WO2011032405A1 - Procédé et système d'interaction entre un asn et un plan d'envoi de mappage, et asn - Google Patents

Procédé et système d'interaction entre un asn et un plan d'envoi de mappage, et asn Download PDF

Info

Publication number
WO2011032405A1
WO2011032405A1 PCT/CN2010/074169 CN2010074169W WO2011032405A1 WO 2011032405 A1 WO2011032405 A1 WO 2011032405A1 CN 2010074169 W CN2010074169 W CN 2010074169W WO 2011032405 A1 WO2011032405 A1 WO 2011032405A1
Authority
WO
WIPO (PCT)
Prior art keywords
data packet
service node
packet
access service
access
Prior art date
Application number
PCT/CN2010/074169
Other languages
English (en)
Chinese (zh)
Inventor
何辉
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011032405A1 publication Critical patent/WO2011032405A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, system, and ASN for an access service node (ASN) to interact with a mapping forwarding plane in a host identity and location separation network framework.
  • ASN access service node
  • the IP address in the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol widely used in the Internet has a dual function: the location of the network interface of the communication terminal host network layer in the network topology The identity, which is also the host identity of the transport layer host network interface.
  • the TCP/IP protocol was not designed at the beginning of the host. However, as host mobility becomes more prevalent, the semantic overload of such IP addresses is becoming increasingly apparent.
  • IP address of the host changes, not only the route changes, but also the identity of the communication terminal host changes. This causes the routing load to become heavier and heavy, and the change of the host identity will cause the application and connection to be interrupted.
  • the purpose of the host identity and location separation problem is to solve the problem of semantic overload of IP address, serious routing load and security, and separate the dual functions of IP address to realize dynamic redistribution of mobility, multiple townships and IP addresses. Support for the reduction of routing load and mutual visits between different network areas in the next generation Internet.
  • the implementation method based on IP network router is one of the solutions for identity identification and location separation.
  • the network framework of identity separation is shown in Figure 1:
  • mapping forwarding plane For the implementation of the mapping forwarding plane, we propose a way to implement the mapping forwarding plane by using a distributed hash table (DHT). In this method, all the ASNs cannot be found.
  • the message of the identity location mapping information is sent to the mapping forwarding plane to search for identity location mapping information (ie, Access Identifier (AID) - Routing Identifier (RID) mapping information) and forwarding
  • identity location mapping information ie, Access Identifier (AID) - Routing Identifier (RID) mapping information
  • the technical problem to be solved by the present invention is to provide a method, system and ASN for an access service node to interact with a mapping forwarding plane.
  • the improved method and system can reduce the processing load of the mapping forwarding plane.
  • the present invention provides a method for an access service node to interact with a mapping forwarding plane, which is used for an identity location separation network framework, including:
  • the access service node After receiving the data packet sent by the user terminal, the access service node searches for the identity location mapping information according to the access identifier of the data packet. If the identity location mapping information is not found, the data packet is processed according to the configuration policy.
  • the configuration policy is one or more of store-and-forward, first packet forwarding, and first packet drop.
  • the step of processing the data packet according to the configuration policy includes:
  • the access service point When the access service point receives the data packet sent by the user terminal, if the identity location mapping information of the data packet is not found, the data packet is discarded;
  • the method also includes:
  • the access service node records an access identifier of the data packet
  • the data packet received next time is discarded.
  • the step of processing the data packet according to the configuration policy includes:
  • the service node sends an unreachable message, where the unreachable message includes The access identifier of the unreachable text;
  • the method also includes:
  • the data packet of the access identifier of the next unreachable packet is discarded.
  • the steps of processing the data packet according to the configuration policy include:
  • the access service node stores the data packet to the access service node; the access service node sends an inquiry message to the mapping forwarding plane, where the query packet includes the data packet Access identifier for querying identity location mapping information;
  • mapping forwarding plane If the mapping forwarding plane cannot find the identity location mapping information of the data packet, the mapping forwarding plane sends an unreachable packet to the access service node, where the unreachable packet includes the unreachable packet.
  • Access identification
  • the method also includes:
  • the access service node records an access identifier of the unreachable message
  • the method further includes: the access service node configuring the number of entries supporting the store and forward, the number of entries per entry, and the storage time option.
  • the method further includes: configuring, by the access service node, an aging time, if the aging time is up, the data packet of the access identifier is processed according to the configuration policy. .
  • the present invention further provides a system for an access service node to interact with a mapping forwarding plane, which is used for an identity location separation network framework, where the system includes an access service node and a mapping forwarding plane;
  • the access service node is configured to: add a packet for not finding the identity location mapping information message And interacting with the mapping forwarding plane, after the access service node receives the data packet sent by the user terminal, searching for the identity location mapping information according to the access identifier of the data packet, if searching
  • the data forwarding message is processed according to the configuration policy, and the mapping forwarding plane is configured to: interact with the access service node.
  • the access service node is further configured to: record an access identifier of the data packet; and discard the data packet received next time when the data packet of the access identifier is received next time; or ,
  • the access service node is configured to: when the configuration policy is the first packet forwarding, send the data packet to the mapping forwarding plane;
  • the mapping forwarding plane is configured to: if the identity location mapping information of the data packet is not found, send an unreachable packet to the access service node, where the unreachable packet includes the unreachable packet Access identifier;
  • the access service node is further configured to: record an access identifier of the unreachable packet; and discard the data packet of the access identifier of the next unreachable packet;
  • the access service node is configured to: when the configuration policy is stored and forwarded, store the data packet to the access service node; send an inquiry message to the mapping forwarding plane, where the query message is sent The access identifier of the data packet is included to perform the query of the identity location mapping information.
  • the mapping forwarding plane is configured to: if the identity location mapping information of the data packet is not found, the access service is The node sends an unreachable message, where the unreachable message includes an access identifier of the unreachable message;
  • the access service node is further configured to: record an access identifier of the unreachable packet; and receive a data packet of the access identifier of the unreceivable packet received next time, and receive the data packet next time
  • the data message is stored to the access service node.
  • the access service node is further configured to: configure an aging time, and if the aging time is up, process the data packet of the access identifier according to the configuration policy.
  • An access service node is used for an identity location separation network framework, where the access service node is set to:
  • mapping forwarding plane Interacting with the mapping forwarding plane, after the access service node receives the data packet sent by the user terminal, searching for the identity location mapping information according to the access identifier of the data packet, if the identity location mapping information is not found Processing data packets according to the configuration policy.
  • the configuration policy is one or more of store-and-forward, first packet forwarding, and first- ⁇ discarding.
  • the access service node is configured to: when the first packet is discarded, when the data packet sent by the user terminal is received, if the identity location mapping information of the data packet is not found, the data is discarded. Message;
  • the access service node is further configured to: record an access identifier of the data packet; and discard the data packet received next time when the data packet of the access identifier is received next time; or ,
  • the access service node is configured to: when the configuration policy is the first packet forwarding, send the data packet to the mapping forwarding plane; if the mapping forwarding plane cannot find the identity location mapping of the data packet Sending an unreachable message to the access service node, where the unreachable message includes an access identifier of the unreachable message;
  • the access service node is further configured to: record an access identifier of the unreachable packet; and discard the data packet of the access identifier of the next unreachable packet;
  • the access service node is configured to: when the configuration policy is stored and forwarded, store the data packet to the access service node; send an inquiry message to the mapping forwarding plane, where the query message is sent Include the access identifier of the data packet to perform the query of the identity location mapping information; if the mapping forwarding plane cannot find the identity location mapping information of the data packet, send the unreachable to the access service node a packet, where the unreachable packet includes an access identifier of the unreachable packet;
  • the access service node is further configured to: record an access identifier of the unreachable packet; and receive a data packet of the access identifier of the unreceivable packet received next time, and receive the data packet next time The data message is stored to the access service node.
  • the access service node is further configured to: configure an aging time, and if the aging time is up, process the data packet of the access identifier according to the configuration policy.
  • the invalid message that the ASN delivers to the mapping forwarding plane is reduced.
  • different ASN processing policies may be selected according to different network conditions; and a large number of invalid access identifiers generated by an abnormal situation (such as an attack) (The packets of the access Identifier (AID) can be discarded on the AID through the unreachable packets. Therefore, the AID is discarded. The discarding behavior is allowed on the ASN. Then enter the mapping forwarding plane, reducing the burden of the mapping forwarding plane.
  • FIG. 1 is a topological diagram of an identity location separation network in the prior art
  • FIG. 2 is a flowchart of interaction between an ASN and a mapping forwarding plane according to an embodiment of the present invention. Preferred embodiment of the invention
  • the present invention proposes a processing option that increases the ASN for not finding the mapping relationship.
  • this processing option the number of invalid packets delivered to the mapping forwarding plane can be reduced.
  • the ASN may select a policy for storing, forwarding, forwarding, or discarding packets whose identity location mapping information is not found;
  • the ASN can configure the number and time of storing and forwarding packets.
  • the ASN can extend the interaction between the definition and the mapping forwarding plane, record the invalid AID, and discard the AID directly.
  • the record information for invalid AIDs should have an aging mechanism.
  • a configuration policy for not identifying the identity location mapping information is added to the ASN; wherein the configuration policy may be store-and-forward, the first packet
  • the network condition may be: when the network is trusted, the delivery forwarding may be directly configured; when the network is untrustable, the configuration may be configured to discard;
  • the purpose of configuring the number of entries is to control the capacity of the entry table.
  • the storage time is to control the maximum storage time of data packets to avoid reporting.
  • the file is occupied by the cache of the device;
  • the ASN After receiving the data packet sent by the user terminal, the ASN performs a learning mapping process according to the configuration policy, and completes processing the data packet;
  • the configuration policy is that the first packet is discarded, when the ASN receives the data packet sent by the user terminal, if the data packet is not found, the packet can be discarded.
  • the ASN is configured to store and forward data packets, if the ASN does not find the identity location mapping information of the data packet, it can store it on the ASN and construct a query packet. It is sent to the mapping forwarding plane to perform the query of the identity location mapping information. If the first packet forwarding is configured, when the ASN receives the data packet sent by the user terminal, it sends the data packet to the mapping forwarding plane. The identity location mapping information of the data packet, the mapping forwarding plane sends an unreachable message to the ASN, including the unreachable AID, and the ASN records the unreachable AID, and the data of the next received AID is lost. Discard the processing.
  • the aging mechanism for the unreachable entry may be configured to increase the aging mechanism, that is, if the aging time is not reached, if the data of the AID does not learn the identity location mapping information, The data packet of the AID is discarded. If the aging time is up, the data packet of the AID is triggered to trigger a new learning process (that is, when the ASN receives the data packet of the AID, Projecting query messages to the mapping forwarding plane), thereby avoiding malicious DOS attacks.
  • the aging mechanism for storing and forwarding packets is configured to increase the aging mechanism, that is, if the aging time is not reached, if the data packet of the AID does not learn the identity location mapping information, The data packets of the AID are stored on the ASN. If the aging time expires, the stored files are discarded, thereby avoiding malicious DOS attacks and consuming the ASN cache.
  • FIG. 2 is an interaction process between a complete ASN and a mapping forwarding plane, which specifically includes the following steps:
  • Step 201 After receiving the data packet sent by the terminal through the access side network, the source ASN (ASN1) performs further processing according to the configuration policy when the mapping relationship is not found.
  • the device discards the mapping according to the configured policy.
  • Step 202 The mapping forwarding plane receives the query message, and searches for the identity location mapping information (searched in the identity location register (ILR)). When the identity location mapping information is not found, an unreachable packet is sent to the source ASN. ;
  • ILR identity location register
  • Step 203 The source ASN receives and processes the unreachable packet, and records the AID information of the unreachable packet.
  • Step 205 The aging time of the unreachable information, that is, the aging timer expires, and the saved unreachable time The information is aged, so that the user data can trigger the process of learning the identity location mapping information through the new data packet flow;
  • the invention reduces invalid messages that the ASN delivers to the mapping forwarding plane.
  • the following benefits are also obtained: For a packet that does not find a mapping relationship, different ASN processing policies may be selected according to different network conditions; for a large number of invalid access identifiers generated by an abnormal situation (such as an attack) A packet can be discarded on the AID by using the unreachable packet. Therefore, the AID is discarded. The discarding behavior is allowed on the ASN. Reduce the burden of mapping the forwarding plane.

Abstract

La présente invention se rapporte à un procédé d'interaction entre un nœud de service d'accès (ASN) et un plan d'envoi de mappage. Ce procédé est destiné à une plateforme de réseau à séparation d'identité et de localisation. Au cours dudit procédé : des stratégies de configuration, qui devront être appliquées aux messages dont les informations de mappage de localisation et d'identité sont introuvables, sont ajoutées à l'ASN; pendant le processus d'interaction entre l'ASN et le plan d'envoi de mappage, suite à la réception d'un message de données transmis par un terminal d'utilisateur, ledit ASN demande les informations de mappage de localisation et d'identité en se basant sur l'identificateur d'accès de ce message de données; si ces informations de mappage de localisation et d'identité sont introuvables, le message de données est traité selon les stratégies de configuration. L'invention concerne également un système correspondant ainsi qu'un ASN. Elle permet de limiter la quantité de messages non valides que l'ASN remet au plan d'envoi de mappage.
PCT/CN2010/074169 2009-09-17 2010-06-21 Procédé et système d'interaction entre un asn et un plan d'envoi de mappage, et asn WO2011032405A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910174695.4 2009-09-17
CN2009101746954A CN102025602A (zh) 2009-09-17 2009-09-17 一种接入服务节点与映射转发平面交互的方法与系统

Publications (1)

Publication Number Publication Date
WO2011032405A1 true WO2011032405A1 (fr) 2011-03-24

Family

ID=43758063

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/074169 WO2011032405A1 (fr) 2009-09-17 2010-06-21 Procédé et système d'interaction entre un asn et un plan d'envoi de mappage, et asn

Country Status (2)

Country Link
CN (1) CN102025602A (fr)
WO (1) WO2011032405A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102307191B (zh) * 2011-08-19 2015-05-06 北京交通大学 一种提高分离映射网络安全性的方法
CN108882224B (zh) * 2017-05-12 2022-05-03 中兴通讯股份有限公司 一种用户身份信息的分配方法及接入业务路由器

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1494280A (zh) * 2002-11-02 2004-05-05 ��Ϊ�������޹�˾ 网络设备中控制报文转发的方法
CN1801764A (zh) * 2006-01-23 2006-07-12 北京交通大学 一种基于身份与位置分离的互联网接入方法
CN101127663A (zh) * 2007-09-13 2008-02-20 北京交通大学 一种移动自组织网络接入一体化网络的系统及方法
CN101483675A (zh) * 2008-01-11 2009-07-15 华为技术有限公司 一种网络设备查找方法和网络设备

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483600B (zh) * 2009-02-19 2012-05-23 北京交通大学 实现一体化网络归属域信息扩散的方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1494280A (zh) * 2002-11-02 2004-05-05 ��Ϊ�������޹�˾ 网络设备中控制报文转发的方法
CN1801764A (zh) * 2006-01-23 2006-07-12 北京交通大学 一种基于身份与位置分离的互联网接入方法
CN101127663A (zh) * 2007-09-13 2008-02-20 北京交通大学 一种移动自组织网络接入一体化网络的系统及方法
CN101483675A (zh) * 2008-01-11 2009-07-15 华为技术有限公司 一种网络设备查找方法和网络设备

Also Published As

Publication number Publication date
CN102025602A (zh) 2011-04-20

Similar Documents

Publication Publication Date Title
WO2017000878A1 (fr) Traitement de message
US20110032939A1 (en) Network system, packet forwarding apparatus, and method of forwarding packets
EP2719133A1 (fr) Plan bimode généralisé de transmission de données pour réseau axé sur l'information
WO2009012663A1 (fr) Procédé, système de communication et dispositif pour le traitement de paquets arp
WO2012151904A1 (fr) Procédé et dispositif d'acheminement de paquet de données
WO2012167559A1 (fr) Procédé et dispositif à triple couche pour l'envoi rapide de paquets de données
WO2013029569A1 (fr) Plan bimode généralisé de transmission de données pour réseau axé sur l'information
WO2011044790A1 (fr) Procédé de notification d'informations et noeud d'accès pour transmission d'un message de données pendant un processus de transfert
WO2010072096A1 (fr) Procédé et dispositif d'accès à bande large pour améliorer la sécurité d'une découverte de voisins dans un environnement ipv6
WO2013056628A1 (fr) Procédé, serveur d'applications, base de données de réseau et système pour former un mécanisme de battement de cœur
WO2012159481A1 (fr) Procédé de découverte d'unité de transmission maximale de chemin et nœud
WO2011131097A1 (fr) Procédé de traitement de message de données, système et nœud de service d'accès
WO2011147371A1 (fr) Procédé et système pour la mise en œuvre d'une transmission de données entre des machines virtuelles
WO2012075850A1 (fr) Procédé et système pour empêcher une usurpation d'adresse mac, et commutateur
WO2011131088A1 (fr) Procédé de traitement de message de données, routeur de tunnel d'entrée et système
WO2011035615A1 (fr) Procédé, système et appareil de transmission de données
WO2008128449A1 (fr) Procédé, système et dispositif d'accès permettant la mise en oeuvre d'une intercommunication à deux couches de service spécial
US9270593B2 (en) Prediction based methods for fast routing of IP flows using communication/network processors
JP5966488B2 (ja) ネットワークシステム、スイッチ、及び通信遅延短縮方法
JP2013070325A (ja) 通信システム、通信装置、サーバ、通信方法
WO2012088934A1 (fr) Procédé et dispositif de commutation pour filtrer des messages
WO2011041960A1 (fr) Procédé et appareil de prévention des attaques par déni de service
WO2011032405A1 (fr) Procédé et système d'interaction entre un asn et un plan d'envoi de mappage, et asn
WO2012167659A1 (fr) Procédé et dispositif de communication de données dans un protocole d'applications contraintes
RU2542933C1 (ru) Способ (варианты), устройство (варианты) и система управления доступом

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10816609

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10816609

Country of ref document: EP

Kind code of ref document: A1