CN106453307A - Network safety protection method of PON carrying small base station backhaul and system thereof - Google Patents
Network safety protection method of PON carrying small base station backhaul and system thereof Download PDFInfo
- Publication number
- CN106453307A CN106453307A CN201610883427.XA CN201610883427A CN106453307A CN 106453307 A CN106453307 A CN 106453307A CN 201610883427 A CN201610883427 A CN 201610883427A CN 106453307 A CN106453307 A CN 106453307A
- Authority
- CN
- China
- Prior art keywords
- vlan
- base station
- little base
- pon
- onu
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/80—Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
- H04B10/85—Protection from unauthorised access, e.g. eavesdrop protection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Abstract
The invention discloses a network safety protection method of PON carrying small base station backhaul and a system thereof and relates to the passive optical network field. The method comprises the following steps of programming a segment of VLAN address pool in a PON system, wherein the VLAN address pool is especially used by a user small base station backhaul network and is not overlapped with VLANs of other services; assigning an port number of ONU carrying a small base station backhaul service, wherein an assigned port of the ONU is especially used for carrying the small base station backhaul; regularly and dynamically designating a VLAN number of the small base station backhaul service by the PON system and dynamically issuing VLAN configuration to a corresponding port of the ONU; and after the ONU receives the VLAN configuration, dynamically generating corresponding configuration and realizing communication of the small base station backhaul service. In the invention, isolation among different services in the PON system can be realized.
Description
Technical field
The present invention relates to EPON field, it is specifically related to a kind of network security of PON carrying little base station passback and prevents
The method and system of shield.
Background technology
PON (Passive Optical Network, EPON) technology is that latest generation broadband passive light comprehensively connects
Enter standard, have high bandwidth, high efficiency, large coverage, user interface enrich etc. many merits, be considered as by most of operators
Realization access network service is broadband, the desirable technique of synthesization transformation.Shown in Figure 1, PON system can provide the user number
According to, the multiple business such as voice, IPTV (Internet Protocol Television, Internet Protocol Television/IPTV), very
Just realizing the integration of three networks.
Little base station is a kind of small-sized, low-power cellular technology, by fixed network broadband backhaul, is mainly used in family and medium and small enterprise
The interior such as industry office place, the supplement covering indoors as Cellular Networks, provide the user speech and high-speed data service.Afterwards
Continue little base station such as Scaledeployment, be the Scaledeployment scheme of unique feasible using PON passback.Thus, be can achieve by PON technology
Following residential customer fixed broadband, the integration of little base station access.
Carry the passback of little base station using PON, network safety prevention is a major issue urgently to be resolved hurrily.Little base station is located
Mobile retransmission network be in itself one closing network, need to prevent someone from the data on mobile retransmission network is intercepted and captured
And eavesdropping, thus obtaining some sensitive datas in base station equipment, and PON is due to bearing multiple service in PON being
There is the situation of multiple business mixing, how to realize the protection between the isolation of business and different business, particularly to movement
The isolation of return network, is to need key problems-solving.
Business isolation is realized at present on PON system mainly pass through to divide VLAN (Virtual Local Area
Network, VLAN) method realizing, but the division VLAN of static state can be easily detected, using corresponding equipment
The data that identical VLAN can also be sent invades in the network of corresponding VLAN, there is certain potential safety hazard.
Content of the invention
The invention aims to overcoming the shortcomings of above-mentioned background technology, a kind of PON is provided to carry the passback of little base station
The method and system of network safety prevention, can realize the isolation between different business inside PON system.
The present invention provides a kind of method that PON carries the network safety prevention of little base station passback, comprises the following steps:
S1, in passive optical network PON system, plan one section of virtual LAN VLAN address pool, described VLAN address pool is special
Door uses for user little base station return network, not overlapping with the VALN of other business;
The port numbers of the optical network unit ONU of S2, designated bearing little base station passed-back traffic, the port quilt of appointed ONU
Special carrying the passback of little base station;
Under the vlan number of the regular dynamic assignment of S3, PON system little base station passed-back traffic, and the dynamic configuration by this VLAN
It is dealt on the port of corresponding ONU;
After S4, ONU receive VLAN configuration, dynamic generation configures accordingly, realizes the communication of little base station passed-back traffic.
On the basis of technique scheme, the scope of described VLAN address pool is:1~4095.
On the basis of technique scheme, in described VLAN address pool, the VLAN of configuration ordinary data traffic is 100,
The VLAN pond of user little base station passed-back traffic is 200~4000.
On the basis of technique scheme, in step S3, in described PON system, the main control unit of OLT, every 60 seconds, moves
State assigns the vlan number of little base station passed-back traffic, and vlan number scope randomly selects from 200~4000.
The present invention also provides a kind of PON to carry the system of the network safety prevention of little base station passback, and this system includes virtual
LAN VLAN pond division unit, optical network unit ONU, port numbers designating unit, VLAN dynamic allocating unit, wherein:
Described VLAN pond division unit is used for:One section of VLAN address pool is planned in passive optical network PON system, described
VLAN address pool specially uses for user little base station return network, not overlapping with the VALN of other business;
Described port numbers designating unit is used for:The port numbers of the ONU of designated bearing little base station passed-back traffic, appointed
The port of ONU is dedicated to carry the passback of little base station;
Described VLAN dynamic allocating unit is used for:The periodically vlan number of dynamic assignment little base station passed-back traffic, and dynamically
By on this VLAN configuration distributing to the port of corresponding ONU;
After ONU receives the VLAN configuration that VLAN dynamic allocating unit issues, dynamic generation configures accordingly, realizes little base
Stand the communication of passed-back traffic.
On the basis of technique scheme, the scope of described VLAN address pool is:1~4095.
On the basis of technique scheme, in described VLAN address pool, the VLAN of configuration ordinary data traffic is 100,
The VLAN pond of user little base station passed-back traffic is 200~4000.
On the basis of technique scheme, described VLAN dynamic allocating unit every 60 seconds, return by the little base station of dynamic assignment
The vlan number of biography business, vlan number scope randomly selects from 200~4000.
Compared with prior art, advantages of the present invention is as follows:
(1) present invention plans one section of VLAN address pool in PON system, and described VLAN address pool specially supplies the little base station of user
Return network uses, not overlapping with the VALN of other business;The port numbers of the ONU of designated bearing little base station passed-back traffic, are referred to
The port of fixed ONU is dedicated to carry the passback of little base station;The VLAN of the regular dynamic assignment of PON system little base station passed-back traffic
Number, and dynamically by this VLAN configuration distributing to the port of corresponding ONU;After ONU receives VLAN configuration, dynamic generation
Corresponding configuration, realizes the communication of little base station passed-back traffic.The present invention passes through to divide VLAN pond, dynamically distributes VLAN, Neng Gou
The isolation between different business is realized inside PON system.
(2) through actual test, the present invention ensure that the VLAN carrying little base station passed-back traffic is difficult to be captured, and plays
Network Isolation and certain anti-intercepting and capturing and thief-proof auditory function.
(3) if directly using Meter Test data service, test can ensure that business will not produce interruption, also not simultaneously
Data delay can be increased, ensure that corresponding operation does not interfere with normal data service.
Brief description
Fig. 1 is the structured flowchart of PON system;
Fig. 2 is the flow chart of the method for network safety prevention that PON carries the passback of little base station in the embodiment of the present invention.
Fig. 3 is based on the application example schematic diagram dividing VLAN pond dynamically distributes VLAN in the embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings and specific embodiment the present invention is described in further detail.
Shown in Figure 2, the embodiment of the present invention provides a kind of PON to carry the side of the network safety prevention of little base station passback
Method, comprises the following steps:
S1, in PON system, plan one section of VLAN address pool, the scope of VLAN address pool is:1~4095, this section of VLAN
Address pool specially uses for user little base station return network, not overlapping with the VALN of other business;
Shown in Figure 3, in VLAN address pool, the VLAN of configuration ordinary data traffic is 100, and the little base station of user returns industry
The VLAN pond of business is 200~4000;
The port of the ONU (Optical Network Unit, optical network unit) of S2, designated bearing little base station passed-back traffic
Number, the port of appointed ONU is dedicated to carry the passback of little base station it is impossible to for doing other purposes;
Shown in Figure 3, the port user of ONU1 carries ordinary data traffic, and ONU2 returns dedicated for carrying little base station
Pass, all of the port is all little base station passed-back traffic port;
Under the vlan number of the regular dynamic assignment of S3, PON system little base station passed-back traffic, and the dynamic configuration by this VLAN
It is dealt on the port of corresponding ONU;
Shown in Figure 3, in PON system, the main control unit of OLT every 60 seconds, dynamic assignment little base station passed-back traffic
Vlan number, vlan number scope randomly selects from 200~4000, and is issued on 4 ports of ONU2;
After S4, ONU receive VLAN configuration, dynamic generation configures accordingly, realizes the communication of little base station passed-back traffic.
Shown in Figure 3, after ONU2 receives the configuration of OLT main control unit, the dynamic service VLAN changed on ONU end mouth,
At this moment one 1 can be realized on the port of ONU:1 VLAN translation, the data vlan that little base station is sent is translated as PON system
The vlan number of internal transmission, that is, the vlan number that main control unit issues, can be changed with Different Dynamic with the configuration ensureing little base station,
Change is the VLAN configuration within PON system, also has one 1 in the upper united mouth of OLT accordingly:1 VLAN translation service,
The vlan number transmitting inside PON system is converted to the VLAN of first line of a couplet equipment support.
Through actual test, the method can ensure that the VLAN carrying little base station passed-back traffic is difficult to be captured, and plays net
Network isolation and certain anti-intercepting and capturing and thief-proof auditory function, simultaneously if Fig. 3 is directly using Meter Test data service, test can be protected
Card business will not produce interruption, also will not increase data delay simultaneously, ensure that corresponding operation does not interfere with normal
Data service.
The embodiment of the present invention also provides a kind of PON to carry the system of the network safety prevention of little base station passback, including VLAN
Pond division unit, ONU, port numbers designating unit, VLAN dynamic allocating unit, wherein:
VLAN pond division unit is used for:Plan one section of VLAN address pool in PON system, the scope of VLAN address pool is:1
~4095, this section of VLAN address pool specially uses for user little base station return network, not overlapping with the VALN of other business;
Shown in Figure 3, in VLAN address pool, the VLAN of configuration ordinary data traffic is 100, and the little base station of user returns industry
The VLAN pond of business is 200~4000;
Port numbers designating unit is used for:Designated bearing little base station passed-back traffic ONU (Optical Network Unit,
Optical network unit) port numbers, the port of appointed ONU is dedicated to carry the passback of little base station it is impossible to other for doing
Purposes;
Shown in Figure 3, the port user of ONU1 carries ordinary data traffic, and ONU2 returns dedicated for carrying little base station
Pass, all of the port is all little base station passed-back traffic port;
VLAN dynamic allocating unit is used for:The periodically vlan number of dynamic assignment little base station passed-back traffic, and dynamically by this
Individual VLAN configuration distributing is on the port of corresponding ONU;
Shown in Figure 3, VLAN dynamic allocating unit every 60 seconds, the vlan number of dynamic assignment little base station passed-back traffic,
Vlan number scope randomly selects from 200~4000, and is issued on 4 ports of ONU2;
After ONU receives the VLAN configuration that VLAN dynamic allocating unit issues, dynamic generation configures accordingly, realizes little base
Stand the communication of passed-back traffic.
Those skilled in the art can carry out various modifications and variations to the embodiment of the present invention, if these modifications and change
Within the scope of the claims in the present invention and its equivalent technologies, then these modifications and modification are also in protection scope of the present invention for type
Within.
The prior art that the content not described in detail in description is known to the skilled person.
Claims (8)
1. a kind of PON carries the method for the network safety prevention of little base station passback it is characterised in that comprising the following steps:
S1, in passive optical network PON system, plan one section of virtual LAN VLAN address pool, described VLAN address pool specially supplies
User little base station return network uses, not overlapping with the VALN of other business;
The port numbers of the optical network unit ONU of S2, designated bearing little base station passed-back traffic, the port of appointed ONU is special
To carry the passback of little base station;
The vlan number of the regular dynamic assignment of S3, PON system little base station passed-back traffic, and dynamically this VLAN configuration distributing is arrived
On the port of corresponding ONU;
After S4, ONU receive VLAN configuration, dynamic generation configures accordingly, realizes the communication of little base station passed-back traffic.
2. PON as claimed in claim 1 carry the network safety prevention of little base station passback method it is characterised in that:Described
The scope of VLAN address pool is:1~4095.
3. PON as claimed in claim 2 carry the network safety prevention of little base station passback method it is characterised in that:Described
In VLAN address pool, the VLAN of configuration ordinary data traffic is 100, the VLAN pond of user little base station passed-back traffic is 200~
4000.
4. PON as claimed in claim 3 carry the network safety prevention of little base station passback method it is characterised in that:Step
In S3, in described PON system, the main control unit of OLT every 60 seconds, the vlan number of dynamic assignment little base station passed-back traffic, vlan number
Scope randomly selects from 200~4000.
5. a kind of PON carry the network safety prevention of little base station passback system it is characterised in that:This system includes virtual local area
Net VLAN pond division unit, optical network unit ONU, port numbers designating unit, VLAN dynamic allocating unit, wherein:
Described VLAN pond division unit is used for:One section of VLAN address pool, described VLAN ground is planned in passive optical network PON system
Location pond specially uses for user little base station return network, not overlapping with the VALN of other business;
Described port numbers designating unit is used for:The port numbers of the ONU of designated bearing little base station passed-back traffic, appointed ONU's
Port is dedicated to carry the passback of little base station;
Described VLAN dynamic allocating unit is used for:The periodically vlan number of dynamic assignment little base station passed-back traffic, and dynamically by this
Individual VLAN configuration distributing is on the port of corresponding ONU;
After ONU receives the VLAN configuration that VLAN dynamic allocating unit issues, dynamic generation configures accordingly, realizes little base station and returns
The communication of biography business.
6. PON as claimed in claim 5 carry the network safety prevention of little base station passback system it is characterised in that:Described
The scope of VLAN address pool is:1~4095.
7. PON as claimed in claim 6 carry the network safety prevention of little base station passback system it is characterised in that:Described
In VLAN address pool, the VLAN of configuration ordinary data traffic is 100, the VLAN pond of user little base station passed-back traffic is 200~
4000.
8. PON as claimed in claim 7 carry the network safety prevention of little base station passback system it is characterised in that:Described
VLAN dynamic allocating unit every 60 seconds, the vlan number of dynamic assignment little base station passed-back traffic, vlan number scope is from 200~4000
In randomly select.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610883427.XA CN106453307B (en) | 2016-10-10 | 2016-10-10 | PON carries the method and system of the network safety prevention of small base station passback |
| PCT/CN2017/104833 WO2018068671A1 (en) | 2016-10-10 | 2017-09-30 | Network security protection method and system using pon to bear small base station backhaul |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610883427.XA CN106453307B (en) | 2016-10-10 | 2016-10-10 | PON carries the method and system of the network safety prevention of small base station passback |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106453307A true CN106453307A (en) | 2017-02-22 |
| CN106453307B CN106453307B (en) | 2019-03-15 |
Family
ID=58172283
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610883427.XA Active CN106453307B (en) | 2016-10-10 | 2016-10-10 | PON carries the method and system of the network safety prevention of small base station passback |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106453307B (en) |
| WO (1) | WO2018068671A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018068671A1 (en) * | 2016-10-10 | 2018-04-19 | 烽火通信科技股份有限公司 | Network security protection method and system using pon to bear small base station backhaul |
| CN109905884A (en) * | 2017-12-07 | 2019-06-18 | 中国电信股份有限公司 | Indoor covering system |
| CN111147345A (en) * | 2019-12-20 | 2020-05-12 | 航天信息股份有限公司 | Cloud environment network isolation device and method and cloud environment |
| CN112584393A (en) * | 2019-09-27 | 2021-03-30 | 上海华为技术有限公司 | Base station configuration method, device, equipment and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040120326A1 (en) * | 2002-12-24 | 2004-06-24 | Hyeon-Sik Yoon | System and method for VLAN configuration of E-PON, and recording medium with stored program thereof |
| US20100220731A1 (en) * | 2009-02-27 | 2010-09-02 | Wael William Diab | Method and system for supporting a plurality of providers via a single femtocell |
| CN102394776A (en) * | 2011-11-02 | 2012-03-28 | 深圳市共进电子股份有限公司 | Method for OLT to carry out dynamic network configuration on ONU in passive optical network |
| CN103369616A (en) * | 2013-07-09 | 2013-10-23 | 京信通信系统(中国)有限公司 | Data transmission method and data transmission device under dual-mode networking |
| CN103840996A (en) * | 2014-03-03 | 2014-06-04 | 烽火通信科技股份有限公司 | Method and system for achieving user port VLAN service management in ONU |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104717030B (en) * | 2013-12-17 | 2017-11-03 | 中国移动通信集团公司 | Method for synchronizing time and relevant device, system |
| CN105991738B (en) * | 2015-02-27 | 2019-05-14 | 中国移动通信集团四川有限公司 | Method and system across security domain resource-sharing in a kind of cloud resource pond |
| CN106453307B (en) * | 2016-10-10 | 2019-03-15 | 烽火通信科技股份有限公司 | PON carries the method and system of the network safety prevention of small base station passback |
-
2016
- 2016-10-10 CN CN201610883427.XA patent/CN106453307B/en active Active
-
2017
- 2017-09-30 WO PCT/CN2017/104833 patent/WO2018068671A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040120326A1 (en) * | 2002-12-24 | 2004-06-24 | Hyeon-Sik Yoon | System and method for VLAN configuration of E-PON, and recording medium with stored program thereof |
| US20100220731A1 (en) * | 2009-02-27 | 2010-09-02 | Wael William Diab | Method and system for supporting a plurality of providers via a single femtocell |
| CN102394776A (en) * | 2011-11-02 | 2012-03-28 | 深圳市共进电子股份有限公司 | Method for OLT to carry out dynamic network configuration on ONU in passive optical network |
| CN103369616A (en) * | 2013-07-09 | 2013-10-23 | 京信通信系统(中国)有限公司 | Data transmission method and data transmission device under dual-mode networking |
| CN103840996A (en) * | 2014-03-03 | 2014-06-04 | 烽火通信科技股份有限公司 | Method and system for achieving user port VLAN service management in ONU |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018068671A1 (en) * | 2016-10-10 | 2018-04-19 | 烽火通信科技股份有限公司 | Network security protection method and system using pon to bear small base station backhaul |
| CN109905884A (en) * | 2017-12-07 | 2019-06-18 | 中国电信股份有限公司 | Indoor covering system |
| CN109905884B (en) * | 2017-12-07 | 2022-03-08 | 中国电信股份有限公司 | Indoor coverage system |
| CN112584393A (en) * | 2019-09-27 | 2021-03-30 | 上海华为技术有限公司 | Base station configuration method, device, equipment and medium |
| CN112584393B (en) * | 2019-09-27 | 2022-07-22 | 上海华为技术有限公司 | Base station configuration method, device, equipment and medium |
| CN111147345A (en) * | 2019-12-20 | 2020-05-12 | 航天信息股份有限公司 | Cloud environment network isolation device and method and cloud environment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018068671A1 (en) | 2018-04-19 |
| CN106453307B (en) | 2019-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106453307B (en) | PON carries the method and system of the network safety prevention of small base station passback | |
| CN103039037B (en) | For effectively managing the method and system of the connection between communication network and this communication network and customer rs premise equipment | |
| CN111669362B (en) | Information processing method, network node, verification method and server | |
| CN1319329C (en) | Automatic method for reporting MAC address from device of optical network unit at remote side to network management system | |
| CN102821029B (en) | Multi-service bandwidth allocation method in a kind of Ethernet passive optical network and device thereof | |
| CN101159598B (en) | Remote management method of passive optical network terminal equipment | |
| CN105530200B (en) | The VLAN allocation method of different terminals business | |
| CN102082979A (en) | Method and device for realizing home gateway function in passive optical network (PON) | |
| CN103069750B (en) | The method and system of the connection for being efficiently used between communication network and this communication network and customer rs premise equipment | |
| CN103107934A (en) | Message processing control method and device | |
| CN103401905B (en) | Mobile application platform system for power grid scheduling based on mobile intelligent terminal | |
| CN101521878A (en) | Method for realizing the public wireless broadband network access and wireless network access equipment | |
| US11589142B2 (en) | Mutually secure optical data network and method | |
| CN102724087A (en) | Method and system for realizing network resource sharing | |
| MX2020008838A (en) | Virtual tenant for multiple dwelling unit. | |
| CN101282177B (en) | Data transmission method and terminal | |
| CN106101874A (en) | Way system method for designing in a kind of ocean platform based on EPON | |
| CN102572617B (en) | Private network server access method and optical network unit | |
| CN102149026A (en) | Multicast realizing method and system | |
| CN103347266B (en) | A kind of method for network access, apparatus and system | |
| CN106330648B (en) | Routing information generation method and device | |
| US20170063542A1 (en) | Mutually secure optical data network and method | |
| CN110233748A (en) | Method that is a kind of while realizing network wireless covering and cable network TV | |
| Mazzenga et al. | Sharing of copper pairs for improving DSL performance in FTTx access networks | |
| CN110099314B (en) | Network system based on optical fiber and coaxial cable and control method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |