WO2007124679A1 - Procédé et système de communication en réseau - Google Patents

Procédé et système de communication en réseau Download PDF

Info

Publication number
WO2007124679A1
WO2007124679A1 PCT/CN2007/001314 CN2007001314W WO2007124679A1 WO 2007124679 A1 WO2007124679 A1 WO 2007124679A1 CN 2007001314 W CN2007001314 W CN 2007001314W WO 2007124679 A1 WO2007124679 A1 WO 2007124679A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
access
frame header
uplink
ethernet frame
Prior art date
Application number
PCT/CN2007/001314
Other languages
English (en)
Chinese (zh)
Inventor
Zhenting Yang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007124679A1 publication Critical patent/WO2007124679A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling

Definitions

  • the present invention relates to the field of communications, and in particular, to a user access information providing method, a network communication method, a system, and a node device.
  • Ethernet has become one of the most popular solutions due to its low cost, easy deployment and good scalability. In fact, more than 4 operators currently implement Ethernet services on the metro network.
  • the large-scale deployment of Ethernet technology in metropolitan area networks and access aggregation networks is bound to face and solve many difficult problems, such as breaking the limit of 4096 VLANs (Virtual LANs), transparent LAN (Local Area Network, LAN) Network security issues such as service connection, quality of service guarantee, MAC address spoofing, DOS attack, etc.
  • VLAN Virtual LANs
  • LAN Local Area Network
  • Mac-in-Mac defines the format standard for the two-layer MAC stack, and encapsulates the carrier's Ethernet frame header in addition to the user data frame, since Mac-in-Mac completely shields the user.
  • Side information (such as MAC address, user VLAN, and generation t) implements transparent transmission of user data, improves operator network scalability and network security, and enhances service scalability.
  • Mac-in-Mac uses Layer 2 technology, without complex signaling mechanisms, and low equipment costs, network construction, and operation and maintenance costs. It can be seen that Mac-in-Mac technology provides MAC address isolation for user networks and carrier networks, seamless transparent transmission of user network control protocols, easy differentiation of service quality, and good network deployment scalability. Ethernet-based Mac- The in-Mac technology will be an effective solution to the problem of access aggregation networks.
  • P-MAC DA/SA Provider Destination/Source MAC Address, carrier destination/source MAC address
  • P-TAG Provider Tag, carrier label
  • P-ServiceLabel Provider service label, carrier monthly service label
  • P-MAC DA, P-MAC SA, P-TAG, and P-ServiceLabel form a layer of carrier Ethernet frame header, that is, carrier network identifier
  • P-MAC DA and P-MAC SA are mandatory fields
  • P -TAG and P-ServiceLabd are optional fields.
  • the Mac-in-Mac specified by IEEE 802.1ah defines the network boundary node, and the network border node performs the addition and removal of the MAC stack address.
  • the IEEE 802.1ah has great flexibility to implement a hierarchical network.
  • Customer Ethernet Frame User Ethernet frame, such as Ethernet frame in 801.1Q format, Ethernet frame in 802.3 format, etc.
  • the 801.1Q format is shown in Table 2 below:
  • C-MAC DA/SA Customer Destination/Source MAC Address, User Ethernet ⁇ /Source MAC address
  • C-TAG Customer Tag, user Ethernet ⁇ label
  • C-MAC DA, C-MAC SA and C-TAG constitute the user Ethernet frame header
  • C-MAC DA and C-MAC SA are mandatory fields
  • C-TAG is optional field.
  • the IEEE 802.1ah standard defines the system framework of Mac-in-Mac, it does not provide a solution for how to establish a Layer 2 connection channel inside the carrier network, especially the simple solution for establishing a connection channel for accessing the aggregation network application Mac-in-Mac. .
  • the IP DSLAM Digital Subscriber Line Access Multiplexer
  • the IP DSLAM uses Ethernet technology as the uplink interface transmission technology
  • the user PVC (Permanent Virtual Circuit) Access information such as ) and / or port can only be provided by the Ethernet VLAN ID (VLA identifier), and the range of VLAN ID is only 4096 in the IEEE protocol, so in more than 4 cases, the authentication is set.
  • the device can only obtain the fuzzy VLAN ID (the VLAN ID shared by multiple users).
  • the loss of user access information will bring many security problems to the operating broadband telecommunication network.
  • the provision of user access information is already the development of IP DSLAM. One of the urgent problems to be solved.
  • DHCP Option 82 Dynamic Host Configuration Protocol 82
  • PPPoE+ Point to Point Protocol over Ethernet
  • DHCP Option 82 and PPPoE+ can only be used in a unique scenario, that is, users can provide user access information when they use DHCP or PPPoE. They cannot provide a solution that adapts to various scenarios, and user location and location based on DHCP Option 82 and PPPoE+.
  • the location provided by the delivery solution is one-off and does not provide user access information at runtime.
  • the embodiment of the invention provides a network communication method and system, which provides an easy deployment solution for the MAC stack application, and implements MAC address isolation between the user network and the operator network through the MAC technology, and solves the MAC address of the Ethernet access network. Security issue.
  • the embodiment of the invention further provides a method for providing user access information, which provides user access information during operation, which facilitates management of the user by the authentication device.
  • the embodiment of the present invention further provides an access node and a sink node, which implement MAC address isolation between the user network and the carrier network through the MAC technology, and solve the security problem of the MAC address of the Ethernet access network.
  • the access node receives the uplink packet from the user, and adds the carrier Ethernet frame header to send the uplink packet;
  • the access aggregation node receives the uplink packet, removes the carrier Ethernet frame header in the uplink packet, and transmits the uplink packet to another network.
  • a secure transmission channel that is, a MAC stack tunnel, implements MAC address isolation between the user network and the carrier network, so that the carrier network does not need to perceive the user's MAC address, effectively solving the problem.
  • a method for providing user access information provided by the embodiment of the present invention includes:
  • Ethernet frame header including the user access information is added to the uplink packet at the access node, the Ethernet frame header including the user access information is analyzed at the access aggregation node to obtain the user access information, thereby simplifying The way to solve the problem of user access information provision. Since each uplink packet contains user access information, user access information can be provided in various scenarios.
  • a network communication system provided by an embodiment of the present invention includes: an access node and an access aggregation node connected through an Ethernet;
  • the access node is configured to receive an uplink message from the user, add a carrier Ethernet frame header to the received uplink message, and then send the uplink message to the Ethernet;
  • the access aggregation node is configured to remove the operator Ethernet frame header in the uplink message from the Ethernet, and transmit the uplink message to another network.
  • the network communication system in the embodiment of the present invention adopts an operator Ethernet frame header in an uplink packet at an access node, and an operator Ethernet frame header is deleted at an access aggregation node, thereby being in an Ethernet access node and
  • a secure transmission channel that is, a MAC stack tunnel, is established between the access aggregation nodes to implement MAC address isolation between the user network and the carrier network, so that the carrier network does not need to perceive the user's MAC address, thereby effectively solving the Ethernet access.
  • a receiving unit configured to receive an uplink message from the user and a downlink message from the Ethernet network, where the sending unit is configured to send the uplink message to the Ethernet, and send the downlink message to the user ;
  • An Ethernet frame header adding unit is configured to add an operator Ethernet frame header to the uplink message received by the receiving unit.
  • a receiving unit configured to receive an uplink packet from the local Ethernet network to which the access aggregation node belongs Downlink messages from other Ethernet networks;
  • a sending unit configured to send the uplink packet to the other Ethernet, and send the downlink packet to the local Ethernet
  • An Ethernet frame header adding unit is configured to add an operator Ethernet frame header and/or a user Ethernet frame header to the downlink packets of the other Ethernet.
  • the access node and the access aggregation node provided by the embodiment of the present invention implement MAC address isolation between the user network and the operator network through the MAC technology, and solve the security problem of the MAC address of the Ethernet access network.
  • FIG. 1 is a flowchart of a network communication method according to an embodiment of the present invention.
  • FIG. 2 is a schematic diagram showing the implementation of a network communication method according to an embodiment of the present invention.
  • 3A is a schematic diagram of networking of a network communication system, a user equipment, and other networks according to an embodiment of the present invention
  • 3B is a logic block diagram of a network communication system according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of an automatic allocation process of a source MAC address of an operator in an embodiment of the present invention
  • FIG. 5 is a schematic block diagram of an access node according to an embodiment of the present invention.
  • FIG. 6 is a flowchart of an access node processing an uplink packet in an embodiment of the present invention.
  • FIG. 7 is a flowchart of processing, by an access node, a downlink packet according to an embodiment of the present invention.
  • FIG. 8 is a schematic block diagram of an access aggregation node according to an embodiment of the present invention.
  • FIG. 9 is a flowchart of processing an uplink packet by an access aggregation node according to an embodiment of the present invention.
  • FIG. 10 is a flowchart of processing a downlink packet by an access aggregation node according to an embodiment of the present invention
  • FIG. 11 is a flowchart of an embodiment of a method for providing user access information according to an embodiment of the present invention. detailed description
  • FIG. 1 is a flow chart of a network communication method according to an embodiment of the present invention.
  • the method includes the following steps: 101.
  • An access node receives an uplink message from a user.
  • 102. The access node automatically adds a carrier Ethernet frame header to the received uplink packet, and then sends an uplink packet.
  • the access node generates a first field of the carrier Ethernet frame header according to the access information of the user, and generates a second field of the carrier Ethernet frame header by using the uplink forwarding parameter table.
  • the user's access information may be user location information and/or user identity, and may be other information that uniquely identifies the user.
  • the user location information includes at least one of the following: an identifier of the access node, a slot number of the user access board, a port number accessed by the user, and a logical link number accessed by the user; the user identifier includes at least one of the following: The IP address of the incoming user, the MAC address of the access user, the partial field of the EP address of the access user, the partial field of the MAC address of the access user, the user account of the access user, and a specified value of the access user. .
  • the access node generates the code of the first field of the carrier Ethernet frame header according to the access information of the user, including the carrier source MAC address of the uplink packet; the access node generates the carrier Ethernet by searching or adapting the uplink forwarding parameter table.
  • the encoding of the second field of the frame header includes the carrier's destination MAC address of the uplink packet; where, the uplink is the direction that the user sends to the access node.
  • the uplink is transmitted in the Ethernet.
  • the access aggregation node removes the carrier Ethernet frame header in the uplink packet from the Ethernet, and transmits the uplink packet to another network, such as an IP network, an Ethernet, or the like.
  • the access aggregation node also needs to remove the user Ethernet frame header from the uplink of the Ethernet.
  • the user access information may be obtained by parsing the code of the first field of the carrier Ethernet frame header.
  • a downlink from the access aggregation node in another network ⁇ Gen increase Carrier Ethernet packet header and / or user Ethernet header.
  • the Ethernet frame header includes: a destination MAC address and a source MAC address, and may further include: a VLAN tag and/or a type and/or a Service Label.
  • the access node is a broadband access device in a broadband network.
  • the access node transmits the downlink message to the user by checking the access node downlink forwarding parameter table.
  • the access node adds a corresponding field of the carrier Ethernet frame header to the uplink message from the user by checking the access node uplink forwarding parameter table.
  • the corresponding field includes the ViAC address of the upstream message carrier.
  • the access node uplink forwarding parameter table is a forwarding parameter table that includes an operator destination MAC address of the uplink packet and a user correspondence relationship.
  • the access node converts the access information of the access user into the same encoding as the MAC address encoding format; the access node automatically uses the above-mentioned encoding including the access user access information as the carrier source MAC of the MAC address stack application.
  • the carrier's destination MAC address of the uplink packet may be configured at the access node according to at least one of the following rules:
  • the carrier's destination MAC address of the uplink packet is configured for the logical link of each port of the access node, and all the packet services on the logical link of the port share the carrier's destination MAC address of the uplink packet.
  • the destination MAC address of the carrier that configures the upstream packet is the uplink forwarding parameter table of the carrier's destination MAC address to the access node.
  • the access node uplink forwarding parameter table may be configured at the access node by using at least one of the following rules, where the access node uplink forwarding parameter table is used to establish a mapping between the carrier's destination MAC address of the uplink packet and the user of the uplink packet. Relationship:
  • the method further includes the following steps:
  • the access node generates an access node uplink forwarding parameter table according to the carrier destination MAC address of the uplink message of the user and the user destination MAC address of the uplink message.
  • the downlink direction refers to the direction of the packet sent from the access node to the user or the direction of the packet sent by the access aggregation node to the user.
  • the operator that refreshes the uplink packet The destination MAC address of the destination MAC address and the uplink destination packet of the uplink packet in the upstream forwarding parameter list of the access node; if the destination MAC address of the upstream packet and the destination destination MAC address of the uplink packet are forwarded by the access node If the parameter table already exists but is inconsistent, the access node uplink forwarding parameter table is updated; and if the destination MAC address of the uplink message and the user destination MAC address of the uplink message do not exist in the uplink forwarding parameter table of the access node, Then, in the access node uplink forwarding parameter table, a mapping item of the carrier's destination MAC address of the uplink packet and the user destination MAC address of the uplink text is added.
  • the access node actively maintains an aging mechanism of the uplink forwarding parameter table of the access node. If the access node uplink forwarding parameter table entry of the carrier's destination MAC address of the uplink packet and the user destination MAC address of the uplink packet is not updated or refreshed within the specified period, the access node forwards the parameter from the access node. In the table, the carrier's destination MAC address of the upstream packet and the destination destination MAC address of the uplink text are deleted.
  • the access node can manage and maintain the user MAC address of the user in at least one of the following ways:
  • the user MAC address is configured on the access node; the access node learns the user's MAC address according to the uplink information of the user, and dynamically learns the user MAC address.
  • the user MAC address is maintained and managed by the aging mechanism.
  • the user MAC address is the user source MAC address of the uplink packet.
  • the user MAC address exists in the downlink forwarding parameter table of the access node.
  • the processing procedure of the access node processing the uplink packet is as follows: The access node receives the uplink packet from the user; the access node generates the carrier source of the uplink packet according to the source MAC address generation rule of the operator. The MAC address is obtained by the access node to find the uplink forwarding parameter table of the access node to obtain the destination MAC address of the carrier of the uplink packet.
  • the packet is processed according to the configuration policy, where the configuration policy includes At least one of the following: discards the packet, the carrier MAC address of the default upstream packet is the broadcast address of all Fs, and the default The destination MAC address of the carrier of the uplink packet is the specified default MAC address; the access node obtains the carrier label of the carrier tunnel header in the uplink direction; and the access node increases the carrier Ethernet according to the carrier Ethernet frame header forwarding. Ethernet header of the frame header.
  • the processing procedure of the access node processing the downlink packet is as follows: The access node receives the packet with the carrier Ethernet frame header sent from the upper layer device to the user; the access node removes the packet. The carrier Ethernet frame header; the access node searches the access node downlink forwarding parameter table according to the destination MAC address of the packet to obtain the port link or logical link where the user is located, and then sends the packet to the user.
  • the access aggregation node processes the downlink packet by using the user access address table, where the user access address table includes the source MAC address of the carrier of the uplink packet and the source MAC address of the user of the uplink packet. Correspondence between the source MAC address of the carrier or the source MAC address of the uplink packet and the IP address of the user.
  • the user access address table is in the form of static configuration or dynamic learning.
  • the access aggregation node can obtain the user's IP address or the user source MAC address of the uplink packet by using an address resolution protocol (ARP) packet.
  • ARP address resolution protocol
  • the source MAC address of the carrier of the uplink packet is obtained from the carrier source MAC of the uplink packet of the operator of the Ethernet frame header of the Ethernet frame header of the address resolution protocol packet.
  • the access aggregation node can manage the source MAC address of the carrier of the uplink packet in the following manner: Configuration mode, configuring the source MAC address of the carrier of the uplink packet to the designation of the access aggregation node On the link, the downlink source packet is forwarded by the source MAC address of the upstream packet.
  • Configuration mode configuring the source MAC address of the carrier of the uplink packet to the designation of the access aggregation node
  • the downlink source packet is forwarded by the source MAC address of the upstream packet.
  • the access aggregation node learns the source MAC address of the uplink packet according to the uplink user packet, and learns the uplink.
  • the source MAC address of the carrier is used as the basis for forwarding the downlink packets of the user.
  • the source MAC address of the carrier of the uplink packet is the destination MAC address of the carrier of the downlink packet.
  • the step of the access aggregation node processing the uplink Ethernet packet includes removing the Ethernet frame header in the uplink.
  • the access aggregation node processes the downlink packet by using the following process: the downlink packet is a packet from the access aggregation node to the user: the access aggregation node receives the IP packet or the Ethernet packet sent to the user; Destination IP or user MAC address to find the user access location
  • the address table obtains the destination MAC address of the carrier of the downlink packet and/or the destination destination MAC address of the downlink packet; adds the Ethernet frame header of the user and/or the Ethernet frame header of the operator in the downlink message; The user's Ethernet frame header and the carrier's Ethernet frame header.
  • FIG. 2 is a schematic diagram showing the implementation of a network communication method according to an embodiment of the present invention.
  • the transmission path from an access node (AN) to an access aggregation node is called an access aggregation network.
  • the process of processing the uplink packet in the access aggregation network is as follows: the user terminal sends an uplink packet to the access node, and adds a carrier Ethernet frame header to the uplink packet by using a policy such as a table lookup at the access node, for example, , P-MAC DA and P-MAC SA, etc.
  • the uplink packet of the carrier Ethernet frame header is transmitted in the Ethernet network by means of the carrier Ethernet frame header.
  • the access aggregation node terminates the Ethernet packet and simultaneously accesses the packet.
  • the aggregation node can obtain user access information from the Ethernet frame header and then transmit the message to an IP network or other network, such as an Ethernet or VPN (Virtual Private Network).
  • the process of processing the downlink packet in the access aggregation network is as follows:
  • the IP edge node receives the downlink packet sent to the user from the IP network, and adds the Ethernet frame header of the user to the downlink packet by checking the user access address table. / or the carrier's Ethernet frame header, and then the downlink ⁇ 1 ⁇ text is transmitted to the access aggregation network.
  • the downlink packet of the carrier Ethernet frame header is transmitted in the Ethernet network by means of the carrier Ethernet frame header.
  • the access node removes the carrier Ethernet frame header and then passes Check the downlink forwarding parameter table and other policies to send downlink packets to the user.
  • FIG. 3A is a schematic diagram of networking of a network communication system, a user equipment, and other networks according to an embodiment of the present invention:
  • the user equipment 21 accesses the Ethernet 301 through the access node 302 in the network communication system 30 of the embodiment of the present invention, and adds the uplink packet sent by the user to the carrier Ethernet frame header in the access node 302. Then, the uplink packet with the carrier Ethernet frame header is transmitted to the access aggregation node 303 in the network communication system 30 of the embodiment of the present invention through the Ethernet 301, and the access aggregation node 303 removes the Ethernet from the aggregation node 303.
  • the carrier Ethernet frame header in the uplink packet can also obtain user access information from the carrier Ethernet frame header in the uplink packet, and transmit the uplink packet to the other network 22.
  • the other network 22 may be an Ethernet network of another carrier or an IP network. If it is IP For the network, the access aggregation node 303 also needs to remove the user Ethernet frame header from the uplink temple of the Ethernet.
  • the carrier Ethernet frame header is added to the downlink information, or the carrier Ethernet frame header is added at the same time.
  • the user Ethernet frame header is then transmitted to the access node 302 via the Ethernet 301; the access node removes the carrier Ethernet frame header in the downlink message from the Ethernet network, and transmits the downlink message header.
  • the access node is a broadband access device in the broadband network.
  • Figure 3B shows a logical block diagram of a network communication system in accordance with an embodiment of the present invention:
  • the access node 302 includes: a mapping module 321, a carrier Ethernet frame header generating module 322, and an uplink packet encapsulating module 323.
  • the mapping module 321 is configured to store an access node uplink forwarding parameter table.
  • the carrier Ethernet frame header generating module 322 is configured to generate a carrier Ethernet frame header, including generating an operator Ethernet frame according to the user access information.
  • the carrier source MAC address field in the header and generates an operator destination MAC address field in the carrier Ethernet frame header by looking up the access node uplink forwarding parameter table;
  • the uplink packet encapsulating module 323 is configured to generate the generated operation
  • the MPLS Ethernet frame header is added to the uplink packet received by the access node.
  • the user's access information includes: user location information, and/or user identification, and/or other information that uniquely identifies the user.
  • the user location information includes at least one of the following: an identifier of the access node, a slot number of the board accessed by the user, a port number accessed by the user, and a logical link number accessed by the user;
  • the user identifier includes at least one of the following: The IP address of the access user, the MAC address of the access user, the partial field of the IP address of the access user, the partial field of the MAC address of the access user, the user account of the access user, and a specified user of the access user. value.
  • the access node compiles the user's access information into a 48-bit location information code according to the coding format of the MAC address.
  • the location information coding includes: an index of information required by the one or more of the broadband access device number, the device frame number, the slot number, and the port number, and the user's IP address, the user's MAC address, and the priority.
  • the access node automatically uses the above-mentioned code including the access information of the access user as the carrier source MAC of the MAC address stack application.
  • FIG. 4 is a flowchart of a process for automatically allocating a source MAC address of an operator in an embodiment of the present invention, including the following steps:
  • the network access device converts the identifier of the access user and/or the location information of the access user into an encoding that is the same as the encoding format of the MAC address.
  • the network access device automatically uses the foregoing encoding of the access information of the access user as the carrier source MAC of the MAC address stack application.
  • the user's access information may be an access user identifier and/or an access user location information.
  • the access user identifier includes an access user identity index.
  • the access user identity index includes at least one of the following: an IP address of the access user, a MAC address of the access user, a part of the IP address of the access user, a part of the MAC address of the access user, and a user account of the access user. And a specified value of the access user.
  • the access user location information includes at least one of the following: an identifier of the network access device that the user accesses the network, a frame number that the user accesses on the network access device, and a user board slot that the user accesses on the network access device.
  • the identifier of the network access device includes at least one of the following: an IP address of the network access device, a name of the network access device, a device identifier configured for the network entry device, a MAC address of the network access device, or a partial word in the MAC address. Section, and part of the MAC address or MAC address configured for the network access device. The identity of the access user and/or the correspondence between the location information of the access user and the MAC code is configured in the network access device.
  • the MAC address stack includes Mac-in-Mac.
  • the access user identity may be the user's IP address or a part of the user's MAC address or user IP address or a part of the user's MAC address or an account number or a specified value. Any combination between them may be combined. Configured in the access device.
  • the access user location information refers to the access location of the network where the user is located, including the identifier of the network access device that the user accesses the network, the slot number of the user interface board that the user accesses the device on the network, and the user access user.
  • the port number of the interface board which can also contain the logical link number.
  • the identifier of the network access device includes: an IP address of the device, a name of the device, a configured device identifier, a MAC address of the device, and a configured MAC address segment.
  • the access node is configured with one or more MAC address segments, such as: MAC address segment: OxOOEO-FCl 1-0000, MASK: 0xFFFF-FFFF-0000, the MAC address segment can identify the access segment.
  • the MAC address segment can be configured according to the network plan; the access node automatically combines the user's node user location information with the configured MAC address segment to generate the P-MAC SA of the user's Mac-in-Mac tunnel.
  • the user's node location information can be identified as follows: frame number / slot number / subslot / port number + [vpi, vci] + [vlan], frame number / slot number / subslot / port number + [vpi, vci] , frame number / slot number / subslot / port number + [vlan], frame number / slot number / subslot / port number, etc., node user location information is encoded according to a certain format, the length of the code is the length of the MAC segment allocation .
  • the frame number/slot number/sub-slot/port number is 0/1/0/63 format is 203f
  • the user's P-MAC SA is 0x00E0-FCll-203F
  • 0x00E0-FCll-203F can identify the user.
  • the P-MAC SA is an operator source MAC of the uplink packet.
  • the P-MAC DA of the uplink packet of the access node user can be generated by the following rules:
  • the network administrator can configure the P-MAC DA of the uplink packet on the access node.
  • the configuration method can be flexibly configured. For example, one access node uniformly configures an uplink packet for P-MAC DA, and all users share the uplink packet.
  • the P-MAC DA of the text is configured according to the port, and one port is configured with a P-MAC DA of the uplink packet, and all the packet services in the port share the P-MAC DA of the uplink packet, according to the port link configuration, one port
  • the logical link is configured with a P-MAC DA of the uplink packet, and all the packet services on the link share the P-MAC DA of the uplink packet.
  • the foregoing configuration is not mutually exclusive and can be used in combination.
  • the access node saves the P-MAC DA of the uplink packet to the uplink forwarding parameter list of the access node according to the actual configuration policy.
  • the network administrator can configure the uplink P-MAC DA and the uplink C-MAC DA uplink forwarding parameter list in the access node, and the configuration method can be flexibly configured, for example:
  • the parameter list is configured according to the port configuration, and one port is configured with an uplink P-MAC DA and an uplink C-MAC DA access node uplink forwarding parameter table, and all the packet services in the port share the uplink P-MAC DA and the uplink C- MAC DA access node uplink forwarding parameter table, according to port link configuration, one port logical link is configured with one or more uplink P-MAC DA and uplink C-MAC DA access node uplink forwarding parameter table, in the port All the packet services on the link share the uplink forwarding parameter table of the access nodes of the uplink P-MAC DA and the uplink C-MAC DA.
  • These configurations are not mutually exclusive.
  • the access node saves the uplink P-MAC DA and the uplink C-MAC DA in the access node uplink forwarding parameter table according to an actual configuration policy.
  • the access node learns the user's uplink P-MAC DA and uplink according to the downlink packet.
  • the uplink forwarding parameter table of the access node of the C-MAC DA refers to the direction from the access node to the user or the direction of the aggregation node to the access node.
  • the access node learns the P-MAC SA and the C-MAC SA of the downlink packet, and the P-MAC SA of the downlink packet is the P-MAC DA of the user uplink, and the C-MAC of the downlink packet.
  • the SA is the uplink C-MAC DA of the user. If the uplink P-MAC DA and the uplink C-MAC DA have already existed and are consistent in the uplink forwarding parameter table of the access node, the state is refreshed, if the uplink P-MAC DA and the uplink C- The MAC DA has already existed but is consistent in the access node uplink forwarding parameter table, and then updates the uplink P-MAC DA and the uplink C-MAC DA access node uplink forwarding parameter table. If not, the uplink P-MAC DA is added. And the uplink node of the uplink C-MAC DA forwards the parameter table item.
  • the access node actively maintains the aging mechanism of the uplink forwarding parameter list of the access node of the uplink P-MAC DA and the uplink C-MAC DA, and uplinks the uplink node of the uplink P-MAC DA and the uplink C-MAC DA in the specified period.
  • the parameter table item is not updated or refreshed, and the access node deletes the uplink forwarding parameter list item of the access node of the uplink P-MAC DA and the uplink C-MAC DA.
  • the access node moves the uplink P-MAC DA and the uplink C-MAC DA access node to forward the parameter table.
  • the learning form is flexible. For example: Based on the node learning, all users in the node share the uplink P-MAC DA and uplink. Dynamic mapping of C-MAC DA, based on port learning, all access nodes in the port manage and maintain the user's MAC address (downlink C-MAC DA, also known as uplink C-MAC SA) table, management and maintenance process with ordinary Ethernet The MAC address of the switch management user is the same. There are two ways:
  • the access node learns the user's MAC address (downstream C-MAC DA, that is, the uplink C-MAC SA) according to the uplink packet of the user, and the dynamically learned MAC address maintains and manages the user's MAC address table through the aging mechanism.
  • FIG. 5 is a schematic block diagram of an access node according to an embodiment of the present invention.
  • the access node includes a receiving unit 51, a transmitting unit 52, and an Ethernet frame header adding unit 53.
  • the receiving unit 51 is configured to receive an uplink packet from the user and a downlink packet from the Ethernet network, where the sending unit 52 is configured to send the uplink packet to the Ethernet, and send the downlink packet.
  • the Ethernet frame header adding unit 52 is configured to add a carrier Ethernet frame header to the uplink information received by the receiving unit 51.
  • the Ethernet frame header adding unit 53 can be implemented by using the principle shown in FIG. 5, including: a mapping module 531, a carrier Ethernet frame header generating module 532, and an uplink packet encapsulating module 533.
  • the mapping module 531 is configured to store an access node uplink forwarding parameter table.
  • the carrier Ethernet frame header generating module 532 is configured to generate a carrier Ethernet frame header, and generate an operator Ethernet according to the access information of the user.
  • the carrier source MAC address field in the frame header, and the operator destination MAC address field in the carrier Ethernet frame header is generated by searching the access node uplink forwarding parameter table; the uplink packet encapsulation module 533 is configured to generate the The carrier Ethernet frame header is added to the uplink message received by the access node.
  • the user's access information includes: user location information, and/or user identification, and/or other information that uniquely identifies the user.
  • the user location information includes at least one of the following: an identifier of the access node, a slot number of the board accessed by the user, a port number accessed by the user, and a logical link number accessed by the user;
  • the user identifier includes at least one of the following: The IP address of the access user, the MAC address of the access user, the partial field of the IP address of the access user, the partial field of the MAC address of the access user, the user account of the access user, and a specified user of the access user. value.
  • the access node may also process the received downlink text from the Ethernet network through its internal carrier Ethernet header removal unit 54 to remove the carrier Ethernet in the downlink packet. Net frame header.
  • the carrier Ethernet frame header removing unit 54 passes the processed user>3 ⁇ 4 text to the transmitting unit 52, and the transmitting unit 52 transmits the message to the user.
  • FIG. 6 is a flowchart of processing performed by an access node in an uplink direction (a user sends an access node) message according to an embodiment of the present invention.
  • the process flow includes the following steps: Step 601: The user access node receives the user packet.
  • Step 602 Generate an uplink P-MAC SA of the packet according to an uplink P-MAC SA generation rule of the Mac-in-Mac tunnel.
  • Step 603 Search for an uplink P-MAC DA of the packet by using an uplink forwarding parameter of the access node according to the configuration policy. If the uplink P-MAC DA fails to be processed, the packet is processed according to the configured policy, such as: discarding the user packet, or the uplink P-MAC DA defaults to the broadcast address of all Fs, and the uplink P-MAC DA defaults to the specified MAC address;
  • Step 604 Obtain other field data of the uplink carrier tunnel header, such as a P-TAG, according to the configured policy.
  • Step 605 The access node adds the obtained carrier tunnel header data to the received user packet header.
  • Step 606 The access node performs some other necessary processing on the packet, for example, performing assignment and/or mapping processing on the service label and/or the P-TAG.
  • Step 607 The Ethernet packet of the carrier Ethernet frame header is added according to the carrier Ethernet frame header forwarding.
  • FIG. 7 is a flowchart of a process for an access node to process a downlink packet according to an embodiment of the present invention. The process flow includes the following steps:
  • Step 701 The user access node receives a downlink packet that is sent by the upper-layer device to the user and has an operator Ethernet frame header.
  • Step 702 Remove the Mac-in-Mac tunnel information data of the downlink packet, such as a carrier Ethernet frame header.
  • Step 703 Obtain a link where the user (downlink C-MAC DA) is located according to the downlink C-MAC DA lookup entry of the packet (the downlink forwarding parameter table of the access node), and then perform some necessary processing according to the policy, for example, the service label And/or P-TAG for assignment and/or mapping processing;
  • Step 704 Forward the user packet to the port link or logical link where the user is located.
  • the method for obtaining the association relationship between the access aggregation node (IP Edge node) uplink P-MAC SA (downlink P-MAC DA) and the uplink C-MAC SA (downlink C-MAC DA) is as follows:
  • IP Edge node Configure the access aggregation node (IP Edge node) to configure the association between the uplink P-MAC SA and the uplink C-MAC SA or the relationship between the uplink P-MAC SA and the uplink C-MAC SA and the user IP address. Joint relationship
  • the access aggregation node dynamically learns the association between the uplink P-MAC SA and the uplink C-MAC SA or the association between the uplink P-MAC SA and the uplink C-MAC SA and the user IP address through the protocol. Relationships, such as the ARP protocol, the access aggregation node resolves the ARP protocol packets with the user, and obtains the user's IP, the user's MAC (uplink C-MAC SA), and the uplink P-MAC SA through the ARP packet.
  • the ARP entry of the aggregation node needs to be augmented as the user access address table.
  • the IP address of the user or the MAC address of the user (uplink C-MAC SA) or the uplink P-MAC SA needs to be recorded, but the ARP protocol does not need to be modified.
  • the upstream P-MAC SA is obtained from the carrier Ethernet frame header of the Ethernet frame header of the ARP packet.
  • IP Edge node IP Edge node
  • P-MAC DA upstream P-MAC SA
  • Dynamic learning As with the normal Ethernet MAC address learning mechanism, the access aggregation node learns the uplink P-MAC SA according to the uplink user packet, and the learned uplink P-MAC SA is used for user downlink packet forwarding.
  • FIG. 8 is a schematic block diagram of an access aggregation node according to an embodiment of the present invention:
  • the access aggregation node includes: a receiving unit 81, a transmitting unit 82, and an Ethernet frame header adding unit 83.
  • the receiving unit 81 is configured to receive an uplink packet from the local Ethernet network to which the access aggregation node belongs and a downlink packet from another Ethernet.
  • the sending unit 82 is configured to send the uplink packet to the other packet. Ethernet, and sending the downlink packet to the local Ethernet;
  • the Ethernet frame header adding unit 83 is configured to add a carrier Ethernet frame header and/or a user Ethernet frame to the other Ethernet downlink packets. head.
  • the Ethernet frame header adding unit 83 reference may be made to the Ethernet frame header adding unit 53 in the access node of the embodiment of the present invention shown in FIG.
  • an operator Ethernet frame header removing unit 84 may be further disposed in the access aggregation node, for removing the carrier Ethernet frame header in the uplink message.
  • FIG. 9 is a flowchart of processing an uplink packet by an access aggregation node according to an embodiment of the present invention. The process flow includes the following steps:
  • Step 901 The IP Edge node receives the uplink Ethernet packet of the user.
  • Step 902 processing a user's Ethernet message, such as removing an Ethernet frame header (user Ethernet frame header and / or carrier Ethernet frame header);
  • the IP Edge node can obtain the access information of the user from the carrier Ethernet frame header.
  • Step 903 Forward the processed user packet to the corresponding IP network or other network (such as Ethernet, VPN, etc.) according to the destination IP or Ethernet frame header.
  • IP network or other network such as Ethernet, VPN, etc.
  • FIG. 10 is a flowchart of processing a downlink packet by an access aggregation node according to an embodiment of the present invention. The process flow includes the following steps:
  • Step 1001 The IP Edge node receives the IP address or other message that needs to be sent to the user.
  • Step 1002 Search for the user access address table according to the destination IP address or the user MAC address, and obtain the downlink P-MAC DA and the downlink C- MAC DA;
  • Step 1003 Add a user's Ethernet frame header and an operator's Ethernet frame header according to the configured policy.
  • Step 1004 Find a downlink P-MAC DA entry according to the downlink P-MAC DA to obtain a destination port, and then perform some other necessary processing, for example, assigning a service label and/or a P-TAG, and sending an Ethernet with a user.
  • the header of the frame header and the carrier's Ethernet frame header is the header of the frame header and the carrier's Ethernet frame header.
  • FIG. 11 is a flowchart of a method for providing user access information according to an embodiment of the present invention. The method includes the following steps:
  • the access node acquires user access information.
  • the access node may extract the user access information from the received packet containing the user access information
  • the access node converts the obtained user access information into an information code of a predetermined format.
  • the user access information may be converted into a MAC address encoding format, or an 802.1 Q tag format, or a service tag format information according to an application environment requirement. coding.
  • the corresponding field includes a MAC address field or an 802.1Q Tag field or a service label field;
  • the access information of the user includes at least one of the following: an identifier of the access device accessed by the user, a frame number accessed by the user on the access device, and the user accessing the access device.
  • the predetermined format is a corresponding field coding format in the header.
  • the network access device converts the access information of the accessed user into the same information encoding as the MAC address encoding format or the 802.1Q Tag or Service Label in the packet header. Added headers including Mac-in-Mac headers. The corresponding fields are: P-Mac SA, P-Tag, Service Label, or other corresponding fields. If the new header is Mac-in-Mac, the network access device receives 4 messages from the user and adds a Mac-in-Mac header to the user's access information and Mac-in-Mac. The P-Mac SA in the text corresponds.
  • the network access device receives the message from the user and adds a Mac-in-Mac packet header to the user's access information and the Mac-in-Mac message.
  • the P-Mac SA in the middle corresponds to the P-tag.
  • the network access device is a broadband access device in a broadband network. The correspondence between the user's access information and the information encoding is configured in the broadband access device.
  • the network access device compiles the user's access information into a 48-bit MAC code according to the encoding format of the MAC address.
  • the access information coding includes: an index of one or more information required to mark the user's location in the broadband access device number, the device frame number, the slot number, and the port number; and the MAC address, priority, and protocol encapsulation method of the user An index of one or more of the user type, permanent virtual connection identifiers that describe the characteristics of the user.
  • an access node refers to a network device or device or a network element that an operator provides access to a user
  • the user access node mentioned in the present invention refers to a user that is closest to the user.
  • An access network node capable of providing the above functions of the present invention such as: DSLAM, LANSWITCH (Local Area Network Switch), and the like.
  • IP Edge node refers to a network device or device or network element that provides an aggregation function for the access network user. It is located at the edge of the IP network and can provide the aggregation network node of the above functions of the present invention, such as: BRAS (Broadband Remote Access Server), IP ROUTER (Internet Router), LANSWITCH (LAN Switch), BNG (Broadband Network Gateway), and so on.
  • BRAS Broadband Remote Access Server
  • IP ROUTER Internet Router
  • LANSWITCH LAN Switch
  • BNG Broadband Network Gateway

Abstract

La présente invention concerne un procédé et un système de communication en réseau, et le procédé comprend les étapes suivantes: un noeud d'accès ajoute une en-tête de trame Ethernet pour un message en liaison montante d'abonné; ensuite le message en liaison montante est transmis à l'Ethernet; ledit message en liaison montante est transmis dans ledit Ethernet selon ledit en-tête de trame Ethernet ajouté; le noeud de collecte d'accès extrait l'en-tête de trame Ethernet dudit message en liaison montante et transmet ledit message en liaison montante vers un autre réseau. L'invention concerne également un procédé de fourniture d'information d'accès d'abonné. La présente invention peut être utilisée pour résoudre le problème de sécurité d'adresse de commande d'accès au support (MAC) depuis l'Ethernet vers le réseau de collecte.
PCT/CN2007/001314 2006-04-29 2007-04-20 Procédé et système de communication en réseau WO2007124679A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2006100786541A CN101047631A (zh) 2006-04-29 2006-04-29 用户位置信息传递方法、mac地址自动分配方法、网络建立方法及系统
CN200610078654.1 2006-04-29

Publications (1)

Publication Number Publication Date
WO2007124679A1 true WO2007124679A1 (fr) 2007-11-08

Family

ID=38655070

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001314 WO2007124679A1 (fr) 2006-04-29 2007-04-20 Procédé et système de communication en réseau

Country Status (2)

Country Link
CN (1) CN101047631A (fr)
WO (1) WO2007124679A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124566A (zh) * 2021-12-07 2022-03-01 广州尚航信息科技股份有限公司 一种交换机组的网络攻击远程实时监测方法及系统

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101772027A (zh) * 2008-12-31 2010-07-07 华为技术有限公司 为终端分配用户标识的方法及寻呼控制器
CN102377632B (zh) * 2010-08-06 2014-08-20 北京乾唐视联网络科技有限公司 一种兼容以太网的方法及系统
WO2012109849A1 (fr) * 2011-07-28 2012-08-23 华为技术有限公司 Procédé et appareil pour l'attribution d'une adresse mac
CN102868761B (zh) * 2012-09-28 2014-10-22 无锡江南计算技术研究所 一种基于空间坐标的集群网络自动配置及管理方法
CN103731352B (zh) * 2013-12-26 2017-12-22 华为技术有限公司 一种报文处理方法和装置
CN104780121B (zh) * 2015-04-30 2018-05-08 新华三技术有限公司 一种报文发送方法及装置
CN106487683A (zh) * 2015-08-27 2017-03-08 中兴通讯股份有限公司 一种报文的处理方法及装置
CN106856454A (zh) * 2015-12-09 2017-06-16 北京华为数字技术有限公司 一种报文转发的方法、设备及系统
WO2018049690A1 (fr) * 2016-09-19 2018-03-22 华为技术有限公司 Procédé, appareil et système d'émission de paquets
CN109547487A (zh) * 2018-12-28 2019-03-29 北京奇安信科技有限公司 消息处理方法、装置及系统
CN112532501B (zh) * 2019-09-18 2023-04-18 中国电信股份有限公司 主机物理地址处理方法和装置、计算机可读存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040184408A1 (en) * 2003-03-22 2004-09-23 Sbc Properties, L.P. Ethernet architecture with data packet encapsulation
US20040202199A1 (en) * 2003-04-11 2004-10-14 Alcatel Address resolution in IP interworking layer 2 point-to-point connections
CN1549503A (zh) * 2003-05-07 2004-11-24 ��Ϊ�������޹�˾ 网络通信系统中用户位置信息的传递方法
CN1571395A (zh) * 2003-07-17 2005-01-26 华为技术有限公司 一种宽带接入设备支持atm网络承载ip报文协议的方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040184408A1 (en) * 2003-03-22 2004-09-23 Sbc Properties, L.P. Ethernet architecture with data packet encapsulation
US20040202199A1 (en) * 2003-04-11 2004-10-14 Alcatel Address resolution in IP interworking layer 2 point-to-point connections
CN1549503A (zh) * 2003-05-07 2004-11-24 ��Ϊ�������޹�˾ 网络通信系统中用户位置信息的传递方法
CN1571395A (zh) * 2003-07-17 2005-01-26 华为技术有限公司 一种宽带接入设备支持atm网络承载ip报文协议的方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124566A (zh) * 2021-12-07 2022-03-01 广州尚航信息科技股份有限公司 一种交换机组的网络攻击远程实时监测方法及系统

Also Published As

Publication number Publication date
CN101047631A (zh) 2007-10-03

Similar Documents

Publication Publication Date Title
WO2007124679A1 (fr) Procédé et système de communication en réseau
EP1875668B1 (fr) Système et procédé échelonnables pour un trafic d'abonné dsl sur un réseau ethernet
US7835370B2 (en) System and method for DSL subscriber identification over ethernet network
US6993026B1 (en) Methods, apparatus and data structures for preserving address and service level information in a virtual private network
US8243627B2 (en) Methods, apparatus and data structures for preserving address and service level information in a virtual private network
US6771673B1 (en) Methods and apparatus and data structures for providing access to an edge router of a network
US7801123B2 (en) Method and system configured for facilitating residential broadband service
US9088619B2 (en) Quality of service based on logical port identifier for broadband aggregation networks
JP4236398B2 (ja) 通信方法、通信システム及び通信接続プログラム
EP3499809B1 (fr) Fonctionnalité point à multipoint dans un réseau avec des ponts
WO2007147340A1 (fr) Procédé, système et dispositif de la technique ethernet d'échange et de transfert
WO2011069419A1 (fr) Procédé, dispositif et système de traitement de messages ipv6
WO2008058477A1 (fr) Procédé, appareil et système de gestion d'informations de localisation
WO2006122502A1 (fr) Méthode de transmission de message en couche 2 et dispositif d’accès
WO2011032450A1 (fr) Procédé et système d'implémentation pour l'interfonctionnement des réseaux
US20070258464A1 (en) Method and system for IP addressing
JP2004304574A (ja) 通信装置
EP2073506B1 (fr) Procédé pour résoudre une adresse d'utilisateur logique dans un réseau d'agrégation
KR20060059877A (ko) 이더넷 접근 시스템에 관한 장치 및 방법
JP3911223B2 (ja) パケット転送装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720887

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07720887

Country of ref document: EP

Kind code of ref document: A1