WO2011069399A1 - Address mapping method and access service node - Google Patents

Address mapping method and access service node Download PDF

Info

Publication number
WO2011069399A1
WO2011069399A1 PCT/CN2010/078568 CN2010078568W WO2011069399A1 WO 2011069399 A1 WO2011069399 A1 WO 2011069399A1 CN 2010078568 W CN2010078568 W CN 2010078568W WO 2011069399 A1 WO2011069399 A1 WO 2011069399A1
Authority
WO
WIPO (PCT)
Prior art keywords
destination
identifier
service node
access service
location identifier
Prior art date
Application number
PCT/CN2010/078568
Other languages
French (fr)
Chinese (zh)
Inventor
孙翼舟
王标
江华
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011069399A1 publication Critical patent/WO2011069399A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/06Optimizing the usage of the radio link, e.g. header compression, information sizing, discarding information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to an address mapping method and an access service node.
  • the structure of the Internet is far from optimal. There are many major design problems.
  • the typical problem is the dual attribute of the IP address, that is, the IP address represents both the user identity and the network topology of the user. , that is, the dual attribute of the IP address.
  • the Internet was invented in the 1970s. It is difficult to predict that there will be a large number of mobile terminals and multiple township terminals in the world today. Therefore, the Internet protocol stack at that time was mainly designed for terminals connected in a "fixed" manner. In the current network environment, since the terminal basically does not move from one location to another, the transmitted address is the received address, and the path is reversible, so the IP address with dual attributes of identity and location can work very well. There is no conflict between the identity attribute of the IP address and the location attribute.
  • the IP address also represents the identity and location that exactly met the network needs of the time. From the perspective of the network environment at the time, this design scheme is simple and effective, simplifying the hierarchy of the protocol stack. But there is no doubt that there is an internal contradiction between the identity attribute of the IP address and the location attribute.
  • the identity attribute of an IP address requires that any two IP addresses be equal.
  • the location attribute of the IP address requires that the IP address be assigned based on the network topology (rather than the organization).
  • the IP addresses in the same subnet should be in a contiguous IP address block so that the network topology can be made.
  • the IP address prefix is aggregated, thereby reducing the entries of the routing table of the router device and ensuring the scalability of the routing system.
  • the address is assigned according to the topology, or the topology is deployed according to the address, and the two must choose one.
  • the identity attribute of an IP address requires that the IP address be assigned based on the organization to which the terminal belongs (rather than the network topology), and this allocation must be stable and cannot be changed frequently; the location attribute of the IP address requires the IP address to be based on the network.
  • the topology is allocated to ensure the scalability of the routing system. In this way, the two attributes of the IP address create conflicts, which eventually leads to the scalability problem of the Internet routing system.
  • the identity attribute of the IP address requires that the IP address should not change as the location of the terminal changes. This ensures that the communication bound to the identity is not interrupted, and that the terminal can still use its identity after the terminal is moved.
  • the communication link is established; the location attribute of the IP address requires the IP address to change as the terminal location changes, so that the IP address can be aggregated in the new network topology, otherwise the network must reserve a separate route for the mobile terminal.
  • Information which causes a sharp increase in routing table entries.
  • a number of township issues Many townships usually refer to terminals or networks that access the Internet through multiple Internet Service Provider (ISP) networks.
  • ISP Internet Service Provider
  • the advantages of multiple township technologies include increasing network reliability, supporting traffic load balancing across multiple ISPs, and increasing overall available bandwidth.
  • the identity attribute of an IP address requires that a plurality of township terminals always display the same identity to other terminals, regardless of whether the multiple township terminals access the Internet through several ISPs; and the location attribute of the IP address requires that multiple township terminals are different.
  • the ISP network uses different IP addresses to communicate, so that the IP address of the terminal can be aggregated in the topology of the ISP network.
  • IP address includes both the identity information and the location information of the terminal
  • both the communication peer and the malicious eavesdropper can obtain the identity information and the topology location information of the terminal according to the IP address of the terminal.
  • the dual attribute problem of IP address is one of the fundamental reasons that plague the Internet to continue to develop. Separating the identity attribute and location attribute of the IP address is a good way to solve the problems faced by the Internet. The new network will be designed based on this idea and propose an identity letter. Separate the network structure of interest and location information to solve some serious drawbacks of the existing Internet.
  • the Host Identity Protocol adds a host identifier to the network layer with the IP address as the identifier.
  • Some schemes classify the IP address. IP is used as the identity, and part of the IP is used as the location identifier, such as the Locator/ID Separation Protocol (LISP); the patent application CN 1801764, published on July 12, 2006, Location Separation Internet Access Method" proposes a solution to use I
  • the P address is used as the location identifier of the host, and the host identifier is introduced as an identity to solve the problem of identity and location separation.
  • Location and identity separation are the core technologies of future data communication networks, especially mobile data communication networks.
  • the above solution regardless of which identifier is used to represent the terminal identity information and which identifier is used to represent the terminal location information, must establish a mapping relationship between the identity identifier and the location identifier for use by the network device for addressing.
  • the mapping relationship is stored in the mapping server, and the access service node receives the data packet sent from the terminal. If the destination identity of the data packet is unknown, the identity location mapping table of the mapping server needs to be queried, and the identity identifier is found according to the destination identity identifier. Destination location identifier, encapsulates the data packet and sends it to the corresponding network.
  • the access service node in order to forward the data packet, it needs to interact with the mapping server to obtain the destination location identifier or forward the data packet by the mapping server, which will undoubtedly increase the access between the access service node and the mapping server. Data traffic, which in turn affects the processing speed of the network. Summary of the invention
  • the technical problem to be solved by the present invention is to provide an address mapping method and an access service node, so as to reduce data traffic between the access service node and the mapping server, and improve data packet processing efficiency.
  • the present invention provides an address mapping method, where the method is implemented based on an identity location separation network, and the access service node is provided with a common address mapping table, where the common address mapping table includes common identity identifiers and Mapping relationship of location identifiers; the method includes:
  • the access service node receives a data packet, where the data packet includes a destination identity identifier; the access service node queries the common address mapping table according to the destination identity identifier in the data packet;
  • the access service node forwards the data packet according to the destination location identifier;
  • the destination location identifier corresponding to the destination identity is not found in the table, and the access service node interacts with the mapping server to forward data packets.
  • the method further includes: configuring the common address mapping table by the system, or periodically updating the common address mapping table according to a broadcast of the mapping server.
  • the method further includes: Querying the address mapping table learned in the local cache, if the destination location identifier corresponding to the destination identity identifier is not found, performing the access service node according to the destination identity identifier in the data packet The steps of the address mapping table.
  • the method further includes: querying the address mapping table learned in the local cache, if the destination corresponding to the destination identity identifier is not found And performing the step of performing the data packet forwarding by the access service node and the mapping server.
  • the step of the access service node interacting with the mapping server to forward data packets includes:
  • the access service node forwards the packet to the mapping server of the mapping forwarding plane; the mapping server queries the address mapping table to obtain the destination location identifier corresponding to the destination identity identifier, and then the root Decoding and forwarding the data packet according to the destination location identifier; or
  • the access service node requests the mapping server to obtain a destination location identifier corresponding to the destination identity identifier; after the mapping server queries the address mapping table, returns the queried destination location to the access service node.
  • the access service node implements encapsulation and forwarding of data packets according to the obtained destination location identifier.
  • the present invention further provides an access service node, where the access service node is located in an identity location separation network, and includes:
  • a packet receiving module configured to receive a data packet, where the data packet includes a destination identity identifier
  • a commonly used address mapping table which is configured to save a mapping relationship between a commonly used identity identifier and a location identifier
  • a location identifier obtaining module that is connected to the packet receiving module and the common address mapping table, and is configured to: according to the data
  • the destination identity identifier in the packet is used to query the common address mapping table to obtain a destination location identifier corresponding to the destination identity identifier, or obtain a destination location identifier corresponding to the destination identity identifier from the mapping server;
  • a packet forwarding module configured to be connected to the location identifier obtaining module, and configured to forward the data packet according to the destination location identifier corresponding to the destination identity identifier in the received data packet.
  • the common address mapping table is configured by a system
  • the access service node further includes a mapping relationship maintenance module that is connected to the common address mapping table, where the mapping relationship maintenance module is configured to update the common address mapping according to an address mapping relationship broadcast by the mapping server. table.
  • the access service node further includes a mapping relationship cache module connected to the location identifier obtaining module, where
  • the mapping relationship cache module is configured to: learn and cache a mapping relationship between the destination location identifier obtained by the location identifier obtaining module from the mapping server and the corresponding destination identity identifier, and learn and cache the identity identifier of the source end in the data packet. a mapping relationship with a location identifier;
  • the location identifier obtaining module is further configured to: query the mapping relationship cache module to obtain a destination location identifier corresponding to the destination identity identifier.
  • the present invention further provides another access service node, where the access service node is located in an identity location separation network, and includes:
  • a packet receiving module configured to receive a data packet, where the data packet includes a destination identity identifier
  • a commonly used address mapping table which is configured to save a mapping relationship between a commonly used identity identifier and a location identifier
  • a local location identifier query module which is connected to the packet receiving module and the common address mapping table, and configured to be based on the data The destination identity in the message queries the commonly used address mapping table
  • a packet forwarding module configured to connect to the local location identifier query module, and configured to forward the data packet according to the query result of the local location identifier query module.
  • the >3 ⁇ 4 text forwarding module is configured to: if the query result of the local location identifier query module is that the destination location identifier corresponding to the destination identity identifier is obtained, implementing the Encapsulating and forwarding the data packet; if the query result of the local location identifier query module is that the destination location identifier corresponding to the destination identifier is not obtained, forwarding the data packet to the mapping server.
  • the access service node further includes a mapping relationship maintenance module connected to the common address mapping table, wherein the mapping relationship maintenance module is configured to update the common address mapping table according to an address mapping relationship broadcast by the mapping server.
  • the access service node further includes a mapping relationship cache module connected to the local location identifier query module, where
  • the mapping relationship cache module is configured to: learn and cache a mapping relationship between the identity identifier of the source end and the location identifier in the data packet;
  • the local location identifier query module is further configured to: query the mapping relationship cache module to obtain a destination location identifier corresponding to the destination identity identifier.
  • the address mapping method and the access service node of the present invention configure a common address mapping table. After receiving the data packet sent by the terminal, if the destination identity of the data packet can be found in the table, the access service node can locally The destination location identifier of the packet is found without having to map the server query, thereby reducing data traffic between the access service node and the mapping server.
  • FIG. 1 is a schematic diagram of a network topology of an identity location separation architecture according to the present invention.
  • FIG. 2 is a schematic flow chart of an address mapping method of the present invention
  • FIG. 3 is a schematic flowchart of a specific implementation manner of an address mapping method according to the present invention.
  • FIG. 4 is a schematic structural diagram of an implementation manner of an access service node according to the present invention.
  • FIG. 5 is a schematic structural diagram of still another embodiment of an access service node according to the present invention.
  • the address mapping method of the present invention and the main idea of the access service node are: establishing a common address mapping table in the access service node of the identity location separation network, and querying the common address mapping table when forwarding the packet, when not queried Then, according to the normal destination location identification acquisition method.
  • the identifier of the present invention refers to an identifier for identifying the identity information of the terminal, and is not limited to the URL of the application layer, FQDN, IPNL, TRIAD (A Scalable Deployable NAT-based Internet Architecture) or IP address.
  • the location identifier refers to an identifier for identifying routing information of the terminal, which is also not limited to an IP address.
  • the commonly used address mapping table in the present invention stores mapping relationships between identity identifiers and location identifiers that are commonly used, public, or infrequently changed, such as the identity location mapping relationship of some portal websites.
  • the network is divided into an access layer and a core layer, and each user in the network is assigned a unique identity AID, which remains unchanged during the mobile process; there are two types of identifiers in the network.
  • Type Identity AID and Location ID RID, where the identity AID can only be used at the access layer, and the location ID RID can only be used at the core layer.
  • the topology of this architecture is shown in Figure 1. Under this framework, the network is divided into an access network 110 and a backbone network 120.
  • the access network 110 is located at the edge of the backbone network 120 and is responsible for access of all terminals.
  • the backbone network 120 is responsible for routing of terminals accessed through different access networks 110.
  • the access service node 130 is located at a demarcation point of the backbone network 120 and the access network 110, interfaces with the access network 110, and interfaces with the backbone network 120.
  • the access network 110 and the backbone network 120 do not overlap in the topology relationship. Communication between user terminals The letter only needs to be carried out using the identity of the peer.
  • the access service node 130 provides access services for the terminal, maintains user connections, and forwards user data.
  • the backbone network of the architecture is divided into two planes: a mapping forwarding plane 121 and a generalized forwarding plane 122.
  • the main function of the generalized forwarding plane 122 is to select and forward data packets according to the location identifier RID in the data packet.
  • the data routing and forwarding behavior in the generalized forwarding plane 122 is consistent with the Legecy IP network.
  • mapping forwarding plane The main function of the mapping forwarding plane is to save the mapping information of the mobile node's identity location, process the registration process of the mobile node, process the location query process of the communication peer, and route and forward the data packet with the identity identifier AID as the destination address.
  • the main network elements and functional entities of this architecture include:
  • ASN 130 maintains the connection relationship between the terminal and the network, assigns the RID to the terminal, processes the handover process, processes the registration process, processes the accounting/authentication process, and maintains/queries the communication.
  • the ASN 130 if it receives the data packet sent by the terminal (MN), it queries the AID-RID mapping table in the local cache according to the AIDc of the destination address communication end (CN) in the data packet.
  • the corresponding AIDc-RIDc mapping entry is found, and the RIDc is encapsulated in the packet header as the destination address, and the RIDm corresponding to the MN source address AIDm is encapsulated in the packet header and forwarded to the generalized forwarding plane 122;
  • the corresponding AIDc-RIDc mapping entry is not found, and the data packet is tunnel encapsulated and then forwarded to the mapping forwarding plane 121, and the flow of querying the AIDc-RIDc mapping relationship is sent to the mapping forwarding plane 121.
  • the ASN 130 When receiving the data packet sent by the network to the terminal, the ASN 130 decapsulates the data packet, strips the RID encapsulation of the data packet header, and retains the AID as a data packet header to be sent to the terminal.
  • ILR Identity Location Register/Packet Transfer Function
  • the Broke ILR is mainly used to signal the signaling between transit ILRs when there is no direct relationship between the ILR and the home ILR.
  • the mapping forwarding plane 121 After receiving the data packet sent by the ASN 130, the mapping forwarding plane 121 routes and forwards the PTF according to the destination AID in the mapping forwarding plane. After the PTF node in the mapping forwarding plane 121 finds the mapping relationship of the destination AID-RID, it encapsulates the corresponding RID information in the data packet header and forwards it to the generalized forwarding plane 122, which is routed by the generalized forwarding plane 122 and forwarded to the communication peer. .
  • the Certification Center is responsible for recording the user attributes of the network, including user categories, authentication information, and user service levels, and generating user security information for authentication, integrity protection, and encryption. Access control and authorization.
  • the certificate authority supports two-way authentication between the terminal and the network.
  • the identity AID of the end user remains the same.
  • Location ID The RID indicates the location of the ASN where the current terminal is located.
  • the authentication center authenticates the authenticity of the identity, and the mapping server saves the AID-RID mapping relationship of each node.
  • the access network partially distinguishes the different nodes from the identity identifier AID.
  • the generalized switching plane uses RID to route data packets. To establish an end-to-end communication process, the identity identifier AID is used to find the corresponding user location identifier RID.
  • the address mapping method of the present invention is implemented based on an identity location separation network.
  • the access service node is provided with a common address mapping table, which includes a mapping relationship between a common identity identifier and a location identifier.
  • the common AID-RID mapping table of the access service node is written from the configuration file when the access service node is powered on, and needs to be updated during the operation of the access service node.
  • the update manner is as follows:
  • the mapping server periodically broadcasts a common AID-RID mapping table to all access service nodes in the network, and the access service node updates its common AID-RID mapping table after receiving it.
  • AID-RID mapping table of the buffer of the access service node if some entries are used frequently, they can be added to the common AID-RID mapping table of the access service node.
  • the address mapping method of the present invention includes:
  • the access service node receives a data packet, where the destination identity identifier is included;
  • 202 The access service node queries the common address mapping table according to the destination identity identifier in the data packet.
  • the access service node forwards the data packet according to the destination location identifier; otherwise, the data packet is forwarded by the mapping server.
  • Step 203 is: if the destination location identifier corresponding to the destination identity identifier is queried in the common address mapping table, the access service node forwards the data packet according to the destination location identifier; The destination location identifier corresponding to the destination identifier is not queried in the common address mapping table, and the access service node interacts with the mapping server to forward data packets.
  • the access service node has the function of buffering the learning address mapping table.
  • the local identity AID needs to be carried as a source address in the data packet to the communication peer.
  • the access service node of the communication peer can obtain the mapping relationship between the identity identifier and the location identifier of the source end from the source address carried in the data packet, and can also obtain the mapping relationship between the identity identifier and the location identifier of the destination end according to the feedback of the mapping server.
  • the learned AID-RID mapping relationship is maintained in the local buffer of the peer access service node.
  • mapping server Before interacting with the mapping server, query the common address mapping table and the cache address mapping table to reduce the interaction between the access service node and the mapping server.
  • the following two sequences can be used:
  • the access service node Before accessing the common address mapping table, the access service node first queries the address mapping table learned in the local cache. If the destination location identifier is not found, the common address mapping table is queried.
  • the access service node does not query the corresponding destination location identifier in the common address mapping table, first query the address mapping table learned in the local cache, and if the destination location identifier is not found, then The mapping server obtains the destination location identifier.
  • the access service node interacts with the mapping server to perform packet forwarding.
  • the following two implementation modes are implemented: Method 1, based on the architecture shown in Figure 1, the access service node forwards the packet to the mapping server of the mapping forwarding plane, and then The mapping server queries the AID-RID mapping table to obtain the destination RID, and the mapping server implements packet encapsulation and forwarding of the packet.
  • the access service node requests the mapping server to obtain the RID corresponding to the destination AID, and after the mapping server queries the AID-RID mapping table, returns the destination RID to the access service node, and then connects
  • the ingress service node implements packet encapsulation and forwarding.
  • Step 301 The access service node receives the data packet sent by the terminal user M, where the identity identifier AIDm of the user M and the identity identifier AIDn of the peer user N are included;
  • Step 302 The access service node searches the AID-RID mapping table in the buffer. If there is an AIDn entry, the destination location identifier RIDn is used as the destination address of the data packet, and the data packet is sent. Otherwise, Go to step 303;
  • Step 303 The access service node searches for a common AID-RID mapping table. If there is an AIDn entry, the destination location identifier RIDn is used as the destination address of the data packet, and the data packet is sent, otherwise step 304 is performed;
  • Step 304 The access service node searches for the AID-RID mapping table of the mapping server, and then uses the found destination location identifier RIDn as the destination address of the data packet, and sends the data packet.
  • the access service node finds the corresponding AIDn-RIDn mapping entry in the common address mapping table or the local cache, the RIDn is encapsulated in the packet header as the destination address, and the M source address is used.
  • the RIDm corresponding to the AIDm is encapsulated in the packet header and forwarded to the generalized forwarding plane. Otherwise, the data packet is tunnel encapsulated and then forwarded to the mapping server of the mapping forwarding plane.
  • the mapping between the forwarding plane and the AIDn-RIDn is mapped.
  • the corresponding RIDn information is encapsulated in the data packet header and forwarded to the generalized forwarding plane, which is routed by the generalized forwarding plane and forwarded to the communication peer.
  • the present invention provides an access service node, where the access service node is located in an identity location separation network.
  • the access service node includes:
  • the message receiving module 410 is configured to receive a data packet, where the destination identifier is included, and the location identifier obtaining module 420 is connected to the packet receiving module 410, according to the The destination identity identifier in the data packet queries the common address mapping table 440 or obtains the destination location identifier corresponding to the destination identity identifier from the mapping server, and notifies the packet forwarding module 430;
  • the message forwarding module 430 is connected to the location identifier obtaining module 420, and configured to forward the data packet according to the destination location identifier corresponding to the destination identity identifier in the received data packet.
  • the common address mapping table 440 is connected to the location identifier obtaining module 420 for storing a common address mapping relationship.
  • the common address mapping table 440 is configured by the system.
  • the mapping relationship maintenance module 450 is connected to the common address mapping table 440, and is configured to update the common address mapping table 440 according to a common address mapping relationship broadcast by the mapping server.
  • the mapping relationship cache module 460 is connected to the location identifier obtaining module 420, and is configured to learn and cache the mapping relationship between the destination location identifier obtained by the location identifier obtaining module 420 and the corresponding destination identity identifier, and learn and cache the datagram. a mapping relationship between the identity identifier and the location identifier of the source end; the location identifier obtaining module 420 queries the mapping relationship cache module 460 and the common address mapping table 440 before obtaining the destination location identifier from the mapping server, When the corresponding destination location identifier is not queried, it is obtained from the mapping server.
  • the access service node is located in the identity location separation network shown in FIG. 1 .
  • the access service node includes:
  • the message receiving module 510 is configured to receive a data packet, where the destination identity identifier is included, and the local location identifier querying module 520 is connected to the packet receiving module 510, and configured to perform the query according to the destination identity identifier in the data packet.
  • the address mapping table 540 is commonly used, and the message forwarding module 530 is notified;
  • the message forwarding module 530 is connected to the local location identifier query module 520, and configured to forward the data file according to the query result of the local location identifier query module 520.
  • the method may be: when the destination location identifier is obtained, the data packet is forwarded according to the destination location identifier, and the data packet is forwarded to the mapping server; The result of the query is that the destination location identifier corresponding to the destination identity is obtained, then the root And performing the encapsulation and forwarding of the data according to the destination location identifier; if the query result of the local location identifier query module is that the destination location identifier corresponding to the destination identifier is not obtained, the datagram is Forward to the mapping server;
  • the common address mapping table 540 is connected to the local location identifier query module 520 for saving a common address mapping relationship.
  • the mapping relationship maintenance module 550 is connected to the common address mapping table 540, and is configured to update the common address mapping table 540 according to a common address mapping relationship broadcast by the mapping server.
  • the mapping relationship cache module 560 is connected to the local location identifier query module 520, and is configured to learn and cache the mapping relationship between the identity identifier and the location identifier of the source end in the data packet.
  • the local location identifier query module 520 notifies the forwarding Before forwarding the data packet, the module 530 queries the mapping relationship cache module 560 and the common address mapping table 540 to notify the packet forwarding module 530 to forward the data packet when the corresponding destination location identifier is not queried.
  • the address mapping method and the access service node of the present invention configure a common address mapping table. After receiving the data packet sent by the terminal, if the destination identity of the data packet can be found in the table, the access service node can locally The destination location identifier of the packet is found without having to map the server query, thereby reducing data traffic between the access service node and the mapping server.
  • the address mapping method and the access service node of the present invention configure a common address mapping table, and after the access service node receives the data packet sent by the terminal, if the destination identity of the data packet can be found in this table, it is locally The destination location identifier of the packet can be found without having to map the server query, thereby reducing the data traffic between the access service node and the mapping server.

Abstract

The present invention discloses an address mapping method and an Access Service Node (ASN), which are implemented based on an identity and location separation network, wherein the ASN is provided with a commonly used address mapping table including a mapping relationship between commonly used identity identifiers and location identifiers. The method includes: the ASN receives a data message including a target identity identifier; the ASN queries the commonly used address mapping table according to the target identity identifier in the data message; if the target location identifier corresponding to the target identity identifier is found in the commonly used address mapping table, then the ASN forwards the data message according to the target location identifier; if the target location identifier corresponding to the target identity identifier is not found in the commonly used address mapping table, then the ASN interacts with a mapping server to forward the data message. The present invention can reduce data traffic between the ASN and the mapping server, and improve the efficiency of data message processing.

Description

地址映射方法及接入业务节点  Address mapping method and access service node
技术领域 Technical field
本发明涉及通信技术领域,尤其涉及一种地址映射方法及接入业务节点。  The present invention relates to the field of communications technologies, and in particular, to an address mapping method and an access service node.
背景技术 Background technique
关于下一代信息网络架构的研究是当前最热门的课题之一。 目前大多数 研究接受的观点是: 未来网络将以互联网为统一承载网络。 互联网从其诞生 以来一直保持高速发展, 已成为当前最成功、 最具生命力的通信网络, 其灵 活可扩展性、 高效的分组交换、 终端强大的功能等特点非常符合新一代网络 的设计需要, 互联网将是新一代网络设计的主要参考蓝本。  Research on the next generation of information network architecture is one of the hottest topics at present. At present, most of the research accepted the view that: In the future, the network will use the Internet as the unified bearer network. The Internet has maintained rapid development since its birth. It has become the most successful and most vital communication network. Its flexible and scalable, efficient packet switching, and powerful functions of the terminal are in line with the design needs of the new generation network. It will be the main reference blueprint for next-generation network design.
然而, 互联网的结构还远远没有达到最优, 存在很多重大的设计问题, 其中比较典型的是 IP地址的双重属性的问题, 即 IP地址既代表用户身份, 又代表用户所处的网络拓朴, 即 IP地址的双重属性。 互联网发明于二十世纪 七十年代, 人们难以预计今天世界上将存在大量的移动终端和多家乡终端, 因此当时的互联网协议栈主要是针对以 "固定"方式连接的终端而设计。 在当 时的网络环境下, 由于终端基本上不会从一个位置移动到其它位置, 发送的 地址就是接收的地址, 路径是可逆的, 所以具有身份和位置双重属性的 IP地 址能够非常好的工作, IP地址的身份属性与位置属性之间没有产生任何冲突。  However, the structure of the Internet is far from optimal. There are many major design problems. The typical problem is the dual attribute of the IP address, that is, the IP address represents both the user identity and the network topology of the user. , that is, the dual attribute of the IP address. The Internet was invented in the 1970s. It is difficult to predict that there will be a large number of mobile terminals and multiple township terminals in the world today. Therefore, the Internet protocol stack at that time was mainly designed for terminals connected in a "fixed" manner. In the current network environment, since the terminal basically does not move from one location to another, the transmitted address is the received address, and the path is reversible, so the IP address with dual attributes of identity and location can work very well. There is no conflict between the identity attribute of the IP address and the location attribute.
IP地址同时代表身份和位置恰恰满足了当时的网络需求。 从当时的网络环境 来看, 这种设计方案简单有效, 简化了协议栈的层次结构。 但毋庸置疑的是, IP地址的身份属性与位置属性之间存在着内部矛盾。 IP地址的身份属性要 求任意两个 IP地址都是平等的, 虽然 IP地址可以按照组织机构进行分配, 但是连续编码的 IP地址之间没有必然的关系 ,或者至少在拓朴位置上没有必 然的关系; IP地址的位置属性则要求 IP地址基于网络拓朴(而不是组织机 构 )进行分配, 处于同一个子网内的 IP地址都应该处于一个连续的 IP地址 块中,这样才可以使网络拓朴中的 IP地址前缀聚合,从而减少路由器设备的 路由表的条目, 保证路由系统的可扩展性。 The IP address also represents the identity and location that exactly met the network needs of the time. From the perspective of the network environment at the time, this design scheme is simple and effective, simplifying the hierarchy of the protocol stack. But there is no doubt that there is an internal contradiction between the identity attribute of the IP address and the location attribute. The identity attribute of an IP address requires that any two IP addresses be equal. Although the IP address can be assigned according to the organization, there is no necessary relationship between consecutively encoded IP addresses, or at least there is no necessary relationship in the topology. The location attribute of the IP address requires that the IP address be assigned based on the network topology (rather than the organization). The IP addresses in the same subnet should be in a contiguous IP address block so that the network topology can be made. The IP address prefix is aggregated, thereby reducing the entries of the routing table of the router device and ensuring the scalability of the routing system.
总的来说, IP地址双重属性的内在矛盾将导致如下主要问题: 1. 路由可扩展问题。 关于互联网路由系统的可扩展性存在一个基本的假 定: In general, the inherent contradiction between the dual attributes of IP addresses will lead to the following main problems: 1. Routing scalability issues. There is a basic assumption about the scalability of Internet routing systems:
"地址按照拓朴进行分配, 或者拓朴按照地址进行部署, 二者必选其一"。  "The address is assigned according to the topology, or the topology is deployed according to the address, and the two must choose one."
IP地址的身份属性要求 IP地址基于终端所属的组织机构(而不是网络拓朴) 进行分配, 而且这种分配要保持一定的稳定性, 不能经常改变; 而 IP地址的 位置属性要求 IP地址基于网络拓朴进行分配, 以便保证路由系统的可扩展 性。 这样, IP地址的两种属性就产生了冲突, 最终引发了互联网路由系统的 可扩展问题。  The identity attribute of an IP address requires that the IP address be assigned based on the organization to which the terminal belongs (rather than the network topology), and this allocation must be stable and cannot be changed frequently; the location attribute of the IP address requires the IP address to be based on the network. The topology is allocated to ensure the scalability of the routing system. In this way, the two attributes of the IP address create conflicts, which eventually leads to the scalability problem of the Internet routing system.
2. 移动性问题。 IP地址的身份属性要求 IP地址不应该随着终端位置的 改变而变化, 这样才能够保证绑定在身份上的通信不中断, 也能够保证终端 在移动后,其它终端仍能够使用它的身份与之建立通信联系; 而 IP地址的位 置属性则要求 IP地址随着终端位置的改变而改变, 以便 IP地址能够在新的 网络拓朴中聚合, 否则网络就必须为移动后的终端保留单独的路由信息, 从 而造成路由表条目的急剧增长。  2. Mobility issues. The identity attribute of the IP address requires that the IP address should not change as the location of the terminal changes. This ensures that the communication bound to the identity is not interrupted, and that the terminal can still use its identity after the terminal is moved. The communication link is established; the location attribute of the IP address requires the IP address to change as the terminal location changes, so that the IP address can be aggregated in the new network topology, otherwise the network must reserve a separate route for the mobile terminal. Information, which causes a sharp increase in routing table entries.
3. 多家乡问题。 多家乡通常指终端或网络同时通过多个互联网服务提供 商(ISP ) 的网络接入到互联网。 多家乡技术的优点包括增加网络的可靠性、 支持多个 ISP之间的流量负载均衡和提高总体可用带宽等。但是, IP地址双 重属性的内在矛盾使得多家乡技术难以实现。 IP地址的身份属性要求一个多 家乡终端始终对其它终端展现不变的身份,无论该多家乡终端是通过几个 ISP 接入到互联网;而 IP地址的位置属性则要求一个多家乡终端在不同的 ISP 网 络中使用不同的 IP地址通信, 这样才能保证终端的 IP地址能够在 ISP 网络 的拓朴中聚合。  3. A number of township issues. Many townships usually refer to terminals or networks that access the Internet through multiple Internet Service Provider (ISP) networks. The advantages of multiple township technologies include increasing network reliability, supporting traffic load balancing across multiple ISPs, and increasing overall available bandwidth. However, the inherent contradiction between the dual attributes of IP addresses makes it difficult to implement multiple township technologies. The identity attribute of an IP address requires that a plurality of township terminals always display the same identity to other terminals, regardless of whether the multiple township terminals access the Internet through several ISPs; and the location attribute of the IP address requires that multiple township terminals are different. The ISP network uses different IP addresses to communicate, so that the IP address of the terminal can be aggregated in the topology of the ISP network.
4. 安全和位置隐私问题。 由于 IP地址同时包含终端的身份信息和位置 信息,所以通信对端和恶意窃听者都可以才艮据一个终端的 IP地址同时获得该 终端的身份信息和拓朴位置信息。 总的来说, 自从传统互联网的体系结构建 立以来, 互联网的技术环境和用户群体都已经发生了翻天覆地的变化, 互联 网需要随之进行革新。 IP地址的双重属性问题是困扰互联网继续发展的根本 原因之一,将 IP地址的身份属性和位置属性进行分离,是解决互联网所面临 问题的一个很好的思路。 新网络将基于这种思路进行设计, 提出一种身份信 息与位置信息分离映射的网络结构,以解决现有互联网存在的一些严重弊端。 为了解决身份和位置的问题, 业界进行了大量的研究和探索, 所有身份 与位置分离方案的基本思想都是将原本绑定在 IP地址上的身份与位置双重 属性分离。 其中, 有些方案釆用应用层的统一资源定位符(Uniform Resource Locator, 简称 URL, URL是用于完整地描述 Internet上网页和其他资源的地 址的一种标识方法) 或合格域名 ( Fully Qualified Domain Name, 简称 FQDN ) 作为终端的身份标识, 如 IP下一层( IP Next Layer , 简称 IPNL , 属于 NAT 扩展架构的方式)、 TRIAD(可升级配置的基于 NAT的互联网架构, A Scalable Deployable NAT-based Internet Architecture ) 等; 有些方案引入了新的名字空 间作为身份标识, 如主机识别协议(Host Identity Protocol, 简称 HIP )在以 IP地址为标识网络层上增加主机标识; 有些方案将 IP地址进行分类, 部分 IP 作为身份标识, 部分 IP 作为位置标识, 如位置 /身份标识分离协议 ( Locator/ID Separation Protocol, 简称 LISP ) 等; 公开于 2006年 7月 12日 的专利申请 CN 1801764的 "一种基于身份与位置分离的互联网接入方法"提 出一种解决方案, 使用 IP地址作为主机的位置标识, 引入主机标识作为身份 标识解决身份和位置分离的问题。 4. Security and location privacy issues. Since the IP address includes both the identity information and the location information of the terminal, both the communication peer and the malicious eavesdropper can obtain the identity information and the topology location information of the terminal according to the IP address of the terminal. In general, since the establishment of the traditional Internet architecture, the technical environment and user groups of the Internet have undergone earth-shaking changes, and the Internet needs to be innovated. The dual attribute problem of IP address is one of the fundamental reasons that plague the Internet to continue to develop. Separating the identity attribute and location attribute of the IP address is a good way to solve the problems faced by the Internet. The new network will be designed based on this idea and propose an identity letter. Separate the network structure of interest and location information to solve some serious drawbacks of the existing Internet. In order to solve the problem of identity and location, the industry has carried out a lot of research and exploration. The basic idea of all identity and location separation schemes is to separate the identity and location dual attributes originally bound to the IP address. Some schemes use the Uniform Resource Locator (URL, URL is a method for identifying the address of web pages and other resources on the Internet) or the qualified domain name (Fully Qualified Domain Name). , FQDN for short) as the identity of the terminal, such as IP Next Layer (IPNL, which belongs to the NAT extension architecture), TRIAD (upgradable configuration of NAT-based Internet architecture, A Scalable Deployable NAT-based Internet) Some schemes introduce a new namespace as an identity. For example, the Host Identity Protocol (HIP) adds a host identifier to the network layer with the IP address as the identifier. Some schemes classify the IP address. IP is used as the identity, and part of the IP is used as the location identifier, such as the Locator/ID Separation Protocol (LISP); the patent application CN 1801764, published on July 12, 2006, Location Separation Internet Access Method" proposes a solution to use I The P address is used as the location identifier of the host, and the host identifier is introduced as an identity to solve the problem of identity and location separation.
上述的提案和方案都从问题的一些局部提出在现有的网络架构下实现身 份与位置分离解决方案, 位置与身份分离是未来数据通信网络的核心技术, 特别是移动数据通信网络。  The above proposals and solutions propose a solution for identity and location separation under the existing network architecture from some parts of the problem. Location and identity separation are the core technologies of future data communication networks, especially mobile data communication networks.
以上解决方案, 无论釆用哪种标识来表示终端身份信息以及釆用哪种标 识来表示终端位置信息, 都必须建立身份标识和位置标识之间的映射关系, 供网络设备寻址时使用。 这个映射关系保存在映射服务器中, 接入业务节点 接收从终端发来的数据包, 如果数据包的目的身份标识是未知的, 需要去查 询映射服务器的身份位置映射表, 根据目的身份标识查到目的位置标识, 将 数据包封装后发送到相应网络。 对于接入业务节点来说, 为了将数据包转发 出去, 其需要与映射服务器交互以获取目的位置标识或由映射服务器进行数 据包转发, 这无疑将增大接入业务节点及映射服务器之间的数据流量, 进而 影响网络的处理速度。 发明内容 The above solution, regardless of which identifier is used to represent the terminal identity information and which identifier is used to represent the terminal location information, must establish a mapping relationship between the identity identifier and the location identifier for use by the network device for addressing. The mapping relationship is stored in the mapping server, and the access service node receives the data packet sent from the terminal. If the destination identity of the data packet is unknown, the identity location mapping table of the mapping server needs to be queried, and the identity identifier is found according to the destination identity identifier. Destination location identifier, encapsulates the data packet and sends it to the corresponding network. For the access service node, in order to forward the data packet, it needs to interact with the mapping server to obtain the destination location identifier or forward the data packet by the mapping server, which will undoubtedly increase the access between the access service node and the mapping server. Data traffic, which in turn affects the processing speed of the network. Summary of the invention
本发明要解决的技术问题是提供一种地址映射方法及接入业务节点, 以 减少接入业务节点与映射服务器之间的数据流量, 提高数据报文处理效率。  The technical problem to be solved by the present invention is to provide an address mapping method and an access service node, so as to reduce data traffic between the access service node and the mapping server, and improve data packet processing efficiency.
为解决以上技术问题, 本发明提供了一种地址映射方法, 所述方法基于 身份位置分离网络实现, 接入业务节点设有常用地址映射表, 所述常用地址 映射表中包括常用的身份标识与位置标识的映射关系; 所述方法包括:  To solve the above technical problem, the present invention provides an address mapping method, where the method is implemented based on an identity location separation network, and the access service node is provided with a common address mapping table, where the common address mapping table includes common identity identifiers and Mapping relationship of location identifiers; the method includes:
所述接入业务节点接收数据报文, 所述数据报文中包括目的身份标识; 所述接入业务节点根据所述数据报文中的目的身份标识查询所述常用地 址映射表;  The access service node receives a data packet, where the data packet includes a destination identity identifier; the access service node queries the common address mapping table according to the destination identity identifier in the data packet;
如果在所述常用地址映射表中查询到与所述目的身份标识对应的目的位 置标识, 则所述接入业务节点根据所述目的位置标识转发所述数据报文; 如 果在所述常用地址映射表中未查询到与所述目的身份标识对应的目的位置标 识, 则所述接入业务节点与映射服务器交互进行数据报文转发。  If the destination location identifier corresponding to the destination identity identifier is queried in the common address mapping table, the access service node forwards the data packet according to the destination location identifier; The destination location identifier corresponding to the destination identity is not found in the table, and the access service node interacts with the mapping server to forward data packets.
优选地, 所述方法还包括: 由系统配置所述常用地址映射表, 或者根据 映射服务器的广播定期更新所述常用地址映射表。  Preferably, the method further includes: configuring the common address mapping table by the system, or periodically updating the common address mapping table according to a broadcast of the mapping server.
优选地, 在所述接入业务节点接收数据报文的步骤之后, 在所述接入业 务节点根据所述数据报文中的目的身份标识查询所述常用地址映射表的步骤 之前, 还包括: 查询本地緩存中学习到的地址映射表, 若未查到与所述目的 身份标识对应的目的位置标识, 则执行所述接入业务节点根据所述数据报文 中的目的身份标识查询所述常用地址映射表的步骤。  Preferably, after the step of the access service node receiving the data packet, before the step of the access service node querying the common address mapping table according to the destination identity identifier in the data packet, the method further includes: Querying the address mapping table learned in the local cache, if the destination location identifier corresponding to the destination identity identifier is not found, performing the access service node according to the destination identity identifier in the data packet The steps of the address mapping table.
优选地, 在所述接入业务节点与映射服务器交互进行数据报文转发的步 骤之前, 还包括: 查询本地緩存中学习到的地址映射表, 若未查到与所述目 的身份标识对应的目的位置标识, 则执行所述接入业务节点与映射服务器交 互进行数据报文转发的步骤。  Preferably, before the step of performing the data packet forwarding by the access service node and the mapping server, the method further includes: querying the address mapping table learned in the local cache, if the destination corresponding to the destination identity identifier is not found And performing the step of performing the data packet forwarding by the access service node and the mapping server.
优选地, 所述接入业务节点与映射服务器交互进行数据报文转发的步骤 包括:  Preferably, the step of the access service node interacting with the mapping server to forward data packets includes:
所述接入业务节点将报文转发给映射转发平面的映射服务器; 所述映射 服务器查询地址映射表获取与所述目的身份标识对应的目的位置标识后, 根 据所述目的位置标识实现所述数据报文的封装转发; 或, The access service node forwards the packet to the mapping server of the mapping forwarding plane; the mapping server queries the address mapping table to obtain the destination location identifier corresponding to the destination identity identifier, and then the root Decoding and forwarding the data packet according to the destination location identifier; or
所述接入业务节点向所述映射服务器请求获取与所述目的身份标识对应 的目的位置标识; 所述映射服务器查询地址映射表后, 向所述接入业务节点 返回查询到的所述目的位置标识; 所述接入业务节点根据获取的所述目的位 置标识实现数据报文的封装转发。  The access service node requests the mapping server to obtain a destination location identifier corresponding to the destination identity identifier; after the mapping server queries the address mapping table, returns the queried destination location to the access service node. The access service node implements encapsulation and forwarding of data packets according to the obtained destination location identifier.
为解决以上技术问题, 本发明还提供了一种接入业务节点, 所述接入业 务节点位于身份位置分离网络中, 并包括:  To solve the above technical problem, the present invention further provides an access service node, where the access service node is located in an identity location separation network, and includes:
报文接收模块, 其设置为接收数据报文, 所述数据报文中包括目的身份 标识;  a packet receiving module, configured to receive a data packet, where the data packet includes a destination identity identifier;
常用地址映射表,其设置为保存常用的身份标识与位置标识的映射关系; 位置标识获取模块,其与所述报文接收模块和所述常用地址映射表连接, 并设置为: 根据所述数据报文中的目的身份标识查询所述常用地址映射表获 取与所述目的身份标识对应的目的位置标识, 或从映射服务器获取与所述目 的身份标识对应的目的位置标识; 以及  a commonly used address mapping table, which is configured to save a mapping relationship between a commonly used identity identifier and a location identifier; a location identifier obtaining module that is connected to the packet receiving module and the common address mapping table, and is configured to: according to the data The destination identity identifier in the packet is used to query the common address mapping table to obtain a destination location identifier corresponding to the destination identity identifier, or obtain a destination location identifier corresponding to the destination identity identifier from the mapping server;
报文转发模块, 其与所述位置标识获取模块连接, 并设置为根据与接收 到的所述数据报文中的所述目的身份标识对应的目的位置标识, 转发所述数 据报文。  And a packet forwarding module, configured to be connected to the location identifier obtaining module, and configured to forward the data packet according to the destination location identifier corresponding to the destination identity identifier in the received data packet.
优选地, 所述常用地址映射表是由系统配置的  Preferably, the common address mapping table is configured by a system
优选地, 所述接入业务节点还包括与所述常用地址映射表连接的映射关 系维护模块, 其中所述映射关系维护模块设置为根据所述映射服务器广播的 地址映射关系更新所述常用地址映射表。  Preferably, the access service node further includes a mapping relationship maintenance module that is connected to the common address mapping table, where the mapping relationship maintenance module is configured to update the common address mapping according to an address mapping relationship broadcast by the mapping server. table.
优选地, 所述接入业务节点还包括与所述位置标识获取模块连接的映射 关系緩存模块, 其中,  Preferably, the access service node further includes a mapping relationship cache module connected to the location identifier obtaining module, where
所述映射关系緩存模块设置为: 学习并緩存所述位置标识获取模块从所 述映射服务器获取的目的位置标识与对应的目的身份标识的映射关系, 以及 学习并緩存数据报文中源端的身份标识与位置标识的映射关系; 以及  The mapping relationship cache module is configured to: learn and cache a mapping relationship between the destination location identifier obtained by the location identifier obtaining module from the mapping server and the corresponding destination identity identifier, and learn and cache the identity identifier of the source end in the data packet. a mapping relationship with a location identifier;
所述位置标识获取模块还设置为: 查询所述映射关系緩存模块获取与所 述目的身份标识对应的目的位置标识。 为解决以上技术问题, 本发明还提供了另一种接入业务节点, 所述接入 业务节点位于身份位置分离网络中, 并包括: The location identifier obtaining module is further configured to: query the mapping relationship cache module to obtain a destination location identifier corresponding to the destination identity identifier. To solve the above technical problem, the present invention further provides another access service node, where the access service node is located in an identity location separation network, and includes:
报文接收模块, 其设置为接收数据报文, 所述数据报文中包括目的身份 标识;  a packet receiving module, configured to receive a data packet, where the data packet includes a destination identity identifier;
常用地址映射表,其设置为保存常用的身份标识与位置标识的映射关系; 本地位置标识查询模块, 其与所述报文接收模块和所述常用地址映射表 连接, 并设置为根据所述数据报文中的目的身份标识查询所述常用地址映射 表; 以及  a commonly used address mapping table, which is configured to save a mapping relationship between a commonly used identity identifier and a location identifier; a local location identifier query module, which is connected to the packet receiving module and the common address mapping table, and configured to be based on the data The destination identity in the message queries the commonly used address mapping table;
报文转发模块, 其与所述本地位置标识查询模块连接, 并设置为根据所 述本地位置标识查询模块的查询结果转发所述数据报文。  And a packet forwarding module, configured to connect to the local location identifier query module, and configured to forward the data packet according to the query result of the local location identifier query module.
优选地, 所述 >¾文转发模块是设置为: 若所述本地位置标识查询模块的 查询结果为获取到与所述目的身份标识对应的目的位置标识, 则根据所述目 的位置标识实现所述数据报文的封装转发; 若所述本地位置标识查询模块的 查询结果为未获取到与所述目的身份标识对应的目的位置标识, 则将所述数 据报文转发至映射服务器。  Preferably, the >3⁄4 text forwarding module is configured to: if the query result of the local location identifier query module is that the destination location identifier corresponding to the destination identity identifier is obtained, implementing the Encapsulating and forwarding the data packet; if the query result of the local location identifier query module is that the destination location identifier corresponding to the destination identifier is not obtained, forwarding the data packet to the mapping server.
优选地, 所述接入业务节点还包括与所述常用地址映射表连接的映射关 系维护模块, 其中所述映射关系维护模块设置为根据映射服务器广播的地址 映射关系更新所述常用地址映射表。  Preferably, the access service node further includes a mapping relationship maintenance module connected to the common address mapping table, wherein the mapping relationship maintenance module is configured to update the common address mapping table according to an address mapping relationship broadcast by the mapping server.
优选地, 所述接入业务节点还包括与所述本地位置标识查询模块连接的 映射关系緩存模块, 其中,  Preferably, the access service node further includes a mapping relationship cache module connected to the local location identifier query module, where
所述映射关系緩存模块设置为: 学习并緩存数据报文中源端的身份标识 与位置标识的映射关系; 以及  The mapping relationship cache module is configured to: learn and cache a mapping relationship between the identity identifier of the source end and the location identifier in the data packet;
所述本地位置标识查询模块还设置为: 查询所述映射关系緩存模块以获 取与所述目的身份标识对应的目的位置标识。  The local location identifier query module is further configured to: query the mapping relationship cache module to obtain a destination location identifier corresponding to the destination identity identifier.
本发明地址映射方法及接入业务节点配置常用地址映射表, 接入业务节 点在接收到终端发来的数据包后, 如果数据包的目的身份标识能够在这张表 中查到, 则在本地就可以找到数据包的目的位置标识, 而无需去映射服务器 查询, 从而减少接入业务节点和映射服务器之间的数据流量。 附图概述 The address mapping method and the access service node of the present invention configure a common address mapping table. After receiving the data packet sent by the terminal, if the destination identity of the data packet can be found in the table, the access service node can locally The destination location identifier of the packet is found without having to map the server query, thereby reducing data traffic between the access service node and the mapping server. BRIEF abstract
图 1是本发明涉及的身份位置分离架构的网络拓朴示意图;  1 is a schematic diagram of a network topology of an identity location separation architecture according to the present invention;
图 2是本发明地址映射方法的流程示意图;  2 is a schematic flow chart of an address mapping method of the present invention;
图 3是本发明地址映射方法的具体实施方式的流程示意图;  3 is a schematic flowchart of a specific implementation manner of an address mapping method according to the present invention;
图 4是本发明接入业务节点的实施方式的结构示意图;  4 is a schematic structural diagram of an implementation manner of an access service node according to the present invention;
图 5是本发明接入业务节点的又一实施方式的结构示意图。  FIG. 5 is a schematic structural diagram of still another embodiment of an access service node according to the present invention.
本发明的较佳实施方式 Preferred embodiment of the invention
本发明地址映射方法及接入业务节点的主要思想是, 在身份位置分离网 络的接入业务节点建立常用地址映射表, 在进行报文转发时, 先查询该常用 地址映射表, 未查询到时, 再按正常的目的位置标识获取方法进行。  The address mapping method of the present invention and the main idea of the access service node are: establishing a common address mapping table in the access service node of the identity location separation network, and querying the common address mapping table when forwarding the packet, when not queried Then, according to the normal destination location identification acquisition method.
本发明所说的身份标识指用于识别终端身份信息的标识, 不限于釆用应 用层的 URL、 FQDN、 IPNL、 TRIAD ( A Scalable Deployable NAT-based Internet Architecture )或 IP地址; 本发明所述的位置标识指用于识别终端的路由信息 的标识, 其也不限于 IP地址。  The identifier of the present invention refers to an identifier for identifying the identity information of the terminal, and is not limited to the URL of the application layer, FQDN, IPNL, TRIAD (A Scalable Deployable NAT-based Internet Architecture) or IP address. The location identifier refers to an identifier for identifying routing information of the terminal, which is also not limited to an IP address.
本发明所说的常用地址映射表中保存的是常用的、 公用的或不经常变化 的身份标识和位置标识的映射关系,例如一些门户网站的身份位置映射关系。  The commonly used address mapping table in the present invention stores mapping relationships between identity identifiers and location identifiers that are commonly used, public, or infrequently changed, such as the identity location mapping relationship of some portal websites.
基于网络的身份位置分离架构 (以下称本架构)有多种, 以下结合图 1 对其中一种架构进行说明。 如图 1所示, 将网络划分为接入层和核心层, 为 网络中的每个用户分配唯一的身份标识 AID, 该身份标识 AID在移动过程中 始终保持不变; 网络中有两种标识类型: 身份标识 AID和位置标识 RID, 其 中身份标识 AID只能在接入层使用, 位置标识 RID只能在核心层使用。  There are various network-based identity location separation architectures (hereinafter referred to as the architecture), and one of the architectures will be described below in conjunction with FIG. As shown in Figure 1, the network is divided into an access layer and a core layer, and each user in the network is assigned a unique identity AID, which remains unchanged during the mobile process; there are two types of identifiers in the network. Type: Identity AID and Location ID RID, where the identity AID can only be used at the access layer, and the location ID RID can only be used at the core layer.
本架构的拓朴示意图如图 1 所示。 在该框架下, 网络划分为接入网 110 和骨干网 120, 接入网 110位于骨干网 120的边缘, 负责所有终端的接入。 骨干网 120负责通过不同接入网 110接入的终端的路由。 接入业务节点 130 位于骨干网 120和接入网 110的分界点, 与接入网 110接口, 与骨干网 120 接口。 接入网 110与骨干网 120在拓朴关系上没有重叠。 用户终端间进行通 信只需使用对端的身份标识进行。 接入业务节点 130为终端提供接入服务、 维护用户连接及转发用户数据。 The topology of this architecture is shown in Figure 1. Under this framework, the network is divided into an access network 110 and a backbone network 120. The access network 110 is located at the edge of the backbone network 120 and is responsible for access of all terminals. The backbone network 120 is responsible for routing of terminals accessed through different access networks 110. The access service node 130 is located at a demarcation point of the backbone network 120 and the access network 110, interfaces with the access network 110, and interfaces with the backbone network 120. The access network 110 and the backbone network 120 do not overlap in the topology relationship. Communication between user terminals The letter only needs to be carried out using the identity of the peer. The access service node 130 provides access services for the terminal, maintains user connections, and forwards user data.
本架构骨干网 120组网时分为两个平面: 映射转发平面 121 , 广义转发 平面 122。 The backbone network of the architecture is divided into two planes: a mapping forwarding plane 121 and a generalized forwarding plane 122.
广义转发平面 122主要功能是根据数据报文中的位置标识 RID进行选路 和转发数据报文。广义转发平面 122内的数据路由转发行为与 Legecy IP网络 一致。  The main function of the generalized forwarding plane 122 is to select and forward data packets according to the location identifier RID in the data packet. The data routing and forwarding behavior in the generalized forwarding plane 122 is consistent with the Legecy IP network.
映射转发平面 121主要功能是保存移动节点身份位置的映射信息, 处理 移动节点的登记注册流程, 处理通信对端的位置查询流程, 路由并转发以身 份标识 AID为目的地址的数据报文。  The main function of the mapping forwarding plane is to save the mapping information of the mobile node's identity location, process the registration process of the mobile node, process the location query process of the communication peer, and route and forward the data packet with the identity identifier AID as the destination address.
本架构的主要网元和功能实体包括:  The main network elements and functional entities of this architecture include:
接入业务节点 ( Access Service Node, 简称 ASN ) 130: ASN 130维护终 端与网络的连接关系, 为终端分配 RID, 处理切换流程, 处理登记注册流程, 处理计费 /鉴权流程, 维护 /查询通讯对端的 AID-RID映射关系, 以及封装、 路由并转发送达终端或终端发出的数据报文。  Access Service Node (ASN) 130: The ASN 130 maintains the connection relationship between the terminal and the network, assigns the RID to the terminal, processes the handover process, processes the registration process, processes the accounting/authentication process, and maintains/queries the communication. The AID-RID mapping relationship of the peer end, and encapsulation, routing, and forwarding to the data message sent by the terminal or the terminal.
在图 1的架构网络中, 如果 ASN 130收到终端 (MN )发来的数据报文 时, 根据数据报文中目的地址通信对端 (CN ) 的 AIDc 查询本地緩存中的 AID-RID映射表: 查到对应的 AIDc-RIDc映射条目, 将 RIDc作为目的地址 封装在报文头部 , 将 MN源地址 AIDm对应的 RIDm作为源地址封装在报文 头部, 并转发到广义转发平面 122; 如果没有查到对应的 AIDc-RIDc映射条 目, 将数据报文做隧道封装后转发到映射转发平面 121 , 并向映射转发平面 121发出查询 AIDc-RIDc映射关系的流程。  In the architecture network of FIG. 1, if the ASN 130 receives the data packet sent by the terminal (MN), it queries the AID-RID mapping table in the local cache according to the AIDc of the destination address communication end (CN) in the data packet. The corresponding AIDc-RIDc mapping entry is found, and the RIDc is encapsulated in the packet header as the destination address, and the RIDm corresponding to the MN source address AIDm is encapsulated in the packet header and forwarded to the generalized forwarding plane 122; The corresponding AIDc-RIDc mapping entry is not found, and the data packet is tunnel encapsulated and then forwarded to the mapping forwarding plane 121, and the flow of querying the AIDc-RIDc mapping relationship is sent to the mapping forwarding plane 121.
ASN 130收到网络发往终端的数据报文时,对数据报文进行解封装处理, 剥去数据报文头部的 RID封装, 保留 AID作为数据报文头部发往终端。  When receiving the data packet sent by the network to the terminal, the ASN 130 decapsulates the data packet, strips the RID encapsulation of the data packet header, and retains the AID as a data packet header to be sent to the terminal.
通用路由器( Common Router, 简称 CR ): 路由并转发以 RID格式为源 地址 /目的地址的数据报文。 该通用路由器的功能作用与现有技术中的路由器 没有区别。  Common Router (Core for short): Routes and forwards data packets with the source address/destination address in the RID format. The function of this general purpose router is no different from that of the prior art routers.
身份位置哥存器 ( Identity Location Register/Packet Transfer Function, 简称 ILR ) , 维护 /保存本架构网络中用户的 AID-RID映射关系, 因此也叫映射服 务器。 实现登记注册功能, 处理通信对端的位置查询流程。 Broke ILR主要用 于拜访 ILR与归属 ILR之间无直联关系时, 中转 ILR之间的信令。 Identity Location Register/Packet Transfer Function (referred to as ILR), maintains/saves the AID-RID mapping relationship of users in the network of this architecture, so it is also called mapping server. Implement the registration function and process the location query process of the communication peer. The Broke ILR is mainly used to signal the signaling between transit ILRs when there is no direct relationship between the ILR and the home ILR.
分组转发功能(PTF ) : 映射转发平面 121在收到 ASN 130送达的数据 报文后, 由 PTF根据目的 AID在映射转发平面内路由并转发。 映射转发平面 121内 PTF节点在查到目的 AID-RID的映射关系后, 在数据报文头部封装对 应的 RID信息并转发到广义转发平面 122, 由广义转发平面 122路由并转发 到通信对端。  Packet Forwarding Function (PTF): After receiving the data packet sent by the ASN 130, the mapping forwarding plane 121 routes and forwards the PTF according to the destination AID in the mapping forwarding plane. After the PTF node in the mapping forwarding plane 121 finds the mapping relationship of the destination AID-RID, it encapsulates the corresponding RID information in the data packet header and forwards it to the generalized forwarding plane 122, which is routed by the generalized forwarding plane 122 and forwarded to the communication peer. .
认证中心: 认证中心负责记录本架构网络的用户属性, 包括用户类别、 鉴权信息、 用户服务等级等信息, 产生用于鉴权、 完整性保护和加密的用户 安全信息, 在用户接入时进行接入控制和授权。 认证中心支持终端与网络间 的双向鉴权。  Certification Center: The Certification Center is responsible for recording the user attributes of the network, including user categories, authentication information, and user service levels, and generating user security information for authentication, integrity protection, and encryption. Access control and authorization. The certificate authority supports two-way authentication between the terminal and the network.
在基于身份位置分离架构中, 终端用户的身份标识 AID始终保持不变。 位置标识 RID表示当前终端所在的 ASN位置。终端用户接入网络时,通过认 证中心鉴权保证身份标识的真实性, 映射服务器保存了各个节点的 AID-RID 映射关系。 接入网部分区别不同节点釆用身份标识 AID, 广义交换平面釆用 RID路由数据报文, 建立端到端的通信过程都需要用身份标识 AID查找对应 的用户位置标识 RID。  In an identity-based location separation architecture, the identity AID of the end user remains the same. Location ID The RID indicates the location of the ASN where the current terminal is located. When the terminal user accesses the network, the authentication center authenticates the authenticity of the identity, and the mapping server saves the AID-RID mapping relationship of each node. The access network partially distinguishes the different nodes from the identity identifier AID. The generalized switching plane uses RID to route data packets. To establish an end-to-end communication process, the identity identifier AID is used to find the corresponding user location identifier RID.
下面将结合附图及实施例对本发明的技术方案进行更详细的说明。  The technical solution of the present invention will be described in more detail below with reference to the accompanying drawings and embodiments.
本发明地址映射方法基于身份位置分离网络实现, 所述接入业务节点设 有常用地址映射表, 其中包括常用的身份标识与位置标识的映射关系。  The address mapping method of the present invention is implemented based on an identity location separation network. The access service node is provided with a common address mapping table, which includes a mapping relationship between a common identity identifier and a location identifier.
接入业务节点的常用 AID-RID映射表在接入业务节点通电时从配置文件 写入, 在接入业务节点运行过程中需要更新, 更新的方式如下:  The common AID-RID mapping table of the access service node is written from the configuration file when the access service node is powered on, and needs to be updated during the operation of the access service node. The update manner is as follows:
映射服务器定期向网络中所有的接入业务节点广播常用 AID-RID 映射 表, 接入业务节点收到后更新自己的常用 AID-RID映射表。  The mapping server periodically broadcasts a common AID-RID mapping table to all access service nodes in the network, and the access service node updates its common AID-RID mapping table after receiving it.
接入业务节点的緩冲区的 AID-RID映射表中, 如果某些条目使用频率较 高, 可以增加到接入业务节点的常用 AID-RID映射表中。  In the AID-RID mapping table of the buffer of the access service node, if some entries are used frequently, they can be added to the common AID-RID mapping table of the access service node.
如图 2所示, 本发明地址映射方法包括:  As shown in FIG. 2, the address mapping method of the present invention includes:
201 : 所述接入业务节点接收数据报文, 其中包括目的身份标识; 202:所述接入业务节点根据数据报文中的目的身份标识查询所述常用地 址映射表; 201: The access service node receives a data packet, where the destination identity identifier is included; 202: The access service node queries the common address mapping table according to the destination identity identifier in the data packet.
203: 如果在所述常用地址映射表中查询到对应的目的位置标识, 则所述 接入业务节点根据所述目的位置标识转发所述数据报文; 否则与映射服务器 交互进行数据报文转发;  203: If the corresponding destination location identifier is queried in the common address mapping table, the access service node forwards the data packet according to the destination location identifier; otherwise, the data packet is forwarded by the mapping server.
步骤 203即可以是: 如果在所述常用地址映射表中查询到与所述目的身 份标识对应的目的位置标识, 则所述接入业务节点根据所述目的位置标识转 发所述数据报文; 如果在所述常用地址映射表中未查询到与所述目的身份标 识对应的目的位置标识, 则所述接入业务节点与映射服务器交互进行数据报 文转发。  Step 203 is: if the destination location identifier corresponding to the destination identity identifier is queried in the common address mapping table, the access service node forwards the data packet according to the destination location identifier; The destination location identifier corresponding to the destination identifier is not queried in the common address mapping table, and the access service node interacts with the mapping server to forward data packets.
一般来说, 接入业务节点具有緩存学习地址映射表的功能, 端到端通信 过程中, 需要将本端的身份标识 AID作为源端地址在数据报文中携带到通信 对端。 通信对端的接入业务节点能够从数据报文携带的源端地址获得源端的 身份标识和位置标识的映射关系, 也可以根据映射服务器的反馈获得目的端 的身份标识和位置标识的映射关系,这个过程称为地址学习,学到的 AID-RID 映射关系保持在对端接入业务节点的本地緩冲区中。  Generally, the access service node has the function of buffering the learning address mapping table. In the end-to-end communication process, the local identity AID needs to be carried as a source address in the data packet to the communication peer. The access service node of the communication peer can obtain the mapping relationship between the identity identifier and the location identifier of the source end from the source address carried in the data packet, and can also obtain the mapping relationship between the identity identifier and the location identifier of the destination end according to the feedback of the mapping server. Called address learning, the learned AID-RID mapping relationship is maintained in the local buffer of the peer access service node.
在与映射服务器交互前, 先查询常用地址映射表及緩存地址映射表, 有 利于减少接入业务节点与映射服务器的交互, 可以釆用以下两种顺序:  Before interacting with the mapping server, query the common address mapping table and the cache address mapping table to reduce the interaction between the access service node and the mapping server. The following two sequences can be used:
1、接入业务节点查询常用地址映射表前, 先查询本地緩存中学习到的地 址映射表, 若未查到所述目的位置标识, 再查询所述常用地址映射表。  1. Before accessing the common address mapping table, the access service node first queries the address mapping table learned in the local cache. If the destination location identifier is not found, the common address mapping table is queried.
2、接入业务节点未在所述常用地址映射表中查询到对应的目的位置标识 时, 先查询本地緩存中学习到的地址映射表, 若未查到所述目的位置标识, 再向所述映射服务器获取所述目的位置标识。  2. If the access service node does not query the corresponding destination location identifier in the common address mapping table, first query the address mapping table learned in the local cache, and if the destination location identifier is not found, then The mapping server obtains the destination location identifier.
接入业务节点与映射服务器交互进行报文转发, 有以下两种实现方式: 方式一, 基于图 1所示的架构实现, 由接入业务节点将报文转发给映射 转发平面的映射服务器, 再由该映射服务器查询 AID-RID 映射表获取目的 RID, 再有映射服务器实现报文的封装转发;  The access service node interacts with the mapping server to perform packet forwarding. The following two implementation modes are implemented: Method 1, based on the architecture shown in Figure 1, the access service node forwards the packet to the mapping server of the mapping forwarding plane, and then The mapping server queries the AID-RID mapping table to obtain the destination RID, and the mapping server implements packet encapsulation and forwarding of the packet.
方式二, 由接入业务节点向映射服务器请求获取目的 AID对应的 RID, 映射服务器查询 AID-RID映射表后, 向接入业务节点返回目的 RID, 再由接 入业务节点实现报文的封装转发。 In the second manner, the access service node requests the mapping server to obtain the RID corresponding to the destination AID, and after the mapping server queries the AID-RID mapping table, returns the destination RID to the access service node, and then connects The ingress service node implements packet encapsulation and forwarding.
具体实施方式一 Specific embodiment 1
以下接入业务节点与映射服务器交互进行报文转发方式二为例, 结合图 3对本发明具体实施方式进行说明, 该地址映射过程包括以下步骤:  The following is a description of the specific implementation manner of the present invention by using the following two steps:
步骤 301 : 接入业务节点接收到终端用户 M发来的数据报文, 其中包含 用户 M的身份标识 AIDm , 和对端用户 N的身份标识 AIDn;  Step 301: The access service node receives the data packet sent by the terminal user M, where the identity identifier AIDm of the user M and the identity identifier AIDn of the peer user N are included;
步骤 302: 接入业务节点查找緩冲区中的 AID-RID映射表, 如果有 AIDn 的表项,则将查到的目的位置标识 RIDn作为数据报文的目的地址,将数据报 文发出, 否则执行步骤 303;  Step 302: The access service node searches the AID-RID mapping table in the buffer. If there is an AIDn entry, the destination location identifier RIDn is used as the destination address of the data packet, and the data packet is sent. Otherwise, Go to step 303;
步骤 303: 接入业务节点查找常用 AID-RID映射表, 如果有 AIDn的表 项,则将查到的目的位置标识 RIDn作为数据报文的目的地址,将数据报文发 出, 否则执行步骤 304;  Step 303: The access service node searches for a common AID-RID mapping table. If there is an AIDn entry, the destination location identifier RIDn is used as the destination address of the data packet, and the data packet is sent, otherwise step 304 is performed;
步骤 304: 接入业务节点去查找映射服务器的 AID-RID映射表, 则将查 到的目的位置标识 RIDn作为数据报文的目的地址, 将数据报文发出。  Step 304: The access service node searches for the AID-RID mapping table of the mapping server, and then uses the found destination location identifier RIDn as the destination address of the data packet, and sends the data packet.
相应地, 如果釆用方式一, 如果接入业务节点在常用地址映射表或本地 緩存中查到对应的 AIDn-RIDn映射条目, 则将 RIDn作为目的地址封装在报 文头部 , 将 M源地址 AIDm对应的 RIDm作为源地址封装在报文头部 , 并转 发到广义转发平面; 否则将数据报文做隧道封装后转发到映射转发平面的映 射服务器, 映射转发平面查询到 AIDn-RIDn的映射关系后, 在数据报文头部 封装对应的 RIDn信息并转发到广义转发平面,由广义转发平面路由并转发到 通信对端。  Correspondingly, if the access mode 1 is used, if the access service node finds the corresponding AIDn-RIDn mapping entry in the common address mapping table or the local cache, the RIDn is encapsulated in the packet header as the destination address, and the M source address is used. The RIDm corresponding to the AIDm is encapsulated in the packet header and forwarded to the generalized forwarding plane. Otherwise, the data packet is tunnel encapsulated and then forwarded to the mapping server of the mapping forwarding plane. The mapping between the forwarding plane and the AIDn-RIDn is mapped. Then, the corresponding RIDn information is encapsulated in the data packet header and forwarded to the generalized forwarding plane, which is routed by the generalized forwarding plane and forwarded to the communication peer.
具体实施方式二 Specific embodiment 2
为实现以上接入业务节点与映射服务器交互进行报文转发的方式一, 本 发明提供一种接入业务节点, 所述接入业务节点位于身份位置分离网络中。 如图 4所示, 该接入业务节点包括:  To implement the method for forwarding the packet between the access service node and the mapping server, the present invention provides an access service node, where the access service node is located in an identity location separation network. As shown in FIG. 4, the access service node includes:
报文接收模块 410, 用于接收数据报文, 其中包括目的身份标识; 位置标识获取模块 420, 与所述报文接收模块 410连接, 用于根据所述 数据报文中的目的身份标识查询常用地址映射表 440或从映射服务器获取所 述目的身份标识对应的目的位置标识, 并通知报文转发模块 430; The message receiving module 410 is configured to receive a data packet, where the destination identifier is included, and the location identifier obtaining module 420 is connected to the packet receiving module 410, according to the The destination identity identifier in the data packet queries the common address mapping table 440 or obtains the destination location identifier corresponding to the destination identity identifier from the mapping server, and notifies the packet forwarding module 430;
报文转发模块 430, 与所述位置标识获取模块 420连接, 用于根据接收 的数据报文中的目的身份标识对应的目的位置标识转发所述数据报文;  The message forwarding module 430 is connected to the location identifier obtaining module 420, and configured to forward the data packet according to the destination location identifier corresponding to the destination identity identifier in the received data packet.
常用地址映射表 440, 与所述位置标识获取模块 420连接, 用于保存常 用地址映射关系。  The common address mapping table 440 is connected to the location identifier obtaining module 420 for storing a common address mapping relationship.
所述常用地址映射表 440是由系统配置的。  The common address mapping table 440 is configured by the system.
映射关系维护模块 450, 与所述常用地址映射表 440连接, 用于根据映 射服务器广播的常用地址映射关系更新所述常用地址映射表 440。  The mapping relationship maintenance module 450 is connected to the common address mapping table 440, and is configured to update the common address mapping table 440 according to a common address mapping relationship broadcast by the mapping server.
映射关系緩存模块 460, 与位置标识获取模块 420连接, 用于学习并緩 存所述位置标识获取模块 420从映射服务器获取的目的位置标识与对应的目 的身份标识的映射关系, 以及学习并緩存数据报文中源端的身份标识与位置 标识的映射关系; 所述位置标识获取模块 420向所述映射服务器获取所述目 的位置标识前, 先查询所述映射关系緩存模块 460及常用地址映射表 440, 均未查询到对应的目的位置标识时, 再向所述映射服务器获取。  The mapping relationship cache module 460 is connected to the location identifier obtaining module 420, and is configured to learn and cache the mapping relationship between the destination location identifier obtained by the location identifier obtaining module 420 and the corresponding destination identity identifier, and learn and cache the datagram. a mapping relationship between the identity identifier and the location identifier of the source end; the location identifier obtaining module 420 queries the mapping relationship cache module 460 and the common address mapping table 440 before obtaining the destination location identifier from the mapping server, When the corresponding destination location identifier is not queried, it is obtained from the mapping server.
具体实施方式三 Embodiment 3
为实现以上接入业务节点与映射服务器交互进行报文转发的方式二, 本 发明提供一种接入业务节点, 所述接入业务节点位于图 1所示的身份位置分 离网络中。 如图 5所示, 该接入业务节点包括:  In order to implement the packet forwarding method, the access service node is located in the identity location separation network shown in FIG. 1 . As shown in FIG. 5, the access service node includes:
报文接收模块 510, 用于接收数据报文, 其中包括目的身份标识; 本地位置标识查询模块 520, 与所述报文接收模块 510连接, 用于根据 所述数据报文中的目的身份标识查询常用地址映射表 540, 并通知报文转发 模块 530;  The message receiving module 510 is configured to receive a data packet, where the destination identity identifier is included, and the local location identifier querying module 520 is connected to the packet receiving module 510, and configured to perform the query according to the destination identity identifier in the data packet. The address mapping table 540 is commonly used, and the message forwarding module 530 is notified;
报文转发模块 530, 与所述本地位置标识查询模块 520连接, 用于根据 所述本地位置标识查询模块 520的查询结果转发所述数据 文。 具体地, 可 以是: 获取目的位置标识时, 根据所述目的位置标识路由转发所述数据报文, 否则将所述数据报文转发至映射服务器; 即可以是: 若所述本地位置标识查 询模块的查询结果为获取到与所述目的身份标识对应的目的位置标识, 则根 据所述目的位置标识实现所述数据 >¾文的封装转发; 若所述本地位置标识查 询模块的查询结果为未获取到与所述目的身份标识对应的目的位置标识, 则 将所述数据报文转发至映射服务器; The message forwarding module 530 is connected to the local location identifier query module 520, and configured to forward the data file according to the query result of the local location identifier query module 520. Specifically, the method may be: when the destination location identifier is obtained, the data packet is forwarded according to the destination location identifier, and the data packet is forwarded to the mapping server; The result of the query is that the destination location identifier corresponding to the destination identity is obtained, then the root And performing the encapsulation and forwarding of the data according to the destination location identifier; if the query result of the local location identifier query module is that the destination location identifier corresponding to the destination identifier is not obtained, the datagram is Forward to the mapping server;
常用地址映射表 540 , 与所述本地位置标识查询模块 520连接, 用于保 存常用地址映射关系。  The common address mapping table 540 is connected to the local location identifier query module 520 for saving a common address mapping relationship.
映射关系维护模块 550 , 与所述常用地址映射表 540连接, 用于根据映 射服务器广播的常用地址映射关系更新所述常用地址映射表 540。  The mapping relationship maintenance module 550 is connected to the common address mapping table 540, and is configured to update the common address mapping table 540 according to a common address mapping relationship broadcast by the mapping server.
映射关系緩存模块 560 , 与本地位置标识查询模块 520连接, 用于学习 并緩存数据报文中源端的身份标识与位置标识的映射关系; 所述本地位置标 识查询模块 520通知所述^艮文转发模块 530转发数据报文前, 先查询所述映 射关系緩存模块 560及常用地址映射表 540 , 均未查询到对应的目的位置标 识时, 再通知所述报文转发模块 530转发数据报文。  The mapping relationship cache module 560 is connected to the local location identifier query module 520, and is configured to learn and cache the mapping relationship between the identity identifier and the location identifier of the source end in the data packet. The local location identifier query module 520 notifies the forwarding Before forwarding the data packet, the module 530 queries the mapping relationship cache module 560 and the common address mapping table 540 to notify the packet forwarding module 530 to forward the data packet when the corresponding destination location identifier is not queried.
本发明地址映射方法及接入业务节点配置常用地址映射表, 接入业务节 点在接收到终端发来的数据包后, 如果数据包的目的身份标识能够在这张表 中查到, 则在本地就可以找到数据包的目的位置标识, 而无需去映射服务器 查询, 从而减少接入业务节点和映射服务器之间的数据流量。 The address mapping method and the access service node of the present invention configure a common address mapping table. After receiving the data packet sent by the terminal, if the destination identity of the data packet can be found in the table, the access service node can locally The destination location identifier of the packet is found without having to map the server query, thereby reducing data traffic between the access service node and the mapping server.
工业实用性 Industrial applicability
本发明地址映射方法及接入业务节点, 通过配置常用地址映射表, 接入 业务节点在接收到终端发来的数据包后, 如果数据包的目的身份标识能够在 这张表中查到, 则在本地就可以找到数据包的目的位置标识, 而无需去映射 服务器查询, 从而减少接入业务节点和映射服务器之间的数据流量。  The address mapping method and the access service node of the present invention configure a common address mapping table, and after the access service node receives the data packet sent by the terminal, if the destination identity of the data packet can be found in this table, it is locally The destination location identifier of the packet can be found without having to map the server query, thereby reducing the data traffic between the access service node and the mapping server.

Claims

权 利 要 求 书 Claim
1、 一种地址映射方法, 其特征在于, 所述方法基于身份位置分离网络实 现, 接入业务节点设有常用地址映射表, 所述常用地址映射表中包括常用的 身份标识与位置标识的映射关系; 所述方法包括:  An address mapping method, wherein the method is implemented based on an identity location separation network, and the access service node is provided with a common address mapping table, where the common address mapping table includes mappings of commonly used identity identifiers and location identifiers. Relationship; the method includes:
所述接入业务节点接收数据报文, 所述数据报文中包括目的身份标识; 所述接入业务节点根据所述数据报文中的目的身份标识查询所述常用地 址映射表;  The access service node receives a data packet, where the data packet includes a destination identity identifier; the access service node queries the common address mapping table according to the destination identity identifier in the data packet;
如果在所述常用地址映射表中查询到与所述目的身份标识对应的目的位 置标识, 则所述接入业务节点根据所述目的位置标识转发所述数据报文; 如 果在所述常用地址映射表中未查询到与所述目的身份标识对应的目的位置标 识, 则所述接入业务节点与映射服务器交互进行数据报文转发。  If the destination location identifier corresponding to the destination identity identifier is queried in the common address mapping table, the access service node forwards the data packet according to the destination location identifier; The destination location identifier corresponding to the destination identity is not found in the table, and the access service node interacts with the mapping server to forward data packets.
2、如权利要求 1所述的方法,还包括: 由系统配置所述常用地址映射表, 或者根据映射服务器的广播定期更新所述常用地址映射表。  2. The method of claim 1, further comprising: configuring the common address mapping table by the system, or periodically updating the common address mapping table according to a broadcast of the mapping server.
3、 如权利要求 1所述的方法, 其中, 在所述接入业务节点接收数据报文 的步骤之后, 在所述接入业务节点根据所述数据报文中的目的身份标识查询 所述常用地址映射表的步骤之前, 还包括:  The method according to claim 1, wherein after the step of receiving the data packet by the access service node, the access service node queries the commonly used one according to the destination identity identifier in the data packet. Before the steps of the address mapping table, it also includes:
查询本地緩存中学习到的地址映射表, 若未查到与所述目的身份标识对 应的目的位置标识, 则执行所述接入业务节点根据所述数据报文中的目的身 份标识查询所述常用地址映射表的步骤。  Querying the address mapping table learned in the local cache, if the destination location identifier corresponding to the destination identity identifier is not found, performing the access service node according to the destination identity identifier in the data packet The steps of the address mapping table.
4、 如权利要求 1所述的方法, 其中, 在所述接入业务节点与映射服务器 交互进行数据报文转发的步骤之前, 还包括:  The method of claim 1, wherein before the step of the access service node and the mapping server interacting with the data packet, the method further includes:
查询本地緩存中学习到的地址映射表, 若未查到与所述目的身份标识对 应的目的位置标识, 则执行所述接入业务节点与映射服务器交互进行数据报 文转发的步骤。  Querying the address mapping table learned in the local cache, if the destination location identifier corresponding to the destination identifier is not found, performing the step of the access service node interacting with the mapping server to forward the data packet.
5、 如权利要求 1至 4任一项所述的方法, 其中, 所述接入业务节点与映 射服务器交互进行数据报文转发的步骤包括:  The method according to any one of claims 1 to 4, wherein the step of the access service node interacting with the mapping server to forward the data packet comprises:
所述接入业务节点将报文转发给映射转发平面的映射服务器; 所述映射 服务器查询地址映射表获取与所述目的身份标识对应的目的位置标识后, 根 据所述目的位置标识实现所述数据报文的封装转发; 或, The access service node forwards the packet to the mapping server of the mapping forwarding plane; the mapping server queries the address mapping table to obtain the destination location identifier corresponding to the destination identity identifier, and then the root Decoding and forwarding the data packet according to the destination location identifier; or
所述接入业务节点向所述映射服务器请求获取与所述目的身份标识对应 的目的位置标识; 所述映射服务器查询地址映射表后, 向所述接入业务节点 返回查询到的所述目的位置标识; 所述接入业务节点根据获取的所述目的位 置标识实现数据报文的封装转发。  The access service node requests the mapping server to obtain a destination location identifier corresponding to the destination identity identifier; after the mapping server queries the address mapping table, returns the queried destination location to the access service node. The access service node implements encapsulation and forwarding of data packets according to the obtained destination location identifier.
6、 一种接入业务节点, 其位于身份位置分离网络中, 并包括:  6. An access service node, located in an identity location separation network, and comprising:
报文接收模块, 其设置为接收数据报文, 所述数据报文中包括目的身份 标识;  a packet receiving module, configured to receive a data packet, where the data packet includes a destination identity identifier;
常用地址映射表,其设置为保存常用的身份标识与位置标识的映射关系; 位置标识获取模块,其与所述报文接收模块和所述常用地址映射表连接, 并设置为: 根据所述数据报文中的目的身份标识查询所述常用地址映射表获 取与所述目的身份标识对应的目的位置标识, 或从映射服务器获取与所述目 的身份标识对应的目的位置标识; 以及  a commonly used address mapping table, which is configured to save a mapping relationship between a commonly used identity identifier and a location identifier; a location identifier obtaining module that is connected to the packet receiving module and the common address mapping table, and is configured to: according to the data The destination identity identifier in the packet is used to query the common address mapping table to obtain a destination location identifier corresponding to the destination identity identifier, or obtain a destination location identifier corresponding to the destination identity identifier from the mapping server;
报文转发模块, 其与所述位置标识获取模块连接, 并设置为根据与接收 到的所述数据报文中的所述目的身份标识对应的目的位置标识, 转发所述数 据报文。  And a packet forwarding module, configured to be connected to the location identifier obtaining module, and configured to forward the data packet according to the destination location identifier corresponding to the destination identity identifier in the received data packet.
7、 如权利要求 6所述的接入业务节点, 其中, 所述常用地址映射表是由 系统配置的。  7. The access service node according to claim 6, wherein the common address mapping table is configured by a system.
8、如权利要求 6所述的接入业务节点, 还包括与所述常用地址映射表连 接的映射关系维护模块, 其中所述映射关系维护模块设置为根据所述映射服 务器广播的地址映射关系更新所述常用地址映射表。  The access service node of claim 6, further comprising a mapping relationship maintenance module connected to the common address mapping table, wherein the mapping relationship maintenance module is configured to update according to an address mapping relationship broadcast by the mapping server. The common address mapping table.
9、如权利要求 6所述的接入业务节点, 还包括与所述位置标识获取模块 连接的映射关系緩存模块, 其中,  The access service node of claim 6, further comprising a mapping relationship cache module connected to the location identifier obtaining module, where
所述映射关系緩存模块设置为: 学习并緩存所述位置标识获取模块从所 述映射服务器获取的目的位置标识与对应的目的身份标识的映射关系, 以及 学习并緩存数据报文中源端的身份标识与位置标识的映射关系; 以及  The mapping relationship cache module is configured to: learn and cache a mapping relationship between the destination location identifier obtained by the location identifier obtaining module from the mapping server and the corresponding destination identity identifier, and learn and cache the identity identifier of the source end in the data packet. a mapping relationship with a location identifier;
所述位置标识获取模块还设置为: 查询所述映射关系緩存模块获取与所 述目的身份标识对应的目的位置标识。 The location identifier obtaining module is further configured to: query the mapping relationship cache module to obtain a destination location identifier corresponding to the destination identity identifier.
10、 一种接入业务节点, 其位于身份位置分离网络中, 并包括: 报文接收模块, 其设置为接收数据报文, 所述数据报文中包括目的身份 标识; An access service node, which is located in an identity location separation network, and includes: a message receiving module, configured to receive a data packet, where the data packet includes a destination identity identifier;
常用地址映射表,其设置为保存常用的身份标识与位置标识的映射关系; 本地位置标识查询模块, 其与所述报文接收模块和所述常用地址映射表 连接, 并设置为根据所述数据报文中的目的身份标识查询所述常用地址映射 表; 以及  a commonly used address mapping table, which is configured to save a mapping relationship between a commonly used identity identifier and a location identifier; a local location identifier query module, which is connected to the packet receiving module and the common address mapping table, and configured to be based on the data The destination identity in the message queries the commonly used address mapping table;
报文转发模块, 其与所述本地位置标识查询模块连接, 并设置为根据所 述本地位置标识查询模块的查询结果转发所述数据报文。  And a packet forwarding module, configured to connect to the local location identifier query module, and configured to forward the data packet according to the query result of the local location identifier query module.
11、 如权利要求 10所述的接入业务节点, 其中, 所述报文转发模块是设 置为:  The access service node according to claim 10, wherein the packet forwarding module is set to:
若所述本地位置标识查询模块的查询结果为获取到与所述目的身份标识 对应的目的位置标识, 则根据所述目的位置标识实现所述数据报文的封装转 发; 若所述本地位置标识查询模块的查询结果为未获取到与所述目的身份标 识对应的目的位置标识, 则将所述数据报文转发至映射服务器。  If the query result of the local location identifier query module is that the destination location identifier corresponding to the destination identifier is obtained, the packet forwarding of the data packet is implemented according to the destination location identifier; if the local location identifier is queried If the query result of the module is that the destination location identifier corresponding to the destination identifier is not obtained, the data packet is forwarded to the mapping server.
12、 如权利要求 10或 11所述的接入业务节点, 还包括与所述常用地址 映射表连接的映射关系维护模块, 其中所述映射关系维护模块设置为根据映 射服务器广播的地址映射关系更新所述常用地址映射表。  The access service node according to claim 10 or 11, further comprising a mapping relationship maintenance module connected to the common address mapping table, wherein the mapping relationship maintenance module is configured to update according to an address mapping relationship broadcast by the mapping server. The common address mapping table.
13、 如权利要求 10或 11所述的接入业务节点, 还包括与所述本地位置 标识查询模块连接的映射关系緩存模块, 其中,  The access service node according to claim 10 or 11, further comprising a mapping relationship cache module connected to the local location identifier query module, where
所述映射关系緩存模块设置为学习并緩存数据报文中源端的身份标识与 位置标识的映射关系; 以及  The mapping relationship cache module is configured to learn and cache a mapping relationship between the identity identifier of the source end and the location identifier in the data packet;
所述本地位置标识查询模块还设置为查询所述映射关系緩存模块以获取 与所述目的身份标识对应的目的位置标识。  The local location identifier query module is further configured to query the mapping relationship cache module to obtain a destination location identifier corresponding to the destination identity identifier.
PCT/CN2010/078568 2009-12-09 2010-11-09 Address mapping method and access service node WO2011069399A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910252752.6 2009-12-09
CN2009102527526A CN102098349A (en) 2009-12-09 2009-12-09 Address mapping method and access service node

Publications (1)

Publication Number Publication Date
WO2011069399A1 true WO2011069399A1 (en) 2011-06-16

Family

ID=44131208

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/078568 WO2011069399A1 (en) 2009-12-09 2010-11-09 Address mapping method and access service node

Country Status (2)

Country Link
CN (1) CN102098349A (en)
WO (1) WO2011069399A1 (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102957755B (en) * 2011-08-22 2018-06-19 中兴通讯股份有限公司 A kind of address resolution method, device and information transferring method
TWI470970B (en) * 2011-08-26 2015-01-21 Liang Tse Lin Monitoring system and operating method thereof
CN103051595B (en) * 2011-10-13 2017-03-15 中兴通讯股份有限公司 The integration method and device of mapping item in a kind of mark net
CN103051541B (en) * 2011-10-14 2017-04-05 中兴通讯股份有限公司 Message forwarding method, ASR and ISR in a kind of mark net
CN103096342B (en) * 2011-11-01 2017-11-07 中兴通讯股份有限公司 One kind stream policy management method on the move and system
CN103209131A (en) * 2012-01-11 2013-07-17 中兴通讯股份有限公司 Address inquiring and message sending method, information registration server and switching router
CN104380658B (en) * 2013-04-28 2018-06-05 华为技术有限公司 Flow classifier, business route flip-flop, the method and system of Message processing
CN103491129B (en) 2013-07-05 2017-07-14 华为技术有限公司 A kind of service node collocation method, pool of service nodes Register and system
CN106470156B (en) * 2015-08-19 2020-07-10 中兴通讯股份有限公司 Method and device for forwarding message
CN105376342B (en) * 2015-10-12 2018-11-23 北京京东尚科信息技术有限公司 For determining the device and method of user partition in internet and using the server of described device
CN105376147B (en) * 2015-12-18 2019-08-02 Tcl集团股份有限公司 Instant communication information route addressing method, access server and system
CN110809033B (en) * 2019-10-23 2022-07-12 新华三信息安全技术有限公司 Message forwarding method and device and switching server
CN111935336B (en) * 2020-08-18 2023-05-30 下一代互联网关键技术和评测北京市工程研究中心有限公司 IPv 6-based network governance method and system
CN112422715A (en) * 2020-12-01 2021-02-26 网根(南京)网络中心有限公司 Addressing method and system based on IPv6 identity
CN113811019B (en) * 2021-10-29 2023-10-31 全球能源互联网研究院有限公司 Terminal identity and IPv6 address mapping method and device
CN115102896B (en) * 2022-07-22 2022-11-15 北京象帝先计算技术有限公司 Data broadcasting method, broadcasting accelerator, NOC, SOC and electronic equipment
CN115361328B (en) * 2022-07-29 2023-10-20 鹏城实验室 Method and related equipment for addressing and forwarding identity identification message
CN115190086B (en) * 2022-09-13 2023-01-06 之江实验室 Programmable switch-based identity identification network traffic scheduling method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801764A (en) * 2006-01-23 2006-07-12 北京交通大学 Internet access method based on identity and location separation
CN101123536A (en) * 2007-09-19 2008-02-13 北京交通大学 Method for managing integrated network locations
CN101483675A (en) * 2008-01-11 2009-07-15 华为技术有限公司 Network appliance searching method and network appliance

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801764A (en) * 2006-01-23 2006-07-12 北京交通大学 Internet access method based on identity and location separation
CN101123536A (en) * 2007-09-19 2008-02-13 北京交通大学 Method for managing integrated network locations
CN101483675A (en) * 2008-01-11 2009-07-15 华为技术有限公司 Network appliance searching method and network appliance

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DONG PING ET AL.: "Research on Universal Network Supporting Pervasive Services.", ACTA ELECTRONICA SINICA., vol. 35, no. 4, April 2007 (2007-04-01), pages 599 - 606, XP008162124 *
ZHAI YU-JIA ET AL.: "An Index Structure Model for Mobility Management of Universal Networks.", ACTA ELECTRONICA SINICA., vol. 37, no. 4, April 2009 (2009-04-01), pages 706 - 712 *

Also Published As

Publication number Publication date
CN102098349A (en) 2011-06-15

Similar Documents

Publication Publication Date Title
WO2011069399A1 (en) Address mapping method and access service node
US8661525B2 (en) Implementation method and system of virtual private network
KR101399002B1 (en) Virtual private network implemaentation method and system
EP2477428B1 (en) Method for anonymous communication, method for registration, method and system for transmitting and receiving information
WO2011124132A1 (en) Data communications system and method
EP2538621B1 (en) Data message processing method, system and access service node
WO2011131088A1 (en) Data message processing method, ingress tunnel router and system
KR20130112863A (en) Enhancing ds-lite with private ipv4 reachability
WO2012106935A1 (en) Data communication network configuration method, gateway element and data communication system
JPWO2006093299A1 (en) Tunneling device, tunnel frame sorting method used therefor, and program therefor
WO2011032462A1 (en) Method for data transmission and receiving, system and router thereof
WO2012130128A1 (en) Method, device, and system for implementing network identifier conversion
Li et al. Mf-iot: A mobilityfirst-based internet of things architecture with global reach-ability and communication diversity
Cabellos et al. An Architectural Introduction to the Locator/ID Separation Protocol (LISP)
WO2012075768A1 (en) Method and system for monitoring locator/identifier separation network
WO2011124121A1 (en) Inter-network data communication system and method
JP4615435B2 (en) Network relay device
WO2015039563A1 (en) Method and device for implementing layer 3 virtual private network
WO2011026355A1 (en) Method for a node accessing a home agent, home agent cluster system and service router
Kafle et al. ID-based communication framework in future networks
WO2012122710A1 (en) Bearer network and data transmission method thereof
WO2012075770A1 (en) Blocking method and system in an identity and location separation network
Cabellos et al. RFC 9299 An Architectural Introduction to the Locator/ID Separation Protocol (LISP)
Yang et al. IER: ID-ELoc-RLoc based architecture for next generation internet
Li et al. A Mobility Management Solution Based on ID/Locator Separation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10835434

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10835434

Country of ref document: EP

Kind code of ref document: A1