CN1747433A - Method and system for realizing long-distance disaster, AAA proxy module and server - Google Patents

Method and system for realizing long-distance disaster, AAA proxy module and server Download PDF

Info

Publication number
CN1747433A
CN1747433A CN200410073788.5A CN200410073788A CN1747433A CN 1747433 A CN1747433 A CN 1747433A CN 200410073788 A CN200410073788 A CN 200410073788A CN 1747433 A CN1747433 A CN 1747433A
Authority
CN
China
Prior art keywords
address
access device
module
equipment
address field
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200410073788.5A
Other languages
Chinese (zh)
Other versions
CN100344128C (en
Inventor
于泽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2004100737885A priority Critical patent/CN100344128C/en
Publication of CN1747433A publication Critical patent/CN1747433A/en
Application granted granted Critical
Publication of CN100344128C publication Critical patent/CN100344128C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

AAA proxy module is set in network, and is used to detect state of service access device, and then informs the ip assigning unit to assign ip address for user from main address field of local access device or each address field of remote accesses device. When the local accesses device is failure, the ip assigning unit can assign ip address in address field of remote access device to user, and use remote accesses device to execute operation.

Description

Realize method and system and the AAA proxy module and the server of long-distance disaster
Technical field
The present invention relates to the treatment technology of network, particularly realize method and disaster tolerance system and the AAA proxy module and the aaa server of network long-distance disaster catastrophic event.
Background technology
Long-distance disaster is by setting up and safeguard a standby system in the strange land, utilizing separation physically to guarantee the defensive ability/resistance ability of network system to catastrophic event.Disaster tolerance system is meant provides the network system of using the disaster tolerance ability.Using disaster tolerance is the more senior ability of disaster tolerance system, is meant in the strange land to set up the complete back-up application system of a cover, can backup each other with local application system, also can with local application system co-operation.After disaster occurred, the remote application system took over or bears the service operation of local application system rapidly.
At present, two or more network equipments that disaster tolerance system normally is deployed in different regions are set to mutual backup, when certain network system breaks down, by manual configuration, the business of the former network equipment are switched on the backup network equipment in strange land.
For example, the long-distance disaster of Radio Network System adopts said method to realize.Referring to Fig. 1, Fig. 1 has the network wireless system group network structural representation of using the disaster tolerance ability for prior art.Comprised the network in A and two cities of B in the network of Fig. 1, having comprised: the GGSN interface proxy (GiProxy A) in A city gprs service gateway node (GGSNA), B city gprs service gateway node (GGSN B), aaa server (AAA Server), A city router (Router A), B city router (Router B), A city, GGSN interface proxy (GiProxy B), WAP (wireless access protocol) gateway (WAPGW) and the service provider/content supplier (SP/CP) in B city.
Wherein, GGSN: be responsible for user's distributing IP address.
AAA Server: receive authentication, the bag that charges that GGSN sends, finish authentication, authentication and billing function to the Internet user.
Referring to Fig. 2, Fig. 2 is prior art AAA Server internal structure and external annexation schematic diagram.Comprise among the AAA Server 210:
Radius protocol processing module 211: the main communication of being responsible for external entity, adopt the RADIUS message interface.
Identification processing module 212: finish authentication and authentication to user identity.If the user is the black list user, or User Status is illegal etc., will cause authentification of user not pass through, and user's logging request is rejected.
Charging processing module 213: after user's logging in network and authentication are passed through, GGSN 200 can send to charge and begin bag (Accounting Start) to AAAServer 210, create user conversation by AAA Server 210, and the processing of chargeing, transmit charging to the network equipment simultaneously and begin bag, so that the network equipment is preserved the corresponding relation of subscriber phone number and IP address; During user offline, GGSN 200 can send charging end packet (Accounting Stop) to AAAServer 210, AAA Server 210 deletion user conversations, and the sign charging finishes.
AAA Server 210 links to each other by radius protocol processing module 211 respectively with GGSN 200, service access equipment 220.
Among Fig. 1, SP/CP: the user can enjoy the WAP service that is provided by SP/CP by WAP terminal login GPRS network;
WAP gateway (WAPGW): function such as conversion, the terminal of mainly finishing wap protocol and http protocol is adaptive, access control;
GiProxy: when the user reached the standard grade, GiProxy and AAA Server carried out interacting message, and the information so that the preservation user reaches the standard grade comprises the corresponding relation of IP address and phone number etc.When the user initiated the WAP browse request, GGSN issued outside WAPGW, SP/CP by GiProxy with request, is used for transmitting user profile, carries out subscription authentication etc.GiProxy can close with WAP gateway and establish, and also can build respectively.GiProxy is the only way which must be passed that the user surfs the Net;
Router: router customizes different routing policies (routing table), to finish the route of message in the heterogeneous networks inter-entity.
Among Fig. 1 because GiProxy is a kind of network key entity, so GiProxy A and GiProxyB can backup each other, to guarantee that when the provincialism disaster occurring host apparatus can switch to stand-by equipment rapidly, and then the assurance business is not interrupted.
Suppose portable terminal (MS) user by GGSN A online, when all devices just often, user's message flow is to being: 1->2->3->4; When detecting GiProxy A, GGSN A do not have response, be that the GiProxy on A ground is when delaying machine, by the manual allocation list of revising GGSN A, the message of issuing GiiProxy A all transferred to issue GiProxy B, then user's message flow to this is: 1->8->7->4 guarantee that like this customer service can continue to carry out.
By above-mentioned example as seen, though the backup of prior art remote system can realize long-distance disaster, this technology must realize by the manual allocation list of revising GGSN, needs artificially to participate in, and has certain complexity and risk.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method that realizes the network long-distance disaster, reduces the long-distance disaster operation complexity.
Another main purpose of the present invention is to provide a kind of long-distance disaster system, and this system can realize automatic long-distance disaster.
The 3rd purpose of the present invention is to provide a kind of AAA proxy module, and this module is used for network system and realizes long-distance disaster.
The 4th purpose of the present invention is to provide a kind of aaa server, uses this aaa server can realize long-distance disaster in the system.
Be first aspect that achieves the above object, the invention provides a kind of method that realizes the network long-distance disaster, this method is provided with the AAA proxy module in network, this AAA proxy module writes down the main address field of local service access equipment and realizes the address field fully of each cross regional business access device of disaster tolerance, and this AAA proxy module detects the running status of local service access device and described each cross regional business access device in real time; The process of user's logging in network may further comprise the steps:
The equipment of distributing IP address in A, the user access network;
The equipment of B, distributing IP address is that the aaa server of this user in network sends authentication request by the AAA proxy module;
After C, aaa server authenticate, authentication result is sent to the AAA proxy module;
D, AAA proxy module are according to the running status of authentication result, local service access device and each cross regional business access device, for the user distributes main address field or is equipped with address field, and the main address field that will distribute or address field and authentication result return to the equipment of distributing IP address fully;
The equipment of E, distributing IP address is from main address field or be equipped with the address field and distribute the address and return to the user for the user.
Wherein, described AAA proxy module can comprise:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
Described AAA proxy module can be set to the AAA acting server separately; Also can be arranged in the aaa server.
The method that the AAA proxy module detects the running status of local service access device and described each cross regional business access device in real time can for:
The AAA proxy module sends the heartbeat exchange request that detects running status to local service access device and described each cross regional business access device in real time;
Local service access device and described each cross regional business access device at equipment operation just often receive that heartbeat exchanges request and promptly returns heartbeat exchange response to the AAA proxy module;
The AAA proxy module is not received the heartbeat exchange response that checkout equipment returns at the fixed time, judges that then this equipment operation is undesired.
The method that the described AAA proxy module of step D distributes main address field or is equipped with address field can comprise:
D1, AAA proxy module judge whether by authentication according to authentication result, if execution in step D2 then; Otherwise will be not the equipment of authentication result by the distributing IP address by authentication return to the user, process ends;
D2, judge whether the running status of local service access device is normal, if then distribute main address field; Otherwise execution in step D3;
D3, from the normal cross regional business access device of running status, select a service access equipment, the address field of this cross regional business access device is distributed as address field fully.
The method of a service access equipment of the described selection of step D3 can for: select at random; Or select by geographical position distance; Or select by the load condition of equipment.
This method may further include:
F, user send service request to the equipment of distributing IP address;
The equipment of G, distributing IP address sends to local routing device with service request;
H, local routing device are routed to the local service access device according to user's IP address or realize the cross regional business access device of disaster tolerance.
If IP address is in main address field, then routing device is routed to the local service access device with it;
If IP address then finds corresponding strange land local service access device according to this address field in being equipped with address field, routing device is routed to this cross regional business access device with it.
When described network was wireless network, the equipment of described distributing IP address was: gprs service gateway node GGSN;
The cross regional business access device of described local service access device and realization disaster tolerance is to be with a kind of equipment: GGSN interface module GIProxy; Or IP gateway; Or WAP gateway.
Be second aspect that achieves the above object, the invention provides a kind of long-distance disaster system, comprise the equipment, routing device, two places of distributing IP address or how service access equipment, aaa server at least; This system further comprises: the AAA proxy module;
The equipment of described AAA proxy module and distributing IP address, two places or how service access equipment link to each other respectively with aaa server;
The AAA proxy module writes down the main address field of local service access equipment and realizes the address field fully of each cross regional business access device of disaster tolerance, and this AAA proxy module detects the running status of local service access device and described each cross regional business access device in real time;
And the AAA proxy module is transmitted the equipment of distributing IP address and the authentication information between the aaa server when user's logging in network, and according to the running status of authentication result, local service access device and each cross regional business access device, with main address field or be equipped with the equipment that address field returns to the distributing IP address;
The equipment of described distributing IP address receives the user and inserts request, and authenticates by AAA proxy module and aaa server, from main address field or distribute the address and return to the user for the user the address field fully;
And the service request that the equipment of distributing IP address receives user's transmission is transmitted to routing device;
Described routing device is routed to the local service access device according to user's IP address or realizes the cross regional business access device of disaster tolerance.
Described AAA proxy module can comprise:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
Described AAA proxy module can be set to the AAA acting server separately; Can be arranged in the aaa server.
When described network was wireless network, the equipment of described distributing IP address was: gprs service gateway node GGSN;
The cross regional business access device of described local service access device and realization disaster tolerance is to be with a kind of equipment: GGSN interface module GIProxy; Or IP gateway; Or WAP gateway.
The 3rd aspect for achieving the above object the invention provides a kind of AAA proxy module, and it comprises:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
The 4th aspect for achieving the above object the invention provides a kind of aaa server, comprises protocol process module, identification processing module, charging processing module at least; It is characterized in that this server further comprises: address assignment module and routine inspection module;
Protocol process module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to the authentication processing mould determines, and in authentication by after identification processing module sends address assignment request to address assignment module, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with the authenticated processing module of address field and return to protocol process module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
As seen from the above technical solutions, the method and the disaster tolerance system of realization network long-distance disaster provided by the invention are provided with the AAA proxy module in network system, this module detects the running status of local service access device and each cross regional business access device in real time, this module during access authentication according to the service access equipment running status, in the informing network equipment of distributing IP address from the main address field of local service access device or cross regional business access device to be equipped with the address field be user's distributing IP address.Like this, when the local service access device was undesired, the equipment of distributing IP address can be user's distributing IP address from the address field fully of cross regional business access device just, just can carry out business by the cross regional business access device.Therefore, such scheme does not need artificial participation, has just realized automatic long-distance disaster, has reduced operation complexity and risk.
AAA proxy module provided by the invention is by protocol adaptation module, address assignment module and routine inspection module, and it uses in the network can realize long-distance disaster.
Comprised aaa server provided by the invention protocol adaptation module, identification processing module, charging processing module, address assignment module and routine inspection module realize that not only the function of aaa server also realizes the function of AAA proxy module, and it uses in the network can realize long-distance disaster.
Description of drawings
Fig. 1 has the network wireless system group network structural representation of using the disaster tolerance ability for prior art;
Fig. 2 is prior art AAA Server internal structure and external annexation schematic diagram;
Fig. 3 is the long-distance disaster system group network structural representation of the present invention's first preferred embodiment;
Fig. 4 is AAA Proxy internal structure in embodiment illustrated in fig. 3 and external annexation schematic diagram;
Fig. 5 is the schematic flow sheet of middle user's logging in network embodiment illustrated in fig. 3 and distributing IP address;
Fig. 6 is internal structure and the external annexation schematic diagram of the AAA Server of the present invention's second preferred embodiment;
Fig. 7 is the long-distance disaster system group network structural representation of the present invention's the 3rd preferred embodiment;
Fig. 8 is the long-distance disaster system group network structural representation of the present invention's the 4th preferred embodiment.
Embodiment
For making purpose of the present invention, technical scheme and advantage clearer, below with reference to accompanying drawing four embodiment that develop simultaneously, the present invention is described in more detail.
The present invention realizes that the method for network long-distance disaster and the main thought of disaster tolerance system are that the AAA proxy module is set in network system, the AAA proxy module can be provided with separately also and can be set in the aaa server.This module detects the running status of local service access device and each cross regional business access device in real time, this module during access authentication according to the service access equipment running status, in the informing network equipment of distributing IP address from the main address field of local service access device or cross regional business access device to be equipped with the address field be user's distributing IP address.
Like this, when the local service access device was undesired, the equipment of distributing IP address can be user's distributing IP address from the address field fully of cross regional business access device, just can carry out business by the cross regional business access device.
AAA proxy module provided by the invention and aaa server all are based on the thought design of above-mentioned realization long-distance disaster.
Below four embodiment are elaborated respectively.
Embodiment one:
