WO2011032405A1 - Method and system for interaction between asn and mapping-forwarding plane, and asn - Google Patents

Method and system for interaction between asn and mapping-forwarding plane, and asn Download PDF

Info

Publication number
WO2011032405A1
WO2011032405A1 PCT/CN2010/074169 CN2010074169W WO2011032405A1 WO 2011032405 A1 WO2011032405 A1 WO 2011032405A1 CN 2010074169 W CN2010074169 W CN 2010074169W WO 2011032405 A1 WO2011032405 A1 WO 2011032405A1
Authority
WO
WIPO (PCT)
Prior art keywords
data packet
service node
packet
access service
access
Prior art date
Application number
PCT/CN2010/074169
Other languages
French (fr)
Chinese (zh)
Inventor
何辉
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011032405A1 publication Critical patent/WO2011032405A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, system, and ASN for an access service node (ASN) to interact with a mapping forwarding plane in a host identity and location separation network framework.
  • ASN access service node
  • the IP address in the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol widely used in the Internet has a dual function: the location of the network interface of the communication terminal host network layer in the network topology The identity, which is also the host identity of the transport layer host network interface.
  • the TCP/IP protocol was not designed at the beginning of the host. However, as host mobility becomes more prevalent, the semantic overload of such IP addresses is becoming increasingly apparent.
  • IP address of the host changes, not only the route changes, but also the identity of the communication terminal host changes. This causes the routing load to become heavier and heavy, and the change of the host identity will cause the application and connection to be interrupted.
  • the purpose of the host identity and location separation problem is to solve the problem of semantic overload of IP address, serious routing load and security, and separate the dual functions of IP address to realize dynamic redistribution of mobility, multiple townships and IP addresses. Support for the reduction of routing load and mutual visits between different network areas in the next generation Internet.
  • the implementation method based on IP network router is one of the solutions for identity identification and location separation.
  • the network framework of identity separation is shown in Figure 1:
  • mapping forwarding plane For the implementation of the mapping forwarding plane, we propose a way to implement the mapping forwarding plane by using a distributed hash table (DHT). In this method, all the ASNs cannot be found.
  • the message of the identity location mapping information is sent to the mapping forwarding plane to search for identity location mapping information (ie, Access Identifier (AID) - Routing Identifier (RID) mapping information) and forwarding
  • identity location mapping information ie, Access Identifier (AID) - Routing Identifier (RID) mapping information
  • the technical problem to be solved by the present invention is to provide a method, system and ASN for an access service node to interact with a mapping forwarding plane.
  • the improved method and system can reduce the processing load of the mapping forwarding plane.
  • the present invention provides a method for an access service node to interact with a mapping forwarding plane, which is used for an identity location separation network framework, including:
  • the access service node After receiving the data packet sent by the user terminal, the access service node searches for the identity location mapping information according to the access identifier of the data packet. If the identity location mapping information is not found, the data packet is processed according to the configuration policy.
  • the configuration policy is one or more of store-and-forward, first packet forwarding, and first packet drop.
  • the step of processing the data packet according to the configuration policy includes:
  • the access service point When the access service point receives the data packet sent by the user terminal, if the identity location mapping information of the data packet is not found, the data packet is discarded;
  • the method also includes:
  • the access service node records an access identifier of the data packet
  • the data packet received next time is discarded.
  • the step of processing the data packet according to the configuration policy includes:
  • the service node sends an unreachable message, where the unreachable message includes The access identifier of the unreachable text;
  • the method also includes:
  • the data packet of the access identifier of the next unreachable packet is discarded.
  • the steps of processing the data packet according to the configuration policy include:
  • the access service node stores the data packet to the access service node; the access service node sends an inquiry message to the mapping forwarding plane, where the query packet includes the data packet Access identifier for querying identity location mapping information;
  • mapping forwarding plane If the mapping forwarding plane cannot find the identity location mapping information of the data packet, the mapping forwarding plane sends an unreachable packet to the access service node, where the unreachable packet includes the unreachable packet.
  • Access identification
  • the method also includes:
  • the access service node records an access identifier of the unreachable message
  • the method further includes: the access service node configuring the number of entries supporting the store and forward, the number of entries per entry, and the storage time option.
  • the method further includes: configuring, by the access service node, an aging time, if the aging time is up, the data packet of the access identifier is processed according to the configuration policy. .
  • the present invention further provides a system for an access service node to interact with a mapping forwarding plane, which is used for an identity location separation network framework, where the system includes an access service node and a mapping forwarding plane;
  • the access service node is configured to: add a packet for not finding the identity location mapping information message And interacting with the mapping forwarding plane, after the access service node receives the data packet sent by the user terminal, searching for the identity location mapping information according to the access identifier of the data packet, if searching
  • the data forwarding message is processed according to the configuration policy, and the mapping forwarding plane is configured to: interact with the access service node.
  • the access service node is further configured to: record an access identifier of the data packet; and discard the data packet received next time when the data packet of the access identifier is received next time; or ,
  • the access service node is configured to: when the configuration policy is the first packet forwarding, send the data packet to the mapping forwarding plane;
  • the mapping forwarding plane is configured to: if the identity location mapping information of the data packet is not found, send an unreachable packet to the access service node, where the unreachable packet includes the unreachable packet Access identifier;
  • the access service node is further configured to: record an access identifier of the unreachable packet; and discard the data packet of the access identifier of the next unreachable packet;
  • the access service node is configured to: when the configuration policy is stored and forwarded, store the data packet to the access service node; send an inquiry message to the mapping forwarding plane, where the query message is sent The access identifier of the data packet is included to perform the query of the identity location mapping information.
  • the mapping forwarding plane is configured to: if the identity location mapping information of the data packet is not found, the access service is The node sends an unreachable message, where the unreachable message includes an access identifier of the unreachable message;
  • the access service node is further configured to: record an access identifier of the unreachable packet; and receive a data packet of the access identifier of the unreceivable packet received next time, and receive the data packet next time
  • the data message is stored to the access service node.
  • the access service node is further configured to: configure an aging time, and if the aging time is up, process the data packet of the access identifier according to the configuration policy.
  • An access service node is used for an identity location separation network framework, where the access service node is set to:
  • mapping forwarding plane Interacting with the mapping forwarding plane, after the access service node receives the data packet sent by the user terminal, searching for the identity location mapping information according to the access identifier of the data packet, if the identity location mapping information is not found Processing data packets according to the configuration policy.
  • the configuration policy is one or more of store-and-forward, first packet forwarding, and first- ⁇ discarding.
  • the access service node is configured to: when the first packet is discarded, when the data packet sent by the user terminal is received, if the identity location mapping information of the data packet is not found, the data is discarded. Message;
  • the access service node is further configured to: record an access identifier of the data packet; and discard the data packet received next time when the data packet of the access identifier is received next time; or ,
  • the access service node is configured to: when the configuration policy is the first packet forwarding, send the data packet to the mapping forwarding plane; if the mapping forwarding plane cannot find the identity location mapping of the data packet Sending an unreachable message to the access service node, where the unreachable message includes an access identifier of the unreachable message;
  • the access service node is further configured to: record an access identifier of the unreachable packet; and discard the data packet of the access identifier of the next unreachable packet;
  • the access service node is configured to: when the configuration policy is stored and forwarded, store the data packet to the access service node; send an inquiry message to the mapping forwarding plane, where the query message is sent Include the access identifier of the data packet to perform the query of the identity location mapping information; if the mapping forwarding plane cannot find the identity location mapping information of the data packet, send the unreachable to the access service node a packet, where the unreachable packet includes an access identifier of the unreachable packet;
  • the access service node is further configured to: record an access identifier of the unreachable packet; and receive a data packet of the access identifier of the unreceivable packet received next time, and receive the data packet next time The data message is stored to the access service node.
  • the access service node is further configured to: configure an aging time, and if the aging time is up, process the data packet of the access identifier according to the configuration policy.
  • the invalid message that the ASN delivers to the mapping forwarding plane is reduced.
  • different ASN processing policies may be selected according to different network conditions; and a large number of invalid access identifiers generated by an abnormal situation (such as an attack) (The packets of the access Identifier (AID) can be discarded on the AID through the unreachable packets. Therefore, the AID is discarded. The discarding behavior is allowed on the ASN. Then enter the mapping forwarding plane, reducing the burden of the mapping forwarding plane.
  • FIG. 1 is a topological diagram of an identity location separation network in the prior art
  • FIG. 2 is a flowchart of interaction between an ASN and a mapping forwarding plane according to an embodiment of the present invention. Preferred embodiment of the invention
  • the present invention proposes a processing option that increases the ASN for not finding the mapping relationship.
  • this processing option the number of invalid packets delivered to the mapping forwarding plane can be reduced.
  • the ASN may select a policy for storing, forwarding, forwarding, or discarding packets whose identity location mapping information is not found;
  • the ASN can configure the number and time of storing and forwarding packets.
  • the ASN can extend the interaction between the definition and the mapping forwarding plane, record the invalid AID, and discard the AID directly.
  • the record information for invalid AIDs should have an aging mechanism.
  • a configuration policy for not identifying the identity location mapping information is added to the ASN; wherein the configuration policy may be store-and-forward, the first packet
  • the network condition may be: when the network is trusted, the delivery forwarding may be directly configured; when the network is untrustable, the configuration may be configured to discard;
  • the purpose of configuring the number of entries is to control the capacity of the entry table.
  • the storage time is to control the maximum storage time of data packets to avoid reporting.
  • the file is occupied by the cache of the device;
  • the ASN After receiving the data packet sent by the user terminal, the ASN performs a learning mapping process according to the configuration policy, and completes processing the data packet;
  • the configuration policy is that the first packet is discarded, when the ASN receives the data packet sent by the user terminal, if the data packet is not found, the packet can be discarded.
  • the ASN is configured to store and forward data packets, if the ASN does not find the identity location mapping information of the data packet, it can store it on the ASN and construct a query packet. It is sent to the mapping forwarding plane to perform the query of the identity location mapping information. If the first packet forwarding is configured, when the ASN receives the data packet sent by the user terminal, it sends the data packet to the mapping forwarding plane. The identity location mapping information of the data packet, the mapping forwarding plane sends an unreachable message to the ASN, including the unreachable AID, and the ASN records the unreachable AID, and the data of the next received AID is lost. Discard the processing.
  • the aging mechanism for the unreachable entry may be configured to increase the aging mechanism, that is, if the aging time is not reached, if the data of the AID does not learn the identity location mapping information, The data packet of the AID is discarded. If the aging time is up, the data packet of the AID is triggered to trigger a new learning process (that is, when the ASN receives the data packet of the AID, Projecting query messages to the mapping forwarding plane), thereby avoiding malicious DOS attacks.
  • the aging mechanism for storing and forwarding packets is configured to increase the aging mechanism, that is, if the aging time is not reached, if the data packet of the AID does not learn the identity location mapping information, The data packets of the AID are stored on the ASN. If the aging time expires, the stored files are discarded, thereby avoiding malicious DOS attacks and consuming the ASN cache.
  • FIG. 2 is an interaction process between a complete ASN and a mapping forwarding plane, which specifically includes the following steps:
  • Step 201 After receiving the data packet sent by the terminal through the access side network, the source ASN (ASN1) performs further processing according to the configuration policy when the mapping relationship is not found.
  • the device discards the mapping according to the configured policy.
  • Step 202 The mapping forwarding plane receives the query message, and searches for the identity location mapping information (searched in the identity location register (ILR)). When the identity location mapping information is not found, an unreachable packet is sent to the source ASN. ;
  • ILR identity location register
  • Step 203 The source ASN receives and processes the unreachable packet, and records the AID information of the unreachable packet.
  • Step 205 The aging time of the unreachable information, that is, the aging timer expires, and the saved unreachable time The information is aged, so that the user data can trigger the process of learning the identity location mapping information through the new data packet flow;
  • the invention reduces invalid messages that the ASN delivers to the mapping forwarding plane.
  • the following benefits are also obtained: For a packet that does not find a mapping relationship, different ASN processing policies may be selected according to different network conditions; for a large number of invalid access identifiers generated by an abnormal situation (such as an attack) A packet can be discarded on the AID by using the unreachable packet. Therefore, the AID is discarded. The discarding behavior is allowed on the ASN. Reduce the burden of mapping the forwarding plane.

Abstract

The present invention discloses a method for interaction between an access service node and a mapping-forwarding plane. The method is applied to an identity and location separation network framework. The method includes: configuration strategies for messages for which identity location mapping information cannot be found, are added in the access service node; in the process of the interaction between the access service node and the mapping-forwarding plane, after receiving a data message transmitted from a user terminal, the access service node queries the identity location mapping information based on the access identifier of the data message; if the identity location mapping information cannot be found, the data message are processed based on the configuration strategies. The present invention also discloses a corresponding system and an access service node (ASN). The invention reduces invalid messages delivered from the ASN to the mapping-forwarding plane.

Description

ASN与映射转发平面交互的方法、 系统及 ASN  Method, system and ASN for interaction between ASN and mapping forwarding plane
技术领域 Technical field
本发明涉及通信技术领域, 尤其涉及一种主机身份标识和位置分离网络 框架下的接入服务节点( Access Service Node, ASN )与映射转发平面交互的 方法、 系统及 ASN。 背景技术  The present invention relates to the field of communications technologies, and in particular, to a method, system, and ASN for an access service node (ASN) to interact with a mapping forwarding plane in a host identity and location separation network framework. Background technique
现有因特网广泛使用的传输控制协议 /因特网互联协议 ( Transmission Control Protocol/Internet Protocol, TCP/IP )协议中 IP地址具有双重功能: 既 作为网络层的通信终端主机网络接口在网络拓朴中的位置标识 , 又作为传输 层主机网络接口的主机身份标识。 TCP/IP协议设计之初并未考虑主机移动的 情况。 但是, 当主机移动越来越普遍时, 这种 IP地址的语义过载缺陷日益明 显。 当主机的 IP地址发生变化时, 不仅路由要发生变化, 通信终端主机身份 标识也发生变化, 这样会导致路由负载越来越重, 而且主机身份标识的变化 会导致应用和连接的中断。 主机身份标识和位置分离问题提出的目的是为了 解决 IP地址的语义过载、 路由负载严重和安全等问题, 将 IP地址的双重功 能进行分离, 实现对移动性、 多家乡性、 IP地址动态重分配、 减轻路由负载 及下一代互联网中不同网络区域之间的互访等问题的支持。  The IP address in the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol widely used in the Internet has a dual function: the location of the network interface of the communication terminal host network layer in the network topology The identity, which is also the host identity of the transport layer host network interface. The TCP/IP protocol was not designed at the beginning of the host. However, as host mobility becomes more prevalent, the semantic overload of such IP addresses is becoming increasingly apparent. When the IP address of the host changes, not only the route changes, but also the identity of the communication terminal host changes. This causes the routing load to become heavier and heavy, and the change of the host identity will cause the application and connection to be interrupted. The purpose of the host identity and location separation problem is to solve the problem of semantic overload of IP address, serious routing load and security, and separate the dual functions of IP address to realize dynamic redistribution of mobility, multiple townships and IP addresses. Support for the reduction of routing load and mutual visits between different network areas in the next generation Internet.
基于 IP网络路由器的实现方法是有关身份标识和位置分离的解决方案之 一, 该身份分离的网络框架如图 1所示:  The implementation method based on IP network router is one of the solutions for identity identification and location separation. The network framework of identity separation is shown in Figure 1:
在这个框架下, 对于映射转发平面的实现, 我们提出了一种采用分布式 哈希表( Distributed Hash Table, DHT ) 实现映射转发平面的方式, 在这种 方法中,在 ASN上所有查不到身份位置映射信息的报文都要被投递到映射转 发平面上进行查找身份位置映射信息 (即接入标识 (Access Identifier, AID ) -路由标识 ( Routing Identifier, RID ) 的映射信息) 以及转发, 这样 ASN投 递到映射转发平面的无效报文数量会比较多, 加大了映射转发平面的负担。 发明内容 In this framework, for the implementation of the mapping forwarding plane, we propose a way to implement the mapping forwarding plane by using a distributed hash table (DHT). In this method, all the ASNs cannot be found. The message of the identity location mapping information is sent to the mapping forwarding plane to search for identity location mapping information (ie, Access Identifier (AID) - Routing Identifier (RID) mapping information) and forwarding The number of invalid packets delivered by the ASN to the mapping forwarding plane is relatively large, which increases the burden of the mapping forwarding plane. Summary of the invention
本发明要解决的技术问题是提供一种接入服务节点与映射转发平面交互 的方法、 系统及 ASN, 这种改进的方法和系统可以减少映射转发平面的处理 负担。  The technical problem to be solved by the present invention is to provide a method, system and ASN for an access service node to interact with a mapping forwarding plane. The improved method and system can reduce the processing load of the mapping forwarding plane.
为了解决上述问题, 本发明提供了了一种接入服务节点与映射转发平面 交互的方法, 用于身份位置分离网络框架, 包括: In order to solve the above problem, the present invention provides a method for an access service node to interact with a mapping forwarding plane, which is used for an identity location separation network framework, including:
在接入服务节点上增加对于查不到身份位置映射信息 4艮文的配置策略; 以及  Adding a configuration policy for not identifying the identity location mapping information on the access service node;
在所述接入服务节点与映射转发平面的交互中, 当所述接入服务节点接 收到用户终端发送来的数据报文后, 根据所述数据报文的接入标识查找身份 位置映射信息, 如果查找不到身份位置映射信息, 根据所述配置策略处理数 据报文。  In the interaction between the access service node and the mapping forwarding plane, after receiving the data packet sent by the user terminal, the access service node searches for the identity location mapping information according to the access identifier of the data packet. If the identity location mapping information is not found, the data packet is processed according to the configuration policy.
所述配置策略是存储转发、 首包转发和首包丢弃中的一种或几种。  The configuration policy is one or more of store-and-forward, first packet forwarding, and first packet drop.
所述配置策略是首包丟弃时, 根据所述配置策略处理数据报文的步骤包 括:  When the configuration policy is that the first packet is discarded, the step of processing the data packet according to the configuration policy includes:
所述接入服务点接收到用户终端发送来的数据报文时, 如果查不到该数 据报文的身份位置映射信息, 丟弃该数据报文;  When the access service point receives the data packet sent by the user terminal, if the identity location mapping information of the data packet is not found, the data packet is discarded;
该方法还包括:  The method also includes:
所述接入服务节点记录该数据报文的接入标识; 以及  The access service node records an access identifier of the data packet;
对于下一次收到所述接入标识的数据报文, 将该下一次收到的数据报文 丢弃。  For the next time the data packet of the access identifier is received, the data packet received next time is discarded.
所述配置策略为首包转发时, 根据所述配置策略处理数据报文的步骤包 括:  When the configuration policy is the first packet forwarding, the step of processing the data packet according to the configuration policy includes:
所述接入服务节点将所述数据报文发送到所述映射转发平面; 以及 如果所述映射转发平面查找不到该数据报文的身份位置映射信息, 所述 映射转发平面向所述接入服务节点发送不可达报文, 所述不可达报文中包括 该不可达艮文的接入标识; Sending, by the access service node, the data packet to the mapping forwarding plane; and if the mapping forwarding plane cannot find the identity location mapping information of the data packet, the mapping forwarding plane is to the access The service node sends an unreachable message, where the unreachable message includes The access identifier of the unreachable text;
该方法还包括:  The method also includes:
所述接入服务节点记录该不可达报文的接入标识; 以及  The access service node records an access identifier of the unreachable message;
对于下一次收到所述不可达报文的接入标识的数据报文进行丢弃处理。 所述配置策略为存储转发时, 根据所述配置策略处理数据报文的步骤包 括:  The data packet of the access identifier of the next unreachable packet is discarded. When the configuration policy is store-and-forward, the steps of processing the data packet according to the configuration policy include:
所述接入服务节点将所述数据报文存储到所述接入服务节点; 所述接入服务节点向所述映射转发平面发送查询报文, 所述查询报文中 包含所述数据报文的接入标识, 以进行身份位置映射信息的查询; 以及  The access service node stores the data packet to the access service node; the access service node sends an inquiry message to the mapping forwarding plane, where the query packet includes the data packet Access identifier for querying identity location mapping information;
如果所述映射转发平面查找不到该数据报文的身份位置映射信息, 所述 映射转发平面向所述接入服务节点发送不可达报文, 所述不可达报文中包括 该不可达报文的接入标识;  If the mapping forwarding plane cannot find the identity location mapping information of the data packet, the mapping forwarding plane sends an unreachable packet to the access service node, where the unreachable packet includes the unreachable packet. Access identification;
该方法还包括:  The method also includes:
所述接入服务节点记录该不可达报文的接入标识; 以及  The access service node records an access identifier of the unreachable message;
对于下一次收到的所述不可达报文的接入标识的数据报文, 将该下一次 收到的数据报文存储到所述接入服务节点。  For the data packet of the access identifier of the unreachable packet received next time, the data packet received next time is stored in the access service node.
所述根据所述配置策略处理数据报文的步骤之前, 该方法还包括: 所述接入服务节点配置支持存储转发的条目数、 每条目 文数和存储时 间选项。  Before the step of processing the data packet according to the configuration policy, the method further includes: the access service node configuring the number of entries supporting the store and forward, the number of entries per entry, and the storage time option.
所述根据所述配置策略处理数据报文的步骤之前, 该方法还包括: 所述接入服务节点配置一个老化时间 , 如果老化时间到 , 所述接入标识 的数据报文按照配置策略进行处理。  Before the step of processing the data packet according to the configuration policy, the method further includes: configuring, by the access service node, an aging time, if the aging time is up, the data packet of the access identifier is processed according to the configuration policy. .
为了解决上述问题, 本发明还提供了了一种接入服务节点与映射转发平 面交互的系统, 用于身份位置分离网络框架, 所述系统包括接入服务节点和 映射转发平面; In order to solve the above problem, the present invention further provides a system for an access service node to interact with a mapping forwarding plane, which is used for an identity location separation network framework, where the system includes an access service node and a mapping forwarding plane;
所述接入服务节点设置为: 增加对于查不到身份位置映射信息报文的配 置策略; 以及与所述映射转发平面进行交互, 当所述接入服务节点接收到用 户终端发送来的数据报文后, 根据所述数据报文的接入标识查找身份位置映 射信息, 如果查找不到身份位置映射信息, 根据所述配置策略处理数据报文; 所述映射转发平面设置为: 与所述接入服务节点进行交互。 The access service node is configured to: add a packet for not finding the identity location mapping information message And interacting with the mapping forwarding plane, after the access service node receives the data packet sent by the user terminal, searching for the identity location mapping information according to the access identifier of the data packet, if searching The data forwarding message is processed according to the configuration policy, and the mapping forwarding plane is configured to: interact with the access service node.
所述配置策略是存储转发、 首包转发和首 ^艮丢弃中的一种或几种; 所述接入服务节点是设置为: 所述配置策略是首包丢弃时, 按如下方式 处理数据报文: 接收到用户终端发送来的数据报文时, 如果查不到该数据报 文的身份位置映射信息, 丟弃该数据报文; 以及  The configuration policy is one or more of a storage forwarding, a first packet forwarding, and a first drop. The access service node is configured to: when the first configuration packet is discarded, the data packet is processed as follows. If the data packet sent by the user terminal is received, if the identity location mapping information of the data packet is not found, the data packet is discarded;
所述接入服务节点还设置为: 记录该数据报文的接入标识; 以及对于下 一次收到所述接入标识的数据报文时, 将该下一次收到的数据报文丢弃; 或者,  The access service node is further configured to: record an access identifier of the data packet; and discard the data packet received next time when the data packet of the access identifier is received next time; or ,
所述接入服务节点是设置为: 所述配置策略为首包转发时, 将所述数据 报文发送到所述映射转发平面;  The access service node is configured to: when the configuration policy is the first packet forwarding, send the data packet to the mapping forwarding plane;
所述映射转发平面是设置为: 如果查找不到该数据报文的身份位置映射 信息, 向所述接入服务节点发送不可达报文, 所述不可达报文中包括该不可 达报文的接入标识; 以及  The mapping forwarding plane is configured to: if the identity location mapping information of the data packet is not found, send an unreachable packet to the access service node, where the unreachable packet includes the unreachable packet Access identifier;
所述接入服务节点还设置为: 记录该不可达报文的接入标识; 以及对于 下一次收到所述不可达报文的接入标识的数据报文进行丟弃处理;  The access service node is further configured to: record an access identifier of the unreachable packet; and discard the data packet of the access identifier of the next unreachable packet;
或者,  Or,
所述接入服务节点是设置为: 所述配置策略为存储转发时, 将所述数据 报文存储到所述接入服务节点; 向所述映射转发平面发送查询报文, 所述查 询报文中包含所述数据报文的接入标识, 以进行身份位置映射信息的查询; 所述映射转发平面是设置为: 如果查找不到该数据报文的身份位置映射 信息, 向所述接入服务节点发送不可达报文, 所述不可达报文中包括该不可 达报文的接入标识; 以及  The access service node is configured to: when the configuration policy is stored and forwarded, store the data packet to the access service node; send an inquiry message to the mapping forwarding plane, where the query message is sent The access identifier of the data packet is included to perform the query of the identity location mapping information. The mapping forwarding plane is configured to: if the identity location mapping information of the data packet is not found, the access service is The node sends an unreachable message, where the unreachable message includes an access identifier of the unreachable message;
所述接入服务节点还设置为: 记录该不可达报文的接入标识; 以及对于 下一次收到的所述不可达报文的接入标识的数据报文, 将该下一次收到的数 据报文存储到所述接入服务节点。 所述接入服务节点还设置为: 配置一个老化时间, 如果老化时间到, 对 所述接入标识的数据报文按照配置策略进行处理。 The access service node is further configured to: record an access identifier of the unreachable packet; and receive a data packet of the access identifier of the unreceivable packet received next time, and receive the data packet next time The data message is stored to the access service node. The access service node is further configured to: configure an aging time, and if the aging time is up, process the data packet of the access identifier according to the configuration policy.
一种接入服务节点, 用于身份位置分离网络框架, 所述接入服务节点设 置为:  An access service node is used for an identity location separation network framework, where the access service node is set to:
增加对于查不到身份位置映射信息报文的配置策略; 以及  Add a configuration policy for not finding the identity location mapping information message;
与映射转发平面进行交互, 当所述接入服务节点接收到用户终端发送来 的数据报文后, 根据所述数据报文的接入标识查找身份位置映射信息, 如果 查找不到身份位置映射信息, 根据所述配置策略处理数据报文。  Interacting with the mapping forwarding plane, after the access service node receives the data packet sent by the user terminal, searching for the identity location mapping information according to the access identifier of the data packet, if the identity location mapping information is not found Processing data packets according to the configuration policy.
所述配置策略是存储转发、 首包转发和首 · ^丢弃中的一种或几种。 所述接入服务节点是设置为: 所述配置策略是首包丢弃时, 接收到用户 终端发送来的数据报文时, 如果查不到该数据报文的身份位置映射信息, 丟 弃该数据报文; 以及  The configuration policy is one or more of store-and-forward, first packet forwarding, and first-^ discarding. The access service node is configured to: when the first packet is discarded, when the data packet sent by the user terminal is received, if the identity location mapping information of the data packet is not found, the data is discarded. Message; and
所述接入服务节点还设置为: 记录该数据报文的接入标识; 以及对于下 一次收到所述接入标识的数据报文时, 将该下一次收到的数据报文丢弃; 或者,  The access service node is further configured to: record an access identifier of the data packet; and discard the data packet received next time when the data packet of the access identifier is received next time; or ,
所述接入服务节点是设置为: 所述配置策略为首包转发时, 将所述数据 报文发送到所述映射转发平面; 所述映射转发平面如果查找不到该数据报文 的身份位置映射信息, 向所述接入服务节点发送不可达报文, 所述不可达报 文中包括该不可达报文的接入标识; 以及  The access service node is configured to: when the configuration policy is the first packet forwarding, send the data packet to the mapping forwarding plane; if the mapping forwarding plane cannot find the identity location mapping of the data packet Sending an unreachable message to the access service node, where the unreachable message includes an access identifier of the unreachable message;
所述接入服务节点还设置为: 记录该不可达报文的接入标识; 以及对于 下一次收到所述不可达报文的接入标识的数据报文进行丟弃处理;  The access service node is further configured to: record an access identifier of the unreachable packet; and discard the data packet of the access identifier of the next unreachable packet;
或者,  Or,
所述接入服务节点是设置为: 所述配置策略为存储转发时, 将所述数据 报文存储到所述接入服务节点; 向所述映射转发平面发送查询报文, 所述查 询报文中包含所述数据报文的接入标识, 以进行身份位置映射信息的查询; 所述映射转发平面如果查找不到该数据报文的身份位置映射信息, 向所述接 入服务节点发送不可达报文, 所述不可达报文中包括该不可达报文的接入标 识; 以及 所述接入服务节点还设置为: 记录该不可达报文的接入标识; 以及对于 下一次收到的所述不可达报文的接入标识的数据报文, 将该下一次收到的数 据报文存储到所述接入服务节点。 The access service node is configured to: when the configuration policy is stored and forwarded, store the data packet to the access service node; send an inquiry message to the mapping forwarding plane, where the query message is sent Include the access identifier of the data packet to perform the query of the identity location mapping information; if the mapping forwarding plane cannot find the identity location mapping information of the data packet, send the unreachable to the access service node a packet, where the unreachable packet includes an access identifier of the unreachable packet; The access service node is further configured to: record an access identifier of the unreachable packet; and receive a data packet of the access identifier of the unreceivable packet received next time, and receive the data packet next time The data message is stored to the access service node.
所述接入服务节点还设置为: 配置一个老化时间, 如果老化时间到, 对 所述接入标识的数据报文按照配置策略进行处理。  The access service node is further configured to: configure an aging time, and if the aging time is up, process the data packet of the access identifier according to the configuration policy.
采用上述的方法和系统, 减少了 ASN投递到映射转发平面的无效报文。 在一实施例中, 还可以得到以下好处: 对于查不到映射关系的报文, 可以根 据不同的网络条件选择不同的 ASN处理策略; 对于异常情况(如攻击)产生 的大量无效接入标识( Access Identifier, AID )的报文, 可以通过不可达报文 在 AID上获知 AID无效的信息,从而有效地在 AID上进行丢弃;允许了 ASN 上的丢弃行为, 对于部分无映射关系的报文不再进入映射转发平面, 减少了 映射转发平面的负担。 附图概述 With the above method and system, the invalid message that the ASN delivers to the mapping forwarding plane is reduced. In an embodiment, the following benefits are also obtained: For a packet that does not find a mapping relationship, different ASN processing policies may be selected according to different network conditions; and a large number of invalid access identifiers generated by an abnormal situation (such as an attack) ( The packets of the access Identifier (AID) can be discarded on the AID through the unreachable packets. Therefore, the AID is discarded. The discarding behavior is allowed on the ASN. Then enter the mapping forwarding plane, reducing the burden of the mapping forwarding plane. BRIEF abstract
图 1为现有技术中身份位置分离网络的拓朴图;  1 is a topological diagram of an identity location separation network in the prior art;
图 2为本发明实施例中 ASN与映射转发平面的交互流程图。 本发明的较佳实施方式  FIG. 2 is a flowchart of interaction between an ASN and a mapping forwarding plane according to an embodiment of the present invention. Preferred embodiment of the invention
本发明提出了一种增加了 ASN对于查不到映射关系 · ^文的处理选项,通 过这种处理选项, 可以减少投递到映射转发平面的无效报文数量。  The present invention proposes a processing option that increases the ASN for not finding the mapping relationship. By this processing option, the number of invalid packets delivered to the mapping forwarding plane can be reduced.
下面结合附图详细说明本发明的具体实施方式。  Specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
本实施例的主要目标包括:  The main objectives of this embodiment include:
ASN可以选择将查不到身份位置映射信息的报文存储转发或者投递转发 或者丟弃的策略;  The ASN may select a policy for storing, forwarding, forwarding, or discarding packets whose identity location mapping information is not found;
进一步地, 还可以实现下列目标:  Further, the following objectives can also be achieved:
ASN可以配置存储转发报文的数量以及时间; ASN可以扩展定义与映射转发平面的交互, 记录确认无效的 AID, 对于 此类 AID直接丢弃处理; The ASN can configure the number and time of storing and forwarding packets. The ASN can extend the interaction between the definition and the mapping forwarding plane, record the invalid AID, and discard the AID directly.
对于无效 AID的记录信息应有老化机制。  The record information for invalid AIDs should have an aging mechanism.
针对上述目标, 对于原有 ASN的处理流程进行了如下一些改变: 首先, 在 ASN上增加对于查不到身份位置映射信息 4艮文的配置策略; 其中, 该配置策略可以是存储转发, 首包转发或首包丟弃中的一种或几 种配置策略, 根据网络条件的不同可以选择使用; For the above-mentioned objectives, the following changes are made to the processing flow of the original ASN: First, a configuration policy for not identifying the identity location mapping information is added to the ASN; wherein the configuration policy may be store-and-forward, the first packet One or several configuration policies in forwarding or first packet discarding, which may be selected according to different network conditions;
其中, 网絡条件可以是: 当网络可信任的时候, 可以直接配置投递转发; 当网络不可信任的时候, 可以选择配置丟弃等;  The network condition may be: when the network is trusted, the delivery forwarding may be directly configured; when the network is untrustable, the configuration may be configured to discard;
对于存储转发, 还可以进一步扩展配置支持存储转发的条目数, 每条目 4艮文数, 存储时间等选项;  For store-and-forward, you can further expand the number of entries that support storage and forwarding, the number of entries per entry, and the storage time.
其中, 由于每一批目的 AID相同的报文在 ASN上生成同一 AID, 因此 配置条目数的目的是为了控制条目表的容量; 存储时间是为了控制数据报文 的最长存储时间, 以避免报文占满设备的緩存;  The purpose of configuring the number of entries is to control the capacity of the entry table. The storage time is to control the maximum storage time of data packets to avoid reporting. The file is occupied by the cache of the device;
其次, 当 ASN接收到用户终端发送来的数据报文后, 根据配置策略进行 学习映射关系过程, 完成处理数据报文;  Secondly, after receiving the data packet sent by the user terminal, the ASN performs a learning mapping process according to the configuration policy, and completes processing the data packet;
其中, 如果配置策略为首包丢弃, 当 ASN接收到用户终端发送来的数据 报文时, 如果查不到该数据报文的映射关系, 可以丟弃报文;  If the configuration policy is that the first packet is discarded, when the ASN receives the data packet sent by the user terminal, if the data packet is not found, the packet can be discarded.
如果配置为存储转发, 当 ASN接收到用户终端发送来的数据报文时, 如 果查找不到该数据报文的身份位置映射信息, 可以将其存储到 ASN上, 同时 构造一个查询报文,将其发送到映射转发平面进行身份位置映射信息的查询; 如果配置为首包转发, 当 ASN接收到用户终端发送来的数据报文时, 将 其发送到映射转发平面, 如果映射转发平面查找不到该数据报文的身份位置 映射信息, 映射转发平面向 ASN发送不可达报文, 其中包括不可达的 AID, ASN记录不可达的 AID,对于下一次收到的此类 AID的数据■ ^文进行丟弃处 理。 在另一实施例中, 还可以通过配置针对不可达条目的老化时间, 增加老 化机制, 即在老化时间没有到的情况下, 如果该 AID的数据 ^艮文没有学习到 身份位置映射信息,则此类 AID的数据报文进行丟弃处理,如果老化时间到, 保证该老化时间到后此类 AID的数据报文触发新的学习过程(即当 ASN接 收到该 AID的数据报文后, 重新向映射转发平面投射查询报文) , 从而避免 了恶意的 DOS攻击。 If the ASN is configured to store and forward data packets, if the ASN does not find the identity location mapping information of the data packet, it can store it on the ASN and construct a query packet. It is sent to the mapping forwarding plane to perform the query of the identity location mapping information. If the first packet forwarding is configured, when the ASN receives the data packet sent by the user terminal, it sends the data packet to the mapping forwarding plane. The identity location mapping information of the data packet, the mapping forwarding plane sends an unreachable message to the ASN, including the unreachable AID, and the ASN records the unreachable AID, and the data of the next received AID is lost. Discard the processing. In another embodiment, the aging mechanism for the unreachable entry may be configured to increase the aging mechanism, that is, if the aging time is not reached, if the data of the AID does not learn the identity location mapping information, The data packet of the AID is discarded. If the aging time is up, the data packet of the AID is triggered to trigger a new learning process (that is, when the ASN receives the data packet of the AID, Projecting query messages to the mapping forwarding plane), thereby avoiding malicious DOS attacks.
在另一实施例中, 还可以通过配置针对存储转发报文的老化时间, 增加 老化机制, 即在老化时间没有到的情况下, 如果该 AID的数据报文没有学习 到身份位置映射信息, 则此类 AID的数据报文存储在 ASN上, 如果老化时 间到, 则将存储的这些^ ^文丟弃, 从而避免了恶意的 DOS攻击而将 ASN緩 存耗空。  In another embodiment, the aging mechanism for storing and forwarding packets is configured to increase the aging mechanism, that is, if the aging time is not reached, if the data packet of the AID does not learn the identity location mapping information, The data packets of the AID are stored on the ASN. If the aging time expires, the stored files are discarded, thereby avoiding malicious DOS attacks and consuming the ASN cache.
图 2是上述扩展的一个完整的 ASN与映射转发平面的交互过程,具体包 括如下步骤: FIG. 2 is an interaction process between a complete ASN and a mapping forwarding plane, which specifically includes the following steps:
步骤 201: 源 ASN ( ASN1 )接收到终端通过接入侧网络送来的数据报文 后, 查找不到映射关系的时候, 根据配置策略进行进一步地处理;  Step 201: After receiving the data packet sent by the terminal through the access side network, the source ASN (ASN1) performs further processing according to the configuration policy when the mapping relationship is not found.
其中, 如果配置为首包丟弃, 则在查找不到映射关系的时候, 根据配置 的策略进行丟弃;  If the first packet is discarded, the device discards the mapping according to the configured policy.
如果配置为存储转发, 则在查找不到身份位置映射信息时, 将数据 文 存储, 同时构造查询 · ^文发送到映射转发平面;  If it is configured as store-and-forward, when the identity location mapping information is not found, the data file is stored, and the query is configured to be sent to the mapping forwarding plane;
如果配置为首包转发, 则将数据报文投递到映射转发平面;  If configured as the first packet forwarding, the data packet is delivered to the mapping forwarding plane;
步骤 202: 映射转发平面收到查询报文, 查找身份位置映射信息 (在身 份位置寄存器(ILR )上查找), 当查找不到身份位置映射信息的时候, 产生 一个不可达报文发送给源 ASN;  Step 202: The mapping forwarding plane receives the query message, and searches for the identity location mapping information (searched in the identity location register (ILR)). When the identity location mapping information is not found, an unreachable packet is sent to the source ASN. ;
步骤 203:源 ASN收到并处理不可达报文,记录不可达报文的 AID信息; 步骤 204: 源 ASN下一次收到该 AID的数据报文后, 查找身份位置映射 信息, 发现报文的 AID不可达, 则丟弃报文;  Step 203: The source ASN receives and processes the unreachable packet, and records the AID information of the unreachable packet. Step 204: After receiving the data packet of the AID, the source ASN searches for the identity location mapping information, and finds the packet. If the AID is unreachable, the packet is discarded.
步骤 205: 不可达信息老化时间, 即老化定时器到时, 将保存的不可达 信息老化, 使用户数据可以通过新的数据报文流触发学习身份位置映射信息 过程; Step 205: The aging time of the unreachable information, that is, the aging timer expires, and the saved unreachable time The information is aged, so that the user data can trigger the process of learning the identity location mapping information through the new data packet flow;
步骤 206: 源 ASN收到该 AID的数据报文, 返回步骤 202; 如此次能够 学习到身份位置映射信息了, 则可以将数据艮文封装发送到通信对端。  Step 206: The source ASN receives the data packet of the AID, and returns to step 202. If the identity location mapping information can be learned, the data packet may be encapsulated and sent to the communication peer.
工业实用性 Industrial applicability
本发明减少了 ASN投递到映射转发平面的无效报文。 在一实施例中, 还 可以得到以下好处: 对于查不到映射关系的报文, 可以根据不同的网络条件 选择不同的 ASN处理策略; 对于异常情况(如攻击 )产生的大量无效接入标 识的报文, 可以通过不可达报文在 AID上获知 AID无效的信息, 从而有效地 在 AID上进行丢弃; 允许了 ASN上的丢弃行为, 对于部分无映射关系的报 文不再进入映射转发平面, 减少了映射转发平面的负担。  The invention reduces invalid messages that the ASN delivers to the mapping forwarding plane. In an embodiment, the following benefits are also obtained: For a packet that does not find a mapping relationship, different ASN processing policies may be selected according to different network conditions; for a large number of invalid access identifiers generated by an abnormal situation (such as an attack) A packet can be discarded on the AID by using the unreachable packet. Therefore, the AID is discarded. The discarding behavior is allowed on the ASN. Reduce the burden of mapping the forwarding plane.

Claims

权 利 要 求 书 Claim
1、 一种接入服务节点与映射转发平面交互的方法, 用于身份位置分离网 络框架, 包括:  A method for interaction between an access service node and a mapping forwarding plane, which is used for an identity location separation network framework, including:
在接入服务节点上增加对于查不到身份位置映射信息" ^文的配置策略; 以及  Adding a configuration policy for not finding the identity location mapping information on the access service node;
在所述接入服务节点与映射转发平面的交互中, 当所述接入服务节点接 收到用户终端发送来的数据报文后, 根据所述数据报文的接入标识查找身份 位置映射信息, 如果查找不到身份位置映射信息, 根据所述配置策略处理所 述数据报文。  In the interaction between the access service node and the mapping forwarding plane, after receiving the data packet sent by the user terminal, the access service node searches for the identity location mapping information according to the access identifier of the data packet. If the identity location mapping information is not found, the data packet is processed according to the configuration policy.
2、 如权利要求 1所述的方法, 其中,  2. The method of claim 1 wherein
所述配置策略是存储转发、 首包转发和首包丟弃中的一种或几种。  The configuration policy is one or more of store-and-forward, first packet forwarding, and first packet drop.
3、 如权利要求 2所述的方法, 其中,  3. The method of claim 2, wherein
所述配置策略是首包丢弃时, 所述根据所述配置策略处理数据报文的步 骤包括:  When the configuration policy is that the first packet is discarded, the step of processing the data packet according to the configuration policy includes:
所述接入服务点接收到用户终端发送来的数据报文时, 如果查不到该数 据报文的身份位置映射信息, 丟弃该数据报文;  When the access service point receives the data packet sent by the user terminal, if the identity location mapping information of the data packet is not found, the data packet is discarded;
该方法还包括:  The method also includes:
所述接入服务节点记录该数据报文的接入标识; 以及  The access service node records an access identifier of the data packet;
对于下一次收到所述接入标识的数据报文, 将该下一次收到的数据报文 丟弃。  For the next time the data packet of the access identifier is received, the data packet received next time is discarded.
4、 如权利要求 2所述的方法, 其中  4. The method of claim 2, wherein
所述配置策略为首包转发时, 所述根据所述配置策略处理数据报文的步 骤包括:  When the configuration policy is the first packet forwarding, the step of processing the data packet according to the configuration policy includes:
所述接入服务节点将所述数据报文发送到所述映射转发平面; 以及 如果所述映射转发平面查找不到该数据报文的身份位置映射信息, 所述 映射转发平面向所述接入服务节点发送不可达报文, 所述不可达报文中包括 该不可达艮文的接入标识; 该方法还包括: Sending, by the access service node, the data packet to the mapping forwarding plane; and if the mapping forwarding plane cannot find the identity location mapping information of the data packet, the mapping forwarding plane is to the access The service node sends an unreachable message, where the unreachable message includes the access identifier of the unreachable message; The method also includes:
所述接入服务节点记录该不可达报文的接入标识; 以及  The access service node records an access identifier of the unreachable message;
对于下一次收到所述不可达报文的接入标识的数据报文进行丟弃处理。 The data packet of the access identifier of the next unreachable packet is discarded.
5、 如权利要求 2所述的方法, 其中, 5. The method of claim 2, wherein
所述配置策略为存储转发时, 所述根据所述配置策略处理数据报文的步 骤包括:  When the configuration policy is stored and forwarded, the step of processing the data packet according to the configuration policy includes:
所述接入服务节点将所述数据报文存储到所述接入服务节点; 所述接入服务节点向所述映射转发平面发送查询报文, 所述查询报文中 包含所述数据报文的接入标识, 以进行身份位置映射信息的查询; 以及  The access service node stores the data packet to the access service node; the access service node sends an inquiry message to the mapping forwarding plane, where the query packet includes the data packet Access identifier for querying identity location mapping information;
如果所述映射转发平面查找不到该数据报文的身份位置映射信息, 所述 映射转发平面向所述接入服务节点发送不可达报文, 所述不可达报文中包括 该不可达报文的接入标识;  If the mapping forwarding plane cannot find the identity location mapping information of the data packet, the mapping forwarding plane sends an unreachable packet to the access service node, where the unreachable packet includes the unreachable packet. Access identification;
该方法还包括:  The method also includes:
所述接入服务节点记录该不可达报文的接入标识; 以及  The access service node records an access identifier of the unreachable message;
对于下一次收到的所述不可达报文的接入标识的数据报文, 将该下一次 收到的数据报文存储到所述接入服务节点。  For the data packet of the access identifier of the unreachable packet received next time, the data packet received next time is stored in the access service node.
6、 如权利要求 5所述的方法, 其中, 所述根据所述配置策略处理数据报 文的步骤之前, 该方法还包括:  The method of claim 5, wherein before the step of processing the data message according to the configuration policy, the method further includes:
所述接入服务节点配置支持存储转发的条目数、 每条目 文数和存储时 间选项。  The access service node configuration supports the number of entries stored and forwarded, the number of entries per entry, and the storage time option.
7、 如权利要求 3或 4或 5所述的方法, 其中, 所述根据所述配置策略处 理数据报文的步骤之前, 该方法还包括:  The method according to claim 3 or 4 or 5, wherein, before the step of processing the data message according to the configuration policy, the method further includes:
所述接入服务节点配置一个老化时间, 如果老化时间到, 所述接入标识 的数据报文按照配置策略进行处理。  The access service node is configured with an aging time. If the aging time is up, the data packet of the access identifier is processed according to the configuration policy.
8、 一种接入服务节点与映射转发平面交互的系统, 用于身份位置分离网 络框架, 所述系统包括接入服务节点和映射转发平面,  8. A system for an access service node to interact with a mapping forwarding plane, configured for an identity location separation network framework, the system comprising an access service node and a mapping forwarding plane,
所述接入服务节点设置为: 增加对于查不到身份位置映射信息报文的配 置策略; 以及与所述映射转发平面进行交互, 当所述接入服务节点接收到用 户终端发送来的数据报文后, 根据所述数据报文的接入标识查找身份位置映 射信息, 如果查找不到身份位置映射信息, 根据所述配置策略处理数据报文; 所述映射转发平面设置为: 与所述接入服务节点进行交互。 The access service node is configured to: add a packet for not finding the identity location mapping information message And interacting with the mapping forwarding plane, after the access service node receives the data packet sent by the user terminal, searching for the identity location mapping information according to the access identifier of the data packet, if searching The data forwarding message is processed according to the configuration policy, and the mapping forwarding plane is configured to: interact with the access service node.
9、 如权利要求 8所述的系统, 其中,  9. The system of claim 8 wherein
所述配置策略是存储转发、 首包转发和首 · ^丢弃中的一种或几种; 所述接入服务节点是设置为: 所述配置策略是首包丟弃时, 按如下方式 处理数据报文: 接收到用户终端发送来的数据报文时, 如果查不到该数据报 文的身份位置映射信息, 丢弃该数据报文; 以及  The configuration policy is one or more of storage forwarding, first packet forwarding, and first ^^ discarding; the access service node is configured to: when the first configuration packet is discarded, the data is processed as follows If the data packet sent by the user terminal is received, if the identity location mapping information of the data packet is not found, the data packet is discarded;
所述接入服务节点还设置为: 记录该数据报文的接入标识; 以及对于下 一次收到所述接入标识的数据报文时, 将该下一次收到的数据报文丟弃; 或者,  The access service node is further configured to: record an access identifier of the data packet; and discard the data packet received next time when the data packet of the access identifier is received next time; Or,
所述接入服务节点是设置为: 所述配置策略为首包转发时, 将所述数据 报文发送到所述映射转发平面;  The access service node is configured to: when the configuration policy is the first packet forwarding, send the data packet to the mapping forwarding plane;
所述映射转发平面是设置为: 如果查找不到该数据报文的身份位置映射 信息, 向所述接入服务节点发送不可达报文, 所述不可达报文中包括该不可 达报文的接入标识; 以及  The mapping forwarding plane is configured to: if the identity location mapping information of the data packet is not found, send an unreachable packet to the access service node, where the unreachable packet includes the unreachable packet Access identifier;
所述接入服务节点还设置为: 记录该不可达报文的接入标识; 以及对于 下一次收到所述不可达报文的接入标识的数据报文进行丟弃处理;  The access service node is further configured to: record an access identifier of the unreachable packet; and discard the data packet of the access identifier of the next unreachable packet;
或者,  Or,
所述接入服务节点是设置为: 所述配置策略为存储转发时, 将所述数据 报文存储到所述接入服务节点; 向所述映射转发平面发送查询报文, 所述查 询报文中包含所述数据报文的接入标识, 以进行身份位置映射信息的查询; 所述映射转发平面是设置为: 如果查找不到该数据报文的身份位置映射 信息, 向所述接入服务节点发送不可达报文, 所述不可达报文中包括该不可 达报文的接入标识; 以及  The access service node is configured to: when the configuration policy is stored and forwarded, store the data packet to the access service node; send an inquiry message to the mapping forwarding plane, where the query message is sent The access identifier of the data packet is included to perform the query of the identity location mapping information. The mapping forwarding plane is configured to: if the identity location mapping information of the data packet is not found, the access service is The node sends an unreachable message, where the unreachable message includes an access identifier of the unreachable message;
所述接入服务节点还设置为: 记录该不可达报文的接入标识; 以及对于 下一次收到的所述不可达报文的接入标识的数据报文, 将该下一次收到的数 据报文存储到所述接入服务节点。 The access service node is further configured to: record an access identifier of the unreachable message; The data packet of the access identifier of the unreachable packet received next time, and the data packet received next time is stored in the access service node.
10、 如权利要求 8或 9所述的系统, 其中,  10. The system of claim 8 or 9, wherein
所述接入服务节点还设置为: 配置一个老化时间, 如果老化时间到, 对 所述接入标识的数据报文按照配置策略进行处理。  The access service node is further configured to: configure an aging time, and if the aging time is up, process the data packet of the access identifier according to the configuration policy.
11、 一种接入服务节点, 用于身份位置分离网络框架, 所述接入服务节 点设置为:  11. An access service node, configured for an identity location separation network framework, where the access service node is set to:
增加对于查不到身份位置映射信息报文的配置策略; 以及 与映射转发平面进行交互, 当所述接入服务节点接收到用户终端发送来 的数据报文后, 根据所述数据报文的接入标识查找身份位置映射信息, 如果 查找不到身份位置映射信息, 根据所述配置策略处理数据报文。  Adding a configuration policy for not identifying the identity location mapping information message; and interacting with the mapping forwarding plane, after the access service node receives the data packet sent by the user terminal, according to the data packet The in-identity identifier is used to search for the identity location mapping information. If the identity location mapping information is not found, the data packet is processed according to the configuration policy.
12、 如权利要求 11所述的接入服务节点, 其中, 所述配置策略是存储转 发、 首包转发和首报丢弃中的一种或几种。  The access service node according to claim 11, wherein the configuration policy is one or more of storage forwarding, first packet forwarding, and first packet dropping.
13、 如权利要求 12所述的接入服务节点, 其中,  13. The access service node according to claim 12, wherein
所述接入服务节点是设置为: 所述配置策略是首包丟弃时, 接收到用户 终端发送来的数据报文时, 如果查不到该数据报文的身份位置映射信息, 丟 弃该数据报文; 以及  The access service node is configured to: when the first packet is discarded, when receiving the data packet sent by the user terminal, if the identity location mapping information of the data packet is not found, discard the Data message;
所述接入服务节点还设置为: 记录该数据报文的接入标识; 以及对于下 一次收到所述接入标识的数据报文时, 将该下一次收到的数据报文丢弃; 或者,  The access service node is further configured to: record an access identifier of the data packet; and discard the data packet received next time when the data packet of the access identifier is received next time; or ,
所述接入服务节点是设置为: 所述配置策略为首包转发时, 将所述数据 报文发送到所述映射转发平面; 所述映射转发平面如果查找不到该数据报文 的身份位置映射信息, 向所述接入服务节点发送不可达报文, 所述不可达报 文中包括该不可达报文的接入标识; 以及  The access service node is configured to: when the configuration policy is the first packet forwarding, send the data packet to the mapping forwarding plane; if the mapping forwarding plane cannot find the identity location mapping of the data packet Sending an unreachable message to the access service node, where the unreachable message includes an access identifier of the unreachable message;
所述接入服务节点还设置为: 记录该不可达报文的接入标识; 以及对于 下一次收到所述不可达报文的接入标识的数据报文进行丟弃处理;  The access service node is further configured to: record an access identifier of the unreachable packet; and discard the data packet of the access identifier of the next unreachable packet;
或者, 所述接入服务节点是设置为: 所述配置策略为存储转发时, 将所述数据 报文存储到所述接入服务节点; 向所述映射转发平面发送查询报文, 所述查 询报文中包含所述数据报文的接入标识, 以进行身份位置映射信息的查询; 所述映射转发平面如果查找不到该数据报文的身份位置映射信息, 向所述接 入服务节点发送不可达报文, 所述不可达报文中包括该不可达报文的接入标 识; 以及 or, The access service node is configured to: when the configuration policy is stored and forwarded, store the data packet to the access service node; send an inquiry message to the mapping forwarding plane, where the query message is sent Include the access identifier of the data packet to perform the query of the identity location mapping information; if the mapping forwarding plane cannot find the identity location mapping information of the data packet, send the unreachable to the access service node a packet, where the unreachable packet includes an access identifier of the unreachable packet;
所述接入服务节点还设置为: 记录该不可达报文的接入标识; 以及对于 下一次收到的所述不可达报文的接入标识的数据报文, 将该下一次收到的数 据报文存储到所述接入服务节点。  The access service node is further configured to: record an access identifier of the unreachable packet; and receive a data packet of the access identifier of the unreceivable packet received next time, and receive the data packet next time The data message is stored to the access service node.
14、 如权利要求 11-13任一所述的接入服务节点, 所述接入服务节点还 设置为: 配置一个老化时间, 如果老化时间到, 对所述接入标识的数据报文 按照配置策略进行处理。  The access service node according to any one of claims 11-13, wherein the access service node is further configured to: configure an aging time, and if the aging time is up, configure the data packet of the access identifier according to the configuration. The strategy is processed.
PCT/CN2010/074169 2009-09-17 2010-06-21 Method and system for interaction between asn and mapping-forwarding plane, and asn WO2011032405A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2009101746954A CN102025602A (en) 2009-09-17 2009-09-17 Method and system for interacting access service nodes with mapping forward plane
CN200910174695.4 2009-09-17

Publications (1)

Publication Number Publication Date
WO2011032405A1 true WO2011032405A1 (en) 2011-03-24

Family

ID=43758063

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/074169 WO2011032405A1 (en) 2009-09-17 2010-06-21 Method and system for interaction between asn and mapping-forwarding plane, and asn

Country Status (2)

Country Link
CN (1) CN102025602A (en)
WO (1) WO2011032405A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102307191B (en) * 2011-08-19 2015-05-06 北京交通大学 Method for raising separation map network security
CN108882224B (en) * 2017-05-12 2022-05-03 中兴通讯股份有限公司 User identity information distribution method and access service router

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1494280A (en) * 2002-11-02 2004-05-05 ��Ϊ�������޹�˾ Method of control message transmission in network equipment
CN1801764A (en) * 2006-01-23 2006-07-12 北京交通大学 Internet access method based on identity and location separation
CN101127663A (en) * 2007-09-13 2008-02-20 北京交通大学 A system and method for access of mobile self-organized network to integrated network
CN101483675A (en) * 2008-01-11 2009-07-15 华为技术有限公司 Network appliance searching method and network appliance

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483600B (en) * 2009-02-19 2012-05-23 北京交通大学 Method for implementing integrated network home domain information diffusion

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1494280A (en) * 2002-11-02 2004-05-05 ��Ϊ�������޹�˾ Method of control message transmission in network equipment
CN1801764A (en) * 2006-01-23 2006-07-12 北京交通大学 Internet access method based on identity and location separation
CN101127663A (en) * 2007-09-13 2008-02-20 北京交通大学 A system and method for access of mobile self-organized network to integrated network
CN101483675A (en) * 2008-01-11 2009-07-15 华为技术有限公司 Network appliance searching method and network appliance

Also Published As

Publication number Publication date
CN102025602A (en) 2011-04-20

Similar Documents

Publication Publication Date Title
WO2017000878A1 (en) Message processing
US20110032939A1 (en) Network system, packet forwarding apparatus, and method of forwarding packets
EP2719133A1 (en) A Generalized Dual-Mode Data Forwarding Plane for Information-Centric Network
WO2009012663A1 (en) Method, communication system and device for arp packet processing
WO2012151904A1 (en) Data packet forwarding method and device
WO2012167559A1 (en) Method and triple layer device for fast forwarding data packets
WO2013029569A1 (en) A Generalized Dual-Mode Data Forwarding Plane for Information-Centric Network
WO2011044790A1 (en) Method for information notification and method and access node for forwarding data message during handover procedure
WO2010072096A1 (en) Method and broadband access device for improving the security of neighbor discovery in ipv6 environment
WO2013056628A1 (en) Method, application server, network database, and system for achieving heartbeat mechanism
WO2012159481A1 (en) Path maximum transmission unit discovery method and node
WO2011131097A1 (en) Data message processing method, system and access service node
WO2011147371A1 (en) Method and system for implementing data transmission between virtual machines
WO2012075850A1 (en) Method and system for preventing mac address cheat, and switch
WO2011131088A1 (en) Data message processing method, ingress tunnel router and system
WO2011035615A1 (en) Method, system and apparatus for transmitting data
WO2008128449A1 (en) Method, system and access device for implementing two-layer intercommunication of special service
US9270593B2 (en) Prediction based methods for fast routing of IP flows using communication/network processors
JP5966488B2 (en) Network system, switch, and communication delay reduction method
JP2013070325A (en) Communication system, communication apparatus, server, and communication method
WO2012088934A1 (en) Method and switching device for filtering messages
WO2011041960A1 (en) Method and apparatus for preventing denial-of-service attack
WO2011032405A1 (en) Method and system for interaction between asn and mapping-forwarding plane, and asn
WO2012167659A1 (en) Data communication method and device in constrained application protocol
RU2542933C1 (en) Method (versions), apparatus (versions) and system for controlling access

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10816609

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10816609

Country of ref document: EP

Kind code of ref document: A1