WO2015117400A1 - Packet forwarding and processing method and device, and broadband access device - Google Patents

Packet forwarding and processing method and device, and broadband access device Download PDF

Info

Publication number
WO2015117400A1
WO2015117400A1 PCT/CN2014/089243 CN2014089243W WO2015117400A1 WO 2015117400 A1 WO2015117400 A1 WO 2015117400A1 CN 2014089243 W CN2014089243 W CN 2014089243W WO 2015117400 A1 WO2015117400 A1 WO 2015117400A1
Authority
WO
WIPO (PCT)
Prior art keywords
mac address
address
packet
pool
source mac
Prior art date
Application number
PCT/CN2014/089243
Other languages
French (fr)
Chinese (zh)
Inventor
叶茂
沈宇扬
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015117400A1 publication Critical patent/WO2015117400A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/64Hybrid switching systems
    • H04L12/6418Hybrid transport

Definitions

  • the present invention relates to the field of communications, and in particular, to a packet forwarding processing method and apparatus, and a broadband access device.
  • the user access control (Media Access Control, MAC address) address is configured by the user.
  • the traditional network device does not modify the user MAC address, resulting in the user MAC.
  • the address is actually untrustworthy. There may be conflicts with other users. Address conflicts may cause other consequences such as system service interruption.
  • the user's original MAC is also exposed in the network layer devices. If the MAC address of the user device is mastered, the user location information may be obtained by intercepting the network communication content.
  • the International Standards Organization proposed the concept of virtual MAC (virtual MAC). The so-called virtual MAC is actually replacing the user MAC with other MAC addresses.
  • the MAC is not uniquely specified, and the information of the user's location cannot be obtained through the MAC address. . However, there is no way and method of replacement.
  • the virtual MAC is mainly for: (1) to prevent user address conflicts. (2) Prevent user information from being threatened according to the MAC address.
  • the actual virtual MAC deployment directly replaces the user MAC with the pre-planned MAC address of the system.
  • the current network is developing rapidly, the number of access users is large, and the number of access network devices is increasing.
  • the traditional virtual MAC arrangement requires not only pre-reserving MAC address planning for various devices, but also pre-reserving a large number of MAC addresses for possible users. Even if these users may not use the technology.
  • the present invention provides a packet forwarding processing method and apparatus, so as to at least solve the related art, there is a large demand for a reserved MAC address, and a reserved MAC address may not be used by a user, thereby causing waste of resources. problem.
  • a packet forwarding processing method including: configuring an address pool for packet forwarding, wherein the address pool stores a MAC address, and the MAC address includes a reservation. a MAC address and/or one or more source MAC addresses of the packets that are recovered after forwarding the packet; according to the reserved MAC address in the address pool and/or the source MAC address of the packet Perform packet forwarding processing.
  • the configuring the address pool for performing packet forwarding includes: determining, by using a MAC address in the address pool, the source MAC address of the packet to be a trusted MAC address. Address; if the judgment result is yes, the source MAC address is added to the address pool.
  • performing packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet includes: determining whether the recovered source MAC address exists in the address pool; If the result of the determination is yes, the received MAC address of the packet to be forwarded is replaced with the source MAC address for packet forwarding.
  • performing packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet includes: using a MAC address in the address pool to source the MAC address of the packet After the address is replaced, the packet processing is performed according to the replaced MAC address; the correspondence between the source MAC address and the replaced MAC address is stored; and the replaced MAC address is obtained according to the correspondence The downlink processing of the packet is performed by replacing the source MAC address.
  • the method further includes: determining whether an aging time preset by the MAC address in the address pool is expired; and if the determination result is yes, releasing the location Indicates the MAC address of the address pool whose aging time expires.
  • a message forwarding processing apparatus including: a configuration module, configured to configure an address pool for packet forwarding, wherein the address pool stores a MAC address, The MAC address includes a reserved MAC address and/or one or more source MAC addresses of the packet that are recovered after the packet is forwarded; the processing module is configured to use the reserved MAC address in the address pool and / or the source MAC address of the packet is forwarded by the packet.
  • the configuration module includes: a first determining unit, configured to determine whether the source MAC address is a trusted MAC address after replacing the source MAC address of the packet by using a MAC address in the address pool And an adding unit configured to add the source MAC address to the address pool if the determination result of the first determining unit is YES.
  • the processing module includes: a second determining unit, configured to determine whether the source MAC address is recovered in the address pool; and the first forwarding unit is configured to determine that the second determining unit is If yes, the received MAC address of the packet to be forwarded is replaced with the source MAC address for packet forwarding.
  • the processing module includes: a first processing unit, configured to: after the source MAC address of the packet is replaced by using a MAC address in the address pool, report the packet according to the replaced MAC address a storage unit configured to store a correspondence between the source MAC address and the replaced MAC address; the second processing unit is configured to replace the replaced MAC address with the source MAC according to the correspondence The address performs downlink processing of the packet.
  • a first processing unit configured to: after the source MAC address of the packet is replaced by using a MAC address in the address pool, report the packet according to the replaced MAC address
  • a storage unit configured to store a correspondence between the source MAC address and the replaced MAC address
  • the second processing unit is configured to replace the replaced MAC address with the source MAC according to the correspondence The address performs downlink processing of the packet.
  • the device further includes: a determining module, configured to determine whether an aging time preset by the MAC address in the address pool expires; and releasing the module, if the determining result of the determining module is yes, Release the MAC address of the address pool whose aging time expires.
  • a determining module configured to determine whether an aging time preset by the MAC address in the address pool expires.
  • a broadband access device comprising the apparatus of any of the above.
  • the address pool configured for packet forwarding is configured by the present invention, wherein the address pool stores a MAC address, where the MAC address includes a reserved MAC address and/or one or more packets are forwarded. Deleting the source MAC address of the packet; performing packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet, and solving the related technology
  • the MAC address requirement is large, and the reserved MAC address may not be used by the user, thereby causing waste of resources, thereby achieving the effect of effectively reducing the reserved MAC address and ensuring the security of the user information.
  • FIG. 1 is a flowchart of a packet forwarding processing method according to an embodiment of the present invention
  • FIG. 2 is a structural block diagram of a message forwarding processing apparatus according to an embodiment of the present invention.
  • FIG. 3 is a block diagram showing a preferred structure of a configuration module 22 in a message forwarding processing apparatus according to an embodiment of the present invention
  • FIG. 4 is a block diagram 1 of a preferred structure of a processing module 24 in a message forwarding processing apparatus according to an embodiment of the present invention
  • FIG. 5 is a second structural block diagram of a processing module 24 in a message forwarding processing apparatus according to an embodiment of the present invention.
  • FIG. 6 is a block diagram showing a preferred structure of a message forwarding processing apparatus according to an embodiment of the present invention.
  • FIG. 7 is a structural block diagram of a broadband access device according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of virtual MAC deployment according to a preferred embodiment of the present invention.
  • FIG. 9 is a flow chart of packet forwarding by a virtual MAC according to a preferred embodiment of the present invention.
  • FIG. 1 is a flowchart of a packet forwarding processing method according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
  • Step S102 configuring an address pool for packet forwarding, where the address pool stores a MAC address, where the MAC address includes a reserved MAC address and/or one or more packets that are retransmitted after forwarding the packet.
  • Source MAC address MAC address
  • Step S104 Perform packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet.
  • the packet forwarding process is performed according to the reserved MAC address and/or the reclaimed source MAC address.
  • the reserved MAC address planning is performed on various devices in advance, and there is a large demand for the reserved MAC address.
  • the reserved MAC address may not be used by the user, which may result in waste of resources.
  • the above processing can effectively solve the above problem, thereby effectively reducing the reserved MAC address and ensuring the security of the user information.
  • the address pool configured for packet forwarding includes multiple processing.
  • the MAC address can be directly reserved.
  • multiple MAC addresses can be reserved as needed.
  • the method of recovering the source MAC address of the packet forwarding process may be adopted. The following processing may be adopted: after the source MAC address of the packet is replaced by the MAC address in the address pool, it is determined whether the source MAC address is trusted. MAC address; if the judgment result is yes, the source MAC address is added to the address pool.
  • the packet can be forwarded by using the reclaimed MAC address. For example, If the result of the determination is yes, the received MAC address of the packet to be forwarded is replaced with the source MAC address for packet forwarding.
  • the correspondence between the replacement MAC addresses may be stored in order to provide the processing efficiency of the packet.
  • the packet is processed according to the replaced MAC address; the correspondence between the source MAC address and the replaced MAC address is stored; The replaced MAC address is replaced with the source MAC address for downlink processing of the packet.
  • a message forwarding processing device is also provided, which is used to implement the foregoing embodiments and preferred embodiments, and has not been described again.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG. 2 is a structural block diagram of a message forwarding processing apparatus according to an embodiment of the present invention. As shown in FIG. 2, the apparatus includes a configuration module 22 and a processing module 24. The apparatus will be described below.
  • the configuration module 22 is configured to configure an address pool for packet forwarding, where the address pool stores a MAC address, and the MAC address includes a reserved MAC address and/or one or more packets that are retransmitted after forwarding the packet.
  • the source MAC address of the file; the processing module 24 is connected to the configuration module 22, and configured to perform packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet.
  • FIG. 3 is a block diagram showing a preferred structure of the configuration module 22 in the message forwarding processing apparatus according to the embodiment of the present invention.
  • the configuration module 22 includes a first determining unit 32 and an adding unit 34. 22 for explanation.
  • the first determining unit 32 is configured to determine whether the source MAC address is a trusted MAC address after replacing the source MAC address of the packet by using the MAC address in the address pool, and adding the unit 34 to the first determining unit. 32. Set to add the source MAC address to the address pool if the determination result of the first determining unit is YES.
  • FIG. 4 is a block diagram of a preferred structure of the processing module 24 in the message forwarding processing apparatus according to the embodiment of the present invention. As shown in FIG. 4, the processing module 24 includes: a second determining unit 42 and a first forwarding unit 44. The processing module 24 will be described.
  • the second determining unit 42 is configured to determine whether there is a recovered source MAC address in the address pool; the first forwarding unit 44 is connected to the second determining unit 42 and is set to be in the case that the determination result of the second determining unit is YES.
  • the MAC address of the received packet to be forwarded is replaced with the source MAC address for packet forwarding.
  • FIG. 5 is a block diagram of a preferred structure of the processing module 24 in the packet forwarding processing apparatus according to the embodiment of the present invention.
  • the processing module 24 includes: a first processing unit 52, a storage unit 54, and a second processing unit. 56. The device will be described below.
  • the first processing unit 52 is configured to perform the report processing of the packet according to the replaced MAC address after the source MAC address of the packet is replaced by the MAC address in the address pool, and the storage unit 54 is connected to the first processing.
  • the unit 52 is configured to store the correspondence between the source MAC address and the replaced MAC address.
  • the second processing unit 56 is connected to the storage unit 54 and is configured to replace the replaced MAC address with the source MAC address according to the correspondence. Downstream processing of the message.
  • FIG. 6 is a block diagram of a preferred structure of a message forwarding processing apparatus according to an embodiment of the present invention. As shown in FIG. 6, the apparatus further includes a determining module 62 and a releasing module 64, in addition to all the structures shown in FIG. This preferred structure will be described.
  • the determining module 62 is connected to the configuration module 22, and is configured to determine whether the preset aging time of the MAC address in the address pool expires; the releasing module 64 is connected to the determining module 62 and the processing module 24, and is configured to be in the determining module. If the judgment result is yes, the MAC address whose aging time expires in the address pool is released.
  • FIG. 7 is a structural block diagram of a broadband access device according to an embodiment of the present invention. As shown in FIG. 7, the broadband access device 70 includes the packet forwarding processing device 72 of any of the above.
  • a method for implementing a virtual MAC (DHCP) on an Ethernet or related network is provided, which can effectively reduce the demand for a MAC address.
  • DHCP virtual MAC
  • the solution is mainly for the device that starts the virtual MAC function, and recycles the source MAC of the port to which the new MAC has been allocated.
  • the implementation of the MAC address recycling is as follows:
  • the system configures a reserved MAC address pool.
  • the address pool only needs to reserve a MAC address in advance.
  • the MAC address needs to be pre-planned to avoid conflicts with other devices or actual users. In actual use, in order to prevent some users from using illegal addresses or to protect some users, you can configure the MAC to MAC address pool as required.
  • the system intercepts the user's uplink packet and determines whether the MAC address of the user packet has been replaced. If it needs to be replaced, an address is allocated from the MAC pool to the user for communication with other users. All subsequent source MAC addresses are replaced with the assigned MAC addresses. Check the user's original MAC address. Whether it is a conflict or whether it is an untrusted MAC address. The so-called conflict means that the user MAC is the same as the MAC address of the user who already has the service. If the user MAC address is not conflicting and trusted, the original MAC address of the user is put into the MAC address pool as a new address allocation.
  • the aging of the address is performed according to the normal aging.
  • the so-called virtual MAC aging of the user if the user MAC address is not allocated, it is directly deleted from the address pool, and if it has been assigned, the MAC address is marked. Released when the user is aging.
  • the user MAC is placed in the address pool, it needs to determine whether it already exists in the address pool. If it exists, it only needs to update the status and clear the flag to be released.
  • the requirement for the reserved MAC address after the virtual MAC function is enabled is effectively reduced, and the security of the user data information can also be protected.
  • each device implementing a virtual MAC virtual MAC address must have a MAC address pool for the first user and The MAC address of the untrusted user is replaced.
  • the address pool needs to save the MAC address that can be used by other users after replacement.
  • the MAC address can be set as an untrusted MAC address. Such a MAC address will not be reclaimed, but the user MAC will still be replaced after the virtual MAC function is turned on.
  • the uplink and downlink of the user stream need to be processed separately.
  • FIG. 9 is a flowchart of packet forwarding by a virtual MAC according to a preferred embodiment of the present invention. As shown in FIG. 9, the process includes the following steps:
  • Step S902 receiving user uplink data
  • Step S904 detecting the user MAC address corresponding to the message, if a conflict is detected, proceeding to step S906, otherwise proceeding to step S910;
  • Step S906 determining whether the user MAC address is trusted? If the result of the determination is yes, proceed to step S908, otherwise proceed to step S910;
  • Step S908 the source address is recovered and stored in the address pool
  • Step S910 allocating a reserved new address
  • step S912 the system exchange and other service processing are submitted.
  • the system uses a switch to control whether the user enables the virtual MAC function, and in the case of the opening, in the user upstream, before the user enters the system switching process,
  • the user MAC address reported by the user is detected and the uplink MAC address is replaced.
  • the replacement rule is to preferentially use the MAC address reclaimed by other users from the MAC address pool to save the reserved MAC address of the system. If the MAC address pool has no reclaimed address, the port is used.
  • the system reserves the MAC address. For a trusted MAC address, the MAC address is reclaimed into the address pool for use by the next virtual MAC user. Untrusted MAC addresses are not reserved and are discarded directly.
  • the user stream is then exchanged for system processing, and the correspondence diagram between the user's original MAC and the replaced MAC is retained.
  • the replaced user stream is forwarded according to the normal process. For the MAC address that the system recognizes as being replaced, it is directly handed over to the switch and the service for processing. It is no longer necessary to participate in the uplink virtual MAC processing process to speed up system switching and service processing efficiency.
  • the virtual MAC used by the user In the downlink processing, in order to ensure that the user equipment can be recognized normally, the virtual MAC used by the user must be replaced with the original MAC, as long as it is identified as the replaced virtual MAC user, before being sent to the downlink user, according to the saved original MAC address of the user.
  • the virtual MAC correspondence replaces the MAC address with the original MAC address of the user.
  • the correspondence between the original MAC address and the replacement MAC address of the user is only removed after the system aging time expires, or the system administrator forcibly releases the user.
  • the so-called user MAC address aging means that the user has no traffic for a long time, and the system releases the resources occupied by the user. After the release, if the user enters the system again to enter the service process and needs to replace the MAC address, in order to ensure the security of the user information, the system recommends that the replaced virtual MAC address be randomly allocated according to the reserved MAC address pool instead of the last allocation. MAC address.
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the related art has a problem that the reserved MAC address is required to be large, and the reserved MAC address may not be used by the user, thereby causing waste of resources.
  • the effect of effectively reducing the reserved MAC address and ensuring the security of the user information is achieved.

Abstract

Provided are a packet forwarding and processing method and device, and a broadband access device. The method comprises: configuring an address pool which is used for conducting packet forwarding, wherein MAC addresses are stored in the address pool, and the MAC addresses comprise a reserved MAC address and/or one or more source MAC addresses of a packet which is recovered after the packet is forwarded; and according to the reserved MAC address and/or the source MAC addresses of the packet in the address pool, conducting packet forwarding and processing. The present invention solves the problem in the related art of wasting of resources caused by the fact that there are large demands for reserved MAC addresses but it is likely that a user may not use the reserved MAC addresses, thereby achieving the effects of effectively reducing the number of reserved MAC addresses and ensuring the security of user information.

Description

报文转发处理方法、装置及宽带接入设备Message forwarding processing method, device and broadband access device 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种报文转发处理方法、装置及宽带接入设备。The present invention relates to the field of communications, and in particular, to a packet forwarding processing method and apparatus, and a broadband access device.
背景技术Background technique
在当前网络组网建设中,用户媒体接入控制(Media Access Control,简称为MAC)地址为用户自行管理配置,在用户接入网络时候,传统网络设备并不会修改用户MAC地址,造成用户MAC地址实际是不可信的,可能存在与别的用户冲突,地址冲突会造成系统设备服务中断等其他后果。另外,用户的原始MAC也暴露在网络各层设备中,若掌握了用户设备的MAC地址,通过截取网络通信内容,就可能获取用户位置信息。为了解决以上问题,国际标准组织提出了虚拟MAC(virtual MAC)的概念,所谓virtual MAC实际上就是将用户MAC替换为其他MAC地址,该MAC并不唯一指定,通过MAC地址无法获取用户位置的信息。但并未规定替换的方式和方法。综上所述virtual MAC主要是为了:(1)防止用户地址冲突。(2)防止根据MAC地址威胁用户信息安全。In the current network networking, the user access control (Media Access Control, MAC address) address is configured by the user. When the user accesses the network, the traditional network device does not modify the user MAC address, resulting in the user MAC. The address is actually untrustworthy. There may be conflicts with other users. Address conflicts may cause other consequences such as system service interruption. In addition, the user's original MAC is also exposed in the network layer devices. If the MAC address of the user device is mastered, the user location information may be obtained by intercepting the network communication content. In order to solve the above problems, the International Standards Organization proposed the concept of virtual MAC (virtual MAC). The so-called virtual MAC is actually replacing the user MAC with other MAC addresses. The MAC is not uniquely specified, and the information of the user's location cannot be obtained through the MAC address. . However, there is no way and method of replacement. In summary, the virtual MAC is mainly for: (1) to prevent user address conflicts. (2) Prevent user information from being threatened according to the MAC address.
传统的virtual MAC实际部署直接将用户MAC替换为系统事先规划的MAC地址。当前网络发展迅速,接入用户众多,接入网络设备大量增加,传统的virtual MAC布置方式不仅需要事前对各种设备进行保留MAC地址规划,而且需要预先保留大量的MAC地址用于可能存在的用户,即使这些用户可能并不会使用该技术。The actual virtual MAC deployment directly replaces the user MAC with the pre-planned MAC address of the system. The current network is developing rapidly, the number of access users is large, and the number of access network devices is increasing. The traditional virtual MAC arrangement requires not only pre-reserving MAC address planning for various devices, but also pre-reserving a large number of MAC addresses for possible users. Even if these users may not use the technology.
因此,在相关技术中,存在对预留MAC地址需求大,而对于预留的MAC地址可能用户并不会用到,从而导致资源浪费的问题。Therefore, in the related art, there is a problem that the reserved MAC address is large, and the reserved MAC address may not be used by the user, thereby causing waste of resources.
发明内容Summary of the invention
本发明提供了一种报文转发处理方法及装置,以至少解决相关技术中,存在对预留MAC地址需求大,而对于预留的MAC地址可能用户并不会用到,从而导致资源浪费的问题。The present invention provides a packet forwarding processing method and apparatus, so as to at least solve the related art, there is a large demand for a reserved MAC address, and a reserved MAC address may not be used by a user, thereby causing waste of resources. problem.
根据本发明的一个方面,提供了一种报文转发处理方法,包括:配置用于进行报文转发的地址池,其中,所述地址池中存储有MAC地址,所述MAC地址包括预留 MAC地址和/或一个或多个对报文进行转发后回收的所述报文的源MAC地址;依据所述地址池中的所述预留MAC地址和/或所述报文的源MAC地址进行报文转发处理。According to an aspect of the present invention, a packet forwarding processing method is provided, including: configuring an address pool for packet forwarding, wherein the address pool stores a MAC address, and the MAC address includes a reservation. a MAC address and/or one or more source MAC addresses of the packets that are recovered after forwarding the packet; according to the reserved MAC address in the address pool and/or the source MAC address of the packet Perform packet forwarding processing.
优选地,配置用于进行报文转发的所述地址池包括:在采用地址池中的MAC地址对所述报文的源MAC地址进行替换后,判断所述源MAC地址是否为可信的MAC地址;在判断结果为是的情况下,将所述源MAC地址添加到所述地址池中。Preferably, the configuring the address pool for performing packet forwarding includes: determining, by using a MAC address in the address pool, the source MAC address of the packet to be a trusted MAC address. Address; if the judgment result is yes, the source MAC address is added to the address pool.
优选地,依据所述地址池中的所述预留MAC地址和/或所述报文的源MAC地址进行报文转发处理包括:判断所述地址池中是否存在回收的所述源MAC地址;在判断结果为是的情况下,将接收到的将要进行转发的报文的MAC地址替换为所述源MAC地址进行报文转发。Preferably, performing packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet includes: determining whether the recovered source MAC address exists in the address pool; If the result of the determination is yes, the received MAC address of the packet to be forwarded is replaced with the source MAC address for packet forwarding.
优选地,依据所述地址池中的所述预留MAC地址和/或所述报文的源MAC地址进行报文转发处理包括:在采用地址池中的MAC地址对所述报文的源MAC地址进行替换后,依据所述替换后的MAC地址进行报文的上报处理;存储所述源MAC地址与替换后的MAC地址的对应关系;依据所述对应关系,将所述替换后的MAC地址替换为所述源MAC地址进行报文的下行处理。Preferably, performing packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet includes: using a MAC address in the address pool to source the MAC address of the packet After the address is replaced, the packet processing is performed according to the replaced MAC address; the correspondence between the source MAC address and the replaced MAC address is stored; and the replaced MAC address is obtained according to the correspondence The downlink processing of the packet is performed by replacing the source MAC address.
优选地,在配置用于进行报文转发的所述地址池之后,还包括:判断所述地址池中的MAC地址预设的老化时间是否到期;在判断结果为是的情况下,释放所述地址池中的老化时间到期的MAC地址。Preferably, after the configuration of the address pool for packet forwarding, the method further includes: determining whether an aging time preset by the MAC address in the address pool is expired; and if the determination result is yes, releasing the location Indicates the MAC address of the address pool whose aging time expires.
根据本发明的另一方面,提供了一种报文转发处理装置,包括:配置模块,设置为配置用于进行报文转发的地址池,其中,所述地址池中存储有MAC地址,所述MAC地址包括预留MAC地址和/或一个或多个对报文进行转发后回收的所述报文的源MAC地址;处理模块,设置为依据所述地址池中的所述预留MAC地址和/或所述报文的源MAC地址进行报文转发处理。According to another aspect of the present invention, a message forwarding processing apparatus is provided, including: a configuration module, configured to configure an address pool for packet forwarding, wherein the address pool stores a MAC address, The MAC address includes a reserved MAC address and/or one or more source MAC addresses of the packet that are recovered after the packet is forwarded; the processing module is configured to use the reserved MAC address in the address pool and / or the source MAC address of the packet is forwarded by the packet.
优选地,所述配置模块包括:第一判断单元,设置为在采用地址池中的MAC地址对所述报文的源MAC地址进行替换后,判断所述源MAC地址是否为可信的MAC地址;添加单元,设置为在所述第一判断单元的判断结果为是的情况下,将所述源MAC地址添加到所述地址池中。Preferably, the configuration module includes: a first determining unit, configured to determine whether the source MAC address is a trusted MAC address after replacing the source MAC address of the packet by using a MAC address in the address pool And an adding unit configured to add the source MAC address to the address pool if the determination result of the first determining unit is YES.
优选地,所述处理模块包括:第二判断单元,设置为判断所述地址池中是否存在回收的所述源MAC地址;第一转发单元,设置为在所述第二判断单元的判断结果为是的情况下,将接收到的将要进行转发的报文的MAC地址替换为所述源MAC地址进行报文转发。 Preferably, the processing module includes: a second determining unit, configured to determine whether the source MAC address is recovered in the address pool; and the first forwarding unit is configured to determine that the second determining unit is If yes, the received MAC address of the packet to be forwarded is replaced with the source MAC address for packet forwarding.
优选地,所述处理模块包括:第一处理单元,设置为在采用地址池中的MAC地址对所述报文的源MAC地址进行替换后,依据所述替换后的MAC地址进行报文的上报处理;存储单元,设置为存储所述源MAC地址与替换后的MAC地址的对应关系;第二处理单元,设置为依据所述对应关系,将所述替换后的MAC地址替换为所述源MAC地址进行报文的下行处理。Preferably, the processing module includes: a first processing unit, configured to: after the source MAC address of the packet is replaced by using a MAC address in the address pool, report the packet according to the replaced MAC address a storage unit configured to store a correspondence between the source MAC address and the replaced MAC address; the second processing unit is configured to replace the replaced MAC address with the source MAC according to the correspondence The address performs downlink processing of the packet.
优选地,该装置还包括:判断模块,设置为判断所述地址池中的MAC地址预设的老化时间是否到期;释放模块,设置为在所述判断模块的判断结果为是的情况下,释放所述地址池中的老化时间到期的MAC地址。Preferably, the device further includes: a determining module, configured to determine whether an aging time preset by the MAC address in the address pool expires; and releasing the module, if the determining result of the determining module is yes, Release the MAC address of the address pool whose aging time expires.
根据本发明的还一方面,提供了一种宽带接入设备,包括上述任一项所述的装置。According to still another aspect of the present invention, a broadband access device is provided, comprising the apparatus of any of the above.
通过本发明,采用配置用于进行报文转发的地址池,其中,所述地址池中存储有MAC地址,所述MAC地址包括预留MAC地址和/或一个或多个对报文进行转发后回收的所述报文的源MAC地址;依据所述地址池中的所述预留MAC地址和/或所述报文的源MAC地址进行报文转发处理,解决了相关技术中,存在对预留MAC地址需求大,而对于预留的MAC地址可能用户并不会用到,从而导致资源浪费的问题,进而达到了有效减少预留MAC地址,保证用户信息安全的效果。The address pool configured for packet forwarding is configured by the present invention, wherein the address pool stores a MAC address, where the MAC address includes a reserved MAC address and/or one or more packets are forwarded. Deleting the source MAC address of the packet; performing packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet, and solving the related technology The MAC address requirement is large, and the reserved MAC address may not be used by the user, thereby causing waste of resources, thereby achieving the effect of effectively reducing the reserved MAC address and ensuring the security of the user information.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是根据本发明实施例的报文转发处理方法的流程图;FIG. 1 is a flowchart of a packet forwarding processing method according to an embodiment of the present invention; FIG.
图2是根据本发明实施例的报文转发处理装置的结构框图;2 is a structural block diagram of a message forwarding processing apparatus according to an embodiment of the present invention;
图3是根据本发明实施例的报文转发处理装置中配置模块22的优选结构框图;3 is a block diagram showing a preferred structure of a configuration module 22 in a message forwarding processing apparatus according to an embodiment of the present invention;
图4是根据本发明实施例的报文转发处理装置中处理模块24的优选结构框图一;4 is a block diagram 1 of a preferred structure of a processing module 24 in a message forwarding processing apparatus according to an embodiment of the present invention;
图5是根据本发明实施例的报文转发处理装置中处理模块24的优选结构框图二;FIG. 5 is a second structural block diagram of a processing module 24 in a message forwarding processing apparatus according to an embodiment of the present invention;
图6是根据本发明实施例的报文转发处理装置的优选结构框图;FIG. 6 is a block diagram showing a preferred structure of a message forwarding processing apparatus according to an embodiment of the present invention; FIG.
图7是根据本发明实施例的宽带接入设备的结构框图; 7 is a structural block diagram of a broadband access device according to an embodiment of the present invention;
图8是根据本发明优选实施方式的虚拟MAC部署示意图;FIG. 8 is a schematic diagram of virtual MAC deployment according to a preferred embodiment of the present invention; FIG.
图9是根据本发明优选实施方式的虚拟MAC进行报文转发的流程图。9 is a flow chart of packet forwarding by a virtual MAC according to a preferred embodiment of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
在本实施例中提供了一种报文转发处理方法,图1是根据本发明实施例的报文转发处理方法的流程图,如图1所示,该流程包括如下步骤:In this embodiment, a packet forwarding processing method is provided. FIG. 1 is a flowchart of a packet forwarding processing method according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
步骤S102,配置用于进行报文转发的地址池,其中,该地址池中存储有MAC地址,该MAC地址包括预留MAC地址和/或一个或多个对报文进行转发后回收的报文的源MAC地址;Step S102, configuring an address pool for packet forwarding, where the address pool stores a MAC address, where the MAC address includes a reserved MAC address and/or one or more packets that are retransmitted after forwarding the packet. Source MAC address;
步骤S104,依据地址池中的预留MAC地址和/或报文的源MAC地址进行报文转发处理。Step S104: Perform packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet.
通过上述步骤,依据预留MAC地址和/或回收的源MAC地址来进行报文转发处理,相对于相关技术中,事前对各种设备进行保留MAC地址规划,存在对预留MAC地址需求大,而对于预留的MAC地址可能用户并不会用到,从而导致资源浪费的问题,采用上述处理,能够有效地解决上述问题,进而达到有效减少预留MAC地址,保证用户信息安全的效果。Through the foregoing steps, the packet forwarding process is performed according to the reserved MAC address and/or the reclaimed source MAC address. Compared with the related art, the reserved MAC address planning is performed on various devices in advance, and there is a large demand for the reserved MAC address. The reserved MAC address may not be used by the user, which may result in waste of resources. The above processing can effectively solve the above problem, thereby effectively reducing the reserved MAC address and ensuring the security of the user information.
配置用于进行报文转发的地址池包括多种处理,例如,可以直接预留MAC地址,较佳地可以只预留一个MAC地址,当然根据需要也可以预留多个MAC地址;又例如,还可以采用回收进行报文转发处理后的源MAC地址的方式,可以采用以下处理:在采用地址池中的MAC地址对报文的源MAC地址进行替换后,判断源MAC地址是否为可信的MAC地址;在判断结果为是的情况下,将源MAC地址添加到地址池中。The address pool configured for packet forwarding includes multiple processing. For example, the MAC address can be directly reserved. Preferably, only one MAC address can be reserved. Of course, multiple MAC addresses can be reserved as needed. For example, The method of recovering the source MAC address of the packet forwarding process may be adopted. The following processing may be adopted: after the source MAC address of the packet is replaced by the MAC address in the address pool, it is determined whether the source MAC address is trusted. MAC address; if the judgment result is yes, the source MAC address is added to the address pool.
在依据地址池中的预留MAC地址和/或报文的源MAC地址进行报文转发处理时,为了尽量减少对预留MAC地址的需求,可以优先采用回收MAC地址进行报文的转发,例如,先判断地址池中是否存在回收的源MAC地址;在判断结果为是的情况下,将接收到的将要进行转发的报文的MAC地址替换为源MAC地址进行报文转发。In the case of packet forwarding processing based on the reserved MAC address and/or the source MAC address of the packet in the address pool, in order to minimize the need for the reserved MAC address, the packet can be forwarded by using the reclaimed MAC address. For example, If the result of the determination is yes, the received MAC address of the packet to be forwarded is replaced with the source MAC address for packet forwarding.
在依据地址池中的预留MAC地址和/或报文的源MAC地址进行报文转发处理时,为了提供对报文的处理效率,可以对替换MAC地址之间的对应关系进行存储,即在 采用地址池中的MAC地址对报文的源MAC地址进行替换后,依据替换后的MAC地址进行报文的上报处理;存储源MAC地址与替换后的MAC地址的对应关系;依据对应关系,将替换后的MAC地址替换为源MAC地址进行报文的下行处理。When the packet forwarding process is performed according to the reserved MAC address in the address pool and/or the source MAC address of the packet, the correspondence between the replacement MAC addresses may be stored in order to provide the processing efficiency of the packet. After the source MAC address of the packet is replaced by the MAC address in the address pool, the packet is processed according to the replaced MAC address; the correspondence between the source MAC address and the replaced MAC address is stored; The replaced MAC address is replaced with the source MAC address for downlink processing of the packet.
为了优化资源的使用,在配置用于进行报文转发的地址池之后,还可以对长期不使用的MAC地址进行老化处理,例如,可以采用以下方式:先判断地址池中的MAC地址预设的老化时间是否到期;在判断结果为是的情况下,释放地址池中的老化时间到期的MAC地址。需要说明的是,在对MAC地址进行释放后,如果用户再次进行业务流程需要替换MAC地址时,为了保护信息的安全,可以从预留的MAC地址中随机分配。To optimize the use of the resource, you can also perform the aging process on the MAC address that is not used for the long-term use. For example, you can determine the MAC address in the address pool. Whether the aging time expires; if the judgment result is yes, the MAC address of the aging time expired in the address pool is released. It should be noted that, after the MAC address is released, if the user needs to replace the MAC address when performing the service process again, in order to protect the security of the information, the user may randomly allocate the reserved MAC address.
在本实施例中还提供了一种报文转发处理装置,该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In this embodiment, a message forwarding processing device is also provided, which is used to implement the foregoing embodiments and preferred embodiments, and has not been described again. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图2是根据本发明实施例的报文转发处理装置的结构框图,如图2所示,该装置包括配置模块22和处理模块24,下面对该装置进行说明。2 is a structural block diagram of a message forwarding processing apparatus according to an embodiment of the present invention. As shown in FIG. 2, the apparatus includes a configuration module 22 and a processing module 24. The apparatus will be described below.
配置模块22,设置为配置用于进行报文转发的地址池,其中,地址池中存储有MAC地址,MAC地址包括预留MAC地址和/或一个或多个对报文进行转发后回收的报文的源MAC地址;处理模块24,连接到上述配置模块22,设置为依据地址池中的预留MAC地址和/或报文的源MAC地址进行报文转发处理。The configuration module 22 is configured to configure an address pool for packet forwarding, where the address pool stores a MAC address, and the MAC address includes a reserved MAC address and/or one or more packets that are retransmitted after forwarding the packet. The source MAC address of the file; the processing module 24 is connected to the configuration module 22, and configured to perform packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet.
图3是根据本发明实施例的报文转发处理装置中配置模块22的优选结构框图,如图3所示,该配置模块22包括第一判断单元32和添加单元34,下面对该配置模块22进行说明。FIG. 3 is a block diagram showing a preferred structure of the configuration module 22 in the message forwarding processing apparatus according to the embodiment of the present invention. As shown in FIG. 3, the configuration module 22 includes a first determining unit 32 and an adding unit 34. 22 for explanation.
第一判断单元32,设置为在采用地址池中的MAC地址对报文的源MAC地址进行替换后,判断源MAC地址是否为可信的MAC地址;添加单元34,连接至上述第一判断单元32,设置为在第一判断单元的判断结果为是的情况下,将源MAC地址添加到地址池中。The first determining unit 32 is configured to determine whether the source MAC address is a trusted MAC address after replacing the source MAC address of the packet by using the MAC address in the address pool, and adding the unit 34 to the first determining unit. 32. Set to add the source MAC address to the address pool if the determination result of the first determining unit is YES.
图4是根据本发明实施例的报文转发处理装置中处理模块24的优选结构框图一,如图4所示,该处理模块24包括:第二判断单元42和第一转发单元44,下面对该处理模块24进行说明。 FIG. 4 is a block diagram of a preferred structure of the processing module 24 in the message forwarding processing apparatus according to the embodiment of the present invention. As shown in FIG. 4, the processing module 24 includes: a second determining unit 42 and a first forwarding unit 44. The processing module 24 will be described.
第二判断单元42,设置为判断地址池中是否存在回收的源MAC地址;第一转发单元44,连接至上述第二判断单元42,设置为在第二判断单元的判断结果为是的情况下,将接收到的将要进行转发的报文的MAC地址替换为源MAC地址进行报文转发。The second determining unit 42 is configured to determine whether there is a recovered source MAC address in the address pool; the first forwarding unit 44 is connected to the second determining unit 42 and is set to be in the case that the determination result of the second determining unit is YES. The MAC address of the received packet to be forwarded is replaced with the source MAC address for packet forwarding.
图5是根据本发明实施例的报文转发处理装置中处理模块24的优选结构框图二,如图5所示,该处理模块24包括:第一处理单元52、存储单元54和第二处理单元56,下面对该装置进行说明。FIG. 5 is a block diagram of a preferred structure of the processing module 24 in the packet forwarding processing apparatus according to the embodiment of the present invention. As shown in FIG. 5, the processing module 24 includes: a first processing unit 52, a storage unit 54, and a second processing unit. 56. The device will be described below.
第一处理单元52,设置为在采用地址池中的MAC地址对报文的源MAC地址进行替换后,依据替换后的MAC地址进行报文的上报处理;存储单元54,连接至上述第一处理单元52,设置为存储源MAC地址与替换后的MAC地址的对应关系;第二处理单元56,连接至上述存储单元54,设置为依据对应关系,将替换后的MAC地址替换为源MAC地址进行报文的下行处理。The first processing unit 52 is configured to perform the report processing of the packet according to the replaced MAC address after the source MAC address of the packet is replaced by the MAC address in the address pool, and the storage unit 54 is connected to the first processing. The unit 52 is configured to store the correspondence between the source MAC address and the replaced MAC address. The second processing unit 56 is connected to the storage unit 54 and is configured to replace the replaced MAC address with the source MAC address according to the correspondence. Downstream processing of the message.
图6是根据本发明实施例的报文转发处理装置的优选结构框图,如图6所示,该装置还除包括图2所示的所有结构外,还包括判断模块62和释放模块64,下面对该优选结构进行说明。FIG. 6 is a block diagram of a preferred structure of a message forwarding processing apparatus according to an embodiment of the present invention. As shown in FIG. 6, the apparatus further includes a determining module 62 and a releasing module 64, in addition to all the structures shown in FIG. This preferred structure will be described.
判断模块62,连接至上述配置模块22,设置为判断地址池中的MAC地址预设的老化时间是否到期;释放模块64,连接至上述判断模块62和处理模块24,设置为在判断模块的判断结果为是的情况下,释放地址池中的老化时间到期的MAC地址。The determining module 62 is connected to the configuration module 22, and is configured to determine whether the preset aging time of the MAC address in the address pool expires; the releasing module 64 is connected to the determining module 62 and the processing module 24, and is configured to be in the determining module. If the judgment result is yes, the MAC address whose aging time expires in the address pool is released.
图7是根据本发明实施例的宽带接入设备的结构框图,如图7所示,该宽带接入设备70包括上述任一项的报文转发处理装置72。FIG. 7 is a structural block diagram of a broadband access device according to an embodiment of the present invention. As shown in FIG. 7, the broadband access device 70 includes the packet forwarding processing device 72 of any of the above.
基于相关技术中的上述问题,在本实施例中,提供了一种在以太网或者相关网络上实现虚拟MAC(virtual MAC)的方法,能够有效减少对MAC地址的需求。Based on the above problems in the related art, in the present embodiment, a method for implementing a virtual MAC (DHCP) on an Ethernet or related network is provided, which can effectively reduce the demand for a MAC address.
该方案主要是针对开启virtual MAC功能的设备,将已经分配了新MAC的端口的源MAC回收利用。该MAC地址回收利用的实现方式如下:系统配置一个保留的MAC地址池,理论上该地址池只需要预先保留一个MAC地址,该MAC地址需要进行预先规划,以免跟其他设备或者实际用户冲突。实际使用中,为了防止部分用户使用非法地址或者为了保护部分用户,可以按照需求多配置MAC到MAC地址池中。The solution is mainly for the device that starts the virtual MAC function, and recycles the source MAC of the port to which the new MAC has been allocated. The implementation of the MAC address recycling is as follows: The system configures a reserved MAC address pool. In theory, the address pool only needs to reserve a MAC address in advance. The MAC address needs to be pre-planned to avoid conflicts with other devices or actual users. In actual use, in order to prevent some users from using illegal addresses or to protect some users, you can configure the MAC to MAC address pool as required.
在virtual MAC功能使能后,系统截取用户上行报文,判断用户报文MAC地址是否进行过替换,若需要替换,则从MAC池中分配一个地址给该用户用于与其他用户通讯,并将后面所有报文源MAC都替换为分配的MAC地址,检查用户原MAC地址 是否冲突或者是否为不可信MAC地址,所谓冲突是指用户MAC与已经存在业务的用户MAC地址相同,不冲突并可信的情况下将用户原MAC放入到MAC地址池作为新的地址分配。After the virtual MAC function is enabled, the system intercepts the user's uplink packet and determines whether the MAC address of the user packet has been replaced. If it needs to be replaced, an address is allocated from the MAC pool to the user for communication with other users. All subsequent source MAC addresses are replaced with the assigned MAC addresses. Check the user's original MAC address. Whether it is a conflict or whether it is an untrusted MAC address. The so-called conflict means that the user MAC is the same as the MAC address of the user who already has the service. If the user MAC address is not conflicting and trusted, the original MAC address of the user is put into the MAC address pool as a new address allocation.
需要说明的是,地址的老化则按照正常老化进行,在对所谓的用户virtual MAC老化时候,若用户MAC地址没有被分配,则直接从地址池删除,若已经被分配,则标记该MAC地址,在其使用用户老化时候释放。另外,用户MAC在被放入地址池也需要判断是否已经存在于地址池中,若存在,只需要更新状态,清除需要释放的标志即可。It should be noted that the aging of the address is performed according to the normal aging. When the so-called virtual MAC aging of the user, if the user MAC address is not allocated, it is directly deleted from the address pool, and if it has been assigned, the MAC address is marked. Released when the user is aging. In addition, if the user MAC is placed in the address pool, it needs to determine whether it already exists in the address pool. If it exists, it only needs to update the status and clear the flag to be released.
通过上述实施例及优选实施方式,有效减少了开启virtual MAC功能后对预留MAC地址的需求,并且也能够保护用户数据信息安全。Through the above embodiments and the preferred embodiments, the requirement for the reserved MAC address after the virtual MAC function is enabled is effectively reduced, and the security of the user data information can also be protected.
下面结合附图对本发明优选实施方式进行说明。Preferred embodiments of the present invention will now be described with reference to the accompanying drawings.
图8是根据本发明优选实施方式的虚拟MAC部署示意图,如图8所示,每个实现(虚拟MAC)virtual MAC的设备必须有一个MAC地址池,该地址池用于对第一个用户以及不可信用户的MAC地址替换,另外地址池还需要保存替换后能够供其他用户使用的MAC地址。8 is a schematic diagram of virtual MAC deployment according to a preferred embodiment of the present invention. As shown in FIG. 8, each device implementing a virtual MAC virtual MAC address must have a MAC address pool for the first user and The MAC address of the untrusted user is replaced. In addition, the address pool needs to save the MAC address that can be used by other users after replacement.
对于某些特殊MAC地址,若该MAC地址实际已经存在于其他用户使用中,或者系统管理者不希望将该用户MAC地址暴露给其他设备,都可以将该MAC地址设置为不可信MAC地址,系统将不会回收此类MAC地址,但是仍然会在开启virtual MAC功能后进行替换该用户MAC。For some special MAC addresses, if the MAC address actually exists in other users, or the system administrator does not want to expose the user MAC address to other devices, the MAC address can be set as an untrusted MAC address. Such a MAC address will not be reclaimed, but the user MAC will still be replaced after the virtual MAC function is turned on.
Virtual MAC使能后,对用户流的上下行需要分开处理。After the Virtual MAC is enabled, the uplink and downlink of the user stream need to be processed separately.
图9是根据本发明优选实施方式的虚拟MAC进行报文转发的流程图,如图9所示,该流程包括如下步骤:FIG. 9 is a flowchart of packet forwarding by a virtual MAC according to a preferred embodiment of the present invention. As shown in FIG. 9, the process includes the following steps:
步骤S902,接收到用户上行数据;Step S902, receiving user uplink data;
步骤S904,对报文对应的用户MAC地址进行检测,在检测到冲突的情况下,进入步骤S906,否则进入步骤S910;Step S904, detecting the user MAC address corresponding to the message, if a conflict is detected, proceeding to step S906, otherwise proceeding to step S910;
步骤S906,判断该用户MAC地址是否可信?在判断结果为是的情况下,进入步骤S908,否则进入步骤S910;Step S906, determining whether the user MAC address is trusted? If the result of the determination is yes, proceed to step S908, otherwise proceed to step S910;
步骤S908,对源地址进行回收,存放入地址池; Step S908, the source address is recovered and stored in the address pool;
步骤S910,分配预留的新地址;Step S910, allocating a reserved new address;
步骤S912,提交系统交换与其他业务处理。In step S912, the system exchange and other service processing are submitted.
结合上述处理流程,下面对各个步骤中的优选处理方式进行说明:系统使用开关控制用户是否启用virtual MAC功能,在开启的情况下,在用户上行流中,在用户进入系统交换处理前,先对用户上报的用户MAC进行检测,进行上行MAC替换,其替换规则为从MAC地址池中优先使用其他用户回收的MAC,以节省系统的保留MAC,MAC地址池中无回收的地址情况下则使用系统保留MAC地址。对于可信的MAC地址,则回收该MAC地址进入地址池供下一个virtual MAC用户使用。非可信MAC地址则不予保留,直接丢弃。然后将用户流交换给系统处理,并保留用户原MAC与替换后MAC的对应关系图。替换后的用户流按照正常流程进行转发处理。对于系统识别为已经替换的MAC地址,则直接交给交换与业务进行处理,不再需要参入上行virtual MAC处理过程,以加快系统交换与业务处理效率。In combination with the above processing flow, the preferred processing manners in each step are described below: the system uses a switch to control whether the user enables the virtual MAC function, and in the case of the opening, in the user upstream, before the user enters the system switching process, The user MAC address reported by the user is detected and the uplink MAC address is replaced. The replacement rule is to preferentially use the MAC address reclaimed by other users from the MAC address pool to save the reserved MAC address of the system. If the MAC address pool has no reclaimed address, the port is used. The system reserves the MAC address. For a trusted MAC address, the MAC address is reclaimed into the address pool for use by the next virtual MAC user. Untrusted MAC addresses are not reserved and are discarded directly. The user stream is then exchanged for system processing, and the correspondence diagram between the user's original MAC and the replaced MAC is retained. The replaced user stream is forwarded according to the normal process. For the MAC address that the system recognizes as being replaced, it is directly handed over to the switch and the service for processing. It is no longer necessary to participate in the uplink virtual MAC processing process to speed up system switching and service processing efficiency.
在下行处理中,为了保证用户设备能够正常识别,必须将用户使用的virtual MAC替换回原来的MAC,只要识别为已替换的virtual MAC用户,在发送到下行用户前,根据保存的用户原MAC与virtual MAC对应关系,将MAC地址替换为用户原MAC。In the downlink processing, in order to ensure that the user equipment can be recognized normally, the virtual MAC used by the user must be replaced with the original MAC, as long as it is identified as the replaced virtual MAC user, before being sent to the downlink user, according to the saved original MAC address of the user. The virtual MAC correspondence replaces the MAC address with the original MAC address of the user.
用户原MAC与替换MAC对应关系只有在系统老化时间到期后消除,或者系统管理员强制对该用户进行释放处理。所谓用户MAC地址老化是指用户长时间没有流量,系统对该用户占用资源进行释放。释放后,若用户再一次进入系统进入业务流程,需要进行MAC地址替换时候,为了保证用户信息安全,系统推荐替换的virtual MAC地址为新的根据保留MAC地址池随机分配,而不是上次分配的MAC地址。The correspondence between the original MAC address and the replacement MAC address of the user is only removed after the system aging time expires, or the system administrator forcibly releases the user. The so-called user MAC address aging means that the user has no traffic for a long time, and the system releases the resources occupied by the user. After the release, if the user enters the system again to enter the service process and needs to replace the MAC address, in order to ensure the security of the user information, the system recommends that the replaced virtual MAC address be randomly allocated according to the reserved MAC address pool instead of the last allocation. MAC address.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性Industrial applicability
如上所述,通过上述实施例及优选实施方式,解决了相关技术中,存在对预留MAC地址需求大,而对于预留的MAC地址可能用户并不会用到,从而导致资源浪费的问题,进而达到了有效减少预留MAC地址,保证用户信息安全的效果。 As described above, through the foregoing embodiments and the preferred embodiments, the related art has a problem that the reserved MAC address is required to be large, and the reserved MAC address may not be used by the user, thereby causing waste of resources. In addition, the effect of effectively reducing the reserved MAC address and ensuring the security of the user information is achieved.

Claims (11)

  1. 一种报文转发处理方法,包括:A packet forwarding processing method includes:
    配置用于进行报文转发的地址池,其中,所述地址池中存储有MAC地址,所述MAC地址包括预留MAC地址和/或一个或多个对报文进行转发后回收的所述报文的源MAC地址;Configuring an address pool for packet forwarding, where the address pool stores a MAC address, where the MAC address includes a reserved MAC address and/or one or more packets that are recovered after forwarding the packet. Source MAC address of the text;
    依据所述地址池中的所述预留MAC地址和/或所述报文的源MAC地址进行报文转发处理。And performing packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet.
  2. 根据权利要求1所述的方法,其中,配置用于进行报文转发的所述地址池包括:The method of claim 1, wherein the configuring the address pool for packet forwarding comprises:
    在采用地址池中的MAC地址对所述报文的源MAC地址进行替换后,判断所述源MAC地址是否为可信的MAC地址;After the source MAC address of the packet is replaced by using the MAC address in the address pool, it is determined whether the source MAC address is a trusted MAC address.
    在判断结果为是的情况下,将所述源MAC地址添加到所述地址池中。In the case where the determination result is yes, the source MAC address is added to the address pool.
  3. 根据权利要求1所述的方法,其中,依据所述地址池中的所述预留MAC地址和/或所述报文的源MAC地址进行报文转发处理包括:The method of claim 1, wherein the packet forwarding process according to the reserved MAC address in the address pool and/or the source MAC address of the packet includes:
    判断所述地址池中是否存在回收的所述源MAC地址;Determining whether the recovered source MAC address exists in the address pool;
    在判断结果为是的情况下,将接收到的将要进行转发的报文的MAC地址替换为所述源MAC地址进行报文转发。If the result of the determination is yes, the received MAC address of the packet to be forwarded is replaced with the source MAC address for packet forwarding.
  4. 根据权利要求1所述的方法,其中,依据所述地址池中的所述预留MAC地址和/或所述报文的源MAC地址进行报文转发处理包括:The method of claim 1, wherein the packet forwarding process according to the reserved MAC address in the address pool and/or the source MAC address of the packet includes:
    在采用地址池中的MAC地址对所述报文的源MAC地址进行替换后,依据所述替换后的MAC地址进行报文的上报处理;After the source MAC address of the packet is replaced by the MAC address in the address pool, the packet is processed according to the replaced MAC address.
    存储所述源MAC地址与替换后的MAC地址的对应关系;And storing a correspondence between the source MAC address and the replaced MAC address;
    依据所述对应关系,将所述替换后的MAC地址替换为所述源MAC地址进行报文的下行处理。And performing the downlink processing of the packet by replacing the replaced MAC address with the source MAC address.
  5. 根据权利要求1至4中任一项所述的方法,其中,在配置用于进行报文转发的所述地址池之后,还包括:The method according to any one of claims 1 to 4, further comprising: after configuring the address pool for performing packet forwarding, further comprising:
    判断所述地址池中的MAC地址预设的老化时间是否到期; Determining whether the preset aging time of the MAC address in the address pool expires;
    在判断结果为是的情况下,释放所述地址池中的老化时间到期的MAC地址。If the result of the determination is yes, the MAC address in the address pool whose aging time expires is released.
  6. 一种报文转发处理装置,包括:A packet forwarding processing apparatus includes:
    配置模块,设置为配置用于进行报文转发的地址池,其中,所述地址池中存储有MAC地址,所述MAC地址包括预留MAC地址和/或一个或多个对报文进行转发后回收的所述报文的源MAC地址;The configuration module is configured to configure an address pool for packet forwarding, where the address pool stores a MAC address, where the MAC address includes a reserved MAC address and/or one or more packets are forwarded. Source MAC address of the recovered message;
    处理模块,设置为依据所述地址池中的所述预留MAC地址和/或所述报文的源MAC地址进行报文转发处理。The processing module is configured to perform packet forwarding processing according to the reserved MAC address in the address pool and/or the source MAC address of the packet.
  7. 根据权利要求6所述的装置,其中,所述配置模块包括:The apparatus of claim 6 wherein said configuration module comprises:
    第一判断单元,设置为在采用地址池中的MAC地址对所述报文的源MAC地址进行替换后,判断所述源MAC地址是否为可信的MAC地址;The first determining unit is configured to determine whether the source MAC address is a trusted MAC address after replacing the source MAC address of the packet by using a MAC address in the address pool;
    添加单元,设置为在所述第一判断单元的判断结果为是的情况下,将所述源MAC地址添加到所述地址池中。The adding unit is configured to add the source MAC address to the address pool if the determination result of the first determining unit is YES.
  8. 根据权利要求6所述的装置,其中,所述处理模块包括:The apparatus of claim 6 wherein said processing module comprises:
    第二判断单元,设置为判断所述地址池中是否存在回收的所述源MAC地址;a second determining unit, configured to determine whether the recovered source MAC address exists in the address pool;
    第一转发单元,设置为在所述第二判断单元的判断结果为是的情况下,将接收到的将要进行转发的报文的MAC地址替换为所述源MAC地址进行报文转发。The first forwarding unit is configured to replace the received MAC address of the packet to be forwarded with the source MAC address for packet forwarding if the determination result of the second determining unit is YES.
  9. 根据权利要求6所述的装置,其中,所述处理模块包括:The apparatus of claim 6 wherein said processing module comprises:
    第一处理单元,设置为在采用地址池中的MAC地址对所述报文的源MAC地址进行替换后,依据所述替换后的MAC地址进行报文的上报处理;The first processing unit is configured to perform the report processing of the packet according to the replaced MAC address after the source MAC address of the packet is replaced by using the MAC address in the address pool;
    存储单元,设置为存储所述源MAC地址与替换后的MAC地址的对应关系;a storage unit, configured to store a correspondence between the source MAC address and the replaced MAC address;
    第二处理单元,设置为依据所述对应关系,将所述替换后的MAC地址替换为所述源MAC地址进行报文的下行处理。The second processing unit is configured to perform the downlink processing of the packet by replacing the replaced MAC address with the source MAC address according to the correspondence.
  10. 根据权利要求6至9中任一项所述的装置,其中,还包括: The apparatus according to any one of claims 6 to 9, further comprising:
    判断模块,设置为判断所述地址池中的MAC地址预设的老化时间是否到期;The determining module is configured to determine whether an aging time preset by the MAC address in the address pool expires;
    释放模块,设置为在所述判断模块的判断结果为是的情况下,释放所述地址池中的老化时间到期的MAC地址。And releasing the module, configured to release the MAC address of the address pool in which the aging time expires if the judgment result of the determining module is yes.
  11. 一种宽带接入设备,包括权利要求6至10中任一项所述的装置。 A broadband access device comprising the apparatus of any one of claims 6 to 10.
PCT/CN2014/089243 2014-07-25 2014-10-23 Packet forwarding and processing method and device, and broadband access device WO2015117400A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410361558.2A CN105282032A (en) 2014-07-25 2014-07-25 Message forwarding processing method, device and broadband access equipment
CN201410361558.2 2014-07-25

Publications (1)

Publication Number Publication Date
WO2015117400A1 true WO2015117400A1 (en) 2015-08-13

Family

ID=53777218

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/089243 WO2015117400A1 (en) 2014-07-25 2014-10-23 Packet forwarding and processing method and device, and broadband access device

Country Status (2)

Country Link
CN (1) CN105282032A (en)
WO (1) WO2015117400A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112787932B (en) * 2019-11-05 2022-09-02 华为技术有限公司 Method, device and system for generating forwarding information

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852329A (en) * 2005-10-21 2006-10-25 华为技术有限公司 Wireless LAN temporary media access control address dynamic allocation and recovery method
CN101453403A (en) * 2007-12-04 2009-06-10 华为技术有限公司 Label management method and apparatus in PBB-TE
CN101640616A (en) * 2009-09-08 2010-02-03 杭州华三通信技术有限公司 Method and device for recovering MAC address
CN103023827A (en) * 2012-11-23 2013-04-03 杭州华三通信技术有限公司 Data forwarding method for virtualized data centre and realization equipment of data forwarding method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127681B (en) * 2007-09-05 2011-01-19 杭州华三通信技术有限公司 Method and device for binding server MAC address with uplink port
EP2075959A1 (en) * 2007-12-27 2009-07-01 THOMSON Licensing Apparatus amd method for concurently accessing multiple wireless networks (WLAN/WPAN)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852329A (en) * 2005-10-21 2006-10-25 华为技术有限公司 Wireless LAN temporary media access control address dynamic allocation and recovery method
CN101453403A (en) * 2007-12-04 2009-06-10 华为技术有限公司 Label management method and apparatus in PBB-TE
CN101640616A (en) * 2009-09-08 2010-02-03 杭州华三通信技术有限公司 Method and device for recovering MAC address
CN103023827A (en) * 2012-11-23 2013-04-03 杭州华三通信技术有限公司 Data forwarding method for virtualized data centre and realization equipment of data forwarding method

Also Published As

Publication number Publication date
CN105282032A (en) 2016-01-27

Similar Documents

Publication Publication Date Title
US11863591B2 (en) On-demand security policy provisioning
US9331872B2 (en) Implementing PVLANs in a large-scale distributed virtual switch
EP3176979A1 (en) Information processing method and device
US20180123870A1 (en) Vnf failover method and apparatus
US10455412B2 (en) Method, apparatus, and system for migrating virtual network function instance
US9960923B2 (en) Handling of digital certificates
WO2015074396A1 (en) Automatic configuration method, device and system of software defined network
CN109842694B (en) Method for synchronizing MAC addresses, network equipment and computer readable storage medium
CN103763121A (en) Method and device for quickly issuing network configuration information
CN109428780B (en) Traffic monitoring scheduling method and device, server and storage medium
EP3091708B1 (en) Processing rule modification method and apparatus
JP2019515553A (en) Packet transmission
CN103701822A (en) Access control method
CN101325588A (en) Method for preventing network equipment from attacking and network equipment
CN109379239B (en) Method and device for configuring access switch in OpenStack environment
US10680930B2 (en) Method and apparatus for communication in virtual network
CN103986660B (en) The device of loading micro code and the method for loading micro code
WO2018161795A1 (en) Routing priority configuration method, device, and controller
CN105939262B (en) Label distribution method and device
WO2015117400A1 (en) Packet forwarding and processing method and device, and broadband access device
CN106209634B (en) Learning method and device of address mapping relation
CN108768861B (en) Method and device for sending service message
CN107124316B (en) Hardware based quick switching action implementation method in a kind of data communications equipment
CN104079679B (en) Realize the method that mac address table is consistent
CN112671811B (en) Network access method and equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14881654

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14881654

Country of ref document: EP

Kind code of ref document: A1