WO2009082978A1 - Access network protecting method, system and access edge node - Google Patents

Access network protecting method, system and access edge node Download PDF

Info

Publication number
WO2009082978A1
WO2009082978A1 PCT/CN2008/073811 CN2008073811W WO2009082978A1 WO 2009082978 A1 WO2009082978 A1 WO 2009082978A1 CN 2008073811 W CN2008073811 W CN 2008073811W WO 2009082978 A1 WO2009082978 A1 WO 2009082978A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
backup
edge node
message
virtual
Prior art date
Application number
PCT/CN2008/073811
Other languages
French (fr)
Chinese (zh)
Inventor
Zhenting Yang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009082978A1 publication Critical patent/WO2009082978A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access

Definitions

  • the present invention relates to the field of communications, and in particular, to a method, a system for accessing a network, a virtual access edge node, and an access edge node. Background technique
  • Network access management and control is an important part of network functionality.
  • users are controlled and managed by creating user access sessions, including user access authentication, authorization, and accounting.
  • access management and control are performed on users of broadband networks mainly by establishing a Point to Point Protocol (PPP) session.
  • PPP Point to Point Protocol
  • IP Internet Protocol
  • the typical single access network system architecture is depicted in Figure 1, including user terminals, access nodes, access aggregation nodes, access edge nodes, and AAA servers/DHCP servers.
  • the user equipment may include a User Equipment (UE) and a Residential Gateway (RG) device; the access node includes a Digital Subscriber Line Access Multiplexer (DSLAM), and a wireless base station. (Base Station, BS), etc.; access aggregation nodes include Ethernet switches, etc.; Access Edge Nodes, ⁇ include access gateways, Broadband Network Gateways (BNGs), broadband remote access servers
  • BRAS Broadband Remote Access Server
  • NAS network servers
  • IP edge devices IP edge devices
  • Policy server includes authentication and accounting
  • AAA Authentication, Authorization and Accounting
  • DHCP dynamic host configuration protocol
  • policy server Store the control policy and deploy the policy to the access node (AN) or AEN.
  • the AAA server configures the subscriber's subscriber profile to the NAS device such as BNG or BRAS to control the user access session.
  • Control policies mainly include Quality of Service (QoS), multicast rights, and deep packet inspection (DPI).
  • QoS Quality of Service
  • DPI deep packet inspection
  • a Layer 2 Control Mechanism (L2CM) or an Access Node Control Protocol (ANCP) connection is a session used by the access network to perform control policy deployment.
  • L2CM Layer 2 Control Mechanism
  • ANCP Access Node Control Protocol
  • a user access session refers to a connection established between a user terminal and an access edge node, such as an IP session.
  • An IP session represents an IP-based access session associated with an IP address.
  • the IP address is the key to identifying an IP session, which is typically dynamically assigned by a DHCP server.
  • IP sessions mainly include the creation of sessions, the maintenance of sessions, and the termination of sessions.
  • the Layer 2 Control Mechanism (L2CM) or the Access Node Control Protocol (ANCP) is an important network edge control mechanism.
  • ANCP is a protocol that implements L2CM. Device control and management are performed between the network edge devices by establishing an L2CM or ANCP device to control the access session.
  • the L2CM or ANCP mechanism generally includes two peer functions: a control function body and a report execution function body.
  • the control function body controls and manages the report execution function body through the ANCP protocol, such as parameter configuration for the report execution function body, the report execution function body is responsible for responding to the control request, and the report execution function body actively reports some status information to the control function body. Such as access link status information (digital subscriber line bandwidth, etc.).
  • the embodiments of the present invention provide a method, a system, and an access edge node for protecting an access network, which can provide redundancy protection for access services in the access network.
  • an embodiment of the present invention provides a method for protecting an access network, where the method includes: when a first virtual access edge node member in a backup group receives a handover indication message, according to the handover indication message, The corresponding stored service control data provides a corresponding IP user access session service and/or a device control access session service to replace the second virtual access edge node member in the same backup group.
  • an embodiment of the present invention provides an access edge node, where the system includes at least one backup group, where the backup group includes at least a first virtual access edge node member and a second virtual access edge.
  • the first virtual access edge node member is configured to provide an access service for the user
  • the second virtual access edge node member is configured to: when the access service fails, according to the received inclusion switch And the switching indication of the identity, performing an access service switching, to replace the first virtual access edge node member.
  • An embodiment of the present invention further provides a protection system for an access network, where the system includes at least one backup group, where the backup group includes at least two virtual access edge nodes, and the virtual access edge node is connected.
  • the ingress edge node establishes an access session for the user and performs an access session switch, where the access edge node includes:
  • a service providing module configured to provide user access session management and/or device control access session management according to activated service control data in the data storage module; and activate corresponding service control data in the data storage module according to the notification of the handover processing module ;
  • a data storage module configured to store service control data and member status information
  • a switching processing module configured to notify the service providing module according to the received first switching indication Corresponding service control data in the live data storage module;
  • a member management module configured to manage member status information of the backup group where the virtual access edge node is located in the data storage module, and send a first handover indication to the handover processing module when the member status is faulty.
  • At least one AEN is added to the access network.
  • the other AEN can switch the access service on the faulty AEN to ensure the normal operation of the access service.
  • the incoming service provides a redundant protection mechanism that increases the reliability of the network.
  • FIG. 1 is a schematic structural diagram of an access network system in the prior art
  • FIG. 2 is a schematic diagram of an architecture of a specific embodiment of a protection system for an access network according to the present invention
  • FIG. 3 is a schematic diagram of a specific embodiment of a virtual access edge node of FIG. 2
  • FIG. 4 is a schematic diagram showing the composition of a specific embodiment of the switching processing module of FIG. 3;
  • FIG. 5 is a schematic diagram showing the composition of a specific embodiment of the member management module in FIG. 3;
  • FIG. 6 is a schematic diagram of another embodiment of a virtual access edge node in FIG. 2.
  • FIG. 6.1 is a schematic diagram of a specific embodiment of the data backup module in FIG. 6.
  • FIG. 7.0 is a protection diagram of an access network according to the present invention.
  • FIG. 7 is a schematic flowchart diagram of a second specific embodiment of a method for protecting an access network according to the present invention;
  • FIG. 8 is a specific implementation of a method for implementing member management by a member management module in FIG. Schematic diagram of the process;
  • FIG. 9 is a schematic flowchart diagram of a third specific embodiment of a method for protecting an access network according to the present invention.
  • 10 is a schematic flowchart of a fourth embodiment of a method for protecting an access network according to the present invention.
  • FIG. 11 is a schematic flowchart of a fifth embodiment of a method for protecting an access network according to the present invention.
  • FIG. 13 is a schematic diagram of a specific embodiment of a method for implementing a VAEN by a virtual road entity;
  • FIG. 9 is a schematic flowchart diagram of a third specific embodiment of a method for protecting an access network according to the present invention.
  • 10 is a schematic flowchart of a fourth embodiment of a method for protecting an access network according to the present invention.
  • FIG. 11 is a schematic flowchart of a fifth embodiment of a method for protecting an access network according to the present invention.
  • FIG. 13 is a schematic diagram of a specific embodiment of a method for implementing a VAEN by a virtual road
  • Figure 14 is a schematic illustration of one embodiment of the composition of various corresponding messages in the present invention. detailed description
  • the access network protection system has at least one backup group, and the backup group includes at least two members of a virtual access edge node (VAEN), wherein the VAEN provides a user access session.
  • VAEN virtual access edge node
  • Accessing services such as management or access control policy deployment (device control access session management), and controlling the access service to switch between members of the backup group in which the VAEN is located, for example: when in the access network
  • VAEN of the user establishment session cannot continue to serve the user access session due to a fault or the like
  • the session can be switched to other VAENs in the backup group to protect the access session.
  • User access session management provided by VAEN includes user access session creation, maintenance, and termination management.
  • the device control access session management provided by VAEN includes management report execution function device, such as: DSLAM, report status information, management report execution function device configuration access control policy, such as: multicast permission table, access control list, and so on.
  • the backup group members can be used as the primary VAEN and the standby VAEN, that is, in the active/standby mode, or the backup members are mutually backup, that is, in the load sharing protection mode.
  • Working in primary and backup protection Only one VAEN in the backup group in the mode is in the active state. Only the VAEN in the active state provides the access service, and the VAEN in the standby state provides protection. In the load sharing protection mode, the VAENs in the backup group protect each other.
  • the backup group includes two VAEN (VAEN1 and VAEN2) members. VAEN1 and VAEN2 can work in active/standby protection or load sharing protection mode.
  • VAEN1 and VAEN2 can work in active/standby protection or load sharing protection mode.
  • VAEN can be a logical entity. Different VAENs in the same backup group can be located in the same physical AEN device. For example: Different VAENs can be implemented on different boards of AEN, or can be distributed in multiple independent AENs. In the device, but an AEN device includes at least one VAEN. In a specific implementation, the VAEN can be a virtual router (VR) or a logical partition of the AEN.
  • VR virtual router
  • the access network protection system may further include an AN and/or a user terminal, and the AN has a connection link between at least one VAEN, and the AN may use different connection links (ie, a redundant connection link) with different VAENs.
  • the same connection link can also be used.
  • the connection link includes a physical connection link or a logical connection link, and the logical connection link refers to a logical channel implemented on the physical connection link, for example: Virtual Local Area Network (VLAN), ? j Permanent Virtual Circuit (PVC), Label Switched Path (LSP), Operational Backbone Transfer (PBT) channel, etc.
  • VLAN Virtual Local Area Network
  • PVC Permanent Virtual Circuit
  • LSP Label Switched Path
  • PBT Operational Backbone Transfer
  • the virtual access edge node (VAEN) 20 includes a service providing module 200, a handover processing module 202, Member management module 204, data storage module 206, wherein:
  • the service providing module 200 is configured to provide access services such as user access session management and/or device control access session management, and specifically includes creating or deleting a service control data record being used.
  • the service control data record includes a user access session data record, a control policy data record, a topology information data record, and the like.
  • the service providing module 200 may further include a user access session management sub-module 2002 and/or a policy deployment management sub-module 2004.
  • the user access session management sub-module 2002 is configured to provide a user access session management service, including: creating or terminating a user access session, charging a user access session, and forwarding a user access session message.
  • the user terminal negotiates with the user terminal to create or delete a user access session data record, and performs charging for the user access session, forwarding the user access session, and the like according to the user access session data record.
  • the policy deployment management sub-module 2004 is used to provide device control access session management, including creating or updating a control policy data record or topology information data record being used.
  • the control policy may be configured for the AN or the AN topology information may be collected or the AN policy execution feedback information may be collected.
  • the handover processing module 202 is configured to process the handover indication and perform a corresponding traffic handover.
  • the service switching may include: according to the received handover indication, the notification service providing module 200 activates the dormant service control data record, and the service providing module 200 may The activated service control data provides an access session service service.
  • the service switching includes sending a handover indication, notifying the service providing module 200 to sleep or delete the corresponding service control data record, and the service providing module 200 stops providing the access corresponding to the service control data record. Conversational business.
  • the member management module 204 is configured to manage member status information of the backup group, and trigger a handover processing indication according to the member status of the backup group managed by the member.
  • the data storage module 206 is configured to store service control data and member status information of the backup group. Member status tracking records may also be included in the member status information of the backup group.
  • the stored service control data includes the service control data record being used and the dormant service control data record.
  • the handover processing module 202 of the virtual access edge node 20 may further include a handover indication submodule 2020 and a handover smoothing submodule 2022.
  • the handover indication sub-module 2020 is configured to send or receive a handover indication.
  • the handover indication sub-module 2020 can be configured to receive a handover indication.
  • the handover indication is performed.
  • Sub-module 2020 can be used to send a handover indication.
  • the handover smoothing sub-module 2022 is configured to perform handover smoothing processing according to the handover indication of the handover indication sub-module 2020, that is, to determine the dormant traffic control data record according to the handover instruction and perform handover processing according to the data.
  • the handover smoothing sub-module 2022 can be used to complete the handover smoothing process of the session switching from the other VAEN to the local VAEN according to the handover indication received by the handover indication sub-module; when the session is switched from the VAEN to the other At the time of VAEN, the switching smoothing sub-module 2022 can be used to complete the switching process of the present VAEN according to the switching instruction.
  • the member management module 204 further includes a member registration sub-module 2040, a member maintenance sub-module 2042, and a member aging sub-module 2044.
  • the member registration sub-module 2040 is used for members to negotiate registration and record member status information
  • the member maintenance sub-module 2042 is used to monitor the member status, including its own status and peer member status.
  • the member aging sub-module 2044 is configured to: after the member maintenance sub-module 2042 monitors the member status failure, set the member of the status failure to be unavailable or remove the member from the backup group, and send the switching indication to the handover indication sub-module 2020. .
  • the virtual access edge node 20 may further include a data backup module 208, configured to process backup data, such as sending backup service control data or receiving backup service control data, and processing the received backup service control data.
  • the data backup module 208 further includes a batch backup sub-module 2082 and a real-time backup sub-module 2084, and the batch backup sub-module 2082 is used. Receiving the instructions of the member management module, and processing the backup service control data in batches according to the instructions, such as batch backup service data.
  • the real-time backup sub-module 2084 is used to process backup service control data in real time, such as real-time backup service data. For details, refer to the description of the session protection method.
  • Two or more virtual access edge nodes 20 having the above functions may form a backup group, and virtual access edge nodes are mutually protected for backup, and different virtual access edge nodes 20 are implemented by backup stored in the data storage module.
  • the protection of the session is controlled by the member management module, the switching processing module, and the data backup module. This effectively improves the reliability of the network.
  • a specific embodiment of the present invention also provides a method for protecting an access network.
  • the access network includes at least one backup group, and the backup group includes at least two members, such as VAEN1 and VAEN2, and the two VAENs have the function of VAEN in the system as described above, and the protection is through backup.
  • the group member VAEN provides backup protection for access services such as user access session management and/or access policy deployment (device control access session management), that is, the service providing modules of VAEN1 and VAEN2 can alternately provide access session management and/or Access policy deployment (device control access session management).
  • the access network protection method includes:
  • the first virtual access edge node member in the backup group receives the handover indication message.
  • the first virtual access edge node activates the corresponding stored service control data according to the handover indication message, and provides a corresponding IP user access session service and/or a device control access session service to replace the same backup.
  • the second virtual access edge node member in the group is not limited to the group.
  • FIG. 7 is a schematic flowchart of a second specific embodiment of a method for protecting an access network according to the present invention, which mainly includes the following processes:
  • S701 member registration processing.
  • members of the backup group Before the backup group member provides backup protection, members of the backup group must register, that is, record the member status information of the backup group. This information can be recorded by creating a backup group member status record record table.
  • the member of the backup group refers to the virtual access edge node in the backup group.
  • the member status information of the backup group can be pre-configured and saved in the AEN (that is, member registration is performed in advance).
  • the member status information of the backup group can include member ID, member priority, member registration mode, member backup group ID, virtual gateway, Virtual BFD network and so on.
  • the members of the backup group ID of all members form a backup group.
  • AEN can configure one or more backup group members (ie VAEN).
  • the member registration mode can include dynamic registration or static registration.
  • Static registration refers to static creation, such as manual configuration, backup group member status tracking records.
  • Dynamic registration means that members dynamically create backup group member status tracking records through member registration messages.
  • the member VAEN1 starts, it monitors the member registration message.
  • VAEN2 starts, it sends a member registration message.
  • VAEN1 creates a backup group member status tracking record according to the received message.
  • VAEN1 responds to the registration message of VAEN2, and VAEN2 also receives the message of VAEN1.
  • the backup group member status trace record includes a list of members that are currently available (normal status) for the backup group.
  • the member registration sub-module is responsible for handling member registrations (for example: receiving or responding to member registration messages) and triggering the data storage module to store member status trace records.
  • the member status tracking record table also includes the protection mode of the member.
  • the protection mode mainly includes the active/standby protection mode or the load sharing protection mode.
  • the active/standby mode the members in the backup group are classified into the active state and the standby state.
  • the VAEN in the active state provides access session services
  • the standby state provides backup protection.
  • the load sharing protection mode the status of the members in all the backup groups is equal.
  • the access session service can be provided by any member of the backup group (which can be according to a certain policy), that is, the VAEN in the backup group. Provide services together and provide backup protection to each other. In the specific embodiment of the method, this step is optional, that is, when the backup group member has been pre-registered, the registration does not need to be repeated before the session is switched.
  • batch backup processing After the registration of a member of a backup group is completed, the batch backup process is required.
  • the VAEN is used to start the VAEN batch backup service control data.
  • the registered VAEN receives the service control data and caches the service control data.
  • VAEN1 backs up the business control data in bulk to VAEN2.
  • the service control data includes user access session data records and/or control policy data records or topology information data records being used.
  • the batch backup submodule of VAEN1 obtains the service control data being used from the data storage module of the VAEN (ie, VAEN1), and then encapsulates the service control data into the batch backup message, and sends the message to the VAEN2, VAEN2 batch backup.
  • the submodule receives the batch backup message, obtains the service control data, and notifies the service providing module to cache the service control data, that is, saves as the dormant service control data record. This step is optional depending on the actual application.
  • VAEN's service control changes for example: the service provision module creates or terminates a user access session, collects new topology information from the AN, or collects new policy enforcement feedback information from the AN, VAEN's ongoing service control data
  • the service providing module notifies the real-time backup sub-module to encapsulate the changed service control data into the real-time backup message, and then sends the message to VAEN2, and the real-time backup sub-module of VAEN2 receives the real-time backup message and obtains the service control parameter.
  • the service providing module of the VAEN2 is notified to manage the dormant service control data record in the data storage module, for example: adding a dormant service control data record or removing a dormant service control data record. This step is optional depending on the actual application.
  • the VAEN receives the handover indication message, and performs switching or smoothing processing of the access service according to the handover indication.
  • VAEN1 sends a handover indication message to VAEN2, and the handover indication message includes a handover indicator.
  • the switching identifier indicates the switching range, for example, switching all user access sessions created by VAEN1 or a certain user access session.
  • the VAEN2 After receiving the handover indication, the VAEN2 performs the handover of the access service: the handover smoothing submodule of the VAEN2 extracts the dormant service control data record according to the handover indication, for example: extracts all the service control data records corresponding to the session from the VAEN1 backup according to the handover identifier.
  • the service providing module continues to provide the service by using the activated service control data (the dormant service control data record is switched to the service control data being used), if VAEN2 is in the primary backup mode, VAEN2
  • the switch smoothing sub-module also activates the service provisioning module to begin providing services.
  • the VAEN1 can perform the session switching process, which specifically includes: the handover indication module of the VAEN1 triggers the handover smoothing submodule to perform handover according to the handover indication, notifies the service providing module to sleep or delete the service control data record determined by the handover indication, and the service providing module stops providing The dormant or deleted service control data record corresponds to the service of the session.
  • the handover indication may also be sent by the other devices in the access network to the handover smoothing sub-module of VAEN2. If VAEN2 detects a failure of VAEN1, it can generate a handover indication message and send it to the handover smoothing submodule of VAEN2 for session switching processing.
  • the user or the AN may send an access session switch message to the user or the AN of the access session to notify the user or the AN that the current access session needs to be switched.
  • the session switching message is used to perform the switching process of the present.
  • a plurality of virtual access edge nodes are provided to provide a backup access path for an access session, so that backup access can be used when a connection failure occurs in a session.
  • the path serves the access session and improves the reliability of the network.
  • the virtual access edge node used in the access path of the backup can be implemented on the same physical device, which can implement backup protection without adding hardware, and realizes and saves resources.
