WO2007009367A1 - A method for duplicate address detection in the two-layer access network supporting ipv6 and a system thereof - Google Patents

A method for duplicate address detection in the two-layer access network supporting ipv6 and a system thereof Download PDF

Info

Publication number
WO2007009367A1
WO2007009367A1 PCT/CN2006/001708 CN2006001708W WO2007009367A1 WO 2007009367 A1 WO2007009367 A1 WO 2007009367A1 CN 2006001708 W CN2006001708 W CN 2006001708W WO 2007009367 A1 WO2007009367 A1 WO 2007009367A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
network
user
request message
network node
Prior art date
Application number
PCT/CN2006/001708
Other languages
French (fr)
Chinese (zh)
Inventor
Haibo Wen
Renxiang Yan
Yinglan Jiang
Fanxiang Bin
Original Assignee
Alcatel
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel filed Critical Alcatel
Publication of WO2007009367A1 publication Critical patent/WO2007009367A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5046Resolving address allocation conflicts; Testing of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/59Network arrangements, protocols or services for addressing or naming using proxies for addressing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/659Internet protocol version 6 [IPv6] addresses

Definitions

  • the present invention relates to an IPv6 technology, and in particular to an Ipv6 duplicate address detection method in a Layer 2 access network. Background technique
  • IPv6 has become more mature, and the network will evolve from an IPv4 network to an IPv6 network.
  • IPv4 network because the address is a scarce resource, the address allocation in the access network is strictly controlled. Usually, a shared address pool is maintained at the access device or the BRAS (Broadband Remote Access Server), as needed. Perform address assignment. IPv6 brings a huge address space that allows every grain of sand on the planet to have an IPv6 address, so every device in the user's network can have a globally addressable address. Address assignment in IPv6 can be divided into two broad categories: stateful address assignment based on DHCPv6 (Dynamic Host Configuration Protocol) and stateless address assignment.
  • DHCPv6 Dynamic Host Configuration Protocol
  • the former can strictly control address allocation.
  • the stateless address assignment is that the host or the terminal obtains a 64-bit prefix by using the RA (Router Advertisement) message obtained from the router, and then attaches the host identifier (Interface identifier) that received the RA message to obtain 128 bits.
  • IPv6 address The RFC standard requires that before an IPv6 unicast address is assigned to an interface (which we used to call a tentative address), DAD (Duplicate Address Detection) detection must be performed in a subnet sharing the same prefix space. To ensure the uniqueness of the tentative address in the subnet. DAD detection is implemented by NS message (neighbor request: Neighbor Solicitation) and NA message (neighbor advertisement: Neighbor Advertisement) mechanism.
  • the structure of the Layer 2 network access system is shown.
  • the network access equipment DSLAM (Digital Subscriber Line Access Multiplexer) 12 and CPE (Client Device) usually work at the second layer.
  • IPv6 is supported, and there are multiple prefix allocation methods, such as: one user network has a unique prefix, or multiple user networks share a prefix.
  • prefix space has a 64-bit address space, that is, a user network has 2 64 addresses, and the equipment of the user network may be much smaller than this number. This scheme makes the address utilization quite low.
  • multiple user networks share one A 64-bit prefix, that is, sharing the same address space, can avoid address space waste and address fragmentation, and is convenient for network user management.
  • DAD detection needs to be completed in the shared domain.
  • DAD detection method There is currently a lack of a mature DAD detection method when multiple user networks share a prefix.
  • the most straightforward method is to enable these messages to directly enter other user networks sharing the same prefix according to the standard DAD mechanism, that is, the DAD-related messages (such as NS messages, NA messages) are identified by the Layer 2 access device, and then These messages are forwarded to other user networks sharing the same prefix, and the network nodes in their user networks respond to the message.
  • DFM Direct Flooding Method
  • the DFM method may cause many problems between different user networks sharing prefixes, such as network security: DAD denial of service attacks, one of a user network. A malicious host or terminal responds to each NS message from another user network.
  • the purpose of the present invention is to implement a secure cross-user network address repeat detection when a plurality of user networks share a prefix under the same Layer 2 access device in an IPv6 access network.
  • One of the objectives of the present invention is to provide a method for detecting a duplicate address of a Layer 2 network access device.
  • the network access device is connected to a plurality of user networks through its user interface, and a plurality of user networks share a network prefix.
  • the method comprises the steps of: a) receiving step: receiving a network node neighbor request message from the user network, and acquiring a tentative address included in the neighbor request message; b) determining step: determining whether the tentative address is shared by the network prefix user The network node in the network uses; c:), the decision step: If the tentative address has been allocated for use, construct a corresponding neighbor advertisement message, notify the generation of the The network node of the neighbor request message may not use the tentative address; otherwise, the network node tentative address configuration information is saved.
  • step C if the tentative address has been used by other network nodes in the user network initiating the neighbor request message, the neighbor request message is ignored.
  • step C) before saving the tentative address configuration information of the network node, waiting for a certain time and detecting whether another network node requests the same tentative address, if there is a neighbor request message with the same tentative address, A corresponding neighbor advertisement message is constructed to notify the two network nodes that generated the tentative address neighbor request message that the address is unusable.
  • a further object of the present invention is to provide a Layer 2 network access device for IPv6 user access, comprising a plurality of user interface units, respectively connected to a plurality of user networks through a client device connected thereto, and receiving a network from a user network.
  • a node neighbor request message the user network sharing a network prefix
  • the network access device comprises: a duplicate address detection proxy unit: obtaining a tentative address included in a neighbor request message of each user interface unit, and determining the tentative address Whether it is used by the network node in the user network sharing the network prefix. If the tentative address has been allocated for use, construct a corresponding neighbor advertisement message to notify the network node that generated the neighbor request message that the tentative address is unavailable, otherwise, save the Network node tentative address configuration information.
  • the duplicate address detection proxy unit finds that the tentative address has been used by other network nodes in the user network that initiated the neighbor request message, and the network access device ignores the neighbor request message.
  • a further object of the present invention is to provide an IPv6 user access system, including a plurality of user networks, a Layer 2 network access device, and a broadband access server, where a plurality of user networks are connected to a Layer 2 network access device through a client device and share a a network prefix, characterized in that: the network node in the user network generates a neighbor request message for repeated address detection; the layer 2 network access device intercepts the network node neighbor request message from different user networks, if the neighbor request message is temporarily The fixed address is assigned to the network node of the other user network, and the network access device constructs a corresponding neighbor advertisement message.
  • the access system further includes a broadband access server, and the neighbor advertisement message target link layer address option field is a MAC address of the broadband access server.
  • a further object of the present invention is to provide a duplicate address detection proxy unit for Ipv6 user access, comprising: a plurality of interface units: receiving a neighbor request message for a duplicate address request generated by a network node connected to the interface unit; Line table: Network for saving network nodes in the interface unit Address configuration information: The control unit: extracts tentative address information in the neighbor request message, and performs a lookup in the interface address line table. When the tentative address has been used, constructs a neighbor advertisement message to notify the generated neighbor request The corresponding interface unit of the message, otherwise, the tentative address configuration information is added to the interface address line table.
  • the interface address line table includes network node IP address and MAC address information
  • the interface address line table further includes interface unit information, and the control unit first searches within the range of the network node corresponding to the generated neighbor request message in its interface unit, if it has been used by other network nodes of the interface The control unit ignores the neighbor request message.
  • the control unit sets a waiting time to further receive and judge other possible temporary address requests of the network node.
  • the present invention successfully solves the duplicate address detection that must be performed when multiple user networks share a prefix in a Layer 2 access device in an IPv6 access network, which provides a rapid popularization of IPv6 in the access network. Strong protection.
  • the duplicate address detection method and the duplicate address detection proxy unit provided by the present invention can also support repeated address detection when multiple Layer 2 network access devices share a prefix.
  • FIG. 1 is a schematic structural diagram of a layer 2 network access system according to the present invention.
  • FIG. 2 is a schematic structural diagram of a duplicate address detecting proxy unit of the present invention.
  • FIG. 3 is a schematic structural diagram of a duplicate address detecting process of the present invention. detailed description
  • a plurality of user networks 11 are connected to the DSLAM 12 through their Layer 2 CPEs, assuming that the user networks 11A, 11B each have a respective subnet space.
  • the RA message for prefix distribution is sent by the BRAS in the access network.
  • Use User network 11A network node a interface? 3 Its 0800 detection process is as follows:
  • the interface P al of the network node a1 must join two multicast groups before the NS message is sent, that is, the All-Nodes Multicast Address and the requesting node multicast address.
  • the former can guarantee that the interface can receive the NA message from the node that has used the tentative address; the latter can ensure that the two nodes that are ready to use the tentative address can detect the existence of the other party in time.
  • the interface P al of the network node a is in the NS message sent, the target address field is set to the tentative address to be detected, the IP source address is set to the unspecified address (ie::), and the IP sink address is set to be The requesting node multicast address formed by the tentative address detected.
  • the other network node interface in the subnet receives the NS message for DAD detection, and if it finds that the target address in the message has been used by itself, it will Construct an NA message to advertise that this address is already in use. If the destination address is also the tentative address for the interface P a2 , then the tentative address is repeated in the subnet, then the tentative address cannot be used by the two 1 ⁇ 2 and P al (the interface P al will also Received the NS message sent by P a2 for DAD detection of the same address).
  • the interface P al of the network node a receives a valid NA message. If the destination address in the message is the tentative address of the interface, it indicates that the tentative address is not unique in the subnet, ie, it fails. DAD detection, cannot be assigned to this interface.
  • the interface P al of the network node a does not receive any response message NA to the tentative address within a specified time, indicating that the address is unique within the subnet, and the address is assigned to the interface. For its use.
  • the DSLAM 12 In the access system shown in the figure, it is assumed that user networks 11A, 11B pass through the network access device DSLAM 12 Sharing the same network prefix, the interface P al of the network node a1 in the user network 11A generates an NS message for DAD detection; the DSLAM 12 intercepts the message from the NS, does not forward to other user networks, but extracts the NS a tentative address in the message, and determining whether the tentative address is assigned to a network node of another user network, if the tentative address has been interfaced by another network node of the user network, such as the interface P of the network node bl in the user network 11B When bl is used, the DSLAM 12 constructs a corresponding NA message, notifying the user that the network node a in the network A cannot use the temporary address.
  • the target link layer address option field in the above NA message is the MAC address of the BRAS (Broadband Access Server).
  • the BRAS is the first router in the access network relative to the user network.
  • the MAC address of the BRAS is used to prevent direct communication between network nodes in the user networks A and B, and the communication between the network nodes in the user networks A and B. All must be transited through the BRAS.
  • the DSLAM 12 can determine whether the tentative address has been allocated or not by establishing and maintaining the address configuration information of the network node of each user network. The implementation will be more clear by the following description.
  • the Layer 2 network access device DSLAM 12 has a plurality of user interface units 20A, 20B, which are connected to the formed user network (such as the user network 11 ⁇ , 11 ⁇ ..) through the CPE;
  • the interface unit 22 is connected to the network to receive the RA message sent from the BRAS.
  • the user interface unit receives the NS message generated by the network node in the user network, and the message includes tentative address information.
  • the DSLAM 12 further includes a DAD proxy unit 21 to implement duplicate address detection between user networks sharing the network prefix.
  • the DAD proxy unit 21 acts as a network node in a user network to respond to DAD messages of network nodes in other user networks, thereby avoiding security problems caused by DAD messages directly entering one user network from another user network; the DAD proxy unit 21 is for these interfaces
  • the unit maintains an interface address line table 21A in which the IPv6 address assigned by the network node in the user network to which each interface unit is connected is recorded.
  • the DAD proxy unit 21 further includes a control unit 21B that receives DAD detection messages from different interface units, does not forward to other user networks, but extracts tentative address information in the NS message, and queries the interface address line table 21A.
  • control unit 21B adds the address configuration information of the network node in the interface address line table 21A to maintain the occupancy of all network node addresses under the access device.
  • the network node address configuration information in the interface address line table 21A may include network node IP address and MAC address information; the DAD proxy unit 21 may maintain its corresponding interface address line table for each interface unit, or may add a table.
  • the control unit To identify the interface unit information, to facilitate the control unit to quickly find the tentative address, the control unit first searches within the range of the network node corresponding to the generated neighbor request message in its interface unit, if it has been used by other network nodes of the interface The control unit 21B can simply ignore the neighbor request message, and the network node using the tentative address of the interface will make a corresponding NA response.
  • the control unit 21B may wait for a period of time before adding the tentative address configuration information to further receive and determine other potential request of the network node for the tentative address.
  • the technical solution provided by the present invention can help to implement address resolution in an IPv6 network, and the solution can be extended to the case where the entire BRAS shares a prefix, as long as it implements the above-mentioned several interface units and interface addresses provided by the present invention in the BRAS.
  • the target link layer address option field in the NA message generated by the control unit 21B is the MAC address of the BRAS (Broadband Access Server) to prevent the network nodes in the user network VIII and B. Direct communication, communication between the user network and the network nodes in B must be relayed through the BRAS.
  • BRAS Broadband Access Server
  • step S30 the network access device DAD agent extracts the target in the NS message when detecting the NS message from the network node a1 interface P al of the user network 11A.
  • the address that is, the tentative address generated by the network node; in step S31, if the target address in the NS message exists in the address line port mapping table associated with the user network 11A, it indicates a certain network node in the user network 11A.
  • the interface P a2 is already using the address, at which point the DAD agent can simply ignore the NS message because the node interface P a2 that is already using the address in the user network of the interface will make a corresponding NA response.
  • the DAD proxy unit constructs an NA message to advertise that the address has been interfaced with the node of the user network P bl Use (step S37).
  • the target link layer address option carried by this NA message is BRAS.
  • the MAC address of the BRAS is used to prevent direct communication between two user network devices.
  • the DAD proxy unit waits for a period of time (step S33). If the DAD proxy unit receives the DAD detection NS message for the tentative address by the other network node interface at this waiting time, it indicates that there are multiple node interfaces ready to use the tentative address, so the DAD agent constructs the corresponding NA message response.
  • step S37 if the NS message for DAD detection by the other network node for the tentative address is not waited (step S35), the temporary prefix field is The address is unique, and the DAD agent unit adds this tentative address to the address line port mapping table associated with the user network 11A (step S36).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

A method for duplicate address detection in the two-layer access network supporting IPv6 and a system thereof include: a DAD proxy is implemented at the two-layer network access equipment; the IPv6 address used by the network node in a plurality of user networks sharing the network prefix is maintained by the interface address circuit table; the DAD message generated by different user networks is intercepted and is not forwarded to other user networks directly; the interface address circuit table is inquired, if the requested address is occupied by the other network node, it answers the DAD message as a proxy. Therefore, the security problem is resolved when the DAD message enters a user network from another user network.

Description

一种支持 IPv6的二层接入网中重复地址检测方法及其装置 技术领域  Method and device for detecting duplicate address in Layer 2 access network supporting IPv6
本发明涉及一种 Ipv6技术, 尤其涉及一种二层接入网络中 Ipv6重复地址 检测方法。 背景技术  The present invention relates to an IPv6 technology, and in particular to an Ipv6 duplicate address detection method in a Layer 2 access network. Background technique
随着通信网络技术的快速发展, IPv6愈发成熟, 网络将由 IPv4网络演化 为 IPv6网络。 在 IPv4网络中, 由于地址是比较奇缺的资源, 接入网中的地址 分配是严格控制的, 通常是在接入设备或者 BRAS (宽带远程接入服务器) 处 维护一个共享地址池, 根据需要进行地址分配。 IPv6带来了巨大的地址空间, 它可以做到让地球上每一粒沙子都能拥有一个 IPv6地址,因此用户网络中每一 个设备都能有个全球可寻址的地址。 IPv6中的地址分配可以分为两大类: 基于 DHCPv6 (动态主机配置协议) 的有状态地址分配和无状态地址分配。 前者可 以严格地控制地址分配。 而无状态地址分配是主机或终端通过从路由器获得的 RA (路由器通告: Router Advertisement) 消息得到 64bit的前缀, 再附加上接 收到该 RA消息的主机接口标识符(Interface identifier)以得到 128比特的 IPv6 地址。 RFC标准要求在将一个 IPv6单播地址指配给一个接口使用之前 (我们 习惯称之为暂定地址) , 必须在共享同一个前缀空间的子网中进行 DAD (重复 地址检测: Duplicate Address Detection) 检测, 以保证该暂定地址在该子网中 的唯一性。 DAD检测是通过 NS消息(邻居请求: Neighbor Solicitation)和 NA 消息 (邻居通告: Neighbor Advertisement) 机制来实现的。  With the rapid development of communication network technology, IPv6 has become more mature, and the network will evolve from an IPv4 network to an IPv6 network. In an IPv4 network, because the address is a scarce resource, the address allocation in the access network is strictly controlled. Usually, a shared address pool is maintained at the access device or the BRAS (Broadband Remote Access Server), as needed. Perform address assignment. IPv6 brings a huge address space that allows every grain of sand on the planet to have an IPv6 address, so every device in the user's network can have a globally addressable address. Address assignment in IPv6 can be divided into two broad categories: stateful address assignment based on DHCPv6 (Dynamic Host Configuration Protocol) and stateless address assignment. The former can strictly control address allocation. The stateless address assignment is that the host or the terminal obtains a 64-bit prefix by using the RA (Router Advertisement) message obtained from the router, and then attaches the host identifier (Interface identifier) that received the RA message to obtain 128 bits. IPv6 address. The RFC standard requires that before an IPv6 unicast address is assigned to an interface (which we used to call a tentative address), DAD (Duplicate Address Detection) detection must be performed in a subnet sharing the same prefix space. To ensure the uniqueness of the tentative address in the subnet. DAD detection is implemented by NS message (neighbor request: Neighbor Solicitation) and NA message (neighbor advertisement: Neighbor Advertisement) mechanism.
如图 1所示的二层网络接入系统结构示意, 网络接入设备 DSLAM (数字 用户线接入复用器) 12和 CPE (客户端设备) 通常工作在第二层。 在这样的 二层接入网络中支持 IPv6, 有多种前缀分配方式, 如: 一个用户网络独享一个 前缀、 或多个用户网络共享一个前缀。 对于前一种分配方式, 从管理角度来说 这样很直接、 相对简单。 但是, 一个前缀空间具有 64 比特的地址空间, 即一 个用户网络拥有 264个地址, 而用户网络的设备可能远远小于这个数量, 这种 方案使得地址利用率相当得低。 对于后一种者分配方式, 多个用户网络共享一 个 64比特前缀, 即共享同一个地址空间, 可以避免地址空间浪费和地址碎片, 方便网络用户管理, 但在共享前缀时, DAD检测需要在共享域内完成。 As shown in Figure 1, the structure of the Layer 2 network access system is shown. The network access equipment DSLAM (Digital Subscriber Line Access Multiplexer) 12 and CPE (Client Device) usually work at the second layer. In such a Layer 2 access network, IPv6 is supported, and there are multiple prefix allocation methods, such as: one user network has a unique prefix, or multiple user networks share a prefix. For the former distribution method, this is straightforward and relatively simple from a management perspective. However, a prefix space has a 64-bit address space, that is, a user network has 2 64 addresses, and the equipment of the user network may be much smaller than this number. This scheme makes the address utilization quite low. For the latter type of distribution, multiple user networks share one A 64-bit prefix, that is, sharing the same address space, can avoid address space waste and address fragmentation, and is convenient for network user management. However, when sharing a prefix, DAD detection needs to be completed in the shared domain.
在同一个二层接入设备下的多个用户网络共享一个前缀时, 面临着一些问 题- 在目前二层接入网络中, 用户网络通常不允许直接通信, 因为用户网络之 间的直接通信使得营运商无法得到收益, 另外可能造成一些安全问题 (用户网 络只是对运营商接入网有信任关系, 不同的用户网络之间不可能有信任关系, 因此可能发起攻击) 。 如何实现共享空间的有效的 DAD检测是一个至关重要 的问题。  When multiple user networks under the same Layer 2 access device share a prefix, they face some problems. In current Layer 2 access networks, user networks usually do not allow direct communication because direct communication between user networks makes Operators are unable to obtain revenue, and may also cause some security problems (the user network only has a trust relationship with the operator access network, and there is no trust relationship between different user networks, so an attack may be initiated). How to achieve effective DAD detection of shared space is a critical issue.
目前还缺乏一个比较成熟的、 多个用户网络共享一个前缀时的 DAD检测 方法。 最直接的方法是根据标准的 DAD机制, 让这些消息直接能够进入其他 共享同一个前缀的用户网络, 即由二层接入设备识别出 DAD相关消息 (如: NS 消息、 NA消息), 然后将这些消息转发到其他共享同一个前缀的用户网络中, 由其用户网络中的网络节点响应该消息。我们称这种方法为直接扩散法(DFM: Direct Flooding Method), DFM方法中可能使共享前缀的不同用户网络之间产 生很多问题, 例如网络安全方面: DAD拒绝服务攻击,一个用户网络中的一个 恶意主机或终端响应每一个来自其他用户网络的 NS消息, 当这个恶意主机或 终端通过相应 NA消息宣称拥有那个暂定地址, 则其他用户网络的主机或终端 无法成功获得一个 IPv6地址,进而无法获得 IPv6网络服务。此外,大量的 DAD 检测消息在网络中传播会占用部分网络资源, 从而影响正常的数据流转发。 发明内容  There is currently a lack of a mature DAD detection method when multiple user networks share a prefix. The most straightforward method is to enable these messages to directly enter other user networks sharing the same prefix according to the standard DAD mechanism, that is, the DAD-related messages (such as NS messages, NA messages) are identified by the Layer 2 access device, and then These messages are forwarded to other user networks sharing the same prefix, and the network nodes in their user networks respond to the message. We call this method the Direct Flooding Method (DFM). The DFM method may cause many problems between different user networks sharing prefixes, such as network security: DAD denial of service attacks, one of a user network. A malicious host or terminal responds to each NS message from another user network. When the malicious host or terminal claims to have the tentative address through the corresponding NA message, the host or terminal of the other user network cannot successfully obtain an IPv6 address, and thus cannot obtain IPv6 network service. In addition, a large number of DAD detection messages propagating in the network will occupy part of the network resources, thus affecting normal data stream forwarding. Summary of the invention
本发明目的在于:在 IPv6接入网络中, 同一个二层接入设备下多个用户网 络共享一个前缀时, 如何实现安全的跨用户网络的地址重复检测。  The purpose of the present invention is to implement a secure cross-user network address repeat detection when a plurality of user networks share a prefix under the same Layer 2 access device in an IPv6 access network.
本发明目的之一在于: 提供一种用于二层网络接入设备的重复地址检测方 法, 网络接入设备通过其用户接口与若干用户网络连接, 若干用户网络共享网 络前缀, 其特征在于所述方法包括步骤: a)、 接收步骤: 接收来自用户网络的 网络节点邻居请求消息, 并获取邻居请求消息包含的暂定地址; b)、 判断步骤: 确定该暂定地址是否被共享网络前缀的用户网络中网络节点使用; c:)、 决定步 骤: 如果该暂定地址已经被分配使用, 则构造相应邻居通告消息, 通知产生该 邻居请求消息的网络节点该暂定地址不可使用, 否则, 保存该网络节点暂定地 址配置信息。 One of the objectives of the present invention is to provide a method for detecting a duplicate address of a Layer 2 network access device. The network access device is connected to a plurality of user networks through its user interface, and a plurality of user networks share a network prefix. The method comprises the steps of: a) receiving step: receiving a network node neighbor request message from the user network, and acquiring a tentative address included in the neighbor request message; b) determining step: determining whether the tentative address is shared by the network prefix user The network node in the network uses; c:), the decision step: If the tentative address has been allocated for use, construct a corresponding neighbor advertisement message, notify the generation of the The network node of the neighbor request message may not use the tentative address; otherwise, the network node tentative address configuration information is saved.
其步骤 C)中, 如果该暂定地址已经被发起邻居请求消息的用户网络中其他 网络节点使用, 则忽略该邻居请求消息。  In step C), if the tentative address has been used by other network nodes in the user network initiating the neighbor request message, the neighbor request message is ignored.
其步骤 C)中, 在保存网络节点暂定地址配置信息之前, 在一定的时间内等 待并检测是否有其他网络节点对相同暂定地址进行请求, 如果存在相同暂定地 址的邻居请求消息, 则构造相应邻居通告消息, 通知产生该暂定地址邻居请求 消息的两个网络节点该地址都不可使用。  In step C), before saving the tentative address configuration information of the network node, waiting for a certain time and detecting whether another network node requests the same tentative address, if there is a neighbor request message with the same tentative address, A corresponding neighbor advertisement message is constructed to notify the two network nodes that generated the tentative address neighbor request message that the address is unusable.
本发明进一步目的在于: 提供一种用于 IPv6 用户接入的二层网络接入设 备, 包括若干用户接口单元, 分别通过与其连接的客户端设备与若干用户网络 连接、 并接收来自用户网络中网络节点邻居请求消息, 所述用户网络共享网络 前缀, 其特征在于所述网络接入设备包括: 重复地址检测代理单元: 获取各用 户接口单元的邻居请求消息包含的暂定地址, 确定该暂定地址是否被共享网络 前缀的用户网络中网络节点使用, 如果该暂定地址已经被分配使用, 则构造相 应邻居通告消息, 通知产生该邻居请求消息的网络节点该暂定地址不可使用, 否则, 保存该网络节点暂定地址配置信息。  A further object of the present invention is to provide a Layer 2 network access device for IPv6 user access, comprising a plurality of user interface units, respectively connected to a plurality of user networks through a client device connected thereto, and receiving a network from a user network. a node neighbor request message, the user network sharing a network prefix, wherein the network access device comprises: a duplicate address detection proxy unit: obtaining a tentative address included in a neighbor request message of each user interface unit, and determining the tentative address Whether it is used by the network node in the user network sharing the network prefix. If the tentative address has been allocated for use, construct a corresponding neighbor advertisement message to notify the network node that generated the neighbor request message that the tentative address is unavailable, otherwise, save the Network node tentative address configuration information.
其中, 重复地址检测代理单元发现该暂定地址已经被发起邻居请求消息的 用户网络中其他网络节点使用, 则网络接入设备忽略该邻居请求消息。  The duplicate address detection proxy unit finds that the tentative address has been used by other network nodes in the user network that initiated the neighbor request message, and the network access device ignores the neighbor request message.
本发明进一步目的在于:提供一种 IPv6用户接入系统,包括若干用户网络、 二层网络接入设备、 宽带接入服务器, 若干用户网络通过客户端设备与二层网 络接入设备相连并共享一个网络前缀, 其特征在于: 用户网络中的网络节点产 生用于重复地址检测的邻居请求消息; 二层网络接入设备截获来自不同用户网 络的网络节点邻居请求消息, 如果该邻居请求消息中的暂定地址被分配给其他 用户网络的网络节点, 网络接入设备构造相应的邻居通告消息。  A further object of the present invention is to provide an IPv6 user access system, including a plurality of user networks, a Layer 2 network access device, and a broadband access server, where a plurality of user networks are connected to a Layer 2 network access device through a client device and share a a network prefix, characterized in that: the network node in the user network generates a neighbor request message for repeated address detection; the layer 2 network access device intercepts the network node neighbor request message from different user networks, if the neighbor request message is temporarily The fixed address is assigned to the network node of the other user network, and the network access device constructs a corresponding neighbor advertisement message.
其中, 接入系统进一步包括宽带接入服务器, 所述邻居通告消息目标链路 层地址选项域为宽带接入服务器的 MAC地址。  The access system further includes a broadband access server, and the neighbor advertisement message target link layer address option field is a MAC address of the broadband access server.
本发明进一步目的在于:一种用于 Ipv6用户接入的重复地址检测代理单元, 包括:若干接口单元:接收来自本接口单元相连的网络节点产生的用于重复地址 请求的邻居请求消息; 接口地址线路表: 用于保存接口单元中网络节点的网络 地址配置信息; 控制单元: 提取邻居请求消息中的暂定地址信息, 并在接口地 址线路表中进行查找, 当所述暂定地址已经被使用, 则构造邻居通告消息, 通 知产生的该邻居请求消息的相应接口单元, 否则, 在接口地址线路表中添加该 暂定地址配置信息。 A further object of the present invention is to provide a duplicate address detection proxy unit for Ipv6 user access, comprising: a plurality of interface units: receiving a neighbor request message for a duplicate address request generated by a network node connected to the interface unit; Line table: Network for saving network nodes in the interface unit Address configuration information: The control unit: extracts tentative address information in the neighbor request message, and performs a lookup in the interface address line table. When the tentative address has been used, constructs a neighbor advertisement message to notify the generated neighbor request The corresponding interface unit of the message, otherwise, the tentative address configuration information is added to the interface address line table.
上述重复地址检测代理单元中, 接口地址线路表包括网络节点 IP 地址、 MAC地址信息;  In the above duplicate address detecting proxy unit, the interface address line table includes network node IP address and MAC address information;
上述重复地址检测代理单元中, 接口地址线路表进一步包括接口单元信 息, 控制单元首先在在产生的邻居请求消息在其接口单元相对应的网络节点范 围内査找, 如果已经被该接口其他网络节点使用, 控制单元忽略该邻居请求消 息。  In the above duplicate address detecting proxy unit, the interface address line table further includes interface unit information, and the control unit first searches within the range of the network node corresponding to the generated neighbor request message in its interface unit, if it has been used by other network nodes of the interface The control unit ignores the neighbor request message.
上述重复地址检测代理单元中, 控制单元在添加该暂定地址配置信息前, 设置一段等待时间, 以进一步接收并判断其他的网络节点可能的对该暂定地址 请求。  In the above duplicate address detecting proxy unit, before adding the tentative address configuration information, the control unit sets a waiting time to further receive and judge other possible temporary address requests of the network node.
根据上述思想,本发明成功地解决了在 IPv6接入网络中, 二层接入设备中 多个用户网络共享一个前缀时所必须进行的重复地址检测,为 IPv6在接入网中 迅速普及提供了有力保障。 基于本发明提供的重复地址检测方法及其重复地址 检测代理单元,同样可以支持多个二层网络接入设备共享一个前缀时的重复地 址检测。 附图说明  According to the above idea, the present invention successfully solves the duplicate address detection that must be performed when multiple user networks share a prefix in a Layer 2 access device in an IPv6 access network, which provides a rapid popularization of IPv6 in the access network. Strong protection. The duplicate address detection method and the duplicate address detection proxy unit provided by the present invention can also support repeated address detection when multiple Layer 2 network access devices share a prefix. DRAWINGS
图 1是一种本发明所涉及的二层网络接入系统结构示意;  1 is a schematic structural diagram of a layer 2 network access system according to the present invention;
图 2是本发明重复地址检测代理单元结构示意图;  2 is a schematic structural diagram of a duplicate address detecting proxy unit of the present invention;
图 3是本发明重复地址检测流程结构示意图。 具体实施方式  FIG. 3 is a schematic structural diagram of a duplicate address detecting process of the present invention. detailed description
为便于理解,我们首先结合图 1 所示的典型的二层网络接入系统对标准的 DAD检测做一定的说明。若干用户网络 11(图例中只示意出两个用户网络 11A、 11B) 通过其二层 CPE与 DSLAM 12相连, 假设用户网络 11A、 11B分别享有 一个各自的子网空间。 进行前缀分发的 RA消息由接入网中的 BRAS发出。 用 户网络 11A网络节点 a接口?3其0八0检测过程如下: For the sake of understanding, we first make a description of the standard DAD detection in combination with the typical Layer 2 network access system shown in Figure 1. A plurality of user networks 11 (only two user networks 11A, 11B are illustrated in the figure) are connected to the DSLAM 12 through their Layer 2 CPEs, assuming that the user networks 11A, 11B each have a respective subnet space. The RA message for prefix distribution is sent by the BRAS in the access network. use User network 11A network node a interface? 3 Its 0800 detection process is as follows:
1 ) 、 网络节点 al的接口 Pal在发出 NS消息之前, 该接口必须加入两个多 播组, 即所有节点组播组 (All-Nodes Multicast Address)和请求节点组播地址1) The interface P al of the network node a1 must join two multicast groups before the NS message is sent, that is, the All-Nodes Multicast Address and the requesting node multicast address.
( Solicited-Node Multicast Address) 。 前者可保证该接口能够接收到已经使用 此暂定地址的节点发出 NA消息; 后者可保证两个准备使用这个暂定地址的节 点能够及时检测到对方的存在。 (Solicited-Node Multicast Address). The former can guarantee that the interface can receive the NA message from the node that has used the tentative address; the latter can ensure that the two nodes that are ready to use the tentative address can detect the existence of the other party in time.
2)、 网络节点 al的接口 Pal在发出的 NS消息中, 目标地址域被设置成待 检测的暂定地址, IP源地址设置为未指定地址 (即::) , IP宿地址为由待检测 的暂定地址构成的请求节点多播地址。 2) The interface P al of the network node a is in the NS message sent, the target address field is set to the tentative address to be detected, the IP source address is set to the unspecified address (ie::), and the IP sink address is set to be The requesting node multicast address formed by the tentative address detected.
3 ) 、 该子网中其他网络节点接口 (例如: 网络节点 a2的接口 Pa2) 收到这 个用于 DAD检测的 NS消息,如果发现该消息中的目标地址已经被它自身使用, 则其会构造一个 NA消息通告这个地址已经被使用。 如果这个目标地址对于接 口 Pa2也是其的暂定地址, 那么说明此暂定地址在子网中重复, 则这个暂定地 址不能被这两个 1^2和 Pal使用 (接口 Pal也会收到 Pa2发出的对同一个地址作 DAD检测的 NS消息) 。 3), the other network node interface in the subnet (for example: the interface P a2 of the network node a2) receives the NS message for DAD detection, and if it finds that the target address in the message has been used by itself, it will Construct an NA message to advertise that this address is already in use. If the destination address is also the tentative address for the interface P a2 , then the tentative address is repeated in the subnet, then the tentative address cannot be used by the two 1^ 2 and P al (the interface P al will also Received the NS message sent by P a2 for DAD detection of the same address).
4) 、 网络节点 al 的接口 Pal收到一个有效的 NA消息, 如果该消息中的 目标地址是这个接口的暂定地址, 则说明该暂定地址在子网中不唯一,. 即没有 通过 DAD检测, 不能分配给该接口使用。 4) The interface P al of the network node a receives a valid NA message. If the destination address in the message is the tentative address of the interface, it indicates that the tentative address is not unique in the subnet, ie, it fails. DAD detection, cannot be assigned to this interface.
5) 、 网络节点 al 的接口 Pal在规定时间内没有收到任何对该暂定地址的 响应消息 NA, 则说明该地址是在这个子网内唯一, 则将该地址赋给该接口, 可供其使用。 5) The interface P al of the network node a does not receive any response message NA to the tentative address within a specified time, indicating that the address is unique within the subnet, and the address is assigned to the interface. For its use.
然而, 如前所述, 当在同一个接入设备下的多个用户网络共享一个前缀, 由于用户网络之间不允许直接通信并且 NS/NA 消息也不允许直接从一个用户 网络进入另外一个用户网络, 因此必须有机制帮助实现跨用户网络的 DAD检 下面, 我们结合图 1对本发明作进一步详细描述, 在图例所示的接入系统 中, 假设用户网络 11A、 11B通过网络接入设备 DSLAM 12共享同一个网络前 缀, 用户网络 11A中的网络节点 al的接口 Pal产生用于 DAD检测的 NS消息; DSLAM 12截获来自该 NS消息, 并不向其他用户网络进行转发, 而是提取 NS 消息中的暂定地址, 并判断该暂定地址是否被分配给其他用户网络的网络节 点, 如果该暂定地址已经被用户网络其他网络节点接口, 如用户网络 11B中的 网络节点 bl的接口 Pbl使用, DSLAM 12就构造相应的 NA消息, 通知用户网 络 A中的网络节点 al该暂时地址不可以使用。 However, as mentioned before, when multiple user networks under the same access device share a prefix, direct communication is not allowed between user networks and NS/NA messages are not allowed to enter another user directly from one user network. Network, therefore, there must be a mechanism to help achieve DAD detection across user networks. We will further describe the present invention in more detail with reference to Figure 1. In the access system shown in the figure, it is assumed that user networks 11A, 11B pass through the network access device DSLAM 12 Sharing the same network prefix, the interface P al of the network node a1 in the user network 11A generates an NS message for DAD detection; the DSLAM 12 intercepts the message from the NS, does not forward to other user networks, but extracts the NS a tentative address in the message, and determining whether the tentative address is assigned to a network node of another user network, if the tentative address has been interfaced by another network node of the user network, such as the interface P of the network node bl in the user network 11B When bl is used, the DSLAM 12 constructs a corresponding NA message, notifying the user that the network node a in the network A cannot use the temporary address.
上述 NA消息中的目标链路层地址选项域为 BRAS (宽带接入服务器) 的 MAC地址。 通常, BRAS在接入网络中相对于用户网络为第一个路由器, 使用 BRAS的 MAC地址是为了防止用户网络 A、 B中的网络节点间直接通信,用户 网络 A、 B中的网络节点的通信都必须通过 BRAS中转。  The target link layer address option field in the above NA message is the MAC address of the BRAS (Broadband Access Server). Generally, the BRAS is the first router in the access network relative to the user network. The MAC address of the BRAS is used to prevent direct communication between network nodes in the user networks A and B, and the communication between the network nodes in the user networks A and B. All must be transited through the BRAS.
DSLAM 12可以通过建立、 维护各个用户网络的网络节点的地址配置信息 来判断上述暂定地址是否已经被分配使用, 通过以下的说明其实现会更加清 楚。  The DSLAM 12 can determine whether the tentative address has been allocated or not by establishing and maintaining the address configuration information of the network node of each user network. The implementation will be more clear by the following description.
图 2 是与发明相应的二层网络接入设备结构示意图。 二层网络接入设备 DSLAM 12存在若干用户接口单元 20A、 20B ··· ···, 通过 CPE与所组成的用户 网络 (如图 1用户网络 11Α、 11Β··· ..)连接; 以及网络接口单元 22, 与网络相 连以接收来自 BRAS发出的 RA消息。 用户接口单元接收用户网络中网络节点 产生的 NS消息, 该消息包含暂定地址信息; 根据本发明思想, DSLAM 12进 一步包含一个 DAD代理单元 21来实现共享网络前缀的各用户网络间的重复地 址检测, 它代理一个用户网络中的网络节点响应其他用户网络中网络节点的 DAD消息, 从而避免了 DAD消息直接从一个用户网络进入另外一个用户网络 而引起的安全问题; 该 DAD代理单元 21为这些接口单元维护着一个接口地址 线路表 21A, 该表中记录了相应的每个接口单元相连的用户网络中网络节点所 分配使用的 IPv6地址。 DAD代理单元 21还包括一个控制单元 21B, 它接收来 自不同接口单元的 DAD检测消息, 并不向其他用户网络进行转发, 而是提取 NS消息中的暂定地址信息, 査询接口地址线路表 21A并做出相应处理: 如果 暂定地址已经存在于接口地址线路表中, 表明该暂定地址已经被使用, 控制单 元则构造 NA消息, 通知产生的该邻居请求消息的相应接口单元该暂定地址不 可用, 否则, 表明该暂定地址在该接入设备共享用户网络范围内地址唯一, 产 生该 NS消息的网络节点可以使用该暂定地址, 该网络节点在规定的时间内没 有收到对该暂定地址的响应消息 NA, 将该暂定地址赋给接口供其使用。 控制 单元 21B在接口地址线路表 21A中添加该该网络节点的地址配置信息,以维护 本接入设备下所有网络节点地址的占用情况。 2 is a schematic structural diagram of a Layer 2 network access device corresponding to the invention. The Layer 2 network access device DSLAM 12 has a plurality of user interface units 20A, 20B, which are connected to the formed user network (such as the user network 11Α, 11Β···..) through the CPE; The interface unit 22 is connected to the network to receive the RA message sent from the BRAS. The user interface unit receives the NS message generated by the network node in the user network, and the message includes tentative address information. According to the inventive concept, the DSLAM 12 further includes a DAD proxy unit 21 to implement duplicate address detection between user networks sharing the network prefix. , it acts as a network node in a user network to respond to DAD messages of network nodes in other user networks, thereby avoiding security problems caused by DAD messages directly entering one user network from another user network; the DAD proxy unit 21 is for these interfaces The unit maintains an interface address line table 21A in which the IPv6 address assigned by the network node in the user network to which each interface unit is connected is recorded. The DAD proxy unit 21 further includes a control unit 21B that receives DAD detection messages from different interface units, does not forward to other user networks, but extracts tentative address information in the NS message, and queries the interface address line table 21A. And corresponding processing: If the tentative address already exists in the interface address line table, indicating that the tentative address has been used, the control unit constructs an NA message, and notifies the corresponding interface unit of the neighbor request message that the tentative address is generated. Not available, otherwise, indicating that the tentative address is unique within the scope of the access device sharing user network, and the network node that generated the NS message can use the tentative address, and the network node does not receive the specified address within the specified time. The provisional address response message NA, assigns the tentative address to the interface for its use. Control The unit 21B adds the address configuration information of the network node in the interface address line table 21A to maintain the occupancy of all network node addresses under the access device.
其中,接口地址线路表 21A中的网络节点地址配置信息可以包括网络节点 IP地址、 MAC地址信息; DAD代理单元 21可以为每个接口单元维护其对应 的接口地址线路表, 也可以在增加一个表项以标识接口单元信息, 方便控制单 元对暂定地址的快速査找, 控制单元首先在在产生的邻居请求消息在其接口单 元相对应的网络节点范围内查找, 如果已经被该接口其他网络节点使用, 控制 单元 21B可以简单地忽略该邻居请求消息, 该接口使用该暂定地址的网络节点 会做出相应的 NA应答。  The network node address configuration information in the interface address line table 21A may include network node IP address and MAC address information; the DAD proxy unit 21 may maintain its corresponding interface address line table for each interface unit, or may add a table. To identify the interface unit information, to facilitate the control unit to quickly find the tentative address, the control unit first searches within the range of the network node corresponding to the generated neighbor request message in its interface unit, if it has been used by other network nodes of the interface The control unit 21B can simply ignore the neighbor request message, and the network node using the tentative address of the interface will make a corresponding NA response.
其中, 控制单元 21B在添加该暂定地址配置信息前, 可以等待一段时间, 以进一步接收并判断其他的网络节点可能的对该暂定地址请求。  The control unit 21B may wait for a period of time before adding the tentative address configuration information to further receive and determine other potential request of the network node for the tentative address.
根据本发明提供的技术方案,它可以帮助实现 IPv6网中的地址解析, 同时 这个方案可以扩展到整个 BRAS共享一个前缀的情形, 只要其在 BRAS中实现 本发明提供的上述若干接口单元、 接口地址线路表、 控制单元并实现上述相应 功能。  According to the technical solution provided by the present invention, it can help to implement address resolution in an IPv6 network, and the solution can be extended to the case where the entire BRAS shares a prefix, as long as it implements the above-mentioned several interface units and interface addresses provided by the present invention in the BRAS. The line table, control unit and the corresponding functions described above.
而在图 2例的 DSLAM应用中,控制单元 21B产生的 NA消息中的目标链路 层地址选项域为 BRAS (宽带接入服务器) 的 MAC地址, 以防止用户网络八、 B中的网络节点间直接通信, 用户网络人、 B中的网络节点的通信都必须通过 BRAS中转.  In the DSLAM application of the example of FIG. 2, the target link layer address option field in the NA message generated by the control unit 21B is the MAC address of the BRAS (Broadband Access Server) to prevent the network nodes in the user network VIII and B. Direct communication, communication between the user network and the network nodes in B must be relayed through the BRAS.
图 3是本发明 DAD代理单元对 DAD消息的处理流程, 如步骤 S30, 网络 接入设备 DAD代理当检测到来自用户网络 11A网络节点 al接口 Pal的 NS消 息时, 提取其 NS消息中的目标地址, 即该网络节点产生的暂定地址; 步骤 S31 中, 如果 NS消息中的目标地址, 存在于与这个用户网络 11A关联的地址线路 端口映射表中, 则表明用户网络 11A中某个网络节点接口 Pa2已经在使用该地 址, 此时 DAD代理可以简单地忽略这个 NS消息, 因为该接口用户网络中已经 在使用这个地址的节点接口 Pa2会做出相应的 NA应答。如果 NS消息中的目标 地址存在于另外一个用户网络 11B关联的地址线路端口映射表中(步骤 S32) , 则 DAD代理单元会构造一个 NA消息通告此地址已被该用户网络某个节点接 口 Pbl使用 (步骤 S37) 。 这个 NA消息携带的目标链路层地址选项为 BRAS 的 MAC地址, 使用 BRAS的 MAC地址是为了防止两个用户网络设备间直接 通信。 3 is a processing flow of the DAD message by the DAD proxy unit of the present invention. In step S30, the network access device DAD agent extracts the target in the NS message when detecting the NS message from the network node a1 interface P al of the user network 11A. The address, that is, the tentative address generated by the network node; in step S31, if the target address in the NS message exists in the address line port mapping table associated with the user network 11A, it indicates a certain network node in the user network 11A. The interface P a2 is already using the address, at which point the DAD agent can simply ignore the NS message because the node interface P a2 that is already using the address in the user network of the interface will make a corresponding NA response. If the destination address in the NS message exists in the address line port mapping table associated with another user network 11B (step S32), the DAD proxy unit constructs an NA message to advertise that the address has been interfaced with the node of the user network P bl Use (step S37). The target link layer address option carried by this NA message is BRAS. The MAC address of the BRAS is used to prevent direct communication between two user network devices.
如果 NS消息中的目标地址不存在于共享前缀的所有用户网络对应的地址 线路端口映射表中, 则 DAD代理单元等待一段时间 (步骤 S33) 。 如果在这等 待时间 DAD代理单元接收到其他的网络节点接口对该暂定地址所作的 DAD检 测 NS消息, 则表明有多个节点接口准备使用该暂定地址, 因此 DAD代理构造 相应的 NA消息响应 NS消息, 以告知这些网络节点接口都不能使用这个暂定 地址 (步骤 S37) ; 如果没有等到其他网络节点对暂定地址作 DAD检测的 NS 消息 (步骤 S35) , 则说明在共享前缀域内该暂定地址唯一, DAD代理单元将 这个暂定地址加入用户网络 11A关联的地址线路端口映射表 (步骤 S36) 。  If the destination address in the NS message does not exist in the address line port mapping table corresponding to all user networks sharing the prefix, the DAD proxy unit waits for a period of time (step S33). If the DAD proxy unit receives the DAD detection NS message for the tentative address by the other network node interface at this waiting time, it indicates that there are multiple node interfaces ready to use the tentative address, so the DAD agent constructs the corresponding NA message response. NS message, to inform these network node interfaces that the tentative address cannot be used (step S37); if the NS message for DAD detection by the other network node for the tentative address is not waited (step S35), the temporary prefix field is The address is unique, and the DAD agent unit adds this tentative address to the address line port mapping table associated with the user network 11A (step S36).
不脱离本发明的构思和范围可以做出许多其他改变和改型。 应当理解, 本 发明不限于特定的实施方式, 本发明的范围由所附权利要求限定。  Many other changes and modifications can be made without departing from the spirit and scope of the invention. It is to be understood that the invention is not limited to the specific embodiment, and the scope of the invention is defined by the appended claims.

Claims

权 利 要 求 Rights request
1、 一种用于二层网络接入设备的重复地址检测方法, 网络接入设备通过 其用户接口与若干用户网络连接, 若干用户网络共享网络前缀, 其特征在于所 述方法包括步骤: A method for detecting a duplicate address of a Layer 2 network access device, wherein the network access device is connected to a plurality of user networks through a user interface thereof, and the plurality of user networks share a network prefix, wherein the method comprises the steps of:
a)、 接收步骤: 接收来自用户网络的网络节点邻居请求消息, 并获取邻居 请求消息包含的暂定地址;  a) receiving step: receiving a network node neighbor request message from the user network, and acquiring a tentative address included in the neighbor request message;
b)、 判断步骤: 确定该暂定地址是否被共享网络前缀的用户网络中网络节 点使用;  b), judging step: determining whether the tentative address is used by a network node in a user network sharing a network prefix;
c) , 决定步骤: 如果该暂定地址已经被分配使用, 则构造相应邻居通告消 息, 通知产生该邻居请求消息的网络节点该暂定地址不可使用, 否则, 保存该 网络节点暂定地址配置信息。  c), the decision step: if the tentative address has been allocated for use, construct a corresponding neighbor advertisement message, notify the network node that generated the neighbor request message that the tentative address is unavailable, otherwise, save the network node tentative address configuration information .
2、 如权利要求 1 所述的重复地址检测方法, 其特征在于所述步骤 c)中, 如果该暂定地址已经被发起邻居请求消息的用户网络中其他网络节点使用, 则 忽略该邻居请求消息。  2. The method of detecting duplicate addresses according to claim 1, wherein in the step c), if the tentative address has been used by another network node in the user network initiating the neighbor request message, the neighbor request message is ignored. .
3、 如权利要求 1 所述的重复地址检测方法, 其特征在于所述步骤 c)中, 在保存网络节点暂定地址配置信息之前, 在一定的时间内等待并检测是否有其 他网络节点对相同暂定地址进行请求, 如果存在相同暂定地址的邻居请求消 息, 则构造相应邻居通告消息, 通知产生该暂定地址邻居请求消息的两个网络 节点该地址都不可使用。  3. The method for detecting duplicate addresses according to claim 1, wherein in step c), before storing the provisional address configuration information of the network node, waiting for and detecting whether there are other network node pairs in a certain time The tentative address makes a request. If there is a neighbor request message with the same tentative address, a corresponding neighbor advertisement message is constructed, and the two network nodes that generate the tentative address neighbor request message are notified that the address is unusable.
4、一种用于 IPv6用户接入的二层网络接入设备,包括若干用户接口单元, 分别通过与其连接的客户端设备与若干用户网络连接、 并接收来自用户网络中 网络节点邻居请求消息, 所述用户网络共享网络前缀, 其特征在于所述网络接 入设备包括:  A Layer 2 network access device for IPv6 user access, comprising a plurality of user interface units, respectively connected to a plurality of user networks by a client device connected thereto, and receiving a neighbor request message from a network node in the user network, The user network shares a network prefix, and the network access device includes:
重复地址检测代理单元: 获取各用户接口单元的邻居请求消息包含的暂定 地址, 确定该暂定地址是否被共享网络前缀的用户网络中网络节点使用, 如果 该暂定地址已经被分配使用, 则构造相应邻居通告消息, 通知产生该邻居请求 消息的网络节点该暂定地址不可使用, 否则, 保存该网络节点暂定地址配置信 息。 Repeating address detection proxy unit: obtaining a tentative address included in a neighbor request message of each user interface unit, determining whether the tentative address is used by a network node in a user network sharing a network prefix, and if the tentative address has been allocated for use, Constructing a corresponding neighbor advertisement message, notifying the network node that generated the neighbor request message that the tentative address is unavailable, otherwise, saving the network node tentative address configuration information.
5、 如权利要求 4所述的二层网络接入设备, 其特征在于所述重复地址检 测代理单元发现该暂定地址已经被发起邻居请求消息的用户网络中其他网络 节点使用, 则网络接入设备忽略该邻居请求消息。 The layer 2 network access device of claim 4, wherein the duplicate address detection proxy unit finds that the tentative address has been used by other network nodes in the user network that initiates the neighbor request message, and the network access The device ignores the neighbor request message.
6、 一种 IPv6用户接入系统, 包括若干用户网络、 二层网络接入设备、 宽 带接入服务器, 若干用户网络通过客户端设备与二层网络接入设备相连并共享 一个网络前缀, 其特征在于:  An IPv6 user access system, comprising a plurality of user networks, a Layer 2 network access device, and a broadband access server, wherein a plurality of user networks are connected to a Layer 2 network access device by a client device and share a network prefix. Lie in:
用户网络中的网络节点产生用于重复地址检测的邻居请求消息; 二层网络接入设备截获来自不同用户网络的网络节点邻居请求消息, 如果 该邻居请求消息中的暂定地址被分配给其他用户网络的网络节点, 网络接入设 备构造相应的邻居通告消息。  A network node in the user network generates a neighbor request message for duplicate address detection; the layer 2 network access device intercepts a network node neighbor request message from a different user network, if the tentative address in the neighbor request message is assigned to another user The network node of the network, the network access device constructs a corresponding neighbor advertisement message.
7、 如权利要求 6所述的 IPv6接入系统, 其特征在于所述系统进一步包括 宽带接入服务器, 所述邻居通告消息目标链路层地址选项域为宽带接入服务器 的 MAC地址。  7. The IPv6 access system of claim 6, wherein the system further comprises a broadband access server, and the neighbor advertisement message target link layer address option field is a MAC address of the broadband access server.
8、 一种用于 Ipv6用户接入的重复地址检测代理单元,包括:  8. A duplicate address detection proxy unit for Ipv6 user access, comprising:
若干接口单元:接收来自本接口单元相连的网络节点产生的用于重复地址 请求的邻居请求消息;  a plurality of interface units: receiving a neighbor request message generated by a network node connected to the interface unit for a duplicate address request;
接口地址线路表: 用于保存接口单元中网络节点的网络地址配置信息; 控制单元: 提取邻居请求消息中的暂定地址信息, 并在接口地址线路表中 进行査找, 当所述暂定地址已经被使用, 则构造邻居通告消息, 通知产生的该 邻居请求消息的相应接口单元, 否则, 在接口地址线路表中添加该暂定地址配 置信息。  Interface address line table: used to save network address configuration information of the network node in the interface unit; control unit: extract tentative address information in the neighbor request message, and perform lookup in the interface address line table, when the tentative address has been When used, a neighbor advertisement message is constructed to notify the corresponding interface unit of the generated neighbor request message. Otherwise, the tentative address configuration information is added in the interface address line table.
9、 如权利要求 8 所述的重复地址检测代理单元, 其特征在于: 所述接口 地址线路表包括网络节点 IP地址、 MAC地址信息;  9. The duplicate address detecting proxy unit according to claim 8, wherein: the interface address line table includes network node IP address and MAC address information;
10、 如权利要求 9所述的重复地址检测代理单元, 其特征在于: 所述接口地址线路表进一步包括接口单元信息, 控制单元首先在在产生的 邻居请求消息在其接口单元相对应的网络节点范围内査找, 如果已经被该接口 其他网络节点使用, 控制单元忽略该邻居请求消息。  10. The duplicate address detecting proxy unit according to claim 9, wherein: the interface address line table further comprises interface unit information, and the control unit firstly generates a neighbor request message in a network node corresponding to the interface unit thereof. In-scope lookup, if used by other network nodes on the interface, the control unit ignores the neighbor request message.
11、 如权利要求 8所述的重复地址检测代理单元, 其特征在于: 控制单元 在添加该暂定地址配置信息前, 设置一段等待时间, 以进一步接收并判断其他 的网络节点可能的对该暂定地址请求。 11. The duplicate address detecting proxy unit according to claim 8, wherein: the control unit sets a waiting time before adding the tentative address configuration information to further receive and judge other The network node may request the tentative address.
PCT/CN2006/001708 2005-07-19 2006-07-17 A method for duplicate address detection in the two-layer access network supporting ipv6 and a system thereof WO2007009367A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2005100278732A CN1901551A (en) 2005-07-19 2005-07-19 Repeat address detecting method and its device for supporting IPv6 two layer access net
CN200510027873.2 2005-07-19

Publications (1)

Publication Number Publication Date
WO2007009367A1 true WO2007009367A1 (en) 2007-01-25

Family

ID=37657287

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/001708 WO2007009367A1 (en) 2005-07-19 2006-07-17 A method for duplicate address detection in the two-layer access network supporting ipv6 and a system thereof

Country Status (2)

Country Link
CN (1) CN1901551A (en)
WO (1) WO2007009367A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8625609B2 (en) 2006-05-19 2014-01-07 Futurewei Technologies Inc. Using DHCPv6 and AAA for mobile station prefix delegation and enhanced neighbor discovery
CN111049918A (en) * 2019-12-19 2020-04-21 国网冀北电力有限公司信息通信分公司 Communication establishment method and device of Internet of things
CN113938427A (en) * 2020-07-08 2022-01-14 中国电信股份有限公司 Communication method and system, and routing node

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247642B (en) * 2007-02-14 2012-12-19 华为技术有限公司 Safety neighbor discovering method, network appliance and mobile station
CN101136948B (en) * 2007-10-22 2011-01-05 中兴通讯股份有限公司 IPv6 repeat address detection method and system
US8488557B2 (en) 2008-01-14 2013-07-16 Alcatel Lucent Method for detecting a duplicate address, mobile station, network element and communication system
CN101547223B (en) 2008-03-26 2012-11-21 华为技术有限公司 Method, device and system for address configuration
CN101764734B (en) * 2008-12-25 2012-12-19 中兴通讯股份有限公司 Method for improving neighbor discovery safety in IPv6 (Internet Protocol Version 6) environment and broadband access equipment
CN101674311B (en) * 2009-10-10 2012-07-04 成都市华为赛门铁克科技有限公司 Address inquiring method, gateway or user device, and server
JP5536225B2 (en) 2009-11-17 2014-07-02 ▲ホア▼▲ウェイ▼技術有限公司 Method, apparatus and system for duplicate address detection proxy
CN101977245A (en) * 2010-01-07 2011-02-16 中兴通讯股份有限公司 Method, network equipment and system for detecting IP (Internet Protocol) address conflict
CN101909091A (en) * 2010-07-22 2010-12-08 华为终端有限公司 Address violation detection method, customer premises equipment and host
CN101951415B (en) * 2010-08-30 2013-10-16 清华大学 Method of increasing safety of address conflict detection process
CN102413194B (en) * 2010-09-20 2015-04-01 中国电信股份有限公司 Node device, network access device as well as address conflict processing method and system
CN102457407B (en) * 2010-10-30 2014-11-05 华为技术有限公司 Method and equipment for detecting IP address conflict in autonomous system
CN102546308B (en) * 2012-02-10 2015-10-07 神州数码网络(北京)有限公司 The method and system of neighbor uni-cast agency is realized based on duplicate address detection
CN102761425B (en) * 2012-07-20 2018-06-12 中兴通讯股份有限公司 Charging method and device
CN102984288B (en) * 2012-11-19 2017-11-17 中兴通讯股份有限公司 A kind of method and system of automatic management IPv6 address conflicts
CN106302844A (en) * 2015-05-28 2017-01-04 国网辽宁省电力有限公司丹东供电公司 Prohibited method and device are reclaimed in a kind of IPv6 address
CN106789288B (en) * 2016-12-29 2021-04-02 上海易杵行智能科技有限公司 Method for intelligently configuring conflict-free static network management address for switch
CN109120741B (en) * 2018-08-27 2020-10-02 南京中兴新软件有限责任公司 Duplicate address detection method and device and computer readable storage medium
WO2020152691A1 (en) * 2019-01-21 2020-07-30 Telefonaktiebolaget Lm Ericsson (Publ) Multi-network internet protocol version 6 (ipv6) duplicate address detection using ethernet virtual private network (evpn)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1458771A (en) * 2002-05-15 2003-11-26 华为技术有限公司 Multicasting messag transmission method base on two layer exchange device
US20040030769A1 (en) * 2002-07-05 2004-02-12 Samsung Electronics Co., Ltd. Apparatus and method for automatically allocating virtual addresses to nodes having same address
US20050036471A1 (en) * 2003-08-13 2005-02-17 Samsung Electronics Co., Ltd. Fast duplicate address detection entity for managing information for fast duplicate address detection in distribution system and fast duplicate address detection method using the same

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1458771A (en) * 2002-05-15 2003-11-26 华为技术有限公司 Multicasting messag transmission method base on two layer exchange device
US20040030769A1 (en) * 2002-07-05 2004-02-12 Samsung Electronics Co., Ltd. Apparatus and method for automatically allocating virtual addresses to nodes having same address
US20050036471A1 (en) * 2003-08-13 2005-02-17 Samsung Electronics Co., Ltd. Fast duplicate address detection entity for managing information for fast duplicate address detection in distribution system and fast duplicate address detection method using the same

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8625609B2 (en) 2006-05-19 2014-01-07 Futurewei Technologies Inc. Using DHCPv6 and AAA for mobile station prefix delegation and enhanced neighbor discovery
CN111049918A (en) * 2019-12-19 2020-04-21 国网冀北电力有限公司信息通信分公司 Communication establishment method and device of Internet of things
CN113938427A (en) * 2020-07-08 2022-01-14 中国电信股份有限公司 Communication method and system, and routing node

Also Published As

Publication number Publication date
CN1901551A (en) 2007-01-24

Similar Documents

Publication Publication Date Title
WO2007009367A1 (en) A method for duplicate address detection in the two-layer access network supporting ipv6 and a system thereof
US8681695B1 (en) Single address prefix allocation within computer networks
KR100908320B1 (en) Method for protecting and searching host in internet protocol version 6 network
US20140325090A1 (en) Discovery and disconnection of client addresses in an access node for an ip network
US8458303B2 (en) Utilizing a gateway for the assignment of internet protocol addresses to client devices in a shared subset
WO2010069181A1 (en) Method and system for configuring ipv6 address
WO2009117960A1 (en) Method for accessing network, authentication method, communication system and related equipment
WO2010072096A1 (en) Method and broadband access device for improving the security of neighbor discovery in ipv6 environment
WO2009117963A1 (en) Address configuring method, apparatus and system
WO2007028306A1 (en) A method for reconstructing the network address in the ipv6 access network
US7761553B2 (en) Method and arrangement in an access system
WO2014047919A1 (en) Address allocation method, device and system
US20130089092A1 (en) Method for preventing address conflict, and access node
JP5241957B2 (en) Method and apparatus for connecting a subscriber unit to an aggregation network supporting IPv6
WO2011131097A1 (en) Data message processing method, system and access service node
WO2013086966A1 (en) Layer 2 inter-connecting method, apparatus and system based on ipv6
JP4186733B2 (en) Communication system, terminal, and address generation method
JP3858884B2 (en) Network access gateway, network access gateway control method and program
US8705471B2 (en) Method and system for implementing ID/locator mapping
JP3994412B2 (en) Network system, network identifier setting method, network connection point, network identifier setting program, and recording medium
JP2005064570A (en) Network system and internetwork apparatus
KR20040011936A (en) Switching apparatus for ethernet having a plurality of vlans and communication method by using same
US8738038B2 (en) Method and system for implementing information interaction in a next generation network
WO2012155424A1 (en) Method and system for multiple address-prefixes assignment
KR101303030B1 (en) Method for operating and searching host in internet protocol version 6 network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06761451

Country of ref document: EP

Kind code of ref document: A1