CN104378457A - Method, device and system for distributing IP address - Google Patents
Method, device and system for distributing IP address Download PDFInfo
- Publication number
- CN104378457A CN104378457A CN201410691163.9A CN201410691163A CN104378457A CN 104378457 A CN104378457 A CN 104378457A CN 201410691163 A CN201410691163 A CN 201410691163A CN 104378457 A CN104378457 A CN 104378457A
- Authority
- CN
- China
- Prior art keywords
- address
- request message
- authentication request
- subscriber equipment
- access server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a method, device and system for distributing an IP address, and relates to the field of the internet. The method, device and system for distributing the IP address are used for distributing the fixed IP address for a user to facilitate implementation of a service based on the IP address. The method includes the steps that an access server receives an authentication request message sent by user equipment; the authentication request message carries the IP address; the access server sends the authentication request message to an authentication server so that the authentication server can authenticate the user equipment; the access server receives an authentication response message sent by the authentication sever; the access server sends an IP address relay message carrying the IP address to the user equipment according to the IP address carried by the authentication response message or authentication request message.
Description
Technical field
The present invention relates to internet arena, particularly relate to method, the Apparatus and system of a kind of distributing IP (InternetProtocol, Internet protocol) address.
Background technology
Current broadband network, operator generally adopts the mode of subscriber dialing to access server request dispatching IP address.User account and password are sent to broadband server by user, user account and password are sent to the certificate server of operator by broadband server, certification is carried out to this user account, after certification is passed through, access server is user's distributing IP address at random in IP address pool, mapping relations between storing IP address and user account, user uses the IP address of this Random assignment to communicate.After user offline, remove the mapping relations between user account and this IP address, and address pool put in this IP address, when other users reach the standard grade or above-mentioned user again request dispatching IP address time, by Random assignment IP address in above-mentioned steps secondary IP address pond.
In the IPv4 epoch, above-mentioned IP address distribution method effectively can solve the problem of shortage of ip address, but along with Next Generation Internet IPv6 (Internet Protocol Version 6, Internet Protocol version 6) expansion, IP number of addresses increases greatly, and the count issue of IP address is no longer the condition of restriction IP address assignment.Above-mentioned IP address distribution method is used if continue, because the IP address distributed of reaching the standard grade of user is each time random, repeatedly the reach the standard grade IP address that is assigned with of same user is different, which limit based on IP address as user provides the expansion of business, such as according to IP address, user is traced to the source, owing to being dynamic for user's distributing IP address in prior art, so the mapping relations in each time period needing storing IP address to be assigned with between this IP address and user account, in the process of tracing to the source, first the user account corresponding according to the IP address search of point (or time period) is sometime needed, then user is found according to the corresponding relation between user account and user identity, this source tracing method needs to store each IP address user account corresponding when distributing each time, higher to the requirement of memory space, limit the expansion that user traces to the source.
Summary of the invention
Embodiments of the invention provide a kind of method, Apparatus and system of distributing IP address, by distributing fixing IP address for user, and the convenient expansion based on IP address business.
For achieving the above object, embodiments of the invention adopt following technical scheme:
First aspect, embodiments provides a kind of method of distributing IP address, comprising: access server receives subscriber equipment and sends authentication request message; Described authentication request message carries IP address; Described authentication request message is sent to certificate server by described access server, to make described certificate server to described subscriber equipment certification; Described access server receives the authentication response message that described certificate server sends; The described IP address that described access server carries according to described authentication response message or described authentication request message sends the IP address response message of carrying described IP address to described subscriber equipment.
Second aspect, embodiments provides a kind of method of distributing internet protocol address, comprising: certificate server receives the authentication request message that access server sends; Described authentication request message carries IP address; Described certificate server carries out certification according to described authentication request message to subscriber equipment; When certification is passed through, described certificate server sends authentication response message to described access server.
The third aspect, embodiments provide a kind of method of distributing internet protocol address, comprise: subscriber equipment sends authentication request message to access server, described authentication request message carries IP address, is described user equipment allocation IP address to make according to described authentication request message; Described subscriber equipment receives the IP address response message that described access server sends, and described IP address response message carries the IP address that described access server is described user equipment allocation.
Fourth aspect, embodiments provides a kind of access server, comprising: receiving element, sends authentication request message for receiving subscriber equipment; Described authentication request message carries internet protocol address; Transmitting element, for described authentication request message is sent to certificate server, to make described certificate server to described subscriber equipment certification; Described receiving element, also for receiving the authentication response message that described certificate server sends; Described transmitting element, the described IP address also for carrying according to described authentication response message or described authentication request message sends the IP address response message of carrying described IP address to described subscriber equipment.
5th aspect, embodiments provides a kind of certificate server, comprising: receiving element, for receiving the authentication request message that access server sends; Described authentication request message carries internet protocol address; Processing unit, for carrying out certification according to described authentication request message to subscriber equipment; Transmitting element, for when certification is passed through, sends authentication response message to described access server.
6th aspect, embodiments provide a kind of subscriber equipment, comprising: transmitting element, for sending authentication request message to access server, described authentication request message carries internet protocol address, is described user equipment allocation IP address to make according to described authentication request message; Receiving element, for receiving the IP address response message that described access server sends, described IP address response message carries the IP address that described access server is described user equipment allocation.
7th aspect, embodiments provides a kind of system, comprising: access server, certificate server and subscriber equipment; Described access server is the access server described in above-described embodiment; Described certificate server is the certificate server described in above-described embodiment; Described subscriber equipment is the subscriber equipment described in above-described embodiment.
Embodiments provide a kind of method, Apparatus and system of distributing IP address, the method comprises: access server receives subscriber equipment and sends authentication request message; Described authentication request message carries IP address; Authentication request message is sent to certificate server and receive certificate server send authentication response message; Access server is IP address described in user equipment allocation according to the described IP address that authentication response message or authentication request message are carried.Like this, in the process of user's request dispatching IP address, certificate server or access server just can determine the IP address needed for user distributes according to the authentication request message of carrying the IP address distributed required for user, and be that user distributes this IP address by access server, as long as user uses identical IP address at every turn, the IP address at every turn distributed for user is exactly fixing, finally facilitates the expansion of IP address-based business.Such as according to IP address, user is traced to the source, after distributing fixed ip address for user, only need just can find this user according to the mapping relations between IP address and user identity, do not need to store the mapping relations in each time period between IP address and user account, thus reduce the requirement of user being traced to the source to memory space in process according to IP address, facilitate the expansion that user traces to the source.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The schematic flow sheet of the method for a kind of distributing IP address that Fig. 1 provides for the embodiment of the present invention;
The schematic flow sheet of the method for a kind of distributing IP address that Fig. 2 provides for the embodiment of the present invention;
The schematic flow sheet of the method for a kind of distributing IP address that Fig. 3 provides for the embodiment of the present invention;
The schematic flow sheet of the method for a kind of distributing IP address that Fig. 4 provides for the embodiment of the present invention;
The functional schematic of a kind of access server that Fig. 5 provides for the embodiment of the present invention;
The functional schematic of a kind of certificate server that Fig. 6 provides for the embodiment of the present invention;
The functional schematic of a kind of subscriber equipment that Fig. 7 provides for the embodiment of the present invention;
The structural representation of a kind of system that Fig. 8 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Embodiments provide a kind of method of distributing IP address, as shown in Figure 1, comprising:
101, access server receives subscriber equipment and sends authentication request message.
Wherein, authentication request message carries IP address.
Concrete, subscriber equipment is when needs distributing IP address, and subscriber equipment sends to access server and carries the authentication request message that the IP address needing distribution specified by subscriber equipment.Access server receives the authentication request message of the IP address of carrying needed for subscriber equipment.
It should be noted that, in authentication request message, not only carry the IP address needed for subscriber equipment, also carry other information needing to carry out subscriber equipment certification, the data such as such as user account, password, message identifier.Authentication request message in the embodiment of the present invention is used to specify the IP address needed for user equipment allocation on the one hand, on the other hand also for carrying out certification to the identity of subscriber equipment.
It should be noted that, the IP address of carrying in the authentication request message of subscriber equipment uses the user of this subscriber equipment to obtain from operator, and namely user obtains IP address from the business hall application of operator.Meanwhile, user also can obtain the password corresponding to this IP address.User is when using subscriber equipment to need to carry out access to netwoks, and user inputs the IP address and corresponding password that obtain from operator at login interface, this IP address and password are carried in authentication request message and are sent to access server by subscriber equipment.
102, authentication request message is sent to certificate server by access server, to make certificate server to subscriber equipment certification.
Concrete, access server, after the authentication request message receiving subscriber equipment transmission, records this authentication request message, and this authentication request message is sent to certificate server.
It should be noted that, certificate server can be AAA of the prior art (Authentication checking, the abbreviation that Authorization authorizes, Accounting keeps accounts) server.For carrying out certification to the identity of subscriber equipment, determining that whether this user account is legal, namely determining whether user account is registered account, and whether user cipher is correct.Certainly in embodiments of the present invention, certificate server, also for carrying out certification to the IP address needed for subscriber equipment, determines whether this IP address is available IP-addresses, namely determines whether the IP address of carrying in the authentication request message of subscriber equipment can be distributed.When the IP address needed for the legal and subscriber equipment of certificate server determination subscriber equipment can be used, authentication success; In and/or the disabled situation in IP address needed for subscriber equipment illegal at subscriber equipment, authentification failure.
It should be noted that, after obtain this IP address and password from operator, allly know that the user of this IP address and password can use this IP address to initiate access to netwoks, thus exist multiple user use identical IP address to initiate situation that access to netwoks or same user use identical IP address to initiate access to netwoks on different user devices occurs.Now, when this IP address is assigned with, if certificate server also receives the authentication request message of carrying this IP address, can judge that in verification process this IP address is assigned with, so this IP address is unavailable, authentification failure.
Optionally, operator carries out lease to IP address and arranges, and that is, user is when from operator application IP address, and operator limits the pot life to this IP address.Within the designated time, this IP address can be used; Outside the designated time, this IP address is unavailable.Exemplary, user, when applying for IP address, applies for that to the pot life of this IP address be half a year, and when so in half a year, user uses this IP address to initiate access to netwoks on a user device, this IP address can be distributed; When after half a year, user uses this IP address to initiate access to netwoks on a user device, this IP address can not be distributed.
103, access server receives the authentication response message that certificate server sends.
Concrete, after certificate server passes through subscriber equipment certification according to authentication request message, send authentication response message to access server.
It should be noted that, according to Operation system setting is that certificate server is determined to need the IP address for user equipment allocation according to authentication request message, or access server is determined to need the IP address for user equipment allocation according to authentication request message.The authentication response message of the subscriber equipment that access server receives has two kinds of situations, when certificate server is determined to need the IP address for user equipment allocation according to authentication request message, carries IP address in the authentication response message that access server receives; When access server is determined to need the IP address for user equipment allocation according to authentication request message, in the authentication response message that reception server receives, only carry the relevant information that instruction certification is passed through.
It should be noted that, when authentification failure, certificate server can send authentification failure message to access server, or certificate server also can not send any message to access server, namely the authentication response message that access server does not receive certificate server transmission in setting-up time shows authentification failure.
It should be noted that, user authentication failure may be user account or user cipher mistake, also may be that the IP address of carrying in subscriber equipment authentication request message is unavailable.Different according to the reason of authentification failure, certificate server can send to access server and carry the authentification failure message that can show different authentication failure cause, shows the reason of authentification failure to make subscriber equipment according to the authentification failure message received on the interface of subscriber equipment.
104, the described IP address that access server carries according to authentication response message or authentication request message sends the IP address response message of carrying described IP address to user.
It should be noted that, access server is the process of user equipment allocation IP address is exactly that the IP address determined for subscriber equipment is carried at the process sending to subscriber equipment in the response message of IP address by access server.
Concrete, according to the difference of the authentication response message that access server receives, the specific practice of access server is different.Carry in authentication response message certificate server according to authentication request message determine for the IP address of user equipment allocation, the IP address of carrying in authentication response message is carried in the response message of described IP address and sends to described subscriber equipment by access server, is the IP address that it distributes with notifying user equipment; When only carrying the relevant information indicating certificate server to pass through subscriber equipment certification in authentication response message, the IP address that authentication request message is carried by access server is carried in the response message of described IP address and sends to described subscriber equipment, is the IP address that it distributes with notifying user equipment.
It should be noted that, certificate server only may be determined to need the IP address assignment identical with the IP address of carrying in described authentication request message to subscriber equipment according to authentication request message, that is, certificate server can only be determined to need the IP address for user equipment allocation in theory, and what reality was user equipment allocation IP address is access server.
Embodiments provide a kind of method of distributing IP address, the method comprises: access server receives subscriber equipment and sends authentication request message; Described authentication request message carries IP address; Authentication request message is sent to certificate server and receive certificate server send authentication response message; Access server is IP address described in user equipment allocation according to the described IP address that authentication response message or authentication request message are carried.Like this, in the process of user's request dispatching IP address, certificate server or access server just can determine the IP address needed for user distributes according to the authentication request message of carrying the IP address distributed required for user, and be that user distributes this IP address by access server, as long as user uses identical IP address at every turn, the IP address at every turn distributed for user is exactly fixing, finally facilitates the expansion of IP address-based business.Such as according to IP address, user is traced to the source, after distributing fixed ip address for user, only need just can find this user according to the mapping relations between IP address and user identity, do not need to store the mapping relations in each time period between IP address and user account, thus reduce the requirement of user being traced to the source to memory space in process according to IP address, facilitate the expansion that user traces to the source.
Embodiments provide a kind of method of distributing IP address, as shown in Figure 2, comprising:
201, certificate server receives the authentication request message that access server sends.
Wherein, authentication request message carries IP address.
It should be noted that, in authentication request message, not only carry the IP address needed for subscriber equipment, also carry other information needing to carry out subscriber equipment certification, the data such as such as user account, password, message identifier.
It should be noted that, certificate server can be aaa server of the prior art, can also be common certificate server, or the server with authentication function of other types.
It should be noted that, when the subscriber equipment that certificate server manages is less, can by access server and certificate server integrated, make like this access server both can for user equipment allocation to IP address, also can carry out certification to subscriber equipment.
202, certificate server carries out certification according to authentication request message to subscriber equipment.
Concrete, certificate server extracts the partial data needed for certification from described authentication request message, carries out certification to subscriber equipment.Wherein, certificate server carries out the process of certification to subscriber equipment, and mainly whether certificate server is legal according to the identity of user account and password determination subscriber equipment, and certificate server can also determine whether the IP address of carrying in authentication request message is the IP address can distributing to subscriber equipment simultaneously.
It should be noted that, user account and password is stored in certificate server, certificate server is identical with the process of certificate server in prior art to the authentication of subscriber equipment according to the process whether identity of user account and password determination subscriber equipment is legal, and the present invention does not repeat them here.Certificate server stores maybe can obtain the IP address can distributing to subscriber equipment, and determines that the IP address of carrying in authentication request message is the IP address can distributing to subscriber equipment.
It should be noted that, operator carries out lease to IP address and arranges, may there be the pot life IP address that subscriber equipment uses, and in certificate server, same IP address is the IP address that can distribute within the designated time, is to distribute to subscriber equipment outside the designated time.Exemplary, user, when applying for IP address, applies for that to the pot life of this IP address be half a year, and when so in half a year, user uses this IP address to initiate access to netwoks on a user device, this IP address can be distributed; When after half a year, user uses this IP address to initiate access to netwoks on a user device, this IP address can not be distributed.
Further, access rights when this IP address of use that certificate server can also arrange subscriber equipment according to IP address communicates.
203, when certification is passed through, certificate server sends authentication response message to access server.
Concrete, certificate server is after passing through the identity of subscriber equipment and the IP address verification of subscriber equipment, certificate server sends authentication response message to access server, to notify that access server can use with the IP address assignment of carrying in authentication request response message to subscriber equipment.
Embodiments provide a kind of method of distributing IP address, certificate server receives the authentication request message that access server sends; Authentication request message carries IP address; Certificate server carries out certification according to authentication request message to subscriber equipment; When certification is passed through, certificate server sends authentication response message to access server.Because subscriber equipment specifies IP address needed for self by authentication request message, after the availability certification of certificate server to the identity of subscriber equipment and assigned ip address is passed through, instruction access server by the IP address assignment of carrying in authentication request message to subscriber equipment, like this, as long as user uses identical IP address at every turn, the IP address at every turn distributed for user is exactly fixing, finally facilitates the expansion of IP address-based business.Such as according to IP address, user is traced to the source, after distributing fixed ip address for user, only need just can find this user according to the mapping relations between IP address and user identity, do not need to store the mapping relations in each time period between IP address and user account, thus reduce the requirement of user being traced to the source to memory space in process according to IP address, facilitate the expansion that user is traced to the source.
Embodiments provide a kind of method of distributing IP address, as shown in Figure 3, comprising:
301, subscriber equipment sends authentication request message to access server, to make according to authentication request message as user equipment allocation IP address.
Wherein, authentication request message carries IP address.
Concrete, the IP address needed for self is carried in authentication request message and sends to access server by subscriber equipment, and the IP address assignment of user being specified to make access server is to subscriber equipment.
It should be noted that, the IP address of carrying in the authentication request message of subscriber equipment uses the user of this subscriber equipment to obtain from operator, and namely user obtains IP address from the business hall application of operator.Meanwhile, user also can obtain the password corresponding to this IP address.User is when using subscriber equipment to need to carry out access to netwoks, and user inputs the IP address and corresponding password that obtain from operator at login interface, this IP address and password are carried in authentication request message and are sent to access server by subscriber equipment.
It should be noted that, in authentication request message, not only carry the IP address needed for subscriber equipment, also carry other information needing to carry out subscriber equipment certification, the data such as such as user account, password, message identifier.Authentication request message in the embodiment of the present invention is used to specify the IP address needed for user equipment allocation on the one hand, on the other hand also for carrying out certification to the identity of subscriber equipment.
302, subscriber equipment receives the IP address response message that access server sends.
Wherein, IP address response message carries the IP address that access server is user equipment allocation.
Concrete, when the IP address verification of carrying during certificate server is to the identity of subscriber equipment and authentication request message is passed through, access server is defined as distributing to the IP address of described subscriber equipment by with the IP address of carrying in authentication request message, and the IP address response message of carrying this IP address is sent to subscriber equipment, notifying user equipment is the IP address that it distributes.
It should be noted that, as long as subscriber equipment have received IP address response message, the IP address of carrying in the IP address response message that subscriber equipment receives is identical with the IP address of carrying in the authentication request message that subscriber equipment sends.
Embodiments provide a kind of method of distributing IP address, subscriber equipment sends the authentication request message of carrying IP address to access server, to make according to authentication request message as user equipment allocation IP address, subscriber equipment receives the IP address response message that access server sends, and the IP address that IP address response message is carried is identical with the IP address of carrying in authentication request message.Because subscriber equipment specifies IP address needed for self by authentication request message, after the availability certification of certificate server to the identity of subscriber equipment and assigned ip address is passed through, access server by the IP address assignment of carrying in authentication request message to subscriber equipment, like this, as long as user uses identical IP address at every turn, the IP address at every turn distributed for user is exactly fixing, finally facilitates the expansion of IP address-based business.Such as according to IP address, user is traced to the source, after distributing fixed ip address for user, only need just can find this user according to the mapping relations between IP address and user identity, do not need to store the mapping relations in each time period between IP address and user account, thus reduce the requirement of user being traced to the source to memory space in process according to IP address, facilitate the expansion that user traces to the source.
Embodiments provide a kind of method of distributing IP address, as shown in Figure 4, comprising:
401, subscriber equipment sends authentication request message to access server, and access server receives the authentication request message that subscriber equipment sends.
Wherein, authentication request message carries IP address.
Concrete, the authentication request message being user account with IP address as user account, is sent to access server by the IP address needed for self by subscriber equipment.
It should be noted that, user account is set to the IP address distributed required for subscriber equipment by the present invention, user account in such the present invention can be used for carrying out the authentication of subscriber equipment on the one hand, can be used to refer to the IP address needed to user equipment allocation on the other hand.
402, authentication request message is sent to certificate server by access server, and certificate server receives the authentication request message that access server sends.
Concrete, can refer step 102 and step 201, do not repeat them here.
403, certificate server carries out certification according to authentication request message to subscriber equipment.
Concrete, can refer step 202, do not repeat them here.
404, when certification is passed through, the IP address of carrying in authentication request message is added in authentication response message by certificate server.
Concrete, determining that certificate server determines that this subscriber equipment identity is legal, and when the IP low value carried in this authentication request message is the IP address that can distribute, certificate server is determined the IP address assignment of carrying in certificate server to subscriber equipment, access server is sent to, to indicate access server by this IP address assignment to this subscriber equipment so be carried in authentication response message this IP address.
It should be noted that, according to Operation system setting is that certificate server is determined to need the IP address for user equipment allocation according to authentication request message, or access server is determined to need the IP address for user equipment allocation according to authentication request message.When certificate server is determined to need the IP address for user equipment allocation according to authentication request message, and perform step 405a and 406a; When access server is determined to need the IP address for user equipment allocation according to authentication request message, when not performing step 404, perform step 405b and 406b.
405a, certificate server send to access server and carry the IP address verification response message (authentication response message that access server reception certificate server sends.
Concrete, when certificate server is defined as the IP address of user equipment allocation in step 404, certificate server sends the authentication response message of carrying IP address to access server, and (access server receives with the carrying IP address authentication response message that certificate server sends.
405b, certificate server send the authentication response message of only carrying the information that subscriber equipment certification is passed through to access server, access server receives the authentication response message that certificate server sends.
Concrete, when the authentication response message that certificate server receives does not carry IP address, access server receives the authentication response message that certificate server sends, and just only represents certificate server and passes through the IP address verification of carrying in the identity of this subscriber equipment and authentication response message.
406a, when authentication response message carry into user distribute IP address, the IP address of carrying in authentication response message is added in IP address response message by access server.
Concrete, when certificate server has determined the IP address into user equipment allocation, the IP address of carrying in authentication response message has directly been added in IP address response message and has distributed to subscriber equipment by access device.
406b, when authentication response message only carries the information that subscriber equipment certification passes through, the described IP address that authentication request message is carried by access server is added in IP address response message.
Concrete, when not carrying IP address in authentication response message, access device is determined to be defined as the IP address of carrying in authentication response message, to the IP address of user equipment allocation, being added in IP address response message this IP address according to authentication request message.
407, access server sends the IP address response message of carrying IP address to subscriber equipment, and subscriber equipment receives the IP address response message that access server sends.
It is concrete that (access device is determining after to user equipment allocation IP address, needs to send IP address response message to subscriber equipment, and be the IP address that it distributes with notifying user equipment, subscriber equipment can use this IP address to communicate.
Current operator generally adopts PPP, and (Point to Point Protocol (point-to-point protocol) agreement carries out the authentication management of user, and address assignment is that (IP ControlProtocol (IP control protocol) agreement has mainly been responsible for the option negotiation of configuration parameter needed for IP network layer protocol communication at the IPCP of ppp protocol.
Exemplary, with the PPPoE (broadband access of Point to Point Protocol over Ethernet (point-to-point protocol on Ethernet), authentication request message is the Config-Request message of IPCP, and IP address response message is the Config-Nak message of IPCP is example.PPPoE process of establishing can be divided into discovery phase and session stage.
Discovery phase is a stateless stage, and the message of discovery phase is divided into PADI (PPPoEActive Discovery Initiation, PPPoE initiatively finds initialization) message; PADO (PPPoE Active Discovery Offer, PPPoE initiatively find to propose) message; PADR (PPPoE Active Discovery Request, PPPoE active discovery request) message; PADS (PPPoE Active Discovery Session-confirmation, PPPoE initiatively finds that session confirms) message, this stage is user's detecting and selection BAS Broadband Access Server mainly, determines the BAS Broadband Access Server of the PPP session that will set up.The present invention does not make any change to the discovery phase of PPPoE.
Session stage is divided into negotiation phase, authentication phase and address assignment stage.Negotiation phase has mainly completed MTU, whether carries out certification and adopts the negotiation of which kind of authentication mode, same as the prior art, the present invention to this stage do not make any change.The IP address that user specifies in authentication phase by the present invention sends to access server, to make the IP address fixed for user equipment allocation by the rear subscriber equipment assigned ip address that directly can obtain according to authentication phase in subscriber equipment certification.Mainly comprise following steps:
S1, authentication phase, subscriber equipment sends Config-Request message (the IP address that the IP address filling subscriber equipment in the IP address configuration parameter configuration option in message is specified of IPCP to access server.And using this IP address as user account, also carry password in this message simultaneously;
User account (IP address) in S2, access server extraction Config-Request message and password, be sent to aaa server by user account (IP address) and password;
S3, aaa server carry out certification to user account and password;
After S4, certification are passed through, aaa server sends authentication response message to access server;
S5, address assignment stage, access server detects user account information, extracts user account field, is added in the Config-Nak message of IPCP by the IP address assignment corresponding with user account to subscriber equipment;
S6, address assignment stage, access server sends Config-Nak message to subscriber equipment.
After step S1 to step S6 completes, it is the IP address that it distributes that subscriber equipment has just got access server.
The configuration of completing user IP address of equipment has also needed following steps:
S7, subscriber equipment send Config-Request message to access server, the IP address that the IP address configuration in this message provides in Config-Nak message for access server.
After S8, access server receive Config-Request message, determine that the IP address of carrying in this message is the IP address desired by self, access server sends Config-Ack message to subscriber equipment, represents that user equipment (UE) IP address has configured.
Embodiments provide a kind of method of distributing IP address, subscriber equipment sends the authentication request message of carrying IP address to access server, authentication request message is sent to certificate server by access server, after certificate server certification is passed through, the IP address of carrying in authentication request message is defined as the IP address of user equipment allocation by certificate server or access server, then by access server by this IP address assignment to subscriber equipment.Because subscriber equipment specifies IP address needed for self by authentication request message, after the availability certification of certificate server to the identity of subscriber equipment and assigned ip address is passed through, access server by the IP address assignment of carrying in authentication request message to subscriber equipment, like this, as long as user uses identical IP address at every turn, the IP address at every turn distributed for user is exactly fixing, finally facilitates the expansion of IP address-based business.Such as according to IP address, user is traced to the source, after distributing fixed ip address for user, only need just can find this user according to the mapping relations between IP address and user identity, do not need to store the mapping relations in each time period between IP address and user account, thus reduce the requirement of user being traced to the source to memory space in process according to IP address, facilitate the expansion that user traces to the source.
As shown in Figure 5, the functional schematic of its a kind of access server provided for the embodiment of the present invention.Shown in figure 5, this access server comprises: receiving element 501 and transmitting element 502.
Receiving element 501, sends authentication request message for receiving subscriber equipment; Described authentication request message carries internet protocol address.
Concrete, described authentication request message is carried IP address and is comprised: described authentication request message comprises user account, and described user account is described IP address.
Transmitting element 502, for described authentication request message is sent to certificate server, to make described certificate server to described subscriber equipment certification.
Described receiving element 501, also for receiving the authentication response message that described certificate server sends.
Described transmitting element 502, the described IP address also for carrying according to described authentication response message or described authentication request message sends the IP address response message of carrying described IP address to described subscriber equipment.
Described transmitting element 502, specifically for only carrying information that described subscriber equipment certification passes through in described authentication response message, the described IP address of described authentication request message being carried is carried in the response message of described IP address and sends to described subscriber equipment; When described authentication response message carries the described IP address into user's distribution, the described IP address of carrying in described authentication response message is carried in the response message of described IP address and sends to described subscriber equipment.
Embodiments provide a kind of access server, access server receives subscriber equipment and sends authentication request message; Described authentication request message carries IP address; Authentication request message is sent to certificate server and receive certificate server send authentication response message; Access server is IP address described in user equipment allocation according to the described IP address that authentication response message or authentication request message are carried.Like this, in the process of user's request dispatching IP address, certificate server or access server just can determine the IP address needed for user distributes according to the authentication request message of carrying the IP address distributed required for user, and be that user distributes this IP address by access server, as long as user uses identical IP address at every turn, the IP address at every turn distributed for user is exactly fixing, finally facilitates the expansion of IP address-based business.
As shown in Figure 6, the functional schematic of its a kind of certificate server provided for the embodiment of the present invention.Shown in figure 6, this certificate server comprises: receiving element 601, processing unit 602 and transmitting element 603.
Receiving element 601, for receiving the authentication request message that access server sends; Described authentication request message carries internet protocol address.
Concrete, described authentication request message is carried IP address and is comprised: described authentication request message comprises user account, and described user account is described IP address.
Processing unit 602, for carrying out certification according to described authentication request message to subscriber equipment.
Transmitting element 603, for when certification is passed through, sends authentication response message to described access server.
Further, described processing unit 602, also for being added in described authentication response message by the described IP address of carrying in described authentication request message;
Accordingly, described transmitting element 603, carries described IP address verification response message specifically for sending to described access server.
Embodiments provide a kind of certificate server, certificate server receives the authentication request message that access server sends; Authentication request message carries IP address; Certificate server carries out certification according to authentication request message to subscriber equipment; When certification is passed through, certificate server sends authentication response message to access server.Because subscriber equipment specifies IP address needed for self by authentication request message, after the availability certification of certificate server to the identity of subscriber equipment and assigned ip address is passed through, instruction access server by the IP address assignment of carrying in authentication request message to subscriber equipment, like this, as long as user uses identical IP address at every turn, the IP address at every turn distributed for user is exactly fixing, finally facilitates the expansion of IP address-based business.
As shown in Figure 7, the functional schematic of its a kind of subscriber equipment provided for the embodiment of the present invention.Shown in figure 7, this subscriber equipment comprises: transmitting element 701 and receiving element 702.
Transmitting element 701, for sending authentication request message to access server, described authentication request message carries internet protocol address, is described user equipment allocation IP address to make according to described authentication request message.
Concrete, described authentication request message is carried IP address and is comprised: described authentication request message comprises user account, and described user account is described IP address.
Receiving element 702, for receiving the IP address response message that described access server sends, described IP address response message carries the IP address that described access server is described user equipment allocation.
Embodiments provide a kind of subscriber equipment, subscriber equipment sends the authentication request message of carrying IP address to access server, to make according to authentication request message as user equipment allocation IP address, subscriber equipment receives the IP address response message that access server sends, and the IP address that IP address response message is carried is identical with the IP address of carrying in authentication request message.Because subscriber equipment specifies IP address needed for self by authentication request message, after the availability certification of certificate server to the identity of subscriber equipment and assigned ip address is passed through, access server by the IP address assignment of carrying in authentication request message to subscriber equipment, like this, as long as user uses identical IP address at every turn, the IP address at every turn distributed for user is exactly fixing, finally facilitates the expansion of IP address-based business.
As shown in Figure 8, the structural representation of its a kind of system provided for the embodiment of the present invention.Shown in figure 8, this system comprises: access server 801, certificate server 802 and subscriber equipment 803.
Described access server 801 is the access server described in above-described embodiment;
Described certificate server 802 is the certificate server described in above-described embodiment;
Described subscriber equipment 803 is the subscriber equipment described in above-described embodiment.
Embodiments provide a kind of system, comprising: subscriber equipment, access server and certificate server.Subscriber equipment sends the authentication request message of carrying IP address to access server, authentication request message is sent to certificate server by access server, after certificate server certification is passed through, the IP address of carrying in authentication request message is defined as the IP address of user equipment allocation by certificate server or access server, then by access server by this IP address assignment to subscriber equipment.Because subscriber equipment specifies IP address needed for self by authentication request message, after the availability certification of certificate server to the identity of subscriber equipment and assigned ip address is passed through, access server by the IP address assignment of carrying in authentication request message to subscriber equipment, like this, as long as user uses identical IP address at every turn, the IP address at every turn distributed for user is exactly fixing, finally facilitates the expansion of IP address-based business.
In several embodiments that the application provides, should be understood that, disclosed system, apparatus and method, can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit comprises, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form that hardware also can be adopted to add SFU software functional unit realizes.
The above-mentioned integrated unit realized with the form of SFU software functional unit, can be stored in a computer read/write memory medium.Above-mentioned SFU software functional unit is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the part steps of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (Read-Only Memory, be called for short ROM), random access memory (Random Access Memory, be called for short RAM), magnetic disc or CD etc. various can be program code stored medium.
Last it is noted that above embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (17)
1. distribute a method for internet protocol address, it is characterized in that, comprising:
Access server receives subscriber equipment and sends authentication request message; Described authentication request message carries IP address;
Described authentication request message is sent to certificate server by described access server, to make described certificate server to described subscriber equipment certification;
Described access server receives the authentication response message that described certificate server sends;
The described IP address that described access server carries according to described authentication response message or described authentication request message sends the IP address response message of carrying described IP address to described subscriber equipment.
2. method according to claim 1, it is characterized in that, described access server sends the IP address response message of carrying described IP address according to the described IP address that described authentication response message or described authentication request message are carried to described subscriber equipment and comprises:
When described authentication response message only carries the information that described subscriber equipment certification passes through, the described IP address that described authentication request message is carried by described access server is carried in the response message of described IP address and sends to described subscriber equipment;
When described authentication response message carries the described IP address into user's distribution, the described IP address of carrying in described authentication response message is carried in the response message of described IP address and sends to described subscriber equipment by described access server.
3. method according to claim 1 and 2, is characterized in that,
Described authentication request message is carried IP address and is comprised: described authentication request message comprises user account, and described user account is described IP address.
4. distribute a method for internet protocol address, it is characterized in that, comprising:
Certificate server receives the authentication request message that access server sends; Described authentication request message carries IP address;
Described certificate server carries out certification according to described authentication request message to subscriber equipment;
When certification is passed through, described certificate server sends authentication response message to described access server.
5. method according to claim 4, is characterized in that,
When certification is passed through, before described certificate server sends authentication response message to described access server, also comprise:
The described IP address of carrying in described authentication request message is added in described authentication response message by described certificate server;
Described certificate server sends authentication response message to described access server and comprises:
Described certificate server sends to described access server and carries described IP address verification response message.
6. the method according to claim 4 or 5, is characterized in that,
Described authentication request message is carried IP address and is comprised: described authentication request message comprises user account, and described user account is described IP address.
7. distribute a method for internet protocol address, it is characterized in that, comprising:
Subscriber equipment sends authentication request message to access server, and described authentication request message carries IP address, is described user equipment allocation IP address to make according to described authentication request message;
Described subscriber equipment receives the IP address response message that described access server sends, and described IP address response message carries the IP address that described access server is described user equipment allocation.
8. method according to claim 7, is characterized in that,
Described authentication request message is carried IP address and is comprised: described authentication request message comprises user account, and described user account is described IP address.
9. an access server, is characterized in that, comprising:
Receiving element, sends authentication request message for receiving subscriber equipment; Described authentication request message carries internet protocol address;
Transmitting element, for described authentication request message is sent to certificate server, to make described certificate server to described subscriber equipment certification;
Described receiving element, also for receiving the authentication response message that described certificate server sends;
Described transmitting element, the described IP address also for carrying according to described authentication response message or described authentication request message sends the IP address response message of carrying described IP address to described subscriber equipment.
10. access server according to claim 9, is characterized in that,
Described transmitting element, specifically for only carrying information that described subscriber equipment certification passes through in described authentication response message, the described IP address of described authentication request message being carried is carried in the response message of described IP address and sends to described subscriber equipment; When described authentication response message carries the described IP address into user's distribution, the described IP address of carrying in described authentication response message is carried in the response message of described IP address and sends to described subscriber equipment.
11. access servers according to claim 9 or 10, is characterized in that,
Described authentication request message is carried IP address and is comprised: described authentication request message comprises user account, and described user account is described IP address.
12. 1 kinds of certificate servers, is characterized in that, comprising:
Receiving element, for receiving the authentication request message that access server sends; Described authentication request message carries internet protocol address;
Processing unit, for carrying out certification according to described authentication request message to subscriber equipment;
Transmitting element, for when certification is passed through, sends authentication response message to described access server.
13. certificate servers according to claim 12, is characterized in that,
Described processing unit, also for being added in described authentication response message by the described IP address of carrying in described authentication request message;
Described transmitting element, carries described IP address verification response message specifically for sending to described access server.
14. certificate servers according to claim 12 or 13, is characterized in that,
Described authentication request message is carried IP address and is comprised: described authentication request message comprises user account, and described user account is described IP address.
15. 1 kinds of subscriber equipmenies, is characterized in that, comprising:
Transmitting element, for sending authentication request message to access server, described authentication request message carries internet protocol address, is described user equipment allocation IP address to make according to described authentication request message;
Receiving element, for receiving the IP address response message that described access server sends, described IP address response message carries the IP address that described access server is described user equipment allocation.
16. subscriber equipmenies according to claim 15, is characterized in that,
Described authentication request message is carried IP address and is comprised: described authentication request message comprises user account, and described user account is described IP address.
17. 1 kinds of systems, is characterized in that, comprising: access server, certificate server and subscriber equipment;
Described access server is the access server described in any one of claim 9-11;
Described certificate server is the certificate server described in any one of claim 12-14;
Described subscriber equipment is the subscriber equipment described in claim 15 or 16.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410691163.9A CN104378457A (en) | 2014-11-26 | 2014-11-26 | Method, device and system for distributing IP address |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410691163.9A CN104378457A (en) | 2014-11-26 | 2014-11-26 | Method, device and system for distributing IP address |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104378457A true CN104378457A (en) | 2015-02-25 |
Family
ID=52557103
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410691163.9A Pending CN104378457A (en) | 2014-11-26 | 2014-11-26 | Method, device and system for distributing IP address |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104378457A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106506680A (en) * | 2016-11-29 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of information processing method and device |
| CN107800602A (en) * | 2016-08-29 | 2018-03-13 | 华为技术有限公司 | A kind of message processing method, equipment and system |
| CN109474615A (en) * | 2018-12-12 | 2019-03-15 | 成都路行通信息技术有限公司 | A kind of service encryption system and the communication for service method based on ciphering process |
| CN111405080A (en) * | 2020-03-09 | 2020-07-10 | 北京冠程科技有限公司 | Terminal IP management system and user behavior auditing method based on same |
| CN113127232A (en) * | 2021-04-19 | 2021-07-16 | 北京京东振世信息技术有限公司 | Message processing method, device, equipment and storage medium |
| CN113206827A (en) * | 2021-03-29 | 2021-08-03 | 北京华三通信技术有限公司 | Message processing method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070186273A1 (en) * | 2004-02-09 | 2007-08-09 | Celine Carpy | Method and system for managing access authorization for a user in a local administrative domain when the user connects to an ip network |
| CN101442565A (en) * | 2008-12-18 | 2009-05-27 | 成都市华为赛门铁克科技有限公司 | Method and gateway for distributing fixed virtual network address |
| CN101656712A (en) * | 2008-08-18 | 2010-02-24 | 华为技术有限公司 | Method for recovering IP session, network system and network edge device |
| CN102255916A (en) * | 2011-07-26 | 2011-11-23 | 中国科学院计算机网络信息中心 | Access authentication method, device, server and system |
| CN102857517A (en) * | 2012-09-29 | 2013-01-02 | 华为技术有限公司 | Authentication method, broadband remote access server and authentication server |
-
2014
- 2014-11-26 CN CN201410691163.9A patent/CN104378457A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070186273A1 (en) * | 2004-02-09 | 2007-08-09 | Celine Carpy | Method and system for managing access authorization for a user in a local administrative domain when the user connects to an ip network |
| CN101656712A (en) * | 2008-08-18 | 2010-02-24 | 华为技术有限公司 | Method for recovering IP session, network system and network edge device |
| CN101442565A (en) * | 2008-12-18 | 2009-05-27 | 成都市华为赛门铁克科技有限公司 | Method and gateway for distributing fixed virtual network address |
| CN102255916A (en) * | 2011-07-26 | 2011-11-23 | 中国科学院计算机网络信息中心 | Access authentication method, device, server and system |
| CN102857517A (en) * | 2012-09-29 | 2013-01-02 | 华为技术有限公司 | Authentication method, broadband remote access server and authentication server |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107800602A (en) * | 2016-08-29 | 2018-03-13 | 华为技术有限公司 | A kind of message processing method, equipment and system |
| US10868697B2 (en) | 2016-08-29 | 2020-12-15 | Huawei Technologies Co., Ltd. | Packet processing method, device, and packet processing system |
| CN107800602B (en) * | 2016-08-29 | 2021-01-15 | 华为技术有限公司 | Message processing method, device and system |
| CN106506680A (en) * | 2016-11-29 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of information processing method and device |
| CN106506680B (en) * | 2016-11-29 | 2020-11-20 | 新华三技术有限公司 | Information processing method and device |
| CN109474615A (en) * | 2018-12-12 | 2019-03-15 | 成都路行通信息技术有限公司 | A kind of service encryption system and the communication for service method based on ciphering process |
| CN109474615B (en) * | 2018-12-12 | 2021-12-07 | 成都路行通信息技术有限公司 | Service encryption system and service communication method based on encryption process |
| CN111405080A (en) * | 2020-03-09 | 2020-07-10 | 北京冠程科技有限公司 | Terminal IP management system and user behavior auditing method based on same |
| CN113206827A (en) * | 2021-03-29 | 2021-08-03 | 北京华三通信技术有限公司 | Message processing method and device |
| CN113127232A (en) * | 2021-04-19 | 2021-07-16 | 北京京东振世信息技术有限公司 | Message processing method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104378457A (en) | Method, device and system for distributing IP address | |
| CN101729500B (en) | Method, device and system for identifying IP session | |
| EP2919444B1 (en) | Method, relay device, and system for acquiring internet protocol address in network | |
| EP3562091B1 (en) | Highly available dhcp service by running dhcp servers on a blockchain network | |
| US9246872B2 (en) | Methods and arrangements for enabling data transmission between a mobile device and a static destination address | |
| EP2608491A1 (en) | Method, apparatus and system for allocating public IP address | |
| US10320788B2 (en) | Method for transferring authorization information, relay device, and server | |
| EP2698957A1 (en) | Method, device and system for realizing communication after virtual machine migration | |
| EP3108643B1 (en) | Ipoe dual-stack subscriber for routed residential gateway configuration | |
| US20180048588A1 (en) | Automated instantiation of wireless virtual private networks | |
| CN104378455A (en) | IP address distribution method and device | |
| CN104144096A (en) | Virtual network layer construction method, device and system | |
| CN103780711A (en) | Address assignment method and address assignment system for intelligent access type decision, and AAA system | |
| US10855809B2 (en) | Printer with dual media access control interfaces and uninterrupted interface change | |
| EP3108642B1 (en) | Ipoe dual-stack subscriber for bridged residential gateway configuration | |
| CN105049546A (en) | Client terminal IP address allocation method through DHCP server and device thereof | |
| CN101436969B (en) | Network access method, apparatus and system | |
| CN103957194A (en) | IP access method and device | |
| JP2014093772A (en) | Method and device for allocating and acquiring ip address | |
| CN103634421A (en) | Address distribution method and server | |
| CN110913034A (en) | IP address configuration method, device and network system | |
| CN107547501B (en) | Identity authentication method and device | |
| CN102594938B (en) | Portal secondary address authentication method and device | |
| WO2021218232A1 (en) | Address allocation method and system, and electronic device and computer-readable storage medium | |
| CN114866371B (en) | Method and device for establishing IPSec tunnel, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150225 |
|
| RJ01 | Rejection of invention patent application after publication |