CN102035724A - Method, device and system for realizing message forwarding - Google Patents

Method, device and system for realizing message forwarding Download PDF

Info

Publication number
CN102035724A
CN102035724A CN2009102352856A CN200910235285A CN102035724A CN 102035724 A CN102035724 A CN 102035724A CN 2009102352856 A CN2009102352856 A CN 2009102352856A CN 200910235285 A CN200910235285 A CN 200910235285A CN 102035724 A CN102035724 A CN 102035724A
Authority
CN
China
Prior art keywords
message
dhcpv6
field
layer equipment
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2009102352856A
Other languages
Chinese (zh)
Inventor
莫增宁
罗勇
王琪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN2009102352856A priority Critical patent/CN102035724A/en
Publication of CN102035724A publication Critical patent/CN102035724A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention relates to a method, a device and a system for realizing message forwarding, belonging to the field of communication. When a DHCPV6 (Dynamic Host Configuration Protocol V6) client is accessed into a DHCPV6 server only through a second-layer network, the method comprises the following steps of: receiving a DHCPV6 uplink message sent by the DHCPV6 client by second-layer equipment; adding a field used for identifying a user into the DHCPV6 uplink message, and forwarding the message with the added field to the DHCPV6 server; receiving a DHCPV6 downlink message sent by the DHCPV6 server by the second-layer equipment; and if the DHCPV6 downlink message carries the field which is added by the second-layer equipment and used for identifying the user, and the field is stripped, forwarding the message without the field to the DHCPV6 client. Through adding physical information by the second-layer equipment in a second-layer network, third-layer network equipment is prevented from being deployed at the edge of the network, the DHCPV6 server authenticates the user and matches an address pool according to the physical information added by the second-layer equipment, and the downlink DHCP message is forwarded according to an option18 field, thereby the safety of message forwarding is enhanced, and the safety problem in the DHCPV6 protocol is solved.

