CN104902007B - The method that PPPOE agreements multi-operator accesses shared link - Google Patents
The method that PPPOE agreements multi-operator accesses shared link Download PDFInfo
- Publication number
- CN104902007B CN104902007B CN201510191215.0A CN201510191215A CN104902007B CN 104902007 B CN104902007 B CN 104902007B CN 201510191215 A CN201510191215 A CN 201510191215A CN 104902007 B CN104902007 B CN 104902007B
- Authority
- CN
- China
- Prior art keywords
- operator
- messages
- pppoe
- user
- interchanger
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The invention discloses the methods of PPPOE agreements multi-operator access shared link, user terminal passes through LI(link interface) accessing user region core switch, multiple operator PPPOE servers pass through respective operator's end core interchanger accessing user region core switch respectively, different operator codes is set respectively to each operator, by being configured respectively to each operator's end core interchanger or user area core switch being configured, let pass corresponding data message and block other data messages.The method of the present invention realizes that multiple network operators share a set of access device and circuit, saves great amount of investment cost, and each operator is non-interference, safe;Campus network or cell realize that the management of whole network is unified, security monitoring and strategy are convenient to carry out, easy to maintain, maintenance cost is low;User's network access authentication mode is unified, online set it is simple, can according to service, price, using etc. demands select the operator oneself being satisfied with, the more good online experience of enjoyment.
Description
Technical field
The invention belongs to field of computer technology, and in particular to PPPOE agreements multi-operator accesses shared link method.
Technical background
PPPOE (the point-to-point connection protocol on Ethernet) certification is applied to the ADSL of telecom operators on a large scale at present
It is extension of telecom operators' traditional PSTN narrowband dialing access technology to Ethernet access technique, i.e., with bandwidth more in access
Big Ethernet substitution traditional PSTN is consistent with original narrowband network access authentication of user system, and has its inherent advantage.
First, configuration is simple, and the online that can not be changed user using PPPOE is accustomed to, and reduces the training of user;2nd, charging mode is flexible
Convenient, PPPoE is easy to check user offline, when can be based on by the foundation and release of PPP session to user
Long or flow statistics;3rd, it is safe, the end-to-end of accessing user and access device can be realized on the network of broadcast-type
Connection, user isolation can be effectively carried out, so as to take precautions against virus, such as ARP virus attacks;4th, manage and easy to maintain,
Due to using two layers of certification, all link devices are all operated in the second layer, can effectively control by ARP protocol PPPOE network accesses
Caused broadcast storm;And it using dynamic IP address allocation, voluntarily changes IP address there is no user and generates IP address punching
Many advantages, such as the problem of prominent, it can be very good the place for meeting the needs network operation such as school, cell.
Traditional campus network or cell are mainly individually runed by an operator or You Duojia operators exist, each to transport
Business is sought by the way of separate lines, independent O&M, this has resulted in school of same institute or cell there are a plurality of operators to access
Circuit, the cumbersome disunity of access way, operation management are fought separately disunity, and there are repeated construction, the wastings of resources for network.In order to
User is allowed to have a better online experience, enjoys better service, introduces the competition of Duo Jia operators, realize more net unifications also just into
Certainty.But using will user's access link merge after be present with the select permeability of user link, when only existing one in network
It is socketed into network, and there are sending a PADI broadcasting packet during multiple access carriers, after subscriber dialing first into network,
Multiple operators can all receive the message, and each return to a PADO message to user, since different access carriers takes
The business device reaction time differs, and user can successively receive these PADO messages, and according to the authentication mechanism of PPPOE, user will be in the
The operator of one operator's PADO message received is authenticated, and this operator is not necessarily user and it is expected connection
Operator, user login validation is caused to fail, user is made normally not dock certification with oneself desired operator.How
Solving the above problems makes user that need to only be concerned about enjoyed service and price, without paying close attention to structure and the setting of network complexity, just
Into the hot topic of research.
The content of the invention
The technical problems to be solved by the invention are to provide a kind of method of PPPOE agreements multi-operator access shared link
With solve in existing campus network or cell there are multiple independent operators multiple access passages merge into one access passage when
The user link select permeability of generation.
The present invention adopts the following technical scheme that solution above-mentioned technical problem:
The method that PPPOE agreements multi-operator accesses shared link, user terminal connect user area core by LI(link interface)
Heart interchanger, multiple operator PPPOE servers connect user area core by respective operator's end core interchanger respectively
Heart interchanger, comprises the following steps:
(1) different operator codes is set to each operator respectively;
(2) each operator's end core interchanger is respectively configured, configuration strategy is:It is connected with user access core interchanger
Interface on inflow direction, this operator end core interchanger lets pass the PADI messages comprising this operator code and other numbers
According to message, the PADI messages for including other operator codes are blocked;
(3) user fills in the operator code for needing to connect and other dialing letters in " service name " of dialup client
Breath forms the PADI messages for including operator code;
(4) PADI messages are initiated in dialup client dialing broadcast;
(5) each operator's end core interchanger is exchanged flowing into operator's end core from user kernel mapping of field machine respectively
The PADI messages of machine access control:Each operator's end core interchanger each unpacks the PADI messages analysis, extraction fortune
Shang dynasty code is sought, judges whether one's own PADI messages, if it is not, then abandoning the PADI messages, otherwise let pass the PADI
Message;
(6) the PPPOE servers of corresponding operator receive the PADI request messages of user and return PADO messages to dial
Number client;
(7) the PPPOE servers of dialup client and corresponding operator are completed PPPOE discovery phases and are connected, and with it is right
The PPPOE servers for the operator answered complete login authentication.
The method that PPPOE agreements multi-operator accesses shared link, user terminal connect user area core by LI(link interface)
Heart interchanger, multiple operator PPPOE servers connect user area core by respective operator's end core interchanger respectively
Heart interchanger, comprises the following steps:
(1) different operator codes is set to each operator respectively;
(2) user area core switch is configured, configuration strategy is:In the operation being connected with operator end core interchanger
The inflow direction of business's interface, each Operator interface clearance include the PADO messages and other data messages of this operator code,
Block the PADO messages for including other operator codes;
(3) user fills in the operator code for needing to connect and other dialing letters in " service name " of dialup client
Breath forms the PADI messages for including operator code;
(4) PADI messages are initiated in dialup client dialing broadcast;
(5) each operator end PPPOE servers each return to PADO messages;
(6) user area core switch accesses to above-mentioned PADO messages control:User area core switch point
The PADO messages that each operator end PPPOE servers return are not unpacked and analysis and extract operator code, judge each PADO
Whether message and the Operator interface that it is flowed into are corresponding, otherwise the PADO messages of if it is letting pass abandon the PADO messages;
(6) dialup client receives PADO messages;
(8) dialup client and corresponding operator complete PPPOE discovery phases and connect, and with corresponding operator
PPPOE servers complete login authentication.
The marked improvement of the present invention is:
Multiple network operators share a set of access device and circuit, save great amount of investment cost, operator's back-end data
It is non-interference, safe in each operator room;For campus network or cell, management unification, the security monitoring of whole network
It is convenient to carry out with strategy, easy to maintain, maintenance cost is low;For a user, network access authentication mode is unified, and online sets letter
It is single, it is often more important that can according to service, price, using etc. demands select the operator oneself being satisfied with, on enjoyment is more good
Dictyosome is tested.
Description of the drawings
Fig. 1 is the structure diagram of PPPOE agreements multi-operator access shared link of the present invention;
Fig. 2 is the structure diagram for the method that shared link is accessed using PPPOE agreements multi-operator of the present invention, wherein by
Each operator's end core interchanger respectively accesses to PADI messages control;
Fig. 3 is the structure diagram for the method that shared link is accessed using PPPOE agreements multi-operator of the present invention, wherein by
User area core switch accesses to PADO messages control.
Specific implementation method
The present invention is described in further detail below in conjunction with attached drawing, but does not form limiting the scope of the invention.
The method that PPPOE agreements multi-operator accesses shared link, as shown in Figure 1, user terminal is accessed by LI(link interface)
User area core switch, multiple operator PPPOE servers are accessed respectively by respective operator's end core interchanger
User area core switch, as shown in Figures 2 and 3, this method comprises the following steps:
(1) Duo Jia operators accessing user region core switch, and to the former access network VLAN open services of user.Together
When, respective operator code is supplied to user, operator code requirement uniform length by Duo Jia operators, such as length is 2
Operator code:The operator code of telecommunications company is dx, and II yard of ASC is 6478;The operator code of commmunication company is yd,
II yard of ASC is 7964;The operator code of unicom is lt, and II yard of ASC is 6c74.
(2) user fills in corresponding information such as account number, password by dialup client, then in PPPOE dial-up clients
The operator code for needing to access is set in " service name " attribute at end.
(3) after subscriber dialing, a PADI message can be sent first.The PADI messages of different operators are as follows:
Telecommunications:ff ff ff ff ff ff 74 e5 0b 68 91 d6 88 63 11 09 00 00 00 16 01
01 00 02 64 78 01 03 00 0a 08 00 00 00 00 00 00 00 08 00
It is mobile:ff ff ff ff ff ff 74 e5 0b 68 91 d6 88 63 11 09 00 00 00 16 01
01 00 02 79 64 01 03 00 0a 08 00 00 00 00 00 00 00 08 00
Unicom:ff ff ff ff ff ff 74 e5 0b 68 91 d6 88 63 11 09 00 00 00 16 01
01 00 02 6c 74 01 03 00 0a 08 00 00 00 00 00 00 00 08 00
The each byte of more than message is defined as follows:
1-6 bytes:Destination-mac address is worth for 0x ffffffffffff;
7-12 bytes:Source MAC, the source address of different user is different;
13-14 bytes:Protocol type, PPPOE connections discovery phase are 0x8863;
15th byte:Ver domains and Type domains, PPPOE version numbers and PPPOE types, are worth for 0x11;
16th byte:Code domains if PADI messages, are worth for 0x09, if PADO messages, are worth for 0x07;
17-18 bytes:Session_ID domains;
19-20 bytes:Define the Payload length of field of PPPOE, the length not including Ethernet head and PPPOE heads
Degree;
From the 21st byte, all bytes are the data field of message afterwards;
21-22 bytes:Field type is worth and represents service name for 0x0101;
23-24 bytes:Field length, value is 0x0002 herein, and length is 2 bytes;
25-26 bytes:Service name, i.e. operator code;
27-28 bytes:Field type is worth and represents host-Uniq for 0x0103;
29-30 bytes:Field length, the value actual conditions length are not fixed, and value is 0x000a herein, represent length as
10 bytes;
All bytes after 30th:Host-Uniq real data.
The operator for receiving the PADI messages of user connects and can return to a corresponding PADO message, form and user's PADI phases
Together, the data simply in respective byte are varied from:The destination address of 1-6 bytes becomes the MAC Address of user, 7-12 words
Source address in section is the MAC Address of Provider Equipment.
It can thus be seen that there are two characteristic byte sections for this two classes message:
First characteristic byte section be:13-14 bytes, protocol type, PPPOE connections discovery phase are 0x8863;
Second characteristic byte section be:25-26 bytes, service name, i.e. operator code;
It can determine that distributing corresponding operator PPPOE connections establishes message according to the two characteristic byte sections.
(4) access control method one is used:Operator's end core interchanger is configured at operator end, such as Fig. 2 institutes
Show, correspond to operator's A core switch, operator's B core switch, interface G1, the interface of operator's C core switch respectively
G2, the Way in of interface G3 access control, one's own PADI messages of letting pass, and abandon and are not belonging to the PADI reports of oneself
Text;Such as:The core switch of telecommunications company is let pass comprising the PADI messages that operator code is 6478, abandons operator code
For the PADI messages of other values.
Or use access control method two:In user area, core switch is configured, as shown in figure 3, in user
Region core switch corresponds to operator's A core switch, operator's B core switch, operator C core switch respectively
Interface G4, interface G5, the Way in of interface G6 access control, and operator end without be configured again.With certain operator
Corresponding interface lets pass the PADO messages comprising the operator code and blocks the PADO messages comprising other operator codes.Example
Such as:For the interface of telecommunications company accessing user region core switch, let pass and reported comprising the PADO that operator code is 6478
Text blocks the PADO messages that operator code is other values.
Pair both the above access control method is to establish the message of connection discovery phase to PPPOE to control, i.e.,
0X8863 protocol massages are controlled, so without distinguishing PADO or PADI, need to only be directed to the service of 0X8863 protocol massages
Name field controls.Using access control method for the moment, control strategy is applied in operator's end core switch port
Inflow direction.During using access control method two, control strategy applies the inflow direction in user area core switch port.
Due in the different network equipments, being equipped with other data before data message, corresponding field location can be
Variation, if the operator A in Fig. 2 and Fig. 3 is telecommunications, operator B is movement, and operator C is unicom, using core switch as China
For the collocation method exemplified by s9300 series of switch:
As shown in Fig. 2, being configured using access control method one, each operator's end core interchanger is respectively configured as:
G1 connection inlets direction configuration control strategy be:
1. blocking protocol type is 0x8863, and the message that service name is yd.
rule deny 0x00008863 0x0000ffff 14 0x00007964 0x0000ffff 26
2. blocking protocol type is 0x8863, and the message that service name is lt.
rule deny 0x00008863 0x0000ffff 14 0x00006c74 0x0000ffff 26
G2 connection inlets direction configuration control strategy be:
1. blocking protocol type is 0x8863, and the message that service name is dx.
rule deny 0x00008863 0x0000ffff 14 0x00006478 0x0000ffff 26
2. blocking protocol type is 0x8863, and the message that service name is lt.
rule deny 0x00008863 0x0000ffff 14 0x00006c74 0x0000ffff 26
G3 connection inlets direction configuration control strategy be:
1. blocking protocol type is 0x8863, and the message that service name is dx.
rule deny 0x00008863 0x0000ffff 14 0x00006478 0x0000ffff 26
2. blocking protocol type is 0x8863, and the message that service name is yd.
rule deny 0x00008863 0x0000ffff 14 0x00007964 0x0000ffff 26
As shown in figure 3, being configured using access control method two, user area core switch is configured to:
G4 connection inlets direction configuration control strategy be:
1. blocking protocol type is 0x8863, and the message that service name is yd.
rule deny 0x00008863 0x0000ffff 14 0x00007964 0x0000ffff 26
2. blocking protocol type is 0x8863, and the message that service name is lt.
rule deny 0x00008863 0x0000ffff 14 0x00006c74 0x0000ffff 26
G5 Way ins configuration control strategy be:
1. blocking protocol type is 0x8863, and the message that service name is dx.
rule deny 0x00008863 0x0000ffff 14 0x00006478 0x0000ffff 26
2. blocking protocol type is 0x8863, and the message that service name is lt.
rule deny 0x00008863 0x0000ffff 14 0x00006c74 0x0000ffff 26
G6 Way ins configuration control strategy be:
1. blocking protocol type is 0x8863, and the message that service name is dx.
rule deny 0x00008863 0x0000ffff 14 0x00006478 0x0000ffff 26
2. blocking protocol type is 0x8863, and the message that service name is yd.
rule deny 0x00008863 0x0000ffff 14 0x00007964 0x0000ffff 26
(5) completed by step (4) with postponing, subscriber dialing will not receive the desired service provider of non-user and return
PADO messages, can normal dialing success, dialing success rate 100%.
Claims (2)
- The method that 1.PPPOE agreements multi-operator accesses shared link, user terminal connect user area core by LI(link interface) Interchanger, multiple operator PPPOE servers connect user area core by respective operator's end core interchanger respectively Interchanger, which is characterized in that comprise the following steps:(1) different operator codes is set to each operator respectively;(2) each operator's end core interchanger is respectively configured, configuration strategy is:It is connect with what user access core interchanger was connected Inflow direction on mouth, this operator PADI message of the end core interchanger clearance comprising this operator code and other datagrams Text blocks the PADI messages for including other operator codes;(3) user fills in the operator code for needing to connect and other dialing informations, shape in " service name " of dialup client Into the PADI messages for including operator code;(4) PADI messages are initiated in dialup client dialing broadcast;(5) each operator's end core interchanger from user kernel mapping of field machine respectively to flowing into operator's end core interchanger PADI messages access control:Each operator's end core interchanger each unpacks the PADI messages analysis, extracts operator Code judges whether one's own PADI messages, if it is not, then the PADI messages are abandoned, the PADI messages of otherwise letting pass;(6) the PPPOE servers of corresponding operator, which receive the PADI request messages of user and return to PADO messages, gives dialing visitor Family end;(7) the PPPOE servers of dialup client and corresponding operator are completed PPPOE discovery phases and are connected, and with it is corresponding The PPPOE servers of operator complete login authentication.
- The method that 2.PPPOE agreements multi-operator accesses shared link, user terminal connect user area core by LI(link interface) Interchanger, multiple operator PPPOE servers connect user area core by respective operator's end core interchanger respectively Interchanger, which is characterized in that comprise the following steps:(1) different operator codes is set to each operator respectively;(2) user area core switch is configured, configuration strategy is:It is connect in the operator being connected with operator end core interchanger The inflow direction of mouth, each Operator interface clearance include the PADO messages and other data messages of this operator code, block PADO messages comprising other operator codes;(3) user fills in the operator code for needing to connect and other dialing informations, shape in " service name " of dialup client Into the PADI messages for including operator code;(4) PADI messages are initiated in dialup client dialing broadcast;(5) each operator end PPPOE servers each return to PADO messages;(6) user area core switch accesses to above-mentioned PADO messages control:User area core switch respectively will The PADO messages that each operator end PPPOE servers return, which are unpacked, analysis and extracts operator code, judges each PADO messages Whether corresponding with the Operator interface that it is flowed into, otherwise the PADO messages of if it is letting pass abandon the PADO messages;(6) dialup client receives PADO messages;(8) dialup client and corresponding operator complete PPPOE discovery phases and connect, and with the PPPOE of corresponding operator Server completes login authentication.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510191215.0A CN104902007B (en) | 2015-04-17 | 2015-04-17 | The method that PPPOE agreements multi-operator accesses shared link |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510191215.0A CN104902007B (en) | 2015-04-17 | 2015-04-17 | The method that PPPOE agreements multi-operator accesses shared link |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104902007A CN104902007A (en) | 2015-09-09 |
CN104902007B true CN104902007B (en) | 2018-05-22 |
Family
ID=54034403
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510191215.0A Active CN104902007B (en) | 2015-04-17 | 2015-04-17 | The method that PPPOE agreements multi-operator accesses shared link |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104902007B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107172494B (en) * | 2017-06-29 | 2019-07-16 | 深圳市茁壮网络股份有限公司 | A kind of method for authenticating and right discriminating system |
CN108011932B (en) * | 2017-11-22 | 2020-11-27 | 新华三技术有限公司 | Access processing method and device |
CN108134693B (en) * | 2017-12-18 | 2021-11-26 | 太仓市同维电子有限公司 | Networking parameter configuration method and device of router, router and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008037312A1 (en) * | 2006-09-25 | 2008-04-03 | O2 (Germany) Gmbh & Co. Ohg | Method for authenticating a dsl user |
CN103347010A (en) * | 2013-06-21 | 2013-10-09 | 苏州经贸职业技术学院 | Access authentication processing method of multi-service-provider PPPoE in zone network |
CN104113462A (en) * | 2014-07-09 | 2014-10-22 | 桂林高德科技有限责任公司 | PPPOE method of accessing shared link by multiple operators |
-
2015
- 2015-04-17 CN CN201510191215.0A patent/CN104902007B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008037312A1 (en) * | 2006-09-25 | 2008-04-03 | O2 (Germany) Gmbh & Co. Ohg | Method for authenticating a dsl user |
CN103347010A (en) * | 2013-06-21 | 2013-10-09 | 苏州经贸职业技术学院 | Access authentication processing method of multi-service-provider PPPoE in zone network |
CN104113462A (en) * | 2014-07-09 | 2014-10-22 | 桂林高德科技有限责任公司 | PPPOE method of accessing shared link by multiple operators |
Also Published As
Publication number | Publication date |
---|---|
CN104902007A (en) | 2015-09-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101063080B1 (en) | How to provide Ethernet DSL access multiplexer and dynamic service selection and end-user configuration | |
CN108881798B (en) | It is a kind of to be carried out using bridge service device across view networking conference method and system | |
CN100583773C (en) | Method and device for controlling data link layer elements with network layer elements | |
US8880656B2 (en) | Customer edge device auto-configuration | |
CN100534055C (en) | Method for implementing network access through broadband router | |
CN103039038B (en) | Method and system for efficient use of a telecommunication network and the connection between the telecommunications network and a customer premises equipment | |
US7630386B2 (en) | Method for providing broadband communication service | |
CN107786613A (en) | Broadband Remote Access Server BRAS forwards implementation method and device | |
CN110493351B (en) | Video networking access method, device, equipment and storage medium | |
CA2404907A1 (en) | Methods and apparatus for processing network data transmissions | |
CN109451263A (en) | Communication means and device in video conference | |
CN102307295A (en) | Remote video monitoring system and method based on public switched telephone network-Internet protocol (PSTN-IP) double-network cooperation | |
CN108632558A (en) | A kind of method and apparatus of video calling | |
CN104902007B (en) | The method that PPPOE agreements multi-operator accesses shared link | |
CN108616549A (en) | A kind of file uploading method and file server | |
CN108964962A (en) | A kind of method and system of control view networked terminals | |
CN109787873A (en) | A kind of method and apparatus of multi-to-multi incoming communication | |
CN109617830A (en) | A kind of method and apparatus regarding real time demonstration business in networking | |
CN110072115A (en) | Data processing method, device and storage medium | |
CN107018444A (en) | A kind of telecommunications head end clear stream acquisition methods based on PPPoE dial-up accesses | |
CN107547467A (en) | A kind of circuit authentication method, system and controller | |
Wadhwa et al. | Protocol for Access Node Control Mechanism in Broadband Networks | |
CN108011825B (en) | Multi-network equipment interconnection reality method and system based on software defined network | |
CN110445759A (en) | A kind of electronic whiteboard sharing method and device | |
CN110417792A (en) | Communication means, system, gateway and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |