Background technology
Along with the development of information technology, the information network taking the Internet as representative has played more and more important effect in economy and social development.But the Internet has also in use exposed increasing problem.At the beginning of the Internet design, only considered fixing terminal trusty, not support terminal mobility, does not have inherent Security Assurance Mechanism yet.Along with the development of the wireless technologys such as 3G, rear 3G, 4G, the Internet becomes more and more urgent problem to the support of mobile terminal.Meanwhile, along with the expansion of internet, applications scope, safety problem is also more outstanding, and these problems have been difficult to solve under existing Internet technology framework.
ICP/IP protocol is the basis of the Internet.IP address has the double attribute of identity, position, is that ambulant root cannot be supported in the Internet.As the identity attribute of terminal, IP address can not change in fast mobile terminal process, otherwise the upper-layer service connection meetings such as TCP, UDP are interrupted along with the change of address; As the position attribution of terminal, IP address must change (address must have the subnet prefix at current place) in fast mobile terminal process, otherwise router cannot correctly be forwarded to terminal packet.Meanwhile, the double attribute of IP address is also that the fail safe of the Internet can not get the basic reason place solving.Because IP address must comprise the position attribution of terminal, so mobile terminal cannot be assigned to fixing IP address, therefore cannot determine according to IP address on the internet the assailants' such as hacker identity.This is that the safety problems such as attack on current internet, swindle, abuse can not get the basic reason solving.
Have the defect of double attribute for IP agreement, industry is at the multiple next generation network technology separating based on identity, position of research, as LISP, HIP, integrated network etc.The common feature of these technology is to have introduced two space encoders, the identity of a GC group connector, the position of a GC group connector.The existing identity coding of each terminal, also have one position encoded.The connection of the upper-layer service such as TCP, UDP is that identity coding and the opposite end based on terminal establishes a communications link.When fast mobile terminal, its position encoded change thereupon, but its identity coding remains unchanged.Therefore the movement of terminal can not cause the interruption of upper-layer service.
The identity coding of terminal and position encoded after separating, just can give fixing identity coding of each terminal distribution, identify label while communication as terminal room.So just realize user's true identity online.
The Next Generation Internet (hereinafter to be referred as new net) separating based on identity, position, identity and the station location marker transfer approach in network is a very important key technology, it has determined that new net implements the influence degree to existing network, and new net transmission efficiency.
The transmission problem in network for identity and station location marker, the Chinese patent application that is disclosed on July 12nd, 2006 discloses " a kind of internet access method separating with position based on identity " is provided for No. CN1801764, the method adopts " access mark " to represent subscriber identity information, and " switching and routing mark " represents customer position information; Complete the mapping between access mark and switching and routing mark by access switch router, as shown in Figure 1, the process that the method sends packet comprises:
Step 1: user terminal sends to access the packet that is designated source/destination address to access switch router;
Step 2: access switch router is searched corresponding switching and routing mark according to the access mark in packet;
Step 3: access switch router sends to key subnetwork after the access mark in packet is replaced with to switching and routing mark
Step 4: key subnetwork transmits the packet that is designated source/destination address with switching and routing
Step 5: object access switch router receives after packet, searches corresponding access mark according to switching and routing mark in packet;
Step 6: object access switch router sends to object user terminal after the switching and routing mark in packet is replaced with to access mark.
Can be seen by above process, in the transport process of packet, source/destination couple in router all needs to search the corresponding relation of AID and RID, and after moving, user terminal needs to upgrade the corresponding relation of AID and RID, this is after new net large-scale application, the quantity of AID and RID sharply increases, and need to consume a large amount of resource of couple in router and carry out searching of mapping relations.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of couple in router method for updating local mapping table and local-access router, with the renewal process of optimizing user mark and Route Distinguisher mapping relations.
For solving above technical problem, the invention provides a kind of couple in router method for updating local mapping table, the method comprises:
Packet Generation step, the packet that source couple in router sends to object couple in router, wherein source, destination address adopt Route Distinguisher to represent, described packet encapsulation content comprises that object user ID is at user index corresponding to the local mapping table of source couple in router;
Packet receiving step, described source couple in router receives the packet that described object couple in router sends, and Qi Zhongyuan, destination address adopt Route Distinguisher to represent, and described packet encapsulation content comprises described user index;
Local mapping table step of updating, described source couple in router is resolved the packet receiving, and directly locates and upgrades the user ID of described object terminal and the mapping relations of Route Distinguisher according to described user index.
Further, the described user index in described packet receiving step is to record after described object couple in router receives the packet in Packet Generation step.
Further, in described Packet Generation step, described packet encapsulation content also comprises source, object user ID, and described object couple in router identifies according to the source user receiving in packet the mapping relations of setting up user index, user ID and Route Distinguisher with the corresponding relation of source routing mark at the local mapping table of described object couple in router.
Further, before described Packet Generation step, also comprise:
The packet that A, described source couple in router reception sources terminal send, Qi Zhongyuan, destination address are source, object user ID;
B, described source couple in router obtain object Route Distinguisher corresponding to object user ID according to described object user ID query mappings server, and set up the mapping relations of user index, object user ID and object Route Distinguisher;
C, described source couple in router encapsulated data packet, wherein packet encapsulation content also comprises source, object user ID.
Further, in described step B, described source couple in router, before the described mapping server of inquiry, is first inquired about described local mapping table, if do not find and inquire about described mapping server when correspondence mappings is related to again at described local mapping table.
For solving above technical problem, the present invention also provides a kind of couple in router, and described couple in router comprises:
Receiver module, the packet sending for receiving described opposite end couple in router, Qi Zhongyuan, destination address adopt Route Distinguisher to represent, and described packet encapsulation content comprises that described opposite end user ID is at user index corresponding to local mapping table;
Decapsulation module, is connected with described receiver module, the packet receiving for receiver module described in decapsulation;
Update module, be connected with described decapsulation module, directly locate and upgrade the user ID of opposite end described in local mapping table and the mapping relations of Route Distinguisher at user index corresponding to local mapping table for the described opposite end user ID obtaining according to decapsulation;
Described local mapping table, is connected with described update module, for preserving the mapping relations of user index, user ID and Route Distinguisher.
Further, described receiver module also comprises the packet of local terminal user ID at user index corresponding to the local mapping table of opposite end couple in router for receiving packet encapsulation content; Described update module is also for recording local terminal user ID that described decapsulation module obtains corresponding user index in the local mapping table of opposite end couple in router at local mapping table.
Further, described packet encapsulation content also comprises local terminal and opposite end user ID, and described update module is also for according to the mapping relations that receive the opposite end user ID of packet and the corresponding relation of opposite end Route Distinguisher and set up at local mapping table user index, user ID and Route Distinguisher.
Further, described couple in router also comprises enquiry module, package module and sending module, the packet that described receiver module also sends for receiving local terminal, and Qi Zhongyuan, destination address adopt user ID to represent; Described enquiry module, be connected with described decapsulation module, for obtaining opposite end Route Distinguisher corresponding to opposite end user ID according to described opposite end user ID query mappings server, and notify described update module in local mapping table, to set up the mapping relations of user index, opposite end user ID and opposite end Route Distinguisher; Described update module is also for setting up the mapping relations of user index, object user ID and object Route Distinguisher at described local mapping table; Described package module, is connected with described decapsulation module, for encapsulated data packet; Sending module, be connected with described package module, for the packet after the described package module encapsulation sending to opposite end couple in router, wherein source, destination address adopt Route Distinguisher to represent, described packet encapsulation content comprises the user index of described opposite end user ID correspondence in the local mapping table of opposite end couple in router at user index corresponding to local mapping table or described local terminal user ID.
Further, described enquiry module is also connected with described local mapping table, also for inquiring about described local mapping table, does not find and when correspondence mappings is related to, inquires about described mapping server again at described local mapping table.
The present invention is in the existing Ipv4 agreement of compatibility, pass through packaged type, between couple in router, transmit user ID and user index, after the user index of source and destination end couple in router is set up, couple in router receives after packet, can in local mapping table, be directly targeted to according to the user index in packet the respective items of user ID and Route Distinguisher, check and upgrade the corresponding relation of user ID and Route Distinguisher; Can improve user ID and the Route Distinguisher mapping relations search efficiency at couple in router, the renewal process of optimizing user mark and Route Distinguisher mapping relations, has avoided repeatedly searching the process of mapping table.
Embodiment
The network architecture of identity and locator separation network as shown in Figure 2, in general, mapping server has been preserved the mapping relations of the interior each terminal user identification of service area and Route Distinguisher in real time, in order to inquire about conveniently, generally can be by the outcome record of inquiry at every turn in the local mapping table of couple in router, each like this while needing query mappings to be related to, can first inquire about local mapping table query mappings server again, thereby raising search efficiency, but when mapping relations change, and user ID in local mapping table and Route Distinguisher mapping relations are while can not get upgrading in time, may cause data transmission fault.
Main thought of the present invention is, for the packet between couple in router, using source, the Route Distinguisher of object couple in router is as the source and destination address of packet, source, object user ID encapsulate as packet content, and user index is transmitted in the lump as encapsulated content, according to user index, local mapping table is upgraded in time, thus can route optimization mark and user ID corresponding relation renewal speed.
Below the concept in the present invention is described:
User ID: the mark that each user terminal is unique, the whole network unified distribution (number format is shown in other Patents), does not change with the movement of terminal, represents with AID;
Route Distinguisher: the IPv4 address of couple in router, continue to continue to use existing network addressing, represent with RID; Route Distinguisher can corresponding multiple user ID, have saved IP address, and after Route Distinguisher changes, user ID can remain unchanged
Couple in router local mapping table: the table of record user identifications and Route Distinguisher corresponding relation in couple in router;
User index: the entrance index of couple in router local mapping table list item;
As shown in Figure 3, couple in router method for updating local mapping table of the present invention comprises:
Step 301: Packet Generation step, the packet that source couple in router sends to object couple in router, wherein source, destination address adopt Route Distinguisher to represent, described packet encapsulation content comprises that object user ID is at user index corresponding to the local mapping table of source couple in router;
In described Packet Generation step, described packet encapsulation content also comprises source, object user ID, and described object couple in router identifies according to the source user receiving in packet the mapping relations of setting up user index, user ID and Route Distinguisher with the corresponding relation of source routing mark at the local mapping table of described object couple in router.
Step 302: packet receiving step, described source couple in router receives the packet that described object couple in router sends, and Qi Zhongyuan, destination address adopt Route Distinguisher to represent, and described packet encapsulation content comprises described user index; The user index is here to record after described object couple in router receives the packet in described Packet Generation step.
Step 303: local mapping table step of updating, described source couple in router is resolved the packet receiving, and directly locates and upgrades the user ID of described object terminal and the mapping relations of Route Distinguisher according to described user index.
Before step 301, source couple in router is to set up like this mapping relations:
The packet that A, described source couple in router reception sources terminal send, Qi Zhongyuan, destination address are source, object user ID;
B, described source couple in router obtain object Route Distinguisher corresponding to object user ID according to described object user ID query mappings server, and set up the mapping relations of user index, object user ID and object Route Distinguisher;
In described step B, described source couple in router, before the described mapping server of inquiry, is first inquired about described local mapping table, if do not find and inquire about described mapping server when correspondence mappings is related to again at described local mapping table.
C, described source couple in router encapsulated data packet, wherein packet encapsulation content comprises source, object user ID.
Below in conjunction with accompanying drawing, the inventive method is specifically described:
As shown in Figure 4, the process of transfer of data comprises the following steps:
Step 401: source terminal sends the first packet to source ASR, the AID (SrcAID) that the source address of the first packet is source terminal, destination address is the AID (DstAID) of object terminal;
Data packet format is the Ipv4 data packet format of standard.
Step 402: source ASR receives after first packet of source terminal by the transmission of access side network, inquiry local mapping table, obtain the RID that object AID is corresponding (DstRID), source, object AID and object user ID (are called for short to object user index at user index corresponding to source ASR local mapping table, DstIdx) be the data content of the second packet with Reseal together with the data content of the first packet, source address using the RID of himself (SrcRID) as the second packet, using object RID as destination address;
In Fig. 4, also show user index (being called for short source user index, SrcIdx) corresponding to local mapping table that source user is identified at object ASR, because source ASR not yet obtains in step 402, therefore this user index can be empty.
The frame format of the tcp data bag after the source ASR of Figure 5 shows that heavily encapsulates, the Ipv4 data packet format of standard, wherein, using source RID as destination address, using object RID as destination address, source and destination AID, source and destination user index and data content are together encapsulated.
The frame format of the UDP message bag after the source ASR of Figure 6 shows that heavily encapsulates, wherein, using source RID as destination address, using object RID as destination address, together encapsulates source and destination AID, source and destination user index and data content.
Step 403: according to object RID, source ASR by the second Packet Generation after Reseal to object ASR;
Step 404: object ASR carries out decapsulation to the second packet receiving, and obtains source and destination AID, and upgrades correspondence mappings relation in local mapping table according to the mapping relations of source AID in packet and source RID;
The first Packet Generation that step 405: object ASR obtains decapsulation is to object terminal;
Step 406: object terminal sends the packet returning to object ASR, using the AID of himself as source address, using the AID of source terminal as destination address;
Step 407: object ASR sends to source ASR after the packet returning of object terminal is heavily encapsulated;
Object ASR receives the packet returning of object terminal, inquire about corresponding RID according to the destination address of this packet, adopt the RID of the current affiliated ASR of object terminal as destination address, the RID of himself, as source address, is encapsulated into source, object AID and source, object user index in packet;
Here source, object AID also can fill out the null value into network convention.
Step 408: source couple in router carries out decapsulation to the second packet receiving, obtain object user index, object RID and object AID, directly in local mapping table, be directly targeted to the respective items of user ID and Route Distinguisher according to the object user index in packet, check and upgrade the corresponding relation of user ID and Route Distinguisher;
If source, object ADI have adopted agreement null value to replace in step 408 certainly, can only obtain object user index and object RID, and upgrade corresponding Route Distinguisher (object RID).
Step 409: the Packet Generation that source ASR obtains decapsulation is to source terminal;
For realizing above method, the present invention also provides a kind of couple in router, and described couple in router comprises:
Sending module, for the packet sending to opposite end couple in router, wherein source, destination address adopt Route Distinguisher to represent, described packet encapsulation content comprises local terminal and opposite end user ID, also comprises the user index of opposite end user ID correspondence in the local mapping table of opposite end couple in router at user index corresponding to local mapping table or described local terminal user ID; Also, for sending packet to local terminal, source wherein, destination address adopt user ID to represent;
Receiver module, the packet sending for receiving described opposite end couple in router, wherein source, destination address adopt Route Distinguisher to represent, described packet encapsulation content comprise opposite end user ID user index corresponding to local mapping table or or the packet of local terminal user ID corresponding user index in the local mapping table of opposite end couple in router; The packet also sending for receiving local terminal, wherein user ID represents;
Decapsulation module, is connected with described receiver module, the packet receiving for receiver module described in decapsulation;
Update module, be connected with described decapsulation module, for local mapping table is upgraded, comprise that the opposite end user ID that obtains according to decapsulation directly locates and upgrade the user ID of opposite end described in local mapping table and the mapping relations of Route Distinguisher at user index corresponding to local mapping table; In local mapping table, record the user index of described local terminal user ID correspondence in the local mapping table of opposite end couple in router of decapsulation module acquisition; Set up the mapping relations of user index, user ID and Route Distinguisher at local mapping table according to the corresponding relation of the opposite end user ID in reception packet and opposite end Route Distinguisher; In local mapping table, set up the mapping relations of user index, object user ID and object Route Distinguisher.
Local mapping table, is connected with described update module, for preserving the mapping relations of user index, user ID and Route Distinguisher.
Enquiry module, be connected with decapsulation module and local mapping table, for obtaining opposite end Route Distinguisher corresponding to opposite end user ID according to described opposite end user ID inquiry local mapping table or mapping server, and notify described update module in local mapping table, to set up the mapping relations of user index, opposite end user ID and opposite end Route Distinguisher; Enquiry module is first inquired about local mapping table, does not find and when correspondence mappings is related to, inquires about described mapping server again at local mapping table.
Package module, be connected with described sending module, for encapsulated data packet, send to the packet encapsulation content of opposite end couple in router to comprise that described packet encapsulation content comprises the user index of opposite end user ID correspondence in the local mapping table of opposite end couple in router at user index corresponding to local mapping table or described local terminal user ID.
The present invention is in the existing Ipv4 agreement of compatibility, pass through packaged type, between couple in router, transmit user ID and user index, after the user index of source and destination end couple in router is set up, couple in router receives after packet, can in local mapping table, be directly targeted to according to the user index in packet the respective items of user ID and Route Distinguisher, check and upgrade the corresponding relation of user ID and Route Distinguisher; Can improve user ID and the Route Distinguisher mapping relations search efficiency at couple in router, the renewal process of optimizing user mark and Route Distinguisher mapping relations, has avoided repeatedly searching the process of mapping table.