CN101355489B - User management method based on dynamic host configuration protocol prefix proxy - Google Patents
User management method based on dynamic host configuration protocol prefix proxy Download PDFInfo
- Publication number
- CN101355489B CN101355489B CN2007101304818A CN200710130481A CN101355489B CN 101355489 B CN101355489 B CN 101355489B CN 2007101304818 A CN2007101304818 A CN 2007101304818A CN 200710130481 A CN200710130481 A CN 200710130481A CN 101355489 B CN101355489 B CN 101355489B
- Authority
- CN
- China
- Prior art keywords
- router
- identification information
- prefix
- proxy
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a user management method based on dynamic host configuration protocol (DHCP) prefix proxy, comprising the following steps: (1) a proxy router acquires identification information of a request router, wherein the identification information is corresponding to an IPv6 address prefix; (2) the proxy router carries out certification, authorization and charging for a user according to the identification information; and (3) the proxy router applies a control strategy to a proxy user according to the IPv6 address prefix. The user management method realizes user management which uses DHCP prefix proxy and is based on the IPv6 address prefix, and is convenient for developing IPv6 access services.
Description
Technical field
The present invention relates to network communications technology field, relate more specifically to a kind of user management method based on dynamic host configuration protocol prefix proxy.
Background technology
DHCP (Dynamic Host Configuration Protocol, DHCP) prefix proxy provides a kind of use DHCP agreement to come the mechanism of automatic Agent IP v6 (Internet Protocol, internet protocol version 6) address prefix.By this mechanism, the IPv6 address prefix can be acted on behalf of to the request router from agent router, the request router can generate longer prefix to acting on behalf of the address prefix that comes in its network, and acts on behalf of once more, perhaps distributes to the miscellaneous equipment in its network.Agent router does not need to know the network topology at request router place.Agent router is a router of taking on Dynamic Host Configuration Protocol server, the response prefix request, and it is provider's edge device normally, as NAS (Network Access Server, network access server); The request router is a router of taking on dhcp client, the request prefix assignment, and it is ustomer premises access equipment normally, as customer router.Provider's edge device can be ustomer premises access equipment agency and managing I Pv6 address prefix automatically like this, makes things convenient for carrying out of IPv6 access.
The signaling process of DHCP prefix proxy as shown in Figure 1, concrete steps are as follows:
Along with the IPv6 network begins to dispose, operator begins progressively to provide IPv6 access service to the user.By previously described DHCP prefix proxy mechanism, ISP (ISP) can automatically act on behalf of the user network to IPv6 to the IPv6 address prefix, the address prefix that comes of assignment agent voluntarily again in IPv6 user network inside conveniently provides the IPv6 access service.But the management to DHCP user all is based on the management of IP address user at present, does not also form standard at present for the user management method based on the IPv6 address prefix, so can not support carrying out of IPv6 access service well.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of user management method based on dynamic host configuration protocol prefix proxy, has realized using the user management based on the IPv6 address prefix of DHCP prefix proxy, makes things convenient for carrying out of IPv6 access service.
For addressing the above problem, the invention provides a kind of user management method based on dynamic host configuration protocol prefix proxy, may further comprise the steps:
(1) agent router obtains asking the identification information of router, and described identification information is corresponding with the IPv6 address prefix;
(2) agent router carries out authentication according to described identification information to the user;
(3) agent router is according to the user applying control strategy of IPv6 address prefix to the agency.
User management method based on dynamic host configuration protocol prefix proxy of the present invention, wherein, in step (1), the method for the DHCP protocol massages that described agent router receives by inspection obtains asking the identification information of router.
User management method based on dynamic host configuration protocol prefix proxy of the present invention, wherein, the identification information of described request router comprises: be included in circuit identifier among the Option 82 in the DHCP message and/or distal marker, agent circuit sign and/or act on behalf of distal marker, be included in Option 60, the source MAC in the DHCP message, the source IP address in the message in the DHCP message or receive the interface identifier of message.
User management method based on dynamic host configuration protocol prefix proxy of the present invention, wherein, the interface identifier of described reception message comprises VLAN, asynchronous transfer mode, virtual path/Virtual Channel or port-mark.
User management method based on dynamic host configuration protocol prefix proxy of the present invention, wherein, in step (2), agent router passes to aaa server with described identification information, authenticates, authorizes and charge by aaa server.
User management method based on dynamic host configuration protocol prefix proxy of the present invention, wherein, the aaa protocol attribute by aaa protocol attribute or expansion carries described identification information and passes to aaa server.
User management method based on dynamic host configuration protocol prefix proxy of the present invention, wherein, described aaa protocol attribute comprises NAS-Port-Id, NAS-Port, RADIUS or Diameter.
User management method based on dynamic host configuration protocol prefix proxy of the present invention, wherein, step (3) further comprises: agent router is with the session of IPv6 address prefix identifying user.
User management method based on dynamic host configuration protocol prefix proxy of the present invention, wherein, in step (3), described control strategy comprises traffic policy or quality of service policy.
Adopt the method for the invention, compared with prior art, realized using the user management based on the IPv6 address prefix of DHCP prefix proxy, make things convenient for carrying out of IPv6 access service.
Description of drawings
Fig. 1 is the signaling process figure of existing DHCP prefix proxy;
Fig. 2 be the described method of the embodiment of the invention based on the structure chart of network configuration;
Fig. 3 be the described method of the embodiment of the invention based on the signaling process figure of DHCP prefix proxy;
Fig. 4 is the operational flowchart of the described method of the embodiment of the invention.
Embodiment
The present invention is in order to solve the drawback that conventional solution exists, further set forth a kind of user management method of the present invention by following examples based on dynamic host configuration protocol prefix proxy, below embodiment is described in detail, but not as a limitation of the invention.
As shown in Figure 2, the described method of the embodiment of the invention based on the structure chart of network configuration, this network configuration comprises that main frame 21, home gateway 22, DSLAM 23 (Digital Subscriber LineAccess Multiplexer, Digital Subscriber Line Access Multiplexer), network access server NAS 24, Internet (internet) 25 and AAA (authentication) server 26 constitute.Wherein, home gateway 22 has DHCP request router feature, and NAS24 has the DHCP proxy router feature, and DSLAM 23 is the access nodes between home gateway 22 and the NAS 24, and aaa server 26 has authentication and accounting server function.
In the present embodiment, with request router corresponding equipment be home gateway 22, with the agent router corresponding equipment be NAS 24.
The described method of the embodiment of the invention based on the DHCP prefix proxy signaling process as shown in Figure 3, concrete steps are as follows:
Step 38, last home gateway comes the prefix of acting on behalf of of the request of giving back to NAS by release message.
As shown in Figure 4, the embodiment of the invention said method comprising the steps of:
In the present embodiment, with request router corresponding equipment be home gateway, with the agent router corresponding equipment be NAS.
In this step, the method for the DHCP protocol massages that NAS receives by inspection obtains the identification information of home gateway.The identification information of home gateway comprises following content:
1) is included in circuit identifier (Circuit-id) and/or distal marker (Remote-id) among the Option (option) 82 in the DHCP message, agent circuit sign (Agent Circuit-id) and/or act on behalf of distal marker (Agent Remote-id);
2) be included in Option 60 in the DHCP message;
3) the source MAC in the DHCP message (Media Access Control, medium access control) address;
4) source IP address in the message;
5) interface identifier of reception message, as VLAN Id (Virtual Local Area Network, VLAN), ATM (Asynchronous Transfer Mode, asynchronous transfer mode) VPI/VCI (Virtual Path Identifier/Virtual Channel Identifier, virtual path/Virtual Channel), port-mark etc.
As shown in Figure 3, the method for the imploring protocol massages of DHCP that receives by inspection of NAS 40 obtains the above-mentioned identification information of home gateway 20.
In this step, NAS is described identification information part or all as authentification of user and charge information, can carry out local authentication, mandate and charging, perhaps these information are passed to AAA (Authentication, Authorization and Accounting, authentication is authorized and charging) server, carry out authentication by aaa server.The method that described identification information is passed to aaa server is to carry described identification information and pass to aaa server by existing aaa protocol attribute or by the aaa protocol attribute that expands.Existing aaa protocol attribute includes but not limited to NAS-Port-Id or NAS-Port.Aaa protocol comprises RADIUS (Remote Authentication Dial In User Service, remote customer dialing authentication system), Diameter (diameter is the upgraded version of radius protocol) agreement.
As shown in Figure 3, NAS receives the imploring message of DHCP, and after obtaining the identification information of home gateway, send the authentication request packet of the identification information that is comprising home gateway to aaa server, after the aaa server authentication is passed through, comprising the authentication of acting on behalf of prefix information to the NAS response and accepting message, the prefix of acting on behalf of that NAS will obtain is again acted on behalf of to home gateway by the messages such as issue of DHCP.After prefix proxy was given home gateway, NAS 40 notice aaa servers chargeed and begin.Home gateway discharge by DHCP message give back act on behalf of prefix after, NAS notice aaa server charges and finishes.
In this step, NAS according to agency prefix come to agency user's applying control strategy.Wherein, NAS comes the identifying user session with agency's prefix, and comes applying control strategy with agency's prefix, and described control strategy can be traffic policy or QoS (Quality of Service, service quality) strategy etc.
As shown in Figure 3, when carrying out transfer of data between NAS and home gateway, NAS identifies session between them for the address prefix of home gateway according to the agency, and comes applying control strategy with this.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art can make various corresponding changes and modification according to the present invention, but these corresponding changes and modification all should belong to the protection range of the appended claim of the present invention.
Claims (7)
1. the user management method based on dynamic host configuration protocol prefix proxy is characterized in that, may further comprise the steps:
(1) agent router obtains asking the identification information of router, and described identification information is corresponding with the IPv6 address prefix; The method of the DHCP protocol massages that described agent router receives by inspection obtains asking the identification information of router; The identification information of described request router comprises: be included in circuit identifier among the Option 82 in the DHCP message and/or distal marker, agent circuit sign and/or act on behalf of distal marker, be included in Option 60, the source MAC in the DHCP message, the source IP address in the message in the DHCP message or receive the interface identifier of message;
(2) agent router carries out authentication according to described identification information to the user;
(3) agent router is according to the user applying control strategy of IPv6 address prefix to the agency.
2. method according to claim 1 is characterized in that the interface identifier of described reception message comprises VLAN, asynchronous transfer mode, virtual path/Virtual Channel or port-mark.
3. method according to claim 1 is characterized in that, in step (2), agent router passes to aaa server with described identification information, authenticates, authorizes and charge by aaa server.
4. method according to claim 3 is characterized in that, the aaa protocol attribute by aaa protocol attribute or expansion carries described identification information and passes to aaa server.
5. method according to claim 4 is characterized in that, described aaa protocol attribute comprises NAS-Port-Id, NAS-Port, RADIUS or Diameter.
6. method according to claim 1 is characterized in that, step (3) further comprises: agent router is with the session of IPv6 address prefix identifying user.
