WO2012126286A1 - Procédé et système de détection d'état de serveur aaa - Google Patents

Procédé et système de détection d'état de serveur aaa Download PDF

Info

Publication number
WO2012126286A1
WO2012126286A1 PCT/CN2012/070333 CN2012070333W WO2012126286A1 WO 2012126286 A1 WO2012126286 A1 WO 2012126286A1 CN 2012070333 W CN2012070333 W CN 2012070333W WO 2012126286 A1 WO2012126286 A1 WO 2012126286A1
Authority
WO
WIPO (PCT)
Prior art keywords
preset user
access
preset
aaa server
aaa
Prior art date
Application number
PCT/CN2012/070333
Other languages
English (en)
Chinese (zh)
Inventor
周俊超
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012126286A1 publication Critical patent/WO2012126286A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3055Monitoring arrangements for monitoring the status of the computing system or of the computing system component, e.g. monitoring if the computing system is on, off, available, not available
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3006Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to an AAA server service state detecting method and system. Background technique
  • the AAA Authentication, Authorization, Accounting, Authentication, Authorization, and Accounting
  • the AAA server serves as the authentication, authorization, and accounting center for the PS service. It needs to interact with multiple network element devices and terminals.
  • the user first initiates an online request, and the AAA server authenticates the validity of the user.
  • the authentication passes the user's subscription information or configuration information to authorize the relevant service parameters, and records the user's business process.
  • the billing information generated in the bill is charged to the user in real time or offline.
  • the AAA server is the core network element for the user to perform PS related services. How to detect whether the services provided by the AAA server are normal is also crucial.
  • the detection method adopted by the general network system is detected by sending a ping packet to the AAA server. If the AAA server can ping, the AAA server is considered to be operating normally. However, the ping packet can only detect whether the AAA underlying link is normal, and cannot detect whether the service provided by the AAA server is normal. Therefore, the purpose of detecting whether the service provided by the AAA server is normal is not achieved. Summary of the invention
  • the invention provides a method and a system for detecting the service status of an AAA server, which are used to solve the problem that the service provided by the AAA server cannot be detected by using the ping packet in the prior art. question.
  • An authentication, authorization, and accounting AAA server service status detection method includes:
  • the AAA server receives the access request message of the preset user, and if the connection status of the data source is normal, the access network element feeds back the access response message of the preset user;
  • the access NE If the access NE receives the preset response content in the access response message of the preset user, it determines that the service status of the AAA server is normal.
  • the access network element does not receive the access response message of the preset user or the received response message of the preset user does not carry the preset response content, determine AAA.
  • the server's service status is abnormal.
  • the AAA server feeds back the preset user's access rejection message to the access network element if the connection status of the database source is abnormal.
  • the access network element and the AAA server are configured with the same preset user information.
  • the preset user information includes a preset user name, a preset user password, and a preset. Response content.
  • An AAA server service status detection system includes:
  • the access network element is configured to: when receiving the access response message of the preset user, and the preset response content is carried in the access response message, determining that the service state of the AAA server is normal;
  • the AAA server is configured to receive an access request message of the preset user, and if the connection state of the data source is normal, feed back an access response message of the preset user to the access network element.
  • the access network element is further configured to: when the preset response message is not received, or the preset response content is received in the preset user's access response message, Determine the service status of the AAA server is abnormal.
  • the AAA server is further configured to receive an access request message of the preset user. Then, if the connection status of the data source is abnormal, the access network element feeds back the preset user's access rejection message.
  • the AAA server includes an AAA service processing module and an AAA configuration module, where
  • the AAA service processing module is configured to perform message processing, process logic control, and check the connection status of the data source in the process of user authentication, authorization, and charging, including: receiving an access request message of the preset user, and checking the data source When the connection state is normal, the access network element is fed back to the access network element for the preset user's access response message; when the connection status of the data source is abnormal, the access network element is fed back the preset user's access rejection message;
  • AAA configuration module used to configure preset user information.
  • An AAA server includes an AAA service processing module and an AAA configuration module, where the AAA service processing module is configured to perform message processing, process logic control, and connection status of the data source in the process of user authentication, authorization, and charging.
  • the checking includes: receiving an access request message of the preset user, and checking, when the connection status of the data source is normal, feeding back the access response message of the preset user to the access network element;
  • AAA configuration module used to configure preset user information.
  • the AAA service processing module is further configured to: after receiving the access request message of the preset user, if the connection status of the data source is abnormal, feeding back an access denied message of the preset user to the access network element, or not responding Message.
  • the technical solution of the present invention detects the service status of the AAA server by sending an access request message of the preset user to the AAA server, and overcomes the service of the AAA server in the prior art by sending a ping packet to the AAA server.
  • the state is detected, only the fault of the underlying link is detected, and the service state of the AAA server is normal.
  • the technical solution of the present invention can be preset differently for different services of the AAA server. Users and data, detecting different services, using different preset users and returning within DRAWINGS
  • FIG. 1 is a flowchart of a preferred embodiment of a method for detecting a service state of an AAA server according to the present invention
  • FIG. 2 is a structural block diagram of a preferred embodiment of a AAA server service state detecting system according to the present invention
  • FIG. 3 is a structural block diagram of a preferred embodiment of the AAA server according to the present invention. detailed description
  • FIG. 1 is a flowchart of a preferred embodiment of a method for detecting a service state of an AAA server according to the present invention, the method mainly includes the following steps:
  • Step 1 Enable the preset user detection switch of the access network element and the AAA server, and configure the same preset user information in the access network element and the AAA server;
  • the preset user information includes the user name of the preset user, the password of the preset user, and the preset response content.
  • the user name of the preset user is set to Anonymous, and the password of the preset user is used.
  • Set to lifetest set the preset response content to I am OK! .
  • Step 2 The access network element sends a service status detection request to the AAA server by sending a preset user access request (Access Request) message to the AAA server.
  • Access Request preset user access request
  • the preset user's access request message carries at least the preset user's username and the preset user's password.
  • the preset user's access request message carries the preset user's username. Anonymous, the preset user's password lifetest.
  • Step 3 The AAA server receives the access request message of the preset user, and determines that the preset user is the service state detection user, and then starts to check the data source (for example, a physical database, a data file, and an internal The connection status of the database, other resources that store the data, and so on. If the connection status of the data source is normal, the user access feedback (Access accept) message is fed back to the access network element, and the preset user's access response message carries at least the user name and preset of the preset user. In the embodiment, the preset user's access response message carries the user name Anonymous of the preset user, and the preset response content is I am OK!
  • the data source for example, a physical database, a data file, and an internal The connection status of the database, other resources that store the data, and so on. If the connection status of the data source is normal, the user access feedback (Access accept) message is fed back to the access network element, and the preset user's access response message carries at least the user name and preset
  • the access reject message (access reject) message or the non-response message is directly fed back to the access network element, where the preset user's access reject message carries at least a pre- The username of the user is set.
  • the access denied message of the preset user carries the username of the preset user Anonymous.
  • Step 4 When the access network element receives the access response message of the preset user, and the response message carries the preset response content (the preset response content in this embodiment is l am OK, then the AAA is determined.
  • the service status of the server is normal; when the access network element does not receive the access response message of the preset user or the response content carried in the received access message of the preset user is inconsistent with the preset response content, Then determine that the service status of the AAA server is abnormal.
  • the access network element does not receive the access response message of the preset user, and includes two cases: In the first case, the access network element does not receive any message sent by the preset user; The incoming NE receives the access denied message sent by the preset user.
  • the present invention further provides an AAA server service status detecting system.
  • FIG. 2 is a structural block diagram of a preferred embodiment of the AAA server service status detecting system according to the present invention.
  • the access network element and the AAA server are mainly included, wherein the access network element is configured to send an access request message of the preset user to the AAA server, and receive an access response message of the preset user, and the response message is When the preset response content is carried, it is determined that the service status of the AAA server is normal. When the preset user's access response message or the received preset user's access response message is not received, the preset response content is not carried.
  • the access network element does not receive the access response message of the preset user.
  • the first case is that the access network element does not receive any message sent by the preset user.
  • the second case is the access network. The element receives an access reject message sent by the preset user.
  • the AAA server is configured to receive an access request message, and if the connection status of the data source (such as a physical database, a data file, an in-memory database, and other resources for storing data) is normal, feed the access NE to the preset user.
  • the response message if the connection status of the data source is abnormal, feeds back the preset user's access rejection message to the access network element.
  • the AAA server includes an AAA service processing module and an AAA configuration module, where
  • the AAA service processing module is configured to perform message processing, process logic control, and check the connection status of the database in the process of user authentication, authorization, and charging, including: receiving an access request message of the preset user, and checking the data source.
  • the access network element is fed back to the access network element, and is further configured to: after receiving the access request message of the preset user, if the connection status of the data source is abnormal, accessing the network element Feedback of the preset user's access rejection message;
  • the AAA configuration module is configured to enable whether to enable the preset user detection switch and configure the preset user information, which generally includes: a preset user name, a preset user password, and a preset response content (the response content configured here is required) It is consistent with the configuration on the access NE side, for example: I am OK!
  • FIG. 3 is a structural block diagram of a preferred embodiment of the AAA server according to the present invention, which mainly includes an AAA service processing module and an AAA configuration module, where
  • AAA service processing module for performing message processing, process logic control, and connection of data sources (such as physical databases, data files, in-memory databases, and other resources for storing data) in the process of user authentication, authorization, and accounting.
  • Status check After receiving the access request message of the preset user, the AAA service processing module starts to check the data source connection status. If the connection status of the data source is normal, the access user message is fed back to the access network element, and the preset user's access response message carries at least the user name of the preset user and the preset response content; If the connection status of the data source is abnormal, the access denied message of the preset user is directly fed back to the access network element, and the access denied message of the preset user carries at least the user name of the preset user.
  • data sources such as physical databases, data files, in-memory databases, and other resources for storing data
  • the AAA configuration module is configured to enable whether to enable the preset user detection switch and configure the preset user information, which generally includes: a preset user name, a preset user password, and a preset response content (the response content configured here is required) It is consistent with the configuration on the access NE side, for example: I am OK!

Abstract

L'invention porte sur un procédé et un système de détection d'état de serveur destinés à être utilisés sur des serveurs AAA, utilisés pour résoudre les problèmes dans la détection du fait le service fourni par un serveur AAA est ou non normal. Le procédé comprend les opérations suivantes : un serveur AAA reçoit un message de demande d'accès d'utilisateur prédéfini. Si la connexion à la source de données est normale, le serveur envoie à l'élément de réseau d'accès un message de réponse d'accès d'utilisateur prédéfini. La réception par l'élément de réseau d'accès d'un contenu de réponse prédéfini dans ledit message de réponse d'accès d'utilisateur prédéfini confirme que l'état de serveur du serveur AAA est normal. Le système comprend ledit élément de réseau d'accès et un serveur AAA. L'invention permet de supprimer les défauts de l'état antérieur de la technique où un paquet ping envoyé à un serveur AAA pour tester l'état du serveur permet seulement de vérifier si les liaisons de niveau inférieur sont ou non normales. L'invention peut efficacement tester si un état de serveur d'un serveur AAA est ou non normal.
PCT/CN2012/070333 2011-03-21 2012-01-13 Procédé et système de détection d'état de serveur aaa WO2012126286A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2011100682717A CN102148725A (zh) 2011-03-21 2011-03-21 一种aaa服务器服务状态检测方法及系统
CN201110068271.7 2011-03-21

Publications (1)

Publication Number Publication Date
WO2012126286A1 true WO2012126286A1 (fr) 2012-09-27

Family

ID=44422742

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/070333 WO2012126286A1 (fr) 2011-03-21 2012-01-13 Procédé et système de détection d'état de serveur aaa

Country Status (2)

Country Link
CN (1) CN102148725A (fr)
WO (1) WO2012126286A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107566416A (zh) * 2017-10-25 2018-01-09 北京安博通科技股份有限公司 认证性能测试方法、装置及系统、终端、网络接入服务器
CN112994962A (zh) * 2019-12-13 2021-06-18 北大方正集团有限公司 基于aaa认证测试的装置、方法、存储介质及系统

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102148725A (zh) * 2011-03-21 2011-08-10 中兴通讯股份有限公司 一种aaa服务器服务状态检测方法及系统
CN102780577A (zh) * 2012-04-26 2012-11-14 新奥特(北京)视频技术有限公司 一种网络故障检测方法
CN103533544B (zh) * 2013-10-10 2016-06-01 北京首信科技股份有限公司 一种在数据库发生故障时进行aaa认证的方法
CN103685501A (zh) * 2013-12-06 2014-03-26 北京奇虎科技有限公司 数据处理方法、装置和系统
CN105978938A (zh) * 2016-04-25 2016-09-28 乐视控股(北京)有限公司 一种业务处理设备的业务状态确定方法及调度设备

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000151663A (ja) * 1998-11-17 2000-05-30 Mitsubishi Electric Corp 故障検知装置及び故障検知方法
JP2000298636A (ja) * 1999-04-13 2000-10-24 Mitsubishi Electric Corp クライアント・サーバ間の通信ネットワーク管理方法および装置
US6691244B1 (en) * 2000-03-14 2004-02-10 Sun Microsystems, Inc. System and method for comprehensive availability management in a high-availability computer system
US6874099B1 (en) * 2001-05-31 2005-03-29 Sprint Communications Company L.P. Method and software for testing and performance monitoring
CN1650263A (zh) * 2002-04-08 2005-08-03 国际商业机器公司 用于在分布式企业应用中进行问题确定的方法和系统
CN1682211A (zh) * 2002-09-20 2005-10-12 国际商业机器公司 用于公布和监测分布式数据处理系统中提供服务的实体的方法及装置
CN1791034A (zh) * 2004-12-13 2006-06-21 华为技术有限公司 一种检测方法
CN101304343A (zh) * 2008-06-10 2008-11-12 华为技术有限公司 一种网络故障检测的方法、网络设备和网络系统
KR20090127575A (ko) * 2008-06-09 2009-12-14 주식회사 케이티 인증 서비스 시스템에서 별도의 감시자를 통해 서비스상태를 감시하는 방법 및 장치
CN102148725A (zh) * 2011-03-21 2011-08-10 中兴通讯股份有限公司 一种aaa服务器服务状态检测方法及系统

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1494257A (zh) * 2002-10-31 2004-05-05 华为技术有限公司 对认证授权计费服务器进行实时监控的方法
CN101465862A (zh) * 2009-01-09 2009-06-24 北京星网锐捷网络技术有限公司 认证业务切换处理方法与装置、网络设备与通信系统

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000151663A (ja) * 1998-11-17 2000-05-30 Mitsubishi Electric Corp 故障検知装置及び故障検知方法
JP2000298636A (ja) * 1999-04-13 2000-10-24 Mitsubishi Electric Corp クライアント・サーバ間の通信ネットワーク管理方法および装置
US6691244B1 (en) * 2000-03-14 2004-02-10 Sun Microsystems, Inc. System and method for comprehensive availability management in a high-availability computer system
US6874099B1 (en) * 2001-05-31 2005-03-29 Sprint Communications Company L.P. Method and software for testing and performance monitoring
CN1650263A (zh) * 2002-04-08 2005-08-03 国际商业机器公司 用于在分布式企业应用中进行问题确定的方法和系统
CN1682211A (zh) * 2002-09-20 2005-10-12 国际商业机器公司 用于公布和监测分布式数据处理系统中提供服务的实体的方法及装置
CN1791034A (zh) * 2004-12-13 2006-06-21 华为技术有限公司 一种检测方法
KR20090127575A (ko) * 2008-06-09 2009-12-14 주식회사 케이티 인증 서비스 시스템에서 별도의 감시자를 통해 서비스상태를 감시하는 방법 및 장치
CN101304343A (zh) * 2008-06-10 2008-11-12 华为技术有限公司 一种网络故障检测的方法、网络设备和网络系统
CN102148725A (zh) * 2011-03-21 2011-08-10 中兴通讯股份有限公司 一种aaa服务器服务状态检测方法及系统

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107566416A (zh) * 2017-10-25 2018-01-09 北京安博通科技股份有限公司 认证性能测试方法、装置及系统、终端、网络接入服务器
CN107566416B (zh) * 2017-10-25 2020-09-29 北京安博通科技股份有限公司 认证性能测试方法、装置及系统、终端、网络接入服务器
CN112994962A (zh) * 2019-12-13 2021-06-18 北大方正集团有限公司 基于aaa认证测试的装置、方法、存储介质及系统

Also Published As

Publication number Publication date
CN102148725A (zh) 2011-08-10

Similar Documents

Publication Publication Date Title
WO2012126286A1 (fr) Procédé et système de détection d'état de serveur aaa
CN105450582B (zh) 业务处理方法、终端、服务器及系统
JP5693576B2 (ja) インスタントメッセージセッションの管理
US7451209B1 (en) Improving reliability and availability of a load balanced server
WO2015085848A1 (fr) Procédé d'authentification de sécurité et procédé de détection de transmission bidirectionnelle
WO2014169804A1 (fr) Procédé et système d'enregistrement pour entité de service commun
WO2011020363A1 (fr) Procédé et système de réalisation d'équilibrage de charge et client diamètre
JP2018522323A (ja) 音声通信処理方法及びシステム、電子装置、並びに記憶媒体
WO2011026358A1 (fr) Procédé et système pour le traitement d'une déconnexion anormale d'un utilisateur dans le cadre d'une authentification sur le web
CN109361753A (zh) 一种物联网系统架构与加密方法
CN113672897B (zh) 数据通信方法、装置、电子设备及存储介质
CN102271133A (zh) 认证方法、装置和系统
JP2006279636A (ja) クライアント間通信ログの整合性保証管理システム
WO2009018732A1 (fr) Procédé, serveur et système d'autorisation de service
CN109104475A (zh) 连接恢复方法、装置及系统
CN106686592B (zh) 一种带有认证的网络接入方法及系统
CN104837134B (zh) 一种Web认证用户登录方法、设备和系统
WO2003081839A1 (fr) Procede d'etablissement d'une liaison entre le dispositif d'acces au reseau et l'utilisateur mettant en oeuvre le protocole 802.1x
CN111031053B (zh) 身份认证方法、装置、电子设备及可读存储介质
CN101697550A (zh) 一种双栈网络访问权限控制方法和系统
CN105991619A (zh) 一种安全认证方法和装置
CN103873585A (zh) 一种Radius认证装置和方法
JP5470145B2 (ja) 認証スイッチおよび端末認証方法
WO2010121551A1 (fr) Procédé pour un traitement de messages de groupe, plateforme de distribution de service et équipement associé
CN106304071B (zh) 一种网络接入认证方法、接入认证设备及系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12760927

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12760927

Country of ref document: EP

Kind code of ref document: A1