WO2010135887A1 - 移动虚拟专用网通信的方法、装置及系统 - Google Patents
移动虚拟专用网通信的方法、装置及系统 Download PDFInfo
- Publication number
- WO2010135887A1 WO2010135887A1 PCT/CN2009/074976 CN2009074976W WO2010135887A1 WO 2010135887 A1 WO2010135887 A1 WO 2010135887A1 CN 2009074976 W CN2009074976 W CN 2009074976W WO 2010135887 A1 WO2010135887 A1 WO 2010135887A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- network
- address
- mobile
- gateway
- terminal
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/26—Network addressing or numbering for mobility support
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W40/00—Communication routing or communication path finding
- H04W40/24—Connectivity information management, e.g. connectivity discovery or connectivity update
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/16—WPBX [Wireless Private Branch Exchange]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/16—Gateway arrangements
Definitions
- the present invention relates to the field of communications, and in particular, to a method, device and system for mobile virtual private network communication. Background technique
- VPN Virtual Private Network
- ISP Internet Service Provider
- NSP Network Service Provider
- Fixed network VPN uses a fixed communication network to provide users with VPN access
- mobile VPN uses GPRS (General Packet Radio Service)
- AVCDMA Wide-Broadband Code Division Multiplex Access
- CDMA Code Division Multiplex Access
- LTE-SAE Long Term Evolution-System Architecture Evolution, 3GPP Long Term Evolution - System Architecture Evolution
- MS Mobile Subscriber, mobile terminal
- MS Mobile Subscriber, mobile terminal
- the Router serves a mobile VPN branch network.
- the mobile packet gateway needs to obtain the network segment IP address information of the mobile VPN branch network served by the MS, and thus the IP address of the MS and The network segment IP address of the mobile VPN branch network is associated with the same PDP context (Packet Data Protocol Context), thereby enabling the MS and the mobile VPN. All hosts on the branch network exchange IP traffic with external devices through the associated PDP context using their respective IP addresses.
- PDP context Packet Data Protocol Context
- the mobile packet gateway obtains the IP address of the MS and the network segment IP address of the mobile VPN branch network served by the AAA Server (Authentication Authorization Accounting Server):
- the MS moves when activated.
- the packet gateway sends a Radius Access Request message to the AAA server according to a preset setting; the AAA server determines the IP address of the MS that is pre-stored after the MS is enabled with the MS Router function, and the mobile served by the MS.
- the network segment IP address of the VPN branch network is added in the Radius Access Accept message and returned to the mobile packet gateway.
- the mobile packet gateway obtains the IP address of the MS from the Radius Access Accept message, and the mobile VPN branch network. Network segment IP address.
- the inventor has found that at least the following problems exist in the prior art: If the mobile VPN communication is performed by using the technical solution in the prior art, the network segment IP address of the mobile VPN branch network stored on the AAA server The information is pre-configured, and the mobile VPN branch network served by the MS often changes. Therefore, it is necessary to manually modify the network segment IP address information of the mobile VPN branch network stored on the AAA server in order to make the mobile packet gateway available according to the new Mobile VPN communication is performed on the network segment IP address of the mobile VPN branch network. Thus, network maintenance using prior art is less efficient.
- Embodiments of the present invention provide a method, apparatus, and system for mobile virtual private network communication, which can improve network maintenance efficiency.
- a method for mobile virtual private network communication comprising:
- a device for mobile virtual private network communication comprising:
- a network address obtaining unit configured to acquire a terminal network address and a gateway virtual interface network address, where the gateway virtual interface network address and the terminal network address belong to the same network segment;
- An interface creation unit configured to create a virtual interface for a packet data protocol context of the mobile terminal according to the network address of the gateway virtual interface obtained by the network address obtaining unit;
- a network address sending unit configured to send, to the mobile terminal, a terminal network address obtained by the network address obtaining unit
- a branch address obtaining unit configured to create a mobile virtual private network communication by using the interface creation unit according to a dynamic routing protocol, including:
- the gateway virtual interface network address and the terminal network address belong to the same network segment;
- the network segment address of the served branch network is notified to the mobile packet gateway by a virtual interface having the gateway virtual interface network address according to a dynamic routing protocol.
- a mobile terminal includes:
- a terminal address obtaining unit configured to acquire a terminal network address from the mobile packet gateway
- An interface address obtaining unit configured to acquire a gateway virtual interface network address of the mobile packet gateway according to the terminal network address obtained by the terminal address obtaining unit, where the gateway virtual interface network address and the terminal network address belong to the same network segment;
- the branch address notification unit is configured to notify the mobile packet gateway of the network segment address of the served branch network by using a virtual interface having the gateway virtual interface network address according to the dynamic routing protocol.
- a system for mobile virtual private network communication comprising at least one mobile terminal and a mobile packet gateway:
- the mobile packet gateway is configured to obtain a terminal network address and a gateway virtual interface network address, where the gateway virtual interface network address and the terminal network address belong to the same network segment; a packet data protocol context of the mobile terminal creates a virtual interface; and sends the terminal network address to the mobile terminal; and the virtual terminal is used to obtain a terminal network address from the mobile packet gateway according to the dynamic routing protocol; And obtaining the gateway virtual interface network address of the mobile packet gateway, where the gateway virtual interface network address and the terminal network address belong to the same network segment; and the virtual interface network address of the gateway is adopted according to the dynamic routing protocol.
- the virtual interface notifies the mobile packet gateway of the network segment address of the served branch network.
- the method, the device and the system for the mobile virtual private network communication create a virtual interface for the packet data protocol context of the mobile terminal by using the mobile packet gateway, and the virtual interface and the mobile terminal are respectively configured with the same network segment.
- the network packet address is obtained by the mobile packet gateway from the mobile terminal in real time through the virtual interface to obtain the latest network segment address of the branch network served by the mobile terminal. Therefore, the technical solution of the embodiment of the present invention solves the problem of manually modifying the network segment address of the branch network on the AAA Server when the network segment address of the mobile VPN branch network served by the MS changes, thereby improving the network. The effect of maintenance efficiency.
- FIG. 1 is a flowchart of a method for mobile virtual private network communication according to an embodiment of the present invention
- FIG. 2 is a flowchart of another method for mobile virtual private network communication according to an embodiment of the present invention
- FIG. 4 is a flowchart of another method for mobile virtual private network communication according to an embodiment of the present invention
- FIG. 5 is another mobile virtual specialization according to an embodiment of the present invention
- FIG. 6 is a schematic structural diagram of a device for mobile virtual private network communication according to an embodiment of the present invention.
- FIG. 7 is a schematic structural diagram of a mobile terminal according to an embodiment of the present disclosure.
- FIG. 8 is a schematic structural diagram of another system for mobile virtual private network communication according to an embodiment of the present invention.
- FIG. 9 is a schematic structural diagram of another system for mobile virtual private network communication according to an embodiment of the present invention.
- FIG. 10 is a schematic structural diagram of another system for mobile virtual private network communication according to an embodiment of the present invention.
- FIG. 11 is a networking diagram of a method for using a mobile virtual private network according to an embodiment of the present invention. detailed description
- the embodiment of the present invention provides a method for the mobile virtual private network communication.
- the method for the mobile virtual private network communication includes:
- the mobile packet gateway obtains a terminal network address and a gateway virtual interface network address, where the gateway virtual interface network address and the terminal network address belong to the same network segment.
- terminal network address refers to the network address assigned by the mobile packet gateway to the mobile terminal
- gateway virtual interface network address refers to the mobile The network address assigned by the packet gateway to the created virtual interface
- the mobile packet gateway may acquire the terminal network address and the gateway virtual interface network address at the same time, or first obtain the terminal network address and the MS service from the AAA server according to the prior art.
- the network segment address of the branch network is obtained.
- the network address of the gateway virtual interface belonging to the same network segment is obtained according to the obtained terminal network address.
- the mobile packet gateway creates a virtual interface for the packet data protocol context of the mobile terminal according to the gateway virtual interface network address.
- the mobile packet gateway sends the terminal network address to the mobile terminal.
- Steps 102 and 103 may be performed simultaneously, or step 102 may be performed first and then step 103 may be performed. Alternatively, step 103 may be performed first and then step 102 may be performed.
- the mobile packet gateway obtains, by the virtual interface, a network segment address of a branch network served by the mobile terminal from the mobile terminal according to a dynamic routing protocol.
- the mobile packet gateway and the mobile terminal may pass the The virtual interface and the interface of the mobile terminal exchange dynamic routing protocol packets, where the dynamic routing protocol packet sent by the mobile terminal to the mobile packet gateway includes the network segment address of the branch network. Therefore, the mobile packet gateway can obtain the network segment address of the branch network from the dynamic routing protocol packet sent by the mobile terminal in real time. Therefore When the network segment address of the branch network changes, the dynamic routing protocol packet sent by the mobile terminal to the mobile packet gateway includes the network segment address of the branch network, and the mobile packet gateway can receive the mobile terminal through the virtual interface. The dynamic routing protocol packet sent by the terminal obtains the network segment address of the branch network after the change, so that the new network segment address of the branch network can be obtained in real time.
- the mobile packet gateway Before the mobile packet gateway obtains the network segment address of the branch network from the MS through the virtual interface according to the dynamic routing protocol, the mobile packet gateway may send an activation response including the terminal network address to the MS, so that the MS uses the terminal network address.
- the method for forwarding the IP traffic through the associated PDP context, and the method for the mobile virtual private network communication provided by the embodiment of the present invention obtains the branch from the mobile terminal through the virtual interface in real time by using the mobile packet gateway according to the dynamic routing protocol.
- the technical solution of the latest network segment address of the network thus avoiding the problem of manually modifying the network segment address of the branch network on the AAA Server when the network segment address of the mobile VPN branch network served by the MS changes, thereby improving The effect of network maintenance efficiency.
- the mobile packet gateway may simultaneously acquire the terminal network address and the gateway virtual interface network address by using at least the following three schemes: the mobile packet gateway obtains the terminal network address and the gateway virtual interface network address through the AAA server; the mobile packet gateway is locally Obtain the terminal network address and the gateway virtual interface network address; the mobile packet gateway obtains the terminal network address and the gateway virtual interface network address through a DHCP Server (Dynamic Host Configuration Protocol Server).
- DHCP Server Dynamic Host Configuration Protocol Server
- the mobile packet gateway obtains the terminal network address and the gateway virtual interface network to the address through the AAA server.
- a method for moving a virtual private network communication includes:
- the mobile terminal sends an activation request to the mobile packet gateway.
- the activation request is a PDP context activation request.
- the MS moves to a packet gateway (eg GGSN (Gateway GPRS Support Nodes, Gateway GPRS) Support node))
- GGSN Gateway GPRS Support Nodes
- Gateway GPRS Gateway GPRS Support node
- the MS sends a PDP context activation request to the SGSN (Serving GPRS Support Nodes), and the activation request includes an APN (Access Point Name).
- SGSN Server GPRS Support Nodes
- APN Access Point Name
- the SGSN determines the accessibility of the MS according to the APN, and obtains the corresponding GGSN address through the DNS Server (Domain Name System Server), and forwards the PDP context activation request of the MS to the GGSN.
- DNS Server Domain Name System Server
- the mobile packet gateway After receiving the activation request of the mobile terminal, the mobile packet gateway sends an address request message to the authentication authorization charging server.
- the address request message can have multiple implementations, such as a Radius Access Request message.
- the authentication authorization charging server sends an address response message to the mobile packet gateway.
- the AAA server pre-stores the terminal network address, that is, the IP address of the MS and the network mask.
- the AAA server also stores the corresponding gateway virtual interface network address.
- the virtual interface network address of the gateway is one of the IP addresses of the mobile packet gateway, where the gateway virtual interface network address is used for The MS is interconnected, and a dynamic routing protocol is started, and the gateway virtual interface network address belongs to the same network segment as the terminal network address.
- the AAA Server When the MS is enabled with the MS Router function, the AAA Server adds the stored terminal network address and the corresponding gateway virtual interface network address to the address response message, and sends the address response message to the mobile packet gateway. When the MS Router function is not enabled, the AAA Server adds the stored terminal network address to the address response message, and sends the address response message to the mobile packet gateway.
- the address response message may be implemented in multiple manners. For example, when the address request message is implemented by a Radius Access Request message, the address response message may be implemented by a Radius Access Accept message.
- information such as the IP address of the MS can be used in the Radius Access Accept message in multiple ways: You can use private extended attributes, such as "Vendor-Specific" defined in RFC2865. The attributes are customized to include information such as the IP address of the MS; you can also use the standard definitions already defined in RFC2865, the examples "Framed-IP-Address", "Framed-IP-Netmask" and
- the IP address of the mobile terminal MS represented by "Framed-IP-Address" and "Framed-IP-Netmask” is in the same network segment.
- the mobile packet gateway parses the address response message, and obtains the terminal network address and the gateway virtual interface network address from the address response message.
- the mobile packet gateway parses the address response message, and when determining that the MS is enabled with the MS Router function, obtaining the terminal network address and the gateway virtual interface network address from the address response message, determining that the MS is not When the MS Router function is enabled, the terminal network address is obtained from the address response message.
- the mobile packet gateway may determine whether the MS is enabled by the MS according to whether the address response message includes the gateway virtual interface network address. For example, when the gateway virtual interface network includes the "Gateway address" field in the "Framed-Route" address of the Radius Access Accept message, the mobile packet gateway determines the MS only when the Radius Access Accept message contains "Framed-Route". The MS Router function has been activated.
- the mobile packet gateway may determine whether the MS is enabled by the MS according to whether the MS Router flag or the included MS Router flag is included in the address response message.
- the mobile packet gateway creates a virtual interface for the packet data protocol context of the mobile terminal according to the gateway virtual interface network address.
- the mobile packet gateway When the MS is enabled with the MS Router function, the mobile packet gateway obtains the PDP context associated with the terminal network address, that is, the PDP context of the MS.
- the mobile packet gateway creates a virtual interface for the PDP context, and the network address of the virtual interface is the virtual interface network address of the gateway.
- Moving point The group gateway encapsulates and decapsulates the user plane tunnel corresponding to the PDP context for the IP packets that enter and exit the virtual interface.
- the mobile packet gateway sends an activation response to the mobile terminal, where the activation response includes the terminal network address.
- the process of sending an activation response to the MS by the mobile packet gateway may be specifically:
- the GGSN sends an activation response including the IP address of the MS and the network mask to the SGSN, and the SGSN forwards the activation response to the SGSN.
- the MS may be specifically:
- the GGSN sends an activation response including the IP address of the MS and the network mask to the SGSN, and the SGSN forwards the activation response to the SGSN.
- the mobile terminal After receiving the activation response, the mobile terminal acquires the terminal network address from the activation response.
- the network address of the gateway virtual interface belongs to the same network segment as the terminal network address.
- the mobile terminal notifies the mobile packet gateway of the network segment address of the served branch network through a virtual interface having the gateway virtual interface network address according to a dynamic routing protocol.
- Manner 1 The network segment address of the branch network can be pre-configured on the MS.
- Mode 2 The dynamic routing protocol can also be started between the MS and the hosts of the mobile VPN branch network it serves. The MS can obtain the dynamic routing protocol according to the dynamic routing protocol.
- the neighboring nodes exchange some dynamic routing protocol packets, and these dynamic routing protocol packets are exchanged. It includes routing information for the network. Therefore, the MS may exchange dynamic routing protocol packets with the hosts of the mobile VPN branch network that it serves, and obtain routing information of the branch network from the packets, where the routing information of the branch network includes the branches.
- the network segment address of the network that is, the network segment IP address of the mobile VPN branch network.
- the virtual interface created by the mobile packet gateway belongs to the same network segment as the terminal network address of the MS. Therefore, dynamic routing protocols can be started on the virtual interface and the interface of the MS respectively. For example, OSPF (Open Shortest Path First) or RIP (Routing Information Protocol). After that, the mobile packet gateway and the MS will respectively discover that they are neighboring nodes, so that the MS learns the gateway virtual interface network address through the dynamic protocol, and thus can exchange routing information.
- OSPF Open Shortest Path First
- RIP Rastered Information Protocol
- the mobile packet gateway and the MS exchange dynamic routing protocol packets with the virtual interface and the MS interface, and obtain the dynamic routing protocol packet sent by the MS from the host of the mobile VPN branch network it serves or according to the pre-configuration.
- the MS After the network segment address of the branch network, the MS includes the network segment address of the branch network in the dynamic routing protocol packet sent to the mobile packet gateway, so that the mobile packet gateway can obtain the network segment of the branch network from the packet. address.
- the mobile packet gateway After obtaining the network segment address of the mobile VPN branch network served by the MS, the mobile packet gateway determines the PDP context associated with the network address of the MS, and associates the network segment address of the branch network with the PDP context. Therefore, the mobile packet gateway can transmit the traffic of the network segment address through the user plane tunnel corresponding to the PDP context associated with the mobile packet gateway, and implement VPN communication of the traffic of the network segment address.
- the mobile routing gateway also encapsulates and decapsulates the user plane tunnel corresponding to the associated PDP context.
- the mobile packet gateway can forward the IP traffic through the associated PDP context when the source address of the IP traffic is the IP address of the MS or the network segment IP address of the mobile VPN branch network during the uplink traffic forwarding process. And, in the downlink (Downlink) service traffic forwarding process, when the destination address of the allowed IP traffic is the IP address of the MS or the network segment IP address of the mobile VPN branch network, the IP traffic is forwarded through the associated PDP context.
- Downlink Downlink
- the VPN branch network and the headquarters network cannot know each other's network topology.
- the embodiment of the present invention can further implement that the mobile VPN branch network and the headquarters network can respectively obtain network topologies of each other, so as to dynamically adjust the flow direction of the IP traffic.
- the dynamic routing protocol can also be started between the mobile packet gateway and the mobile VPN headquarters network. In this way, the mobile packet gateway can obtain the network topology of the mobile VPN branch network from the dynamic routing protocol packet interacting with the MS, and the network topology will be obtained. The network topology of the mobile VPN branch network is notified to the mobile VPN headquarters network through dynamic routing protocol packets.
- the mobile packet gateway can obtain the network topology of the mobile VPN headquarters network from the dynamic routing protocol packet that interacts with the mobile VPN headquarters network, and obtain the network topology of the mobile VPN headquarters network through the dynamic routing protocol packet notification.
- the MS is notified to the mobile VPN branch network through the MS.
- the mobile packet gateway may also interact with the mobile terminal to monitor network information through the virtual interface, and detect network quality between the mobile terminal and the mobile terminal according to the network monitoring information, where the mobile terminal is detected. When the network quality is poor, the corresponding adjustment can be made in time.
- other standard, or non-standard, custom communications can also be initiated between the Mobile Packet Gateway and the MS for other information.
- the changed address information may be configured on the MS or obtained by the MS according to the dynamic routing protocol. Further, the MS includes the changed network segment address of the branch network in the dynamic routing protocol sent to the mobile packet gateway, so that the mobile packet gateway can obtain the changed network segment address of the branch network from the packet. .
- FIG. 11 is a networking diagram of a method for implementing mobile virtual private network communication according to an embodiment of the present invention.
- the mobile packet gateway creates a virtual interface for the mobile terminal 1 and the mobile terminal 2 that activates the MS Router function, and the dynamic routing protocol packets between the mobile terminal 1 and the mobile terminal 2 and the mobile packet gateway respectively enter and exit the virtual interfaces respectively created, that is, The dynamic routing protocol is transmitted through the user plane tunnel of the PDP context of the mobile terminal 1 and the mobile terminal 2 respectively.
- the mobile terminal can be connected to the mobile packet gateway through the radio access network.
- the mobile packet gateway After the mobile terminal 1 sends the dynamic routing protocol message to the mobile packet gateway, the mobile packet gateway receives and parses the dynamic routing protocol message, and can learn that the destination IP address of the IP address received by the subsequent mobile packet gateway is located in the network segment of the branch network 1. When the ABCx is in the range, the mobile packet gateway knows that the next hop address of the IP address is the IP address assigned after the mobile terminal 1 is activated. And after the mobile terminal 2 sends the dynamic routing protocol message to the mobile packet gateway, the mobile packet gateway receives and parses the The dynamic routing protocol text can be learned that when the destination IP address of the IP packet received by the subsequent mobile packet gateway is within the DEFy range of the branch network 2, the mobile packet gateway learns that the next hop address of the IP document is the mobile terminal. 2 The IP address assigned after activation.
- the mobile terminal 1 After the mobile packet gateway sends the dynamic routing protocol message to the mobile terminal 1, the mobile terminal 1 receives and parses the dynamic routing protocol message, and can learn that the destination IP address of the "3 ⁇ 4 text" received by the subsequent mobile terminal 1 is located at the headquarters network 1 When the network segment is within the range of the network segment, the mobile terminal 1 learns that the next hop address of the IP packet is the virtual interface IP address of the mobile packet gateway located on the same network segment as the network address of the mobile terminal 1. And, the mobile packet gateway sends the mobile packet to the mobile terminal 2.
- the mobile terminal 2 receives and parses the dynamic routing protocol packet, and learns that when the destination IP address of the IP packet received by the subsequent mobile terminal 2 is within the network segment of the headquarters network 2, the mobile terminal 2 learns The next hop address of the IP packet is the virtual interface IP address of the mobile packet gateway located on the same network segment as the network address of the mobile terminal 2.
- the mobile packet gateway After receiving the dynamic routing protocol packet sent by the mobile terminal 1 and the mobile terminal 2, the mobile packet gateway can respectively obtain the network segment IP address information ABCx and DEFy of the branch network 1 and the branch network 2 from the dynamic routing protocol packets, and After receiving the dynamic routing protocol packet sent by the mobile packet gateway, the mobile terminal 1 and the mobile terminal 2 can respectively obtain the network segment IP address information of the headquarters network 1 and the headquarters network 2 from the dynamic routing protocol packets. And other routing information.
- the mobile terminal 1 and the router 1 of the headquarters network 1 can obtain routing information of each other by using the routing protocol message between the mobile terminal 1 and the mobile packet gateway, and between the mobile packet gateway and the router 1 of the headquarters network 1.
- the routing information can be exchanged between the mobile terminal 1 and the router 1 of the headquarters network 1 to dynamically adjust the traffic flow.
- the mobile terminal 2 and the router 2 of the headquarters network 2 can also exchange routing information with each other, thereby dynamically adjusting the traffic flow.
- the mobile packet gateway After obtaining the routing information, the mobile packet gateway allows IP traffic with ABCx and dery as source addresses to be tunneled via the user plane of the PDP context of the mobile terminal 1 and the mobile terminal 2, respectively, and allows IP traffic with ABCx and DEFy as destination addresses.
- the user plane tunneling of the PDP context of the mobile terminal 1 and the mobile terminal 2 respectively realizes normal forwarding of mobile VPN service traffic.
- the mobile packet gateway obtains the terminal network address and the gateway virtual interface network address locally.
- Step 401 is the same as step 301.
- the mobile packet gateway After receiving the activation request of the mobile terminal, the mobile packet gateway acquires a network segment address from the local address pool when the mobile terminal activates the mobile router function.
- the mobile packet gateway pre-stores whether the MS has the configuration information of the MS Router function. Therefore, after receiving the activation request of the MS, the mobile packet gateway determines whether the MS is activated by the MS Router function according to the stored configuration information, or when the user sends the AAA server to the AAA server. At the time of authentication, the mobile packet gateway learns from the AAA that the MS has activated the MS Router function.
- the mobile packet gateway obtains a network segment IP address from the local address pool when the MS is enabled to perform the MS Router function. For example, under IPV4, the corresponding network segment mask length does not exceed 30, or the network segment mask length can be Pre-agreed.
- the mobile packet gateway determines two network addresses from the obtained network segment addresses, and one of the network addresses is used as the terminal network address of the mobile terminal to the mobile terminal, and the other network address is used as the gateway virtual interface network address.
- Steps 404 to 407 are the same as steps 305 to 308, and the principle and process of routing information exchange and normal forwarding of mobile VPN service traffic are the same.
- the third scheme the mobile packet gateway obtains the terminal network address and the gateway virtual interface network address through the DHCP server.
- Step 501 is the same as step 301.
- the mobile packet gateway After receiving the activation request of the mobile terminal, the mobile packet gateway sends an address request message to the dynamic host allocation protocol server.
- the address request message can have multiple implementations, such as an address assignment request (DHCP REQUEST) message.
- DHCP REQUEST address assignment request
- the dynamic host allocation protocol server sends an address response message to the mobile packet gateway.
- the DHCP server pre-stores the terminal network address, that is, the IP address of the MS and the network mask.
- the DHCP server also stores the corresponding gateway virtual interface network address, that is, the MS.
- the IP address of the interconnected mobile packet gateway, and the gateway virtual interface network address belongs to the same network segment as the terminal network address.
- the DHCP server When the MS Router function is enabled on the MS, the DHCP server adds the stored terminal network address and the corresponding gateway virtual interface network address to the address response message, and sends the address response message to the mobile packet gateway. When the MS Router function is not enabled in the MS, the DHCP server adds the stored terminal network address to the address response message, and sends the address response message to the mobile packet gateway.
- the address response message may be implemented in multiple manners. For example, when the address request message is implemented by the address allocation request message, the address response message may be implemented by an address assignment response (DHCP OFFER/DHCP ACK) message. Moreover, the information such as the IP address of the MS may be included in the DHCP OFFER/DHCP ACK message. For example, the private extended attribute may be used, for example, the "OPTIONS" attribute defined in RFC2131 is customized to include the IP of the MS. Address and other information.
- the mobile packet gateway parses the address response message, and obtains the terminal network address and the gateway virtual interface network address from the address response message.
- the mobile packet gateway parses the address response message, and determines that the MS is activated by the MS Router And obtaining the terminal network address and the gateway virtual interface network address from the address response message, and obtaining the terminal network address from the address response message when determining that the MS does not activate the MS Router function.
- the mobile packet gateway may determine, according to whether the gateway virtual interface network address is included in the address response message, whether the MS is enabled with the MS Router function, or whether the MS Router flag is included according to the address response message. Or the value of the MS Router flag included to determine whether the MS has enabled the MS Router function.
- Steps 505 to 508 are the same as steps 305 to 308, and the routing information interaction and the principle and process of realizing the normal forwarding of the mobile VPN service flow are the same.
- the mobile virtual private network communication method provided by the embodiment of the present invention adopts a technical solution that the mobile packet gateway obtains the latest network segment address of the branch network from the mobile terminal in real time through the virtual interface according to the dynamic routing protocol. Therefore, the problem of manually modifying the network segment address of the branch network on the AAA Server when the network segment address of the mobile VPN branch network served by the MS is changed is avoided, thereby improving the network maintenance efficiency.
- the mobile packet gateway can obtain the latest network segment address of the branch network from the mobile terminal through the virtual interface at any time, and also solves the problem that the mobile packet gateway can only acquire a new branch network when the mobile terminal is activated again. The problem with the segment address. Therefore, the network maintenance operation can be further improved.
- the technical solution of the dynamic routing protocol message between the mobile packet gateway and the MS, and between the mobile packet gateway and the mobile VPN headquarters network can be adopted, thereby solving the problem that the network topology cannot be changed in time according to the network topology.
- the IP traffic flow between the mobile VPN branch network and the headquarters network is adjusted, resulting in an unreasonable traffic configuration. Therefore, the mobile VPN branch network and the headquarters network can dynamically adjust the flow of IP traffic according to the network topology obtained by each. Make the traffic configuration more reasonable.
- the embodiment of the present invention provides another method for the mobile virtual private network communication.
- the method for the mobile virtual private network communication includes:
- the mobile terminal acquires a terminal network address from the mobile packet gateway.
- the MS may send an activation request to the mobile packet gateway, and receive an activation response sent by the mobile packet gateway, including the terminal network address, and obtain the terminal network address from the activation response.
- the network address of the gateway virtual interface belongs to the same network segment as the terminal network address.
- the mobile terminal notifies the mobile packet gateway of the network segment address of the served branch network by using a virtual interface having the gateway virtual interface network address according to the dynamic routing protocol.
- the method for the mobile virtual private network communication provided by the embodiment of the present invention is a technical solution for notifying the latest network segment address of the branch network to the corresponding mobile packet gateway in real time through the virtual interface according to the dynamic routing protocol. Therefore, the problem of manually modifying the network segment address of the branch network on the AAA Server when the network segment address of the mobile VPN branch network served by the MS is changed is avoided, thereby improving the network maintenance efficiency.
- the embodiment of the present invention further provides a device for moving a virtual private network communication.
- the device for moving a virtual private network communication includes:
- the network address obtaining unit 601 is configured to obtain a terminal network address and a gateway virtual interface network address, where the gateway virtual interface network address and the terminal network address belong to the same network segment;
- the network address obtaining unit 601 further includes: an address request sending subunit, configured to send an address request message to an authentication authorization charging server or a dynamic host allocation protocol server; and an address response receiving subunit, configured to receive the address Defining an address response message sent by the authentication authorization accounting server or the dynamic host allocation protocol server; a network address obtaining subunit, configured to parse the address response message received by the address response receiving subunit, from the address response message Obtaining the terminal network address and the gateway virtual interface network address.
- the network address obtaining unit 601 further includes: a network segment address obtaining subunit, configured to acquire a network segment address from the local address pool when the mobile terminal activates the mobile router function; the network address determining subunit, a network for obtaining a subunit from the network segment address Two network addresses are determined in the segment address, one of the network addresses is used as the terminal network address, and the other network address is used as the gateway virtual interface network address.
- the interface creation unit 602 is configured to create a virtual interface for the packet data protocol context of the mobile terminal according to the network address of the gateway virtual interface obtained by the network address obtaining unit 601;
- a network address sending unit 603, configured to send the terminal network address acquired by the network address obtaining unit 601 to the mobile terminal;
- the network address sending unit 603 further includes: a response sending subunit, configured to send an activation response to the mobile terminal, where the activation response includes a terminal network address acquired by the network address obtaining unit 601.
- the branch address obtaining unit 604 is configured to create a unit network segment address by using the interface according to a dynamic routing protocol.
- the branch address obtaining unit 604 further includes: a packet receiving subunit, configured to receive, by using the virtual interface, a dynamic routing protocol packet sent by the mobile terminal; and a network segment address obtaining subunit, configured to The network segment address of the branch network is obtained in the dynamic routing protocol packet received by the packet receiving subunit.
- the branch address obtaining unit 604 further includes: a ground data protocol context association.
- the device for moving the virtual private network communication further includes a request receiving unit, configured to receive an activation request of the mobile terminal.
- the device for the mobile virtual private network communication further includes:
- a branch topology obtaining unit configured to acquire, by the virtual interface, a network topology of the branch network from the mobile terminal according to a dynamic routing protocol.
- the headquarters topology obtaining unit is configured to obtain a network topology of the headquarters network according to the dynamic routing protocol
- the headquarters topology notification unit is configured to use the virtual interface to obtain the network extension obtained by the headquarters topology obtaining unit according to the dynamic routing protocol. Park informs the mobile terminal.
- the device for the mobile virtual private network communication further includes:
- a monitoring information acquiring unit configured to acquire network monitoring information from the mobile terminal by using the virtual interface
- the network quality detecting unit is configured to detect network quality between the mobile terminal and the mobile terminal according to the network monitoring information acquired by the monitoring information acquiring unit.
- the device for mobile virtual private network communication may be a mobile packet gateway, such as a GGSN.
- the device for the mobile virtual private network communication provided by the embodiment of the present invention adopts a technical solution that the mobile packet gateway obtains the latest network segment address of the branch network from the mobile terminal through the virtual interface in real time according to the dynamic routing protocol. Therefore, the problem of manually modifying the network segment address of the branch network on the AAA Server when the network segment address of the mobile VPN branch network served by the MS is changed is avoided, thereby improving the network maintenance efficiency.
- the mobile packet gateway can obtain the latest network segment address of the branch network from the mobile terminal through the virtual interface at any time, and also solves the problem that the mobile packet gateway can only acquire a new branch network when the mobile terminal is activated again. The problem with the segment address. Therefore, the network maintenance operation can be further improved.
- the technical solution of the dynamic routing protocol message between the mobile packet gateway and the MS, and between the mobile packet gateway and the mobile VPN headquarters network can be adopted, thereby solving the problem that the network topology cannot be changed in time according to the network topology.
- the IP traffic flow between the mobile VPN branch network and the headquarters network is adjusted, resulting in an unreasonable traffic configuration. Therefore, the mobile VPN branch network and the headquarters network can dynamically adjust the flow of IP traffic according to the network topology obtained by each. Make the traffic configuration more reasonable.
- the embodiment of the present invention further provides a mobile terminal.
- the device for moving the virtual private network according to the embodiment of the present invention includes:
- the terminal address obtaining unit 701 is configured to obtain a terminal network address from the mobile packet gateway, and the interface address obtaining unit 702 is configured to obtain a gateway virtual interface network address of the mobile packet gateway according to the terminal network address acquired by the terminal address obtaining unit 701.
- Gateway virtual interface network The network address belongs to the same network segment as the terminal network address;
- the branch address notification unit 703 is configured to notify the mobile packet gateway of the network segment address of the served branch network by using a virtual interface having the gateway virtual interface network address according to the dynamic routing protocol.
- the branch address notification unit 703 further includes: a branch address obtaining sub-unit, configured to acquire a network segment address of the branch network according to a dynamic routing protocol, or obtain a pre-configured network segment address of the branch network; An address adding subunit, configured to add a network segment address of the branch network in a dynamic routing protocol packet, and a message sending subunit, configured to send the dynamic routing protocol report to the mobile packet gateway by using the virtual interface Text.
- the terminal address obtaining unit 701 further includes: a request sending unit, configured to send an activation request to the mobile packet gateway; and a response receiving unit, configured to receive an activation response sent by the mobile packet gateway, where the activation response includes The terminal network address.
- the device for the mobile virtual private network communication may further include:
- a branch topology obtaining unit configured to acquire a network segment address of the branch network according to a dynamic routing protocol
- a branch topology notification unit configured to notify the mobile packet gateway of a network segment address of the branch network by using the virtual interface according to a dynamic routing protocol
- the headquarters topology obtaining unit is configured to obtain, by using the virtual interface, the network topology of the headquarters network from the mobile packet gateway according to the dynamic routing protocol.
- the device for the mobile virtual private network communication may further include:
- a monitoring information acquiring unit configured to acquire network monitoring information from the mobile packet gateway by using the virtual interface
- the network quality detecting unit is configured to detect network quality between the mobile packet gateway and the mobile packet gateway according to the network monitoring information acquired by the monitoring information acquiring unit.
- the mobile terminal provided by the embodiment of the present invention notifies the latest network segment address of the branch network to the corresponding mobile packet through the virtual interface in real time by using the mobile terminal according to the dynamic routing protocol.
- the technical solution of the gateway avoids the need to improve the network maintenance efficiency of the network segment of the mobile VPN branch network served by the MS.
- the mobile terminal can notify the mobile network gateway of the latest network segment address of the branch network through the virtual interface at any time, and also solves the problem that the mobile packet gateway can only acquire the network segment of the new branch network when the mobile terminal is activated again. The problem with the address. Therefore, the operability of the network maintenance is further improved.
- the technical solution of the dynamic routing protocol packet between the mobile packet gateway and the MS, and between the mobile packet gateway and the mobile VPN headquarters network can be adopted, which solves the problem that the network topology cannot be timely.
- the change of the IP traffic flow between the mobile VPN branch network and the headquarters network adjusts the problem that the traffic configuration is unreasonable, so that the mobile VPN branch network and the headquarters network can dynamically adjust the IP traffic according to the network topology obtained by each. Flow direction makes the traffic configuration more reasonable.
- a system for moving a virtual private network communication includes at least one mobile terminal 801 and a mobile packet gateway 802:
- the mobile packet gateway 802 is configured to obtain a terminal network address and a gateway virtual interface network address, where the gateway virtual interface network address and the terminal network address belong to the same network segment; Creating a virtual interface by the packet data protocol context of the mobile terminal 801; and transmitting the terminal network address to the mobile terminal 801; acquiring the mobile terminal 801 from the mobile terminal 801 through the virtual interface according to a dynamic routing protocol The network segment address of the branch network of the service;
- the mobile terminal 801 is configured to obtain a terminal network address from the mobile packet gateway 802.
- the gateway virtual interface network address belongs to the same network segment as the terminal network address, and has the gateway according to a dynamic routing protocol.
- the virtual interface of the virtual interface network address notifies the mobile packet gateway 802 of the network segment address of the served branch network.
- the system for moving the virtual private network communication in the embodiment of the present invention may further include an authentication and authorization charging server 803, and storing the terminal network address and the gateway virtual interface network address;
- the mobile packet gateway 802 is further configured to obtain the terminal network address and the gateway virtual interface network address from the authentication authorization charging server 803.
- the system for moving the virtual private network communication in the embodiment of the present invention may further include a dynamic host allocation protocol server 804, configured to store the terminal network address and the gateway virtual interface network address;
- the packet gateway 802 is further configured to obtain the terminal network address and the gateway virtual interface network address from the dynamic host allocation protocol server 804.
- the mobile virtual private network communication system provided by the embodiment of the present invention adopts a technical solution that the mobile packet gateway obtains the latest network segment address of the branch network from the mobile terminal through the virtual interface in real time according to the dynamic routing protocol. Therefore, the problem of manually modifying the network segment address of the branch network on the AAA Server when the network segment address of the mobile VPN branch network served by the MS is changed is avoided, thereby improving the network maintenance efficiency.
- the mobile packet gateway can obtain the latest network segment address of the branch network from the mobile terminal through the virtual interface at any time, and also solves the problem that the mobile packet gateway can only acquire a new branch network when the mobile terminal is activated again. The problem with the segment address. Therefore, the network maintenance operation can be further improved.
- the technical solution of the dynamic routing protocol message between the mobile packet gateway and the MS, and between the mobile packet gateway and the mobile VPN headquarters network can be adopted, thereby solving the problem that the network topology cannot be changed in time according to the network topology.
- the IP traffic flow between the mobile VPN branch network and the headquarters network is adjusted, resulting in an unreasonable traffic configuration. Therefore, the mobile VPN branch network and the headquarters network can dynamically adjust the flow of IP traffic according to the network topology obtained by each. Make the traffic configuration more reasonable.
- the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2012512180A JP5412695B2 (ja) | 2009-05-27 | 2009-11-17 | モバイル仮想プライベートネットワーク通信のための方法、装置およびシステム |
EP20090845103 EP2426885B9 (en) | 2009-05-27 | 2009-11-17 | Method, device and system for mobile virtual private network communication |
KR1020117029643A KR101313831B1 (ko) | 2009-05-27 | 2009-11-17 | 모바일 가상 사설망 통신을 위한 방법, 장치 및 시스템 |
US13/302,860 US9084108B2 (en) | 2009-05-27 | 2011-11-22 | Method, apparatus, and system for mobile virtual private network communication |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009101436182A CN101562807B (zh) | 2009-05-27 | 2009-05-27 | 移动虚拟专用网通信的方法、装置及系统 |
CN200910143618.2 | 2009-05-27 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/302,860 Continuation US9084108B2 (en) | 2009-05-27 | 2011-11-22 | Method, apparatus, and system for mobile virtual private network communication |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010135887A1 true WO2010135887A1 (zh) | 2010-12-02 |
Family
ID=41221386
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2009/074976 WO2010135887A1 (zh) | 2009-05-27 | 2009-11-17 | 移动虚拟专用网通信的方法、装置及系统 |
Country Status (6)
Country | Link |
---|---|
US (1) | US9084108B2 (zh) |
EP (1) | EP2426885B9 (zh) |
JP (1) | JP5412695B2 (zh) |
KR (1) | KR101313831B1 (zh) |
CN (1) | CN101562807B (zh) |
WO (1) | WO2010135887A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014060483A (ja) * | 2012-09-14 | 2014-04-03 | Hitachi Kokusai Electric Inc | 通信システム及びその通信方法 |
TWI679866B (zh) * | 2018-11-19 | 2019-12-11 | 中華電信股份有限公司 | 虛擬私有網路服務品質之量測系統及量測方法 |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101562807B (zh) | 2009-05-27 | 2011-04-20 | 华为技术有限公司 | 移动虚拟专用网通信的方法、装置及系统 |
US9246872B2 (en) * | 2010-11-24 | 2016-01-26 | Telefonaktiebolaget L M Ericsson (Publ) | Methods and arrangements for enabling data transmission between a mobile device and a static destination address |
US9231908B2 (en) * | 2012-02-08 | 2016-01-05 | Microsoft Technology Licensing, Llc | Ensuring symmetric routing to private network |
CN102769556B (zh) * | 2012-06-01 | 2015-03-18 | 杭州华三通信技术有限公司 | 激活vlan的动态调整方法和装置 |
EP2919528B1 (en) * | 2012-11-28 | 2018-01-10 | Huawei Technologies Co., Ltd. | Mobile network communication method, communication device and communication system |
US9124525B2 (en) * | 2013-06-24 | 2015-09-01 | Cisco Technology, Inc. | User-equipment-initiated framed routes on customer-premises equipment for wireless wide area networks |
KR20150142218A (ko) * | 2014-06-11 | 2015-12-22 | 삼성전자주식회사 | 전자 장치 및 전자 장치의 네트워크 연결방법 |
US10110702B2 (en) * | 2015-04-16 | 2018-10-23 | Hewlett Packard Enterprise Development Lp | Dynamic download and enforcement of network access role based on network login context |
US9942201B1 (en) | 2015-12-16 | 2018-04-10 | vIPtela Inc. | Context specific keys |
WO2017127972A1 (zh) * | 2016-01-25 | 2017-08-03 | 华为技术有限公司 | 一种数据传输方法以及宿主机 |
WO2017206076A1 (zh) * | 2016-05-31 | 2017-12-07 | 华为技术有限公司 | 一种多网关扩容方法及装置 |
CN111224857A (zh) | 2016-06-29 | 2020-06-02 | 华为技术有限公司 | 用于实现组合虚拟专用网vpn的方法与装置 |
CN109067718B (zh) * | 2018-07-23 | 2021-04-27 | 浙江吉利汽车研究院有限公司 | 车载多媒体主机与移动终端共享网络的方法、装置、系统 |
CN110881213A (zh) * | 2019-07-31 | 2020-03-13 | 苏州星际靶战网络信息技术有限公司 | 一种网络测试过程信息的传输方法及系统 |
CN114787937A (zh) * | 2019-12-09 | 2022-07-22 | 皇家飞利浦有限公司 | 用于基于家庭互联网业务模式来监测健康状况的系统和方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1835480A (zh) * | 2005-03-15 | 2006-09-20 | 合勤科技股份有限公司 | 使用sip通信协议架构作为移动式vpn代理器的方法 |
CN101052207A (zh) * | 2006-04-05 | 2007-10-10 | 华为技术有限公司 | 一种可移动虚拟专用网的实现方法及系统 |
CN101110745A (zh) * | 2007-08-14 | 2008-01-23 | 华为技术有限公司 | 衔接二层网络和三层网络的方法、装置和系统 |
US20080102747A1 (en) * | 2006-10-31 | 2008-05-01 | Mohammed Didarul Alam | SSL-Based Mobile Virtual Private Networking Solution |
CN101562807A (zh) * | 2009-05-27 | 2009-10-21 | 华为技术有限公司 | 移动虚拟专用网通信的方法、装置及系统 |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100464374B1 (ko) | 2000-11-01 | 2004-12-31 | 삼성전자주식회사 | 이동통신 단말기에 고정 주소를 할당하기 위한 시스템 및방법 |
CN1180583C (zh) | 2001-09-03 | 2004-12-15 | 华为技术有限公司 | 一种宽带网络虚拟专用网的实现方法 |
US7380124B1 (en) * | 2002-03-28 | 2008-05-27 | Nortel Networks Limited | Security transmission protocol for a mobility IP network |
US7388844B1 (en) * | 2002-08-28 | 2008-06-17 | Sprint Spectrum L.P. | Method and system for initiating a virtual private network over a shared network on behalf of a wireless terminal |
US20060171402A1 (en) * | 2003-03-06 | 2006-08-03 | Moore John A | Method and system for providing broadband multimedia services |
FR2854521A1 (fr) * | 2003-04-30 | 2004-11-05 | Orange France | Dispositif de communications pour vehicule terrestre |
JP2005130049A (ja) * | 2003-10-21 | 2005-05-19 | Fujitsu Ltd | ノード |
CN1292565C (zh) * | 2004-01-17 | 2006-12-27 | 华为技术有限公司 | 对网络地址转换虚地址的地址解析协议请求响应的方法 |
US20050213562A1 (en) | 2004-03-24 | 2005-09-29 | Heng-Chien Chen | Telecommunication system and method for routing data of an ip-based pbx extension to a host |
JP2005341084A (ja) | 2004-05-26 | 2005-12-08 | Nec Corp | Vpnシステム、リモート端末及びそれらに用いるリモートアクセス通信方法 |
CN101052022B (zh) * | 2006-04-05 | 2010-10-13 | 华为技术有限公司 | 一种虚拟专用网用户访问公网的系统和方法 |
CN100544286C (zh) * | 2007-07-27 | 2009-09-23 | 中兴通讯股份有限公司 | 一种实现虚拟专用局域网服务网络备份链路的方法及系统 |
CN101399830B (zh) * | 2007-09-29 | 2012-06-06 | 联想(北京)有限公司 | 虚拟机系统及其共享以太网点对点协议链接的方法 |
CN101227471A (zh) * | 2008-02-18 | 2008-07-23 | 中兴通讯股份有限公司 | 同网段地址解析协议代理方法及内部处理板间通信方法 |
-
2009
- 2009-05-27 CN CN2009101436182A patent/CN101562807B/zh not_active Expired - Fee Related
- 2009-11-17 EP EP20090845103 patent/EP2426885B9/en active Active
- 2009-11-17 JP JP2012512180A patent/JP5412695B2/ja active Active
- 2009-11-17 WO PCT/CN2009/074976 patent/WO2010135887A1/zh active Application Filing
- 2009-11-17 KR KR1020117029643A patent/KR101313831B1/ko active IP Right Grant
-
2011
- 2011-11-22 US US13/302,860 patent/US9084108B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1835480A (zh) * | 2005-03-15 | 2006-09-20 | 合勤科技股份有限公司 | 使用sip通信协议架构作为移动式vpn代理器的方法 |
CN101052207A (zh) * | 2006-04-05 | 2007-10-10 | 华为技术有限公司 | 一种可移动虚拟专用网的实现方法及系统 |
US20080102747A1 (en) * | 2006-10-31 | 2008-05-01 | Mohammed Didarul Alam | SSL-Based Mobile Virtual Private Networking Solution |
CN101110745A (zh) * | 2007-08-14 | 2008-01-23 | 华为技术有限公司 | 衔接二层网络和三层网络的方法、装置和系统 |
CN101562807A (zh) * | 2009-05-27 | 2009-10-21 | 华为技术有限公司 | 移动虚拟专用网通信的方法、装置及系统 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2426885A4 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014060483A (ja) * | 2012-09-14 | 2014-04-03 | Hitachi Kokusai Electric Inc | 通信システム及びその通信方法 |
TWI679866B (zh) * | 2018-11-19 | 2019-12-11 | 中華電信股份有限公司 | 虛擬私有網路服務品質之量測系統及量測方法 |
Also Published As
Publication number | Publication date |
---|---|
JP2012528492A (ja) | 2012-11-12 |
CN101562807A (zh) | 2009-10-21 |
KR101313831B1 (ko) | 2013-10-01 |
EP2426885B9 (en) | 2014-03-26 |
EP2426885A1 (en) | 2012-03-07 |
JP5412695B2 (ja) | 2014-02-12 |
EP2426885B1 (en) | 2013-10-09 |
CN101562807B (zh) | 2011-04-20 |
KR20120014586A (ko) | 2012-02-17 |
US9084108B2 (en) | 2015-07-14 |
US20120079113A1 (en) | 2012-03-29 |
EP2426885A4 (en) | 2012-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2010135887A1 (zh) | 移动虚拟专用网通信的方法、装置及系统 | |
US9578548B2 (en) | System and method for configuring multiple IP connections | |
JP6059365B2 (ja) | ネットワークにアクセスするシステム及び方法 | |
US9503881B2 (en) | Method, device, and system for user equipment to access evolved packet core network | |
US20210359971A1 (en) | Method and Apparatuses for Avoiding Paging Storm During ARP Broadcast for Ethernet Type PDU | |
JP5987122B2 (ja) | デバイス固有のトラフィックフローステアリングのためのネットワークアドレス変換されたデバイスの特定 | |
WO2012130085A1 (zh) | 与网管系统建立连接的方法、设备及通信系统 | |
CN110519863A (zh) | 用于建立和使用pdn连接的方法和装置 | |
WO2012171169A1 (zh) | 一种通信方法及负载均衡器 | |
WO2013107136A1 (zh) | 终端接入认证的方法及用户端设备 | |
WO2013131487A1 (zh) | 融合的核心网及其接入方法 | |
WO2011079782A1 (zh) | 一种实现策略与计费控制的方法、网关和移动终端 | |
WO2014067420A1 (zh) | 分组数据网络类型的管理方法、装置及系统 | |
WO2012130083A1 (zh) | 一种配置地址解析协议arp表项的方法和装置 | |
WO2016188110A1 (zh) | 一种公共wlan架构下的数据隧道建立方法和ap | |
WO2014071685A1 (zh) | 基于移动网络的租户网络业务实现方法、系统及网元 | |
WO2008154874A1 (fr) | Procédé et système permettant d'établir un tunnel dans le réseau en évolution | |
WO2012136006A1 (zh) | 多归属站点内主机的路由选择方法和装置 | |
WO2012071739A1 (zh) | 不同网络间寻址的实现方法、路由代理网元及系统 | |
WO2013174190A1 (zh) | 路由选择方法及功能网元 | |
WO2012100611A1 (zh) | 接入演进分组系统的方法及系统 | |
JP2016524383A (ja) | 通信インタフェースを選択する方法およびデバイス | |
WO2011147332A1 (zh) | 网络消息处理方法、装置和通信系统 | |
WO2010091562A1 (zh) | 用于固定网络与第三方网络或应用服务器交互的方法及装置 | |
WO2013107243A1 (zh) | 会话建立方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09845103 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012512180 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009845103 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20117029643 Country of ref document: KR Kind code of ref document: A |