Description

A kind of methods, devices and systems of realizing that message is transmitted
Technical field
The present invention relates to the communications field, particularly a kind of methods, devices and systems of realizing that message is transmitted.
Background technology
Now, the internet is expansion with surprising rapidity, the number of devices of access network also becomes how much numbers to increase, for the convenience that improves network management and improve IP address resource utilance in the network, having occurred is DHCP (the Dynamic Host ConfigurationProtocol of basic working modes with the client/server, DHCP) agreement, utilize the DHCP agreement can realize dynamic management IP address, wherein, the DHCP agreement adopts udp protocol to realize the information exchange of client and server, client is used the link local address or has been transmitted and received dhcp message by other machine-processed addresses distributed, Dynamic Host Configuration Protocol server uses the link overall situation multicast address of a reservation to receive the message that is sent by client, Dynamic Host Configuration Protocol server can be client distributing IP address according to the physical address of client.
The inventor is in realizing process of the present invention, find that there is following shortcoming and defect at least in above-mentioned prior art: when client inserts Dynamic Host Configuration Protocol server by double layer network, because the address number in the Dynamic Host Configuration Protocol server address pool is limited, if there is potential safety hazard in network, the disabled user understands continuous conversion physical address, thereby attempt applying for all addresses in the DHCP territory, exhaust the address in the Dynamic Host Configuration Protocol server address pool, cause other normal users can't address acquisition, cause DHCPV6 (sixth version) agreement to have safety problem.
Summary of the invention
In the double layer network scope, in order to solve the safety problem of DHCPV6, the embodiment of the invention provides a kind of methods, devices and systems of realizing that message is transmitted.Described technical scheme is as follows:
On the one hand, provide a kind of method that realizes that message is transmitted, when dynamic host configuration protocol DHCP V6 client inserted the DHCPV6 server by double layer network, described method comprised:
Two-layer equipment receives the DHCPV6 uplink message that is sent by described DHCPV6 client; In described DHCPV6 uplink message, add the field be used for identifying user, and will add message after the field to described DHCPV6 server forwards;
Described two-layer equipment receives the DHCPV6 downlink message that is sent by described DHCPV6 server; If carry the field that is used for identifying user of adding in the described DHCPV6 downlink message by described two-layer equipment, then peel off described field after, the message after the strip off fields is transmitted to described DHCPV6 client.
Again on the one hand, provide and realized the device that message is transmitted in a kind of double layer network, described device comprises:
First receiver module is used to receive the DHCPV6 uplink message that is sent by the DHCPV6 client;
First forwarding module, the DHCPV6 uplink message that is used for receiving at described first receiver module adds the field that is used for identifying user, and will add message after the field to the DHCPV6 server forwards;
Second receiver module is used to receive the DHCPV6 downlink message that is sent by described DHCPV6 server;
Second forwarding module is used for if the DHCPV6 downlink message that described second receiver module receives carries the field that is used for identifying user of being added by described device, then peel off described field after, the message after the strip off fields is transmitted to described DHCPV6 client.
Again on the one hand, provide a kind of system that realizes that message is transmitted again, described system comprises: dynamic host configuration protocol DHCP V6 server, and the two-layer equipment that is arranged in double layer network,
Described two-layer equipment is used to receive the DHCPV6 uplink message that is sent by described DHCPV6 client; In described DHCPV6 uplink message, add the field be used for identifying user, and will add message after the field to described DHCPV6 server forwards; Also be used to receive the DHCPV6 downlink message that sends by described DHCPV6 server; If carry the field that is used for identifying user of adding in the described DHCPV6 downlink message by described two-layer equipment, then peel off described field after, the message after the strip off fields is transmitted to described DHCPV6 client;
Described DHCPV6 server is used to receive the message that described two-layer equipment sends, and returns the DHCPV6 downlink message to described two-layer equipment.
The beneficial effect of the technical scheme that the embodiment of the invention provides is:
The method that the realization message that provides by the embodiment of the invention is transmitted, for the DHCPV6 message in the double layer network, realized for the up DHCPV6 of receiving message by two-layer equipment, add the field that is used for identifying user information in the back, do not need to change type of message, the field of wherein carrying for the descending DHCPV6 message audit of receiving is after two-layer equipment oneself adds, and the field of then peeling off interpolation clean culture again sends to corresponding ports.By adding physical message by two-layer network device, avoided disposing three-layer network appliance (as IP device) at network edge, the DHCPV6 server comes the user is authenticated according to the physical message that two-layer network device adds, and match address pond, and descending DHCP message is transmitted according to resolving the field of adding, strengthen the fail safe that message is transmitted, efficiently solved the safety problem in the DHCPV6 agreement.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of the method transmitted of the realization message that provides of the embodiment of the invention 1;
Fig. 2 is the network architecture schematic diagram that the embodiment of the invention 1 provides;
Fig. 3 is the detail flowchart of the method transmitted of the realization message that provides of the embodiment of the invention 1;
Fig. 4 is the information interaction schematic diagram of the method transmitted of the realization message that provides of the embodiment of the invention 1;
Fig. 5 is the flow chart of the method transmitted of the realization message that provides of the embodiment of the invention 2;
Fig. 6 is the network architecture schematic diagram that the embodiment of the invention 2 provides;
Fig. 7 is the detail flowchart of the method transmitted of the realization message that provides of the embodiment of the invention 2;
Fig. 8 is the information exchange schematic diagram of the method transmitted of the realization message that provides of the embodiment of the invention 2;
The schematic representation of apparatus that message is transmitted is provided in the double layer network that provides of the embodiment of the invention 3 Fig. 9;
The schematic representation of apparatus that message is transmitted is provided in the double layer network that provides of the embodiment of the invention 4 Figure 10;
The schematic representation of apparatus that message is transmitted is provided in the three-layer network that provides of the embodiment of the invention 5 Figure 11;
Figure 12 is the schematic diagram of the system that transmits of the realization message that provides of the embodiment of the invention 6.
Figure 13 is another schematic diagram of the system that transmits of the realization message that provides of the embodiment of the invention 6
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
For the method that the invention described above embodiment is provided is elaborated, see also following embodiment:
Embodiment 1
In the double layer network scope, in order to solve the safety problem of DHCPV6, the embodiment of the invention provides a kind of method that realizes that message is transmitted, and referring to Fig. 1, when the DHCPV6 client only inserted the DHCPV6 server by double layer network, this method theed contents are as follows:
S1: two-layer equipment receives the DHCPV6 uplink message that is sent by the DHCPV6 client;
S2: in the DHCPV6 uplink message, add the field that is used for identifying user, and the message after the interpolation field is forwarded to the DHCPV6 server;
S3: two-layer equipment receives the DHCPV6 downlink message that is sent by the DHCPV6 server;
S4:, then after the strip off fields, the message after the strip off fields is forwarded to the DHCPV6 client if carry the field that is used for identifying user of adding in the DHCPV6 downlink message by two-layer equipment.
Wherein, preferably, the field that is used for identifying user comprises: first field and second field, then step S2 is related: add the field that is used for identifying user in the DHCPV6 uplink message, specifically comprise: two-layer equipment adds interface identifier to first field according to the information of the interface that receives the DHCPV6 uplink message; Two-layer equipment adds client identification to second field according to the information of the client that receives.Wherein, first field is specifically as follows the option18 field, second field is specifically as follows option37.
For this method is elaborated, see also Fig. 2, the configuration diagram of the double layer network that provides for the embodiment of the invention comprises: DHCPV6 server, the two-layer equipment L2 (as: Layer 2 switch etc.) that is connected with this DHCPV6 server, the DHCPV6 client (as: PC equipment etc.) that is connected with two-layer equipment L2.
One, for two-layer equipment L2, in two-layer equipment L2, be provided with and act on behalf of AGENT, two-layer equipment L2 can submit the resume module to AGENT with the protocol massages in the DHCPV6 protocol interaction process:
1, for the DHCPV6 protocol massages of up direction (i.e. the DHCPV6 message that sends from client), usually the type of message of message is for imploring solicit (1), request request (3), confirm confirm (4), upgrade renew (5), heavily bind rebind (6), discharging release (8), decline decline (9), information request information_request (11), this AGENT directly adds option18 in former message or option37 comes identifying user, and the message after adding is transmitted to the DHCPV6 server.2、
2, for the DHCPV6 protocol massages of down direction (i.e. the DHCPV6 message that sends from server), this AGENT module is judged if comprise option18 or option37 option in the message, then this option is removed, then message is transmitted to the DHCPV6 client.
Two, for the DHCPV6 server: when the DHCPV6 server receives the message that has option18 and option37, resolve option18 and option37 and obtain user profile, carry out authentification of user and carry out address assignment based on the user profile that obtains.
Based on the network architecture that above-mentioned Fig. 2 provided, referring to Fig. 3, the detail flowchart of the method that the embodiment of the invention provides:
The 101:DHCPV6 client sends the solicit message to the DHCPV6 server.
Wherein, the DHCPV6 client sends this message and is used to ask the DHCPV6 server to be its distributed network parameters, and the network parameter of request includes but not limited to IPv6 address/prefix, network configuration parameters etc.
102: two-layer equipment L2 catches the solicit message, this solicit message is delivered to AGENT, AGENT is assembled into option18, option37 option according to customer position information, and these options are added in the original solicit message, then the new message that has added option18, option37 field is sent.
Wherein, during the AGENT specific implementation of two-layer equipment L2, can be for be arranged in two-layer equipment L2 with logic module, also can for one in double layer network the entity of individualism, present embodiment does not limit this, and to be arranged in two-layer equipment L2 with AGENT be that example describes.Two-layer equipment L2 can be according to the type of message, captures solicit message (two-layer equipment L2 how to catch message belong to prior art repeat no more) targetedly.Two-layer equipment L2 is assembled into option18, option37 option according to customer position information (interface identifier interface-id and client identification remote-id), and is specific as follows:
Two-layer equipment L2 is known interface identifier interface-id according to the interface that self receives this solicit message, adds this interface identifier interface-id in the option18 field.This interface identifier is used to the interface of indicating two-layer equipment L2 to link to each other with the DHCPV6 client, and the expression message from which interface receives, and comprises but does not limit following content: frame, groove, port numbers etc.For example: 2 groove positions are arranged on each frame usually, 8 or 16 ports are arranged on each groove position, if two-layer equipment L2 is this solicit message that receives by 0 frame, 1 groove, 2 ports, then interface identifier is: 0 frame, 1 groove, 2 ports.When the content of this option18 field of those skilled in the art's specific implementation is filled, can be with reference to RFC 3315.
Two-layer equipment L2 is according to the client identification remote-id of knowing in advance, in the option37 field, add this client identification, wherein, this client identification includes but not limited to C-VLAN (Virtual Local AreaNetwork, VLAN), terminal iidentification id, PCV (Permanent Virtual Circuit, permanent virtual circuit) etc., during the filling of the content of this option37 field of those skilled in the art's specific implementation, can be with reference to RFC 4649.
The 103:DHCPV6 server is resolved receiving the solicit message that carries option18, option37, parse user position information, and carry out authentification of user, judge whether authentication is successful according to this user position information, if then execution in step 104; Otherwise authentification failure abandons this message.
Wherein, when carrying out authentification of user according to this user position information, can be with reference to as follows:
Compare according to this user position information and the user position information of self preserving in advance, judge whether coupling, if, authentication success then; Otherwise, authentification failure.The embodiment of the invention does not limit mode and the method when carrying out authentification of user.
The 104:DHCPV6 server sends bulletin advertise message, carries option18, the option37 field of carrying in the former solicit message in this advertise message.
Wherein, corresponding with the solicit message that above-mentioned DHCPV6 client sends, this advertise message is used to notify the DHCPV6 client, and the DHCPV6 server can be its IP address allocated/prefix, network configuration parameters.
105: two-layer equipment L2 catches the advertise message, this advertise message is delivered to AGENT, AGENT resolves the adyertise message, if carry option18, option37 field in the message, and content is added by two-layer equipment L2 self in the option18 that carries, the option37 field, then option18, option37 field are peeled off, and the message after will peeling off is transmitted to the DHCPV6 client.
Wherein, whether the AGENT of two-layer equipment L2 is to be added by two-layer equipment L2 self to judge that concrete judgment mode includes but not limited to content in the option18 that carries, the option37 field:
1, whether whether the length of option18 field consistent with the length of the option18 field of oneself adding in the message of judgement reception, if, what then the option18 field was added for self in the message of Jie Shouing; Otherwise the option18 field is not that self adds in the message of reception; The option37 processing mode is similar, repeats no more.For example: the length of the option18 field of oneself adding is 36 bytes, is 36 bytes if receive the length of the option18 field in the message, thinks that then the option18 field is that self adds in the message that receives;
2, in the message that judge to receive in the option18 field content of regular length whether with own option18 field of adding in the content of regular length whether consistent, if, then in the message of Jie Shouing the option18 field for self interpolation; Otherwise the option18 field is not that self adds in the message of reception; The option37 processing mode is similar, repeats no more.For example: the content from the 2-8 position in the option18 field that oneself adds is 1101110, if receive option18 field in the message in be 1101110 from the content of 2-8 position, think that then the option18 field is that self adds in the message that receives;
3, default flag bit (as check digit) is not and whether preset flag bit in the own option18 field of adding consistent in the option18 field in the message that judge to receive, if, then in the message of Jie Shouing the option18 field for self interpolation; Otherwise the option18 field is not that self adds in the message of reception; The option37 processing mode is similar, repeats no more.For example: the default flag bit of the option18 field of oneself adding is 1, is 1 if receive the default flag bit of the option18 field in the message, thinks that then the option18 field is that self adds in the message that receives.
The 106:DHCPV6 client sends request request message to the DHCPV6 server.
Wherein, receive the advertise message that does not carry option18, option37 field when the DHCPV6 client after, know that the DHCPV6 server can be its IP address allocated/prefix, network configuration parameters, then initiate request request message.
107: two-layer equipment L2 catches the request message, this request message is delivered to AGENT, AGENT is assembled into option18, option37 option according to customer position information, and these options are added in the original request message, then the new message that has added option18, option37 field is sent.
Wherein, similar during this step specific implementation with above-mentioned steps 102, repeat no more.
After the 108:DHCPV6 server receives the request message that has added option18, option37 field, identify label according to the DHCPV6 client of carrying in the request message, according to allocation strategy, be this DHCPV6 client distributing IP address/prefix, network configuration parameters, and return and reply the reply message, carry in this reply message and be this DHCPV6 client IP address allocated/prefix, network configuration parameters, and the option18 that carries in the former request message, option37 field.
Wherein, those skilled in the art can be known, the DHCPV6 client is when sending the request message, can be according to MAC (the Media Access Control of self, medium access control) address, factors such as transmitting time generate the identify label of DHCPV6 client, then the DHCPV6 server can carry out the distribution of IP address etc. according to the identify label of DHCPV6 client.Correspondingly, the DHCPV6 server does not need to resolve option18, option37 field after receiving the request message that has added option18, option37 field.That is: the DHCPV6 server only need be resolved option18,37 fields in the solicit message.
109: two-layer equipment L2 catches the reply message, this reply message is delivered to AGENT, AGENT resolves the reply message, if carry option18, option37 field in the message, and the content of the field of carrying is added by two-layer equipment L2 self, then option18, option37 field is peeled off.
Wherein, similar during this step specific implementation with above-mentioned steps 105, repeat no more.
110: the reply message after two-layer equipment L2 will peel off is transmitted to the DHCPV6 client.
So far, the DHCPV6 client just can get access to the DHCPV6 server and be its IP address allocated/prefix, network configuration parameters, thereby can carry out follow-up flow process.Referring to Fig. 4, the mutual schematic diagram of the method that provides for the embodiment of the invention:
1, the DHCPV6 client uses solicit message to come the position of request server;
2, solicit message is caught by L2 equipment and is delivered to AGENT, AGENT is assembled into option18, option37 option according to customer position information, and these options are added in the original solicit message, then the new message that has added option18, option37 field is sent.
3,4, the DHCPV6 server will receive that the solicit message that has option18, option37 resolves, parse user position information, and carry out authentification of user, if authentification failure abandons this message according to this information.If success sends the advertise message, and carries option18, the option37 field of carrying in the former solicit message.
5, advertise message is caught by L2 equipment and is delivered to AGENT, message is resolved, if carry option18, option37 field in the judgement message, and be to add by this equipment, and then field is peeled off, and given client this forwards.
6, the above-mentioned flow process of processing fundamental sum of 7,8,9,10 message is the same, repeats no more.
Further, between DHCPV6 client and DHCPV6 server, the embodiment of the invention is that example describes when having the one-level two-layer equipment only, especially, if when having multistage two-layer equipment L2 between DHCPV6 client and DHCPV6 server, the processing mode of every grade of two-layer equipment L2 is similar to the above, the AGENT of every grade of two-layer equipment L2, after adding option18, option37 field in the message that the capital receives for up direction, continue forwarded upstream; Message for down direction can judge whether option18, the option37 field that this equipment adds equally, if having, after then peeling off accordingly, continues descending forwarding; Method is similar, repeats no more.
In sum, the method that the realization message that provides by the embodiment of the invention is transmitted, by the AGENT in the two-layer equipment, realization is for the up DHCPV6 message of receiving, add option18 and option37 in the back, do not need to change type of message, the option18 and the option37 that wherein carry for the descending DHCPV6 message audit of receiving are that oneself adds, after then peeling off, clean culture sends to corresponding ports.By adding physical message by two-layer network device, avoided disposing three-layer network appliance (as IP device) at network edge, the DHCPV6 server comes the user is authenticated according to the physical message that two-layer network device adds, and match address pond, and descending DHCP message is transmitted according to the option18 field, strengthen the fail safe that message is transmitted, efficiently solved the safety problem in the DHCPV6 agreement.
In sum, as shown in Figure 2, the foregoing description 1 is the explanation that example is carried out with two-layer equipment L2 and the direct-connected network scenarios of DHCPV6 server, during practical application, also exist two-layer equipment L2 to connect the application scenarios of DHCPV6 server by the three-layer equipment L3 in the three-layer network, how to solve the safety problem that message is transmitted under this scene, please see embodiment 2 for details.
Embodiment 2
In the double layer network scope, in order to solve the safety problem of DHCPV6, the embodiment of the invention provides a kind of method that realizes that message is transmitted.Referring to Fig. 5, when the DHCPV6 client inserts three-layer network by double layer network, when inserting the DHCPV6 server by three-layer network, this method thes contents are as follows:
C1: two-layer equipment receives the DHCPV6 uplink message that is sent by the DHCPV6 client;
C2: in the DHCPV6 uplink message, add the field that two-layer equipment is used for identifying user, and the message after the interpolation field is forwarded to three-layer equipment; So that behind the message after the three-layer equipment reception interpolation field, add the field that three-layer equipment is used for identifying user in the message after adding field, two-layer equipment is used for the field of identifying user and field that three-layer equipment is used for identifying user is forwarded to the DHCPV6 server with carrying;
C3: two-layer equipment receives the DHCPV6 downlink message that is sent by three-layer equipment;
C4:, then after the strip off fields, the message after the strip off fields is forwarded to the DHCPV6 client if carry the field that is used for identifying user of adding in the DHCPV6 downlink message by two-layer equipment.
Wherein, preferably, the field that the field that two-layer equipment is used for identifying user is used for identifying user comprises: first field and second field, then step C2 is related: add the field that is used for identifying user in the DHCPV6 uplink message, specifically comprise: two-layer equipment adds interface identifier to first field according to the information of the interface that receives the DHCPV6 uplink message; Two-layer equipment adds client identification to second field according to the information of the client that receives; Wherein, the field that three-layer equipment is used for identifying user comprises: the 3rd field, then add the field that three-layer equipment is used for identifying user in the message after adding field, comprising: three-layer equipment adds interface identifier to the 3rd field according to the information of the interface that receives the DHCPV6 uplink message.
For this method is elaborated, see also Fig. 6, the configuration diagram of the network that provides for the embodiment of the invention comprises: DHCPV6 server, the three-layer equipment L3 (as router etc.) that is connected with this DHCPV6 server, the two-layer equipment L2 (as Layer 2 switch etc.) that is connected with three-layer equipment, the DHCPV6 client (as: PC equipment etc.) that is connected with two-layer equipment L2.
One, for two-layer equipment L2, in two-layer equipment L2, be provided with and act on behalf of AGENT, two-layer equipment L2 can submit the resume module to AGENT with the protocol massages in the DHCPV6 protocol interaction process:
1, for the DHCPV6 message of up direction, the i.e. DHCPV6 message that sends from Client, the type of message of message is solicit (1), request (3), confirm (4) renew (5), rebind (6), release (8), decline (9), information_request (11), directly behind this message, add the option37 field, carry user ID.Alternatively, owing to the three-layer equipment that exists in the three-layer network, so two-layer equipment L2 can select whether to add option18 according to the setting of self herein.
2, for the DHCPV6 message of down direction, the i.e. DHCPV6 downlink message that sends over from three-layer equipment L3, two-layer equipment L2 judges whether to comprise the opiton18 field, if have, judge whether to this equipment adds, if then peel off the option18 information of adding by this equipment, the customer position information that provides according to option18 then, directly clean culture sends to client.
Two, for L3 equipment;
1, for receiving the DHCP message of coming from L2, original message is filled into relaying transmits relay_forward message option place, and before original message, add relaying and transmit the relay_forward message header, type of message msg_type is filled to RELAY_FORWARD (12), add the option18 field, message is transmitted to the DHCPV6 server.Preferably, two-layer equipment L2 has added the option18 of himself, if promptly from the message that two-layer equipment L2 receives, comprised option18, then three-layer equipment L3 can add the option18 in the former message again behind the option18 option that adds oneself, two option18 options are merged into an option, can offer very complete user profile of DHCPV6 server like this, and the DHCPV6 server only needs according to the option18 option after the merging, carry out authentication, and carry out address allocation policy on this basis the user.
2, the descending DHCPV6 message to sending over from the DHCPV6 server, judge whether to comprise the option18 field, if have, judge then whether option18 is the interpolation of this equipment, if, peel off the option18 content of adding by this equipment, the content that provides according to option18 then, L2 equipment is given in clean culture.
Based on the network architecture that above-mentioned Fig. 6 provided, referring to Fig. 7, the detail flowchart of the method that the embodiment of the invention provides:
The 201:DHCPV6 client sends the solicit message.
202: two-layer equipment L2 catches the solicit message, this solicit message is delivered to the AGENT of self, this AGENT is assembled into option18, option37 option according to customer position information, and these options are added in the original solicit message, then the new message that has added option18, option37 field is sent.
What pay particular attention to is, two-layer equipment L2 can select whether to add the option18 field, and present embodiment is preferably selected according to the interface identifier that receives this solicit message interface with two-layer equipment L2, and having added the option18 field is that example describes.
203: three-layer equipment L3 catches the solicit message that two-layer equipment L2 sends, this solicit message is delivered to the AGENT of self, the AGENT analytic message, if carry the option37 field that two-layer equipment L2 adds then parse the option37 field, the AGENT of three-layer equipment L3 is filled into relaying with the message all the elements except the option37 field information that two-layer equipment L2 adds that receive and transmits relay_forward message option place, and before the message that receives, add a relaying and transmit the relay_forward message header, type of message msg_type is filled to RELAY_FORWARD (12); And, add the option18 field according to the interface identifier that receives this solicit message interface.
Wherein, during the AGENT specific implementation of three-layer equipment L3, can be for be arranged in three-layer equipment L32 with logic module, also can for one in three-layer network the entity of individualism, present embodiment does not limit this, and to be arranged in three-layer equipment L3 with AGENT be that example describes.
What pay particular attention to is, because present embodiment is that to have selected to add the option18 field with two-layer equipment L2 be the explanation that example is carried out, so herein, contain the option18 option in the message that three-layer equipment L3 receives, the AGENT of three-layer equipment L3 adds the content of the option18 option in the message that receives to after the new option18 field, in fact exactly two option18 options are combined into an option18 option, and the option37 field that parses before added to after the option18 field, the message after will handling again is transmitted to the DHCPV6 server.
Wherein, owing to stipulated that in RFC3315 the option field is in three-layer network, being merely able to appear at relay_forward message and relaying replys in the relay-reply message, so the AGENT of this step three-layer equipment L3 is filled into relaying with the message all the elements except the option37 field information that two-layer equipment L2 adds that receive and transmits relay_forward message option place, and before the message that receives, add a relaying and transmit the relay_forward message header, type of message msg_type is filled to RELAY_FORWARD (12).
The 204:DHCPV6 server will receive that the relay_forward that has option18, option37 resolves, and parse user position information, and carry out authentification of user according to this information, judge whether authentication success, if then execution in step 205; Otherwise authentification failure abandons this message.
Wherein, the DHCPV6 server carries out the methods of authentification of user, and is similar with embodiment 1, repeats no more.
The 205:DHCPV6 server is to the DHCPV6 authentication success, and the encapsulation relaying is replied the relay-reply message and is transmitted to three-layer equipment L3, wherein, carries option18, option37 option in this relay-reply message.
Wherein, carrying option18, option37 option in this relay-reply message is option18, the option37 option that the DHCPV6 server carries from the relay_forward that three-layer equipment L3 receives.
206: three-layer equipment L3 catches the relay-reply message, deliver to the AGENT of three-layer equipment L3, AGENT parses option18, option37, remove the option field of adding by this equipment, message data in the relay-reply messages option is extracted, and obtain the advertise message after peeling the relay-reply message header off, and issue the advertise message.
Wherein, three-layer equipment L3 can know the length and the content of adding through option18 behind this equipment, so the content that only need compare option18 regular length scope in the message whether unanimity can know whether this field is that this equipment adds, if consistent, think that then the option18 that carries in the relay-reply message is that three-layer equipment L3 self adds; Otherwise, think that option18 is not that three-layer equipment L3 self adds, be that the length that three-layer equipment L3 relatively oneself adds option18 in the length of option18 field and the actual message can be known, whether the content of option18 is added by this equipment fully, if fully by being the interpolation of this equipment, then peeling off this field, is to be added by this equipment then to remove the content that this equipment adds as fruit part.What pay particular attention to is for the option18 field, because present embodiment is to add for this environment division with option18, to get final product so only remove the option field of being added by this equipment; For the option37 field, because not being this equipment, the option37 field in the message do not add, so need not peel off.
207: two-layer equipment L2 catches the advertise message, deliver to the AGENT of two-layer equipment L2, AGENT resolves message, if judge in the message and carry option37, option18 field, and be to add by this equipment, then field is peeled off, and, given client the clean culture of advertise message according to resolving the customer position information that the option18 field obtains.
The 208:DHCPV6 client sends request request message to the DHCPV6 server.
Wherein, receive the advertise message that does not carry option18, option37 field when the DHCPV6 client after, know that the DHCPV6 server can be its IP address allocated/prefix, network configuration parameters, then initiate request request message.
209: two-layer equipment L2 catches the request message, this request message is delivered to AGENT, AGENT is assembled into option18, option37 option according to customer position information, and these options are added in the original request message, then the new message that has added option18, option37 field is sent.
210: three-layer equipment L3 catches the request message that two-layer equipment L2 sends, this request message is delivered to the AGENT of three-layer equipment L3, if carry the option37 field that two-layer equipment L2 adds then parse the option37 field, the AGENT of three-layer equipment L3 is filled into relaying with the message all the elements except the option37 field information that two-layer equipment L2 adds that receive and transmits relay_forward message option place, and before the message that receives, add a relaying and transmit the relay_forward message header, type of message msg_type is filled to RELAY_FORWARD (12); And, add the option18 field according to the interface identifier that receives this solicit message interface.
What pay particular attention to is, because present embodiment is that to have selected to add the option18 field with two-layer equipment L2 be the explanation that example is carried out, so herein, contain the option18 option in the message that three-layer equipment L3 receives, the AGENT of three-layer equipment L3 adds the content of the option18 option in the message that receives to after the new option18 field, detailed content sees also step 203, similar repeating no more.
After the 211:DHCPV6 server receives the relay_forward message that has added option18, option37 field, identify label according to the DHCPV6 client of carrying in the relay_forward message, according to allocation strategy, be this DHCPV6 client distributing IP address/prefix, network configuration parameters, and return relaying and reply the relay_reply message, carry in this relay_reply message and be this DHCPV6 client IP address allocated/prefix, network configuration parameters, and the option18 that carries in the former relay_forward message, option37 field.
212: three-layer equipment L3 catches the relay_reply message, this relay_reply message is delivered to AGENT, AGENT parses option18, option37, remove the option field of adding by this equipment, message data in the relay-reply messages option is extracted, and obtain replying the reply message after peeling the relay-reply message header off, and issue the reply message.
213: two-layer equipment L2 catches the reply message that three-layer equipment L3 issues, deliver to the AGENT of two-layer equipment L2, AGENT resolves message, carries option37, option18 field if judge in the message, and be to add, then field peeled off by this equipment.
214: two-layer equipment L2 gives the DHCPV6 client according to resolving the customer position information that the option18 field obtains with the reply message clean culture after peeling off.
So far, the DHCPV6 client just can get access to the DHCPV6 server and be its IP address allocated/prefix, network configuration parameters, thereby can carry out follow-up flow process.Referring to Fig. 8, the mutual schematic diagram of the method that provides for the embodiment of the invention:
1, the DHCPV6 client uses solicit message to come the position of request server.
2, solicit message is caught the AGENT that delivers to L2 by L2 equipment, AGENT is assembled into the option37 option according to customer position information, and these options are added in the original solicit message, then the new message that has added the option37 field is sent.L2 can select whether to add the option18 option.
3, solicit message is caught the AGENT that delivers to L3 by L3 equipment, analytic message, if carry the option37 field then parse the option37 field, AGENT is filled into relay_forward message option place with original message all the elements except the option37 field information, and before original message, add a relay_forward message header, msg_type is filled to relay_forward (12), add the option18 field, if contain the option18 option in the original message, then the content of the option18 option in the original message is added to after the new option18 field, in fact exactly two option18 options are combined into an option18 option, and the option37 field that parses before added to after the option18 field, again this message is transmitted to the DHCPV6 server.
4,5, the DHCPV6 server will receive that the solicit message that has option18, option37 resolves, parse user position information, and carry out authentification of user, if authentification failure abandons this message according to this information.Authentication success then encapsulates the relay-reply message and is transmitted to L3, and carry option18, option37 option in the message this moment
6, relay-reply is caught by L3 equipment, parse option18, option37, judge whether to add for this equipment, determination methods is, L3 equipment will be appreciated that the length and the content of adding through option18 behind this equipment, so whether the content that only need compare option18 regular length scope in the message consistent getting final product, L3 equipment relatively oneself adds the length of option18 in the length of option18 field and the actual message and can know, whether the content of option18 is added by this equipment fully, if fully by being the interpolation of this equipment, then peel off this field, as fruit part is to be added by this equipment then to remove the content that this equipment adds, option18 adds for this environment division under this scene, so only remove the option field of adding, do not add because the option37 field in the message is not this equipment, so need not peel off by this equipment, then the message data in the relay-reply messages option is extracted, and peel the relay-reply message header off.
7, advertise message is caught by L2 equipment and is delivered to L2 relay-agent module, message is resolved, if judge in the message and carry option37, option18 field, and be to add by this equipment, then field is peeled off, and given client with the message clean culture according to the customer position information that comes out.
8, the processing of 9,10,11,12,13,14 message and top Message Processing flow process basically identical repeat no more.
Further, passing through to add physical message by two-layer network device, avoided disposing three-layer network appliance (as IP device) at network edge, the DHCPV6 server comes the user is authenticated according to the physical message that two-layer network device adds, and match address pond, and descending DHCP message is transmitted according to the option18 field, has strengthened the fail safe that message is transmitted, and efficiently solves the safety problem in the DHCPV6 agreement.
And between the DHCPV6 server, the embodiment of the invention is that example describes to have one-level two-layer equipment and one-level three-layer equipment only, especially, if when between DHCPV6 client and DHCPV6 server, having multistage two-layer equipment L2 or multistage three-layer equipment L3, the processing mode of every grade of two-layer equipment L2 is similar to the above, the AGENT of every grade of two-layer equipment L2, the option37 field (alternatively in the message that the capital receives for up direction, every grade of two-layer equipment L2 can decide whether add the option18 field in its sole discretion) after, forwarded upstream continued; Message for down direction can judge whether option18, the option37 field that this equipment adds equally, if having, after then peeling off accordingly, continues descending forwarding; Method is similar, repeats no more.The processing mode of every grade of three-layer equipment L3 is similar to the above, the AGENT of three-layer equipment L3 is filled into relaying with the message all the elements except the option37 field information that two-layer equipment L2 adds that receive up direction and transmits relay_forward message option place, and before the message that receives, add a relaying and transmit the relay_forward message header, type of message msg_type is filled to RELAY_FORWARD (12); And according to the interface identifier that receives this message interface, add the option18 field, message for down direction, deliver to AGENT, AGENT parses option18, option37, remove the option field of adding, the message data in the messages option is extracted, and issue the message of peeling off behind the message header by this equipment.
In sum, the method that the realization message that provides by the embodiment of the invention is transmitted, based on being used of the AGENT of the two-layer equipment L2 in the double layer network and the three-layer equipment L3 in the three-layer network, up direction at message, option18 is adopted the pattern that is layering, and final DHCPV6 server can comprehensively be held the positional information of DHCPV6 client by an option18 option.Down direction at message adopts the pattern of peeling off layer by layer for option18, then peel off if this equipment adds, and finally according to the positional information that obtains, directly clean culture sends to the corresponding port.。The DHCPV6 server comes the user is authenticated according to the physical message of this device in the double layer network and the interpolation of the three-layer equipment in the three-layer network, and match address pond, and descending DHCP message is transmitted according to the option18 field, strengthen the fail safe that message is transmitted, efficiently solved the safety problem in the DHCPV6 agreement.
Embodiment 3
With said method embodiment 1 correspondingly, the embodiment of the invention provides in a kind of double layer network the device of realizing that message is transmitted, referring to Fig. 9, device comprises:
First receiver module 901 is used to receive the DHCPV6 uplink message that is sent by the DHCPV6 client;
First forwarding module 902 is used for adding the field that is used for identifying user at the DHCPV6 uplink message that first receiver module 901 receives, and the message after the interpolation field is forwarded to the DHCPV6 server;
Second receiver module 903 is used to receive the DHCPV6 downlink message that is sent by the DHCPV6 server;
Second forwarding module 904 is used for then after the strip off fields, the message after the strip off fields being forwarded to the DHCPV6 client if the DHCPV6 downlink message that second receiver module 903 receives carries the field that is used for identifying user of being added by device.
Wherein, first forwarding module 902 specifically is used for the information according to the interface that receives the DHCPV6 uplink message, adds interface identifier to first field; According to the information of the client that receives, add client identification to second field, the message after the interpolation field is forwarded to the DHCPV6 server.
Wherein, first receiver module 901 specifically is used to receive the imploring solicit message that is sent by the DHCPV6 client; Second forwarding module 904 specifically is used for adding first field and second field at imploring solicit message, and first field is carried the interface identifier of the interface that receives imploring solicit message; Second field is carried the client identification of the DHCPV6 client that sends imploring solicit message; And the solicit message that adds after the field is forwarded to the DHCPV6 server, and so that the DHCPV6 server carries content according to field, the DHCPV6 client is authenticated, after authentication is passed through, return bulletin advertise message to the DHCPV6 client; Second receiver module 903 specifically is used to receive the advertise message that is sent by the DHCPV6 server; Second forwarding module 904 specifically is used for then after the strip off fields, the advertise message after the strip off fields being forwarded to the DHCPV6 client if the advertise message carries the field of being added by device.
Further, first receiver module 901 also is used to receive the request request message that is sent by the DHCPV6 client; First forwarding module 902 also is used for adding first field and second field at request request message, and first field is carried the interface identifier of the interface that receives the request message; Second field is carried the client identification of the DHCPV6 client that sends the request message; And the request message that adds after the field is forwarded to the DHCPV6 server, so that after the DHCPV6 server receives the request message, return answer reply message to the DHCPV6 client, carry the network parameter that the DHCPV6 server distributes for the DHCPV6 client in the reply message; Second receiver module 903 also is used to receive the reply message that is sent by the DHCPV6 server; Second forwarding module 904, also be used for if the reply message carries the field of being added by device, then after the strip off fields, the reply message after the strip off fields is forwarded to the DHCPV6 client, so that the DHCPV6 client obtains the network parameter of DHCPV6 server-assignment.
Wherein, in the double layer network, install to multistage; Correspondingly, every stage arrangement receives the DHCPV6 uplink message that is sent by the DHCPV6 client; In the DHCPV6 uplink message, add the field that is used for identifying user, and the message after the interpolation field is forwarded to low-level device, up to being forwarded to the DHCPV6 server; Every stage arrangement receives the DHCPV6 downlink message that is sent by the DHCPV6 server; If carry the field that is used for identifying user of adding in the DHCPV6 downlink message, then after the strip off fields, the message after the strip off fields be forwarded to low-level device, up to being forwarded to the DHCPV6 client by current device.
Further, device also comprises:
Judge module is used for judging whether the field that the DHCPV6 downlink message of reception carries is that two-layer equipment adds; Judge module specifically comprises: first judging unit, whether the length that is used for judging the field that the DHCPV6 downlink message of reception carries is consistent with the length of the field that two-layer equipment adds, if then the field of carrying in the DHCPV6 downlink message of Jie Shouing is that two-layer equipment adds; Or, second judging unit, whether the content that is used for judging regular length in the content of regular length in the field that the DHCPV6 downlink message of reception carries and the field that two-layer equipment adds is consistent, if then the field of carrying in the DHCPV6 downlink message of Jie Shouing is the two-layer equipment interpolation; Or, the 3rd judging unit, be used for judging whether default flag bit is consistent in the field that default flag bit and two-layer equipment add in the field that the DHCPV6 downlink message of reception carries, if then the field of carrying in the DHCPV6 downlink message of Jie Shouing is the two-layer equipment interpolation.
What pay particular attention to is that the device that the embodiment of the invention provides is arranged in the two-layer equipment of double layer network.
In sum, the device that the realization message that provides by the embodiment of the invention is transmitted, in the up realization of message for the up DHCPV6 message of receiving, add the field (option18 and option37) that is used for identifying user in the back, do not need to change type of message, the field (option18 and option37) of wherein carrying for the descending DHCPV6 message audit of receiving is that oneself adds, then peel off this field after clean culture send to corresponding ports.By adding physical message by two-layer network device, avoided disposing three-layer network appliance (as IP device) at network edge, the DHCPV6 server comes the user is authenticated according to the physical message that two-layer network device adds, and match address pond, and descending DHCP message is transmitted according to the option18 field, strengthen the fail safe that message is transmitted, efficiently solved the safety problem in the DHCPV6 agreement.
Embodiment 4
With said method embodiment 2 correspondingly, the embodiment of the invention provides in a kind of double layer network the device of realizing that message is transmitted, referring to Figure 10, this device comprises:
First receiver module 1001 is used to receive the DHCPV6 uplink message that is sent by this DHCPV6 client;
First forwarding module 1002 is used for adding the field that two-layer equipment is used for identifying user at this DHCPV6 uplink message, and the message after the interpolation field is forwarded to this three-layer equipment; So that after this three-layer equipment receives message after this interpolation field, add three-layer equipment in the message after this interpolation field and be used for the field of identifying user, two-layer equipment is used for the field of identifying user and field that three-layer equipment is used for identifying user is forwarded to this DHCPV6 server with carrying;
Second receiver module 1003 is used to receive the DHCPV6 downlink message that is sent by this three-layer equipment;
Second forwarding module 1004 is used for if this DHCPV6 downlink message carries the field that is used for identifying user of being added by this two-layer equipment, then peel off this field after, the message after the strip off fields is forwarded to the DHCPV6 client.
Wherein, first forwarding module 1002 specifically is used for the information according to the interface that receives this DHCPV6 uplink message, adds this interface identifier to this first field; According to the information of this client that receives, add this client identification to this second field.
Wherein, in double layer network, the device that this embodiment of the invention provides is multistage;
Every stage arrangement receives the DHCPV6 uplink message that is sent by this DHCPV6 client; In this DHCPV6 uplink message, add the field that is used for identifying user, and the message after the interpolation field is forwarded to low-level device, up to being forwarded to this three-layer equipment;
Every stage arrangement receives the DHCPV6 downlink message that is sent by this three-layer equipment; If carry the field that is used for identifying user of adding in this DHCPV6 downlink message by current device, then peel off this field after, the message after the strip off fields is forwarded to low-level device, up to being forwarded to this DHCPV6 client.
Wherein, this device is arranged in the two-layer equipment of double layer network.
In sum, the device that message is transmitted is provided in the double layer network that provides by the embodiment of the invention, based on being used of the three-layer equipment in this device and the three-layer network in the double layer network, up direction at message, the field (option18) that is used for identifying user is adopted the pattern that is layering, and final DHCPV6 server can comprehensively be held the positional information of DHCPV6 client by a Field Options.Down direction at message adopts the pattern of peeling off layer by layer for field, then peel off if this equipment adds, and finally according to the positional information that obtains, directly clean culture sends to the corresponding port.The DHCPV6 server comes the user is authenticated according to the physical message of this device in the double layer network and the interpolation of the three-layer equipment in the three-layer network, and match address pond, and descending DHCP message is transmitted according to corresponding field (option18), strengthen the fail safe that message is transmitted, efficiently solved the safety problem in the DHCPV6 agreement.
Embodiment 5
With said method embodiment 2 correspondingly, the embodiment of the invention provides in a kind of three-layer network the device of realizing that message is transmitted, referring to Figure 11, described device comprises:
First receiver module 1101, after being used to receive the message that adds after the field, message after the interpolation field is after two-layer equipment receives the DHCPV6 uplink message that is sent by the DHCPV6 client, in the DHCPV6 uplink message, add two-layer equipment and be used for the field of identifying user, and obtain after message after the field is transmitted adding;
First forwarding module 1102 is used for the field that message adding set after adding field is used for identifying user, and two-layer equipment is used for the field of identifying user and field that device is used for identifying user is forwarded to the DHCPV6 server with carrying;
Second receiver module 1103 is used to receive the DHCPV6 downlink message that is sent by the DHCPV6 server;
Second forwarding module 1104 is used for then after the strip off fields, the message after the strip off fields being forwarded to two-layer equipment if the DHCPV6 downlink message carries the field that is used for identifying user of being added by device.
Wherein, the field that the field that two-layer equipment is used for identifying user is used for identifying user comprises: first field and second field, and then first field is carried the interface identifier that two-layer equipment receives the interface of DHCPV6 uplink message; Second field is carried the client identification of the DHCPV6 client that sends the DHCPV6 uplink message;
First forwarding module 1102, specifically be used for the message after adding field, information according to the interface that receives the DHCPV6 uplink message, add the 3rd field, the 3rd field carrying device receives the interface identifier of DHCPV6 uplink message, and the message that carries first field, second field and the 3rd field is forwarded to the DHCPV6 server.
Further, device also comprises:
Processing module, the DHCP uplink message that the DHCPV6 client that is used for that the DHCP uplink message that two-layer equipment sends is carried sends is filled into relaying and transmits relay_forward message option, and before the DHCP uplink message that the DHCPV6 client sends, add relaying and transmit the relay_forward message header, msg_type is filled to RELAY_FORWARD with type of message; The 3rd field and first field are merged.
Wherein, install to multistage; Behind the message after every stage arrangement reception interpolation field, add the field that current device is used for identifying user in the message after adding field, be used for the field that the field of identifying user and device be used for identifying user and be forwarded to low-level device carrying two-layer equipment, up to being forwarded to the DHCPV6 server; Every stage arrangement receives the DHCPV6 downlink message that is sent by the DHCPV6 server; If carry the field that is used for identifying user of adding in the DHCPV6 downlink message, then after the strip off fields, the message after the strip off fields be forwarded to low-level device, up to being forwarded to two-layer equipment by current device.
Wherein, device is arranged in the three-layer equipment of three-layer network.
In sum, the device that message is transmitted is provided in the three-layer network that provides by the embodiment of the invention, based on being used of two-layer equipment in the double layer network and this device, up direction at message, the field (option18) that is used for identifying user is adopted the pattern that is layering, and final DHCPV6 server can comprehensively be held the positional information of DHCPV6 client by a Field Options.Down direction at message adopts the pattern of peeling off layer by layer for field, then peel off if this equipment adds, and by final positional information according to acquisition, directly clean culture sends to the corresponding port.The DHCPV6 server comes the user is authenticated according to the physical message that this device in two-layer equipment and the three-layer network adds, and match address pond, and descending DHCP message is transmitted according to corresponding field (option18), strengthen the fail safe that message is transmitted, efficiently solved the safety problem in the DHCPV6 agreement.
Embodiment 6
The method that provides with the foregoing description 1 correspondingly, the embodiment of the invention provides a kind of system that realizes that message is transmitted, referring to Figure 12, system comprises: dynamic host configuration protocol DHCP V6 server 1202, and the two-layer equipment 1201 that is arranged in double layer network,
Two-layer equipment 1201 is used to receive the DHCPV6 uplink message that is sent by the DHCPV6 client; In the DHCPV6 uplink message, add the field that is used for identifying user, and the message after the interpolation field is transmitted to DHCPV6 server 1202; Also be used to receive the DHCPV6 downlink message that sends by DHCPV6 server 1202; If carry the field that is used for identifying user of adding in the DHCPV6 downlink message, then after the strip off fields, the message after the strip off fields transmitted to the DHCPV6 client by two-layer equipment 1201;
DHCPV6 server 1202 is used to receive the message that two-layer equipment 1201 sends, and returns the DHCPV6 downlink message to two-layer equipment 1201.
Wherein, two-layer equipment 1201 adds interface identifier to first field according to the information of the interface that receives the DHCPV6 uplink message; Two-layer equipment 1201 adds client identification to second field according to the information of the client that receives.
Further, with said method embodiment 2 correspondingly, referring to Figure 13, the system that the embodiment of the invention provides also comprises: be positioned at the three-layer equipment 1203 of three-layer network,
Three-layer equipment 1203, after being used to receive the message after the interpolation field that two-layer equipment 1201 sends, add the field that three-layer equipment 1203 is used for identifying user in the message after adding field, two-layer equipment 1201 is used for the field of identifying user and field that three-layer equipment 1203 is used for identifying user is forwarded to DHCPV6 server 1202 with carrying; Also be used to receive the DHCPV6 downlink message that sends by DHCPV6 server 1202; If carry the field that is used for identifying user of adding in the DHCPV6 downlink message, then after the strip off fields, the message after the strip off fields be forwarded to two-layer equipment 1201 by three-layer equipment 1203.
Wherein, three-layer equipment 1203 is according to the information of the interface that receives the message after the interpolation field that two-layer equipment 1201 sends, add the 3rd field, the 3rd field carrying device receives the interface identifier of DHCPV6 uplink message, and the message that carries first field, second field and the 3rd field is forwarded to DHCPV6 server 1202.
Wherein, three-layer equipment 1203 is used for that also the DHCP uplink message that the DHCPV6 client that the DHCP uplink message that two-layer equipment 1201 sends carries sends is filled into relaying and transmits relay_forward message option, and before the DHCP uplink message that the DHCPV6 client sends, add relaying and transmit the relay_forward message header, msg_type is filled to RELAY_FORWARD with type of message; The 3rd field and first field are merged, the message after handling is forwarded to DHCPV6 server 1202.
Further, two-layer equipment 1201 is multistage, and/or three-layer equipment 1203 is multistage.
In sum, the system that the realization message that provides by the embodiment of the invention is transmitted, in the up realization of message for the up DHCPV6 message of receiving, add the field (option18 and option37) that is used for identifying user in the back, do not need to change type of message, the field (option18 and option37) of wherein carrying for the descending DHCPV6 message audit of receiving is that oneself adds, then peel off this field after clean culture send to corresponding ports.By adding physical message by two-layer network device, avoided disposing three-layer network appliance (as IP device) at network edge, the DHCPV6 server comes the user is authenticated according to the physical message that two-layer network device adds, and match address pond, and descending DHCP message is transmitted according to the option18 field, strengthen the fail safe that message is transmitted, efficiently solved the safety problem in the DHCPV6 agreement.
" reception " speech in the embodiment of the invention can be understood as and initiatively obtains from other modules also can be to receive the information that other modules are sent.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, module in the accompanying drawing or flow process might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device among the embodiment can be distributed in the device of embodiment according to the embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of the foregoing description can be merged into a module, also can further split into a plurality of submodules.
The invention described above embodiment sequence number is not represented the quality of embodiment just to description.
Part steps in the embodiment of the invention can utilize software to realize that corresponding software programs can be stored in the storage medium that can read, as CD or hard disk etc.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (16)

1. a method that realizes that message is transmitted is characterized in that, when dynamic host configuration protocol DHCP V6 client inserted the DHCPV6 server by double layer network, described method comprised:
Two-layer equipment receives the DHCPV6 uplink message that is sent by described DHCPV6 client; In described DHCPV6 uplink message, add the field be used for identifying user, and will add message after the field to described DHCPV6 server forwards;
Described two-layer equipment receives the DHCPV6 downlink message that is sent by described DHCPV6 server; If carry the field that is used for identifying user of adding in the described DHCPV6 downlink message by described two-layer equipment, then peel off described field after, the message after the strip off fields is transmitted to described DHCPV6 client.
2. the method for claim 1 is characterized in that, the described field that is used for identifying user comprises: first field and second field,
The then described field that is used for identifying user of adding in described DHCPV6 uplink message specifically comprises:
Described two-layer equipment adds described interface identifier to described first field according to the information of the interface that receives described DHCPV6 uplink message;
Described two-layer equipment adds described client identification to described second field according to the information of the described client that receives.
3. method as claimed in claim 2 is characterized in that,
Described two-layer equipment receives the imploring solicit message that is sent by described DHCPV6 client;
Add described first field and described second field in described imploring solicit message, described first field is carried the interface identifier of the interface that receives described imploring solicit message; Described second field is carried the client identification of the DHCPV6 client that sends described imploring solicit message;
And the solicit message that adds after the field is forwarded to described DHCPV6 server, so that described DHCPV6 server carries content according to described field, described DHCPV6 client is authenticated, after authentication is passed through, return bulletin advertise message to described DHCPV6 client;
Described two-layer equipment receives the advertise message that is sent by described DHCPV6 server; If carry the field of adding in the described advertise message by described two-layer equipment, then peel off described field after, the advertise message after the strip off fields is forwarded to the DHCPV6 client.
4. the method for claim 1 is characterized in that, in the described double layer network, described two-layer equipment is multistage;
Every grade of two-layer equipment receives the DHCPV6 uplink message that is sent by described DHCPV6 client; In described DHCPV6 uplink message, add the field that is used for identifying user, and the message after the interpolation field is forwarded to subordinate's two-layer equipment, up to being forwarded to described DHCPV6 server;
Every grade of two-layer equipment receives the DHCPV6 downlink message that is sent by described DHCPV6 server; If carry the field that is used for identifying user of adding in the described DHCPV6 downlink message by current two-layer equipment, then peel off described field after, the message after the strip off fields is forwarded to subordinate's two-layer equipment, up to being forwarded to described DHCPV6 client.
5. realize the device that message is transmitted in a double layer network, it is characterized in that described device comprises:
First receiver module is used to receive the DHCPV6 uplink message that is sent by the DHCPV6 client;
First forwarding module, the DHCPV6 uplink message that is used for receiving at described first receiver module adds the field that is used for identifying user, and will add message after the field to the DHCPV6 server forwards;
Second receiver module is used to receive the DHCPV6 downlink message that is sent by described DHCPV6 server;
Second forwarding module is used for if the DHCPV6 downlink message that described second receiver module receives carries the field that is used for identifying user of being added by described device, then peel off described field after, the message after the strip off fields is transmitted to described DHCPV6 client.
6. device as claimed in claim 5 is characterized in that, described first forwarding module specifically is used for the information according to the interface that receives described DHCPV6 uplink message, adds described interface identifier to described first field; According to the information of the described client that receives, add described client identification to described second field, the message after the interpolation field is forwarded to the DHCPV6 server.
7. device as claimed in claim 6 is characterized in that,
Described first receiver module specifically is used to receive the imploring solicit message that is sent by described DHCPV6 client;
Described second forwarding module specifically is used for adding described first field and described second field at described imploring solicit message, and described first field is carried the interface identifier of the interface that receives described imploring solicit message; Described second field is carried the client identification of the DHCPV6 client that sends described imploring solicit message; And the solicit message that adds after the field is forwarded to described DHCPV6 server, so that described DHCPV6 server carries content according to described field, described DHCPV6 client is authenticated, after authentication is passed through, return bulletin advertise message to described DHCPV6 client;
Described second receiver module specifically is used to receive the advertise message that is sent by described DHCPV6 server;
Described second forwarding module specifically is used for if described advertise message carries the field of being added by described device, then peel off described field after, the advertise message after the strip off fields is forwarded to DHCPV6 holds the family end.
8. device as claimed in claim 7 is characterized in that,
Described first receiver module also is used to receive the request request message that is sent by described DHCPV6 client;
Described first forwarding module also is used for adding described first field and described second field at described request request message, and described first field is carried the interface identifier of the interface that receives described request message; Described second field is carried the client identification of the DHCPV6 client that sends described request message; And the request message that adds after the field is forwarded to described DHCPV6 server, so that after described DHCPV6 server receives described request message, return answer reply message to described DHCPV6 client, carrying described DHCPV6 server in the described reply message is the network parameter that described DHCPV6 client is distributed;
Described second receiver module also is used to receive the reply message that is sent by described DHCPV6 server;
Described second forwarding module, also be used for if described reply message carries the field of being added by described device, after then peeling off described field, reply message after the strip off fields is forwarded to the DHCPV6 client, so that described DHCPV6 client obtains the network parameter of described DHCPV6 server-assignment.
9. device as claimed in claim 5 is characterized in that, in the described double layer network, described device is multistage;
Every stage arrangement receives the DHCPV6 uplink message that is sent by described DHCPV6 client; In described DHCPV6 uplink message, add the field that is used for identifying user, and the message after the interpolation field is forwarded to low-level device, up to being forwarded to described DHCPV6 server;
Every stage arrangement receives the DHCPV6 downlink message that is sent by described DHCPV6 server; If carry the field that is used for identifying user of adding in the described DHCPV6 downlink message by current device, then peel off described field after, the message after the strip off fields is forwarded to low-level device, up to being forwarded to described DHCPV6 client.
10. device as claimed in claim 5 is characterized in that, described device also comprises:
Judge module is used for judging whether the field that the described DHCPV6 downlink message of reception carries is that described two-layer equipment adds; Described judge module specifically comprises:
First judging unit, whether the length that is used for judging the field that the DHCPV6 downlink message of reception carries is consistent with the length of the field that described two-layer equipment adds, if then the field of carrying in the described DHCPV6 downlink message of Jie Shouing is that described two-layer equipment adds; Or,
Second judging unit, whether the content that is used for judging regular length described in the content of regular length in the field that the DHCPV6 downlink message of reception carries and the field that described two-layer equipment adds is consistent, if then the field of carrying in the described DHCPV6 downlink message of Jie Shouing is that described two-layer equipment adds; Or,
The 3rd judging unit, be used for judging whether default flag bit is consistent in the field that default flag bit and described two-layer equipment add in the field that the DHCPV6 downlink message of reception carries, if then the field of carrying in the described DHCPV6 downlink message of Jie Shouing is that described two-layer equipment adds.
11. a system that realizes that message is transmitted is characterized in that described system comprises: dynamic host configuration protocol DHCP V6 server, and the two-layer equipment that is arranged in double layer network,
Described two-layer equipment is used to receive the DHCPV6 uplink message that is sent by described DHCPV6 client; In described DHCPV6 uplink message, add the field be used for identifying user, and will add message after the field to described DHCPV6 server forwards; Also be used to receive the DHCPV6 downlink message that sends by described DHCPV6 server; If carry the field that is used for identifying user of adding in the described DHCPV6 downlink message by described two-layer equipment, then peel off described field after, the message after the strip off fields is transmitted to described DHCPV6 client;
Described DHCPV6 server is used to receive the message that described two-layer equipment sends, and returns the DHCPV6 downlink message to described two-layer equipment.
12. system as claimed in claim 11 is characterized in that, described two-layer equipment adds described interface identifier to described first field according to the information of the interface that receives described DHCPV6 uplink message; Described two-layer equipment adds described client identification to described second field according to the information of the described client that receives.
13., it is characterized in that described system also comprises as claim 11 or 12 described systems: be positioned at the three-layer equipment of three-layer network,
Described three-layer equipment, after being used to receive the message after the interpolation field that described two-layer equipment sends, add described three-layer equipment in the message after described interpolation field and be used for the field of identifying user, two-layer equipment is used for the field of identifying user and field that described three-layer equipment is used for identifying user is forwarded to described DHCPV6 server with carrying; Also be used to receive the DHCPV6 downlink message that sends by described DHCPV6 server; If carry the field that is used for identifying user of adding in the described DHCPV6 downlink message by described three-layer equipment, then peel off described field after, the message after the strip off fields is forwarded to described two-layer equipment.
14. system as claimed in claim 13, it is characterized in that, described three-layer equipment is according to the information of the interface that receives the message after the interpolation field that two-layer equipment sends, add the 3rd field, the 3rd field carrying device receives the interface identifier of DHCPV6 uplink message, and the message that carries first field, second field and the 3rd field is forwarded to the DHCPV6 server.
15. system as claimed in claim 14, it is characterized in that, the DHCP uplink message that the DHCPV6 client that described three-layer equipment is used for that also the DHCP uplink message that two-layer equipment sends is carried sends is filled into relaying and transmits relay_forward message option, and before the DHCP uplink message that the DHCPV6 client sends, add relaying and transmit the relay_forward message header, msg_type is filled to RELAY_FORWARD with type of message; The 3rd field and first field are merged, the message after handling is forwarded to the DHCPV6 server.
16. system as claimed in claim 12 is characterized in that, described two-layer equipment is multistage, and/or described three-layer equipment is multistage.
CN2009102352856A 2009-09-30 2009-09-30 Method, device and system for realizing message forwarding Pending CN102035724A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009102352856A CN102035724A (en) 2009-09-30 2009-09-30 Method, device and system for realizing message forwarding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009102352856A CN102035724A (en) 2009-09-30 2009-09-30 Method, device and system for realizing message forwarding

Publications (1)

Publication Number Publication Date
CN102035724A true CN102035724A (en) 2011-04-27

Family

ID=43888081

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009102352856A Pending CN102035724A (en) 2009-09-30 2009-09-30 Method, device and system for realizing message forwarding

Country Status (1)

Country Link
CN (1) CN102035724A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413203A (en) * 2011-12-01 2012-04-11 中兴通讯股份有限公司 IP (Internet Protocol) address allocation method and device
CN102629944A (en) * 2012-04-09 2012-08-08 华为技术有限公司 Method and device as well as system for network acceleration
WO2016037490A1 (en) * 2014-09-12 2016-03-17 中兴通讯股份有限公司 Method and device for processing dynamic host configuration protocol (dhcp) message
WO2018082592A1 (en) * 2016-11-02 2018-05-11 华为技术有限公司 Message processing method and network device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413203A (en) * 2011-12-01 2012-04-11 中兴通讯股份有限公司 IP (Internet Protocol) address allocation method and device
CN102629944A (en) * 2012-04-09 2012-08-08 华为技术有限公司 Method and device as well as system for network acceleration
CN102629944B (en) * 2012-04-09 2015-03-18 华为技术有限公司 Method and device as well as system for network acceleration
WO2016037490A1 (en) * 2014-09-12 2016-03-17 中兴通讯股份有限公司 Method and device for processing dynamic host configuration protocol (dhcp) message
WO2018082592A1 (en) * 2016-11-02 2018-05-11 华为技术有限公司 Message processing method and network device
US10931580B2 (en) 2016-11-02 2021-02-23 Huawei Technologies Co., Ltd. Packet processing method and network device

Similar Documents

Publication Publication Date Title
EP2645679B1 (en) Method and apparatus for message transmission
EP2482502B1 (en) Message handling method and apparatus
CN102845123B (en) Virtual private cloud connection method and tunnel proxy server
CN100583904C (en) Automatic configuration method for host address in IPV6 network
CN102347993B (en) Network communication method and equipment
KR101455219B1 (en) Method, apparatus and system for forwarding packet
CN101179603B (en) Method and device for controlling user network access in IPv6 network
CN106559292A (en) A kind of broad band access method and device
US8400943B2 (en) IPv6 addressing over non-IPv6 systems
EP2439903B1 (en) Method for providing information, home gateway and home network system
US9148401B2 (en) Method for obtaining IP address of DHCPV6 server, DHCPV6 server, and DHCPV6 communication system
CN102447752A (en) Service access method, system and device based on layer2 tunnel protocol (L2TP)
CN102752413B (en) Dynamic Host Configuration Protocol server system of selection and the network equipment
CN101252587B (en) User terminal access right identifying method and apparatus
CN101150517A (en) Packet transmission method and device
US20140032782A1 (en) Method and apparatus for route selection of host in multihoming site
CN103384282A (en) Method for obtaining IPV6ND address and broadband remote access server (BARS)
WO2013086966A1 (en) Layer 2 inter-connecting method, apparatus and system based on ipv6
CN101873320A (en) Client information verification method based on DHCPv6 relay and device thereof
CN102098278A (en) Subscriber access method and system as well as access server and device
CN102035724A (en) Method, device and system for realizing message forwarding
US9503418B2 (en) Method and apparatus for obtaining remote IP address
CN108259633B (en) Method, system and device for realizing management message three-layer communication
CN113014680B (en) Broadband access method, device, equipment and storage medium
CN103141072B (en) IP address acquiring method and network access equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20110427