WO2020228130A1 - Procédé et système de communication pour un serveur de gestion de réseau, et élément de réseau d'un dispositif de communication - Google Patents

Procédé et système de communication pour un serveur de gestion de réseau, et élément de réseau d'un dispositif de communication Download PDF

Info

Publication number
WO2020228130A1
WO2020228130A1 PCT/CN2019/096625 CN2019096625W WO2020228130A1 WO 2020228130 A1 WO2020228130 A1 WO 2020228130A1 CN 2019096625 W CN2019096625 W CN 2019096625W WO 2020228130 A1 WO2020228130 A1 WO 2020228130A1
Authority
WO
WIPO (PCT)
Prior art keywords
gne
management
management message
network
network element
Prior art date
Application number
PCT/CN2019/096625
Other languages
English (en)
Chinese (zh)
Inventor
徐振兵
程小鹏
张宏
Original Assignee
烽火通信科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 烽火通信科技股份有限公司 filed Critical 烽火通信科技股份有限公司
Publication of WO2020228130A1 publication Critical patent/WO2020228130A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Definitions

  • the present invention relates to the field of communication technology, in particular to a communication method and system between a network management server of a communication device and a network element.
  • network management service programs are usually used to manage and monitor the network elements in the communication network.
  • DCN Data Communication Network
  • GNE Gateway Network Element, gateway network element
  • management messages that the network management server interacts with non-GNE are all transferred by the GNE.
  • the existing method for the network management server to send management messages to the GNE is generally: the network management service program of the network management server (hereinafter referred to as the network management program), after searching for which GNE the management message object (ie, network element) needs to be issued belongs to, The management message adds a layer of related protocol encapsulation (such as UDP protocol encapsulation), and the destination IP of UDP encapsulation is the IP address of GNE; it is also necessary to add an identifier for marking the specific network element to which the message needs to be delivered in the management message information.
  • the network management service program of the GNE (hereinafter referred to as the gateway program) performs UDP decapsulation and forwards the message to the corresponding network element according to the network element identification information.
  • the gateway program when GNE sends non-GNE management messages to the network management server, the gateway program also needs to add UDP encapsulation to the management message; in addition, because the gateway program needs to set the source IP of the management message to the GNE IP, Therefore, the gateway program still needs to add network element identification information to the management message. Subsequently, the network management program also needs to perform UDP decapsulation after receiving the management message, and determine which non-GNE sent the message according to the network element identification information.
  • the technical problem solved by the present invention is: how to simplify the management message receiving and sending logic, thereby reducing the load required for receiving and sending management messages, and improving the working efficiency of receiving and sending management messages.
  • the communication method between the network management server of the communication device and the network element provided by the present invention includes the following steps: deploy an agent program on the network management server and each GNE; the network management server and each GNE agent program establishes the GNE Tunnel, and send and receive management messages through the GNE tunnel.
  • the destination IP of the management message is the IP of the local network element.
  • the agent at the sending end will encapsulate the management message; after the management message is received, the agent at the receiving end will decapsulate the management message; the encapsulation type depends on Protocols supported by the DCN network.
  • the process of the network management server sending management messages to GNE includes: after the agent receives the management message whose destination IP is set to the IP of the network element to be received, if there is a management message corresponding to the destination IP of the management message In the GNE tunnel, the management message is encrypted according to the encryption algorithm of the GNE tunnel. According to the source IP and destination IP of the GNE tunnel, the encrypted management message header is encapsulated, and then the management message is transmitted through the GNE tunnel.
  • the processing flow after GNE receives the management message includes: the agent program decapsulates the management message to obtain the source IP and destination IP of the management message; if there is the source IP and the decapsulated source IP and The GNE tunnel corresponding to the destination IP decrypts the management message according to the decryption algorithm corresponding to the encryption algorithm, and then forwards the management message to the corresponding local network element according to the destination IP of the management message.
  • the communication system between the network management server of the communication device and the network element in the embodiment of the present invention includes a network management agent module arranged on the network management server and a GNE agent module arranged on each GNE; the network management agent module and each GNE agent module GNE tunnels are established;
  • the network management agent module is used to: send management messages to the corresponding GNE through the GNE tunnel;
  • the GNE proxy module is used to send management messages to the network management server through the GNE tunnel.
  • the destination IP of the management message is the IP of the local network element.
  • the network management agent module and the GNE agent module are also used to: before sending the management message, encapsulate the management message; after receiving the management message, decapsulate the management message ;
  • the encapsulation type depends on the protocol supported by the DCN network.
  • the process of the network management agent module sending management messages to GNE includes: after receiving a management message whose destination IP is set to the IP of the network element to be received, if there is a management message with the destination IP
  • the corresponding GNE tunnel encrypts the management message according to the encryption algorithm of the GNE tunnel.
  • the management message is transmitted through the GNE tunnel .
  • the GNE proxy module is also used to: decapsulate the management message received by GNE to obtain the source IP and destination IP of the management message; if it exists, it corresponds to the source IP and destination IP obtained from the decapsulation In the GNE tunnel, the management message is decrypted according to the decryption algorithm corresponding to the encryption algorithm, and then the management message is forwarded to the corresponding local network element according to the destination IP of the management message.
  • the present invention deploys an agent program on the network management server and each GNE, and establishes a GNE tunnel between the agent programs, so as to realize the sending and receiving of management messages without the need of the network management program and the gateway program.
  • the management message can be transmitted through the GNE tunnel, which can directly determine the sending and receiving end of the management message, and then the destination IP can be set to the IP of the network element to be received when the network management server sends the management message, and the management message can be sent in GNE When the source IP is set to the IP of the sending network element. Therefore, the present invention does not need to add additional network element identification information in the prior art to the management message (that is, it does not need to manage the mapping relationship between GNE and non-GNE) to complete the identification of the management message.
  • the present invention can not only send and receive management messages without the need for network management programs and gateway programs, but also can significantly simplify the logic of sending and receiving management messages; whether it is for existing network management programs and gateway programs, or the original In terms of the newly-added agent programs of the invention, all of them reduce the load required for sending and receiving management messages and improve the efficiency of sending and receiving management messages.
  • Figure 1 is a schematic diagram of the logical framework of the GNE proxy service program in an embodiment of the present invention
  • Fig. 2 is a schematic diagram of a flow of a network management server sending a management message to a local network element in an embodiment of the present invention.
  • the communication method between the network management server of the communication device and the network element in the embodiment of the present invention includes the following steps:
  • GNE agent service program (hereinafter referred to as agent program, supporting deployment in Windows and Linux environments), network management server agent program (hereinafter referred to as network management agent program) and GNE agent program (hereinafter referred to as GNE agent program) are deployed on the network management server and each GNE
  • the function of the program is basically the same, except for the difference between the settings on different carriers.
  • the network management agent program establishes a GNE tunnel with each GNE agent program, and the network management agent program is set with the destination IP of all local network elements associated with each GNE tunnel, so as to realize the penetration of the DCN network.
  • the network management server When the network management server sends a management message to GNE, the network management server sets the destination IP of the management message to the IP of the local network element to be received; the network management agent sends the management message according to the GNE tunnel corresponding to the destination IP of the management message; The destination IP of the management message is set to the IP of the network element to be received, so the subsequent GNE can directly forward the management message according to the destination IP.
  • GNE When GNE sends a management message to the network management server, GNE sets the source IP of the management message to the IP of the local network element that sends the message; the GNE agent sends the management message through the GNE tunnel.
  • the present invention implements the sending and receiving of management messages without the need of the network management program and the gateway program by deploying an agent program on the network management server and each GNE, and establishing a GNE tunnel between the agents.
  • the management message can be transmitted through the GNE tunnel, which can directly determine the sending and receiving end of the management message, and then the destination IP can be set to the IP of the network element to be received when the network management server sends the management message, and the management message can be sent in GNE
  • the present invention does not need to additionally add the network element identification information in the prior art to the management message to complete the identification of the management message.
  • the agent program at the sending end will encrypt the management message; after the management message is received, the agent program at the receiving end will decrypt the management message corresponding to the encryption.
  • Such a design can make the management message in an encrypted state during the transmission of the DCN network, thereby significantly improving the transmission security of the management message.
  • the agent at the sending end will encapsulate the management message; after the management message is received, the agent at the receiving end will decapsulate the management message; the encapsulation type depends on the DCN network support Protocol (such as IP protocol, UDP protocol, TCP protocol, etc.).
  • DCN network support Protocol such as IP protocol, UDP protocol, TCP protocol, etc.
  • the agent program completes the encapsulation in the present invention, which not only reduces the load of the network management program and the gateway program, but also improves the work efficiency of the network management program and the gateway program; Moreover, the forwarding efficiency of the encapsulation based on the IP layer protocol is higher, which further improves the efficiency of receiving and sending management messages.
  • the process of the network management server sending the management message to the GNE includes:
  • the network management agent After the network management agent receives the management message whose destination IP is set to the IP of the network element to be received, it judges whether there is a GNE tunnel corresponding to the destination IP of the management message; if so, go to S102, otherwise it means there is an error, go to Go to S106.
  • S102 The network management agent program encrypts the management message according to the encryption algorithm of the GNE tunnel. According to the source IP and destination IP of the GNE tunnel, after adding IP protocol encapsulation to the header of the encrypted management message, access the DCN The network port is sent to the DCN network (that is, the management message is transmitted through the GNE tunnel), and then go to S103.
  • S104 The GNE agent program judges whether there is a GNE tunnel corresponding to the source IP and the destination IP obtained by decapsulation, if yes, go to S105, otherwise, it indicates that there is an error, and go to S106.
  • the decrypted management message is sent to the management plane for processing (for example, forwarding according to the destination IP of the management message Manage messages to the corresponding local network element, etc.).
  • S106 Acquire key information (such as source IP, destination IP, or MAC address, etc.) of the management message, so as to troubleshoot problems, and discard the management message to avoid unnecessary resource occupation.
  • Acquire key information such as source IP, destination IP, or MAC address, etc.
  • the process of GNE forwarding the management messages sent by local network elements to the network management server is basically the same as the above S101 ⁇ S106.
  • the difference lies in the exchange of the main body (network management server and GNE, network management agent and GNE agent), and the management report in S101.
  • the destination IP of the message is the IP of the network management server, and the source IP is the IP of the local network element that sends the message.
  • the communication system between the network management server of the communication device and the network element in the embodiment of the present invention includes a network management agent module arranged on the network management server and a GNE agent module arranged on each GNE; the network management agent module and each GNE agent module GNE tunnels are established.
  • the functions of the network management agent module and the GNE agent module are basically the same, except that they are set on different carriers.
  • the network management agent module is used to send a management message whose destination IP is the IP of the local network element to be received to the corresponding GNE through the GNE tunnel.
  • the specific process includes:
  • the process for the network management agent module to send management messages to GNE includes: after receiving a management message whose destination IP is set to the IP of the network element to be received, if there is a GNE tunnel corresponding to the destination IP of the management message, then according to the GNE tunnel
  • the encryption algorithm encrypts the management message.
  • the management message is transmitted through the GNE tunnel.
  • the GNE proxy module is used to:
  • Both the network management agent module and the GNE agent module are also used to encrypt and encapsulate the management message before sending the management message (the encapsulation type depends on the protocol supported by the DCN network); after the management message is received, the management message is The text undergoes decryption processing and decapsulation corresponding to encryption.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention se rapporte au domaine technique des communications mobiles et concerne un procédé et un système pour un serveur de gestion de réseau et un élément de réseau d'un dispositif de communication. Le procédé comprend les étapes suivantes consistant à : déployer des programmes agent sur le serveur de gestion de réseau et chaque GNE ; et établir un tunnel GNE pour les programmes agent du serveur de gestion de réseau et chaque GNE, et transmettre et recevoir un paquet de gestion via le tunnel GNE. La présente invention peut simplifier la logique de transmission et de réception du paquet de gestion, réduisant ainsi la charge requise par la transmission et la réception du paquet de gestion et améliorant l'efficacité opérationnelle de transmission et de réception du paquet de gestion.
PCT/CN2019/096625 2019-05-10 2019-07-19 Procédé et système de communication pour un serveur de gestion de réseau, et élément de réseau d'un dispositif de communication WO2020228130A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910390049.5 2019-05-10
CN201910390049.5A CN111917621B (zh) 2019-05-10 2019-05-10 通信设备的网管服务器与网元的通信方法及系统

Publications (1)

Publication Number Publication Date
WO2020228130A1 true WO2020228130A1 (fr) 2020-11-19

Family

ID=73242289

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/096625 WO2020228130A1 (fr) 2019-05-10 2019-07-19 Procédé et système de communication pour un serveur de gestion de réseau, et élément de réseau d'un dispositif de communication

Country Status (2)

Country Link
CN (1) CN111917621B (fr)
WO (1) WO2020228130A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112929211A (zh) * 2021-01-26 2021-06-08 北京华环电子设备有限公司 非ip管控设备接入ip dcn网络被代管的实现方法
CN113904868A (zh) * 2021-11-02 2022-01-07 北京长焜科技有限公司 一种基于IPsec的远程网管的管理方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060288092A1 (en) * 2005-06-16 2006-12-21 Infinera Corporation Xml over tcp management protocol with tunneled proxy support and connection management
CN107547220A (zh) * 2016-06-27 2018-01-05 中兴通讯股份有限公司 一种多子网元分层管理的方法及装置
CN108650126A (zh) * 2018-05-09 2018-10-12 华信塞姆(成都)科技有限公司 一种ptn网络中自动发现和配置带内dcn的方法

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB9913239D0 (en) * 1999-06-08 1999-08-04 Marconi Comm Ltd Communications arrangement
US7969998B2 (en) * 2005-06-10 2011-06-28 Cisco Technology, Inc. Method and system for tunneling data using a management protocol
CN102308523B (zh) * 2011-07-27 2014-07-16 华为技术有限公司 数据通信网络配置方法、网关网元及数据通信系统
CN105812166B (zh) * 2014-12-30 2020-06-12 中兴通讯股份有限公司 连接实现方法及系统、网络服务器和网关网元、管理方法
CN106936615A (zh) * 2015-12-31 2017-07-07 中兴通讯股份有限公司 一种报文处理方法及装置
CN105610619B (zh) * 2015-12-31 2019-04-16 北京格林伟迪科技股份有限公司 一种网元设备管理方法和装置
CN108243035B (zh) * 2016-12-26 2021-04-09 华为技术有限公司 Dcn报文处理方法、网络设备和网络系统
CN108965091B (zh) * 2018-07-16 2020-11-06 烽火通信科技股份有限公司 一种基于vxlan隧道的网元管理方法及系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060288092A1 (en) * 2005-06-16 2006-12-21 Infinera Corporation Xml over tcp management protocol with tunneled proxy support and connection management
CN107547220A (zh) * 2016-06-27 2018-01-05 中兴通讯股份有限公司 一种多子网元分层管理的方法及装置
CN108650126A (zh) * 2018-05-09 2018-10-12 华信塞姆(成都)科技有限公司 一种ptn网络中自动发现和配置带内dcn的方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WANG, YAJUAN ET AL.: "Research on Management Channel Organization Mode of Large-scale Power Grid Transmission Networks", ELECTRIC POWER INFORMATION AND COMMUNICATION TECHNOLOGY, vol. 12, no. 9, 30 September 2014 (2014-09-30), XP009524209 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112929211A (zh) * 2021-01-26 2021-06-08 北京华环电子设备有限公司 非ip管控设备接入ip dcn网络被代管的实现方法
CN112929211B (zh) * 2021-01-26 2023-04-18 北京华环电子设备有限公司 非ip管控设备接入ip dcn网络被代管的实现方法
CN113904868A (zh) * 2021-11-02 2022-01-07 北京长焜科技有限公司 一种基于IPsec的远程网管的管理方法

Also Published As

Publication number Publication date
CN111917621B (zh) 2021-09-07
CN111917621A (zh) 2020-11-10

Similar Documents

Publication Publication Date Title
US9369550B2 (en) Protocol for layer two multiple network links tunnelling
CN107018134B (zh) 一种配电终端安全接入平台及其实现方法
EP2590368B1 (fr) Procédé, matériel et système de réseau pour faire communiquer un terminal avec un serveur de réseau d'infrastructure d'un sous-système multimédia ip (ims) en traversant un réseau privé
US8179890B2 (en) Mobile IP over VPN communication protocol
US7380124B1 (en) Security transmission protocol for a mobility IP network
US6970446B2 (en) Method and apparatus to provide inline encryption and decryption for a wireless station via data streaming over a fast network
JP4407452B2 (ja) サーバ、vpnクライアント、vpnシステム、及びソフトウェア
US10044841B2 (en) Methods and systems for creating protocol header for embedded layer two packets
CN101309273A (zh) 一种生成安全联盟的方法和装置
US20190124055A1 (en) Ethernet security system and method
WO2020228130A1 (fr) Procédé et système de communication pour un serveur de gestion de réseau, et élément de réseau d'un dispositif de communication
CN1937571A (zh) 在应用层实现vpn协议的系统及其方法
CN108924157B (zh) 一种基于IPSec VPN的报文转发方法及装置
US7623666B2 (en) Automatic setting of security in communication network system
EP4387190A1 (fr) Procédé d'envoi de paquets, dispositif réseau, support de stockage et produit programme
CN115442121A (zh) 一种流量传输方法、系统、装置及存储介质
CN112367237B (zh) 一种报文转发方法及系统
CN100583891C (zh) 一种通讯加密的方法与系统
KR101837064B1 (ko) 보안 통신 장치 및 방법
CN101783791B (zh) 实现网络接入认证、传输加密、utm的系统及方法
CN107579932A (zh) 一种数据传输方法、设备和存储介质
US12028747B2 (en) Methods and apparatus for reducing communications delay
CN114338116B (zh) 加密传输方法、装置及sd-wan网络系统
CN110650476B (zh) 管理帧加密和解密
US20220400405A1 (en) Methods and apparatus for reducing communications delay

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19928958

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19928958

Country of ref document: EP

Kind code of ref document: A1