WO2021259110A1 - Map-e隧道的配置管理方法、设备、服务器以及存储介质 - Google Patents
Map-e隧道的配置管理方法、设备、服务器以及存储介质 Download PDFInfo
- Publication number
- WO2021259110A1 WO2021259110A1 PCT/CN2021/100401 CN2021100401W WO2021259110A1 WO 2021259110 A1 WO2021259110 A1 WO 2021259110A1 CN 2021100401 W CN2021100401 W CN 2021100401W WO 2021259110 A1 WO2021259110 A1 WO 2021259110A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- map
- tunnel
- tunnel configuration
- cpe
- http request
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 230000004044 response Effects 0.000 claims abstract description 81
- 238000007726 management method Methods 0.000 claims description 48
- 238000004590 computer program Methods 0.000 claims description 10
- 230000003993 interaction Effects 0.000 description 17
- 230000008569 process Effects 0.000 description 9
- 238000005538 encapsulation Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 238000013519 translation Methods 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000009977 dual effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000007704 transition Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001568 sexual effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/82—Miscellaneous aspects
- H04L47/825—Involving tunnels, e.g. MPLS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Definitions
- the embodiments of the present application relate to, but are not limited to, the field of communication technology, and in particular, to a configuration management method of a MAP-E tunnel, a user front-end device, a rule parameter server, and a computer-readable storage medium.
- DS-Lite Dual Stack-Lite, lightweight dual stack
- MAP-E Mapping of Address and Port using Encapsulation, stateless mapping and dual encapsulation technology
- MAP-E solution has advantages, it Overcome some shortcomings of the DS-Lite tunnel: For example, the DS-Lite tunnel solution only completes tunnel message encapsulation on CPE (Customer Premise Equipment), but does not perform NAT (Network Address Translation) and Port conversion, the upper-level central office equipment (such as carrier-grade network equipment, such as CGN (Carrier-Grade NAT, carrier-grade network address translation) equipment, dual-stack server, etc.) completes NAT and port conversion, so it needs centralized management, Maintaining the message information of each flow, including
- CPE uses IPv6 Dynamic Host Configuration Protocol (Dynamic Host Configuration Protocol for ipv6, DHCPv6) to interact to complete the acquisition of MAP-E tunnel configuration parameters, thereby establishing an IPv4 in IPv6 tunnel of MAP-E to achieve access to the HOST host connected to the CPE
- IPv6 Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol for ipv6, DHCPv6
- the message sending and receiving processing of IPv4 network services and when the network equipment cannot perform DHCPv6 interaction to complete parameter acquisition, then the MAP-E tunnel cannot be established normally, and the MAP-E tunnel cannot operate normally, so that the IPv4 tunnel cannot be realized.
- the MAP-E tunnel traverses the IPv6 network to access IPv4 network services.
- the embodiment of the present application provides a configuration management method of a MAP-E tunnel, a user front-end device, a rule parameter server, and a computer-readable storage medium.
- the embodiment of the application provides a method for configuration management of a MAP-E tunnel, which is applied to a user front-end equipment CPE, including: sending a first HTTP request carrying MAP-E tunnel configuration parameter request information to a rule parameter server Message; receiving a first response message sent by the rule parameter server according to the MAP-E tunnel configuration parameter request information in the first HTTP request message, the first response message including the MAP-E tunnel configuration Parameters; configure a MAP-E tunnel based on the MAP-E tunnel configuration parameter in the first response message.
- an embodiment of the present application also provides a configuration management method for a MAP-E tunnel, which is applied to a rule parameter server, and includes: receiving a first HTTP request message sent by a CPE, the first HTTP request message Carrying MAP-E tunnel configuration parameter request information; sending a first response message carrying MAP-E tunnel configuration parameters to the CPE according to the MAP-E tunnel configuration parameter request information in the first HTTP request message, So that the CPE configures the MAP-E tunnel according to the MAP-E tunnel configuration parameter in the first response message.
- the embodiments of the present application also provide a user front-end device, including a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor passes through the computer
- the program executes the configuration management method of the MAP-E tunnel in the first aspect described above.
- an embodiment of the present application also provides a rule parameter server, including a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor passes through the computer The program executes the configuration management method of the MAP-E tunnel in the second aspect described above.
- an embodiment of the present application also provides a computer-readable storage medium that stores computer-executable instructions, and the computer-executable instructions are used to execute the above MAP-E tunnel configuration management method.
- FIG. 1 is a schematic diagram of a network topology for executing a configuration management method of a MAP-E tunnel according to an embodiment of the present application
- FIG. 2 is a flowchart of a configuration management method for a MAP-E tunnel provided by an embodiment of the present application
- Fig. 3 is a flowchart of sending an HTTP request message provided by an embodiment of the present application
- FIG. 4 is a flowchart of configuring a MAP-E tunnel according to an embodiment of the present application
- FIG. 5 is a flowchart of a configuration management method for a MAP-E tunnel provided by another embodiment of the present application.
- FIG. 6 is a flowchart of a configuration management method for a MAP-E tunnel provided by another embodiment of the present application.
- FIG. 7 is a flowchart of a configuration management method for a MAP-E tunnel provided by another embodiment of the present application.
- FIG. 8 is a flowchart of receiving an HTTP request message provided by an embodiment of the present application.
- FIG. 9 is a flowchart of overall network processing provided by an embodiment of the present application.
- FIG. 10 is a flowchart of starting/stopping a MAP-E tunnel according to an embodiment of the present application.
- FIG. 11 is a flowchart of automatically acquiring MAP-E tunnel configuration parameters according to an embodiment of the present application.
- FIG. 12 is a flowchart of acquiring and maintaining MAP-E tunnel configuration parameters by using HTTP according to an embodiment of the present application.
- the embodiment of the application provides a configuration management method for a MAP-E tunnel, a user front-end device, a rule parameter server, and a computer-readable storage medium.
- Rule Server Rule parameter server
- the MAP-E tunnel configuration parameters are stored in the server.
- the MAP-E tunnel configuration parameter request information is sent to the rule parameter server by means of HTTP messages, and the response message from the rule parameter server is received.
- the MAP-E tunnel is established according to the MAP-E tunnel configuration parameters carried in the response message, so that the upper-layer device does not have the function of delivering the MAP-E tunnel configuration parameters through DHCPv6 due to its own reasons.
- the MAP-E tunnel is up and running normally.
- Fig. 1 is a schematic diagram of a network topology for performing a configuration management method of a MAP-E tunnel provided by an embodiment of the present application.
- the network topology includes user front-end equipment CPE, user equipment connected to one end of the CPE, such as a PC (personal computer), upper BRAS (Broadband Remote Access Server, broadband remote access server) equipment connected to the other end of the CPE, BR (edge router, that is, MAP-E tunnel server device), DNS resolution server (DNS Server), rule parameter server (Rule Server).
- the BRAS equipment is responsible for assigning IPv6 addresses and gateways to the CPE.
- the rule parameter server runs parameter distribution server software, which is responsible for authenticating each CPE connection request, and responding to the HTTP request message sent by the CPE.
- the text carries MAP-E tunnel configuration parameters. After CPE receives the response message and decrypts and parses the parameters, it creates a MAP-E tunnel between the two devices "CPE-BR" as shown by the arrow in the figure.
- FIG. 1 do not constitute a limitation to the embodiment of the present application, and may include more or less components than those shown in the figure, or combine certain components. Or different component arrangements.
- FIG. 2 is a flowchart of a configuration management method for a MAP-E tunnel provided by an embodiment of the present application.
- the configuration management method for a MAP-E tunnel includes but is not limited to step S100, step S200, and step S300.
- Step S100 Send a first HTTP request message carrying MAP-E tunnel configuration parameter request information to the rule parameter server.
- the CPE is first started to obtain the IPv6 WAN connection address, gateway, DNS Server and other information, by initiating DHCPv6 (stateful address automatic configuration) or SLAAC (stateless address automatic configuration) to the BRAS device Configure) request to obtain the WAN connection parameters.
- the BRAS device After receiving the request, the BRAS device responds and issues the parameters.
- the CPE starts the WAN connection according to the parameters, thus establishing an IPv6 network access channel.
- a notification is sent to the MAP-E module in the CPE, so that the MAP-E module sends an HTTP request message carrying MAP-E tunnel configuration parameter request information to the rule parameter server.
- the data in the HTTP request message uses a custom data format, which can be flexibly adjusted and redefined according to actual needs.
- Step S200 Receive a first response message sent by the rule parameter server according to the MAP-E tunnel configuration parameter request information in the first HTTP request message, where the first response message includes the MAP-E tunnel configuration parameter.
- the embodiment of the application configures a rule parameter server in the network, which stores MAP-E tunnel configuration parameters, including: (1) BR Address: MAP-E tunnel opposite end IPv6 address; (2) IPv6 prefix: IPv6 prefix; (3) IPv6 prefix length: IPv6 prefix length; (4) IPv4 prefix: IPv4 prefix; (5) IPv4 prefix length: IPv4 prefix length; (6) EA-bits- length: Embedded-Address (EA) bit length; (7) PSID: port sequence PORT-SET; (8) PSID Offset: PSID offset; (9) PSID length: PSID length.
- the parameters (2) to (9) may be multiple groups according to actual needs.
- the data in the response message uses a custom data format, which can be flexibly adjusted and redefined according to actual needs.
- Step S300 Configure the MAP-E tunnel based on the MAP-E tunnel configuration parameter in the first response message.
- CPE usually completes the acquisition of MAP-E tunnel configuration parameters through the dynamic host configuration protocol DHCPv6 interaction, thereby establishing an IPv4 in IPv6 tunnel of MAP-E, and realizing the sending and receiving of packets for the HOST host connected to the CPE to access IPv4 network services.
- the network equipment cannot perform DHCPv6 interaction to complete the parameter acquisition, then the MAP-E tunnel cannot be established normally, and the MAP-E tunnel will work normally, so that it is impossible to realize IPv4 traversing the IPv6 network through the MAP-E tunnel to IPv4. Internet business access.
- the embodiment of the application adopts the above steps S100, S200, and S300, and deploys a Rule Server (rule parameter server) in the network, and stores the MAP-E tunnel configuration parameters in the rule parameter server.
- the normal startup and operation of the MAP-E tunnel can be ensured when the upper-layer device does not have the function of delivering the MAP-E tunnel configuration parameters through the DHCPv6 mode due to its own reasons.
- the method before sending the first HTTP request message to the rule parameter server, the method further includes: sending a second HTTP request message to the rule parameter server, the second HTTP request message carrying authentication request information; A second response message sent by the rule parameter server according to the authentication request information in the second HTTP request message is received, the second response message carrying information about whether the authentication is successful.
- step S100 includes the following steps:
- Step S101 encrypting the MAP-E tunnel configuration parameter request information, and establishing a first HTTP request message according to the encrypted MAP-E tunnel configuration parameter request information;
- Step S102 Send the first HTTP request message to the rule parameter server.
- the messages in the embodiments of this application are encrypted and sent, which reduces the possibility of tampering or stealing during the message sending process, thereby increasing the security and data transmission. reliability.
- the data in the HTTP request message is encrypted by using public and private key encryption.
- the data in the HTTP request message is encrypted by the private key assigned to the CPE, and the HTTP request message with internal data encryption is sent to the rule parameter server.
- the rule parameter server uses the one that matches the private key
- the public key decrypts the data in the HTTP request message.
- the foregoing encryption method is only one of the embodiments for implementing the method of the present application, and the embodiment of the present application may also include other encryption methods, including but not limited to symmetric encryption, asymmetric encryption, and hash algorithms.
- step S300 includes the following steps:
- Step S301 Decrypt the internal data of the first response message to obtain MAP-E tunnel configuration parameters
- Step S302 Configure the MAP-E tunnel according to the MAP-E tunnel configuration parameters.
- the messages in the embodiments of this application are encrypted and sent, which reduces the possibility of tampering or stealing during the message sending process, thereby increasing the security and data transmission. reliability.
- the data in the HTTP response message is encrypted by using public and private key encryption.
- the data in the HTTP response message is encrypted with the private key assigned to the rule parameter server, and the HTTP response message after the internal data encryption is sent to the CPE, and the CPE uses the one that matches the private key
- the public key decrypts the data in the HTTP response message to obtain the MAP-E tunnel configuration parameters.
- the foregoing encryption method is only one of the embodiments for implementing the method of the present application, and the embodiment of the present application may also include other encryption methods, including but not limited to symmetric encryption, asymmetric encryption, and hash algorithms.
- step S302 may include:
- the MAP-E tunnel configuration parameters are determined to be valid and are determined to match the current network connection parameters, the MAP-E tunnel configuration parameters are used to configure the MAP-E tunnel.
- the embodiment of this application verifies whether the MAP-E tunnel configuration parameters are valid and whether they match the current network connection parameters (for example, the prefix and other information corresponding to the currently running WAN IPv6 connection) successfully, and the MAP-E tunnel configuration parameters are determined In order to be effective and determined to match the current network connection parameters, the MAP-E tunnel is established, which greatly increases the robustness of the method.
- the current network connection parameters for example, the prefix and other information corresponding to the currently running WAN IPv6 connection
- step S302 may include:
- the first HTTP request message is re-sent to the rule parameter server after the first preset time period is reached.
- the obtained MAP-E tunnel configuration parameters are considered to be unavailable and cannot be used to create MAP-E tunnel.
- set the first preset duration for example, 10 minutes
- re-initiate the process of obtaining MAP-E tunnel configuration parameters from the rule parameter server after the first preset duration arrives, so that the rule parameter server
- the CPE can also adjust and update in time.
- first preset duration can be modified reasonably according to specific circumstances, with the purpose of enabling the MAP-E tunnel to operate better and the parameters to be updated in a better and timely manner.
- the MAP-E tunnel configuration management method of the embodiment of the present application may further include the following steps:
- step S400 the MAP-E tunnel configuration parameters are updated to the database of the CPE.
- the MAP-E tunnel configuration parameter after successfully obtaining the MAP-E tunnel configuration parameter from the rule parameter server, compare it with the current MAP-E tunnel configuration parameter in the CPE database to determine whether there is an update change. If there is an update change, Then replace the current MAP-E tunnel configuration parameters in the CPE database with the acquired MAP-E tunnel configuration parameters, otherwise the current MAP-E tunnel configuration parameters in the CPE database remain unchanged. In another embodiment, if the MAP-E tunnel is configured for the first time, the acquired MAP-E tunnel configuration parameters are directly saved in the data of the CPE.
- the CPE can also be adjusted and updated in time.
- the MAP-E tunnel configuration management method of the embodiment of the present application may further include the following steps:
- Step S500 when the first response message sent by the rule parameter server is not received within the second preset time period, obtain the MAP-E tunnel configuration parameters from the database of the CPE;
- Step S600 when the MAP-E tunnel configuration parameters obtained from the CPE database are determined to be valid and determined to match the current network connection parameters, the MAP-E tunnel configuration parameters are used to configure the MAP-E tunnel.
- this embodiment of the application obtains the last saved MAP-E tunnel configuration from the CPE database Parameters to ensure that the MAP-E tunnel can be established in time.
- the MAP-E tunnel configuration management method of the embodiment of the present application may further include the following steps:
- Step S601 When the MAP-E tunnel configuration parameters obtained from the CPE database are determined to be invalid and/or are determined to be incompatible with the current network connection parameters, after reaching the third preset time period, send the first to the rule parameter server again. An HTTP request message.
- the obtained MAP-E tunnel configuration parameters are considered to be unavailable and cannot be used to create MAP-E tunnel.
- set the third preset duration for example, 10 minutes
- re-initiate the process of obtaining MAP-E tunnel configuration parameters from the rule parameter server after the third preset duration arrives, so that the rule parameter server
- the CPE can also adjust and update in time.
- third preset duration can be modified reasonably according to specific circumstances, and the purpose is to enable the MAP-E tunnel to operate better and to update the parameters in a better and timely manner.
- step S100 after the IPv6 network access channel is established, a notification is sent to the MAP-E module in the CPE, so that the MAP-E module first sends the MAP-E module to the broadband remote access server BRAS.
- the DHCPv6 request message of the E tunnel configuration parameter request information and when the DHCPv6 response message sent by the BRAS is not received within the fourth preset time period (for example, 10 minutes), only then does it send to the rule parameter server carrying the MAP -The first HTTP request message of E tunnel configuration parameter request information.
- the fourth preset time period for example, 10 minutes
- the first HTTP request message is re-sent to the rule parameter server.
- the CPE In the existing applications, some applications obtain the parameters at a time and update from time to time.
- the CPE first stores the MAP-E tunnel configuration parameters, and also provides a mechanism to ensure that the parameters trigger a re-request on a regular basis. , And judge the parameters. If the parameters in the rule parameter server are adjusted and changed, the CPE can also adjust and update in time.
- an embodiment of the present application also provides a MAP-E tunnel configuration management method, as shown in FIG. 7, which is a flowchart of a MAP-E tunnel configuration management method provided by another embodiment of the present application .
- the configuration management method of the MAP-E tunnel includes but is not limited to step S700 and step S800.
- Step S700 Receive a first HTTP request message sent by the CPE, where the first HTTP request message carries MAP-E tunnel configuration parameter request information;
- the data in the HTTP request message uses a custom data format, which can be flexibly adjusted and redefined according to actual needs.
- Step S800 Send a first response message carrying MAP-E tunnel configuration parameters to the CPE according to the MAP-E tunnel configuration parameter request information in the first HTTP request message, so that the CPE can respond to the MAP-E tunnel configuration parameters in the first response message.
- the -E tunnel configuration parameter configures the MAP-E tunnel.
- the embodiment of the application configures a rule parameter server in the network, which stores MAP-E tunnel configuration parameters, including: (1) BR Address: MAP-E tunnel opposite end IPv6 address; (2) IPv6 prefix: IPv6 prefix); (3) IPv6 prefix length: IPv6 prefix length; (4) IPv4 prefix: IPv4 prefix; (5) IPv4 prefix length: IPv4 prefix length; (6) EA-bits -length: Embedded-Address (EA) bit length; (7) PSID: port sequence PORT-SET; (8) PSID Offset: PSID offset; (9) PSID length: PSID length.
- the parameters (2)-(9) may be multiple groups according to actual needs.
- the data in the response message uses a custom data format, which can be flexibly adjusted and redefined according to actual needs.
- CPE usually completes the acquisition of MAP-E tunnel configuration parameters through the dynamic host configuration protocol DHCPv6 interaction, thereby establishing an IPv4 in IPv6 tunnel of MAP-E, and realizing the sending and receiving of packets for the HOST host connected to the CPE to access IPv4 network services.
- the network equipment cannot perform DHCPv6 interaction to complete parameter acquisition, then the MAP-E tunnel cannot be established normally, and the MAP-E tunnel will operate normally, so that it is impossible to achieve IPv4 traversing the IPv6 network through the MAP-E tunnel. Access to IPv4 network services.
- the embodiment of the application adopts the above steps S700 and S800, by deploying a Rule Server (rule parameter server) in the network, the MAP-E tunnel configuration parameters are stored in the rule parameter server, and HTTP messages are used.
- the upper-layer device does not have the function of delivering MAP-E tunnel configuration parameters through DHCPv6 due to its own reasons, ensure that the MAP-E tunnel is started and running normally.
- the method before receiving the first HTTP request message sent by the CPE, the method further includes:
- step S800 includes the following steps:
- Step S801 Decrypt the internal data of the first HTTP request message to obtain MAP-E tunnel configuration parameter request information
- Step S802 Allocate MAP-E tunnel configuration parameters to the CPE according to the MAP-E tunnel configuration parameter request information
- Step S803 encrypting the MAP-E tunnel configuration parameters, and establishing a first response message according to the encrypted MAP-E tunnel configuration parameters;
- Step S804 Send a first response message to the CPE.
- the messages in the embodiments of this application are encrypted and sent, which reduces the possibility of tampering or stealing during the message sending process, thereby increasing the security and data transmission. reliability.
- the data in the HTTP request message is encrypted by using public and private key encryption.
- the data in the HTTP request message is encrypted by the private key assigned to the CPE, and the HTTP request message with internal data encryption is sent to the rule parameter server.
- the rule parameter server uses the one that matches the private key
- the public key decrypts the data in the HTTP request message, assigns MAP-E tunnel configuration parameters to the CPE according to the decrypted data, and uses the private key assigned to the rule parameter server to encrypt the data in the response message to be sent before sending it
- the CPE decrypts the data in the response message according to the public key matching the private key to obtain the MAP-E tunnel configuration parameters.
- the foregoing encryption method is only one of the embodiments for implementing the method of the present application, and the embodiment of the present application may also include other encryption methods, including but not limited to symmetric encryption, asymmetric encryption, and hash algorithms.
- Figure 9 is an overall network processing flowchart provided by an embodiment of the present application, including the entire flow of CPE establishing a tunnel and Internet access initiated by a PC on the LAN side, specifically:
- step S901 when the CPE is started, it first needs to obtain the IPv6 WAN connection address, gateway, DNS Server and other information, and obtain the WAN connection by initiating a DHCPv6 (stateful address automatic configuration) or SLAAC (stateless address automatic configuration) request to the BRAS device parameter.
- DHCPv6 stateful address automatic configuration
- SLAAC stateless address automatic configuration
- step S902 the BRAS device responds and issues parameters, the CPE starts the IPv6 WAN connection, and the CPE establishes an IPv6 network access channel.
- step S903 after the CPE's IPv6 WAN connection starts normally, it will send a notification to the MAP-E module, and then the MAP-E module will send a DHCPv6 message to obtain various parameters for configuring the MAP-E tunnel.
- Step S904 receive the DHCPv6 response message from the BRAS device, parse the DHCPv6 response message to obtain the MAP-E tunnel configuration parameters, create and start the MAP-E tunnel, and then directly go to step S907.
- step S905 if the DHCPv6 response message of the BRAS device is not obtained in step S904, the HTTP mode acquisition is automatically enabled again, and the HTTP request message is sent to the Rule Server.
- step S906 the Rule Server receives the request, responds, and sends a response message to the CPE.
- step S907 the CPE parses the received response message and creates a MAP-E tunnel.
- One end of the tunnel is the CPE and the remote end is the BR edge router, so that the MAP-E tunnel is established.
- step S908 the PC device initiates Internet access and first performs DNS domain name resolution.
- the DNS domain name resolution request is sent by the PC to an IPv4 "A" record request message.
- the CPE After reaching the CPE, the CPE performs DNS proxy and sends an IPv6 message to the CPE through the IPv6 channel.
- DNS Server in the network.
- step S909 the DNS Server parses and responds, and the message returns the "A" record response to the PC in the form of an IPv4 message via the CPE.
- step S910 the PC device initiates a TCP or UDP access connection based on the resolved IP address, and then MAP-E tunnel encapsulation is performed on the sent IPv4 packet after reaching the CPE.
- the encapsulation method is: the IPv4 packet is NAT (network After address translation), an IPv6 packet header is added to form an IPv6 packet, and the encapsulated packet is sent from the tunnel to the BR edge router, and the BR edge router decapsulates the packet into an IPv4 packet and sends it to the Internet.
- the target server is: the IPv4 packet is NAT (network After address translation), an IPv6 packet header is added to form an IPv6 packet, and the encapsulated packet is sent from the tunnel to the BR edge router, and the BR edge router decapsulates the packet into an IPv4 packet and sends it to the Internet.
- the target server is: the IPv4 packet is NAT (network After address translation), an IPv6 packet header is added to form an IPv
- step S911 the target server in the Internet network responds, and the message is encapsulated into an IPv6 message by the BR edge router and returned to the CPE via the tunnel.
- the CPE then decapsulates, takes out the IPv4 message and sends it to the PC on the LAN side.
- Step S910 and step S911 are performed repeatedly, that is, the two-way interaction of the message is completed, and the Internet network access is successfully performed.
- FIG. 10 is a flowchart of starting/stopping a MAP-E tunnel according to an embodiment of the present application.
- MAP-E tunnel startup methods include: when power on, after the CPE successfully establishes an IPv6 WAN connection, notify the MAP-E module to trigger the creation of a MAP-E tunnel configuration process, or configure a new MAP through the configuration medium (WEB page or remote management) -E tunnel, first will trigger the acquisition of MAP-E tunnel parameters, CPE can automatically use DHCPv6 or HTTP script method to acquire according to the network situation.
- the MAP-E tunnel configuration parameters After obtaining the MAP-E tunnel configuration parameters, verify the parameters. If the parameters are normal, the MAP-E tunnel is established and configured to the kernel at the same time to make the MAP-E tunnel operate normally.
- MAP-E tunnel offline methods include: configuration media (WEB page or remote management) delete the established MAP-E tunnel, or offline due to network abnormalities, mainly because the status of IPv6 WAN connection is abnormal, such as WAN connection offline or If it is deleted and the CPE no longer has IPv6 WAN access capability, it will trigger the offline process of the MAP-E tunnel.
- configuration media WEB page or remote management
- MAP-E tunnel offline process When either of the above two methods triggers the offline of the MAP-E tunnel, MAP-E will be stopped, the MAP-E tunnel configuration parameters configured to the kernel will be cleared, and the tunnel will be destroyed and stopped run.
- Figure 11 is a flowchart of automatically acquiring MAP-E tunnel configuration parameters according to an embodiment of the present application, which specifically includes the following steps:
- Step S1101 the MAP-E module is started, and it waits for the notification that the IPv6 WAN connection is online normally;
- Step S1102 receiving the notification that the IPv6 WAN connection is normally online, select the parameter acquisition method, if it is the first run, first use the DHCPv6 method to acquire, and then preferentially select the acquisition method according to the saved acquisition method.
- step S1103 the MAP-E module of the CPE sends a DHCPv6 request message to obtain various parameters of the MAP-E.
- step S1104 the DHCPv6 message from the upper-layer device is received and notified to the MAP-E module by the DHCPv6 module in the CPE.
- Step S1105 parse the DHCPv6 message, and obtain the MAP-E tunnel configuration parameters.
- Step S1106 verify that the MAP-E tunnel configuration parameters are normal and valid, and then create and run the MAP-E tunnel.
- Step S1107 Save the DHCPv6 mode, which is the method of obtaining the parameters successfully this time, and select this obtaining mode for parameter obtaining next time.
- Step S1109 In step S1104, when the upper-layer device does not support DHCPv6 to send parameters, no response message will be returned.
- the basis for judging the failure of DHCPv6 can be, for example, judging whether the set DHCPv6 response waiting timer has expired, and sending it on the CPE When a DHCPv6 request message is sent out, a wait timer is set. After the timer expires, it is considered that the DHCPv6 response has failed. At this time, it is automatically selected to obtain through a script, and an HTTP request message is sent to the rule parameter server for parameter acquisition.
- step S1110 the CPE receives the HTTP response message from the rule parameter server.
- Step S1111 parse the HTTP response message, extract various parameters, and enter step S1106 to create a MAP-E tunnel.
- step S1107 the method for successfully obtaining the parameters this time-the HTTP message interaction mode is saved, and this obtaining mode is first selected for parameter obtaining next time.
- FIG. 12 is a flowchart of obtaining and maintaining MAP-E tunnel configuration parameters by using HTTP according to an embodiment of the present application.
- the MAP-E tunnel configuration parameters must be acquired before its creation and operation.
- the embodiment of this application obtains the MAP-E tunnel configuration parameters by using a scripted HTTP message interaction method.
- a set of mechanisms has also been established, that is, the state machine mechanism is used to maintain the acquired parameters and be able to update the parameters in time, which specifically includes the following steps:
- step S1201 the maintenance management module is started, and the maintenance management runs normally.
- step S1202 when the script HTTP message interaction method is selected to obtain the MAP-E tunnel configuration parameters, first make an authentication interaction message to the rule parameter server. Only after the authentication is successful, the subsequent steps can be performed to prevent others in the network. The device obtains illegally from the rule parameter server.
- step S1203 to ensure data security, the internal data of the HTTP request message and the response message are encrypted, and the data is decrypted using the secret key after reaching the opposite end.
- step S1204 the maintenance management module initiates MAP-E tunnel configuration parameter acquisition, and sends an HTTP request message.
- Step S1205 Wait for the rule parameter server to send the response message, set the timing, when the response message is received within the fixed time, it is considered that the response message has been obtained, and then go to step S1206; if the response message is not received after the timeout, it is considered The response message fails to be obtained, and step S1211 is entered.
- step S1206 the response message sent back by the rule parameter server is successfully received, the response message is parsed, and all the MAP-E tunnel configuration parameters are taken out according to the parameter structure definitions at both ends.
- Step S1207 verify whether the parameters are normal and valid, and whether they match the prefix and other information corresponding to the currently running WAN IPv6 connection successfully, if yes, go to step S1208; if the parameter verification fails, or the parameters do not successfully match the WAN IPv6 connection parameters , Then go to step S1214.
- step S1208 the parameters are verified and the matching is successful. If the original MAP-E tunnel has not been created, create a new MAP-E tunnel. If there is an existing MAP-E tunnel, compare whether the parameters have been updated or changed. If the parameters have changed, update Parameters and apply to the MAP-E tunnel, otherwise keep the existing MAP-E tunnel configuration parameters running.
- Step S1209 save the new MAP-E tunnel configuration parameters of step S1206 to the database.
- Step S1210 set timing 1 (for example: 360 minutes), and after timing 1, re-acquire the MAP-E tunnel configuration parameters, that is, return to step S1204.
- the purpose of this is when there are parameters in the network.
- the updated parameters can be obtained in time and applied to the running MAP-E tunnel.
- step S1211 when the rule parameter server response is not received in step S1205, the MAP-E tunnel configuration parameters are read from the database saved by the CPE itself.
- Step S1212 read the MAP-E tunnel configuration parameters, verify that the parameters are normal and valid and match the prefix and other information corresponding to the currently running WAN IPv6 connection successfully, then the MAP-E tunnel creation process is performed, and step S1208 is directly entered.
- Step S1213 In step S1212, if there are no saved MAP-E tunnel configuration parameters or the read MAP-E tunnel configuration parameters are determined to be invalid and/or determined to be incompatible with the current network connection parameters, set the timing 2( For example: 5 minutes), after timing 2 is reached, the MAP-E tunnel configuration parameters are acquired again, that is, step S1204 is returned again.
- Step S1214 In step S1207, if the MAP-E tunnel configuration parameters obtained from the rule parameter server are determined to be invalid and/or are determined to be incompatible with the current network connection parameters, then the parameters are considered to be unavailable and the MAP cannot be created. -E tunnel, at this time, set the timing 3 (for example: 10 minutes), after reaching the timing 3, re-acquire the MAP-E tunnel configuration parameters, that is, return to step S1204.
- the timing 3 for example: 10 minutes
- Each of the above-mentioned setting timings 1, 2, and 3 can be modified reasonably according to the specific situation.
- the purpose is to make the MAP-E tunnel operate better and the MAP-E tunnel configuration parameters can be updated in a better and timely manner.
- an embodiment of the present application provides a user front-end device.
- the user front-end device includes a memory, a processor, and a computer program stored in the memory and running on the processor.
- the processor executes the foregoing implementation through the computer program.
- Example of the configuration management method of the MAP-E tunnel for example, the method steps S100 to S300 in FIG. 2 described above, the method steps S101-S102 in FIG. 3, the method steps S301-S302 in FIG. 4, and the method steps S301-S302 in FIG.
- an embodiment of the present application provides a rule parameter server.
- the rule parameter server includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor.
- the processor executes the foregoing implementation through the computer program.
- the example MAP-E tunnel configuration management method for example, executes the method steps S700 to S800 in FIG. 7 and the method steps S801 to S804 in FIG. 8 described above.
- the device embodiments described above are merely illustrative, and the units described as separate components may or may not be physically separated, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the modules can be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
- an embodiment of the present application also provides a computer-readable storage medium that stores computer-executable instructions, and the computer-executable instructions are executed by a processor or a controller, for example, by the aforementioned
- the execution of a processor in the user front-end equipment embodiment or the rule parameter server embodiment can make the above-mentioned processor execute the MAP-E tunnel configuration management method in the above-mentioned embodiment, for example, execute the above-described method steps in FIG. 2 S100 to S300, method steps S101-S102 in FIG. 3, method steps S301-S302 in FIG. 4, method steps S100 to S400 in FIG. 5, method steps S500, S600, and S601 in FIG. 6, or execute the above description
- the embodiment of the application includes: sending a first HTTP request message carrying MAP-E tunnel configuration parameter request information to the rule parameter server; receiving the rule parameter server according to the MAP-E tunnel configuration parameter request in the first HTTP request message
- the first response message sent by the information, the first response message includes the MAP-E tunnel configuration parameter; the MAP-E tunnel is configured based on the MAP-E tunnel configuration parameter in the first response message.
- the MAP-E tunnel configuration parameters are sent to the rule parameter server by means of HTTP messages Request information, and after receiving the response message from the rule parameter server, the MAP-E tunnel is established according to the MAP-E tunnel configuration parameters carried in the response message, so that the upper-layer device does not have the ability to pass DHCPv6 due to its own reasons.
- sending the MAP-E tunnel configuration parameter function ensure that the MAP-E tunnel starts and runs normally.
- computer storage medium includes volatile and non-volatile data implemented in any method or technology for storing information (such as computer-readable instructions, data structures, program modules, or other data).
- Information such as computer-readable instructions, data structures, program modules, or other data.
- Computer storage media include but are not limited to RAM, ROM, EEPROM, flash memory or other storage technologies, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cassettes, magnetic tapes, magnetic disk storage or other magnetic storage devices, or Any other medium used to store desired information and that can be accessed by a computer.
- communication media usually contain computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as carrier waves or other transmission mechanisms, and may include any information delivery media. .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
一种MAP-E隧道的配置管理方法、设备、服务器以及存储介质。其中,所述MAP-E隧道的配置管理方法包括:向规则参数服务器发送携带有MAP-E隧道配置参数请求信息的第一HTTP请求报文(S100);接收由规则参数服务器根据所述第一HTTP请求报文中的所述MAP-E隧道配置参数请求信息发送的第一应答报文,所述第一应答报文包括MAP-E隧道配置参数(S200);基于所述第一应答报文中的所述MAP-E隧道配置参数配置MAP-E隧道(S300)。
Description
相关申请的交叉引用
本申请基于申请号为202010574064.8、申请日为2020年06月22日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。
本申请实施例涉及但不限于通信技术领域,尤其涉及一种MAP-E隧道的配置管理方法、用户前端设备、规则参数服务器以及计算机可读存储介质。
由于互联网持续快速地发展,IPv4地址已经耗尽,需要替换成IPv6才能彻底解决这个问题,目前世界上各个国家和地区,都在稳步地推进从IPv4向IPv6过渡,在各个过渡方案中,由DS-Lite(Dual Stack-Lite,轻量级双栈)隧道方案逐渐演进到了MAP-E(Mapping of Address and Port using Encapsulation,无状态的映射与双重封装技术)方案,MAP-E方案具有优势,它克服了DS-Lite隧道的一些缺陷:例如,DS-Lite隧道方案在CPE(Customer Premise Equipment,用户前端设备)上仅完成隧道报文封装,但不做NAT(Network Address Translation,网络地址转换)和端口转换,上层局端设备(如运营商级网络设备,例如CGN(Carrier-Grade NAT,运营商级网络地址转换)设备,双栈服务器等)上完成NAT和端口转换,这样它需要集中管理、维护每条流的报文信息,包括地址与端口等,上层局端设备处理压力较大、设备投入与维护成本都高。作为DS-Lite隧道的演进方案,MAP-E隧道方案实现了在CPE上完成NAT和端口转换,再进行隧道报文封装,减轻了上层局端设备的处理压力。
通常,CPE通过IPv6动态主机配置协议(Dynamic Host Configuration Protocol for ipv6,DHCPv6)交互完成MAP-E隧道配置参数的获取,从而建立MAP-E的IPv4 in IPv6隧道,实现CPE下挂连接的HOST主机访问IPv4网络业务的报文收发处理,而当网络设备不能进行DHCPv6交互完成参数获取时,那么MAP-E隧道就无法正常建立,MAP-E隧道也就无法正常运行工作,从而也就无法实现IPv4经MAP-E隧道穿越IPv6网络对IPv4的网络业务访问。
发明内容
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。
本申请实施例提供了一种MAP-E隧道的配置管理方法、用户前端设备、规则参数服务器以及计算机可读存储介质。
第一方面,本申请实施例提供了一种MAP-E隧道的配置管理方法,应用于用户前端设备CPE,包括:向规则参数服务器发送携带有MAP-E隧道配置参数请求信息的第一HTTP请求报文;接收由规则参数服务器根据所述第一HTTP请求报文中的所述MAP-E隧道配 置参数请求信息发送的第一应答报文,所述第一应答报文包括MAP-E隧道配置参数;基于所述第一应答报文中的所述MAP-E隧道配置参数配置MAP-E隧道。
第二方面,本申请实施例还提供了一种MAP-E隧道的配置管理方法,应用于规则参数服务器,包括:接收由CPE发送的第一HTTP请求报文,所述第一HTTP请求报文携带有MAP-E隧道配置参数请求信息;根据所述第一HTTP请求报文中的所述MAP-E隧道配置参数请求信息向CPE发送携带有MAP-E隧道配置参数的第一应答报文,以使CPE根据所述第一应答报文中的所述MAP-E隧道配置参数配置MAP-E隧道。
第三方面,本申请实施例还提供了一种用户前端设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器通过所述计算机程序执行上述第一方面的MAP-E隧道的配置管理方法。
第四方面,本申请实施例还提供了一种规则参数服务器,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器通过所述计算机程序执行上述第二方面的MAP-E隧道的配置管理方法。
第五方面,本申请实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行如上的MAP-E隧道的配置管理方法。
本申请的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本申请而了解。本申请的目的和其他优点可通过在说明书、权利要求书以及附图中所特别指出的结构来实现和获得。
附图用来提供对本申请技术方案的进一步理解,并且构成说明书的一部分,与本申请的实施例一起用于解释本申请的技术方案,并不构成对本申请技术方案的限制。
图1是本申请一个实施例提供的用于执行MAP-E隧道的配置管理方法的网络拓扑的示意图;
图2是本申请一个实施例提供的MAP-E隧道的配置管理方法的流程图;
图3是本申请一个实施例提供的发送HTTP请求报文的流程图;
图4是本申请一个实施例提供的配置MAP-E隧道的流程图;
图5是本申请另一实施例提供的MAP-E隧道的配置管理方法的流程图;
图6是本申请另一实施例提供的MAP-E隧道的配置管理方法的流程图;
图7是本申请另一实施例提供的MAP-E隧道的配置管理方法的流程图;
图8是本申请一个实施例提供的接收HTTP请求报文的流程图;
图9是本申请一个实施例提供的总体网络处理流程图;
图10是本申请一个实施例提供的启动/停止MAP-E隧道的流程图;
图11是本申请一个实施例提供的自动获取MAP-E隧道配置参数的流程图;
图12是本申请一个实施例提供的采用HTTP方式获取和维护MAP-E隧道配置参数的流程图。
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不 用于限定本申请。
需要说明的是,虽然在装置示意图中进行了功能模块划分,在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于装置中的模块划分,或流程图中的顺序执行所示出或描述的步骤。说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。
本申请实施例提供了一种MAP-E隧道的配置管理方法、用户前端设备、规则参数服务器以及计算机可读存储介质,通过在网络中布局一台Rule Server(规则参数服务器),在该规则参数服务器中存储有MAP-E隧道配置参数,当需要建立MAP-E隧道时,采用HTTP报文方式向该规则参数服务器发送MAP-E隧道配置参数请求信息,并且在接收到规则参数服务器的应答报文后,根据应答报文中携带的MAP-E隧道配置参数建立MAP-E隧道,从而能够在上层设备由于自身原因而不具备通过DHCPv6方式下发MAP-E隧道配置参数功能的情况下,保证MAP-E隧道正常启动和运行。
下面结合附图,对本申请实施例作进一步阐述。
如图1所示,图1是本申请一个实施例提供的用于执行MAP-E隧道的配置管理方法的网络拓扑的示意图。在图1的示例中,该网络拓扑包括用户前端设备CPE、CPE一端连接的用户设备如PC(个人电脑)、CPE另一端连接的上层BRAS(Broadband Remote Access Server,宽带远程接入服务器)设备、BR(边缘路由器,即MAP-E隧道服务端设备)、DNS解析服务器(DNS Server)、规则参数服务器(Rule Server)。BRAS设备负责给CPE分配IPv6地址、网关,规则参数服务器上运行参数下发服务端软件,负责对各CPE连接请求进行鉴权(authentication),并对CPE发送的HTTP请求报文进行应答,应答报文中携带MAP-E隧道配置参数。CPE收到应答报文并且对参数解密和解析之后创建了如图箭头所示的“CPE-BR”这两个设备之间的MAP-E隧道。
本申请实施例描述的网络拓扑以及应用场景是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域技术人员可知,随着网络拓扑的演变和新应用场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。
本领域技术人员可以理解的是,图1中示出的各种部件及拓扑结构并不构成对本申请实施例的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。
基于上述网络拓扑结构,提出本申请的MAP-E隧道的配置管理方法的各个实施例。
如图2所示,图2是本申请一个实施例提供的MAP-E隧道的配置管理方法的流程图,该MAP-E隧道的配置管理方法包括但不限于步骤S100、步骤S200和步骤S300。
步骤S100,向规则参数服务器发送携带有MAP-E隧道配置参数请求信息的第一HTTP请求报文。
在一个实施例中,参照图1所示,首先启动CPE来获取IPv6广域网连接的地址、网关、DNS Server等信息,通过向BRAS设备发起DHCPv6(有状态地址自动配置)或SLAAC(无状态地址自动配置)请求来获取广域网连接参数,BRAS设备接收到请求后,应答并下发参数,CPE根据该参数启动广域网连接,这样便建立了IPv6的网络访问通道。在建立IPv6的网络访问通道后,向CPE中的MAP-E模块发送通知,以使得MAP-E模块向规则 参数服务器发送携带有MAP-E隧道配置参数请求信息的HTTP请求报文。
在一个实施例中,HTTP请求报文中的数据使用自定义数据格式,可以根据实际需要进行灵活调整以及重新定义。
步骤S200,接收由规则参数服务器根据第一HTTP请求报文中的MAP-E隧道配置参数请求信息发送的第一应答报文,第一应答报文包括MAP-E隧道配置参数。
在一个实施例中,参照图1所示,本申请实施例在网络中配置一台规则参数服务器,其中存储有MAP-E隧道配置参数,包括:(1)BR Address:MAP-E隧道对端IPv6地址;(2)IPv6 prefix:IPv6前缀;(3)IPv6 prefix length:IPv6前缀长度;(4)IPv4 prefix:IPv4前缀;(5)IPv4 prefix length:IPv4前缀长度;(6)EA-bits-length:Embedded-Address(EA)bit的长度;(7)PSID:端口序列PORT-SET;(8)PSID Offset:PSID偏移量;(9)PSID length:PSID长度。在一个实施例中,根据实际需要,参数(2)至(9)可以为多组。
在一个实施例中,应答报文中的数据使用自定义数据格式,可以根据实际需要进行灵活调整以及重新定义。
步骤S300,基于第一应答报文中的MAP-E隧道配置参数配置MAP-E隧道。
当前,CPE通常通过动态主机配置协议DHCPv6交互完成MAP-E隧道配置参数的获取,从而建立MAP-E的IPv4 in IPv6隧道,实现CPE下挂连接的HOST主机访问IPv4网络业务的报文收发处理,而当网络设备不能进行DHCPv6交互完成参数获取时,那么MAP-E隧道就无法正常建立,MAP-E隧道也就正常运行工作,从而也就无法实现IPv4经MAP-E隧道的穿越IPv6网络对IPv4的网络业务访问。针对这个问题,本申请实施例采用上述步骤S100、步骤S200、步骤S300,通过在网络中布局一台Rule Server(规则参数服务器),在该规则参数服务器中存储有MAP-E隧道配置参数,采用HTTP报文方式向该规则参数服务器发送MAP-E隧道配置参数请求信息,并且在接收到规则参数服务器的应答报文后,根据应答报文中携带的MAP-E隧道配置参数建立MAP-E隧道,从而能够在上层设备由于自身原因而不具备通过DHCPv6方式下发MAP-E隧道配置参数功能的情况下,保证MAP-E隧道正常启动和运行。
在一个实施例中,在向规则参数服务器发送第一HTTP请求报文之前,该方法还包括:向规则参数服务器发送第二HTTP请求报文,第二HTTP请求报文携带有鉴权请求信息;接收由规则参数服务器根据第二HTTP请求报文中的鉴权请求信息发送的第二应答报文,第二应答报文携带鉴权是否成功的信息。
在本申请实施例中,在采用HTTP报文交互方式获取MAP-E隧道配置参数的情况下,首先向规则参数服务器做一次鉴权交互报文,鉴权成功才可以进行后续步骤,防止网络中的其它设备向规则参数服务器进行非法获取。
在一个实施例中,参照图3,步骤S100包括以下步骤:
步骤S101,对MAP-E隧道配置参数请求信息进行加密,并根据经过加密的MAP-E隧道配置参数请求信息建立第一HTTP请求报文;
步骤S102,向规则参数服务器发送第一HTTP请求报文。
与当前使用明文方式进行一些参数数据交互不同,本申请实施例中的报文经过加密后发送,降低了报文发送过程中被纂改或窃取的可能性,从而增加了数据传输的安全性和可靠性。
在一个实施例中,通过使用公私钥加密方式对HTTP请求报文中的数据进行加密。具体地,在CPE端,通过分配给CPE的私钥对HTTP请求报文中的数据加密,并且将内部数据加密后的HTTP请求报文发送到规则参数服务器,规则参数服务器使用与私钥匹配的公钥对HTTP请求报文中的数据进行解密。
应当理解的是,上述加密方式仅仅是实现本申请方法的其中一个实施例,本申请实施例还可包括其它加密方式,包括但不限于对称加密、非对称加密、哈希算法等。
在一个实施例中,参照图4,步骤S300包括以下步骤:
步骤S301,对第一应答报文的内部数据进行解密,得到MAP-E隧道配置参数;
步骤S302,根据MAP-E隧道配置参数配置MAP-E隧道。
与当前使用明文方式进行一些参数数据交互不同,本申请实施例中的报文经过加密后发送,降低了报文发送过程中被纂改或窃取的可能性,从而增加了数据传输的安全性和可靠性。
在一个实施例中,通过使用公私钥加密方式对HTTP应答报文中的数据进行加密。具体地,在规则参数服务器端,通过分配给规则参数服务器的私钥对HTTP应答报文中的数据加密,并且将内部数据加密后的HTTP应答报文发送到CPE,CPE使用与私钥匹配的公钥对HTTP应答报文中的数据进行解密,从而得到MAP-E隧道配置参数。
应当理解的是,上述加密方式仅仅是实现本申请方法的其中一个实施例,本申请实施例还可包括其它加密方式,包括但不限于对称加密、非对称加密、哈希算法等。
在一个实施例中,步骤S302可包括:
当MAP-E隧道配置参数被确定为有效并且被确定为与当前网络连接参数匹配,利用MAP-E隧道配置参数配置MAP-E隧道。
本申请实施例通过校验MAP-E隧道配置参数是否有效并且是否与当前网络连接参数(例如,当前运行的广域网IPv6连接对应的前缀等信息)匹配成功,并且在MAP-E隧道配置参数被确定为有效并且被确定为与当前网络连接参数匹配,才建立MAP-E隧道,从而大大增加了该方法的鲁棒性。
在另一实施例中,步骤S302可包括:
当MAP-E隧道配置参数被确定为无效和/或被确定为与当前网络连接参数不匹配,在到达第一预设时长后重新向规则参数服务器发送第一HTTP请求报文。
在本申请实施例中,当MAP-E隧道配置参数被确定为无效和/或被确定为与当前网络连接参数不匹配,则认为所获取的MAP-E隧道配置参数不可用,不能用于创建MAP-E隧道,此时,设置第一预设时长(例如10分钟),在第一预设时长到达后重新发起向规则参数服务器获取MAP-E隧道配置参数的流程,这样使得在规则参数服务器中的MAP-E隧道配置参数有调整变化时,CPE也可以做到及时调整和更新。
应当理解的是,上述的第一预设时长可以根据具体情况合理修改,目的是使MAP-E隧道能够更好的运行、参数能更好更及时地更新。
在一个实施例中,参照图5,除了上述步骤S100、步骤S200以及步骤S300外,本申请实施例的MAP-E隧道配置管理方法还可包括以下步骤:
步骤S400,将MAP-E隧道配置参数更新到CPE的数据库中。
在一个实施例中,在从规则参数服务器成功获取MAP-E隧道配置参数后,将其与CPE 的数据库中的当前MAP-E隧道配置参数进行比较,判断是否有更新变化,如果有更新变化,则以所获取的MAP-E隧道配置参数将CPE的数据库中的当前MAP-E隧道配置参数进行替换,否则CPE的数据库中的当前MAP-E隧道配置参数保持不变。在另一实施例中,如果是首次配置MAP-E隧道,则直接将所获取的MAP-E隧道配置参数保存到CPE的数据中。
本申请实施例通过上述步骤S400,使得在规则参数服务器中的MAP-E隧道配置参数有调整变化时,CPE也可以做到及时调整和更新。
在一个实施例中,参照图6,可替换地,本申请实施例的MAP-E隧道配置管理方法还可包括以下步骤:
步骤S500,当未在第二预设时长内接收到由规则参数服务器发送的第一应答报文,从CPE的数据库中获取MAP-E隧道配置参数;
步骤S600,当从CPE的数据库中获取的MAP-E隧道配置参数被确定为有效并且被确定为与当前网络连接参数匹配,利用MAP-E隧道配置参数配置MAP-E隧道。
在由于如网络状况等外部因素而使得无法在规定时长(例如,10分钟)内接收到规则参数服务器的应答报文时,本申请实施例通过从CPE数据库获取上一次保存的MAP-E隧道配置参数,从而保证能够及时建立MAP-E隧道。
应当理解的是,上述的第二预设时长可以根据具体情况合理修改,目的是使MAP-E隧道能够更好的运行、参数能更好更及时地更新。
在一个实施例中,继续参照图6,本申请实施例的MAP-E隧道配置管理方法还可包括以下步骤:
步骤S601,当从CPE的数据库中获取的MAP-E隧道配置参数被确定为无效和/或被确定为与当前网络连接参数不匹配,在到达第三预设时长后重新向规则参数服务器发送第一HTTP请求报文。
在本申请实施例中,当MAP-E隧道配置参数被确定为无效和/或被确定为与当前网络连接参数不匹配,则认为所获取的MAP-E隧道配置参数不可用,不能用于创建MAP-E隧道,此时,设置第三预设时长(例如10分钟),在第三预设时长到达后重新发起向规则参数服务器获取MAP-E隧道配置参数的流程,这样使得在规则参数服务器中的MAP-E隧道配置参数有调整变化时,CPE也可以做到及时调整和更新。
应当理解的是,上述的第三预设时长可以根据具体情况合理修改,目的是使MAP-E隧道能够更好的运行、参数能更好更及时地更新。
在一个实施例中,在步骤S100中,在建立IPv6的网络访问通道后,向CPE中的MAP-E模块发送通知,以使得MAP-E模块首先向宽带远程接入服务器BRAS发送携带有MAP-E隧道配置参数请求信息的DHCPv6请求报文,并且当未在第四预设时长(例如10分钟)内接收到由BRAS发送的DHCPv6应答报文,此时,才向规则参数服务器发送携带有MAP-E隧道配置参数请求信息的第一HTTP请求报文。通过这种方式,使得能够在上层设备由于自身原因而不具备通过DHCPv6方式下发MAP-E隧道配置参数功能的情况下,保证MAP-E隧道正常启动和运行。
应当理解的是,上述的第四预设时长可以根据具体情况合理修改,目的是使MAP-E隧道能够更好的运行、参数能更好更及时地更新。
在一个实施例中,在完成MAP-E隧道的配置并且在到达第五预设时长(例如,360分钟)后,重新向规则参数服务器发送第一HTTP请求报文。
应当理解的是,上述的第五预设时长可以根据具体情况合理修改,目的是使MAP-E隧道能够更好的运行、参数能更好更及时地更新。
在现有应用中,有些应用是一次性获取参数不定时更新,而在本申请实施例中,CPE对MAP-E隧道配置参数首先进行存储,也提供了一套机制,保证参数定时触发重新请求,并对参数进行判断,如果规则参数服务器中的参数有调整变化,CPE也可以做到及时调整和更新。
另外,本申请的一个实施例还提供了一种MAP-E隧道的配置管理方法,如图7所示,图7是本申请另一实施例提供的MAP-E隧道的配置管理方法的流程图,该MAP-E隧道的配置管理方法包括但不限于步骤S700和步骤S800。
步骤S700,接收由CPE发送的第一HTTP请求报文,第一HTTP请求报文携带有MAP-E隧道配置参数请求信息;
在一个实施例中,HTTP请求报文中的数据使用自定义数据格式,可以根据实际需要进行灵活调整以及重新定义。
步骤S800,根据第一HTTP请求报文中的MAP-E隧道配置参数请求信息向CPE发送携带有MAP-E隧道配置参数的第一应答报文,以使CPE根据第一应答报文中的MAP-E隧道配置参数配置MAP-E隧道。
在一个实施例中,参照图1所示,本申请实施例在网络中配置一台规则参数服务器,其中存储有MAP-E隧道配置参数,包括:(1)BR Address:MAP-E隧道对端IPv6地址;(2)IPv6 prefix:IPv6前缀);(3)IPv6 prefix length:IPv6前缀长度;(4)IPv4 prefix:IPv4前缀;(5)IPv4 prefix length:IPv4前缀长度;(6)EA-bits-length:Embedded-Address(EA)bit的长度;(7)PSID:端口序列PORT-SET;(8)PSID Offset:PSID偏移量;(9)PSID length:PSID长度。在一个实施例中,根据实际需要,参数(2)-(9)可以为多组。
在一个实施例中,应答报文中的数据使用自定义数据格式,可以根据实际需要进行灵活调整以及重新定义。
当前,CPE通常通过动态主机配置协议DHCPv6交互完成MAP-E隧道配置参数的获取,从而建立MAP-E的IPv4 in IPv6隧道,实现CPE下挂连接的HOST主机访问IPv4网络业务的报文收发处理,而在网络设备不能进行DHCPv6交互完成参数获取的情况下,那么MAP-E隧道就无法正常建立,MAP-E隧道也就正常运行工作,从而也就无法实现IPv4经MAP-E隧道的穿越IPv6网络对IPv4的网络业务访问。针对这个问题,本申请实施例采用上述步骤S700、步骤S800,通过在网络中布局一台Rule Server(规则参数服务器),在该规则参数服务器中存储有MAP-E隧道配置参数,采用HTTP报文方式向该规则参数服务器发送MAP-E隧道配置参数请求信息,并且在接收到规则参数服务器的应答报文后,根据应答报文中携带的MAP-E隧道配置参数建立MAP-E隧道,从而能够在上层设备由于自身原因而不具备通过DHCPv6方式下发MAP-E隧道配置参数功能的情况下,保证MAP-E隧道正常启动和运行。
在一个实施例中,在接收由CPE发送的第一HTTP请求报文之前,该方法还包括:
接收由CPE发送的第二HTTP请求报文,第二HTTP请求报文携带有鉴权请求信息; 根据第二HTTP请求报文中的鉴权请求信息向CPE发送第二应答报文,第二应答报文携带鉴权是否成功的信息。
在本申请实施例中,在采用HTTP报文交互方式获取MAP-E隧道配置参数的情况下,首先向规则参数服务器做一次鉴权交互报文,鉴权成功才可以进行后续步骤,防止网络中的其它设备向规则参数服务器进行非法获取。
在一个实施例中,参照图8,步骤S800包括以下步骤:
步骤S801,对第一HTTP请求报文的内部数据进行解密,得到MAP-E隧道配置参数请求信息;
步骤S802,根据MAP-E隧道配置参数请求信息为CPE分配MAP-E隧道配置参数;
步骤S803,对MAP-E隧道配置参数进行加密,并根据经过加密的MAP-E隧道配置参数建立第一应答报文;
步骤S804,向CPE发送第一应答报文。
与当前使用明文方式进行一些参数数据交互不同,本申请实施例中的报文经过加密后发送,降低了报文发送过程中被纂改或窃取的可能性,从而增加了数据传输的安全性和可靠性。
在一个实施例中,通过使用公私钥加密方式对HTTP请求报文中的数据进行加密。具体地,在CPE端,通过分配给CPE的私钥对HTTP请求报文中的数据加密,并且将内部数据加密后的HTTP请求报文发送到规则参数服务器,规则参数服务器使用与私钥匹配的公钥对HTTP请求报文中的数据进行解密,根据解密后的数据为CPE分配MAP-E隧道配置参数,利用分配给规则参数服务器的私钥对待发送的应答报文中的数据进行加密后发送给CPE,CPE根据与私钥匹配的公钥对应答报文中的数据进行解密,得到MAP-E隧道配置参数。
应当理解的是,上述加密方式仅仅是实现本申请方法的其中一个实施例,本申请实施例还可包括其它加密方式,包括但不限于对称加密、非对称加密、哈希算法等。
针对上述实施例所提供的MAP-E隧道的配置管理方法,下面参照图9-12以具体的示例进行详细的描述。
示例一:
参照图9所示,并继续参照图1,其中图9是本申请一个实施例提供的总体网络处理流程图,包括CPE建立隧道和LAN侧PC发起的Internet访问的全部流程,具体地:
步骤S901,CPE启动时,首先需要获取IPv6广域网连接的地址、网关、DNS Server等信息,通过向BRAS设备发起DHCPv6(有状态地址自动配置)或SLAAC(无状态地址自动配置)请求来获取广域网连接参数。
步骤S902,BRAS设备应答并下发参数,CPE启动IPv6广域网连接,CPE就建立了IPv6的网络访问通道。
步骤S903,CPE的IPv6广域网连接启动正常后,会向MAP-E模块发送通知,然后MAP-E模块发送DHCPv6报文来获取用于配置MAP-E隧道的各项参数。
步骤S904,收到BRAS设备的DHCPv6应答报文,解析DHCPv6应答报文,得到MAP-E隧道配置参数,创建和启动MAP-E隧道,接着直接进入到步骤S907。
步骤S905,如果在步骤S904中未获取到BRAS设备的DHCPv6应答报文,则自动再 启用HTTP方式获取,发送HTTP请求报文到Rule Server。
步骤S906,Rule Server收到请求,进行应答,发送应答报文给CPE。
步骤S907,CPE解析收到的应答报文,创建MAP-E隧道,隧道的一端为CPE,远端为BR边缘路由器,这样就建立起了MAP-E隧道。
步骤S908,PC设备发起互联网访问,首先进行DNS域名解析,DNS域名解析请求由PC发出IPv4的“A”记录请求报文,到达CPE后,由CPE进行DNS代理,经过IPv6通道发送IPv6报文到网络中的DNS Server。
步骤S909,DNS Server解析后应答,报文再经CPE将“A”记录应答以IPv4报文形式返回给PC。
步骤S910,PC设备根据解析出的IP地址,发起TCP或UDP等方式的访问连接,发出的IPv4报文到达CPE后进行MAP-E隧道封装,封装的方式是:将IPv4报文进行NAT(网络地址转换)后再新增IPv6报文头部形成IPv6报文,将封装的报文从隧道发送到BR边缘路由器,BR边缘路由器将这个报文解封装成IPv4报文,并发送到Internet网络中的目标服务器。
步骤S911,Internet网络中的目标服务器应答,报文经BR边缘路由器封装成IPv6报文经隧道返回到CPE,CPE再进行解封装,取出IPv4报文发给LAN侧PC。
步骤S910和步骤S911反复进行,即完成了报文的双向交互,也就成功的进行了Internet网络访问。
示例二:
参照图10所示,并继续参照图1,其中图10是本申请一个实施例提供的启动/停止MAP-E隧道的流程图。
MAP-E隧道启动方式有:上电启动时,CPE成功建立IPv6广域网连接后,通知MAP-E模块触发创建MAP-E隧道配置流程,或者通过配置媒介(WEB页面或远程管理)配置新的MAP-E隧道,首先会触发MAP-E隧道参数的获取,CPE可以自动地根据网络情况采用DHCPv6方式还是HTTP脚本方式进行获取。
获取到MAP-E隧道配置参数后,校验参数,参数正常则建立MAP-E隧道,同时配置到内核,使MAP-E隧道正常运行。
MAP-E隧道下线方式有:配置媒介(WEB页面或远程管理)删除已建立的MAP-E隧道,或者由于网络异常而下线,主要是IPv6广域网连接的状态异常,例如广域网连接下线或被删除,CPE不再具备IPv6广域网访问能力的情况下,都会触发MAP-E隧道下线流程。
MAP-E隧道下线过程:当上述两种方式中任一种触发MAP-E隧道下线时,会将MAP-E停止,将配置到内核的MAP-E隧道配置参数清除,隧道销毁并且停止运行。
示例三:
参照图11所示,并继续参照图1,其中图11是本申请一个实施例提供的自动获取MAP-E隧道配置参数的流程图,具体包括以下步骤:
步骤S1101,MAP-E模块启动,等待IPv6广域网连接正常上线的通知;
步骤S1102,收到IPv6广域网连接正常上线的通知,选择参数获取方式,如果是首次运行,先使用DHCPv6方式获取,后面可以根据保存的获取方式优先选取那种获取方式。
步骤S1103,CPE的MAP-E模块发送DHCPv6请求报文,用以获取MAP-E的各项参数。
步骤S1104,收到上层设备应答的DHCPv6报文,由CPE中的DHCPv6模块通知到MAP-E模块。
步骤S1105,解析DHCPv6报文,获取到MAP-E隧道配置参数。
步骤S1106,校验MAP-E隧道配置参数正常有效,则创建和运行MAP-E隧道。
步骤S1107,将此次成功获取到参数的方式-DHCPv6方式保存下来,下一次首先选择这种获取方式进行参数获取。
步骤S1109,在步骤S1104,当上层设备不支持DHCPv6方式下发参数时,就不会有应答报文返回,判断DHCPv6失败的依据可以例如是判断设置的DHCPv6应答等待定时器是否超时,在CPE发送出DHCPv6请求报文时,设置等待定时器,定时器时间超出后,则认为是DHCPv6应答失败,这时自动选择通过脚本方式获取,发送HTTP请求报文到规则参数服务器上进行参数获取。
步骤S1110,CPE收到规则参数服务器的HTTP应答报文。
步骤S1111,解析HTTP应答报文,将各项参数取出,进入步骤S1106创建MAP-E隧道。
同样地,在步骤S1107中将这次成功获取到参数的方式-HTTP报文交互方式保存下来,下一次首先选择这种获取方式进行参数获取。
示例四:
参照图12所示,并继续参照图1,其中图12是本申请一个实施例提供的采用HTTP方式获取和维护MAP-E隧道配置参数的流程图。本申请实施例中的MAP-E隧道,在其创建和运行之前先要进行MAP-E隧道配置参数的获取,本申请实施例通过使用脚本HTTP报文交互方式来获取MAP-E隧道配置参数,对于这种方式,还建立了一套机制,即,使用状态机机制,维护获取的参数,并能够对参数及时进行更新,具体包括以下步骤:
步骤S1201,维护管理模块启动,维护管理正常运行。
步骤S1202,在选取了脚本HTTP报文交互方式获取MAP-E隧道配置参数的情况下,首先向规则参数服务器做一次鉴权交互报文,鉴权成功才可以进行后续步骤,防止网络中的其它设备向规则参数服务器进行非法获取。
步骤S1203,为保证数据安全,对HTTP请求报文和应答报文的内部数据进行加密处理,数据达到对端后使用秘钥进行解密。
步骤S1204,维护管理模块发起MAP-E隧道配置参数获取,发出HTTP请求报文。
步骤S1205,等待规则参数服务器发送应答报文,设置定时,当在定时时间内收到应答报文,则认为获取到应答报文,进入步骤S1206;如果超时还未收到应答报文,则认为获取应答报文失败,进入步骤S1211。
步骤S1206,成功收到规则参数服务器发回的应答报文,解析这个应答报文,根据两端的参数结构定义,取出全部MAP-E隧道配置参数。
步骤S1207,校验参数是否正常有效,并且是否和当前运行的广域网IPv6连接对应的前缀等信息匹配成功,如果是,则进入步骤S1208;如果参数校验失败,或者参数未成功匹配广域网IPv6连接参数,则进入步骤S1214。
步骤S1208,校验参数并匹配成功,如果原来MAP-E隧道未创建,则新建一个MAP-E隧道,如果原来已有MAP-E隧道,比较参数是否有更新变化,如果参数有变化,则更新参数并且应用到MAP-E隧道,否则保持现有MAP-E隧道配置参数运行。
步骤S1209,将步骤S1206的新的MAP-E隧道配置参数保存到数据库。
步骤S1210,设置定时1(例如:360分钟),并在到达定时1后,重新进行MAP-E隧道配置参数的获取,即,重新回到步骤S1204,这样做的目的是当网络中的参数有调整更新时,能够及时获取更新的参数并应用到运行的MAP-E隧道中。
步骤S1211,在步骤S1205未收到规则参数服务器应答时,从CPE自己保存的数据库读取出MAP-E隧道配置参数。
步骤S1212,读取出MAP-E隧道配置参数,校验参数正常有效并且和当前运行的广域网IPv6连接对应的前缀等信息匹配成功,则进行MAP-E隧道创建流程,直接进入到步骤S1208。
步骤S1213,在步骤S1212中,如果无保存的MAP-E隧道配置参数或者读出的MAP-E隧道配置参数被确定为无效和/或被确定为与当前网络连接参数不匹配,设置定时2(例如:5分钟),在到达定时2后,重新进行MAP-E隧道配置参数的获取,即,重新回到步骤S1204。
步骤S1214,在步骤S1207中,如果从规则参数服务器获取的MAP-E隧道配置参数被确定为无效和/或被确定为与当前网络连接参数不匹配,则都认为是参数不可用,不能创建MAP-E隧道,这时,设置定时3(例如:10分钟),在到达定时3后,重新进行MAP-E隧道配置参数的获取,即,重新回到步骤S1204。
上述设置定时1、2、3的每个定时时长都可以根据具体情况合理修改,目的是使MAP-E隧道更好的运行、MAP-E隧道配置参数能更好更及时地更新。
另外,本申请的一个实施例提供了一种用户前端设备,该用户前端设备包括:存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器通过计算机程序执行上述实施例的MAP-E隧道的配置管理方法,例如,执行以上描述的图2中的方法步骤S100至S300、图3中的方法步骤S101-S102、图4中的方法步骤S301-S302、图5中的方法步骤S100至S400、图6中的方法步骤S500、S600以及S601。
另外,本申请的一个实施例提供了一种规则参数服务器,该规则参数服务器包括:存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器通过计算机程序执行上述实施例的MAP-E隧道的配置管理方法,例如,执行以上描述的图7中的方法步骤S700至S800、图8中的方法步骤S801-S804。
以上所描述的装置实施例仅仅是示意性的,其中作为分离部件说明的单元可以是或者也可以不是物理上分开的,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。
此外,本申请的一个实施例还提供了一种计算机可读存储介质,该计算机可读存储介质存储有计算机可执行指令,该计算机可执行指令被一个处理器或控制器执行,例如,被上述用户前端设备实施例或者规则参数服务器实施例中的一个处理器执行,可使得上述处理器执行上述实施例中的MAP-E隧道的配置管理方法,例如,执行以上描述的图2中的方法步骤S100至S300、图3中的方法步骤S101-S102、图4中的方法步骤S301-S302、图5中的方法步骤S100至S400、图6中的方法步骤S500、S600以及S601,或者执行以上描 述的图7中的方法步骤S700至S800、图8中的方法步骤S801-S804。
本申请实施例包括:向规则参数服务器发送携带有MAP-E隧道配置参数请求信息的第一HTTP请求报文;接收由规则参数服务器根据第一HTTP请求报文中的MAP-E隧道配置参数请求信息发送的第一应答报文,第一应答报文包括MAP-E隧道配置参数;基于第一应答报文中的MAP-E隧道配置参数配置MAP-E隧道。根据本申请实施例提供的方案,通过在网络中布局一台Rule Server(规则参数服务器),当需要建立MAP-E隧道时,采用HTTP报文方式向该规则参数服务器发送MAP-E隧道配置参数请求信息,并且在接收到规则参数服务器的应答报文后,根据应答报文中携带的MAP-E隧道配置参数建立MAP-E隧道,从而能够在上层设备由于自身原因而不具备通过DHCPv6方式下发MAP-E隧道配置参数功能的情况下,保证MAP-E隧道正常启动和运行。
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统可以被实施为软件、固件、硬件及其适当的组合。某些物理组件或所有物理组件可以被实施为由处理器,如中央处理器、数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。
以上是对本申请的一些实施进行了具体说明,但本申请并不局限于上述实施方式,熟悉本领域的技术人员在不违背本申请范围的前提下还可作出种种的等同变形或替换,这些等同的变形或替换均包含在本申请权利要求所限定的范围内。
Claims (17)
- 一种MAP-E隧道的配置管理方法,应用于用户前端设备CPE,包括:向规则参数服务器发送携带有MAP-E隧道配置参数请求信息的第一HTTP请求报文;接收由规则参数服务器根据所述第一HTTP请求报文中的所述MAP-E隧道配置参数请求信息发送的第一应答报文,所述第一应答报文包括MAP-E隧道配置参数;基于所述第一应答报文中的所述MAP-E隧道配置参数配置MAP-E隧道。
- 根据权利要求1所述的一种MAP-E隧道的配置管理方法,其中,在向规则参数服务器发送第一HTTP请求报文之前,还包括:向规则参数服务器发送第二HTTP请求报文,所述第二HTTP请求报文携带有鉴权请求信息;接收由规则参数服务器根据所述第二HTTP请求报文中的所述鉴权请求信息发送的第二应答报文,所述第二应答报文携带鉴权是否成功的信息。
- 根据权利要求1所述的一种MAP-E隧道的配置管理方法,其中,所述向规则参数服务器发送携带有MAP-E隧道配置参数请求信息的第一HTTP请求报文,包括:对MAP-E隧道配置参数请求信息进行加密,并根据经过加密的MAP-E隧道配置参数请求信息建立第一HTTP请求报文;向规则参数服务器发送所述第一HTTP请求报文。
- 根据权利要求3所述的一种MAP-E隧道的配置管理方法,其中,所述基于所述第一应答报文中的所述MAP-E隧道配置参数配置MAP-E隧道,包括:对所述第一应答报文的内部数据进行解密,得到所述MAP-E隧道配置参数;根据所述MAP-E隧道配置参数配置MAP-E隧道。
- 根据权利要求4所述的一种MAP-E隧道的配置管理方法,其中,所述根据所述MAP-E隧道配置参数配置MAP-E隧道,包括:当所述MAP-E隧道配置参数被确定为有效并且被确定为与当前网络连接参数匹配,利用所述MAP-E隧道配置参数配置MAP-E隧道。
- 根据权利要求4所述的一种MAP-E隧道的配置管理方法,其中,所述根据所述MAP-E隧道配置参数配置MAP-E隧道,还包括:当所述MAP-E隧道配置参数被确定为无效和/或被确定为与当前网络连接参数不匹配,在到达第一预设时长后重新向规则参数服务器发送所述第一HTTP请求报文。
- 根据权利要求1所述的一种MAP-E隧道的配置管理方法,还包括:将所述MAP-E隧道配置参数更新到CPE的数据库中。
- 根据权利要求7所述的一种MAP-E隧道的配置管理方法,其中,还包括:当未在第二预设时长内接收到由规则参数服务器发送的所述第一应答报文,从CPE的数据库中获取所述MAP-E隧道配置参数;当从CPE的数据库中获取的所述MAP-E隧道配置参数被确定为有效并且被确定为与当前网络连接参数匹配,利用所述MAP-E隧道配置参数配置MAP-E隧道。
- 根据权利要求8所述的一种MAP-E隧道的配置管理方法,其中,还包括:当从CPE的数据库中获取的所述MAP-E隧道配置参数被确定为无效和/或被确定为与 当前网络连接参数不匹配,在到达第三预设时长后重新向规则参数服务器发送所述第一HTTP请求报文。
- 根据权利要求1所述的一种MAP-E隧道的配置管理方法,其中,所述向规则参数服务器发送携带有MAP-E隧道配置参数请求信息的第一HTTP请求报文,包括:向宽带远程接入服务器BRAS发送携带有MAP-E隧道配置参数请求信息的DHCPv6请求报文;当未在第四预设时长内接收到由BRAS发送的DHCPv6应答报文,向规则参数服务器发送携带有MAP-E隧道配置参数请求信息的第一HTTP请求报文。
- 根据权利要求1至10任一项所述的一种MAP-E隧道的配置管理方法,其中,还包括:在完成MAP-E隧道的配置并且在到达第五预设时长后,重新向规则参数服务器发送所述第一HTTP请求报文。
- 一种MAP-E隧道的配置管理方法,应用于规则参数服务器,包括:接收由CPE发送的第一HTTP请求报文,所述第一HTTP请求报文携带有MAP-E隧道配置参数请求信息;根据所述第一HTTP请求报文中的所述MAP-E隧道配置参数请求信息向CPE发送携带有MAP-E隧道配置参数的第一应答报文,以使CPE根据所述第一应答报文中的所述MAP-E隧道配置参数配置MAP-E隧道。
- 根据权利要求12所述的一种MAP-E隧道的配置管理方法,其中,在接收由CPE发送的第一HTTP请求报文之前,还包括:接收由CPE发送的第二HTTP请求报文,所述第二HTTP请求报文携带有鉴权请求信息;根据所述第二HTTP请求报文中的所述鉴权请求信息向CPE发送第二应答报文,所述第二应答报文携带鉴权是否成功的信息。
- 根据权利要求12所述的一种MAP-E隧道的配置管理方法,其中,所述根据所述第一HTTP请求报文中的所述MAP-E隧道配置参数请求信息向CPE发送携带有MAP-E隧道配置参数的第一应答报文,包括:对所述第一HTTP请求报文的内部数据进行解密,得到所述MAP-E隧道配置参数请求信息;根据所述MAP-E隧道配置参数请求信息为CPE分配MAP-E隧道配置参数;对MAP-E隧道配置参数进行加密,并根据经过加密的MAP-E隧道配置参数建立第一应答报文;向CPE发送所述第一应答报文。
- 一种用户前端设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,其中,所述处理器通过所述计算机程序执行上述权利要求1至11中任一项所述的MAP-E隧道的配置管理方法。
- 一种规则参数服务器,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,其中,所述处理器通过所述计算机程序执行上述权利要求12至14中任一项所述的MAP-E隧道的配置管理方法。
- 一种计算机可读存储介质,存储有计算机可执行指令,其中,所述计算机可执行 指令用于执行权利要求1至11中任一项所述的MAP-E隧道的配置管理方法或执行权利要求12至14中任一项所述的MAP-E隧道的配置管理方法。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010574064.8 | 2020-06-22 | ||
CN202010574064.8A CN113923110A (zh) | 2020-06-22 | 2020-06-22 | Map-e隧道的配置管理方法、设备、服务器以及存储介质 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021259110A1 true WO2021259110A1 (zh) | 2021-12-30 |
Family
ID=79231214
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/100401 WO2021259110A1 (zh) | 2020-06-22 | 2021-06-16 | Map-e隧道的配置管理方法、设备、服务器以及存储介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN113923110A (zh) |
WO (1) | WO2021259110A1 (zh) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102158563A (zh) * | 2010-02-12 | 2011-08-17 | 华为技术有限公司 | IPv6过渡网络中获取IPv6配置信息的方法、系统以及装置 |
CN103731394A (zh) * | 2012-10-10 | 2014-04-16 | 中国移动通信集团公司 | 一种在CPE上配置IPv6过渡技术的方法及设备 |
CN103856581A (zh) * | 2014-03-26 | 2014-06-11 | 清华大学 | 一种用户侧设备的翻译封装自适应算法 |
US20160285703A1 (en) * | 2015-03-23 | 2016-09-29 | Verizon Patent And Licensing Inc. | Cpe network configuration systems and methods |
CN106713100A (zh) * | 2015-11-17 | 2017-05-24 | 华为数字技术(苏州)有限公司 | 一种自动建立隧道的方法、cpe及汇聚设备 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3742390B2 (ja) * | 2003-01-17 | 2006-02-01 | 株式会社東芝 | Httpトンネリングサーバを用いた通信方法および通信装置、プログラム |
WO2009018658A1 (en) * | 2007-08-03 | 2009-02-12 | Hexago | Device, system and method for automatic ipv4 provisioning in a local area network connected to an ipv6 network |
JP6077945B2 (ja) * | 2013-06-17 | 2017-02-08 | 日本電信電話株式会社 | ネットワークシステム及び制御方法 |
-
2020
- 2020-06-22 CN CN202010574064.8A patent/CN113923110A/zh active Pending
-
2021
- 2021-06-16 WO PCT/CN2021/100401 patent/WO2021259110A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102158563A (zh) * | 2010-02-12 | 2011-08-17 | 华为技术有限公司 | IPv6过渡网络中获取IPv6配置信息的方法、系统以及装置 |
CN103731394A (zh) * | 2012-10-10 | 2014-04-16 | 中国移动通信集团公司 | 一种在CPE上配置IPv6过渡技术的方法及设备 |
CN103856581A (zh) * | 2014-03-26 | 2014-06-11 | 清华大学 | 一种用户侧设备的翻译封装自适应算法 |
US20160285703A1 (en) * | 2015-03-23 | 2016-09-29 | Verizon Patent And Licensing Inc. | Cpe network configuration systems and methods |
CN106713100A (zh) * | 2015-11-17 | 2017-05-24 | 华为数字技术(苏州)有限公司 | 一种自动建立隧道的方法、cpe及汇聚设备 |
Non-Patent Citations (2)
Title |
---|
31 July 2015 (2015-07-31), O. TROAN, ED. W. DEC CISCO SYSTEMS X. LI C. BAO TSINGHUA UNIVERSITY S. MATSUSHIMA SOFTBANK TELECOM T. MURAKAMI IP INFUSION T. TAYL: "Mapping of Address and Port with Encapsulation (MAP-E); rfc7597.txt", XP015107651, Database accession no. 7597 * |
31 July 2015 (2015-07-31), T. MRUGALSKI O. TROAN CISCO SYSTEMS I. FARRER DEUTSCHE TELEKOM AG S. PERREAULT JIVE COMMUNICATIONS W. DEC CISCO SYSTEMS C. BAO TSI: "DHCPv6 Options for Configuration of Softwire Address and Port-Mapped Clients; rfc7598.txt", XP015107652, Database accession no. 7598 * |
Also Published As
Publication number | Publication date |
---|---|
CN113923110A (zh) | 2022-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11165604B2 (en) | Method and system used by terminal to connect to virtual private network, and related device | |
EP3096497B1 (en) | Method, apparatus, and network system for terminal to traverse private network to communicate with server in ims core network | |
US10862859B2 (en) | Highly available DHCP service by running DHCP servers on a blockchain network | |
WO2018040529A1 (zh) | 一种报文处理方法、设备及系统 | |
US20160226815A1 (en) | System and method for communicating in an ssl vpn | |
US20030084162A1 (en) | Managing peer-to-peer access to a device behind a firewall | |
US10341286B2 (en) | Methods and systems for updating domain name service (DNS) resource records | |
EP2161873A1 (en) | Method, device and system for realizing a new group member registration in the multicast key management | |
CN112671763B (zh) | 组网环境下的数据同步方法、装置、计算机设备及存储介质 | |
CN106169952B (zh) | 一种英特网密钥管理协议重协商的认证方法及装置 | |
EP3044913A1 (fr) | Procede et systeme d'etablissement de reseaux prives virtuels entre reseaux locaux | |
US8601271B2 (en) | Method and system for power management using ICMPV6 options | |
CN111614596B (zh) | 一种基于IPv6隧道技术的远程设备控制方法及系统 | |
WO2019167057A1 (en) | Relaying media content via a relay server system without decryption | |
KR100894921B1 (ko) | 네트워크 이벤트를 조정하는 장치와 방법 | |
US10951511B2 (en) | Method and device for providing an address by device to be managed of a network | |
CN103944716A (zh) | 用户认证的方法和装置 | |
EP3932044B1 (en) | Automatic distribution of dynamic host configuration protocol (dhcp) keys via link layer discovery protocol (lldp) | |
CN102546429A (zh) | 基于dhcp监听的isatap隧道的认证方法和系统 | |
WO2016192407A1 (zh) | 域名系统地址配置方法、装置及计算机存储介质 | |
WO2014110912A1 (zh) | 访问局域网中隔离区主机的方法和装置 | |
US10412122B1 (en) | Dynamic per-session NAT-behavior selection | |
WO2021259110A1 (zh) | Map-e隧道的配置管理方法、设备、服务器以及存储介质 | |
CN108123943B (zh) | 信息验证方法及装置 | |
JP2005341084A (ja) | Vpnシステム、リモート端末及びそれらに用いるリモートアクセス通信方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21829922 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 12/05/2023) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21829922 Country of ref document: EP Kind code of ref document: A1 |