CN115348111B - Centralized connection control method for high-security network - Google Patents
Centralized connection control method for high-security network Download PDFInfo
- Publication number
- CN115348111B CN115348111B CN202211271249.7A CN202211271249A CN115348111B CN 115348111 B CN115348111 B CN 115348111B CN 202211271249 A CN202211271249 A CN 202211271249A CN 115348111 B CN115348111 B CN 115348111B
- Authority
- CN
- China
- Prior art keywords
- node
- niss
- area
- target
- main
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention provides a centralized connection control method of a high-security network, and belongs to the technical field of network connection control. The high-security network comprises M regions divided by a network and a network management center for managing K regions, wherein M and K are positive integers, K is less than or equal to M, each region is provided with a region management center, each region comprises an NISS node and a non-NISS node, the NISS node is a switch node capable of providing number inquiry service, and the non-NISS node is a switch node incapable of providing the number inquiry service. The method can solve the problems of limited network expandability, low deployment flexibility and poor network manageability.
Description
Technical Field
The invention belongs to the technical field of network connection control, and particularly relates to a centralized connection control method for a high-security network.
Background
In a high security network, secure and reliable network transmission is provided for user traffic data by establishing end-to-end connected network virtual links. In order to ensure the security of network connection, the virtual link establishment process must perform identity authentication with the opposite terminal. Therefore, at the beginning of connection initiation, it is necessary to know the node number, IP address, attribute and other information of the destination node in order to obtain the secret key to complete authentication, and when connection is completed, it is necessary to bind the network outlet IP address of the virtual link according to the destination node number to complete the functions of encapsulation and forwarding of user voice and data services. The information such as the node number, the key number, the IP address, etc. of the node needs to be configured with the relevant information of all nodes in the whole network in advance at each node, so as to search for mapping in the connection process.
With the large-scale deployment of networks, the number of users increases dramatically, and for access points with a large number of users, the problems of large number of access devices, high device cost and the like can occur by using a direct remote access mode of user access devices. Therefore, the user-level node access equipment is adopted, the local switching capacity can be provided, various terminals are allowed to access, the number of the user access equipment is greatly reduced, and the self-survival capacity of the service and the user guarantee flexibility are improved. However, the introduction of user-level node access devices leads to a large increase in the number of network nodes, and the way of configuring information such as node numbers, key numbers, IP addresses and the like of all nodes in the whole network at each network node cannot meet the requirement of large-scale network deployment.
In the traditional scheme, the mode that all node information of the whole network is configured in advance by each node in the network is suitable for increasing the operation and maintenance pressure of the whole network under the condition of small network topology and the condition of failure downloading, repeated downloading, long time delay for successful configuration of the whole network and the like easily occurs in the downloading process once the network is deployed in a large scale, so that the problems of failure in establishing voice calling and data services from the existing node to the newly added node, inflexible equipment deployment and the like are caused. Meanwhile, as for unattended user-level node access equipment, the core parameters of the whole network are stored, and certain influence is brought to the unified controllable management of the network.
Disclosure of Invention
In order to solve the above-mentioned technical problems, the present invention provides a centralized connection control method for a high security network.
The invention discloses a centralized connection control method for a high-security network in a first aspect. The high-security network comprises M regions divided by a network and a network management center for managing K regions, wherein M and K are positive integers, K is less than or equal to M, each region is provided with a region management center, each region comprises an NISS node and a non-NISS node, the NISS node is a switch node capable of providing number inquiry service, and the non-NISS node is a switch node incapable of providing the number inquiry service.
The method comprises the following steps: step S1, the network management center configures a whole network area number table and sends the whole network area number table to each NISS node, so that each NISS node stores the whole network area number table; wherein, the table entry of the whole network area number table comprises the area number of each area and the primary NISS node number of each area; s2, the area management center configures an area node table of the area and sends the area node table to each NISS node of the area, so that each NISS node of the area stores the area node table; wherein, the table entry of the area node table includes the node number, the area number, the office number corresponding to the node number, and the number length of the office number plus the extension number contained in the area; and S3, performing access authentication on the non-NISS node and the NISS node in the same area, after the authentication is successful, sending the area node table of the area to the non-NISS node in the area by the NISS node in the area, and storing the received area node table of the area serving as an area node cache table in the local by the non-NISS node in the area.
According to the method of the first aspect of the present invention, for any one zone, it comprises at least one NISS node, and one NISS node is selected as the master NISS node; for any area, except the main NISS node, selecting an NISS node as a spare NISS node; when the main NISS node works normally, the standby NISS node periodically backs up a whole network area number table and a region node table stored by the main NISS node, and when the main NISS node cannot work normally, the standby NISS node is started; the entry of the whole network area number table further includes a spare NISS node number of each area, when a spare NISS node exists in a certain area, the node number of the spare NISS node is filled in the spare NISS node number entry, and when a spare NISS node does not exist in a certain area, the spare NISS node number entry is blank.
According to the method of the first aspect of the present invention, after a non-NISS node of a certain area establishes a cross-area connection with another area, the non-NISS node of the certain area locally generates an external area node cache table, and information in the external area node cache table is obtained by sending query information to the NISS node of the other area and receiving query return information; the entry of the outer area node cache table includes a node number of an outer area, an area number of the outer area, an office number corresponding to the node number of the outer area, a number length of the office number plus an extension number corresponding to the node number of the outer area, a main NISS node number of the outer area, and a spare NISS node number of the outer area.
According to the method of the first aspect of the present invention, in step S3, the performing access authentication between the non-NISS node and the NISS node in the same area specifically includes: the non-NISS nodes to be accessed in the same area register the identification information to the main NISS node in the same area; the non-NISS node to be accessed generates a random number and generates authentication request information based on the random number, and the authentication request information is sent to non-NISS nodes adjacent to the non-NISS node to be accessed; after receiving the authentication request information, the adjacent non-NISS node generates another random number according to the random number and generates an authentication response message based on the other random number, and the authentication response message is sent to the non-NISS node to be accessed; after confirming the validity of the authentication response message, the non-NISS node to be accessed generates an authentication parameter and sends the authentication parameter to the adjacent non-NISS node; after confirming the validity of the authentication parameters, the adjacent non-NISS nodes generate authentication query messages and send the authentication query messages to the main NISS node in the same area; the main NISS node in the same area extracts the identification information of the non-NISS node to be accessed from the authentication query message, and judges whether the locally stored registration information contains the identification information; if yes, the access authentication is successful; if not, the access authentication fails; and the main NISS node in the same area generates an authentication result message, and returns the authentication result message to the non-NISS node to be accessed through the adjacent non-NISS node.
According to the method of the first aspect of the present invention, the obtaining information in the cache table of the outer area node by sending the query information to the NISS node of the other area and receiving the query return information specifically includes: the non-NISS node of one area sends inquiry request information to the NISS node of the other area, wherein the inquiry request information contains the node number of the node to be inquired; the NISS node of the other area extracts the node number of the node to be inquired from the inquiry request information, extracts an area number, an office number and a number length corresponding to the node number of the node to be inquired from an area node table stored locally, and further extracts a main NISS node number and a standby NISS node number corresponding to the read area number from a whole network area number table stored locally; and the NISS node of the other area returns the extracted query result information to the non-NISS node of the certain area, so that the non-NISS node of the certain area fills the query result information into each table entry of the cache table of the external area node.
The method according to the first aspect of the invention, further comprising the following query procedure: the NISS node of a first area receives a node query request containing a target area code and a target office code, when the target area code is the area code of the first area, the NISS node of the first area queries a node number corresponding to the target office code in an area node table stored locally, and returns the corresponding node number to a query party.
The method according to the first aspect of the invention, the method further comprising the following query procedure: an NISS node of a first area receives a node query request containing a target area number and a target office number, when the target area number is not the area number of the first area, the NISS node of the first area queries a primary NISS node number corresponding to the target area number in a whole network area number table stored locally, and sends the target office number to a primary NISS node corresponding to the primary NISS node number, wherein the primary NISS node corresponding to the primary NISS node number is located in a second area; and the main NISS node of the second area inquires a node number corresponding to the target office number in a locally stored area node table, and returns the corresponding node number to the inquiring party.
The method according to the first aspect of the invention, further comprising the following query procedure: a non-NISS node in a first area receives a node query request containing a target area code and a target office code, when the target area code is the area code of the first area, the non-NISS node in the first area queries a node number corresponding to the target office code in an area node cache table stored locally, and returns the corresponding node number to a query party.
The method according to the first aspect of the invention, further comprising the following query procedure: a non-NISS node of a first area receives a node query request containing a target area code and a target office code, and when the target area code is not the area code of the first area, the non-NISS node of the first area queries a main NISS node number corresponding to the target area code in an outer area node cache table stored locally; if the target area code exists, continuously inquiring the target office code in the item information of the target area code in the outer area node cache list; wherein: (1) if the target office number exists: reading a node number corresponding to the target office number in the node cache list of the outer area, and returning the corresponding node number to the inquiring party; (2) if the target office number does not exist: reading a primary NISS node number corresponding to the target area number in the external area node cache list, and sending the target office number to a primary NISS node corresponding to the primary NISS node number, wherein the primary NISS node corresponding to the primary NISS node number is located in a second area; and the main NISS node of the second area inquires a node number corresponding to the target office number in a locally stored area node table, and returns the corresponding node number to the inquiring party.
The method according to the first aspect of the invention, further comprising the following query procedure: a non-NISS node of a first area receives a node query request containing a target area code and a target office code, and when the target area code is not the area code of the first area, the non-NISS node of the first area queries a main NISS node number corresponding to the target area code in an outer area node cache table stored locally;
if the target area number does not exist, sending the query information to a main NISS node of the first area, wherein the main NISS node of the first area queries a main NISS node number corresponding to the target area number in a whole network area number table cached by the main NISS node of the first area, and sends the target office number to a main NISS node corresponding to the main NISS node number, and the main NISS node corresponding to the main NISS node number is located in a second area; and the main NISS node of the second area inquires a node number corresponding to the target office number in a local stored area node table and returns the corresponding node number to the inquirer.
It can be seen that, in the above method provided by the present invention, an NIS (Number interworking Server Number query service) function is configured on a core switching node in a backbone network region (where an exchanger providing the NIS function is referred to as an NISs (Number interworking Server Switch)), so that a non-NISs node in the region is queried on the NISs node through centralized connection control, thereby solving the following technical problems: (1) network scalability limitation: the newly added nodes need to inform all nodes of the whole network to carry out table item configuration, the successful time of the whole network configuration is long, and communication cannot be carried out otherwise; (2) deployment flexibility is not sufficient: the use units have the requirements of temporary addition and removal of nodes for stationing, practicing and the like, and the traditional scheme cannot achieve the communication capability at any time and any place; (3) network manageability is weak: all nodes of the whole network, including unattended switching nodes, store important network parameters and user resources, and uniform control and management of services are not easy to realize.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description in the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a simplified schematic diagram of various areas in a network according to an embodiment of the present invention;
FIG. 2 is a simplified diagram of local storage tables for each node in a region, according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating access authentication according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
The invention discloses a centralized connection control method for a high-security network in a first aspect. The high-security network comprises M regions divided by a network and a network management center for managing K regions, wherein M and K are positive integers, K is less than or equal to M, each region is provided with the region management center, each region comprises an NISS node and a non-NISS node, the NISS node is a switch node capable of providing number inquiry service, and the non-NISS node is a switch node incapable of providing the number inquiry service. Wherein NISS is an abbreviation of "Number interworking Server Switch" and represents a Number query service Switch.
FIG. 1 is a simplified schematic diagram of various areas in a network according to an embodiment of the present invention; as shown in fig. 1, K =3, 3 areas are provided, and each area is configured with an area management center (a network manager, which is shown in area a, and other areas are not completely shown); the network management center (N network management) is used for managing the 3 areas, and each area may have several NISS nodes and several non-NISS nodes.
In some embodiments, for any zone, it includes at least one NISS node, and one NISS node is selected as the master NISS node; for any region, besides the primary NISS node, a NISS node is selected as a spare NISS node.
Wherein, in the area A: a1 is a main NISS node, A2 is a standby NISS node, and the other node is a non-NISS node. In the region B: b1 is a main NISS node, and the other node is a non-NISS node. In region C: c1 is a main NISS node, C2 is a non-NISS node, and the other three nodes are non-NISS nodes, where C3 may be a switch node and C4 may be a user-level node access device.
The method comprises (fig. 2 is a simplified schematic diagram of a local storage table of each node in the area according to an embodiment of the invention; as shown in fig. 2) the following steps.
Step S1, the network management center configures a whole network area number table and sends the whole network area number table to each NISS node, so that each NISS node stores the whole network area number table; wherein, the table entry of the whole network area number table includes the area number of each area and the primary NISS node number of each area.
S2, the area management center configures an area node table of an area where the area management center is located, and sends the area node table to each NISS node of the area where the area management center is located, so that each NISS node of the area where the area management center is located stores the area node table; the table entry of the area node table includes the node number, the area number, the office number corresponding to the node number, and the number length of the office number plus the extension number included in the area.
And S3, performing access authentication on the non-NISS node and the NISS node in the same region, and after the authentication is successful, sending the region node table of the region to the non-NISS node in the region by the NISS node in the region, wherein the received region node table of the region is stored locally by the non-NISS node in the region as a region node cache table.
In some embodiments, for any one zone, in addition to the primary NISS node, a further NISS node is selected as a spare NISS node; when the main NISS node works normally, the standby NISS node periodically backs up the whole network area number table and the area node table stored by the main NISS node, and when the main NISS node cannot work normally, the standby NISS node is started.
In some embodiments, the entry of the network-wide area number table further includes a standby NISS node number of each area, and when a standby NISS node exists in a certain area, the node number of the standby NISS node is filled in the standby NISS node number entry, and when a standby NISS node does not exist in a certain area, the standby NISS node number entry is blank.
In some embodiments, after a non-NISS node of a certain zone establishes a cross-zone connection with another zone, the non-NISS node of the certain zone locally generates an outer zone node cache table, and information in the outer zone node cache table is obtained by sending query information to the NISS node of the other zone and receiving query return information.
In some embodiments, the entry of the outer area node cache table includes a node number of an outer area, an area number of the outer area, an office number corresponding to the node number of the outer area, a number length of the office number plus an extension number corresponding to the node number of the outer area, a main NISS node number of the outer area, and a standby NISS node number of the outer area.
In some embodiments, in the step S3, the performing access authentication between the non-NISS node and the NISS node in the same area specifically includes the following steps (fig. 3 is a schematic flow chart of access authentication according to an embodiment of the present invention, as shown in fig. 3).
(1) The non-NISS node (C4) to be accessed in the same area registers its identification information to the master NISS node (C1) in the same area.
(2) The non-NISS node to be accessed generates a random number and generates authentication request information based on the random number, the authentication request information being transmitted to non-NISS nodes (C2) adjacent to the non-NISS node to be accessed.
(3) And after receiving the authentication request information, the adjacent non-NISS node generates another random number according to the random number and generates an authentication response message based on the another random number, wherein the authentication response message is sent to the non-NISS node to be accessed.
(4) And after confirming the validity of the authentication response message, the non-NISS node to be accessed generates authentication parameters and sends the authentication parameters to the adjacent non-NISS node.
(5) And after confirming the validity of the authentication parameters, the adjacent non-NISS nodes generate authentication query messages and send the authentication query messages to the main NISS node in the same area.
(6) The main NISS node in the same area extracts the identification information of the non-NISS node to be accessed from the authentication query message, and judges whether the locally stored registration information contains the identification information; if yes, the access authentication is successful; if not, the access authentication fails.
(7) And the main NISS node in the same area generates an authentication result message, and returns the authentication result message to the non-NISS node to be accessed through the adjacent non-NISS node.
In some embodiments, the information in the cache table of the outer zone node is obtained by sending the query information to the NISS node of the other zone and receiving the query return information, which includes the following steps.
(1) And the non-NISS node of one area sends inquiry request information to the NISS node (A1) of the other area (area A), wherein the inquiry request information contains the node number of the node to be inquired.
(2) The NISS node in the other area extracts the node number of the node to be inquired from the inquiry request information, extracts an area number (027), an office number (8526/8527) and a number length (7) corresponding to the node number (A3) of the node to be inquired from a locally stored area node table, and further extracts a main NISS node (A1) number and a standby NISS node number (A2) corresponding to the read area number (027) from a locally stored whole network area number table.
(3) And the NISS node in the other area returns the extracted query result information (area number (027), office number (8526/8527), number length (7), number of the primary NISS node (A1) and number of the standby NISS node (A2)) to the non-NISS node in the certain area, so that the non-NISS node in the certain area fills the query result information into each table entry of the external area node cache table.
In some embodiments, the method further comprises the following query process: the NISS node of the first area receives a node query request containing a target area code and a target office code, when the target area code is the area code of the first area, the NISS node of the first area queries a node number corresponding to the target office code in an area node table stored locally, and returns the corresponding node number to a query party.
In some embodiments, the method further comprises the following query process: the method comprises the steps that an NISS node of a first area receives a node query request containing a target area code and a target office code, when the target area code is not the area code of the first area, the NISS node of the first area queries a main NISS node number corresponding to the target area code in a local storage whole network area code table, and sends the target office code to a main NISS node corresponding to the main NISS node number, wherein the main NISS node corresponding to the main NISS node number is positioned in a second area; and the main NISS node of the second area inquires a node number corresponding to the target office number in a local stored area node table and returns the corresponding node number to the inquirer.
In some embodiments, the method further comprises the following query process: a non-NISS node in a first area receives a node query request containing a target area code and a target office code, when the target area code is the area code of the first area, the non-NISS node in the first area queries a node number corresponding to the target office code in an area node cache table stored locally, and returns the corresponding node number to a query party.
In some embodiments, the method further comprises the following query process: a non-NISS node of a first area receives a node query request containing a target area code and a target office code, and when the target area code is not the area code of the first area, the non-NISS node of the first area queries a main NISS node number corresponding to the target area code in an outer area node cache table stored locally; if the target area code exists, continuously inquiring the target office code in the item information of the target area code in the outer area node cache list; wherein: (1) if the target office number exists: reading a node number corresponding to the target office number in the node cache list of the outer area, and returning the corresponding node number to the inquiring party; (2) if the target office number does not exist: reading a master NISS node number corresponding to the target area number in the outer area node cache list, and sending the target office number to a master NISS node corresponding to the master NISS node number, where the master NISS node corresponding to the master NISS node number is located in a second area; and the main NISS node of the second area inquires a node number corresponding to the target office number in a local stored area node table and returns the corresponding node number to the inquirer.
In some embodiments, the method further comprises the following query process: a non-NISS node of a first area receives a node query request containing a target area code and a target office code, and when the target area code is not the area code of the first area, the non-NISS node of the first area queries a main NISS node number corresponding to the target area code in a locally stored outer area node cache table; if the target area number does not exist, sending the query information to a main NISS node of the first area, wherein the main NISS node of the first area queries a main NISS node number corresponding to the target area number in a whole network area number table cached by the main NISS node of the first area, and sends the target office number to a main NISS node corresponding to the main NISS node number, and the main NISS node corresponding to the main NISS node number is located in a second area; and the main NISS node of the second area inquires a node number corresponding to the target office number in a local stored area node table and returns the corresponding node number to the inquirer.
In addition, the method verifies the target area code and the target office code after receiving the target area code and the target office code. The area code and office code may be 2-4 bits, the area code typically beginning with 0, and the query is discarded when the target area code does not begin with 0.
In conclusion, when the switching node is newly added, deleted or modified, the method provided by the invention does not need to inform all the nodes of the whole network to carry out configuration, and only needs to carry out configuration on the NISS node in the region, thereby solving the time delay and various inconveniences caused by the successful whole network configuration, increasing the flexibility of equipment deployment, and supporting the capabilities of user group mobility, random access and the like; meanwhile, the unified control and management of all the switching nodes of the whole network are strengthened.
Note that, the technical features of the above embodiments may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description in the present specification. The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, and these are all within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (9)
1. The centralized connection control method of the high-security network is characterized in that the high-security network comprises M regions divided by the network and a network management center for managing K regions, M and K are positive integers, K is less than or equal to M, each region is provided with the region management center, each region comprises an NISS node and a non-NISS node, the NISS node is a switch node capable of providing number inquiry service, and the non-NISS node is a switch node incapable of providing the number inquiry service; the method comprises the following steps:
s1, the network management center configures a whole network area number table and sends the whole network area number table to each NISS node, so that each NISS node stores the whole network area number table;
wherein, the table entry of the whole network area number table comprises the area number of each area and the primary NISS node number of each area;
s2, the area management center configures an area node table of an area where the area management center is located, and sends the area node table to each NISS node of the area where the area management center is located, so that each NISS node of the area where the area management center is located stores the area node table;
wherein, the table entry of the area node table includes the node number, the area number, the office number corresponding to the node number, and the number length of the office number plus the extension number included in the area;
s3, performing access authentication on the non-NISS node and the NISS node in the same region, and after the authentication is successful, sending a region node table of the region to the non-NISS node in the region by the NISS node in the region, wherein the received region node table of the region is stored locally by the non-NISS node in the region as a region node cache table;
in step S3, the performing access authentication between the non-NISS node and the NISS node in the same area specifically includes:
the non-NISS nodes to be accessed in the same area register the identification information thereof to the main NISS node in the same area;
the non-NISS node to be accessed generates a random number and generates authentication request information based on the random number, and the authentication request information is sent to non-NISS nodes adjacent to the non-NISS node to be accessed;
after receiving the authentication request information, the adjacent non-NISS node generates another random number according to the random number and generates an authentication response message based on the other random number, and the authentication response message is sent to the non-NISS node to be accessed;
after the non-NISS node to be accessed confirms the validity of the authentication response message, generating authentication parameters and sending the authentication parameters to the adjacent non-NISS node;
after confirming the validity of the authentication parameter, the adjacent non-NISS node generates an authentication query message and sends the authentication query message to the main NISS node in the same area;
the main NISS node in the same area extracts the identification information of the non-NISS node to be accessed from the authentication query message, and judges whether the locally stored registration information contains the identification information; if yes, the access authentication is successful; if not, the access authentication fails;
and the main NISS node in the same area generates an authentication result message, and returns the authentication result message to the non-NISS node to be accessed through the adjacent non-NISS node.
2. The centralized connection control method for a high-security network according to claim 1, characterized in that:
for any region, the NISS node comprises at least one NISS node, and one NISS node is selected as a main NISS node;
for any area, except the main NISS node, selecting an NISS node as a spare NISS node; when the main NISS node works normally, the standby NISS node periodically backs up a whole network area number table and a region node table stored by the main NISS node, and when the main NISS node cannot work normally, the standby NISS node is started;
the entry of the whole network area number table further includes a spare NISS node number of each area, when a spare NISS node exists in a certain area, the node number of the spare NISS node is filled in the spare NISS node number entry, and when a spare NISS node does not exist in a certain area, the spare NISS node number entry is blank.
3. A centralized connection control method for a high-security network according to claim 2, characterized in that:
after a non-NISS node in a certain area establishes cross-area connection with another area, the non-NISS node in the certain area locally generates an outer area node cache table, and information in the outer area node cache table is acquired by sending query information to the NISS node in the other area and receiving query return information;
the entry of the outer area node cache table includes a node number of an outer area, an area number of the outer area, an office number corresponding to the node number of the outer area, a number length of the office number plus an extension number corresponding to the node number of the outer area, a main NISS node number of the outer area, and a spare NISS node number of the outer area.
4. The method according to claim 3, wherein the information in the cache table of the node in the outer domain is obtained by sending the query message to the NISS node in the other domain and receiving the query return message, and specifically comprises:
the non-NISS node of one area sends inquiry request information to the NISS node of the other area, wherein the inquiry request information contains the node number of the node to be inquired;
the NISS node of the other area extracts the node number of the node to be inquired from the inquiry request information, extracts an area number, an office number and a number length corresponding to the node number of the node to be inquired from an area node table stored locally, and further extracts a main NISS node number and a standby NISS node number corresponding to the read area number from a whole network area number table stored locally;
and the NISS node of the other area returns the extracted query result information to the non-NISS node of the certain area, so that the non-NISS node of the certain area fills the query result information into each table entry of the cache table of the external area node.
5. A method of centralized connection control for high security networks according to claim 3, characterized in that the method further comprises the following inquiry procedure:
the NISS node of the first area receives a node query request containing a target area code and a target office code, when the target area code is the area code of the first area, the NISS node of the first area queries a node number corresponding to the target office code in an area node table stored locally, and returns the corresponding node number to a query party.
6. A method of centralized connection control for high security networks according to claim 3, characterized in that the method further comprises the following inquiry procedure:
an NISS node of a first area receives a node query request containing a target area number and a target office number, when the target area number is not the area number of the first area, the NISS node of the first area queries a primary NISS node number corresponding to the target area number in a whole network area number table stored locally, and sends the target office number to a primary NISS node corresponding to the primary NISS node number, wherein the primary NISS node corresponding to the primary NISS node number is located in a second area;
and the main NISS node of the second area inquires a node number corresponding to the target office number in a local stored area node table and returns the corresponding node number to the inquirer.
7. A method for centralized connection control over high-security networks, according to claim 3, characterized in that said method further comprises the following inquiry procedure:
a non-NISS node in a first area receives a node query request containing a target area code and a target office code, when the target area code is the area code of the first area, the non-NISS node in the first area queries a node number corresponding to the target office code in an area node cache table stored locally, and returns the corresponding node number to a query party.
8. A method for centralized connection control over high-security networks, according to claim 3, characterized in that said method further comprises the following inquiry procedure:
a non-NISS node of a first area receives a node query request containing a target area code and a target office code, and when the target area code is not the area code of the first area, the non-NISS node of the first area queries a main NISS node number corresponding to the target area code in an outer area node cache table stored locally;
if the target area code exists, continuously inquiring the target office code in the item information of the target area code in the outer area node cache list; wherein:
(1) If the target office number exists:
reading a node number corresponding to the target office number in the node cache list of the outer area, and returning the corresponding node number to the inquiring party;
(2) If the target office number does not exist:
reading a primary NISS node number corresponding to the target area number in the external area node cache list, and sending the target office number to a primary NISS node corresponding to the primary NISS node number, wherein the primary NISS node corresponding to the primary NISS node number is located in a second area;
and the main NISS node of the second area inquires a node number corresponding to the target office number in a locally stored area node table, and returns the corresponding node number to the inquiring party.
9. A method for centralized connection control over high-security networks, according to claim 3, characterized in that said method further comprises the following inquiry procedure:
a non-NISS node of a first area receives a node query request containing a target area code and a target office code, and when the target area code is not the area code of the first area, the non-NISS node of the first area queries a main NISS node number corresponding to the target area code in an outer area node cache table stored locally;
if the target area number does not exist, sending the query information to a main NISS node of the first area, wherein the main NISS node of the first area queries a main NISS node number corresponding to the target area number in a whole network area number table cached by the main NISS node of the first area, and sends the target office number to a main NISS node corresponding to the main NISS node number, and the main NISS node corresponding to the main NISS node number is located in a second area;
and the main NISS node of the second area inquires a node number corresponding to the target office number in a local stored area node table and returns the corresponding node number to the inquirer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211271249.7A CN115348111B (en) | 2022-10-18 | 2022-10-18 | Centralized connection control method for high-security network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211271249.7A CN115348111B (en) | 2022-10-18 | 2022-10-18 | Centralized connection control method for high-security network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115348111A CN115348111A (en) | 2022-11-15 |
| CN115348111B true CN115348111B (en) | 2022-12-09 |
Family
ID=83957747
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211271249.7A Active CN115348111B (en) | 2022-10-18 | 2022-10-18 | Centralized connection control method for high-security network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115348111B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101521604A (en) * | 2009-04-03 | 2009-09-02 | 南京邮电大学 | Strategy-based distributed performance monitoring method |
| CN105049231A (en) * | 2015-06-19 | 2015-11-11 | 中国人民解放军信息工程大学 | Layered cross-domain network management control system |
| CN105900403A (en) * | 2014-01-10 | 2016-08-24 | 华为技术有限公司 | System and method for zoning in software defined networks |
| CN110913348A (en) * | 2020-01-08 | 2020-03-24 | 石家庄铁道大学 | Distributed network architecture without fixed infrastructure support and position management method thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9246814B2 (en) * | 2011-02-07 | 2016-01-26 | Nec Corporation | Communication system, control apparatus, communication node, and communication method |
-
2022
- 2022-10-18 CN CN202211271249.7A patent/CN115348111B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101521604A (en) * | 2009-04-03 | 2009-09-02 | 南京邮电大学 | Strategy-based distributed performance monitoring method |
| CN105900403A (en) * | 2014-01-10 | 2016-08-24 | 华为技术有限公司 | System and method for zoning in software defined networks |
| CN105049231A (en) * | 2015-06-19 | 2015-11-11 | 中国人民解放军信息工程大学 | Layered cross-domain network management control system |
| CN110913348A (en) * | 2020-01-08 | 2020-03-24 | 石家庄铁道大学 | Distributed network architecture without fixed infrastructure support and position management method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115348111A (en) | 2022-11-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101577722B (en) | Method for realizing MAC forced forwarding function and device | |
| EP1966940B1 (en) | Method for selective service updates for communication networks | |
| CN109379206A (en) | The management method and relevant device of network function information | |
| CN111436160A (en) | Local area network communication method, device and system | |
| EP4104392A1 (en) | Routing communication in telecommunications network having multiple service communication proxies | |
| WO2009009940A1 (en) | A mobile terminal registration method in a radio network | |
| JP2022519387A (en) | Methods and devices for flexibly providing services in wireless communication systems | |
| CN102316416A (en) | Access method for terminal and wireless communication network | |
| CN106937351B (en) | Session realization method and core network element | |
| JP2009540735A (en) | Name-address management in communication networks | |
| CN109561004B (en) | Message forwarding method and device and switch | |
| CN111083690A (en) | Method and device for reporting user plane functional entity information | |
| CN101938789B (en) | Method and system for selecting packet network gateway with designated capability | |
| CN115348111B (en) | Centralized connection control method for high-security network | |
| WO2009009938A1 (en) | A method for routing when a service is activated by a mobile terminal in a radio network | |
| US7248891B2 (en) | Method of managing a communication with multi-server service providing means | |
| US7899043B2 (en) | Route servicing device, method and system applying the device | |
| CN101237442A (en) | Terminal identifier parsing and service transmission method, system and device in integrated network | |
| CN105491065A (en) | Resource access method of message-oriented middleware, server, and resource access system | |
| US20100091977A1 (en) | Method and system for implementing number portability service | |
| US9749201B2 (en) | Method and system for monitoring locator/identifier separation network | |
| CN111315037B (en) | Communication link establishing method and device, computer equipment and storage medium | |
| JP6364385B2 (en) | ENUM system and load distribution method for ENUM system | |
| KR20030055417A (en) | The Apparatus and Method for the Mobility Management of IP Multimedia Service Subscriber | |
| CN112311817A (en) | Multimedia data access method based on multi-protocol convergence network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |