WO2017186069A1 - Procédé de transmission de données et dispositif de réseau - Google Patents

Procédé de transmission de données et dispositif de réseau Download PDF

Info

Publication number
WO2017186069A1
WO2017186069A1 PCT/CN2017/081552 CN2017081552W WO2017186069A1 WO 2017186069 A1 WO2017186069 A1 WO 2017186069A1 CN 2017081552 W CN2017081552 W CN 2017081552W WO 2017186069 A1 WO2017186069 A1 WO 2017186069A1
Authority
WO
WIPO (PCT)
Prior art keywords
home
packet
mac address
unicast
home terminal
Prior art date
Application number
PCT/CN2017/081552
Other languages
English (en)
Chinese (zh)
Inventor
李娟�
牛承光
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2017186069A1 publication Critical patent/WO2017186069A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/16Multipoint routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/66Layer 2 routing, e.g. in Ethernet based MAN's

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a data transmission method and a network device.
  • the virtual customer premise equipment is mainly used to support Layer 3 data forwarding, and the Layer 2 data forwarding function depends on hardware devices.
  • vCPE virtual customer premise equipment
  • VSPs value-added service platforms
  • VPN virtual private network
  • DLNA Digital Living Network Alliance
  • the interworking mode between the terminal and the VSP the terminal under the family can directly access the network, and different families can communicate with each other, which is easy to cause a network attack, and has certain security risks.
  • the embodiment of the invention provides a data transmission method and a network device, which can improve the security of the network.
  • the first aspect of the embodiment of the present invention discloses a data transmission method, which is applied to a virtual user premises equipment vCPE, and the vCPE supports a Layer 2 data forwarding function, including:
  • the first message includes a first home identity
  • the first home identity may be QinQ information
  • the QinQ information is used to indicate information of the first home (eg, physical location information);
  • the first packet is the first packet of the first home that matches the first home identifier, sending a home authentication request to the remote user dialing authentication server RADIUS;
  • the second packet is sent to the value-added service platform VSP server.
  • the vCPE can identify the first home by using the first home identifier. If the first packet is the first packet of the first home, the vCPE needs to The first home requests authentication, and if the first home authentication is passed, the message can be sent to the VSP server, so that the first home terminal can access the network, thereby improving network security.
  • the method further includes:
  • the multicast forwarding entry includes an association relationship between the multicast matching item and the at least two interfaces, where the multicast matching item includes the first home identity and the first home belonging First virtual private network VPN information, the at least two interfaces including an interface to the first home terminal and an interface to the VSP server, the multicast forwarding entry being used based on the first The multicast message of the family is forwarded.
  • sending the second packet to the value-added service platform VSP server includes:
  • the first destination MAC address is a multicast MAC address, determining that the packet forwarding manner of the second packet is based on the multicast forwarding of the first home;
  • the multicast packet can be accurately copied based on the home granularity to implement the multicast packet forwarding, which does not cause the multicast message to be forwarded across the home, thereby solving the problem.
  • network attacks between different families can be reduced, and network bandwidth can be saved.
  • the method further includes:
  • the VSP server Receiving, by the VSP server, a first response packet that is returned by the second packet, where the first response packet includes a second destination MAC address, the first home identifier, and the first VPN information;
  • the packet forwarding manner of the second response packet is determined to be based on the multicast forwarding of the first home;
  • the vCPE may identify the first home by using the first home identifier. For the first response packet returned by the VSP server, the vCPE may use the previously created multicast forwarding entry to perform multicast packet forwarding.
  • the method further includes:
  • first unicast forwarding entry includes an association relationship between the first unicast matching item and an interface to the first home terminal, where The first unicast matching item includes the first home identifier, the first virtual private network VPN information to which the first home belongs, and the MAC address of the first home terminal, where the first unicast forwarding entry is used. And forwarding the unicast message based on the first home terminal.
  • the method further includes:
  • the VSP server Receiving, by the VSP server, a second response packet that is returned by the second packet, where the second response packet includes a third destination MAC address, the first home identifier, and the first VPN information;
  • the third destination MAC address is the MAC address of the first home terminal, determining that the packet forwarding manner of the second response packet is based on the unicast packet forwarding of the first home terminal;
  • the vCPE may identify the first home by using the first home identifier, and after the vCPE creates the first unicast forwarding entry of the first home terminal, the vCPE may be used for the second response packet returned by the VSP server. Use the first unicast forwarding entry to forward unicast packets.
  • sending the second packet to the value-added service platform VSP server includes:
  • the fourth destination MAC address is the MAC address of the VSP server of the value-added service platform, determine that the packet forwarding mode of the second packet is based on the unicast packet forwarding of the VSP server;
  • the first home identifier and the interface associated with the first VPN information to the VSP server;
  • the vCPE may identify the first home by using the first home identifier, and the second packet sent by the first home terminal may use the pre-learned server unicast forwarding entry to perform unicast packet forwarding. .
  • the method further includes:
  • the third message includes a second home identity, a second virtual private network VPN information to which the second home that matches the second home identity belongs, and the second The MAC address of the home terminal; wherein, if the second home is consistent with the first home, the second VPN information is the same as the first VPN information; if the second home is inconsistent with the first home, the second VPN information and the first VPN information
  • the second home and the first home may be different in the same VPN.
  • the second VPN information may be different from the first VPN information. For example, the second home and the first home are respectively different. Two families located under two different VPNs.
  • the second unicast forwarding entry includes an association relationship between the second unicast matching item and an interface to the second home terminal, where The second unicast matching item includes the second home identifier, the second VPN information, and a MAC address of the second home terminal, where the second unicast forwarding entry is used to be based on the second home terminal Unicast message forwarding.
  • the first home terminal and the second home terminal may be the terminals in the same family.
  • the first home has been authenticated before. Therefore, after receiving the third packet sent by the second home terminal, the vCPE does not need to authenticate the second home to which the second home terminal belongs, and can directly create the third home. The second unicast forwarding entry of the second home terminal.
  • a second aspect of the embodiments of the present invention discloses a network device, where the network device includes a functional unit for performing some or all of the steps of any of the methods of the first aspect of the embodiments of the present invention.
  • the network device may be a physical remote broadband access server BRAS integrated with the virtual user premises equipment vCPE; or the network device may also be a physical device with a common hardware structure integrated with the virtual remote broadband access server vBRAS and vCPE. server.
  • the network device performs the function of the vCPE, and can improve the security of the network when performing some or all of the steps of any of the methods.
  • a third aspect of the embodiments of the present invention discloses a network device, including: a processor, a receiver, a transmitter, and a memory, the memory configured to store an instruction, the processor configured to run The instructions, the processor, execute the instructions to perform some or all of the steps of any of the methods of the first aspect of the embodiments of the present invention.
  • the network device can improve the security of the network when performing some or all of the steps of any of the methods.
  • a fourth aspect of the embodiments of the present invention discloses a computer storage medium, where the computer storage medium stores a program
  • the program specifically includes instructions for performing some or all of the steps of any of the methods of the first aspect of the embodiments of the present invention.
  • the vCPE may identify the first home by using the first home identifier, if the first packet is the first one of the first family.
  • the vCPE needs to request authentication for the first home. If the first home authentication is passed, the packet can be sent to the VSP server, so that the first home terminal can access the network, thereby improving network security.
  • FIG. 1 is a schematic diagram of a network architecture of a data transmission system according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a data transmission method according to an embodiment of the present invention.
  • FIG. 2.1 is a schematic structural diagram of a packet in a QinQ frame encapsulation format according to an embodiment of the present disclosure
  • FIG. 3 is a schematic structural diagram of a network device according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of another network device according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of another network device according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of another network device according to an embodiment of the present invention.
  • references to "an embodiment” herein mean that a particular feature, structure, or characteristic described in connection with the embodiments can be included in at least one embodiment of the invention.
  • the appearances of the phrases in various places in the specification are not necessarily referring to the same embodiments, and are not exclusive or alternative embodiments that are mutually exclusive. Those skilled in the art will understand and implicitly understand that the embodiments described herein can be combined with other embodiments.
  • the embodiment of the invention discloses a data transmission method and a network device, which can improve the security of the network. The details are described below separately.
  • FIG. 1 is a schematic diagram of a network architecture of a data transmission system according to an embodiment of the present invention.
  • the data transmission system may include: a home terminal, a virtual customer premise equipment (vCPE), and a value-added service platform (Value-added Service Platform, VSP) server.
  • vCPE virtual customer premise equipment
  • VSP value-added service platform
  • the home terminal and the VSP server can be added to the same virtual private network (VPN) based on the home granularity, and the home terminal and the VSP can be regarded as members of the family.
  • VPN virtual private network
  • the home terminal may include a Layer 2 CPE and a user terminal.
  • the Layer 2 CPE is a CPE device having a physical hardware structure.
  • the Layer 2 CPE has a Layer 2 bridge function and does not have Layer 3 and/or Layer 3 functions (such as routing). , firewall, NAT and other functions);
  • user terminals can include but are not limited to smart phones, laptops, personal computers (PCs), personal digital assistants (PDAs), mobile Internet devices (Mobile Internet devices, MID) ), smart wearable devices (such as smart watches, smart bracelets) and other electronic devices.
  • the vCPE is an application software that supports the Layer 2 data forwarding function.
  • the vCPE can also be an application software that supports Layer 2 data forwarding and supports Layer 3 and/or Layer 3 functions.
  • the vCPE can be integrated on a physical Broadband Remote Access Server (BRAS) or integrated with a virtual Broadband Remote Access Server (vBRAS) deployed on a physical server with a common hardware structure.
  • BRAS Broadband Remote Access Server
  • vBRAS virtual Broadband Remote Access Server
  • the vCPE can implement the original user management and data forwarding functions of the traditional CPE.
  • the vCPE identifies all user terminals connected to the same Layer 2 CPE as terminals in the same home, and accesses the network based on home authentication and charging.
  • the vCPE can identify the home by using the home identifier carried in the packet sent by the home terminal, and the home identifier can be the identity information of the home, for example, QinQ information, where the QinQ information is used to indicate the physical location information of the home, so the vCPE can Family terminals carrying the same family identity are considered to be the same family.
  • BRAS is a new access gateway for broadband network applications. It is located at the edge layer of the backbone network, which can complete the Internet Protocol (IP) and Asynchronous Transfer Mode (ATM).
  • IP Internet Protocol
  • ATM Asynchronous Transfer Mode
  • the data access of the network serves as an access layer device and a backbone network connected to a Digital Subscriber Line Access Multiplexer (DSLAM).
  • DSLAM Digital Subscriber Line Access Multiplexer
  • PPPoE point-to-point port to peer over Ethernet
  • the billing system cooperates with the customer management system and the service policy control system to implement the authentication, billing, and management functions of the user access.
  • the BRAS can be configured with multiple interfaces, such as a Trunk interface or a GE (Giga
  • the VSP server may include a diagnostic server of the operator and a service server that provides value-added services.
  • the diagnostic server is mainly used to detect the terminal status through operations such as address resolution protocols ARP, PING, and port scanning, thereby directly locating most of the terminal. Network failure; the business server can provide various resources in the cloud, such as: music, video, and so on.
  • the vCPE may receive the first packet sent by the first home terminal, and if the first packet is the first packet of the first home that matches the first home identifier, the vCPE may The remote user dialing authentication server RADIUS sends a home authentication request. Further, the vCPE can receive the home authentication success information returned by the RADIUS. If the second packet sent by the first home terminal is received, the vCPE can send the second report to the VSP server. Text. It can be seen that the implementation of the network architecture shown in FIG. 1 can implement the virtual switch function of the vCPE home user, and implement the second layer interworking between the home terminal and the VSP server. Meanwhile, when receiving the first packet of the first home, After the authentication of the first home is successful, the vCPE sends a message to the VSP server, so that the first home terminal can access the network, thereby improving network security.
  • the home terminal can directly play the cloud music and video, and does not need to install the APP application software, which can make it easier for the operator to deploy the value-added service and reduce the deployment cost of the new service. This can improve the simplicity of value-added service deployment.
  • the operator uses the diagnostic function provided by the diagnostic service server to detect the terminal status through operations such as address resolution protocols ARP, PING, and port scanning, thereby directly locating most network faults of the home terminal, thereby reducing network maintenance costs.
  • FIG. 1 may also include other devices, such as a remote user dial-up authentication server RADIUS.
  • RADIUS remote user dial-up authentication server
  • FIG. 2 is a schematic flowchart diagram of a data transmission method according to an embodiment of the present invention.
  • the data transmission method is written from multiple sides of the first home terminal, the vCPE, the RADIUS, and the VSP server, and the data transmission method may be based on the network architecture described in FIG. As shown in FIG. 2, the data transmission method may include the following steps.
  • the first home terminal sends the first packet to the vCPE.
  • the first home terminal may be a Layer 2 CPE
  • the Layer 2 CPE is a CPE device having a physical hardware structure.
  • the Layer 2 CPE has a Layer 2 bridge function and does not have Layer 3 and/or Layer 3 or higher. Function (such as routing, firewall, NAT, etc.); or the first home terminal may also be a user terminal, which may include, but is not limited to, a smart phone, a notebook computer, a personal computer (PC), a personal number Assistant (Personal Digital Assistant, PDA), Mobile Internet Device (MID), smart wearable devices (such as smart watches, smart bracelets) and other electronic devices.
  • PDA Personal Digital Assistant
  • MID Mobile Internet Device
  • smart wearable devices such as smart watches, smart bracelets
  • the first packet may include, but is not limited to, an Internet Protocol (IP) packet, an Address Resolution Protocol (ARP) packet, and a Neighbor Discovery (ND) packet.
  • IP Internet Protocol
  • ARP Address Resolution Protocol
  • ND Neighbor Discovery
  • the first message includes a first home identifier, where the first home identifier is used to uniquely represent identity information of the first home, such as: a first home ID, QinQ information of the first home, and the QinQ information is used to indicate that The physical location information of a family.
  • the first packet may further include VPN information and a destination MAC address.
  • the home ID and VPN information carried in the packets sent by the home terminal in the same home are the same.
  • the home identity carried by the first home terminal is the same as the home identity carried by the message sent by the VSP server, and the message sent by the first home terminal is the same.
  • the VPN information carried is the same as the VPN information carried in the packets sent by the VSP server.
  • the QinQ information is usually a Layer 2 virtual local area network (VLAN) information in the packet.
  • the QinQ adds a new 802.1Q VLAN tag header tag based on the traditional 802.1Q VLAN tag header tag.
  • FIG. 2.1 is a schematic diagram of a packet structure of a QinQ frame encapsulation format according to an embodiment of the present invention.
  • the packet includes the destination address (DA), source address (SA), two layers of 802.1Q tags, length/type Lengh/Type, data DATA, and frame check sequence (Frame Check). Sequence, FCS).
  • the two layers of 802.1Q tags carried in the packets are QinQ information.
  • the process of QinQ frame encapsulation is to convert a single layer 802.1Q tag data frame into a double layer 802.1Q tag data frame.
  • the QinQ information in the packet is sent when the Layer 2 CPE accesses the Layer 2 bearer network, and has information representing the physical location of the home.
  • the vCPE can determine whether it is the same according to whether the packet carries the same QinQ information. Messages under the same family. For example, all packets with an outer vlan of 1 and an inner vlan of 2 can be considered as packets of the same family.
  • the vCPE sends the RADIUS packet to the RADIUS server. Send a home authentication request.
  • the vCPE may identify, according to the first home identifier carried in the first packet, whether the first home that matches the first home identifier creates a multicast transition.
  • the publication item ie, the Layer 2 forwarding entry
  • the vCPE may determine that the first packet is the first packet of the first family.
  • the vCPE needs to send a home authentication request to the RADIUS.
  • the home authentication request may carry a home identifier (such as QinQ information) and interface information, where the interface information may be a trunk interface information, a GE interface information, or the like.
  • the RADIUS returns the home authentication success information to the vCPE.
  • the RADIUS may pre-store the home identity (such as QinQ information) and interface information of each home authorized by the operator.
  • the RADIUS server After receiving the home authentication request sent by the vCPE, the RADIUS server can determine whether the home identity is consistent with the pre-authorized home identity of the operator according to the home identity and the interface information carried in the home authentication request, and determine the interface information and the pre-authorization of the operator. If the interface information is the same, the home authentication succeeds. The RADIUS server can return the home authentication success information to the vCPE.
  • the vCPE can identify the first home by using the first home identifier. If the first packet is the first packet of the first home, the vCPE needs to The first home requests authentication, and if the first home authentication is passed, the message can be sent to the VSP server, so that the first home terminal can access the network, thereby improving network security.
  • the vCPE creates a multicast forwarding entry.
  • the vCPE may create a multicast forwarding entry, where the multicast forwarding entry includes a multicast match between the at least two interfaces on the vCPE.
  • the multicast matching item includes a first home identifier and first virtual private network VPN information to which the first home belongs, the at least two interfaces including an interface to the first home terminal and an interface to the VSP server,
  • the multicast forwarding entry is used to forward the multicast message based on the first home.
  • the at least two interfaces may be physical interfaces on the physical BRAS; if the vCPE and the vBRAS are integrated and deployed on a physical server having a general hardware structure, the at least two interfaces It can be a virtual interface on vBRAS, and the virtual interface on the vBRAS is mapped to the physical interface on the physical server.
  • Table 1 is a multicast forwarding entry disclosed in the embodiment of the present invention.
  • the multicast forwarding entry is a Layer 2 forwarding entry for the home.
  • the multicast matching item includes the VPN information and the QinQ information, wherein the VPN information is used to identify the virtual private network VPN where the home is located, and the QinQ information is used to identify the family. Generally, only one interface to the home terminal is used.
  • the number of interfaces to the VSP server is the number of VSP servers.
  • the table 1 can indicate the association between the multicast match and at least two interfaces on the vCPE.
  • the table 1 is used for home-based multicast packet forwarding. .
  • Table 1 can be maintained according to the home deployment table.
  • Table 2 is a home deployment entry disclosed in the embodiment of the present invention.
  • the QinQ information of each family is different.
  • the QinQ information of the home 1 is 1:1 (that is, the outer vlan is 1, the inner vlan is 1), and the QinQ information of the home 2 is 1:2, different VSPs.
  • Servers (such as VSP1 servers and VSP2 servers) have the same QinQ information for the same household (such as Home 1) and QinQ information for the home (such as Home 1).
  • the vCPE can forward packets based on the home granularity in the same VPN. For example, the message sent by the home terminal to the VSP server can be forwarded based on the multicast message of the home. In addition, the response message returned by the VSP server to the home terminal can also be forwarded based on the home.
  • multicast includes multicast and broadcast. If broadcasted by broadcast, the vCPE forwards the packet to all users in the VPN. Once the broadcast is sent, any device in the VPN (such as a home terminal or a VSP server) will receive the broadcasted message, that is, the broadcast message, regardless of whether they need it or not.
  • a broadcast message is a message/frame sent to all devices in the VPN.
  • the broadcast packet describes that the data of the destination MAC address is set to 1 in the broadcast packet, and is in the form of the MAC address ff-ff-ff-ff-ff.
  • the vCPE sends the packet only once, and the multicast routing tree is used to establish a multicast distribution tree for the multicast packet.
  • the transmitted packet is at the distance. Nodes that are as close as possible to the terminal begin to copy and distribute.
  • the destination address in the packet is usually a group of hosts. Only the multicast group can join the packets sent by the group.
  • the multicast packet describes the 8th bit of the destination MAC address in the multicast packet as 1.
  • the vCPE creates a first unicast forwarding entry of the first home terminal.
  • the vCPE may create a first unicast forwarding table for the first home terminal, where the first unicast forwarding entry includes an association between the first unicast matching item and an interface to the first home terminal.
  • the first unicast matching item includes a first home identifier, a first VPN information to which the first home belongs, and a MAC address of the first home terminal, where the first unicast forwarding entry is used for the unicast report based on the first home terminal. Text forwarding.
  • Table 3 is a unicast forwarding entry disclosed in the embodiment of the present invention.
  • the unicast forwarding entry is a Layer 2 forwarding entry for the home terminal.
  • the unicast match includes the VPN information, the QinQ information, and the MAC address of the home terminal.
  • the VPN information is used to identify the virtual private network VPN where the home to which the home terminal belongs.
  • the QinQ information is used to identify the home. There is only one interface to the home terminal.
  • This table 3 can represent the association relationship between the unicast match and the interface to the first home terminal.
  • step 204 and step 205 is not limited, and may be performed at the same time. Alternatively, execution 204 may be performed 205, or 205 may be performed 205.
  • the first home terminal sends a second packet to the vCPE.
  • the second message sent by the first home terminal to the vCPE is sent. It can be a service packet, such as a voice packet, a video packet, or a picture packet.
  • the second packet may include a first destination MAC address, a first home identifier, and first VPN information.
  • the vCPE determines that the packet forwarding manner of the second packet is based on the multicast forwarding of the first home.
  • the packet there are two main destination MAC addresses carried in the packet, the first being a unicast MAC address and the second being a multicast MAC address. If the destination MAC address carried in the packet is the address of a device (that is, the unicast MAC address), the packet needs to be forwarded unicast. If the destination MAC address carried in the packet is a multicast MAC address, Indicates that the packet needs to be forwarded by multicast.
  • the vCPE may determine the packet forwarding mode of the second packet according to the first destination MAC address carried in the second packet. For example, if the first destination MAC address is a unicast MAC address, the packet forwarding mode of the second packet is unicast packet forwarding; if the first destination MAC address is a multicast MAC address, the second packet is The packet forwarding mode is based on the multicast forwarding of the first home.
  • the unicast packet forwarding may be a unicast packet forwarding based on the home terminal, and may also be based on a unicast packet forwarding of the VSP server.
  • the multicast packet forwarding is usually a home-based multicast packet forwarding.
  • the vCPE obtains, from the multicast forwarding entry, an interface to the VSP server that is associated with the first home identifier and the first VPN information.
  • the vCPE may query multiple interfaces associated with the first home identifier and the first VPN information from the multicast forwarding entry (such as Table 1), and remove the inbound interface corresponding to the second packet from multiple interfaces ( That is, the interface of the home terminal through which the second packet passes is received, so that the vCPE can obtain the interface to the VSP server.
  • the multicast forwarding entry such as Table 1
  • the multiple interfaces queried by the vCPE are interface 1 to interface 10, where interface 1 is an interface to the home terminal, interface 2 to interface 10 are interfaces to the VSP server, and vCPE is received from interface 1.
  • the interface 1 can be understood as the inbound interface corresponding to the second packet.
  • the vCPE can remove the interface 1 from the interface 1 to the interface 10, and obtain the interface to the VSP server, that is, the interface 2 to the interface 10. .
  • the vCPE sends a second packet to the VSP server via an interface to the VSP server.
  • the home terminal and the VSP server are deployed in the same VPN.
  • the vCPE may perform the second message copy in the interface to the VSP server. For example, if the number of interfaces to the VSP server is n, the vCPE needs to copy the second packet (n-2) times. At this time, each interface to the VSP server obtains a second packet. . Further, the vCPE may perform a packet forwarding error by using a pruning optimization algorithm, that is, prune based on the home identifier (such as QinQ information) carried in the second packet, to prevent the second packet from being forwarded to other households. Among them, the "pruning optimization algorithm" is to avoid some unnecessary traversal process through some judgment.
  • the vCPE can send the second packet to the VSP server through the interface to the VSP server, so that the second packet sent by the first home terminal to the vCPE can be forwarded to the VSP server, and the first home terminal can access the network. It is.
  • the vCPE can accurately replicate the multicast packets based on the user granularity to implement multicast packet forwarding, and does not cause multicast packets to be forwarded across the home.
  • the problem that packets cannot be forwarded normally can also reduce network attacks between different families and save network bandwidth.
  • the VSP server sends a second response packet returned by the second packet to the vCPE.
  • the second response packet includes a third destination MAC address, a first home identifier, and first VPN information.
  • the vCPE determines that the packet forwarding manner of the second response packet is based on the unicast packet forwarding of the first home terminal.
  • the vCPE obtains, from the first unicast forwarding entry, an interface to the first home terminal that is associated with the MAC address of the first home terminal, the first home identity, and the first VPN information.
  • the vCPE sends a second response packet to the first home terminal by using an interface to the first home terminal.
  • the first home terminal sends a second packet to the vCPE, where the second packet includes a fourth destination MAC address, a first home identifier, and first VPN information.
  • the vCPE determines that the packet forwarding mode of the second packet is a unicast packet forwarding based on the VSP server.
  • the vCPE obtains an interface to the VSP server associated with the MAC address of the VSP server, the first home identifier, and the first VPN information from the pre-learned server unicast forwarding entry.
  • the vCPE sends the second packet to the VSP server via an interface to the VSP server.
  • the vCPE may learn the server interface corresponding to the MAC address of the VSP server based on the ARP protocol, and establish a server unicast forwarding entry.
  • Table 4 is a server unicast forwarding entry disclosed in the embodiment of the present invention.
  • the unicast forwarding entry of the server is a Layer 2 forwarding entry for the VSP server.
  • the unicast matching item includes the VPN information, the QinQ information, and the MAC address of the VSP server, where the VPN information is used to identify the virtual private network VPN where the home to which the VSP server belongs, and the QinQ information is used to identify the home.
  • This table 4 is used to indicate the association relationship between the unicast match and the interface to the VSP server.
  • the vCPE After the vCPE receives the second packet sent by the first home terminal, if the fourth destination MAC address is the MAC address of the VSP server, the vCPE can determine that the packet forwarding mode of the second packet is a unicast packet based on the VSP server. Forwarding, further, the vCPE can query the server unicast forwarding entry (such as Table 4) to obtain an interface to the VSP server associated with the VSP server's MAC address, the first home identity, and the first VPN information, and The interface to the VSP server sends a second packet to the VSP server, so that the first home terminal can access the network.
  • the server unicast forwarding entry such as Table 4
  • the VSP server sends a first response message for the second packet to the vCPE, where the first response message includes a second destination MAC address, a first home identifier, and first VPN information.
  • the vCPE determines that the packet forwarding manner of the second response packet is based on the multicast forwarding of the first home.
  • the vCPE obtains, from the multicast forwarding entry, an interface to the first home terminal that is associated with the first home identity and the first VPN information.
  • the vCPE sends a first response message to the first home terminal via the interface to the first home terminal.
  • the vCPE receives the first response packet returned by the VSP server for the second packet, and if the second destination MAC address is a multicast MAC address, the vCPE may determine the packet forwarding of the second response packet. Way is Multicast message forwarding based on the first home.
  • the vCPE may query multiple interfaces associated with the first home identifier and the first VPN information from the multicast forwarding entry (such as Table 1), and remove the inbound interface corresponding to the first response packet from multiple interfaces (ie, receive Up to the interface of the VSP server through which the first response message passes, so that the vCPE can obtain the interface to the first home terminal, and send the first response to the first home terminal via the interface to the first home terminal. Message.
  • the data transmission method may further include the following steps:
  • the second home terminal sends a third message to the vCPE, where the third message includes a second home identity, a second VPN information to which the second home matches the second home identity, and a MAC address of the second home terminal.
  • the vCPE determines whether the second home identity is consistent with the first home identity, and if yes, performs step 33), and if not, ends the process.
  • the vCPE determines to determine that the second family is consistent with the first family.
  • the second unicast forwarding entry includes an association between the second unicast matching item and an interface to the second home terminal
  • the second single The broadcast match includes a second home identity, a second VPN information, and a MAC address of the second home terminal, where the second unicast forwarding entry is used to forward the unicast message based on the second home terminal.
  • the vCPE may determine whether the second home identifier is consistent with the first home identifier, and if yes, the vCPE may determine the second home and the first If the family is consistent, it may indicate that the first home terminal and the second home terminal are terminals in the same family, and the first home to which the first home terminal belongs has been authenticated before, so at this time, the vCPE receives the second home terminal to send.
  • the second home terminal to which the second home terminal belongs is not required to be authenticated, and the vCPE may create a second unicast forwarding entry for the second home terminal, where the second unicast forwarding entry is
  • the specific form is similar to that of Table 3 and will not be described here.
  • the second VPN information is the same as the first VPN information.
  • the vCPE may determine that the second home is inconsistent with the first home, that is, the first home terminal and the second home terminal are two terminals in different families. At this time, the vCPE needs to send a home authentication request for the second home to the RADIUS. After the second home authentication succeeds, the second home terminal can communicate with the VSP server to access the network.
  • the second VPN information may be the same as the first VPN information, for example, the second home and the first home are two different families located under the same VPN, or The second VPN information may be different from the first VPN information. For example, the second home and the first home are two households located under two VPNs respectively.
  • the vCPE may receive the third response packet that is returned by the VSP server for the third packet, and further, the vCPE may determine the third response according to the destination MAC address carried by the third response packet. If the packet forwarding mode of the third response packet is the unicast packet forwarding based on the second home terminal, the vCPE may obtain the MAC address of the second home terminal from the second unicast forwarding entry. The interface, the second home identifier, and the interface connected to the second home terminal associated with the second VPN information, and sending the third response message to the second home terminal via the interface to the second home terminal.
  • the vCPE after receiving the first packet sent by the first home terminal, the vCPE needs to request the first home if the first packet is the first packet of the first home. Authentication, if the first home authentication is passed, the message can be sent to the VSP server, so that the first home terminal can access the network, thereby improving network security.
  • Figure 3 is A schematic diagram of a network device in the embodiment of the present invention, where the network device 300 performs the function of the virtual user premise device vCPE, and can be used to perform all or part of the steps in the data transmission method disclosed in FIG. Please refer to FIG. 2 for description, and details are not described herein again.
  • the network device 300 can include:
  • the receiving unit 301 is configured to receive a first packet from the first home terminal, where the first packet includes a first home identifier
  • the first sending unit 302 is configured to send a home authentication request to the remote user dialing authentication server RADIUS if the first packet is the first packet of the first home that matches the first home identifier;
  • the receiving unit 301 is further configured to receive the home authentication success information returned by the RADIUS;
  • the second sending unit 303 is configured to send the second packet to the value-added service platform VSP server if receiving the second packet from the first home terminal.
  • the network device 300 shown in FIG. 3 may further include:
  • the first creating unit 304 is configured to: after the receiving unit 301 receives the home authentication success information returned by the RADIUS, create a multicast forwarding entry, where the multicast forwarding entry includes a multicast matching item and at least two interfaces. An association relationship between the first home identifier and the first virtual private network VPN information to which the first home belongs, the at least two interfaces including going to the first home terminal The interface and the interface to the VSP server, the multicast forwarding entry is used to forward the multicast message based on the first home.
  • the second sending unit 303 can include:
  • the first receiving subunit 3031 is configured to receive a second packet from the first home terminal, where the second packet includes a first destination MAC address, the first home identifier, and the first VPN information.
  • the first determining sub-unit 3032 is configured to: if the first destination MAC address is a multicast MAC address, determine that the packet forwarding manner of the second packet is based on the multicast forwarding of the first home;
  • the first obtaining sub-unit 3033 is configured to obtain, from the multicast forwarding entry, the interface to the VSP server that is associated with the first home identity and the first VPN information;
  • the first sending subunit 3034 is configured to send the second packet to the value added service platform VSP server via the interface to the VSP server.
  • the receiving unit 301 is further configured to receive, by the VSP server, a first response packet that is returned by the VSP server, where the first response packet includes a second destination MAC address, the first a home identification and the first VPN information;
  • the network device 300 shown in FIG. 3 may further include:
  • the first determining unit 305 is configured to: if the second destination MAC address is a multicast MAC address, determine that the packet forwarding manner of the second response packet is based on the multicast forwarding of the first home;
  • the first obtaining unit 306 is configured to obtain, from the multicast forwarding entry, the interface to the first home terminal that is associated with the first home identity and the first VPN information;
  • the first sending unit 302 is further configured to send the first response packet to the first home terminal via the interface to the first home terminal.
  • the vCPE after receiving the first packet sent by the first home terminal, if the first packet is the first packet of the first home, the vCPE needs to request the first home. Authentication, if the first home authentication is passed, the message can be sent to the VSP server, so that the first home terminal can access the network, thereby improving network security.
  • FIG. 4 is a schematic structural diagram of another network device according to an embodiment of the present invention, where the network device 400 performs a virtual user premise device vCPE function, and can be used to execute the data transmission method disclosed in FIG. All or part of the steps, please refer to FIG. 2 for detailed description, and details are not described herein again.
  • the network device 400 can include:
  • the receiving unit 401 is configured to receive a first packet from the first home terminal, where the first packet includes a first home identifier
  • the first sending unit 402 is configured to send a home authentication request to the remote user dialing authentication server RADIUS if the first packet is the first packet of the first home that matches the first home identifier;
  • the receiving unit 401 is further configured to receive the home authentication success information returned by the RADIUS;
  • the second sending unit 403 is configured to send the second packet to the value-added service platform VSP server if receiving the second packet from the first home terminal.
  • the network device 400 shown in FIG. 4 may further include:
  • a second creating unit 404 configured to: after the receiving unit receives the home authentication success information returned by the RADIUS, create a first unicast forwarding entry of the first home terminal, where the first unicast forwarding entry And including an association relationship between the first unicast matching item and an interface to the first home terminal, where the first unicast matching item includes the first home identifier, and the first virtual The private network VPN information and the MAC address of the first home terminal, where the first unicast forwarding entry is used to forward the unicast message based on the first home terminal.
  • the receiving unit 401 is further configured to receive a second response packet that is returned by the VSP server for the second packet, where the second response packet includes a third destination MAC address, the first a home identification and the first VPN information;
  • the network device 400 shown in FIG. 4 may further include:
  • a second determining unit 405, configured to determine, according to the MAC address of the first home terminal, that the packet forwarding manner of the second response packet is based on the first home terminal Broadcast message forwarding;
  • the second obtaining unit 406 is configured to obtain, from the first unicast forwarding entry, the foregoing that is associated with the MAC address of the first home terminal, the first home identity, and the first VPN information. An interface of the first home terminal;
  • the first sending unit 402 is further configured to send the second response message to the first home terminal via the interface to the first home terminal.
  • the vCPE after receiving the first packet sent by the first home terminal, if the first packet is the first packet of the first home, the vCPE needs to request the first home. Authentication, if the first home authentication is passed, the message can be sent to the VSP server, so that the first home terminal can access the network, thereby improving network security.
  • FIG. 5 is a schematic structural diagram of another network device according to an embodiment of the present invention.
  • the network device 500 performs a function of a virtual user premises equipment vCPE, and can be used to execute the data transmission method disclosed in FIG. All or part of the steps, please refer to FIG. 2 for detailed description, and details are not described herein again.
  • the network device 500 can include:
  • the receiving unit 501 is configured to receive a first packet from the first home terminal, where the first packet includes a first home identifier
  • the first sending unit 502 is configured to: if the first packet is the first family that matches the first home identifier a packet, sending a home authentication request to the remote user dial-up authentication server RADIUS;
  • the receiving unit 501 is further configured to receive the home authentication success information returned by the RADIUS;
  • the second sending unit 503 is configured to: if the second packet from the first home terminal is received, send the second packet to the value-added service platform VSP server.
  • the second sending unit 503 shown in FIG. 5 may include:
  • the second receiving subunit 5031 is configured to receive a second packet from the first home terminal, where the second packet includes a fourth destination MAC address, the first home identifier, and the first virtual private network VPN information. ;
  • the second determining sub-unit 5032 is configured to determine, according to the MAC address of the VSP server of the value-added service platform, that the packet forwarding manner of the second packet is based on the unicast packet forwarding of the VSP server. ;
  • the second obtaining sub-unit 5033 is configured to obtain, from the pre-learned server unicast forwarding entry, the VSP associated with the MAC address of the VSP server, the first home identifier, and the first VPN information. Server interface;
  • the second sending subunit 5034 is configured to send the second packet to the VSP server via the interface to the VSP server.
  • the receiving unit 501 is further configured to receive a third packet from the second home terminal, where the third packet includes a second home identifier, and the second home that matches the second home identifier Second virtual private network VPN information and a MAC address of the second home terminal;
  • the network device 500 shown in FIG. 5 may further include:
  • the determining unit 504 is configured to determine whether the second home identifier is consistent with the first home identifier
  • the third determining unit 505 is configured to: when the determining unit 504 determines that the second home identifier is consistent with the first home identity, determine that the second home is consistent with the first home;
  • a third creating unit 506 configured to create a second unicast forwarding entry of the second home terminal, where the second unicast forwarding entry includes a second unicast matching item and a destination to the second home terminal
  • the second unicast matching item includes the second home identifier, the second VPN information, and the MAC address of the second home terminal, where the second unicast forwarding entry is used. And forwarding the unicast message based on the second home terminal.
  • the vCPE after receiving the first packet sent by the first home terminal, if the first packet is the first packet of the first home, the vCPE needs to request the first home. Authentication, if the first home authentication is passed, the message can be sent to the VSP server, so that the first home terminal can access the network, thereby improving network security.
  • FIG. 6 is a schematic structural diagram of another network device according to an embodiment of the present invention, where the network device 600 performs a virtual user premise device vCPE function, and can be used to execute the data transmission method disclosed in FIG. All or part of the steps, please refer to FIG. 2 for detailed description, and details are not described herein again.
  • the network device 600 may include: at least one processor 601, such as a CPU (Central Processing Unit), at least one receiver 602, at least one transmitter 603, and a memory 604, where The processor 601, the receiver 602, the transmitter 603, and the memory 604 are respectively connected to the communication bus.
  • processor 601 such as a CPU (Central Processing Unit)
  • the processor 601, the receiver 602, the transmitter 603, and the memory 604 are respectively connected to the communication bus.
  • the memory 604 may be a high speed RAM memory or a non-volatile memory. It can be understood by those skilled in the art that the structure of the network device 600 shown in FIG. 6 does not constitute a limitation of the present invention. It may be a bus-shaped structure or a star-shaped structure, and may also include the same as shown in FIG. 6. More or fewer parts, or some parts, or different parts.
  • the processor 601 is a control center of the network device 600, and may be a central processing unit (CPU).
  • the processor 601 connects various parts of the entire network device 600 by using various interfaces and lines, and is stored or executed by being stored or executed.
  • the sender 603 sends a home authentication request to the remote user dialing authentication server RADIUS;
  • the second message is sent by the sender 603 to the value-added service platform VSP server.
  • the processor 601 may further invoke the program code stored in the memory 604 to perform the following operations:
  • the multicast forwarding entry includes an association relationship between the multicast matching item and the at least two interfaces, where the multicast matching item includes the first home identity and the first home belonging First virtual private network VPN information, the at least two interfaces including an interface to the first home terminal and an interface to the VSP server, the multicast forwarding entry being used based on the first The multicast message of the family is forwarded.
  • sending, by the sender 603, the second packet to the value-added service platform VSP server includes:
  • the first destination MAC address is a multicast MAC address, determining that the packet forwarding manner of the second packet is based on the multicast forwarding of the first home;
  • the second message is sent by the sender 603 to the value-added service platform VSP server via the interface to the VSP server.
  • processor 601 can also call the program code stored in the memory 604 for performing the following operations:
  • a first response packet that is returned by the VSP server for the second packet, where the first response packet includes a second destination MAC address, the first home identifier, and the first a VPN message;
  • the packet forwarding manner of the second response packet is determined to be based on the multicast forwarding of the first home;
  • the processor 601 may further invoke the program code stored in the memory 604 to perform the following operations:
  • first unicast forwarding entry includes a first unicast forwarding entry
  • processor 601 can also call the program code stored in the memory 604 for performing the following operations:
  • a second response packet that is returned by the VSP server for the second packet, where the second response packet includes a third destination MAC address, the first home identifier, and the first a VPN message;
  • the third destination MAC address is the MAC address of the first home terminal, determining that the packet forwarding manner of the second response packet is based on the unicast packet forwarding of the first home terminal;
  • sending, by the sender 603, the second packet to the value-added service platform VSP server includes:
  • the fourth destination MAC address is the MAC address of the VSP server of the value-added service platform, determine that the packet forwarding mode of the second packet is based on the unicast packet forwarding of the VSP server;
  • the second message is sent by the sender 603 to the VSP server via the interface to the VSP server.
  • processor 601 can also call the program code stored in the memory 604 for performing the following operations:
  • a third packet from the second home terminal where the third packet includes a second home identity, a second virtual private network VPN to which the second home that matches the second home identity belongs Information and a MAC address of the second home terminal;
  • the second unicast forwarding entry includes an association relationship between the second unicast matching item and an interface to the second home terminal, where The second unicast matching item includes the second home identifier, the second VPN information, and a MAC address of the second home terminal, where the second unicast forwarding entry is used to be based on the second home terminal Unicast message forwarding.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé de transmission de données et un dispositif de réseau. Le procédé de transmission de données est appliqué à un équipement de locaux d'abonné virtuel (vCPE), et le vCPE prend en charge une fonction de transfert de données de couche 2. Le procédé consiste : à recevoir un premier paquet en provenance d'un premier terminal de la famille, le premier paquet comprenant un premier identifiant de la famille ; si le premier paquet est un premier paquet d'une première famille correspondant au premier identifiant de domicile, à envoyer une requête d'authentification de famille à un cadran d'authentification à distance dans le serveur d'utilisateur (RADIUS) ; à recevoir des informations de succès d'authentification de famille renvoyées par le RADIUS ; et si un second paquet provenant du premier terminal de famille est reçu, à envoyer le second paquet à un serveur de plateforme de service à valeur ajoutée (VSP). En mettant en œuvre les modes de réalisation de la présente invention, la sécurité de réseau peut être améliorée.
PCT/CN2017/081552 2016-04-29 2017-04-22 Procédé de transmission de données et dispositif de réseau WO2017186069A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610286483.5A CN106059994B (zh) 2016-04-29 2016-04-29 一种数据传输方法及网络设备
CN201610286483.5 2016-04-29

Publications (1)

Publication Number Publication Date
WO2017186069A1 true WO2017186069A1 (fr) 2017-11-02

Family

ID=57176149

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/081552 WO2017186069A1 (fr) 2016-04-29 2017-04-22 Procédé de transmission de données et dispositif de réseau

Country Status (2)

Country Link
CN (1) CN106059994B (fr)
WO (1) WO2017186069A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314200A (zh) * 2020-02-29 2020-06-19 新华三技术有限公司 一种报文转发方法及装置
CN114189767A (zh) * 2020-08-31 2022-03-15 中国移动通信集团浙江有限公司 宽带增值业务的认证方法及装置
WO2023241363A1 (fr) * 2022-06-17 2023-12-21 中兴通讯股份有限公司 Procédé et système de protection de communication, dispositif électronique et support d'enregistrement

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106059994B (zh) * 2016-04-29 2020-02-14 华为技术有限公司 一种数据传输方法及网络设备
CN108234253A (zh) * 2016-12-21 2018-06-29 中兴通讯股份有限公司 Bras的管理方法及报文转发方法、报文转发控制器及bras
CN109962831B (zh) * 2017-12-14 2021-08-17 中国电信股份有限公司 虚拟客户终端设备、路由器、存储介质和通信方法
JP6966700B2 (ja) * 2018-03-02 2021-11-17 日本電信電話株式会社 通信装置、通信方法及び通信プログラム
JP6962293B2 (ja) * 2018-08-13 2021-11-05 日本電信電話株式会社 通信制御装置、通信制御システム、通信制御方法および通信制御プログラム
CN111131350B (zh) * 2018-10-31 2022-07-22 中国移动通信有限公司研究院 一种端到端的连接建立方法及控制器
CN109617906B (zh) * 2019-01-03 2020-12-29 中国联合网络通信集团有限公司 一种混合云的接入方法及装置
CN116248595B (zh) * 2023-03-15 2024-02-02 安超云软件有限公司 一种云内网与物理网通信的方法、装置、设备以及介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101286876A (zh) * 2008-06-03 2008-10-15 中兴通讯股份有限公司 用户驻地设备的配置方法和装置
CN105306353A (zh) * 2014-07-29 2016-02-03 华为技术有限公司 一种转发报文的方法、设备及系统
CN105323229A (zh) * 2014-07-31 2016-02-10 中国移动通信集团公司 一种基于cpe的数据传输方法、网元、平台及系统
JP2016057672A (ja) * 2014-09-05 2016-04-21 日本電信電話株式会社 端末別認証払い出し制御装置、認証キー払い出し機能設定装置、方法およびプログラム
CN106059994A (zh) * 2016-04-29 2016-10-26 华为技术有限公司 一种数据传输方法及网络设备

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101399718A (zh) * 2007-09-29 2009-04-01 上海贝尔阿尔卡特股份有限公司 接入网络中控制用户设备接入组播业务的方法和装置
KR20090092431A (ko) * 2008-02-27 2009-09-01 삼성전자주식회사 인지무선시스템에서 씨비피 전송을 위한 장치 및 방법
CN101562621B (zh) * 2009-05-25 2013-05-22 阿里巴巴集团控股有限公司 一种用户授权的方法、系统和装置
CN101998398A (zh) * 2009-08-11 2011-03-30 中兴通讯股份有限公司 一种访问拜访地服务提供商的系统及方法
CN102195988B (zh) * 2011-05-31 2015-10-21 中兴通讯股份有限公司 实现企业网aaa服务器与公网aaa服务器合一的方法及装置
CN103051626B (zh) * 2012-12-21 2016-09-28 华为技术有限公司 一种认证方法及网络设备
EP2747350A1 (fr) * 2012-12-21 2014-06-25 Telefónica, S.A. Procédé et système pour accès à des services de réseau en nuage

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101286876A (zh) * 2008-06-03 2008-10-15 中兴通讯股份有限公司 用户驻地设备的配置方法和装置
CN105306353A (zh) * 2014-07-29 2016-02-03 华为技术有限公司 一种转发报文的方法、设备及系统
CN105323229A (zh) * 2014-07-31 2016-02-10 中国移动通信集团公司 一种基于cpe的数据传输方法、网元、平台及系统
JP2016057672A (ja) * 2014-09-05 2016-04-21 日本電信電話株式会社 端末別認証払い出し制御装置、認証キー払い出し機能設定装置、方法およびプログラム
CN106059994A (zh) * 2016-04-29 2016-10-26 华为技术有限公司 一种数据传输方法及网络设备

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314200A (zh) * 2020-02-29 2020-06-19 新华三技术有限公司 一种报文转发方法及装置
CN111314200B (zh) * 2020-02-29 2023-10-20 新华三技术有限公司 一种报文转发方法及装置
CN114189767A (zh) * 2020-08-31 2022-03-15 中国移动通信集团浙江有限公司 宽带增值业务的认证方法及装置
CN114189767B (zh) * 2020-08-31 2023-09-19 中国移动通信集团浙江有限公司 宽带增值业务的认证方法及装置
WO2023241363A1 (fr) * 2022-06-17 2023-12-21 中兴通讯股份有限公司 Procédé et système de protection de communication, dispositif électronique et support d'enregistrement

Also Published As

Publication number Publication date
CN106059994B (zh) 2020-02-14
CN106059994A (zh) 2016-10-26

Similar Documents

Publication Publication Date Title
WO2017186069A1 (fr) Procédé de transmission de données et dispositif de réseau
US9596211B2 (en) Cloud based customer premises equipment
AU2011315150B2 (en) Multipath transmission control protocol proxy
US8121126B1 (en) Layer two (L2) network access node having data plane MPLS
US10091176B2 (en) Enhanced EVPN MAC route advertisement having MAC (L2) level authentication, security and policy control
US6765881B1 (en) Virtual L2TP/VPN tunnel network and spanning tree-based method for discovery of L2TP/VPN tunnels and other layer-2 services
US8085791B1 (en) Using layer two control protocol (L2CP) for data plane MPLS within an L2 network access node
US9973469B2 (en) MAC (L2) level authentication, security and policy control
CN101326763B (zh) 用于sp以太网汇聚网络的认证的系统和方法
EP2378720B1 (fr) Procédé de mise en réseau par extranet, système et procédé pour réseau privé virtuel en multidiffusion
WO2009094928A1 (fr) Procédé et équipement de transmission d'un message basé sur le protocole de tunnel de niveau 2
US8243602B2 (en) Dynamically configuring attributes of a parent circuit on a network element
CN112039920B (zh) 通信方法、装置、电子设备及存储介质
US7385621B2 (en) Private sharing of computer resources over an internetwork
WO2017186122A1 (fr) Planification de trafic
CN102710485B (zh) 透明代理方法及代理服务器
US20210351956A1 (en) Customer premises lan expansion
WO2011147342A1 (fr) Procédé, équipement et système pour échange d'informations de routage
WO2021169291A1 (fr) Procédé de recommandation de route, éléments de réseau, système et dispositif
JP2019510406A (ja) 顧客宅内lan拡張のためのアドレッシング
WO2011113357A1 (fr) Procédé de traitement de carte itinéraire et dispositif formant périphérique de fournisseur
WO2008141516A1 (fr) Procédé de transmission d'un message, dispositif de transmission et système de transmission
EP2073506B1 (fr) Procédé pour résoudre une adresse d'utilisateur logique dans un réseau d'agrégation
WO2013127160A1 (fr) Procédé et système de découverte automatique d'un dispositif dlna
CN218920438U (zh) 一种基于vxlan的互联网接入控制系统

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17788721

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17788721

Country of ref document: EP

Kind code of ref document: A1