  • the present invention further provides a backup group.
  • a member management method which can be implemented by the member management module described above. Referring to FIG. 8, the method mainly includes the following steps:
  • the member maintenance process mainly monitors and tracks the member status, and triggers the switching processing operation when the member status failure is detected.
  • Monitoring member status includes monitoring the status of this VAEN status or other VAEN (ie, the remote VAEN) in the backup group, for example, VAEN1 monitors its own status or the status of member VAEN2 in this backup group.
  • VAEN can maintain the status of the member through the member maintenance message. That is, the member sends the message periodically. If the member does not receive the message from the peer in the specified time, the status of the peer member is determined to be faulty.
  • the handover indicator included in the handover indication may be a state failure member identifier.
  • the present invention further provides a method for protecting a hot backup of a user access session of an access network.
  • the method further includes the following steps:
  • VAEN1 creates a user access session (in this example, an IP session) and notify the backup user of the access session.
  • the user access session management sub-module of VAEN1 detects that the user terminal accesses the network request, it negotiates with the user terminal, and VAEN1 creates an IP session (creates and saves the IP session record being used) to provide a user for the user terminal. Access session management service.
  • the user access session management submodule of VAEN1 notifies the data backup module to perform data backup after the IP session is created.
  • VAEN1 sends a real-time backup message, and after receiving the message, VAEN2 caches the IP session (creates and stores the sleeping IP session record).
  • the data backup module of VAEN1 receives the IP session backup notification, checks the peer VAEN2 with the normal state, and the real-time backup submodule of the data backup module of VAEN1 encapsulates the IP session parameters into the real-time backup message. In, then send the message to VAEN2, after receiving the message, VAEN2 caches the IP session (creates and stores the sleeping IP session record).
  • IP session parameters may include IP address, link identifier (PVC, VLAN, access location, etc.), MAC address, lifetime, account name (User-Name), configuration parameters (QoS parameters, multicast rights control table, DPI policy) Etc.), backup type (hot backup or cold backup), survival mechanism parameters (BFD network IP address, My/Your Discriminator local/peer BFD ID, time interval, etc.), gateway ID, etc. Batch backups can also be performed before this real-time backup processing.
  • VAEN1 detects a user access session failure, or receives a network management command sent by another network device (including a handover indication in the instruction), or a VAEN1 failure
  • the handover indication notification VAEN2 performs a handover process.
  • VAEN1 can detect the interruption of the IP session through the survival mechanism or the line failure of the AN reporting user access session to determine the access session failure.
  • the specific implementation may be: after the VAEN1 user access session management submodule detects that the user access session is faulty or the member maintenance submodule detects the VAEN1 fault, notifies the handover indication submodule, and the handover indication submodule constructs a handover indication message according to the fault condition, and then Send to VAEN2.
  • VAEN2 receives the handover indication, parses the handover indication message, and obtains the handover identifier, for example: IP session identifier or member identifier; of course, VAEN2 can trigger VAEN2 to perform handover processing by detecting the state of VAEN1, and start switching or smoothing processing. , this process includes:
  • VAEN2 sends an ARP (Address Resolution Protocol) request message to the user, and the request message can be used to refresh the data forwarding table of the aggregation network or the AN.
  • the ARP request message source IP and MAC address are the gateway IP and MAC address, and the destination IP and MAC address can be the broadcast address or the address of the IP session.
  • VAEN2 can send ARP request messages according to the gateway, interface or user access session. For example: VAEN2 sends the message one by one according to the dormant IP session record, or sends an ARP request message in one VLAN. This step is optional.
  • VAEN2 notifies the AN to perform protection switching.
  • VAEN2 controls the access session to notify the AN protection switching information through the ANCP/L2CM device.
  • the AN After receiving the handover notification, the AN starts the handover process, including the destination path of the AN to switch the DHCP relay or the destination path of the IP session. This step is also an optional step.
  • VAEN2 activates the IP session.
  • the VAEN2 obtains the IP parameters from the dormant IP session record, sets the data forwarding table of the IP session, starts the accounting, and starts the negotiation of the survival mechanism. For example, renegotiating the BFD monitoring connection or starting the ARP probe or neighbor according to the BFD parameters of the backup. Unreachable detection of the NUD, where the renegotiation of the BFD monitoring connection includes the VAEN2 sending the BFD control packet to the user terminal, and the BFD control packet parameters are obtained from the backup BFD parameters.
  • the source IP address of the BFD control packet remains the same as that before the handover. Or establish a security association (IKE negotiation).
  • the IP session is switched to VAEN2, and the user continues to use the user access session for communication, such as file download or web browsing.
  • the IP session of the user terminal can be switched between different VAENs, and the user access session is continually maintained during the handover process.
  • the method can effectively solve the failure of the VAEN or the link failure of the access user.
  • the present invention provides a method for real-time backup of an IP session in detail, which provides consistent IP session data for the backup group members, and ensures that the IP session is backed up. Smooth switching between group members.
  • the method mainly includes the following steps:
  • VAEN1 finally creates an IP session for the user terminal.
  • the specific process can be:
  • the user access session management submodule of the service providing module of the VAEN receives the DHCP discovery (Discovery) message sent by the user terminal, and the VAEN can process the DHCP message according to its own state and configuration, for example: VAEN can discard the message, or The message is forwarded immediately or delayed.
  • the DHCP discovery message sent by the user terminal may be broadcasted.
  • VAEN1 or VAEN2 may receive the DHCP discovery message. In this example, VAEN2 discards the message according to its own state, and VAEN1 forwards the message to the DHCP server.
  • VAEN1 forwards the DHCP offer (Offer) message
  • the user access session management submodule of the service providing module of VAEN1 forwards the message as a DHCP relay or proxy
  • VAEN1 receives the DHCP offer message sent by the DHCP server in response to the DHCP discover message.
  • VAEN1 forwards the DHCP offer message to the user terminal.
  • VAEN1 forwards a DHCP request (Request) message
  • the user access session management sub-module of the service providing module of VAEN1 forwards the message as a DHCP relay or proxy
  • VAEN1 receives the DHCP request message sent by the user terminal, and VAEN1 forwards the DHCP request message.
  • DHCP server To the DHCP server.
  • VAEN1 forwards the DHCP acknowledgement (ACK) message and creates an IP session.
  • VAEN1 receives the DHCP acknowledgement message sent by the DHCP server, parses the message to obtain the IP session parameters, and then creates and stores the IP session record being used.
  • VAEN1 forwards the DHCP acknowledgment message to the user terminal.
  • VAEN1 triggers real-time backup.
  • the specific implementation may be that the user access session management sub-module notifies the real-time backup sub-module to create a real-time backup of the user access session.
  • VAEN1 can select the protection mode according to the user level. For example, if the user corresponding to the IP session is an important customer, the hot backup protection is used. For customers with low level, the protection or cold backup protection can be omitted (for details, see the subsequent description). In this example, the IP session implements hot backup protection.
  • VAEN1 real-time backup created IP session The specific implementation may be that the real-time backup sub-module encapsulates the IP session parameters into a real-time backup message and sends a real-time backup message to VAEN2.
  • the real-time backup message may further include a data type and an operation type, the data type may be an IP session, and the operation type is a creation operation.
  • VAEN2 parses the real-time backup message and obtains the IP address. S1006 to S1007 and VAEN1 negotiate with the user terminal to update the IP session parameters.
  • the specific process may be:
  • VAEN1 forwards a DHCP Request message, and the DHCP request message sent by the user terminal received by VAEN1 is forwarded to the DHCP server.
  • the DHCP request message is used by the user terminal to request an update of the IP session parameters, such as an IP address lease.
  • the VAEN1 forwards the DHCP acknowledgement message and updates the IP session.
  • the VAEN1 receives the DHCP acknowledgement message sent by the DHCP server, parses the message to obtain the IP session update parameter, and then updates the IP session record.
  • VAEN1 forwards the DHCP acknowledgment message to the user terminal.
  • VAEN1 triggers real-time backup. Specifically, the user access session management sub-module notifies the real-time backup sub-module to perform real-time backup of the update session.
  • VAEN1 backs up the updated IP session in real time.
  • the real-time backup sub-module encapsulates the IP session parameters into real-time backup messages and sends real-time backup messages to VAEN2.
  • the real-time backup message may also include an update operation type.
  • VAEN2 After receiving the real-time backup message, VAEN2 obtains the cached sleep IP session record according to the IP session parameters, and finally updates the cached sleep IP session record parameters.
  • VAEN1 receives the DHCP release message sent by the user terminal or detects the IP session terminal through the survival mechanism. VAEN1 terminates the IP session and deletes the IP session record. At the same time, VAEN1 triggers real-time backup. Specifically, the user access session management sub-module notifies the real-time backup sub-module to terminate the session real-time backup.
  • VAEN1 real-time backup terminates the IP session.
  • the real-time backup sub-module encapsulates the IP session parameters into real-time backup messages and sends real-time backup messages to VAEN2.
  • the real-time backup message may also include a termination operation type.
  • VAEN2 After receiving the real-time backup message, VAEN2 obtains the cached dormant IP session record according to the IP session parameters, and finally deletes the cached IP session (delete the dormant IP session record).
  • the method for protecting the cold backup of the user access session is described in detail in the following, and the method mainly includes the following steps:
  • VAEN1 creates a user access session.
  • VAEN1 detects a user access session failure or network management command or VAEN1 failure, and then sends a handover indication, which can notify VAEN2 to perform handover processing.
  • the VAEN1 fault includes an uplink interface failure of the VAEN1 connected to the IP network or a downlink interface failure of the connection access aggregation network.
  • VAEN2 detects VAEN1 abnormality, it can also trigger its own switching process.
  • VAEN2 receives the handover indication, parses the handover indication message, and acquires the handover identifier, and starts the handover process.
  • the switching process includes:
  • VAEN2 sends an ARP message or a neighbor discovery ND message for refreshing the data forwarding table to the user terminal. This step is optional.
  • VAEN2 notifies the AN to perform protection switching. This step is also an optional step.
  • VAEN2 sends an online notification message to the user terminal to indicate that the terminal is back online (ie, re-establishes an IP session).
  • VAEN2 can send an online notification message according to the VLAN or according to the user access session.
  • the online notification message includes a DHCP update message or a BFD message, and the destination address of the message may be a broadcast or multicast address.
  • the IP session of the user terminal can be switched between different VAENs. This method can effectively solve the problem of refusing to provide access services to users after the VAEN failure.
  • the related data of the session being used is backed up to the other virtual access edge nodes in the backup group at the beginning of the session establishment and/or at the time of session switching, and when the session is in use, the user's The session interruption is being used.
  • the other virtual access edge nodes acquire the relevant data, they can notify the user to go online again and use the new session to communicate.
  • the present invention also describes a method for protecting the access control session of the device of the L2CM or the ANCP of the access network.
  • the method mainly includes the following steps:
  • L2C connection 1 L2C connection 1 in this example.
  • the L2C connection 1 can be established using the General Switch Management Protocol (GSMP) adjacency protocol, that is, the policy deployment management submodule of VAEN1 and the AN establish an L2C connection through the GSMP protocol.
  • GSMP General Switch Management Protocol
  • the control connection is used for policy deployment and collects topology information or policy execution feedback information.
  • the policy feedback information includes information such as multicast charging and permission control response.
  • VAEN2 establishes an L2CM or ANCP control access session with the AN (referred to as L2C connection 2 in this example).
  • L2C connection 2 is established after L2C connection 1 is established.
  • VAEN1 member registration processing receives the member registration indication message sent by the AN, and performs member registration processing according to the message.
  • the member registration indication message in this example may be a GSMP Adjacency Update message.
  • the AN After the AN completes establishing the L2C connection 2, the AN sends a contiguous update message to notify VAEN1.
  • VAEN1 After receiving the adjacency update message, VAEN1 parses the message to obtain the member information. For example, by adding the number of connections (Code) field of the adjacency update message, the member is added, and VAEN1 is in the member state. The new member is activated in the state trace record.
  • VAEN1 may activate a new member based on the member ID carried in the member registration indication message or activate the new member according to a pre-configured default value.
  • VAEN2 member registration processing.
  • VAEN2 sets its own state according to the pre-configured protection mode, such as standby protection mode or load sharing protection mode.
  • S1203 and S1204 can be registered by sending a member registration message between VAEN1 and VAEN2, and can also be directly registered by default when the L2C connection is established in S1201 or S1202 (that is, a new member is activated in the member status tracking record). .
  • VAEN1 or VAEN2 can also perform batch backup processing.
  • VAEN1 will use topology information, policy execution feedback information, and control policy (or called configuration parameters).
  • Batch backup to VAEN2 VAEN2 cache topology information, policy execution feedback information, control strategy.
  • VAEN1 receives the topology information report sent by the AN. After processing the topology information report, VAEN1 can trigger the real-time backup processing of the topology information. Generally, after detecting the topology change event, the AN sends a topology information report, for example, the interface rate or state of the AN changes, the AN sends a topology information report, and the VAEN1 policy management module adjusts the control parameters according to the topology information.
  • VAEN1 After processing the topology information report, VAEN1 sends a real-time backup message containing the topology information to VAEN2. After receiving the real-time backup message, VAEN2 caches the topology information.
  • Steps S1208, S1209, S1210, and S1211 describe the process of real-time backup of policy deployment:
  • control policy configuration In this example, VAEN1 sends a configuration request message to control the policy. Slightly configured.
  • the control policy mainly includes the control policy of the user accessing the session, for example, the multicast permission of the user access session, the address filtering table of the user access session, and the like.
  • VAEN1 receives a configuration confirmation message from the AN response configuration request. Trigger control policy real-time backup processing.
  • VAEN1 sends a real-time backup message containing the control policy to VAEN2.
  • VAEN2 caches the control policy.
  • VAEN2 receives the switching instruction and starts the switching process.
  • the handover indication in this example is the GSMP Adjacency Update message.
  • the AN detects the L2C connection 1 failure, sends an Adjacency Update message to VAEN2, and VAEN2 switches according to this message.
  • VAEN1 can send a switching indication directly to VAEN2.
  • VAEN2 performs switching and smoothing processing according to the received switching indication, and may mainly include:
  • VAEN2 and AN to control data synchronization.
  • the AN can send control policy data, topology information, and policy execution information to VAEN2 through 12CM synchronization messages.
  • VAEN can check the consistency of these control data to prevent inconsistent data.
  • VAEN2 sets the control strategy of this and activates the topology information base.
  • VAEN2 can activate the user access session according to the cached user access session data (for example, a dormant IP session record).
  • the cached user access session control data is derived from the synchronization data sent by the AN or the user access session control data backed up by VAEN1 to VAEN2.
  • the present invention also describes the implementation of the virtual router element (VRE) in the Virtual Router Redundancy Protocol (VRRP).
  • VRE virtual router element
  • VRRP Virtual Router Redundancy Protocol
  • VAEN's functional system the above VAEN pair It should be a logical VRRP virtual routing entity in the AEN device or device.
  • the virtual routing IDs of the virtual routing entities are equal to each other to form a backup group.
  • VAEN runs virtual routing redundancy protocols such as VRRP, as shown in Figure 13.
  • AEN 1301 and AEN 1302 respectively contain at least one virtual routing entity supporting the VRRP protocol, such as: VRE1 of AEN 1301 and VRE2 of AEN 1302.
  • VEN1 of AEN 1301 corresponds to VAEN 130101
  • VRE2 of AEN 1302 corresponds to VAEN 130201.
  • the virtual router IDs (VRIDs) of VRE1 and VRE2 are equal.
  • the VRID is 1.
  • VRE records are saved as members of the backup group (ie VAEN130101 and VAEN130201).
  • the VRE record includes the virtual router ID, the priority, the virtual IP address, and the actual IP address.
  • the virtual IP address of the VRE acts as the gateway address of the access session established by the user terminal.
  • the record of VRE2 is: virtual route identifier: 1, priority 200, virtual IP address: 20.1.1.1, actual IP address: 20.1.1.253.
  • the record of VRE1 is: Virtual route identifier: 1, Priority 255, Virtual IP address: 20.1.1.1, Actual IP address: 20.1.1.254.
  • the VAEN of the backup group uses the active/standby protection mode. The steps to VAEN member management and access session protection are explained in detail below:
  • VAEN uses the VRRP protocol Advertisement message for member registration.
  • the state of VAEN remains synchronized with the state of VRE, ie VAEN and VRE include three states: initialization, active, and standby.
  • VRE1 is used as the main.
  • the standby VAEN does not directly provide services (for example: the user terminal cannot directly establish an IP session with the standby VAEN).
  • User terminal 1 and VAEN 130101 establish IP session 1
  • user terminal 2 and VAEN 130101 establish IP session 2
  • VAEN130101 provides access for user terminal Service.
  • the gateway addresses of IP session 1 and IP session 2 are both virtual IP addresses of VAEN 130101.
  • the IP address of IP session 1 is 20.1.1.20.
  • the primary VAEN After the primary VAEN receives the standby VAEN registration and the registration process is completed, the primary VAEN backs up the service control data to the standby VAEN.
  • the VAEN130101 sends a batch backup message to the VAEN130201.
  • the destination address of the batch backup message backup is the address of the standby VAEN.
  • the address can be pre-configured or obtained through the member registration message. In this example, the member registration message is obtained.
  • the destination address of the batch backup message of VAEN130101 to VAEN130201 is 20.1.1.253.
  • Real-time backup After the main VAEN's service control data is changed, the active VAEN backs up the service control data to the standby VAEN.
  • VAEN130101 sends a real-time backup message to VAEN130201, and the real-time backup message destination address is the same as the batch backup.
  • VAEN uses the VRRP protocol Advertisement message to maintain membership status. The state of the VAEN remains in sync with the state of the VRE.
  • member registration message, the member maintenance message, the handover indication message, the batch backup message, and the real-time backup message described in the specific embodiments of the present invention may be selected according to actual conditions, including but not limited to VRRP, GSMP, Diamiter ( Extended License Agreement), H.248, Common Open Policy Service (COSS), Hot Standby Router Protocol (HSRP), SNMP (Trouble Network Management Protocol).
  • member registration message and member maintenance message can use VRRP advertisement message or SNMP trace (TRAP) message; batch backup message and real-time backup message SNMP setting (Set) or extract (Get) message.
  • an embodiment of the present invention provides the foregoing member registration message, member maintenance message, and cut
  • the specific implementation format of the backup protection message such as the indication message, the batch backup message, and the real-time backup message: the message includes at least a bearer header 1401 and a message content 1402, the bearer header 1401 is used for path finding of the message, and the message content 1402 is used to carry the member.
  • Information or business control data such as the indication message, the batch backup message, and the real-time backup message
  • the bearer header 1401 may include a link header 1401A (eg, an Ethernet header) and/or an IP header 1401B.
  • the bearer header 1401 may further include a UDP header (header) or the like; the IP header 1401B further includes a destination IP 1401 IB and a source IP 14012B. .
  • the message content 1402 includes at least a message type 1402A and a data record 1402C, and the message content 1402 may further include an operation type 1402B.
  • the message type 1402A mainly includes a member registration message, a member maintenance message, a real-time backup message, a batch backup message, a handover indication message, and the like.
  • the operation type 1402B mainly includes creation, update, deletion, and the like.
  • the data record 1402C may further include a type 14021C, a length 14022C, and a data 14023C.
  • the length 14022C is the actual length of the data 14023C.
  • a message can contain one or more data records 1402C.
  • the data 14023C may further include a plurality of sub-data records, the sub-data records mainly including subtypes, sub-lengths, and sub-data.
  • the destination address of the IP header or link header of the first 1401 header may be a multicast address (for example: multicast or broadcast address).
  • the source address of the IP header or link header of the bearer header 1401 is the sender address.
  • Message Content 1402 Data contains member information such as VAEN flag, VAEN priority, VAEN capability parameter, VAEN status, and so on.
  • the destination address of the IP header or link header of the bearer header 1401 is generally the address of the destination VAEN. 7
  • the source address of the IP header or link header of the header 1401 is the sender address.
  • Message Content 1402 Data contains member information or handover indication information, such as VAEN identification, access session identification, and the like.
  • the bearer header 1401 is consistent with the definition of the bearer header in the member maintenance message.
  • the data 1402C of the message content 1402 records the packaged service control data, for example: IP session parameters or topology information or control policies.
  • the specific encapsulation may be: Type 14021C is an IP session record, and data 14023C encapsulates sub-data records of multiple IP session parameters, for example, the address is 20.1.1.20.
  • the 14023C data encapsulation of the IP session with the gateway being 20.1.1.1 includes subtype 1 as an IP session.
  • the identifier, the sub-length 1 is 4, the sub-data 1 is 20.1 ⁇ 20, the sub-type 2 is the gateway address, the sub-length 2 is 4, and the sub-data 2 is 20.1.1.1.
  • At least one backup group is provided for the access network, and at least two VAENs are in the backup group, and the VAENs can be backed up and protected, access session management, and/or access policy deployment.
  • the access service can be switched between the VAENs of the backup group, so that when one of the VAENs in use fails, the other VAEN can switch the access service on the faulty VAEN, thereby ensuring the normal operation of the service and increasing the connection. The reliability of access to the network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An access network protecting method, including: a virtual access edge node sends or receives or detects a switch indication; when the virtual access edge node sends the switch indication, it rests or deletes the service control data record corresponding to the access session which need to stop; or, when the virtual access edge node receives or detects the switch indication, it activates the service control data corresponding to the access session which need to activate. An access network protecting system, a virtual access edge node and an access edge node. There are at least two virtual access edge nodes in the network, when one of virtual access edge nodes that providing the session access service is malfunction, the access service switches to the other virtual access edge node, so as to ensure that the access service runs normally, provide a redundancy protect mechanism for access service and increase the reliability of the network.

Description

技术领域 Technical field
本发明涉及通讯领域, 尤其涉及一种接入网的保护方法、 系统、 虚拟接入 边缘节点和接入边缘节点。 背景技术  The present invention relates to the field of communications, and in particular, to a method, a system for accessing a network, a virtual access edge node, and an access edge node. Background technique
网络的接入管理和控制是网络功能的一个重要部分。 一般通过创建用户接 入会话对接入的用户进行控制和管理, 主要包括用户接入认证、 授权以及计费 等。 当前主要通过建立点对点协议(Point to Point Protocol, PPP )会话( Session ) 对宽带网络的用户进行接入管理和控制。 但是, 由于 PPP会话接入的一些局限 性, 因特网协议( Internet Protocol , IP )会话接入已经出现。  Network access management and control is an important part of network functionality. Generally, users are controlled and managed by creating user access sessions, including user access authentication, authorization, and accounting. At present, access management and control are performed on users of broadband networks mainly by establishing a Point to Point Protocol (PPP) session. However, due to some limitations of PPP session access, Internet Protocol (IP) session access has emerged.
图 1 中筒单的描述了典型的接入网系统架构, 包括用户终端, 接入节点, 接入会聚节点, 接入边缘节点和 AAA服务器 /DHCP服务器。 其中, 用户终端一 般可包括用户设备 ( User Equipment, UE ), 家庭网关( Residential Gateway, RG ) 设备; 接入节点包括数字用户线接入复用器 (Digital Subscriber Line Access Multiplexer, DSLAM )、 无线基站 (Base Station, BS )等; 接入汇聚节点包括 以太网交换机等; 接入边缘节点 ( Access Edge Node , ΑΕΝ ) 包括接入网关、 宽带网络网关 (Broadband Network Gateway , BNG )、 宽带远程接入服务器 The typical single access network system architecture is depicted in Figure 1, including user terminals, access nodes, access aggregation nodes, access edge nodes, and AAA servers/DHCP servers. The user equipment may include a User Equipment (UE) and a Residential Gateway (RG) device; the access node includes a Digital Subscriber Line Access Multiplexer (DSLAM), and a wireless base station. (Base Station, BS), etc.; access aggregation nodes include Ethernet switches, etc.; Access Edge Nodes, 包括 include access gateways, Broadband Network Gateways (BNGs), broadband remote access servers
( Broadband Remote Access Server, BRAS )等网给接入服务器( Network Access Server , NAS ) 类设备、 IP 边缘设备等。 策略服务器包括认证授权和计费(Broadband Remote Access Server, BRAS) and other networks give access to network servers (NAS) devices, IP edge devices, and so on. Policy server includes authentication and accounting
( Authentication , Authorization and Accounting , AAA )月良务器或动态主机己置 协议(Dynamic Host Configuration Protocol, DHCP )服务器等, 策略服务器存 储控制策略并部署策略到接入节点( Access Node, AN )或 AEN上,例如: AAA 服务器将用户的签约参数( subscriber profile ) 配置到 BNG或 BRAS等 NAS设 备上, 用来控制用户接入会话。 控制策略主要包括业务质量(Quality of Service, QoS )、 组播权限、 深度包检测 (DPI ) 等。 二层控制机制 (Layer 2 Control Mechanism, L2CM )或接入节点控制协议 (Access Node Control Protocol, ANCP) 连接是接入网的用来进行控制策略部署的会话。 (Authentication, Authorization and Accounting, AAA) server or dynamic host configuration protocol (DHCP) server, policy server Store the control policy and deploy the policy to the access node (AN) or AEN. For example, the AAA server configures the subscriber's subscriber profile to the NAS device such as BNG or BRAS to control the user access session. . Control policies mainly include Quality of Service (QoS), multicast rights, and deep packet inspection (DPI). A Layer 2 Control Mechanism (L2CM) or an Access Node Control Protocol (ANCP) connection is a session used by the access network to perform control policy deployment.
用户接入会话指建立在用户终端和接入边缘节点之间的连接, 如 IP会话。 IP会话代表了基于 IP的与一个 IP地址关联的接入会话, IP地址是识别 IP会话 的关键, 该 IP地址一般通过 DHCP服务器动态分配。 IP会话主要包括会话的创 建、 会话的维持以及会话的终止。  A user access session refers to a connection established between a user terminal and an access edge node, such as an IP session. An IP session represents an IP-based access session associated with an IP address. The IP address is the key to identifying an IP session, which is typically dynamically assigned by a DHCP server. IP sessions mainly include the creation of sessions, the maintenance of sessions, and the termination of sessions.
L2控制机制 ( Layer 2 Control Mechanism , L2CM )或接入节点控制协议 ( Access node Control protocol, ANCP )是目前重要的网络边缘控制机制, ANCP 是具体实现 L2CM的协议。 网络边缘设备间通过建立 L2CM或 ANCP设备控制 接入会话而进行设备控制和管理, 在 L2CM或 ANCP机制中一般包含两个对端 的功能体: 控制功能体和报告执行功能体。 控制功能体通过 ANCP协议来控制 和管理报告执行功能体, 如给报告执行功能体进行参数配置等, 报告执行功能 体负责响应控制请求, 以及报告执行功能体向控制功能体主动报告一些状态信 息, 如接入链路状态信息 (数字用户线路带宽等)。  The Layer 2 Control Mechanism (L2CM) or the Access Node Control Protocol (ANCP) is an important network edge control mechanism. ANCP is a protocol that implements L2CM. Device control and management are performed between the network edge devices by establishing an L2CM or ANCP device to control the access session. The L2CM or ANCP mechanism generally includes two peer functions: a control function body and a report execution function body. The control function body controls and manages the report execution function body through the ANCP protocol, such as parameter configuration for the report execution function body, the report execution function body is responsible for responding to the control request, and the report execution function body actively reports some status information to the control function body. Such as access link status information (digital subscriber line bandwidth, etc.).
网络的可靠性或稳定性已经成为网络重要考查指标, 而随着新的要求苛刻 的业务的不断出现, 现有的 IP用户接入会话和 ANCP设备控制接入会话中很容 易产生单点故障而发生拒绝服务的现象, 服务的可靠性和稳定性无法满足用户 的需求。 发明内容 The reliability or stability of the network has become an important indicator for the network. With the emergence of new demanding services, existing IP user access sessions and ANCP devices control access sessions are prone to single points of failure. The phenomenon of denial of service occurs, and the reliability and stability of the service cannot meet the needs of users. Summary of the invention
鉴于此, 本发明实施例提供一种接入网的保护方法、 系统、 以及接入边缘 节点, 可以为接入网中的接入业务提供冗余保护。  In view of this, the embodiments of the present invention provide a method, a system, and an access edge node for protecting an access network, which can provide redundancy protection for access services in the access network.
一方面, 本发明的实施例提供了一种接入网的保护方法, 所述方法包括: 备份组中的第一虚拟接入边缘节点成员接收到切换指示消息时, 根据该切 换指示消息, 激活相应的存储的业务控制数据, 提供对应的 IP用户接入会话服 务和 /或设备控制接入会话服务, 以替换同属一个备份组中的第二虚拟接入边缘 节点成员。  In an aspect, an embodiment of the present invention provides a method for protecting an access network, where the method includes: when a first virtual access edge node member in a backup group receives a handover indication message, according to the handover indication message, The corresponding stored service control data provides a corresponding IP user access session service and/or a device control access session service to replace the second virtual access edge node member in the same backup group.
另一方面, 本发明的实施例提供了一种接入边缘节点, 所述系统中包括至 少一个备份组, 所述备份组中至少包括第一虚拟接入边缘节点成员和第二虚拟 接入边缘节点成员, 所述第一虚拟接入边缘节点成员用于为用户提供接入业务; 所述第二虚拟接入边缘节点成员用于在所述接入业务发生故障时, 根据接收到 的包含切换标识的切换指示, 进行接入业务切换, 以替换所述第一虚拟接入边 缘节点成员。  On the other hand, an embodiment of the present invention provides an access edge node, where the system includes at least one backup group, where the backup group includes at least a first virtual access edge node member and a second virtual access edge. a node member, the first virtual access edge node member is configured to provide an access service for the user, and the second virtual access edge node member is configured to: when the access service fails, according to the received inclusion switch And the switching indication of the identity, performing an access service switching, to replace the first virtual access edge node member.
本发明的实施例还提供了一种接入网的保护系统, 所述系统中包括至少一 个备份组, 所述备份组中包括至少两个虚拟接入边缘节点, 所述虚拟接入边缘 节点接入边缘节点为用户建立接入会话并进行接入会话切换, 所述接入边缘节 点包括:  An embodiment of the present invention further provides a protection system for an access network, where the system includes at least one backup group, where the backup group includes at least two virtual access edge nodes, and the virtual access edge node is connected. The ingress edge node establishes an access session for the user and performs an access session switch, where the access edge node includes:
服务提供模块, 用于根据数据存储模块中的激活的业务控制数据提供用户 接入会话管理和 /或设备控制接入会话管理; 根据切换处理模块的通知, 激活数 据存储模块中相应的业务控制数据;  a service providing module, configured to provide user access session management and/or device control access session management according to activated service control data in the data storage module; and activate corresponding service control data in the data storage module according to the notification of the handover processing module ;
数据存储模块, 用于存储业务控制数据以及成员状态信息;  a data storage module, configured to store service control data and member status information;
切换处理模块, 用于根据所接收到的第一切换指示, 通知服务提供模块激 活数据存储模块中对应的业务控制数据; a switching processing module, configured to notify the service providing module according to the received first switching indication Corresponding service control data in the live data storage module;
成员管理模块, 用于管理存储在数据存储模块中的所述虚拟接入边缘节点 所在的备份组的成员状态信息, 当成员状态故障时, 发送第一切换指示给所述 切换处理模块。  And a member management module, configured to manage member status information of the backup group where the virtual access edge node is located in the data storage module, and send a first handover indication to the handover processing module when the member status is faulty.
本发明实施例在接入网络中至少增加一个 AEN,当一个正在使用的 AEN发 生故障时, 另一个 AEN可以将故障 AEN上的接入业务切换过来, 从而保证接 入业务的正常进行, 为接入业务提供了一种冗余保护机制, 增加了网络的可靠 性。 附图说明  In the embodiment of the present invention, at least one AEN is added to the access network. When one AEN in use fails, the other AEN can switch the access service on the faulty AEN to ensure the normal operation of the access service. The incoming service provides a redundant protection mechanism that increases the reliability of the network. DRAWINGS
图 1为现有技术中的接入网系统架构示意图;  1 is a schematic structural diagram of an access network system in the prior art;
图 2为本发明中接入网的保护系统的一个具体实施例的架构的示意图; 图 3为图 2中虚拟接入边缘节点的一个具体实施例的组成示意图; 图 3.1为图 3中的服务提供模块的一个具体实施例的组成示意图; 图 4为图 3中切换处理模块的一个具体实施例的组成示意图;  2 is a schematic diagram of an architecture of a specific embodiment of a protection system for an access network according to the present invention; FIG. 3 is a schematic diagram of a specific embodiment of a virtual access edge node of FIG. 2; FIG. 4 is a schematic diagram showing the composition of a specific embodiment of the switching processing module of FIG. 3;
图 5为图 3中成员管理模块的一个具体实施例的组成示意图;  5 is a schematic diagram showing the composition of a specific embodiment of the member management module in FIG. 3;
图 6为图 2中虚拟接入边缘节点的另一个具体实施例的组成示意图; 图 6.1为图 6中的数据备份模块的一个具体实施例的组成示意图; 图 7.0为本发明接入网的保护方法的第一具体实施例流程示意图; 图 7为本发明中接入网的保护方法的第二具体实施例的流程示意图; 图 8为图 5 中成员管理模块实现成员管理的方法的一个具体实施例的流程 示意图;  6 is a schematic diagram of another embodiment of a virtual access edge node in FIG. 2. FIG. 6.1 is a schematic diagram of a specific embodiment of the data backup module in FIG. 6. FIG. 7.0 is a protection diagram of an access network according to the present invention. FIG. 7 is a schematic flowchart diagram of a second specific embodiment of a method for protecting an access network according to the present invention; FIG. 8 is a specific implementation of a method for implementing member management by a member management module in FIG. Schematic diagram of the process;
图 9为本发明中接入网的保护方法的第三具体实施例的流程示意图; 图 10为本发明中接入网的保护方法的第四具体实施例的流程示意图; 图 11为本发明中接入网的保护方法的第五具体实施例的流程示意图; 图 12为本发明中接入网的保护方法的第六具体实施例的流程示意图; 图 13为图 7中所示的方法由虚拟路实体实现 VAEN的功能的一个具体实施 例的架构图; FIG. 9 is a schematic flowchart diagram of a third specific embodiment of a method for protecting an access network according to the present invention; 10 is a schematic flowchart of a fourth embodiment of a method for protecting an access network according to the present invention; FIG. 11 is a schematic flowchart of a fifth embodiment of a method for protecting an access network according to the present invention; FIG. 13 is a schematic diagram of a specific embodiment of a method for implementing a VAEN by a virtual road entity; FIG.
图 14为本发明中相应的各种消息的构成的一个具体实施例的示意图。 具体实施方式  Figure 14 is a schematic illustration of one embodiment of the composition of various corresponding messages in the present invention. detailed description
下面参考附图对本发明的优选实施例进行描述。 在所参照的附图中, 不同 的图中相同的部件使用相同的附图标号来表示。  DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described with reference to the accompanying drawings. In the drawings to which reference is made, the same components in the different drawings are denoted by the same reference numerals.
参见图 2,为本发明中一种接入网的保护系统的一个具体实施例的组成示意 图。 其中, 所述的接入网保护系统中至少有一个备份组, 所述备份组至少包括 两个虚拟接入边缘节点( Virtual Access Edge Node , VAEN )成员, 其中所述的 VAEN提供用户接入会话管理或接入控制策略部署(设备控制接入会话管理 )等 接入业务, 以及控制所述接入业务在所述 VAEN所在的备份组的成员之间进行 切换, 例如: 当接入网中与用户建立会话的 VAEN因故障等原因不能继续为该 用户接入会话服务时,该会话可以切换到备份组中的其他 VAEN, 以实现对接入 会话进行保护的目的。 VAEN提供的用户接入会话管理包括用户接入会话创建、 维持、终止管理。 VAEN提供的设备控制接入会话管理包括管理报告执行功能体 设备, 如: DSLAM, 报告的状态信息、 管理报告执行功能体设备配置接入控制 策略, 如: 组播权限表、 访问控制表等。  2 is a schematic diagram showing the composition of a specific embodiment of a protection system for an access network according to the present invention. The access network protection system has at least one backup group, and the backup group includes at least two members of a virtual access edge node (VAEN), wherein the VAEN provides a user access session. Accessing services such as management or access control policy deployment (device control access session management), and controlling the access service to switch between members of the backup group in which the VAEN is located, for example: when in the access network When the VAEN of the user establishment session cannot continue to serve the user access session due to a fault or the like, the session can be switched to other VAENs in the backup group to protect the access session. User access session management provided by VAEN includes user access session creation, maintenance, and termination management. The device control access session management provided by VAEN includes management report execution function device, such as: DSLAM, report status information, management report execution function device configuration access control policy, such as: multicast permission table, access control list, and so on.
备份组成员可以分为主用 VAEN和备用 VAEN, 即工作在主备保护模式下, 或是备份成员之间互为备份, 即工作在负荷分担保护模式下。 工作在主备保护 模式下的备份组中只有一个 VAEN处于主用状态, 只有处于主用状态的 VAEN 提供接入服务, 处于备用状态的 VAEN提供保护; 工作在负荷分担保护模式下 备份组中 VAEN间互相保护。 如在图 2 中备份组包括两个 VAEN ( VAEN1 和 VAEN2 )成员, VAEN1和 VAEN2可以工作在主备保护或负荷分担保护模式下, 当其中一个备份组成员发生故障时, 例如 VAEN1 , 则进行切换, 即原来 VAEN1 提供的接入业务切换到 VAEN2上,所述的故障包括 VAEN1发生故障或 VAEN1 连接到 AN连接链路发生故障或连接到用户终端的连接链路发生故障。 The backup group members can be used as the primary VAEN and the standby VAEN, that is, in the active/standby mode, or the backup members are mutually backup, that is, in the load sharing protection mode. Working in primary and backup protection Only one VAEN in the backup group in the mode is in the active state. Only the VAEN in the active state provides the access service, and the VAEN in the standby state provides protection. In the load sharing protection mode, the VAENs in the backup group protect each other. As shown in Figure 2, the backup group includes two VAEN (VAEN1 and VAEN2) members. VAEN1 and VAEN2 can work in active/standby protection or load sharing protection mode. When one of the backup group members fails, for example, VAEN1, switch. That is, the access service provided by the original VAEN1 is switched to VAEN2, and the failure includes failure of VAEN1 or failure of the connection link of the VAEN1 to the AN connection link or connection to the user terminal.
在实际实现时, VAEN可以为逻辑实体, 同一备份组中的不同 VAEN可以 位于同一个物理 AEN设备中, 如: 不同的 VAEN可以在 AEN的不同板上实现, 也可以分布在多个独立的 AEN设备中, 但一个 AEN设备至少包括一个 VAEN。 具体实现中, VAEN可以是一个虚拟路由器(Virtual Router, VR )或一个 AEN 的逻辑分区。  In actual implementation, VAEN can be a logical entity. Different VAENs in the same backup group can be located in the same physical AEN device. For example: Different VAENs can be implemented on different boards of AEN, or can be distributed in multiple independent AENs. In the device, but an AEN device includes at least one VAEN. In a specific implementation, the VAEN can be a virtual router (VR) or a logical partition of the AEN.
所述接入网保护系统还可以包括 AN和 /或用户终端, AN至少与一个 VAEN 之间具有连接链路, AN可以与不同 VAEN使用不同的连接链路(即存在冗余连 接链路), 也可以使用相同的连接链路。 连接链路包括物理连接链路或逻辑连接 链路, 逻辑连接链路指实现在物理连接链路上的逻辑通道, 例如: 虚拟局域网 ( Virtual Local Area Network, VLAN )、 ?j久虚电路 (Permanent Virtual Circuit, PVC)、 标签交换路径 (Label Switched Path, LSP)、 运营骨干传送 (PBT)通道等。 用户终端可通过接入线路与 AN相连, AN再与 VAEN连接; 或是用户终端通过 接入线路直接与 VAEN相连。  The access network protection system may further include an AN and/or a user terminal, and the AN has a connection link between at least one VAEN, and the AN may use different connection links (ie, a redundant connection link) with different VAENs. The same connection link can also be used. The connection link includes a physical connection link or a logical connection link, and the logical connection link refers to a logical channel implemented on the physical connection link, for example: Virtual Local Area Network (VLAN), ? j Permanent Virtual Circuit (PVC), Label Switched Path (LSP), Operational Backbone Transfer (PBT) channel, etc. The user terminal can be connected to the AN through the access line, and the AN is connected to the VAEN; or the user terminal is directly connected to the VAEN through the access line.
参见图 3 , 为图 2中的虚拟接入边缘节点的一个具体实施例的组成示意图。 所述虚拟接入边缘节点( VAEN ) 20包括服务提供模块 200、切换处理模块 202、 成员管理模块 204、 数据存储模块 206, 其中: Referring to FIG. 3, it is a schematic diagram of a composition of a specific embodiment of the virtual access edge node in FIG. 2. The virtual access edge node (VAEN) 20 includes a service providing module 200, a handover processing module 202, Member management module 204, data storage module 206, wherein:
服务提供模块 200用于提供用户接入会话管理和 /或设备控制接入会话管理 等接入业务, 具体包括创建或删除正在使用的业务控制数据记录。 所述的业务 控制数据记录包括用户接入会话数据记录、 控制策略数据记录、 拓朴信息数据 记录等。如图 3.0所示,服务提供模块 200进一步可以包括用户接入会话管理子 模块 2002和 /或策略部署管理子模块 2004。 用户接入会话管理子模块 2002用于 提供用户接入会话管理业务, 包括: 创建或终止用户接入会话、 对用户接入会 话进行计费、 转发用户接入会话的报文等。 具体可以是与用户终端协商创建或 删除正在使用的用户接入会话数据记录, 根据用户接入会话数据记录对用户接 入会话进行计费、 转发用户接入会话的报文等。 策略部署管理子模块 2004用于 提供设备控制接入会话管理, 包括创建或更新正在使用的控制策略数据记录或 拓朴信息数据记录等。具体可以是给 AN配置控制策略或收集 AN拓朴信息或收 集 AN策略执行反馈信息。  The service providing module 200 is configured to provide access services such as user access session management and/or device control access session management, and specifically includes creating or deleting a service control data record being used. The service control data record includes a user access session data record, a control policy data record, a topology information data record, and the like. As shown in FIG. 3.0, the service providing module 200 may further include a user access session management sub-module 2002 and/or a policy deployment management sub-module 2004. The user access session management sub-module 2002 is configured to provide a user access session management service, including: creating or terminating a user access session, charging a user access session, and forwarding a user access session message. Specifically, the user terminal negotiates with the user terminal to create or delete a user access session data record, and performs charging for the user access session, forwarding the user access session, and the like according to the user access session data record. The policy deployment management sub-module 2004 is used to provide device control access session management, including creating or updating a control policy data record or topology information data record being used. Specifically, the control policy may be configured for the AN or the AN topology information may be collected or the AN policy execution feedback information may be collected.
切换处理模块 202用于处理切换指示以及进行相应的业务切换。 其中, 当 业务从其他 VAEN切换到本 VAEN时, 所述业务切换具体可包括: 根据所接收 到的切换指示, 通知服务提供模块 200激活该休眠的业务控制数据记录, 服务 提供模块 200则可以根据激活后的业务控制数据提供接入会话业务服务。 当业 务从本 VAEN切换到其他的 VAEN, 所述业务切换包括发送切换指示, 通知服 务提供模块 200休眠或删除相应的业务控制数据记录, 服务提供模块 200停止 提供该业务控制数据记录对应的接入会话业务。  The handover processing module 202 is configured to process the handover indication and perform a corresponding traffic handover. When the service is switched from the other VAEN to the VAEN, the service switching may include: according to the received handover indication, the notification service providing module 200 activates the dormant service control data record, and the service providing module 200 may The activated service control data provides an access session service service. When the service is switched from the VAEN to the other VAEN, the service switching includes sending a handover indication, notifying the service providing module 200 to sleep or delete the corresponding service control data record, and the service providing module 200 stops providing the access corresponding to the service control data record. Conversational business.
成员管理模块 204用于管理备份组的成员状态信息, 并根据其管理的备份 组的成员状态触发切换处理指示。  The member management module 204 is configured to manage member status information of the backup group, and trigger a handover processing indication according to the member status of the backup group managed by the member.
数据存储模块 206用于存储业务控制数据以及备份组的成员状态信息, 所 述备份组的成员状态信息中还可包括成员状态跟踪记录。 存储的业务控制数据 包括正在使用的业务控制数据记录以及休眠的业务控制数据记录。 The data storage module 206 is configured to store service control data and member status information of the backup group. Member status tracking records may also be included in the member status information of the backup group. The stored service control data includes the service control data record being used and the dormant service control data record.
如图 4所示, 所述虚拟接入边缘节点 20的切换处理模块 202进一步可以包 括切换指示子模块 2020和切换平滑子模块 2022。 所述切换指示子模块 2020用 于发送或接收切换指示, 当会话从其他 VAEN切换到本 VAEN时, 切换指示子 模块 2020可用于接收切换指示, 当会话从本 VAEN切换到其他 VAEN时, 切换 指示子模块 2020可用于发送切换指示。 切换平滑子模块 2022用于根据切换指 示子模块 2020的切换指示进行切换平滑处理, 即根据切换指示, 确定休眠的业 务控制数据记录并根据该数据进行切换处理。 当会话从其他 VAEN 切换到本 VAEN时, 切换平滑子模块 2022可用于根据切换指示子模块接收的切换指示, 完成会话从其他 VAEN切换到本 VAEN的切换平滑处理; 当会话从本 VAEN切 换到其他 VAEN时,切换平滑子模块 2022可用于根据切换指示完成本 VAEN的 切换处理。  As shown in FIG. 4, the handover processing module 202 of the virtual access edge node 20 may further include a handover indication submodule 2020 and a handover smoothing submodule 2022. The handover indication sub-module 2020 is configured to send or receive a handover indication. When the session is switched from another VAEN to the local VAEN, the handover indication sub-module 2020 can be configured to receive a handover indication. When the session is switched from the local VAEN to another VAEN, the handover indication is performed. Sub-module 2020 can be used to send a handover indication. The handover smoothing sub-module 2022 is configured to perform handover smoothing processing according to the handover indication of the handover indication sub-module 2020, that is, to determine the dormant traffic control data record according to the handover instruction and perform handover processing according to the data. When the session is switched from the other VAEN to the local VAEN, the handover smoothing sub-module 2022 can be used to complete the handover smoothing process of the session switching from the other VAEN to the local VAEN according to the handover indication received by the handover indication sub-module; when the session is switched from the VAEN to the other At the time of VAEN, the switching smoothing sub-module 2022 can be used to complete the switching process of the present VAEN according to the switching instruction.
如图 5所示,所述成员管理模块 204进一步可以包括成员注册子模块 2040、 成员维持子模块 2042以及成员老化子模块 2044。 成员注册子模块 2040用于成 员相互协商注册并且记录成员状态信息, 成员维持子模块 2042用于监控成员状 态, 包括自己的状态以及对端成员状态。 成员老化子模块 2044, 用于当成员维 持子模块 2042监控到成员状态故障后, 将状态故障的成员设置为不可用或将该 成员移除本备份组, 并发送切换指示至切换指示子模块 2020。  As shown in FIG. 5, the member management module 204 further includes a member registration sub-module 2040, a member maintenance sub-module 2042, and a member aging sub-module 2044. The member registration sub-module 2040 is used for members to negotiate registration and record member status information, and the member maintenance sub-module 2042 is used to monitor the member status, including its own status and peer member status. The member aging sub-module 2044 is configured to: after the member maintenance sub-module 2042 monitors the member status failure, set the member of the status failure to be unavailable or remove the member from the backup group, and send the switching indication to the handover indication sub-module 2020. .
如图 6所示, 所述虚拟接入边缘节点 20进一步还可以包括数据备份模块 208, 用于处理备份数据, 例如发送备份业务控制数据或接收备份业务控制数据 并且处理接收到的备份业务控制数据。如图 6.0所示,数据备份模块 208进一步 包括批量备份子模块 2082和实时备份子模块 2084, 批量备份子模块 2082用于 接收成员管理模块指示, 并根据其指示批量处理备份业务控制数据, 如批量备 份业务数据等,具体可参见对会话保护方法中的相关说明。实时备份子模块 2084 用于实时处理备份业务控制数据, 如实时备份业务数据, 具体可参见对会话保 护方法中的相关说明。 As shown in FIG. 6, the virtual access edge node 20 may further include a data backup module 208, configured to process backup data, such as sending backup service control data or receiving backup service control data, and processing the received backup service control data. . As shown in FIG. 6.0, the data backup module 208 further includes a batch backup sub-module 2082 and a real-time backup sub-module 2084, and the batch backup sub-module 2082 is used. Receiving the instructions of the member management module, and processing the backup service control data in batches according to the instructions, such as batch backup service data. For details, refer to the description of the session protection method. The real-time backup sub-module 2084 is used to process backup service control data in real time, such as real-time backup service data. For details, refer to the description of the session protection method.
两个或两个以上的具有上述功能的虚拟接入边缘节点 20 可组成一个备份 组, 虚拟接入边缘节点互为备份实现保护, 不同虚拟接入边缘节点 20通过数据 存储模块中存储的备份实现会话的保护, 通过成员管理模块、 切换处理模块、 数据备份模块进行保护的控制。 这样有效地提高网络的可靠性。  Two or more virtual access edge nodes 20 having the above functions may form a backup group, and virtual access edge nodes are mutually protected for backup, and different virtual access edge nodes 20 are implemented by backup stored in the data storage module. The protection of the session is controlled by the member management module, the switching processing module, and the data backup module. This effectively improves the reliability of the network.
本发明的具体实施例还提供了一种接入网的保护方法。 其中, 所述接入网 中至少包括一个备份组, 该备份组至少包括两个成员, 如 VAEN1和 VAEN2, 这两个 VAEN具有如上面所述系统中 VAEN的功能, 所述的保护就是通过备份 组成员 VAEN提供用户接入会话管理和 /或接入策略部署(设备控制接入会话管 理 )等接入业务的备份保护, 即 VAEN1和 VAEN2的服务提供模块可以交替提 供接入会话管理和 /或接入策略部署(设备控制接入会话管理)。 如图 7.0所示, 该接入网的保护方法包括:  A specific embodiment of the present invention also provides a method for protecting an access network. The access network includes at least one backup group, and the backup group includes at least two members, such as VAEN1 and VAEN2, and the two VAENs have the function of VAEN in the system as described above, and the protection is through backup. The group member VAEN provides backup protection for access services such as user access session management and/or access policy deployment (device control access session management), that is, the service providing modules of VAEN1 and VAEN2 can alternately provide access session management and/or Access policy deployment (device control access session management). As shown in Figure 7.0, the access network protection method includes:
5070 , 备份组中的第一虚拟接入边缘节点成员接收到切换指示消息;  5070. The first virtual access edge node member in the backup group receives the handover indication message.
5071 , 所述第一虚拟接入边缘节点根据该切换指示消息, 激活相应的存储 的业务控制数据,提供对应的 IP用户接入会话服务和 /或设备控制接入会话服务, 以替换同属一个备份组中的第二虚拟接入边缘节点成员。  The first virtual access edge node activates the corresponding stored service control data according to the handover indication message, and provides a corresponding IP user access session service and/or a device control access session service to replace the same backup. The second virtual access edge node member in the group.
以 VAEN1提供的接入会话需要切换到 VAEN2上的情况为例,该方法包括: VAEN2接收到切换指示消息时, 根据该切换指示消息, 激活相应的其存储的业 务控制数据, 提供对应的 IP用户接入会话服务和 /或设备控制接入会话服务, 以 替换同属一个备份组中的 VAEN1。 进一步,图 7为本发明中接入网的保护方法的第二具体实施例的流程示意图, 主要包括如下过程: For example, when the access session provided by the VAEN1 needs to be switched to the VAEN2, the method includes: when receiving the handover indication message, the VAEN2 activates the corresponding service control data and provides the corresponding IP user according to the handover indication message. The access session service and/or device controls the access session service to replace VAEN1 in the same backup group. Further, FIG. 7 is a schematic flowchart of a second specific embodiment of a method for protecting an access network according to the present invention, which mainly includes the following processes:
S701、 成员注册处理。 在备份组成员提供备份保护前, 备份组的成员必须 进行注册, 即记录备份组的成员状态信息, 该信息可以通过创建备份组成员状 态跟踪记录表来进行记录。 其中备份组的成员即是指备份组中的虚拟接入边缘 节点。 可在 AEN中预先配置并保存备份组的成员状态信息(即预先进行成员注 册), 备份组的成员状态信息可以包括成员标识、 成员优先级、 成员注册模式、 成员的备份组标识、 虚拟网关、 虚拟 BFD网络端等。 所有成员的备份组标识一 致的成员构成一个备份组。 AEN可以配置一个或多个备份组成员 (即 VAEN )。  S701, member registration processing. Before the backup group member provides backup protection, members of the backup group must register, that is, record the member status information of the backup group. This information can be recorded by creating a backup group member status record record table. The member of the backup group refers to the virtual access edge node in the backup group. The member status information of the backup group can be pre-configured and saved in the AEN (that is, member registration is performed in advance). The member status information of the backup group can include member ID, member priority, member registration mode, member backup group ID, virtual gateway, Virtual BFD network and so on. The members of the backup group ID of all members form a backup group. AEN can configure one or more backup group members (ie VAEN).
成员注册模式可以包括动态注册或静态注册。 静态注册指静态创建, 如手 工配置, 备份组成员状态跟踪记录。 动态注册指成员通过成员注册消息动态创 建备份组成员状态跟踪记录。本示例中,成员 VAEN1启动后监控成员注册消息, VAEN2启动后发送成员注册消息, VAEN1根据收到的消息创建备份组成员状态 跟踪记录, VAEN1响应 VAEN2的注册消息, VAEN2收到 VAEN1的消息后也 可以创建备份组成员状态跟踪记录。 备份组成员状态跟踪记录包括备份组当前 可用 (状态正常) 的成员列表。 成员注册子模块负责处理成员注册(例如: 接 收或响应成员注册消息 ) 以及触发数据存储模块存储成员状态跟踪记录。  The member registration mode can include dynamic registration or static registration. Static registration refers to static creation, such as manual configuration, backup group member status tracking records. Dynamic registration means that members dynamically create backup group member status tracking records through member registration messages. In this example, after the member VAEN1 starts, it monitors the member registration message. After VAEN2 starts, it sends a member registration message. VAEN1 creates a backup group member status tracking record according to the received message. VAEN1 responds to the registration message of VAEN2, and VAEN2 also receives the message of VAEN1. You can create a backup group member status trace record. The backup group member status trace record includes a list of members that are currently available (normal status) for the backup group. The member registration sub-module is responsible for handling member registrations (for example: receiving or responding to member registration messages) and triggering the data storage module to store member status trace records.
成员状态跟踪记录表中还包括成员的保护模式, 保护模式主要包括主备保 护模式或负荷分担保护模式。 在主备保护模式中, 备份组中的成员分为主用状 态和备用状态, 在注册时, 由主用状态的 VAEN提供接入会话服务, 而备用状 态提供备份保护。 在负荷分担保护模式下, 则所有备份组中的成员的地位是均 等的, 在注册时, 可由备份组中的任何一个成员 (可按一定策略)提供接入会 话服务, 即备份组中的 VAEN共同提供服务, 互相提供备份保护。 在本方法的具体实施例中, 本步骤为可选, 即当备份组成员已经预先注册 的情况下, 会话切换前不需要再重复注册。 The member status tracking record table also includes the protection mode of the member. The protection mode mainly includes the active/standby protection mode or the load sharing protection mode. In the active/standby mode, the members in the backup group are classified into the active state and the standby state. When registering, the VAEN in the active state provides access session services, while the standby state provides backup protection. In the load sharing protection mode, the status of the members in all the backup groups is equal. When registering, the access session service can be provided by any member of the backup group (which can be according to a certain policy), that is, the VAEN in the backup group. Provide services together and provide backup protection to each other. In the specific embodiment of the method, this step is optional, that is, when the backup group member has been pre-registered, the registration does not need to be repeated before the session is switched.
5702、 批量备份处理。 一个备份组的成员注册完毕后, 需要进行批量备份 处理, 一般的先启动 VAEN向后注册的 VAEN批量备份业务控制数据, 后注册 的 VAEN接收业务控制数据并且緩存业务控制数据。  5702, batch backup processing. After the registration of a member of a backup group is completed, the batch backup process is required. Generally, the VAEN is used to start the VAEN batch backup service control data. The registered VAEN receives the service control data and caches the service control data.
本示例中 VAEN1向 VAEN2批量备份业务控制数据。 所述的业务控制数据 包括正在使用的用户接入会话数据记录和 /或控制策略数据记录或拓朴信息数据 记录。 具体为: VAEN1的批量备份子模块从本 VAEN (即 VAEN1 )的数据存储 模块获取正在使用的业务控制数据, 然后将业务控制数据封装到批量备份消息 中, 发送该消息到 VAEN2, VAEN2的批量备份子模块接收到批量备份消息, 获 取业务控制数据, 通知服务提供模块緩存业务控制数据, 即作为休眠的业务控 制数据记录保存。 此步骤视实际应用为可选。  In this example, VAEN1 backs up the business control data in bulk to VAEN2. The service control data includes user access session data records and/or control policy data records or topology information data records being used. Specifically, the batch backup submodule of VAEN1 obtains the service control data being used from the data storage module of the VAEN (ie, VAEN1), and then encapsulates the service control data into the batch backup message, and sends the message to the VAEN2, VAEN2 batch backup. The submodule receives the batch backup message, obtains the service control data, and notifies the service providing module to cache the service control data, that is, saves as the dormant service control data record. This step is optional depending on the actual application.
5703、 实时备份处理。 VAEN 的业务控制发生改变 (例如: 服务提供模块 创建或终止了用户接入会话、从 AN收集到新的拓朴信息或从 AN收集到新的策 略执行反馈信息, VAEN的正在使用的业务控制数据记录发生变化)时, 服务提 供模块通知实时备份子模块将变化的业务控制数据封装到实时备份消息中, 然 后发送消息到 VAEN2, VAEN2的实时备份子模块接收到实时备份消息, 获取业 务控制参数,通知 VAEN2的服务提供模块管理本数据存储模块中的休眠的业务 控制数据记录, 例如: 增加休眠的业务控制数据记录或移除休眠业务控制数据 记录。 此步骤视实际应用为可选。  5703, real-time backup processing. VAEN's service control changes (for example: the service provision module creates or terminates a user access session, collects new topology information from the AN, or collects new policy enforcement feedback information from the AN, VAEN's ongoing service control data When the record changes, the service providing module notifies the real-time backup sub-module to encapsulate the changed service control data into the real-time backup message, and then sends the message to VAEN2, and the real-time backup sub-module of VAEN2 receives the real-time backup message and obtains the service control parameter. The service providing module of the VAEN2 is notified to manage the dormant service control data record in the data storage module, for example: adding a dormant service control data record or removing a dormant service control data record. This step is optional depending on the actual application.
5704、 切换处理。 VAEN接收切换指示消息, 根据切换指示进行接入业务 的切换或平滑处理。  5704, switching processing. The VAEN receives the handover indication message, and performs switching or smoothing processing of the access service according to the handover indication.
本示例中 VAEN1发送切换指示消息给 VAEN2, 切换指示消息包括切换标 识, 该切换标识表明了切换范围, 例如切换 VAEN1创建的所有用户接入会话或 某一条用户接入会话。当 VAEN2收到切换指示后,进行接入业务的切换: VAEN2 的切换平滑子模块根据切换指示提取休眠的业务控制数据记录, 例如: 根据切 换标识提取所有来自 VAEN1备份的会话对应的业务控制数据记录,然后通知服 务提供模块激活业务控制数据, 服务提供模块使用激活后业务控制数据继续提 供服务 (休眠的业务控制数据记录切换为正在使用的业务控制数据), 如果 VAEN2为主备保护模式, VAEN2的切换平滑子模块还激活服务提供模块开始提 供业务。 同时, VAEN1可以进行会话切换处理, 具体包括: VAEN1的切换指示 模块根据切换指示触发切换平滑子模块进行切换, 通知服务提供模块休眠或删 除切换指示所确定的业务控制数据记录, 服务提供模块停止提供该休眠或删除 的业务控制数据记录对应会话的业务。 In this example, VAEN1 sends a handover indication message to VAEN2, and the handover indication message includes a handover indicator. The switching identifier indicates the switching range, for example, switching all user access sessions created by VAEN1 or a certain user access session. After receiving the handover indication, the VAEN2 performs the handover of the access service: the handover smoothing submodule of the VAEN2 extracts the dormant service control data record according to the handover indication, for example: extracts all the service control data records corresponding to the session from the VAEN1 backup according to the handover identifier. And then notifying the service providing module to activate the service control data, and the service providing module continues to provide the service by using the activated service control data (the dormant service control data record is switched to the service control data being used), if VAEN2 is in the primary backup mode, VAEN2 The switch smoothing sub-module also activates the service provisioning module to begin providing services. At the same time, the VAEN1 can perform the session switching process, which specifically includes: the handover indication module of the VAEN1 triggers the handover smoothing submodule to perform handover according to the handover indication, notifies the service providing module to sleep or delete the service control data record determined by the handover indication, and the service providing module stops providing The dormant or deleted service control data record corresponds to the service of the session.
另一方面所述的切换指示也可能是由接入网中的其他设备发送给 VAEN2的 切换平滑子模块的。 如 VAEN2检测到 VAEN1故障后可产生一切换指示消息并 发送给 VAEN2的切换平滑子模块进行会话切换处理。  On the other hand, the handover indication may also be sent by the other devices in the access network to the handover smoothing sub-module of VAEN2. If VAEN2 detects a failure of VAEN1, it can generate a handover indication message and send it to the handover smoothing submodule of VAEN2 for session switching processing.
在 VAEN2完成本切换处理前或后还可同时向该接入会话的用户或 AN发送 接入会话切换消息, 通知用户或 AN 需要对当前的接入会话进行切换, 则用户 或 AN会对该接入会话切换消息进行本的切换处理。  Before the VAEN2 completes the handover process, the user or the AN may send an access session switch message to the user or the AN of the access session to notify the user or the AN that the current access session needs to be switched. The session switching message is used to perform the switching process of the present.
在上述的接入网的保护方法中, 通过设置多个虚拟的接入边缘节点为接入 会话提供了备份的接入通路, 使得在正在使用会话出现连接故障等问题时可使 用备份的接入通路为接入会话服务, 提高了网络的可靠性。 同时, 该备份的接 入通路中使用的虚拟接入边缘节点可以在同一物理设备上实现, 则可以实现在 不增加硬件的基础上的备份保护, 较为实现且节约资源。  In the foregoing method for protecting an access network, a plurality of virtual access edge nodes are provided to provide a backup access path for an access session, so that backup access can be used when a connection failure occurs in a session. The path serves the access session and improves the reliability of the network. At the same time, the virtual access edge node used in the access path of the backup can be implemented on the same physical device, which can implement backup protection without adding hardware, and realizes and saves resources.
基于上述的接入网的保护方法的具体实施例, 本发明还提供了一种备份组 成员管理的方法, 该方法可由上述的成员管理模块实现, 请参阅图 8, 主要包括 以下步骤: Based on the foregoing specific embodiment of the protection method of the access network, the present invention further provides a backup group. A member management method, which can be implemented by the member management module described above. Referring to FIG. 8, the method mainly includes the following steps:
5801、 成员维持处理。 成员维持处理主要是监控以及跟踪成员状态, 当检 测到成员状态故障时,触发进行切换处理操作。监控成员状态包括监控本 VAEN 状态或备份组中其他 VAEN (即对端 VAEN ) 的状态, 例如 VAEN1监控自身状 态或本备份组中成员 VAEN2的状态。 VAEN可以通过成员维持消息检测成员间 的状态, 即成员间周期性的发送成员维持消息, 如果指定时间内收不到对端的 成员维持消息, 则判断对端成员状态故障, 开始成员老化处理。  5801, members maintain processing. The member maintenance process mainly monitors and tracks the member status, and triggers the switching processing operation when the member status failure is detected. Monitoring member status includes monitoring the status of this VAEN status or other VAEN (ie, the remote VAEN) in the backup group, for example, VAEN1 monitors its own status or the status of member VAEN2 in this backup group. The VAEN can maintain the status of the member through the member maintenance message. That is, the member sends the message periodically. If the member does not receive the message from the peer in the specified time, the status of the peer member is determined to be faulty.
5802、 成员老化处理。 当检测到成员状态故障后, 对该成员进行老化处理, 即设置该成员不可用或移除该成员 (例如: 在备份组成员状态跟踪记录中删除 相应的成员), 发送切换指示到切换指示子模块。 该切换指示包含的切换标识可 以是状态故障成员标识。  5802, member aging processing. After the member status fault is detected, the member is aged, that is, the member is unavailable or the member is removed (for example: the corresponding member is deleted in the backup group member status record), and the switching indication is sent to the switching indicator. Module. The handover indicator included in the handover indication may be a state failure member identifier.
基于图 7和图 8所述的接入网保护的方法, 本发明还详细提供了接入网的 用户接入会话的热备份的保护方法, 参见图 9, 主要包括以下步骤:  Based on the method for access network protection according to FIG. 7 and FIG. 8, the present invention further provides a method for protecting a hot backup of a user access session of an access network. Referring to FIG. 9, the method further includes the following steps:
S901、创建用户接入会话 (本示例中为 IP会话 )并通知备份用户接入会话。 在本例中 VAEN1的用户接入会话管理子模块检测到用户终端接入网络请求后, 与用户终端进行协商, VAEN1创建 IP会话(创建和保存正在使用的 IP会话记 录), 为用户终端提供用户接入会话管理服务。 VAEN1的用户接入会话管理子模 块在 IP会话创建完成后通知数据备份模块进行数据备份。  S901. Create a user access session (in this example, an IP session) and notify the backup user of the access session. In this example, after the user access session management sub-module of VAEN1 detects that the user terminal accesses the network request, it negotiates with the user terminal, and VAEN1 creates an IP session (creates and saves the IP session record being used) to provide a user for the user terminal. Access session management service. The user access session management submodule of VAEN1 notifies the data backup module to perform data backup after the IP session is created.
S902、 实时备份处理。 本示例中 VAEN1发送实时备份消息, VAEN2接收 到消息后, 緩存 IP会话(创建并存储休眠的 IP会话记录)。 具体为 VAEN1的 数据备份模块接收到 IP 会话备份通知, 检查存在状态正常的对端 VAEN2, VAEN1 的数据备份模块的实时备份子模块将 IP会话参数封装到实时备份消息 中, 然后发送该消息到 VAEN2, VAEN2收到该消息后, 緩存 IP会话(创建并 存储休眠的 IP会话记录)。 IP会话参数可包括 IP地址、链路标识( PVC、 VLAN、 接入位置等)、 MAC地址、 生命周期、 账户名称(User-Name )、 配置参数( QoS 参数、 组播权限控制表、 DPI策略等)、 备份类型(热备份或冷备份)、 存活机制 参数( BFD网络端 IP地址、 My/Your Discriminator本端 /对端 BFD标识、 时间 间隔等)、 网关标识等。 在该实时备份处理之前也可以进行批量备份。 S902, real-time backup processing. In this example, VAEN1 sends a real-time backup message, and after receiving the message, VAEN2 caches the IP session (creates and stores the sleeping IP session record). Specifically, the data backup module of VAEN1 receives the IP session backup notification, checks the peer VAEN2 with the normal state, and the real-time backup submodule of the data backup module of VAEN1 encapsulates the IP session parameters into the real-time backup message. In, then send the message to VAEN2, after receiving the message, VAEN2 caches the IP session (creates and stores the sleeping IP session record). IP session parameters may include IP address, link identifier (PVC, VLAN, access location, etc.), MAC address, lifetime, account name (User-Name), configuration parameters (QoS parameters, multicast rights control table, DPI policy) Etc.), backup type (hot backup or cold backup), survival mechanism parameters (BFD network IP address, My/Your Discriminator local/peer BFD ID, time interval, etc.), gateway ID, etc. Batch backups can also be performed before this real-time backup processing.
5903、 切换指示处理。 VAEN1检测到用户接入会话故障、 或接收到其他网 络设备发送的网管管理指令(所述指令中包括切换指示)、 或 VAEN1故障后, 发送切换指示通知 VAEN2进行切换处理。 VAEN1可以通过存活机制检测到 IP 会话中断或 AN报告用户接入会话附着的线路故障判定接入会话故障。 具体实 现可以为: VAEN1用户接入会话管理子模块检测到用户接入会话故障或成员维 持子模块检测到 VAEN1故障后, 通知切换指示子模块, 切换指示子模块根据故 障情况构造切换指示消息, 然后发送到 VAEN2。  5903. Switching instruction processing. When VAEN1 detects a user access session failure, or receives a network management command sent by another network device (including a handover indication in the instruction), or a VAEN1 failure, the handover indication notification VAEN2 performs a handover process. VAEN1 can detect the interruption of the IP session through the survival mechanism or the line failure of the AN reporting user access session to determine the access session failure. The specific implementation may be: after the VAEN1 user access session management submodule detects that the user access session is faulty or the member maintenance submodule detects the VAEN1 fault, notifies the handover indication submodule, and the handover indication submodule constructs a handover indication message according to the fault condition, and then Send to VAEN2.
5904、 切换平滑处理。 本示例中 VAEN2接收到切换指示, 解析切换指示消 息并获取切换标识, 例如: IP会话标识或成员标识; 当然 VAEN2可以通过检测 VAEN1的状态从而触发 VAEN2进行切换处理, 开始切换或平滑 (smoothing ) 处理, 本处理包括:  5904. Switching smoothing processing. In this example, VAEN2 receives the handover indication, parses the handover indication message, and obtains the handover identifier, for example: IP session identifier or member identifier; of course, VAEN2 can trigger VAEN2 to perform handover processing by detecting the state of VAEN1, and start switching or smoothing processing. , this process includes:
a、 VAEN2向用户发送 ARP (地址解析协议)请求消息, 该请求消息可用 于刷新汇聚网或 AN的数据转发表。 ARP请求消息源 IP和 MAC地址为网关 IP 和 MAC地址, 目的 IP和 MAC地址可以为广播地址或 IP会话的地址。 VAEN2 可以按照网关、接口或用户接入会话发送 ARP请求消息, 例如: VAEN2按照休 眠的 IP会话记录逐一发送该消息, 或者在一个 VLAN内发送一个 ARP请求消 息。 本步为可选。 b、 VAEN2通知 AN进行保护切换。具体可以为: VAEN2通过 ANCP/L2CM 设备控制接入会话通知 AN保护切换信息。 AN收到切换通知后,开始切换处理, 包括 AN切换 DHCP 中继 ( Relay ) 的目的路径或切换 IP会话的目的路径。 本 步也为可选步骤。 a. VAEN2 sends an ARP (Address Resolution Protocol) request message to the user, and the request message can be used to refresh the data forwarding table of the aggregation network or the AN. The ARP request message source IP and MAC address are the gateway IP and MAC address, and the destination IP and MAC address can be the broadcast address or the address of the IP session. VAEN2 can send ARP request messages according to the gateway, interface or user access session. For example: VAEN2 sends the message one by one according to the dormant IP session record, or sends an ARP request message in one VLAN. This step is optional. b. VAEN2 notifies the AN to perform protection switching. Specifically, it can be: VAEN2 controls the access session to notify the AN protection switching information through the ANCP/L2CM device. After receiving the handover notification, the AN starts the handover process, including the destination path of the AN to switch the DHCP relay or the destination path of the IP session. This step is also an optional step.
c、 VAEN2激活 IP会话。 具体包括: VAEN2从休眠的 IP会话记录中获取 IP参数, 设置 IP会话的数据转发表、 开始计费、 开启存活机制协商(如, 根据 备份的 BFD参数重新协商 BFD监控连接或开始 ARP探测或邻居不可达检测 NUD, 其中, 重新协商 BFD监控连接包括 VAEN2向用户终端发送 BFD控制报 文, BFD控制报文参数可从备份的 BFD参数中获取, BFD控制报文的源 IP保 持与切换前一致)、 或者建立安全联盟(IKE协商)。  c. VAEN2 activates the IP session. The VAEN2 obtains the IP parameters from the dormant IP session record, sets the data forwarding table of the IP session, starts the accounting, and starts the negotiation of the survival mechanism. For example, renegotiating the BFD monitoring connection or starting the ARP probe or neighbor according to the BFD parameters of the backup. Unreachable detection of the NUD, where the renegotiation of the BFD monitoring connection includes the VAEN2 sending the BFD control packet to the user terminal, and the BFD control packet parameters are obtained from the backup BFD parameters. The source IP address of the BFD control packet remains the same as that before the handover. Or establish a security association (IKE negotiation).
IP会话切换到 VAEN2上, 用户继续使用该用户接入会话进行通讯, 如文件 下载或网页浏览。  The IP session is switched to VAEN2, and the user continues to use the user access session for communication, such as file download or web browsing.
基于上述的保护方法, 用户终端的 IP会话可以在不同的 VAEN间切换, 用 户接入会话在切换过程中保持连续 (continuity ) , 该方法能够有效解决 VAEN 故障或接入用户的链路故障导致不能对用户提供接入服务的问题。  Based on the foregoing protection method, the IP session of the user terminal can be switched between different VAENs, and the user access session is continually maintained during the handover process. The method can effectively solve the failure of the VAEN or the link failure of the access user. The problem of providing access services to users.
基于图 9所述的接入会话热备份保护的方法的具体实施例, 本发明详细提 供了 IP会话实时备份的方法, 它为备份组成员提供了一致的 IP会话数据,保证 了 IP会话在备份组成员间的平滑切换。如图 10所示,本方法主要包括以下步骤: Based on the specific embodiment of the method for accessing the session hot backup protection according to FIG. 9, the present invention provides a method for real-time backup of an IP session in detail, which provides consistent IP session data for the backup group members, and ensures that the IP session is backed up. Smooth switching between group members. As shown in FIG. 10, the method mainly includes the following steps:
S1001到 S1004、 VAEN与用户终端协商创建 IP会话, 本示例中 VAEN1最 终为用户终端创建了 IP会话。 具体过程可以为: S1001 to S1004 and VAEN negotiate with the user terminal to create an IP session. In this example, VAEN1 finally creates an IP session for the user terminal. The specific process can be:
S1001、 VAEN 的服务提供模块的用户接入会话管理子模块接收到用户终 端发送的 DHCP发现(Discovery ) 消息, VAEN可以根据自己的状态和配置处 理 DHCP消息, 例如: VAEN可以丟弃该消息, 或者立即或延时转发该消息。 用户终端发送的 DHCP发现消息可能是广播发送的, VAEN1或 VAEN2可能都 收到该 DHCP发现消息,本示例中 VAEN2根据自己的状态丟弃该消息, VAEN1 转发该消息至 DHCP服务器。 S1001, the user access session management submodule of the service providing module of the VAEN receives the DHCP discovery (Discovery) message sent by the user terminal, and the VAEN can process the DHCP message according to its own state and configuration, for example: VAEN can discard the message, or The message is forwarded immediately or delayed. The DHCP discovery message sent by the user terminal may be broadcasted. VAEN1 or VAEN2 may receive the DHCP discovery message. In this example, VAEN2 discards the message according to its own state, and VAEN1 forwards the message to the DHCP server.
51002、 VAEN1转发 DHCP提供(Offer )消息, VAEN1的服务提供模块的 用户接入会话管理子模块作为 DHCP 中继或代理转发该消息, VAEN1 收到 DHCP服务器发送的响应 DHCP发现消息的 DHCP提供消息, VAEN1将 DHCP 提供消息转发至用户终端。  51002, VAEN1 forwards the DHCP offer (Offer) message, the user access session management submodule of the service providing module of VAEN1 forwards the message as a DHCP relay or proxy, and VAEN1 receives the DHCP offer message sent by the DHCP server in response to the DHCP discover message. VAEN1 forwards the DHCP offer message to the user terminal.
51003、 VAEN1转发 DHCP请求(Request )消息, VAEN1的服务提供模块 的用户接入会话管理子模块作为 DHCP中继或代理转发该消息, VAEN1收到用 户终端发送 DHCP请求消息, VAEN1将 DHCP请求消息转发至 DHCP服务器。  51003, VAEN1 forwards a DHCP request (Request) message, the user access session management sub-module of the service providing module of VAEN1 forwards the message as a DHCP relay or proxy, and VAEN1 receives the DHCP request message sent by the user terminal, and VAEN1 forwards the DHCP request message. To the DHCP server.
51004、 VAEN1转发 DHCP确认( ACK ) 消息以及创建 IP会话, VAEN1 接收到 DHCP服务器发送的 DHCP确认消息, 解析该消息获取 IP会话参数, 然 后创建并存储正在使用的 IP会话记录。 VAEN1将 DHCP确认消息转发至用户 终端。 同时 VAEN1触发实时备份, 具体实现可以是用户接入会话管理子模块通 知实时备份子模块进行创建用户接入会话实时备份。 VAEN1可以根据用户级别 选择保护模式, 例如: IP会话对应的用户是重要客户, 则使用热备份保护, 对 于级别低的客户, 可以不使用保护或冷备份保护(具体实现见后续描述)。 本示 例中 IP会话实现热备份保护。  51004. VAEN1 forwards the DHCP acknowledgement (ACK) message and creates an IP session. VAEN1 receives the DHCP acknowledgement message sent by the DHCP server, parses the message to obtain the IP session parameters, and then creates and stores the IP session record being used. VAEN1 forwards the DHCP acknowledgment message to the user terminal. At the same time, VAEN1 triggers real-time backup. The specific implementation may be that the user access session management sub-module notifies the real-time backup sub-module to create a real-time backup of the user access session. VAEN1 can select the protection mode according to the user level. For example, if the user corresponding to the IP session is an important customer, the hot backup protection is used. For customers with low level, the protection or cold backup protection can be omitted (for details, see the subsequent description). In this example, the IP session implements hot backup protection.
51005、 VAEN1实时备份创建的 IP会话。 具体实现可以是实时备份子模块 将 IP会话参数封装到实时备份消息中,发送实时备份消息到 VAEN2。 所述的实 时备份消息还可以包括数据类型以及操作类型, 数据类型可以是 IP会话, 操作 类型是创建操作。 VAEN2收到实时备份消息后, 解析实时备份消息以及获取 IP S1006到 S1007、 VAEN1与用户终端协商更新 IP会话参数, 具体过程可以 为: 51005, VAEN1 real-time backup created IP session. The specific implementation may be that the real-time backup sub-module encapsulates the IP session parameters into a real-time backup message and sends a real-time backup message to VAEN2. The real-time backup message may further include a data type and an operation type, the data type may be an IP session, and the operation type is a creation operation. After receiving the real-time backup message, VAEN2 parses the real-time backup message and obtains the IP address. S1006 to S1007 and VAEN1 negotiate with the user terminal to update the IP session parameters. The specific process may be:
51006、 VAEN1转发 DHCP请求( Request )消息, VAEN1收到的用户终端 发送的 DHCP请求消息转发至 DHCP服务器。 DHCP请求消息用于用户终端请 求更新 IP会话参数, 如 IP地址租期。  51006. VAEN1 forwards a DHCP Request message, and the DHCP request message sent by the user terminal received by VAEN1 is forwarded to the DHCP server. The DHCP request message is used by the user terminal to request an update of the IP session parameters, such as an IP address lease.
51007、 VAEN1转发 DHCP确认消息以及更新 IP会话, VAEN1接收到 DHCP 服务器发送的 DHCP确认消息, 解析该消息获取 IP会话更新参数, 然后更新 IP 会话记录。 VAEN1将 DHCP确认消息转发至用户终端。 同时 VAEN1触发实时 备份, 具体可以是用户接入会话管理子模块通知实时备份子模块进行更新会话 实时备份。  51007. The VAEN1 forwards the DHCP acknowledgement message and updates the IP session. The VAEN1 receives the DHCP acknowledgement message sent by the DHCP server, parses the message to obtain the IP session update parameter, and then updates the IP session record. VAEN1 forwards the DHCP acknowledgment message to the user terminal. At the same time, VAEN1 triggers real-time backup. Specifically, the user access session management sub-module notifies the real-time backup sub-module to perform real-time backup of the update session.
51008、 VAEN1实时备份更新的 IP会话。 实时备份子模块将 IP会话参数封 装到实时备份消息中, 发送实时备份消息到 VAEN2。 所述的实时备份消息还可 以包括更新操作类型。 VAEN2收到实时备份消息后,根据 IP会话参数获取緩存 的休眠的 IP会话记录, 最后更新緩存的休眠的 IP会话记录的参数。  51008, VAEN1 backs up the updated IP session in real time. The real-time backup sub-module encapsulates the IP session parameters into real-time backup messages and sends real-time backup messages to VAEN2. The real-time backup message may also include an update operation type. After receiving the real-time backup message, VAEN2 obtains the cached sleep IP session record according to the IP session parameters, and finally updates the cached sleep IP session record parameters.
51009、终止 IP会话处理。 VAEN1收到用户终端发送的 DHCP释放( release ) 消息或通过存活机制检测到 IP会话终端, VAEN1终止 IP会话并且删除 IP会话 记录。 同时 VAEN1触发实时备份, 具体可以是用户接入会话管理子模块通知实 时备份子模块进行终止会话实时备份。  51009. Terminate IP session processing. VAEN1 receives the DHCP release message sent by the user terminal or detects the IP session terminal through the survival mechanism. VAEN1 terminates the IP session and deletes the IP session record. At the same time, VAEN1 triggers real-time backup. Specifically, the user access session management sub-module notifies the real-time backup sub-module to terminate the session real-time backup.
51010、 VAEN1实时备份终止 IP会话。 实时备份子模块将 IP会话参数封装 到实时备份消息中, 发送实时备份消息到 VAEN2。 所述的实时备份消息还可以 包括终止操作类型。 VAEN2收到实时备份消息后,根据 IP会话参数获取緩存的 休眠的 IP会话记录, 最后删除緩存的 IP会话(删除休眠的 IP会话记录)。  51010, VAEN1 real-time backup terminates the IP session. The real-time backup sub-module encapsulates the IP session parameters into real-time backup messages and sends real-time backup messages to VAEN2. The real-time backup message may also include a termination operation type. After receiving the real-time backup message, VAEN2 obtains the cached dormant IP session record according to the IP session parameters, and finally deletes the cached IP session (delete the dormant IP session record).
采用实时备份(热备份) 的用户接入会话保护方法, 由于正在使用会话中 的相关数据都实时的备份给了备份组中的其他虚拟接入边缘节点, 使得当正在 使用会话出现故障需要进行会话切换时, 当前会话可以实时的切换到备份组中 的其他虚拟接入边缘节点上, 对于用户方而言不会感觉到会话出现中断。 User access session protection method using real-time backup (hot backup), due to the session being used The related data is backed up in real time to other virtual access edge nodes in the backup group, so that when the session is in use and the session needs to be switched, the current session can be switched to other virtual access edge nodes in the backup group in real time. On the user side, there is no interruption in the session.
基于图 7和图 8所述的接入网的保护方法的具体实施例, 本发明还详细描 述了用户接入会话的冷备份的保护方法, 请见图 11 , 所述方法主要包括以下步 骤:  The method for protecting the cold backup of the user access session is described in detail in the following, and the method mainly includes the following steps:
51101、 创建用户接入会话(本示例中为 IP会话)并通知备份接入会话。 本 示例中 VAEN1创建用户接入会话。  51101. Create a user access session (in this example, an IP session) and notify the backup access session. In this example, VAEN1 creates a user access session.
51102、切换指示处理。 VAEN1检测到用户接入会话故障或网管管理指令或 VAEN1故障, 然后发送切换指示, 该切换指示消息可以通知 VAEN2进行切换 处理。所述的 VAEN1故障包括 VAEN1连接 IP网络的上行接口故障或连接接入 汇聚网的下行接口故障等。 VAEN2检测到 VAEN1异常, 也可以触发自身进行 切换处理。  51102. Switching indication processing. VAEN1 detects a user access session failure or network management command or VAEN1 failure, and then sends a handover indication, which can notify VAEN2 to perform handover processing. The VAEN1 fault includes an uplink interface failure of the VAEN1 connected to the IP network or a downlink interface failure of the connection access aggregation network. When VAEN2 detects VAEN1 abnormality, it can also trigger its own switching process.
51103、 切换平滑处理。 本示例中 VAEN2接收到切换指示, 解析切换指示 消息并获取切换标识, 开始切换处理。 所述的切换处理包括:  51103. Switching smoothing processing. In this example, VAEN2 receives the handover indication, parses the handover indication message, and acquires the handover identifier, and starts the handover process. The switching process includes:
a、 VAEN2向用户终端发送用于刷新数据转发表的 ARP消息或邻居发现 ND 消息。 本步为可选。  a. VAEN2 sends an ARP message or a neighbor discovery ND message for refreshing the data forwarding table to the user terminal. This step is optional.
b、 VAEN2通知 AN进行保护切换。 本步也为可选步骤。  b. VAEN2 notifies the AN to perform protection switching. This step is also an optional step.
c、 VAEN2 向用户终端发送上线通知消息指示终端重新上线 (即重新建立 IP会话)。 VAEN2可以根据 VLAN或根据用户接入会话发送上线通知消息。 所 述上线通知消息包括 DHCP更新消息或 BFD消息, 该消息目的地址可以为广播 或多播地址。  c. VAEN2 sends an online notification message to the user terminal to indicate that the terminal is back online (ie, re-establishes an IP session). VAEN2 can send an online notification message according to the VLAN or according to the user access session. The online notification message includes a DHCP update message or a BFD message, and the destination address of the message may be a broadcast or multicast address.
51104、 重建 IP 会话。 用户终端收到上线通知消息后, 重新同切换后的 VAEN2协商建立 IP会话。 51104. Rebuild the IP session. After the user terminal receives the online notification message, it is re-switched. VAEN2 negotiates to establish an IP session.
基于上述的保护方法, 用户终端的 IP会话可以在不同的 VAEN间切换, 该 方法能够有效解决 VAEN故障后拒绝对用户提供接入服务的问题。  Based on the above protection method, the IP session of the user terminal can be switched between different VAENs. This method can effectively solve the problem of refusing to provide access services to users after the VAEN failure.
采用上述冷备份的方法, 正在使用会话的相关数据在会话建立之初或 /和在 会话切换时批量备份至备份组中的其他虚拟接入边缘节点上, 当正在使用会话 出现故障时, 用户的正在使用会话中断, 上述其他虚拟接入边缘节点在获取完 相关数据后就可以通知所述用户重新上线, 使用新的会话进行通讯。  With the above-mentioned cold backup method, the related data of the session being used is backed up to the other virtual access edge nodes in the backup group at the beginning of the session establishment and/or at the time of session switching, and when the session is in use, the user's The session interruption is being used. After the other virtual access edge nodes acquire the relevant data, they can notify the user to go online again and use the new session to communicate.
基于图 7所述的接入网的保护方法的具体实施例, 本发明还描述了接入网 的 L2CM或 ANCP的设备控制接入会话的保护方法, 参见图 12, 主要包括以下 步骤:  Based on the specific embodiment of the protection method of the access network described in FIG. 7, the present invention also describes a method for protecting the access control session of the device of the L2CM or the ANCP of the access network. Referring to FIG. 12, the method mainly includes the following steps:
S1201、 VAEN1首先与 AN建立 L2CM或 ANCP控制接入会话 (本示例中 称之为 L2C连接 1 )。 L2C连接 1可以使用通用交换机管理协议( General Switch Management Protocol, GSMP )邻接协议建立, 即 VAEN1的策略部署管理子模 块与 AN通过 GSMP协议建立 L2C连接。 该控制连接用于策略部署以及收集拓 朴信息或策略执行反馈信息, 策略助兴反馈信息包括组播计费、 权限控制响应 等信息。  S1201, VAEN1 first establishes an L2CM or ANCP control access session with the AN (referred to as L2C connection 1 in this example). The L2C connection 1 can be established using the General Switch Management Protocol (GSMP) adjacency protocol, that is, the policy deployment management submodule of VAEN1 and the AN establish an L2C connection through the GSMP protocol. The control connection is used for policy deployment and collects topology information or policy execution feedback information. The policy feedback information includes information such as multicast charging and permission control response.
51202、 VAEN2与 AN建立 L2CM或 ANCP控制接入会话 (本示例中称之 为 L2C连接 2 )。 本示例中 L2C连接 2在 L2C连接 1建立之后建立。  51202. VAEN2 establishes an L2CM or ANCP control access session with the AN (referred to as L2C connection 2 in this example). In this example, L2C connection 2 is established after L2C connection 1 is established.
51203、 VAEN1的成员注册处理。 VAEN1收到 AN发送的成员注册指示消 息, 根据消息进行成员注册处理。 本示例中成员注册指示消息可以为 GSMP的 邻接更新 (Adjacency Update)消息。 AN在完成建立 L2C连接 2后, AN会发送邻 接更新消息通知 VAEN1。 VAEN1收到邻接更新消息后,解析消息获取成员信息, 例如通过邻接更新消息的连接数目(Code)域判断增加了成员, VAEN1 在成员状 态跟踪记录中激活新的成员。 VAEN1可以根据成员注册指示消息携带的成员标 识激活新的成员或 ^据预先配置的默认值激活新的成员。 51203, VAEN1 member registration processing. VAEN1 receives the member registration indication message sent by the AN, and performs member registration processing according to the message. The member registration indication message in this example may be a GSMP Adjacency Update message. After the AN completes establishing the L2C connection 2, the AN sends a contiguous update message to notify VAEN1. After receiving the adjacency update message, VAEN1 parses the message to obtain the member information. For example, by adding the number of connections (Code) field of the adjacency update message, the member is added, and VAEN1 is in the member state. The new member is activated in the state trace record. VAEN1 may activate a new member based on the member ID carried in the member registration indication message or activate the new member according to a pre-configured default value.
51204、 VAEN2的成员注册处理。 VAEN2根据预先配置的保护模式设置自 己状态, 例如备用保护模式或负荷分担保护模式。  51204, VAEN2 member registration processing. VAEN2 sets its own state according to the pre-configured protection mode, such as standby protection mode or load sharing protection mode.
需要说明的是, S1203和 S1204可以通过 VAEN1和 VAEN2之间发送成员 注册消息进行注册, 还可以在 S1201或 S1202的 L2C连接建立完成就直接默认 注册(即在成员状态跟踪记录中激活新的成员)。  It should be noted that S1203 and S1204 can be registered by sending a member registration message between VAEN1 and VAEN2, and can also be directly registered by default when the L2C connection is established in S1201 or S1202 (that is, a new member is activated in the member status tracking record). .
进一步的, 在 VAEN1或 VAEN2完成成员注册处理后, VAEN1或 VAEN2 还可以进行批量备份处理, 本示例中, VAEN1将拓朴信息、 策略执行反馈信息、 控制策略(或称之为: 配置参数)等批量备份到 VAEN2, VAEN2緩存拓朴信息、 策略执行反馈信息、 控制策略。  Further, after VAEN1 or VAEN2 completes the member registration process, VAEN1 or VAEN2 can also perform batch backup processing. In this example, VAEN1 will use topology information, policy execution feedback information, and control policy (or called configuration parameters). Batch backup to VAEN2, VAEN2 cache topology information, policy execution feedback information, control strategy.
在步骤 S1205和 S1206以及 S1207中描述了拓朴信息实时备份的处理: The processing of the real-time backup of the topology information is described in steps S1205 and S1206 and S1207:
51205、 拓朴信息处理。 本示例中 VAEN1收到 AN发送的拓朴信息报告, VAEN1处理完拓朴信息报告后, 可以触发拓朴信息实时备份处理。 一般的, AN 检测到拓朴变化事件后则发送拓朴信息报告, 例如 AN 的接口速率或状态发生 改变, AN发送拓朴信息报告, VAEN1 的策略管理模块根据拓朴信息调整控制 参数 51205, topology information processing. In this example, VAEN1 receives the topology information report sent by the AN. After processing the topology information report, VAEN1 can trigger the real-time backup processing of the topology information. Generally, after detecting the topology change event, the AN sends a topology information report, for example, the interface rate or state of the AN changes, the AN sends a topology information report, and the VAEN1 policy management module adjusts the control parameters according to the topology information.
S1206和 S1207、 实时备份拓朴信息。 本示例中 VAEN1处理完拓朴信息报 告后,发送包含了拓朴信息的实时备份消息到 VAEN2。 VAEN2收到实时备份消 息后, 緩存拓朴信息。  S1206 and S1207, real-time backup topology information. In this example, after processing the topology information report, VAEN1 sends a real-time backup message containing the topology information to VAEN2. After receiving the real-time backup message, VAEN2 caches the topology information.
步骤 S1208、 S1209、 S1210以及 S1211描述了策略部署实时备份的处理过 程:  Steps S1208, S1209, S1210, and S1211 describe the process of real-time backup of policy deployment:
S1208、 控制策略配置。 本示例中 VAEN1发送配置请求消息, 进行控制策 略配置。 控制策略主要包括用户接入会话的控制策略, 例如: 用户接入会话的 组播权限、 用户接入会话的地址过滤表等。 S1208, control policy configuration. In this example, VAEN1 sends a configuration request message to control the policy. Slightly configured. The control policy mainly includes the control policy of the user accessing the session, for example, the multicast permission of the user access session, the address filtering table of the user access session, and the like.
S1209、 配置确认处理。 本示例中 VAEN1收到 AN响应配置请求的配置确 认消息。 触发控制策略实时备份处理。  S1209, configuration confirmation processing. In this example, VAEN1 receives a configuration confirmation message from the AN response configuration request. Trigger control policy real-time backup processing.
S1210和 S1211、 实时备份控制策略。 本示例中 VAEN1发送包含了控制策 略的实时备份消息到 VAEN2。 VAEN2收到实时备份消息后, 緩存控制策略。  S1210 and S1211, real-time backup control strategy. In this example, VAEN1 sends a real-time backup message containing the control policy to VAEN2. After receiving the real-time backup message, VAEN2 caches the control policy.
S1212和 S1213描述切换处理:  S1212 and S1213 describe the switching process:
51212、 切换指示处理。 本示例中 VAEN2接收到切换指示, 开始切换处理。 本示例中的切换指示为 GSMP的邻接更新 (Adjacency Update)消息, 具体为 AN 检测到 L2C连接 1故障,发送邻接更新 (Adjacency Update)消息到 VAEN2, VAEN2 根据此消息进行切换。 当然, VAEN1可以直接发送切换指示给 VAEN2。  51212. Switching indication processing. In this example, VAEN2 receives the switching instruction and starts the switching process. The handover indication in this example is the GSMP Adjacency Update message. Specifically, the AN detects the L2C connection 1 failure, sends an Adjacency Update message to VAEN2, and VAEN2 switches according to this message. Of course, VAEN1 can send a switching indication directly to VAEN2.
51213、 切换平滑处理。 本示例中 VAEN2根据接收到的切换指示, 进行切 换平滑处理, 主要可以包括:  51213, Switching smoothing processing. In this example, VAEN2 performs switching and smoothing processing according to the received switching indication, and may mainly include:
a、 VAEN2与 AN进行控制数据同步。 AN可以将控制策略数据、拓朴信息、 策略执行信息通过 12CM同步消息发给 VAEN2, VAEN可以对这些控制数据进 行一致性检查, 防止出现不一致的数据。  a, VAEN2 and AN to control data synchronization. The AN can send control policy data, topology information, and policy execution information to VAEN2 through 12CM synchronization messages. VAEN can check the consistency of these control data to prevent inconsistent data.
b、 VAEN2设置本的控制策略以及激活拓朴信息库。  b. VAEN2 sets the control strategy of this and activates the topology information base.
c、 VAEN2可以根据緩存的用户接入会话数据 (例如:休眠的 IP会话记录), 激活用户接入会话。 緩存的用户接入会话控制数据来源于 AN发送的同步数据 或 VAEN1备份到 VAEN2的用户接入会话控制数据。  c. VAEN2 can activate the user access session according to the cached user access session data (for example, a dormant IP session record). The cached user access session control data is derived from the synchronization data sent by the AN or the user access session control data backed up by VAEN1 to VAEN2.
基于图 7所述的接入网的保护方法的具体实施例, 本发明还描述了由虚拟 路由冗余协议( Virtual Router Redundancy Protocol, VRRP ) 中的虚拟路由实体 ( Virtual Router Element , VRE )实现上述 VAEN的功能的系统, 上述 VAEN对 应为 AEN设备或装置中的逻辑 VRRP虚拟路由实体,虚拟路由实体的虚拟路由 标识相等的构成一个备份组, VAEN之间运行 VRRP等虚拟路由冗余协议, 如 图 13所示。本示例中接入存在两个 AEN设备: AEN 1301和 AEN 1302。 AEN 1301 和 AEN 1302分别包含至少一个支持 VRRP协议的虚拟路由实体, 例如: AEN 1301的 VRE1和 AEN 1302的 VRE2。 AEN 1301的 VRE1对应 VAEN 130101 , AEN 1302 的 VRE2对应 VAEN 130201。 VRE1 和 VRE2 的虚拟路由器标识 ( VRID )相等。 本示例中 VRID为 1。 Based on the specific embodiment of the protection method of the access network described in FIG. 7, the present invention also describes the implementation of the virtual router element (VRE) in the Virtual Router Redundancy Protocol (VRRP). VAEN's functional system, the above VAEN pair It should be a logical VRRP virtual routing entity in the AEN device or device. The virtual routing IDs of the virtual routing entities are equal to each other to form a backup group. VAEN runs virtual routing redundancy protocols such as VRRP, as shown in Figure 13. There are two AEN devices in the access in this example: AEN 1301 and AEN 1302. AEN 1301 and AEN 1302 respectively contain at least one virtual routing entity supporting the VRRP protocol, such as: VRE1 of AEN 1301 and VRE2 of AEN 1302. VEN1 of AEN 1301 corresponds to VAEN 130101, and VRE2 of AEN 1302 corresponds to VAEN 130201. The virtual router IDs (VRIDs) of VRE1 and VRE2 are equal. In this example, the VRID is 1.
VRE记录作为备份组成员 (即 VAEN130101和 VAEN130201 )保存。 VRE 记录包括虚拟路由器标识、 优先级、 虚拟 IP地址、 实际的 IP地址等, 在 VAEN 为用户终端提供用户接入会话管理时, VRE的虚拟 IP地址作为用户终端建立的 接入会话的网关地址。本示例中 VRE2的记录为:虚拟路由标识: 1 ,优先级 200, 虚拟 IP地址: 20.1.1.1 , 实际 IP地址: 20.1.1.253。 VRE1的记录为: 虚拟路 由标识: 1 , 优先级 255, 虚拟 IP地址: 20.1.1.1 , 实际 IP地址: 20.1.1.254。 一般地, 在 VRE作为 VAEN时, 备份组的 VAEN使用主备保护模式。 下面详细 解释 VAEN成员管理和接入会话保护的步骤:  VRE records are saved as members of the backup group (ie VAEN130101 and VAEN130201). The VRE record includes the virtual router ID, the priority, the virtual IP address, and the actual IP address. When the VAEN provides user access session management for the user terminal, the virtual IP address of the VRE acts as the gateway address of the access session established by the user terminal. In this example, the record of VRE2 is: virtual route identifier: 1, priority 200, virtual IP address: 20.1.1.1, actual IP address: 20.1.1.253. The record of VRE1 is: Virtual route identifier: 1, Priority 255, Virtual IP address: 20.1.1.1, Actual IP address: 20.1.1.254. Generally, when VRE is used as VAEN, the VAEN of the backup group uses the active/standby protection mode. The steps to VAEN member management and access session protection are explained in detail below:
成员注册: VAEN使用 VRRP协议的通告 (Advertisement)消息进行成员注册。 VAEN的状态保持与 VRE的状态同步, 即 VAEN跟 VRE—样包括三个状态: 初始化、 主用以及备用状态。  Member registration: VAEN uses the VRRP protocol Advertisement message for member registration. The state of VAEN remains synchronized with the state of VRE, ie VAEN and VRE include three states: initialization, active, and standby.
在成员注册中, 如前所述, 可为备用组中的成员设定不同的优先级, 优先 级高的成员 (本例中为 VRE )成为主用状态。 本示例中 VRE1为主用。 在保护 模式为主备模式时, 备用 VAEN不直接提供服务(例如: 用户终端不能直接与 备用的 VAEN建立 IP会话)。例如: 用户终端 1和 VAEN130101建立 IP会话 1 , 用户终端 2和 VAEN130101建立 IP会话 2, VAEN130101为用户终端提供接入 服务。 IP会话 1和 IP会话 2的网关地址都为 VAEN130101的虚拟 IP地址。 IP 会话 1的 IP地址为 20.1.1.20。 In member registration, as described above, different priorities can be set for members in the standby group, and members with higher priority (in this case, VRE) become the active state. In this example, VRE1 is used as the main. When the protection mode is in the active/standby mode, the standby VAEN does not directly provide services (for example: the user terminal cannot directly establish an IP session with the standby VAEN). For example: User terminal 1 and VAEN 130101 establish IP session 1, user terminal 2 and VAEN 130101 establish IP session 2, VAEN130101 provides access for user terminal Service. The gateway addresses of IP session 1 and IP session 2 are both virtual IP addresses of VAEN 130101. The IP address of IP session 1 is 20.1.1.20.
批量备份: 主用的 VAEN收到备用的 VAEN注册并且注册处理完成后, 主 用的 VAEN 向备用 VAEN 备份业务控制数据。 本示例中 VAEN130101 向 VAEN130201 发送批量备份消息, 批量备份消息备份的目的地址为备用 VAEN 的地址, 该地址可以预先配置, 也可以通过成员注册消息获取的, 本示例中为 通过成员注册消息获取的, VAEN130101向 VAEN130201 的批量备份消息目的 地址为 20.1.1.253。  Batch backup: After the primary VAEN receives the standby VAEN registration and the registration process is completed, the primary VAEN backs up the service control data to the standby VAEN. In this example, the VAEN130101 sends a batch backup message to the VAEN130201. The destination address of the batch backup message backup is the address of the standby VAEN. The address can be pre-configured or obtained through the member registration message. In this example, the member registration message is obtained. The destination address of the batch backup message of VAEN130101 to VAEN130201 is 20.1.1.253.
实时备份: 主用的 VAEN的正在使用的业务控制数据发生改变后, 主用的 VAEN 向备用 VAEN 实时备份业务控制数据。 本示例中 VAEN130101 向 VAEN130201发送实时备份消息, 实时备份消息目的地址同批量备份。  Real-time backup: After the main VAEN's service control data is changed, the active VAEN backs up the service control data to the standby VAEN. In this example, VAEN130101 sends a real-time backup message to VAEN130201, and the real-time backup message destination address is the same as the batch backup.
成员维持: VAEN使用 VRRP协议的通告 (Advertisement)消息进行成员状态 维持。 VAEN的状态保持与 VRE的状态同步。  Member Maintenance: VAEN uses the VRRP protocol Advertisement message to maintain membership status. The state of the VAEN remains in sync with the state of the VRE.
切换处理: 当 VRE的状态从备用切换到主用状态后, VAEN开始切换平滑 处理, 例如: 激活 IP会话。  Handover processing: When the state of the VRE is switched from standby to active state, the VAEN starts to switch the smoothing process, for example: Activate the IP session.
其中, 本发明具体实施例中所述的成员注册消息、 成员维持消息、 切换指 示消息、 批量备份消息、 实时备份消息的具体实现协议可以根据实际情况选择, 包括但不限于 VRRP、 GSMP、 Diamiter (扩展授权协议)、 H.248、 通用开放策 略服务(Common Open Policy Service, COPS )、 热备份路由协议 (Hot Standby Router Protocol, HSRP)、 SNMP (筒单网络管理协议)。 例如: 成员注册消息和 成员维持消息可以使用 VRRP的通告消息或 SNMP跟踪( TRAP )消息; 批量备 份消息和实时备份消息 SNMP的设置 (Set )或提取 ( Get ) 消息。  The specific implementation protocols of the member registration message, the member maintenance message, the handover indication message, the batch backup message, and the real-time backup message described in the specific embodiments of the present invention may be selected according to actual conditions, including but not limited to VRRP, GSMP, Diamiter ( Extended License Agreement), H.248, Common Open Policy Service (COSS), Hot Standby Router Protocol (HSRP), SNMP (Trouble Network Management Protocol). For example: member registration message and member maintenance message can use VRRP advertisement message or SNMP trace (TRAP) message; batch backup message and real-time backup message SNMP setting (Set) or extract (Get) message.
参见图 14, 本发明实施例提供了上述的成员注册消息、 成员维持消息、 切 换指示消息、 批量备份消息、 实时备份消息等备份保护消息的具体实现格式: 所述消息至少包括承载首部 1401和消息内容 1402, 承载首部 1401用于消 息的寻路, 消息内容 1402用于承载成员信息或业务控制数据; Referring to FIG. 14, an embodiment of the present invention provides the foregoing member registration message, member maintenance message, and cut The specific implementation format of the backup protection message, such as the indication message, the batch backup message, and the real-time backup message: the message includes at least a bearer header 1401 and a message content 1402, the bearer header 1401 is used for path finding of the message, and the message content 1402 is used to carry the member. Information or business control data;
承载首部 1401可以包括链路首部 1401A (例如以太网首部)和 /或 IP首部 1401B,承载首部 1401进一步还可以包括 UDP首部( Header )等; IP首部 1401B 进一步还包括目的 IP 1401 IB和源 IP 14012B。  The bearer header 1401 may include a link header 1401A (eg, an Ethernet header) and/or an IP header 1401B. The bearer header 1401 may further include a UDP header (header) or the like; the IP header 1401B further includes a destination IP 1401 IB and a source IP 14012B. .
消息内容 1402至少包括消息类型 1402A和数据记录 1402C, 消息内容 1402 进一步还可以包括操作类型 1402B。 消息类型 1402A主要包括成员注册消息、 成员维持消息、 实时备份消息、 批量备份消息、 切换指示消息等类型。 操作类 型 1402B主要包括创建、 更新、 删除等。 数据记录 1402C进一步还可以包括类 型 14021C、 长度 14022C、 数据 14023C。 长度 14022C为数据 14023C的实际长 度。 一个消息可以包含一个或多个数据记录 1402C。 数据 14023C进一步可以包 括多个子数据记录, 子数据记录主要包括子类型、 子长度、 子数据。  The message content 1402 includes at least a message type 1402A and a data record 1402C, and the message content 1402 may further include an operation type 1402B. The message type 1402A mainly includes a member registration message, a member maintenance message, a real-time backup message, a batch backup message, a handover indication message, and the like. The operation type 1402B mainly includes creation, update, deletion, and the like. The data record 1402C may further include a type 14021C, a length 14022C, and a data 14023C. The length 14022C is the actual length of the data 14023C. A message can contain one or more data records 1402C. The data 14023C may further include a plurality of sub-data records, the sub-data records mainly including subtypes, sub-lengths, and sub-data.
对于成员注册消息, 7 载首部 1401的 IP首部或链路首部的目的地址可以为 多播地址(例如: 组播或广播地址)。 承载首部 1401的 IP首部或链路首部的源 地址为发送者地址。 消息内容 1402的数据 1402C记录包含的是成员信息, 如 VAEN标识、 VAEN优先级、 VAEN能力参数、 VAEN状态等。  For member registration messages, the destination address of the IP header or link header of the first 1401 header may be a multicast address (for example: multicast or broadcast address). The source address of the IP header or link header of the bearer header 1401 is the sender address. Message Content 1402 Data The 1402C record contains member information such as VAEN flag, VAEN priority, VAEN capability parameter, VAEN status, and so on.
对于成员维持消息、切换指示消息,承载首部 1401的 IP首部或链路首部的 目的地址一般为目的 VAEN的地址。 7 载首部 1401的 IP首部或链路首部的源 地址为发送者地址。消息内容 1402的数据 1402C记录包含的是成员信息或切换 指示信息, 如 VAEN标识、 接入会话标识等。  For the member maintenance message and the handover indication message, the destination address of the IP header or link header of the bearer header 1401 is generally the address of the destination VAEN. 7 The source address of the IP header or link header of the header 1401 is the sender address. Message Content 1402 Data The 1402C record contains member information or handover indication information, such as VAEN identification, access session identification, and the like.
对于实时备份或批量备份消息, 承载首部 1401与成员维持消息中的承载首 部的定义一致。消息内容 1402的数据 1402C记录封装的是业务控制数据,例如: IP会话参数或拓朴信息或控制策略。 具体封装可以是: 类型 14021C为 IP会话 记录, 数据 14023C封装多个 IP会话参数的子数据记录, 例如地址为 20.1.1.20 网关为 20.1.1.1的 IP会话的 14023C数据封装包括子类型 1为 IP会话标识、 子 长度 1为 4、 子数据 1为 20.1丄20、 子类型 2为网关地址、 子长度 2为 4、 子数 据 2为 20.1.1.1。 For real-time backup or bulk backup messages, the bearer header 1401 is consistent with the definition of the bearer header in the member maintenance message. The data 1402C of the message content 1402 records the packaged service control data, for example: IP session parameters or topology information or control policies. The specific encapsulation may be: Type 14021C is an IP session record, and data 14023C encapsulates sub-data records of multiple IP session parameters, for example, the address is 20.1.1.20. The 14023C data encapsulation of the IP session with the gateway being 20.1.1.1 includes subtype 1 as an IP session. The identifier, the sub-length 1 is 4, the sub-data 1 is 20.1 丄 20, the sub-type 2 is the gateway address, the sub-length 2 is 4, and the sub-data 2 is 20.1.1.1.
在本发明的具体实施例中, 为接入网络提供至少一个备份组, 所述备份组 中至少有两个 VAEN, 这些 VAEN之间可互相备份保护, 接入会话管理和 /或接 入策略部署等接入业务可以在备份组的 VAEN间切换, 这样当其中一个正在使 用的 VAEN发生故障时, 另一个 VAEN可以将故障 VAEN上的接入业务切换过 来, 从而保证业务的正常进行, 增加了接入网的可靠性。  In a specific embodiment of the present invention, at least one backup group is provided for the access network, and at least two VAENs are in the backup group, and the VAENs can be backed up and protected, access session management, and/or access policy deployment. The access service can be switched between the VAENs of the backup group, so that when one of the VAENs in use fails, the other VAEN can switch the access service on the faulty VAEN, thereby ensuring the normal operation of the service and increasing the connection. The reliability of access to the network.
以上所揭露的仅为本发明较佳实施例而已, 当然不能以此来限定本发明之 权利范围, 因此依本发明权利要求所作的等同变化, 仍属本发明所涵盖的范围。  The above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited thereto, and the equivalent changes made by the claims of the present invention are still within the scope of the present invention.

Claims

权 利 要 求 Rights request
1、 一种接入边缘节点, 其特征在于, 所述接入边缘节点为用户建立接入会 话并进行接入会话切换, 所述接入边缘节点包括: An access edge node, wherein the access edge node establishes an access session for the user and performs an access session switch, where the access edge node includes:
服务提供模块, 用于根据数据存储模块中的激活的业务控制数据提供用户 接入会话管理和 /或设备控制接入会话管理; 根据切换处理模块的通知, 激活数 据存储模块中相应的业务控制数据;  a service providing module, configured to provide user access session management and/or device control access session management according to activated service control data in the data storage module; and activate corresponding service control data in the data storage module according to the notification of the handover processing module ;
数据存储模块, 用于存储业务控制数据以及成员状态信息;  a data storage module, configured to store service control data and member status information;
切换处理模块, 用于根据所接收到的第一切换指示, 通知服务提供模块激 活数据存储模块中对应的业务控制数据;  And a switching processing module, configured to notify the service providing module to activate corresponding service control data in the data storage module according to the received first switching indication;
成员管理模块, 用于管理存储在数据存储模块中的所述虚拟接入边缘节点 所在的备份组的成员状态信息, 当成员状态故障时, 发送包含切换标识的第一 切换指示给所述切换处理模块。  a member management module, configured to manage member status information of the backup group where the virtual access edge node is located in the data storage module, and when the member status is faulty, send a first switching indication including the switching identifier to the switching process Module.
2、 权利要求 1所述的接入边缘节点, 其特征在于,  2. The access edge node of claim 1 wherein:
所述切换处理模块, 还用于发送第二切换指示, 并通知所述服务提供模块 休眠或删除数据存储模块中相应的业务控制数据记录;  The switching processing module is further configured to send a second handover indication, and notify the service providing module to sleep or delete a corresponding service control data record in the data storage module;
所述服务提供模块, 还用于根据所述切换处理模块的通知, 休眠或删除数 据存储模块中相应的业务控制数据记录, 停止提供该休眠或删除的业务控制数 据记录对应的用户接入会话管理和 /或设备控制接入会话管理。  The service providing module is further configured to: hibernate or delete a corresponding service control data record in the data storage module according to the notification of the switching processing module, and stop providing user access session management corresponding to the dormant or deleted service control data record. And/or device control access session management.
3、 如权利要求 2所述的接入边缘节点, 其特征在于, 所述切换处理模块包 括:  The access edge node according to claim 2, wherein the switching processing module comprises:
切换指示子模块, 用于接收第一切换指示或发送第二切换指示;  a switching indication submodule, configured to receive a first handover indication or send a second handover indication;
切换平滑子模块, 用于当所述切换指示子模块接收到所述第一切换指示时, 根据该切换指示, 通知所述服务提供模块激活所述数据存储模块中相应的业务 控制数据; 或, 当所述切换指示子模块发送所述第二切换指示时, 通知所述服 务提供模块休眠或删除所述数据存储模块中相应的业务控制数据记录 。 a switching smoothing submodule, configured to: when the switching indication submodule receives the first switching indication, Notifying the service providing module to activate corresponding service control data in the data storage module according to the switching instruction; or, when the switching indication sub-module sends the second switching indication, notifying the service providing module to sleep or The corresponding service control data record in the data storage module is deleted.
4、 如权利要求 1所述的接入边缘节点, 其特征在于, 所述成员管理模块包 括:  4. The access edge node of claim 1, wherein the member management module comprises:
成员注册子模块, 用于成员相互协商注册并且记录成员状态信息; 成员维持子模块, 用于监控所述接入边缘节点所在备份组中成员的状态; 成员老化子模块, 用于当成员维持子模块监控到成员状态故障时, 将状态 故障的成员设置为不可用或将该成员移除所述虚拟接入边缘节点所在备份组, 并通知切换处理模块发送切换指示消息。  a member registration sub-module, configured to register with each other and record member status information; a member maintenance sub-module, configured to monitor a status of a member in the backup group where the access edge node is located; and a member aging sub-module, configured to be a member-maintainer When the module monitors the member status failure, the member of the status failure is set to be unavailable or the member is removed from the backup group where the virtual access edge node is located, and the handover processing module is notified to send a handover indication message.
5、 如权利要求 1-4中任一项所述的接入边缘节点, 其特征在于, 所述接入 边缘节点还包括:  The access edge node according to any one of claims 1 to 4, wherein the access edge node further comprises:
数据备份模块, 用于处理备份数据, 包括将存储在数据存储模块中的正在 使用的业务控制数据作为备份业务控制数据发送; 或接收备份业务控制数据并 通知数据存储模块进行保存。  The data backup module is configured to process the backup data, including sending the used service control data stored in the data storage module as backup service control data; or receiving the backup service control data and notifying the data storage module to save.
6、 如权利要求 5所述的接入边缘节点, 其特征在于, 所述数据备份模块包 括:  The access edge node according to claim 5, wherein the data backup module comprises:
批量备份子模块, 用于将存储在数据存储模块中的正在使用的业务控制数 据作为备份业务控制数据封装到批量备份消息中进行发送; 或接收到包含备份 业务控制数据的批量备份消息且通知数据存储模块保存所述业务控制数据。  The batch backup sub-module is configured to encapsulate the used service control data stored in the data storage module as backup service control data into the batch backup message for sending; or receive the batch backup message including the backup service control data and notify the data The storage module saves the service control data.
7、 如权利要求 5所述的接入边缘节点, 其特征在于, 所述数据备份模块包 括:  7. The access edge node of claim 5, wherein the data backup module comprises:
实时备份子模块, 用于将变化的业务控制数据封装到实时备份消息中进行 发送; 或接收到包含变化的业务控制数据的实时备份消息并通知所述服务提供 模块修改所述数据存储模块中的业务控制数据。 Real-time backup submodule for encapsulating changed service control data into real-time backup messages Transmitting; or receiving a real-time backup message containing the changed service control data and notifying the service providing module to modify the service control data in the data storage module.
8、一种接入网的保护系统, 其特征在于, 所述系统中包括至少一个备份组, 所述备份组中至少包括第一虚拟接入边缘节点成员和第二虚拟接入边缘节点成 员, 所述第一虚拟接入边缘节点成员用于为用户提供接入业务; 所述第二虚拟 接入边缘节点成员用于在所述接入业务发生故障时, 根据接收到的包含切换标 识的切换指示, 进行接入业务切换, 以替换所述第一虚拟接入边缘节点成员。  A protection system for an access network, the system includes at least one backup group, and the backup group includes at least a first virtual access edge node member and a second virtual access edge node member. The member of the first virtual access edge node is configured to provide an access service for the user; and the member of the second virtual access edge node is configured to switch according to the received handover identifier when the access service fails. Instructing to perform an access service handover to replace the first virtual access edge node member.
9、 如权利要求 8所述的接入网保护系统, 其特征在于, 还包括分别与所述 至少两个虚拟接入边缘节点成员相连的接入节点, 所述接入节点与不同虚拟接 入边缘节点成员间使用相同或不同的连接链路。  The access network protection system according to claim 8, further comprising an access node respectively connected to the at least two virtual access edge node members, the access node and different virtual access The same or different connection links are used between members of the edge nodes.
10、 如权利要求 8所述的接入网保护系统, 其特征在于, 同一备份组中的 所述至少两个虚拟边缘接入节点成员位于同一个物理接入边缘节点中, 其中, 每个虚拟边缘接入节点成员为所述物理接入边缘节点的一个逻辑分区;  The access network protection system according to claim 8, wherein the at least two virtual edge access node members in the same backup group are located in the same physical access edge node, where each virtual An edge access node member is a logical partition of the physical access edge node;
或者所述至少两个虚拟边缘接入节点成员中的每个虚拟边缘接入节点成员 为虚拟路由器。  Or each of the at least two virtual edge access node members is a virtual router.
11、 一种接入网的保护方法, 其特征在于, 所述方法包括:  A method for protecting an access network, the method comprising:
备份组中的第一虚拟接入边缘节点成员接收到包含切换标识的切换指示消 息时, 根据该切换指示消息, 激活其存储的相应的业务控制数据, 提供对应的 IP用户接入会话服务和 /或设备控制接入会话服务, 以替换同属一个备份组中的 第二虚拟接入边缘节点成员。  When receiving the handover indication message including the handover identifier, the first virtual access edge node member in the backup group activates the corresponding service control data stored according to the handover indication message, and provides a corresponding IP user access session service and/or Or the device controls the access session service to replace the second virtual access edge node member in the same backup group.
12、 如权利要求 11所述的方法, 其特征在于, 在所述第一虚拟接入边缘节 点成员接收到切换指示消息之前, 还包括:  The method of claim 11, wherein before the first virtual access edge node member receives the handover indication message, the method further includes:
注册所述备份组中的第一和第二虚拟接入边缘节点成员, 记录所述第一和 第二虚拟接入边缘节点成员的状态信息。 Registering first and second virtual access edge node members in the backup group, recording the first sum Status information of the second virtual access edge node member.
13、 如权利要求 12所述的方法, 其特征在于, 在所述第一虚拟接入边缘节 点成员接收到切换指示消息之前, 所述方法还包括备份处理步骤, 所述备份处 理步骤包括:  The method of claim 12, wherein before the first virtual access edge node member receives the handover indication message, the method further includes a backup processing step, where the backup processing step includes:
所述第一接入边缘节点成员接收所述第二接入边缘节点成员发送的备份消 息, 解析所述备份消息, 并进行相应的备份处理。  The first access edge node member receives the backup message sent by the second access edge node member, parses the backup message, and performs corresponding backup processing.
14、 如权利要求 13所述的方法, 其特征在于, 备份处理步骤具体包括: 在注册完毕后, 所述第一虚拟接入边缘节点成员接收所述第二虚拟接入边 缘节点成员发送的批量备份消息, 解析所述批量备份消息, 获取正在使用的业 务控制数据并进行相应的备份处理;  The method of claim 13, wherein the step of performing the backup process comprises: after the registration is completed, the member of the first virtual access edge node receives the batch sent by the member of the second virtual access edge node Backing up the message, parsing the batch backup message, obtaining the service control data being used, and performing corresponding backup processing;
或当所述第二虚拟接入边缘节点成员的业务控制发生改变时, 所述第一虚 拟接入边缘节点成员接收所述第二虚拟接入边缘节点发送的实时备份消息, 解 析所述批量备份消息, 获取变化的业务控制数据并进行相应的备份处理。  Or the first virtual access edge node member receives the real-time backup message sent by the second virtual access edge node, and parses the batch backup, when the service control of the second virtual access edge node member changes. Messages, get changed business control data and perform corresponding backup processing.
15、 如权利要求 11-14所述的方法, 其特征在于, 所述切换指示消息、 批量 备份消息和实时备份消息包括用于消息的寻路承载首部和用于承载成员信息或 业务控制数据的消息内容;  The method according to any one of claims 11-14, wherein the handover indication message, the batch backup message, and the real-time backup message comprise a path-finding bearer header for the message and a bearer member information or service control data. Message content;
所述切换指示消息、 批量备份消息和实时备份消息的具体实现协议包括: 虚拟路由冗余协议 VRRP、 交换机管理协议 GSMP、 扩展授权协议 Diamiter、 H.248、 通用开放策略服务 COPS、 热备份路由协议 HSRP、 筒单网络管理协议 SNMP。  The specific implementation protocols of the handover indication message, the batch backup message, and the real-time backup message include: virtual route redundancy protocol VRRP, switch management protocol GSMP, extended authorization protocol Diamiter, H.248, universal open policy service COPS, hot backup routing protocol HSRP, single network management protocol SNMP.
16、 如权利要求 11所述的方法, 其特征在于, 所述备份组中的第一虚拟接 入边缘节点成员接收到切换指示消息时, 根据该切换指示消息, 激活相应的存 储的业务控制数据,提供对应的 IP用户接入会话服务和 /或设备控制接入会话服 务包括: The method according to claim 11, wherein when the first virtual access edge node member in the backup group receives the handover indication message, the corresponding stored service control data is activated according to the handover indication message. Provide corresponding IP user access session service and/or device control access session service Services include:
所述第一虚拟接入边缘节点成员接收到切换指示消息, 向用户发送地址解 析协议请求消息, 以刷新汇聚网或接入节点的数据转发表;  Receiving, by the first virtual access edge node, a handover indication message, and sending an address resolution protocol request message to the user, to refresh the data forwarding table of the aggregation network or the access node;
所述第一虚拟接入边缘节点成员通知接入节点进行保护切换;  The first virtual access edge node member notifies the access node to perform protection switching;
所述第一虚拟接入节点成员在所述接入节点完成切换之后, 根据所述切换 指示消息激活相应的存储的休眠的业务控制数据, 提供对应的 IP用户接入会话 服务。  After the access node completes the handover, the first virtual access node member activates the corresponding stored dormant service control data according to the handover indication message, and provides a corresponding IP user access session service.
17、 如权利要求 11所述的方法, 其特征在于, 所述备份组中的第一虚拟接 入边缘节点成员接收到切换指示消息时, 根据该切换指示消息, 激活相应的存 储的业务控制数据,提供对应的 IP用户接入会话服务和 /或设备控制接入会话服 务包括:  The method according to claim 11, wherein when the first virtual access edge node member in the backup group receives the handover indication message, the corresponding stored service control data is activated according to the handover indication message. Providing a corresponding IP user access session service and/or device control access session service includes:
所述第一虚拟接入边缘节点向用户发送地址解析协议请求消息, 以刷新汇 聚网或接入节点的数据转发表;  The first virtual access edge node sends an address resolution protocol request message to the user to refresh the data forwarding table of the aggregation network or the access node;
所述第一虚拟接入边缘节点通知接入节点进行保护切换;  The first virtual access edge node notifies the access node to perform protection switching;
所述第一虚拟边缘接入节点向用户终端发送上线通知消息指示终端重新上 线;  The first virtual edge access node sends an online notification message to the user terminal to instruct the terminal to go online again;
所述第一虚拟边缘接入节点根据该切换指示消息, 激活相应的存储的业务 控制数据, 与重新上线的所述用户终端重建 IP用户接入会话。  The first virtual edge access node activates the corresponding stored service control data according to the handover indication message, and reestablishes the IP user access session with the re-authenticated user terminal.
PCT/CN2008/073811 2007-12-28 2008-12-29 Access network protecting method, system and access edge node WO2009082978A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2007100329752A CN101471898B (en) 2007-12-28 2007-12-28 Protection method, system and virtual access edge node for access network
CN200710032975.2 2007-12-28

Publications (1)

Publication Number Publication Date
WO2009082978A1 true WO2009082978A1 (en) 2009-07-09

Family

ID=40823792

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/073811 WO2009082978A1 (en) 2007-12-28 2008-12-29 Access network protecting method, system and access edge node

Country Status (2)

Country Link
CN (1) CN101471898B (en)
WO (1) WO2009082978A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016095322A1 (en) * 2014-12-16 2016-06-23 北京东土科技股份有限公司 Vrrp-based data transmission method and apparatus
CN109150745A (en) * 2018-10-26 2019-01-04 新华三信息安全技术有限公司 A kind of message processing method and device
WO2023185136A1 (en) * 2022-03-31 2023-10-05 苏州浪潮智能科技有限公司 Method and apparatus for processing edge node, and medium

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103139023A (en) * 2011-11-25 2013-06-05 华为技术有限公司 User access control method, network equipment and system
CN102387083B (en) * 2011-11-28 2014-11-26 中国联合网络通信集团有限公司 Network access control method and system
CN102420731B (en) * 2011-11-28 2014-01-22 中国联合网络通信集团有限公司 Network access control method and system
CN103336798B (en) * 2013-06-17 2017-10-20 华南理工大学 The virtualization data of Embedded Network Device accesses system and method
CN103441938B (en) * 2013-08-28 2015-05-13 南车株洲电力机车研究所有限公司 Port switching method and communication equipment
CN106161077B (en) * 2015-04-24 2019-07-09 中兴通讯股份有限公司 Cut-in convergent device and certification register method
CN109803029B (en) 2017-11-17 2020-11-06 华为技术有限公司 Data processing method, device and equipment
CN108667682B (en) * 2018-03-21 2020-11-06 北京天融信网络安全技术有限公司 Connection synchronization method, device and medium based on secure gateway deep packet detection
CN110290567B (en) * 2019-07-03 2021-04-09 深信服科技股份有限公司 Virtual local area network switching method, device, terminal, system and storage medium
CN110581782B (en) * 2019-09-17 2022-07-12 中国联合网络通信集团有限公司 Disaster tolerance data processing method, device and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040198372A1 (en) * 2002-06-28 2004-10-07 Otso Auterinen Redundancy and load balancing in a telecommunication unit and system
JP2005184666A (en) * 2003-12-22 2005-07-07 Mitsubishi Electric Corp Ring-type network device, redundant method of ring-type network and node device of ring-type network
CN1934561A (en) * 2004-02-12 2007-03-21 城域信息包系统公司 Restoration mechanism for network topologies
CN101039172A (en) * 2007-05-15 2007-09-19 华为技术有限公司 Ethernet ring network system and its protection method and standby host node

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040198372A1 (en) * 2002-06-28 2004-10-07 Otso Auterinen Redundancy and load balancing in a telecommunication unit and system
JP2005184666A (en) * 2003-12-22 2005-07-07 Mitsubishi Electric Corp Ring-type network device, redundant method of ring-type network and node device of ring-type network
CN1934561A (en) * 2004-02-12 2007-03-21 城域信息包系统公司 Restoration mechanism for network topologies
CN101039172A (en) * 2007-05-15 2007-09-19 华为技术有限公司 Ethernet ring network system and its protection method and standby host node

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016095322A1 (en) * 2014-12-16 2016-06-23 北京东土科技股份有限公司 Vrrp-based data transmission method and apparatus
CN109150745A (en) * 2018-10-26 2019-01-04 新华三信息安全技术有限公司 A kind of message processing method and device
CN109150745B (en) * 2018-10-26 2022-06-21 新华三信息安全技术有限公司 Message processing method and device
WO2023185136A1 (en) * 2022-03-31 2023-10-05 苏州浪潮智能科技有限公司 Method and apparatus for processing edge node, and medium

Also Published As

Publication number Publication date
CN101471898B (en) 2011-12-28
CN101471898A (en) 2009-07-01

Similar Documents

Publication Publication Date Title
WO2009082978A1 (en) Access network protecting method, system and access edge node
JP6092873B2 (en) Implementation of 3G packet core in cloud computer with OpenFlow data and control plane
JP4020753B2 (en) Ring switching method
US8264956B2 (en) Service redundancy in wireless networks
EP2087656B1 (en) Methods and arrangements for lan emulation in mobile networks
US20080172582A1 (en) Method and system for providing peer liveness for high speed environments
US20050086385A1 (en) Passive connection backup
US20160127149A1 (en) Method for implementing gre tunnel, access device and aggregation gateway
KR102050910B1 (en) Method and system to enable re-routing for home networks upon connectivity failure
WO2008119300A1 (en) A protecting method and device for ethernet tree service
WO2007009347A1 (en) A method and apparatus for transmitting service stream on a virtual interchange system
WO2008058477A1 (en) Location information management method, apparatus and system
Malkin Dial-in virtual private networks using layer 3 tunneling
US7567522B2 (en) Suppression of router advertisement
Carugi et al. Service requirements for layer 3 provider provisioned virtual private networks (PPVPNs)
EP4262176A1 (en) Standby access gateway function signaling for a dynamic host configuration protocol
Cisco Cisco IOS Command References Master Index
Cisco Release Notes for the Cisco AS5100 and AS5200 for Cisco IOS Release 11.2
Cisco Release Notes for the Cisco AS5100 and AS5200 for Cisco IOS Release 11.2
Cisco Release Notes for the Cisco AS5100 and AS5200 for Cisco IOS Release 11.2
Cisco Release Notes for the Cisco AS5100 and AS5200 for Cisco IOS Release 11.2
US8953434B1 (en) Providing high availability as a service with network devices
Cisco Release Notes for the Cisco 1000 Series Routers for Cisco IOS Release 11.2
Cisco Release Notes for the Cisco 1000 Series Routers for Cisco IOS Release 11.2
Cisco Release Notes for the Cisco 1000 Series Routers for Cisco IOS Release 11.2

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08868116

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08868116

Country of ref document: EP

Kind code of ref document: A1