CN102420818A - Network access control method, device and system - Google Patents

Network access control method, device and system Download PDF

Info

Publication number
CN102420818A
CN102420818A CN2011103843208A CN201110384320A CN102420818A CN 102420818 A CN102420818 A CN 102420818A CN 2011103843208 A CN2011103843208 A CN 2011103843208A CN 201110384320 A CN201110384320 A CN 201110384320A CN 102420818 A CN102420818 A CN 102420818A
Authority
CN
China
Prior art keywords
bras
network access
access request
address
user terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011103843208A
Other languages
Chinese (zh)
Inventor
孙莉
张震
徐东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN2011103843208A priority Critical patent/CN102420818A/en
Publication of CN102420818A publication Critical patent/CN102420818A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a network access control method, device and system, wherein the method comprises the steps: a main BRAS (Broadband Remote Access Server) receives a network access request including a source IP address, and sends the network access request to a standby BRAS for processing if the main BRAS queries a locally-stored control table to acquisition without processing the network access request. According to the network access control method, device and system provided by the invention, a standby broadband access server can jointly bear a user terminal with the main BRAS, thus load of the main broadband access server can be lightened, and utilization rate of the standby BRAS can be increased.

Description

Method for network access control, device and system
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method for network access control, device and system.
Background technology
Along with the quickening of networked paces, the diversity of broadband user's rapid growth and Network, (Broadband Remote Access Server, capacity BRAS) and safety and stability etc. require increasingly high to BAS Broadband Access Server.
The configuration mode of available technology adopting master-slave redundancy; The master is responsible for the network insertion of all user terminals and the data processing in the access to netwoks with BAS Broadband Access Server; Subsequent use BAS Broadband Access Server just carries out the synchronous of information; In the main safety of switching the assurance system when breaking down with BAS Broadband Access Server with stable, but main limited in one's ability with the BAS Broadband Access Server deal with data influences the speed of access network.
Summary of the invention
To the above-mentioned defective of prior art, the embodiment of the invention provides a kind of method for network access control, device and system.
One aspect of the present invention provides a kind of method for network access control, comprising:
The main network access request that comprises source IP address that receives the user terminal transmission with BRAS;
If said main control table of storing according to said source IP address inquiry this locality with BRAS knows that needs are not handled said network access request, then said network access request is sent to subsequent use BRAS and handle.
The present invention provides a kind of method for network access control on the other hand, comprising:
Subsequent use BRAS receives main network access request of sending with BRAS; Wherein, Said network access request is the source IP address in said main said network access request of sending based on user terminal with BRAS; The control table of the local storage of inquiry is not known and need be handled said network access request, then said network access request is sent to subsequent use BRAS and handles;
Said subsequent use BRAS is forwarded to the destination server in the Internet according to the purpose IP address that from said network access request, obtains through router;
Said subsequent use BRAS receives the data message that said destination server returns through said router, and is transmitted to said user terminal according to the source IP address that from said network access request, obtains.
Another aspect of the invention provides a kind of master to use BAS Broadband Access Server, comprising:
First receiver module is used to receive the network access request that comprises source IP address that user terminal sends;
Enquiry module is used for knowing according to the control table of the local storage of said source IP address inquiry whether needs are handled said network access request;
First processing module is used for then said network access request being sent to subsequent use BRAS and handling if said enquiry module is not known and need be handled said network access request.
Further aspect of the present invention provides a kind of subsequent use BAS Broadband Access Server, comprising:
Second receiver module; Be used to receive main network access request of sending with BRAS; Wherein, Said network access request is the source IP address in said main said network access request of sending according to user terminal with BRAS, and the control table of the local storage of inquiry is not known and need be handled said network access request, then said network access request is sent to subsequent use BRAS and handles;
Forwarding module; Be used for according to purpose IP address from said network access request is obtained; Be forwarded to the destination server in the Internet through router; And receive the data message that said destination server returns through said router, and be transmitted to said user terminal according to the source IP address that from said network access request, obtains.
The present invention provides a kind of network access control system on the other hand, comprises above-mentioned master with BAS Broadband Access Server, subsequent use BAS Broadband Access Server and user terminal,
Wherein, the main network access request that comprises source IP address that receives the user terminal transmission with BRAS; If said main control table of storing according to said source IP address inquiry this locality with BRAS knows that needs are not handled said network access request, then said network access request is sent to subsequent use BRAS and handle;
Subsequent use BRAS receives main network access request of sending with BRAS; Said subsequent use BRAS is according to the purpose IP address that from said network access request, obtains; Be forwarded to the destination server in the Internet through router; And receive the data message that said destination server returns through said router, and according to being transmitted to said user terminal from said source IP address.
The method for network access control that the embodiment of the invention provides, device and system; Receive the network access request that comprises source IP address that user terminal sends through main with BRAS; If the control table according to the local storage of source IP address inquiry knows that needs are not handled network access request; Then network access request being sent to subsequent use BRAS handles; Realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks, both can alleviate main burden, can improve the utilance of subsequent use BRAS again with BRAS.
Description of drawings
Fig. 1 is method for network access control embodiment one flow chart of the present invention;
Fig. 2 is method for network access control embodiment two flow charts of the present invention;
Fig. 3 is method for network access control embodiment three flow charts of the present invention;
Fig. 4 is method for network access control embodiment four flow charts of the present invention;
Fig. 5 is method for network access control embodiment five flow charts of the present invention;
Fig. 6 is main with BAS Broadband Access Server example structure sketch map for the present invention;
Fig. 7 is main with another example structure sketch map of BAS Broadband Access Server for the present invention;
Fig. 8 is main with the another example structure sketch map of BAS Broadband Access Server for the present invention;
Fig. 9 is the subsequent use BAS Broadband Access Server example structure of a present invention sketch map;
Figure 10 is a network access control system example structure sketch map of the present invention.
Embodiment
Fig. 1 is method for network access control embodiment one flow chart of the present invention, and is as shown in Figure 1, and this method comprises:
Step 100, the main network access request that comprises source IP address that receives the user terminal transmission with BRAS;
User terminal is connected respectively with subsequent use BRAS with BRAS with main through switch; BAS Broadband Access Server guarantees the stability and the fail safe of customer access network through adopting the master-slave redundancy mode, and wherein, the master is responsible for the data processing of user terminal in the access to netwoks process with BRAS; Subsequent use BRAS just carries out the synchronous of user related information with main with BRAS; When main with BRAS owing to when self or lower floor's link failure, switch to subsequent use BRAS, subsequent use BRAS is responsible for the data processing of user terminal in the access to netwoks process at this moment; User terminal is in the process of carrying out access to netwoks, at first to the main network access request that comprises source IP address of sending with BRAS.
Step 101 if said main control table of storing according to said source IP address inquiry this locality with BRAS knows that needs are not handled said network access request, then sends to subsequent use BRAS with said network access request and handles.
The main source IP address that from the network access request that receives, obtains user terminal with BRAS; Because it is main limited to the data-handling capacity that user terminal carries out access to netwoks with BRAS; Therefore know whether will handle according to the control table of the local storage of source IP address inquiry of obtaining to the network access request that this source IP address corresponding user terminal is sent; Wherein, Receive the source IP address of master with the user terminal of BRAS control carrying out access to netwoks main comprising with the local control table of storing of BRAS, therefore, if local control table of storing does not comprise the source IP address that the master receives with BRAS; Know that then the master does not control the access to netwoks of this source IP address corresponding user terminal with BRAS; Need not handle, then said network access request sent to subsequent use BRAS, subsequent use BRAS is handled the data of user terminal in the access to netwoks process the network access request that receives; If the control table of local storage comprises the main source IP address that receives with BRAS; Know that then the master controls the access to netwoks of this source IP address corresponding user terminal with BRAS, need handle and the data of user terminal in the access to netwoks process are handled the network access request that receives.
Perhaps; Main control table with the local storage of BRAS comprises the source IP address that does not receive the master to control the user terminal that carries out access to netwoks with BRAS; Therefore; If the control table of local storage comprises the main source IP address that receives with BRAS, know that then the master does not control the access to netwoks of this source IP address corresponding user terminal with BRAS, need not handle the network access request that receives; Then said network access request is sent to subsequent use BRAS, subsequent use BRAS is handled the data of user terminal in the access to netwoks process; If the control table of local storage does not comprise the main source IP address that receives with BRAS; Know that then the master controls the access to netwoks of this source IP address corresponding user terminal with BRAS, need handle and the data of user terminal in the access to netwoks process are handled the network access request that receives.
The method for network access control that present embodiment provides; Receive the network access request that comprises source IP address that user terminal sends through main with BRAS; If the control table according to the local storage of source IP address inquiry knows that needs are not handled network access request; Then network access request being sent to subsequent use BRAS handles; Realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks, both can alleviate main burden, can improve the utilance of subsequent use BRAS again with BRAS.
Fig. 2 is method for network access control embodiment two flow charts of the present invention, and is as shown in Figure 2, and this method comprises:
Step 200, the main network access request that comprises source IP address that receives the user terminal transmission with BRAS;
User terminal is in the process of carrying out access to netwoks, at first to the main network access request that comprises source IP address of sending with BRAS.
Step 201 knows according to the control table of the local storage of said source IP address inquiry whether needs are handled said network access request, and if not, then execution in step 202, if then execution in step 203;
The main source IP address that from the network access request that receives, obtains user terminal with BRAS; And the control table of the local storage of inquiry knows whether will handle the network access request that this source IP address corresponding user terminal is sent; Wherein, Receive the source IP address of master with the user terminal of BRAS control carrying out access to netwoks main comprising with the local control table of storing of BRAS, therefore, if local control table of storing does not comprise the source IP address that the master receives with BRAS; Know that then the master does not control the access to netwoks of this source IP address corresponding user terminal with BRAS, need not handle the network access request that receives; If the control table of local storage comprises the main source IP address that receives with BRAS, know that then the master controls the access to netwoks of this source IP address corresponding user terminal with BRAS, need handle the network access request that receives.
Perhaps; Main control table with the local storage of BRAS comprises the source IP address that does not receive the master to control the user terminal that carries out access to netwoks with BRAS; Therefore; If the control table of local storage comprises the main source IP address that receives with BRAS, know that then the master does not control the access to netwoks of this source IP address corresponding user terminal with BRAS, need not handle the network access request that receives; If the control table of local storage does not comprise the main source IP address that receives with BRAS, know that then the master controls the access to netwoks of this source IP address corresponding user terminal with BRAS, need handle the network access request that receives.
Step 202 sends to subsequent use BRAS with said network access request and handles;
Step 203, the purpose IP address according to from said network access request, obtaining is forwarded to the destination server in the Internet through router; And receive the data message that said destination server returns through said router, and be transmitted to said user terminal according to said source IP address.
Main with BRAS if know that according to the control table of the local storage of the inquiry of the source IP address in the network access request needs handle the network access request of user terminal transmission; Specifically comprise transmitting uplink data and downlink data transmission; Transmitting uplink data comprises: the purpose IP address that from network access request, obtains; This network access request is sent to first line of a couplet router such as business router or core router, and first line of a couplet router is sent to the destination server in the Internet according to said purpose IP address with network access request again; Downlink data transmission comprises: destination server is to router return data message, and router returns to the main BRAS that uses with this data message, and the master gives said user terminal according to the source IP address of user terminal with the data message forwarding that destination server returns with BRAS.
The method for network access control that present embodiment provides; Receive the network access request that comprises source IP address that user terminal sends through main with BRAS; If the control table according to the local storage of source IP address inquiry knows that needs are not handled network access request; Then network access request is sent to subsequent use BRAS and handle,, realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks if need then handle this network access request; Both can alleviate main burden, can improve the utilance of subsequent use BRAS again with BRAS.
Fig. 3 is method for network access control embodiment three flow charts of the present invention, and is as shown in Figure 3, and this method comprises:
Step 300, the master carries out authentication and distributes source IP address said user terminal with BRAS;
User terminal will obtain the source IP address that is used for identifying subscriber terminal earlier and link with network foundation before the transmission network access request is carried out access to netwoks, and the master carries out authentication and distributes source IP address user terminal with BRAS.
Step 301 if the said main carrying threshold value that is provided with in advance with the BRAS basis is known can be handled the network access request of said user terminal transmission, then said source IP address is stored in the local control table;
BAS Broadband Access Server is limited to the data-handling capacity of user terminal in carrying out the access to netwoks process; According to the main carrying threshold value that user terminal is set in advance with capacity and the concrete applicable cases of BRAS on leading with BRAS; The maximum that the user terminal of network access request is sent in the promptly main processing that can carry with BRAS; Illustrate, suppose that the carrying threshold value at the main BRAS of use preset user terminal is 50, the main user terminal that passes through to authentication with BRAS distributes source IP address; And judge that this user terminal is the 40th user terminal that distributes source IP address; Also arrive and carry threshold value, then the master can handle the network access request that this user terminal sends with BRAS, and the source IP address of distributing to this user terminal is stored in the local control table; Know that this user terminal is the 52nd user terminal that distributes source IP address if judge; Surpassed the carrying threshold value, then the master can not handle the network access request that this user terminal sends with BRAS, and no longer memory allocation is given the source IP address of this user terminal.
Step 302, the main network access request that comprises source IP address that receives the user terminal transmission with BRAS;
User terminal is in the process of carrying out access to netwoks, at first to the main network access request that comprises source IP address of sending with BRAS.
Step 303 if said main control table of storing according to said source IP address inquiry this locality with BRAS knows that needs are not handled said network access request, then sends to subsequent use BRAS with said network access request and handles.
The main source IP address that from the network access request that receives, obtains user terminal with BRAS; Because it is main limited to the data-handling capacity that user terminal carries out access to netwoks with BRAS; Therefore know whether will handle according to the control table of the local storage of source IP address inquiry of obtaining to the network access request that this source IP address corresponding user terminal is sent; Wherein, Receive the source IP address of master with the user terminal of BRAS control carrying out access to netwoks main comprising with the local control table of storing of BRAS, therefore, if local control table of storing does not comprise the source IP address that the master receives with BRAS; Know that then the master does not control the access to netwoks of this source IP address corresponding user terminal with BRAS; Need not handle, then said network access request sent to subsequent use BRAS, subsequent use BRAS is handled the data of user terminal in the access to netwoks process the network access request that receives.
The method for network access control that present embodiment provides; Set up control table with BRAS according to carrying threshold value that is provided with in advance and the source IP address of distributing to user terminal through main; The main network access request that comprises source IP address that receives the user terminal transmission with BRAS; If the control table according to the local storage of source IP address inquiry knows that needs are not handled network access request, then network access request is sent to subsequent use BRAS and handle, realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks; Both can alleviate main burden, can improve the utilance of subsequent use BRAS again with BRAS.
Fig. 4 is method for network access control embodiment four flow charts of the present invention, and is as shown in Figure 4, and this method comprises:
Step 400, the main network insertion request of carrying user's name and password that receives said user terminal transmission with BRAS;
User terminal is before the transmission network access request is carried out access to netwoks; Will obtain the source IP address that is used for identifying subscriber terminal earlier links with network foundation; User terminal can select the various network access way such as PPP mode, PPPOE mode and DHCP mode etc. according to concrete application need, to main network insertion request of carrying user's name and password with the BRAS transmission.
Step 401, said master sends to the Radius server with BRAS with said network insertion request, for said Radius server said user terminal is carried out authentication;
The master sends to the Radius server with BRAS with the network insertion request that receives; The Radius server obtains the user's name and the password of user terminal from the network insertion request; User's name and the password of inquiring about local user terminals stored carry out authentication to said user terminal; If it is both unanimities then authentication are passed through, through message, inconsistent then to main authentication error message of returning user terminal with BRAS as if both to the main authentication of returning user terminal with BRAS.
Step 402 if said master receives authentication that said Radius server returns through message with BRAS, is then distributed source IP address to said user terminal, carries out access to netwoks for said user terminal;
Receive authentication that the Radius server returns through message when main with BRAS, then distribute source IP address to this user terminal, user terminal has been set up with network based on the main source IP address that distributes with BRAS and has been linked, and can send network access request and carry out access to netwoks.
Step 403 if the said main carrying threshold value that is provided with in advance with the BRAS basis is known can be handled the network access request of said user terminal transmission, then said source IP address is stored in the local control table;
BAS Broadband Access Server is limited to the data-handling capacity of user terminal in carrying out the access to netwoks process; According to the main carrying threshold value that user terminal is set in advance with capacity and the concrete applicable cases of BRAS on leading with BRAS; The maximum that the user terminal of network access request is sent in the promptly main processing that can carry with BRAS; Illustrate, suppose that the carrying threshold value at the main BRAS of use preset user terminal is 50, the main user terminal that passes through to authentication with BRAS distributes source IP address; And judge that this user terminal is the 40th user terminal that distributes source IP address; Also arrive and carry threshold value, then the master can handle the network access request that this user terminal sends with BRAS, and the source IP address of distributing to this user terminal is stored in the local control table; Know that this user terminal is the 52nd user terminal that distributes source IP address if judge; Surpassed the carrying threshold value, then the master can not handle the network access request that this user terminal sends with BRAS, and no longer memory allocation is given the source IP address of this user terminal.
Step 404, the main network access request that comprises source IP address that receives the user terminal transmission with BRAS;
Step 405 if said main control table of storing according to said source IP address inquiry this locality with BRAS knows that needs are not handled said network access request, then sends to subsequent use BRAS with said network access request and handles.
The practical implementation process of step 404 in the present embodiment and step 405 repeats no more referring to above-mentioned steps 100 and step 101 here.
The method for network access control that present embodiment provides; Set up control table with BRAS according to carrying threshold value that is provided with in advance and the source IP address of distributing to user terminal through main; The main network access request that comprises source IP address that receives the user terminal transmission with BRAS; If the control table according to the local storage of source IP address inquiry knows that needs are not handled network access request, then network access request is sent to subsequent use BRAS and handle, realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks; Both can alleviate main burden, can improve the utilance of subsequent use BRAS again with BRAS.
Fig. 5 is method for network access control embodiment five flow charts of the present invention, and is as shown in Figure 5, and this method comprises:
Step 500; Subsequent use BRAS receives main network access request of sending with BRAS; Wherein, Said network access request is the source IP address in said main said network access request of sending according to user terminal with BRAS, and the control table of the local storage of inquiry is not known and need be handled said network access request, then said network access request is sent to subsequent use BRAS and handles;
The main network access request that comprises source IP address that receives the user terminal transmission with BRAS; Because it is main limited to the data-handling capacity that user terminal carries out access to netwoks with BRAS; Main control table of storing according to source IP address inquiry this locality with BRAS knows whether will handle the network access request that this source IP address corresponding user terminal is sent; Wherein, Receive the source IP address of master with the user terminal of BRAS control carrying out access to netwoks main comprising with the local control table of storing of BRAS, therefore, if local control table of storing does not comprise the source IP address that the master receives with BRAS; Know that then the master does not control the access to netwoks of this source IP address corresponding user terminal with BRAS; Need not handle, then said network access request sent to subsequent use BRAS, subsequent use BRAS is handled the data of user terminal in the access to netwoks process the network access request that receives;
Perhaps; Main control table with the local storage of BRAS comprises the source IP address that does not receive the master to control the user terminal that carries out access to netwoks with BRAS; Therefore; If the control table of local storage comprises the main source IP address that receives with BRAS, know that then the master does not control the access to netwoks of this source IP address corresponding user terminal with BRAS, need not handle the network access request that receives; Then said network access request is sent to subsequent use BRAS, subsequent use BRAS is handled the data of user terminal in the access to netwoks process.
Step 501, said subsequent use BRAS is forwarded to the destination server in the Internet according to the purpose IP address that from said network access request, obtains through router;
Subsequent use BRAS handles the network access request that user terminal sends; Transmitting uplink data comprises: the purpose IP address that from network access request, obtains; This network access request is sent to first line of a couplet router such as business router or core router, and first line of a couplet router is sent to the destination server in the Internet according to said purpose IP address with network access request again.
Step 502, said subsequent use BRAS receives the data message that said destination server returns through said router, and is transmitted to said user terminal according to the source IP address that from said network access request, obtains.
Downlink data transmission comprises: destination server is to router return data message, and router returns to subsequent use BRAS with this data message, and subsequent use BRAS gives said user terminal according to the source IP address of user terminal with the data message forwarding that destination server returns.
The method for network access control that present embodiment provides; Receive the network access request that comprises source IP address that user terminal sends through main with BRAS; If the control table according to the local storage of source IP address inquiry knows that needs are not handled network access request; Then network access request being sent to subsequent use BRAS handles; Realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks, both can alleviate main burden, can improve the utilance of subsequent use BRAS again with BRAS.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
Fig. 6 is main with BAS Broadband Access Server example structure sketch map for the present invention; As shown in Figure 6; This master comprises with BAS Broadband Access Server: first receiver module 11, enquiry module 12 and first processing module 13; Wherein, first receiver module 11 is used to receive the network access request that comprises source IP address that user terminal sends; Enquiry module 12 is used for knowing according to the control table of the local storage of source IP address inquiry whether needs are handled network access request; First processing module 13 is used for then network access request being sent to subsequent use BRAS and handling if enquiry module 12 is not known and need be handled network access request.
Main function and handling process with BAS Broadband Access Server that present embodiment provides can repeat no more referring to said method embodiment here.
The main BAS Broadband Access Server of using that present embodiment provides; Through receiving the network access request that comprises source IP address that user terminal sends; If the control table according to the local storage of source IP address inquiry knows that needs are not handled network access request, then network access request is sent to subsequent use BRAS and handle, realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks; Both can alleviate main burden, can improve the utilance of subsequent use BRAS again with BRAS.
Further; First processing module 13 in embodiment illustrated in fig. 6 also is used for if enquiry module 12 is known and need be handled network access request; Then according to the purpose IP address that from network access request, obtains; Be forwarded to the destination server in the Internet through router, and receive the data message that destination server returns through router, and be transmitted to user terminal according to source IP address.
The main BAS Broadband Access Server of using that present embodiment provides; Through receiving the network access request that comprises source IP address that user terminal sends; If the control table based on the local storage of source IP address inquiry is not known and need be handled network access request; Then network access request being sent to subsequent use BRAS handles; If need the master network access request to be handled with BRAS; Realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks; Both can alleviate main burden, can improve the utilization rate of subsequent use BRAS again with BRAS.
Fig. 7 is main with another example structure sketch map of BAS Broadband Access Server for the present invention; As shown in Figure 7; Based on embodiment shown in Figure 6; This master also comprises with BAS Broadband Access Server: second processing module 14 and control module 15, and wherein, second processing module 14 is used for user terminal is carried out authentication and distributes source IP address; Control module 15 is used for then said source IP address being stored in the local control table if know and can handle the network access request that user terminal sends according to the carrying threshold value that is provided with in advance.
Main function and handling process with BAS Broadband Access Server that present embodiment provides can repeat no more referring to said method embodiment here.
The main BAS Broadband Access Server of using that present embodiment provides; Through setting up control table according to carrying threshold value that is provided with in advance and the source IP address of distributing to user terminal; Receive the network access request that comprises source IP address that user terminal sends; If the control table according to the local storage of source IP address inquiry knows that needs are not handled network access request, then network access request is sent to subsequent use BRAS and handle, realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks; Both can alleviate main burden, can improve the utilance of subsequent use BRAS again with BRAS.
Fig. 8 is main with the another example structure sketch map of BAS Broadband Access Server for the present invention; As shown in Figure 8; Based on embodiment shown in Figure 7; Second processing module 14 comprises: receiving element 141, authentication ' unit 142 and allocation units 143, and wherein, receiving element 141 is used to receive the network insertion request of carrying user's name and password that user terminal sends; Authentication ' unit 142 is used for the network insertion request is sent to the Radius server, for the Radius server said user terminal is carried out authentication; Allocation units 143 are used for then distributing source IP address to said user terminal if receive authentication that the Radius server returns through message, carry out access to netwoks for said user terminal.
Main function and handling process with BAS Broadband Access Server that present embodiment provides can repeat no more referring to said method embodiment here.
The main BAS Broadband Access Server of using that present embodiment provides; Through setting up control table according to carrying threshold value that is provided with in advance and the source IP address of distributing to user terminal; Receive the network access request that comprises source IP address that user terminal sends; If the control table according to the local storage of source IP address inquiry knows that needs are not handled network access request, then network access request is sent to subsequent use BRAS and handle, realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks; Both can alleviate main burden, can improve the utilance of subsequent use BRAS again with BRAS.
Fig. 9 is the subsequent use BAS Broadband Access Server example structure of a present invention sketch map; As shown in Figure 9; This subsequent use BAS Broadband Access Server comprises: second receiver module 21 and forwarding module 22, and wherein, second receiver module 21 is used to receive main network access request of sending with BRAS; Wherein, Network access request is the source IP address in main network access request of sending according to user terminal with BRAS, and the control table of the local storage of inquiry is not known and need be handled network access request, then network access request is sent to subsequent use BRAS and handles; Forwarding module 22 is used for according to the purpose IP address from network access request is obtained; Be forwarded to the destination server in the Internet through router; And receive the data message that destination server returns through router, and be transmitted to user terminal according to the source IP address that from network access request, obtains.
The function of the subsequent use BAS Broadband Access Server that present embodiment provides and handling process can repeat no more referring to said method embodiment here.
The subsequent use BAS Broadband Access Server that present embodiment provides; Receive the network access request that comprises source IP address that user terminal sends through main with BRAS; If the control table according to the local storage of source IP address inquiry knows that needs are not handled network access request; Then network access request being sent to subsequent use BRAS handles; Realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks, both can alleviate main burden, can improve the utilance of subsequent use BRAS again with BRAS.
Figure 10 is a network access control system example structure sketch map of the present invention, and is shown in figure 10, and this system comprises: main with BAS Broadband Access Server 1, and subsequent use BAS Broadband Access Server 2 and user terminal 3;
Wherein, The main network access request that comprises source IP address that receives user terminal 3 transmissions with BAS Broadband Access Server 1; If main control table of storing based on source IP address inquiry this locality with BAS Broadband Access Server 1 is not known and need be handled network access request, then network access request is sent to subsequent use BAS Broadband Access Server 2 and handle;
Subsequent use BAS Broadband Access Server 2 receives main network access request of sending with BAS Broadband Access Server 1, and subsequent use BAS Broadband Access Server 2 is forwarded to the destination server in the Internet according to the purpose IP address that from network access request, obtains through router; And receive the data message that destination server returns through router, and be transmitted to user terminal 3 according to source IP address.
Wherein, Lead with BAS Broadband Access Server 1 and subsequent use BAS Broadband Access Server 2 and can lead with BAS Broadband Access Server and subsequent use BAS Broadband Access Server for what the embodiment of the invention provided; The function and the handling process of each device in the network access control system that present embodiment provides; Can repeat no more referring to said method and device embodiment here.
The network access control system that present embodiment provides; Receive the network access request that comprises source IP address that user terminal sends through main with BRAS; If the control table according to the local storage of source IP address inquiry knows that needs are not handled network access request; Then network access request being sent to subsequent use BRAS handles; Realized that subsequent use BRAS can carry user terminal jointly with BRAS with the master and carry out access to netwoks, both can alleviate main burden, can improve the utilance of subsequent use BRAS again with BRAS.
What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the spirit and the scope of the essence disengaging various embodiments of the present invention technical scheme of relevant art scheme.

Claims (11)

1. a method for network access control is characterized in that, comprising:
The main network access request that comprises source IP address that receives the user terminal transmission with BRAS;
If said main control table of storing according to said source IP address inquiry this locality with BRAS knows that needs are not handled said network access request, then said network access request is sent to subsequent use BRAS and handle.
2. method according to claim 1 is characterized in that, also comprises:
Said master is known and need be handled said network access request if inquire about local control table of storing based on said source IP address with BRAS; Then, be forwarded to the destination server in the internet through router based on the purpose IP address that from said network access request, obtains;
Said master receives the data message that said destination server returns through said router with BRAS, and is transmitted to said user terminal according to said source IP address.
3. method according to claim 1 and 2 is characterized in that, also comprises:
Said master carries out authentication and distributes source IP address said user terminal with BRAS;
If said master is known and can be handled the network access request that said user terminal sends based on the carrying threshold value that is provided with in advance with BRAS, then said source IP address is stored in the local control table.
4. method according to claim 3 is characterized in that, said master carries out authentication and distributes source IP address to comprise said user terminal with BRAS:
Said master receives the network insertion request of carrying user's name and password that said user terminal sends with BRAS;
Said master sends to the Radius server with BRAS with said network insertion request, for said Radius server said user terminal is carried out authentication;
If said master receives authentication that said Radius server returns through message with BRAS, then distribute source IP address to said user terminal, carry out access to netwoks for said user terminal.
5. a method for network access control is characterized in that, comprising:
Subsequent use BRAS receives main network access request of sending with BRAS; Wherein, Said network access request is the source IP address in said main said network access request of sending based on user terminal with BRAS; The control table of the local storage of inquiry is not known and need be handled said network access request, then said network access request is sent to subsequent use BRAS and handles;
Said subsequent use BRAS is forwarded to the destination server in the Internet according to the purpose IP address that from said network access request, obtains through router;
Said subsequent use BRAS receives the data message that said destination server returns through said router, and is transmitted to said user terminal according to the source IP address that from said network access request, obtains.
6. a master uses BAS Broadband Access Server, it is characterized in that, comprising:
First receiver module is used to receive the network access request that comprises source IP address that user terminal sends;
Enquiry module is used for knowing according to the control table of the local storage of said source IP address inquiry whether needs are handled said network access request;
First processing module is used for then said network access request being sent to subsequent use BRAS and handling if said enquiry module is not known and need be handled said network access request.
7. master according to claim 6 uses BAS Broadband Access Server, it is characterized in that said first processing module also is used for:
If said enquiry module is known and need be handled said network access request; Then according to the purpose IP address that from said network access request, obtains; Be forwarded to the destination server in the Internet through router; And receive the data message that said destination server returns through said router, and be transmitted to said user terminal according to said source IP address.
8. use BAS Broadband Access Server according to claim 6 or 7 described masters, it is characterized in that, also comprise:
Second processing module is used for said user terminal is carried out authentication and distributes source IP address;
Control module is used for then said source IP address being stored in the local control table if know and can handle the network access request that said user terminal sends according to the carrying threshold value that is provided with in advance.
9. master according to claim 8 uses BAS Broadband Access Server, it is characterized in that said second processing module comprises:
Receiving element is used to receive the network insertion request of carrying user's name and password that said user terminal sends;
Authentication ' unit is used for said network insertion request is sent to the Radius server, for said Radius server said user terminal is carried out authentication;
Allocation units are used for then distributing source IP address to said user terminal if receive authentication that said Radius server returns through message, carry out access to netwoks for said user terminal.
10. a subsequent use BAS Broadband Access Server is characterized in that, comprising:
Second receiver module; Be used to receive main network access request of sending with BRAS; Wherein, Said network access request is the source IP address in said main said network access request of sending according to user terminal with BRAS, and the control table of the local storage of inquiry is not known and need be handled said network access request, then said network access request is sent to subsequent use BRAS and handles;
Forwarding module; Be used for according to purpose IP address from said network access request is obtained; Be forwarded to the destination server in the Internet through router; And receive the data message that said destination server returns through said router, and be transmitted to said user terminal according to the source IP address that from said network access request, obtains.
11. a network access control system is characterized in that, comprises like claim 6 to 9 arbitrary described main use BAS Broadband Access Server, subsequent use BAS Broadband Access Server as claimed in claim 10, and user terminal;
Wherein, the main network access request that comprises source IP address that receives the user terminal transmission with BRAS; If said main control table of storing according to said source IP address inquiry this locality with BRAS knows that needs are not handled said network access request, then said network access request is sent to subsequent use BRAS and handle;
Subsequent use BRAS receives main network access request of sending with BRAS; Said subsequent use BRAS is according to the purpose IP address that from said network access request, obtains; Be forwarded to the destination server in the Internet through router; And receive the data message that said destination server returns through said router, and according to being transmitted to said user terminal from said source IP address.
CN2011103843208A 2011-11-28 2011-11-28 Network access control method, device and system Pending CN102420818A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011103843208A CN102420818A (en) 2011-11-28 2011-11-28 Network access control method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011103843208A CN102420818A (en) 2011-11-28 2011-11-28 Network access control method, device and system

Publications (1)

Publication Number Publication Date
CN102420818A true CN102420818A (en) 2012-04-18

Family

ID=45945053

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011103843208A Pending CN102420818A (en) 2011-11-28 2011-11-28 Network access control method, device and system

Country Status (1)

Country Link
CN (1) CN102420818A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017198144A1 (en) * 2016-05-20 2017-11-23 中兴通讯股份有限公司 Disaster tolerance method for iptv system, and iptv disaster tolerance system
CN108616431A (en) * 2018-04-20 2018-10-02 新华三技术有限公司 A kind of message processing method, device, equipment and machine readable storage medium
WO2019042379A1 (en) * 2017-08-30 2019-03-07 中兴通讯股份有限公司 Traffic scheduling method and apparatus, server, and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889484A (en) * 2005-06-29 2007-01-03 华为技术有限公司 Identification insertion system and identification inserting method thereof
CN101087232A (en) * 2007-07-27 2007-12-12 杭州华三通信技术有限公司 An access method, system and device based on Ethernet point-to-point protocol
CN101175034A (en) * 2006-10-31 2008-05-07 日立通讯技术株式会社 Packet forwarding apparatus having gateway load distribution function
CN101350772A (en) * 2008-09-08 2009-01-21 成都飞鱼星科技开发有限公司 Method for selecting line of router with multiple WAN interfaces, system and router
CN102084638A (en) * 2008-11-26 2011-06-01 思科技术公司 Deterministic session load-balancing and redundancy of access servers in a computer network
CN102223303A (en) * 2011-06-14 2011-10-19 杭州华三通信技术有限公司 Load equilibrium method based on transparent interconnection of lots of links (TRILL) and routing bridge (RB)

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889484A (en) * 2005-06-29 2007-01-03 华为技术有限公司 Identification insertion system and identification inserting method thereof
CN101175034A (en) * 2006-10-31 2008-05-07 日立通讯技术株式会社 Packet forwarding apparatus having gateway load distribution function
CN101087232A (en) * 2007-07-27 2007-12-12 杭州华三通信技术有限公司 An access method, system and device based on Ethernet point-to-point protocol
CN101350772A (en) * 2008-09-08 2009-01-21 成都飞鱼星科技开发有限公司 Method for selecting line of router with multiple WAN interfaces, system and router
CN102084638A (en) * 2008-11-26 2011-06-01 思科技术公司 Deterministic session load-balancing and redundancy of access servers in a computer network
CN102223303A (en) * 2011-06-14 2011-10-19 杭州华三通信技术有限公司 Load equilibrium method based on transparent interconnection of lots of links (TRILL) and routing bridge (RB)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017198144A1 (en) * 2016-05-20 2017-11-23 中兴通讯股份有限公司 Disaster tolerance method for iptv system, and iptv disaster tolerance system
CN107404394A (en) * 2016-05-20 2017-11-28 中兴通讯股份有限公司 A kind of IPTV system disaster recovery method and IPTV disaster tolerance systems
CN107404394B (en) * 2016-05-20 2022-04-12 中兴通讯股份有限公司 IPTV system disaster tolerance method and IPTV disaster tolerance system
WO2019042379A1 (en) * 2017-08-30 2019-03-07 中兴通讯股份有限公司 Traffic scheduling method and apparatus, server, and storage medium
CN108616431A (en) * 2018-04-20 2018-10-02 新华三技术有限公司 A kind of message processing method, device, equipment and machine readable storage medium
CN108616431B (en) * 2018-04-20 2020-09-08 新华三技术有限公司 Message processing method, device, equipment and machine readable storage medium

Similar Documents

Publication Publication Date Title
CN101795203B (en) Method and device for downloading software upgrading data packet
CN103339901B (en) Terminal in content guiding network environment and the communication means of intermediate node and terminal and intermediate node
CN110138606B (en) Container network configuration method and system
CN104811478A (en) Remote control system and method of wireless terminal equipment
CN102594697A (en) Load balancing method and device
CN102025630A (en) Load balancing method and load balancing system
CN102308290B (en) Method for transmitting virtualized data in cloud computing environment
CN102790813B (en) Communication method as well as system and terminal equipment based on IPv6 (internet protocol version 6) network
CN101964799A (en) Solution method of address conflict in point-to-network tunnel mode
US9130886B2 (en) Communication system, controller, switch, storage managing apparatus and communication method
CN102833721A (en) Wireless roaming data forwarding method and wireless access point
CN102387083B (en) Network access control method and system
CN1812398B (en) Method for realizing DHCP server loading sharing based on DHCP relay
CN102340436B (en) Cross-network message forwarding method and switch system
CN101803289B (en) Fitness based routing
CN102420818A (en) Network access control method, device and system
CN101859139B (en) Data sharing realizing method of distribution type control system and device thereof
CN101795238B (en) Network load balancing networking method, network load balancing networking equipment and network load balancing networking system
CN102904803B (en) A kind of message transmitting method and equipment
CN108600225A (en) a kind of authentication method and device
CN102761780A (en) Method for obtaining media metadata by intelligent remote controller to
CN108228318B (en) Method, host, system and storage medium for communication between cloud container and management device
CN105052207B (en) Information query method, equipment and system
CN102843253A (en) Multi-sub-rack communication device and method and device of communication of multi-sub-rack communication device
CN103051985B (en) A kind of method of Ethernet optical-fibre channel routing forwarding data and equipment thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20120418