CN1298145C - Control device and method for realizing broad band connecting server multiple business united interface - Google Patents
Control device and method for realizing broad band connecting server multiple business united interface Download PDFInfo
- Publication number
- CN1298145C CN1298145C CNB2003101230695A CN200310123069A CN1298145C CN 1298145 C CN1298145 C CN 1298145C CN B2003101230695 A CNB2003101230695 A CN B2003101230695A CN 200310123069 A CN200310123069 A CN 200310123069A CN 1298145 C CN1298145 C CN 1298145C
- Authority
- CN
- China
- Prior art keywords
- user
- access
- module
- service
- processing module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012545 processing Methods 0.000 claims abstract description 57
- 238000013475 authorization Methods 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 3
- 238000011084 recovery Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000005111 flow chemistry technique Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Abstract
The present invention provides a control device and a method using multi-business unified interfaces to realize the access of broadband to a server. The control device comprises an access protocol module, an identity certification interface, a network configuration interface and a business processing module. The method comprises the procedures that the access protocol module hands the certification request of a user to the business processing module for processing, and the business processing module delivers the request to a certification server. If the certification is successful, the access protocol module applies for IP addresses through the business processing module; corresponding IP addresses are acquired by the business processing module from an address pool module and delivered to the user by the access protocol module after handed to the access protocol module; the business processing module adds routes and ARP list items for the user, and assigns corresponding internet-accessing rights to the user. The present invention separates protocols from business, achieves compact procedures, and realizes the effects of convenience, safety and practicality. Additionally, the present invention has strong expansibility, and is convenient for the expansion of unified business functions and new business access.
Description
Technical field
The invention belongs to the communications field, be specifically related to a kind ofly in BAS Broadband Access Server, realize control device and method the miscellaneous service unified interface that is inserted.
Background technology
Popular BAS Broadband Access Server generally all provides various access service at present, to satisfy user's access demand, such as PPPoE (PPP over Ethernet, the point-to-point protocol of Ethernet), DHCP (Dynamic Host Configure Protocol, DHCP), EAP-MD5 (PPP Extensible Authentication Protocol, the Extensible Authentication Protocol MD5 algorithm of PPP), EAP-SIM (PPP Extensible AuthenticationProtocol, the Extensible Authentication Protocol SIM algorithm of PPP), static access etc.Every kind of access way all has a cover authentication and obtains the method for IP address according to related protocol and rules.
In traditional processing mode, each access protocol module is except that the processing of being responsible for finishing self agreement, also to be responsible for the processing procedure of whole access process, need with authentication book keeping operation processing module, address assignment module, and route, address translation modules such as (ARP) are carried out alternately, and need user's access authority be managed and control, so just formed between each access protocol module and other general modules and pind down mutually, complementary situation causes the modular structure confusion easily, is difficult for expansion, the situation of easy care not.
Summary of the invention
Purpose of the present invention is exactly that multiple business for BAS Broadband Access Server provides a common platform and unified control method, specifically be a kind of control device and method that realizes BAS Broadband Access Server multi-service unified interface, so that miscellaneous service can easily insert, and various access service are carried out unified control and management.
The present invention is achieved in that
A kind of control device of realizing BAS Broadband Access Server multi-service unified interface is characterized in that described control device comprises:
The access protocol module is used for inserting the protocol processes of request;
The authentication interface is responsible for receiving the user authentication information that the access protocol module is transmitted, and submits certificate server after processing to, confirms authentication result according to server response, handles special authorization message, and notice access protocol module;
Network configuration interface according to relevant strategy, is responsible for obtaining corresponding IP address from the address pool module of access server, gives the access protocol module, and is responsible for the recovery of IP address behind user offline;
Service Processing Module is used for the online user is carried out control and management, comprises following function at least: routing operations, and the online detection of user, traffic statistics, the authorization control and the bag of keeping accounts send.
Control by function, make that all access service are all corresponding to possess this function Service Processing Module.
By increasing relevant access protocol module, can realize the access request of respective protocol.
Described authentication interface is delivered to Service Processing Module with user's authentication information, finish user identity checking, finish the processing of authorized user message.
Described access service need be given user's configuration network parameter, by network configuration interface, obtains this user's network configuration data, and passes to the user by agreement.
A kind of control method of utilizing described control device to realize BAS Broadband Access Server multi-service unified interface comprises the steps: at least
First step, access protocol module are given user's authentication request Service Processing Module and are handled;
Second step, Service Processing Module is handed to certificate server with this request;
Third step, if authentication success, the access protocol module is by Service Processing Module application IP address;
The 4th step, Service Processing Module are responsible for obtaining corresponding IP address from the address pool module and are given the access protocol module, hand to the user again by the access protocol module;
The 5th step, Service Processing Module adds route for the user, and the ARP list item is distributed to the corresponding access authority of user.
The present invention adopts the inheritability and the encapsulation property thought of software, for the unified platform of realizing professional control and management provides solution, makes agreement and service detach, and realization flow is succinct, and flexibly, clear in structure reaches convenient, safety, practical effect; Very strong autgmentability is provided in addition, has made things convenient for each uniform service function expansion, also made things convenient for the expansion of new access service.
Description of drawings
The structural representation of Fig. 1 device part of the present invention;
The flow chart of Fig. 2 the method for the invention part.
Embodiment
The present invention proposes a kind of control device of realizing BAS Broadband Access Server multi-service unified interface, be applied in the BAS Broadband Access Server, for each access protocol module provides general-purpose interface as shown in Figure 1, user management will authenticate book keeping operation, address administration, routing management, ARP (Address ResolutionProtocol, address resolution protocol) list processing, SNMP (Simple Network ManagementProtoco, Simple Network Management Protocol) Information Statistics, and function such as customer flow control is unified to handle.Can form by so several parts from function:
Authentication interface: be responsible for receiving the user authentication information that the access protocol module is transmitted, after processing, submit AAA (Authorization to, Authentication, Account, authentication service is chargeed, and is called for short authentication) server, confirm authentication result according to server response, handle special authorization message, and notice access protocol module;
Network configuration interface: according to relevant strategy, be responsible for obtaining corresponding IP address, give the access protocol module, and be responsible for the recovery of IP address behind user offline from address pool;
Service Processing Module: finish routing operations, the online detection of user, traffic statistics, the unified operation of the authorization control and the bag transmission of keeping accounts etc.
Each access protocol module only needs handle simply inserting request among Fig. 1, gives Service Processing Module some complex operations of management control fully and handles, and access protocol module itself just can lay stress in the processing of agreement itself.
As can be seen from Figure 1, if increase only needs the function of Service Processing Module is controlled to certain controlled function of business, so just can make all access service all possess this function; In addition, increase an access service flow process newly, can increase a relevant access protocol module easily and just can finish, such processing mode has greatly strengthened the extensibility of this control device function.
Be described in detail as follows:
At first the control device of realizing BAS Broadband Access Server multi-service unified interface is further set forth:
A kind of flow processing of access service often comprises four partial contents: to the authentication of the protocol processes of access service, butt joint access customer, for access service configuration network parameter (IP address, dns address etc.), online user is carried out the control and management operation.
Concerning the flow process of different access service, wherein back three partial contents are more close often, therefore we handle this three partial content independent the unification by authentication interface, network configuration interface, Service Processing Module, like this, concrete access service just can only have been paid close attention to the protocol processes of access service.
Access service is delivered to Service Processing Module to user's authentication information by the authentication interface, by Service Processing Module finish user identity checking, finish the processing of authorized user message.
Access service needs to give user's configuration network parameter in certain process of flow process (inserting as PPPoE is after authentification of user), obtains this user's network configuration data by network configuration interface, and passes to the user by the access protocol module.
Usually, the user who has finished authentication and network configuration means user's success of surfing the Net, and this moment, Service Processing Module need carry out some control operations, for example added route, upgrades ARP information, sent book keeping operation beginning request package etc.In line process, Service Processing Module needs in real time the user to be controlled within the scope of authority, guarantees user's normal online in subsequent user.Reclaim in case user offline, Service Processing Module carry out resource, be responsible for sending book keeping operation ending request bag.
Simultaneously, the present invention also provides a kind of control method that realizes BAS Broadband Access Server multi-service unified interface, is applied to mainly comprise in the BAS Broadband Access Server following steps necessary, as shown in Figure 2:
1) access protocol module (hereinafter to be referred as protocol module) the direct authentication request of process user not, and give Service Processing Module with it;
2) Service Processing Module is handed to certificate server with it;
3) if authentication success, protocol module is to Service Processing Module application IP address;
4) network configuration interface is responsible for obtaining corresponding IP address and giving protocol module from address pool (IP PooL) module, and protocol module is handed to the user again;
5) Service Processing Module adds route for the user, and the ARP list item is distributed to the corresponding access authority of user.
The business processing flow that provides according to Fig. 2 below is elaborated to the method for Business Processing:
1. client access band access server carries out alternately according to the difference and the respective protocol module of access way, and mutual content comprises link-quality, contents such as device discovery;
2. after protocol interaction completed successfully, client was initiated authentication request to protocol module;
3. protocol module sends to Service Processing Module with this request;
4. Service Processing Module is delivered to certificate server with this request again;
5. certificate server is with authentication result informing business processing module;
6. Service Processing Module sends authentication result to protocol module;
7. protocol module sends authentication response message to client again;
8. if successfully by authentication, client is to protocol module application IP address, this process and verification process are similar;
Attention: according to the difference of the selected access protocol of client, the precedence of authentication application IP address may be with above-mentioned opposite;
9. so far, the reciprocal process of protocol module and client is all finished, protocol module informing business processing module;
10. Service Processing Module adds route and ARP table information for the user;
So far, the user can successful logging in network.
Claims (6)
1, a kind of control device of realizing BAS Broadband Access Server multi-service unified interface is characterized in that described control device comprises:
The access protocol module is used for inserting the protocol processes of request;
The authentication interface is responsible for receiving the user authentication information that the access protocol module is transmitted, and submits certificate server after processing to, confirms authentication result according to server response, handles special authorization message, and notice access protocol module;
Network configuration interface according to relevant strategy, is responsible for obtaining corresponding IP address from the address pool module of access server, gives the access protocol module, and is responsible for the recovery of IP address behind user offline;
Service Processing Module is used for the online user is carried out control and management, comprises following function: routing operations, and the online detection of user, traffic statistics, the authorization control and the bag of keeping accounts send;
Wherein, authentication interface and network configuration interface are located between access protocol module and the Service Processing Module.
2, realize the control device of BAS Broadband Access Server multi-service unified interface according to claim 1, it is characterized in that:
Control by function, make that all access service are all corresponding to possess this function Service Processing Module.
3, realize the control device of BAS Broadband Access Server multi-service unified interface according to claim 1, it is characterized in that:
By increasing relevant access protocol module, can realize the access request of respective protocol.
4, realize the control device of BAS Broadband Access Server multi-service unified interface according to claim 1, it is characterized in that:
Described authentication interface is delivered to Service Processing Module with user's authentication information, finish user identity checking, finish the processing of authorized user message.
5, realize the control device of BAS Broadband Access Server multi-service unified interface according to claim 1, it is characterized in that:
Described access service need be given user's configuration network parameter, by network configuration interface, obtains this user's network configuration data, and passes to the user by agreement.
6, a kind of control method of utilizing power 1 described control device to realize BAS Broadband Access Server multi-service unified interface comprises the steps:
First step, access protocol module are given user's authentication request Service Processing Module and are handled;
Second step, Service Processing Module is handed to certificate server with this request;
Third step, if authentication success, the access protocol module is by Service Processing Module application IP address;
The 4th step, network configuration interface are responsible for obtaining corresponding IP address from the address pool module and are given the access protocol module, hand to the user again by the access protocol module;
The 5th step, Service Processing Module adds route for the user, and the ARP list item is distributed to the corresponding access authority of user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101230695A CN1298145C (en) | 2003-12-24 | 2003-12-24 | Control device and method for realizing broad band connecting server multiple business united interface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101230695A CN1298145C (en) | 2003-12-24 | 2003-12-24 | Control device and method for realizing broad band connecting server multiple business united interface |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1555162A CN1555162A (en) | 2004-12-15 |
| CN1298145C true CN1298145C (en) | 2007-01-31 |
Family
ID=34338865
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003101230695A Expired - Fee Related CN1298145C (en) | 2003-12-24 | 2003-12-24 | Control device and method for realizing broad band connecting server multiple business united interface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1298145C (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101132307B (en) * | 2006-08-22 | 2010-12-01 | 华为技术有限公司 | Control system, control method and control device |
| CN101166146B (en) * | 2006-10-19 | 2010-08-04 | 中兴通讯股份有限公司 | Method for broad band access server to control three-fold service |
| CN101908967B (en) * | 2009-06-02 | 2014-02-19 | 百度在线网络技术(北京)有限公司 | Configuration method and system of Linux virtual server |
| CN103577767A (en) * | 2012-08-10 | 2014-02-12 | 西门子公司 | Operation method and equipment for design data |
| CN102843379B (en) * | 2012-09-13 | 2015-10-07 | 浙江金大科技有限公司 | A kind of authenticating network towards multiple access pattern |
| CN104954161A (en) * | 2014-03-28 | 2015-09-30 | 中兴通讯股份有限公司 | IPv6 transitional technology type processing method, device and system |
| CN106301885A (en) * | 2016-07-18 | 2017-01-04 | 乐视控股(北京)有限公司 | The method and system of uniform traffic management |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001041369A2 (en) * | 1999-11-29 | 2001-06-07 | British Telecommunications Public Limited Company | Acces to data networks |
| CN1388673A (en) * | 2001-05-25 | 2003-01-01 | 华为技术有限公司 | Telecommunication network management system |
| CN1416072A (en) * | 2002-07-31 | 2003-05-07 | 华为技术有限公司 | Method for realizing portal authentication based on protocols of authentication, charging and authorization |
-
2003
- 2003-12-24 CN CNB2003101230695A patent/CN1298145C/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001041369A2 (en) * | 1999-11-29 | 2001-06-07 | British Telecommunications Public Limited Company | Acces to data networks |
| CN1388673A (en) * | 2001-05-25 | 2003-01-01 | 华为技术有限公司 | Telecommunication network management system |
| CN1416072A (en) * | 2002-07-31 | 2003-05-07 | 华为技术有限公司 | Method for realizing portal authentication based on protocols of authentication, charging and authorization |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1555162A (en) | 2004-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100456739C (en) | Remote access vpn mediation method and mediation device | |
| CN101465856B (en) | Method and system for controlling user access | |
| CN100521650C (en) | Packet forwarding apparatus and access network system | |
| US8136151B2 (en) | Systems and methods for remotely maintaining virtual private networks | |
| CN101110847B (en) | Method, device and system for obtaining medium access control address | |
| CN1184776C (en) | Method for the point-to-point protocol log-on user to obtain Internet protocol address | |
| CN1889577A (en) | IP address distributing method based on DHCP extended attribute | |
| CN1462131A (en) | Broad-band insertion service apparatus dialing testing method | |
| CN1761252A (en) | Method for implementing experimental system of firewall under multiple user's remote concurrency control in large scale | |
| CN1665189A (en) | Method to grant access to a data communication network and related devices | |
| CN101087236B (en) | VPN access method and device | |
| CN1713629A (en) | Realization of user login name and IP address binding | |
| CN1567868A (en) | Authentication method based on Ethernet authentication system | |
| CN1395388A (en) | Method for authenticating group broadcast service | |
| CN1142662C (en) | Authentication method for supporting network switching in based on different devices at same time | |
| CN1553674A (en) | Method for wideband connection server to obtain port numbers of its uers | |
| CN1298145C (en) | Control device and method for realizing broad band connecting server multiple business united interface | |
| CN1486025A (en) | Checking method of PPPoE L2 transparent transmission port-username binding | |
| CN1176540C (en) | Method for realizing switch in with mixed multiple users'types in Ethernet network switch in devices | |
| CN101977147B (en) | Message forwarding based new method for accessing NAT (Network Address Translation) router into 802.1X certification network | |
| CN1527557A (en) | Method of transmitting 802.1X audit message via bridging device | |
| CN1235382C (en) | A client authentication method based on 802.1X protocol | |
| EP2651088A1 (en) | Network layer protocol for replacing ipv6 | |
| CN1225870C (en) | Method and apparatus for VLAN based network access control | |
| CN1297104C (en) | Method for realizing port based identification and transmission layer based identification compatibility |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Assignee: Shenzhen ZTE Technical Service Co.,Ltd. Assignor: ZTE Corp. Contract fulfillment period: 2007.1.16 to 2013.1.16 Contract record no.: 2008990000959 Denomination of invention: Control device and method for realizing broad band connecting server multiple business united interface Granted publication date: 20070131 License type: Exclusive license Record date: 20081027 |
|
| LIC | Patent licence contract for exploitation submitted for record |
Free format text: EXCLUSIVE LICENSE; TIME LIMIT OF IMPLEMENTING CONTACT: 2007.1.16 TO 2013.1.16; CHANGE OF CONTRACT Name of requester: SHENZHEN CITY ZHONGXING COMMUNICATIONS TECHNOLOGY Effective date: 20081027 |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070131 |