A kind of user access method, access service router and subscriber access system
Technical field
The present invention relates to the mark net of the communications field, and in particular to a kind of user access method, access service router
(Access Service Router, abbreviation ASR) and subscriber access system.
Background technology
Existing internet can not well meet the demand of current information-intensive society, seriously hamper entering for information network
One step develops, and is badly in need of breakthrough, great-leap-forward design and designs a kind of new network architecture, is deposited with solving existing internet
Serious shortcomings.In recent years, the research work in terms of countries in the world expand the new network system one after another, on this basis, carries
Go out to identify the network system, to meet need of the Future Internet at aspects such as Pervasive Service, mobility, security, controllability and manageabilities
Ask.
Mark network architecture is a kind of different from the layer network system of open system interconnection (OSI) 7 and 4 layers of internet net
The new network architecture of network system.User, business and Internet resources three organic unity are one by the mark network system
It is overall, network integration is realized well to be accessed and provide the user Pervasive Service.Identify network in, the identity of user and
Position separates, and in mark net network structure as shown in Figure 1, Host is main frame, is that user configuring accesses mark (Access
Identifier, abbreviation AID) as identity;Couple in router (Access Service Router, abbreviation ASR) is use
Family configures Route Distinguisher (Router Identifier, abbreviation RID) as station location marker.All Host main frames are carried out by ASR
Registration and certification and access network.Host is linked on ASR, and leaves the behavior of ASR, and ASR needs to be stepped on to identity and position
Note register (Identifer and Location Register, abbreviation ILR) is reported.It is user configuring that ILR preserves Host
The mapping relations of AID and RID<AID, RID>, ILR responses of the offer to inquiry mapping relations simultaneously.
Communicated between Host and Host, by being packaged to the RID on ASR and route and realize, by Host and Host
Between original message be encapsulated in payload Payload, after message reaches purpose ASR, purpose ASR is unsealed to message
Dress, is then forwarded to purpose Host by original message.As shown in Fig. 2 turning between source Host1 and purpose Host2 in net is identified
Transmit messages text process be:Source Host1 first sends to source ASR1 message, and message is packaged with RID at the ASR1 of source;So
Opisthogenesis ASR1 sends to purpose ASR2 the message after encapsulation;Finally, it is right on purpose ASR2 after message reaches purpose ASR2
Message is decapsulated, and is forwarded to purpose Host2.
At present, in existing network, user access network is generally comprised the steps:
1st, UE associates access network (Access Network, abbreviation AN);
2nd, AN is authenticated to UE;
3rd, for UE distributes address.
But, due to the classification of existing network such as WLAN, WiMAX, fixed network etc. and unrealized user identity and position, institute
Support to identifying network can not be realized with, existing access network or cut-in method.Therefore, it is badly in need of proposing that one kind makes mark net at present
Can be disposed using existing access network, the transformation to existing network be reduced as far as possible, and continues compatible current non-identifying network and used
The method and device at family (or, referred to as domestic consumer).
The content of the invention
The technical problem to be solved in the invention be to provide a kind of user access method, access service router (ASR) with
And subscriber access system, it is possible to use existing access network deployment, the transformation to existing network is reduced as far as possible, and it is compatible non-identifying
Network users.
In order to solve the above-mentioned technical problem, the invention provides a kind of user access method, including:
User terminal accesses access network (AN) and after access service router (ASR) completes access authentication, to institute
State ASR requests identity informations;
The ASR distinguishes the user type of the user terminal, and the user type according to the user terminal returns corresponding
Identity information.
Further, the user terminal accesses AN and completes certification by ASR, including:
The user terminal sends access request to the AN, and the access request is forwarded to the ASR by the AN,
ASR is completed to the user with aaa server as authentication and authorization charging AAA agencies by interacting message proxy AAA server
The access authentication of terminal.
Further, the user type includes:Domestic consumer and mark network users.
Further, the identity information includes access mark (AID) or domestic consumer's end of mark network users terminal
The IP address at end.
Further, when the ASR carries out access authentication to user terminal, the user is obtained to the aaa server
Access mark (AID) of terminal, and the AID is stored in local storage.
Further, the ASR distinguishes the user type of the user terminal, including:
Whether ASR inquiry locally preserves the AID of the user terminal, if inquiring, then it is assumed that the user is
Mark network users, are otherwise domestic consumer.
Further, the ASR returns to corresponding identity information according to the user type of the user terminal, including:
If the user is mark network users, the AID of the user terminal is returned to user's end by the ASR
End;
If the user is domestic consumer, the ASR is that the user terminal distributes IP address, and by the IP address
Return to the user terminal.
Further, the ASR sets agreement (DHCP) server or DHCP relay as DynamicHost, is the use
Family terminal distribution IP address.
In order to solve the above-mentioned technical problem, the invention provides a kind of access service router ASR, including:
Receiver module, access request and the user terminal for receiving access network (AN) forwarding user terminal please
Seek the request message for obtaining identity information;
Authentication module, for completing the access authentication to the user terminal;
Judge module, for judging the user type of the user terminal, and will determine that result is sent to distribute module;
Distribute module, for returning to corresponding identity information to the user terminal according to the judged result.
Further, the authentication module, for completing the access authentication to the user terminal, including:
The authentication module is acted on behalf of the AAA and is serviced as authentication and authorization charging AAA and aaa server by interacting message
Device completes the access authentication to the user terminal.
Further, the user type includes:Domestic consumer and mark network users.
Further, the identity information includes access mark (AID) or domestic consumer's end of mark network users terminal
The IP address at end.
Further, the authentication module, when being additionally operable to carry out access authentication to user terminal, to the aaa server
Access mark (AID) of the user terminal is obtained, and the AID is stored in local storage.
Further, the judge module, is additionally operable to whether inquiry locally preserves the AID of the user terminal, if looking into
Ask, then it is assumed that the user is mark network users, is otherwise domestic consumer.
Further, the distribute module, for returning to corresponding body to the user terminal according to the judged result
Part information, including:
If it is mark network users that the judged result is the user, the AID of the user terminal is returned to described
User terminal;
It is user terminal distribution IP address if it is domestic consumer that the judged result is the user, and by institute
State IP address and return to the user terminal.
Further, the distribute module sets agreement (DHCP) server or DHCP relay as DynamicHost, is
The user terminal distributes IP address.
In order to solve the above-mentioned technical problem, the invention provides a kind of subscriber access system, including:Access network (AN),
Authentication and authorization charging aaa server and access service router as described above (ASR).
Compared with prior art, user access method, access service router (ASR) and the user that the present invention is provided connect
Entering system can be disposed using existing access network, and the transformation to existing network is reduced as far as possible, can not between AN and aaa server
During direct communication, the access authentication realized to UE is acted on behalf of as AAA by ASR, and realize to non-identifying network users
Compatibility, can distinguishing identifier network users and existing network domestic consumer, and be its corresponding identity information of distribution.
Brief description of the drawings
Fig. 1 is mark net schematic network structure;
Fig. 2 is the flow chart E-Packeted between source Host1 and purpose Host2 during mark is netted;
Fig. 3 is user access method flow chart in embodiment;
Fig. 4 is ASR structural representations in embodiment;
Fig. 5 is subscriber access system structural representation in embodiment;
Fig. 6 is user access method flow chart in an application example.
Specific embodiment
To make the object, technical solutions and advantages of the present invention become more apparent, below in conjunction with accompanying drawing to the present invention
Embodiment be described in detail.It should be noted that in the case where not conflicting, in the embodiment and embodiment in the application
Feature can mutually be combined.
Embodiment:
As shown in figure 3, present embodiments providing a kind of user access method, comprise the following steps:
S101:User terminal accesses access network (AN) and completes access authentication by ASR;
In this step, the user terminal sends access request to the AN, and the AN turns the access request
The ASR is sent to, ASR acts on behalf of complete by interacting message proxy AAA server with aaa server as authentication and authorization charging AAA
The access authentication of the paired user terminal.
Wherein, when ASR carries out access authentication to user terminal, ASR obtains the user terminal to the aaa server
Access mark (AID), and the AID is stored in local storage.
S102:After completing certification, user terminal is to the ASR requests identity informations;
Wherein, the identity information of user terminal requests includes the AID or general subscriber terminal of mark network users terminal
IP address.
S103:The ASR distinguishes the user type of the user terminal, and is returned according to the user type of the user terminal
Return corresponding identity information.
The present embodiment is disposed using existing access network, and the transformation to existing network is reduced as far as possible, and can be compatible nonstandard
Know network users, therefore, user type includes:Domestic consumer's (that is, non-identifying network users) and mark network users.
Wherein, when the user type of user terminal is distinguished, whether ASR inquiries locally preserve the user terminal
AID, if inquiring, then it is assumed that the user is mark network users, is otherwise domestic consumer.
Wherein, ASR returns to corresponding identity information according to the user type of the user terminal, including:
If the user is mark network users, the AID of the user terminal is returned to user's end by the ASR
End;
If the user is domestic consumer, the ASR is that the user terminal distributes IP address, and by the IP address
Return to the user terminal.
In the present embodiment, the IP address of general subscriber terminal shares out the work by ASR to complete, and ASR can possess DHCP
Function, is that user terminal distributes IP address using DHCP protocol, but with Dynamic Host Configuration Protocol server is not necessarily Same Physical entity, such as
ASR can be DHCP relay.Certainly, it is not excluded that ASR is using the customized agreement of mark net for user terminal distributes IP address.
As shown in figure 4, a kind of access service router (ASR) that identity information is distributed for user is present embodiments provided,
Including:
Receiver module, access request and the user terminal for receiving access network (AN) forwarding user terminal please
Seek the request message for obtaining identity information;
Wherein, the identity information includes access mark (AID) or the general subscriber terminal of mark network users terminal
IP address.
Authentication module, for completing the access authentication to the user terminal;
Wherein, the authentication module acts on behalf of described as authentication and authorization charging AAA and aaa server by interacting message
Aaa server completes the access authentication to the user terminal.
Additionally, the authentication module, when being additionally operable to carry out access authentication to user terminal, obtains to the aaa server
Access mark (AID) of the user terminal, and the AID is stored in local storage.
Judge module, for judging the user type of the user terminal, and will determine that result is sent to distribute module;
Wherein, the user type of the user terminal includes:Domestic consumer and mark network users.
The judge module, is additionally operable to whether inquiry locally preserves the AID of the user terminal, if inquiring, recognizes
Otherwise it is domestic consumer for the user is mark network users.
Distribute module, for returning to corresponding identity information to the user terminal according to the judged result.
Wherein, if it is mark network users that the judged result is the user, distribute module is by the user terminal
AID returns to the user terminal;
If it is domestic consumer that the judged result is the user, distribute module is user terminal distribution IP ground
Location, and the IP address is returned into the user terminal.
In the present embodiment, the IP address of domestic consumer shares out the work by the distribute module of ASR to complete, the distribution mould
Block can possess DHCP functions, the use of DHCP protocol be that user distributes IP address, but with Dynamic Host Configuration Protocol server be not necessarily same thing
Reason entity, or DHCP relay.Certainly, it is not excluded that using the customized agreement of mark net for user distributes IP address.
Additionally, as shown in figure 5, present invention also offers a kind of subscriber access system, be applied in net is identified, including:
AN, aaa server and access service router ASR as described above.
Wherein, direct correlation is unable between AN and aaa server, it is necessary to AAA is used as by ASR and is acted on behalf of, AN and AAA is taken
Business device is coupled together, and after AN receives the access request of UE transmissions, the access request is forwarded into ASR, and ASR is used as Certificate Authority
Charging AAA agencies carry out access authentication, and certification success response is returned into UE by AN after certification success.
In an application example, as shown in fig. 6, the method that user accesses is comprised the following steps:
S201:User terminal UE requests access AN;
S202:Access request is forwarded to ASR by AN;
S203:ASR is interacted as AAA Proxy (AAA agencies) with aaa server, and completion carries out access authentication to UE;
Wherein, be stored in for the authentication information and user identity information of the user when being authenticated by aaa server
In local storage, the user identity information of aaa server storage includes the AID of user.AAA proxy servers are carried out to user
Access authentication is prior art, and here is omitted.
ASR inquires about the AID of user to aaa server, if inquired, by the AID of user when access authentication is acted on behalf of
It is stored in local storage;
S204:Certification success, to AN, AN return authentication success responses are to UE for the success response of ASR return authentications;
S205:UE is to ASR IP address requestings/AID;
Wherein, common UE only needs IP address, IP address to be the identity information of domestic consumer;Mark net UE needs AID,
AID is the identity information for identifying network users.
S206:After ASR receives the request of UE, if the local AID for preserving user, the AID is returned to described
User terminal, otherwise for the user distributes IP address, and returns to the user terminal by the IP address.
In step S206, if UE is mark network users, the AID obtained from aaa server is sent to UE by ASR;Such as
Fruit UE is domestic consumer, and ASR, as Dynamic Host Configuration Protocol server, or DHCP relay, is UE distribution IP address.
So far, ASR is that user's distribution identity information is finished, and user accesses AN and completes.
From above-described embodiment as can be seen that relative to prior art, the user access method that is provided in above-described embodiment, connect
Enter service router ASR and subscriber access system to be disposed using existing access network, introduce the ASR of mark net, subtract as far as possible
Few transformation to existing network, when being unable to direct communication between AN and aaa server, is used as AAA agencies and realizes to UE by ASR
Access authentication, and realize the compatibility to non-identifying network users, can distinguishing identifier network users and existing network domestic consumer, point
Network users distribution AID Wei not be identified, is domestic consumer's distribution IP address.
One of ordinary skill in the art will appreciate that all or part of step in the above method can be instructed by program
Related hardware is completed, and described program can be stored in computer-readable recording medium, such as read-only storage, disk or CD
Deng.Alternatively, all or part of step of above-described embodiment can also be realized using one or more integrated circuits.Accordingly
Ground, each module/unit in above-described embodiment can be realized in the form of hardware, it would however also be possible to employ the shape of software function module
Formula is realized.The present invention is not restricted to the combination of the hardware and software of any particular form.
The preferred embodiments of the present invention are the foregoing is only, is not intended to limit the scope of the present invention.According to
The content of the invention of the invention, can also there is other various embodiments, in the case of without departing substantially from spirit of the invention and its essence, be familiar with
Those skilled in the art is all in the spirit and principles in the present invention when that can make various corresponding changes and deformation according to the present invention
Within, any modification, equivalent substitution and improvements made etc. should be included within the scope of the present invention.