Referring to Fig. 3, Fig. 3 is the long-distance disaster system group network structural representation of the present invention's first preferred embodiment.Present embodiment is to have increased the AAA proxy module in the network of prior art shown in Figure 2.As shown in Figure 3, AAA proxy module (AAA Proxy) links to each other respectively with the GGSN interface proxy (GiProxy A) in AAA Server, A city GGSN (GGSNA), B city GGSN (GGSN B), A city, the GGSN interface proxy (GiProxy B) in B city.GiProxy A and GiProxy B are the service access equipment equipment that can backup each other in the present embodiment.
Referring to Fig. 4, Fig. 4 is AAA Proxy internal structure in embodiment illustrated in fig. 3 and external annexation schematic diagram.Wherein, AAA Proxy 410 inside comprise:
Protocol adaptation module 411 realizes protocol conversion: adopt the RADIUS message interface to realize and the communicating by letter of external equipment by radius protocol usually.And receive the authentication request that GGSN A 400 sends, and this authentication request being transmitted to aaa server 420, and sending address assignment request by the back to address assignment module 412 in authentication, the address field that address assignment module 412 is returned sends to GGAN A 400.
Address assignment module 412, the address field of record GiProxy A 430 and GiProxy B 430.Be respectively to the address field of GiProxy A 430 and GiProxy B 430 by Router A in the present embodiment: 10.0.1.1/24 address field and 10.0.3.1/24 address field.Be respectively to the address field of GiProxy B430 and GiProxy A 430 by Router B: 10.0.2.1/24 address field and 10.0.4.1/24 address field.
After receiving address assignment request, address assignment module 412 sends the orders of requester network equipment state to routine inspection module 413, and the equipment running status that returns according to routine inspection module 413, with main address field or be equipped with address field and return to protocol adaptation module 411.
Routine inspection module 413, link to each other with GiProxy B 430 with GiProxy A 430, in real time the running status to this GiProxy A 430 and GiProxy B 430 detects, and according to determine 412 querying command of address assignment mould the GiProxy A 430 that detects and the running status of GiProxy B 430 is returned to address assignment module 412.
Referring to Fig. 5, Fig. 5 is the schematic flow sheet of middle user's logging in network embodiment illustrated in fig. 3 and distributing IP address.In this flow process, establish A ground user by GGSN A access network, this flow process may further comprise the steps:
Step 501~502, AAA Proxy surveys the current network equipment running status by keeping the heartbeat exchange with GiProxy A and GiProxy B by AAA Proxy.Concrete process is:
Routine inspection module among the AAA Proxy sends the heartbeat exchange request that detects running status to GiProxy A and GiProxy B in real time;
GiProxy A and GiProxy B at equipment operation just often receive that heartbeat exchanges request and promptly returns heartbeat exchange response to the routine inspection module of AAA Proxy;
The routine inspection module of AAA Proxy is not received the heartbeat exchange response that checkout equipment returns at the fixed time, judges that then GiProxy A or GiProxy B operation is undesired, and adds running status to " service access device status table ".
Step 503, user terminal (MS) are initiated to connect, the GGSN A of login wireless network.
Step 504, the protocol adaptation module of GGSN A in AAA Proxy sends authentication request.
Step 505, the protocol adaptation module among the AAA Proxy is transmitted authentication request to AAA Server.
Step 506, AAA Server authenticates the user, and returns the authentication response that comprises authentication result to the protocol adaptation module of AAA Proxy.
Step 507 if authentication is passed through, then sends address assignment request by the protocol adaptation module among the AAA Proxy to address assignment module.If authentication is not passed through, then direct execution in step 511.
Step 508, address assignment module sends inquiry business access device status command to the routine inspection module, and routine inspection module inquiry business access device state from " service access device status table " returns to address assignment module.
Step 509, address assignment module are distributed the address field of GiProxy A or GiProxy B according to the service access equipment state.
A ground user uses GGSN A access network in this flow process, and then GiProxy A is the local service access device, and GiProxy B is the cross regional business access device, and 10.0.1.1/24 is main address field, and 10.0.3.1/24 is for being equipped with address field.If GiProxy A and GiProxy B are normally promptly available, then distribute the 10.0.1.1/24 address field; If GiProxy A undesired promptly unavailable (delay machine or overload) and GiProxy B is normal, then distributes the 10.0.3.1/24 address field.
Owing to have only GiProxy A and two service access equipment of GiProxy B in the present embodiment, so only from these two address fields, select.The address field of the service access equipment in a plurality of strange lands can be recorded in the address assignment module in the practical application.If local service access equipment is undesired, can from a plurality of cross regional business access devices, select one, its address field is distributed as being equipped with address field.Can select at random, also can select, can also select a cross regional business access device that load is less by the load condition of equipment by the geographical position distance.
Step 510, address assignment module sends to protocol adaptation module among the AAA Proxy with the addresses distributed segment information.
Step 511, the protocol adaptation module among the AAA Proxy sends the authentication response that authentication comprises authentication result to GGSN.If then also comprise the address assignment module addresses distributed segment information of AAA Proxy in this authentication response by authentication.
Step 512, GGSN selects an IP address assignment to give MS from this address field according to this address field information, and return access to MS and reply, if be included as the MS IP address allocated in replying, if, comprise the information that refusal inserts during then this is replied by authentication by authenticating this.
After MS obtained the IP address, the user clicked certain link, visit SP/CP.
User's request is transmitted to Router A by GGSN A, and Router A carries out route according to the IP address of MS.If IP address (GiProxy A is normal) in the 10.0.1.1/24 scope then is transmitted to GiProxy A with user's request and handles; If IP address (GiProxy A is unusual) in the 10.0.3.1/24 scope then is transmitted to GiProxy B with user's request and handles.
Finally, user's request will be transmitted to SP/CP through WAPGW by GiProxy A/B, and SP/CP returns the page by former road, finishes user's the operation that once surfs the web.
As shown in Figure 3:
A ground user uses GGSN A online:
If GiProxy A is normal, then terminal will be assigned with the address in the 10.0.1.1/24 scope, and the browse request message flow is to being 1->2->3->4.
Machine/overload if GiProxy A delays, then terminal will be assigned with the address in the 10.0.3.1/24 scope, and the browse request message flow is to being 1->8->7->4.
B ground user uses GGSN B online:
If GiProxy B is normal, then terminal will be assigned with the address in the 10.0.2.1/24 scope, and the browse request message flow is to being 5->6->7->4.
Machine/overload if GiProxy B delays, then terminal will be assigned with the address in the 10.0.4.1/24 scope, and the browse request message flow is to being 5->9->3->4.
Embodiment two:
In the present embodiment, the function setting of AAA Proxy is in the aaa server, and its network configuration is same as shown in Figure 1, is not giving unnecessary details here.
Below mainly the aaa server in the present embodiment is elaborated.
Referring to Fig. 6, Fig. 6 is internal structure and the external annexation schematic diagram of the AAA Server of the present invention's second preferred embodiment.Wherein AAA Server 610 also comprises except the protocol process module 611 that comprises prior art, identification processing module 612, charging processing module 613: address assignment module 614 and routine inspection module 615;
Protocol process module 611 communicates with GGSN 600 and service access equipment 620 respectively by radius protocol.And the authentication request of reception GGSN 600 transmissions, this authentication request is transmitted to identification processing module 612, and in authentication by after identification processing module 612 sends address assignment request to address assignment module 614, the address field that address assignment module 614 is returned sends to GGSN 600;
Address assignment module 614 writes down the main address field of local service access equipment 620 and the address field fully of each cross regional business access device 620 of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command to routine inspection module 615, and the equipment running status that returns according to routine inspection module 615, with main address field or be equipped with the authenticated processing module 612 of address field and return to protocol process module 611;
Routine inspection module 615, link to each other with the cross regional business access device 620 of realizing disaster tolerance with local service access device 620, in real time to local service access device 620 with realize that the running status of the cross regional business access device 620 of disaster tolerance detects, and the running status of the service access equipment 620 that detects is returned to address assignment module 614 according to the querying command of address assignment module 614.
The AAA Server of present embodiment compares with the AAA Server of prior art, increased and service access equipment 620 between the detection interface, promptly realized routine inspection to service access equipment 620 running statuses.
In addition, the AAA Server of present embodiment has increased address assignment module 614, promptly can dynamically for GGSN distributes available IP address field, and in the authentification of user response message of returning to GGSN, carry this information according to the operating state of service access equipment 620.Like this, GGSN selects IP address assignment to give the user from available IP address field.
Embodiment three:
Present embodiment also is to be provided with the AAA proxy module in network, and its network configuration is referring to Fig. 7, and Fig. 7 is the long-distance disaster system group network structural representation of the present invention's the 3rd preferred embodiment.It in this enforcement IP gateway (GW) long-distance disaster of realizing A/B two cities.
All IP-based data traffic flows all insert by IP gateway, comprising MMS, Streaming Media, FTP, TELNET Business Stream etc., mainly finish and charge and controlled function.Its network connection is similar with embodiment illustrated in fig. 3 one GiProxy disaster tolerance as shown in Figure 7, and just GiProxy A, GiProxyA have changed IP GW A and IP GW B into.Its operation principle also GiProxy disaster tolerance with embodiment one is identical, and those skilled in the art can no longer describe in detail here directly according to the operation principle realization of embodiment one.
Embodiment four:
Present embodiment also is to be provided with the AAA proxy module in network, and its network configuration is referring to Fig. 8, and Fig. 8 is the long-distance disaster system group network structural representation of the present invention's the 4th preferred embodiment.It in this enforcement WAP gateway long-distance disaster of realizing A/B two cities.
Based on the Business Stream of WAP, comprise that WAP browses, MMS, DOWNLOAD etc. insert by WAPGW, mainly finish functions such as protocol conversion and charging, control.Its network connection is similar with embodiment illustrated in fig. 3 one GiProxy disaster tolerance as shown in Figure 8, and just GiProxy A, GiProxy A have changed WAP GW A and WAP GW B into.Its operation principle also GiProxy disaster tolerance with embodiment one is identical, and those skilled in the art can no longer describe in detail here directly according to the operation principle realization of embodiment one.
By the above embodiments as seen, the method and the disaster tolerance system of realization network long-distance disaster provided by the invention do not need artificial participation, have just realized automatic long-distance disaster, have reduced operation complexity and risk.And AAA proxy module provided by the invention and aaa server use in the network can realize long-distance disaster.

Claims (15)

1, a kind of method that realizes the network long-distance disaster, it is characterized in that, this method is provided with the AAA proxy module in network, this AAA proxy module writes down the main address field of local service access equipment and realizes the address field fully of each cross regional business access device of disaster tolerance, and this AAA proxy module detects the running status of local service access device and described each cross regional business access device in real time; The process of user's logging in network may further comprise the steps:
The equipment of distributing IP address in A, the user access network;
The equipment of B, distributing IP address is that the aaa server of this user in network sends authentication request by the AAA proxy module;
After C, aaa server authenticate, authentication result is sent to the AAA proxy module;
D, AAA proxy module are according to the running status of authentication result, local service access device and each cross regional business access device, for the user distributes main address field or is equipped with address field, and the main address field that will distribute or address field and authentication result return to the equipment of distributing IP address fully;
The equipment of E, distributing IP address is from main address field or be equipped with the address field and distribute the address and return to the user for the user.
2, the method for claim 1 is characterized in that, described AAA proxy module comprises:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
3, method as claimed in claim 1 or 2 is characterized in that: described AAA proxy module is set to the AAA acting server separately; Or be arranged in the aaa server.
4, the method for claim 1 is characterized in that, the AAA proxy module to the method that the running status of local service access device and described each cross regional business access device detects is in real time:
The AAA proxy module sends the heartbeat exchange request that detects running status to local service access device and described each cross regional business access device in real time;
Local service access device and described each cross regional business access device at equipment operation just often receive that heartbeat exchanges request and promptly returns heartbeat exchange response to the AAA proxy module;
The AAA proxy module is not received the heartbeat exchange response that checkout equipment returns at the fixed time, judges that then this equipment operation is undesired.
5, the method for claim 1 is characterized in that, the method that the described AAA proxy module of step D distributes main address field or is equipped with address field comprises:
D1, AAA proxy module judge whether by authentication according to authentication result, if execution in step D2 then; Otherwise will be not the equipment of authentication result by the distributing IP address by authentication return to the user, process ends;
D2, judge whether the running status of local service access device is normal, if then distribute main address field; Otherwise execution in step D3;
D3, from the normal cross regional business access device of running status, select a service access equipment, the address field of this cross regional business access device is distributed as address field fully.
6, method as claimed in claim 5 is characterized in that, the method for a service access equipment of the described selection of step D3 is: select at random; Or select by geographical position distance; Or select by the load condition of equipment.
7, the method for claim 1 is characterized in that, this method further comprises:
F, user send service request to the equipment of distributing IP address;
The equipment of G, distributing IP address sends to local routing device with service request;
H, local routing device are routed to the local service access device according to user's IP address or realize the cross regional business access device of disaster tolerance.
8, method as claimed in claim 7 is characterized in that, described step H is: if IP address in main address field, then routing device is routed to the local service access device with it;
If IP address then finds corresponding strange land local service access device according to this address field in being equipped with address field, routing device is routed to this cross regional business access device with it.
As claim 1,2,4,5 or 7 described methods, it is characterized in that 9, when described network was wireless network, the equipment of described distributing IP address was: gprs service gateway node GGSN;
The cross regional business access device of described local service access device and realization disaster tolerance is to be with a kind of equipment: GGSN interface module GIProxy; Or IP gateway; Or WAP gateway.
10, how a kind of long-distance disaster system comprises the equipment, routing device, two places of distributing IP address or service access equipment, aaa server at least; It is characterized in that this system further comprises: the AAA proxy module;
The equipment of described AAA proxy module and distributing IP address, two places or how service access equipment link to each other respectively with aaa server;
The AAA proxy module writes down the main address field of local service access equipment and realizes the address field fully of each cross regional business access device of disaster tolerance, and this AAA proxy module detects the running status of local service access device and described each cross regional business access device in real time;
And the AAA proxy module is transmitted the equipment of distributing IP address and the authentication information between the aaa server when user's logging in network, and according to the running status of authentication result, local service access device and each cross regional business access device, with main address field or be equipped with the equipment that address field returns to the distributing IP address;
The equipment of described distributing IP address receives the user and inserts request, and authenticates by AAA proxy module and aaa server, from main address field or distribute the address and return to the user for the user the address field fully;
And the service request that the equipment of distributing IP address receives user's transmission is transmitted to routing device;
Described routing device is routed to the local service access device according to user's IP address or realizes the cross regional business access device of disaster tolerance.
11, long-distance disaster as claimed in claim 10 system is characterized in that described AAA proxy module comprises:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
12, as claim 10 or 11 described long-distance disaster systems, it is characterized in that: described AAA proxy module is set to the AAA acting server separately; Or be arranged in the aaa server.
13, as claim 10 or 11 described long-distance disaster systems, it is characterized in that when described network was wireless network, the equipment of described distributing IP address was: gprs service gateway node GGSN;
The cross regional business access device of described local service access device and realization disaster tolerance is to be with a kind of equipment: GGSN interface module GIProxy; Or IP gateway; Or WAP gateway.
14, a kind of AAA proxy module is characterized in that it comprises:
The protocol adaptation module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to aaa server, and sending address assignment request by the back to address assignment module in authentication, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with address field and return to the protocol adaptation module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
15, a kind of aaa server comprises protocol process module, identification processing module, charging processing module at least; It is characterized in that this server further comprises: address assignment module and routine inspection module;
Protocol process module, realize protocol conversion and receive the authentication request that the equipment of distributing IP address sends, this authentication request is transmitted to identification processing module, and in authentication by after identification processing module sends address assignment request to address assignment module, the address field that address assignment module is returned sends to the equipment of distributing IP address;
Address assignment module writes down the main address field of local service access equipment and the address field fully of each cross regional business access device of realizing disaster tolerance; After receiving address assignment request, send inquiry business access device status command, and the equipment running status that returns according to the routine inspection module, with main address field or be equipped with the authenticated processing module of address field and return to protocol process module to the routine inspection module;
The routine inspection module, link to each other with the cross regional business access device of realizing disaster tolerance with the local service access device, in real time the running status of local service access device with the cross regional business access device of realizing disaster tolerance detected, and the service access equipment running status that detects is returned to address assignment module according to the querying command of address assignment module.
CNB2004100737885A 2004-09-10 2004-09-10 Method and system for realizing long-distance disaster, AAA proxy module and server Expired - Fee Related CN100344128C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2004100737885A CN100344128C (en) 2004-09-10 2004-09-10 Method and system for realizing long-distance disaster, AAA proxy module and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2004100737885A CN100344128C (en) 2004-09-10 2004-09-10 Method and system for realizing long-distance disaster, AAA proxy module and server

Publications (2)

Publication Number Publication Date
CN1747433A true CN1747433A (en) 2006-03-15
CN100344128C CN100344128C (en) 2007-10-17

Family

ID=36166765

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2004100737885A Expired - Fee Related CN100344128C (en) 2004-09-10 2004-09-10 Method and system for realizing long-distance disaster, AAA proxy module and server

Country Status (1)

Country Link
CN (1) CN100344128C (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100391167C (en) * 2006-03-20 2008-05-28 华为技术有限公司 Service call session control function entity backup method and system thereof
WO2010051778A1 (en) * 2008-11-10 2010-05-14 华为技术有限公司 Method, system and equipment for disaster recovery
CN102055605A (en) * 2009-11-11 2011-05-11 中兴通讯股份有限公司 Disaster tolerance system and method applied to AAA (authentication, authorization and accounting) server
CN101399842B (en) * 2007-09-28 2012-07-04 华为技术有限公司 Method for customer information interaction between WAP gateway and GGSN
CN109040068A (en) * 2018-08-02 2018-12-18 中国联合网络通信集团有限公司 Strange land authentication method, authentication server and the block chain of broadband user

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6687222B1 (en) * 1999-07-02 2004-02-03 Cisco Technology, Inc. Backup service managers for providing reliable network services in a distributed environment
US6687252B1 (en) * 2000-06-12 2004-02-03 Telefonaktiebolaget Lm Ericsson (Publ) Dynamic IP address allocation system and method
US6795705B1 (en) * 2000-10-31 2004-09-21 Utstarcom, Inc. Hot standby protocol for wireless devices
JP2004032103A (en) * 2002-06-21 2004-01-29 Ntt Docomo Tokai Inc Network system and server switching method
CN1481109A (en) * 2002-09-03 2004-03-10 网泰金安信息技术有限公司 Identity authentication system with dynamic cipher based on wireless transmission platform

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100391167C (en) * 2006-03-20 2008-05-28 华为技术有限公司 Service call session control function entity backup method and system thereof
CN101399842B (en) * 2007-09-28 2012-07-04 华为技术有限公司 Method for customer information interaction between WAP gateway and GGSN
WO2010051778A1 (en) * 2008-11-10 2010-05-14 华为技术有限公司 Method, system and equipment for disaster recovery
CN102055605A (en) * 2009-11-11 2011-05-11 中兴通讯股份有限公司 Disaster tolerance system and method applied to AAA (authentication, authorization and accounting) server
CN102055605B (en) * 2009-11-11 2015-03-04 中兴通讯股份有限公司 Disaster tolerance system and method applied to AAA (authentication, authorization and accounting) server
CN109040068A (en) * 2018-08-02 2018-12-18 中国联合网络通信集团有限公司 Strange land authentication method, authentication server and the block chain of broadband user

Also Published As

Publication number Publication date
CN100344128C (en) 2007-10-17

Similar Documents

Publication Publication Date Title
KR102209599B1 (en) Service management method and device
CN1965519B (en) System and method for loadbalancing in a network environment using feedback information
KR100464017B1 (en) Apparatus for packet data radio service serving mobile ip service
CN1713623A (en) Network connection system, network connection method, and switch used therefor
CN1902877A (en) Apparatus and method of controlling unsolicited traffic destined to a wireless communication device
CN1894985A (en) Control decisions in a communication system
CN1256053A (en) Access control method for mobile communications system
CN101068201A (en) Communication structure, access point and method for transmitting data packet
CA2765786A1 (en) An access point, a server and a system for distributing an unlimited number of virtual ieee 802.11 wireless networks through a heterogeneous infrastructure
CN101064616A (en) Network charging method, system and equipment
CN1859445A (en) Mobile terminal IP address distributing method
CN1860760A (en) Means and method for controlling service progression between different domains
CN1703877A (en) Service level allocation for IP networks
CN101047950A (en) Method for allocating default load in 3GPP evolution network
CN1913713A (en) Public data networking access method and system
CN1835514A (en) Management method of broadband access of DHCP customer's terminal mode
US8532618B2 (en) System and method for communications device and network component operation
CN1175636C (en) Mobile communication system and network relation interchange device selection service apparatus and network relation interchange device selection method
CN1870636A (en) Method and system for client redirection
US20040218587A1 (en) Private EV-DO system sharing public network data location register and data service method
CN100344128C (en) Method and system for realizing long-distance disaster, AAA proxy module and server
CN1823543A (en) Service restriction in mobile communication networks
CN1622647A (en) System for transmitting multicast information
CN101043410A (en) Method and system for realizing mobile VPN service
CN1545266A (en) Content switching network system and controlling method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20071017

Termination date: 20130910