WO2022017099A1 - 通信方法、cp设备及nat设备 - Google Patents
通信方法、cp设备及nat设备 Download PDFInfo
- Publication number
- WO2022017099A1 WO2022017099A1 PCT/CN2021/101344 CN2021101344W WO2022017099A1 WO 2022017099 A1 WO2022017099 A1 WO 2022017099A1 CN 2021101344 W CN2021101344 W CN 2021101344W WO 2022017099 A1 WO2022017099 A1 WO 2022017099A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- address
- nat
- user
- nat device
- port block
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 223
- 238000004891 communication Methods 0.000 title claims abstract description 84
- 239000013256 coordination polymer Substances 0.000 claims abstract description 61
- 230000004044 response Effects 0.000 claims description 18
- 238000013519 translation Methods 0.000 claims description 14
- 208000033748 Device issues Diseases 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 71
- 238000012545 processing Methods 0.000 description 69
- 230000008569 process Effects 0.000 description 29
- 238000007726 management method Methods 0.000 description 28
- 238000005516 engineering process Methods 0.000 description 23
- 101100221143 Rattus norvegicus Cnga4 gene Proteins 0.000 description 19
- 101100384801 Bos taurus CGN1 gene Proteins 0.000 description 18
- 238000010586 diagram Methods 0.000 description 17
- 238000000926 separation method Methods 0.000 description 14
- 238000012544 monitoring process Methods 0.000 description 12
- 238000004590 computer program Methods 0.000 description 10
- 230000009977 dual effect Effects 0.000 description 8
- 239000004744 fabric Substances 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 6
- 208000037550 Primary familial polycythemia Diseases 0.000 description 5
- 238000012217 deletion Methods 0.000 description 5
- 230000037430 deletion Effects 0.000 description 5
- 230000010354 integration Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 5
- 208000017693 primary familial polycythemia due to EPO receptor mutation Diseases 0.000 description 5
- 230000001960 triggered effect Effects 0.000 description 5
- 238000013475 authorization Methods 0.000 description 4
- 238000011144 upstream manufacturing Methods 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005538 encapsulation Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000013508 migration Methods 0.000 description 2
- 230000005012 migration Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000007704 transition Effects 0.000 description 2
- KJLPSBMDOIVXSN-UHFFFAOYSA-N 4-[4-[2-[4-(3,4-dicarboxyphenoxy)phenyl]propan-2-yl]phenoxy]phthalic acid Chemical compound C=1C=C(OC=2C=C(C(C(O)=O)=CC=2)C(O)=O)C=CC=1C(C)(C)C(C=C1)=CC=C1OC1=CC=C(C(O)=O)C(C(O)=O)=C1 KJLPSBMDOIVXSN-UHFFFAOYSA-N 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- RGNPBRKPHBKNKX-UHFFFAOYSA-N hexaflumuron Chemical compound C1=C(Cl)C(OC(F)(F)C(F)F)=C(Cl)C=C1NC(=O)NC(=O)C1=C(F)C=CC=C1F RGNPBRKPHBKNKX-UHFFFAOYSA-N 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000005693 optoelectronics Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/741—Routing in networks with a plurality of addressing schemes, e.g. with both IPv4 and IPv6
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2521—Translation architectures other than single NAT servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
- H04L12/2869—Operational details of access network equipments
- H04L12/287—Remote access server, e.g. BRAS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/302—Route determination based on requested QoS
- H04L45/304—Route determination for signalling traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/76—Routing in software-defined topologies, e.g. routing between virtual machines
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/251—Translation of Internet protocol [IP] addresses between different IP versions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
- H04L61/2571—NAT traversal for identification, e.g. for authentication or billing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/503—Internet protocol [IP] addresses using an authentication, authorisation and accounting [AAA] protocol, e.g. remote authentication dial-in user service [RADIUS] or Diameter
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/24—Accounting or billing
Definitions
- the present application relates to the field of communication technologies, and in particular, to a communication method, a CP device and a NAT device.
- IP addresses of the public network face the problem of insufficient resources.
- IPv4 Internet Protocol version 4 addresses of the public network
- a network address translation Network Address Translation, NAT
- CGN Carrier Grade NAT
- a gateway device such as a Broadband Network Gateway (BNG) will allocate a private network IP address to the user.
- BNG Broadband Network Gateway
- the NAT device converts the private network IP address to the public network IP address, so that users can access the public network through the converted public network IP address.
- NAT devices are divided into independent NAT devices (such as independent CGN devices) and plug-in NAT devices (such as CGN boards).
- the form of a standalone NAT device is a standalone device.
- the stand-alone NAT device is connected to a network of gateway devices such as BNG through a wire.
- the card-type NAT device is in the form of a board.
- the card-type NAT device is inserted into the slot of a gateway device such as a BNG, so as to be integrated with the gateway device.
- the gateway device When the gateway device is implemented by a miniaturized device (such as a mini BNG), since the miniaturized device does not have a separate slot for inserting a card-type NAT device, the NAT function is usually implemented by an independent NAT device. In this case, the traceability function is usually implemented through a log (Log) server during the traffic forwarding phase. Specifically, after the user equipment sends the data packet, the data packet will be forwarded to the NAT device. The NAT device receives the data packet and translates the source IP in the data packet from the private network IP address to the public network IP address. At the same time, the NAT device generates NAT logs based on the private network IP address and the public network IP address. The NAT device sends NAT logs to the log server.
- Log log
- NAT logs include the mapping relationship between private network IP addresses and public network IP addresses.
- the log server queries the NAT log based on the public network IP address, and obtains the private network IP address corresponding to the public IP address from the NAT log, thereby implementing source tracing on the log server.
- the source tracing method based on the independent NAT device relies on the log server. Therefore, operators need to invest in the construction of log servers to achieve the purpose of traceability, which leads to high traceability costs.
- the embodiments of the present application provide a communication method, a CP device, and a NAT device, which help to reduce the cost of traceability.
- the technical solution is as follows.
- a communication method is provided.
- the method is applied to a communication system in which a control plane (CP) and a user plane (UP) are separated.
- CP control plane
- UP user plane
- the CP The device assigns IP addresses to users.
- the CP device sends the assigned IP address to the NAT device.
- the NAT device allocates the public IP address corresponding to the IP address sent by the CP device to the user.
- the network IP address is reported to the CP device.
- the CP device According to the public network IP address reported by the NAT device, the CP device carries the IP address assigned by the CP device and the public network IP address assigned by the NAT device in the accounting packet, and dials the authentication service (remote authentication dial in user service, RADIUS) to the remote user. ) server sends an accounting packet, thereby reporting the IP address assigned by the CP device and the public network IP address assigned by the NAT device to the RADIUS server, so that the NAT source can be traced on the RADIUS server.
- RADIUS remote authentication dial in user service
- the source tracing method can be performed by multiplexing the RADIUS server, which gets rid of the limitation of building a log server for source tracing and reduces the cost of source tracing.
- the NAT device is implemented by an independent NAT device, and helps to solve the problems of insufficient UP slots and insufficient NAT processing capability when the NAT device is implemented by a plug-in NAT device such as a service board. problem.
- the first IP address includes at least one of a private network IPv4 address or an internet protocol version 6 (internet protocol version 6, IPv6) address.
- the CP device can help implement RADIUS source traceability in the NAT44 (NAT IPv4-IPv4) scenario by allocating the private network IPv4 address and delivering the private network IPv4 address to the NAT device.
- NAT IPv4-IPv4 NAT IPv4-IPv4
- the CP device helps to implement RADIUS source traceability in dual-stack networks such as lightweight dual-stack lite (DS-Lite) scenarios.
- the communication system includes a gateway system, and the gateway system is a broadband network gateway BNG system or a broadband remote access server (virtual broadband remote access server, BRAS) system.
- the gateway system is a broadband network gateway BNG system or a broadband remote access server (virtual broadband remote access server, BRAS) system.
- BRAS broadband remote access server
- the accounting message further includes a port block, where the port block includes at least one port number allocated by the NAT device for the user; the CP device receives the second IP address from the NAT device, The method includes: the CP device receives the information of the user from the NAT device, where the information of the user includes the correspondence between the first IP address, the second IP address and the port block.
- the method further includes: the CP device receives a port block set from the RADIUS server, where the port block set includes the port block ; The CP device sends the port block set to the NAT device.
- the RADIUS server delivers the port block set to the CP device, and then the CP device delivers the port block set to the NAT device.
- Specifying a NAT device allocates port blocks within a set of port blocks, thus satisfying the need to specify a range of NAT port blocks.
- the CP sends the port block set specified by RADIUS and the IP address to the NAT device, so that the process of specifying the port block range through RADIUS and the process of triggering the NAT device to allocate the public network IP can be executed simultaneously, reducing communication overhead and cost. Implementation complexity.
- the method further includes at least one of the following: if the user goes offline, the CP device sends a delete message to the NAT device, the The delete message is used to instruct the NAT device to delete the user information stored on the NAT device; if the user goes offline, the CP device deletes the user information stored on the CP device.
- the CP device instructs the NAT device to delete the user's information when the user goes offline, thereby releasing the storage space occupied by the information of the offline user on the NAT device in time, saving the storage resources of the NAT device. Avoid resource consumption problems on NAT devices.
- the CP device deletes the locally saved user information when the user goes offline, thereby releasing the storage space occupied by the information of the offline user on the CP device in time, saving the storage resources of the CP device and avoiding resource consumption on the CP device The problem.
- the NAT device includes a primary NAT device and a backup NAT device that are in a backup relationship with each other, and the CP device receives the second IP address from the NAT device, including: the CP device receives from the primary NAT device. the user's information.
- the CP device delivers the user information sent by the primary NAT device to the backup NAT device, so that the backup NAT device obtains the user information stored on the primary NAT device.
- the synchronization of user information between the standby NAT device and the main NAT device is realized, so that the active-standby switchover can be triggered when the main NAT device fails, so as to realize the normal operation of services.
- the backup NAT device and the master NAT device do not need to deploy a master-slave election mechanism similar to the Virtual Router Redundancy Protocol (VRRP). Wiring, simplifying configuration and deployment of resources.
- VRRP Virtual Router Redundancy Protocol
- the method further includes:
- the CP device sends the information of the user to the standby NAT device.
- the method further includes: if the primary NAT device is in a fault state, the CP device sends a first update message to the backup NAT device, where the first update message is used to instruct the backup NAT device The routing priority corresponding to the second IP address is increased.
- the CP device sends the first update message to the backup NAT device to notify the backup NAT device to adjust the routing priority corresponding to the public network address. Therefore, the traffic on the network side will be switched from the active NAT device to the standby NAT device, so that the standby NAT device is upgraded to the active NAT device and replaces the previously faulty active NAT device to handle the traffic on the network side to avoid interruption of traffic transmission.
- the traffic switching is guided by the CP device, it can be ensured that there is no traffic bypass between the primary NAT device and the backup NAT device.
- the method can be applied to the NAT44 scenario, which is helpful to realize dual-system backup in the NAT44 scenario.
- the method further includes: if the primary NAT device is in a fault state, the CP device sends a second update message to the backup NAT device, where the second update message is used to instruct the backup NAT device A route priority corresponding to a third IP address is increased, where the third IP address is an IP address of a tunnel endpoint, and the tunnel endpoint includes the primary NAT device or the backup NAT device.
- the CP device sends the first update message and the second update message to the backup NAT device to notify the backup NAT device to adjust the routing priority corresponding to the public network address and the routing priority corresponding to the tunnel endpoint address. Since the priority of the route corresponding to the public network address of the backup NAT device is increased, the traffic on the network side will be switched from the primary NAT device to the backup NAT device. The traffic on the network side will be switched from the active NAT device to the standby NAT device, so that the standby NAT device will be upgraded to the active NAT device, replacing the previously faulty active NAT device to handle network-side traffic and user-side traffic, avoiding interruption of traffic transmission.
- this method can be applied to DS-Lite scenarios, which is helpful for realizing dual-system backup in DS-Lite scenarios.
- a communication method is provided. Taking the method performed by a NAT device as an example, the NAT device receives a first IP address allocated by the CP device for a user from a CP device, and the CP device is a CP and an UP. A CP device in a separate communication system; the NAT device assigns a second IP address to the user, and the second IP address is a public network IP address; the NAT device sends the second IP address to the CP device address.
- the NAT device After the NAT device assigns a public IP address, it reports the public IP address to the CP device, so that the CP device can carry the IP address assigned by the CP device and the public IP address assigned by the NAT device in the accounting packet, and dial the authentication service to the remote user.
- the remote authentication dial in user service (RADIUS) server sends accounting packets to report the IP address assigned by the CP device and the public IP address assigned by the NAT device to the RADIUS server, so that NAT source tracing can be performed on the RADIUS server.
- RADIUS remote authentication dial in user service
- the source tracing method can be performed by multiplexing the RADIUS server, which gets rid of the limitation of building a log server for source tracing and reduces the cost of source tracing.
- the NAT device is implemented by an independent NAT device, and helps to solve the problems of insufficient UP slots and insufficient NAT processing capability when the NAT device is implemented by a plug-in NAT device such as a service board. problem.
- the method further includes: the NAT device allocates a port block for the user, where the port block includes at least A port number; the NAT device sends the port block to the CP device.
- the method further includes: the NAT device receives a port block set from the CP device; the NAT device allocates a port block to the user, including: : The NAT device allocates a port block to the user within the port block set.
- the method further includes: the NAT device saves information of the user, where the user information includes the first IP address, all The corresponding relationship between the second IP address and the port block.
- the sending, by the NAT device, the second IP address to the CP device includes: the NAT device sending the information of the user to the CP device.
- the method further includes: the NAT device receives a deletion message from the CP device; in response to the deletion message, the The NAT device deletes the user's information.
- the NAT device is a backup NAT device in a primary NAT device and a backup NAT device in a mutual backup relationship, and before the NAT device allocates the second IP address to the user, the method further includes:
- the standby NAT device receives the user information from the CP device, where the user information includes the correspondence between the first IP address, the second IP address, and a port block, where the port block includes at least one Port number; the NAT device assigns the second IP address to the user, including: when the primary NAT device fails, the backup NAT device assigns the second IP address to the user according to the user's information .
- the method further includes: the standby NAT device receives a first update message from the CP device; in response to the first update message, the standby NAT device improves the route corresponding to the second IP address priority.
- the method further includes: the standby NAT device receives a second update message from the CP device;
- the standby NAT device increases the routing priority corresponding to the third IP address, where the third IP address is the IP address of the tunnel endpoint, and the tunnel endpoint includes the primary NAT device or the Describe the NAT device.
- a CP device is provided, the CP device is located in a communication system in which the CP and the UP are separated, and the CP device includes:
- an allocation unit used for allocating a first IP address to a user
- a sending unit configured to send the first IP address to the NAT device
- a receiving unit configured to receive a second IP address from the NAT device, where the second IP address is a public IP address allocated by the NAT device for the user;
- the sending unit is further configured to send an accounting packet to the RADIUS server, where the accounting packet includes the first IP address and the second IP address.
- the first IP address includes at least one of a private network IPv4 address or an IPv6 address.
- the communication system includes a gateway system, and the gateway system is a BNG system or a BRAS system.
- the accounting message further includes a port block, and the port block includes at least one port number allocated by the NAT device to the user;
- the receiving unit is configured to receive the information of the user from the NAT device, where the information of the user includes the correspondence between the first IP address, the second IP address and the port block.
- the receiving unit is further configured to receive a port block set from the RADIUS server, where the port block set includes the port block;
- the sending unit is further configured to send the port block set to the NAT device.
- the sending unit is further configured to send a delete message to the NAT device if the user goes offline, where the delete message is used to instruct the NAT device to delete the user saved on the NAT device Information;
- the CP device further includes: a deletion unit, configured to delete the user's information saved on the CP device if the user goes offline.
- the NAT device includes a primary NAT device and a backup NAT device that are in a backup relationship with each other, and the receiving unit is configured to receive the user information from the primary NAT device.
- the sending unit is further configured to send the information of the user to the standby NAT device.
- the sending unit is further configured to send a first update message to the backup NAT device if the primary NAT device is in a fault state, where the first update message is used to instruct the backup NAT device to improve the The routing priority corresponding to the second IP address.
- the sending unit is further configured to send a second update message to the backup NAT device if the primary NAT device is in a fault state, where the second update message is used to instruct the backup NAT device to improve the first update message.
- the units in the CP device provided by the third aspect are implemented by software, and the units in the CP device are program units. In other embodiments, the units in the CP device provided by the third aspect are implemented by hardware or firmware.
- a NAT device in a fourth aspect, includes:
- a receiving unit configured to receive the first IP address allocated by the CP device for the user from the CP device, where the CP device is the CP device in the communication system in which the CP and the UP are separated;
- an allocation unit configured to allocate a second IP address to the user, where the second IP address is a public network IP address;
- a sending unit configured to send the second IP address to the CP device.
- the assigning unit is also configured to assign a port block to the user, and the port block includes at least one port number;
- the sending unit is further configured to send the port block to the CP device.
- the receiving unit is further configured to receive a port block set from the CP device;
- the allocating unit is configured to allocate a port block to the user within the port block set.
- the NAT device further includes: a saving unit, configured to save the information of the user, where the information of the user includes the correspondence between the first IP address, the second IP address and the port block .
- the sending unit is configured to send the information of the user to the CP device.
- the receiving unit is further configured to receive a delete message from the CP device;
- the NAT device further includes: a deletion unit for, in response to the deletion message, the NAT device to delete the user's information.
- the NAT device is a backup NAT device in a primary NAT device and a backup NAT device in a mutual backup relationship
- the receiving unit is further configured to receive the information of the user from the CP device, the user
- the information includes the correspondence between the first IP address, the second IP address and a port block, and the port block includes at least one port number;
- the assigning unit is further configured to assign the second IP address to the user according to the user's information when the primary NAT device fails.
- the receiving unit is further configured to receive a first update message from the CP device;
- the NAT device further includes: an improving unit, configured to increase the second IP address in response to the first update message The route priority corresponding to the address.
- the receiving unit is further configured to receive a second update message from the CP device;
- the NAT device further includes: an improving unit, configured to, in response to the second update message, improve the correspondence of the third IP address
- the third IP address is the IP address of the tunnel endpoint, and the tunnel endpoint includes the primary NAT device or the backup NAT device.
- the unit in the NAT device provided by the fourth aspect is implemented by software, and the unit in the NAT device is a program unit. In other embodiments, the units in the NAT device provided in the fourth aspect are implemented by hardware or firmware.
- a fifth aspect provides a CP device, the CP device includes a processor and a communication interface, and the processor is used to execute an instruction, so that the CP device executes the above-mentioned first aspect or any optional manner of the first aspect.
- a communication method wherein the communication interface is used for receiving or sending messages.
- a NAT device in a sixth aspect, includes a processor and a communication interface, and the processor is used to execute an instruction, so that the NAT device executes the above-mentioned second aspect or any optional manner of the second aspect.
- a communication method wherein the communication interface is used for receiving or sending messages.
- a computer-readable storage medium where at least one instruction is stored in the storage medium, and the instruction is read by a processor to cause the CP device to execute the first aspect or any optional manner of the first aspect.
- a computer-readable storage medium is provided, and at least one instruction is stored in the storage medium, and the instruction is read by the processor to cause the NAT device to perform the above-mentioned second aspect or any optional manner of the second aspect.
- a computer program product comprising computer instructions stored in a computer-readable storage medium.
- the processor of the CP device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the CP device executes the first aspect or the communication method provided in any optional manner of the first aspect.
- a computer program product comprising computer instructions stored in a computer-readable storage medium.
- the processor of the NAT device reads the computer instruction from the computer-readable storage medium, and the processor executes the computer instruction, so that the NAT device executes the first aspect or the communication method provided in any optional manner of the first aspect.
- a chip is provided, when the chip runs on a CP device, the CP device is made to execute the communication method provided in the first aspect or any optional manner of the first aspect.
- a twelfth aspect provides a chip that, when the chip runs on a NAT device, enables the NAT device to execute the communication method provided in the second aspect or any optional manner of the second aspect.
- a thirteenth aspect provides a communication system, where the communication system includes a CP device and a NAT device, where the CP device is configured to execute the method described in the first aspect or any optional manner of the first aspect, the NAT device It is used to execute the method described in the second aspect or any optional manner of the second aspect.
- a fourteenth aspect provides a CP device, where the CP device includes: a central processing unit, a network processor, and a physical interface.
- the central processing unit is configured to perform the following operations: assign the first IP address to the user.
- the network processor is configured to trigger the physical interface to perform the following operations: send the first IP address to the NAT device; receive the second IP address from the NAT device; and send an accounting packet to the RADIUS server.
- the CP device includes a main control board and an interface board, the central processing unit is disposed on the main control board, the network processor and the physical interface are disposed on the interface board, and the main control A board is coupled to the interface board.
- an inter-process communication (inter-process communication, IPC) channel is established between the main control board and the interface board, and the main control board and the interface board communicate through the IPC channel.
- IPC inter-process communication
- a fifteenth aspect provides a NAT device, where the NAT device includes: a central processing unit, a network processor, and a physical interface.
- the central processing unit is configured to perform the following operations: assign a second IP address to the user.
- the network processor is configured to trigger the physical interface to perform the following operations: receive the first IP address from the CP device; and send the second IP address to the CP device.
- the NAT device includes a main control board and an interface board, the central processing unit is arranged on the main control board, the network processor and the physical interface are arranged on the interface board, and the main control A board is coupled to the interface board.
- an inter-process communication (inter-process communication, IPC) channel is established between the main control board and the interface board, and the main control board and the interface board communicate through the IPC channel.
- IPC inter-process communication
- FIG. 1 is a schematic diagram of performing NAT in a BNG system provided by an embodiment of the present application
- FIG. 2 is a schematic diagram of performing NAT through an independent CGN device and a log server provided by an embodiment of the present application;
- FIG. 3 is a flowchart of interaction with a legal interception platform under a RADIUS traceability provided by an embodiment of the present application
- FIG. 5 is a schematic diagram of a system architecture provided by an embodiment of the present application.
- FIG. 6 is a schematic diagram of a system architecture provided by an embodiment of the present application.
- FIG. 7 is a schematic diagram of a system architecture provided by an embodiment of the present application.
- FIG. 8 is a flowchart of a communication method 200 provided by an embodiment of the present application.
- FIG. 9 is a flowchart of a communication method 300 in a NAT44 scenario provided by an embodiment of the present application.
- FIG. 10 is a flowchart of a communication method 400 in a NAT44 scenario provided by an embodiment of the present application.
- FIG. 11 is a flowchart of a communication method 500 in a DS-Lite scenario provided by an embodiment of the present application.
- FIG. 12 is a schematic diagram of a dual-machine backup of a CGN device provided by an embodiment of the present application.
- FIG. 13 is a schematic diagram of dual-machine backup of CGN equipment in a DS-Lite scenario provided by an embodiment of the present application;
- FIG. 14 is a schematic diagram of a UP dual-machine backup provided by an embodiment of the present application.
- FIG. 15 is a schematic structural diagram of a CP device provided by an embodiment of the present application.
- FIG. 16 is a schematic structural diagram of a NAT device provided by an embodiment of the present application.
- FIG. 17 is a schematic structural diagram of a CP device provided by an embodiment of the present application.
- FIG. 18 is a schematic structural diagram of a NAT device provided by an embodiment of the present application.
- FIG. 19 is a schematic structural diagram of a network system 1500 provided by an embodiment of the present application.
- Control plane and user plane disaggregated control plane and user plane disaggregated, CU separation
- SDN software defined network
- NFV network functions virtualization
- CU separation refers to the network architecture in which CP and UP are decoupled.
- CU separation includes, but is not limited to, implementation A and implementation B described below.
- control plane and the forwarding plane are located on different hardware devices.
- the CP device and the UP device are two separate and different devices.
- the CP device and the UP device are distributed in different locations.
- the CP device is located in the data center of the cloud, and the UP device is deployed in a suitable location in the network according to the requirements. In this way, the deployment of the control plane and the forwarding plane is more flexible.
- control plane and the forwarding plane are located on the same hardware device and have separate functions.
- the physical entity of the CP device and the physical entity of the UP device are the same device.
- the CP device and the UP device run in the same host, the same server or the same terminal.
- both the CP device and the UP device are implemented through virtualization technology.
- the CP device is called, for example, a virtual CP (virtual CP, vCP), and the UP device is called, for example, a virtual UP (virtual UP, vUP).
- the CP device is a virtual machine
- the UP device is a virtual router or virtual switch.
- both the CP device and the UP device are implemented based on a general physical server combined with NF) technology, and the CP device and the UP device are two different virtualized network functions (virtualized network functions, VNF).
- VNF virtualized network functions
- both the CP device and the UP device are network elements virtualized through the X86 server.
- the CP device is implemented by a virtualization technology
- the UP device is implemented by a traditional network device.
- the UP device is called, for example, a physical UP (physical UP, pUP).
- This embodiment does not limit the quantitative relationship between the CP device and the UP device in the communication system.
- there is a one-to-many relationship between CP devices and UP devices that is, one CP device is used to control multiple UP devices.
- there is a one-to-one correspondence between the CP device and the UP device that is, one CP device is used to control one UP device.
- the CU-separated communication system includes multiple UP devices.
- a plurality of UP devices are distributed in different locations in the communication system where the CU is separated.
- multiple UP devices in a communication system where CUs are separated cooperate to share forwarding tasks based on a distributed architecture.
- CU separation can have different names. For example, different standards, different versions of the same standard, different manufacturers, and different application scenarios may have different names for "CU separation".
- CU separation may also sometimes be referred to as “control and forwarding separation”, “forwarding control separation”, “control plane and user plane separation”, “control and user separation”, and the like.
- CP can have different names. For example, different standards, different versions of the same standard, different manufacturers, and different application scenarios may have different names for "CP”.
- CP may also sometimes be referred to as "CP function (CPF)" or "CP face”.
- CPF CP function
- CP face CP face
- CP device refers to any device that implements CP functionality.
- UP can have a different name.
- different standards, different versions of the same standard, different manufacturers, and different application scenarios may have different names for "UP”.
- UP may also sometimes be referred to as “UP function (UPF)” or "UP face”.
- UPF UP function
- UP face is used interchangeably herein.
- UP device refers to any device that implements UP functionality.
- the BNG system is used to undertake the function of connecting user equipment to a broadband network, and is very important in user broadband access services and scenarios.
- the main requirements for user access to the BNG system are user authentication, access control, and traffic scheduling.
- BNG is mainly responsible for authentication and Internet Protocol (IP) address allocation.
- IP Internet Protocol
- the authentication process is implemented based on a remote authentication dial in user service (RADIUS).
- RADIUS client RADIUS client
- RADIUS server RADIUS server
- the protocol stack processed by BNG includes but is not limited to the IP protocol over Ethernet (internet protocol over ethernet, IPoE), the point-to-point protocol over ethernet (PPPoE), 802.1ad protocol, Ethernet protocol and some 802.3 physical layer (some 802.3phy) protocols.
- IPoE IP protocol over Ethernet
- PPPoE point-to-point protocol over ethernet
- 802.1ad protocol 802.1ad protocol
- Ethernet protocol 802.3 physical layer
- the BNG system realizes the decoupling of control and forwarding and the decoupling of software and hardware based on the SDN or NFV architecture.
- the CP device in the BNG system controls multiple UP devices in the BNG system, the CP device schedules multiple UP devices to process traffic forwarding tasks, and the CP device allocates resources for multiple UPs. , the utilization and reliability of the equipment of the BNG system under the CU separation architecture can be greatly improved.
- the "CU-separated BNG” may have different names.
- different standards, different versions of the same standard, different manufacturers, and different application scenarios may have different names for the "CU-separated BNG”.
- the term "CU-disaggregated BNG” may also sometimes be referred to as a “disaggregated BNG system (disaggregated BNG, DBNG)", and correspondingly, the CP device in the CU-disaggregated BNG may be referred to as a DBNG-CP, and the CU-disaggregated BNG may be referred to as a DBNG-CP.
- the UP device in the BNG may be referred to as DBNG-UP.
- CU-disaggregated BNG may also sometimes be referred to as "virtual broadband network gateway (virtual BNG, vBNG) control plane and user plane disaggregated system (control plane and user plane disaggregated System, CU system)", that is "vBNG CU system"
- vBNG CU system virtual broadband network gateway
- the CP device in the CU-separated BNG may be referred to as vBNG-CP
- the UP device in the CU-separated BNG may be referred to as vBNG-UP.
- CU-separated BNG may also sometimes be referred to as "virtual broadband remote access server (vBRAS) CU system", that is, “vBRAS CU system”, correspondingly, the CU-separated BNG
- vBRAS-CP virtual broadband remote access server
- UP device in the CU-split BNG may be referred to as vBRAS-UP.
- DBNG "vBNG CU system”
- vBRAS CU system are used interchangeably herein.
- the users in the embodiments of the present application include but are not limited to customer premise equipment (customer premise equipment, CPE) or terminals.
- CPE customer premise equipment
- at least one terminal is connected to the CPE
- the CPE is connected to the BNG system.
- Assigning an IP address to a user by the BNG system means that the BNG system assigns an IP address to the CPE, and the CPE further assigns an IP address to each terminal.
- assigning an IP address to a user by the BNG system means that the BNG system assigns an IP address to a terminal.
- CGN refers to large-scale NAT, and specifically refers to a technology that achieves statistical multiplexing of the current public network IPv4 addresses through the large-scale deployment of Internet Protocol Version 4 (IPv4) private addresses.
- IPv4 Internet Protocol Version 4
- CGN can improve the utilization rate of IPv4 addresses, so as to solve the problem of IPv4 address exhaustion in a relatively long period of time, ensure a smooth transition of services, and buy time for the deployment of Internet Protocol Version 6 (IPv6) addresses.
- IPv6 Internet Protocol Version 6
- a stand-alone CGN device is an independent device that exclusively undertakes CGN functions.
- Standalone CGN equipment for example, is side-mounted on the BNG system.
- the IPv4 traffic of the user's private network is directed to the stand-alone CGN device.
- the stand-alone CGN device After the stand-alone CGN device performs NAT processing, it returns the NAT-translated public network IPv4 traffic to the BNG system.
- address translation subscriber management is performed, for example, on the CGN and BNG systems, respectively.
- a card-type CGN device refers to a single board that undertakes the CGN function and is inserted into a device with other functions.
- a card-type CGN device occupies one slot of the device.
- NAT44 refers to the translation of one IPv4 address to another IPv4 address. For example, convert a private network IPv4 address to a public network IPv4 address.
- Dual stack (dual stack, DS)
- Dual stack means that both the IPv4 protocol stack and the IPv6 protocol stack are installed on the device, so as to realize information exchange with IPv4 nodes or IPv6 nodes respectively.
- DS-Lite deploys IPv4-in-IPv6 tunnels in IPv6 networks to complete IPv4 service transmission, while IPv6 services are directly transmitted through IPv6 networks.
- the routing CPE is used as the basic bridging broadband (B4) of DS-Lite
- the BNG system is used as the IPv6 single-stack node
- the CGN is deployed in the metropolitan area network
- the CGN is used as the address family transition router of DS-Lite. router, AFTR).
- IPv6-Only IPv6 single-stack
- CGN BNG system
- CGN CGN
- core router CR
- B4 has the capability of dual stack, which is implemented on the host or CPE device.
- the CPE device is a home gateway in the operator's network.
- B4 creates an IPv4-in-IPv6 tunnel to AFTR.
- the AFTR terminates the IPv4-in-IPv6 tunnel and implements the function of NAT44.
- the AFTR is a CGN in the operator's network; the CGN may be an independent CGN device or a plug-in CGN.
- the deployment of the CGN feature hides the IP address information of private network users.
- the national security department requires CGN deployment to be traceable, that is, the IP addresses of private network users can be queried based on the public network address and port number to further lock down specific users.
- the address source tracing method adopts a RADIUS source tracing method.
- RADIUS source tracing refers to performing address source tracing on the RADIUS server.
- RADIUS traceability is implemented, for example, through the process of sending accounting packets. For example, after the BNG system assigns the public network IP address and port block to the user, the BNG system carries the public network IP address and port block in the accounting packet, and the BNG system sends the accounting packet to the RADIUS server to The IP address and port block are reported to the RADIUS server.
- the BNG system sends an accounting start packet to the RADIUS server
- the RADIUS server receives the accounting start packet, and records a RADIUS log according to the accounting start packet
- the BNG system sends an accounting start packet to the RADIUS server.
- the RADIUS server receives the accounting end packet and records a RADIUS log based on the accounting end packet.
- the RADIUS server performs address tracing based on the RADIUS logs recorded twice.
- the RADIUS log recorded according to the accounting start packet includes the correspondence between the private network IP address, the public network IP address, the port block, and the user online time.
- the user online time is, for example, the accounting start time in the accounting start packet.
- the RADIUS logs recorded according to the accounting end message include the correspondence between private network IP addresses, public network IP addresses, port blocks, and user online time.
- the user offline time is, for example, the accounting end time in the accounting end packet.
- Port blocks are also called port ranges.
- the port block includes at least one port number assigned to the user by the NAT device.
- the BNG system assigns a public IP address and a port segment to a private IP address.
- the public IP address and the port number in the port segment are used.
- Inter-chassis backup refers to the mutual backup relationship between the CPU in one device and the CPU in another device.
- the primary NAT instance and the secondary NAT instance are CPUs on two different hardware devices.
- the NAT instance is a specific NAT device.
- the primary NAT instance is CPU 0 in slot 1 on CGN device 1
- the backup NAT instance is CPU 0 in slot 2 on CGN device 2.
- Inter-chassis warm backup means that in the normal service operation scenario, the primary NAT device processes services, and the backup NAT device backs up user information in real time.
- the backup NAT device switches over to the primary NAT device and processes services based on pre-backed up user information.
- NAT device selection is implemented through a card-in CGN device.
- the UP device (such as the mini BNG device) in the BNG system is inserted into the plug-in CGN device to realize RADIUS traceability.
- the NAT address translation is performed on the BNG system.
- FIG. 1 shows the process of performing NAT on the BNG system, which specifically includes the following steps 1 to 5.
- Step 1 The user sends a dial-up request, and the dial-up request is used to apply for an IP address to the BNG system.
- the dialing request is transmitted from the terminal to the residential gateway (RGW), and then transmitted by the RGW to the switch (switch, SW) or the optical line termination (OLT), and then by the SW or The OLT is transmitted to the BNG system.
- Step 2 The BNG system receives the dial-up request and initiates an authentication request to the RADIUS server.
- Step 3 The RADIUS server receives the authentication request, generates an authentication result, and returns the authentication result to the BNG system.
- Step 4 The BNG system allocates the private network IP address, the user's public network IP address, and a port block to the user according to the configuration.
- the BNG system sends an accounting packet to the RADIUS server, carrying the user's public network IP address and port block through the RADIUS attribute, so as to implement the user's NAT source traceability.
- Step 5 The terminal sends traffic, and the traffic is forwarded to the BNG system.
- the BNG system After the BNG system performs NAT conversion on the traffic, it sends the converted traffic to the public network side so that users can access the public network.
- the source IP address of the traffic is the private network IPv4 address (10.1.1.1)
- the BNG system converts the private network IPv4 address (10.1.1.1) to the public network IPv4 address (100.1.1.1).
- Refreshing the NAT source tracing information refers to saving the NAT source tracing information of the migrated user on the plug-in CGN device inserted into the target UP device.
- the card-type CGN device inserted into the target UP device needs to allocate a public network IP address and a port block to each migrated user.
- the plug-in CGN device needs to send an accounting update message for each migrated user.
- the Steering scenario is also called the scenario of online dynamic migration of users, and the Steering scenario refers to the situation where an online user will be migrated from one UP device to another UP device.
- FIG. 2 shows a process of performing NAT through an independent CGN device and a log server, which specifically includes the following steps 1 to 5.
- Step 1 The user sends a dial-up request, and the dial-up request is used to apply for an IP address to the BNG system.
- Step 2 The BNG system receives the dial-up request and initiates an authentication request to the RADIUS server.
- Step 3 The RADIUS server receives the authentication request, generates an authentication result, and returns the authentication result to the BNG system.
- Step 4 The BNG system allocates a private network IP address to the user according to the configuration, and sends an accounting packet to the RADIUS server.
- the accounting packet carries the user's private network IP address and does not carry the public network IP address.
- Step 5 The terminal sends traffic, and the traffic is forwarded to the CGN device.
- the CGN device After the CGN device performs NAT conversion on the traffic, it sends the converted traffic to the public network side, enabling users to access the public network.
- the CGN device After receiving the traffic, the CGN device will establish a NAT session based on the received traffic, generate NAT logs based on the NAT session, and send the NAT logs to the log server, so that the log server can trace the source based on the NAT logs.
- the stand-alone CGN device generates a NAT session when triggered by receiving user traffic, and then generates a NAT log used for traceability.
- the stand-alone CGN device itself does not interact with the RADIUS server, and can only use the log server for address traceability.
- the original RADIUS traceability method cannot be maintained. Operators need to invest additionally to build a new log server. The construction of an additional log server will result in excessive overhead and cost. too high.
- the lawful interception function is realized through the interaction between the RADIUS server and the lawful interception device.
- the lawful interception devices include, for example, a lawful interception gateway (LIG) and a law enforcement agency (LEA).
- LIG lawful interception gateway
- LEA law enforcement agency
- the LEA interacts with the RADIUS server, and the LEA is based on the user's public network IP address and port block, Query the user's account information.
- LIG initiates a legal interception request to the BNG system.
- the CGN device cannot interact with the RADIUS server, and the CGN device cannot assign a public IP address according to the public IP address specified by the RADIUS server, and the CGN device cannot use the port specified by the RADIUS server.
- Block allocation port blocks blocks.
- some embodiments of the present application provide a solution for NAT traceability of users with private network IP addresses.
- the CP of the BNG system is As a unified control plane, the CP device manages the independent CGN device while managing the UP device.
- the stand-alone CGN device has stronger performance and higher capacity, and solves the problem of insufficient NAT capability of the plug-in CGN device.
- some embodiments of the present application implement a RADIUS source traceability method, which solves the technical problem that it is difficult to trace the source through a RADIUS server when an independent CGN device is used.
- address source traceability is implemented through a RADIUS server without the use of a log server, the limitation of adding a log server to the existing network is avoided when operators perform source traceability.
- the limitation of modifying LIG devices when operators are traced is freed, and the huge workload and cost caused by modifying LIG devices are also saved.
- the CP device can interact with the RADIUS server to meet the requirements of the public network IP address and port range when specifying users through the RADIUS server for NAT.
- the management functions of the CP device to the CGN device include but are not limited to the following management functions 1 to 5.
- the CP device sends the assigned user IP address (eg, private network IPv4 address or IPv6 address) to the CGN device.
- the assigned user IP address eg, private network IPv4 address or IPv6 address
- the CP device directs traffic to the backup CGN device.
- the CP device synchronizes the user entries saved on the main CGN device to the standby CGN device.
- Management function 4 After the user goes offline, the CP device clears the user entry on the CGN device.
- the CP device specifies the range of the allocated port block for the CGN device.
- the system architecture on which the CP device manages the UP device and the CGN device in a unified manner is illustrated by the system architecture shown in FIG. 5 .
- the method 200 shown in FIG. 8 , the method 300 shown in FIG. 9 , the method 400 shown in FIG. 10 , and the method 500 shown in FIG. 11 are used to illustrate how the CP device implements the management function.
- An example of how the CP device implements the management function 2 is illustrated with reference to FIG. 12 , S701 to S708 , S801 to S804 , FIG. 13 , and steps S901 to S903 .
- Through S601 to S605 an example of how to implement the management function 3 for the CP device is described.
- Through S201 to S241, an example of how the CP device realizes the management function 5 is given.
- an embodiment of the present application provides a system architecture, where the system architecture includes a CP device, a UP device, an access network device, a CPE, and a NAT device.
- the CP device is used to assume the function of the control plane.
- the CP device is a CP device in a CU-separated BNG system, and the CP device assumes the function of a control plane in the BNG system.
- the CP device processes the user's dialing request based on the dialing protocol.
- the CP device interacts with authentication, authorization, and accounting (AAA) to perform user authentication, accounting, and authorization.
- AAA authentication, authorization, and accounting
- the CP device sends the user entry to the UP device accessed by the user.
- the UP device generates the user's user entry and advertises the route to the outside.
- the CP device includes a point-to-point protocol over ethernet (PPPoE) module over Ethernet or an IP protocol over Ethernet (IPoE) module, user management module, AAA module, UP management module, Address management module and RADIUS module.
- PPPoE point-to-point protocol over ethernet
- IPoE IP protocol over Ethernet
- the CP device manages the UP device and the NAT device (eg, a standalone CGN device).
- the CP device manages the NAT device through the user management module
- the CP device manages the NAT device through the UP management module and the user management module.
- One CP device for example, manages at least one UP device and at least one NAT device.
- the CP device and the UP device are connected through the network.
- the CP device and the NAT device are connected through the network.
- the CP device is realized, for example, by virtualization technology.
- the CP device is a VNF
- the CP device is a network element virtualized by an X86 server
- the physical entity of the CP device is an X86 server.
- the UP device is used to undertake the functions of the user plane.
- the UP device is an UP device in a BNG system separated by a CU, and the UP device assumes the function of the user plane in the BNG system.
- the UP device sends the user's dial-up request to the CP device for processing through the service channel.
- the CP device processes the dialing request, it delivers user entries to the UP device.
- the UP device receives the user entry sent by the CP device, the UP device generates the user entry locally, and the UP device executes related service policies and forwards traffic according to the user entry.
- the UP device advertises routes to the outside.
- UP devices include various implementations.
- the UP device is connected to the access network device through the network.
- the UP device is implemented through virtualization technology.
- the UP device is a VNF
- the UP device is a network element virtualized by an X86 server
- the hardware of the UP device is an X86 server.
- the UP device is called, for example, a vUP device (VNF).
- the UP device is a network device
- the UP device is a PNF.
- the UP device is either a hardware mini-BNG device or a box-type BNG system.
- the UP device is, for example, called a pUP device (PNF).
- the access network device includes, but is not limited to, any of an access node (AN) device, a SW or an OLT.
- the access network device is connected to the CPE and the UP device through the network.
- the access network device is used to aggregate the CPE to the UP device.
- the access network device is also used to forward Layer 2 packets, and to isolate users in a virtual local area network (virtual LAN, VLAN) or QinQ.
- VLAN virtual local area network
- QinQ is also called stack VLAN (stacked VLAN) or double VLAN (double VLAN).
- the CPE is a home gateway (RGW, also called home terminal) in an operator's network.
- the CPE is used to access a personal computer (Personal Computer, PC) and a mobile phone in the home.
- the CPE generally performs NAT processing and assigns private IP addresses to CP devices and mobile phones in the home.
- the CPE also performs PPPoE and IPoE protocol dialing, obtains an IP address from the BNG system, and performs network access according to the obtained IP address.
- the NAT device is used for NAT processing.
- a NAT device translates a user's private IP address into a public IP address and port block.
- the NAT device converts the user's IPv6 address into a public network IP address and a port block.
- the NAT device is a CGN device.
- the NAT device is a standalone CGN device.
- Standalone CGN devices include a variety of implementations.
- a standalone CGN device is a hardware device, eg, a standalone CGN device is a network device.
- the stand-alone CGN device is implemented through virtualization technology.
- a standalone CGN device is a network element virtualized by an X86 server.
- the NAT device is a device other than the CGN device with a NAT processing function.
- control packet redirect interface control packet redirect interface
- management interface management interface
- state control interface state control interface
- the CPRi is implemented based on the Vxlan generic protocol (Vxlan generic protocol encapsulation, Vxlan-GPE) interface.
- Vxlan generic protocol encapsulation Vxlan-GPE
- the UP device receives the user's access packet.
- the UP device encapsulates the access packet according to the packet encapsulation format corresponding to the CPRi, and sends the encapsulated access packet to the CP device for processing.
- Mi is implemented using the XML-based Network Configuration Protocol (Netconf) interface.
- the CP device uses the Mi to deliver the configuration to the UP device, and the UP device uses the Mi to report the running status of the UP device.
- Netconf Network Configuration Protocol
- SCi is implemented using the control plane and user plane separated protocol (CUSP) interface.
- the CP device processes user access packets and completes the user's protocol interaction. After the user goes online, the CP device delivers the user's user entry to the UP device corresponding to the user's access through SCi.
- CUSP control plane and user plane separated protocol
- the CP device when the CP device manages the CGN device, it is also implemented by using CPRi, Mi, and SCi. For example, the master CGN device reports user entries to the CP device through SCi, and the CP device uses SCi to deliver user entries to the standby CGN device.
- the communication system includes a gateway system, and the gateway system is a BNG system or a BRAS system.
- the gateway system is a BNG system or a BRAS system.
- the CP device is implemented by adopting the CP in the BNG system and other CU separation communication systems other than the BRAS system.
- the CP device is implemented by adopting the CP in the serving gateway (serving gateway, S-GW) separated from the CU.
- the CP device is implemented by adopting the CP in the packet data network gateway (PDN gateway, PGW) separated by the CU.
- PDN gateway packet data network gateway
- the CP device is implemented by using a mobility management function (access and mobility management function, AMF) network element.
- AMF access and mobility management function
- SMF session management function
- the access gateway function access gateway function, AGF network element in the WT-456 fixed and mobile converged communication system is used to implement the CP device.
- the NAT device is an independent CGN device
- the IP address allocated by the CP device is a private network IPv4 address as an example, how to implement the embodiment of the present application based on the system architecture shown in FIG. 5 A brief description.
- the CP device manages both mini-BNG devices and stand-alone CGN devices.
- the user goes online from the mini-BNG device; the CP device allocates the private network IPv4 address to the user in response to the online request, and simultaneously issues the user's private network IPv4 address to the independent CGN device; the independent CGN device obtains the address pool from the local public network. , allocate the public IPv4 address and port block corresponding to the private network IPv4 address to the user; the independent CGN device reports the public network IPv4 address and port block to the CP device; the CP device carries the user's public network IPv4 address in the accounting message and port block to report accounting packets to AAA to implement user RADIUS source traceability.
- FIG. 8 is a flowchart of a communication method 200 provided by an embodiment of the present application.
- method 200 is performed by a CP device, a NAT device, and a RADIUS server.
- the method 200 includes S210 to S280.
- the CP device allocates a first IP address to the user.
- the CP device and the NAT device will assign different IP addresses to the same user.
- the IP address allocated to the user by the CP device is referred to as the first IP address
- the IP address allocated to the user by the NAT device is referred to as the second IP address.
- the first IP address and the second IP address are also referred to as the user's IP address.
- the CP device sends the first IP address to the NAT device.
- the first IP address includes at least one of a private network IPv4 address or an IPv6 address.
- the first IP address is a private network IPv4 address.
- the CP device allocates private network IPv4 addresses to users.
- the first IP address is an IPv6 address.
- the CP device allocates IPv6 addresses to users.
- the CP device helps to implement RADIUS source traceability in dual-stack networks such as DS-Lite scenarios.
- the first IP address includes a private network IPv4 address and an IPv6 address.
- the CP device sends the first IP address to the NAT device based on CUSP. For example, the CP device generates and sends a CUSP message, and the CUSP message includes the first IP address. In other embodiments, the CP device sends the first IP address to the NAT device based on PFCP. For example, the CP device generates and sends a PFCP message, and the PFCP message includes the first IP address.
- the NAT device receives the first IP address allocated by the CP device for the user from the CP device.
- the NAT device allocates a second IP address to the user.
- the second IP address is a public network IP address.
- the second IP address is a public network IPv4 address.
- the NAT device selects an unoccupied public network IP address from the address pool as the assigned IP address.
- the NAT device sends the second IP address to the CP device.
- the NAT device sends the correspondence between the first IP address and the second IP address to the CP device, so that the CP device knows that the public network IP address reported by the NAT device is the IP address of the user assigned by the NAT device .
- the NAT device after the NAT device receives the first IP address issued by the CP device, the NAT device not only allocates a public network IP address to the user, but also allocates a port block to the user. Correspondingly, the NAT device not only reports the public network IP address to the CP device, but also reports the port block allocated for the user. Wherein, the port block includes at least one port number.
- the triggering method of the NAT device to allocate the public network IP address in this embodiment is different from the related art. It is not triggered by the event of receiving traffic, but by the event of the IP address issued by the CP device.
- the NAT device locally stores the assigned second IP address and port block.
- the NAT device generates and saves user information, where the user information includes the correspondence between the first IP address, the second IP address and the port block.
- the form of the user's information is, for example, an entry in a user table.
- the NAT device creates a new user entry in the user table, and stores the correspondence between the first IP address, the second IP address, and the port block in the user entry, which stores the first IP address, the second IP address, and the port block.
- the user entry of the corresponding relationship is the user's information.
- the local user entry of the NAT device in addition to the correspondence between the first IP address, the second IP address and the port block, the local user entry of the NAT device also includes other information of the user, such as a user ID.
- the NAT device saves the user's information locally, so that the forwarding entry can be generated according to the pre-stored user information in the data packet forwarding stage.
- the NAT device In the data packet forwarding phase, when the NAT device receives an upstream data packet, it identifies the source IP address and source port number of the data packet, searches for user information based on the source IP address, and obtains the user information with the source IP address. The corresponding IP address and the port number corresponding to the source port number, convert the source IP address to the found IP address, and convert the source port number to the found port number, so as to perform NAT.
- the source IP address of the data packet is the private network IPv4 address (the first IP address), and the IP address found is the second IP address, in other words, the private network IPv4 address pre-assigned by the CP device Convert to the public IP address pre-assigned by the NAT device.
- the data packet is in the form of IPv4-in-IPv6, the data packet includes two IP headers, the outer IP header is an IPv6 header, and the inner data packet is an IPv6 header.
- the IP header is the IPv4 header.
- the outer IPv6 header belongs to the tunnel header.
- the source IP address in the IPv6 header of the outer layer is the IPv6 address of the CPE.
- the IPv6 address of the CPE is the first IP address allocated by the CP device.
- the source IP address in the inner IPv4 header is the private network IPv4 address assigned by the CPE to the terminal.
- the NAT device converts the private network IPv4 address in the IPv4 header to the public network IPv4 address. In other words, convert the private network IPv4 address pre-assigned by the CPE to the public network IP address pre-assigned by the NAT device.
- the NAT device sends information of users local to the NAT device to the CP device, and the CP device receives the information of users from the NAT device. In this way, the local user entries of the NAT device are synchronized to the CP device.
- the CP device receives a second IP address from the NAT device, where the second IP address is a public network IP address allocated by the NAT device to the user.
- the NAT device reports the IP address and port block to the CP device.
- the NAT device sends the second IP address and port block to the CP device based on the CUSP. For example, the NAT device generates and sends a CUSP message, the CUSP message includes a second IP address and a port block.
- the NAT device sends the second IP address and port block to the CP device based on PFCP. For example, the NAT device generates and sends a PFCP message that includes a second IP address and a port block.
- the CP device locally saves the assigned second IP address and port block.
- the CP device generates and saves user information, where the user information includes the correspondence between the first IP address, the second IP address and the port block.
- the form of the user's information is, for example, an entry in a user table.
- the CP device creates a new user entry in the user table, and stores the correspondence between the first IP address, the second IP address, and the port block in the user entry, which stores the first IP address, the second IP address, and the port block.
- the user entry of the corresponding relationship is the user's information.
- the local user entry of the CP device further includes authorization information of the user, such as quality of service (quality of service, QoS) information, access control list (access control lists, ACL) information, media access information, and user authorization information.
- quality of service quality of service
- QoS quality of service
- access control list access control lists, ACL
- media access information media access information
- user authorization information such as authorization information of the user, such as authorization information of the user, such as quality of service (quality of service, QoS) information, access control list (access control lists, ACL) information, media access information, and user authorization information.
- Control media access control, Client MAC address, etc.
- the CP device sends an accounting packet to the RADIUS server.
- the CP device When the CP device generates an accounting packet, it will carry the public network IP address (second IP address) reported by the NAT device and the IP address (first IP address) allocated by the CP device in the accounting packet, so that the accounting The packet includes the first IP address and the second IP address.
- the NAT device reports the port block to the CP device
- the CP device will also carry the port block reported by the NAT device in the accounting packet, so that the accounting packet includes the first IP address, the second IP address and the port block.
- the accounting message includes but is not limited to at least one of an accounting start message or an accounting end message.
- the accounting start packet is used to request the RADIUS server to start accounting.
- the accounting end packet is used to request the RADIUS server to end accounting.
- the accounting message also includes a port block.
- the accounting packet further includes at least one of the online time of the user or the offline time of the user.
- the online time of the user is, for example, the accounting start time in the accounting start packet.
- the offline time of the user is, for example, the accounting end time in the accounting start packet.
- the first IP address, the second IP address, the port block, the online time of the user or the offline time of the user may be referred to as the NAT source tracing information of the user carried in the accounting packet.
- the accounting packet includes at least one RADIUS attribute (Attribute) field, and the RADIUS attribute field includes at least one of the first IP address, the second IP address, the port block, the online time of the user, or the offline time of the user an item.
- RADIUS attribute Attribute
- the CP device reports the NAT source tracing information (first IP address, second IP address, port block, user online time, user offline time) to the RADIUS server by sending accounting packets.
- the RADIUS server obtains the first IP address and the second IP address from the accounting packet, and stores the correspondence between the first IP address and the second IP address.
- the RADIUS server After the RADIUS server receives the accounting packet, it executes the accounting process and saves the NAT source traceability information carried in the accounting packet locally.
- a source tracing request is sent to the RADIUS server, and the source tracing request includes the second IP address.
- the RADIUS server receives the source tracing request, obtains the second IP address from the source tracing request, queries the NAT source tracing information according to the second IP address, and obtains the first IP address, thereby realizing the RADIUS source tracing.
- the CP device sends the assigned IP address to the NAT device, and the NAT device allocates the IP address corresponding to the IP address sent by the CP device to the user under the trigger condition of receiving the IP address sent by the CP device.
- Public network IP address report the public network IP address to the CP device.
- the CP device Based on the public network IP address reported by the NAT device, the CP device carries the IP address allocated by the CP device and the public network IP address allocated by the NAT device in the accounting packet, and sends an accounting packet to the RADIUS server.
- the IP address and the public IP address assigned by the NAT device are reported to the RADIUS server for NAT source tracing on the RADIUS server.
- the source tracing method can be performed by multiplexing the RADIUS server, which gets rid of the limitation of building a log server for source tracing and reduces the cost of source tracing.
- it is suitable for the scenario where the NAT device is implemented by an independent NAT device, and helps to solve the problems of insufficient UP slots and insufficient NAT processing capability when the NAT device is implemented by a plug-in NAT device such as a service board. .
- the CP device when the user goes offline, the CP device clears the user entry stored on the NAT device, so as to implement the management function 4 mentioned above.
- the method 200 specifically includes the following steps S203 to S223.
- the CP device If the user goes offline, the CP device generates a delete message, and sends the delete message to the NAT device.
- the delete message is used to instruct the NAT device to delete the user information stored on the NAT device.
- the delete message is, for example, a CUSP message.
- the NAT device receives the delete message from the CP device.
- the NAT device deletes the user's information.
- the CP device instructs the NAT device to delete the user's information when the user goes offline, thereby releasing the storage space occupied by the information of the offline user on the NAT device in time, saving the storage resources of the NAT device and avoiding resource consumption on the NAT device.
- the CP device deletes the user information stored on the CP device, so that the user information stored on the NAT device and the user information stored on the CP device are synchronously cleared.
- the NAT device deletes the user entry corresponding to the offline user on the NAT device
- the CP device deletes the user entry corresponding to the offline user on the CP device.
- the NAT device and the CP device synchronously clear the user entry.
- the CP device deletes the locally saved user information when the user goes offline, thereby releasing the storage space occupied by the information of the offline user on the CP device in time, saving the storage resources of the CP device and avoiding resource consumption on the CP device The problem.
- the range to which the port block belongs during NAT is specified through the RADIUS server, so as to realize the management function 5 mentioned above.
- the method 200 specifically includes the following steps S201 to S241.
- the RADIUS server obtains and sends the port block set to the CP device.
- the port block set is used as the value range of the port block allocated by the NAT device.
- the port block set includes at least one port block.
- the CP device receives the port block set from the RADIUS server.
- the CP device sends the port block set to the NAT device.
- the CP device when delivering the first IP address to the NAT device, also delivers the port block set to the NAT device, so that the first IP address and the port block set are transmitted to the NAT device together.
- the NAT device receives the port block set from the CP device.
- the NAT device allocates a port block to the user in the port block set.
- the NAT device selects an unoccupied port block from the port block set, and assigns the selected port block to the user.
- the RADIUS server delivers the port block set to the CP device, and then the CP device delivers the port block set to the NAT device, thereby specifying the NAT device in the port block set.
- Port blocks are allocated within the NAT port block, thus satisfying the need to specify a range of NAT port blocks.
- the CP sends the port block set specified by RADIUS and the IP address to the NAT device, so that the process of specifying the port block range through RADIUS and the process of triggering the NAT device to allocate the public network IP can be executed simultaneously, reducing communication overhead and cost. Implementation complexity.
- the first IP address in the above method 200 is a private network IP address.
- the CP device allocates the user's private network IP address.
- the CP device delivers the user's private network IP address and related information to the CGN device.
- the CGN device allocates the public network IP address and port block to the user, and reports the public network IP address and port block to the CP device.
- the CP device adds the user's public network IP address and port block to the accounting packet, and sends the accounting packet to the RADIUS server, so that the source can be traced through the RADIUS server.
- the method 300 shown in FIG. 9 is an example of how to implement the method 200 in the NAT44 scenario.
- the method 300 shown in FIG. 9 is about how to implement source traceability through a RADIUS server in the case of using an independent CGN device in a NAT44 scenario.
- the first IP address is a private network IPv4 address
- the second IP address is a public network IPv4 address
- the communication system is a BNG system
- the NAT device is an independent CGN device
- the user's information is stored in in the user table entry in the user table.
- the method 300 shown in FIG. 9 includes the following S301 to S309.
- the user sends a dialing request.
- the dial-up request is used to apply for an IP address to the BNG system.
- the CP device receives the dialing request. Triggered by the dial-up request, the CP device initiates an authentication request to the RADIUS server. After the RADIUS server authentication is passed, the CP device allocates private network IPv4 addresses to users from the private network address pool.
- the CP device delivers the user's private network IPv4 address to the independent CGN device.
- the independent CGN device receives the user's private network IPv4 address from the CP device.
- the standalone CGN device locally selects an idle public network IPv4 address and port block according to the user's private network IPv4 address, and assigns the selected public network IPv4 address and port block to the user.
- the stand-alone CGN equipment adds a user entry in the user table. The newly added user entry stores the correspondence between private network IPv4 addresses, public network IPv4 addresses, and port blocks.
- the independent CGN device reports the user's private network IPv4 address, public network IPv4 address and port block to the CP device.
- the CP device receives the user's private network IPv4 address, public network IPv4 address and port block from the independent CGN device.
- the CP device updates the local user table and adds user table entries to the user table.
- the newly added user entry stores the public network IPv4 address and port block.
- the CP device sends an accounting packet.
- the accounting message is, for example, an accounting start message.
- the accounting packet carries the user's NAT source tracing information.
- the NAT source tracing information includes the private network IPv4 address allocated by the CP device, the public network IPv4 address allocated by the CGN, and the port block allocated by the CGN.
- the CP device delivers the private network IPv4 address to the user.
- the CP device delivers the corresponding user entry to the UP device.
- the method 400 shown in FIG. 10 is an example of the above-mentioned method 300 .
- the UP device in the BNG system is a mini-BNG device (ie, the mBNG in FIG. 10).
- the action of the CP device delivering the private network IPv4 address to the CGN device is implemented through an interface such as the SCi channel.
- the action of the CGN device reporting the private network IPv4 address, the public network IPv4 address and the port block to the CP device is implemented through an interface such as the SCi channel.
- the method 400 also relates to the interaction flow with the lawful interception device (LIG and LEA).
- the method 400 in the NAT44 scenario shown in FIG. 10 includes the following S401 to S410.
- the CPE sends a dialing request.
- a dial-up request is also called a user online request.
- the dial-up request is, for example, a PPPoE dial-up request or a dynamic host configuration protocol (dynamic host configuration protocol, DHCP) dial-up request.
- the CP device broadcasts a dial-up request to the Layer 2 network.
- the mini BNG device receives the dialing request.
- the mini-BNG device sends the dial-up request to the CP device through the CPRi channel.
- the CP device sends an authentication request to the RADIUS server. After the RADIUS server is authenticated, the RADIUS server assigns the private network IPv4 address to the user.
- the CP device delivers the user's private network IPv4 address to the CGN device through the SCi channel.
- the CGN device allocates a public network IPv4 address and a port block. And, the CGN device adds a user entry in the user table. The newly added user entry stores the correspondence between private network IPv4 addresses, public network IPv4 addresses, and port blocks.
- the CGN device reports the user's private network IPv4 address, public network IPv4 address and port block to the CP device through the SCi.
- the CP device sends an accounting start packet to the RADIUS server.
- the accounting start packet carries the user's NAT source tracing information.
- NAT source tracing information includes private network IPv4 addresses, public network IPv4 addresses, and port blocks.
- the CP device delivers the private network IPv4 address to the CPE. At the same time, the CP device delivers user entries to the mini-BNG device.
- the LIG requests the account information of the user from the RADIUS server according to the public network IPv4 address and the port block.
- the user's account information includes, but is not limited to, at least one of the user's name, the user's account, and a session ID.
- the LEA sends a legal interception request (LI request, LI request) to the LIG, and the legal interception request includes a public network IPv4 address and a port block.
- the LIG receives the LI request and uses the public IPv4 address to search for the user's name, account number and session ID from the RADIUS server.
- the LIG sends a monitoring policy to the mini-BNG device according to the user's account information.
- the monitoring policy is, for example, monitoring packets in the ingress direction or data packets in the egress direction.
- the monitoring strategy includes the user's account and session ID.
- the monitoring strategy is, for example, a configuration command (Configure command) for the mini-BNG device.
- the monitoring policy includes account 1, session ID1, and ingress direction, and the monitoring policy is used to instruct the mini-BNG device to monitor data packets in the ingress direction of session ID1 of account 1.
- the mini-BNG device replicates the data packet of the user according to the monitoring policy, and forwards the copied data packet to the monitoring platform.
- the method 500 shown in FIG. 11 is an example to illustrate how to implement the method 200 in the DS-Lite scenario.
- the method 500 shown in FIG. 11 is about how to implement source traceability through a RADIUS server in a DS-Lite scenario when an independent CGN device is used.
- the first IP address is an IPv6 address
- the second IP address is a public network IPv4 address
- the communication system is a BNG system
- user information is stored in a user entry in the user table.
- the UP device in the BNG system is a mini-BNG device (ie, the mBNG in FIG. 11 ).
- the method 500 shown in FIG. 11 includes the following S501 to S511.
- the CPE acts as a DHCP server to allocate a private network IPv4 address to the terminal.
- the CPE sends a dialing request.
- a dial-up request is also called a user online request.
- the dial-up request is, for example, a PPPoE dial-up request or a DHCP dial-up request.
- the CP device broadcasts a dial-up request to the Layer 2 network.
- the mini BNG device receives the dialing request.
- the mini-BNG device sends the dial-up request to the CP device through the CPRi channel.
- the CP device sends an authentication request to the RADIUS server. After the RADIUS server is authenticated, the RADIUS server assigns an IPv6 address to the user.
- the CP device delivers the user IPv6 address to the CGN device through the SCi.
- the CGN device allocates the public network IPv4 address and the port block according to the user IPv6 address. And, the CGN device adds a user entry in the user table. The newly added user entry stores the correspondence between IPv6 addresses, public network IPv4 addresses, and port blocks.
- the CGN device reports the user IPv6 address, the public network IPv4 address, and the port block to the CP device through the SCi channel.
- the CP device sends an accounting start packet to the RADIUS server.
- the accounting start packet carries the user's NAT source tracing information.
- NAT source tracing information includes IPv6 addresses, public network IPv4 addresses, and port blocks.
- the CP device delivers an IPv6 address to the CPE. At the same time, the CP device delivers user entries to the mini-BNG device through the SCi channel.
- the LIG requests the user's account information from the RADIUS server according to the public network IPv4 address and the port block.
- the user's account information includes, but is not limited to, at least one of the user's name, the user's account, and a session ID.
- the LIG delivers a monitoring policy to the mini-BNG device according to the user's account information.
- the mini-BNG device replicates the user's data message according to the monitoring policy, and forwards the copied data message to the monitoring platform.
- the NAT device implements a reliability scheme
- the NAT device is a backup NAT device among the primary NAT device and the backup NAT device in a mutual backup relationship.
- the active/standby relationship of the NAT device is configured by the CP device.
- the NAT device has one or more CPUs
- the NAT device sends CPU information to the CP device
- the CPU information indicates the CPU resources possessed by the NAT device.
- the CP device receives the CPU information, and selects the first CPU and the second CPU from one or more CPUs possessed by the NAT device.
- the CP device sends a configuration instruction to the first CPU to configure the first CPU as a primary NAT device, and the CP device sends a configuration instruction to the second CPU to configure the second CPU as a backup NAT device.
- the CP device can synchronize the user entries on the primary NAT device to the backup NAT device to ensure data consistency between the primary NAT device and the backup NAT device, so that when the primary NAT device fails, the backup NAT device fails.
- the device can process services according to the obtained user entries. Below, through S601 to S605, how the CP device synchronizes the user entries on the primary NAT device to the backup NAT device is illustrated as an example.
- the primary NAT device sends user information to the CP device, where the user information includes the correspondence between the first IP address, the second IP address and the port block.
- the CP device receives the user information from the primary NAT device.
- the CP device sends the user information to the standby NAT device.
- the standby NAT device receives the user information from the CP device.
- the secondary NAT device allocates a second IP address to the user according to the user's information.
- the CP device delivers the user information sent by the primary NAT device to the backup NAT device, so that the backup NAT device obtains the user information stored on the primary NAT device.
- the synchronization of user information between the standby NAT device and the main NAT device is realized, so that the active-standby switchover can be triggered when the main NAT device fails, so as to realize the normal operation of services.
- the standby NAT device and the active NAT device do not need to deploy a VRRP-like active-standby election mechanism, so there is no need to straighten the connection between the CGNs, simplifying configuration and deployment of resources.
- the reliability schemes applicable to the above S601 to S605 include various situations.
- the above S601 to S605 are applied in the case where two NAT devices perform inter-frame backup after the user goes online.
- the above-mentioned S601 to S605 are applied to implement a 1:1 warm backup between two NAT devices after the user goes online, which is described below with reference to FIG. 12 as an example.
- two NAT devices are in a backup relationship with each other.
- One of the two NAT devices is the primary NAT device, that is, the primary NAT device.
- the other NAT device in the two NAT devices is the backup NAT device, that is, the backup NAT device.
- the two NAT devices are, for example, two independent CGN devices.
- the main NAT device is the main CGN device, and the main CGN device is also called CGN(M); the backup NAT device is the backup CGN device, and the backup CGN device is also called CGN(S).
- the CP device communicates with the main CGN device, the standby CGN device and the UP device through interfaces such as CPRi, Mi, and SCi.
- the CP device communicates with the RADIUS server based on the RADIUS protocol.
- two NAT devices are called two NAT instances.
- the two NAT instances have different instance IDs.
- One NAT instance is the NAT instance of the primary CGN device, and the other NAT instance is the NAT instance of the standby CGN device.
- the 1:1 warm backup method shown in FIG. 12 includes the following S701 to S708.
- the CP device determines the ID of the UP device on which the user goes online. Then, the CP device determines the primary CGN device and the backup CGN device bound under the ID of the UP device according to the configuration information.
- the CP device After the CP device interacts with the RADIUS server, the CP device generates a user entry, and delivers the user entry to the master CGN device.
- the master CGN device receives the user entry from the CP device, and completes the assignment of the user entry.
- the master CGN device returns the assigned user entry to the CP device.
- the CP device receives the user entry from the master CGN device, and delivers the user entry to the standby CGN device.
- the primary CGN device delivers the user entry to the standby CGN device.
- the CP device detects that the main CGN device is faulty.
- the main CGN device is the main CPU that implements the CGN function
- detecting the failure of the main CGN device by the CP device refers to detecting the failure of the main CPU or the failure of the service board where the main CPU is located.
- the CP device determines the backup relationship between the primary CGN device and the backup CGN device through the UP device ID bound to the CGN device.
- the CP device determines the backup CGN device according to the backup relationship between the master CGN device and the backup CGN device and the master CGN device.
- the CP device directs traffic to the standby CGN device, so that the traffic is switched from the primary CGN device to the standby CGN device.
- the CP device implements traffic switching in the NAT44 scenario by refreshing the routing priority corresponding to the public network address (second IP address) on the standby NAT device.
- the same public IP address segment is stored on the primary NAT device and the secondary NAT device.
- the route priority of the public IP address segment stored on the primary NAT device is higher, and the route priority of the public IP address segment stored on the standby NAT device is lower. Therefore, when the primary NAT device is normal, the downstream traffic will be routed and forwarded to the secondary NAT device.
- the CP device and the backup NAT device will interactively execute the following steps S801 to S804.
- the downlink traffic refers to the traffic sent from the UP device to the user equipment.
- the downlink traffic is also called network side traffic or public network side traffic.
- the source IP address in the downlink traffic is the public network IP address.
- the CP device If the primary NAT device is in a fault state, the CP device generates a first update message.
- the CP device sends a first update message to the standby NAT device.
- the first update message is also called a routing priority update command.
- the first update message is used to instruct the standby NAT device to increase the routing priority corresponding to the second IP address.
- the routing priority corresponding to the second IP address is, for example, the routing priority of the network segment to which the second IP address belongs, and each IP address in the network segment corresponds to the same routing priority.
- the routing priority corresponding to the second IP address is also called the routing priority of the public network IP network segment.
- the standby NAT device receives the first update message from the CP device.
- the standby NAT device increases the routing priority corresponding to the second IP address.
- the CP device sends the first update message to the backup NAT device to notify the backup NAT device to adjust the routing priority corresponding to the public network address. Therefore, the traffic on the network side will be switched from the active NAT device to the standby NAT device, so that the standby NAT device is upgraded to the active NAT device and replaces the previously faulty active NAT device to handle the traffic on the network side to avoid interruption of traffic transmission.
- the traffic switching is guided by the CP device, it can be ensured that there is no traffic bypass between the primary NAT device and the backup NAT device.
- the method can be applied to the NAT44 scenario, which is helpful to realize dual-system backup in the NAT44 scenario.
- CGN1 and CGN2 are masters and slaves of each other.
- Each of CGN1 and CGN2 optionally includes multiple CPUs.
- CGN1 and CGN2 report CPU resources to the CP device respectively.
- the active/standby relationship of CGN is configured on the CP device. Among them, multiple pairs of active and standby CPU instances are associated with the same loopback address.
- the route priority corresponding to the loopback address of the primary CGN is higher.
- a pair of active and standby CPUs serving as CGNs share a public network address, such as 100.1.1.0/24.
- the route priority of the address segment to which the public network address of the active CPU belongs is higher than that of the address segment to which the public network address of the standby CPU belongs.
- CGN1 reports the failure event to the CP device.
- the CP device issues a command to adjust the routing priority to CGN2 (the standby CGN), and raises the priority of the public network address segment of the CPU of the standby CGN.
- the CR performs policy routing on the UNI traffic according to the policy, and redirects the UNI traffic to CGN1 (the original main CGN). Then, the CR forwards the UNI traffic to the current active CGN2 through the bypass tunnel or direct link between the CGNs. Because the route of the public network address segment has been updated for NNI traffic, NNI traffic is sent directly to CGN2.
- the primary NAT device and the secondary NAT device not only store the same public network IP address segment, but also configure the same IP address for the tunnel endpoint.
- the CP device refreshes the routing priority corresponding to the public network address (second IP address) and the priority corresponding to the IP address of the tunnel endpoint on the secondary NAT device to implement dual-system backup in the DS-Lite scenario.
- the CP device and the backup NAT device will interactively execute the following steps S901 to S903 to implement traffic switching.
- the CP device sends a first update message and a second update message to the backup NAT device.
- the first update message is used to instruct the standby NAT device to increase the routing priority corresponding to the second IP address.
- the second update message is used to instruct the standby NAT device to increase the routing priority corresponding to the third IP address.
- the third IP address is the IP address of the tunnel endpoint.
- the tunnel is, for example, a tunnel between the UP device and the NAT device.
- the tunnel is, for example, a DS-Lite tunnel.
- the tunnel endpoint is, for example, a NAT device.
- the tunnel endpoint includes the primary NAT device or the secondary NAT device. Specifically, when the primary NAT device is normal, the tunnel endpoint is the primary NAT device. When the primary NAT device fails, the tunnel endpoint is switched from the original primary NAT device to the backup NAT device.
- the tunnel endpoint corresponds to a loopback port on the NAT device, and the third IP address is the loopback address.
- the route priority corresponding to the third IP address on the primary NAT device is high, and the route priority corresponding to the third IP address on the standby NAT device is high.
- CGN1 and CGN2 are associated with the same loopback address.
- the loopback address of the tunnel endpoint on CGN1 is 1.1.1.1/32
- the loopback address of the tunnel endpoint on CGN2 is also 1.1.1.1/32.
- the route priority of the tunnel endpoint IP address 1.1.1.1/32 on CGN1 is high, and the route priority of the tunnel endpoint IP address 1.1.1.1/32 on CGN2 is low.
- the loopback address 1.1.1.1/32 is an illustration of the third IP address.
- CGN1 and CGN2 in FIG. 13 are examples of the primary NAT device and the backup NAT device in a backup relationship with each other.
- CGN1 and CGN2 are, for example, referred to as a pair of active and standby CPUs.
- CGN1 and CGN2 share the same public IP address.
- the public IP address segment on CGN1 is 100.1.1.0/24.
- the public IP address segment on CGN2 is also 100.1.1.0/24.
- the route priority of the public network IP address segment 100.1.1.0/24 on CGN1 is high, and the route priority of the public network IP address segment 100.1.1.0/24 on CGN2 is low.
- the public network IP address segment 100.1.1.0/24 is an example of the network segment to which the second IP address belongs.
- the standby NAT device receives the first update message and the second update message from the CP device.
- the standby NAT device In response to the first update message, the standby NAT device increases the routing priority corresponding to the second IP address. And, in response to the second update message, the standby NAT device increases the routing priority corresponding to the third IP address.
- CGN1 reports the CPU failure event to the CP device.
- the CP device delivers the first update message and the second update message to CGN2 (standby CGN device), thereby increasing the routing priority of the IP address of the tunnel endpoint of CGN2 (standby CGN device).
- CGN2 standby CGN device
- Pre-failure NNI traffic travels between CGN1 and the transport network. NNI traffic is transmitted between CGN2 and the transport network after a failure.
- the NNI refers to the interface between the CGN device and the PSN (Packet Encapsulation Network) network.
- NNI traffic is also called public network side traffic, such as the traffic transmitted between the CGN and the network. Before the failure, UNI traffic was transmitted between CGN1 and the UP device. After the failure, the UNI traffic is transmitted between the CGN2 and the UP device.
- the UNI refers to the communication interface between the network side and the user side, that is, the communication interface between the CGN equipment and the user equipment.
- UNI traffic is also called user-side traffic, for example, the traffic transmitted between the user equipment and the CGN.
- the CP device sends the first update message and the second update message to the backup NAT device to notify the backup NAT device to adjust the routing priority corresponding to the public network address and the routing priority corresponding to the tunnel endpoint address. Since the priority of the route corresponding to the public network address of the backup NAT device is increased, the traffic on the network side will be switched from the primary NAT device to the backup NAT device. The traffic on the network side will be switched from the active NAT device to the standby NAT device, so that the standby NAT device will be upgraded to the active NAT device, replacing the previously faulty active NAT device to handle network-side traffic and user-side traffic, avoiding interruption of traffic transmission.
- this method can be applied to DS-Lite scenarios, which is helpful for realizing dual-system backup in DS-Lite scenarios.
- Some embodiments of the present application provide a method of how to implement 1:1 hot backup between two UP devices after a user goes online, which is described below with reference to FIG. 14 as an example.
- the two UP devices are in a backup relationship with each other.
- One of the two UP devices is the main UP device, that is, the main UP device, and the main UP device is also called the UP device (M).
- the other UP device in the two UP devices is the standby UP device, that is, the standby UP device, and the standby UP device is also called the UP device (S).
- the two UP devices are, for example, two independent CGN devices.
- the CP device communicates with the main UP device and the standby UP device through interfaces such as CPRi, Mi, and SCi.
- the NAT device is a stand-alone CGN device.
- the 1:1 hot backup method shown in FIG. 14 includes the following S1001 to S1004.
- the user goes online, and the CP device delivers the user entry to the primary UP device and the backup UP device at the same time.
- the terminal sends traffic.
- the main UP device receives traffic from the terminal.
- the master UP device forwards the traffic to the CGN device.
- the traffic sent by the terminal is also called upstream traffic.
- the CGN device receives traffic from the main UP device, and generates a NAT translation table entry according to the traffic. It can be seen from this step that in this embodiment, the upstream traffic still has to pass through the CGN device.
- the primary UP device fails, the UP device accessed by the user is switched from the primary UP device to the backup UP device. After the terminal sends traffic, the standby UP device receives the traffic and forwards the traffic to the CGN device. Among them, since the user's private network IPv4 address has not changed, the CGN device does not perceive the fault of the UP device.
- FIG. 15 shows a possible schematic structural diagram of the CP device.
- the CP device 110 shown in FIG. 15 implements the functions of the CP device involved in the above method embodiments.
- the CP device 110 includes an allocation unit 1101 , a sending unit 1102 and a receiving unit 1103 .
- Each unit in the CP device 110 is implemented in whole or in part by software, hardware, firmware, or any combination thereof.
- Each unit in the CP device 110 is used to perform each corresponding function of the CP device in the above method 200 .
- the allocation unit 1101 is configured to support the CP device 110 to perform S210.
- the sending unit 1102 is configured to support the CP device 110 to perform S220 and S270.
- the receiving unit 1103 is configured to support the CP device 110 to perform S260.
- the receiving unit 1103, the allocating unit 1101, or the transmitting unit 1102 are also used to support the CP device 110 to perform other processes performed by the CP device in the techniques described herein.
- the receiving unit 1103 is configured to support the CP device 110 to perform various receiving operations performed by the CP device in the embodiments of method 300, method 400, method 500, etc., such as S602, S704, and so on.
- the allocation unit 1101 is used to support the CP device 110 to perform various allocation operations performed by the CP device in embodiments such as method 200, method 300, method 400, method 500, etc., such as S302, S403, etc.; the sending unit 1102 is used to support the CP device 110 to perform Various sending operations performed by the CP device in embodiments such as method 200, method 300, method 400, and method 500, such as S303, S309, S402, S406, S503, S504, S507, S603, S702, S802, S901, or S1001, etc.
- the various units in the CP device 110 are integrated into one processing unit.
- each unit in the CP device 110 is integrated on the same chip.
- the chip includes a processing circuit, an input interface and an output interface that are internally connected and communicated with the processing circuit.
- the distribution unit 1101 is implemented by a processing circuit in the chip.
- the receiving unit 1103 is implemented through an input interface in the chip.
- the sending unit 1102 is implemented through an output interface in the chip.
- the chip uses one or more field programmable gate arrays (full name in English: field-programmable gate array, English abbreviation: FPGA), programmable logic device (full English name: programmable logic device, English abbreviation: PLD), controller , state machines, gate logic, discrete hardware components, any other suitable circuit, or any combination of circuits capable of performing the various functions described throughout this application.
- field programmable gate arrays full name in English: field-programmable gate array, English abbreviation: FPGA
- programmable logic device full English name: programmable logic device, English abbreviation: PLD
- controller state machines, gate logic, discrete hardware components, any other suitable circuit, or any combination of circuits capable of performing the various functions described throughout this application.
- each unit of the CP device 110 physically exists independently. In other embodiments, a part of the units of the CP device 110 physically exist separately, and another part of the units are integrated into one unit.
- allocating unit 1101 and sending unit 1102 are the same unit. In other embodiments, the allocating unit 1101 and the sending unit 1102 are different units.
- the integration of different units is implemented in the form of hardware, that is, different units correspond to the same hardware. For another example, the integration of different units is implemented in the form of software units.
- the allocation unit 1101 in the CP device 110 is implemented by, for example, the processor 1401 in the device 1400 .
- the receiving unit 1103 and the sending unit 1102 in the CP device 110 are implemented, for example, by the communication interface 1404 in the device 1400 .
- the allocation unit 1101 in the CP device 110 is implemented by, for example, at least one of the central processing unit 1311 , the central processing unit 1331 or the network processor 1332 in the device 1300 .
- the receiving unit 1103 and the sending unit 1102 in the CP device 110 are implemented, for example, by at least one of the physical interface card 1333 or the physical interface card 1343 in the device 1300 .
- each unit in the CP device 110 is, for example, software generated after the processor in the device 1400 or the device 1300 reads the program code stored in the memory.
- the CP device 110 is a virtualized device.
- the virtualization device includes, but is not limited to, at least one of a virtual machine, a container, and a Pod.
- the CP device 110 is deployed on a hardware device (eg, a physical server) in the form of a virtual machine.
- the CP device 110 is implemented based on a general physical server combined with a Network Functions Virtualization (NFV) technology.
- NFV Network Functions Virtualization
- the CP device 110 When implemented by a virtual machine, the CP device 110 is, for example, a virtual host, a virtual router or a virtual switch. Those skilled in the art can virtualize the CP device 110 on a general physical server in combination with the NFV technology by reading this application.
- the CP device 110 is deployed on a hardware device in the form of a container (eg, a docker container).
- a container e.g, a docker container
- the process of the CP device 110 executing the above method embodiments is encapsulated in an image file, and the hardware device creates the CP device 110 by running the image file.
- the CP device 110 is deployed on a hardware device in the form of a Pod.
- a Pod includes a plurality of containers, each of which is used to implement one or more units in the CP device 110 .
- FIG. 16 shows a possible schematic structural diagram of a NAT device.
- the NAT device eg, CGN device
- the NAT device 120 includes a receiving unit 1201 , an assigning unit 1202 and a sending unit 1203 .
- Each unit in the NAT device 120 is implemented in whole or in part by software, hardware, firmware, or any combination thereof.
- Each unit in the NAT device 120 is configured to perform each corresponding function of the NAT device in the above method 200 .
- the receiving unit 1201 is configured to support the NAT device 120 to perform S230.
- the allocation unit 1202 is used to support the NAT device 120 to perform S24.
- the sending unit 1203 is configured to support the NAT device 120 to perform S250.
- the receiving unit 1201, the allocating unit 1202, or the sending unit 1203 are also used to support the NAT device 120 to perform other processes performed by a NAT device or other processes performed by a CGN device in the techniques described herein.
- the receiving unit 1201 is configured to support the NAT device 120 to perform various receiving operations performed by the NAT device in embodiments such as method 300, method 400, and method 500, such as at least one of S604, S703, S803, S902, and S1003.
- the allocation unit 1202 is configured to support the NAT device 120 to perform various processing operations performed by the NAT device in embodiments such as method 300, method 400, and method 500, such as at least one of S304, S404, S505, and S605; the sending unit 1203 is configured to The NAT device 120 is supported to perform various sending operations performed by the NAT device in embodiments such as method 300, method 400, and method 500, such as at least one of S305 and S601.
- the specific execution process please refer to the detailed description of the corresponding steps in the embodiments such as the method 300 , the method 400 , and the method 500 , which will not be repeated here.
- the various units in the NAT device 120 are integrated into one processing unit.
- each unit in the NAT device 120 is integrated on the same chip.
- the chip includes a processing circuit, an input interface and an output interface that are internally connected and communicated with the processing circuit.
- the distribution unit 1202 is implemented by a processing circuit in the chip.
- the receiving unit 1201 is implemented by an input interface in the chip.
- the sending unit 1203 is implemented through an output interface in the chip.
- the chip uses one or more field programmable gate arrays (full name in English: field-programmable gate array, English abbreviation: FPGA), programmable logic device (full English name: programmable logic device, English abbreviation: PLD), controller , state machines, gate logic, discrete hardware components, any other suitable circuit, or any combination of circuits capable of performing the various functions described throughout this application.
- field programmable gate arrays full name in English: field-programmable gate array, English abbreviation: FPGA
- programmable logic device full English name: programmable logic device, English abbreviation: PLD
- controller state machines, gate logic, discrete hardware components, any other suitable circuit, or any combination of circuits capable of performing the various functions described throughout this application.
- each unit of the NAT device 120 exists physically separately. In other embodiments, some units of the NAT device 120 exist physically alone, and some units are integrated into one unit. For example, in some embodiments, allocating unit 1202 and sending unit 1203 are the same unit. In other embodiments, the allocating unit 1202 and the sending unit 1203 are different units. In some embodiments, the integration of different units is implemented in the form of hardware, that is, different units correspond to the same hardware. For another example, the integration of different units is implemented in the form of software units.
- the allocation unit 1202 in the NAT device 120 is implemented, for example, by the processor 1401 in the device 1400 .
- the receiving unit 1201 and the sending unit 1203 in the NAT device 120 are implemented, for example, by the communication interface 1404 in the device 1400 .
- the allocation unit 1202 in the NAT device 120 is implemented by, for example, at least one of the central processing unit 1311 , the central processing unit 1331 or the network processing unit 1332 in the device 1300 .
- the receiving unit 1201 and the sending unit 1203 in the NAT device 120 are implemented, for example, by at least one of the physical interface card 1333 or the physical interface card 1343 in the device 1300 .
- each unit in the NAT device 120 is, for example, software generated after the processor in the device 1400 or the device 1300 reads the program code stored in the memory.
- NAT device 120 is a virtualized device.
- the virtualization device includes, but is not limited to, at least one of a virtual machine, a container, and a Pod.
- the NAT device 120 is deployed on a hardware device (eg, a physical server) in the form of a virtual machine.
- the NAT device 120 is implemented based on a general physical server combined with a Network Functions Virtualization (NFV) technology.
- NFV Network Functions Virtualization
- the NAT device 120 When implemented by a virtual machine, the NAT device 120 is, for example, a virtual host, a virtual router or a virtual switch. Those skilled in the art can virtualize the NAT device 120 on a general physical server in combination with the NFV technology by reading this application.
- the NAT device 120 is deployed on a hardware device in the form of a container (eg, a docker container).
- the process of the NAT device 120 executing the above method embodiments is encapsulated in an image file, and the hardware device creates the NAT device 120 by running the image file.
- the NAT device 120 is deployed on a hardware device in the form of a Pod.
- a Pod includes a plurality of containers, each of which is used to implement one or more units in the NAT device 120 .
- the above describes how to implement the CP device and the NAT device respectively from the perspective of logical functions.
- the following describes how to implement the CP device and the NAT device from the perspective of hardware through the device 1300 or the device 1400 .
- the device 1300 shown in FIG. 17 or the device 1400 shown in FIG. 18 is an example of the hardware structure of the CP device and the NAT device.
- the device 1300 or the device 1400 corresponds to the CP device or the NAT device in each of the above method embodiments, and the hardware, modules and the above-mentioned other operations and/or functions in the device 1300 or the device 1400 are respectively for realizing the CP device or the NAT device in the method embodiments.
- the various steps and methods implemented, and the detailed process of how the device 1300 or the device 1400 implements RADIUS-based NAT source tracing, can refer to the above-mentioned respective method embodiments for details, which are not repeated here for brevity. Wherein, each step of each method embodiment is completed by an integrated logic circuit of hardware in the processor of the device 1300 or the device 1400 or an instruction in the form of software.
- the steps of the methods disclosed in conjunction with the embodiments of the present application may be directly embodied as executed by a hardware processor, or executed by a combination of hardware and software modules in the processor.
- the software modules are located in, for example, random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other storage media mature in the art.
- the storage medium is located in the memory, and the processor reads the information in the memory, and completes the steps of the above method in combination with its hardware, which will not be described in detail here to avoid repetition.
- FIG. 17 shows a schematic structural diagram of a device 1300 provided by an exemplary embodiment of the present application.
- the device 1300 is configured as a CP device or a NAT device, for example.
- the device 1300 includes: a main control board 1310 and an interface board 1330 .
- the main control board is also called the main processing unit (MPU) or the route processor card (route processor card).
- the main control board 1310 is used to control and manage various components in the device 1300, including route calculation, device management, Equipment maintenance, protocol processing functions.
- the main control board 1310 includes: a central processing unit 1311 and a memory 1312 .
- the interface board 1330 is also referred to as a line processing unit (LPU), a line card or a service board.
- the interface board 1330 is used to provide various service interfaces and realize data packet forwarding.
- the service interface includes, but is not limited to, an Ethernet interface, a POS (Packet over SONET/SDH) interface, etc.
- the Ethernet interface is, for example, a flexible Ethernet service interface (Flexible Ethernet Clients, FlexE Clients).
- the interface board 1330 includes: a central processing unit 1331 , a network processor 1332 , a forwarding table entry memory 1334 and a physical interface card (PIC) 1333 .
- PIC physical interface card
- the central processing unit 1331 on the interface board 1330 is used to control and manage the interface board 1330 and communicate with the central processing unit 1311 on the main control board 1310 .
- the network processor 1332 is used to implement packet forwarding processing.
- the form of the network processor 1332 is, for example, a forwarding chip.
- the network processor 1332 is configured to forward the received message based on the forwarding table stored in the forwarding table entry memory 1334. If the destination address of the message is the address of the device 1300, the message is sent to the CPU (eg The central processing unit 1311) processes; if the destination address of the message is not the address of the device 1300, the next hop and outgoing interface corresponding to the destination address are found from the forwarding table according to the destination address, and the message is forwarded to the destination The outbound interface corresponding to the address.
- the processing of the uplink packet includes: processing the incoming interface of the packet, and searching the forwarding table; processing of the downlink packet: searching the forwarding table, and so on.
- the physical interface card 1333 is used to realize the interconnection function of the physical layer, the original traffic enters the interface board 1330 through this, and the processed packets are sent from the physical interface card 1333 .
- the physical interface card 1333 also called a daughter card, can be installed on the interface board 1330, and is responsible for converting the optoelectronic signal into a message, and after checking the validity of the message, it is forwarded to the network processor 1332 for processing.
- the central processing unit may also perform the functions of the network processor 1332, such as implementing software forwarding based on a general-purpose CPU, so that the network processor 1332 is not required in the physical interface card 1333.
- the device 1300 includes multiple interface boards, for example, the device 1300 further includes an interface board 1340 , and the interface board 1340 includes a central processing unit 1341 , a network processor 1342 , a forwarding table entry storage 1344 and a physical interface card 1343 .
- the interface board 1340 includes a central processing unit 1341 , a network processor 1342 , a forwarding table entry storage 1344 and a physical interface card 1343 .
- the device 1300 further includes a switch fabric board 1320 .
- the switch fabric 1320 is also called, for example, a switch fabric unit (switch fabric unit, SFU).
- SFU switch fabric unit
- the switching network board 1320 is used to complete data exchange between the interface boards.
- the communication between the interface board 1330 and the interface board 1340 is through the switch fabric board 1320, for example.
- the main control board 1310 and the interface board 1330 are coupled.
- the main control board 1310 , the interface board 1330 , the interface board 1340 , and the switch fabric board 1320 are connected to the system backplane through a system bus to realize intercommunication.
- an inter-process communication (inter-process communication, IPC) channel is established between the main control board 1310 and the interface board 1330, and the main control board 1310 and the interface board 1330 communicate through the IPC channel.
- IPC inter-process communication
- the device 1300 includes a control plane and a forwarding plane
- the control plane includes the main control board 1310 and the central processing unit 1331
- the forwarding plane includes various components that perform forwarding, such as the forwarding entry memory 1334, the physical interface card 1333 and the network processor 1332.
- the control plane performs functions such as routers, generating forwarding tables, processing signaling and protocol packets, configuring and maintaining device status, etc.
- the control plane delivers the generated forwarding tables to the forwarding plane.
- the network processor 1332 based on the control plane
- the delivered forwarding table is forwarded to the packet received by the physical interface card 1333 by looking up the table.
- the forwarding table issued by the control plane is stored in the forwarding table entry storage 1334, for example.
- the control plane and the forwarding plane are, for example, completely separate and not on the same device.
- the operations on the interface board 1340 in the embodiments of the present application are the same as the operations on the interface board 1330, and for brevity, details are not repeated here.
- the device 1300 in this embodiment may correspond to the CP device or the NAT device in the above method embodiments, and the main control board 1310, the interface board 1330 and/or 1340 in the device 1300, for example, implement the above method embodiments
- the functions of the CP device or the NAT device and/or the various steps implemented are not repeated here.
- main control boards there may be one or more main control boards, and when there are multiple main control boards, for example, the main control board and the backup main control board are included.
- a network device may have at least one switching network board, and the switching network board realizes data exchange between multiple interface boards, providing large-capacity data exchange and processing capabilities. Therefore, the data access and processing capabilities of network devices in a distributed architecture are greater than those in a centralized architecture.
- the form of the network device can also be that there is only one board, that is, there is no switching network board, and the functions of the interface board and the main control board are integrated on this board.
- the central processing unit on the board can be combined into a central processing unit on this board to perform the functions of the two superimposed, the data exchange and processing capacity of this form of equipment is low (for example, low-end switches or routers and other networks. equipment).
- the specific architecture used depends on the specific networking deployment scenario, and there is no restriction here.
- FIG. 18 shows a schematic structural diagram of a device 1400 provided by an exemplary embodiment of the present application.
- the device 1400 may be configured as a CP device or a NAT device.
- the device 1400 may be a host computer, a server, or a personal computer, among others.
- the device 1400 may be implemented by a general bus architecture.
- Device 1400 includes at least one processor 1401, communication bus 1402, memory 1403, and at least one communication interface 1404.
- the processor 1401 is, for example, a general-purpose central processing unit (central processing unit, CPU), a network processor (network processor, NP), a graphics processing unit (Graphics Processing Unit, GPU), a neural-network processing unit (neural-network processing units, NPU) ), a data processing unit (Data Processing Unit, DPU), a microprocessor or one or more integrated circuits for implementing the solution of the present application.
- the processor 1401 includes an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof.
- the PLD is, for example, a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL), or any combination thereof.
- a communication bus 1402 is used to transfer information between the aforementioned components.
- the communication bus 1402 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in FIG. 18, but it does not mean that there is only one bus or one type of bus.
- the memory 1403 is, for example, a read-only memory (read-only memory, ROM) or other types of static storage devices that can store static information and instructions, or a random access memory (random access memory, RAM) or a memory device that can store information and instructions.
- Other types of dynamic storage devices such as electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disk storage, optical disks storage (including compact discs, laser discs, compact discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media, or other magnetic storage devices, or capable of carrying or storing desired program code in the form of instructions or data structures and capable of Any other medium accessed by a computer without limitation.
- the memory 1403 exists independently, for example, and is connected to the processor 1401 through the communication bus 1402 .
- the memory 1403 may also be integrated with the processor 1401.
- the Communication interface 1404 uses any transceiver-like device for communicating with other devices or a communication network.
- the communication interface 1404 includes a wired communication interface and may also include a wireless communication interface.
- the wired communication interface may be, for example, an Ethernet interface.
- the Ethernet interface can be an optical interface, an electrical interface or a combination thereof.
- the wireless communication interface may be a wireless local area network (wireless local area networks, WLAN) interface, a cellular network communication interface or a combination thereof, and the like.
- the processor 1401 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 18 .
- the device 1400 may include multiple processors, such as the processor 1401 and the processor 1405 shown in FIG. 18 .
- processors can be a single-core processor (single-CPU) or a multi-core processor (multi-CPU).
- a processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).
- the device 1400 may further include an output device and an input device.
- the output device communicates with the processor 1401 and can display information in a variety of ways.
- the output device may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, a projector, or the like.
- the input device communicates with the processor 1401 and can receive user input in a variety of ways.
- the input device may be a mouse, a keyboard, a touch screen device, or a sensor device, or the like.
- the memory 1403 is used to store the program code 1410 for executing the solutions of the present application, and the processor 1401 can execute the program code 1410 stored in the memory 1403 . That is, the device 1400 can implement the method provided by the method embodiment through the processor 1401 and the program code 1410 in the memory 1403 .
- the device 1400 in this embodiment of the present application may correspond to the CP device or the NAT device in the foregoing method embodiments, and the processor 1401, the communication interface 1404, and the like in the device 1400 may implement the CP device or the NAT device in the foregoing method embodiments.
- the functions and/or the various steps and methods implemented by the NAT device are not repeated here.
- an embodiment of the present application provides a communication system 1500 .
- the system 1500 includes: a CP device 1501 and a NAT device 1502 .
- the CP device 1501 is the CP device 1100 shown in FIG. 15 or the device 1300 shown in FIG. 17 or the device 1400 shown in FIG. 18
- the NAT device 1502 is the NAT device 1200 shown in FIG. 16 or The apparatus 1300 shown in FIG. 17 or the apparatus 1400 shown in FIG. 18 .
- the disclosed system, apparatus and method may be implemented in other manners.
- the apparatus embodiments described above are only illustrative.
- the division of the unit is only a logical function division.
- there may be other division methods for example, multiple units or components may be combined or Integration into another system, or some features can be ignored, or not implemented.
- the shown or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may also be electrical, mechanical or other forms of connection.
- the unit described as a separate component may or may not be physically separated, and the component displayed as a unit may or may not be a physical unit, that is, it may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solutions of the embodiments of the present application.
- each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
- the above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
- the integrated unit if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer-readable storage medium.
- the technical solutions of the present application are essentially or part of contributions to the prior art, or all or part of the technical solutions can be embodied in the form of software products, and the computer software products are stored in a storage medium , including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods in the various embodiments of the present application.
- the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk and other media that can store program codes .
- first and second are used to distinguish the same or similar items with basically the same function and function. It should be understood that there is no logic or sequence between “first” and “second”. There are no restrictions on the number and execution order. It will also be understood that, although the following description uses the terms first, second, etc. to describe various elements, these elements should not be limited by the terms. These terms are only used to distinguish one element from another. For example, a first IP address may be referred to as a second IP address, and similarly, a second IP address may be referred to as a first IP address, without departing from the scope of various examples. Both the first IP address and the second IP address may be IP addresses, and in some cases, may be separate and distinct IP addresses.
- the above-mentioned embodiments it may be implemented in whole or in part by software, hardware, firmware or any combination thereof.
- software it can be implemented in whole or in part in the form of a computer program product.
- the computer program product includes one or more computer program instructions.
- the computer program instructions When the computer program instructions are loaded and executed on a computer, the procedures or functions according to the embodiments of the present application are generated in whole or in part.
- the computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable device.
- the computer instructions may be stored in or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer program instructions may be transmitted from a website site, computer, server or data center via Wired or wireless transmission to another website site, computer, server or data center.
- the computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that includes one or more available media integrated.
- the available media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, digital video discs (DVDs), or semiconductor media (eg, solid state drives), and the like.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (24)
- 一种通信方法,其特征在于,应用于控制面CP和用户面UP分离的通信系统中的CP设备,所述方法包括:所述CP设备为用户分配第一互联网协议IP地址;所述CP设备向网络地址转换NAT设备发送所述第一IP地址;所述CP设备从所述NAT设备接收第二IP地址,所述第二IP地址为所述NAT设备为所述用户分配的公网IP地址;所述CP设备向远程用户拨号认证系统RADIUS服务器发送计费报文,所述计费报文包括所述第一IP地址和所述第二IP地址。
- 根据权利要求1所述的方法,其特征在于,所述第一IP地址包括私网互联网协议第四版IPv4地址或者互联网协议第六版IPv6地址中的至少一项。
- 根据权利要求1或2所述的方法,其特征在于,所述通信系统包括网关系统,所述网关系统为宽带网络网关BNG系统或者宽带远程接入服务器BRAS系统。
- 根据权利要求1至3中任一项所述的方法,其特征在于,所述计费报文还包括端口块,所述端口块包括所述NAT设备为所述用户分配的至少一个端口号;所述CP设备从所述NAT设备接收第二IP地址,包括:所述CP设备从所述NAT设备接收所述用户的信息,所述用户的信息包括所述第一IP地址、所述第二IP地址和所述端口块的对应关系。
- 根据权利要求4所述的方法,其特征在于,所述CP设备从所述NAT设备接收所述端口块之前,所述方法还包括:所述CP设备从所述RADIUS服务器接收端口块集合,所述端口块集合包括所述端口块;所述CP设备向所述NAT设备发送所述端口块集合。
- 根据权利要求4至5中任一项所述的方法,其特征在于,所述CP设备向远程用户拨号认证系统RADIUS服务器发送计费报文之后,所述方法还包括以下至少一项:若所述用户下线,所述CP设备向所述NAT设备发送删除消息,所述删除消息用于指示所述NAT设备删除所述NAT设备上保存的所述用户的信息;若所述用户下线,所述CP设备删除所述CP设备上保存的所述用户的信息。
- 根据权利要求4至6中任一项所述的方法,其特征在于,所述NAT设备包括互为备份关系的主NAT设备和备NAT设备,所述CP设备从所述NAT设备接收第二IP地址,包括:所述CP设备从所述主NAT设备接收所述用户的信息。
- 根据权利要求7所述的方法,其特征在于,所述CP设备从所述主NAT设备接收所述用户的信息之后,所述方法还包括:所述CP设备向所述备NAT设备发送所述用户的信息。
- 根据权利要求7所述的方法,其特征在于,所述方法还包括:若所述主NAT设备处于故障状态,所述CP设备向所述备NAT设备发送第一更新消息,所述第一更新消息用于指示所述备NAT设备提高所述第二IP地址对应的路由优先级。
- 根据权利要求9所述的方法,其特征在于,所述方法还包括:若所述主NAT设备处于故障状态,所述CP设备向所述备NAT设备发送第二更新消息,所述第二更新消息用于指示所述备NAT设备提高第三IP地址对应的路由优先级,所述第三IP地址为隧道端点的IP地址,所述隧道端点包括所述主NAT设备或者所述备NAT设备。
- 一种通信方法,其特征在于,应用于网络地址转换NAT设备,所述方法包括:所述NAT设备从控制面CP设备接收所述CP设备为用户分配的第一互联网协议IP地址,所述CP设备是CP和用户面UP分离的通信系统中的CP设备;所述NAT设备为所述用户分配第二IP地址,所述第二IP地址为公网IP地址;所述NAT设备向所述CP设备发送所述第二IP地址。
- 根据权利要求11所述的方法,其特征在于,所述NAT设备从控制面CP设备接收所述CP设备为用户分配的第一互联网协议IP地址之后,所述方法还包括:所述NAT设备为所述用户分配端口块,所述端口块包括至少一个端口号;所述NAT设备向所述CP设备发送所述端口块。
- 根据权利要求12所述的方法,其特征在于,所述NAT设备为所述用户分配端口块之前,所述方法还包括:所述NAT设备从所述CP设备接收端口块集合;所述NAT设备为所述用户分配端口块,包括:所述NAT设备在所述端口块集合内,为所述用户分配端口块。
- 根据权利要求12所述的方法,其特征在于,所述NAT设备为所述用户分配第二IP地址之后,所述方法还包括:所述NAT设备保存所述用户的信息,所述用户的信息包括所述第一IP地址、所述第二IP地址和所述端口块的对应关系。
- 根据权利要求14所述的方法,其特征在于,所述NAT设备向所述CP设备发送所述第二IP地址,包括:所述NAT设备向所述CP设备发送所述用户的信息。
- 根据权利要求14或15中任一项所述的方法,其特征在于,所述NAT设备向所述CP 设备发送所述第二IP地址之后,所述方法还包括:所述NAT设备从所述CP设备接收删除消息;响应于所述删除消息,所述NAT设备删除所述用户的信息。
- 根据权利要求11所述的方法,其特征在于,所述NAT设备为互为备份关系的主NAT设备和备NAT设备中的备NAT设备,所述NAT设备为所述用户分配第二IP地址之前,所述方法还包括:所述备NAT设备从所述CP设备接收所述用户的信息,所述用户的信息包括所述第一IP地址、所述第二IP地址和端口块的对应关系,所述端口块包括至少一个端口号;所述NAT设备为所述用户分配第二IP地址,包括:在所述主NAT设备故障时,所述备NAT设备根据所述用户的信息为所述用户分配所述第二IP地址。
- 根据权利要求17所述的方法,其特征在于,所述方法还包括:所述备NAT设备从所述CP设备接收第一更新消息;响应于所述第一更新消息,所述备NAT设备提高所述第二IP地址对应的路由优先级。
- 根据权利要求17或18所述的方法,其特征在于,所述方法还包括:所述备NAT设备从所述CP设备接收第二更新消息;响应于所述第二更新消息,所述备NAT设备提高第三IP地址对应的路由优先级,所述第三IP地址为隧道端点的IP地址,所述隧道端点包括所述主NAT设备或者所述备NAT设备。
- 一种控制平面CP设备,其特征在于,所述CP设备位于CP和用户平面UP分离的通信系统中,所述CP设备包括:分配单元,用于为用户分配第一互联网协议IP地址;发送单元,用于向网络地址转换NAT设备发送所述第一IP地址;接收单元,用于从所述NAT设备接收第二IP地址,所述第二IP地址为所述NAT设备为所述用户分配的公网IP地址;所述发送单元,还用于向远程用户拨号认证系统RADIUS服务器发送计费报文,所述计费报文包括所述第一IP地址和所述第二IP地址。
- 一种网络地址转换NAT设备,其特征在于,所述NAT设备包括:接收单元,用于从控制面CP设备接收所述CP设备为用户分配的第一互联网协议IP地址,所述CP设备是CP和用户面UP分离的通信系统中的CP设备;分配单元,用于为所述用户分配第二IP地址,所述第二IP地址为公网IP地址;发送单元,用于向所述CP设备发送所述第二IP地址。
- 一种通信系统,其特征在于,所述通信系统包括如权利要求20所述的CP设备以及如 权利要求21所述的NAT设备。
- 一种计算机可读存储介质,其特征在于,所述存储介质中存储有至少一条指令,所述指令由处理器读取以使控制平面CP设备和用户面UP分离的通信系统中的CP设备执行如权利要求1至权利要求10中任一项所述的方法。
- 一种计算机可读存储介质,其特征在于,所述存储介质中存储有至少一条指令,所述指令由处理器读取以使网络地址转换NAT设备执行如权利要求11至权利要求19中任一项所述的方法。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MX2023000974A MX2023000974A (es) | 2020-07-22 | 2021-06-21 | Metodo de comunicacion, dispositivo cp y dispositivo nat. |
BR112023000834A BR112023000834A2 (pt) | 2020-07-22 | 2021-06-21 | Método de comunicação, dispositivo de cp, e dispositivo de nat |
EP21846084.8A EP4184873A4 (en) | 2020-07-22 | 2021-06-21 | COMMUNICATION METHOD, CP DEVICE, AND NAT DEVICE |
US18/157,662 US20230171223A1 (en) | 2020-07-22 | 2023-01-20 | Communication Method, CP Device, and NAT Device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010712973.3A CN113973022A (zh) | 2020-07-22 | 2020-07-22 | 通信方法、cp设备及nat设备 |
CN202010712973.3 | 2020-07-22 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/157,662 Continuation US20230171223A1 (en) | 2020-07-22 | 2023-01-20 | Communication Method, CP Device, and NAT Device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022017099A1 true WO2022017099A1 (zh) | 2022-01-27 |
Family
ID=79585150
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/101344 WO2022017099A1 (zh) | 2020-07-22 | 2021-06-21 | 通信方法、cp设备及nat设备 |
Country Status (6)
Country | Link |
---|---|
US (1) | US20230171223A1 (zh) |
EP (1) | EP4184873A4 (zh) |
CN (1) | CN113973022A (zh) |
BR (1) | BR112023000834A2 (zh) |
MX (1) | MX2023000974A (zh) |
WO (1) | WO2022017099A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114640574A (zh) * | 2022-02-28 | 2022-06-17 | 天翼安全科技有限公司 | 一种主备设备的切换方法及装置 |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115580465B (zh) * | 2022-09-29 | 2024-05-14 | 中国联合网络通信集团有限公司 | 专网数据的传输方法、装置、设备及存储介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105791452A (zh) * | 2014-12-23 | 2016-07-20 | 中兴通讯股份有限公司 | 获取nat信息的方法及bras设备 |
CN106549790A (zh) * | 2015-09-22 | 2017-03-29 | 华为技术有限公司 | 一种用于溯源的映射表的更新方法和装置 |
CN108234139A (zh) * | 2016-12-14 | 2018-06-29 | 中国电信股份有限公司 | 宽带网络中用户身份溯源的方法和系统及溯源设备 |
US10129207B1 (en) * | 2015-07-20 | 2018-11-13 | Juniper Networks, Inc. | Network address translation within network device having multiple service units |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005217974A (ja) * | 2004-01-30 | 2005-08-11 | Canon Inc | 電子機器及びその制御方法 |
US8650279B2 (en) * | 2011-06-29 | 2014-02-11 | Juniper Networks, Inc. | Mobile gateway having decentralized control plane for anchoring subscriber sessions |
RU2676533C1 (ru) * | 2015-07-14 | 2019-01-09 | Хуавэй Текнолоджиз Ко., Лтд. | Способ и устройство назначения ip-адреса |
MY194638A (en) * | 2015-10-30 | 2022-12-08 | Huawei Tech Co Ltd | Control plane gateway, user plane gateway and gateway configuration method |
US10142221B2 (en) * | 2016-09-07 | 2018-11-27 | T-Mobile Usa, Inc. | Network address translation in networks using multiple NAT devices |
CN109561164B (zh) * | 2017-09-27 | 2021-02-09 | 华为技术有限公司 | Nat表项的管理方法、装置及nat设备 |
CN111131044B (zh) * | 2018-10-30 | 2021-10-22 | 华为技术有限公司 | 路由管理方法和装置 |
-
2020
- 2020-07-22 CN CN202010712973.3A patent/CN113973022A/zh active Pending
-
2021
- 2021-06-21 MX MX2023000974A patent/MX2023000974A/es unknown
- 2021-06-21 BR BR112023000834A patent/BR112023000834A2/pt unknown
- 2021-06-21 WO PCT/CN2021/101344 patent/WO2022017099A1/zh unknown
- 2021-06-21 EP EP21846084.8A patent/EP4184873A4/en active Pending
-
2023
- 2023-01-20 US US18/157,662 patent/US20230171223A1/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105791452A (zh) * | 2014-12-23 | 2016-07-20 | 中兴通讯股份有限公司 | 获取nat信息的方法及bras设备 |
US10129207B1 (en) * | 2015-07-20 | 2018-11-13 | Juniper Networks, Inc. | Network address translation within network device having multiple service units |
CN106549790A (zh) * | 2015-09-22 | 2017-03-29 | 华为技术有限公司 | 一种用于溯源的映射表的更新方法和装置 |
CN108234139A (zh) * | 2016-12-14 | 2018-06-29 | 中国电信股份有限公司 | 宽带网络中用户身份溯源的方法和系统及溯源设备 |
Non-Patent Citations (1)
Title |
---|
See also references of EP4184873A4 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114640574A (zh) * | 2022-02-28 | 2022-06-17 | 天翼安全科技有限公司 | 一种主备设备的切换方法及装置 |
CN114640574B (zh) * | 2022-02-28 | 2023-11-28 | 天翼安全科技有限公司 | 一种主备设备的切换方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
MX2023000974A (es) | 2023-05-03 |
US20230171223A1 (en) | 2023-06-01 |
EP4184873A1 (en) | 2023-05-24 |
CN113973022A (zh) | 2022-01-25 |
BR112023000834A2 (pt) | 2023-03-21 |
EP4184873A4 (en) | 2023-11-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11398956B2 (en) | Multi-Edge EtherChannel (MEEC) creation and management | |
US10063470B2 (en) | Data center network system based on software-defined network and packet forwarding method, address resolution method, routing controller thereof | |
EP3509253A1 (en) | Inter-cloud communication method and related device, inter-cloud communication configuration method and related device | |
CN111510378A (zh) | Evpn报文处理方法、设备及系统 | |
CN108199963B (zh) | 报文转发方法和装置 | |
CN111614541B (zh) | 公有云网络物理主机加入vpc的方法 | |
US20230171223A1 (en) | Communication Method, CP Device, and NAT Device | |
JP2016152567A (ja) | 通信装置及び通信方法 | |
CN113872845B (zh) | 建立vxlan隧道的方法及相关设备 | |
EP2584742B1 (en) | Method and switch for sending packet | |
US11546267B2 (en) | Method for determining designated forwarder (DF) of multicast flow, device, and system | |
CN113746717A (zh) | 网络设备通信方法及网络设备通信装置 | |
CN113381936B (zh) | 网络信息处理方法、装置及网络设备 | |
US11621915B2 (en) | Packet forwarding method, route sending and receiving method, and apparatus | |
CN113037883B (zh) | 一种mac地址表项的更新方法及装置 | |
CN115987778B (zh) | 一种基于Kubernetes集群的容器通信方法 | |
CN113938353A (zh) | 室内机与室外机之间的多pdn实现方法及存储介质 | |
JP2023543199A (ja) | ルーティング情報伝送方法および装置 | |
WO2022012383A1 (zh) | 一种报文传输的方法、装置、系统及存储介质 | |
WO2023174339A1 (zh) | 发送组播业务的方法、装置、系统及存储介质 | |
WO2023143186A1 (zh) | 一种数据传输方法、系统及装置 | |
WO2022213822A1 (zh) | 一种控制用户设备接入网络的方法、装置及设备 | |
CN108768704B (zh) | 配置更新方法及装置 | |
CN114697220A (zh) | 一种报文处理方法及相关装置 | |
CN116938693A (zh) | 用户迁移的方法、装置、系统及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21846084 Country of ref document: EP Kind code of ref document: A1 |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112023000834 Country of ref document: BR |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2021846084 Country of ref document: EP Effective date: 20230220 |
|
ENP | Entry into the national phase |
Ref document number: 112023000834 Country of ref document: BR Kind code of ref document: A2 Effective date: 20230116 |