CN105323325A - Address assignment method for identity and position separation network, and access service node - Google Patents
Address assignment method for identity and position separation network, and access service node Download PDFInfo
- Publication number
- CN105323325A CN105323325A CN201410301968.8A CN201410301968A CN105323325A CN 105323325 A CN105323325 A CN 105323325A CN 201410301968 A CN201410301968 A CN 201410301968A CN 105323325 A CN105323325 A CN 105323325A
- Authority
- CN
- China
- Prior art keywords
- address
- terminal
- asr
- temporary
- mapping table
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
Abstract
The invention provides an address assignment method for an identity and position separation network, and an access service node. The method assigns an IP address to a terminal again based on user's identity after the terminal passes the Portal identity authentication, thereby achieving the identity identification assignment based on the user's identity in a portal authentication network architecture, and providing technical support for the application of the identity and position separation technology in the portal authentication network architecture. Moreover, the method does not need to install a client at the terminal, also does not need to change the current use habits of a user, is convenient to implement, and is good in usability.
Description
Technical field
The present invention relates to data communication technology field, be specifically related to the address distribution method in a kind of identity position separation network and access service node (ASR, AccessServiceRouter).
Identify label and locator separation network
Background technology
In the widely used ICP/IP protocol in existing internet, IP address has dual-use function, both as the station location marker of communication terminal host network interface in network topology of network layer, again as the identify label of transport layer host network interface.Along with the development of mobile network, when the movement of main frame/terminal is more and more general, the defect of this IP address dual-use function is day by day obvious, directly has influence on the route extensibility of internet and the continuity of communication service.
The object of identify label and position isolation technics is the ambiguity problem of the semanteme in order to solve IP address, Fig. 1 illustrates the network architecture of a kind of identify label and position isolation technics system, for convenience of description, herein by this User Identity and locator separation network (SILSN, SubscriberIdentifier & LocatorSeparationNetwork) referred to as identity position separation network.
In FIG, SILSN comprises access service node (ASR, AccessServiceRouter), user terminal (UE, and identify label and location register register (ILR, Identification & LocaterRegister) UserEquipment).Wherein UE is responsible for UE to be linked into internet to ASR, ASR by access network access (not illustrating in Fig. 1), and bears the function such as charging, switching, and ILR bears the function such as position registration, inquiry of user.
In SILSN, to access the identify label of identifier (AID, AccessIDentification) as UE, using Route Distinguisher (RID, RouteIDentification) as the station location marker of UE.Here station location marker is generally the mark of the ASR that UE accesses, and therefore the UE of each SILSN of being linked into has AID and RID of oneself.
When UE accesses SILSN, first register its position by ASR to ILR, under namely which ASR this UE is positioned at.ILR after UE registration, the identifier AID setting up UE and the corresponding relation (AID, RID) of the RID of ASR accessed.Afterwards, if UE1 needs and UE2 communication, UE1 with the identify label AID1 of oneself for source address, address for the purpose of the identify label of UE2, builds and after sending data message, then is inquired about the position of UE2 to ILR by ASR1, namely under UE2 is arranged in which ASR (Fig. 1 is ASR9), then message is sent to corresponding ASR9 by ASR1, and ASR9 by after Message processing, sends to UE2 again.
Above-mentioned network well achieves the identify label of UE and being separated of station location marker, when user moves and roams, do not need to change identify label again, ensure that the continuity of business in moving process, and due to route in network be carry out route according to the address RID of ASR, the quantity of ASR greatly reduces relative to original IP address prefix, improves network Routing expansion.
Summary of the invention
The technical problem that the embodiment of the present invention will solve is to provide address distribution method in a kind of identity position separation network and ASR, realizes the address assignment based on user identity under the gate verification network architecture.
For solving the problems of the technologies described above, the address distribution method in the identity position separation network that the embodiment of the present invention provides, comprising:
An address distribution method in identify label and locator separation network, comprising:
Access service node ASR receives the dhcp discover message that first terminal sends, and dhcp discover message carries the first MAC Address of described first terminal;
Described ASR judges whether described first MAC Address is present in a mapping table, records by the corresponding relation between the user name of each terminal of authentication and MAC Address in described mapping table;
When described first MAC Address is present in described mapping table, described ASR determines according to described mapping table the first user name that described first MAC Address is corresponding, and sends to identify label and location register register ILR the identify label request message carrying described first user name;
Described ASR receives the IP address that described ILR returns, and gives described first terminal by described first IP address assignment, and wherein, a described IP address is that described ILR is called the identify label of described first terminal distribution based on described first user.
Wherein, said method can also comprise:
Described ASR receives the ID authentication request for any terminal that Portal server forwards, and described ID authentication request carries MAC Address, the username and password of described any terminal;
Described authentication request is transmitted to authentication server by described ASR, and after described any terminal is by the authentication of authentication server, records the corresponding relation between the user name of described any terminal and MAC in described mapping table.
Wherein, in said method,
When described first MAC Address is not present in described mapping table, described method also comprises: described ASR forwards described dhcp discover message to Dynamic Host Configuration Protocol server, and the temporary ip address that Dynamic Host Configuration Protocol server is selected from temporary ip address pond is distributed to described first terminal.
Wherein, in said method,
Described the temporary ip address that Dynamic Host Configuration Protocol server is selected from temporary ip address pond is distributed to described first terminal, comprising:
Described ASR is further by the DHCPOffer message forwarded from Dynamic Host Configuration Protocol server and DHCPACK message, the temporary ip address that Dynamic Host Configuration Protocol server is selected is distributed to described first terminal, and the rental period of described temporary ip address is set to a preset value, described preset value is not more than predeterminedly stands duration by authentication to obtain IP address that ILR distributes maximum from terminal.
Wherein, said method can also comprise:
Described ASR receives the DHCP renewal messages that the second terminal sends, and carries the second MAC Address of described second terminal and the 2nd IP address of current use in described DHCP renewal messages;
Described ASR judges whether described 2nd IP address is temporary ip address;
When described 2nd IP address is temporary ip address, described ASR judges whether described second MAC Address is present in described mapping table further;
When described second MAC Address is present in described mapping table, described ASR returns the DHCPNAK message refusing to re-rent to described second terminal;
When described second MAC Address is not present in described mapping table, described ASR returns the DHCPACK message allowing to re-rent to described second terminal.
Wherein, in said method,
When described 2nd IP address is not temporary ip address, described ASR returns the DHCPACK message allowing to re-rent to described second terminal.
The embodiment of the present invention additionally provides a kind of ASR, comprising:
First receiving element, for receiving the dhcp discover message that first terminal sends, dhcp discover message carries the first MAC Address of described first terminal;
First judging unit, for judging whether described first MAC Address is present in a mapping table, records by the corresponding relation between the user name of each terminal of authentication and MAC Address in described mapping table;
First processing unit, for when described first MAC Address is present in described mapping table, determine according to described mapping table the first user name that described first MAC Address is corresponding, and send to identify label and location register register ILR the identify label request message carrying described first user name; And receive the IP address that described ILR returns, and give described first terminal by described first IP address assignment, wherein, a described IP address is that described ILR is called the identify label of described first terminal distribution based on described first user.
Wherein, in above-mentioned ASR, also comprise:
Second receiving element, for receiving the ID authentication request for any terminal that Portal server forwards, described ID authentication request carries MAC Address, the username and password of described any terminal;
Record cell, for described authentication request is transmitted to authentication server, and after described any terminal is by the authentication of authentication server, records the corresponding relation between the user name of described any terminal and MAC in described mapping table.
Wherein, in above-mentioned ASR, also comprise:
Second processing unit, for when described first MAC Address is not present in described mapping table, described dhcp discover message is forwarded to Dynamic Host Configuration Protocol server, and by forwarding dhcp address assignment messages between Dynamic Host Configuration Protocol server and described first terminal, the temporary ip address that Dynamic Host Configuration Protocol server is selected from temporary ip address pond is distributed to described first terminal.
Wherein, in above-mentioned ASR,
Described second processing unit, be further used for by forwarding from the DHCPOffer message of Dynamic Host Configuration Protocol server and DHCPACK message, the temporary ip address that Dynamic Host Configuration Protocol server is selected is distributed to described first terminal, and the rental period of described temporary ip address is set to a preset value, described preset value is not more than stands duration by authentication to obtain IP address that ILR distributes maximum from terminal.
Wherein, in above-mentioned ASR, also comprise:
3rd receiving element, for receiving the DHCP renewal messages that the second terminal sends, carries the second MAC Address of described second terminal and the 2nd IP address of current use in described DHCP renewal messages;
Second judging unit, for judging whether described 2nd IP address is temporary ip address;
3rd judging unit, for when described 2nd IP address is temporary ip address, judges whether described second MAC Address is present in described mapping table further;
3rd processing unit, for when described second MAC Address is present in described mapping table, returns the DHCPNAK message refusing to re-rent to described second terminal;
Fourth processing unit, for when described second MAC Address is not present in described mapping table, returns the DHCPACK message allowing to re-rent to described second terminal.
Wherein, in above-mentioned ASR, also comprise:
5th processing unit, for when described 2nd IP address is not temporary ip address, returns the DHCPACK message allowing to re-rent to described second terminal.
Compared with prior art, the address distribution method in the identity position separation network that the embodiment of the present invention provides and access service node, beneficial effect is as follows:
The address above mentioned distribution method of the embodiment of the present invention and ASR, in terminal by after Portal authentication, again be terminal distribution IP address based on user identity, thus the identify label achieved in the gate verification network architecture based on user identity distributes, in the gate verification network architecture, application identity position isolation technics provides technical support.Meanwhile, such scheme does not need to install client in terminal, does not need the existing use habit changing user yet, realizes facilitating and having good ease for use.
Accompanying drawing explanation
Fig. 1 is a kind of identify label of prior art and the network architecture schematic diagram of position isolation technics system;
Fig. 2 is the network architecture schematic diagram of a kind of gate verification of prior art;
The schematic flow sheet of the address distribution method that Fig. 3 provides for the embodiment of the present invention;
The high-level schematic functional block diagram of the ASR that Fig. 4 provides for the embodiment of the present invention;
Fig. 5 is the flow chart of an instantiation of address distribution method provided by the invention.
Embodiment
Along with the development of network, also starting to apply above-mentioned identity position isolation technics in government and enterprises' network, by distributing fixing identify label for each employee, Strengthens network safety management, reducing O&M consumption.But due in existing network, a lot of government and enterprises net Verification System adopts the authentication mode of door, as shown in Figure 2.Wherein, PortalUser is office users, and PortalServer is certificate server.BAS Broadband Access Server (BAS, BroadbandAccessServer) be router device, the user name and password of user is sent to Radius certificate server (not shown in Fig. 2), by Radius certificate server verified users identity.
So-called gate verification is usually also referred to as web authentication, and typical case is exemplified below: when unauthenticated user logs in government and enterprises' Intranet, equipment force users signs in particular station (as: IT hot line), and user can the service of this website of free access.When user needs out of Memory resource (as: access services device, the office operation etc.) of accessing Intranet, certification must be carried out in portal website, only have certification just can use such resource by rear.
Portal Service can be government and enterprises' network provider management function just, and make government and enterprises' net operation maintenance personnel management simple, because gate verification does not need in terminal mounting software client, its office users simple operation, is commercially used widely.But the feature of gate verification mode determines, need for the first distributing IP address (such as: DHCP automatic acquisition IP address mode) of user, then user logs in portal website and carries out authentication.And the core concept of identity position separation network is based on user identity allocation address.It can thus be appreciated that, user portal website's certification by before the IP address that obtains be can not as the identify label of identity position separation network, therefore need after authentication, by the old address release before user, then redistribute primary address as identify label.
Redistribute to realize address above mentioned, the present invention proposes the address distribution method in a kind of identity position separation network, the address assignment under gate verification framework is realized under identity position isolation technics, do not needing client is installed, under not needing the prerequisite of change user use habit, based on user identity for user distributes identify label (IP address).
For making the technical problem to be solved in the present invention, technical scheme and advantage clearly, be described in detail below in conjunction with the accompanying drawings and the specific embodiments.
The address distribution method that the embodiment of the present invention provides, be applied in an identify label and locator separation network, this network includes ASR, ILR and multiple terminal, also include Portal server, the equipment such as Dynamic Host Configuration Protocol server and certificate server (as radius certificate server), wherein each terminal is by corresponding ASR access network, Dynamic Host Configuration Protocol server can be arranged in ASR, as a functional module of ASR, also can be arrange independent of ASR, now ASR can serve as the role of DHCPrelay, concrete networking mode can build according to time network demand with reference to existing DHCP framework.Similar, ILR can be integrated in ASR, also can arrange independent of ASR.Please refer to Fig. 3, the address distribution method that the embodiment of the present invention provides, comprise step:
Step 31, ASR receives DHCP discovery (DHCPDiscover) message that first terminal sends, and dhcp discover message carries the first MAC Address of described first terminal.
Here; a terminal is (for hereinafter quoting conveniently; this terminal is called first terminal) according to existing DHCP standard; send dhcp discover message; such as; terminal power on or IP address lease time-out etc. situation occur time; dhcp discover message can be broadcasted; in this message, the MAC Address of meeting carried terminal self (is hereinafter quote conveniently usually; this MAC Address is called the first MAC Address); like this, the ASR of this first terminal access will receive the dhcp discover message that this first terminal sends
Step 32, described ASR judges whether described first MAC Address is present in a mapping table, records by the corresponding relation between the user name of each terminal of authentication and MAC Address in described mapping table.
In the embodiment of the present invention, each user terminal can access needs, carries out Portal authentication by Portal website, to obtain the authority of accessing more Multi net voting resource.In order to distinguish by the terminal of authentication, the embodiment of the present invention arranges a mapping table in ASR, record in the table by the MAC Address of each terminal of Portal authentication and this terminal for Portal certification user name between corresponding relation.Here, for the user name of Portal certification, represent the user identity of terminal.
This mapping table can be safeguarded in the Portal verification process of terminal, concrete maintenance mode can be: ASR receive Portal server forward for the ID authentication request of any terminal after, described ID authentication request carries the MAC Address of described any terminal, username and password, described authentication request is transmitted to authentication server (as radius server) and carries out authentication, and after described any terminal is by the authentication of authentication server, the corresponding relation between the user name of described any terminal and MAC is recorded in described mapping table.
Like this, in above-mentioned steps 32, just whether can be present in this mapping table according to the first MAC Address, judge that whether first terminal is by Portal authentication.
Step 33, when described first MAC Address is present in described mapping table, described ASR determines according to described mapping table the first user name that described first MAC Address is corresponding, and sends to identify label and location register register ILR the identify label request message carrying described first user name.
Here, if first terminal is by Portal authentication, then in mapping table by the corresponding relation of the MAC Address and user name that there is first terminal, therefore can determine the user name of first terminal, thus in above-mentioned steps 33, this user name is carried in identify label request and send to ILR.
Step 34, described ASR receives the IP address that described ILR returns, and gives described first terminal by described first IP address assignment, and wherein, a described IP address is that described ILR is called the identify label of described first terminal distribution based on described first user.
Here, the user name of each validated user and the corresponding relation of identify label can be preserved in advance in ILR, here identify label specifically can refer to IP address, is different from the temporary ip address that Dynamic Host Configuration Protocol server distributes, and IP address is here called formal IP address.ILR is after receiving the identify label request message that ASR sends in above-mentioned steps 33, according to the first user name of carrying in this request message, determine the identify label (i.e. an IP address) of first user name correspondence, then, an IP address is sent to ASR.ASR after receiving the IP address that ILR returns, by the first IP address assignment to first terminal.
By above step, the embodiment of the present invention is after terminal passes through certification, be terminal distribution identify label (i.e. IP address) based on user name (i.e. user identity) further, thus the identify label achieved in the network architecture of gate verification based on user identity distributes, be consistent with the core concept of identity position separation network, in government and enterprises' network, application identity position isolation technics provides support.Further, the above-mentioned distribution method of the embodiment of the present invention, do not need to install client in terminal, also do not need to change user's use habit, it realizes convenient and has good ease for use.
In the embodiment of the present invention, first terminal is when sending above-mentioned dhcp discover message, and not yet may carry out Portal certification, such as first terminal may be just powered on, and sends above-mentioned dhcp discover message after the power-up.Certainly, although also likely first terminal carried out Portal certification, not by the authentication of certificate server.In these situations, in above-mentioned mapping table, all can not there is the first MAC Address of first terminal.As the another kind of judged result in above-mentioned steps 32, when described first MAC Address may not be present in described mapping table, now, the said method of the embodiment of the present invention is further comprising the steps of:
When described first MAC Address is not present in described mapping table, described ASR forwards described dhcp discover message to Dynamic Host Configuration Protocol server, and the temporary ip address that Dynamic Host Configuration Protocol server is selected from temporary ip address pond is distributed to described first terminal.
That is, if first terminal not yet passes Portal certification, then by Dynamic Host Configuration Protocol server be its distribute temporary ip address.Dynamic Host Configuration Protocol server can safeguard a temporary ip address pond, includes the temporary ip address preset in this pond.Such as, can according to the network segment belonging to address, using some IP address as temporary ip address.Certainly, also can using some specific IP address as temporary ip address.Whether in the embodiment of the present invention, ASR can identify temporary ip address, such as the network segment belonging to IP address, or be above-mentioned specific IP address according to IP address, and whether identify IP address is temporary ip address.
Dynamic Host Configuration Protocol server distributes the mode of temporary ip address, can with reference to the dhcp address allocation flow of prior art.In this flow process, described ASR passes through to forward the DHCPOffer message from Dynamic Host Configuration Protocol server and DHCPACK message, the temporary ip address that Dynamic Host Configuration Protocol server is selected is distributed to described first terminal, and the rental period of described temporary ip address is set to a preset value.Here, it is smaller that this preset value should be arranged usually, so that by the time-out of lease frequently, finds fast to carry out in time-out procedure and by the terminal of Portal certification, and be the IP addresses of these terminal distribution based on user identity again.
Usually, network has a lot of performance parameter, has a desired value or required value to these network performance parameters.As a kind of execution mode, from a terminal by Portal authentication, this period of time to this terminal obtains the IP address that ILR distributes based on user identity, can as of this network performance index.Obviously, this period is shorter, and the sensitivity of network is also higher, also the easier terminal found in time more recently by Portal authentication, and redistributes the IP address based on user identity for these terminals.Therefore, webmaster personnel can according to the requirement of network sensitivity, and consider the disposal ability of ASR, Dynamic Host Configuration Protocol server, and the factor such as terminal quantity in network, to arrange obtaining to terminal identify label that ILR distributes by authentication from terminal maximum stands duration.Then, by the preset value in above-mentioned rental period, be set to be not more than the above-mentioned maximum numerical value standing duration, such as, be set to 10s.
In the lease process of temporary ip address, terminal can, according to the rental period residual time length of current IP address, decide when to initiate the request of re-renting.Such as, when the rental period is also left half duration, namely DHCP renewal messages is sent.Below for the second terminal, illustrate in the embodiment of the present invention it is how to carry out re-renting process.Here the second terminal is any terminal in network, such as, can be first terminal above, also can be the other-end in network.
Concrete:
Second terminal sends DHCP renewal messages, carries the second MAC Address of described second terminal and the 2nd IP address of current use in described DHCP renewal messages.ASR judges whether described 2nd IP address is temporary ip address after receiving the DHCP renewal messages of the second terminal transmission:
When described 2nd IP address is not temporary ip address, described ASR returns the DHCPACK message allowing to re-rent to described second terminal;
When described 2nd IP address is temporary ip address, described ASR judges whether described second MAC Address is present in described mapping table further: if so, then return to described second terminal the DHCPNAK message refusing to re-rent; Otherwise, the DHCPACK message allowing to re-rent is returned to described second terminal.
Pass through above-mentioned steps, the embodiment of the present invention receive terminal re-rent request message time, if the IP address of the current use of this terminal is temporary ip address, and this terminal is current by Portal authentication, then ASR refuse terminal re-rent request, like this, when rental period time-out (also can be the residue rental period be less than certain pre-determined threshold), terminal will send dhcp discover message, now ASR and ILR will this terminal distribution based on the identify label (i.e. formal IP address) of user identity, terminal is made not re-use temporary ip address after by Portal certification, but use formal IP address to access corresponding Internet resources.
Based on the address distribution method that above embodiment provides, the embodiment of the present invention additionally provides a kind of ASR realizing said method, please refer to Fig. 4, and this ASR comprises:
First receiving element 41, for receiving the dhcp discover message that first terminal sends, dhcp discover message carries the first MAC Address of described first terminal;
First judging unit 42, for judging whether described first MAC Address is present in a mapping table, records by the corresponding relation between the user name of each terminal of authentication and MAC Address in described mapping table;
First processing unit 43, for when described first MAC Address is present in described mapping table, determine according to described mapping table the first user name that described first MAC Address is corresponding, and send to identify label and location register register ILR the identify label request message carrying described first user name; And receive the IP address that described ILR returns, and give described first terminal by described first IP address assignment, wherein, a described IP address is that described ILR is called the identify label of described first terminal distribution based on described first user.
In the embodiment of the present invention, above-mentioned ASR can safeguard above-mentioned mapping table according to the information obtained in the verification process of terminal, above-mentioned ASR can also comprise:
Second processing unit, for when described first MAC Address is not present in described mapping table, described dhcp discover message is forwarded to Dynamic Host Configuration Protocol server, and by forwarding dhcp address assignment messages between Dynamic Host Configuration Protocol server and described first terminal, the temporary ip address that Dynamic Host Configuration Protocol server is selected from temporary ip address pond is distributed to described first terminal.
Second receiving element, for receiving the ID authentication request for any terminal that Portal server forwards, described ID authentication request carries MAC Address, the username and password of described any terminal.
Record cell, for described authentication request is transmitted to authentication server, and after described any terminal is by the authentication of authentication server, records the corresponding relation between the user name of described any terminal and MAC in described mapping table.
Here, above-mentioned second processing unit, also be further used for by forwarding from the DHCPOffer message of Dynamic Host Configuration Protocol server and DHCPACK message, the temporary ip address that Dynamic Host Configuration Protocol server is selected is distributed to described first terminal, and the rental period of described temporary ip address is set to a preset value, described preset value is not more than stands duration by authentication to obtain IP address that ILR distributes maximum from terminal.Preferably, preset value can be any number in 5s ~ 15s.
In the embodiment of the present invention, above-mentioned ASR receive that terminal sends re-rent request time, whether the IP address that can also use at that time according to terminal and this terminal by Portal authentication, and decide refusal and still allow to re-rent, now above-mentioned ASR also comprises:
3rd receiving element, for receiving the DHCP renewal messages that the second terminal sends, carries the second MAC Address of described second terminal and the 2nd IP address of current use in described DHCP renewal messages;
Second judging unit, for judging whether described 2nd IP address is temporary ip address.
3rd judging unit, for when described 2nd IP address is temporary ip address, judges whether described second MAC Address is present in described mapping table further.
3rd processing unit, for when described second MAC Address is present in described mapping table, returns the DHCPNAK message refusing to re-rent to described second terminal.
Fourth processing unit, for when described second MAC Address is not present in described mapping table, returns the DHCPACK message allowing to re-rent to described second terminal.
5th processing unit, for when described 2nd IP address is not temporary ip address, returns the DHCPACK message allowing to re-rent to described second terminal.
Further by a more specifically example, the address distribution method of the embodiment of the present invention will be further described below.In this example, after accessing user terminal to network, initiate dhcp address request, because now user terminal does not carry out Portal authentication, therefore network is the temporary ip address that user distributes limited authority.After user initiates and passes through Portal authentication, network refusal user terminal re-rents request for this temporary ip address, therefore after user terminal waits for the rental period time-out of this temporary ip address, again dhcp address request is initiated, now network is based on the user identity by certification, for user terminal distributes the formal IP address as its identify label, idiographic flow as shown in Figure 5, comprising:
Step 501, UE starts shooting (or plugging netting twine), initiates DHCPDiscover process, sends DHCPDiscover message, request dispatching address.
Step 502, because now UE is not by Portal authentication, network distributes a temporary ip address for user, as: 10.255.255.1.ASR distributes the process of temporary address, can be that ASR oneself serves as DHCPServer distribution temporary ip address, also DHCPRelay equipment can oneself be served as, address assignment request (DHCPDiscover message) is relayed to DHCPServer, concrete relaying flow process with reference to existing techniques in realizing, can repeat no more herein.
Step 503, ASR returns DHCPOffer message to UE, carries this temporary ip address of network allocation in this message, and this address can not as the identify label of UE.
Step 504, after UE receives this temporary ip address, sending DHCPRequest message, is this temporary ip address request lease.
Step 505, ASR returns DHCPACK message to UE, carries the lease time limit of this temporary address after confirming.Wherein, the lease time limit needs the shorter of setting, such as: 10 seconds.
Like this, by above step, UE obtains temporary ip address, and this temporary ip address can be used to access limited Internet resources.If in the process, UE does not initiate gate verification, and so when temporary ip address lease is near the phase, UE can initiate request and re-rent, and network allows to re-rent.Concrete flow process of re-renting with reference to existing techniques in realizing, can repeat no more herein.
Step 506, UE initiates gate verification, input username and password; The information such as username and password are transmitted to authentication server (such as: AAAServer) by ASR, by authentication server identifying user identity, ASR and authentication server can merge setting, also can independently arrange, and specifically look actual networking and determine.
Step 507, if UE certification is passed through, ASR records user identity (such as: user name) and the MAC Address binding relationship of UE.
Afterwards, if ASR receives the request of re-renting for temporary ip address (DHCPRequest message) of this UE again, then return DHCPNAK, refusal is re-rented.
Step 508, UE waits for temporary ip address lease timer expiry, and now UE still there is no the renewed treaty success response of this temporary ip address, and therefore UE will initiate DHCPDiscover again, request address.
Step 509, after ASR receives the DHCPDiscover message of this UE, extract the MAC Address of the UE carried in message, due to the now user identity of UE and the binding of MAC, therefore, ASR is by the above-mentioned binding relationship of inquiry, determine UE by authentication, therefore will no longer for user distribute temporary address, need for user distributes the address of identity-based, ASR, according to above-mentioned binding relationship, can determine the user name that the MAC Address of this UE is corresponding.
Step 510, ASR initiates Address requests to ILR, and request message carries subscriber identity information, as user name.
Step 511, ILR, based on subscriber identity information, for this UE distributes identify label, then returns the identify label (as: address 10.2.6.1) of this user to ASR.
In above-mentioned steps 510 and step 511, if ILR is deployed in (ILR and ASR merges setting) in ASR, then the address allocation procedure in step 511 can realize in ASR.
Step 512, ASR returns DHCPOffer message to user, carries the identify label that ILR distributes.Like this, namely UE obtains the IP address based on user identity.Follow-up, UE can also DHCP flow process conventionally, and sending DHCPRequest message, is this IP Address requests lease.ASR returns DHCPACK message to UE, carries the lease time limit of this IP address, and it is longer that the lease time limit here can be arranged.Such UE just can use this IP address to access corresponding Internet resources.
Obtain after based on the IP address of user identity at UE, if UE initiates to re-rent request for this IP address, this UE of permissions is continued this IP address of use by ASR.
The above is the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the prerequisite not departing from principle of the present invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (12)
1. the address distribution method in identify label and locator separation network, is characterized in that, comprising:
Access service node ASR receives the dhcp discover message that first terminal sends, and dhcp discover message carries the first MAC Address of described first terminal;
Described ASR judges whether described first MAC Address is present in a mapping table, records by the corresponding relation between the user name of each terminal of authentication and MAC Address in described mapping table;
When described first MAC Address is present in described mapping table, described ASR determines according to described mapping table the first user name that described first MAC Address is corresponding, and sends to identify label and location register register ILR the identify label request message carrying described first user name;
Described ASR receives the IP address that described ILR returns, and gives described first terminal by described first IP address assignment, and wherein, a described IP address is that described ILR is called the identify label of described first terminal distribution based on described first user.
2. the method for claim 1, is characterized in that, also comprises:
Described ASR receives the ID authentication request for any terminal that Portal server forwards, and described ID authentication request carries MAC Address, the username and password of described any terminal;
Described authentication request is transmitted to authentication server by described ASR, and after described any terminal is by the authentication of authentication server, records the corresponding relation between the user name of described any terminal and MAC in described mapping table.
3. method as claimed in claim 1 or 2, is characterized in that,
When described first MAC Address is not present in described mapping table, described method also comprises: described ASR forwards described dhcp discover message to Dynamic Host Configuration Protocol server, and the temporary ip address that Dynamic Host Configuration Protocol server is selected from temporary ip address pond is distributed to described first terminal.
4. method as claimed in claim 3, is characterized in that,
Described the temporary ip address that Dynamic Host Configuration Protocol server is selected from temporary ip address pond is distributed to described first terminal, comprising:
Described ASR is further by the DHCPOffer message forwarded from Dynamic Host Configuration Protocol server and DHCPACK message, the temporary ip address that Dynamic Host Configuration Protocol server is selected is distributed to described first terminal, and the rental period of described temporary ip address is set to a preset value, described preset value is not more than predeterminedly stands duration by authentication to obtain IP address that ILR distributes maximum from terminal.
5. method as claimed in claim 3, is characterized in that, also comprise:
Described ASR receives the DHCP renewal messages that the second terminal sends, and carries the second MAC Address of described second terminal and the 2nd IP address of current use in described DHCP renewal messages;
Described ASR judges whether described 2nd IP address is temporary ip address;
When described 2nd IP address is temporary ip address, described ASR judges whether described second MAC Address is present in described mapping table further;
When described second MAC Address is present in described mapping table, described ASR returns the DHCPNAK message refusing to re-rent to described second terminal;
When described second MAC Address is not present in described mapping table, described ASR returns the DHCPACK message allowing to re-rent to described second terminal.
6. method as claimed in claim 5, is characterized in that,
When described 2nd IP address is not temporary ip address, described ASR returns the DHCPACK message allowing to re-rent to described second terminal.
7. an access service node ASR, is characterized in that, comprising:
First receiving element, for receiving the dhcp discover message that first terminal sends, dhcp discover message carries the first MAC Address of described first terminal;
First judging unit, for judging whether described first MAC Address is present in a mapping table, records by the corresponding relation between the user name of each terminal of authentication and MAC Address in described mapping table;
First processing unit, for when described first MAC Address is present in described mapping table, determine according to described mapping table the first user name that described first MAC Address is corresponding, and send to identify label and location register register ILR the identify label request message carrying described first user name; And receive the IP address that described ILR returns, and give described first terminal by described first IP address assignment, wherein, a described IP address is that described ILR is called the identify label of described first terminal distribution based on described first user.
8. ASR as claimed in claim 7, is characterized in that, also comprise:
Second receiving element, for receiving the ID authentication request for any terminal that Portal server forwards, described ID authentication request carries MAC Address, the username and password of described any terminal;
Record cell, for described authentication request is transmitted to authentication server, and after described any terminal is by the authentication of authentication server, records the corresponding relation between the user name of described any terminal and MAC in described mapping table.
9. ASR as claimed in claim 7 or 8, is characterized in that, also comprise:
Second processing unit, for when described first MAC Address is not present in described mapping table, described dhcp discover message is forwarded to Dynamic Host Configuration Protocol server, and by forwarding dhcp address assignment messages between Dynamic Host Configuration Protocol server and described first terminal, the temporary ip address that Dynamic Host Configuration Protocol server is selected from temporary ip address pond is distributed to described first terminal.
10. ASR as claimed in claim 9, is characterized in that,
Described second processing unit, be further used for by forwarding from the DHCPOffer message of Dynamic Host Configuration Protocol server and DHCPACK message, the temporary ip address that Dynamic Host Configuration Protocol server is selected is distributed to described first terminal, and the rental period of described temporary ip address is set to a preset value, described preset value is not more than stands duration by authentication to obtain IP address that ILR distributes maximum from terminal.
11. ASR as claimed in claim 10, is characterized in that, also comprise:
3rd receiving element, for receiving the DHCP renewal messages that the second terminal sends, carries the second MAC Address of described second terminal and the 2nd IP address of current use in described DHCP renewal messages;
Second judging unit, for judging whether described 2nd IP address is temporary ip address;
3rd judging unit, for when described 2nd IP address is temporary ip address, judges whether described second MAC Address is present in described mapping table further;
3rd processing unit, for when described second MAC Address is present in described mapping table, returns the DHCPNAK message refusing to re-rent to described second terminal;
Fourth processing unit, for when described second MAC Address is not present in described mapping table, returns the DHCPACK message allowing to re-rent to described second terminal.
12. ASR as claimed in claim 10, is characterized in that, also comprise:
5th processing unit, for when described 2nd IP address is not temporary ip address, returns the DHCPACK message allowing to re-rent to described second terminal.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410301968.8A CN105323325A (en) | 2014-06-27 | 2014-06-27 | Address assignment method for identity and position separation network, and access service node |
| PCT/CN2014/094131 WO2015196755A1 (en) | 2014-06-27 | 2014-12-17 | Address allocation method in subscriber identifier and locator separation network, and access service router |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410301968.8A CN105323325A (en) | 2014-06-27 | 2014-06-27 | Address assignment method for identity and position separation network, and access service node |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105323325A true CN105323325A (en) | 2016-02-10 |
Family
ID=54936662
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410301968.8A Withdrawn CN105323325A (en) | 2014-06-27 | 2014-06-27 | Address assignment method for identity and position separation network, and access service node |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105323325A (en) |
| WO (1) | WO2015196755A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106255089A (en) * | 2016-08-26 | 2016-12-21 | 杭州迪普科技有限公司 | A kind of method and apparatus of radio three layer roaming |
| CN110581902A (en) * | 2019-09-06 | 2019-12-17 | 迈普通信技术股份有限公司 | Address allocation method, system, DHCP server and authentication server |
| CN112689031A (en) * | 2021-01-08 | 2021-04-20 | 杭州雾联科技有限公司 | IP address allocation method, device and medium |
| CN112714370A (en) * | 2019-10-26 | 2021-04-27 | 华为技术有限公司 | Service configuration method, equipment and system |
| CN114567547A (en) * | 2021-04-19 | 2022-05-31 | 浙江正泰电器股份有限公司 | Equipment networking method, system, device, communication management equipment and storage medium |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254575B (en) * | 2016-09-09 | 2019-11-05 | 广州酷狗计算机科技有限公司 | A kind of method and apparatus of determining user identifier |
| CN107809496B (en) * | 2016-09-09 | 2020-05-12 | 新华三技术有限公司 | Network access control method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217575A (en) * | 2008-01-18 | 2008-07-09 | 杭州华三通信技术有限公司 | An IP address allocation and device in user end certification process |
| CN102244866A (en) * | 2011-08-18 | 2011-11-16 | 杭州华三通信技术有限公司 | Portal verifying method and access controller |
| CN102307247A (en) * | 2011-08-22 | 2012-01-04 | 神州数码网络(北京)有限公司 | Dynamic address allocation method for dynamic host configuration protocol (DHCP) and system |
| CN103414709A (en) * | 2013-08-02 | 2013-11-27 | 杭州华三通信技术有限公司 | User identity binding and user identity binding assisting method and device |
-
2014
- 2014-06-27 CN CN201410301968.8A patent/CN105323325A/en not_active Withdrawn
- 2014-12-17 WO PCT/CN2014/094131 patent/WO2015196755A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217575A (en) * | 2008-01-18 | 2008-07-09 | 杭州华三通信技术有限公司 | An IP address allocation and device in user end certification process |
| CN102244866A (en) * | 2011-08-18 | 2011-11-16 | 杭州华三通信技术有限公司 | Portal verifying method and access controller |
| CN102307247A (en) * | 2011-08-22 | 2012-01-04 | 神州数码网络(北京)有限公司 | Dynamic address allocation method for dynamic host configuration protocol (DHCP) and system |
| CN103414709A (en) * | 2013-08-02 | 2013-11-27 | 杭州华三通信技术有限公司 | User identity binding and user identity binding assisting method and device |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106255089A (en) * | 2016-08-26 | 2016-12-21 | 杭州迪普科技有限公司 | A kind of method and apparatus of radio three layer roaming |
| CN106255089B (en) * | 2016-08-26 | 2019-09-17 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of radio three layer roaming |
| CN110581902A (en) * | 2019-09-06 | 2019-12-17 | 迈普通信技术股份有限公司 | Address allocation method, system, DHCP server and authentication server |
| CN112714370A (en) * | 2019-10-26 | 2021-04-27 | 华为技术有限公司 | Service configuration method, equipment and system |
| CN112714370B (en) * | 2019-10-26 | 2022-06-24 | 华为技术有限公司 | Service configuration method, device and system |
| CN112689031A (en) * | 2021-01-08 | 2021-04-20 | 杭州雾联科技有限公司 | IP address allocation method, device and medium |
| CN114567547A (en) * | 2021-04-19 | 2022-05-31 | 浙江正泰电器股份有限公司 | Equipment networking method, system, device, communication management equipment and storage medium |
| CN114567547B (en) * | 2021-04-19 | 2024-01-19 | 浙江正泰电器股份有限公司 | Device networking method, system, device, communication management device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015196755A1 (en) | 2015-12-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105323325A (en) | Address assignment method for identity and position separation network, and access service node | |
| CN101692674B (en) | Method and equipment for double stack access | |
| EP2843910B1 (en) | Address allocation method, device, and system | |
| CN102572830B (en) | Method and customer premise equipment (CPE) for terminal access authentication | |
| CN101447879B (en) | Charging method and access equipment therefor | |
| US10142159B2 (en) | IP address allocation | |
| CN101286887B (en) | Method, device and system for realizing terminal registry | |
| TW200644515A (en) | An apparatus, system and method capable of pre-allocating and communicating IP address information during wireless communication | |
| CN111107171B (en) | Security defense method and device for DNS (Domain name Server), communication equipment and medium | |
| CN102752413B (en) | Dynamic Host Configuration Protocol server system of selection and the network equipment | |
| CN108737585B (en) | IP address allocation method and device | |
| CN102394948B (en) | DHCP (dynamic host configuration protocol) address distribution method and DHCP server | |
| CN102404293A (en) | Dual-stack user managing method and broadband access server | |
| CN102474722B (en) | Method and equipment for authenticating subscriber terminal | |
| CN104618522B (en) | The method and Ethernet access equipment that IP address of terminal automatically updates | |
| CN101873320A (en) | Client information verification method based on DHCPv6 relay and device thereof | |
| US20120036545A1 (en) | Method and apparatus for obtaining address of video transmission management server | |
| CN105049546A (en) | Client terminal IP address allocation method through DHCP server and device thereof | |
| CN104253798A (en) | Network security monitoring method and system | |
| CN103581350A (en) | Method, terminals, equipment and system for publishing Internet services across NAT | |
| JP2013509837A (en) | Method and system for realizing identity and location mapping | |
| CN109788528B (en) | Access point and method and system for opening internet access service thereof | |
| CN101945053B (en) | Method and device for transmitting message | |
| CN101184100A (en) | User access authentication method based on dynamic host machine configuration protocol | |
| CN102724333A (en) | Method, device and system for setting up IPv6 (internet protocol version 6) rapid deployment tunnel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20160210 |
|
| WW01 | Invention patent application withdrawn after publication |