CN110022310B - Authorization method and device based on cloud computing open network operating system - Google Patents

Authorization method and device based on cloud computing open network operating system Download PDF

Info

Publication number
CN110022310B
CN110022310B CN201910199825.3A CN201910199825A CN110022310B CN 110022310 B CN110022310 B CN 110022310B CN 201910199825 A CN201910199825 A CN 201910199825A CN 110022310 B CN110022310 B CN 110022310B
Authority
CN
China
Prior art keywords
authentication server
network equipment
configuration
configuration authorization
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910199825.3A
Other languages
Chinese (zh)
Other versions
CN110022310A (en
Inventor
陈小龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Star Net Ruijie Networks Co Ltd
Original Assignee
Beijing Star Net Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Star Net Ruijie Networks Co Ltd filed Critical Beijing Star Net Ruijie Networks Co Ltd
Priority to CN201910199825.3A priority Critical patent/CN110022310B/en
Publication of CN110022310A publication Critical patent/CN110022310A/en
Application granted granted Critical
Publication of CN110022310B publication Critical patent/CN110022310B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0889Techniques to speed-up the configuration process
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/18Multiprotocol handlers, e.g. single devices capable of handling multiple protocols

Abstract

The invention discloses an authorization method based on a cloud computing open network operating System (SONiC), which is applied to network equipment and comprises the following steps: the network equipment receives command lines of configuration authorization operation in different protocol formats input by a user; configuring a mapping relation between a network equipment interface identifier and an authentication server interface calling address and sending the mapping relation to an authentication server; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation; and sending the network equipment interface identifier corresponding to the received configuration authorization operation to the authentication server according to the mapping relation, so that the authentication server carries out authorization processing on the configuration authorization operation of the network equipment according to the mapping relation and the network equipment interface identifier. The embodiment of the invention can solve the problem of network equipment authorization failure in the SONiC system in the prior art.

Description

Authorization method and device based on cloud computing open network operating system
Technical Field
The invention relates to the technical field of internet data transmission, in particular to an authorization method and device based on a Cloud computing Open network operating System (SONiC).
Background
SONiC is a system which is provided by Microsoft and is based on Debian GNU/Linux and developed in the interior, the system comprises a code toolkit and a kernel patch, the network switch can be adjusted according to the requirements of users, the dependence on firmware from a network equipment provider is reduced, and the work of the network switch can be comprehensively taken over.
AAA is short for Authentication, Authorization and Accounting, and is a security management mechanism for access control in network security, and is used to provide three security services, namely Authentication, Authorization and Accounting, and provide services of corresponding levels for users with access rights. The AAA adopts a client/Server model, the client operates on a Network Access Server (NAS), and the AAA Server centrally manages client information. The AAA server typically works in conjunction with network access control, gateway servers, and network element devices including databases of user information, directories, etc. The existing SONiC carries out AAA authorization, a plurality of processes occupy system overhead, and a common server can only carry simultaneous authentication of hundreds of devices. The more the equipment, the larger the configuration file is, the configuration files between the main server and the standby server need to be synchronized; when the network equipment is changed, the configuration files between the network equipment and the server cannot keep consistency; and the configuration commands of all network devices can be successfully executed in the network devices after being authorized by the authentication server AAA, so that the AAA authentication model fails to issue the configuration commands in the network devices due to the command authorization problem in the SONiC system. And when the network element managed by the network management is increased from a thousand level to a 10 ten thousand level, the configuration file corresponding to the 10 ten thousand level is larger, the more the transmitted data volume is, and the performance bottleneck is easily generated by the server.
Disclosure of Invention
The embodiment of the invention provides an authorization method and device based on SONiC, which are used for solving the problem of network equipment authorization failure in a SONiC system in the prior art.
A method for authorization based on a SONiC, the SONiC operating in a network device, the method applied to the network device, comprising:
the network equipment receives command lines of configuration authorization operation in different protocol formats input by a user;
configuring a mapping relation between a network equipment interface identifier and an authentication server interface calling address and sending the mapping relation to an authentication server; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
and sending the network equipment interface identifier corresponding to the received configuration authorization operation to the authentication server according to the mapping relation, so that the authentication server carries out authorization processing on the configuration authorization operation of the network equipment according to the mapping relation and the network equipment interface identifier.
Further, before configuring the mapping relationship between the network device interface identifier and the authentication server interface calling address, the method further includes:
adding command paths of all command lines belonging to the same configuration authorization operation to the environment variable;
correspondingly, the configuring the mapping relationship between the network device interface identifier and the authentication server interface calling address specifically includes:
and configuring the mapping relation between the environment variable of the authorized operation and the interface calling address of the authentication server by the network equipment.
The configuring of the mapping relationship between the network device interface identifier and the authentication server interface call address specifically includes:
configuring a mapping relation between a network equipment interface identifier and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an API identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
An authorization method based on SONiC, the SONiC runs in network equipment, the method is applied to an authentication server, and comprises the following steps:
the authentication server receives the mapping relation between the network equipment interface identification and the authentication server interface calling address sent by the network equipment; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
receiving a network equipment interface identifier corresponding to configuration authorization operation sent by network equipment through an authentication server interface calling address;
judging whether the configuration data of the configuration authorization operation request is authorized or not according to the network equipment interface identifier and the mapping relation;
and if the configuration data is authorized, sending the configuration data to the network equipment.
The step of receiving, by the authentication server, a mapping relationship between a network device interface identifier sent by the network device and an authentication server interface call address includes:
the authentication server receives a mapping relation between a network equipment interface identifier sent by the network equipment and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
Wherein the sending the configuration data to the network device includes:
and when the data volume of the configuration data is larger than a preset threshold value, sending the configuration data to the network equipment by adopting a JS object numbered notation (JSON) format.
A SONiC-based authorization apparatus, the SONiC operating in a network device, the apparatus being applied to the network device, comprising: the device comprises a receiving module, a configuration module and a sending module; wherein the content of the first and second substances,
the receiving module is used for receiving command lines of configuration authorization operation in different protocol formats input by a user;
the configuration module is used for configuring the mapping relation between the network equipment interface identifier and the authentication server interface calling address; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
the sending module is used for sending the mapping relation to an authentication server; and the authentication server is further configured to send the network device interface identifier corresponding to the received configuration authorization operation to the authentication server according to the mapping relationship, so that the authentication server performs authorization processing on the configuration authorization operation of the network device according to the mapping relationship and the network device interface identifier.
Further, the configuration module is further configured to add command paths of all command lines belonging to the same configuration authorization operation to the environment variable before configuring the mapping relationship between the network device interface identifier and the authentication server interface call address;
correspondingly, the configuration module configures a mapping relationship between the network device interface identifier and the authentication server interface calling address, specifically:
and configuring the mapping relation between the environment variable of the authorized operation and the interface calling address of the authentication server by the network equipment.
The configuration module configures a mapping relationship between the network device interface identifier and the authentication server interface calling address, and specifically includes:
configuring a mapping relation between a network equipment interface identifier and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an API identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
A SONiC-based authorization apparatus, the SONiC operating in a network device, the apparatus being applied to an authentication server, comprising: the device comprises a first receiving unit, a second receiving unit, a judging unit and a sending unit; wherein the content of the first and second substances,
the first receiving unit is configured to receive a mapping relationship between a network device interface identifier sent by the network device and an authentication server interface call address; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
the second receiving unit is used for receiving a network equipment interface identifier corresponding to the configuration authorization operation sent by the network equipment through the authentication server interface calling address;
the judging unit is used for judging whether the configuration data of the configuration authorization operation request is authorized according to the network equipment interface identifier and the mapping relation;
the sending unit is configured to send the configuration data to the network device if the configuration data is authorized.
The first receiving unit receives a mapping relationship between a network device interface identifier sent by the network device and an authentication server interface calling address, and specifically includes:
receiving a mapping relation between a network equipment interface identifier and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
The sending unit sends the configuration data to the network device, and specifically includes:
and if the configuration data are authorized, and when the data volume of the configuration data is larger than a preset threshold value, sending the configuration data to the network equipment by adopting a JS object numbered notation (JSON) format.
The invention has the following beneficial effects:
according to the authorization method and device based on SONiC provided by the embodiment of the invention, the network equipment can be compatible with data in different protocol formats by configuring the mapping relation between the network equipment interface identifier and the authentication server interface calling address and synchronizing the mapping relation to the authentication server, the consistency of the authorization file configuration between the network equipment and the authentication server is ensured, the problem of wrong command line configuration authorization is solved, the configuration authorization accuracy is improved, the transmitted data format can be determined according to the data quantity of the configuration data, and the configuration efficiency can be improved.
Drawings
Fig. 1 is a flowchart of a SONiC-based authorization method according to an embodiment of the present invention;
fig. 2 is another flowchart of a SONiC-based authorization method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a SONiC-based authorization apparatus according to an embodiment of the present invention;
fig. 4 is another structural diagram of a SONiC-based authorization apparatus according to an embodiment of the present invention.
Detailed Description
Aiming at the problem of failed authorization of network equipment under a SONiC system in the prior art, the SONiC-based authorization method provided by the embodiment of the invention realizes compatibility of data in different protocol formats by configuring the mapping relation between the interface identifier of the network equipment and the interface calling address of the authentication server and synchronizing the mapping relation to the authentication server, thereby ensuring the consistency of the configuration authorization file between the network equipment and the authentication server. The flow of the method of the present invention is shown in fig. 1, the SONiC runs in a network device, and the method is applied to the network device and executed as follows:
step 101, a network device receives command lines of configuration authorization operation in different protocol formats input by a user;
when the authentication client is initially accessed to the network device, the Command Line is input through a Command-Line Interface (CLI) of the network device, the Command Line operations need to be sent to the authentication server for identity authentication and authorization, and the configuration can be issued on the network device after the authorization is successful. Due to the diversification of communication protocols of the authentication client device, the input command line can also be a command line of configuration authorization operation in various different protocol formats.
102, configuring a mapping relation between a network equipment interface identifier and an authentication server interface calling address and sending the mapping relation to an authentication server; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
a configuration authorization operation typically includes a plurality of command lines, and if one of the plurality of command lines is not authorized by the authentication server, the configuration authorization operation is rejected; at present, because the authentication clients installed on the network equipment are various, the authentication server can have the problem of incomplete identification for command lines with various protocol formats, all the command lines belonging to the same configuration authorization operation are identified into configuration authorization information through the step, and then the authentication server can identify all the command lines belonging to the same configuration authorization operation through configuring the mapping relation between the network equipment interface identification including the configuration authorization information and the authentication server interface calling address.
Here, the network device interface identifier includes an application programming interface API identifier of a configuration authorization operation, a protocol type, configuration authorization information, and an IP address; the authentication server interface calling address comprises an API identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
Step 103, sending the received network device interface identifier corresponding to the configuration authorization operation to the authentication server according to the mapping relationship, so that the authentication server can obtain the network device according to the mapping relationship.
Here, according to the received command line of the configuration authorization operation, the network device interface identifier corresponding to the configuration authorization operation is determined, and the determined network device interface identifier is sent to the authentication server.
Further, before configuring the mapping relationship between the network device interface identifier and the authentication server interface calling address in step 102, the method further includes:
adding command paths of all command lines belonging to the same configuration authorization operation to the environment variable;
correspondingly, the configuring the mapping relationship between the network device interface identifier and the authentication server interface calling address specifically includes:
and configuring the mapping relation between the environment variable of the authorized operation and the interface calling address of the authentication server by the network equipment.
In step 102, the configuring a mapping relationship between the network device interface identifier and the authentication server interface call address specifically includes:
configuring a mapping relation between a network equipment interface identifier and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an API identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
An embodiment of the present invention further provides an authorization method based on a SONiC, where an implementation flow is shown in fig. 2, the SONiC runs in a network device, and the method is applied to an authentication server and executed as follows:
step 201, an authentication server receives a mapping relation between a network device interface identifier sent by the network device and an authentication server interface calling address; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
a configuration authorization operation typically includes a plurality of command lines, and if one of the plurality of command lines is not authorized by the authentication server, the configuration authorization operation is rejected; the authentication server identifies all command lines belonging to the same configuration authorization operation as configuration authorization information, receives the mapping relation between the network equipment interface identification including the configuration authorization message and the authentication server interface calling address configured by the network equipment, and can identify all command lines belonging to the same configuration authorization operation so as to avoid the problem of configuration authorization failure.
Here, the network device interface identifier includes an application programming interface API identifier of a configuration authorization operation, a protocol type, configuration authorization information, and an IP address; the authentication server interface calling address comprises an API identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
Step 202, receiving a network equipment interface identifier corresponding to a configuration authorization operation sent by a network equipment through an authentication server interface calling address;
step 203, judging whether the configuration data of the configuration authorization operation request is authorized according to the network equipment interface identifier and the mapping relation;
here, whether the configuration data is authorized refers to that the authentication server has agreed to the configuration authorization operation for authorizing the configuration data to the network device.
Step 204, if the configuration data is authorized, sending the configuration data to the network device.
Further, here, when the configuration data is unauthorized, the authentication server calls an address response to reject the request configuration information to the network device through the authentication server interface.
In step 201, the receiving, by the authentication server, a mapping relationship between a network device interface identifier sent by the network device and an authentication server interface call address includes:
the authentication server receives a mapping relation between a network equipment interface identifier sent by the network equipment and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
Step 204, sending the configuration data to the network device, including:
and when the data volume of the configuration data is larger than a preset threshold value, sending the configuration data to the network equipment by adopting a JS object numbered notation (JSON) format. And when the data flow of the configuration data is less than or equal to a preset threshold value, the configuration data is still sent to the network equipment by adopting a default XML format.
According to the authorization method and device based on SONiC provided by the embodiment of the invention, the network equipment can be compatible with data in different protocol formats by configuring the mapping relation between the network equipment interface identifier and the authentication server interface calling address and synchronizing the mapping relation to the authentication server, the consistency of the authorization file configuration between the network equipment and the authentication server is ensured, the problem of wrong command line configuration authorization is solved, the configuration authorization accuracy is improved, the transmitted data format can be determined according to the data quantity of the configuration data, and the configuration efficiency can be improved.
Based on the same inventive concept, an embodiment of the present invention provides an authorization apparatus based on a SONiC, where the SONiC operates in a network device, and the apparatus may be configured in the network device, and a structure of the apparatus is shown in fig. 3, where the apparatus includes: a receiving module 31, a configuration module 32, and a transmitting module 33; wherein the content of the first and second substances,
the receiving module 31 is configured to receive command lines of configuration authorization operations in different protocol formats, which are input by a user;
the configuration module 32 is configured to configure a mapping relationship between the network device interface identifier and the authentication server interface calling address; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
the sending module 33 is configured to send the mapping relationship to an authentication server; and the authentication server is further configured to send the network device interface identifier corresponding to the received configuration authorization operation to the authentication server according to the mapping relationship, so that the authentication server performs authorization processing on the configuration authorization operation of the network device according to the mapping relationship and the network device interface identifier.
Further, the configuration module 32 is further configured to add command paths of all command lines belonging to the same configuration authorization operation to the environment variable before configuring the mapping relationship between the network device interface identifier and the authentication server interface call address;
correspondingly, the configuration module 32 configures a mapping relationship between the network device interface identifier and the authentication server interface calling address, specifically:
and configuring the mapping relation between the environment variable of the authorized operation and the interface calling address of the authentication server by the network equipment.
The configuring module 32 configures a mapping relationship between the network device interface identifier and the authentication server interface calling address, and specifically includes:
configuring a mapping relation between a network equipment interface identifier and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an API identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
Based on the same inventive concept, an embodiment of the present invention further provides an authorization apparatus based on a SONiC, where the SONiC operates in a network device, and the apparatus may be disposed in an authentication server, and a structure of the apparatus is shown in fig. 4, where the apparatus includes: a first receiving unit 41, a second receiving unit 42, a judging unit 43, and a transmitting unit 44; wherein the content of the first and second substances,
the first receiving unit 41 is configured to receive a mapping relationship between a network device interface identifier sent by the network device and an authentication server interface call address; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
the second receiving unit 42 is configured to receive, through the authentication server interface call address, a network device interface identifier corresponding to a configuration authorization operation sent by a network device;
the determining unit 43 is configured to determine whether the configuration data of the configuration authorization operation request is authorized according to the network device interface identifier and the mapping relationship;
the sending unit 44 is configured to send the configuration data to the network device if the configuration data is authorized.
The first receiving unit 41 receives a mapping relationship between a network device interface identifier sent by the network device and an authentication server interface call address, specifically:
receiving a mapping relation between a network equipment interface identifier and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
The sending unit 44 is specifically configured to:
and if the configuration data are authorized, and when the data volume of the configuration data is larger than a preset threshold value, sending the configuration data to the network equipment by adopting a JS object numbered notation (JSON) format.
It should be understood that the implementation principle and the process of the authorization apparatus based on the cloud computing open network operating system SONiC according to the embodiment of the present invention are similar to those in the embodiments shown in fig. 1 and fig. 2, and are not described herein again.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While alternative embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following appended claims be interpreted as including alternative embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit or scope of the embodiments of the invention. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to encompass such modifications and variations.

Claims (12)

1. An authorization method based on a cloud computing open network operating System (SONiC), wherein the SONiC runs in a network device, and the method is applied to the network device and comprises the following steps:
the network equipment receives command lines of configuration authorization operation in different protocol formats input by a user;
configuring a mapping relation between a network equipment interface identifier and an authentication server interface calling address and sending the mapping relation to an authentication server; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
and sending the network equipment interface identifier corresponding to the received configuration authorization operation to the authentication server according to the mapping relation, so that the authentication server carries out authorization processing on the configuration authorization operation of the network equipment according to the mapping relation and the network equipment interface identifier.
2. The method of claim 1, wherein prior to configuring the mapping between the network device interface identifier and the authentication server interface invocation address, the method further comprises:
adding command paths of all command lines belonging to the same configuration authorization operation to the environment variable;
correspondingly, the configuring the mapping relationship between the network device interface identifier and the authentication server interface calling address specifically includes:
and configuring the mapping relation between the environment variable of the authorized operation and the interface calling address of the authentication server by the network equipment.
3. The method according to claim 1 or 2, wherein the configuring the mapping relationship between the network device interface identifier and the authentication server interface call address specifically comprises:
configuring a mapping relation between a network equipment interface identifier and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an API identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
4. An authorization method based on a cloud computing open network operating System (SONiC), wherein the SONiC runs in a network device, and the method is applied to an authentication server and comprises the following steps:
the authentication server receives the mapping relation between the network equipment interface identification and the authentication server interface calling address sent by the network equipment; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
receiving a network equipment interface identifier corresponding to configuration authorization operation sent by network equipment through an authentication server interface calling address;
judging whether the configuration data of the configuration authorization operation request is authorized or not according to the network equipment interface identifier and the mapping relation;
and if the configuration data is authorized, sending the configuration data to the network equipment.
5. The method according to claim 4, wherein the receiving, by the authentication server, the mapping relationship between the network device interface identifier sent by the network device and the authentication server interface calling address comprises:
the authentication server receives a mapping relation between a network equipment interface identifier sent by the network equipment and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
6. The method of claim 4 or 5, wherein the sending the configuration data to the network device comprises:
and when the data volume of the configuration data is larger than a preset threshold value, sending the configuration data to the network equipment by adopting a JS object numbered notation (JSON) format.
7. An authorization device based on a cloud computing open network operating System (SONiC), wherein the SONiC runs in a network device, and the device is applied to the network device, and comprises: the device comprises a receiving module, a configuration module and a sending module; wherein the content of the first and second substances,
the receiving module is used for receiving command lines of configuration authorization operation in different protocol formats input by a user;
the configuration module is used for configuring the mapping relation between the network equipment interface identifier and the authentication server interface calling address; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
the sending module is used for sending the mapping relation to an authentication server; and the authentication server is further configured to send the network device interface identifier corresponding to the received configuration authorization operation to the authentication server according to the mapping relationship, so that the authentication server performs authorization processing on the configuration authorization operation of the network device according to the mapping relationship and the network device interface identifier.
8. The apparatus of claim 7, wherein the configuration module, prior to configuring the mapping relationship between the network device interface identifier and the authentication server interface call address, is further configured to add command paths of all command lines belonging to the same configuration authorization operation to the environment variable;
correspondingly, the configuration module is specifically configured to:
and configuring the mapping relation between the environment variable of the authorized operation and the interface calling address of the authentication server by the network equipment.
9. The apparatus according to claim 7 or 8, wherein the configuration module is specifically configured to:
configuring a mapping relation between a network equipment interface identifier and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an API identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
10. An authorization device based on a cloud computing open network operating System (SONiC), wherein the SONiC runs in a network device, and the device is applied to an authentication server, and comprises: the device comprises a first receiving unit, a second receiving unit, a judging unit and a sending unit; wherein the content of the first and second substances,
the first receiving unit is configured to receive a mapping relationship between a network device interface identifier sent by the network device and an authentication server interface call address; the network equipment interface identifier comprises configuration authorization information used for marking all command lines belonging to the same configuration authorization operation;
the second receiving unit is used for receiving a network equipment interface identifier corresponding to the configuration authorization operation sent by the network equipment through the authentication server interface calling address;
the judging unit is used for judging whether the configuration data of the configuration authorization operation request is authorized according to the network equipment interface identifier and the mapping relation;
the sending unit is configured to send the configuration data to the network device if the configuration data is authorized.
11. The apparatus of claim 10, wherein the first receiving unit is specifically configured to:
receiving a mapping relation between a network equipment interface identifier and an authentication server interface calling address, wherein the network equipment interface identifier comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an Internet Protocol (IP) address of configuration authorization operation; the authentication server interface calling address comprises an Application Programming Interface (API) identifier, a protocol type, configuration authorization information and an IP address of configuration authorization operation.
12. The apparatus according to claim 10 or 11, wherein the sending unit is specifically configured to:
and if the configuration data are authorized, and when the data volume of the configuration data is larger than a preset threshold value, sending the configuration data to the network equipment by adopting a JS object numbered notation (JSON) format.
CN201910199825.3A 2019-03-15 2019-03-15 Authorization method and device based on cloud computing open network operating system Active CN110022310B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910199825.3A CN110022310B (en) 2019-03-15 2019-03-15 Authorization method and device based on cloud computing open network operating system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910199825.3A CN110022310B (en) 2019-03-15 2019-03-15 Authorization method and device based on cloud computing open network operating system

Publications (2)

Publication Number Publication Date
CN110022310A CN110022310A (en) 2019-07-16
CN110022310B true CN110022310B (en) 2021-09-14

Family

ID=67189811

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910199825.3A Active CN110022310B (en) 2019-03-15 2019-03-15 Authorization method and device based on cloud computing open network operating system

Country Status (1)

Country Link
CN (1) CN110022310B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111416755B (en) * 2020-03-13 2021-11-19 苏州浪潮智能科技有限公司 SONiC automatic test platform building method, device and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101496387A (en) * 2006-03-06 2009-07-29 思科技术公司 System and method for access authentication in a mobile wireless network
CN101867566A (en) * 2009-04-14 2010-10-20 费舍-柔斯芒特系统股份有限公司 The method and apparatus of the security protection of layering is provided for interface accessing control
CN105162638A (en) * 2015-09-30 2015-12-16 北京华为数字技术有限公司 Network access method and apparatus for terminal device
CN107204964A (en) * 2016-03-16 2017-09-26 腾讯科技(深圳)有限公司 A kind of methods, devices and systems of rights management
CN107566366A (en) * 2017-08-31 2018-01-09 广东欧珀移动通信有限公司 Selection obtains method, terminal and the system of configuration information

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160149909A1 (en) * 2014-11-20 2016-05-26 International Business Machines Corporation Implementing block device extent granularity authorization model processing in capi adapters

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101496387A (en) * 2006-03-06 2009-07-29 思科技术公司 System and method for access authentication in a mobile wireless network
CN101867566A (en) * 2009-04-14 2010-10-20 费舍-柔斯芒特系统股份有限公司 The method and apparatus of the security protection of layering is provided for interface accessing control
CN105162638A (en) * 2015-09-30 2015-12-16 北京华为数字技术有限公司 Network access method and apparatus for terminal device
CN107204964A (en) * 2016-03-16 2017-09-26 腾讯科技(深圳)有限公司 A kind of methods, devices and systems of rights management
CN107566366A (en) * 2017-08-31 2018-01-09 广东欧珀移动通信有限公司 Selection obtains method, terminal and the system of configuration information

Also Published As

Publication number Publication date
CN110022310A (en) 2019-07-16

Similar Documents

Publication Publication Date Title
US11088903B2 (en) Hybrid cloud network configuration management
US10796001B2 (en) Software verification method and apparatus
RU2683630C2 (en) Method for update of nsd network service descriptor and device
WO2016119631A1 (en) Method for accessing cloud service and access device
US9753786B2 (en) Client server communication system
CN108156240B (en) Method and system for accessing industrial adapter to server
CN111061685B (en) Log query method and device, node equipment and storage medium
CN106982133B (en) Method, equipment and system for changing configuration information of virtual network card
CN110247897B (en) System login method, device, gateway and computer readable storage medium
US11928449B2 (en) Information processing method, device, apparatus and system, medium, andprogram
CN110602130B (en) Terminal authentication system and method, equipment terminal and authentication server
CN113312168A (en) Page access method and electronic equipment
CN110022310B (en) Authorization method and device based on cloud computing open network operating system
US9760412B2 (en) Client server communication system
CN111158716B (en) Version upgrade calling method and device, computer system and readable storage medium
CN102685115A (en) Resource access method, resource management device and system
CN110493175B (en) Information processing method, electronic equipment and storage medium
CN111988324A (en) Data communication method, system, equipment and storage medium
CN115658221A (en) State detection method, service virtual machine, equipment and medium
CN112039882B (en) Message transmission processing method, system, device and storage medium
CN114389868A (en) Method, system and device for distributing cloud resources and storage medium
CN110808943B (en) Client connection emergency management method, client and computer readable storage medium
CN109962962B (en) Socket connection method and device
EP4169219A1 (en) Methods, system and communication devices related to lawful interception
WO2015180298A1 (en) Service authentication processing method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant