CN1545265A - Method for implementing virtual MAC address in digital subscriber line access server equipment - Google Patents
Method for implementing virtual MAC address in digital subscriber line access server equipment Download PDFInfo
- Publication number
- CN1545265A CN1545265A CNA2003101137802A CN200310113780A CN1545265A CN 1545265 A CN1545265 A CN 1545265A CN A2003101137802 A CNA2003101137802 A CN A2003101137802A CN 200310113780 A CN200310113780 A CN 200310113780A CN 1545265 A CN1545265 A CN 1545265A
- Authority
- CN
- China
- Prior art keywords
- user
- vmac
- mac address
- address
- dslam
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides a method that a DSLAM device implements virtual MAC addresses, including; when learning the basic functions and addresses of an exchanger, according to user configured VMAC mapping method, a DSLAM device generates a VMAC address corresponding to the user MAC address, and when configuring user data in a Radius or broadband connection sever, inputs user marked VMAC and binds it with user name. The invention completes a two-way MAC address conversion operation by hardware device in order to implement the only mark of the user, which ensures transmitting performance of the system.
Description
Affiliated technical field
The invention belongs to the association area of broadband network access device security of system and user management, be specifically related to the method that a kind of DSLAM equipment is realized virtual mac address.
Background technology
Large scale construction along with broadband infrastructure, the continuous expansion of broadband user colony, some security of system problems loom large day by day, as account embezzlement, IP address embezzlement or the like, and the telecommunications operator does not have enough means to position when solving safety issue, its reason mainly is that the network schemer of networking by two-layer structure built in present broadband, a plurality of Digital Subscriber Line access servers (digital subscriber linermultiplexer, DSLAM) equipment is through access band access server (BRAS) after the switch aggregation, after user's PPPOE authentication data packet arrives BRAS, BRAS or certificate server Radius are difficult to the user of authentication is carried out unique sign, thereby what can not be distinguished is right user, and what is the user of malice.
Summary of the invention
The present invention overcomes the deficiency of above-mentioned broadband network access device security of system, and a kind of building method of the virtual mac address according to operator's particular demands dynamic-configuration is provided, and the forwarding performance of broadband network access device system is protected.
Technology contents of the present invention: a kind of Digital Subscriber Line access server equipment is realized the method for virtual media access control address, comprising:
When (1) DSLAM equipment carries out basic function, the address learning of switch,, generate the VMAC address of this user's MAC address correspondence according to the mapping method of user configured VMAC;
(2) on the Radius server or on the BAS Broadband Access Server, during the configure user data, the VMAC of input user ID binds itself and user name.
Further comprise: after (1) DSLAM equipment is received user data, determine corresponding VMAC address, after replacing, send to BAS Broadband Access Server according to user's MAC address;
(2) after receiving the data that BAS Broadband Access Server sends, carry out the replacement of a VMAC address to MAC address after, send to corresponding subscriber equipment.
The generation module of the administration interface definition VMAC address by DSLAM equipment when the user distributes telephone numbers, after the DSLAM network management interface is finished the user data configuration, according to the generation template of VMAC, generates the unique identification VMAC address of this user's correspondence.
The mapping method of described VMAC comprises:
(1) basic element S set that participate in to calculate of configuration=E1, E2 ..., En};
(2) set the original position Bi of basic element in the MAC Address of 48 bit lengths, determine its length L i simultaneously;
(3) VMAC's is generated as complete 1 constant and, the combination of the Bi position that moves to left that individual element Ei and length are Li.
The basic element that described configuration participates in calculating comprises:
(1) DSLAM device numbering;
(2) the VLAN ID that connects between DSLAM and the BRAS;
(3) user's corresponding equipment port numbering;
(4) under a plurality of user situations of unique user port, each user's numbering;
(5) the self-defining VMAC address prefix of operator.
Technique effect of the present invention: according to certain strategy 48 user's MAC address of packet are shone upon, be transformed to virtual mac address, realize that BRAS or Radius finish user's unique identification according to this virtual mac address.Because hardware device is finished two-way MAC Address conversion work, the forwarding performance of system will be protected.And user MAC can be finished by the logic or the ASIC of special use to the mapping of virtual mac address, can the forwarding performance of system not had any impact, and simultaneously, the building method of VMAC can carry out flexible customization according to the demand difference of operation.
Embodiment:
The DSLAM data forwarding flow process of VMAC of the present invention is:
Carry out the basic function of switch for a DSLAM equipment, in the time of address learning, can calculate the VMAC address of this user's MAC address correspondence according to the mapping method of user configured VMAC, then these two MAC Address are written in the relevant hardware forwarding unit.After the hardware forwarding unit is received user data, determine corresponding VMAC address, after replacing, send to BRAS according to user's MAC address; After receiving the data that BRAS sends, carry out the replacement of a VMAC address to MAC address.Hardware device is finished two-way MAC Address conversion work.
Wherein, the operation mode of VMAC:
1, passes through the mapping of the equipment control interface configurations VMAC of DSLAM, just define the generation template of 48 VMAC addresses.
2, when the user distributes telephone numbers, after the DSLAM network management interface is finished the user data configuration, will generate the unique identification VMAC address of this user's correspondence according to the generation template of VMAC.
3, on the Radius server or on the BRAS, during the configure user data, the VMAC of input user ID binds itself and user name, reaches the sign for the user.
4, certificate server Radius can realize according to VMAC adress analysis and consumer positioning by expanding.
The mapping relations of user MAC and VMAC:
1, basic element S set that participate in to calculate of configuration=E1, E2 ..., En}.
If 2 DSLAM equipment participate in calculating, configuration DSLAM device number.
If 3 have the VMAC address prefix, the address prefix of configuration VMAC.
4, set the original position Bi of basic element in the MAC Address of 48 bit lengths, determine its length L i simultaneously.
5, VMAC's is generated as complete 1 constant and, the combination of the Bi position that moves to left that individual element Ei and length are Li.
Wherein, a user's of unique identification information basic element comprises:
1, DSLAM device numbering, operator can adopt the combination of linear numbering or office point numbering oil (gas) filling device number.
2, the VLAN ID that connects between DSLAM and the BRAS.
3, user's corresponding equipment port numbering comprises the combination of corresponding service groove number and groove inner port numbering.
4, under a plurality of user situations of unique user port, each user's numbering.
5, the self-defining VMAC address prefix of operator, the high position by definition VMAC reaches the division of VMAC address.
With IP kernel intelligence DSLAM, its built-in ISPU (IN service processing unit) finishes the two-way mapping of user's MAC address and VMAC address and the forwarding of user PPPOE packet is an example, and technical scheme of the present invention is described.
The element that is configured to down participate in calculating by webmastering software is: user port number, the VLAN ID that DSLAM equipment is connected with BRAS, VMAC address prefix.Be provided with wherein in the user port number, the bit position of the inner slogan of groove is that bit0 is to bit5, the bit position of professional groove number is that bit6 is to bit9, the bit position of VLAN ID is that bit10 is to the bit21 position, and the prefix of VMAC address is 00:05:00:00:00:00, VLAN ID is 118, and the user for 2:10 (2 grooves, 10 ports) with the VMAC address of calculating is so:
VMAC(2:10)=0x000500000000|((118&0x0FFF)<<10)|((2&0x000F)
<<6)|(10&0x003F)=0x00050001D88A
The 2:10 user's MAC address and the VMAC address of calculating above are written among the ISPU, after this user's PPPOE datagram arrives ISPU so, ISPU will revise the source MAC of ethernet frame becomes VMAC, data forwarding is to BRAS, after the descending packet of BRAS arrives ISPU, ISPU will become the VMAC reduction user's MAC Address.BRAS will send to certificate server Radius in authentication data packet, certificate server is finished the unique identification inspection of user name.
Can adopt device number or other information field structure VMAC equally.
Claims (5)
1. a DSLAM equipment is realized the method for virtual mac address, it is characterized in that:
When (1) DSLAM equipment carries out basic function, the address learning of switch,, generate the VMAC address of this user's MAC address correspondence according to the mapping method of user configured VMAC;
(2) on the Radius server or on the BAS Broadband Access Server, during the configure user data, the VMAC of input user ID binds itself and user name.
2. DSLAM equipment as claimed in claim 1 is realized the method for virtual mac address, it is characterized in that further comprising:
(1) after DSLAM equipment is received user data, determines corresponding VMAC address, after replacing, send to BAS Broadband Access Server according to user's MAC address;
(2) after receiving the data that BAS Broadband Access Server sends, carry out the replacement of a VMAC address to MAC address after, send to corresponding subscriber equipment.
3. DSLAM equipment as claimed in claim 1 or 2 is realized the method for virtual mac address, it is characterized in that: the generation module that defines the VMAC address by the administration interface of DSLAM equipment, when the user distributes telephone numbers, after the DSLAM network management interface is finished the user data configuration, according to the generation template of VMAC, generate the unique identification VMAC address of this user's correspondence.
4. DSLAM equipment as claimed in claim 1 or 2 is realized the method for virtual mac address, and it is characterized in that: the mapping method of described VMAC comprises:
(1) basic element S set that participate in to calculate of configuration=E1, E2 ..., En};
(2) set the original position Bi of basic element in the MAC Address of 48 bit lengths, determine its length L i simultaneously;
(3) VMAC's is generated as complete 1 constant and, the combination of the Bi position that moves to left that individual element Ei and length are Li.
5. DSLAM equipment as claimed in claim 4 is realized the method for virtual mac address, it is characterized in that: the basic element that described configuration participates in calculating comprises:
(1) DSLAM device numbering;
(2) the VLAN ID that connects between DSLAM and the BRAS;
(3) user's corresponding equipment port numbering;
(4) under a plurality of user situations of unique user port, each user's numbering;
(5) the self-defining VMAC address prefix of operator.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2003101137802A CN1545265A (en) | 2003-11-25 | 2003-11-25 | Method for implementing virtual MAC address in digital subscriber line access server equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2003101137802A CN1545265A (en) | 2003-11-25 | 2003-11-25 | Method for implementing virtual MAC address in digital subscriber line access server equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1545265A true CN1545265A (en) | 2004-11-10 |
Family
ID=34336966
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2003101137802A Pending CN1545265A (en) | 2003-11-25 | 2003-11-25 | Method for implementing virtual MAC address in digital subscriber line access server equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1545265A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006122502A1 (en) * | 2005-05-17 | 2006-11-23 | Huawei Technologies Co., Ltd. | A transmission method for message in layer 2 and an access device |
| US7894428B2 (en) | 2005-03-04 | 2011-02-22 | Fujitsu Limited | Packet relay device |
| CN101083529B (en) * | 2007-06-22 | 2011-03-16 | 中兴通讯股份有限公司 | Method and apparatus for centralized control of domain in wideband access server |
| CN102045405A (en) * | 2009-10-16 | 2011-05-04 | 华为技术有限公司 | Address translation method, equipment and system |
| CN102318290A (en) * | 2011-07-29 | 2012-01-11 | 华为技术有限公司 | Message forward method and device |
| WO2013139018A1 (en) * | 2012-03-22 | 2013-09-26 | 中兴通讯股份有限公司 | Allocation method and device for user identity identifiers in identity and location separation network |
| CN112153169A (en) * | 2020-08-24 | 2020-12-29 | 烽火通信科技股份有限公司 | VMAC high-speed address learning method and electronic equipment |
-
2003
- 2003-11-25 CN CNA2003101137802A patent/CN1545265A/en active Pending
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7894428B2 (en) | 2005-03-04 | 2011-02-22 | Fujitsu Limited | Packet relay device |
| CN101138205B (en) * | 2005-03-04 | 2012-04-11 | 富士通株式会社 | Data packet relay unit |
| WO2006122502A1 (en) * | 2005-05-17 | 2006-11-23 | Huawei Technologies Co., Ltd. | A transmission method for message in layer 2 and an access device |
| CN100450080C (en) * | 2005-05-17 | 2009-01-07 | 华为技术有限公司 | Method and apparatus for astringing two layer MAC address |
| US7978694B2 (en) | 2005-05-17 | 2011-07-12 | Huawei Technologies Co., Ltd. | Method for transmitting layer 2 packet and access device thereof |
| CN101083529B (en) * | 2007-06-22 | 2011-03-16 | 中兴通讯股份有限公司 | Method and apparatus for centralized control of domain in wideband access server |
| CN102045405A (en) * | 2009-10-16 | 2011-05-04 | 华为技术有限公司 | Address translation method, equipment and system |
| CN102318290A (en) * | 2011-07-29 | 2012-01-11 | 华为技术有限公司 | Message forward method and device |
| WO2013139018A1 (en) * | 2012-03-22 | 2013-09-26 | 中兴通讯股份有限公司 | Allocation method and device for user identity identifiers in identity and location separation network |
| CN112153169A (en) * | 2020-08-24 | 2020-12-29 | 烽火通信科技股份有限公司 | VMAC high-speed address learning method and electronic equipment |
| CN112153169B (en) * | 2020-08-24 | 2022-03-25 | 烽火通信科技股份有限公司 | VMAC high-speed address learning method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10587574B2 (en) | Efficient service function chaining over a transport network | |
| JP4454499B2 (en) | Transmission system with functionality of multiple logical sub-transmission systems | |
| CN1153416C (en) | MAC address based telecommunication limiting method | |
| US8767749B2 (en) | Method and system for transparent LAN services in a packet network | |
| CN102025591B (en) | Method and system for implementing virtual private network | |
| CN101841451B (en) | Virtual local area network-based speed limiting method and system for cloud hosts | |
| CN1214583C (en) | Three layer virtual private network and its construction method | |
| JP4368251B2 (en) | Frame transfer processing method and apparatus | |
| CN101080903A (en) | Network node unit and method for forwarding data packets | |
| CN1787489A (en) | Method for average distributing interface flow at multi network processor engines | |
| CN106612224A (en) | Message forwarding method and device applied to VXLAN (Virtual eXtensible LAN) | |
| CN1832443A (en) | Method for reducing VPN network arranging | |
| CN1878115A (en) | VPN realizing method | |
| CN1859381A (en) | Method and system for realizing virtual route redundant protocol on elastic block ring | |
| CN108471390A (en) | The reorientation method of service message straddle processing system and service message | |
| CN106302220A (en) | A kind of method of SDN Precise control conventional switch | |
| CN1545265A (en) | Method for implementing virtual MAC address in digital subscriber line access server equipment | |
| CN1277373C (en) | Method for transmitting user position information in network communication system | |
| CN101030940A (en) | Method for equilibrating network-flow load and the third-level exchanger | |
| CN101848186A (en) | Three-layer plastic optical fiber Ethernet switch | |
| CN107579898A (en) | The method and its device of interconnected communication between one kind of multiple containers | |
| CN100352196C (en) | System and method for transmitting data pocket in infinite bandwidth network | |
| CN1838629A (en) | Method for realizing virtual exchange using QinQ technique | |
| CN1822598A (en) | Interworking from internet protocol to virtual private LAN service | |
| CN1863089A (en) | Method for configurating slave node of virtual LAN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |