CN103139023A - User access control method, network equipment and system - Google Patents
User access control method, network equipment and system Download PDFInfo
- Publication number
- CN103139023A CN103139023A CN2011103818263A CN201110381826A CN103139023A CN 103139023 A CN103139023 A CN 103139023A CN 2011103818263 A CN2011103818263 A CN 2011103818263A CN 201110381826 A CN201110381826 A CN 201110381826A CN 103139023 A CN103139023 A CN 103139023A
- Authority
- CN
- China
- Prior art keywords
- gateway
- gateway device
- customer group
- user
- accessed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
- H04W4/08—User group management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a user access control method, network equipment and a system, and relates to the technical field of network communication. Access gateway equipment is determined for a user group to be accessed from at least two sets of gateway equipment, and an activation message is sent to the determined access gateway equipment and comprises a user group identifier of the user group to be accessed, so that the access gateway equipment can supply an on-line access service to the user group identified by the user group identifier, and users can be dynamically adjusted to be accessed to different sets of gateway equipment and be on line; and the problems of non-uniformity in time of on-line users and broadband network gateway (BNG) load balance are solved. The embodiment of the invention is mainly applied to a control process of user accessing into a gateway.
Description
Technical field
The present invention relates to network communications technology field, relate in particular to a kind of method, the network equipment and system of user access control.
Background technology
Wideband network gateway (Broadband Network Gateway is called for short BNG) equipment is the gateway device for broadband home user and the access Internet of small enterprise network.BNG has authentication and the authentication that realizes user access network, and the IP address of distribution or auxiliary distributing user online use is controlled user's access bandwidth, and the functions such as charging are carried out in user's online.
User's surfing flow all passes through BNG equipment, and along with the growth of the Internet (Internet) content information amount, surfing flow constantly increases, and BNG equipment needs continuous dilatation to adapt to it.The BNG dilatation causes more BNG equipment to be placed on a website.
At present, can normally enter network in order to guarantee the user, can by the network planning with user's information configuration to BNG, the access service of reaching the standard grade of the different B NG independent process different user in same website.This configuration mode is static, and is inhomogeneous if the user reaches the standard grade, and can cause a large number of users to reach the standard grade by same BNG, makes some BNG load capacity high, and some BNG load capacity are low, cause load imbalance.
Summary of the invention
Embodiments of the invention provide a kind of method, the network equipment and system of user access control, can dynamically adjust to control the user and be linked into different gateway devices and reach the standard grade, can solve the user reach the standard grade inhomogeneous, the problem that gateway equipment load is unbalance.
For achieving the above object, embodiments of the invention adopt following technical scheme:
A kind of method of user access control comprises:
From at least two gateway devices, for customer group to be accessed is determined accessing gateway equipment;
Send to described accessing gateway equipment and activate message, comprise the customer group sign of described customer group to be accessed in described activation message, so that described accessing gateway equipment provides for the user that described customer group identifies the access service of reaching the standard grade.
A kind of network equipment of user access control comprises:
Determining unit is used for from least two gateway devices, for customer group to be accessed is determined accessing gateway equipment;
The first transmitting element, be used for sending to the described accessing gateway equipment that described determining unit is determined and activate message, the customer group sign that comprises described customer group to be accessed in described activation message is so that described accessing gateway equipment provides for the user that described customer group identifies the access service of reaching the standard grade.
A kind of system of user access control comprises the network equipment and at least two gateway devices of user access control, wherein:
Described gateway device be used for receiving the activation message that described convergence device sends, and the user who identifies for described customer group provides the access service of reaching the standard grade.
the method of the user access control that the embodiment of the present invention provides, the network equipment and system, by from least two gateway devices, for customer group to be accessed is determined accessing gateway equipment, and send activation message to described accessing gateway equipment, so that described accessing gateway equipment provides for the user that described customer group identifies the access service of reaching the standard grade, making the user can be linked on any one gateway device reaches the standard grade, thereby avoided a large number of users to reach the standard grade on same gateway device and caused the situation of load imbalance, make the user can obtain the service of reaching the standard grade preferably.
Description of drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in embodiment or description of the Prior Art, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The method flow diagram of a kind of user access control that Fig. 1 provides for the embodiment of the present invention;
The method flow diagram of the another kind of user access control that Fig. 2 provides for the embodiment of the present invention;
Troubleshooting process figure in the method for the another kind of user access control that Fig. 3 provides for the embodiment of the present invention;
User data backup flow chart in the method for the another kind of user access control that Fig. 4 provides for the embodiment of the present invention;
The information interaction schematic diagram of a kind of user access control that Fig. 5 provides for the embodiment of the present invention;
The information interaction schematic diagram of the another kind of user access control that Fig. 6 provides for the embodiment of the present invention;
The information interaction schematic diagram of the another kind of user access control that Fig. 7 provides for the embodiment of the present invention;
The information interaction schematic diagram of the another kind of user access control that Fig. 8 provides for the embodiment of the present invention;
The composition frame chart of the network equipment of a kind of user access control that Fig. 9 provides for the embodiment of the present invention;
The composition frame chart of the network equipment of the another kind of user access control that Figure 10 provides for the embodiment of the present invention;
The composition frame chart of the network equipment of the another kind of user access control that Figure 11 provides for the embodiment of the present invention;
The composition frame chart of the network equipment of the another kind of user access control that Figure 12 provides for the embodiment of the present invention;
The composition frame chart of the system of a kind of user access control that Figure 13 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
The embodiment of the present invention provides a kind of method of user access control, and as shown in Figure 1, the method comprises:
101, convergence device is from least two gateway devices, for customer group to be accessed is determined accessing gateway equipment.
Wherein, described convergence device is determined accessing gateway equipment for customer group to be accessed and can be realized by following dual mode from least two gateway devices, comprising:
First method: described convergence device obtains static gateway allocation strategy, and according to described static gateway allocation strategy, is that described customer group to be accessed is determined corresponding accessing gateway equipment from described at least two gateway devices.
Second method: obtain the load information of described at least two gateway devices, according to described load information, for described customer group to be accessed is chosen the gateway device of load capacity minimum at least as described accessing gateway equipment from described two gateway devices.
Wherein, the strategy that described static gateway allocation strategy sets in advance in the time of can be for networking, comprising the gateway method of salary distribution, the described gateway method of salary distribution is used to indicate the customer group sign of customer group to be accessed and the corresponding relation between the gateway device sign, concrete static gateway allocation strategy can specifically arrange according to the networking situation, and the embodiment of the present invention is not elaborated to this.
Wherein, described load information can but be not limited to the number of users, gateway device upstream or downstream bandwidth, the gateway device port flow that comprise on gateway device and take the when occupancy of gateway device CPU, the embodiment of the present invention does not limit this.
Wherein, the described implementation of obtaining the load information of described at least two gateway devices can directly be obtained by described convergence device, comprising:
Described convergence device receives the load information that described at least two gateway devices periodically send;
Perhaps, described at least two gateway devices of described convergence device periodic queries, and obtain the load information of described at least two gateway devices.
In addition, the described implementation of obtaining the load information of described at least two gateway devices also can be obtained by the equipment that other is specifically designed to Real Time Monitoring gateway equipment load information by described convergence device, and the embodiment of the present invention repeats no more this.
Need to prove, above-mentioned first method and second method all can be in the situation that have accessed the group of certain customers in described at least two gateway devices and used, and above-mentioned first method can also in the situation that in described at least two gateway devices also not the access user group use, specifically how to use first method and second method, the embodiment of the present invention does not limit this.
102, described convergence device sends to described accessing gateway equipment and activates message, the customer group sign that comprises described customer group to be accessed in described activation message is so that described accessing gateway equipment provides for the user that described customer group identifies the access service of reaching the standard grade.
Wherein, described customer group sign can be service virtual local area networks sVlan (Service Virtual Local Area Network, service virtual local area networks) sign.The customer group sign of using in the embodiment of the present invention is not limited to sVlan, also can have for other information of identifying user group function, PWE3 (Pseudo-Wire Emulation Edge to Edge for example, the pseudo-line technology of the pseudo wire emulation of edge-to-edge) sign, PVC (Permanent Virtual Connection, permanent virtual connects, atm technology) sign etc.The embodiment of the present invention does not limit this.
Wherein, described reach the standard grade access service can but be not limited to comprise access authentication of user and authentication, IP address distribution etc.
The method of the user access control that the embodiment of the present invention provides, by from least two gateway devices, for customer group to be accessed is determined accessing gateway equipment, and send activation message to described accessing gateway equipment, so that described accessing gateway equipment provides for the user that described customer group identifies the access service of reaching the standard grade, making the user can be linked on any one gateway device reaches the standard grade, thereby avoided a large number of users to reach the standard grade on same gateway device and caused the situation of load imbalance, having made the user can obtain the service of reaching the standard grade preferably.
The method that provides another kind of user to control access in the embodiment of the present invention, as shown in Figure 2, the method comprises:
201, convergence device is from least two gateway devices, for customer group to be accessed is determined accessing gateway equipment.
Wherein, the relevant description of described step 201 is identical with the relevant description in described step 101, and the embodiment of the present invention repeats no more this.
202, described convergence device sends to described accessing gateway equipment and activates message, the customer group sign that comprises described customer group to be accessed in described activation message is so that described accessing gateway equipment provides for the user that described customer group identifies the access service of reaching the standard grade.
Wherein, the associated description of described step 202 is identical with the relevant description in described step 102, and the embodiment of the present invention repeats no more this.
203, obtain the load information of described at least two gateway devices.
Wherein, the relevant description of the implementation of the described load information that obtains described at least two gateway devices is identical with the relevant description in step 101, and the embodiment of the present invention repeats no more this.
Wherein, the relevant description of described load information is identical with the relevant description in described step 102, and the embodiment of the present invention no longer describes in detail this.
204, according to described load information, judge in described two gateway devices whether exist load to surpass the gateway device of its corresponding load threshold at least.
Wherein, described load threshold can corresponding be set to different threshold values according to the difference of load information, for example, described load threshold can be set to use off line upper limit of shutting number of users of condition of impression etc. not affecting the user, and the embodiment of the present invention does not limit this.
205, when the load of the first gateway device in described at least two gateway devices surpasses its corresponding load threshold, load does not have to choose the gateway device of load capacity minimum as the second gateway device in the gateway device of its corresponding load threshold of surpassing from described at least two gateway devices.
206, will switch to from one or more customer groups of described the first gateway device access from described the second gateway device access, so that the load of described the first gateway device is no more than its corresponding load threshold.
Wherein, described switching to from one or more customer groups of described the first gateway device access from described the second gateway device access can be realized in the following manner, comprising:
Send deexcitation message to described the first gateway device, described deexcitation message comprises the described group's of certain customers customer group sign, provides so that described the first gateway device stops the user that the customer group for the described group of certain customers identifies the access service of reaching the standard grade.
Send to described the second gateway device and activate message, described activation message comprises the described group's of certain customers customer group sign, so that the user that described the second gateway device can identify for the described group's of certain customers customer group provides the access service of reaching the standard grade.
Wherein, described the first gateway device stops user that the customer group for the described group of certain customers identifies provides reach the standard grade access service and described the second gateway to provide the implementation of the access service of reaching the standard grade to be the technology of well known to a person skilled in the art for the described group's of certain customers the customer group sign identifying user group of institute, and the embodiment of the present invention is not described in detail this.Wherein, the relevant description of the described access service of reaching the standard grade is identical with the relevant description in described step 102, and the embodiment of the present invention repeats no more this.
Optionally, 202, described convergence device to described accessing gateway equipment send activate message after, as shown in Figure 3, described method also comprises:
301, detect the state of described at least two gateway devices.
When 302, the 3rd gateway device breaks down in described at least two gateway devices being detected, one or more customer groups on described the 3rd gateway device are switched to the switching gateway device, and described switching gateway device is the gateway device that does not break down in described at least two gateway devices.
Wherein, described switching gateway device can not have gateway device over its corresponding threshold value for backup gateway equipment corresponding to the one or more customer groups on described the 3rd gateway or for load in the gateway device that does not break down in described at least two gateway devices.
303, send activation message to described switching gateway device, described active information comprises the customer group sign of the one or more customer groups on described the 3rd gateway, so that described switching gateway device provides for the user that the customer group of the one or more customer groups on described the 3rd gateway identifies the access service of reaching the standard grade.
Further alternative, in order to guarantee when gateway breaks down, the user on the gateway that breaks down can not go offline, can back up user data, 202, described convergence device to described accessing gateway equipment send activate message after, as shown in Figure 4, described method also comprises:
401, distribute corresponding backup gateway equipment for the customer group that has accessed, described backup gateway equipment is used for providing for the described customer group that has accessed the access service of reaching the standard grade when providing the gateway of the access service of reaching the standard grade to break down for the described customer group that has accessed.
402, send the backup Indication message to the gateway device that the access service of reaching the standard grade is provided for the described customer group that has accessed, comprise the customer group sign of the described customer group that has accessed and the gateway device sign of described backup gateway equipment in described backup Indication message, so that the described gateway device that the access service of reaching the standard grade is provided for the described customer group that has accessed, the user's that the customer group of the described customer group that has accessed is identified data backup on described backup gateway equipment.
Wherein, described user's data are data of the customer group at the described user place port that is linked into server etc., and the embodiment of the present invention does not limit the particular content that described user's data comprise.
Wherein, before sending the backup Indication message to the gateway device that the access service of reaching the standard grade is provided for the described customer group that has accessed, can also comprise: determine a kind of backup mode from predetermined backup mode, described predetermined backup mode comprises hot standby and warm standby.
Wherein, described hot standby implementation backups on corresponding backup gateway for the data with user on primary gateway, and the arm-to-arm that keeps user data on the backup gateway of described correspondence, so that when primary gateway breaks down, backup gateway can directly send user data, guarantees that the user does not go offline; The standby implementation of described temperature backups on corresponding backup gateway for the data with user on primary gateway, and on the backup gateway of described correspondence user data, so that when primary gateway breaks down, corresponding backup gateway just carries out user data and sends when the order of the replacement master gateway processes user data that receives the server transmission.
The method of the user access control that the embodiment of the present invention provides, by from least two gateway devices, for customer group to be accessed is determined accessing gateway equipment, and send activation message to described accessing gateway equipment, so that described accessing gateway equipment provides for the user that described customer group identifies the access service of reaching the standard grade, make the user can be linked on any one gateway device and reach the standard grade, can solve user's inhomogeneous problem of reaching the standard grade.In addition, according to the loading condition of each gateway, the user of overburden gateway is switched in the gateway that there is no overload, thereby realize the equilibrium of each gateway load.And in handoff procedure, allow the overburden gateway stop the user of having switched is away served, saved gateway resource.
In addition, the method of the user access control that the embodiment of the present invention provides by the backup of user data and the troubleshooting of gateway device, makes when gateway device breaks down, the user can remain presence, makes the user can obtain the service of reaching the standard grade preferably.
For instance, as shown in Figure 5, the information interaction schematic diagram of a kind of user access control that provides for the embodiment of the present invention.Convergence device is LAN switch (LAN Switch), subscriber equipment (User Equipment, abbreviation UE) pass through access device, for example digital subscriber line access multiplex (Digital Subscriber Line Access Multiplexer is called for short DSLAM) is connected to convergence device.
501, LAN Switch is linked into BNG1 with the customer group to be accessed at user equipment (UE) 1 place under DSLAM1, and LAN Switch sends and activates message to BNG1, comprises UE1 place customer group sign sVlan1 in described activation message.
Wherein, sVlan (Service Virtual Local Area Network, service virtual local area networks) is defined in IEEE 802.1Q.The customer group sign of using in the embodiment of the present invention can be not limited to sVlan, in addition as PWE3 (Pseudo-Wire Emulation Edge to Edge, the pseudo-line technology of the pseudo wire emulation of edge-to-edge), and PVC (Permanent Virtual Connection, permanent virtual connects, atm technology) all can be used for can being other information with identifying user group function as the customer group sign, the embodiment of the present invention does not limit this yet
502, UPE1 sends DHCP Discover message to DSLAM1.
503, DSLAM1 receives DHCP Discover message, and the identification information cVlan of described UE and sVlan1 are carried in described DHCP Discover message send to LAN Switch.
504, LAN Switch sends to BNG1, BNG2, BNG3 with described DHCP Discover message.
505, after described BNG1, BNG2 and BNG3 receive the message that comprises sVlan1, judge whether this sVlan1 identifying user group of institute activates in the machine; BNG1 is judged as YES, BNG2, and BNG3 is judged as NO, and BNG1 carries out user's access procedure, comprises authenticated user, to the user assignment address, and sends DHCP Offer message to LAN Switch; BNG2, BNG3 is the DHCP Discover packet loss of receiving.
506, LAN Switch receives DHCP Offer message, comprises cVlan1 and sVlan1 in described message and described DHCP Offer message is delivered to DSLAM1.
507, DSLAM1 delivers to UE1 place port with DHCP Offer message correctly.
508, UPE1 sends DHCP Request message, forwards by DSLAM1 and LAN Switch and delivers to BNG1.
509, BNG1 responds DHCP ACK message, forwards by LAN Switch and DSLAM1 and delivers to UPE1.
510, UE1 obtains IP address and gateway address by DHCP ACK message, and sends the MAC Address of ARP Request message request corresponding gateway address.
511, BNG1 responds the ARP Request message that UE1 sends.
512, ARP Response message by DSLAM1, is delivered to UE1.
Completed by 501 to 512 the flow process that UE1 place customer group is linked into BNG1.Further, as shown in Figure 6, the information interaction schematic diagram of the another kind of user access control that provides for the embodiment of the present invention.
601, LAN Switch obtains the load information of BNG1, BNG2 and BNG3;
602, LAN Switch detects the BNG1 load and surpasses its corresponding load threshold, selects the lower BNG2 of load to carry out load migration from BNG2 and BNG3, and selects UE1 place customer group is moved out.
603, LAN Switch sends deexcitation message to described BNG1, and described deexcitation message comprises sVlan1.
604, LAN Switch sends to described BNG2 and activates message, and described activation message comprises sVlan1.
605, BNG2 sends free ARP to LAN Switch.
606, UE1 and BNG2 complete DHCP request process and ARP request process.
Completed UE1 place customer group by 601 to 606 and moved to flow process on low load BNG2 from high capacity BNG, can solve the user access inhomogeneous, the problem of load imbalance between BNG.Need to prove, 606 specific implementation is identical with 502 to 512, and the invention process repeats no more this.
Further alternatively be, as shown in Figure 7, the information interaction schematic diagram of the another kind of user access control that provides for the embodiment of the present invention.
701, LAN Switch determines the customer group data of BNG2 backup BNG1.
702, LAN Switch sends the backup Indication message to BNG1, and message comprises the sign of sVlan1 and backup target BNG2, such as the IP address of BNG2 etc.;
703, BNG1 with the user data backup on BNG1 to BNG2.
Completed the flow process of the user data backup on BNG1 to BNG2 by 701 to 703, made when BNG1 breaks down, BNG3 is the customer service on treatments B NG1 directly, has guaranteed still normal access network of user.
Further alternatively be, as shown in Figure 8, the information interaction schematic diagram of the another kind of user access control that provides for the embodiment of the present invention.
801, LAN Switch receives the keepalive message of BNG1, BNG2, BNG3 transmission.
802, LAN Switch does not receive the keepalive message of BNG1, judgement BNG1 fault.
803, LAN Switch switches to user UE1 place customer group on described BNG1 on corresponding backup gateway equipment B NG2; Perhaps, according to the loading condition that receives BNG2 and BNG 3 transmissions, just choose the low BNG of one of them load for the user on carrying BNG1 according to the load of BNG2 and BNG3.The below illustrates with selected user UE1 place customer group on BNG1 is switched on BNG2 of LAN Switch.
804, LAN Switch sends to BNG2 and activates message, and described activation message is carried sVlan1.
805, BNG2 sends gratuitous ARP to LAN Switch.
806, UE1 and BNG2 complete DHCP request process and ARP request process.
Completed when BNG1 breaks down the flow process that UE1 place customer group is switched to BNG2 by 801 to 806, made the user when IAD breaks down, can reach the standard grade via other gateway by dynamic adjustment.
In addition, need to prove, if BNG2 has backed up the data of customer group sVlan1 in advance, above-mentioned 806 processes can be omitted, and namely the user does not need to re-start line process, can keep access to network by BNG2.
The embodiment of the present invention provides a kind of network equipment of user access control, and as shown in Figure 9, the described network equipment comprises: determining unit 901 and the first transmitting element 902.
Described determining unit 901 is used for from least two gateway devices, for customer group to be accessed is determined accessing gateway equipment.
Described the first transmitting element 902, be used for sending to the accessing gateway equipment that described determining unit 901 is determined and activate message, the customer group sign that comprises described customer group to be accessed in described activation message is so that the described gateway device of choosing provides for the user that described customer group identifies the access service of reaching the standard grade.
Further, as shown in figure 10, this equipment comprises: acquiring unit 903, judging unit 904, choose unit 905, the first switch unit 906.
Acquiring unit 903 is for the load information that obtains described at least two gateway devices.
Judging unit 904, the described load information for obtaining according to described acquiring unit 903 judges in described two gateway devices whether exist load to surpass the gateway device of its corresponding load threshold at least.
Choose unit 905, be used for when the load of the first gateway device of described at least two gateway devices surpasses its corresponding load threshold, load not have to choose the gateway device of load capacity minimum as the second gateway device in the gateway device of its corresponding load threshold from described at least two gateway devices.
The first switch unit 906, be used for to switch to from one or more customer groups of described the first gateway device access from described described the second gateway device chosen unit 905 of choosing and access, so that the load of described the first gateway device is no more than its corresponding load threshold.
Further, as shown in figure 11, this equipment comprises: allocation units 907, the second transmitting element 908.
The second transmitting element 908, be used for sending the backup Indication message to the gateway device that the access service of reaching the standard grade is provided for the described customer group that has accessed, the gateway device sign that comprises the customer group sign of the described customer group that has accessed and the described backup gateway equipment that described allocation units distribute in described backup Indication message, so that the described gateway device that the access service of reaching the standard grade is provided for the described customer group that has accessed, the user's that the customer group of the described customer group that has accessed is identified data backup on described backup gateway equipment.
Further, as shown in figure 12, this equipment also comprises: detecting unit 909, the second switch unit 910, the 3rd transmitting element 911.
Detecting unit 909 is for detection of the state of described at least two gateway devices.
The second switch unit 910, be used for when described detecting unit 909 detects described at least two gateway devices the 3rd gateway device and breaks down, for the one or more customer groups on described the 3rd gateway device switch to the switching gateway device, described switching gateway device is on the gateway device that does not break down in described at least two gateway devices.
The 3rd transmitting element 911, be used for sending to described switching gateway device and activate message, described active information comprises the customer group sign of the one or more customer groups on described the 3rd gateway, so that the user that described switching gateway device can identify for the customer group of the one or more customer groups on described the 3rd gateway provides the access service of reaching the standard grade.
The embodiment of the present invention also provides a kind of system of user access control, as shown in figure 13, this system comprises: the network equipment of user access control is given and two gateway devices at least, the network equipment of wherein said user access control is convergence device 1101, and described at least two gateway devices are gateway device 1102a and gateway device 1102b.
Described convergence device 1101, be used for from described at least two gateway devices, be that customer group to be accessed determines the gateway device 1102a that will access, and send to described gateway device 1102a and activate message, comprise the customer group sign of described customer group to be accessed in described activation message.
Described gateway device 1102a be used for receiving the activation message that described convergence device 1101 sends, and the user who identifies for described customer group provides the access service of reaching the standard grade.
Further, described convergence device 1101 also is used to the customer group that has accessed to distribute backup gateway equipment 1102b, and to sending the backup Indication message for the described customer group that has accessed provides the gateway device 1102a of the access service of reaching the standard grade.
Described gateway device 1102a, also be used for receiving the backup Indication message that described convergence device 1101 sends, comprise the customer group sign of the described customer group that has accessed and the gateway device of described backup gateway equipment 1102b in described backup Indication message and identify, and the user's that the customer group of the described customer group that has accessed is identified data backup on described backup gateway equipment 1102b.
Further, described convergence device 1101 is also for detection of the state of described at least two gateway devices, and when gateway device 1102a breaks down in described at least two gateway devices being detected, one or more customer groups on described gateway device 1102a are switched to switch gateway device 1102b, send to described switching gateway device 1102b and activate message.
Described gateway device 1102a, also be used for receiving the activation message that described convergence device 1101 sends, described active information comprises the customer group sign of the one or more customer groups on described gateway device 1102a, and the user who identifies for the customer group of the one or more customer groups on described gateway device 1102b provides the access service of reaching the standard grade.
The method of the user access control that the embodiment of the present invention provides, the network equipment and system, by from least two gateway devices, for customer group to be accessed is determined accessing gateway equipment, and send activation message to described accessing gateway equipment, so that described accessing gateway equipment provides for the user that described customer group identifies the access service of reaching the standard grade, make the user can be linked on any one gateway device and reach the standard grade, can solve user's inhomogeneous problem of reaching the standard grade.In addition, according to the loading condition of each gateway, the user of overburden gateway is switched in the gateway that there is no overload, thereby realize the equilibrium of each gateway load.And in handoff procedure, allow the overburden gateway stop the user of having switched is away served, saved gateway resource.
In addition, the method of the user access control that the embodiment of the present invention provides, the network equipment and system by the backup of user data and the troubleshooting of gateway device, make when gateway device breaks down, the user can remain presence, makes the user can obtain the service of reaching the standard grade preferably.
Through the above description of the embodiments, the those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential common hardware, can certainly pass through hardware, but in a lot of situation, the former is better execution mode.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium that can read, floppy disk as computer, hard disk or CD etc., comprise some instructions with so that computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of described claim.
Claims (13)
1. the method for a user access control, is characterized in that, comprising:
From at least two gateway devices, for customer group to be accessed is determined accessing gateway equipment;
Send to described accessing gateway equipment and activate message, comprise the customer group sign of described customer group to be accessed in described activation message, so that described accessing gateway equipment provides for the user that described customer group identifies the access service of reaching the standard grade.
2. the method for user access control according to claim 1, is characterized in that, and is described from least two gateway devices, determines accessing gateway equipment for customer group to be accessed, specifically comprises:
Obtain static gateway allocation strategy, and according to described static gateway allocation strategy, be that described customer group to be accessed is determined corresponding accessing gateway equipment from described at least two gateway devices.
3. the method for user access control according to claim 1, is characterized in that, and is described from least two gateway devices, determines accessing gateway equipment for customer group to be accessed, comprising:
Obtain the load information of described at least two gateway devices;
According to described load information, for described customer group to be accessed is chosen the gateway device of load capacity minimum at least as described accessing gateway equipment from described two gateway devices.
4. the method for the described user access control of according to claim 1 to 3 any one, is characterized in that, after sending activation message to described accessing gateway equipment, described method also comprises:
Obtain the load information of described at least two gateway devices;
According to described load information, judge in described two gateway devices whether exist load to surpass the gateway device of its corresponding load threshold at least;
When the load of the first gateway device in described at least two gateway devices surpassed its corresponding load threshold, load did not have to choose the gateway device of load capacity minimum as the second gateway device in the gateway device of its corresponding load threshold of surpassing from described at least two gateway devices;
To switch to from one or more customer groups of described the first gateway device access from described the second gateway device access, so that the load of described the first gateway device is no more than its corresponding load threshold.
5. the method for user access control according to claim 4, is characterized in that, described switching to from one or more customer groups of described the first gateway device access from described the second gateway device access specifically comprises:
Send deexcitation message to described the first gateway device, the customer group sign that comprises described one or more customer groups in described deexcitation message provides so that described the first gateway device stops the user that the customer group for described one or more customer groups identifies the access service of reaching the standard grade;
Send to described the second gateway device and activate message, the customer group sign that comprises described one or more customer groups in described activation message is so that described the second gateway provides for the user that the customer group of described one or more customer groups identifies the access service of reaching the standard grade.
6. the method for the described user access control of according to claim 1 to 5 any one, is characterized in that, after sending activation message to described accessing gateway equipment, described method also comprises:
Distribute backup gateway equipment for the customer group that has accessed, described backup gateway equipment is used for providing for the described customer group that has accessed the access service of reaching the standard grade when providing the gateway device of the access service of reaching the standard grade to break down for the described customer group that has accessed;
Send the backup Indication message to the gateway device that the access service of reaching the standard grade is provided for the described customer group that has accessed, comprise the customer group sign of the described customer group that has accessed and the gateway device sign of described backup gateway equipment in described backup Indication message, so that the described gateway device that the access service of reaching the standard grade is provided for the described customer group that has accessed, the user's that the customer group of the described customer group that has accessed is identified data backup on described backup gateway equipment.
7. the method for the described user access control of according to claim 1 to 6 any one, is characterized in that, after sending activation message to described accessing gateway equipment, described method also comprises:
Detect the state of described at least two gateway devices;
When the 3rd gateway device breaks down in described at least two gateway devices being detected, one or more customer groups on described the 3rd gateway device are switched to the switching gateway device, and described switching gateway device is the gateway device that does not break down in described at least two gateway devices;
Send to described switching gateway device and activate message, the customer group sign that comprises the one or more customer groups on described the 3rd gateway in described active information is so that described switching gateway device provides for the user that the customer group of the one or more customer groups on described the 3rd gateway identifies the access service of reaching the standard grade.
8. the method for user access control according to claim 7, is characterized in that, described switching gateway device comprises:
The backup gateway equipment that one or more customer groups on described the 3rd gateway are corresponding;
Perhaps, in the gateway device that does not break down in described at least two gateway devices, load does not have to surpass the gateway device of its corresponding threshold value.
9. the network equipment of a user access control, is characterized in that, comprising:
Determining unit is used for from least two gateway devices, for customer group to be accessed is determined accessing gateway equipment;
The first transmitting element, be used for sending to the described accessing gateway equipment that described determining unit is determined and activate message, the customer group sign that comprises described customer group to be accessed in described activation message is so that described accessing gateway equipment provides for the user that described customer group identifies the access service of reaching the standard grade.
10. the network equipment of user access control according to claim 9, is characterized in that, also comprises:
Acquiring unit is for the load information that obtains described at least two gateway devices;
Judging unit, the described load information for obtaining according to described acquiring unit judges in described two gateway devices whether exist load to surpass the gateway device of its corresponding load threshold at least;
Choose the unit, be used for when the load of the first gateway device of described at least two gateway devices surpasses its corresponding load threshold, from described at least two gateway devices load not have to choose in the gateway device of its corresponding load threshold of surpassing load capacity minimum must gateway device as the second gateway device;
The first switch unit is used for switching to from one or more customer groups of described the first gateway device access described the second gateway device access of choosing unit selection from described, so that the load of described the first gateway device is no more than its corresponding load threshold.
11. the network equipment of user access control according to claim 9 is characterized in that, also comprises:
Allocation units are used to the customer group that has accessed to distribute backup gateway equipment, and described backup gateway equipment is used for providing for the described customer group that has accessed the access service of reaching the standard grade when providing the gateway of the access service of reaching the standard grade to break down for the described customer group that has accessed;
The second transmitting element, be used for sending the backup Indication message to the gateway device that the access service of reaching the standard grade is provided for the described customer group that has accessed, the gateway device sign that comprises the customer group sign of the described customer group that has accessed and the backup gateway equipment that described allocation units distribute in described backup Indication message, so that the described gateway device that the access service of reaching the standard grade is provided for the described customer group that has accessed, the user's that the customer group of the described customer group that has accessed is identified data backup on described backup gateway equipment.
12. the network equipment of user access control according to claim 9 is characterized in that, also comprises:
Detecting unit is for detection of the state of described at least two gateway devices;
The second switch unit, be used for when described detecting unit detects described at least two gateway devices the 3rd gateway device and breaks down, one or more customer groups on described the 3rd gateway device are switched to the switching gateway device, and described switching gateway device is the gateway device that does not break down in described at least two gateway devices;
The 3rd transmitting element, be used for sending to described switching gateway device and activate message, the customer group sign that comprises the one or more customer groups on described the 3rd gateway in described active information is so that the user that described switching gateway device can identify for the customer group of the one or more customer groups on described the 3rd gateway provides the access service of reaching the standard grade.
13. the system of a user access control is characterized in that, comprises the network equipment and at least two gateway devices of the described user access control of claim 9-12 any one, wherein:
Described gateway device be used for receiving the activation message that the described network equipment sends, and the user who identifies for described customer group provides the access service of reaching the standard grade.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103818263A CN103139023A (en) | 2011-11-25 | 2011-11-25 | User access control method, network equipment and system |
| PCT/CN2012/084636 WO2013075598A1 (en) | 2011-11-25 | 2012-11-15 | Method, network device and system for user access control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103818263A CN103139023A (en) | 2011-11-25 | 2011-11-25 | User access control method, network equipment and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103139023A true CN103139023A (en) | 2013-06-05 |
Family
ID=48469106
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011103818263A Pending CN103139023A (en) | 2011-11-25 | 2011-11-25 | User access control method, network equipment and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103139023A (en) |
| WO (1) | WO2013075598A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104995892A (en) * | 2013-12-30 | 2015-10-21 | 华为技术有限公司 | GRE tunnel determination method, gateway device and access station |
| US11075880B2 (en) | 2017-04-27 | 2021-07-27 | Huawei Technologies Co., Ltd. | Data service implementation method and apparatus, and terminal |
| CN114124737A (en) * | 2020-08-25 | 2022-03-01 | 华为技术有限公司 | Method and device for controlling user equipment to access network |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112737806B (en) * | 2019-10-28 | 2022-05-13 | 华为技术有限公司 | Network traffic migration method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070165622A1 (en) * | 2006-01-17 | 2007-07-19 | Cisco Technology, Inc. | Techniques for load balancing over a cluster of subscriber-aware application servers |
| CN101217448A (en) * | 2008-01-18 | 2008-07-09 | 福建星网锐捷网络有限公司 | A method and system to realize gateway dynamic load sharing |
| CN101471898A (en) * | 2007-12-28 | 2009-07-01 | 华为技术有限公司 | Protection method, system and virtual access edge node for access network |
| CN101919209A (en) * | 2008-01-23 | 2010-12-15 | 艾利森电话股份有限公司 | Selection of an edge node in a fixed access communication network |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004343448A (en) * | 2003-05-15 | 2004-12-02 | Matsushita Electric Ind Co Ltd | Authentication system for wireless lan access |
| CN201290123Y (en) * | 2008-07-02 | 2009-08-12 | 福建先创电子有限公司 | Device for sharing wireless network resource |
| CN101674223B (en) * | 2008-09-13 | 2012-07-04 | 华为技术有限公司 | Gateway equipment load processing method, network equipment and network system |
| CN102791000B (en) * | 2008-09-28 | 2015-11-25 | 华为技术有限公司 | A kind of method of control load transfer |
| CN102196499B (en) * | 2010-03-17 | 2014-09-10 | 杭州华三通信技术有限公司 | Method for realizing access control, central controller and access point (AP) device |
-
2011
- 2011-11-25 CN CN2011103818263A patent/CN103139023A/en active Pending
-
2012
- 2012-11-15 WO PCT/CN2012/084636 patent/WO2013075598A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070165622A1 (en) * | 2006-01-17 | 2007-07-19 | Cisco Technology, Inc. | Techniques for load balancing over a cluster of subscriber-aware application servers |
| CN101471898A (en) * | 2007-12-28 | 2009-07-01 | 华为技术有限公司 | Protection method, system and virtual access edge node for access network |
| CN101217448A (en) * | 2008-01-18 | 2008-07-09 | 福建星网锐捷网络有限公司 | A method and system to realize gateway dynamic load sharing |
| CN101919209A (en) * | 2008-01-23 | 2010-12-15 | 艾利森电话股份有限公司 | Selection of an edge node in a fixed access communication network |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104995892A (en) * | 2013-12-30 | 2015-10-21 | 华为技术有限公司 | GRE tunnel determination method, gateway device and access station |
| US11075880B2 (en) | 2017-04-27 | 2021-07-27 | Huawei Technologies Co., Ltd. | Data service implementation method and apparatus, and terminal |
| CN114124737A (en) * | 2020-08-25 | 2022-03-01 | 华为技术有限公司 | Method and device for controlling user equipment to access network |
| CN114124737B (en) * | 2020-08-25 | 2023-07-11 | 华为技术有限公司 | Method and device for controlling user equipment to access network |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2013075598A1 (en) | 2013-05-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101106512B (en) | A processing method and device for QinQ termination configuration | |
| CN109586972B (en) | Access method and system of user terminal equipment and broadband network gateway | |
| CN101316236B (en) | Vrrp backup group load sharing method and router | |
| CN103905326B (en) | The message transmission control method and the network equipment of Ethernet link clustering | |
| EP2482524B1 (en) | Address distribution method, device and system thereof | |
| CN108696417A (en) | Business switch method in backup network and device | |
| US10367680B2 (en) | Network relay apparatus, gateway redundancy system, program, and redundancy method | |
| CN101883158A (en) | Method and client for acquiring VLAN (Virtual Local Area Network) IDs (Identifiers) and network protocol addresses | |
| CN103139023A (en) | User access control method, network equipment and system | |
| CN102238075A (en) | IPv6 (Internet Protocol version 6) routing establishing method based on Ethernet Point-to-Point Protocol and access server | |
| CN112769965B (en) | IP address management and distribution method, device and system | |
| CN106936943A (en) | The distribution method and system of virtual machine address | |
| CN109495593A (en) | Address distribution method and system | |
| CN102137109B (en) | Access control method, access equipment and system | |
| US20140362870A1 (en) | Method and gateway device for managing address resource | |
| CN106254095B (en) | The backup processing method and equipment of tunnel traffic | |
| CN104219337A (en) | IP address allocation method and device applied to SDN | |
| CN101945412A (en) | Service protection method and device based on user level | |
| CN102368713B (en) | Processing method for network-side fault and apparatus thereof | |
| CN104283720A (en) | Dialing method and system applied to mobile Internet and user device | |
| CN107995125B (en) | Traffic scheduling method and device | |
| CN108768798B (en) | Equipment access method and device | |
| CN109347966B (en) | Server cluster communication method, terminal equipment and communication server | |
| US11489764B2 (en) | Failover system and method for diverting data traffic over a replacement access network | |
| CN106803846A (en) | For AP shares out the work method, equipment and the system of AC in WLAN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130605 |