CN118175141B

CN118175141B - Method for safe allocation of address by FTTR system

Info

Publication number: CN118175141B
Application number: CN202410603621.2A
Authority: CN
Inventors: 孙晨晨; 武云飞
Original assignee: ZTE Corp
Current assignee: ZTE Corp
Priority date: 2024-05-15
Filing date: 2024-05-15
Publication date: 2024-07-23
Anticipated expiration: 2044-05-15
Also published as: CN118175141A

Abstract

The embodiment of the application provides a method for safely distributing addresses by FTTR systems, which is applied to a slave gateway and comprises the following steps: sending a detection message to a main gateway, wherein the detection message carries first detection information; receiving a detection response message sent by the main gateway, wherein the detection response message carries second detection information; detecting the main gateway according to the first detection information and the second detection information to obtain a detection result of the main gateway; based on the detection result of the main gateway, the IP address of the server allocated by the main gateway is obtained, so that the problems that the main gateway is disconnected from the auxiliary gateway and the networking state is difficult to recover and the like are solved, when the FTTR system is subjected to networking change or abnormal power failure in the related art, if a plurality of servers exist in the home network, the auxiliary gateway can also obtain the IP address from other servers, the auxiliary gateway and the main gateway can quickly complete networking success and network recovery, and the safe allocation of the IP address in the FTTR system networking is realized.

Description

Method for safe allocation of address by FTTR system

Technical Field

The embodiment of the application relates to the field of communication, in particular to a method for safely distributing addresses by a FTTR system.

Background

With the continuous expansion of the scale of home broadband applications and the rapid development of optical network technology, the performance requirements of home users for broadband applications are increasingly improved. Meanwhile, the fiber-to-room (Fiber to The Room, FTTR) technology provides a networking technology of laying optical fibers into each room and constructing home gateway interconnections by deploying optical networking terminals, thereby guaranteeing full-house network coverage. Currently FTTR systems in home units are mostly composed of one master gateway and a plurality of slave gateways. The main gateway is connected with an Optical line terminal (Optical LINE TERMINAL, OLT) in an uplink mode, and the downlink is connected with the auxiliary gateway through Optical fibers, network cables or Wi-Fi media.

The current address assignment from the gateway typically uses protocols such as dynamic host configuration protocol (Dynamic Host Configure Protocol version4, DHCPv 4) for IPv4 address acquisition or dynamic host configuration protocol (Dynamic Host Configure Protocol version, DHCPv 6) for IPv6 address acquisition. However, this DHCP-based address allocation is not reliable in FTTR systems. When FTTR system generates network change or abnormal power-off, if there are multiple DHCP servers in home network, the gateway can obtain IP address from other servers. The main gateway is disconnected from the auxiliary gateway, the auxiliary gateway cannot normally use broadband services such as Internet surfing, network protocol television (Internet Protocol TV, IPTV) and the like, and the networking environment cannot be restored through means such as restarting equipment and restoring factory settings, so that user experience is affected, and operation and maintenance cost is increased. In addition, the slave gateway can be connected to the master gateway and acquire the IP address without registration, which is easy to be influenced by attack means such as message hijacking, falsifying messages and the like, and the stability of the FTTR system is destroyed.

Disclosure of Invention

The embodiment of the application provides a method for safely distributing addresses by FTTR systems, which at least solves the problems that when the FTTR systems are subjected to networking change or abnormal power failure in the related art, if a plurality of servers exist in a home network, a slave gateway can acquire IP addresses from other servers, so that a master gateway takes off the slave gateway, the networking state is difficult to recover and the like.

According to one embodiment of the present application, there is provided a method for securely allocating an address by a FTTR system, which is applied to a slave gateway, the method including:

sending a detection message to a main gateway in an optical fiber to room FTTR system, wherein the detection message carries first detection information so that the main gateway detects the slave gateway according to the first detection information;

receiving a detection response message sent by the main gateway, wherein the detection response message carries second detection information;

Detecting the main gateway according to the first detection information and the second detection information to obtain a detection result of the main gateway;

And acquiring the server IP address distributed by the main gateway based on the detection result of the main gateway.

According to another embodiment of the present application, there is provided a method for securely allocating an address to a primary gateway by a FTTR system, including:

receiving a detection message sent from a gateway in an optical fiber-to-room FTTR system, wherein the detection message carries first detection information;

Detecting the slave gateway according to the first detection information to obtain a detection result of the slave gateway;

Based on the detection result of the slave gateway, sending a detection response message to the slave gateway, and distributing the IP address of the server to the slave gateway; the detection response message carries second detection information, and the second detection information is used for detecting the master gateway by the slave gateway.

According to a further embodiment of the application, there is also provided a computer readable storage medium having stored therein a computer program, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.

According to a further embodiment of the application, there is also provided an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.

According to the embodiment of the application, the detection message is sent to the main gateway in the FTTR system, and the detection message carries the first detection information, so that the main gateway detects the slave gateway according to the first detection information; receiving a detection response message sent by the main gateway, wherein the detection response message carries second detection information; detecting the main gateway according to the first detection information and the second detection information to obtain a detection result of the main gateway; based on the detection result of the main gateway, the IP address of the server allocated by the main gateway is obtained, so that the problems that the main gateway is disconnected from the auxiliary gateway and the network state is difficult to recover due to the fact that the main gateway is disconnected from the auxiliary gateway when the FTTR system is subjected to networking change or abnormal power failure in the related art, if a plurality of servers exist in the home network, the IP address in the auxiliary gateway can be obtained, networking success and network recovery can be rapidly completed between the auxiliary gateway and the main gateway, safe allocation of the IP address in the networking of the FTTR system is achieved, and stability of FTTR systems and user services is guaranteed.

Drawings

Fig. 1 is a flowchart of acquiring and registering an IPv4 address from a gateway in a conventional FTTR home networking;

FIG. 2 is a block diagram of a hardware architecture of a computer terminal of a method for secure address assignment of FTTR systems according to an embodiment of the present application;

FIG. 3 is a diagram of a FTTR home networking architecture in accordance with an embodiment of the present application;

FIG. 4 is a flow chart of a method for a FTTR system to securely allocate addresses, according to an embodiment of the present application;

FIG. 5 is a schematic diagram of a format of a detection message option60 from a gateway according to an embodiment of the present application;

FIG. 6 is a flow chart of a method for a FTTR system to securely allocate addresses, according to an embodiment of the present application;

FIG. 7 is a schematic diagram of a primary gateway IP address response message option125 format according to an embodiment of the application;

Fig. 8 is a schematic diagram of home networking under FTTR a master-slave gateway security address assignment according to an embodiment of the present application.

Detailed Description

Embodiments of the present application will be described in detail below with reference to the accompanying drawings in conjunction with the embodiments.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.

The networking mode of FTTR systems is different from the traditional home networking. The master gateway and the slave gateway are not independent individuals, but are connected through a master-slave relationship. The slave gateway generally registers directly with the management platform without passing through authentication means such as a Serial Number (SN) and a local identification code (LOcal IDENTIFIER, LOID), but the master gateway hosts all functions of the slave gateway and reports the functions to the management platform in a unified way. As a service end of FTTR systems, the master gateway is responsible for distributing IP addresses to all the subordinate gateways.

For example, fig. 1 is a flowchart of acquiring and registering from an IPv4 address of a gateway in a conventional FTTR home networking, as shown in fig. 1, specifically including the following steps:

Step 101: the primary gateway registers.

The master gateway obtains the management IP address and registers with FTTR management platform.

Step 102: and acquiring the IP address.

The slave gateway establishes a link connection with the master gateway, the slave gateway sends a DHCP message to request an IP address, and the master gateway responds to the request and distributes the IP address to the slave gateway.

Step 103: and (5) reporting data.

And the slave gateway reports the slave gateway data of manufacturer, model, capability set and the like to the master gateway. The master gateway gathers system data obtained from the gateway data, reports the system data to the FTTR management platform and receives FTTR response data issued by the management platform.

Step 104: and (5) configuration issuing.

The master gateway uniformly issues the configurations of wireless internet surfing, IPTV service, network speed limiting and the like of the slave gateway.

As can be seen from the above flow, in the existing FTTR networking method, in the stage of acquiring the slave gateway IP address, no strict check is performed between the master gateway and the slave gateway, which may cause that the slave gateway is erroneously connected to other servers, so that the slave gateway is erroneously disconnected, and the networking state is difficult to recover.

Based on the technical problems existing in the related art, the embodiment of the application provides a method for safely distributing addresses of FTTR systems, which has the technical conception that the slave gateways mutually detect the master gateway and the message carrying ciphertext before requesting the server IP address from the master gateway to determine whether the slave gateway and the message are the master gateway in the same network, and the slave gateway acquires the server IP address from the master gateway after confirming, thereby solving the problems that the slave gateway is erroneously connected to other servers in the prior art, thereby causing the slave gateway to be mistakenly disconnected, the network state of the network is difficult to recover and the like, so that the successful network connection and the network recovery between the master gateway and the slave gateway can be quickly completed, thereby realizing the safe distribution of the IP address in the network connection of FTTR systems, and ensuring the stability of the network connection and user service of FTTR systems.

The method embodiments provided in the embodiments of the present application may be performed in a mobile terminal, a computer terminal or similar computing device. Taking the example of running on a computer terminal, fig. 2 is a block diagram of a hardware structure of a computer terminal according to a method for secure address allocation of FTTR systems according to an embodiment of the present application. As shown in fig. 2, the computer terminal may include one or more (only one is shown in fig. 2) processors 202 (the processor 202 may include, but is not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA) and a memory 204 for storing data, wherein the computer terminal may further include a transmission device 206 for communication functions and an input-output device 208. It will be appreciated by those skilled in the art that the configuration shown in fig. 2 is merely illustrative and is not intended to limit the configuration of the computer terminal described above. For example, the computer terminal may also include more or fewer components than shown in FIG. 2, or have a different configuration than shown in FIG. 2.

The memory 204 may be used to store a computer program, for example, a software program of an application software and a module, such as a computer program corresponding to a method for allocating addresses securely by the FTTR system in the embodiment of the present application, and the processor 202 executes the computer program stored in the memory 204, thereby performing various functional applications and data processing, that is, implementing the above-mentioned method. Memory 204 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 204 may further include memory located remotely from processor 202, which may be connected to the computer terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The transmission device 206 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of a computer terminal. In one example, the transmission device 206 includes a network adapter (Network Interface Controller, simply referred to as a NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 206 may be a Radio Frequency (RF) module, which is used to communicate with the internet wirelessly.

Fig. 3 is a schematic diagram of a FTTR home networking architecture according to an embodiment of the present application, which may operate on the FTTR home networking architecture shown in fig. 3, as shown in fig. 3, the network architecture includes: FTTR a management platform, a master gateway, a beam splitter and a plurality of slave gateways, wherein the FTTR system is uniformly managed by an all-optical network management platform (i.e. FTTR management platform), and the slave gateway and the master gateway can be integrated. The master gateway can register with FTTR management platform, FTTR management platform can establish communication channel with the master gateway, the slave gateway can initiate registration to the master gateway to establish link, the slave gateway can report data to the master gateway, and the slave gateway can receive and execute the instructions of the master gateway. The master gateway proxies all the functions of the slave gateway and interacts with FTTR management platform.

In the embodiment of the invention, the optical network unit (Optical Network Unit, ONU) can be used as gateway equipment of the home FTTR system. The master gateway may manage all slave gateways communicatively coupled to the master gateway in addition to implementing the basic functions of the gateway. The slave gateway can be a router and can be connected with the master gateway in an optical fiber, network cable or wireless mode, and has the forwarding capability of service messages such as multicast, internet surfing and the like. The master gateway and the slave gateway have safe IP address allocation capability and network recovery capability in abnormal scenes.

As FTTR operates as a whole in the home network, a safe connection is established between the master gateway and the slave gateway, so that the stability of the home broadband service can be effectively ensured, the pipe disconnection of the FTTR system is avoided, the user experience is improved, and the same networking management of the master gateway and the slave gateway is realized.

In this embodiment, a method for securely allocating addresses of FTTR systems running on the above computer terminal or networking architecture is provided, and is applied to a slave gateway, and fig. 4 is a flowchart of a method for securely allocating addresses of FTTR systems according to an embodiment of the present application, as shown in fig. 4, where the flowchart includes the following steps:

Step S401, a detection message is sent to a master gateway in the fiber-to-room FTTR system, where the detection message carries first detection information, so that the master gateway detects the slave gateway according to the first detection information.

As an example, the slave gateway may probe the master gateway before requesting the server IP address from the master gateway. The probe message sent from the gateway may carry first probe information, which may include, but is not limited to, a probe identity, a slave gateway identity, a sub-session ID (SE), a slave gateway probe ciphertext, and so on. The detection identifier, the slave gateway identifier and the sub-session unique identifier can be used for encryption calculation to generate a slave gateway detection ciphertext. The first probe information may be used for probing of the slave gateway by the master gateway.

In an exemplary embodiment, the first detection information further includes a slave gateway identifier and a slave gateway detection ciphertext, and before sending the detection message to a master gateway in the fiber-to-room FTTR system, the method further includes:

and carrying out encryption calculation according to the detection identifier, the sub-session unique identifier and the slave gateway identifier to generate the slave gateway detection ciphertext.

For example, taking a dynamic host configuration protocol (Dynamic Host Configure Protocol, DHCP) probe message as an example, before the slave gateway sends the message to the master gateway, an 8-byte random number can be generated as a sub-session unique identifier SE of the present probe, and the SE, the probe identifier and the slave gateway identifier can be encrypted and calculated to obtain a slave gateway probe ciphertext. The detection of ciphertext from the gateway may be used to authenticate the slave gateway or encrypt subsequent communications.

For example, assuming that the slave gateway identifier is MAC1, the probe identifier may be fixed to a string "FTTRDETECT", the probe ciphertext calculation method may be (SE 1+ FTTRDETECT) xor (MAC 1).

As an example, the DHCP probe message may carry additional configuration information or data for extending standard DHCP functions through an option field. The option field allows the function of the DHCP message to be customized and extended. The sub-session unique identifier SE and the detection ciphertext from the gateway may be encapsulated in the field value field of the option60 of the DHCP detection message.

For example, fig. 5 is a schematic diagram of a format of a probe message option60 from a gateway, where the option60 may be used to identify a DHCP client type and may be used to tell a DHCP server information about the client device type according to an embodiment of the application. As shown in fig. 5, the option60 includes an encoding code (60), a Length, a client encoding ENTERPRISE CODE, and the like, and corresponds to a Field type FIELD TYPE, a Field Length FIELD LENGTH, and a Field Value, respectively. The 8-byte random number SE generated from the gateway and the 20-byte slave gateway probe ciphertext generated by the encryption calculation may be padded in the field value field of the option60 of the slave gateway probe message.

It should be noted that the above calculation method of the detection ciphertext is merely an example, the detection is used as a private definition between the master gateway and the slave gateway, the detection ciphertext carried by the detection may also be calculated by other methods, and the used message field is not limited to the description of the embodiment.

Step S402, receiving a probe response message sent by the primary gateway, where the probe response message carries second probe information.

As an example, the master gateway may send a probe response message to the slave gateway after receiving the probe message sent by the slave gateway.

As an example, after receiving the probe response message, the slave gateway may parse the probe response message to obtain the second probe information. The second probe information may be used for probing the primary gateway.

As one example, the second probe information may include, but is not limited to, a probe identity, a master gateway identity, a sub-session unique identifier, a slave gateway probe ciphertext, and the like.

Step S403, detecting the primary gateway according to the first detection information and the second detection information, to obtain a detection result of the primary gateway.

In an exemplary embodiment, the first probe information includes a sub-session unique identifier and a probe identifier, the second probe information includes a primary gateway identifier and a primary gateway probe response ciphertext, and the probing the primary gateway according to the first probe information and the second probe information to obtain a probing result of the primary gateway includes:

calculating the detection response ciphertext of the main gateway according to the detection identifier, the sub-session unique identifier and the main gateway identifier;

And determining a detection result of the primary gateway based on the calculated primary gateway detection response ciphertext and the primary gateway detection response ciphertext in the second detection information.

As an example, the sub-session unique identifier SE may be used for unique identification and tracking in multiple parallel sub-sessions for proper routing and management. The sub-session unique identifier SE may be an 8-byte random number generated from the gateway.

As an example, the slave gateway identification may be a slave gateway media access control (Medium Access Control, MAC) encapsulated in the header of the probe message, and the master gateway identification may be a master gateway MAC encapsulated in the header of the probe response message.

As an example, the probe identity may be used to identify a probe ciphertext field in the probe message, and the probe identity of the first probe information and the probe identity of the second probe information may be the same.

As an example, the sub-session unique identifier SE in the first probe information may be encapsulated in the Option60 field of the probe message along with the probe ciphertext from the gateway.

As an example, after receiving the probe response message sent by the primary gateway, the probe response message may be parsed to obtain a primary gateway identifier and a probe identifier encapsulated in a field of the probe response message, and it may be determined based on the probe identifier, whether the probe response message carries a primary gateway probe ciphertext.

As an example, in the case that it is determined that the probe response packet carries the primary gateway probe ciphertext, the secondary gateway may calculate the primary gateway probe ciphertext based on the sub-session unique identifier SE cached by the secondary gateway, the probe identifier, and the primary gateway identifier acquired from the probe response packet, and may determine the probe result for the primary gateway according to the calculated primary gateway probe response ciphertext and the primary gateway probe response ciphertext in the second probe information.

For example, the calculated primary gateway detection ciphertext may be compared with the primary gateway detection ciphertext carried by the detection response message, where the primary gateway may be determined to be the primary gateway in step 401 when the calculated primary gateway detection ciphertext is matched with the primary gateway detection ciphertext carried by the detection response message, and the detection result of the primary gateway is determined to be successful detection, otherwise the detection result is failure detection.

In an exemplary embodiment, further comprising:

The detection response message sent by the main gateway is not received within preset time, and the detection message carrying the first detection information is resent;

and if the detection response message sent by the main gateway is not received beyond the preset time, generating a new detection message so as to detect the main gateway again.

As an example, the slave gateway in the embodiment of the present application may use a retransmission mechanism in the probing process. For example, the preset detection duration is 120 seconds, the time interval for reinitiating the detection message for the first 5 times may be set to be 1 second, the time interval for reinitiating the detection message for the last 5 times is 3 seconds, and the time interval for 10 times is 10 seconds, and the fixed SE may be used within the preset detection duration of 120 seconds. If the link state changes or the probing duration exceeds 120 seconds, the slave gateway may restart probing and generate a new SE.

Step S404, based on the detection result of the main gateway, the server IP address distributed by the main gateway is obtained.

As an example, the probing result of the primary gateway may include probing success and probing failure.

For example, if the detection of the primary gateway is successful, the server IP address allocated by the primary gateway may be obtained; the server IP address assigned by the primary gateway may not be obtained in the event of failure detection of the primary gateway.

In an exemplary embodiment, further comprising:

determining that the detection result of the main gateway is successful detection;

And generating a detection success record of the slave gateway according to the main gateway identification and the sub-session unique identifier.

For example, in the case of successful probing of the primary gateway, "SE1+ primary gateway MAC" is recorded as a record of successful probing of the secondary gateway.

As an example, after the probe to the primary gateway is successful, the secondary gateway may resend a request message to the primary gateway to request the primary gateway to assign a server IP address.

In an exemplary embodiment, the obtaining the server IP address allocated by the primary gateway includes:

sending an IP address request message to the main gateway;

receiving an IP address response message sent by the main gateway based on the IP address request message, wherein the IP address response message carries the second verification information;

According to the detection success record of the slave gateway and the second verification information, the master gateway is verified, and a verification result of the master gateway is obtained;

and determining that the verification result of the main gateway is successful in verification, and acquiring the server IP address distributed by the main gateway.

As an example, an IP address request message may be sent from the gateway to the primary gateway if the probe to the primary gateway is successful.

As an example, the second verification information may be carried in the IP address response message sent by the master gateway, and the slave gateway may verify the master gateway according to the second verification information and the record of success detected by the slave gateway, and obtain the server IP address allocated by the master gateway when the verification on the master gateway is successful.

As an example, if the primary gateway check fails, the server IP address assigned by the primary gateway may not be obtained.

In an exemplary embodiment, the second authentication information includes the primary gateway identification, the sub-session unique identifier, and the server IP address; and verifying the master gateway according to the detection success record of the slave gateway and the second verification information to obtain a verification result of the master gateway, wherein the verification result comprises the following steps:

searching a sub-session unique identifier corresponding to the main gateway identifier in the successful record of the slave gateway detection according to the main gateway identifier in the second verification information;

and searching the unique sub-session identifier matched with the unique sub-session identifier corresponding to the main gateway identifier in the second verification information, and determining that the verification result of the main gateway is successful.

As an example, the second authentication information may include a primary gateway identification, a sub-session unique identifier SE, and a server IP address. The master gateway may encapsulate the sub-session unique identifier SE in the first authentication information in the option125 field of the DHCP probe response message after successful authentication of the slave gateway based on the first authentication information.

For example, the main gateway may encapsulate the unique sub-session identifier in the sub-option2 field of the option125 of the DHCP probe response message, and after receiving the IP address response message of the main gateway from the gateway, parse the IP address response message to obtain the MAC of the main gateway, the IP address of the server, and the option125 field, and further parse the sub-option2 field of the option125 to obtain the unique sub-session identifier.

As an example, according to the primary gateway MAC obtained by parsing the IP address response message, the SE corresponding to the primary gateway MAC in the secondary gateway probe success record may be searched, and if the searched sub-session unique identifier SE matches with the sub-session unique identifier carried in the IP address response message, the verification on the primary gateway is determined to be successful.

As an example, the present application may also be used for FTTR secure acquisition from the gateway IPv6 address, where the option60 of the DHCPv4 request message is replaced by the option16 of the DHCPv6 request message, and the option125 of the response message is replaced by the option17 of the response message.

Through the steps, the embodiment of the application solves the problems that in the related art, when the FTTR system is subjected to networking change or abnormal power failure occurs, if a plurality of DHCP servers exist in the home network, the slave gateway can acquire the IP addresses from other servers, so that the master gateway is disconnected from the slave gateway, the networking state is difficult to recover, and the like, so that the success of networking and the recovery of the network can be quickly completed between the slave gateway and the master gateway, thereby realizing the safe distribution of the IP addresses in the FTTR system networking, and ensuring the stability of FTTR systems and user services.

In another embodiment, a method for securely allocating addresses of FTTR systems running on the computer terminal or the networking architecture is provided and applied to a primary gateway, and fig. 6 is a flowchart of a method for securely allocating addresses of FTTR systems according to an embodiment of the present application, as shown in fig. 6, where the flowchart includes the following steps:

In step 601, a probe packet sent from a gateway in an optical fiber-to-room FTTR system is received, where the probe packet carries first probe information.

As an example, the primary gateway may receive the probe packet sent by the secondary gateway, and parse the probe packet to obtain the first probe information. The first probe information may include, but is not limited to, a probe identity, a slave gateway identity, a sub-session unique identifier, a slave gateway probe ciphertext, and the like.

In an exemplary embodiment, the second probe information includes a master gateway identifier, a master gateway probe response ciphertext, and before sending a probe response packet to the slave gateway, the method further includes:

and carrying out encryption calculation according to the main gateway identifier, the unique sub-session identifier in the first detection information and the detection identifier, and generating the main gateway detection response ciphertext.

Illustratively, the primary gateway may perform encryption calculation based on the primary gateway identifier, and the sub-session unique identifier and the probe identifier obtained by parsing the first probe information, to obtain a primary gateway probe response ciphertext. Wherein the master gateway probe response ciphertext and the sub-session unique identifier may be used to verify the master gateway from the gateway.

For example, assuming that the primary gateway identifier is MAC1, the probe identifier may be fixed to a string "FTTRDETECT", and the calculation method of the probe response ciphertext may be (SE 1+ FTTRDETECT) xor (MAC 1).

As an example, the DHCP probe message may carry additional configuration information or data for extending standard DHCP functions through an option field. The option field allows the function of the DHCP message to be customized and extended. The sub-session unique identifier SE and the primary gateway probe response ciphertext may be encapsulated in the option125 field of the DHCP probe message.

And step 602, detecting the slave gateway according to the first detection information to obtain a detection result of the slave gateway.

In an exemplary embodiment, the first probe information includes a probe identity, a slave gateway identity, a sub-session unique identifier, and a slave gateway probe ciphertext; the detecting the slave gateway according to the first detection information to obtain a detection result of the slave gateway includes:

calculating the detection ciphertext of the slave gateway according to the detection identifier, the slave gateway identifier and the unique sub-session identifier;

and determining a detection result of the slave gateway based on the calculated slave gateway detection ciphertext and the slave gateway detection ciphertext in the first detection information.

As an example, the master gateway may calculate a slave gateway detection ciphertext according to the detection identifier, the slave gateway identifier, and the sub-session unique identifier, compare the calculated slave gateway detection ciphertext with a slave gateway detection ciphertext obtained by parsing a message, and determine that the slave gateway is a slave gateway in the same network of FTTR systems and determine that the slave gateway detection is successful when the calculated slave gateway detection ciphertext matches with the slave gateway detection ciphertext obtained by parsing the message.

As an example, if the calculated detection ciphertext of the slave gateway does not match with the detection ciphertext of the slave gateway obtained by analyzing the message, it may be determined that the detection message is not from the slave gateway that is networked with the master gateway, is a request of other networking terminals, and may be processed according to a conventional protocol flow.

Step 603, based on the detection result of the slave gateway, sending a detection response message to the slave gateway, and allocating the server IP address to the slave gateway; the detection response message carries second detection information, and the second detection information is used for detecting the master gateway by the slave gateway.

As an example, the probe results for the slave gateway may include probe success and probe failure. The probe response message may be sent to the slave gateway based on the probe result to the slave gateway. For example, in the case of successful probing of a slave gateway, a probe response message may be sent to the slave gateway.

In an exemplary embodiment, further comprising:

Determining the detection result of the slave gateway as successful detection;

and generating a master gateway detection success record according to the slave gateway identification and the unique sub-session identifier.

As an example, after determining that probing the slave gateway is successful, the master gateway may add a master gateway probing success record of "se+slave gateway MAC" according to the slave gateway identification, and the sub-session unique identifier corresponding to the slave gateway identification.

In an exemplary embodiment, after obtaining the detection result of the slave gateway, the method further includes:

discarding the detection message sent from the gateway.

As an example, the primary gateway of the embodiment of the present application has the capability to respond to probe requests in the event that the address assignment service is turned off. The address allocation service of the primary gateway may include, among other things, switch control of the local address allocation function and address allocation of the individual LAN ports on and off. The main gateway can discard the detection message on the two-layer or three-layer forwarding path, and does not forward the detection message to the FTTR management platform, so that the detection between the main gateway and the auxiliary gateway is limited in the same network, and the detection is used as the private behavior agreed by the main gateway and the auxiliary gateway, when the FTTR system has networking change or abnormal power failure, the method for safely distributing addresses based on the FTTR system can quickly complete successful networking and network recovery between the main gateway and the auxiliary gateway.

In an exemplary embodiment, said assigning said server IP address to said slave gateway comprises:

Receiving the IP address request message sent by the gateway; the IP address request message carries first verification information;

Checking the slave gateway according to the detection success record of the master gateway and the first verification information to obtain a check result of the slave gateway;

And determining that the verification result of the slave gateway is successful, sending an IP address response message to the slave gateway, and distributing the server IP address to the slave gateway.

For example, the IP address request message sent from the slave gateway may carry first verification information, the master gateway may verify the slave gateway based on the probe success record and the first verification information, and may send an IP address response message to the slave gateway and assign the server IP address to the slave gateway if the slave gateway is verified successfully.

As one example, the first authentication information of the slave gateway may include, but is not limited to, a probe identification (e.g., "FTTRDETECT"), a slave gateway identification (e.g., slave gateway MAC), a sub-session unique identifier SE, a slave gateway probe ciphertext, and the like. The sub-session unique identifier SE in the first authentication information may be encapsulated in a field value field of the option60 of the IP address request message.

In an exemplary embodiment, the first authentication information includes a slave gateway identification and the sub-session unique identifier; the step of verifying the slave gateway according to the detection success record of the master gateway and the first verification information to obtain a verification result of the slave gateway, comprising the following steps:

Searching a sub-session unique identifier corresponding to the slave gateway identifier in the master gateway detection success record according to the slave gateway identifier in the first verification information;

And searching the unique sub-session identifier matched with the unique sub-session identifier corresponding to the identification of the slave gateway in the first verification information, and determining that the verification result of the slave gateway is successful.

As an example, the master gateway may parse the received IP address request message to obtain the first verification information of the slave gateway, and read the sub-session unique identifier SE and the slave gateway MAC in the first verification information.

As an example, the secondary gateway identification (e.g. secondary gateway MAC) and the secondary gateway identification corresponding sub-session unique identifier SE may be included in the primary gateway probe success record. The unique sub-session identifier corresponding to the sub-gateway identifier in the master gateway detection success record can be searched according to the sub-gateway identifier in the first verification information, and the success of verification on the sub-gateway can be determined under the condition that the searched unique sub-session identifier is matched with the unique sub-session identifier in the first verification information.

For example, the master gateway may use the slave gateway MAC in the first verification information as an index, and find the sub-session unique identifier SE corresponding to the slave gateway MAC in the master gateway probe success record.

The master gateway can compare the searched sub-session unique identifier SE with the sub-session unique identifier SE in the first verification information, and if the searched sub-session unique identifier SE is matched with the sub-session unique identifier SE in the first verification information, the slave gateway is determined to be the detected slave gateway, and the verification of the slave gateway is determined to be successful.

As an example, in case of a successful check from the gateway, the sub-session unique identifier SE may be encapsulated in the option field of the IP address response message.

In an exemplary embodiment, further comprising:

Determining that the detection result of the slave gateway is successful detection, and in the detection success record of the master gateway, not finding the unique sub-session identifier corresponding to the slave gateway identifier;

And generating a new detection success record of the master gateway according to the slave gateway identification and the unique sub-session identifier in the first verification information.

As an example, if the sub-session unique identifier SE corresponding to the slave gateway MAC is not found in the master gateway probe success record, and the master gateway calculates the slave gateway probe ciphertext according to the probe identifier in the first verification information, the slave gateway identifier, and the sub-session unique identifier SE, when the slave gateway probe ciphertext matches with the slave gateway probe ciphertext in the first verification information, the master gateway may calculate the master gateway probe ciphertext according to the probe identifier, the master gateway identifier, and the sub-session unique identifier SE, and may encapsulate the calculated master gateway probe ciphertext and the calculated sub-session unique identifier SE in an option field of the IP address response message.

For example, fig. 7 is a schematic diagram of a format of a primary gateway IP address response message option125 according to an embodiment of the present application, where the option125 may be used to identify a DHCP server-side type. As shown in fig. 7, the option125 includes an encoding code (60), a Length, a server-side encoding ENTERPRISE CODE, a Length data-len, a configurable data option-data, and the like, where the configurable data includes sub-configurable data 1 (sub-option 1) and sub-configurable data 2 (sub-option 2).

In the case that the slave gateway is determined to be an undetected slave gateway, a sub-option1 may be added to the option125, where the value of the sub-option1 is a master gateway detection ciphertext obtained by calculating according to the detection identifier, the master gateway identifier, and the sub-session unique identifier SE, and the first authentication information is the sub-session unique identifier SE.

In the case that the slave gateway is determined to be the detected slave gateway, a sub-option2 may be added to the option125, where the value of the sub-option2 is SE corresponding to the slave gateway MAC in the master gateway detection success record.

To facilitate a further understanding of the method for securely allocating addresses by the system of embodiment FTTR of the present application by those skilled in the art, the process of securely allocating addresses by the master gateway and the slave gateway of the system of the present application FTTR will be described by way of two examples.

The application will be described in detail below with reference to the accompanying drawings in combination with examples. It should be noted that embodiments of the application and features of embodiments may be combined with each other without conflict.

Example 1

Fig. 8 is a schematic diagram of home networking under FTTR of secure address allocation of a master-slave gateway according to an embodiment of the present application, as shown in fig. 8, may include the following steps:

Step 801: the primary gateway obtains the server IP address and sends a registration request to the FTTR management platform, which responds to the request FTTR.

Step 802: after the link between the slave gateway and the master gateway is communicated, the slave gateway and the master gateway probe through the link.

Step 802 may specifically include:

assuming that the slave gateway is identified as MAC1, the master gateway is identified as MAC2, the sub-session identifier is SE1, and the probe is identified as "FTTRDETECT".

1): In the discovery stage (DHCP Discover), a sub-session ID (SE 1) is randomly generated from a gateway, a detection ciphertext (SE 1+ FTTRDETECT) xor (MAC 1) from the gateway is calculated, and the SE1 and the calculated detection ciphertext from the gateway are packaged in a field value field of an option60 of a DHCP detection message; sending a DHCP detection message to a main gateway;

2): in the providing stage (DHCP Offer), the main gateway receives the DHCP detection message, analyzes the DHCP detection message to obtain an option60 of the DHCP detection message, checks the field value in the option60, calculates a main gateway detection ciphertext (SE 1+ FTTRDETECT) xor (MAC 2) under the condition that the check is successful, and packages SE1 and the calculated main gateway detection ciphertext into a sub-option1 in an option125 of a DHCP detection response message; generating a primary gateway detection success record, wherein the primary gateway detection success record comprises the corresponding relation between MAC1 and SE1, such as 'SE 1 plus MAC 1';

3): and receiving a DHCP detection response message from the gateway before the detection exceeds the preset time, and performing field verification on an option125 field in the DHCP detection response message.

Based on SE1, detection identifier 'FTTRDETECT' and MAC2 of the round of detection, a detection response ciphertext is calculated, and the calculated detection response ciphertext is checked with a main gateway detection ciphertext in sub-option1 of option 125.

If the verification is consistent, the slave gateway and the master gateway are confirmed to be in the same networking, the networking is successful, the slave gateway generates a slave gateway detection success record, the slave gateway detection success record comprises the corresponding relation between the MAC2 and the SE1, such as 'SE 1+MAC 2', and the next step is carried out.

Step 803: the server IP address is obtained from the gateway.

The step 3 may specifically include:

in the discovery stage, the slave gateway re-initiates a DHCP request message and requests an IP address to the master gateway;

In the providing stage, the master gateway analyzes the received DHCP request message to obtain MAC1, SE1 and detection identification, searches corresponding SE1 from the master gateway detection success record according to the MAC1, judges that the slave gateway is the detected slave gateway under the condition that the searched SE1 is matched with the analyzed SE1, and adds sub-option2 in option125, wherein the value of sub-option2 is the SE1 corresponding to the MAC1 in the detection record; sending a DHCP response message carrying sub-option2 to the slave gateway;

Receiving a DHCP response message from the gateway, analyzing to obtain an option125, a MAC2 and a server IP address, and checking sub-option2 in the option 125: according to MAC2, searching corresponding SE1 from the gateway detection success record, judging that the main gateway is the detected main gateway under the condition that the searched SE1 is matched with SE1 in the analyzed sub-option2, requesting a server IP address from the main gateway, and responding and distributing the server IP address to the sub-gateway by the main gateway.

Step 804: and (5) reporting data.

Step 804 may specifically include:

the slave gateway data is reported to the master gateway; for example, the slave gateway reports vendor, model, capability set, etc. data to the master gateway.

The master gateway collects the slave gateway data, reports the slave gateway data to the FTTR management platform and receives the corresponding data sent by the FTTR management platform.

Step 805: and (5) configuration issuing.

The master gateway issues the service configuration to the slave gateway.

Example 2

In the case of abnormal networking, the process of obtaining the IPv4 address from the gateway can comprise the following steps:

Step 1: the slave gateway uplink communicates through which the slave gateway probes to the master gateway.

Randomly generating a sub-session ID (SE 1) from a gateway, calculating a detection ciphertext (SE 1+ FTTRDETECT) xor (MAC 1) from the gateway, and packaging the SE1 and the calculated detection ciphertext from the gateway in a field value field of an option60 of a DHCP detection message; sending a DHCP detection message to a main gateway;

step 2: and receiving a DHCP detection response message replied by the non-master gateway from the gateway, and performing field verification on the DHCP detection response message.

Step 3: the calculated detection response ciphertext is inconsistent with the detection ciphertext of the main gateway in the sub-option1 of the option 125, and the detection response ciphertext does not accord with the safety verification rule, and the acquisition of the gateway IP address fails.

Compared with the prior art, the embodiment of the application introduces a security verification mechanism in the IP address acquisition stage. The uplink of the slave gateway can be connected to the reliable master gateway through the detection flow of the master-slave network manager, and the detection of the slave gateway and the acquisition flow of the IP address are carried out in the FTTR system and are used as the defined private behavior between the master gateway and the slave gateway and are not influenced by an external server. In addition, the master gateway and the slave gateway do not need to introduce new protocol message formats, thereby ensuring good compatibility for network equipment.

From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present application.

Embodiments of the present application also provide a computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.

In one exemplary embodiment, the computer readable storage medium may include, but is not limited to: a usb disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory RAM), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing a computer program.

An embodiment of the application also provides an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.

In an exemplary embodiment, the electronic apparatus may further include a transmission device connected to the processor, and an input/output device connected to the processor.

Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.

It will be appreciated by those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may be implemented in program code executable by computing devices, so that they may be stored in a storage device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps of them may be fabricated into a single integrated circuit module. Thus, the present application is not limited to any specific combination of hardware and software.

The above description is only illustrative of the application and is not intended to limit the same, but rather various modifications and variations can be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the principle of the present application should be included in the protection scope of the present application.

Claims

1. A method for securely assigning addresses to a FTTR system, the method comprising:

Receiving a detection response message sent by the main gateway, wherein the detection response message carries second detection information; the first detection information comprises a sub-session unique identifier, and the second detection information comprises a main gateway identifier;

Based on the detection result of the main gateway, acquiring a server IP address distributed by the main gateway;

Further comprises:

generating a detection success record of the slave gateway according to the main gateway identifier and the sub-session unique identifier;

the obtaining the server IP address allocated by the primary gateway includes:

sending an IP address request message to the main gateway;

Receiving an IP address response message sent by the main gateway based on the IP address request message, wherein the IP address response message carries second verification information;

2. The method of claim 1, wherein the first probe information further includes a probe identifier, the second probe information further includes a primary gateway probe response ciphertext, and the probing the primary gateway according to the first probe information and the second probe information to obtain a probing result of the primary gateway includes:

3. The method of claim 2, wherein the first probe information further comprises a slave gateway identification and a slave gateway probe ciphertext, and further comprising, prior to sending the probe message to a master gateway in the fiber-to-room FTTR system:

4. The method of claim 1, wherein the second authentication information comprises the primary gateway identification, the sub-session unique identifier, and the server IP address; and verifying the master gateway according to the detection success record of the slave gateway and the second verification information to obtain a verification result of the master gateway, wherein the verification result comprises the following steps:

5. The method as recited in claim 1, further comprising:

and when the detection response message sent by the main gateway is not received beyond the preset time, generating a new detection message so as to detect the main gateway again.

6. A method for securely allocating addresses for FTTR systems, applied to a primary gateway, the method comprising:

receiving a detection message sent from a gateway in an optical fiber-to-room FTTR system, wherein the detection message carries first detection information; the first probe information comprises a slave gateway identification and a sub-session unique identifier;

Based on the detection result of the slave gateway, sending a detection response message to the slave gateway, and distributing a server IP address to the slave gateway; the detection response message carries second detection information, and the second detection information is used for detecting the master gateway by the slave gateway;

Further comprises:

Determining the detection result of the slave gateway as successful detection;

Generating a main gateway detection success record according to the auxiliary gateway identification and the sub-session unique identifier;

Said assigning said server IP address to said slave gateway comprises:

7. The method of claim 6, wherein the first probe information further comprises a probe identity and a probe ciphertext from a gateway; the detecting the slave gateway according to the first detection information to obtain a detection result of the slave gateway includes:

8. The method of claim 6, wherein the first authentication information comprises a slave gateway identification and the sub-session unique identifier; the step of verifying the slave gateway according to the detection success record of the master gateway and the first verification information to obtain a verification result of the slave gateway, comprising the following steps:

9. The method as recited in claim 8, further comprising:

10. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program, wherein the computer program, when being executed by a processor, realizes the steps of the method as claimed in any one of claims 1-5 or the steps of the method as claimed in any one of claims 6-9.

11. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor, when executing the computer program, implements the steps of the method as claimed in any one of claims 1-5 or the steps of the method as claimed in any one of claims 6-9.