WO2021068685A1 - 一种通讯电路管理方法、网络设备及存储介质 - Google Patents
一种通讯电路管理方法、网络设备及存储介质 Download PDFInfo
- Publication number
- WO2021068685A1 WO2021068685A1 PCT/CN2020/112621 CN2020112621W WO2021068685A1 WO 2021068685 A1 WO2021068685 A1 WO 2021068685A1 CN 2020112621 W CN2020112621 W CN 2020112621W WO 2021068685 A1 WO2021068685 A1 WO 2021068685A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- group
- access point
- communication circuit
- users
- information
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2425—Traffic characterised by specific attributes, e.g. priority or QoS for supporting services specification, e.g. SLA
Definitions
- This application relates to the field of communications, and in particular to a communication circuit management method, network equipment and storage medium.
- the dedicated line access service refers to a service that leases a certain Ethernet interface or certain VLANs (Virtual Local Area Network, virtual local area network) under the interface to a group of users as a whole. Multiple devices can be accessed under a dedicated line, but only one user appears on the broadband access router. In fact, the operator controls the dedicated line for unified authentication and billing, enterprise bandwidth, and access rights.
- VLANs Virtual Local Area Network, virtual local area network
- enterprises have evolved from using only one Ethernet interface or certain VLAN access under the interface. Use multiple different Ethernet interfaces or VLAN access under different Ethernet interfaces; the enterprise has evolved from a single address outlet to a single outlet with multiple dual-stack addresses or multiple outlets with multiple dual-stack addresses.
- the network side such as AAA (Authentication, Authorization, Accounting, authentication and authorization accounting) server
- AAA Authentication, Authorization, Accounting, authentication and authorization accounting
- the network side will also use multiple management accounts for management, which not only leads to the network
- the side needs to maintain and manage a large number of management accounts, which is a big management burden, and it will also cause a lot of inconvenience to enterprises in the process of using private line access or paying for private lines.
- the communication circuit management method, network equipment, and storage medium provided by the embodiments of the present application.
- the embodiment of the application provides a communication circuit management method, which includes: after receiving an online request initiated by an access point, sending an authentication request message to an authentication authorization accounting AAA server according to the online request; receiving a characterization authentication sent by the AAA server Passed authentication response message; if it is determined that the access point belongs to a certain group of users and is the first online access point of the group user, the group session information of the group user is created, and the communication circuit corresponding to the group user is turned on; the group user is in A collection of access points sharing group identification information on the AAA server side.
- the first access point to go online is the first access point that requests to go online; the communication circuits of the group users are managed based on the group session information.
- An embodiment of the present application also provides a network device, which includes a processor, a memory, and a communication bus; the communication bus is used to realize the connection and communication between the processor and the memory; the processor is used to execute one or more of the storage in the memory Program to implement the steps of the above-mentioned communication circuit management method.
- An embodiment of the present application further provides a storage medium, wherein the storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the steps of the communication circuit management method described above.
- FIG. 1 is a flowchart of a communication circuit management method provided in Embodiment 1 of this application;
- 2a is a flow chart of the offline management of group users by the network device provided in the first embodiment of this application;
- 2b is another flow chart of the offline management of group users by the network device provided in the first embodiment of this application.
- FIG. 3 is a flow chart of the network device provided in the first embodiment of the application for speed limit management of group users
- Fig. 4 is a schematic diagram of the private line access service of enterprise A provided in the second embodiment of the application;
- FIG. 5 is an interaction flow chart of an access point in a group of users going online provided in the second embodiment of the application
- FIG. 6 is a flow chart of an interaction in which an access point in a group of users goes offline provided in the second embodiment of this application;
- FIG. 7 is a flow chart of the access point going online in the communication circuit management solution provided in the second embodiment of the application.
- FIG. 8 is a flowchart of an access point offline in the communication circuit management solution provided in the second embodiment of the application.
- FIG. 9 is a schematic structural diagram of a communication circuit management device provided in Embodiment 3 of this application.
- FIG. 10 is a schematic diagram of a hardware structure of a network device provided in Embodiment 4 of this application.
- the communication circuit management method, network equipment, and storage medium provided in the embodiments of the application mainly solve the technical problem that the broadband access router in the related technology uses multiple different Ethernet interfaces or VLAN access under different Ethernet interfaces.
- the management of private lines of the same enterprise is complicated, which causes a large management burden on enterprises and operators.
- Dedicated lines can be divided into two-tier dedicated lines and three-tier dedicated lines according to different access methods.
- the second-layer dedicated line is connected to a certain interface of the broadband access router or the VLAN of the interface through the data communication-type second-tier equipment, and the address allocation is performed by the broadband access router, and the services of the users under the dedicated line are in accordance with the business control strategy of the dedicated line. For control, all the traffic is collected on the dedicated line, and the bandwidth of the dedicated line is uniformly restricted.
- the three-layer dedicated line is connected to a certain interface of the broadband access router or under the VLAN of the interface through the three-layer equipment of data communication, such as an enterprise-level router.
- the address assignment is completed by the enterprise-level router, and the broadband access device serves as the forwarding function.
- the business of each terminal user under the dedicated line is controlled according to the dedicated line's business control strategy, all traffic is collected on the dedicated line, and the dedicated line is uniformly restricted in bandwidth.
- the network device After receiving an online request initiated by an access point, the network device sends an authentication request message to the AAA server according to the online request.
- the network device may be a broadband access router or the like, which is connected to the AAA server in communication and at the same time can also be connected to the access point through a communication circuit. It is understandable that in an actual network, the network device and the access point may also pass through a series of convergent and fixed network physical devices, which are not necessarily directly physically connected.
- the so-called access point can be a NAT (Network Address Translation) device such as an enterprise-level router.
- the access point is connected to a broadband access router and other network equipment through a communication circuit (such as an enterprise dedicated line), on the other hand,
- a local area network can be provided for terminal devices within the range of the local area network, such as mobile phones, tablets, etc., to access through wireless means, or desktop computers, etc. through wired means, so as to realize the interconnection of terminal equipment and the Internet.
- dedicated line users include but are not limited to enterprises, and can also include organizations or other organizations that need to use dedicated lines to access services.
- a dedicated line user may have one or more access points.
- the access point When there is a user on an access point, the access point will initiate an online request to the network device. Therefore, for the network device, the online request it receives can come from having only one access point
- the dedicated line users can also be dedicated line users who have at least two access points. After receiving an online request from an access point, the network device can assemble an authentication request message according to the online request, and send the authentication request message to the AAA server, and the AAA server will identify the access point Certification.
- S104 The network device receives an authentication response message sent by the AAA server, which indicates that the authentication has passed.
- the AAA server After the AAA server receives the authentication request message, it performs a database query to determine whether the user information in the authentication request message is legal. If it is determined that the user information in the authentication request is legal, it will feed back to the network device an authentication response message indicating that the authentication has passed. Text. In some examples of this embodiment, if the AAA server determines through a query that the user information carried in the authentication request message is illegal, it may send a message to the network device indicating that the authentication has failed. Of course, in some other examples, if the AAA server fails to authenticate after receiving the authentication request message, it does not need to feed back any information to the network device. In this way, the network device does not receive the authentication response message indicating that the authentication is passed, so it also The communication circuit corresponding to the access point will not be opened.
- the characteristics of the group user can be issued by the AAA server to the broadband access server during the authentication process, or configured locally by the broadband access server.
- S106 If it is determined that the access point belongs to a certain group of users and is the first online access point of the group user, create the group session information of the group user, and turn on the communication circuit corresponding to the group user.
- the network device After confirming that the authentication of the AAA server is passed, if the network device determines that the access point belongs to a certain group of users, and determines that the access point is the first access point in the group of users to request to go online, that is, it is the first to go online. In point, the network device can create group session information for the group of users and turn on the communication circuit corresponding to the group of users.
- the so-called “group user” refers to a collection of access points that share the same group of identification information on the AAA server side.
- the so-called group identification information refers to information that can uniquely distinguish a group of users on the AAA server side and the network device side, such as group user name, group ID number, etc. It should be noted that although a group user is a set of access points that share the same set of identification information, it does not mean that the group user must include two or more access points at the same time. Of course, the group user can include at least two access points at the same time, but in other examples, the group user can also include only one access point. Therefore, the number of access points is not a condition for determining whether a group of users can be formed.
- the access point in the group user is an access point using dual protocol stack technology, referred to as a dual stack access point, so the group user may also be referred to as a dual stack group user.
- each access point in a group of users can have different network management accounts on the AAA server side.
- the individual mobile phone numbers are independent, but they are charged uniformly and share the package.
- a group user can be understood as a dedicated line user, that is, the dedicated line owner.
- company A has sub-companies in place x and y, namely sub-enterprise A1 and sub-enterprise A2.
- enterprise A has opened dedicated lines for both the sub-enterprise A1 and the sub-enterprise A2, respectively. a1 and dedicated line a2.
- the AAA server will manage the dedicated line a1 according to the network management account corresponding to the sub-enterprise A1, and manage the dedicated line a2 according to the network management account corresponding to the sub-enterprise A2.
- the traffic bandwidth allocation and billing of leased line a1 and leased line a2 are independent of each other.
- enterprise A it has two completely independent leased lines. When paying for the two leased lines, enterprise A needs to pay separately. Pay the fee.
- the access points of the sub-enterprise A1 and the sub-enterprise A2 belong to the same group of users, and the AAA server associates the sub-enterprise A1 with the sub-enterprise A2, which is two Users configure the same group identification information, and the AAA server and broadband access server can perform unified traffic bandwidth classification and accounting for the two dedicated lines based on the group identification information of the group of users.
- the network device needs to determine whether the access point belongs to a group user based on the authentication response message fed back by the AAA server.
- the AAA server stores the mapping relationship between each communication circuit and the group of users. It should be understood that there is a unique correspondence between the communication circuit and the access point. Therefore, it can be considered that the AAA server stores the access The mapping relationship between points and group users. In this way, after the AAA server receives an authentication request message for the access point from the network device, it can determine that the access point belongs to the group user by querying the mapping relationship. After the AAA server has passed the authentication of the access point, it can carry the group information of the group user to which the access point belongs in the authentication response message. After receiving the authentication response message, the network device can use the group information in the authentication response message. The information determines that the access point currently requesting to go online belongs to a group of users.
- the network device does not need to rely on the authentication response message fed back by the AAA server when determining whether the access point currently requested to go online belongs to the group user, because in these examples, the network device itself
- the mapping relationship between each communication circuit and group users can be maintained. In this way, after receiving an online request initiated by an access point, the network device can query its locally stored mapping relationship to determine whether the access point is Is a member of the group users.
- the network device determines that the access point currently requesting to go online belongs to a certain group of users, and determines that the access point is the "first online access point" of the group of users, the network device can be the group of users.
- the user creates group session information, which is mainly used for unified authorization and traffic statistics for the group of users.
- first online access point refers to the first access point in a group of users that requests to go online. There is no doubt that in a group of users, there will only be one first online access point, except for the first online access point. Except for the access point, the rest of the access points in the group users are all "non-first online access points", that is, they are not the first access points to request to go online. It should be understood that under normal circumstances, the first online access point of a group of users is not fixed.
- A1 may It is the first access point to request to go online, and in other cases, A2 may be the first access point to request to go online, but in other cases, A3 is the first to go online.
- the network device can create sub-user session information for the communication circuit corresponding to the group user, and turn on the corresponding communication circuit. It is understandable that the opened communication circuit should include the communication circuit corresponding to the first online access point, and the created sub-user session information should naturally also include the circuit session information of the communication circuit corresponding to the first online access point.
- the so-called sub-user session information can be used for traffic forwarding and detailed management of user data.
- the sub-user session information is mainly the circuit information of the communication circuit corresponding to the access point, and network equipment, such as a broadband access router, performs router forwarding work through the telephone session information table.
- the sub-user session information created by the network device can be in the form of a sub-user session information table.
- the sub-user session information table includes, but is not limited to, circuit session group identification information, circuit authorized bandwidth (Speed_cir), and circuit charging information (Account) , Circuit MAC information, circuit information (Cir), circuit session identifier (UserID), maximum bearable bandwidth (Speed_Cir).
- the network device manages the communication circuit of the group user based on the group session information.
- the network device creates the group session information of the group user and opens the communication circuit corresponding to the group user. After that, it can manage the communication circuit of the group user based on the group session information, for example, other access points in the group user (that is, Non-first online access points) online management, offline management of access points in group users, statistical management of group user traffic, and speed limit management of access points in group users, etc.
- group session information for example, other access points in the group user (that is, Non-first online access points) online management, offline management of access points in group users, statistical management of group user traffic, and speed limit management of access points in group users, etc.
- the network device of this embodiment opens the communication circuit corresponding to the group user according to the authentication response message of the AAA server to the first online access point, it can only open the communication circuit corresponding to the first online access point. Therefore, when creating a child In the case of user session information, only the sub-user session information of the communication circuit corresponding to the first-on-line access point is created first. In the subsequent process, if the online request sent by the non-first online access point is received, the sub-user session information is created for the communication circuit corresponding to the non-first online access point, and the communication corresponding to the non-first online access point is opened. Circuit. Undoubtedly, because the group session information is created in the unit of group users, a group user has only one group session information.
- the network device does not need to be nonsense.
- the group session corresponding to the first online access point creates group session information, but the non-first online access point inherits the group session information created when the first online access point goes online.
- the network device when the network device opens the communication circuit corresponding to the group user according to the authentication response message of the AAA server to the first online access point, it can open all the communication circuits corresponding to the group user. In this case, the network device needs to create corresponding sub-user session information for all communication circuits of the group of users. However, it is understandable that although all communication circuits are turned on, only the first online access point is currently online. Therefore, only the first online access point has traffic transmission. For non-first-online access points, if there are users accessing, they can directly start using the network, and non-first-online access points do not need to initiate an online request.
- the network device when a certain access point is online, can determine that the access point belongs to a group of users according to the group session information, and determine that the access point is not the first user of the group to which it belongs.
- the access point is online. Therefore, the AAA server has previously authenticated the first online access point in the group to which the access point belongs. Therefore, the AAA server does not need to authenticate the access point currently requesting to go online.
- the network device receives the online request sent by the access point, it does not need to send an authentication request message to the AAA server according to the online request, it can directly create the sub-user session information corresponding to the access point, and open the corresponding Communication circuit.
- the network device after receiving the online request, does not determine whether the access point currently requesting to go online is a member of the group user. In this case, the network device does not determine whether the access point currently requested to go online is a member of the group user. For each online request, a corresponding authentication request message will be generated and sent to the AAA server, which will be authenticated by the AAA server. The network device will only determine whether the access point currently requesting to go online belongs to a group user according to the content of the authentication response message fed back by the AAA server, which indicates that the authentication has passed. If it is a group user, it will determine whether it has been There is corresponding group session information.
- the network device If there is no corresponding group session information, it means that the access point is the first online access point of its group user. Therefore, the network device generates the corresponding group session information and generates the corresponding sub-user Session information, open the corresponding communication circuit; if it exists, it means that the access point is not the first on-line access point of the user in the group to which it belongs. Therefore, it is not necessary to generate group session information, but directly generate the sub-users of the corresponding communication circuit. Session information, open the corresponding communication circuit.
- the offline time of the group user should be the time when the last access point in the group user goes offline, so as to ensure that the users under the group user can use normally The internet.
- the last offline access point in the group of users is referred to as the "last offline access point”. Therefore, when there is an access point in the group user requesting to go offline, based on whether the access point is the last offline access point, the network equipment can refer to the following management schemes for management, please refer to the flowchart shown in Figure 2a:
- S200 Receive a logout request initiated by any access point in the group of users.
- the offline order of each access point has nothing to do with the online order. Therefore, when the network device receives the offline request of the access point, it cannot Ensure the order in which offline requests are received. Therefore, the offline request can be initiated by any access point in the group user.
- S202 Determine whether the access point that currently initiates the offline request is the last offline access point of the group user.
- S204 Close the communication circuit of the access point, and accumulate the billing information of all offline access points in the group of users.
- the network equipment is only Close the communication circuit of the access point, accumulate the billing information of all offline access points in the group user, and delete the sub-user session information of the current offline access point.
- S206 Close the communication circuit of the access point, accumulate the charging information of all offline access points in the group user, and delete the group session information.
- the network device determines that the access point currently requesting to go offline is the last offline access point of the user in the group to which it belongs, it means that all access points of the group of users have gone offline, so the entire group of users can be All offline, so the network device will not only close the access point’s communication circuit, accumulate the billing information of all offline access points in the group users, and delete the sub-user session information of the current offline access point’s communication circuit, The group session information will also be deleted.
- S208 The accumulated accounting information of the group users is carried in an accounting stop message and sent to the AAA server.
- the network device can send the accumulated accounting information corresponding to the group of users to the AAA server.
- the network device can send the accounting stop message to the AAA server.
- the server sends its accumulated billing information.
- the AAA server receives the accounting stop message, it can determine the overall traffic usage of the corresponding group of users based on the accounting information in it. In this way, AAA can manage an owner with multiple communication circuits based on a group of users, for example Corporate network payment is more convenient for both the network side and the owner of the communication circuit.
- the network device After an access point in the group of users initiates a logout request, the network device first determines whether the access point is the last offline access point, and then according to the requested access point Type to perform subsequent operations. However, it is understandable that regardless of whether the access point requesting to go offline is the last offline access point of the group user, the network device will close the communication circuit corresponding to the access point, and accumulate the counts of the currently offline access points. Charge information, and then delete the sub-user session information corresponding to the access point. The difference is that if it is the last offline access point, the network device will process the group session information and also send a charging stop message. If the access point is not the last offline access point, the network device will not The following two actions will be performed. Therefore, this embodiment also provides a solution for offline management and traffic statistics management, see Figure 2b:
- S212 Close the communication circuit of the access point, and accumulate the billing information of all offline access points in the group of users;
- S214 Determine whether the access point is the last offline access point of the group user.
- S216 Delete the group session information, carry the accumulated accounting information of the group users in the accounting stop message and send it to the AAA server.
- S302 Determine the group authorized bandwidth uniformly authorized by the AAA server for the group user according to the group session information, and determine the maximum bearable bandwidth of each communication circuit corresponding to the group user.
- the group session information defines the group authorized bandwidth of the group user, and the group authorized bandwidth is authorized by the AAA server for a group session at the same time, indicating the maximum traffic bandwidth of the group of users at the same time. Therefore, the network device can determine the group authorized bandwidth uniformly authorized by the AAA server for the group user according to the group session information.
- Each communication circuit has its maximum bearable bandwidth.
- the value of the maximum bearable bandwidth of each communication circuit can be preset at the network device. Therefore, the sub-user session information generated by the network device for each communication circuit can include it. The corresponding maximum bearable bandwidth, therefore, the network device can also determine the maximum bearable bandwidth of each communication circuit corresponding to the group of users.
- S304 Determine the circuit authorized bandwidth corresponding to each communication circuit according to the group authorized bandwidth and the maximum bearable bandwidth of each communication circuit.
- the network device may divide the group speed limit value according to the ratio between the maximum bearable bandwidth of each communication circuit to obtain the circuit authorized bandwidth corresponding to each communication circuit. For example, assume that the authorized bandwidth of a group of users is Speed, and the group includes two access points A1 and A2. The corresponding communication circuits of the two access points are a1 and a2 respectively, and the maximum bearable bandwidth of a1 Is 200M, the maximum bearable bandwidth of a2 is 400M, then the ratio between the maximum bearable bandwidth of these two communication circuits is 1:2, therefore, divide the Speed according to the ratio of 1:2, and the communication circuit a1 can get The authorized circuit bandwidth is Speed/3, and the authorized circuit bandwidth available for the communication circuit a2 is 2*Speed/3.
- the manner in which the network device determines the circuit authorized bandwidth corresponding to each communication circuit according to the group authorized bandwidth and the maximum bearable bandwidth of each communication circuit is not limited to the above example.
- S306 Control the data flow of each communication circuit according to the circuit authorized bandwidth of each communication circuit.
- the network device After determining the circuit authorized bandwidth of each communication circuit, the network device can control the data flow of each communication circuit according to the circuit authorized bandwidth of each communication circuit.
- the communication circuit management method provided by the embodiments of the present application performs unified online, offline, speed limit, and traffic statistics management on one or at least two communication circuits of the same owner based on the concept of group users, so that the AAA server does not need to perform any
- the communication circuits corresponding to different access points perform non-independent billing, speed limit, etc., which is beneficial to reduce the management burden on the AAA server side, and also helps to improve the owner's experience of using private line access services.
- enterprise A has the characteristics of multi-regional business.
- the enterprise has successively opened the first communication circuit a1, the second communication circuit a2, and the third communication circuit a3, which are three different single stacks or
- the dual-stack business dedicated line serves as the data communication channel for the daily work of the enterprise.
- Enterprise A handles the total 1G rate broadband, which is represented as an enterprise account in the broadband service contractor’s operating system and the AAA accounting system on the AAA server side. Therefore, the rate under the same account is used for authorization, and the rate under the same account is used for authorization. Information is booked. Therefore, there are requirements for different physical link access, unified accounting and policy management.
- the first communication circuit a1 and the second communication circuit a2 opened by enterprise A are all connected from the same physical port Port1, but different Svlan (Service VLAN, service VLAN) and Cvlan (Customer VLAN) are used. VLAN) circuit for business differentiation; the second communication circuit a2 and the third communication circuit a3 opened by enterprise A are connected from different physical ports, the second communication circuit a2 uses physical ports Port1+Svlan2+Cvlan2, and the third communication circuit a3 Use physical ports Port3+Svlan3+Cvlan3. Therefore, cross-physical ports, cross-circuits, and even cross-physical single-board access scenarios appear.
- Svlan Service VLAN, service VLAN
- Cvlan Customer VLAN
- access point 1 and access point 2 use MAC1 as the second layer communication address of the physical link layer, and access point 3 uses MAC3 as the second layer of the physical link layer. Layer communication address. Therefore, different access points in the enterprise may have the same access MAC or different access conditions.
- the access point 1 is preset with a circuit bandwidth of 200M; the access point 2 is preset with a circuit bandwidth of 500M; and the access point 3 is preset with a circuit bandwidth of 800M. Therefore, there is a requirement for enterprises to reasonably allocate dual-stack speeds on different circuits with 1G bandwidth.
- This embodiment provides a group access solution for broadband access routers, which effectively solves the problem of unified policy management on different ports, including but not limited to access strategies for different physical circuits, bandwidth allocation strategies for different circuits, and unified charging strategies. , Different or the same MAC access problem.
- Broadband access routers can also be called MSE (MSE, multi-service edge) equipment.
- MSE multi-service edge
- the broadband access router After receiving the online request, the broadband access router assembles and fills an authentication request message, and sends the authentication online request message to the AAA server.
- S503 The AAA server performs database query.
- S504 The AAA server sends an authentication response message to the broadband access router.
- the AAA server After querying, the AAA server finds that the user information in the authentication request message is legal, and then sends an authentication response message indicating that the authentication has passed to the broadband access router.
- the broadband access router generates group session information, and at the same time generates sub-user session information for the first communication circuit a1.
- the broadband access router processes the authentication response message, determines that the user type on the first communication circuit a1 is a dual-stack group user type, access point 1 belongs to group user A, and determines that access point 1 is the first user of group user A.
- the online access point therefore, the broadband access router generates group session information for group user A, and at the same time generates sub-user session information for the first communication circuit a1.
- Group sessions are used for unified user authorization and traffic statistics; sub-user session information is used for traffic forwarding and detailed management of user data.
- the broadband access router sends the online response to the access point 1 through the first communication circuit a1.
- the user is authenticated and the first communication circuit a1 is opened to allow traffic forwarding.
- the broadband access router After receiving the online request, the broadband access router generates sub-user session information for the second communication circuit a2.
- the broadband access router After confirming that access point 2 receives the online request sent by access point 2, according to the online request and the group session information, it is determined that access point 2 belongs to group user A, and the group session information of this group already exists, so the broadband access router will Without sending an authentication request message for the access point 2 to the AAA server, the broadband access router generates the sub-user session information of the second communication circuit a2 for the user data traffic forwarding of the second communication circuit a2.
- the broadband access router sends the online response to the access point 2 through the second communication circuit a2.
- the broadband access router sends an online response for answering the online request of the access point 2 to the access point 2 through the second communication circuit a2, the user is authenticated, and the second communication circuit a2 is opened to allow traffic forwarding.
- the group session information table is mainly for the unified management information of the enterprise.
- the broadband access router performs control management work through the group session information table.
- the group session information table includes, but is not limited to, unified rate limit authorization (ie, group authorized bandwidth), and unified billing account information.
- the group session information table does not need to include circuit MAC information, circuit basic information, circuit available bandwidth and other user circuit identification classification information.
- the unified rate (Group_Speed) value in the group session information should be the rate limit issued by the AAA server when a group user receives an authentication request message for the first time. It should be equal to the sum of the rates of each access circuit (that is, the first communication circuit). Speed1 of a1+Speed2 of the second communication circuit a2+Speed3+ of the third communication circuit a3).
- the value of the billing account (Group_Account) in the group session information should be equal to the sum of the traffic of each communication circuit (Acout1 of the first communication circuit a1 + Account2 of the second communication circuit a2 + Accout3 of the third communication circuit a3 +...) ,
- the account information carried in the charging stop message should be reported based on the value of the charging account (Group_Account) in the group session information.
- the sub-user session information is mainly the circuit information of the communication circuit corresponding to the access point, and network equipment, such as a broadband access router, performs router forwarding work through the telephone session information table.
- the sub-user session information created by the network device can be in the form of a sub-user session information table.
- the sub-user session information table includes, but is not limited to, circuit session group identification information, circuit authorized bandwidth (Speed_cir), and circuit charging information (Account) , Circuit MAC information, circuit information (Cir), circuit session identifier (UserID), maximum bearable bandwidth (Speed_Cir).
- Circuit charging information (Account) is the result of traffic statistics performed independently for each communication circuit. After the circuit bearer users go offline, the charging information is summarized into the charging account (Group_Account) of the group session information table.
- Table 1 shows a table of seed user session information, please refer to Table 1:
- the sub-user session information table transfers the authorized circuit bandwidth (Speed_cir) and the circuit charging information (Account) to the group session information table for management, and solves the requirements for unified charging and unified speed limit.
- the group session information table transfers routing forwarding and circuit control to the circuit session table for processing, and solves the application problems of different mac address forwarding and different circuit bandwidths.
- the broadband access router accumulates the billing information of each access point where the group user A is currently offline, and deletes the sub-user session information of the second communication circuit a2.
- the broadband access router After the broadband access router receives the user's offline request, it finds that the access point 2 belongs to the group user type, and checks whether the session is the last access point in the user group to which it belongs. Because access point 2 is not the last offline access point of the group user, the broadband access router only accumulates its billing information and deletes the sub-user session information of the second communication circuit a2, but does not send the billing stop report. Text.
- the broadband access router disconnects the second communication circuit a2, and the traffic forwarding channel on the second communication circuit a2 is interrupted.
- the broadband access router periodically sends an accounting update message to the AAA server.
- the charging update data carried in the charging update message is the sum of the current circuit session traffic of each communication circuit.
- the broadband access router accumulates the billing information of each access point where the group user A is currently offline, and deletes the sub-user session information of the first communication circuit a1.
- the broadband access router determines that the access point 1 is the last offline access point of the group user A, and therefore assembles the charging stop message, and deletes the group session information of the group user A.
- the broadband access router After the broadband access router receives the user's offline request, it finds that the access point 1 belongs to the group user type, checks whether the session is the last session in the group, if it is, accumulates billing information, and deletes the sub-users of the first communication circuit a1 Session information, and assemble the charging stop message.
- S609 The broadband access router sends an accounting stop message to the AAA server.
- the charging information in the charging stop message is the sum of the charging information of each circuit.
- the broadband access router receives the online request of the dual-stack dedicated line user.
- the direction of the online request can be sent from the user access terminal to the network side egress.
- the type of the online request can be ipv4 or ipv6 data traffic, ipv4 arp request or ipv6 ND (Neighbor Discovery) request.
- the broadband access router also needs to process the access request initiated by the Internet interface to the dual-stack private line user. In this case, since the dual-stack private line user has not actively sent the online request, the broadband access router needs to support no arp (no Layer 2 The upload process of the downstream traffic of the MAC corresponding to the ARP table) and the downstream traffic upload of the neighbor discovery process of no nd (there is no Layer 2 MAC corresponding to the ND table) trigger the online process. After the dual-stack dedicated line user accesses, execute S702.
- the broadband access router generates and sends an authentication request message according to the access information of the dual-stack dedicated line user.
- the authentication request message needs to be generated according to the Radius protocol, and the user name and password fields are filled in according to the deployment on the broadband access router. Information such as circuit information, access type, and time stamp is filled in according to the access situation.
- the dual-stack user group information can be declared here, deployed on the broadband access router, or uniformly authorized after being authenticated by the AAA server. After the assembly is complete, execute S703.
- S703 The broadband access router judges whether the authentication of the AAA server is passed.
- the AAA server fails to pass the authentication of the authentication request message, the AAA server returns an authentication failure message and ends the process; if the authentication passes, execute S704.
- the broadband access router stores the authorization information of the user by the AAA server, and judges whether the user type is a group user type of a dual-stack dedicated line.
- the broadband access router generates a user session table according to the local information.
- the user session table includes, but is not limited to, local identification information such as session identification information, MAC information, circuit information, user access type, interface type, and interface identification.
- the broadband access router adds authorization information to the user session table according to the authorization information of the AAA server.
- Authorization information includes, but is not limited to, authorized bandwidth, authorized use time, authorized use of traffic, and authorized access to services, etc.
- the broadband access router generates a dual-stack dedicated line user forwarding table.
- the dual-stack dedicated line user forwarding table includes at least but not limited to user address, network segment address, outbound interface information, routing learning type, routing priority, and user flow.
- the broadband access router updates the user's upstream and downstream traffic in real time according to the information in the user's forwarding table.
- the user uplink and downlink traffic updated by the broadband access router includes but is not limited to user uplink bit flow information, user uplink byte information, user downlink bit flow information, and user downlink byte information, execute S716.
- S709 The broadband access router judges whether the circuit session is the first session of the dedicated line group.
- the broadband access router generates a group user session table of the dual-stack dedicated line group.
- the group user session table is mainly used to store user authorization information issued by AAA, including but not limited to group session identification, member session identification, group authorization bandwidth (Group_Speed), authorized use time, authorized use of traffic, and authorized access to services.
- group authorization bandwidth Group_Speed
- authorized use time authorized use of traffic
- authorized access to services The group access authorization for dual-stack dedicated line services is managed uniformly by the group user table.
- the broadband access router separately generates a sub-user session table for each access session.
- the sub-user session table is used to store the local information of the circuit on the router device and provide necessary data for traffic forwarding, including but not limited to group session identification information, circuit session identification information, MAC information, circuit information, interface type, interface identification, The maximum bearable bandwidth (Speed_Cir).
- the broadband access router authorizes information in the forwarding table of each sub-user according to the authorization information of the group session.
- Dual-stack dedicated line users, group user access type, each access session is based on the authorization information of the group session, but the authorized bandwidth of the circuit of the access session needs to be based on the user's unified authorized speed limit value (Group_Speed) and the circuit can carry The maximum forwarding rate (Speed_cir) is weighted.
- the authorized bandwidths of the first communication circuit a1, the second communication circuit a2, and the third communication circuit a3 are 137M, 341M, and 546M, respectively.
- the broadband access router generates a sub-user forwarding table according to the sub-user table information and the sub-user authorized bandwidth information.
- the business traffic of each sub-user is independently forwarded according to the sub-user forwarding table, and the forwarding is performed according to the key value of port+svlan+cvlan.
- the table look-up method does not use mac and ip as the key value to solve the problem of the same mac in the group user. Multiple ips, or multiple macs with the same ip, different svlan/cvlans on the same port.
- the broadband access router updates the upstream and downstream traffic of the sub-user in real time according to the forwarding table information of the sub-user.
- the sub-user uplink and downlink traffic updated by the broadband access router includes, but is not limited to, sub-user uplink bit flow information, sub-user uplink byte information, sub-user downlink bit flow information, and sub-user downlink byte information.
- the data information is reported to the group session ledger.
- the broadband access router updates the session account of the group user in real time according to the sub-user session account information.
- the broadband access router generates an AAA charging message according to the account information, user session table information, and the Radius standard protocol.
- the AAA charging message includes but is not limited to charging ID, charging type, circuit information, access type, time stamp, upstream traffic, downstream traffic, etc.
- the broadband access router sends an accounting start message to the AAA server.
- the broadband access router will also periodically send accounting update messages to the AAA server during the process of traffic statistics, so that users in non-dual-stack dedicated line groups will be offline or dual-stack dedicated line groups.
- accounting stop message is sent to the AAA server.
- S801 Monitor the offline behavior triggered by the dual-stack dedicated line user.
- Behaviors include active logoff requests initiated by dual-stack dedicated line users, such as active power-off; dual-stack dedicated line user authorization recovery, including but not limited to AAA forcibly removing the user, authorization time out, authorized traffic exceeded, etc.
- S802 The broadband access router judges whether the offline dual-stack user is the last user of the dual-stack dedicated line group.
- the broadband access router deletes the sub-user forwarding table corresponding to the corresponding communication circuit.
- the broadband access router deletes the authorized bandwidth information of the sub-user corresponding to the corresponding communication circuit.
- the broadband access router deletes the sub-user session table corresponding to the corresponding communication circuit.
- S806 The broadband access router deletes the group session table.
- the broadband access router assembles an accounting stop message and sends it to the AAA server.
- the communication circuit management device 90 includes:
- the circuit management unit 901 is used for controlling the circuit information used by the dual-stack dedicated line user, and performs bidirectional communication with the dual-stack dedicated line access unit 902.
- the circuit management unit 901 receives the access request sent by the dual-stack dedicated line user, extracts the access circuit information and reports it to the dual-stack dedicated line access unit 902, and receives the circuit status message sent by the dual-stack dedicated line access unit 902, such as a circuit opening message, Circuit closed message, circuit implementation status information.
- the circuit management unit 901 is responsible for opening and closing the data service flow of the forwarding management unit 908.
- the circuit management unit 901 is used to control the circuit information used by the dual-stack dedicated line users.
- the circuit management unit 901 receives the access request issued by the dual-stack dedicated line user, extracts the access circuit information report, and accepts the circuit status message to control the circuit, such as the circuit opening message, the circuit closing message, and the circuit implementation status information.
- the circuit management unit 901 is responsible for the opening and closing of data service flow forwarding.
- the dual-stack dedicated line access unit 902 is used to control the access of dual-stack dedicated line users.
- the dual-stack dedicated line access unit 902 receives and processes user access requests, extracts access circuit information, and generates dual-stack dedicated line user basic information according to the deployment of the broadband access router.
- the dual-stack dedicated line access unit 902 is responsible for providing and sending basic information of the dual-stack dedicated line user during the user's online phase, and receiving unified authorization information of the user.
- the dual-stack dedicated line access unit 902 is responsible for real-time querying of the user's circuit access status and real-time reporting of charging update messages during the user online phase.
- the dual-stack dedicated line access unit 902 is responsible for sending the dual-stack dedicated line user charging information to the relevant AAA management unit 908 during the user offline phase.
- the group session management unit 903 is used for group management of dual-stack dedicated line services, and is a device for generating a group session identifier.
- the group session management unit 903 is responsible for message communication with the dual-stack dedicated line access unit 902, is responsible for the generation and deletion of group user IDs; is responsible for receiving the account content sent by the ledger management unit 905, and is responsible for sending the message content to the dual-stack dedicated line access unit.
- the circuit session management unit 904 is a circuit session management part for group management of dual-stack dedicated line services, and is an executor of circuit session identification generation.
- the circuit session management unit 904 is responsible for acquiring required MAC information, circuit information, circuit available bandwidth, etc., sending circuit session identifier UserID, circuit session deleting and adding messages, etc.
- the circuit session management unit 904 is responsible for sending the charging information to the ledger management unit 905.
- the ledger management unit 905 is used for the management and calculation of billing ledger information.
- the ledger management unit 905 receives the charging update information and the charging stop information sent by the circuit session management unit 904, performs calculations, and sends the result to the group session management unit 903.
- the QOS management unit 906 is used to calculate the QOS message of the circuit and schedule traffic.
- the QOS management unit 906 is responsible for calculating the reasonable use of bandwidth by the circuit, and putting the bandwidth into different scheduling queues.
- the QOS management unit 906 is responsible for sending the traffic before and after the scheduling to the forwarding management unit 907.
- the forwarding management unit 907 is used for routing and forwarding of the broadband access router.
- the forwarding management unit 907 receives the routing message provided by the dual-stack dedicated line access unit 902.
- the forwarding management unit 907 receives basic information such as MAC and circuit provided by the circuit session management unit 904.
- the AAA management unit 908 is used for data interaction with the AAA server.
- the AAA management unit 908 is used for parsing and assembling the Radius message information of the AAA server.
- the AAA management unit 908 parses the information content of the AAA server, such as authorization information, and sends the message content to the dual-stack dedicated line access unit 902.
- the AAA management unit 908 receives the real-time accounting and offline accounting information sent by the dual-stack dedicated line access unit 902, and assembles it into a Radius message and sends it to the AAA server.
- the dual-stack dedicated line access unit 902 controls the access of dual-stack dedicated line users, receives the user access request sent by the circuit management unit 901, extracts access circuit information, and generates dual-stack dedicated line user basic information according to the deployment of broadband access equipment .
- the dual-stack private line access unit 902 is responsible for providing basic information of the dual-stack private line user to the AAA management unit 908 during the user online phase, receives the legal user or illegal user message result returned by the AAA management unit 908, and receives the enterprise returned by the AAA management unit 908 User unified authorization information, such as speed limit.
- the dual-stack dedicated line access unit 902 is responsible for querying the circuit management unit 901 for the user's circuit access status in real time during the user online phase, and reporting the charging update message to the AAA management unit 908 in real time.
- the dual-stack dedicated line access unit 902 is responsible for sending the dual-stack dedicated line user charging information to the AAA management unit 908 during the user offline phase.
- the dual-stack dedicated line access unit 902 is responsible for providing the forwarding management unit 907 with forwarding messages required for data forwarding.
- the dual-stack dedicated line access unit 902 is responsible for providing group information, speed limit information, billing information, MAC information, circuit information, circuit available bandwidth, etc. required for group session management 903.
- Group session management 903 is used for group management of dual-stack dedicated line services, and is a device for generating group session identifiers.
- Group session management 903 is responsible for message communication with dual-stack private line access unit 902, responsible for the generation and deletion of group user identification; responsible for receiving the account content sent by the ledger management unit 905, and responsible for sending the message content to the dual-stack private line access Unit 902; responsible for sending unified authorization information to QOS management unit 906; responsible for message intercommunication with circuit session management 904, sending and receiving group information and identification content required for circuit session management, including MAC information, circuit information, circuit available bandwidth, etc.
- the circuit session management 904 is a circuit session management part used for group management of dual-stack dedicated line services, and is a device for generating circuit session identifiers.
- the circuit session management 904 is responsible for message communication with the group session management 903, obtaining required MAC information, circuit information, circuit available bandwidth, etc., sending circuit session identifiers, circuit session deletion and adding messages, etc.
- the circuit session management 904 is responsible for sending the charging information to the ledger management unit 905.
- the circuit session management 904 is responsible for sending information such as the available bandwidth of the circuit to the QOS management unit 906.
- the circuit session management 904 is responsible for sending the MAC and basic circuit information required for forwarding to the forwarding management unit 907.
- the ledger management unit 905 is used for the management and calculation of billing ledger information.
- the ledger management unit 905 receives the charging update information and the charging stop information sent by the circuit session management 904, performs calculations, and sends the result to the group session management 903.
- the QOS management unit 906 is used to calculate the QOS message of the circuit and schedule traffic.
- the QOS management unit 906 receives the messages sent by the group session management 903 and the circuit session management 904, calculates the reasonable use of bandwidth by the circuit, and puts the bandwidth into different scheduling queues.
- the QOS management unit 906 is responsible for sending the traffic before and after the scheduling to the forwarding management unit 907.
- the forwarding management unit 907 is used for routing and forwarding of the broadband access router.
- the forwarding management unit 907 receives the routing message sent by the dual-stack dedicated line access unit 902.
- the forwarding management unit 907 receives basic information such as mac and circuit sent by the circuit session management 904.
- the forwarding management unit 907 receives and transmits the scheduling and queue information of the QOS management unit 906.
- the forwarding management unit 907 assembles the service traffic and delivers it to the circuit management unit 901 for forwarding.
- the AAA management unit 908 the user performs data interaction with AAA information.
- the AAA management unit 908 is used to parse the Radius message information of the AAA system of the assembling operator.
- the AAA management unit 908 analyzes the information content of the operator's AAA system, such as authorization information, and sends the message content to the dual-stack dedicated line access unit 902.
- the AAA management unit 908 receives the real-time accounting and offline accounting information sent by the dual-stack dedicated line access unit 902, and assembles it into a Radius message and sends it to the AAA server.
- the communication circuit management device 90 can be deployed on a network device such as a broadband access router.
- the functions of the circuit management unit 901 and the AAA management unit 908 can be implemented by the processor of the network device and the communication unit.
- the functions of the dedicated line access unit 902, the group session management unit 903, the circuit session management unit 904, the ledger management unit 905, the QOS management unit 906, and the forwarding management unit 907 can be implemented by the processor of the network device.
- This embodiment provides a storage medium that can store one or more computer programs that can be read, compiled, and executed by one or more processors.
- the storage medium can store A communication circuit management program, which can be used by one or more processors to execute the process of implementing any one of the communication circuit management methods introduced in the foregoing embodiments.
- the network device 100 includes a processor 101, a memory 102, and a communication bus 103 for connecting the processor 101 and the memory 102.
- the memory 102 may be the aforementioned storage device.
- the processor 101 can read the communication circuit management program, compile and execute the process for implementing the communication circuit management method introduced in the foregoing embodiment:
- the processor 101 After receiving an online request initiated by an access point, the processor 101 sends an authentication request message to the AAA server for verifying authorization and accounting according to the online request, and then receives an authentication response message sent by the AAA server indicating that the authentication has passed. If it is determined that the access point belongs to a certain group of users and is the first online access point of the group user, the processor 101 creates the group session information of the group user and opens the communication circuit corresponding to the group user; the group user is shared on the AAA server side A collection of access points with the same group of identification information, the first access point to go online is the first access point that requests to go online, and then the processor 101 manages the communication circuits of the group users based on the group session information.
- the access point in the group user is an access point using dual protocol stack technology.
- the processor 101 when the processor 101 opens the communication circuit corresponding to the group of users, it can establish sub-user session information for the communication circuit corresponding to the first online access point, and open the communication circuit corresponding to the first online access point;
- the processor 101 when the processor 101 turns on the communication circuit corresponding to the group user, it can establish sub-user session information for all the communication circuits corresponding to the group user, and turn on all the communication circuits corresponding to the group user.
- the processor 101 After the processor 101 establishes sub-user session information for the communication circuit corresponding to the first online access point, when managing the communication circuit of the group user based on the group session information, it can receive an online request initiated by an access point. If it is determined to access If the point is the non-first-online access point of the group user, the sub-user session information is established for the communication circuit corresponding to the access point, and the communication circuit corresponding to the non-first-online access point is turned on.
- the non-first-online access point is the group user The first access point in Central Africa to request to go online.
- the processor 101 When the processor 101 manages the communication circuit of the group user based on the group session information, it can receive a logoff request initiated by any access point in the group user; if the access point that initiates the logoff request is not the last logoff of the group user Access point, close the communication circuit of the access point, accumulate the billing information of all offline access points in the group user, and the last offline access point is the last offline access point in the group user.
- the processor 101 After the processor 101 receives a logoff request initiated by any access point in the group user, if the access point currently initiating the logoff request is the last offline access point of the group user, the communication circuit of the access point is closed, Accumulate the accounting information of all offline access points in the group user, delete the group session information; carry the accumulated accounting information of the group user in the accounting stop message and send it to the AAA server.
- the processor 101 after the processor 101 receives a logoff request initiated by any access point in the group of users, it can directly close the communication circuit of the access point without judgment, and accumulate all the users in the group. The billing information of the offline access point. Then it is judged whether the access point is the last offline access point of the group user. If it is, the group session information is deleted, and the accumulated accounting information of the group user is carried in the accounting stop message and sent to the AAA server.
- the processor 101 also determines the group authorized bandwidth uniformly authorized by the AAA server for the group user according to the group session information, and determines the maximum bearable bandwidth of each communication circuit corresponding to the group user, and then according to the group session information.
- the authorized bandwidth and the maximum bearable bandwidth of each communication circuit determine the circuit authorized bandwidth corresponding to each communication circuit, and control the data flow of each communication circuit according to the circuit authorized bandwidth of each communication circuit.
- the processor may divide the group speed limit value according to the ratio between the maximum bearable bandwidth of each communication circuit to obtain the circuit authorized bandwidth corresponding to each communication circuit.
- the processor when the processor determines that the access point belongs to a certain group of users, it can determine that the access point belongs to a certain group of users according to the mapping relationship between the group users and each communication circuit stored locally; or according to AAA
- the server authentication response message determines that the access point belongs to a certain group of users, and the AAA server stores the mapping relationship between the group users and each communication circuit.
- the network device after receiving an online request initiated by an access point, sends an authentication request message to the authentication authorization accounting AAA server according to the online request; the authentication is determined according to the authentication response table sent by the AAA server After passing, it is determined that the access point belongs to a certain group of users and is the first online access point of the group user, then the group session information of the group user is created, the communication circuit corresponding to the group user is opened, and the communication of the group user based on the group session information The circuit is managed.
- the concept of "group users" is proposed to uniformly manage all communication circuits belonging to the same owner (for example, an enterprise), so that the access points corresponding to each communication circuit belonging to the same owner are used differently.
- the communication circuit management method, network equipment, and storage medium provided by the embodiments of the present application, after receiving an online request initiated by an access point, send an authentication request message to the authentication authorization accounting AAA server according to the online request; After the authentication response form sent by the server confirms that the authentication is passed, it is determined that the access point belongs to a certain group of users and is the first online access point of the group user, then the group session information of the group user is created, and the communication circuit corresponding to the group user is opened. Manage the communication circuits of group users based on group session information.
- the concept of "group users" is proposed to uniformly manage all communication circuits belonging to the same owner (for example, an enterprise), so that the access points corresponding to each communication circuit belonging to the same owner are used differently.
- the functional modules/units in the system, and the device can be implemented as software (which can be implemented by the program code executable by the computing device) , Firmware, hardware and their appropriate combination.
- the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, a physical component may have multiple functions, or a function or step may consist of several physical components. The components are executed cooperatively.
- Some physical components or all physical components can be implemented as software executed by a processor, such as a central processing unit, a digital signal processor, or a microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit .
- the computer-readable medium may include computer storage. Medium (or non-transitory medium) and communication medium (or temporary medium).
- medium or non-transitory medium
- communication medium or temporary medium
- the term computer storage medium includes volatile and non-volatile data implemented in any method or technology for storing information (such as computer-readable instructions, data structures, program modules, or other data). Sexual, removable and non-removable media.
- Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other storage technologies, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cassettes, magnetic tapes, magnetic disk storage or other magnetic storage devices, or Any other medium used to store desired information and that can be accessed by a computer.
- communication media usually contain computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as carrier waves or other transmission mechanisms, and may include any information delivery media. . Therefore, this application is not limited to any specific combination of hardware and software.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (12)
- 一种通讯电路管理方法,包括:接收到某一接入点发起的上线请求后,根据所述上线请求向验证授权记账AAA服务器发送认证请求报文;接收所述AAA服务器发送的表征认证通过的认证应答报文;若确定所述接入点属于某一组用户,且为所述组用户的首上线接入点,则创建所述组用户的组会话信息,开启所述组用户对应的通讯电路;所述组用户为在所述AAA服务器侧共用组标识信息的各接入点的集合,所述首上线接入点为首个请求上线的接入点;基于所述组会话信息对所述组用户的通讯电路进行管理。
- 如权利要求1所述的通讯电路管理方法,其中,所述开启所述组用户对应的通讯电路包括:为所述首上线接入点所对应的通讯电路建立子用户会话信息,开启所述首上线接入点所对应的通讯电路;或,为所述组用户所对应的全部通讯电路均建立子用户会话信息,并开启所述组用户所对应的全部通讯电路。
- 如权利要求2所述的通讯电路管理方法,其中,所述为所述首上线接入点所对应的通讯电路建立子用户会话信息之后,基于所述组会话信息对所述组用户的通讯电路进行管理包括:接收某一接入点发起的上线请求;确定所述接入点为所述组用户的非首上线接入点,所述非首上线接入点为所述组用户中非首个请求上线的接入点;为所述接入点所对应的通讯电路建立子用户会话信息,开启所述非首上线接入点所对应的通讯电路。
- 如权利要求1所述的通讯电路管理方法,其中,所述基于所述组会话信息对所述组用户的通讯电路进行管理包括:当接收到所述组用户中任意一个接入点发起的下线请求时,关闭该接入点的通讯电路,累计所述组用户中所有已下线的接入点的计费信息,所述末下线接入点为所述组用户中最后一个下线的接入点;在当前发起下线请求的接入点是所述组用户的末下线接入点时,删除所述组会话信息,并将累计的所述组用户的计费信息携带在计费停止报文中发送给所述AAA服务器。
- 如权利要求4所述的通讯电路管理方法,其中,在关闭该接入点的通讯电路,累计所述组用户中所有已下线的接入点的计费信息之前,还包括:判断所述接入点是否是所述组用户的末下线接入点,若是,则关闭该接入点的通讯电路,累计所述组用户中所有已下线的接入点的计费信息,删除所述组会话信息,并将累计的所述组用户的计费信息携带在计费停止报文中发送给所述AAA服务器。
- 如权利要求4所述的通讯电路管理方法,其中,在关闭该接入点的通讯电路,累计所述组用户中所有已下线的接入点的计费信息之后,还包括:判断所述接入点是否是所述组用户的末下线接入点,若是,则删除所述组会话信息,并将累计的所述组用户的计费信息携带在计费停止报文中发送给所述AAA服务器。
- 如权利要求1所述的通讯电路管理方法,其中,所述基于所述组会话信息对所述组用户的通讯电路进行管理还包括:根据所述组会话信息确定所述AAA服务器为所述组用户统一授权的组授权带宽,并 确定所述组用户所对应的各通讯电路的最大可承载带宽;根据所述组授权带宽与各通讯电路的最大可承载带宽确定各所述通讯电路所对应的电路授权带宽;按照各所述通讯电路的电路授权带宽控制各所述通讯电路的数据流量。
- 如权利要求7所述的通讯电路管理方法,其中,所述根据所述组授权带宽与各通讯电路的最大可承载带宽确定各所述通讯电路所对应的电路授权带宽包括:根据各所述通讯电路的最大可承载带宽之间的比值划分所述组限速值得到各所述通讯电路所对应的电路授权带宽。
- 如权利要求1-8任一项所述的通讯电路管理方法,其中,所述确定所述接入点属于某一组用户包括:根据本地预先存储的组用户与各通讯电路之间的映射关系确定所述接入点属于某一组用户;或,根据所述AAA服务器所述认证应答报文确定所述接入点属于某一组用户,所述AAA服务器侧存储有组用户与各通讯电路之间的映射关系。
- 如权利要求1-8任一项所述的通讯电路管理方法,其中,所述组用户中的接入点为使用双协议栈技术的接入点。
- 一种网络设备,所述网络设备包括处理器、存储器及通信总线;所述通信总线用于实现处理器和存储器之间的连接通信;所述处理器用于执行存储器中存储的一个或者多个程序,以实现如权利要求1至10中任一项所述的通讯电路管理方法的步骤。
- 一种存储介质,其中,所述存储介质存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现如权利要求1至10中任一项所述的通讯电路管理方法的步骤。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910964911.9A CN112653653B (zh) | 2019-10-11 | 2019-10-11 | 一种通讯电路管理方法、网络设备及存储介质 |
CN201910964911.9 | 2019-10-11 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021068685A1 true WO2021068685A1 (zh) | 2021-04-15 |
Family
ID=75343519
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/112621 WO2021068685A1 (zh) | 2019-10-11 | 2020-08-31 | 一种通讯电路管理方法、网络设备及存储介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN112653653B (zh) |
WO (1) | WO2021068685A1 (zh) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104426686A (zh) * | 2013-08-22 | 2015-03-18 | 中国电信股份有限公司 | 宽带接入网关用户接入方法、装置及宽带接入网关 |
CN105337819A (zh) * | 2014-08-15 | 2016-02-17 | 中国电信股份有限公司 | 宽带接入网关的数据处理方法、宽带接入网关及网络系统 |
WO2016095391A1 (zh) * | 2014-12-18 | 2016-06-23 | 中兴通讯股份有限公司 | 带宽资源的调整方法、服务端及调整设备 |
CN106254447A (zh) * | 2016-07-29 | 2016-12-21 | 北京华为数字技术有限公司 | 负载均衡方法、bras设备和sdn控制器 |
CN109768906A (zh) * | 2019-03-29 | 2019-05-17 | 新华三技术有限公司 | 一种子网专线配置方法及装置 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1310476C (zh) * | 2004-07-05 | 2007-04-11 | 华为技术有限公司 | 无线局域网用户建立会话连接的方法 |
CN102404293A (zh) * | 2010-09-15 | 2012-04-04 | 中兴通讯股份有限公司 | 一种双栈用户管理方法及宽带接入服务器 |
CN102238547B (zh) * | 2011-07-19 | 2013-12-04 | 华为软件技术有限公司 | 控制用户会话的方法、会话服务器、aaa服务器和系统 |
CN103546286B (zh) * | 2012-07-13 | 2018-08-24 | 中兴通讯股份有限公司 | 认证处理方法及装置 |
EP2981108A4 (en) * | 2013-05-15 | 2016-04-13 | Huawei Tech Co Ltd | BILLING LOADING METHOD, GATEWAY DEVICE, BILLING DEVICE AND COMMUNICATION SYSTEM |
CN106331197A (zh) * | 2015-06-29 | 2017-01-11 | 中兴通讯股份有限公司 | 管理专线用户的方法、宽带接入服务器及管理服务器 |
-
2019
- 2019-10-11 CN CN201910964911.9A patent/CN112653653B/zh active Active
-
2020
- 2020-08-31 WO PCT/CN2020/112621 patent/WO2021068685A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104426686A (zh) * | 2013-08-22 | 2015-03-18 | 中国电信股份有限公司 | 宽带接入网关用户接入方法、装置及宽带接入网关 |
CN105337819A (zh) * | 2014-08-15 | 2016-02-17 | 中国电信股份有限公司 | 宽带接入网关的数据处理方法、宽带接入网关及网络系统 |
WO2016095391A1 (zh) * | 2014-12-18 | 2016-06-23 | 中兴通讯股份有限公司 | 带宽资源的调整方法、服务端及调整设备 |
CN106254447A (zh) * | 2016-07-29 | 2016-12-21 | 北京华为数字技术有限公司 | 负载均衡方法、bras设备和sdn控制器 |
CN109768906A (zh) * | 2019-03-29 | 2019-05-17 | 新华三技术有限公司 | 一种子网专线配置方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN112653653B (zh) | 2023-08-22 |
CN112653653A (zh) | 2021-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105765921B (zh) | 用于利用软件定义网络功能进行diameter路由的方法、系统和设备 | |
US10972437B2 (en) | Applications and integrated firewall design in an adaptive private network (APN) | |
US8059533B2 (en) | Packet flow optimization (PFO) policy management in a communications network by rule name | |
US8542592B2 (en) | Managing a network flow using application classification information and active signaling relay | |
US8203943B2 (en) | Colored access control lists for multicast forwarding using layer 2 control protocol | |
US8160068B2 (en) | System and method for facilitating communication between a CMTS and an application server in a cable network | |
US8675488B1 (en) | Subscriber-based network traffic management | |
US10135942B2 (en) | Differentiated priority level communication | |
US20040223497A1 (en) | Communications network with converged services | |
US20010044893A1 (en) | Distributed subscriber management system | |
JP2001308935A (ja) | 通信システム、通信方法及び通信装置 | |
WO2004105319A1 (fr) | Procede d'acces a large bande et grande capacite et systeme associe | |
WO2009132548A1 (zh) | 策略决策功能实体、家庭网关、服务质量控制方法及系统 | |
US20050147035A1 (en) | Multiple services with policy enforcement over a common network | |
EP2966899B1 (en) | Hqos control method, rsg, and hqos control system | |
EP2909993B1 (en) | Method and system for handling subscribers' network traffic | |
Gommans et al. | Token-based authorization of connection oriented network resources | |
US20040153556A1 (en) | Connections on demand between subscribers and service providers | |
Mitton et al. | Network access server requirements next generation (nasreqng) nas model | |
US7698384B2 (en) | Information collecting system for providing connection information to an application in an IP network | |
US9277014B2 (en) | Handling of auxiliary NAS | |
CN101155055A (zh) | 一种下一代网络的用户管理方法和系统 | |
WO2021068685A1 (zh) | 一种通讯电路管理方法、网络设备及存储介质 | |
WO2020029793A1 (zh) | 一种上网行为管理系统、设备及方法 | |
CN100477609C (zh) | 实现网络专线接入的方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20875175 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20875175 Country of ref document: EP Kind code of ref document: A1 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20875175 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 27/09/2022) |