CN1747433A - Method and system for realizing long-distance disaster, AAA proxy module and server - Google Patents
Method and system for realizing long-distance disaster, AAA proxy module and server Download PDFInfo
- Publication number
- CN1747433A CN1747433A CN200410073788.5A CN200410073788A CN1747433A CN 1747433 A CN1747433 A CN 1747433A CN 200410073788 A CN200410073788 A CN 200410073788A CN 1747433 A CN1747433 A CN 1747433A
- Authority
- CN
- China
- Prior art keywords
- address
- access device
- module
- equipment
- address field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
AAA proxy module is set in network, and is used to detect state of service access device, and then informs the ip assigning unit to assign ip address for user from main address field of local access device or each address field of remote accesses device. When the local accesses device is failure, the ip assigning unit can assign ip address in address field of remote access device to user, and use remote accesses device to execute operation.
Description
Technical field
The present invention relates to the treatment technology of network, particularly realize method and disaster tolerance system and the AAA proxy module and the aaa server of network long-distance disaster catastrophic event.
Background technology
Long-distance disaster is by setting up and safeguard a standby system in the strange land, utilizing separation physically to guarantee the defensive ability/resistance ability of network system to catastrophic event.Disaster tolerance system is meant provides the network system of using the disaster tolerance ability.Using disaster tolerance is the more senior ability of disaster tolerance system, is meant in the strange land to set up the complete back-up application system of a cover, can backup each other with local application system, also can with local application system co-operation.After disaster occurred, the remote application system took over or bears the service operation of local application system rapidly.
At present, two or more network equipments that disaster tolerance system normally is deployed in different regions are set to mutual backup, when certain network system breaks down, by manual configuration, the business of the former network equipment are switched on the backup network equipment in strange land.
For example, the long-distance disaster of Radio Network System adopts said method to realize.Referring to Fig. 1, Fig. 1 has the network wireless system group network structural representation of using the disaster tolerance ability for prior art.Comprised the network in A and two cities of B in the network of Fig. 1, having comprised: the GGSN interface proxy (GiProxy A) in A city gprs service gateway node (GGSNA), B city gprs service gateway node (GGSN B), aaa server (AAA Server), A city router (Router A), B city router (Router B), A city, GGSN interface proxy (GiProxy B), WAP (wireless access protocol) gateway (WAPGW) and the service provider/content supplier (SP/CP) in B city.
Wherein, GGSN: be responsible for user's distributing IP address.
AAA Server: receive authentication, the bag that charges that GGSN sends, finish authentication, authentication and billing function to the Internet user.
Referring to Fig. 2, Fig. 2 is prior art AAA Server internal structure and external annexation schematic diagram.Comprise among the AAA Server 210:
Radius protocol processing module 211: the main communication of being responsible for external entity, adopt the RADIUS message interface.
Identification processing module 212: finish authentication and authentication to user identity.If the user is the black list user, or User Status is illegal etc., will cause authentification of user not pass through, and user's logging request is rejected.
Charging processing module 213: after user's logging in network and authentication are passed through, GGSN 200 can send to charge and begin bag (Accounting Start) to AAAServer 210, create user conversation by AAA Server 210, and the processing of chargeing, transmit charging to the network equipment simultaneously and begin bag, so that the network equipment is preserved the corresponding relation of subscriber phone number and IP address; During user offline, GGSN 200 can send charging end packet (Accounting Stop) to AAAServer 210, AAA Server 210 deletion user conversations, and the sign charging finishes.
AAA Server 210 links to each other by radius protocol processing module 211 respectively with GGSN 200, service access equipment 220.
Among Fig. 1, SP/CP: the user can enjoy the WAP service that is provided by SP/CP by WAP terminal login GPRS network;
WAP gateway (WAPGW): function such as conversion, the terminal of mainly finishing wap protocol and http protocol is adaptive, access control;
GiProxy: when the user reached the standard grade, GiProxy and AAA Server carried out interacting message, and the information so that the preservation user reaches the standard grade comprises the corresponding relation of IP address and phone number etc.When the user initiated the WAP browse request, GGSN issued outside WAPGW, SP/CP by GiProxy with request, is used for transmitting user profile, carries out subscription authentication etc.GiProxy can close with WAP gateway and establish, and also can build respectively.GiProxy is the only way which must be passed that the user surfs the Net;
Router: router customizes different routing policies (routing table), to finish the route of message in the heterogeneous networks inter-entity.
Among Fig. 1 because GiProxy is a kind of network key entity, so GiProxy A and GiProxyB can backup each other, to guarantee that when the provincialism disaster occurring host apparatus can switch to stand-by equipment rapidly, and then the assurance business is not interrupted.
Suppose portable terminal (MS) user by GGSN A online, when all devices just often, user's message flow is to being: 1->2->3->4; When detecting GiProxy A, GGSN A do not have response, be that the GiProxy on A ground is when delaying machine, by the manual allocation list of revising GGSN A, the message of issuing GiiProxy A all transferred to issue GiProxy B, then user's message flow to this is: 1->8->7->4 guarantee that like this customer service can continue to carry out.
By above-mentioned example as seen, though the backup of prior art remote system can realize long-distance disaster, this technology must realize by the manual allocation list of revising GGSN, needs artificially to participate in, and has certain complexity and risk.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method that realizes the network long-distance disaster, reduces the long-distance disaster operation complexity.
Another main purpose of the present invention is to provide a kind of long-distance disaster system, and this system can realize automatic long-distance disaster.
The 3rd purpose of the present invention is to provide a kind of AAA proxy module, and this module is used for network system and realizes long-distance disaster.
The 4th purpose of the present invention is to provide a kind of aaa server, uses this aaa server can realize long-distance disaster in the system.
Be first aspect that achieves the above object, the invention provides a kind of method that realizes the network long-distance disaster, this method is provided with the AAA proxy module in network, this AAA proxy module writes down the main address field of local service access equipment and realizes the address field fully of each cross regional business access device of disaster tolerance, and this AAA proxy module detects the running status of local service access device and described each cross regional business access device in real time; The process of user's logging in network may further comprise the steps:
The equipment of distributing IP address in A, the user access network;
The equipment of B, distributing IP address is that the aaa server of this user in network sends authentication request by the AAA proxy module;
After C, aaa server authenticate, authentication result is sent to the AAA proxy module;
D, AAA proxy module are according to the running status of authentication result, local service access device and each cross regional business access device, for the user distributes main address field or is equipped with address field, and the main address field that will distribute or address field and authentication result return to the equipment of distributing IP address fully;
The equipment of E, distributing IP address is from main address field or be equipped with the address field and distribute the address and return to the user for the user.
Wherein, described AAA proxy module can comprise:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
Described AAA proxy module can be set to the AAA acting server separately; Also can be arranged in the aaa server.
The method that the AAA proxy module detects the running status of local service access device and described each cross regional business access device in real time can for:
The AAA proxy module sends the heartbeat exchange request that detects running status to local service access device and described each cross regional business access device in real time;
Local service access device and described each cross regional business access device at equipment operation just often receive that heartbeat exchanges request and promptly returns heartbeat exchange response to the AAA proxy module;
The AAA proxy module is not received the heartbeat exchange response that checkout equipment returns at the fixed time, judges that then this equipment operation is undesired.
The method that the described AAA proxy module of step D distributes main address field or is equipped with address field can comprise:
D1, AAA proxy module judge whether by authentication according to authentication result, if execution in step D2 then; Otherwise will be not the equipment of authentication result by the distributing IP address by authentication return to the user, process ends;
D2, judge whether the running status of local service access device is normal, if then distribute main address field; Otherwise execution in step D3;
D3, from the normal cross regional business access device of running status, select a service access equipment, the address field of this cross regional business access device is distributed as address field fully.
The method of a service access equipment of the described selection of step D3 can for: select at random; Or select by geographical position distance; Or select by the load condition of equipment.
This method may further include:
F, user send service request to the equipment of distributing IP address;
The equipment of G, distributing IP address sends to local routing device with service request;
H, local routing device are routed to the local service access device according to user's IP address or realize the cross regional business access device of disaster tolerance.
If IP address is in main address field, then routing device is routed to the local service access device with it;
If IP address then finds corresponding strange land local service access device according to this address field in being equipped with address field, routing device is routed to this cross regional business access device with it.
When described network was wireless network, the equipment of described distributing IP address was: gprs service gateway node GGSN;
The cross regional business access device of described local service access device and realization disaster tolerance is to be with a kind of equipment: GGSN interface module GIProxy; Or IP gateway; Or WAP gateway.
Be second aspect that achieves the above object, the invention provides a kind of long-distance disaster system, comprise the equipment, routing device, two places of distributing IP address or how service access equipment, aaa server at least; This system further comprises: the AAA proxy module;
The equipment of described AAA proxy module and distributing IP address, two places or how service access equipment link to each other respectively with aaa server;
The AAA proxy module writes down the main address field of local service access equipment and realizes the address field fully of each cross regional business access device of disaster tolerance, and this AAA proxy module detects the running status of local service access device and described each cross regional business access device in real time;
And the AAA proxy module is transmitted the equipment of distributing IP address and the authentication information between the aaa server when user's logging in network, and according to the running status of authentication result, local service access device and each cross regional business access device, with main address field or be equipped with the equipment that address field returns to the distributing IP address;
The equipment of described distributing IP address receives the user and inserts request, and authenticates by AAA proxy module and aaa server, from main address field or distribute the address and return to the user for the user the address field fully;
And the service request that the equipment of distributing IP address receives user's transmission is transmitted to routing device;
Described routing device is routed to the local service access device according to user's IP address or realizes the cross regional business access device of disaster tolerance.
Described AAA proxy module can comprise:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
Described AAA proxy module can be set to the AAA acting server separately; Can be arranged in the aaa server.
When described network was wireless network, the equipment of described distributing IP address was: gprs service gateway node GGSN;
The cross regional business access device of described local service access device and realization disaster tolerance is to be with a kind of equipment: GGSN interface module GIProxy; Or IP gateway; Or WAP gateway.
The 3rd aspect for achieving the above object the invention provides a kind of AAA proxy module, and it comprises:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
The 4th aspect for achieving the above object the invention provides a kind of aaa server, comprises protocol process module, identification processing module, charging processing module at least; It is characterized in that this server further comprises: address assignment module and routine inspection module;
Protocol process module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to the authentication processing mould determines, and in authentication by after identification processing module sends address assignment request to address assignment module, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with the authenticated processing module of address field and return to protocol process module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
As seen from the above technical solutions, the method and the disaster tolerance system of realization network long-distance disaster provided by the invention are provided with the AAA proxy module in network system, this module detects the running status of local service access device and each cross regional business access device in real time, this module during access authentication according to the service access equipment running status, in the informing network equipment of distributing IP address from the main address field of local service access device or cross regional business access device to be equipped with the address field be user's distributing IP address.Like this, when the local service access device was undesired, the equipment of distributing IP address can be user's distributing IP address from the address field fully of cross regional business access device just, just can carry out business by the cross regional business access device.Therefore, such scheme does not need artificial participation, has just realized automatic long-distance disaster, has reduced operation complexity and risk.
AAA proxy module provided by the invention is by protocol adaptation module, address assignment module and routine inspection module, and it uses in the network can realize long-distance disaster.
Comprised aaa server provided by the invention protocol adaptation module, identification processing module, charging processing module, address assignment module and routine inspection module realize that not only the function of aaa server also realizes the function of AAA proxy module, and it uses in the network can realize long-distance disaster.
Description of drawings
Fig. 1 has the network wireless system group network structural representation of using the disaster tolerance ability for prior art;
Fig. 2 is prior art AAA Server internal structure and external annexation schematic diagram;
Fig. 3 is the long-distance disaster system group network structural representation of the present invention's first preferred embodiment;
Fig. 4 is AAA Proxy internal structure in embodiment illustrated in fig. 3 and external annexation schematic diagram;
Fig. 5 is the schematic flow sheet of middle user's logging in network embodiment illustrated in fig. 3 and distributing IP address;
Fig. 6 is internal structure and the external annexation schematic diagram of the AAA Server of the present invention's second preferred embodiment;
Fig. 7 is the long-distance disaster system group network structural representation of the present invention's the 3rd preferred embodiment;
Fig. 8 is the long-distance disaster system group network structural representation of the present invention's the 4th preferred embodiment.
Embodiment
For making purpose of the present invention, technical scheme and advantage clearer, below with reference to accompanying drawing four embodiment that develop simultaneously, the present invention is described in more detail.
The present invention realizes that the method for network long-distance disaster and the main thought of disaster tolerance system are that the AAA proxy module is set in network system, the AAA proxy module can be provided with separately also and can be set in the aaa server.This module detects the running status of local service access device and each cross regional business access device in real time, this module during access authentication according to the service access equipment running status, in the informing network equipment of distributing IP address from the main address field of local service access device or cross regional business access device to be equipped with the address field be user's distributing IP address.
Like this, when the local service access device was undesired, the equipment of distributing IP address can be user's distributing IP address from the address field fully of cross regional business access device, just can carry out business by the cross regional business access device.
AAA proxy module provided by the invention and aaa server all are based on the thought design of above-mentioned realization long-distance disaster.
Below four embodiment are elaborated respectively.
Embodiment one:
Referring to Fig. 3, Fig. 3 is the long-distance disaster system group network structural representation of the present invention's first preferred embodiment.Present embodiment is to have increased the AAA proxy module in the network of prior art shown in Figure 2.As shown in Figure 3, AAA proxy module (AAA Proxy) links to each other respectively with the GGSN interface proxy (GiProxy A) in AAA Server, A city GGSN (GGSNA), B city GGSN (GGSN B), A city, the GGSN interface proxy (GiProxy B) in B city.GiProxy A and GiProxy B are the service access equipment equipment that can backup each other in the present embodiment.
Referring to Fig. 4, Fig. 4 is AAA Proxy internal structure in embodiment illustrated in fig. 3 and external annexation schematic diagram.Wherein, AAA Proxy 410 inside comprise:
After receiving address assignment request, address assignment module 412 sends the orders of requester network equipment state to routine inspection module 413, and the equipment running status that returns according to routine inspection module 413, with main address field or be equipped with address field and return to protocol adaptation module 411.
Referring to Fig. 5, Fig. 5 is the schematic flow sheet of middle user's logging in network embodiment illustrated in fig. 3 and distributing IP address.In this flow process, establish A ground user by GGSN A access network, this flow process may further comprise the steps:
Step 501~502, AAA Proxy surveys the current network equipment running status by keeping the heartbeat exchange with GiProxy A and GiProxy B by AAA Proxy.Concrete process is:
Routine inspection module among the AAA Proxy sends the heartbeat exchange request that detects running status to GiProxy A and GiProxy B in real time;
GiProxy A and GiProxy B at equipment operation just often receive that heartbeat exchanges request and promptly returns heartbeat exchange response to the routine inspection module of AAA Proxy;
The routine inspection module of AAA Proxy is not received the heartbeat exchange response that checkout equipment returns at the fixed time, judges that then GiProxy A or GiProxy B operation is undesired, and adds running status to " service access device status table ".
Step 503, user terminal (MS) are initiated to connect, the GGSN A of login wireless network.
Step 504, the protocol adaptation module of GGSN A in AAA Proxy sends authentication request.
Step 505, the protocol adaptation module among the AAA Proxy is transmitted authentication request to AAA Server.
Step 506, AAA Server authenticates the user, and returns the authentication response that comprises authentication result to the protocol adaptation module of AAA Proxy.
Step 507 if authentication is passed through, then sends address assignment request by the protocol adaptation module among the AAA Proxy to address assignment module.If authentication is not passed through, then direct execution in step 511.
Step 508, address assignment module sends inquiry business access device status command to the routine inspection module, and routine inspection module inquiry business access device state from " service access device status table " returns to address assignment module.
Step 509, address assignment module are distributed the address field of GiProxy A or GiProxy B according to the service access equipment state.
A ground user uses GGSN A access network in this flow process, and then GiProxy A is the local service access device, and GiProxy B is the cross regional business access device, and 10.0.1.1/24 is main address field, and 10.0.3.1/24 is for being equipped with address field.If GiProxy A and GiProxy B are normally promptly available, then distribute the 10.0.1.1/24 address field; If GiProxy A undesired promptly unavailable (delay machine or overload) and GiProxy B is normal, then distributes the 10.0.3.1/24 address field.
Owing to have only GiProxy A and two service access equipment of GiProxy B in the present embodiment, so only from these two address fields, select.The address field of the service access equipment in a plurality of strange lands can be recorded in the address assignment module in the practical application.If local service access equipment is undesired, can from a plurality of cross regional business access devices, select one, its address field is distributed as being equipped with address field.Can select at random, also can select, can also select a cross regional business access device that load is less by the load condition of equipment by the geographical position distance.
Step 510, address assignment module sends to protocol adaptation module among the AAA Proxy with the addresses distributed segment information.
Step 511, the protocol adaptation module among the AAA Proxy sends the authentication response that authentication comprises authentication result to GGSN.If then also comprise the address assignment module addresses distributed segment information of AAA Proxy in this authentication response by authentication.
Step 512, GGSN selects an IP address assignment to give MS from this address field according to this address field information, and return access to MS and reply, if be included as the MS IP address allocated in replying, if, comprise the information that refusal inserts during then this is replied by authentication by authenticating this.
After MS obtained the IP address, the user clicked certain link, visit SP/CP.
User's request is transmitted to Router A by GGSN A, and Router A carries out route according to the IP address of MS.If IP address (GiProxy A is normal) in the 10.0.1.1/24 scope then is transmitted to GiProxy A with user's request and handles; If IP address (GiProxy A is unusual) in the 10.0.3.1/24 scope then is transmitted to GiProxy B with user's request and handles.
Finally, user's request will be transmitted to SP/CP through WAPGW by GiProxy A/B, and SP/CP returns the page by former road, finishes user's the operation that once surfs the web.
As shown in Figure 3:
A ground user uses GGSN A online:
If GiProxy A is normal, then terminal will be assigned with the address in the 10.0.1.1/24 scope, and the browse request message flow is to being 1->2->3->4.
Machine/overload if GiProxy A delays, then terminal will be assigned with the address in the 10.0.3.1/24 scope, and the browse request message flow is to being 1->8->7->4.
B ground user uses GGSN B online:
If GiProxy B is normal, then terminal will be assigned with the address in the 10.0.2.1/24 scope, and the browse request message flow is to being 5->6->7->4.
Machine/overload if GiProxy B delays, then terminal will be assigned with the address in the 10.0.4.1/24 scope, and the browse request message flow is to being 5->9->3->4.
Embodiment two:
In the present embodiment, the function setting of AAA Proxy is in the aaa server, and its network configuration is same as shown in Figure 1, is not giving unnecessary details here.
Below mainly the aaa server in the present embodiment is elaborated.
Referring to Fig. 6, Fig. 6 is internal structure and the external annexation schematic diagram of the AAA Server of the present invention's second preferred embodiment.Wherein AAA Server 610 also comprises except the protocol process module 611 that comprises prior art, identification processing module 612, charging processing module 613: address assignment module 614 and routine inspection module 615;
The AAA Server of present embodiment compares with the AAA Server of prior art, increased and service access equipment 620 between the detection interface, promptly realized routine inspection to service access equipment 620 running statuses.
In addition, the AAA Server of present embodiment has increased address assignment module 614, promptly can dynamically for GGSN distributes available IP address field, and in the authentification of user response message of returning to GGSN, carry this information according to the operating state of service access equipment 620.Like this, GGSN selects IP address assignment to give the user from available IP address field.
Embodiment three:
Present embodiment also is to be provided with the AAA proxy module in network, and its network configuration is referring to Fig. 7, and Fig. 7 is the long-distance disaster system group network structural representation of the present invention's the 3rd preferred embodiment.It in this enforcement IP gateway (GW) long-distance disaster of realizing A/B two cities.
All IP-based data traffic flows all insert by IP gateway, comprising MMS, Streaming Media, FTP, TELNET Business Stream etc., mainly finish and charge and controlled function.Its network connection is similar with embodiment illustrated in fig. 3 one GiProxy disaster tolerance as shown in Figure 7, and just GiProxy A, GiProxyA have changed IP GW A and IP GW B into.Its operation principle also GiProxy disaster tolerance with embodiment one is identical, and those skilled in the art can no longer describe in detail here directly according to the operation principle realization of embodiment one.
Embodiment four:
Present embodiment also is to be provided with the AAA proxy module in network, and its network configuration is referring to Fig. 8, and Fig. 8 is the long-distance disaster system group network structural representation of the present invention's the 4th preferred embodiment.It in this enforcement WAP gateway long-distance disaster of realizing A/B two cities.
Based on the Business Stream of WAP, comprise that WAP browses, MMS, DOWNLOAD etc. insert by WAPGW, mainly finish functions such as protocol conversion and charging, control.Its network connection is similar with embodiment illustrated in fig. 3 one GiProxy disaster tolerance as shown in Figure 8, and just GiProxy A, GiProxy A have changed WAP GW A and WAP GW B into.Its operation principle also GiProxy disaster tolerance with embodiment one is identical, and those skilled in the art can no longer describe in detail here directly according to the operation principle realization of embodiment one.
By the above embodiments as seen, the method and the disaster tolerance system of realization network long-distance disaster provided by the invention do not need artificial participation, have just realized automatic long-distance disaster, have reduced operation complexity and risk.And AAA proxy module provided by the invention and aaa server use in the network can realize long-distance disaster.
Claims (15)
1, a kind of method that realizes the network long-distance disaster, it is characterized in that, this method is provided with the AAA proxy module in network, this AAA proxy module writes down the main address field of local service access equipment and realizes the address field fully of each cross regional business access device of disaster tolerance, and this AAA proxy module detects the running status of local service access device and described each cross regional business access device in real time; The process of user's logging in network may further comprise the steps:
The equipment of distributing IP address in A, the user access network;
The equipment of B, distributing IP address is that the aaa server of this user in network sends authentication request by the AAA proxy module;
After C, aaa server authenticate, authentication result is sent to the AAA proxy module;
D, AAA proxy module are according to the running status of authentication result, local service access device and each cross regional business access device, for the user distributes main address field or is equipped with address field, and the main address field that will distribute or address field and authentication result return to the equipment of distributing IP address fully;
The equipment of E, distributing IP address is from main address field or be equipped with the address field and distribute the address and return to the user for the user.
2, the method for claim 1 is characterized in that, described AAA proxy module comprises:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
3, method as claimed in claim 1 or 2 is characterized in that: described AAA proxy module is set to the AAA acting server separately; Or be arranged in the aaa server.
4, the method for claim 1 is characterized in that, the AAA proxy module to the method that the running status of local service access device and described each cross regional business access device detects is in real time:
The AAA proxy module sends the heartbeat exchange request that detects running status to local service access device and described each cross regional business access device in real time;
Local service access device and described each cross regional business access device at equipment operation just often receive that heartbeat exchanges request and promptly returns heartbeat exchange response to the AAA proxy module;
The AAA proxy module is not received the heartbeat exchange response that checkout equipment returns at the fixed time, judges that then this equipment operation is undesired.
5, the method for claim 1 is characterized in that, the method that the described AAA proxy module of step D distributes main address field or is equipped with address field comprises:
D1, AAA proxy module judge whether by authentication according to authentication result, if execution in step D2 then; Otherwise will be not the equipment of authentication result by the distributing IP address by authentication return to the user, process ends;
D2, judge whether the running status of local service access device is normal, if then distribute main address field; Otherwise execution in step D3;
D3, from the normal cross regional business access device of running status, select a service access equipment, the address field of this cross regional business access device is distributed as address field fully.
6, method as claimed in claim 5 is characterized in that, the method for a service access equipment of the described selection of step D3 is: select at random; Or select by geographical position distance; Or select by the load condition of equipment.
7, the method for claim 1 is characterized in that, this method further comprises:
F, user send service request to the equipment of distributing IP address;
The equipment of G, distributing IP address sends to local routing device with service request;
H, local routing device are routed to the local service access device according to user's IP address or realize the cross regional business access device of disaster tolerance.
8, method as claimed in claim 7 is characterized in that, described step H is: if IP address in main address field, then routing device is routed to the local service access device with it;
If IP address then finds corresponding strange land local service access device according to this address field in being equipped with address field, routing device is routed to this cross regional business access device with it.
As claim 1,2,4,5 or 7 described methods, it is characterized in that 9, when described network was wireless network, the equipment of described distributing IP address was: gprs service gateway node GGSN;
The cross regional business access device of described local service access device and realization disaster tolerance is to be with a kind of equipment: GGSN interface module GIProxy; Or IP gateway; Or WAP gateway.
10, how a kind of long-distance disaster system comprises the equipment, routing device, two places of distributing IP address or service access equipment, aaa server at least; It is characterized in that this system further comprises: the AAA proxy module;
The equipment of described AAA proxy module and distributing IP address, two places or how service access equipment link to each other respectively with aaa server;
The AAA proxy module writes down the main address field of local service access equipment and realizes the address field fully of each cross regional business access device of disaster tolerance, and this AAA proxy module detects the running status of local service access device and described each cross regional business access device in real time;
And the AAA proxy module is transmitted the equipment of distributing IP address and the authentication information between the aaa server when user's logging in network, and according to the running status of authentication result, local service access device and each cross regional business access device, with main address field or be equipped with the equipment that address field returns to the distributing IP address;
The equipment of described distributing IP address receives the user and inserts request, and authenticates by AAA proxy module and aaa server, from main address field or distribute the address and return to the user for the user the address field fully;
And the service request that the equipment of distributing IP address receives user's transmission is transmitted to routing device;
Described routing device is routed to the local service access device according to user's IP address or realizes the cross regional business access device of disaster tolerance.
11, long-distance disaster as claimed in claim 10 system is characterized in that described AAA proxy module comprises:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
12, as claim 10 or 11 described long-distance disaster systems, it is characterized in that: described AAA proxy module is set to the AAA acting server separately; Or be arranged in the aaa server.
13, as claim 10 or 11 described long-distance disaster systems, it is characterized in that when described network was wireless network, the equipment of described distributing IP address was: gprs service gateway node GGSN;
The cross regional business access device of described local service access device and realization disaster tolerance is to be with a kind of equipment: GGSN interface module GIProxy; Or IP gateway; Or WAP gateway.
14, a kind of AAA proxy module is characterized in that it comprises:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
15, a kind of aaa server comprises protocol process module, identification processing module, charging processing module at least; It is characterized in that this server further comprises: address assignment module and routine inspection module;
Protocol process module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to identification processing module, and in authentication by after identification processing module sends address assignment request to address assignment module, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with the authenticated processing module of address field and return to protocol process module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100737885A CN100344128C (en) | 2004-09-10 | 2004-09-10 | Method and system for realizing long-distance disaster, AAA proxy module and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100737885A CN100344128C (en) | 2004-09-10 | 2004-09-10 | Method and system for realizing long-distance disaster, AAA proxy module and server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1747433A true CN1747433A (en) | 2006-03-15 |
CN100344128C CN100344128C (en) | 2007-10-17 |
Family
ID=36166765
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2004100737885A Expired - Fee Related CN100344128C (en) | 2004-09-10 | 2004-09-10 | Method and system for realizing long-distance disaster, AAA proxy module and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100344128C (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100391167C (en) * | 2006-03-20 | 2008-05-28 | 华为技术有限公司 | Service call session control function entity backup method and system thereof |
WO2010051778A1 (en) * | 2008-11-10 | 2010-05-14 | 华为技术有限公司 | Method, system and equipment for disaster recovery |
CN102055605A (en) * | 2009-11-11 | 2011-05-11 | 中兴通讯股份有限公司 | Disaster tolerance system and method applied to AAA (authentication, authorization and accounting) server |
CN101399842B (en) * | 2007-09-28 | 2012-07-04 | 华为技术有限公司 | Method for customer information interaction between WAP gateway and GGSN |
CN109040068A (en) * | 2018-08-02 | 2018-12-18 | 中国联合网络通信集团有限公司 | Strange land authentication method, authentication server and the block chain of broadband user |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6687222B1 (en) * | 1999-07-02 | 2004-02-03 | Cisco Technology, Inc. | Backup service managers for providing reliable network services in a distributed environment |
US6687252B1 (en) * | 2000-06-12 | 2004-02-03 | Telefonaktiebolaget Lm Ericsson (Publ) | Dynamic IP address allocation system and method |
US6795705B1 (en) * | 2000-10-31 | 2004-09-21 | Utstarcom, Inc. | Hot standby protocol for wireless devices |
JP2004032103A (en) * | 2002-06-21 | 2004-01-29 | Ntt Docomo Tokai Inc | Network system and server switching method |
CN1481109A (en) * | 2002-09-03 | 2004-03-10 | 网泰金安信息技术有限公司 | Identity authentication system with dynamic cipher based on wireless transmission platform |
-
2004
- 2004-09-10 CN CNB2004100737885A patent/CN100344128C/en not_active Expired - Fee Related
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100391167C (en) * | 2006-03-20 | 2008-05-28 | 华为技术有限公司 | Service call session control function entity backup method and system thereof |
CN101399842B (en) * | 2007-09-28 | 2012-07-04 | 华为技术有限公司 | Method for customer information interaction between WAP gateway and GGSN |
WO2010051778A1 (en) * | 2008-11-10 | 2010-05-14 | 华为技术有限公司 | Method, system and equipment for disaster recovery |
CN102055605A (en) * | 2009-11-11 | 2011-05-11 | 中兴通讯股份有限公司 | Disaster tolerance system and method applied to AAA (authentication, authorization and accounting) server |
CN102055605B (en) * | 2009-11-11 | 2015-03-04 | 中兴通讯股份有限公司 | Disaster tolerance system and method applied to AAA (authentication, authorization and accounting) server |
CN109040068A (en) * | 2018-08-02 | 2018-12-18 | 中国联合网络通信集团有限公司 | Strange land authentication method, authentication server and the block chain of broadband user |
Also Published As
Publication number | Publication date |
---|---|
CN100344128C (en) | 2007-10-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102209599B1 (en) | Service management method and device | |
CN1965519B (en) | System and method for loadbalancing in a network environment using feedback information | |
KR100464017B1 (en) | Apparatus for packet data radio service serving mobile ip service | |
CN1713623A (en) | Network connection system, network connection method, and switch used therefor | |
CN1902877A (en) | Apparatus and method of controlling unsolicited traffic destined to a wireless communication device | |
CN1894985A (en) | Control decisions in a communication system | |
CN1256053A (en) | Access control method for mobile communications system | |
CN101068201A (en) | Communication structure, access point and method for transmitting data packet | |
CA2765786A1 (en) | An access point, a server and a system for distributing an unlimited number of virtual ieee 802.11 wireless networks through a heterogeneous infrastructure | |
CN101064616A (en) | Network charging method, system and equipment | |
CN1859445A (en) | Mobile terminal IP address distributing method | |
CN1860760A (en) | Means and method for controlling service progression between different domains | |
CN1703877A (en) | Service level allocation for IP networks | |
CN101047950A (en) | Method for allocating default load in 3GPP evolution network | |
CN1913713A (en) | Public data networking access method and system | |
CN1835514A (en) | Management method of broadband access of DHCP customer's terminal mode | |
US8532618B2 (en) | System and method for communications device and network component operation | |
CN1175636C (en) | Mobile communication system and network relation interchange device selection service apparatus and network relation interchange device selection method | |
CN1870636A (en) | Method and system for client redirection | |
US20040218587A1 (en) | Private EV-DO system sharing public network data location register and data service method | |
CN100344128C (en) | Method and system for realizing long-distance disaster, AAA proxy module and server | |
CN1823543A (en) | Service restriction in mobile communication networks | |
CN1622647A (en) | System for transmitting multicast information | |
CN101043410A (en) | Method and system for realizing mobile VPN service | |
CN1545266A (en) | Content switching network system and controlling method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20071017 Termination date: 20130910 |