CN117221064A - Method for realizing two-layer/three-layer relation binding of home gateway - Google Patents
Method for realizing two-layer/three-layer relation binding of home gateway Download PDFInfo
- Publication number
- CN117221064A CN117221064A CN202311220352.3A CN202311220352A CN117221064A CN 117221064 A CN117221064 A CN 117221064A CN 202311220352 A CN202311220352 A CN 202311220352A CN 117221064 A CN117221064 A CN 117221064A
- Authority
- CN
- China
- Prior art keywords
- layer
- binding
- home gateway
- address
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000027455 binding Effects 0.000 title claims abstract description 74
- 238000009739 binding Methods 0.000 title claims abstract description 74
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000013507 mapping Methods 0.000 claims description 10
- 101100059544 Arabidopsis thaliana CDC5 gene Proteins 0.000 claims description 9
- 101150115300 MAC1 gene Proteins 0.000 claims description 9
- 238000000534 ion trap mass spectrometry Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 3
- 238000011144 upstream manufacturing Methods 0.000 claims description 3
- 238000002955 isolation Methods 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
Abstract
The invention provides a method for realizing two-layer/three-layer relation binding of a home gateway, which relates to the technical field of home gateway binding and aims at realizing better data isolation and higher flexibility data policy selection, and comprises the following steps: aiming at the uplink and downlink data streams of the home gateway, realizing service bearing through a plurality of binding modes; the binding modes comprise a port binding mode, a source MAC binding mode and a full route binding mode. The gateway binding data isolation reliability is high, and the flexibility of data policy selection is high.
Description
Technical Field
The invention relates to the technical field of home gateway binding, in particular to a method for realizing two-layer/three-layer relation binding of a home gateway.
Background
A home gateway is a device that connects between a home internal network and an external network. It may be a router, modem or gateway device. The home gateway acts as a portal between the home network and the external network, and is responsible for forwarding data packets, managing network connections, and providing network security functions.
The home gateway service generally comprises services such as internet surfing, IPTV, voice and TR69 management, and the like, and different services respectively use different channels, so that the home gateway service has the characteristic of multi-planarization of a service network. When the home gateway works, the binding relation between the service and the specific port is built in the gateway, for example, a LAN (local area network) port is fixed for IPTV service, and the Internet PC is connected to other LAN ports of the gateway. And the gateway respectively forwards the service data of the LAN port data according to the bound internet access channel or IPTV channel, and configures a high-priority forwarding strategy for the IPTV data. When service data is forwarded in a system of a home gateway, a forwarding path of the data needs to be strictly controlled. The existing binding method has a relatively stiff binding mode, so that data isolation under a binding relationship is not ideal enough, and the data strategy selection customizability is poor.
There is therefore a need to optimize gateway bindings for better data isolation and more flexible data policy selection.
Disclosure of Invention
The invention aims to provide a method for realizing two-layer/three-layer relation binding of a home gateway, which can realize better data isolation and higher-flexibility data policy selection.
The embodiment of the invention is realized by the following technical scheme:
a method for realizing two-layer/three-layer relation binding of a home gateway comprises the following steps:
aiming at the uplink and downlink data streams of the home gateway, realizing service bearing through a plurality of binding modes;
the binding modes comprise a port binding mode, a source MAC binding mode and a full route binding mode.
Preferably, the implementation method of the port binding mode includes the following steps:
marking each port by adopting skbmark;
when data forwarding is carried out, judging whether ports are in compliance or not according to the skbmark mark;
if the rule is normal, the data forwarding is carried out, if the rule is not normal, the data forwarding is not carried out, and port adjustment is carried out until the judgment result is compliance.
Preferably, the method for judging whether the ports are in compliance based on the skbmark mark comprises the following steps:
acquiring a port attribution relation mapping table issued by an upstream ITMS platform, wherein the port attribution relation mapping table stores attribution relations from various ports to different service planes;
judging whether the current service plane of each port is in accordance with the port attribution relation mapping table according to the skbmark mark;
if yes, judging that the ports are compliant, otherwise, judging that the ports are not compliant.
Preferably, the method for implementing the source MAC binding mode includes the following steps:
acquiring an MAC address of a set top box, and judging and ensuring that the MAC is a two-layer address of the set top box;
and correlating the related IPTV service plane on forwarding control, wherein the related IPTV service plane is an IPTV service plane which is in uplink correlation with a home gateway.
Preferably, the method for acquiring the MAC address of the set top box is as follows:
when the set top box is started, the MAC1 is used for sending information specified by a DHCP discovery in an Option60 field protocol;
and the home gateway decrypts the information and records the MAC1.
Preferably, the method for associating related IPTV service planes on forwarding control is as follows:
and in the forwarding process, fixing the packet sending data of the MAC1 on an IPTV service plane.
Preferably, the implementation method of the all-route binding mode includes the following steps:
configuring a plurality of three-layer routing rules of an uplink service plane of a home gateway;
determining whether to apply a policy routing rule to the address according to the address attribute accessed by the downstream interrupt device;
data splitting is performed using IP rule.
Preferably, the method for configuring three-layer routing rules of the home gateway uplink service plane includes: and configuring three-layer routing destination IPv4/IPv6 rules of the uplink service plane of the home gateway by adopting the ipset configuration.
Preferably, the method for determining whether to apply a policy routing rule to the address according to the address attribute accessed by the downstream interrupt device is as follows:
respectively configuring corresponding destination address forwarding tables for an Internet service plane and an IPTV service plane through a home gateway;
judging whether the address accessed by the downstream interrupt equipment is matched with the destination address forwarding table of the corresponding service plane;
if the address is matched, marking the policy routing rule of the corresponding service plane for the address, and if the address is not matched, not operating.
The technical scheme of the embodiment of the invention has at least the following advantages and beneficial effects:
the invention provides three binding modes, in particular to binding setting based on the operation mode in the 3 possible concentrated work existing in the home gateway, which has stronger pertinence and enhances the reliability of data transmission in the gateway;
the different binding modes provided by the invention are beneficial to the selection of free two-layer/three-layer data packets and the isolation of the two-layer/three-layer data packets according to the port binding relation or the source MAC address;
the binding mode of the invention is also helpful for realizing the strategy selection of the two-layer/three-layer data packet which can be highly customized;
according to the invention, the home gateway can intelligently and flexibly select the data path according to the port binding, the source MAC address and the destination IP address, so that the gateway can bear a plurality of services at the same time, and the internal equipment of the home network can use a plurality of services at the same time;
the invention has simple and clear frameworks of data, binding modes, protocols and the like, is easy to realize, has high cost performance and is convenient to implement and popularize.
Drawings
Fig. 1 is a schematic structural diagram of a port binding mode provided in embodiment 1 of the present invention;
fig. 2 is a schematic structural diagram of a source MAC binding mode provided in embodiment 1 of the present invention;
fig. 3 is a schematic structural diagram of a full-route binding mode provided in embodiment 1 of the present invention;
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Example 1
A method for realizing two-layer/three-layer relation binding of a home gateway comprises the following steps:
aiming at the uplink and downlink data streams of the home gateway, realizing service bearing through a plurality of binding modes;
the binding modes comprise a port binding mode, a source MAC binding mode and a full route binding mode.
The embodiment aims at the uplink and downlink data streams of the home gateway, and aims at freely selecting the two-layer/three-layer data packets and isolating the two-layer/three-layer data packets according to the port binding relation or the source MAC address, so that the strategy selection of the two-layer/three-layer data packets which can be highly customized is realized.
Based on the above, the home gateway can intelligently and flexibly select a data path according to port binding, a source MAC address and a destination IP address, so that the gateway can bear a plurality of services at the same time, and the internal equipment of the home network can use a plurality of services at the same time.
Specific frameworks of the three modes can be referred to fig. 1-3, fig. 1 is a schematic structural diagram of a port binding mode, fig. 2 is a schematic structural diagram of a source MAC binding mode, and fig. 3 is a schematic structural diagram of a full route binding mode.
In the port binding mode, different private network IP addresses and set top boxes are connected to the gateway through different ports respectively, the private network IP is connected to a network (Internet) through a route, and the set top boxes are connected to an IPTV network through bridging.
In the source MAC binding mode, different private network IP addresses are connected to the gateway through different ports, respectively, and also the private network IP addresses and the set-top box can be connected to the gateway ports together through the networking terminal, and all ports of the gateway are connected to the network (Internet) and the IPTV network through source MAC addressing.
In the full-route binding mode, different private network IP addresses are respectively connected to the gateway through different ports, and also the private network IP addresses and the set-top box can be connected to the gateway ports through the networking terminal together, and all ports of the gateway are connected to a network (Internet) and an IPTV network through route addressing.
Example 2
The implementation method of the port binding mode is further described based on the technical scheme of embodiment 1.
As a preferred solution of this embodiment, the implementation method of the port binding mode includes the following steps:
marking each port by adopting skbmark;
when data forwarding is carried out, judging whether ports are in compliance or not according to the skbmark mark;
if the rule is normal, the data forwarding is carried out, if the rule is not normal, the data forwarding is not carried out, and port adjustment is carried out until the judgment result is compliance.
Further, the method for judging whether the ports are in compliance according to the skbmark mark comprises the following steps:
acquiring a port attribution relation mapping table issued by an upstream ITMS platform, wherein the port attribution relation mapping table stores attribution relations from various ports to different service planes;
judging whether the current service plane of each port is in accordance with the port attribution relation mapping table according to the skbmark mark;
if yes, judging that the ports are compliant, otherwise, judging that the ports are not compliant.
Specifically, the skbmark mark is a data flow mark provided by the Linux kernel, and the embodiment uses the mark to judge whether the port meets the requirement or not, and further, the subsequent judgment can not be forwarded. In short, each packet is assigned a signature, by which its attributes are distinguished; and the port can be understood as a network port where the home gateway is plugged into a network cable in this embodiment.
The following port attribution relation mapping table shows attribution relation, and based on the judgment, the main purpose is to execute corresponding service isolation according to the requirements of the upper ITMS platform, and the reliability of data isolation is high.
Example 3
The implementation method of the port binding mode is further described based on the technical scheme of embodiment 1.
As a preferred solution of this embodiment, the implementation method of the port binding mode includes the following steps:
acquiring an MAC address of a set top box, and judging and ensuring that the MAC is a two-layer address of the set top box;
and correlating the related IPTV service plane on forwarding control, wherein the related IPTV service plane is an IPTV service plane which is in uplink correlation with a home gateway.
In this embodiment, the method for obtaining the MAC address of the set top box includes:
when the set top box is started, the MAC1 is used for sending information specified by a DHCP discovery in an Option60 field protocol;
and the home gateway decrypts the information and records the MAC1.
As a preferred solution, the method for associating related IPTV service planes in forwarding control in this embodiment is:
and in the forwarding process, fixing the packet sending data of the MAC1 on an IPTV service plane.
Example 4
The embodiment further describes a method for implementing the full-route binding mode based on the technical scheme of embodiment 1.
As a preferred solution of this embodiment, the implementation method of the full-route binding mode includes the following steps:
configuring a plurality of three-layer routing rules of an uplink service plane of a home gateway;
determining whether to apply a policy routing rule to the address according to the address attribute accessed by the downstream interrupt device;
data splitting is performed using IP rule.
In this embodiment, the method for configuring three-layer routing rules of the home gateway uplink service plane includes: and configuring three-layer routing destination IPv4/IPv6 rules of the uplink service plane of the home gateway by adopting the ipset configuration.
Further, the method for determining whether to apply the policy routing rule to the address according to the address attribute accessed by the downstream interrupt device is as follows:
respectively configuring corresponding destination address forwarding tables for an Internet service plane and an IPTV service plane through a home gateway;
judging whether the address accessed by the downstream interrupt equipment is matched with the destination address forwarding table of the corresponding service plane;
if the address is matched, marking the policy routing rule of the corresponding service plane for the address, and if the address is not matched, not operating.
In this embodiment, the IP rule used for splitting is a rule for data splitting.
As a case of specific implementation, when marking the policy routing rule of the corresponding service plane, for example, mark 1 may be marked on a data packet with a destination address in bypass_vpn:
iptables-t mangle-A fwmark-m set--match-set bypass_vpn dst-j MARK--set-mark 1
all packets marked 1 look up the routing table bypass_vpn:
ip rule add fwmark 1table bypass_vpn。
the above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. The method for realizing the two-layer/three-layer relation binding of the home gateway is characterized by comprising the following steps:
aiming at the uplink and downlink data streams of the home gateway, realizing service bearing through a plurality of binding modes;
the binding modes comprise a port binding mode, a source MAC binding mode and a full route binding mode.
2. The method for implementing two-layer/three-layer relation binding of a home gateway according to claim 1, wherein the method for implementing the port binding mode comprises the following steps:
marking each port by adopting skbmark;
when data forwarding is carried out, judging whether ports are in compliance or not according to the skbmark mark;
if the rule is normal, the data forwarding is carried out, if the rule is not normal, the data forwarding is not carried out, and port adjustment is carried out until the judgment result is compliance.
3. The method for implementing two-layer/three-layer binding of home gateway according to claim 2, wherein the method for judging whether ports are compliant based on the skbmark mark comprises the following steps:
acquiring a port attribution relation mapping table issued by an upstream ITMS platform, wherein the port attribution relation mapping table stores attribution relations from various ports to different service planes;
judging whether the current service plane of each port is in accordance with the port attribution relation mapping table according to the skbmark mark;
if yes, judging that the ports are compliant, otherwise, judging that the ports are not compliant.
4. The method for implementing two-layer/three-layer relation binding of a home gateway according to claim 1, wherein the method for implementing the source MAC binding mode comprises the following steps:
acquiring an MAC address of a set top box, and judging and ensuring that the MAC is a two-layer address of the set top box;
and correlating the related IPTV service plane on forwarding control, wherein the related IPTV service plane is an IPTV service plane which is in uplink correlation with a home gateway.
5. The method for implementing two-layer/three-layer binding of home gateway according to claim 4, wherein the method for obtaining the MAC address of the set-top box is as follows:
when the set top box is started, the MAC1 is used for sending information specified by a DHCP discovery in an Option60 field protocol;
and the home gateway decrypts the information and records the MAC1.
6. The method for implementing two-layer/three-layer binding of home gateway according to claim 5, wherein the method for associating related IPTV service planes in forwarding control is as follows:
and in the forwarding process, fixing the packet sending data of the MAC1 on an IPTV service plane.
7. The method for implementing two-layer/three-layer relation binding of a home gateway according to claim 1, wherein the method for implementing the full-route binding mode comprises the following steps:
configuring a plurality of three-layer routing rules of an uplink service plane of a home gateway;
determining whether to apply a policy routing rule to the address according to the address attribute accessed by the downstream interrupt device;
data splitting is performed using IP rule.
8. The method for implementing two-layer/three-layer binding of home gateway according to claim 7, wherein the method for configuring three-layer routing rules of the home gateway uplink service plane is as follows: and configuring three-layer routing destination IPv4/IPv6 rules of the uplink service plane of the home gateway by adopting the ipset configuration.
9. The method for implementing two-layer/three-layer binding of home gateway according to claim 8, wherein the method for determining whether to apply policy routing rules to the address according to the address attribute accessed by the downstream interrupt device is as follows:
respectively configuring corresponding destination address forwarding tables for an Internet service plane and an IPTV service plane through a home gateway;
judging whether the address accessed by the downstream interrupt equipment is matched with the destination address forwarding table of the corresponding service plane;
if the address is matched, marking the policy routing rule of the corresponding service plane for the address, and if the address is not matched, not operating.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311220352.3A CN117221064A (en) | 2023-09-20 | 2023-09-20 | Method for realizing two-layer/three-layer relation binding of home gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311220352.3A CN117221064A (en) | 2023-09-20 | 2023-09-20 | Method for realizing two-layer/three-layer relation binding of home gateway |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117221064A true CN117221064A (en) | 2023-12-12 |
Family
ID=89049189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311220352.3A Pending CN117221064A (en) | 2023-09-20 | 2023-09-20 | Method for realizing two-layer/three-layer relation binding of home gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117221064A (en) |
-
2023
- 2023-09-20 CN CN202311220352.3A patent/CN117221064A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2011315150B2 (en) | Multipath transmission control protocol proxy | |
| JP5368459B2 (en) | Support for triple operation services in user equipment | |
| JP5214402B2 (en) | Packet transfer apparatus, packet transfer method, packet transfer program, and communication apparatus | |
| EP2323349B1 (en) | Communication terminal with multiple virtual network interfaces | |
| US20100121946A1 (en) | Method and device for identifying and selecting an interface to access a network | |
| KR20090064431A (en) | The method and device for managing route information and retransmitting data in accessing device | |
| CN103036788A (en) | Implementation method of multi-interface gateway equipment data transmitting | |
| JP2005524287A (en) | Method and apparatus for identifying a transport stream in a network | |
| EP2026528B1 (en) | Integrated internet telephony system and signaling method thereof | |
| US20080186967A1 (en) | Method for supporting source-specific multicast forwarding over ethernet and device thereof | |
| US20060050681A1 (en) | Method for the automatic configuration of a ip telephony device and/or data, system and device implementing same | |
| JP2010056819A (en) | Communication network system for virtual private network, line connection device, and band control method | |
| CN117221064A (en) | Method for realizing two-layer/three-layer relation binding of home gateway | |
| CN112887127B (en) | vBRAS equipment and method for realizing transfer control separation | |
| CN101448051B (en) | Voice calling method and edge device combined with virtual private network | |
| Cisco | Configuring Ethernet Switching | |
| KR20080051681A (en) | Method for configuring network address translating table in mobile communication system and method for routing network address of base station | |
| CN104348925A (en) | Method for processing raw IP (Internet Protocol) message and corresponding device | |
| US7454522B2 (en) | Connection management apparatus for network devices | |
| US11212194B2 (en) | Method for negotiating a quality of service offered by a gateway to terminals | |
| EP3228048B1 (en) | Method and apparatus for routing data to cellular network | |
| US20210320859A1 (en) | An architecture for managing ipv4 based customer premisses equipments through ipv6 | |
| KR102207290B1 (en) | Method for supporting vlans in software defined network | |
| KR100777526B1 (en) | Ubiquitours network, implimatation method thereof, service method thereof, and multicast brodcasting service using the same | |
| CN116192742A (en) | Routing acceleration method and system based on application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |