CN109962831B - Virtual client terminal device, router, storage medium, and communication method - Google Patents

Virtual client terminal device, router, storage medium, and communication method Download PDF

Info

Publication number
CN109962831B
CN109962831B CN201711338459.2A CN201711338459A CN109962831B CN 109962831 B CN109962831 B CN 109962831B CN 201711338459 A CN201711338459 A CN 201711338459A CN 109962831 B CN109962831 B CN 109962831B
Authority
CN
China
Prior art keywords
level
home
home gateway
client terminal
virtual client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711338459.2A
Other languages
Chinese (zh)
Other versions
CN109962831A (en
Inventor
龚霞
陈华南
朱永庆
梁洁
黄灿灿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201711338459.2A priority Critical patent/CN109962831B/en
Publication of CN109962831A publication Critical patent/CN109962831A/en
Application granted granted Critical
Publication of CN109962831B publication Critical patent/CN109962831B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/54Presence management, e.g. monitoring or registration for receipt of user log-on information, or the connection status of the users
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure discloses a virtual client terminal device, a router, a storage medium and a communication method, and relates to the field of communication. The virtual client terminal device is deployed in a multi-service edge router, and the network function of the virtual client terminal device is realized according to a control plane of the multi-service edge router. By deploying the vCPE in the MSE, the complex information interaction process of the vCPE and the MSE can be avoided.

Description

Virtual client terminal device, router, storage medium, and communication method
Technical Field
The present disclosure relates to the field of communications, and in particular, to a virtual client terminal device, a multi-service edge router, a computer-readable storage medium, and a communication method.
Background
The vCPE (virtual Customer Premises Equipment) refers to that part of network functions of the home gateway, such as routing management, DHCP (dynamic host configuration protocol), DNS (domain name system), etc., are carried by a virtualization software manner, so as to reduce the complexity of the home gateway.
At present, vCPE is mostly realized based on an X86 server, and management and service loading of a home network are realized in a mode that a virtual machine is hung outside an MSE (multi-service edge router).
Disclosure of Invention
The inventor finds that the interaction process of the vCPE and the MSE information is complex due to the plug-in implementation mode of the vCPE.
It is an object of embodiments of the present disclosure to: and the information interaction process of the vCPE and the MSE is simplified.
It is yet another object of embodiments of the present disclosure to: the unified management of the home network is realized, and the two-stage management of the device level and the home level is further realized.
It is another object of embodiments of the present disclosure to: the unified control of the home network is realized, and the two-stage control of the equipment level and the home level is further realized.
One aspect of the present disclosure provides a virtual customer end device, where the virtual customer end device is deployed in a multi-service edge router, and a network function of the virtual customer end device is implemented according to a control plane of the multi-service edge router.
Optionally, the virtual client terminal device or a device-level authentication module included in the virtual client terminal device is configured to perform device-level authentication on the terminal in response to a first access request sent by the terminal through a home gateway, and return a home gateway identifier to the home gateway after the device-level authentication is passed, so as to identify a home network to which the terminal belongs, where the first access request carries an identifier of the terminal.
Optionally, the virtual client terminal device or a home-level authentication module included in the virtual client terminal device is configured to respond to a second access request sent by the home gateway, and perform home-level authentication on the home gateway, where the second access request carries the home gateway identifier.
Optionally, the virtual client terminal device or a management module included in the virtual client terminal device is configured to collect and manage home-level status information of the home gateway according to the home gateway identifier, or collect and manage device-level status information of the accessed terminal through the home gateway according to the identifier of the terminal.
Optionally, the virtual client terminal device or a control module included in the virtual client terminal device is configured to issue, according to the home gateway identifier, home-level policy control information to the home gateway, or is configured to issue, according to the identifier of the terminal, device-level policy control information to the home gateway.
Optionally, the virtual client terminal device or the home-level authentication module is configured to return home-level configuration information to the home gateway after the home-level authentication is passed.
Optionally, the virtual client terminal device or the device-level authentication module is configured to return device-level configuration information to the home gateway after the device-level authentication is passed.
Yet another aspect of the present disclosure proposes a multi-service edge router, in which the aforementioned virtual customer premises equipment is deployed.
Another aspect of the disclosure proposes a computer-readable storage medium on which a computer program is stored which, when executed by a processor, implements the functionality of the aforementioned virtual client terminal device.
Yet another aspect of the present disclosure proposes a communication method, including:
responding a first access request sent by a terminal through a home gateway by virtual client terminal equipment deployed in a multi-service edge router, performing equipment-level authentication on the terminal, and returning a home gateway identifier to the home gateway after the equipment-level authentication is passed so as to identify a home network to which the terminal belongs, wherein the first access request carries an identifier of the terminal;
and responding to a second access request sent by the home gateway, and performing home-level authentication on the home gateway, wherein the second access request carries the home gateway identifier.
Optionally, the communication method further includes: and the virtual client terminal equipment acquires and manages home-level state information of the home gateway according to the home gateway identification, or acquires and manages the accessed terminal equipment-level state information through the home gateway according to the identification of the terminal.
Optionally, the communication method further includes: and the virtual client terminal equipment issues the family-level strategy control information to the family gateway according to the family gateway identification, or is used for issuing the equipment-level strategy control information to the family gateway according to the identification of the terminal.
By deploying the vCPE in the MSE, the complex information interaction process of the vCPE and the MSE can be avoided. In addition, the vCPE also realizes the access authentication function of a device level and a family level, the two-level management of the device level and the family level and the two-level control of the device level and the family level.
Drawings
The drawings that will be used in the description of the embodiments or the related art will be briefly described below. The present disclosure will be more clearly understood from the following detailed description, which proceeds with reference to the accompanying drawings,
it is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without undue inventive faculty.
Fig. 1 is a network schematic diagram of a vCPE deployment of the present disclosure.
Fig. 2 is a flow chart of an embodiment of the communication method of the present disclosure.
Fig. 3 is a schematic structural diagram of an embodiment of a virtual client terminal device according to the present disclosure.
Fig. 4 is a schematic diagram of an implementation architecture of the MSE-based vCPE of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure.
Fig. 1 is a network schematic diagram of a vCPE deployment of the present disclosure.
As shown in fig. 1, a home network accesses the Internet (Internet) through a home gateway (which may be a thin home gateway, for example), an access device, an aggregation device, and an MSE (multi-service edge router). The MSE is provided with vCPE, and the network function of the vCPE is realized according to the control plane of the MSE. As shown in fig. 4, the vCPE is a module that is implemented on a software platform of the MSE and can share MSE-related resources, and can share resources of the MSE such as user management, address management, route management, policy management, and the like. The vCPE is loaded in a virtualization software mode, and partial network functions of the home gateway, such as routing management, DHCP (dynamic host configuration protocol), DNS (domain name system) and the like, can be realized, so that the complexity of the home gateway is reduced. The home network is physically connected with the home gateway, the access device, the convergence device, the MSE and the Internet. The vCPE is logically connected with the home gateway and the home network and can intercommunicate information. By deploying the vCPE in the MSE, the complex information interaction process of the vCPE and the MSE can be avoided.
The vCPE realizes the access authentication function of the equipment level and the family level, the two-level management of the equipment level and the family level and the two-level control of the equipment level and the family level. Described below in conjunction with fig. 2.
Fig. 2 is a flow chart of an embodiment of the communication method of the present disclosure.
Step 210, the vCPE performs equipment-level authentication, which includes the following steps 211-214:
step 211, the terminal in the home network goes online and sends a DHCP discover message to the home gateway.
Step 212, the home gateway sends a first Access Request (Access-Request1) to the vCPE, where the first Access Request carries an identifier (device ID) of the terminal.
Step 213, the vCPE performs device-level authentication on the terminal, and after the device-level authentication is passed, returns a first Access-Accept (Access-Accept1) message to the home gateway, where the message carries a home gateway identifier (HG ID) to identify a home network to which the terminal belongs, and may also carry a device ID and device-level configuration information (device config) of the terminal.
For example, the device-level authentication may check whether access requirement information such as a type, an identification (device ID), a MAC (media access control) address, etc. of the terminal is provided. If the necessary access requirement information is provided, the device level authentication passes.
The device-level configuration information includes, for example, information such as device IP address, access right, available bandwidth, and the like.
The home gateway sends a DHCP offer message to the terminal, step 214.
Step 220, if the home network identified by the home gateway identification (HG ID) is not authenticated, the vCPE performs home-level authentication, which includes the following steps 225 to 228:
step 225, the home gateway sends a second Access Request (Access-Request2) to the vCPE, where the second Access Request carries a home gateway identifier (HG ID).
Step 226, the vCPE performs home-level authentication on the home gateway, and the vCPE forwards the second access request to the authentication server for authentication.
For example, the home-level authentication may be to check whether the home account is legal, and if so, the home-level authentication is passed.
The Authentication server is, for example, an AAA (Authentication, Authorization, Accounting, Authentication, Authorization, and Accounting) server.
Step 227, the authentication server checks whether the home account is legal, and if so, returns a second Access-Accept (Access-Accept2) message to the vCPE, wherein the message carries the home gateway identifier (HG ID).
In step 228, the vCPE returns a second Access-Accept (Access-Accept2) message to the home gateway, where the message carries a home gateway identifier (HG ID) and home-level configuration information (home config).
The family level configuration information comprises a public network IP address, a private network IP address section, a link connection type, a lease period and the like.
After the aforementioned device-level authentication and home-level authentication pass, optionally, step 230(vCPE implements two-level management functions of device level and home level) or step 240(vCPE implements two-level control functions of device level and home level) is performed.
Step 230, the vCPE performs device-level management or home-level management.
The family level management comprises the following steps: and the vCPE acquires and manages home-level state information of the home gateway according to the home gateway identifier. The family level status information includes, for example, a family account number, the number of terminals in the family network, a traffic status, a family-related traffic policy, and the like. The management is, for example, maintaining home-level status information.
The device level management comprises: and the vCPE acquires and manages the equipment-level state information of the accessed terminal through the home gateway according to the identification of the terminal. The device-level status information includes, for example, a private network IP of a terminal in each home network, a traffic condition, a device-related traffic policy, device failure information, and the like. The management is, for example, maintaining device level status information.
Step 240, the vCPE performs device-level control or home-level control.
The family level control comprises: and the vCPE issues the family-level strategy control information to the home gateway according to the home gateway identification. The policy control information of the home level includes, for example, bandwidth limitation of the entire home network, a home level ACL (access control list) policy, and the like.
The device level control comprises: and the vCPE issues the strategy control information of the equipment level to the home gateway according to the identification of the terminal. The device-level policy control information includes, for example, a bandwidth limit of each terminal in the home network, a device-level ACL policy, a parental control policy (internet rights of a certain device can be limited by a home account, and the like).
Therefore, the vCPE realizes the access authentication function of equipment level and family level, the two-level management function of equipment level and family level and the two-level control function of equipment level and family level.
Fig. 3 is a schematic structural diagram of an embodiment of a virtual client terminal device according to the present disclosure.
As shown in fig. 3, the virtual client terminal device includes a device-level authentication module 310, configured to perform device-level authentication on the terminal in response to a first access request sent by the terminal through a home gateway, and return a home gateway identifier to the home gateway after the device-level authentication is passed, so as to identify a home network to which the terminal belongs, where the first access request carries an identifier of the terminal. The device-level authentication module 310 is further configured to return device-level configuration information to the home gateway after the device-level authentication is passed.
As shown in fig. 3, the virtual client terminal device further includes a home-level authentication module 320, configured to perform home-level authentication on the home gateway in response to a second access request sent by the home gateway, where the second access request carries a home gateway identifier. The home-level authentication module 320 is further configured to return home-level configuration information to the home gateway after the home-level authentication is passed.
As shown in fig. 3, the virtual client terminal device further includes a management module 330, configured to collect and manage home-level status information for the home gateway according to the home gateway identifier, or collect and manage device-level status information for an accessed terminal through the home gateway according to the terminal identifier.
As shown in fig. 3, the virtual client terminal device further includes a control module 340, configured to issue the home-level policy control information to the home gateway according to the home gateway identifier, or, configured to issue the device-level policy control information to the home gateway according to the terminal identifier.
Therefore, the virtual customer premise equipment (vCPE) realizes the access authentication function of equipment level and family level, the two-level management function of equipment level and family level and the two-level control function of equipment level and family level.
The present disclosure proposes a computer-readable storage medium on which a computer program is stored which, when executed by a processor, implements the functionality of the aforementioned virtual client terminal device.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only exemplary of the present disclosure and is not intended to limit the present disclosure, so that any modification, equivalent replacement, or improvement made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.

Claims (11)

1. A virtual customer end device deployed in a multi-service edge router, a network function of the virtual customer end device being implemented according to a control plane of the multi-service edge router, comprising: the virtual client terminal equipment is realized on a software platform of the multi-service edge router, shares at least one relevant resource of user management, address management, route management and policy management of the multi-service edge router, and is loaded in a virtualization software mode to realize at least one network function of route management, a dynamic host configuration protocol and a domain name system.
2. The virtual client terminal device according to claim 1, wherein the virtual client terminal device or the device-level authentication module included in the virtual client terminal device is configured to perform device-level authentication on the terminal in response to a first access request sent by the terminal through a home gateway, and return a home gateway identifier to the home gateway after the device-level authentication is passed, so as to identify a home network to which the terminal belongs, where the first access request carries an identifier of the terminal.
3. The virtual client terminal device according to claim 2, wherein the virtual client terminal device or the home-level authentication module included in the virtual client terminal device is configured to perform home-level authentication on the home gateway in response to a second access request sent by the home gateway, where the second access request carries the home gateway identifier.
4. The virtual client terminal device according to claim 3, wherein the virtual client terminal device or the management module included in the virtual client terminal device is configured to collect and manage home-level status information of the home gateway according to the home gateway identifier, or collect and manage device-level status information of the accessed terminal through the home gateway according to the identifier of the terminal.
5. The virtual client terminal device according to claim 3, wherein the virtual client terminal device or the control module included in the virtual client terminal device is configured to issue, to the home gateway, home-level policy control information according to the home gateway identifier, or is configured to issue, to the home gateway, device-level policy control information according to the terminal identifier.
6. The virtual client terminal device of claim 3,
the virtual client terminal equipment or the home-level authentication module is used for returning home-level configuration information to the home gateway after home-level authentication is passed;
and the virtual client terminal equipment or the equipment-level authentication module is used for returning equipment-level configuration information to the home gateway after the equipment-level authentication is passed.
7. A multi-service edge router in which a virtual customer premises equipment according to any one of claims 1 to 6 is deployed.
8. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, realizes the functions of the virtual client terminal device according to any one of claims 2 to 6.
9. A method of communication, comprising:
the virtual client terminal device deployed in the multi-service edge router according to claim 1, in response to a first access request sent by a terminal through a home gateway, performs device-level authentication on the terminal, and after the device-level authentication is passed, returns a home gateway identifier to the home gateway to identify a home network to which the terminal belongs, where the first access request carries an identifier of the terminal;
and responding to a second access request sent by the home gateway, and performing home-level authentication on the home gateway, wherein the second access request carries the home gateway identifier.
10. The communication method of claim 9, further comprising:
and the virtual client terminal equipment acquires and manages home-level state information of the home gateway according to the home gateway identification, or acquires and manages the accessed terminal equipment-level state information through the home gateway according to the identification of the terminal.
11. The communication method of claim 9, further comprising:
and the virtual client terminal equipment issues the family-level strategy control information to the family gateway according to the family gateway identification, or is used for issuing the equipment-level strategy control information to the family gateway according to the identification of the terminal.
CN201711338459.2A 2017-12-14 2017-12-14 Virtual client terminal device, router, storage medium, and communication method Active CN109962831B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711338459.2A CN109962831B (en) 2017-12-14 2017-12-14 Virtual client terminal device, router, storage medium, and communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711338459.2A CN109962831B (en) 2017-12-14 2017-12-14 Virtual client terminal device, router, storage medium, and communication method

Publications (2)

Publication Number Publication Date
CN109962831A CN109962831A (en) 2019-07-02
CN109962831B true CN109962831B (en) 2021-08-17

Family

ID=67017897

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711338459.2A Active CN109962831B (en) 2017-12-14 2017-12-14 Virtual client terminal device, router, storage medium, and communication method

Country Status (1)

Country Link
CN (1) CN109962831B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115276942A (en) * 2022-08-24 2022-11-01 中国电信股份有限公司 Network data reporting method and device, electronic equipment and nonvolatile storage medium

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090092431A (en) * 2008-02-27 2009-09-01 삼성전자주식회사 Apparatus and method for transmitting coexistence beacon protocol in cognitive radio system
CN105323229B (en) * 2014-07-31 2019-01-08 中国移动通信集团公司 A kind of data transmission method based on CPE, network element, platform and system
US9967852B2 (en) * 2015-03-23 2018-05-08 Verizon Digital Media Services Inc. CPE network configuration systems and methods
CN105978708B (en) * 2016-04-27 2019-11-12 赛特斯信息科技股份有限公司 The system and method for vCPE virtualization enterprise network is realized based on NFV
CN106059994B (en) * 2016-04-29 2020-02-14 华为技术有限公司 Data transmission method and network equipment
CN106130840B (en) * 2016-07-15 2019-04-30 武汉邮电科学研究院 A kind of fixation, mobile broadband fusion access planar network architecture
CN106533883B (en) * 2016-11-16 2019-05-28 中国联合网络通信集团有限公司 A kind of method for building up, the apparatus and system of network special line

Also Published As

Publication number Publication date
CN109962831A (en) 2019-07-02

Similar Documents

Publication Publication Date Title
CN103580980B (en) The method and device thereof that virtual network finds and automatically configures automatically
US9154378B2 (en) Architecture for virtualized home IP service delivery
US9331998B2 (en) Dynamic secured network in a cloud environment
EP3117562B1 (en) Zero touch deployment of multi-tenant service in a home network environment
US9967237B2 (en) Systems and methods for implementing a layer two tunnel for personalized service functions
CN106464534B (en) Sheet for provisioning and managing customer premises equipment devices
US20100275248A1 (en) Method, apparatus and system for selecting service network
CN105228121B (en) Subscriber management using REST-like interface
US11671363B2 (en) Method and apparatus for cross-service-zone communication, and data center network
WO2018019299A1 (en) Virtual broadband access method, controller, and system
EP3108643B1 (en) Ipoe dual-stack subscriber for routed residential gateway configuration
CN114070723B (en) Virtual network configuration method and system of bare metal server and intelligent network card
US11265244B2 (en) Data transmission method, PNF SDN controller, VNF SDN controller, and data transmission system
US20230283589A1 (en) Synchronizing dynamic host configuration protocol snoop information
US9438475B1 (en) Supporting relay functionality with a distributed layer 3 gateway
US10439877B2 (en) Systems and methods for enabling wide area multicast domain name system
CN109962831B (en) Virtual client terminal device, router, storage medium, and communication method
EP3836487A1 (en) Internet access behavior management system, device and method
CN107046568B (en) Authentication method and device
CN113556337A (en) Terminal address identification method, network system, electronic device and storage medium
CN114765601A (en) Address prefix obtaining method and device
EP2804346B1 (en) Method and system for discovering dlna device automatically
US10382274B2 (en) System and method for wide area zero-configuration network auto configuration
EP3726789A1 (en) Load sharing method, device, and system and computer readable storage medium
CN116033020B (en) Method, device, equipment and storage medium for enhancing physical gateway computing power

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant