CN104767696A - Method and device for controlling user access in SDN (software defined network) access network - Google Patents
Method and device for controlling user access in SDN (software defined network) access network Download PDFInfo
- Publication number
- CN104767696A CN104767696A CN201410005937.8A CN201410005937A CN104767696A CN 104767696 A CN104767696 A CN 104767696A CN 201410005937 A CN201410005937 A CN 201410005937A CN 104767696 A CN104767696 A CN 104767696A
- Authority
- CN
- China
- Prior art keywords
- access
- access control
- related news
- control related
- controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention relates to a software defined access network, which comprises one or more access points, one or more middle switches, and a controller. The controller is used for receiving access control related messages, type information and corresponding input port information from the access nodes, a control module corresponding to the type information in the controller is used for processing the access control related messages, a processing result is used for constructing an access control response message and/or forwarding rule, the response message and the output port information are sent to the access nodes, and/or the forwarding rule is sent to the access nodes and/or the middle switches for configuration, and thus a forwarding path is constructed for user equipment allowed to access the access network. The access node is also used for receiving the response message from the controller and forwarding the response message to the user equipment according to the output port information.
Description
Technical field
The present invention relates generally to network communication field, relates to the method for controlling user's access in the Access Network of SDNization and device especially.
Background technology
At present, software defined network (software defined network is called for short SDN) and network function virtual (network function virtualization is called for short NFV) become much-talked-about topic in the industry.The equipment with data surface function is simplified, making it only for forwarding data based on transmitting, making the centralization of chain of command function simultaneously, become a kind of trend of SDN.SDN dynamically can better meet application and business demand, can make network programmable more in other words.In addition, NFV make at present proprietary with specific hardware platform on the network that runs or telecommunication application can run on virtual cloud platform.
Current multiservice broadband access network network generally comprises multiple access node (access nodes is called for short ANs), and switch.These access nodes both assume responsibility for the function of data surface, such as business data packet is forwarded, also assume responsibility for the function of chain of command simultaneously, such as in these access nodes, be provided with various agency, comprise address resolution (address resolution protocol, be called for short ARP) agency, access authentication agencies etc. are used for managing Access Network.
Summary of the invention
The application be intended to the structure changing existing access network, and provide the novel access network of a kind of SDNization, NFVization.That is, while the controlling functions that reservation Access Network accesses user, access node is simplified as far as possible, makes the controlling functions centralization of Access Network simultaneously.
The access network that an embodiment of the application provides a kind of software definition comprises: one or more access node, for receiving the access control related news coming from subscriber equipment, and described access control related news and type information thereof and corresponding input port information are forwarded, one or more intermediary switch, and controller, for receiving described access control related news and type information thereof and corresponding input port information from described access node, and utilize control module corresponding to described type information in described controller to process described access control related news, and build access control response message according to the result of described process and/or forward rule, and described response message and output port information thereof are sent to described access node, and/or send to described access node and/or described intermediary switch to be configured described forwarding rule, thus set up forward-path for the subscriber equipment being allowed to access described access network, described response message also for receiving described response message from described controller, and is transmitted to described subscriber equipment according to described output port information by wherein said access node.
Especially, described controller also processes described access control related news for contacting the server corresponding to described type information, and builds described access control response message and/or described forwarding rule based on the result that described server and/or described controller are made.
Especially, above-mentioned access network also comprises wideband network gateway, or virtual cloud node, it is described switch that wherein said controller is used for when processing described user access control related news, described wideband network gateway, or virtual cloud Joint Enterprise forwards rule accordingly to coordinate described access node to be that forward-path set up by the described subscriber equipment being allowed to access described access network.
Especially, corresponding control module at least comprises access authentication module, address resolution proxy module, DynamicHost Configuration Agent module, or one or more in multicast control and management proxy module; Wherein said corresponding server at least comprises access authentication server and/or Dynamic Host Configuration Protocol server and/or Network Policy Server.
A kind of method for controlling the access network of software definition that still another embodiment provides of the application comprises: receive access control related news by one or more access node from subscriber equipment; The type information of described access control related news and corresponding input port information and described access control related news is transmitted to the controller of described access network by described access node; Described controller utilizes corresponding control module to process described access control related news for described type information; Described controller builds access control response message based on the result of described process, and described access control response message and corresponding output port information are sent to described access node, and build access control response message according to the result of described process and/or forward rule, and by described response message and/or forward rule and send to described access node and/or intermediary switch, thus set up forward-path for the subscriber equipment being allowed to access described access network; And described access node obtains described access control response message and according to described output port information, this message is transmitted to described subscriber equipment.
Especially, said method also comprises described controller and contacts corresponding server for described type information and process described access control related news, and builds described access control response message and/or described forwarding rule based on the result that described server and/or described controller are made.
Especially, described access control related news at least comprise address resolution message, LAN Extending authentication message, dynamic host configuration protocol (DHCP) message, or one or more in multicast control and management message; Described controller and/or described server at least comprise access authentication, address resolution to the process that described access control relevant information is carried out, and DynamicHost configures, or multicast control and management.
An embodiment of the application provides a kind of for assisting the method controlled the access network of software definition in the access node, comprise and receive access control related news from subscriber equipment, and described access control related news are transmitted to the controller of described Access Network; Receive access control response message and/or forward-path from described controller, and according to the output port information in described response message, the response message of described access control is transmitted to corresponding subscriber equipment; According to described forwarding rule for forward-path set up by the subscriber equipment being allowed to access described access network.
Especially, said method also comprises and identifying described access control related news, to determine the type of described access control related news; And described access control related news are encapsulated, at least add the type information of described access control related news, and receive the input port information of described access control related news.
Especially, the type of described access control related news at least comprises address resolution message, LAN Extending authentication message, dynamic host configuration protocol (DHCP) message, or multicast control and management message.
One of the application embodiment still provides a kind of access node for performing above-mentioned either method.
The application still another embodiment provides a kind of in the controller of the Access Network of software definition to the method that described Access Network controls, comprise and receive access control related news from the one or more access nodes described Access Network; Corresponding control module in described controller is utilized to process described access control related news; And build response message and/or forwarding rule according to described result, and described response message is sent to described access node, and/or described forwarding rule is sent to described access node and/or one or more intermediary switch, and according to described forwarding rule, described access node and/or described switch are configured.
Especially, described method also comprises the corresponding server of contact and processes described access control related news, and builds described response message and/or described forwarding rule according to the result of described server and/or the result of described controller.
Especially, described method also comprises carries out decapsulation to described access control related news, and therefrom obtains the type information of described access control related news, and receives the input port information of described access control related news; And described access control response message is encapsulated, at least add the output port information specified by described response message.
Especially, the process that described controller and/or described server carry out at least comprises access authentication, address resolution, and DynamicHost configures, or one or more in multicast control and management.
The another access network controller that embodiment still provides the software definition realizing above-mentioned either method of the application.
The access network of the SDNization adopting the embodiment of the present application to provide makes Virtual network operator just can carry out new business rapidly only by carrying out renewal to controller.In addition, for network element control and management with can implement based on unified method the access control of user.In addition, for a large amount of access network using access node, because the function and structure of access node is simplified, the cost that the method and apparatus therefore adopting the application to provide builds access network also will significantly reduce.
Accompanying drawing explanation
Figure 1 shows that the Access Network schematic diagram according to the application's embodiment;
Figure 2 shows that according to the flow chart carrying out access authentication in the Access Network of the application's embodiment;
Figure 3 shows that at the detail flowchart carrying out access authentication according to the application's embodiment in Access Network;
Figure 4 shows that according to the flow chart carrying out address resolution in the Access Network of the application's embodiment;
Figure 5 shows that according to the generalized flow chart of carrying out access control in the Access Network of the application's embodiment;
Figure 6 shows that in the application's embodiment for identifying the rule of the type of access control related news;
Figure 7 shows that the packet-in message of the application's embodiment;
Figure 8 shows that the packet-in message of the application's embodiment; And
Figure 9 shows that the packet-out message of the application's embodiment.
Embodiment
Discuss manufacture and the use of the embodiment of the application below in detail.But, should be understood that, the invention provides many feasible inventive concept can implemented under various concrete background.The specific embodiment discussed is only illustrate manufacture and use concrete mode of the present invention, does not limit the scope of the invention.
Figure 1 shows that the access network architecture schematic diagram of the software definition according to the application's embodiment.Subscriber equipment 107 can directly or by various different modes, such as optical distribution network (ODN), xDSL, PON, point-to-point optical fiber link or WiFi wireless link etc. be linked into access node 1021,1022 or 1023.Work under the control of access node 1021,1022 and 1023 controller 101 within the access network.According to an embodiment of the application, described Access Network can also comprise one or more switch 1041-1042.In addition, described Access Network can also comprise wideband network gateway (broadband network gateway) 105, and virtual cloud node (virtual node cloud) 106, for realizing NFV function, can work under the control of controller 101 respectively.According to an embodiment of the application, access node 1021-1023, intermediary switch 1041-1042, wideband network gateway can be worked under the control of the controller 101 of described access network by open flow interface 108 with 105 and virtual cloud node 106.
According to an embodiment of the application, access node 1021,1022 and 1023 all only possesses data surface function, and does not possess chain of command function, that is access point 1021,1022 or 1023 can not process the access control related news coming from subscriber equipment 107.Controller 101 has converged the chain of command function of described access network.According to an embodiment of the application, controller 101 can comprise one or more access control module, such as ARP proxy, access authentication agency (as IEEE802.lx agency), multicast control and management is acted on behalf of, DynamicHost configuration (DHCP) agency etc.
Figure 2 shows that the flow chart carrying out access authentication in the access network of the software definition shown in Fig. 1.In step 201, subscriber equipment 107 sends access control related news to access node such as 1021, LAN Extending certification (Extensible Authentication Protocol over LAN the is called for short EAPOL) message such as, defined in IEEE802.lx.
In step 202, the type of access node 1021 to the access control related news received by it identifies.Access node 1021 can carry out described identification based on different clues, such as, according to the ethernet type of this message, and IP address, or agreement code (protocol number) etc.Figure 6 shows that the exemplary rules list that access control related news type is identified, ethernet type be 0 × 0806 message be identified as ARP message, ethernet type is that the message of 0 × 0888E is identified as EAPOL message, IP reach an agreement on code be 2 message be identified as internet group management (Internet Group Management Protocol) message, UDP port number be 67/68 message be identified as dhcp message.Certainly, those of ordinary skill in the art are known, under the prerequisite of scope not departing from the application, can arrange different recognition rules as required.
In step 202, access node 1021 and then EAPOL message encapsulation is become the packet-in message with the openflow operating such of SDN.Figure 6 shows that the example of described packet-in message.As shown in Figure 7, the part representated by 701 is the adjustment carried out the reason part of packet-in message.Fig. 8 is the specific definition to the reason part sending this message in Fig. 7, and wherein 801 representatives increase by two to be used for indicating respectively in packet-in message packaged message be ARP message or access authentication message in original reason part.Certainly, according to different application, the type of message that more reason is used for indicating other can also be defined.
As shown in Figure 7, come from the access control related news of subscriber equipment 107, such as EAPOL message, be encapsulated among the struct ofp_match match part in packet-in message representated by 702.In addition, the input port information receiving these access control related news also can be included among struct ofp_match match part.
In step 203, packaged packet-in message is sent to controller 101 by access node 1021.In step 204, controller 101 carries out decapsulation to received packet-in message.Owing to containing the type information of access control related news in the packet-in message that provides in the application, therefore controller 101 can directly adopt corresponding control module to process these access control related news.
In the present embodiment, access control related news are EAPOL message, and therefore controller 101 calls access authentication module and processes this EAPOL message.When being necessary, in step 205, this EAPOL message conversion can be remote customer dialing authentication system (Remote Authentication Dial In User S ervice by controller 101, be called for short RADIUS) message, send to certificate server such as aaa server 1031, and receive treated EAPOL message from aaa server 1031.
In step 206, controller 101 builds EAPOL response message based on the result through itself and/or such as aaa server 1031 pairs of EAPOL message, and this should be become the packet-out message with openflow operating such by message encapsulation.According to an embodiment of the application, if the corresponding subscriber equipment of this EAPOL message is allowed to access described access network, controller 101 and/or such as aaa server 1031 can also be access node, such as access node 1021,1022 or 1023 and intermediary switch such as 1041 or 1042 formulate and forward rule, thus be formed as the subscriber equipment be allowed to access set up forward-path.As shown in Figure 9, the part of 901 representatives contains the input port information of EAPOL message, the struct ofp_action_header actions part of 902 representatives contains EAPOL response message and output port information thereof, namely on access node 1201 for export EAPOL response message user port information such as with 901 in EAPOL input port information identical.
In step 207, access node 1021 carries out decapsulation to obtain EAPOL response message to received packet-out message, and in step 208 according to the output port information in packet-out, EAPOL response message is exported to corresponding subscriber equipment 107.Described access node 1021 can carry out configuration service in the forward-path of the subscriber equipment by certification according to the forwarding rule in packet-out message.
Figure 3 shows that the detail flowchart carrying out access authentication in the Access Network of the software definition of an embodiment according to the application.Compared with the flow process shown in Fig. 2, Fig. 3 shows more detailed information exchange step.Especially, in step 301, when subscriber equipment passes through certification, the RADIUS such as receiving to come from certificate server accepts message, if also comprise service request in the user rs credentials (credential) of IEEE802.1x, controller can obtain the optimal transmission paths of the business that it is asked for described subscriber devices compute, that is, by being configured access node, build thereon and transmit or forward rule, thus set up data path between described subscriber equipment and suitable network element.Especially, controller can also to intermediate node such as switch, and broadband network Service Gateway BNG or virtual cloud node are configured, and structure is transmitted, thus the business datum path needed for setting up.
When subscriber equipment is not by certification, controller can indicate this access node and/or corresponding intermediate node to delete and it transmits accordingly or forwards rule, relating to not by the data path of the port of certification to remove.
Figure 4 shows that and carry out address resolution flow chart in the access network of the software definition of an embodiment according to the application.
In step 401, subscriber equipment 107 sends access control related news, such as ARP message to access node such as 1021.
In step 402, the type of access node 1021 to the access control related news received by it identifies, ARP message encapsulation is become the packet-in message with the openflow operating such of SDN, and in this packet-in message, include type information and the input port information of described access control related news in.
In step 403, packet-in message is issued controller 101 by access node 1021.In step 404, controller 101 pairs of packet-in message carry out decapsulation, and adopt address resolution proxy module to process ARP message.In step 405, the arp reply message obtained based on described result and corresponding output port Information encapsulation are sent to access node 1021 by controller 101 in packet-out message.
In step 406, access node 1021 pairs of packet-out message are carried out decapsulation thus are obtained arp reply message, and according to corresponding output port information, arp reply message are sent to corresponding subscriber equipment 107 in step 407.
In the access network of the SDNization described in the application, adopt similar method and apparatus, can also DynamicHost configuration be carried out, the operation that the access such as multicast control and management is relevant.
Figure 5 shows that the generalized flow chart of carrying out access control according to the application's embodiment in the access network of software definition, that is Figure 5 shows that for various dissimilar access control message, adopt the flow chart that the access of controller to user provided in the embodiment of the present application controls.In step 501, subscriber equipment 107 sends access control related news to such as access node 1021.In step 502, the rule of access node 1021 according to such as Fig. 6 identifies the type of these access control related news, and these access control related news are packaged into packet-in message, and by the input port information of these access control related news and type information included.
In step 503, this packet-in message is sent to controller 101 by access node 1021, this packet-in message wherein corresponding new reason part for different access control associated message definitions as shown in Figure 7.In step 504, controller 101 pairs of packet-in message carry out decapsulation, and according to the type information of reason part/access control related news wherein, adopt corresponding processing module to process access control related news.In step 505, if needed, controller 101 also can contact corresponding server and process access control related news, and obtains corresponding result from server.Wherein, the result of described controller 101 and/or server at least comprises response message and/or the relevant forwarding rule of access control related news.
In step 506, controller 101 is by the response message of access control related news and/or forward rule and output port Information encapsulation becomes packet-out message to send to access node 1021 and/or switch such as 1041.In step 507, access node 1021 carries out decapsulation to the packet-out message received from controller 101, and obtains corresponding output port information, response message and/or forwarding rule.In step 508, response message is sent to user 107 by the output port of specifying by access node 1021.
If needed, such as will for subscriber equipment 107 set up one by Node-to-switch to the such as HSI service channel of broadband network Service Gateway time, above-mentioned flow process can also comprise step 509 (not shown), controller 101 can produce respective rule and send to interdependent node, switch, and/or broadband network Service Gateway carries out relevant configuration.This step can be similar as the subsequent step in the flow process shown in Fig. 3 or Fig. 4.
Those skilled in the art are easy to just learn, can change materials and methods within the scope of the invention.Should also be understood that except for illustration of except the concrete linguistic context of embodiment, the invention provides many applicable inventive concept.Correspondingly, claims are intended to such process, machine, manufacture, material synthesis, device, method or step to be included in their scope.
Claims (16)
1. an access network for software definition, comprising:
One or more access node, for receiving the access control related news coming from subscriber equipment, and forwards described access control related news and type information thereof and corresponding input port information;
One or more intermediary switch; And
Controller, for receiving described access control related news and type information thereof and corresponding input port information from described access node, and utilize control module corresponding to described type information in described controller to process described access control related news, and build access control response message according to the result of described process and/or forward rule, and described response message and output port information thereof are sent to described access node, and/or send to described access node and/or described intermediary switch to be configured described forwarding rule, thus set up forward-path for the subscriber equipment being allowed to access described access network,
Described response message also for receiving described response message and/or described forwarding rule from described controller, and is transmitted to described subscriber equipment according to described output port information by wherein said access node.
2. access network as claimed in claim 1, wherein said controller also processes described access control related news for contacting the server corresponding to described type information, and builds described access control response message and/or described forwarding rule based on the result that described server and/or described controller are made.
3. access network as claimed in claim 1, also comprise wideband network gateway, or virtual cloud node, it is described switch that wherein said controller is used for when processing described user access control related news, described wideband network gateway, or virtual cloud Joint Enterprise forwards rule accordingly to coordinate described access node to be that forward-path set up by the described subscriber equipment being allowed to access described access network.
4. as the access network as described in arbitrary in claim 1-3, wherein said corresponding control module at least comprises access authentication module, address resolution proxy module, DynamicHost Configuration Agent module, or one or more in multicast control and management proxy module; Wherein said corresponding server at least comprises access authentication server and/or Dynamic Host Configuration Protocol server and/or Network Policy Server.
5. the method for controlling the access network of software definition, comprises
Access control related news are received from subscriber equipment by one or more access node;
The type information of described access control related news and corresponding input port information and described access control related news is transmitted to the controller of described access network by described access node;
Described controller utilizes corresponding control module to process described access control related news for described type information;
Described controller builds access control response message based on the result of described process, and described access control response message and corresponding output port information are sent to described access node, and build access control response message according to the result of described process and/or forward rule, and by described response message and/or forward rule and send to described access node and/or intermediary switch, thus set up forward-path for the subscriber equipment being allowed to access described access network; And
Described access node obtains described access control response message and according to described output port information, this message is transmitted to described subscriber equipment.
6. method as claimed in claim 5, also comprise described controller to contact corresponding server for described type information and process described access control related news, and build described access control response message and/or described forwarding rule based on the result that described server and/or described controller are made.
7. the method as described in claim 5 or 6, wherein said access control related news at least comprise address resolution message, LAN Extending authentication message, dynamic host configuration protocol (DHCP) message, or one or more in multicast control and management message; Described controller and/or described server at least comprise access authentication, address resolution to the process that described access control relevant information is carried out, and DynamicHost configures, or multicast control and management.
8., for assisting the method controlled the access network of software definition in the access node, comprise
Receive access control related news from subscriber equipment, and described access control related news are transmitted to the controller of described Access Network;
Receive access control response message from described controller and/or forward rule, and according to the output port information in described response message, the response message of described access control being transmitted to corresponding subscriber equipment;
According to described forwarding rule for forward-path set up by the subscriber equipment being allowed to access described access network.
9. method as claimed in claim 8, also comprises
Described access control related news are identified, to determine the type of described access control related news; And
Described access control related news are encapsulated, at least adds the type information of described access control related news, and receive the input port information of described access control related news.
10. method as claimed in claim 9, the type of wherein said access control related news at least comprises address resolution message, LAN Extending authentication message, dynamic host configuration protocol (DHCP) message, or multicast control and management message.
11. 1 kinds require the access node of either method in 8-10 for enforcement of rights.
12. 1 kinds in the controller of the Access Network of software definition to the method that described Access Network controls, comprise
Access control related news are received from the one or more access nodes described Access Network;
Corresponding control module in described controller is utilized to process described access control related news; And
Build response message according to described result and/or forward rule, and described response message is sent to described access node, and/or described forwarding rule is sent to described access node and/or one or more intermediary switch, and according to described forwarding rule, described access node and/or described switch are configured.
13. methods as claimed in claim 12, also comprise the corresponding server of contact to process described access control related news, and build described response message and/or described forwarding rule according to the result of described server and/or the result of described controller.
14. methods as described in claim 12 or 13, also comprise
Decapsulation is carried out to described access control related news, and therefrom obtains the type information of described access control related news, and receive the input port information of described access control related news; And
Described access control response message is encapsulated, at least adds the output port information specified by described response message.
15. methods as described in claim 12 or 13, the process that wherein said controller and/or described server carry out at least comprises access authentication, address resolution, and DynamicHost configures, or one or more in multicast control and management.
16. 1 kinds of access network controllers for the software definition of either method in enforcement of rights requirement 12-15.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410005937.8A CN104767696B (en) | 2014-01-07 | 2014-01-07 | The method and device of user's access is controlled in the access net of SDNization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410005937.8A CN104767696B (en) | 2014-01-07 | 2014-01-07 | The method and device of user's access is controlled in the access net of SDNization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104767696A true CN104767696A (en) | 2015-07-08 |
| CN104767696B CN104767696B (en) | 2018-05-04 |
Family
ID=53649318
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410005937.8A Active CN104767696B (en) | 2014-01-07 | 2014-01-07 | The method and device of user's access is controlled in the access net of SDNization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104767696B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105376252A (en) * | 2015-12-02 | 2016-03-02 | 福建星网锐捷网络有限公司 | Distributed architecture data communication device, distributed architecture data communication device authentication method and service board |
| CN106130787A (en) * | 2016-07-28 | 2016-11-16 | 中国电信集团工会上海市网络操作维护中心委员会 | A kind of transaction processing system based on software defined network |
| CN106506515A (en) * | 2016-11-22 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of authentication method and device |
| CN107094157A (en) * | 2017-06-22 | 2017-08-25 | 电子科技大学 | A kind of RADIUS safety certifying methods and system based on SDN |
| CN107181720A (en) * | 2016-03-11 | 2017-09-19 | 中兴通讯股份有限公司 | A kind of method and device of software definition networking SDN secure communications |
| WO2017166936A1 (en) * | 2016-03-29 | 2017-10-05 | 中兴通讯股份有限公司 | Method and device for implementing address management, and aaa server and sdn controller |
| CN107645556A (en) * | 2017-09-26 | 2018-01-30 | 中国联合网络通信有限公司广东省分公司 | A kind of method and its forwarding and control device realized SDN and turn the broadband user's access and keep-alive of control separation |
| CN108494894A (en) * | 2018-03-27 | 2018-09-04 | 快云信息科技有限公司 | A kind of privately owned cloud cluster access system and cut-in method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7657011B1 (en) * | 2006-03-16 | 2010-02-02 | Juniper Networks, Inc. | Lawful intercept trigger support within service provider networks |
| CN103209225A (en) * | 2013-04-03 | 2013-07-17 | 北京邮电大学 | Software defined network (SDN) broadcast processing method based on cycle trigger agent |
| CN103269278A (en) * | 2013-04-19 | 2013-08-28 | 中国(南京)未来网络产业创新中心 | Terminal equipment real-time connecting and disconnecting sensing method based on SDN |
| CN103428306A (en) * | 2013-08-02 | 2013-12-04 | 北京华为数字技术有限公司 | Network element equipment online method and system and network element equipment |
| CN103428771A (en) * | 2013-09-05 | 2013-12-04 | 迈普通信技术股份有限公司 | Communication method, software defined network SDN switch and communication system |
-
2014
- 2014-01-07 CN CN201410005937.8A patent/CN104767696B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7657011B1 (en) * | 2006-03-16 | 2010-02-02 | Juniper Networks, Inc. | Lawful intercept trigger support within service provider networks |
| CN103209225A (en) * | 2013-04-03 | 2013-07-17 | 北京邮电大学 | Software defined network (SDN) broadcast processing method based on cycle trigger agent |
| CN103269278A (en) * | 2013-04-19 | 2013-08-28 | 中国(南京)未来网络产业创新中心 | Terminal equipment real-time connecting and disconnecting sensing method based on SDN |
| CN103428306A (en) * | 2013-08-02 | 2013-12-04 | 北京华为数字技术有限公司 | Network element equipment online method and system and network element equipment |
| CN103428771A (en) * | 2013-09-05 | 2013-12-04 | 迈普通信技术股份有限公司 | Communication method, software defined network SDN switch and communication system |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105376252A (en) * | 2015-12-02 | 2016-03-02 | 福建星网锐捷网络有限公司 | Distributed architecture data communication device, distributed architecture data communication device authentication method and service board |
| CN105376252B (en) * | 2015-12-02 | 2019-06-14 | 福建星网锐捷网络有限公司 | Distributed architecture data communication equipment and its authentication method, business board |
| CN107181720A (en) * | 2016-03-11 | 2017-09-19 | 中兴通讯股份有限公司 | A kind of method and device of software definition networking SDN secure communications |
| CN107181720B (en) * | 2016-03-11 | 2021-06-15 | 中兴通讯股份有限公司 | Software Defined Networking (SDN) secure communication method and device |
| WO2017166936A1 (en) * | 2016-03-29 | 2017-10-05 | 中兴通讯股份有限公司 | Method and device for implementing address management, and aaa server and sdn controller |
| CN107241454A (en) * | 2016-03-29 | 2017-10-10 | 中兴通讯股份有限公司 | A kind of method for realizing address administration, device, aaa server and SDN controllers |
| CN107241454B (en) * | 2016-03-29 | 2019-08-16 | 中兴通讯股份有限公司 | A kind of method, apparatus that realizing address administration, aaa server and SDN controller |
| CN106130787A (en) * | 2016-07-28 | 2016-11-16 | 中国电信集团工会上海市网络操作维护中心委员会 | A kind of transaction processing system based on software defined network |
| CN106506515A (en) * | 2016-11-22 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of authentication method and device |
| CN107094157A (en) * | 2017-06-22 | 2017-08-25 | 电子科技大学 | A kind of RADIUS safety certifying methods and system based on SDN |
| CN107645556A (en) * | 2017-09-26 | 2018-01-30 | 中国联合网络通信有限公司广东省分公司 | A kind of method and its forwarding and control device realized SDN and turn the broadband user's access and keep-alive of control separation |
| CN108494894A (en) * | 2018-03-27 | 2018-09-04 | 快云信息科技有限公司 | A kind of privately owned cloud cluster access system and cut-in method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104767696B (en) | 2018-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104767696A (en) | Method and device for controlling user access in SDN (software defined network) access network | |
| JP4323355B2 (en) | Packet transfer device | |
| US10044830B2 (en) | Information system, control apparatus, method of providing virtual network, and program | |
| JP4803562B2 (en) | Routing device, routing module and routing method for an access network | |
| KR100738553B1 (en) | Complex network management system and method thereof | |
| US8442053B2 (en) | Establishing connection across a connection-oriented telecommunications network in response to a connection request from a second telecommunications network | |
| CN108011754B (en) | Transfer control separation system, backup method and device | |
| WO2016115853A1 (en) | User equipment (ue) processing method and apparatus | |
| CN107645394B (en) | Switch configuration method in SDN network | |
| KR101658824B1 (en) | Method, apparatus and computer program for updating flow rules of software defined network | |
| JP6480452B2 (en) | Packet processing method and apparatus | |
| WO2016169260A1 (en) | Authentication and registration method, device and system for optical access module | |
| KR20170023493A (en) | Apparatus and method for controlling network service in environment of interworking between software defined network and legacy network | |
| JPWO2013176262A1 (en) | Packet transfer system, control device, packet transfer method and program | |
| CN101860769B (en) | Method, device and system for fusing IP and light | |
| CN109981462B (en) | Message processing method and device | |
| CN104320322A (en) | Message control method and equipment | |
| JP2004525585A (en) | Data stream filtering apparatus and method | |
| KR102092015B1 (en) | Method, apparatus and computer program for recognizing network equipment in a software defined network | |
| JP4753254B2 (en) | Encryption communication system, and OLT and ONU provided with encryption means | |
| CN116192566A (en) | Gateway registration method, device, equipment and storage medium | |
| WO2016101437A1 (en) | Method and device for service cutover and wide-band access server | |
| JP4750725B2 (en) | Communication system and communication method | |
| JP3794496B2 (en) | Network connection method, network connection system, layer 2 switch and management server constituting the same | |
| KR101969304B1 (en) | Method and computer program for handling trouble using packet-out message in software defined networking environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 201206 Shanghai, Pudong Jinqiao Ning Bridge Road, No. 388, No. Applicant after: Shanghai NOKIA Baer Limited by Share Ltd Address before: 201206 Shanghai, Pudong Jinqiao Ning Bridge Road, No. 388, No. Applicant before: Shanghai Alcatel-Lucent Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |