user network management platform is added among the VPN, be: be the interior private net address of user network management platform configuration VPN address realm earlier as the method in a place among the VPN; Utilize vpn gateway that user network management platform is inserted VPN again, promptly user network management platform need link to each other with a vpn gateway; Afterwards, with vpn gateway that user network management platform links to each other on be that user network management platform starts route and forwarding instance.Like this, this user network management platform can become a place among the VPN, can directly be visited by the work station in other place of VPN.
Wherein, it can be the vpn gateway among the VPN Already in that user network management platform is inserted vpn gateway among the VPN, also can be to be the vpn gateway of user network management platform configuration specially.If adopt the vpn gateway among the VPN Already in that user network management platform is inserted among the VPN, so because a vpn gateway can be with among the place access VPN, also can simultaneously a plurality of places be inserted among the VPN, be that a plurality of places can a shared vpn gateway, so, only need be in VPN Already in and with vpn gateway that user network management platform links to each other on for user network management platform startup route and forwarding instance, just user network management platform can be inserted among the VPN.If being adopted as user network management platform special configuration vpn gateway inserts user network management platform among the VPN, just need between the vpn gateway of this special configuration and other one or more vpn gateways, set up the tunnel, and on the vpn gateway of special configuration for user network management platform starts route and forwarding instance, just user network management platform can be inserted among the VPN.
Among the present invention, set up logic in fact exactly connect between vpn gateway setting up the tunnel between the vpn gateway, the source vpn gateway just can send to the purpose vpn gateway with packet by the logic connection of setting up.Afterwards, when with vpn gateway that user network management platform links to each other on start route and forwarding instance for user network management platform after, if this vpn gateway receives by user network management platform and sends or when sending to the packet of network management platform by other network node, this vpn gateway just can be automatically according to the routing forwarding packet of realizing setting.In addition, forwarding instance is exactly an example realizing transmitting the packet function, can be a process, a thread, or be the combination of a plurality of processes and thread, be used for handling the route from the issue of VPN interior nodes, packet is transmitted between the different place in the tunnel that utilizes the route that obtains and foundation in VPN.
In the present invention, described VPN can provide a VPN of certain business service, also can provide a plurality of VPN of different business.In general, separate between a plurality of VPN, but can be simultaneously by a user network management platform service.
In addition, described in the present invention business request information and service response message are the general names that work station is realized the message of access customer network management platform.In actual applications, business request information can be inquiry request message and query response message etc., is the concrete message name relevant with practical business.
Embodiment one
The network topology structure figure that uses the present invention program's embodiment one still can be with reference to figure 1.As shown in Figure 1, a VPN is arranged in the present embodiment, this VPN comprises 3 places, is respectively place 1 to place 3; Interconnect by the tunnel between the place, be respectively tunnel A to tunnel C; Some work stations are arranged in each place, and all disposed the private net address that does not conflict mutually, work station can be visited mutually by private net address.
User network management platform in the present embodiment is a CNM server, and this CNM server directly links to each other with vpn gateway 1 among the VPN Already in.In order to realize the purpose of work station, at first the CNM server should be added VPN, as a place among the VPN from VPN inter access CNM server.In the present embodiment, the method that the CNM server is added VPN is: for the private net address in VPN address realm of CNM server configuration, be CNM startup of server route and forwarding instance again on vpn gateway 1.
Fig. 3 has shown the flow chart of present embodiment.As shown in Figure 3, when the workstation1 in the place 1 will be visited the CNM server, present embodiment may further comprise the steps:
Step 301: the workstation1 in the place 1 with self private net address and the private net address of CNM server respectively as source address and destination address, and the business request information that will carry source address and destination address sends to gateway 1.
Step 302:VPN gateway 1 directly is transmitted to business request information the CNM server.
In the present embodiment, place 1 is connected with same vpn gateway with the CNM server, after vpn gateway 1 receives business request information, can determine the place of CNM server according to the routing iinformation of prior acquisition, so can directly business request information be sent to the CNM server for self.
Step 303:CNM server judges according to the user capture control information whether the workstation1 in the place 1 has the right to visit, if having, then execution in step 404; Otherwise, withdraw from this flow process.
In the present embodiment, the user capture control information is the information that the CNM server is used for the user is carried out authentication, can be kept in the CNM server in advance, also can be kept in the miscellaneous equipment in place, CNM server place, when work station visit CNM server, from this equipment, extract the user capture control information by the CNM server again.In general, the user capture control information can be the user ID of expression work station identity.
In the present embodiment, when CNM discovering server user haves no right to visit, just direct process ends.In actual applications, the CNM server also can be after the user returns the message of having no right to visit and so on, again process ends.
This business request information of step 304:CNM server process, and obtain result.
In actual applications, CNM server process business request information is relevant with concrete business, and each business has different processing procedures, and the CNM server will be carried out different Business Processing processes according to the different business request message.Such as: business request information is a STATUS ENQUIRY message, and then the CNM server obtains the relevant information that records the network current state according to STATUS ENQUIRY message, and with these information as result.
Step 305:CNM server with self private net address and the private net address of the workstation1 in the place 1 respectively as source address and destination address, and result, source address and destination address be carried on service response message send to gateway 1.
Step 306:VPN gateway 1 directly is transmitted to service response message the workstation1 in place 1.
Use present embodiment, the workstation1 in place 1 can be from the inner directly visit of VPN CNM server.Other work station in the place 1 also can be visited the CNM server as workstation1, and the difference of the method for the visit of the work station in other place of VPN CNM server and place 1 visit CNM server method is: the vpn gateway in other place can not directly be transmitted to business request information the CNM server, but need arrive vpn gateway 1 by the tunnel, by vpn gateway 1 business request information is sent to the CNM server again.
In actual applications, also can be vpn gateway of CNM server special configuration, and the CNM server be inserted among the VPN by this new vpn gateway.In this case, the method for CNM server adding VPN is: be CNM configuration private net address; To set up the tunnel between vpn gateway that newly disposes and the vpn gateway that has existed; On the vpn gateway of new configuration is CNM startup of server route and forwarding instance.Like this, any one work station can visit the CNM server by the tunnel among the VPN.
In the present embodiment, though have only the CNM server to add VPN, the subnet at CNM server place still has miscellaneous equipment and exists.For easy, the miscellaneous equipment of the CNM server place subnet that do not draw among Fig. 3.In actual applications, if do not allow the miscellaneous equipment in the subnet of work station visit CNM server place, then can on the CNM server, increase an interface, this interface can be used to realize the communication of CNM server and background system, closes the function of CNM server forwards from the network layer message then.Like this, the CNM server can obtain the information relevant with VPN from miscellaneous equipment by this interface, and the work station among the VPN can't have access to the miscellaneous equipment in the subnet of CNM server place.Wherein, the interface that increases at the CNM server can be a physical interface, also can be a logic interfacing.
In the present embodiment, have only the CNM server to add VPN, and in the practical application, also the part or all of equipment of CNM place subnet can be added VPN.Similar in the method that the part or all of equipment of CNM place subnet adds VPN and the present embodiment needs only to each need add the equipment disposition private net address of VPN, and do not conflict with other private net address and get final product in this address.Like this, the work station among the VPN not only can be visited the CNM server, can also visit the miscellaneous equipment in the subnet of CNM server place.
Embodiment two
Fig. 4 is the network topology structure figure of present embodiment.Present embodiment has added a plurality of VPN with user network management platform.In order not influence each other between a plurality of VPN, user network management platform is to isolating between a plurality of VPN, and the tunnel among promptly a plurality of VPN is different.In the present embodiment, user network management platform adds 3 VPN simultaneously, is respectively VPN1 to VPN3.In the present embodiment, user network management platform not only comprises the CNM server, also comprises all miscellaneous equipments in its place subnet, so, in the present embodiment, not only for the CNM server has disposed private net address, and also disposed private net address respectively for the miscellaneous equipment in its place subnet.Owing in the present embodiment 3 different VPN are arranged, so the miscellaneous equipment of CNM server and place subnet all has 3 private net addresses respectively, each private net address belongs to the address in the different VPN address realm respectively.In addition, present embodiment has been user network management platform special configuration vpn gateway 4 is used for user network management platform is inserted VPN1 to VPN3.
In the present embodiment, user network management platform is inserted VPN1 to VPN3, method as VPN1 to VPN3 is respectively: set up 3 different tunnels respectively for user network management platform adds 3 VPN between vpn gateway 4 and vpn gateway 1, and the situation according to VPN1 to VPN3 is that user network management platform starts route and forwarding instance respectively on vpn gateway 4.
In actual applications, when user network management platform adds certain VPN, can with among vpn gateway 4 and this VPN other any one or a plurality of vpn gateway between set up the tunnel, and be not only vpn gateway 1.
Fig. 5 has shown the flow chart of present embodiment.Simple in order to narrate, present embodiment hypothesis VPN1 is identical with VPN among the embodiment.As shown in Figure 5, when the workstation1 in place among the VPN1 1 was wanted the CNM server of access customer network management platform, present embodiment may further comprise the steps:
Among the step 501:VPN1 workstation1 in place 1 with self private net address and the private net address of CNM server respectively as source address and destination address, and the business request information that will carry source address and destination address sends to gateway 1.
Step 502:VPN gateway 1 carries out VPN with business request information to be handled, obtain packet, and with the public network address of self public network address and vpn gateway 4 respectively as source data packet address and destination address, according to source address and destination address packet is sent to vpn gateway 4 by tunnel D again.
In this step, VPN handles the processing of in fact exactly message being packed, and is about to business request information and is packaged into packet.
Step 503: gateway 4 unpacks processing with the packet that receives, and obtains business request information, and sends to the CNM server according to the destination address in the business request information.
Step 504:CNM server determines that the VPN at the work station place of transmission business request information is VPN1.
Step 505:CNM server judges according to the user capture control information whether the workstation1 in place 1 among the VPN1 has the right to visit, if having, then execution in step 506; Otherwise, withdraw from this flow process.
In the present embodiment, the user capture control information is the information that the CNM server is used for the user is carried out authentication, can be kept in the CNM server in advance, also can be kept in the miscellaneous equipment in place, CNM server place, when work station visit CNM server, from this equipment, extract the user capture control information by the CNM server again.In general, the user capture control information can be the user ID of expression work station identity.
In the present embodiment, when CNM discovering server user haves no right to visit, just direct process ends.In actual applications, the CNM server also can be after the user returns the message of having no right to visit and so on, again process ends.
Step 506:CNM server is handled business request information according to work station VPN1, and obtains result.
In the present embodiment, user network management platform belongs to the place among a plurality of VPN, and same user network management platform can provide business service for a plurality of VPN simultaneously.But it should be noted that a plurality of VPN are independently each other, user network management platform need determine which VPN the work station that sends business request information belongs to, and then according to affiliated VPN business request information is handled.
Step 507:CNM server with self private net address and VPN1 in the private net address of workstation1 in place 1 respectively as source address and destination address, and result, source address and destination address be carried on service response message send to gateway 4.
Step 508: gateway 4 carries out VPN with service response message to be handled, the packet that obtains, and with the public network address of self public network address and vpn gateway 1 respectively as the source address and the destination address of packet, according to source address and destination address packet is sent to vpn gateway 1 by tunnel D again.
Step 509:VPN gateway 1 unpacks processing with the packet that receives, and obtains service response message, and sends to the workstation1 in place 1 among the VPN1 according to the destination address in the service response message.
Use the method for present embodiment, the workstation1 in VPN1 place 1 can utilize tunneling technique directly to visit the CNM server from VPN inside.Certainly, other work station in the place 1 also can utilize tunnel D visit CNM server as working 1, and the work station in the place 2 then needs to utilize tunnel E to visit the CNM server.Though the vpn gateway 3 at 3 places, place is not set up the tunnel with vpn gateway 4, can transmit by vpn gateway 1 or vpn gateway 2, so, also can visit the CNM server.Work station among VPN2 and the VPN3 can be visited the CNM server equally, and its method is similar, repeats no more herein.Certainly, work station not only can be visited the CNM server, can also visit the miscellaneous equipment of CNM server place subnet.
The same with embodiment one, in actual applications, if user network management platform is closer from some vpn gateways on the geographical position, also can not be the special vpn gateway of its configuration, and directly link to each other with certain vpn gateway, on this vpn gateway, start route again and forwarding instance gets final product for user network management platform.
Embodiment three
Fig. 6 is the network topology structure figure of present embodiment.As shown in Figure 6, present embodiment has a VPN, and this VPN comprises 3 places, is respectively place 1 to place 3; Each place connects by the tunnel, and this tunnel is respectively tunnel A to tunnel C; Each place comprises some work stations, all disposes the private net address in this VPN address realm.Present embodiment also comprises the miscellaneous equipment of a CNM server, CNM acting server and CNM server place subnet.For easy, the miscellaneous equipment in the subnet of CNM server place does not draw in Fig. 6.In the present embodiment, the miscellaneous equipment in CNM server itself and its place subnet does not add VPN, but the acting server of CNM server is added among the VPN, has only disposed the private net address of VPN for the acting server of CNM server.In the present embodiment, CNM acts on behalf of existing private net address also public network address, and the CNM server itself has only public network address.In addition, the present embodiment vpn gateway 4 that also has been CNM acting server special configuration is set up tunnel D between vpn gateway 4 and vpn gateway 1, and is that the CNM acting server starts route and forwarding instance on vpn gateway 4.
Fig. 7 has shown the flow chart of present embodiment.When the workstation1 in place 1 will be visited CNM server device, present embodiment may further comprise the steps:
Step 701: the workstation1 in place 1 with self private net address and the private net address of CNM acting server respectively as source address and destination address, and the business request information that will carry source address and destination address sends to gateway 1.
Step 702:VPN gateway 1 carries out VPN with business request information to be handled, obtain packet, and with the public network address of self public network address and vpn gateway 4 respectively as source data packet address and destination address, according to source address and destination address packet is sent to vpn gateway 4 by tunnel D again.
Step 703: gateway 4 unpacks processing with the packet that receives, and obtains business request information, and sends to the CNM acting server according to the destination address in the business request information.
Step 704:CNM acting server sends to the CNM server according to the public network address of self and the public network address of CNM server with business request information.
Step 705:CNM server judges according to the user capture control information whether the workstation1 in place 1 has the right to visit, if having, then execution in step 706; Otherwise, withdraw from this flow process.
Step 706:CNM server carries out the Business Processing process, obtains result, and according to the public network address of self and the public network address of CNM acting server, the service response message that carries result is sent to the CNM acting server.
Step 707:CNM acting server as source address, as destination address, and is carried on the private net address of the workstation1 in place 1 self private net address service response message with source address, destination address and result and sends to vpn gateway 4.
Step 708:VPN gateway 4 carries out VPN with service response message to be handled, the packet that obtains, and with the public network address of self public network address and vpn gateway 1 respectively as the source address and the destination address of packet, according to source address and destination address packet is sent to vpn gateway 1 by tunnel D again.
Step 709:VPN gateway 1 unpacks processing with the packet that receives, and obtains service response message, and sends to the workstation1 in place 1 among the VPN1 according to the destination address in the service response message.
Use present embodiment, work station can reach the purpose that visits user network management platform from VPN inside by the CNM acting server.
The present invention program is applicable to the VPN based on PE, comprises link layer VPN and network layer VPN.
In sum, more than be preferred embodiment of the present invention only, be not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (13)
1, a kind of method of access customer network management platform, it is characterized in that, be the private net address in the user network management platform configuration virtual proprietary network VPN address realm, with user network management platform as a place in the VPN after, work station among the VPN is according to the private net address of user network management platform, and according to the access method in place in the visit VPN user network management platform conducted interviews.
2, method according to claim 1 is characterized in that, the work station among the described VPN is according to the private net address of user network management platform, and according to the access method in place in the visit VPN to the method that user network management platform conducts interviews is:
A, work station send to user network management platform according to the private net address of self and the private net address of user network management platform with business request information;
B, user network management platform carry out the Business Processing process, and the private net address and the private net address of work station according to self is carried on service response message with result and returns to work station again.
3, method according to claim 2 is characterized in that, describedly with user network management platform as the method in a place in the VPN is:
With vpn gateway that network management platform links to each other on be that user network management platform starts route and forwarding instance.
4, method according to claim 3 is characterized in that, the described vpn gateway that links to each other with user network management platform is: the vpn gateway among the VPN Already in perhaps is the vpn gateway of user network management platform special configuration.
5, method according to claim 4, it is characterized in that, when the described vpn gateway that links to each other with user network management platform is the vpn gateway of user network management platform special configuration, the then described private net address that is in the user network management platform configuration VPN address realm, and describedly further comprising between for user network management platform startup route and forwarding instance on for the vpn gateway of the new configuration of user network management platform:
For the vpn gateway of user network management platform special configuration and Already in set up the tunnel between the one or more vpn gateways among the VPN.
6, method according to claim 5 is characterized in that, described step a is:
As destination address, as source address, and the business request information that will carry source address and destination address sends to the vpn gateway in place, work station self place with self private net address with the user network management platform private net address for a1, work station;
The vpn gateway in a2, place, work station self place carries out VPN with the business request information that receives to be handled, obtain packet, and with self public network address and be the public network address of vpn gateway of user network management platform special configuration respectively as source data packet address and destination address, according to source address and destination address packet is sent to vpn gateway into the user network management platform special configuration by the tunnel again;
A3, for the vpn gateway of user network management platform special configuration unpacks processing with the packet that receives, obtain business request information, according to the destination address in the business request information business request information is sent to user network management platform again.
7, method according to claim 6 is characterized in that, described step b is:
B1, user network management platform carry out the Business Processing process, with the private net address of work station as destination address, as source address, the service response message that will carry result, source address and destination address again sends to the vpn gateway into the user network management platform special configuration with self private net address;
B2,, handles the vpn gateway of user network management platform special configuration for carrying out VPN with the business request information that receives, obtain packet, and with the public network address of the vpn gateway in self public network address and place, work station place respectively as the source address and the destination address of packet, according to source address and destination address packet is sent to the vpn gateway in place, work station place again by the tunnel;
The vpn gateway in b3, place, work station place unpacks processing with the packet that receives, and obtains service response message, according to the destination address in the service response message service response message is sent to work station again.
8, according to each described method of claim 2 to 7, it is characterized in that, further comprise between described step a and the step b:
User network management platform is according to the user capture control information judgment task station of preserving the in advance visit of whether having the right, if having, and execution in step b then; Otherwise, direct process ends.
9, according to each described method of claim 2 to 7, it is characterized in that, described user network management platform is all devices in Customer Network Management server CNM, CNM acting server, the CNM server place subnet, perhaps is the equipment component in CNM and the place subnet.
10, method according to claim 9, it is characterized in that, when described user network management platform was the CNM server, this CNM server had been for having closed transmission network layer message function, and had the CNM server that is used to connect the background support system interface.
11, method according to claim 9 is characterized in that, when described user network management platform was the CNM acting server, the method that the described user network management platform of step b carries out the Business Processing process was:
The CNM acting server sends to the CNM server with business request information, receives then by the CNM server to carry out the result that obtains after the Business Processing process.
12, according to each described method of claim 2 to 7, it is characterized in that, as described VPN during for a plurality of VPN that different business is provided, described is the interior private net address of user network management platform configuration virtual proprietary network VPN address realm, with user network management platform be as the method in a place in the VPN: for user network management platform disposes private net address in each VPN address realm respectively, and each with vpn gateway that user network management platform links to each other on be respectively user network management platform and start route and forwarding instance;
Further comprise between described step a and the step b: user network management platform is determined VPN under the work station according to business request information;
Described user network management platform carries out the Business Processing process: user network management platform is according to the situation of VPN under the work station, and carries out the Business Processing process according to business request information.
13, method according to claim 12 is characterized in that, described user network management platform is determined further to comprise between VPN under the work station and the step b according to business request information:
User network management platform is according to the user capture control information judgment task station of preserving the in advance visit of whether having the right, if having, and execution in step b then; Otherwise, direct process ends.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200610057919XA CN100490393C (en) | 2006-02-27 | 2006-02-27 | Method for accessing user network management platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200610057919XA CN100490393C (en) | 2006-02-27 | 2006-02-27 | Method for accessing user network management platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101030882A true CN101030882A (en) | 2007-09-05 |
| CN100490393C CN100490393C (en) | 2009-05-20 |
Family
ID=38715979
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB200610057919XA Expired - Fee Related CN100490393C (en) | 2006-02-27 | 2006-02-27 | Method for accessing user network management platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100490393C (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102196009A (en) * | 2010-03-19 | 2011-09-21 | 华为软件技术有限公司 | Method for logging on network, server and client |
| WO2013117172A1 (en) * | 2012-02-09 | 2013-08-15 | 华为技术有限公司 | Private network address allocation method, device, and system |
| CN109688000A (en) * | 2018-12-13 | 2019-04-26 | 四川天邑康和通信股份有限公司 | Method that is a kind of while accessing multiple NM server platforms |
| CN110024327A (en) * | 2016-09-02 | 2019-07-16 | 诺基亚技术有限公司 | For providing cognitive function in cognition network management system and promoting the method and apparatus of management |
| CN110266715A (en) * | 2019-06-28 | 2019-09-20 | 深圳前海微众银行股份有限公司 | Strange land accesses method, apparatus, equipment and computer readable storage medium |
| CN112671843A (en) * | 2020-12-08 | 2021-04-16 | 车智互联(北京)科技有限公司 | Data request method, system and computing device |
-
2006
- 2006-02-27 CN CNB200610057919XA patent/CN100490393C/en not_active Expired - Fee Related
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102196009A (en) * | 2010-03-19 | 2011-09-21 | 华为软件技术有限公司 | Method for logging on network, server and client |
| CN102196009B (en) * | 2010-03-19 | 2015-01-21 | 华为软件技术有限公司 | Method for logging on network, server and client |
| WO2013117172A1 (en) * | 2012-02-09 | 2013-08-15 | 华为技术有限公司 | Private network address allocation method, device, and system |
| CN110024327A (en) * | 2016-09-02 | 2019-07-16 | 诺基亚技术有限公司 | For providing cognitive function in cognition network management system and promoting the method and apparatus of management |
| CN110024327B (en) * | 2016-09-02 | 2022-05-24 | 诺基亚技术有限公司 | Method and apparatus for providing cognitive functions and facilitating management |
| US11349725B2 (en) | 2016-09-02 | 2022-05-31 | Nokia Technologies Oy | Method and apparatus for providing cognitive functions and facilitating management in cognitive network management systems |
| CN109688000A (en) * | 2018-12-13 | 2019-04-26 | 四川天邑康和通信股份有限公司 | Method that is a kind of while accessing multiple NM server platforms |
| CN109688000B (en) * | 2018-12-13 | 2022-06-14 | 四川天邑康和通信股份有限公司 | Method for simultaneously accessing multiple IPTV network management server platforms |
| CN110266715A (en) * | 2019-06-28 | 2019-09-20 | 深圳前海微众银行股份有限公司 | Strange land accesses method, apparatus, equipment and computer readable storage medium |
| CN112671843A (en) * | 2020-12-08 | 2021-04-16 | 车智互联(北京)科技有限公司 | Data request method, system and computing device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100490393C (en) | 2009-05-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2357281C2 (en) | Virtual broadcasting network for inter-domain connection | |
| RU2533063C2 (en) | Method to establish connection (versions), method to transfer data packet and system of remote access | |
| JP4708376B2 (en) | Method and system for securing access to a private network | |
| CN1838638A (en) | VPN data forwarding method and VPN device for data forwarding | |
| CN101040496A (en) | VPN gateway device and hosting system | |
| CN1645813A (en) | System and method for managing a proxy request over a secure network using inherited security attributes | |
| KR101650831B1 (en) | Ip packet processing method and apparatus, and network system | |
| CN1756234A (en) | Server, VPN client, VPN system, and software | |
| EP2223549B1 (en) | Enabling provider network inter-working with mobile access | |
| CN1855926A (en) | Method and system for contributing DHCP addresses safely | |
| CN1744521A (en) | Network equipment management method and network management system | |
| CN101030882A (en) | Method for accessing user network management platform | |
| CN1620034A (en) | Identification gateway and its data treatment method | |
| CN1731740A (en) | Network device management method and network management system | |
| CN1501659A (en) | Communication device, edge router device, server device, communication system and communication method | |
| CN1921441A (en) | Method and device for message transfer of virtual private local area network | |
| CN1297105C (en) | Method for implementing multirole main machine based on virtual local network | |
| CN1199405C (en) | Enterprise external virtual special network system and method using virtual router structure | |
| CN107659930A (en) | A kind of AP connection control methods and device | |
| CN1625136A (en) | Connection control system, connection control device and connection managing device | |
| CN1647486A (en) | Device for managing data filters | |
| CN1759381A (en) | Internet secure communication device and communication method | |
| CN1767493A (en) | System and method for realizing VOIP service crossing LAN | |
| CN101043410A (en) | Method and system for realizing mobile VPN service | |
| CN1617541A (en) | Realizing method for virtual special dial network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090520 Termination date: 20180227 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |