CN109688054B - VPDN user internet surfing method and PGW - Google Patents
VPDN user internet surfing method and PGW Download PDFInfo
- Publication number
- CN109688054B CN109688054B CN201710969145.6A CN201710969145A CN109688054B CN 109688054 B CN109688054 B CN 109688054B CN 201710969145 A CN201710969145 A CN 201710969145A CN 109688054 B CN109688054 B CN 109688054B
- Authority
- CN
- China
- Prior art keywords
- vpdn
- address
- flow
- destination
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model discloses a VPDN user Internet surfing method and PGW, the method includes: the PGW monitors a destination IP address of a VPDN user access network flow in the L2TP tunnel; and forwarding the VPDN user access network flow to a corresponding destination network according to the destination IP address of the VPDN user access network flow, so that the user can access a plurality of networks by using the same APN without switching the APN, and the service use perception of the user is improved.
Description
Technical Field
The present disclosure relates to the field of data communications, and in particular, to a method for accessing a VPDN (Virtual Private Dial-up network) user and a PGW (PDN GateWay).
Background
The operator adopts VPDN networking technology to provide a convenient method for government-enterprise customers to access the internal network of the enterprise through the mobile Internet. The methods currently used are: a specific APN (Access Point Name, Access Point) is assigned to the VPDN service, when a user accesses the 4G Network by using the APN, the 4G Network device establishes an L2TP (Layer 2Tunneling Protocol) tunnel to an LNS (L2TP Network Server ) for the user, and accesses the enterprise through the LNS and an enterprise Network interconnection link. When a government-enterprise VPDN user accesses the Internet, the user must perform APN switching first, so that the user experience is influenced.
Disclosure of Invention
The technical problem to be solved by the present disclosure is to provide a method for a VPDN user to surf the internet and a PGW, so that a user can access multiple networks using the same APN without APN switching.
According to one aspect of the present disclosure, a method for a virtual private dial-up network VPDN user to access a network is provided, including: a public data network gateway PGW monitors a destination IP address of a VPDN user access network flow in a tunnel of a second layer tunnel protocol L2 TP; and forwarding the VPDN user access network flow to a corresponding destination network according to the destination IP address of the VPDN user access network flow.
Further, if the destination IP address of the VPDN user access network traffic is an enterprise network address, the PWG forwards the VPDN user access network traffic to the L2TP network server LNS through the L2TP tunnel.
Further, if the destination IP address of the VPDN user access network flow is an external network address, the PWG decapsulates the VPDN user access network flow, performs source address conversion on the decapsulated VPDN user access network flow, and forwards the decapsulated VPDN user access network flow to an external network.
Further, the VPDN user accesses multiple destination networks through the same APN.
According to another aspect of the present disclosure, a public data network gateway PGW is further provided, including: the traffic monitoring unit is used for monitoring a destination IP address of a VPDN user access network traffic in a tunnel of a second layer tunnel protocol L2 TP; and the flow forwarding unit is used for forwarding the VPDN user access network flow to a corresponding destination network according to the destination IP address of the VPDN user access network flow.
Further, if the destination IP address of the VPDN user accessing the network traffic is an enterprise network address, the traffic forwarding unit is configured to forward the VPDN user accessing the network traffic to the L2TP network server LNS through an L2TP tunnel.
Furthermore, if the destination IP address of the VPDN user accessing the network traffic is an external network address, the traffic forwarding unit is configured to decapsulate the VPDN user accessing the network traffic, perform source address conversion on the decapsulated VPDN user accessing the network traffic, and forward the decapsulated VPDN user accessing the network traffic to an external network.
Further, the VPDN user accesses multiple destination networks through the same APN.
According to another aspect of the present disclosure, a public data network gateway PGW is further provided, including: a memory; and a processor coupled to the memory, the processor configured to perform the method as described above based on instructions stored in the memory.
According to another aspect of the present disclosure, a computer-readable storage medium is also proposed, on which computer program instructions are stored, which instructions, when executed by a processor, implement the steps of the above-described method.
The PGW forwards the VPDN user access network flow to the corresponding destination network according to the destination IP address of the VPDN user access network flow, so that a user can access a plurality of networks by using the same APN without switching the APN, and the service use perception of the user is improved.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 is a schematic flow chart of an embodiment of a method for accessing internet by a VPDN user according to the present disclosure.
Fig. 2 is a schematic flow chart of another embodiment of the method for accessing the internet by the VPDN user according to the present disclosure.
Fig. 3 is an application schematic diagram of the method for accessing the internet by the VPDN user according to the present disclosure.
Fig. 4 is a schematic structural diagram of an embodiment of a PGW of the present disclosure.
Fig. 5 is a schematic structural diagram of another embodiment of a PGW of the present disclosure.
Fig. 6 is a schematic structural diagram of a PGW according to yet another embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
Fig. 1 is a schematic flow chart of an embodiment of a method for accessing internet by a VPDN user according to the present disclosure. The method comprises the following steps:
at step 110, the PGW monitors the destination IP address of the VPDN user's access to network traffic within the L2TP tunnel. The VPDN user accesses a plurality of destination networks through the same APN, and the network flow accessed by the VPDN user is a user L2TP message.
In step 120, the VPDN user access network traffic is forwarded to the corresponding destination network according to the destination IP address of the VPDN user access network traffic. The destination IP address may be an enterprise network address or an external network address.
In the embodiment, the PGW forwards the VPDN user access network flow to the corresponding destination network according to the destination IP address of the VPDN user access network flow, so that a user can access multiple networks by using the same APN without switching APNs, and the service use perception of the user is improved.
Fig. 2 is a schematic flow chart of another embodiment of the method for accessing the internet by the VPDN user according to the present disclosure.
In step 210, as shown in fig. 3, the user accesses the internet and intranet using the same APN.
In step 220, the PGW monitors the VPDN user L2TP message.
In step 230, if the destination IP address of the VPDN user L2TP message is an enterprise network address, the PGW forwards the L2TP message to the LNS through the L2TP tunnel and accesses the intranet.
In step 240, if the destination IP address of the VPDN user L2TP message is an external network address, the PGW decapsulates the VPDN user L2TP message from the L2TP tunnel, performs source address conversion on the decapsulated VPDN user L2TP message, and then forwards the decapsulated VPDN user L2TP message to an external network, where the PGW directly accesses external internet resources.
The execution sequence of step 230 and step 240 is not sequential.
In the embodiment, the target IP address of the VPDN user network access flow is monitored by the PGW, when the target IP address is an external Internet address, the PGW decapsulates the L2TP message of the flow, and directly accesses the external Internet resource after source address conversion; and if the target IP address is the internal network IP address, the PGW sends the flow to the LNS through the L2TP tunnel and accesses the internal network, so that the VPDN user can directly access the Internet without switching APN.
Fig. 4 is a schematic structural diagram of an embodiment of a PGW of the present disclosure. The PGW includes a traffic monitoring unit 410 and a traffic forwarding unit 420, where:
the traffic monitoring unit 410 is used for monitoring the destination IP address of the VPDN user accessing the network traffic in the L2TP tunnel. The VPDN user accesses a plurality of destination networks through the same APN, and the network flow accessed by the VPDN user is a user L2TP message.
The traffic forwarding unit 420 is configured to forward the VPDN user access network traffic to a corresponding destination network according to the destination IP address of the VPDN user access network traffic. The destination IP address may be an enterprise network address or an external network address.
In the embodiment, the PGW forwards the VPDN user access network flow to the corresponding destination network according to the destination IP address of the VPDN user access network flow, so that a user can access multiple networks by using the same APN without switching APNs, and the service use perception of the user is improved.
In another embodiment of the present disclosure, if the destination IP address of the VPDN user L2TP message is an enterprise network address, the traffic forwarding unit 420 is configured to forward the L2TP message to the LNS through the L2TP tunnel and then access the intranet. If the destination IP address of the VPDN user L2TP message is an external network address, the traffic forwarding unit 420 is configured to decapsulate the VPDN user L2TP message from the L2TP tunnel, perform source address conversion on the decapsulated VPDN user L2TP message, forward the decapsulated VPDN user L2TP message to an external network, and directly access an external internet resource by a PGW.
In the embodiment, the target IP address of the VPDN user network access flow is monitored by the PGW, when the target IP address is an external Internet address, the PGW decapsulates the L2TP message of the flow, and directly accesses the external Internet resource after source address conversion; and if the target IP address is the internal network IP address, the PGW sends the flow to the LNS through the L2TP tunnel and accesses the internal network, so that the VPDN user can directly access the Internet without switching APN.
Fig. 5 is a schematic structural diagram of another embodiment of a PGW of the present disclosure. The PGW includes a memory 510 and a processor 520. Wherein: the memory 510 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory 510 is used for storing instructions in the embodiments corresponding to fig. 1 and 2. Processor 520 is coupled to memory 510 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 520 is configured to execute instructions stored in memory.
In one embodiment, the PGW600 includes a memory 610 and a processor 620, as also shown in fig. 6. Processor 620 is coupled to memory 610 through a BUS 630. The PGW600 may also be coupled to an external storage device 650 via a storage interface 640 for external data transfer, and may also be coupled to a network or another computer system (not shown) via a network interface 660, which will not be described in detail herein.
In the embodiment, the data instruction is stored in the memory, and the instruction is processed by the processor, so that a user can access multiple networks by using the same APN without switching APNs, and the service use perception of the user is improved.
In another embodiment, a computer-readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the corresponding embodiments of fig. 1, 2. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (4)
1. A method for a virtual private dial-up network (VPDN) user to access the network comprises the following steps:
a public data network gateway (PGW) monitors a destination IP address of network flow accessed by a VPDN user in a second layer tunnel protocol L2TP tunnel, wherein the VPDN user accesses a plurality of destination networks through the same APN, and the network flow accessed by the VPDN user is a user L2TP message;
forwarding the VPDN user access network flow to a corresponding destination network according to the destination IP address of the VPDN user access network flow;
if the destination IP address of the VPDN user access network flow is an external network address, the PGW decapsulates the VPDN user access network flow, performs source address conversion on the decapsulated VPDN user access network flow, and forwards the decapsulated VPDN user access network flow to an external network;
and if the destination IP address of the VPDN user access network flow is an enterprise network address, the PGW forwards the VPDN user access network flow to an L2TP network server LNS through an L2TP tunnel.
2. A public data network gateway, PGW, comprising:
the system comprises a flow monitoring unit, a flow monitoring unit and a flow monitoring unit, wherein the flow monitoring unit is used for monitoring a destination IP address of network flow accessed by a VPDN user in a tunnel of a second layer tunneling protocol L2TP, the VPDN user accesses a plurality of destination networks through the same APN, and the network flow accessed by the VPDN user is a user L2TP message;
the flow forwarding unit is used for forwarding the VPDN user access network flow to a corresponding destination network according to a destination IP address of the VPDN user access network flow, wherein if the destination IP address of the VPDN user access network flow is an external network address, the VPDN user access network flow is decapsulated, source address conversion is carried out on the decapsulated VPDN user access network flow, and then the decapsulated VPDN user access network flow is forwarded to the external network; and if the destination IP address of the VPDN user access network flow is an enterprise network address, forwarding the VPDN user access network flow to an L2TP network server LNS through an L2TP tunnel.
3. A public data network gateway, PGW, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of claim 1 based on instructions stored in the memory.
4. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710969145.6A CN109688054B (en) | 2017-10-18 | 2017-10-18 | VPDN user internet surfing method and PGW |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710969145.6A CN109688054B (en) | 2017-10-18 | 2017-10-18 | VPDN user internet surfing method and PGW |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109688054A CN109688054A (en) | 2019-04-26 |
| CN109688054B true CN109688054B (en) | 2022-02-15 |
Family
ID=66183892
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710969145.6A Active CN109688054B (en) | 2017-10-18 | 2017-10-18 | VPDN user internet surfing method and PGW |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109688054B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110932940B (en) * | 2019-12-10 | 2021-08-06 | 北京奇艺世纪科技有限公司 | Source address translation service monitoring method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764757A (en) * | 2010-01-20 | 2010-06-30 | 华为技术有限公司 | Method, device and system for content accessing |
| CN103747116A (en) * | 2014-01-24 | 2014-04-23 | 杭州华三通信技术有限公司 | Business access method and device based on Layer 2 Tunneling Protocol (L2TP) |
| CN103841627A (en) * | 2012-11-22 | 2014-06-04 | 中国电信股份有限公司 | Method and system for using service provider services through VPDN (virtual private dialup network) |
| CN103873444A (en) * | 2012-12-14 | 2014-06-18 | 中国电信股份有限公司 | Method and business switching device for accessing outside network business when mobile terminal VPDN is online |
| CN106789725A (en) * | 2016-11-10 | 2017-05-31 | 瑞斯康达科技发展股份有限公司 | It is a kind of to realize the methods, devices and systems that flow is redirected |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6993037B2 (en) * | 2001-03-21 | 2006-01-31 | International Business Machines Corporation | System and method for virtual private network network address translation propagation over nested connections with coincident local endpoints |
| JP2003069609A (en) * | 2001-08-23 | 2003-03-07 | Fujitsu Ltd | System for providing virtual private network service |
| US8200773B2 (en) * | 2001-09-28 | 2012-06-12 | Fiberlink Communications Corporation | Client-side network access policies and management applications |
-
2017
- 2017-10-18 CN CN201710969145.6A patent/CN109688054B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764757A (en) * | 2010-01-20 | 2010-06-30 | 华为技术有限公司 | Method, device and system for content accessing |
| CN103841627A (en) * | 2012-11-22 | 2014-06-04 | 中国电信股份有限公司 | Method and system for using service provider services through VPDN (virtual private dialup network) |
| CN103873444A (en) * | 2012-12-14 | 2014-06-18 | 中国电信股份有限公司 | Method and business switching device for accessing outside network business when mobile terminal VPDN is online |
| CN103747116A (en) * | 2014-01-24 | 2014-04-23 | 杭州华三通信技术有限公司 | Business access method and device based on Layer 2 Tunneling Protocol (L2TP) |
| CN106789725A (en) * | 2016-11-10 | 2017-05-31 | 瑞斯康达科技发展股份有限公司 | It is a kind of to realize the methods, devices and systems that flow is redirected |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109688054A (en) | 2019-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107342952B (en) | Service link selection control method and equipment | |
| CN106982458A (en) | A kind of system of selection of network section and device | |
| EP3528439A1 (en) | Service routing method and system | |
| WO2015117401A1 (en) | Information processing method and device | |
| EP2945320A1 (en) | Method, device and routing system for data transmission of network virtualization | |
| US10165618B2 (en) | Service processing method and device | |
| WO2013120406A1 (en) | Construct Large-scale DVPN | |
| US10122548B2 (en) | Services execution | |
| WO2016101780A1 (en) | Method and device for deploying service in virtualized network | |
| CN104811922A (en) | Adjacent node registration method and the device and cross-node registration method and system | |
| CN108075927A (en) | Network-building method, privately owned cloud platform and storage medium | |
| WO2017079647A1 (en) | Automatic provisioning of lisp mobility networks | |
| CN109788491B (en) | Method, device and system for managing slice migration | |
| CN105100002A (en) | Attribute operation method and device | |
| CN109688054B (en) | VPDN user internet surfing method and PGW | |
| CN111263346B (en) | User plane selection method, system and access control network element | |
| WO2018215816A1 (en) | Handover at network edge | |
| WO2015024373A1 (en) | Virtual machine communication method and device | |
| CN105264833B (en) | A kind of service path calculation method and device | |
| CN108023774B (en) | Cross-gateway migration method and device | |
| CN108156066B (en) | Message forwarding method and device | |
| US10972356B2 (en) | Method for selecting negotiation counterpart, method for responding to discovery message, and related apparatus | |
| EP2908479A1 (en) | Method, apparatus and system for implementing tunnel processing | |
| WO2015054276A1 (en) | Mobility integration with fabric enabled network | |
| CN114629844A (en) | Message forwarding method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |