Background technology
IPv6 (Internet Protocol Version 6; IPv 6) is the second generation standard agreement of network layer protocol; Also be called as IPng (IP Next Generation, next generation Internet), it is IETF (Internet Engineering Task Force; Internet engineering duty group) one of design cover standard is the upgraded version of IPv4.Difference the most significantly is between IPv6 and the IPv4: the length of IP address is increased to 128 bits from 32 bits.
Can manual configuration or accomplishes through auto configuration mode in the IPv6 address, auto configuration mode comprises that configuration of ND stateless automatic address and DHCP (Dynamic Host Configuration Protocol, DHCP) have state configuration.DHCPv6 (support IPv6 DHCP) be to the design of IPv6 addressing scheme, be the agreement of host assignment IPv6 address and other network configuration parameters.Compare with other IPv6 address distribution (manual configuration, through automatically configuration etc. of the network prefix stateless in the router), DHCPv6 has the following advantages:
(1) distribution of control address better.Not only can be recorded as the address of host assignment through DHCPv6, can also distribute specific address for particular host, so that network management;
(2) except the IPv6 address, network configuration parameters such as DNS (Domain Name System, domain name system) server, domain name can also be provided for main frame.
DHCPv6 adopts the client/server communication pattern, proposes the configuration application by user end to server, and server is returned as corresponding configuration informations such as client IP address allocated, to realize the dynamic-configuration of information such as IP address.The DHCPv6 client is through the multicast address and the DHCPv6 server communication of link range, to obtain IPv6 address and other network configuration parameters.If the server and client side not in same link range, then need E-Packet through the DHCPv6 relaying, can avoid like this in each link range, all disposing the DHCPv6 server, both provided cost savings, be convenient to again manage concentratedly.
Portal is also referred to as Web Portal scheme, is made up of five fundamentals usually in the classical group net mode: Authentication Client, access device, Portal server, authentication/accounting server and Security Policy Server.
Based on above group-network construction, the flow process that user access is controlled mainly comprises:
During the unauthenticated user accesses network; HTTP (HyperText Transfer Protocol is initiated in address through a Internet of input in the IE address field; HTTP) request, this HTTP request can be redirected on the web authentication homepage of Portal server through access device the time; The user submits to after the input authentication information in authentication homepage/authentication dialog, and Portal server can pass to access device with user's authentication information; Access device is communicated by letter with authentication/accounting server and is carried out authentication and charging; After authentication was passed through, if the user is not adopted security strategy, then access device can be opened the path of user and the Internet, allowed the user capture the Internet; If the user has been adopted security strategy, then client, access device and Security Policy Server are mutual, and after detection was passed through to user's security, Security Policy Server was according to security of users authorized user visit unlimited resources.
In the PORTAL networking; Simultaneously IPv4 and IPv6 (are expressed as IPv4/IPv6 if hope; As follows) user's control of surfing the Net; Then need access device can distinguish same user's IPv4 online flow process and IPv6 online flow process, promptly can from its address allocation procedure, find out same user's IPv4 address and IPv6 address.This process can be distinguished, generate MAC+IPv4 address+IPv6 address user information table then, and then control its IPv4/IPv6 access authority based on MAC (Media Access Control, media interviews control) address.Like this, as long as the user no matter be IPv4PORTAL or IPv6PORTAL, can carry out two stack online controls through a PORTAL authentication.
In the prior art, access device need be according to MAC Address, and the IPv4 of associated user and IPv6 internet information after the PORTAL authentication is passed through, also can be controlled user's IPv4/IPv6 online flow process according to this information.
The inventor finds that in realizing process of the present invention there is following defective at least in prior art:
(1) the PORTAL authentication gateway is deployed on the convergence-level, has promptly crossed over after the three-layer equipment, and user's mac address information possibly lost by middle routing device, thereby can't set up the association between same user's the IPv4/IPv6 address.
(2) for DHCPv4 address assignment flow process; MAC Address is present in the DHCP message always; And in the DHCPv6 flow process, if do not contain MAC Address (promptly not containing like Type 2) among the DUID (DHCPv6Unique ID, the unique identification of DHCPv6 server); Then will not exist, and then can't set up the incidence relation of same user's IPv4/IPv6 address through mac address information behind the DHCPv6 server relaying.
(3) if the message in the address assignment flow process is without being positioned at the interior PORTAL authentication gateway of BAS (Broadbind Access Server, BAS Broadband Access Server), the PORTAL authentication gateway can't be learnt user's IPv4/IPv6 address correlation relation.
All can cause the PORTAL authentication gateway can't know the association between same user's the IPv4/IPv6 address under the above-mentioned several kinds of situation, and then can't carry out the access control of two stack online same user.
Summary of the invention
The invention provides a kind of method and apparatus to two stack user access controls; Can't know the association between same user's the IPv4/IPv6 address in order to solve in the prior art because of the PORTAL authentication gateway, and then the problem that can't carry out the access control of two stacks online to same user.
Method to two stack user access controls provided by the invention; Be applied to the PORTAL network system; Wherein, PORTAL authentication gateway in DHCPv4 server, DHCPv6 server and the PORTAL network system access device is provided with the mapping algorithm of IPv4 address and IPv6 address, and this method comprises:
When DHCPv4 server or DHCPv6 server receive the address assignment request of client; Judge whether to presort the IP address of being furnished with respective protocol for said client; Be then will give said client if be judged as for the preallocated IP address assignment of said client; Otherwise, be said client distributing IP address, and, be another protocol of I P address of said client preassignment according to the mapping algorithm of IPv4 address and IPv6 address;
When the PORTAL authentication gateway receives the network access request of client based on IPv4 address or IPv6 address; And after said client certificate passed through; Mapping algorithm according to IPv4 address and IPv6 address obtains another protocol of I P address, and according to the IPv4 address and the IPv6 address of said client said client is carried out network access authority control.
PORTAL authentication gateway provided by the invention; Be arranged in the access device of PORTAL network system; Be provided with the mapping algorithm of IPv4 address and IPv6 address in the said PORTAL authentication gateway; And said mapping algorithm is with identical with the mapping algorithm of the IPv4 address that is provided with and IPv6 address in the DHCPv4/DHCPv6 server that this PORTAL authentication gateway cooperates, when the DHCPv4/DHCPv6 server is client distributing IP address, according to another protocol of I P address of said mapping algorithm preassignment; Said PORTAL authentication gateway comprises: control unit, authentication ' unit, address mapping unit and access control unit, wherein:
Said control unit is used for after place PORTAL authentication gateway receives the network access request of client, indicating said authentication ' unit that said client is carried out authentication processing; After said authentication ' unit is passed through said client certificate, indicate said address mapping unit to carry out map addresses, indicate said access control unit said client to be carried out network access authority control according to the address that said address mapping unit mapping obtains;
Said authentication ' unit is used for the indication according to said control unit, through PORTAL server and authentication and accounting server said client is carried out authentication;
Said address mapping unit is used for the indication according to said control unit, obtains another protocol of I P address according to the mapping algorithm of IPv4 address and IPv6 address;
Said access control unit is used for the indication according to said control unit, according to the IPv4 address and the IPv6 address of said client said client is carried out network access authority control.
The present invention compared with prior art has following useful technique effect:
Through the mapping algorithm of IPv4 address and IPv6 address is set on the PORTAL authentication gateway in DHCPv4 server, DHCPv6 server and PORTAL network system access device; Make when the DHCPv4/DHCPv6 server is client distributing IP address; Can be according to another protocol of I P address of this mapping algorithm preassignment, thus make the IPv4 address of same client and IPv6 address have mapping relations.Owing to also be deployed with this mapping algorithm on the PORTAL authentication gateway; Thereby make the PORTAL authentication gateway obtain another protocol of I P address according to IPv4 address or IPv6 address computation; Can access the mapping relations of the IPv4 address and the IPv6 address of same client, and then can be to two stack online carrying out controls of authority of same client.
The present invention also provides a kind of Dynamic Host Configuration Protocol server, in order to solve the problem that can't set up the mapping relations of MAC Address and IPv4 address and IPv6 address in the existing IP address assignment flow process based on DHCP.
Dynamic Host Configuration Protocol server provided by the invention; Be applied to the PORTAL network system; Be provided with the mapping algorithm of IPv4 address and IPv6 address in the said Dynamic Host Configuration Protocol server; And said mapping algorithm is with identical with the mapping algorithm of the IPv4 address that is provided with and IPv6 address in the PORTAL authentication gateway that this Dynamic Host Configuration Protocol server cooperates, and said Dynamic Host Configuration Protocol server comprises:
Receiving element is used to receive the address assignment request of client;
Judging unit is used for the address assignment request that receives according to said receiving element, judges whether the sign of corresponding said client records the IP address of preallocated respective protocol;
Allocation unit, the mapping algorithm that it is provided with IPv4 address and IPv6 address is used in said judgment unit judges will giving said client for the preallocated IP address assignment of said client when being; In said judgment unit judges for not the time; Be said client distributing IP address; Mapping algorithm according to IPv4 address and IPv6 address; Be another protocol of I P address of said client preassignment, and write down the sign and the corresponding relation that is said client distribution and preallocated IP address of said client;
Wherein, when said Dynamic Host Configuration Protocol server was the DHCPv4 server, said another protocol of I P address was the IPv6 address; When said Dynamic Host Configuration Protocol server was the DHCPv6 server, said another protocol of I P address was the IPv4 address.
The present invention compared with prior art has following useful technique effect:
Through the mapping algorithm of IPv4 address and IPv6 address is set; Make when being client distributing IP v4 address; According to this mapping algorithm preassignment IPv6 address, when being this client distributing IP v6 address address, directly use this preallocated IPv6 address; Vice versa; Thereby can set up the sign and the IPv4 address of distributing for this client and the mapping relations of IPv6 address of client, solve in the existing DHCPv6 flow process, because of not containing MAC Address among the DUID; So that will not exist through mac address information behind the DHCPv6 server relaying, and cause the DHCPv6 server can't be established as the problem of the mapping relations of IPv4 address that same client distributes and IPv6 address.
Embodiment
The embodiment of the invention can't be obtained to the PORTAL authentication gateway in the access device under two stack users' the situation of two stack address related informations, has proposed the technical scheme of a kind of pair of stack address association, and adopts this association to carry out user's control of surfing the Net.Specifically; The embodiment of the invention is through the mapping algorithm in DHCPv4/DHCPv6 server and PORTAL authentication gateway deploy IPv4/IPv6 address; And when being user's distributing IP v4 address or IPv6 address; Another protocol of I P address is carried out preassignment, thereby set up IPv4/IPv6 user's incidence relation, and then can on the PORTAL authentication gateway, accomplish two stack controls of authority of user.
Below in conjunction with accompanying drawing the embodiment of the invention is described in detail.
In the PORTAL group-network construction of the embodiment of the invention, the DHCPv4/DHCPv6 department server is deployed in the convergence-level in the PORTAL group-network construction, and interconnected with Access Layer.Concrete; The DHCPv4/DHCPv6 server is deployed on the same convergence device as one or different functional; Perhaps be deployed on the different convergence devices as different functional; Perhaps be connected on the convergence device as independent equipment, and interconnected with two layers of access devices, and then can be interconnected at two layers with all users.Wherein, the DHCPv4/DHCPv6 department server is deployed in the same link that inserts the user, and the DHCPv4/DHCPv6 server database is shared.If the DHCPv4/DHCPv6 server is deployed in respectively on same convergence device or the different convergence device, at this moment need DHCPv4 server and DHCPv6 server can communicate between the two.
The BAS deploy has the PORTAL authentication gateway, and PORTAL authentication gateway and PORTAL server are accomplished the PORTAL authentication jointly.
In order between all devices, to recognize two stack addresses of user synchronously, the embodiment of the invention has designed the algorithm that IPv4 address and IPv6 address are shone upon one by one, and at DHCPv4/DHCPv6 server and this algorithm of PORTAL authentication gateway deploy.Wherein, this algorithm specifically can be: with back 32 of unique IPv6 address that is mapped to fixing 96 prefixs, IPv4 address.Certainly, any can realization all should be included in the algorithm of IPv4 address and the unique mapping in IPv6 address within protection scope of the present invention.
PORTAL group-network construction sketch map when Fig. 1 shows the DHCPv4/DHCPv6 server and is deployed on the same convergence device as a functional module.
Based on above-mentioned group-network construction; Whenever the DHCPv4 server (under the situation that the DHCPv4/DHCPv6 server is disposed as functional module; Can be described as the DHCPv4/DHCPv6 server here) when dispensing an IPv4 address; Obtain corresponding IPv6 address through this algorithm, and be preassignment, the sign (such as user's MAC Address or user's name) of record respective user and the IPv4 address of being distributed and the corresponding relation of preallocated IPv6 address this IPv6 address mark; Thereby can when this user applies IPv6 address, will give this user for the preallocated IPv6 address assignment of this user.In like manner; Whenever the DHCPv6 server (under the situation that the DHCPv4/DHCPv6 server is disposed as functional module; Can be described as the DHCPv4/DHCPv6 server here) dispense an IPv6 address, be this user's preassignment IPv4 address then, and write down this user's sign and the IPv6 address of being distributed and the corresponding relation of preallocated IPv4 address through this algorithm; Thereby can when this user applies IPv4 address, will give this user for the preallocated IPv4 address assignment of this user.Fig. 2 and Fig. 3 show the idiographic flow of a kind of address assignment and management.
Referring to Fig. 2, as shown in the figure for the address administration schematic flow sheet that the embodiment of the invention provides, this flow process can comprise:
Step 201, DHCPv4 server receive the IPv4 address assignment request that the user sends through the place client.
Step 202, DHCPv4 server have judged whether to this user's preassignment the IPv4 address, are then to change step 203 over to if be judged as; Otherwise, change step 204 over to.
Concrete; Because DHCPv4 server and DHCPv6 department server are deployed in the same link that inserts the user; And DHCPv4 server and DHCPv6 server database are shared, and the DHCPv6 server is when being user's distributing IP v6 address, the IPv4 address that also has been this user's preassignment; And the sign that has write down the user and the IPv6 address of being distributed and the corresponding relation of preallocated IPv4 address address; Therefore, the DHCPv4 server can be through inquiry DHCPv6 data in server storehouse, has judged whether to this user's preassignment the IPv4 address according to this user's sign.Certainly; The DHCPv6 server also can be synchronized to DHCPv4 data in server storehouse with the IPv6 address of being distributed and the corresponding relation of preallocated IPv4 address address with user's sign; Thereby make the DHCPv4 server through oneself database of inquiry, judged whether to this user's preassignment the IPv4 address according to this user's sign.
Step 203, the DHCPv4 server will be given this user for the preallocated IPv4 address assignment of this user.
Step 204, DHCPv4 server are this user's distributing IP v4 address, and are this user's preassignment IPv6 address according to IPv4 address and the mapping algorithm of IPv6 address of configuration on it.
Concrete, behind the intact IPv4 address of DHCPv4 server-assignment, obtain the IPv6 address corresponding with the mapping algorithm of IPv6 address, and be preassignment this IPv6 address mark with this IPv4 address according to the IPv4 address that disposes it on.Then, this user's of DHCPv4 server record sign with for the IPv4 address of this user distribution be that the corresponding relation of the preallocated IPv6 of this user address is in database.Further, the DHCPv4 server also can be synchronized to this correspondence relationship information in the DHCPv6 data in server storehouse.
Referring to Fig. 3, when user's addresses discharged, its flow process also can may further comprise the steps:
After the IPv4 address that step 301, DHCPv4 server receive the user discharges request, wouldn't directly discharge this address, but be preassignment this address mark.
Step 302, the DHCPv4 server is judged the state of this user's IPv6 address, if the IPv6 address mark is preassignment, then changes step 303 over to; Otherwise, finish this address and reclaim release flow.
Concrete; The sign that the DHCPv4 server can be through inquiring about this user and the corresponding relation of IPv4 address and IPv6 address are known the state of IPv6 address label; If the IPv6 address mark is preassignment, then a kind of possibly be that this user does not also ask distributing IP v6 address, and another kind possibly be that this user has asked to distribute the IPv6 address; But this IPv6 address is discharged by this user; Which kind of situation no matter explains that all current user institute is real uses by this in this IPv6 address, this moment recyclable this user pairing IPv4 address and IPv6 address.If the IPv6 address is unmarked to be preassignment, explain that then this IPv6 address is current by this user's use, treat this moment to discharge this user pairing IPv4 address and IPv6 address more synchronously after the IPv6 address discharges.
Step 303, the DHCPv4/DHCPv6 server reclaims IPv4 address and IPv6 address, and deletes this user's the sign and the corresponding relation of IPv4 address and IPv6 address.
Need to prove, above-mentioned Fig. 2 and flow process shown in Figure 3, all distribution and the removal process with the IPv4 address is that example is described, the distribution of IPv6 address and removal process similarly repeat no more at this.
When the PORTAL authentication gateway among the BAS carries out the PORTAL authentication to the user; After this user's IPv4PORTAL authentication is passed through; If the security strategy of authenticated allows two stack online; Then the PORTAL authentication gateway obtains this user's IPv6 address according to the mapping algorithm of IPv4 address and IPv6 address, opens the access authority of IPv6 address simultaneously.Its idiographic flow can be as shown in Figure 5.
Referring to Fig. 4, as shown in the figure for the access control schematic flow sheet that the embodiment of the invention provides, this flow process can comprise:
Step 401~403; After PORTAL authentication gateway among the BAS receives the network access request based on the IPv4 address of user through place client transmission; It is redirected on the WEB certification page of PORTAL server; And after receiving the authentication information of user, send it to authentication/accounting server, and with it alternately so that this user is carried out authentication and charging through this WEB certification page submission.Its idiographic flow can adopt existing mode to realize, repeats no more at this.
Step 404, after this authentification of user passed through, the PORTAL authentication gateway judged whether to allow the two stacks online of this user according to security strategy, is then to change step 405 over to if be judged as; Otherwise, change step 407 over to.
Step 405, PORTAL authentication gateway obtain this user's IPv6 address according to the mapping algorithm of IPv4 address that disposes on it and IPv6 address.
Step 406, PORTAL authentication gateway judge whether this user is using this IPv6 address to carry out access to netwoks, are then to change step 407 over to if be judged as; Otherwise, change step 408 over to.
Step 407, PORTAL authentication gateway are opened the access authority of IPv4 address for this user.
At this moment, if access to netwoks is carried out in current this IPv6 address of using of this user, then still keep this user's the network access authority of IPv6 address constant.
Step 408, the PORTAL authentication gateway carries out network access authority control according to this user's IPv4 address and IPv6 address to this user.
Concrete, the PORTAL authentication gateway can carry out network access authority control according to security strategy, as under the situation that allows the two stack online of this user, opens the access authority of IPv4 address and IPv6 address for this user.
Referring to Fig. 5, when the user was rolled off the production line based on the network connection of IPv4 address, this flow process can comprise:
Step 501~502, the PORTAL authentication gateway among the BAS are known when the user is rolled off the production line based on the network connection of IPv4 address, judge whether this user rolls off the production line based on the network connection of IPv6 address, are then to change step 503 over to if be judged as; Otherwise, change step 504 over to.
Step 503, PORTAL authentication gateway are closed this user's access authority to this user processing of rolling off the production line.
Step 504, the PORTAL authentication gateway keeps the current presence of this user, and keeps the current access authority of this user.
Can find out through above description; Through the mapping algorithm of IPv4 address and IPv6 address is set on the PORTAL authentication gateway in DHCPv4 server, DHCPv6 server and PORTAL network system access device; Make when the DHCPv4/DHCPv6 server is client distributing IP address; Can be according to another protocol of I P address of this mapping algorithm preassignment, thus make same user's IPv4 address and IPv6 address have mapping relations.Owing to also be deployed with this mapping algorithm on the PORTAL authentication gateway; Thereby make the PORTAL authentication gateway obtain another protocol of I P address according to IPv4 address or IPv6 address computation; Can access the mapping relations of same user's IPv4 address and IPv6 address, and then can be to two stack online carrying out controls of authority of same user.
Based on identical technical conceive, the embodiment of the invention also provides a kind of PORTAL authentication gateway and Dynamic Host Configuration Protocol server that is applied to above-mentioned PORTAL network system and handling process.
Referring to Fig. 6; The structural representation of the PORTAL authentication gateway that provides for the embodiment of the invention; This PORTAL authentication gateway is arranged in the access device of PORTAL network system; Be provided with the mapping algorithm of IPv4 address and IPv6 address in this PORTAL authentication gateway; And this mapping algorithm is with identical with the mapping algorithm of the IPv4 address that is provided with and IPv6 address in the DHCPv4/DHCPv6 server that this PORTAL authentication gateway cooperates, when the DHCPv4/DHCPv6 server is client distributing IP address, according to another protocol of I P address of this mapping algorithm preassignment.
As shown in Figure 6, this PORTAL authentication gateway comprises: control unit 601, authentication ' unit 602, address mapping unit 603 and access control unit 604, wherein:
Control unit 601 is used for after place PORTAL authentication gateway receives the network access request of client, and 602 pairs of said clients of indication authentication ' unit are carried out authentication processing; After 602 pairs of said client certificates of authentication ' unit passed through, indication address mapping unit 603 carried out map addresses, and network access authority control is carried out to said client in indication access control unit 604 address that 603 mappings obtain according to address mapping unit;
Authentication ' unit 602 is used for the indication according to control unit 601, through PORTAL server and authentication and accounting server said client is carried out authentication;
Address mapping unit 603 is used for the indication according to control unit 601, obtains another protocol of I P address according to the mapping algorithm of IPv4 address and IPv6 address;
Concrete, address mapping module 603 is under the situation based on the network access request of IPv4 address in said network access request, obtains the IPv6 address according to the mapping algorithm of IPv4 address and IPv6 address; And, be under the situation based on the network access request of IPv6 address in said network access request, obtain the IPv4 address according to the mapping algorithm of IPv4 address and IPv6 address.
Access control unit 604 is used for the indication according to control unit 601, according to the IPv4 address and the IPv6 address of said client said client is carried out network access authority control.
Further, control unit 601 also is used for: after 602 pairs of said client certificates of authentication ' unit pass through, judge whether the client of asking to carry out access to netwoks is allowed to the dual-stack network visit; And, after address mapping unit 603 mapping obtains the IP address, judge that the current IP address of whether using said address mapping unit mapping to obtain of said client carries out access to netwoks.Accordingly, control unit 601 is when judging that request carries out the client of access to netwoks when being allowed to the dual-stack network visit, and indication address mapping unit 603 carries out map addresses; And when judging that access to netwoks is carried out in the current IP address of not using mapping to obtain of said client, indication access control unit 604 is opened the network access authority of the IPv4 address and the IPv6 address of said client.
Further, control unit 601 also is used for: when knowing that the network of client based on the IPv4 address connects disconnection, judge whether said client breaks off based on the network connection of IPv6 address; And, when knowing that the network of client based on the IPv6 address connects disconnection, judge whether said client breaks off based on the network connection of IPv4 address.Accordingly, control unit 601 is when judging that the network of said client based on IPv6 address or IPv4 address connects disconnection, and indication access control unit 604 is closed the network access authority of said client; When judging that said client is not broken off based on the network connection of IPv6 address or IPv4 address, indication access control unit 604 keeps the network access authority of said client.Access control unit 604 carries out handled according to the indication of control unit 603.
Referring to Fig. 7, the structural representation of the Dynamic Host Configuration Protocol server that provides for the embodiment of the invention.This Dynamic Host Configuration Protocol server is applied to the PORTAL network system; Be provided with the mapping algorithm of IPv4 address and IPv6 address in this Dynamic Host Configuration Protocol server, and this mapping algorithm is with identical with the mapping algorithm of the IPv4 address that is provided with and IPv6 address in the PORTAL authentication gateway that this Dynamic Host Configuration Protocol server cooperates.Concrete, the mapping algorithm of said IPv4 address and IPv6 address is: with unique back 32 of being mapped to the IPv6 address of fixing 96 prefixs in IPv4 address.
As shown in Figure 7, this Dynamic Host Configuration Protocol server can comprise: receiving element 701, judging unit 702 and allocation unit 703, wherein:
Receiving element 701 is used to receive the address assignment request of client;
Judging unit 702 is used for the address assignment request that receives according to receiving element 701, judges whether the sign of corresponding said client records the IP address of preallocated respective protocol;
Allocation unit 703, the mapping algorithm that it is provided with IPv4 address and IPv6 address is used for being judged as when being at judging unit 702, will give said client for the preallocated IP address assignment of said client; When judging unit 702 is judged as not; Be said client distributing IP address; Mapping algorithm according to IPv4 address and IPv6 address; Be another protocol of I P address of said client preassignment, and write down the sign and the corresponding relation that is said client distribution and preallocated IP address of said client;
Wherein, when said Dynamic Host Configuration Protocol server was the DHCPv4 server, said another protocol of I P address was the IPv6 address; When said Dynamic Host Configuration Protocol server was the DHCPv6 server, said another protocol of I P address was the IPv4 address.
Further, receiving element 701 also is used for, and the IP address that receives client discharges request; Accordingly, judging unit 702 also is used for, and after the IP address that receiving element 701 receives client discharges request, judges whether another protocol of I P address of said client is the preassignment state; Accordingly, allocation unit 703 also is used for, and is judged as when being the IPv4 address and the IPv6 address of reclaiming said client at judging unit 702; When judging unit 702 was judged as not, the state of the IP address of release of asking was set to preassignment.
In sum, the embodiment of the invention is to the situation of two stack user PORTAL authentications online, through address correlation mechanism, solves the surf the Net association of flow process of two stack users, and is convenient to user's management of surfing the Net.In addition, because user's IPv4/IPv6 address mapping relation is fixed, concerning operator, can carry out user's monitoring and management more easily.
Through the description of above execution mode, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding; The part that technical scheme of the present invention contributes to prior art in essence in other words can be come out with the embodied of software product; This computer software product is stored in the storage medium, comprise some instructions with so that a station terminal equipment (can be mobile phone, personal computer; Server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above only is a preferred implementation of the present invention; Should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; Can also make some improvement and retouching, these improvement and retouching also should be looked protection scope of the present invention.