WO2010048775A1 - Service and user integration management method and system in ethernet service operation - Google Patents

Service and user integration management method and system in ethernet service operation Download PDF

Info

Publication number
WO2010048775A1
WO2010048775A1 PCT/CN2009/001155 CN2009001155W WO2010048775A1 WO 2010048775 A1 WO2010048775 A1 WO 2010048775A1 CN 2009001155 W CN2009001155 W CN 2009001155W WO 2010048775 A1 WO2010048775 A1 WO 2010048775A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
layer
user
ethernet
extension technology
Prior art date
Application number
PCT/CN2009/001155
Other languages
French (fr)
Chinese (zh)
Inventor
王劲林
王玲芳
邓浩江
刘学
刘磊
Original Assignee
中国科学院声学研究所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国科学院声学研究所 filed Critical 中国科学院声学研究所
Publication of WO2010048775A1 publication Critical patent/WO2010048775A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • H04L12/2858Access network architectures
    • H04L12/2859Point-to-point connection between the data network and the subscribers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5061Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the interaction between service providers and their network customers, e.g. customer relationship management
    • H04L41/507Filtering out customers affected by service problems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of information network technologies, and in particular, to an Ethernet two-layer extension technology for service operations on a metropolitan area, a wide area, or a regional Ethernet network.
  • Business and user integrated management methods and systems BACKGROUND OF THE INVENTION Ethernet technology originally used for local area networks has been reborn as the operating system reduces the cost of the network. Due to the expansion of the scope of application and the variety of service types, the message format of Ethernet technology is required to be extended to support new business models and connection methods, that is, a hierarchical approach.
  • the two methods currently developed by IEEE are IEEE 802. lad and IEEE 802.1a. IEEE 802.
  • IEEE 802. lad provides a commercial bridge (also known as Q-in-Q or VLAN stacking) that extends the original concept of VLANs.
  • IEEE 802. lad simply adds a new Q tag, which allows the service provider to manage its own tags for identifying individual client networks, while the original Q-tags are used to identify VLANs in the customer network.
  • IEEE 802. lad supports a three-tier hierarchy, service providers can only create 4,094 user VLANs, which is not enough for large metro and regional networks. This flaw was addressed by the IEEE 802.1a provider backbone bridge, which encapsulates the client MAC header with a service provider MAC header.
  • the management of services and users generally adopts a method of high-level custom protocol above the IP layer to perform service identification, user authentication, and service usage charging.
  • XML is used to define the payload message format, which is transmitted by the SOAP protocol; or the above information is directly transmitted using the HTTP transmission protocol (these are system-implemented, and each vendor has its own method based on individual circumstances).
  • the commonality of these methods lies in the end-to-end solution, which does not utilize the characteristics of the intermediate network, and the scalability is easy, and the performance and security are reduced.
  • an object of the present invention is to provide a service and user integrated management method and system using Ethernet Layer 2 extension technology, which is used for operation management and user connection of services in a metropolitan area, wide area or regional Ethernet.
  • the system of the present invention includes an entity such as a customer premises equipment (CPE), a network end equipment (NPE), a routing equipment (Router), and an authentication charging authentication equipment (AAA server).
  • CPE customer premises equipment
  • NPE network end equipment
  • Router routing equipment
  • AAA server authentication charging authentication equipment
  • the service and user integrated management method using the Ethernet Layer 2 extension technology of the present invention specifically includes the following methods: 1) The related fields in the packet format of the Ethernet Layer 2 extension technology are mapped to the service and the user. Method, 2) method of requesting service, 3) method of updating business status, and 4) method of terminating service. It also relates to a Layer 2 data frame forwarding method and a Layer 2 data extended frame analysis method.
  • Ethernet Layer 2 extension technology is currently known as IEEE 802.1ad, IEEE 802.1 ah, and new extension technologies may emerge in the future.
  • the method of mapping the relevant fields in the packet format of the Ethernet Layer 2 extension technology to the service and the user is a pointer to the one defined in the Ethernet Layer 2 extension technology message that is not fully used or has been used as a single field.
  • the method of requesting a service means that the terminal device (CPE) acquires the request flag and the service id, and completes the process of mapping the service id and the user id mapping in the above mapping method together with the network device (CPE) (forming a complete extension)
  • the second layer of data frames is transmitted to the routing device on the Ethernet line, and the routing device terminates the Layer 2 data frame (ie, the Ethernet encapsulation is removed), and the Layer 2 payload is sent according to the protocol of Layer 3 or higher.
  • the routing device needs to log the header information + time stamp of the layer 2 extended frame, and send the log to the authentication and accounting authentication device periodically or in real time, and decompose the log record to complete the initial related authentication and accounting.
  • the service status update method refers to setting the flag bit to the update status and performing the same steps in the method for requesting the service, that is, the difference between the two is the difference of the flag bits: the flag bit in the request service is set to blue. Request, the flag in the business status update is set to 'update,;
  • the method of exiting the business including the method of exiting the normal business and the method of exiting the abnormal business
  • the normal service exit method refers to setting the flag bit to the exit state, and performing the same steps as the method for requesting the service, that is, the difference between the two is that the flag bit is different: the flag bit in the request service is set to 'request', The exiting service flag is set to 'exit';
  • the abnormal exit method means that the routing device checks the service status update timer, and when the timeout is found, the service is set as an abnormal exit event, and the original Layer 2 extended frame is The header information + time stamp is recorded, and the log is sent to the authentication and accounting authentication device periodically or in real time, and the log record is decomposed to complete the initial related authentication and accounting authentication function.
  • the service and user integrated management system that utilizes the Ethernet Layer 2 extension technology of the present invention includes: a client device, a network device, an Ethernet, a routing device, and an authentication and accounting authentication device, wherein The system maps related fields in the Ethernet Layer 2 extended technology packet format to the service and the user, and one or several fields that are not fully used or used as a single field as defined in the Ethernet Layer 2 extended technology message. , re-arrange the bins in a single field, or combine several fields, or use the remaining numeric space that is not fully used to match the business ID and user ID.
  • Ethernet Layer 2 extension technology includes IEEE 802. lad, IEEE 802.1a.
  • the terminal device acquires the request flag and the service id, and completes the process of the service id and the user id mapping encapsulation in the mapping method together with the network device to form a complete extended a Layer 2 data frame is transmitted to the routing device in the uplink of the Ethernet line, and the routing device terminates the Layer 2 data frame to remove the Ethernet encapsulation, and sends the Layer 2 payload according to a protocol of three or more layers.
  • the routing device needs to record the header information + time stamp of the layer 2 extended frame, and send the log to the authentication and accounting authentication device periodically or in real time, and decompose the log record to complete the initial correlation. Authentication and accounting authentication function.
  • the flag bit is set to the update status, and the same action as the request service is performed, and the service status update is transmitted by the terminal device in a configurable fixed period.
  • the exiting service of the system includes a normal service exit and an abnormal service exit, wherein the normal service exit is to set the flag bit to the exit state, and perform the same action as the request service;
  • the routing device checks the service status update timer. When the timeout is found, the service is set to be an abnormal exit event, and the header information of the original Layer 2 extended frame + timestamp is recorded, and the log is sent to the authentication meter periodically or in real time.
  • the fee authentication device which decomposes the log records, completes the initial related authentication and accounting authentication function.
  • the present invention has the following advantages: (1) The service identifier and the user identifier are mapped with related fields in the Ethernet Layer 2 extension technology, and the Layer 2 information is used, which has features that are difficult to forge;
  • FIG. 1 is a diagram showing a business system entity connection diagram of a service and user integrated management method using an Ethernet Layer 2 extension technology according to the present invention.
  • FIG. 1 is a connection diagram of a service system entity of a service and user integrated management method using an Ethernet Layer 2 extension technology according to the present invention.
  • the service system of the method of the present invention includes: a client equipment (CPE), a network equipment (NPE), a routing device (Router), and an authentication and accounting authentication device (AAA server).
  • CPE client equipment
  • NPE network equipment
  • Router routing device
  • AAA server authentication and accounting authentication device
  • the service and user integrated management method using the Ethernet Layer 2 extension technology of the present invention specifically includes the following methods: 1) A method for mapping related fields in a packet format of an Ethernet Layer 2 extension technology to a service and a user, and 2) requesting a service Method, 3) business status update method and 4) method of terminating the business. It also involves a Layer 2 data frame forwarding method and a Layer 2 data extension frame analysis method.
  • the Ethernet Layer 2 extension technology is known as IEEE 802.1ad and IEEE 802.1 ah, and new expansion technologies may appear in the future.
  • the method of mapping the relevant fields in the packet format of the Ethernet Layer 2 extension technology to the service and the user refers to one or several fields defined in the Ethernet Layer 2 extension technology packet, which is not completely used at present, or It has been used as a single field.
  • each binary bit in a single field is rearranged, or several fields are used in combination, or a method of matching the service identifier and the user identifier with a remaining numeric space that is not fully used is used.
  • the terminal (user end) device acquires the request flag and the service id, and completes the process of mapping the service id and the user id mapping in the above mapping method together with the network end device (NPE) ( Forming a complete extended Layer 2 data frame) and passing it on the Ethernet line to the routing device.
  • the routing device terminates the Layer 2 data frame (ie, removes the Ethernet encapsulation), and sends the Layer 2 payload according to the protocol of Layer 3 or higher; the routing device needs to record the header information of the Layer 2 extended frame + the timestamp log. And sending the log to the authentication and accounting authentication device periodically or in real time, and decomposing the log record to complete the initial related authentication and accounting authentication function.
  • the service status update method refers to setting the flag bit to the update status and performing the same steps in the method for requesting the service, that is, the difference between the two is the difference of the flag bits: the flag bit in the request service is set to ' Request ', the flag in the business status update is set to 'update';
  • a method for exiting a service including a method for exiting a normal service and a method for exiting an abnormal service, wherein the method for exiting the normal service refers to setting a flag bit to an exit state, and performing the same steps as the method for requesting a service, That is, the difference between the two is the difference of the flag bits: the flag in the request service is set to 'request', and the flag in the exit service is set to exit '; the abnormal exit method means that the routing device checks the service status update timing.
  • the service is set to be an abnormal exit event, and the header information of the original Layer 2 extended frame + timestamp is recorded, and the log is sent to the authentication and accounting authentication device periodically or in real time, and the log is decomposed by the log. Record, complete the initial related authentication and accounting authentication function.
  • the present invention provides a business and user integrated management method and system using Ethernet Layer 2 extension technology in the following with reference to the accompanying drawings and specific embodiments.
  • 802.1ad used in the service and user integrated management method using the Ethernet Layer 2 extension technology of the present invention.
  • 802.1ad also known as Q-in-Q
  • Q-in-Q is mainly used to expand the number of VLANs. It adds an 802.1Q tag to the original 802.1Q packet to increase the number of VLANs to 4K. *4K, with the development of metro Ethernet and the requirements of operators' refined operation, Q-in-Q's double-layer label has further usage scenarios.
  • its inner and outer labels can represent Different information, such as the inner label represents the user, and the outer label represents the service.
  • the Q-in-Q message carries the two-layer tag through the carrier network, and the inner tag is transparently transmitted.
  • Table 1 Double-layer VLAN mapping service id and user id
  • the method of the invention is embodied as:
  • the 12 bits of the inner VLAN ID are redefined as follows: ⁇ 2 bits represent service operations (01 means service request, 10 means service status update, 11 means service exits normally, 00 means service exits abnormally), last 10 bits Represents the service identifier, and its mapping relationship is shown in Table 2 below.
  • Table 2 Mapping of inner VLAN IDs to business operations and service identifiers Second, request business
  • the service id Before the user uses the service, the service id is obtained from the service portal. (Note: The planning and setting constraints of the service id can be formulated according to the service operation of the operator, and are not used as the content of this embodiment. It is assumed here that such planning and design Must already exist);
  • the CPE device uses (service id 1 0x100) as the inner VLAN id, and the other parameter content of the service request is used as the layer 2 payload, and is encapsulated into a layer 2 frame and sent;
  • the NPE device adds the outer VLAN to the port sent by the CPE device and forwards it to the routing device (Router).
  • the routing device terminates the double-layer VLAN and logs the double-layer VLAN (including the outer VLAN id, the inner VLAN id, and the request parameters), and the log is sent to the AAA device.
  • the AAA device analyzes the double-layer VLAN information to obtain the user id, service id, parameters, and start time.
  • CPE refers to the user-side device
  • NPE refers to the network-side device
  • the CPE device (service id
  • the routing device terminates the dual-layer VLAN and performs a preliminary analysis on the dual-layer VLAN.
  • the service user timer is reset.
  • the routing device performs the termination log of the VLAN and sends it to the AAA device.
  • the CPE device (service id 1 0x300) is used as the inner VLAN id, and is encapsulated into a layer 2 frame and sent;
  • the NPE device puts the outer VLAN according to the port sent by the CPE device and forwards it to the routing device (Router).
  • the routing device terminates the double-layer VLAN and logs the double-layer VLAN (including the outer VLAN id, the inner VLAN id, and the request parameters), and the log is sent to the AAA device.
  • the AAA device analyzes the double-layer VLAN information to obtain the user id, service id, parameters, and termination time.
  • the routing device encapsulates the double-layer VLAN according to the received service data flow, and performs Layer 2 data transmission. This is standard content and is supported by devices that support Q-in-Q.
  • the AAA device collects and analyzes the original data according to the log information provided in Parts 2, 3, and 4, and performs integrated management of users and services according to relevant policies.
  • this embodiment is described by the 802.1ad Ethernet Layer 2 extension technology, and the same method is also applicable to the Layer 2 extension technology such as 802.1ah.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

A service and user integration management method and system utilizing the Ethernet layer 2 extension technology are provided by the present invention, and can be used in the scenarios of service operation management, user access authentication, service usage and the like in the metropolitan area, wide area or local area Ethernet. The features of the Ethernet layer 2 extension technology are utilized sufficiently by the present invention, so that the relevant fields in the message format of the Ethernet layer 2 extension technology are mapped to the service and user; in view of the one or more fields defined in the message of the Ethernet layer 2 extension technology which are not used entirely or have been used as a single field at present, the one or more fields are matched to a service identifier and a user identifier by re-arranging and defining every binary bit in the single field, or by using several fields jointly, or by using the remainder value space which is not used entirely; and additionally by the operations of request service, service state update, quit service and the like, the problem of the service and user integration management is solved. The present invention has the advantages that the service identification efficiency is high, it is difficult to be fabricated, the traffic isolation is strong and so on.

Description

以太网业务运营中的业务和用户一体化管理方法及系统 技术领域 本发明涉及信息网络技术领域, 特别涉及到在城域、 广域或区域以太网上业 务运营的一种利用以太网二层扩展技术的业务和用户一体化管理方法及系统。 背景技术 随着对运营系统对网络降低成本的要求, 原本用于局域网的以太网技术获得 了新生。 由于适用范围的扩大以及应对业务种类的多样性, 要求以太网络技术的 报文格式进行扩展, 以支持新的业务模式和连接方式, 即采用一种层次化的方法。 目前由 IEEE开发的两种方法是 IEEE 802. lad和 IEEE 802.1a 。 IEEE 802. lad提供 商网桥(也称作 Q-in-Q或 VLAN堆叠),扩展了 VLAN的原始概念。 IEEE 802. lad 简单地添加一个新的 Q标签, 这允许服务提供上管理它自己的标签, 用来识别个 体客户网络, 而原来的 Q-标签用来识别客户网络中的 VLAN。 虽然 IEEE 802. lad 支持三层层次结构, 但服务提供商仅能创建 4094个用户 VLAN, 对于大型城域和 区域网络而言这是不够的。 这个缺陷由 IEEE 802.1a 提供商骨干网桥得以解决, 该标准使用一个服务提供商 MAC头封装客户 MAC头。相对于使用额外的 Q-标签 隔离端客户, 在服务提供商 MAC头中使用一个 24-比特的服务标签, 理论上支持 1600万服务实例, 这就完全去掉了扩展性问题。 IEEE 802.1ad标准在 2006年已经 发布, IEEE 802.1ah目前还处于草案阶段。随着技术的发展和新需求的出现,还可 能出现新的对以太网二层报文格式的扩展。  TECHNICAL FIELD The present invention relates to the field of information network technologies, and in particular, to an Ethernet two-layer extension technology for service operations on a metropolitan area, a wide area, or a regional Ethernet network. Business and user integrated management methods and systems. BACKGROUND OF THE INVENTION Ethernet technology originally used for local area networks has been reborn as the operating system reduces the cost of the network. Due to the expansion of the scope of application and the variety of service types, the message format of Ethernet technology is required to be extended to support new business models and connection methods, that is, a hierarchical approach. The two methods currently developed by IEEE are IEEE 802. lad and IEEE 802.1a. IEEE 802. lad provides a commercial bridge (also known as Q-in-Q or VLAN stacking) that extends the original concept of VLANs. IEEE 802. lad simply adds a new Q tag, which allows the service provider to manage its own tags for identifying individual client networks, while the original Q-tags are used to identify VLANs in the customer network. Although IEEE 802. lad supports a three-tier hierarchy, service providers can only create 4,094 user VLANs, which is not enough for large metro and regional networks. This flaw was addressed by the IEEE 802.1a provider backbone bridge, which encapsulates the client MAC header with a service provider MAC header. Compared to the use of additional Q-tags, the use of a 24-bit service tag in the service provider MAC header theoretically supports 16 million service instances, which completely eliminates the scalability problem. The IEEE 802.1ad standard was released in 2006, and IEEE 802.1ah is still in the draft stage. With the development of technology and the emergence of new requirements, new extensions to the Ethernet Layer 2 message format may emerge.
在目前的运营支撑系统中,对业务和用户的管理一般采用 IP层以上高层定制 协议的方法, 进行业务的标识、 用户的认证、 业务使用的计费等。 例如采用 XML 定义净荷报文格式, 由 SOAP协议传输; 或上述信息直接使用 HTTP传输协议传 输等等(这些是系统实现相关的, 各厂商基于个体情况均会有自己的方法)。 这些 方法的共性在于均是端到端的解决方案, 没有利用中间网络的特征, 扩展性容易 的同时, 造成性能和安全性的降低。 发明内容 因此, 本发明的目的在于提供一种利用以太网二层扩展技术的业务和用户一 体化管理方法及系统, 用于城域、 广域或区域以太网中业务的运行管理、 用户的 接入认证、 业务使用等场景中, 本发明的系统包括用户端设备 (CPE)、 网络端设 备(NPE)、 路由设备(Router)和认证计费鉴权设备 (AAA服务器)等实体。 本 发明充分利用以太网二层扩展技术的特征, 解决业务和用户一体化管理问题, 具 有业务识别效率高、 流量隔离性强等优点。 In the current operation support system, the management of services and users generally adopts a method of high-level custom protocol above the IP layer to perform service identification, user authentication, and service usage charging. For example, XML is used to define the payload message format, which is transmitted by the SOAP protocol; or the above information is directly transmitted using the HTTP transmission protocol (these are system-implemented, and each vendor has its own method based on individual circumstances). The commonality of these methods lies in the end-to-end solution, which does not utilize the characteristics of the intermediate network, and the scalability is easy, and the performance and security are reduced. SUMMARY OF THE INVENTION Therefore, an object of the present invention is to provide a service and user integrated management method and system using Ethernet Layer 2 extension technology, which is used for operation management and user connection of services in a metropolitan area, wide area or regional Ethernet. In the scenario of authentication, service usage, and the like, the system of the present invention includes an entity such as a customer premises equipment (CPE), a network end equipment (NPE), a routing equipment (Router), and an authentication charging authentication equipment (AAA server). The invention fully utilizes the characteristics of the Ethernet Layer 2 extension technology, solves the problem of integrated management of services and users, and has the advantages of high service identification efficiency and strong traffic isolation.
为实现上述发明目的, 本发明的利用以太网二层扩展技术的业务和用户一体 化管理方法, 具体包括如下方法: 1 ) 以太网二层扩展技术报文格式中相关字段映 射到业务和用户的方法、 2)请求业务的方法、 3 )业务状态更新方法以及 4)终止 业务的方法。 还涉及到二层数据帧转发方法和二层数据扩展帧解析方法。 以太网 二层扩展技术目前已知的有 IEEE 802.1ad、 IEEE 802.1 ah, 以后也可能出现新的扩 展技术。  In order to achieve the above object, the service and user integrated management method using the Ethernet Layer 2 extension technology of the present invention specifically includes the following methods: 1) The related fields in the packet format of the Ethernet Layer 2 extension technology are mapped to the service and the user. Method, 2) method of requesting service, 3) method of updating business status, and 4) method of terminating service. It also relates to a Layer 2 data frame forwarding method and a Layer 2 data extended frame analysis method. Ethernet Layer 2 extension technology is currently known as IEEE 802.1ad, IEEE 802.1 ah, and new extension technologies may emerge in the future.
其中,  among them,
1 ) 以太网二层扩展技术报文格式中相关字段映射到业务和用户的方法, 是指 针对以太网二层扩展技术报文中所定义的目前没有完全使用或已作为单一字段使 用的一个或几个字段, 将单一字段中各二进制位重新安排定义、 或几个字段联合 使用、 或使用没有完全使用的剩余数值空间, 将其匹配到业务标识和用户标识的 方法。  1) The method of mapping the relevant fields in the packet format of the Ethernet Layer 2 extension technology to the service and the user is a pointer to the one defined in the Ethernet Layer 2 extension technology message that is not fully used or has been used as a single field. Several fields, which re-arrange the definition of each bit in a single field, or a combination of several fields, or use a method that does not fully use the remaining numeric space to match it to the business identity and user identity.
2)请求业务的方法, 是指终端设备 (CPE)获取请求标志、 业务 id, 与网络 端设备(CPE) —起完成上述映射方法中的业务 id和用户 id映射封装的过程 (形 成完整的扩展后的二层数据帧), 并在以太网线路上行传递到路由设备, 路由设备 终结该二层数据帧(即去除以太网的封装), 将二层的净荷按照三层以上的协议发 送出去; 该路由设备需将该二层扩展帧的头部信息 +时间戳记日志, 并将日志定期 或实时地发送到认证计费鉴权设备, 由其分解日志记录, 完成初始的相关认证计 费鉴权功能。  2) The method of requesting a service means that the terminal device (CPE) acquires the request flag and the service id, and completes the process of mapping the service id and the user id mapping in the above mapping method together with the network device (CPE) (forming a complete extension) The second layer of data frames is transmitted to the routing device on the Ethernet line, and the routing device terminates the Layer 2 data frame (ie, the Ethernet encapsulation is removed), and the Layer 2 payload is sent according to the protocol of Layer 3 or higher. The routing device needs to log the header information + time stamp of the layer 2 extended frame, and send the log to the authentication and accounting authentication device periodically or in real time, and decompose the log record to complete the initial related authentication and accounting. Right function.
3 )业务状态更新方法, 是指将标志位设置为更新状态, 并执行与所述请求业 务的方法中的相同步骤, 即二者的区别在于标志位的不同: 请求业务中标志位设 置为 青求,, 业务状态更新中标志位设置为 '更新,;  3) The service status update method refers to setting the flag bit to the update status and performing the same steps in the method for requesting the service, that is, the difference between the two is the difference of the flag bits: the flag bit in the request service is set to blue. Request, the flag in the business status update is set to 'update,;
4)退出业务的方法,包括正常业务退出的方法和异常业务退出的方法,其中, 所述正常业务退出的方法是指将标志位设置为退出状态, 并执行与请求业务的方 法中相同步骤, 即二者的区别在于标志位的不同: 请求业务中标志位设置为 '请 求', 退出业务中标志位设置为 '退出'; 所述异常退出的方法是指所述路由设备 检查业务状态更新计时器, 发现超时, 就设置该业务为异常退出事件, 并将原二 层扩展帧的头部信息 +时间戳记日志,并将日志定期或实时地发送到认证计费鉴权 设备, 由其分解日志记录, 完成初始的相关认证计费鉴权功能。 另外, 本发明的一种利用以太网二层扩展技术的业务和用户一体化管理系统, 包括: 用户端设备、 网络端设备、 以太网、 路由设备和认证计费鉴权设备, 其特 征在于, 该系统将以太网二层扩展技术报文格式中相关字段映射到业务和用户, 针对以太网二层扩展技术报文中所定义的目前没有完全使用或已作为单一字段使 用的一个或几个字段, 将单一字段中各二进制位重新安排定义、 或几个字段联合 使用、 或使用没有完全使用的剩余数值空间, 将其匹配到业务标识和用户标识。 其中, 以太网二层扩展技术包括 IEEE 802. lad、 IEEE 802.1a 。 4) The method of exiting the business, including the method of exiting the normal business and the method of exiting the abnormal business, wherein The normal service exit method refers to setting the flag bit to the exit state, and performing the same steps as the method for requesting the service, that is, the difference between the two is that the flag bit is different: the flag bit in the request service is set to 'request', The exiting service flag is set to 'exit'; the abnormal exit method means that the routing device checks the service status update timer, and when the timeout is found, the service is set as an abnormal exit event, and the original Layer 2 extended frame is The header information + time stamp is recorded, and the log is sent to the authentication and accounting authentication device periodically or in real time, and the log record is decomposed to complete the initial related authentication and accounting authentication function. In addition, the service and user integrated management system that utilizes the Ethernet Layer 2 extension technology of the present invention includes: a client device, a network device, an Ethernet, a routing device, and an authentication and accounting authentication device, wherein The system maps related fields in the Ethernet Layer 2 extended technology packet format to the service and the user, and one or several fields that are not fully used or used as a single field as defined in the Ethernet Layer 2 extended technology message. , re-arrange the bins in a single field, or combine several fields, or use the remaining numeric space that is not fully used to match the business ID and user ID. Among them, Ethernet Layer 2 extension technology includes IEEE 802. lad, IEEE 802.1a.
另外, 该系统的请求业务中, 所述终端设备获取请求标志和业务 id, 与所述 网络端设备一起完成上述映射方法中的业务 id和用户 id映射封装的过程, 以形成 完整的扩展后的二层数据帧, 并在所述以太网线路上行传递到所述路由设备, 所 述路由设备终结该二层数据帧以去除以太网的封装, 将二层的净荷按照三层以上 的协议发送, 所述路由设备需将该二层扩展帧的头部信息 +时间戳记日志, .并将所 述日志定期或实时地发送到认证计费鉴权设备, 由其分解日志记录, 完成初始的 相关认证计费鉴权功能。  In addition, in the request service of the system, the terminal device acquires the request flag and the service id, and completes the process of the service id and the user id mapping encapsulation in the mapping method together with the network device to form a complete extended a Layer 2 data frame is transmitted to the routing device in the uplink of the Ethernet line, and the routing device terminates the Layer 2 data frame to remove the Ethernet encapsulation, and sends the Layer 2 payload according to a protocol of three or more layers. The routing device needs to record the header information + time stamp of the layer 2 extended frame, and send the log to the authentication and accounting authentication device periodically or in real time, and decompose the log record to complete the initial correlation. Authentication and accounting authentication function.
另外, 该系统的业务状态更新中, 将标志位设置为更新状态, 并执行与所述 请求业务相同的动作, 该业务状态更新采用终端设备以可设置的定周期的方式进 行发送。 '  Further, in the service status update of the system, the flag bit is set to the update status, and the same action as the request service is performed, and the service status update is transmitted by the terminal device in a configurable fixed period. '
另外, 该系统的退出业务中, 包括正常业务退出和异常业务退出, 其中, 所 述正常业务退出是将标志位设置为退出状态, 并执行与请求业务相同的动作; 所 述异常退出是指所述路由设备检査业务状态更新计时器, 发现超时, 就设置该业 务为异常退出事件, 并将原二层扩展帧的头部信息 +时间戳记日志, 并将日志定期 或实时地发送到认证计费鉴权设备, 由其分解日志记录, 完成初始的相关认证计 费鉴权功能。 与目前的方法相比, 本发明具有下列优点: ( 1 )业务标识和用户标识与以太网二层扩展技术中相关字段映射, 利用二层 信息, 具有难以伪造的特征; In addition, the exiting service of the system includes a normal service exit and an abnormal service exit, wherein the normal service exit is to set the flag bit to the exit state, and perform the same action as the request service; The routing device checks the service status update timer. When the timeout is found, the service is set to be an abnormal exit event, and the header information of the original Layer 2 extended frame + timestamp is recorded, and the log is sent to the authentication meter periodically or in real time. The fee authentication device, which decomposes the log records, completes the initial related authentication and accounting authentication function. Compared with the current method, the present invention has the following advantages: (1) The service identifier and the user identifier are mapped with related fields in the Ethernet Layer 2 extension technology, and the Layer 2 information is used, which has features that are difficult to forge;
(2)利用二层技术实现业务和用户的有效隔离和识别, 实现简单方便, 兼容 现有技术。 附图说明 图 1 为本发明的利用以太网二层扩展技术的业务和用户一体化管理方法的业 务系统实体连接图。  (2) Using the two-layer technology to achieve effective isolation and identification of services and users, which is simple and convenient to implement and compatible with existing technologies. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a diagram showing a business system entity connection diagram of a service and user integrated management method using an Ethernet Layer 2 extension technology according to the present invention.
图 2为本发明的利用以太网二层扩展技术的业务和用户一体化管理方法及系 统中所使用的 802.1ad的报文格式。 具体实施方式 下面参照附图对本发明进行详细说明。  2 is a service and user integrated management method using the Ethernet Layer 2 extension technology of the present invention, and an 802.1ad packet format used in the system. DETAILED DESCRIPTION OF THE INVENTION The present invention will be described in detail below with reference to the accompanying drawings.
图 1 为本发明的利用以太网二层扩展技术的业务和用户一体化管理方法的业 务系统实体连接图。如图 1所示,本发明方法的业务系统包括:用户端设备(CPE)、 网络端设备(NPE)、 路由设备 (Router)和认证计费鉴权设备(AAA服务器)等 实体。  FIG. 1 is a connection diagram of a service system entity of a service and user integrated management method using an Ethernet Layer 2 extension technology according to the present invention. As shown in FIG. 1, the service system of the method of the present invention includes: a client equipment (CPE), a network equipment (NPE), a routing device (Router), and an authentication and accounting authentication device (AAA server).
本发明的利用以太网二层扩展技术的业务和用户一体化管理方法, 具体包括 如下方法: 1 )以太网二层扩展技术报文格式中相关字段映射到业务和用户的方法、 2)请求业务的方法、 3 )业务状态更新方法以及 4)终止业务的方法。 还涉及到二 层数据帧转发方法和二层数据扩展帧解析方法, 其中以太网二层扩展技术目前已 知的有 IEEE 802.1ad、 IEEE 802.1 ah, 以后也可能出现新的扩展技米。  The service and user integrated management method using the Ethernet Layer 2 extension technology of the present invention specifically includes the following methods: 1) A method for mapping related fields in a packet format of an Ethernet Layer 2 extension technology to a service and a user, and 2) requesting a service Method, 3) business status update method and 4) method of terminating the business. It also involves a Layer 2 data frame forwarding method and a Layer 2 data extension frame analysis method. Among them, the Ethernet Layer 2 extension technology is known as IEEE 802.1ad and IEEE 802.1 ah, and new expansion technologies may appear in the future.
其中, 1 )以太网二层扩展技术报文格式中相关字段映射到业务和用户的方法, 是指以太网二层扩展技术报文中所定义的一个或几个字段, 目前没有完全使用, 或已作为单一字段使用, 本发明中将单一字段中各二进制位重新安排定义, 或几 个字段联合使用, 或使用没有完全使用的剩余数值空间, 将其匹配到业务标识和 用户标识的方法。  The method of mapping the relevant fields in the packet format of the Ethernet Layer 2 extension technology to the service and the user refers to one or several fields defined in the Ethernet Layer 2 extension technology packet, which is not completely used at present, or It has been used as a single field. In the present invention, each binary bit in a single field is rearranged, or several fields are used in combination, or a method of matching the service identifier and the user identifier with a remaining numeric space that is not fully used is used.
2)请求业务的方法, 是指终端(用户端) 设备(CPE) 获取请求标志、 业务 id, 与网络端设备 (NPE) —起完成上述映射方法中的业务 id和用户 id映射封装 的过程(形成完整的扩展后的二层数据帧),并在以太网线路上行传递到路由设备, 路由设备终结该二层数据帧(即去除以太网的封装), 将二层的净荷按照三层以上 的协议发送出去; 该路由设备需将该二层扩展帧的头部信息 +时间戳记日志, 并将 日志定期或实时地发送到认证计费鉴权设备, 由其分解日志记录, 完成初始的相 关认证计费鉴权功能。 2) The method of requesting the service, the terminal (user end) device (CPE) acquires the request flag and the service id, and completes the process of mapping the service id and the user id mapping in the above mapping method together with the network end device (NPE) ( Forming a complete extended Layer 2 data frame) and passing it on the Ethernet line to the routing device. The routing device terminates the Layer 2 data frame (ie, removes the Ethernet encapsulation), and sends the Layer 2 payload according to the protocol of Layer 3 or higher; the routing device needs to record the header information of the Layer 2 extended frame + the timestamp log. And sending the log to the authentication and accounting authentication device periodically or in real time, and decomposing the log record to complete the initial related authentication and accounting authentication function.
3 )业务状态更新方法, 是指将标志位设置为更新状态, 并执行与所述请求业 务的方法中的相同步骤, 即二者的区别在于标志位的不同: 请求业务中标志位设 置为 '请求', 业务状态更新中标志位设置为 '更新';  3) The service status update method refers to setting the flag bit to the update status and performing the same steps in the method for requesting the service, that is, the difference between the two is the difference of the flag bits: the flag bit in the request service is set to ' Request ', the flag in the business status update is set to 'update';
4)退出业务的方法, 包括正常业务退出的方法和异常业务退出的方法, 其中, 所述正常业务退出的方法是指将标志位设置为退出状态, 并执行与请求业务的方 法中相同步骤, 即二者的区别在于标志位的不同: 请求业务中标志位设置为 '请 求', 退出业务中标志位设置为 退出'; 所述异常退出的方法是指所述路由设备 检査业务状态更新计时器, 发现超时, 就设置该业务为异常退出事件, 并将原二 层扩展帧的头部信息 +时间戳记日志, 并将日志定期或实时地发送到认证计费鉴权 设备, 由其分解日志记录, 完成初始的相关认证计费鉴权功能。 下面结合附图和具体实施例, 对本发明提供利用以太网二层扩展技术的业务 和用户一体化管理方法及系统作进一步阐述。  4) A method for exiting a service, including a method for exiting a normal service and a method for exiting an abnormal service, wherein the method for exiting the normal service refers to setting a flag bit to an exit state, and performing the same steps as the method for requesting a service, That is, the difference between the two is the difference of the flag bits: the flag in the request service is set to 'request', and the flag in the exit service is set to exit '; the abnormal exit method means that the routing device checks the service status update timing. If the timeout is found, the service is set to be an abnormal exit event, and the header information of the original Layer 2 extended frame + timestamp is recorded, and the log is sent to the authentication and accounting authentication device periodically or in real time, and the log is decomposed by the log. Record, complete the initial related authentication and accounting authentication function. The present invention provides a business and user integrated management method and system using Ethernet Layer 2 extension technology in the following with reference to the accompanying drawings and specific embodiments.
实施例  Example
结合 802.1ad二层扩展技术说明利用以太网二层扩展技术的业务和用户一体化 管理方法及系统。  Combined with the 802.1ad Layer 2 extension technology, the business and user integrated management method and system using the Ethernet Layer 2 extension technology are described.
图 2为本发明的利用以太网二层扩展技术的业务和用户一体化管理方法中所 使用的 802.1ad的报文格式。 802.1ad (又称 Q-in-Q)主要是为拓展 VLAN的数量 空间而产生的, 它是在原有的 802.1Q报文的基础上又增加一层 802.1Q标签实现, 使 VLAN数量增加到 4K*4K, 随着城域以太网的发展以及运营商精细化运作的要 求, Q-in-Q的双层标签又有了进一步的使用场景, 如下表 1所示, 它的内外层标 签可以代表不同的信息, 如内层标签代表用户, 外层标签代表业务, 另外, Q-in-Q 报文带着两层 tag穿越运营商网络,内层 tag透明传送,也是一种简单、实用的 VPN 技术,因此它又可以作为核心 MPLS VPN在城域以太网 VPN的延伸,最终形成端 到端的 VPN技术。 而本实施例中是将之用于用户和业务的管理, 同时我们以内层 标签代表业务, 外层标签代表用户。  2 is a packet format of an 802.1ad used in the service and user integrated management method using the Ethernet Layer 2 extension technology of the present invention. 802.1ad (also known as Q-in-Q) is mainly used to expand the number of VLANs. It adds an 802.1Q tag to the original 802.1Q packet to increase the number of VLANs to 4K. *4K, with the development of metro Ethernet and the requirements of operators' refined operation, Q-in-Q's double-layer label has further usage scenarios. As shown in Table 1 below, its inner and outer labels can represent Different information, such as the inner label represents the user, and the outer label represents the service. In addition, the Q-in-Q message carries the two-layer tag through the carrier network, and the inner tag is transparently transmitted. It is also a simple and practical VPN. Technology, so it can be used as an extension of the core MPLS VPN in the Metro Ethernet VPN, eventually forming an end-to-end VPN technology. In this embodiment, it is used for the management of users and services. At the same time, we represent the service with the inner label and the outer label represents the user.
表 1: 双层 VLAN映射业务 id和用户 id
Figure imgf000008_0001
本发明的方法具体化为: Table 1: Double-layer VLAN mapping service id and user id
Figure imgf000008_0001
The method of the invention is embodied as:
一、 以太网二层扩展技术报文格式中相关字段映射到业务和用户  I. Related fields in the packet format of the Ethernet Layer 2 extension technology are mapped to services and users.
本实施例中将内层 VLAN ID的 12位重新定义如下:髙 2位代表业务操作(01 表示业务请求, 10表示业务状态更新, 11表示业务正常退出, 00表示业务异常退 出), 后 10位代表业务标识, 其映射关系如下表 2所示。 将外层 VLAN ID作为用 户 ID使用。 (这里, 也可采用扩展 ETHERTYPE定义的方式定义业务操作, 但需 要注意不要和现有标准冲突)在这样的重新定义和使用方式之下继续进行下述步 骤:  In this embodiment, the 12 bits of the inner VLAN ID are redefined as follows: 髙 2 bits represent service operations (01 means service request, 10 means service status update, 11 means service exits normally, 00 means service exits abnormally), last 10 bits Represents the service identifier, and its mapping relationship is shown in Table 2 below. Use the outer VLAN ID as the user ID. (Here, you can also define business operations by extending the ETHERTYPE definition, but be careful not to conflict with existing standards.) Continue the following steps under such redefinition and usage:
表 2: 内层 VLAN ID与业务操作和业务标识的映射关系
Figure imgf000008_0002
二、 请求业务 Table 2: Mapping of inner VLAN IDs to business operations and service identifiers
Figure imgf000008_0002
Second, request business
( 1 ) 用户使用业务之前, 从业务门户得到业务 id (注: 业务 id的规划与设定约 束可根据运营商的业务运行进行制定, 不作为本实施例的内容。 这里假定 这样的规划和设定已经存在);  (1) Before the user uses the service, the service id is obtained from the service portal. (Note: The planning and setting constraints of the service id can be formulated according to the service operation of the operator, and are not used as the content of this embodiment. It is assumed here that such planning and design Must already exist);
(2) 用户发起业务使用请求, 携带业务 id (在 IP载荷中);  (2) The user initiates a service use request, carrying the service id (in the IP payload);
(3) CPE获取业务 id;  (3) The CPE obtains the service id;
(4) CPE设备将 (业务 id 1 0x100) 作为内层 VLAN id, 业务请求的其他参数内 容作为二层净荷, 封成二层帧, 并发送;  (4) The CPE device uses (service id 1 0x100) as the inner VLAN id, and the other parameter content of the service request is used as the layer 2 payload, and is encapsulated into a layer 2 frame and sent;
(5) NPE设备根据 CPE设备发送的端口打上外层 VLAN, 向上一直传递到路由 设备 (Router);  (5) The NPE device adds the outer VLAN to the port sent by the CPE device and forwards it to the routing device (Router).
(6) 路由设备终结双层 VLAN, 并对双层 VLAN做日志 (包括外层 VLAN id、 内层 VLAN id、 请求参数等), 该日志发送到 AAA设备;  (6) The routing device terminates the double-layer VLAN and logs the double-layer VLAN (including the outer VLAN id, the inner VLAN id, and the request parameters), and the log is sent to the AAA device.
(7) AAA设备通过双层 VLAN信息进行分析, 获得用户 id、业务 id、参数、起 始时间;  (7) The AAA device analyzes the double-layer VLAN information to obtain the user id, service id, parameters, and start time.
说明: CPE指用户侧设备, NPE指网络侧设备。 NOTE: CPE refers to the user-side device, and NPE refers to the network-side device.
三、 业务状态更新和业务异常退出 Third, business status updates and business abnormal exit
( 1 ) CPE设备将(业务 id | 0χ200)作为内层 VLAN id, 封成二层帧, 并发送; (2) NPE设备根据 CPE设备发送的端口打上外层 VLAN, 向上一直传递到路由 设备(Router); (1) The CPE device (service id | 0χ200) is used as the inner VLAN id, and is encapsulated into a layer 2 frame and sent; (2) The NPE device sends the outer VLAN according to the port sent by the CPE device, and the device forwards it to the routing device (Router).
(3 ) 路由设备终结该双层 VLAN, 并对双层 VLAN做初步分析, 发现为业务状 态更新, 则复位业务用户定时器;  (3) The routing device terminates the dual-layer VLAN and performs a preliminary analysis on the dual-layer VLAN. When the service status is updated, the service user timer is reset.
(4) 长时间没有收到业务状态更新报文(即超时), 则确定为业务异常退出, 路 由设备做该 VLAN的终止日志, 并发送到 AAA设备。  (4) If the service status update packet is not received for a long time (that is, the timeout period), it is determined that the service is abnormally exited, and the routing device performs the termination log of the VLAN and sends it to the AAA device.
四、 退出业务 Fourth, withdraw from the business
( 1 ) 用户停止使用业务时, 发送退出业务请求, 携带业务 id;  (1) When the user stops using the service, the user sends an exit service request and carries the service id;
(2) CPE设备将(业务 id 1 0x300) 作为内层 VLAN id, 封成二层帧, 并发送; (2) The CPE device (service id 1 0x300) is used as the inner VLAN id, and is encapsulated into a layer 2 frame and sent;
(3 ) NPE设备根据 CPE设备发送的端口打上外层 VLAN, 向上一直传递到路由 设备 (Router); (3) The NPE device puts the outer VLAN according to the port sent by the CPE device and forwards it to the routing device (Router).
(4) 路由设备终结双层 VLAN, 并对双层 VLAN做日志 (包括外层 VLAN id、 内层 VLAN id、 请求参数等), 该日志发送到 AAA设备;  (4) The routing device terminates the double-layer VLAN and logs the double-layer VLAN (including the outer VLAN id, the inner VLAN id, and the request parameters), and the log is sent to the AAA device.
(5) AAA设备通过双层 VLAN信息进行分析, 获得用户 id、业务 id、参数、终 止时间;  (5) The AAA device analyzes the double-layer VLAN information to obtain the user id, service id, parameters, and termination time.
五、 数据转发 Five, data forwarding
由路由设备根据接收到的业务数据流, 进行双层 VLAN的封装, 并进行二层 数据传输。 这是标准的内容, 支持 Q-in-Q的设备都支持。  The routing device encapsulates the double-layer VLAN according to the received service data flow, and performs Layer 2 data transmission. This is standard content and is supported by devices that support Q-in-Q.
六、 业务计费 Sixth, business billing
AAA设备根据二、三和四部分提供的日志信息,进行原始数据的收集和分析, 并根据相关策略进行用户和业务的一体化管理。  The AAA device collects and analyzes the original data according to the log information provided in Parts 2, 3, and 4, and performs integrated management of users and services according to relevant policies.
另外,本实施例是以 802.1ad以太网二层扩展技术加以说明的, 同样的方法也 适用于如 802.1ah等二层扩展技术。  In addition, this embodiment is described by the 802.1ad Ethernet Layer 2 extension technology, and the same method is also applicable to the Layer 2 extension technology such as 802.1ah.

Claims

权利 right
1、一种利用以太网二层扩展技术的业务和用户一体化管理方法,其特征在于, 包括: 1 ) 以太网二层扩展技术报文格式中相关字段映射到业务和用户的方法、 2) 请求业务的方法、 3)业务状态更新方法、 4) 终止业务的方法, 其中, A service and user integrated management method using the Ethernet Layer 2 extension technology, which is characterized in that: 1) a method for mapping related fields in a packet format of an Ethernet Layer 2 extension technology to a service and a user, 2) Method for requesting a service, 3) method for updating a business status, 4) method for terminating a service, wherein
1 ) 以太网二层扩展技术报文格式中相关字段映射到业务和用户的方法, 是指 针对以太网二层扩展技术报文中所定义的目前没有完全使用或已作为单一字段使 用的一个或几个字段, 将单一字段中各二进制位重新安排定义、 或几个字段联合 使用、 或使用没有完全使用的剩余数值空间, 将其匹配到业务标识和用户标识的 方法;  1) The method of mapping the relevant fields in the packet format of the Ethernet Layer 2 extension technology to the service and the user is a pointer to the one defined in the Ethernet Layer 2 extension technology message that is not fully used or has been used as a single field. Several fields, which re-arrange the definition of each bit in a single field, or combine several fields, or use a method that does not fully use the remaining numeric space to match it to the business identity and user identity;
2)请求业务的方法, 是指终端设备获取请求标志和业务 id, 与网络端设备一 起完成上述映射方法中的业务 id和用户 id映射封装的过程, 以形成完整的扩展后 的二层数据帧, 并在以太网线路上行传递到路由设备, 路由设备终结该二层数据 帧以去除以太网的封装, 将二层的净荷按照三层以上的协议发送, 所述路由设备 需将该二层扩展帧的头部信息 +时间戳记日志, 并将所述日志定期或实时地发送到 认证计费鉴权设备, 由其分解日志记录, 完成初始的相关认证计费鉴权功能;  2) The method of requesting the service, the terminal device acquires the request flag and the service id, and completes the process of the service id and the user id mapping encapsulation in the mapping method together with the network device to form a complete extended layer 2 data frame. And the Ethernet device is forwarded to the routing device, and the routing device terminates the Layer 2 data frame to remove the Ethernet encapsulation, and sends the Layer 2 payload according to the protocol of Layer 3 or higher. The routing device needs to use the Layer 2 layer. Extending the header information of the frame + the timestamp log, and sending the log to the authentication and accounting authentication device periodically or in real time, and decomposing the log record to complete the initial related authentication and accounting authentication function;
3)业务状态更新方法, 是指将标志位设置为更新状态, 并执行与所述请求业 务的方法中的相同步骤;  3) The service status update method refers to setting the flag bit to the update status and executing the same steps in the method of requesting the service;
4)退出业务的方法,包括正常业务退出的方法和异常业务退出的方法,其中, 所述正常业务退出的方法是指将标志位设置为退出状态, 并执行与请求业务的方 法中相同步骤; 所述异常退出的方法是指所述路由设备检査业务状态更新计时器, 发现超时, 就设置该业务为异常退出事件, 并将原二层扩展帧的头部信息 +时间戳 记日志, 并将日志定期或实时地发送到认证计费鉴权设备, 由其分解日志记录, 完成初始的相关认证计费鉴权功能。  4) The method for exiting the service, including the method for exiting the normal service and the method for exiting the abnormal service, wherein the method for exiting the normal service refers to setting the flag bit to the exit state, and performing the same steps as the method for requesting the service; The abnormal exit method means that the routing device checks the service status update timer, finds that the timeout, sets the service as an abnormal exit event, and logs the header information of the original Layer 2 extended frame + time stamp, and The log is sent to the authentication and accounting authentication device periodically or in real time, and the log records are decomposed to complete the initial related authentication and accounting authentication function.
2、如权利要求 1所述的利用以太网二层扩展技术的业务和用户一体化管理方 法, 其特征在于, 所述业务状态更新方法中的状态更新采用终端设备以可设置的 定周期方式进行发送。 The service and user integrated management method using the Ethernet Layer 2 extension technology according to claim 1, wherein the status update in the service status update method is performed by using the terminal device in a configurable fixed period manner. send.
3、如权利要求 1或 2所述的利用以太网二层扩展技术的业务和用户一体化管 理方法,其特征在于,所述以太网二层扩展技术包括 IEEE 802.1ad、 IEEE 802.1 a o The service and user integrated management method using the Ethernet Layer 2 extension technology according to claim 1 or 2, wherein the Ethernet Layer 2 extension technology comprises IEEE 802.1ad, IEEE 802.1 a o
4、如权利要求 3所述的利用以太网二层扩展技术的业务和用户一体化管理方 法, 其特征在于, 所述以太网二层扩展技术 IEEE 802.1ad的报文格式中相关字段 映射到业务和用户的方法中, 将内层 VLAN ID的 12位重新定义: 高 2位代表业 务操作, 后 10位代表业务标识, 将外层 VLAN ID作为用户 ID使用。 The service and user integrated management method using the Ethernet layer 2 extension technology according to claim 3, wherein the Ethernet two-layer extension technology is related to the field in the IEEE 802.1ad packet format. In the method of mapping to the service and the user, the 12 bits of the inner VLAN ID are redefined: the upper 2 bits represent the service operation, the last 10 bits represent the service identifier, and the outer VLAN ID is used as the user ID.
5、 如权利要求 3所述的利用以太网二层扩展技术的业务和用户一体化管理方 法, 其特征在于, 利用所述以太网二层扩展技术 IEEE 802.1ad的请求业务的方法 中,所述终端设备获取业务 id,所述终端设备将业务 id I 0x100作为内层 VLAN id, 业务请求的其他参数内容作为二层净荷, 封成二层帧并发送, 所述网络端设备根 据所述终端设备发送的端口打上外层 VLAN, 向上一直传递到所述路由设备。 The service and user integrated management method using the Ethernet Layer 2 extension technology according to claim 3, wherein the method for requesting services by using the Ethernet Layer 2 extension technology IEEE 802.1ad is as follows The terminal device obtains the service id, and the terminal device uses the service id I 0x100 as the inner VLAN id, and the other parameter content of the service request is used as the layer 2 payload, and is encapsulated into a layer 2 frame and sent, and the network end device is configured according to the terminal. The port sent by the device is tagged with the outer VLAN and passed up to the routing device.
6、 如权利要求 3所述的利用以太网二层扩展技术的业务和用户一体化管理方 法, 其特征在于, 利用所述以太网二层扩展技术 IEEE 802.1ad的业务状态更新方 法和所述异常业务退出的方法中, 所述终端设备将业务 id I 0x200作为内层 VLAN id, 封成二层帧, 并发送, 所述网络端设备根据所述终端设备发送的端口打上外层 VLAN, 向上一直传递到路由设备, 然后, 所述路由设备终结该双层 VLAN, 并对 双层 VLAN做初步分析, 发现为业务状态更新, 则复位业务用户定时器; 若长时 间没有收到业务状态更新报文, 则确定为业务异常退出, 由所述路由设备做该 VLAN的终止日志, 并发送到所述认证计费鉴权设备。 The service and user integrated management method using the Ethernet Layer 2 extension technology according to claim 3, wherein the service state update method and the abnormality of the IEEE 802.1ad using the Ethernet Layer 2 extension technology are utilized. In the method of the service exit, the terminal device encapsulates the service id I 0x200 as an inner VLAN id into a layer 2 frame, and sends the packet to the outer VLAN according to the port sent by the terminal device. The routing device is delivered to the routing device, and then the routing device terminates the dual-layer VLAN and performs a preliminary analysis on the dual-layer VLAN. If the service status is updated, the service user timer is reset. If the service status update message is not received for a long time. Then, it is determined that the service is abnormally exited, and the routing device performs the termination log of the VLAN, and sends the termination log to the authentication and accounting authentication device.
7、如权利要求 3所述的利用以太网二层扩展技术的业务和用户一体化管理方 法, 其特征在于, 利用所述以太网二层扩展技术 IEEE 802.1ad的正常业务退出的 方法中, 用户停止使用业务时, 发送退出业务请求, 携带业务 id, 所述终端设备 将业务 id | 0x300作为内层 VLAN id, 封成二层帧, 并发送, 所述网络端设备根据 所述终端设备发送的端口打上外层 VLAN, 向上一直传递到所述路由设备, 所述 认证计费鉴权设备通过双层 VLAN信息进行分析, 获得用户 id、 业务 id、 参数、 终止时间。 The service and user integrated management method using the Ethernet Layer 2 extension technology according to claim 3, wherein the user uses the Ethernet two-layer extension technology IEEE 802.1ad to exit the normal service, the user When the service is stopped, the service request is sent, and the service id is carried, and the terminal device encapsulates the service id | 0x300 as the inner VLAN id, and then sends the packet to the layer 2 frame, and sends the packet to the network device according to the terminal device. The port is tagged with the outer VLAN and is forwarded to the routing device. The authentication and accounting authentication device analyzes the double-layer VLAN information to obtain the user id, service id, parameter, and termination time.
8、 一种利用以太网二层扩展技术的业务和用户一体化管理系统, 包括: 用户 端设备、 网络端设备、 以太网、 路由设备和认证计费鉴权设备, 其特征在于, 该系统将以太网二层扩展技术报文格式中相关字段映射到业务和用户, 针对 以太网二层扩展技术报文中所定义的目前没有完全使用或已作为单一字段使用的 一个或几个字段, 将单一字段中各二进制位重新安排定义、 或几个字段联合使用、 或使用没有完全使用的剩余数值空间, 将其匹配到业务标识和用户标识; 8. A service and user integrated management system that utilizes Ethernet Layer 2 extension technology, including: a client device, a network device, an Ethernet, a routing device, and an authentication and accounting authentication device, wherein the system The related fields in the packet format of the Ethernet Layer 2 extension technology are mapped to the service and the user. For the one or several fields defined in the Ethernet Layer 2 extension technology packet that are not fully used or used as a single field, the single field will be single. Each bit in the field is rearranged by definition, or several fields are used in conjunction, or the remaining numeric space that is not fully used is used to match it to the service identifier and user ID;
该系统的请求业务中, 所述终端设备获取请求标志和业务 id, 与所述网络端 设备一起完成上述映射方法中的业务 id和用户 id映射封装的过程, 以形成完整的 扩展后的二层数据帧, 并在所述以太网线路上行传递到所述路由设备, 所述路由 设备终结该二层数据帧以去除以太网的封装, 将二层的净荷按照三层以上的协议 发送, 所述路由设备需将该二层扩展帧的头部信息 +时间戳记日志, 并将所述日志 定期或实时地发送到认证计费鉴权设备, 由其分解日志记录, 完成初始的相关认 证计费鉴权功能; In the request service of the system, the terminal device acquires a request flag and a service id, and completes the process of the service id and the user id mapping encapsulation in the mapping method together with the network device to form a complete And extending the Layer 2 data frame to the routing device, and the routing device terminates the Layer 2 data frame to remove the Ethernet encapsulation, and the Layer 2 payload is more than three layers. The protocol is sent, the routing device needs to record the header information of the layer 2 extended frame + the time stamp, and send the log to the authentication and accounting authentication device periodically or in real time, and the log record is decomposed and the initial is completed. Related authentication and accounting authentication function;
该系统的业务状态更新中, 将标志位设置为更新状态, 并执行与所述请求业 务相同的动作;  In the service status update of the system, the flag bit is set to the update status, and the same action as the request service is performed;
该系统的退出业务中, 包括正常业务退出和异常业务退出, 其中, 所述正常 业务退出是将标志位设置为退出状态, 并执行与请求业务相同的动作; 所述异常 退出是指所述路由设备检査业务状态更新计时器, 发现超时, 就设置该业务为异 常退出事件, 并将原二层扩展帧的头部信息 +时间戳记日志, 并将日志定期或实时 地发送到认证计费鉴权设备, 由其分解日志记录, 完成初始的相关认证计费鉴权 功能。  The exiting service of the system includes a normal service exit and an abnormal service exit, where the normal service exit is to set the flag bit to the exit state, and perform the same action as the request service; the abnormal exit refers to the route The device checks the service status update timer. When the timeout is found, the service is set to be an abnormal exit event, and the header information of the original Layer 2 extended frame + time stamp is recorded, and the log is sent to the authentication and accounting in a regular or real time. The right device, which decomposes the log record, completes the initial related authentication and accounting authentication function.
9、 如权利要求 8所述的利用以太网二层扩展技术的业务和用户一体化管理系 统, 其特征在于, 所述业务状态更新采用终端设备以可设置的定周期的方式进行 发送。 9. The service and user integrated management system using the Ethernet Layer 2 extension technology according to claim 8, wherein the service status update is performed by using the terminal device in a configurable fixed period.
10、 如权利要求 8或 9所述的利用以太网二层扩展技术的业务和用户一体化 管理系统,其特征在于,所述以太网二层扩展技术包括 IEEE 802.1ad、IEEE 802.1a 。 The service and user integrated management system using the Ethernet Layer 2 extension technology according to claim 8 or 9, wherein the Ethernet Layer 2 extension technology comprises IEEE 802.1ad and IEEE 802.1a.
PCT/CN2009/001155 2008-10-29 2009-10-19 Service and user integration management method and system in ethernet service operation WO2010048775A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810225245.9 2008-10-29
CN2008102252459A CN101651670B (en) 2008-10-29 2008-10-29 Integrated management method for services and users in Ethernet service operation and system thereof

Publications (1)

Publication Number Publication Date
WO2010048775A1 true WO2010048775A1 (en) 2010-05-06

Family

ID=41673779

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/001155 WO2010048775A1 (en) 2008-10-29 2009-10-19 Service and user integration management method and system in ethernet service operation

Country Status (2)

Country Link
CN (1) CN101651670B (en)
WO (1) WO2010048775A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102694879B (en) * 2012-05-21 2016-06-08 中国联合网络通信集团有限公司 Business recognition method, equipment and system
CN107086959B (en) * 2016-02-16 2020-11-06 华为技术有限公司 Method and device for authenticating operation management maintenance message
WO2017150621A1 (en) 2016-03-02 2017-09-08 日本電気株式会社 Network system, terminal, sensor data collection method, and program
CN110971499B (en) * 2019-12-10 2021-11-12 上海市共进通信技术有限公司 Method for realizing uniform analysis and processing of VLAN service

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1426199A (en) * 2001-12-13 2003-06-25 华为技术有限公司 Method for managing users in wide hand city network
JP2003234753A (en) * 2002-02-08 2003-08-22 Toyo Commun Equip Co Ltd Edge broadband access repeater and broadband network system
US20080013547A1 (en) * 2006-07-14 2008-01-17 Cisco Technology, Inc. Ethernet layer 2 protocol packet switching
CN101252587A (en) * 2008-04-18 2008-08-27 杭州华三通信技术有限公司 User terminal access right identifying method and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1426199A (en) * 2001-12-13 2003-06-25 华为技术有限公司 Method for managing users in wide hand city network
JP2003234753A (en) * 2002-02-08 2003-08-22 Toyo Commun Equip Co Ltd Edge broadband access repeater and broadband network system
US20080013547A1 (en) * 2006-07-14 2008-01-17 Cisco Technology, Inc. Ethernet layer 2 protocol packet switching
CN101252587A (en) * 2008-04-18 2008-08-27 杭州华三通信技术有限公司 User terminal access right identifying method and apparatus

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MOU YUAN ET AL.: "Research on Mechanism of Multicasting and Broadcasting Based on Ethernet Technology", COMMUNICATION TECHNOLOGY, vol. 40, no. 8, 2007, pages 31 - 33 *

Also Published As

Publication number Publication date
CN101651670A (en) 2010-02-17
CN101651670B (en) 2012-08-15

Similar Documents

Publication Publication Date Title
CN101133407B (en) Metro Ethernet with flexible broadcast and service instance domain
US8913623B2 (en) Method and apparatus for processing labeled flows in a communications access network
Quittek et al. Information model for ip flow information export
EP2086178B1 (en) Link aggregation method and device, mac frame receiving/sending method and system
EP1903723B1 (en) Method and apparatus for transmitting message
US8681779B2 (en) Triple play subscriber and policy management system and method of providing same
CN110121059A (en) Monitor video processing method, device and storage medium
CN110430043A (en) A kind of authentication method, system and device and storage medium
CN108965367A (en) A kind of method and system of control view networked server
CN108881815A (en) A kind of transmission method and device of video data
CN108964962A (en) A kind of method and system of control view networked terminals
CN109617956A (en) A kind of data processing method and device
CN108989273A (en) A kind of method and apparatus obtaining video flowing
CN109818776A (en) Micro services module exception localization method and device
CN102932342A (en) Method and network equipment for isolating multi-user virtual local area network
CN109842685A (en) A kind of method of data synchronization and device
CN109818960A (en) Data processing method and device
CN109617830A (en) A kind of method and apparatus regarding real time demonstration business in networking
WO2010048775A1 (en) Service and user integration management method and system in ethernet service operation
CN110474951A (en) A kind of fingerprint collecting method and view networked server
CN110266577A (en) A kind of tunnel establishing method and view networked system
CN109743265A (en) A kind of method and apparatus obtaining certificate information
CN110072115A (en) Data processing method, device and storage medium
CN110266638A (en) Information processing method, device and storage medium
CN110138633A (en) A kind of storage gateway method of network entry and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09822968

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09822968

Country of ref document: EP

Kind code of ref document: A1