7. method according to claim 1 is characterized in that, in step (3), described control strategy comprises traffic policy or quality of service policy.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007101304818A CN101355489B (en) | 2007-07-23 | 2007-07-23 | User management method based on dynamic host configuration protocol prefix proxy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007101304818A CN101355489B (en) | 2007-07-23 | 2007-07-23 | User management method based on dynamic host configuration protocol prefix proxy |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101355489A CN101355489A (en) | 2009-01-28 |
CN101355489B true CN101355489B (en) | 2011-08-10 |
Family
ID=40308092
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2007101304818A Expired - Fee Related CN101355489B (en) | 2007-07-23 | 2007-07-23 | User management method based on dynamic host configuration protocol prefix proxy |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101355489B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101626406B (en) * | 2009-08-20 | 2011-09-07 | 杭州华三通信技术有限公司 | DHCP address pool configuration method, DHCP address assignment method, DHCP address assignment system and DHCP server |
CN102014343A (en) * | 2009-09-04 | 2011-04-13 | 华为技术有限公司 | Group policy and charging rule treatment method and device, and communication system |
CN102143050A (en) * | 2010-09-29 | 2011-08-03 | 华为终端有限公司 | Network connection processing method and device for internet protocol version 6 (IPv6) network |
CN102739813B (en) * | 2011-04-13 | 2014-10-22 | 国基电子(上海)有限公司 | Network server with IPv6 network prefix distribution function and method thereof |
CN103354550A (en) * | 2013-07-03 | 2013-10-16 | 杭州华三通信技术有限公司 | Authorization control method and device based on terminal information |
CN104869177A (en) * | 2014-02-21 | 2015-08-26 | 中兴通讯股份有限公司 | Local area network information issuing method and device |
CN107547467B (en) * | 2016-06-23 | 2021-09-24 | 中兴通讯股份有限公司 | Circuit authentication processing method, system and controller |
CN113783974B (en) * | 2021-09-09 | 2023-06-13 | 烽火通信科技股份有限公司 | Method and device for dynamically issuing MAP domain rule |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1531263A (en) * | 2003-03-14 | 2004-09-22 | ������������ʽ���� | Communication system, connector, communication method and identifying method |
CN1859420A (en) * | 2006-03-06 | 2006-11-08 | 华为技术有限公司 | Device and method for obtaining IPV6 prefix |
-
2007
- 2007-07-23 CN CN2007101304818A patent/CN101355489B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1531263A (en) * | 2003-03-14 | 2004-09-22 | ������������ʽ���� | Communication system, connector, communication method and identifying method |
CN1859420A (en) * | 2006-03-06 | 2006-11-08 | 华为技术有限公司 | Device and method for obtaining IPV6 prefix |
Also Published As
Publication number | Publication date |
---|---|
CN101355489A (en) | 2009-01-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101355489B (en) | User management method based on dynamic host configuration protocol prefix proxy | |
EP1876754B1 (en) | Method system and server for implementing dhcp address security allocation | |
US7616615B2 (en) | Packet forwarding apparatus for connecting mobile terminal to ISP network | |
US6587882B1 (en) | Mobile IP communication scheme using visited site or nearby network as temporal home network | |
US8189567B2 (en) | Method and nodes for registering a terminal | |
US8887234B2 (en) | Network service selection and authentication and stateless auto-configuration in an IPv6 access network | |
CN102045314B (en) | The method of anonymous communication, register method, information transceiving method and system | |
EP1936883B1 (en) | Service provisioning method and system thereof | |
WO2009117960A1 (en) | Method for accessing network, authentication method, communication system and related equipment | |
CN102957759A (en) | Distribution method and system for IPv6 (internet protocol version 6) address prefixes | |
CN103516760A (en) | Virtual network system accessing method, device and system | |
US20130070769A1 (en) | Method and system for identification of packet gateways supporting different service types | |
CN1972225B (en) | Method for interacting user information between different sub-systems in next generation network | |
KR101143898B1 (en) | Method and apparatus for verification of dynamic host configuration protocol dhcp release message | |
CN100525179C (en) | Method for preventing IP address leakage | |
WO2003067837A2 (en) | Dynamic host configuration protocol lease time determination | |
CN102761425B (en) | Charging method and device | |
CN101971569A (en) | Method and device for transferring packet in ipv6 access node | |
KR101367387B1 (en) | Appatus and method for user authentication to support PMIPv6 in Next Generation Networks | |
KR100625240B1 (en) | Apparatus and method of internet protocol address management in high speed portable internet | |
CN113746736B (en) | Method, device and communication system for sending and receiving message | |
CN1652535B (en) | Method for managing network layer address | |
CN111447293A (en) | User statistical method, device, equipment and machine readable storage medium | |
JP2004056382A (en) | Network system and network branching apparatus | |
CN100373879C (en) | Wideband access net with three layer access point and its IP address distributing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110810 Termination date: 20200723 |
|
CF01 | Termination of patent right due to non-payment of annual fee |