Background technology
In the communication network that uses the Ethernet technology, multicast service (as course on IP TV Web TV, conferencing over ip television services, the IP network etc.) more and more becomes a kind of general public's service.
Fig. 1 is a kind of typical IP multicast architecture signal, between local router-remote router, use multicast routing protocol, can be DVMRP (distance vector multicast routing protocol), PIM-DM (Protocol Independent Multicast-dense mode) etc., this agreement forms the route forwarding table of multicast according to the interface topological structure that adds multicast group; Between subscriber's main station-local router, use the group membership to concern agreement, as typical IGMP (IGMP), main frame is told local router by this agreement, wish to add and accept the information of certain particular multicast group, whether the member that the while local router is periodically inquired about certain known group in the local area network (LAN) by this agreement is in active state (promptly whether this network segment still has the member who belongs to certain multicast group), to set up and to safeguard directly forming member's relation information of the section of networking of router; In order to suppress the diffusion of group business stream effectively, in the Access Layer two-layer network device, introduced IGMPSnooping/Proxy multicast protocols such as (IGMP snooping/agency) simultaneously at link layer.Access layer network equipment can be that forms such as DSLAM (Digital Subscriber Line access server) 12A, LAN-SWITCH (network switch) 12B are duplicated, distributed so that multicast service to be provided to the user.But the IGMP agreement does not provide the authentification of user function, and the user can optionally add or leave, and causes carrying out the access control of multicast service to the user.
Multicast access control technology is by expanding related protocol, to realize functions such as effective user multicast management.It is the precondition of Virtual network operator developing multicast class business.The multicast access control has multiple implementation, for example: 1), at the expansion of IGMP second edition: IGAP agreement (the Internet group member authentication agreement), as shown in Figure 1, subscriber's main station 10B is carrying out IGMP when communicating by letter with multicast router 13, additional authentication information is provided, is forwarded to certificate server 15 by local router 13 and authenticates, authentication is by then adding multicast group, otherwise it adds application and is left in the basket; 2), RADIUS (service of remote dial authentification of user) Extended Protocol: be characterized in multicast service request being authenticated, and follow the tracks of user's group business stream, provide data to the upper-layer service management equipment at the access device local side.At present, the network access equipment of a new generation, as: BRAS (BAS Broadband Access Server) 14 or DSLAM 12A can provide the multicast access control based on the RADIUS Extended Protocol; And 3), access layer network equipment also can be provided with local multicast authority management, provides multicast service after according to user multicast control message the multicast user being authenticated.
Although it is varied that the multicast access control realizes, with regard to certain multicast service authority that the user enjoyed, usually have only mandate/unauthorized two kinds, define the user with this and whether can obtain this multicast service, and provide multicast service to duplicate, distribute by access layer network equipment.
Yet Virtual network operator needs a kind of effective solution, for the user provides unauthorized preview of multicast service function, to develop the potential network user or further to promote some new multicast services.And at present, generally be to provide by the service provider to comprise the independent preview channel various multicast service contents of (being illustrated as Fig. 1 dotted line); Virtual network operator provides traffic bearer services, and the multicast service authority of open this preview channel is provided for all users.Above-mentioned preview channel broadcasts with the form of circulation advertisement, and along with the renewal of program, the content of this preview channel also needs to upgrade at any time, has increased many workloads such as editing and processing of service provider virtually; In addition, different user has different perpetual objects, and this scheme is that passive form is accepted for the user, is not easy really to accept for the user; What particularly need to pay close attention to is, an independent preview channel, to the Virtual network operator Internet resources are very big wastes, between the router of this preview channel access network carrier network and numerous access layer network equipment, to carry out a large amount of multicast replications, distribution, so, greatly wasted the resource of Virtual network operator.
Summary of the invention
The object of the invention provides a kind of method and device thereof of realizing preview of multicast service.
To achieve these goals, the present invention proposes a kind of method that realizes preview of multicast service, comprising: a), the user initiates multicast service to network access equipment and join request; B), network access equipment is initiated the multicast service authentication; C), to user's unauthorized multicast service request, network access equipment adds the multicast group of multicast forward table correspondence with this user ID, and preview of multicast service is provided; D), the preview time finishes this user ID of deletion from this multicast forward table.
Preferably, in the step c), the unauthorized multicast service request to the user further comprises the preview scope check, and provides preview of multicast service to the user with this preview authority.
Preferably, in the step c), in the preview time, repeat to receive when this unauthorized multicast service of same user joins request, refuse this and join request.
Preferably, the further recording user of step c) is authorized the preview of multicast service number of times to this, and this multicast service of user that the preview number of times is surpassed certain preview number of times joins request, no longer response.
The invention allows for a kind of network access equipment that preview of multicast service is provided, described network access equipment basis is from user side multicast service request message, the network side group business stream is offered the request user, comprise: multicast protocol processing unit: join request according to user multicast service, and initiation multicast authentication request, unauthorized multicast service request to the user, the multicast group that this user ID is added the multicast forward table correspondence, preview of multicast service is provided, and finishes this user ID of back deletion in the preview time; The multicast authentication unit: according to the multicast authentication solicited message of multicast protocol processing unit, the multicast service authority that the user is asked authenticates.
Preferably, the multicast authentication unit joins request to user's unauthorized multicast service, further check the preview authority, the multicast protocol processing unit will have the multicast group of the user totem information adding multicast forward table correspondence of preview authority, so that preview of multicast service to be provided.
Preferably, the multicast protocol processing unit repeats to receive when this unauthorized multicast service of same user joins request in the preview time, refuses this and join request.
Preferably, the further recording user of multicast protocol processing unit is to this preview of multicast service number of times, the preview number of times is surpassed certain preview number of times the unauthorized multicast service of user join request no longer response.
Preferably, the multicast protocol processing unit preview number of times in a period of time is surpassed certain preview number of times the unauthorized multicast service of user join request no longer response.
Preferably, above-mentioned multicast authentication unit can be the client terminal device of remote authentication server, and it sends the multicast service authentication request to remote authentication server, and receives its authentication result.
The invention allows for a kind of multicast service authenticate device that preview of multicast service is provided, comprising: the multicast authority table: comprise the user profile that is used for multicast authentication, unauthorized preview of multicast service authority information; Authentication control unit: receive multicast service authentication request,, and return the relevant authentication result if unauthorized multicast service request is further checked this preview of multicast service authority from the user.
Preferably, the further recording user of authentication control unit is to this unauthorized preview of multicast service number of times, the preview number of times surpassed the joining request of this multicast service of user of certain preview number of times, refuses this and joins request.
Preferably, authentication control unit surpasses the joining request of this multicast service of user of certain preview number of times to preview number of times in a period of time, refuse this and join request.
Preferably, above-mentioned multicast service authenticate device further comprises timing unit, and the multicast authority table further comprises the preview time, and timing unit is user multicast service preview timing, and the triggering authentication control unit produces preview end dependent instruction.
The invention allows for a kind of multicast authentication server, this multicast authentication server comprises the protocol massages receiving element: receive the multicast service request information from the network equipment of being managed; Above-mentioned multicast service authenticate device: be used to realize comprising the multicast service authentication of preview of multicast service inspection, and produce preview control information or parameter; Protocol massages transmitting element: notify the network equipment of being managed with preview control information or parameter.
The inventive method and device thereof, for Virtual network operator, provide unauthorized preview of multicast service to the user, independent occupied bandwidth is to network traffics build-up of pressure not, save a large amount of Internet resources, simultaneously, can attract more subscriber to joining multicast service, under existing network architecture, cost does not almost increase with the present corresponding network equipment, only needs software to increase the preview controlling mechanism; For the service provider, help the popularization of new business, independent preview channel need not be provided again and save a large amount of costs of manufacture for it; For the user, have unauthorized preview of multicast service authority, can really make the user finally obtain interested network service.
Embodiment
Below in conjunction with accompanying drawing, preferred implementation of the present invention is described in detail.
Fig. 2 is an example with access network device DSLAM, has illustrated its multicast service to handle structure, and in conjunction with the object of the invention, we are explained as follows it:
Some user interface section 20A......20N for the user provides the various ways business interface, as ADSL, VDSL, LAN etc., with the multicast service request message of reception from the user, and provide the group business stream of being asked;
And uplink network interface unit 22A....22N as multiple Ethernet interface forms such as 10/100Base-Tx, 100Base-Fx and GE, receives the descending group business stream of network side, and relevant up multicast service request, multicast authentication request;
And, multicast protocol processing unit 23, it has IGMP Proxy or Snoop multicast protocol disposal ability, the basic principle of IGMP SNOOP agreement is the IGMP Report Message that is sent to the multicast router (not shown) by the listen for user terminal, form multicast forward table 24, this table record the corresponding relation of user totem information and multicast group, as: the corresponding relation of the media access control layer of user terminal (MAC) address and multicast ip address also can be other user ID form; IGMP Proxy agreement realizes and IGMPSNOOP agreement identical function, but mechanism is different: IGMP SNOOP just obtains for information about by the message of intercepting IGMP, the IGMP request that IGMP Proxy has then tackled user's terminal is gone forward side by side after line correlation handles, and again it is transmitted to multicast router.
And crosspoint 21 is for providing exchanges data between each user interface section, the network interface unit; And will receive that according to this multicast forward table 24 group business stream is given to the multicast member user.
DSLAM can further include multicast authentication device 25, and it receives the authentication request information from multicast protocol processing unit 23, perhaps realizes the multicast service authentication by this locality; Perhaps this multicast authentication device 25 is as the client terminal device of remote authentication server, authentication information is sent to remote authentication server realize the multicast service authentication, the BRAS server that for example has aaa functionality, finish multicast authentication by BRAS, and authentication result returned to multicast protocol processing unit 23, to form multicast forward table 24.
Fig. 3 A has illustrated to be described in detail a kind of user multicast service request, authentication adition process below in conjunction with DSLAM structure shown in Figure 2:
At first, before carrying out multicast service request, set up a PPP/PPPoE session earlier between user terminal 10A and the access device DSLAM 12A, this session can be used as the unicast service purposes.
Secondly, at step S301, user terminal 10A sends the message that adds certain specific multicast service, for example IGMP Join (adding) message to DSLAM 12A.
Next, at step S302, S303, as previously mentioned, DSLAM 12A multicast protocol processing unit 23 has been realized the function of IGMP Proxy, after certain specific multicast service message of adding that its terminal 10A that obtains the user sends, it initiates authentication request to multicast authentication device 25, and this multicast authentication device can be finished the multicast service authentication by local authentication, also can pass through by remote authentication server, and the return authentication result.
Next, at step S304, after authentication is passed through, the multicast router (not shown) of DSLAM 12A multicast protocol processing unit 23 in network sends IGMP Join message, and the multicast group that this user ID adds multicast forward table 24 correspondences (be should be noted that, the multicast group that this step only asks to insert the user does not just need when arriving DSLAM, if multicast data flow has arrived DSLAM then has not needed, before in step 301, there has been user terminal receiving this multicast data flow, at this moment, after authentication was passed through, the multicast group that only needs this user profile to be added multicast forward table 24 correspondences got final product)
Next, at step S305, multicast router sends this group business stream to DSLAM 12A;
Next, at step S306, DSLAM 12A duplicates this group business stream according to multicast forward table 24 to this user.
Fig. 3 B is the process that multicast service request that the present invention realizes, preview provide, and is described in detail below in conjunction with DSLAM structure shown in Figure 2, and different is with Fig. 3 A:
If step S303 multicast authentication device 25 returns multicast service authentification failure message, promptly the multicast service of this user's request is non-mandate multicast service, multicast protocol processing unit 23 will be still multicast router in network for example send the multicast group that IGMP Join message (step S304) and this user ID add multicast forward table 24 correspondences, for this user provides preview of multicast service (be equivalent to is open all the unauthorized preview of multicast service authorities of user).
Next, step S306, crosspoint 21 duplicates this multicast data flow according to multicast forward table 24 to this user; Multicast protocol processing unit 23 is the preview timing.
Next, step S307 is after the preview time finishes, and perhaps user's request is left in the preview time, and multicast protocol processing unit 23 is deleted this user profile from the corresponding multicast group of multicast forward table, and group business stream stops thereupon;
As the another kind of execution mode of above-mentioned steps S303, DSLAM finishes the multicast service authentication in local authentication, multicast authentication device 25 disposes a user multicast power table for the user that DSLAM connected, and this table further comprises the preview authority configuration to unauthorized multicast service; User to the multicast service authentification failure checks further whether this user has the preview authority, whether multicast protocol processing unit 23 adds multicast forward table 24 corresponding multicast group with this user profile according to above-mentioned preview scope check decision, and the multicast router in network sends IGMP Join message;
As the another kind of execution mode of above-mentioned steps S303, if adopt the remote authentication mode, multicast authentication unit 25 is as just the client of remote authentication server, the multicast service authentication, move to remote authentication server in the inspection of preview authority, certificate server then carries out the preview scope check behind the multicast service authentification failure, return the multicast authentication unit 25 that this multicast service authentication dependent instruction information is given DSLAM by it, its relevant information can be: the multicast request authentication result, having or not of preview authority, information such as preview time parameter, whether multicast protocol processing unit 23 adds the corresponding multicast group of multicast forward table with this user profile according to above-mentioned information decision, and whether decision carries out timing for multicast preview in step S306 subsequently, the preview time finishes back termination preview in S307.
As the another kind of execution mode of above-mentioned steps S303, centralized management convenience for whole multi-cast system, remote authentication server can be concentrated the multicast service authentication, the preview scope check, all controlled function such as preview time check, remote authentication server has the ability that the multicast member of the network equipment of being managed is controlled, as: notice DSLAM or LAN SWITCH multicast protocol processing unit 23 add the corresponding multicast group of multicast forward table with user profile, or from the corresponding multicast group of multicast forward table, delete, so also can provide the preview of multicast service function for the user.
As further improvement of the present invention, in the preview time, DSLAM 12A multicast protocol processing unit 23 or the remote authentication server of carrying out the control of preview time repeat to receive when same user's unauthorized multicast service joins request, refuse this request, thereby prevent same user this program of preview repeatedly;
As further improvement of the present invention, the preview scope check can be set and allow the restriction of user to this unauthorized preview of multicast service total degree; When the multicast service of receiving the user joins request, judge at first whether this multicast service allows this user's preview, judge further more whether this user multicast service preview number of times has been lower than above-mentioned set point, if condition satisfies, allow the user to insert this business channels, otherwise, no longer allow the preview authority of user's preview or cancellation user this multicast service.When each preview of multicast service provides beginning or finishes, upgrade the user to this preview of multicast service relative recording, as the increase of preview number of times once, preserve this user's preview historical record so that just can control the user in a period of time (as one day or a week) to this unauthorized preview of multicast service number of times.
Fig. 4 is that multicast service authenticate device of the present invention is realized schematic diagram, and this device comprises:
Multicast authority table 41: it records the user profile that is used for multicast authentication, the multicast service of authorizing access, this multicast authority table can be configured, revise by network management interface, according to one of inventive concept, this table further provides preview authority list item, and unauthorized multicast service be may be selected to be the open preview authority of user;
Authentication control unit 40: the information that provides according to the multicast service authentication request, examine with the user profile in the multicast authority table 41, and whether the multicast service of checking this user's request is authorized to, if unauthorized multicast service, it checks further whether this user has the preview authority of this multicast service, and produces the relevant authentication result.
Further, this multicast service authenticate device can carry out the control of preview number of times, multicast authority table 41 can further be provided with: allow the restriction of this unauthorized multicast service channel total degree of user's preview, authentication control unit is in each this preview of multicast service of affirmation, upgrade the user to this unauthorized preview of multicast service number of times, surpass the restriction of the total degree of multicast authority table setting when this multicast service number of times of user's preview, cancel the preview authority of this user, join request to refuse this to this multicast service; In addition, authentication control unit each confirm this preview of multicast service in, upgrade the user to this unauthorized preview of multicast service number of times and preserve the preview relative recording so just can control the user in a period of time (as one day or a week) to this unauthorized preview of multicast service number of times;
Further, this multicast service authenticate device can carry out the control of preview time, and above-mentioned multicast authority table 41 can further record: the preview time that this unauthorized multicast service allowed; The multicast service authenticate device further comprises timing unit 42, in case multicast service request side (multicast protocol unit 23 as shown in Figure 2) is informed with the preview confirmation in authentication processing unit 40, this timing unit begins to be this user multicast service preview timing, and the 40 generation preview END instructions in timing end trigger authentication processing unit.
Multicast service authenticate device of the present invention also can be to realize that the network equipment of being managed is carried out multicast preview control on remote authentication server, it is by the multicast service request information of related protocol message receiving element reception from the network equipment of being managed, carry out the function of above-mentioned multicast service authenticate device, produce preview control information or parameter.And the network equipment of preview control information or parameter notice being managed by the related protocol packet sending unit;
Although above-mentioned being illustrated as the invention provides some embodiment; be not to be used for limiting protection scope of the present invention; the professional in present technique field can carry out various modifications to embodiment under the prerequisite that does not depart from the scope of the present invention with spirit, this modification all belongs in the scope of the present invention.