CN1516408A - Method for implementing verification and termination by connecting digital subscriber loop into hub - Google Patents
Method for implementing verification and termination by connecting digital subscriber loop into hub Download PDFInfo
- Publication number
- CN1516408A CN1516408A CNA031564399A CN03156439A CN1516408A CN 1516408 A CN1516408 A CN 1516408A CN A031564399 A CNA031564399 A CN A031564399A CN 03156439 A CN03156439 A CN 03156439A CN 1516408 A CN1516408 A CN 1516408A
- Authority
- CN
- China
- Prior art keywords
- pppoe
- message
- digital subscriber
- subscriber loop
- labour
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to wideband network technology field, especially refers to a kind of certification and ending method of digital user loop accessing hub. The hub configures MACA as the mac address of up grade third layer exchangers; it selects the PPPoE control message and transmits to the primary CPU; the primary CPU uses configured MACA as the source mac addresses of the PPPoE control message, completes the PPPoE Session creation, LCP negotiation, PAP/CHAP certification, IPCP negotiation; the digital user loop accessedes to the hub user side PPPoE client user end and creates the IP OverPPPoE data message whose target address is MACA, and bridges them to IP Over Ethernet message and transmit to the up grade third exchanger; the exchanger receives the above IP Over Ethernet message, and sets the route, then transmits the message.
Description
Technical field:
The invention belongs to the broadband network technology field, relate in particular to a kind of authentication and termination method of Digital Subscriber Loop labour-intensive industry L2TP.
Background technology:
Along with development of internet technology, broadband access has at present become a kind of leading user mode access.Broadband access generally comprises ADSL, VDSL, modes such as Ethernet.According to the needs of operator's operation, these all modes all need broadband dialing and the process that authenticates.Current this broadband dialing is PPPoE (an Ethernet bearing point-to-point protocol) with the main mode of authentication.
PPPoE needs two entities, and one is pppoe client, and one is the PPPoE server.PPPoE is divided into two processes, verification process and data transmission procedures.The general form (PPPoE carries Internet protocol) that adopts IP overPPPoE in data transmission procedure.Traditionally, process IP over PPPoE's generally is an edge router, also claims BRAS (BAS Broadband Access Server).This equipment operation is on the level of the 3rd layer-network layer of network seven layer protocols of ISO (International Standards Organization) regulation, and network layer refers generally to the IP layer.BRAS equipment is because the level height of handling makes that its design is complicated, and price is high.
At present, traditional application model of IP DSLAM (Digital Subscriber Loop labour-intensive industry L2TP) is to use transparent transmission user's PPPoE message as two layers of no authenticated device.Under this application model, need to exist in higher level's network a BRAS equipment (BAS Broadband Access Server) so that finish the authentication and the termination function of user PPPoE message, and the BRAS equipment price is high, thereby causes the construction cost of whole broadband access network very huge.Use traditional networking schematic diagram for two layers of traditional broadband access network application model schematic diagram such as accompanying drawing 1:IP DSLAM.
In first to file 03137408.5 " the internet bridging method of Ethernet bearing point-to-point protocol and Ethernet protocol ", put down in writing following a kind of method: the submodule that a bridge joint IP overPPPOE and IP over Ethernet are set in the packet forwarding module at two-layer equipment, operate on the second layer of network seven layer protocols, if input IP over PPPOE packet, exportable IP over Ethernet packet, corresponding, if input IP overEthernet packet, exportable IP over PPPOE packet makes the link layer device that does not possess the IP layer function PPPOE SESSION that directly terminates.
Summary of the invention:
The object of the present invention is to provide a kind of method, use, thereby on IP DSLAM equipment, realize for authentication and the finalization process of the PPPoE of the wide band access user that only needs PPPoE authentication and termination but make IP DSLAM can be used as two layers of authenticated device.
Digital Subscriber Loop labour-intensive industry L2TP of the present invention is finished the method for PPPoE authentication and termination, and its step comprises
1) the Digital Subscriber Loop labour-intensive industry L2TP disposes the mac address MACA of higher level's three-tier switch;
2) the Digital Subscriber Loop labour-intensive industry L2TP is forwarded to its master cpu by the PPPoE control message of choosing the user of its multi-business flow taxon and with it;
3) this master cpu as the mac address, source that above-mentioned PPPoE controls message, is finished the MACA of configuration PPPoE Session and is set up, LCP negotiation, PAP/CHAP authentication, ipcp negotiation;
4) to receive the pppoe client structure destination address of user side be the IP Over PPPoE data message of MACA to the Digital Subscriber Loop labour-intensive industry L2TP, is IP Over Ethernet message with its bridge joint and is forwarded to higher level's three-tier switch;
5) higher level's three-tier switch receives above-mentioned IP Over Ethernet message, sets its route, transmits this IP Over Ethernet message then.
IP DSLAM as two-layer equipment the time, can not have three layer functions.And according to the PPPoE protocol requirement, it must be to have the equipment of three layer functions so that finish three layers of route to user's IP overPPPoE message that PPPoE Server requires.
But technology based on " the Internet protocol bridging method of Ethernet bearing point-to-point protocol and Ethernet protocol ", can cooperate the function of finishing PPPoE Server by three-tier switch and IP DSLAM, be responsible for the processing of PPPoE control message and the bridge joint of PPPoE data message by IPDSLAM, and three-tier switch is finished the route of packet.
The present invention uses " multi-business flow classification " technology in present three layer-switching technologies simultaneously.The multi-business flow sorting technique is meant according to several bytes (being generally 64 byte to 80 bytes) that begin from heading in the business datum message business datum message is distinguished, and carry out different processing, these processing generally comprise normal forwarding, be forwarded to the master cpu unit, revise the business datum message content, revise forward-path, mark forwarding priority etc.
Core of the present invention is IP DSLAM when handling the PPPoE message, and the mac address of use is not the mac address of itself, but the mac address of higher level's three-tier switch.Thereby and three-tier switch cooperates the function of having finished PPPoE Server.
Like this, IP DSLAM has just constructed a virtual PPPoEServer jointly with higher level's three-tier switch, thereby can substitute expensive BRAS equipment with cheap three-tier switch in higher level's network, reduces the construction cost of whole broadband access network.
Description of drawings:
Fig. 1: use traditional networking schematic diagram for two layers of IP DSLAM
Wherein:
A:Radius Server server B: fire compartment wall
C:Internet D:BRAS
F: Ethernet G:IP DSLAM
Accompanying drawing 2: the present invention realizes virtual PPPoE Server networking schematic diagram
Wherein:
E: three-tier switch
Embodiment:
The PPPoE control message that is input as the user that the present invention handles.
Flow process of the present invention is as follows:
Configuration flow:
1, mac address of configuration is as the mac address of virtual PPPoE Server, and this address is the mac address MACA of higher level's three-tier switch.
PPPoE control message is handled as follows:
1, by " multi-business flow classification " the module intercepts user's of three layers of crosspoint PPPoE control message and be forwarded to master cpu, master cpu carries out the PPPoE control procedure with the MACA that has been configured as the mac address, source of PPPoE control message.
2, after authentication finished, the pppoe client of user side can think and have the PPPoE Server that the mac address is MACA, and the structure destination address is that the IP Over PPPoE data message of MACA carries out access to netwoks.This moment, IP DSLAM utilized the technology of " the Internet protocol bridging method of Ethernet bearing point-to-point protocol and Ethernet protocol " that IP Over PPPoE data message bridge joint is IP Over Ethernet message and is forwarded to higher level's three-tier switch, and higher level's three-tier switch is finished the route of packet is handled.
According to technical scheme of the present invention, be example with an IP DSLAM system, specify embodiments of the present invention, typical networking of the present invention such as accompanying drawing 2.
The ADU business board of this IP DSLAM provides the PPPOE that ADSL user is inserted to support.User's PC is connected with the ADU business board of this IP DSLAM by ADSL modem, and the client software of PPPOE has been installed.
The ADU business board of this IP DSLAM utilizes ASIC to realize IP over PPPOE and IP over Ethernet bridging technology, the submodule of one bridge joint IP over PPPOE and IP over Ethernet is set in the packet forwarding module, and as a part of this IP DSLAM PPPOE module.
This IP DSLAM uplink service mouth is connected with a three-tier switch, is called higher level's switch.
Configuration is supported the PPPOE that carries out of user port on the control desk of this IP DSLAM, the Mac address of configuration virtual PPPoE Server, and this MAC Address is the MAC Address of higher level's switch.The multi-business flow taxon of three layers of Switching Module of configuration makes its PPPoE that can intercept user control message and is forwarded to master cpu, configures the uplink service mouth, and the uplink service mouth is connected with higher level's three-tier switch, Radius Server.
The user at first starts the PPPOE dialing procedure, and the multi-business flow taxon of three layers of crosspoint will be controlled message and mail to master cpu after picking out PPPOE control message.The MAC Address of the virtual PPPoEServer that the master cpu utilization has been disposed is mutual as source MAC and user's PPPOE client, and carries out finishing authentification of user alternately with RadiusServer simultaneously, and note is taken.Utilize PPPOE modules driver module to be provided with and allow the user to insert.
User's pppoe client structure purpose mac address is that the IPOver PPPoE packet of the address of virtual PPPoE Server begins to visit internet, the IP over PPPOE of customer service plate PPPOE module and IP over Ethernet bridge module are handled the user's data bag in this process, and the multicast tenability is provided.
The user sends the PPPOE control message of the request of disconnection, three layers of Switching Module intercepting PPPOE control message are handled, this control message is mail to master cpu, and master cpu and user's PPPOE client, RadiusServer carry out alternately, finish user offline, the end of note expense.Utilize the setting of PPPOE modules driver module to forbid that the user inserts.
Claims (3)
1, a kind of Digital Subscriber Loop labour-intensive industry L2TP is finished the method for PPPoE authentication and termination, and its step comprises
1) the Digital Subscriber Loop labour-intensive industry L2TP disposes the mac address MACA of higher level's three-tier switch;
2) the Digital Subscriber Loop labour-intensive industry L2TP is forwarded to master cpu by the PPPoE control message of choosing the user of its multi-business flow taxon and with it;
3) master cpu as the mac address, source that above-mentioned PPPoE controls message, is finished the MACA of configuration PPPoE Session and is set up, LCP negotiation, PAP/CHAP authentication, ipcp negotiation;
4) to receive the pppoe client structure destination address of user side be the IP Over PPPoE data message of MACA to the Digital Subscriber Loop labour-intensive industry L2TP, is IP Over Ethernet message with its bridge joint and is forwarded to higher level's three-tier switch;
5) higher level's three-tier switch receives above-mentioned IP Over Ethernet message, sets its route, transmits this IP Over Ethernet message then.
2, Digital Subscriber Loop labour-intensive industry L2TP as claimed in claim 1 is finished the method for PPPoE authentication and termination, it is characterized in that the Digital Subscriber Loop labour-intensive industry L2TP is in three layers of Switching Module configuration multi-business flow taxon.
3, Digital Subscriber Loop labour-intensive industry L2TP as claimed in claim 1 is finished the method for PPPoE authentication and termination, it is characterized in that being provided with in the packet forwarding module of Digital Subscriber Loop labour-intensive industry L2TP the submodule of a bridge joint IPover PPPOE and IP over Ethernet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03156439 CN1264316C (en) | 2003-08-29 | 2003-08-29 | Method for implementing verification and termination by connecting digital subscriber loop into hub |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03156439 CN1264316C (en) | 2003-08-29 | 2003-08-29 | Method for implementing verification and termination by connecting digital subscriber loop into hub |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1516408A true CN1516408A (en) | 2004-07-28 |
| CN1264316C CN1264316C (en) | 2006-07-12 |
Family
ID=34240832
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03156439 Expired - Fee Related CN1264316C (en) | 2003-08-29 | 2003-08-29 | Method for implementing verification and termination by connecting digital subscriber loop into hub |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1264316C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1328881C (en) * | 2004-09-15 | 2007-07-25 | 中兴通讯股份有限公司 | Method for point-to-point protocol service detection of wide band cut-in server |
| CN107547338A (en) * | 2017-05-31 | 2018-01-05 | 新华三技术有限公司 | A kind of message forwarding method and device |
| US11102115B2 (en) | 2017-05-31 | 2021-08-24 | New H3C Technologies Co., Ltd. | Forwarding packet |
| US11108594B2 (en) | 2017-05-31 | 2021-08-31 | New H3C Technologies Co., Ltd. | Implementing three-layer communication |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105600857B (en) * | 2015-10-22 | 2019-03-08 | 唐山三友集团兴达化纤有限公司 | The vacuum degasing pretreatment of viscose rayon production neutral and alkali waste water |
-
2003
- 2003-08-29 CN CN 03156439 patent/CN1264316C/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1328881C (en) * | 2004-09-15 | 2007-07-25 | 中兴通讯股份有限公司 | Method for point-to-point protocol service detection of wide band cut-in server |
| CN107547338A (en) * | 2017-05-31 | 2018-01-05 | 新华三技术有限公司 | A kind of message forwarding method and device |
| US11102115B2 (en) | 2017-05-31 | 2021-08-24 | New H3C Technologies Co., Ltd. | Forwarding packet |
| US11108594B2 (en) | 2017-05-31 | 2021-08-31 | New H3C Technologies Co., Ltd. | Implementing three-layer communication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1264316C (en) | 2006-07-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7808994B1 (en) | Forwarding traffic to VLAN interfaces built based on subscriber information strings | |
| US9419815B2 (en) | Domain-less service selection | |
| US7944918B2 (en) | Dynamic building of VLAN interfaces based on subscriber information strings | |
| US7167923B2 (en) | System and method for selectively bridging and routing data packets between multiple networks | |
| EP1589705B1 (en) | Method and system configured for facilitating residential broadband service | |
| US20060245439A1 (en) | System and method for DSL subscriber identification over ethernet network | |
| CN1179516C (en) | Method and apparatus for access level control in metropolitan area network | |
| EP1755278B1 (en) | A method for raising access capacity of wide-band access equipment user | |
| CN1416239A (en) | Method for switching in virtual local area network of the access network with mixed optical fiber and coaxial line | |
| CN101047695A (en) | Method for implementing selection of multi-service and dynamic service in digital customer line | |
| CN1553674A (en) | Method for wideband connection server to obtain port numbers of its uers | |
| CN100352203C (en) | Method for controlling wide band network user to access network | |
| CN1277373C (en) | Method for transmitting user position information in network communication system | |
| US20080165781A1 (en) | Layer 2 address translation for service provider wholesale IP sessions | |
| CN101909074A (en) | Network access equipment and method for implementing data forwarding between different physical media | |
| CN1264316C (en) | Method for implementing verification and termination by connecting digital subscriber loop into hub | |
| US20070140118A1 (en) | Access multiplexer | |
| CN1423455A (en) | User authentication management method in Ethernet broadband access system | |
| CN1455548A (en) | Management method of user's connecting network in wideband network | |
| CN1286298C (en) | Method of isolation of bilayer VLAN port | |
| CN1555162A (en) | Control device and method for realizing broad band connecting server multiple business united interface | |
| CN1486013A (en) | Method for network access user authentication | |
| CN1172484C (en) | Method for wide band switch-on apparatus supporting of Ethernet load point-to-point protocol | |
| CN101197835A (en) | Virtual special network access method, system and device | |
| CN1264311C (en) | Bridge connecting method of ethernet carrying point-to-point protocol and network protocol of ethernet protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |