WO2022037621A1 - Address allocation method, device, and system - Google Patents

Address allocation method, device, and system Download PDF

Info

Publication number
WO2022037621A1
WO2022037621A1 PCT/CN2021/113302 CN2021113302W WO2022037621A1 WO 2022037621 A1 WO2022037621 A1 WO 2022037621A1 CN 2021113302 W CN2021113302 W CN 2021113302W WO 2022037621 A1 WO2022037621 A1 WO 2022037621A1
Authority
WO
WIPO (PCT)
Prior art keywords
target
address
address pool
indication information
authentication server
Prior art date
Application number
PCT/CN2021/113302
Other languages
French (fr)
Chinese (zh)
Inventor
刘婧
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022037621A1 publication Critical patent/WO2022037621A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5061Pools of addresses

Definitions

  • the present application relates to the field of communication technologies, and in particular, to an address allocation method, device and system.
  • a network access system using the separation scheme of the control plane (CP) and the user plane (UP) includes: CP equipment, forwarding equipment, multiple UP equipment, and remote authentication dial in user service , RADIUS) server.
  • the UP device is connected to the CP device through the forwarding device.
  • the UP devices in the network access system can be divided into multiple backup groups, and each backup group includes two UP devices, one of which is the main UP device and the other UP device. For the preparation of UP equipment.
  • IP Internet protocol
  • the RADIUS server can select an IP address from the shared IP address pool as the IP address of the client device.
  • the client device in turn, can access the network based on the IP address.
  • each UP device needs to advertise the network segment route of the shared address pool to the forwarding device. Because the priority of the network segment route sent by the master UP device is higher than that of the network route sent by the backup UP device, when the forwarding device receives a packet whose destination address belongs to the shared address pool, it will send the packet. to the main UP device. However, if the recipient of the packet is a client device that accesses the network from the standby UP device, the master UP device needs to forward the packet to the standby UP device, and then the standby UP device sends the packet to the client end device. As a result, the downstream traffic is detoured.
  • the present application provides an address allocation method, device and system, which can solve the technical problem of bypassing downlink traffic in the communication system of the related art.
  • an address allocation method is provided, which is applied to an authentication server in a communication system in which CP and UP are separated, the communication system further includes a CP device and a UP backup group, and the UP backup group includes a plurality of UP devices; the method includes : The authentication server receives an authentication request sent by the CP device to instruct the target client device to be authenticated.
  • the authentication request includes: indication information used to indicate the target address pool corresponding to the target UP device.
  • the instruction information sends an authentication response to the CP device; wherein, the target client device goes online from the target UP device among the multiple UP devices, that is, the target client device accesses the network through the target UP device, and the multiple UP devices
  • the IP address pools corresponding to each UP device in the UP device are different; the authentication response includes the IP address assigned to the target client device, and the IP address is included in the target address pool corresponding to the target UP device.
  • the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information in the authentication request. Because the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. In addition, since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device, thereby avoiding the detour of downlink traffic.
  • the authentication server stores multiple address pools, and the indication information is the identifier of the target address pool, or the gateway address of the target address pool, and the identifier of the target address pool may be the name of the target address pool; corresponding
  • the process of the authentication server sending an authentication response to the CP device according to the indication information may include: according to the indication information, determining a target address pool from the plurality of address pools, and determining the target client from the target address pool The IP address assigned by the device.
  • the CP device can plan the corresponding relationship between the UP device and the address pool.
  • the authentication server only needs to store each address pool, and determine the target address pool according to the indication information carried in the authentication request. As a result, the data volume of the data to be stored in the authentication server is reduced, and the complexity of data processing of the authentication server can be avoided.
  • the authentication server may also generate a correspondence between the UP device and the address pool. That is, the authentication server can plan the correspondence between the UP device and the address pool.
  • the authentication server stores the correspondence between the UP device and the address pool
  • the indication information is the identifier of the target UP device
  • the identifier of the target UP device can be the IP address of the target UP device
  • the process of sending an authentication response to the CP device may include: according to the indication information, determining a target address pool corresponding to the target UP device from the corresponding relationship, and determining from the target address pool as the target client The IP address assigned by the device.
  • the authentication server can also plan the corresponding relationship between the UP device and the address pool.
  • the CP device only needs to carry the identifier of the target UP device in the sent authentication request.
  • the data amount of data to be stored in the CP device is reduced, and the complexity of data processing of the CP device can be avoided.
  • the multiple UP devices include at least one high-priority UP device and at least one low-priority UP device, and the priority of the routing information advertised by the high-priority UP device is higher than that of the low-priority UP device.
  • the priority of the routing information advertised by the device may be determined by the CP device.
  • the authentication server can assign an IP address to the client device from the target address pool corresponding to the target UP device where the client device goes online, even if the client device is online The device goes online from the low-priority UP device, which can also avoid the bypass of the downstream traffic of the client device.
  • an address allocation method is provided, which is applied to a CP device in a communication system in which CP and UP are separated, the communication system further includes an authentication server and a UP backup group, and the UP backup group includes a plurality of UP devices; the method Including: the CP device sends an authentication request to the authentication server for instructing to authenticate the target client device, the authentication request includes: indication information for instructing the target address pool corresponding to the target UP device, and then the CP device can receive the authentication The authentication response sent by the server; wherein, the target client device goes online from the target UP device in the plurality of UP devices, and the IP address pools corresponding to each UP device in the plurality of UP devices are different; the authentication response includes for the The IP address assigned by the target client device, and the IP address is included in the target address pool corresponding to the target UP device.
  • the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. In addition, since the target client device goes online from the target UP device, the target UP device can directly send the message to the target client device, avoiding the detour of the downstream traffic.
  • the CP device stores a corresponding relationship between the UP device and the address pool; the process of the CP device sending an authentication request to the authentication server for instructing to authenticate the target client device may include: based on the corresponding relationship, determining The indication information, where the indication information is the identifier of the target address pool, or the gateway address of the target address pool.
  • the CP device may also generate a correspondence between the UP device and the address pool. That is, the CP device can plan the correspondence between the UP device and the address pool.
  • the indication information may be the identifier of the target UP device.
  • an authentication server which is applied in a communication system in which the CP and UP are separated, the communication system further includes a CP device and an UP backup group, the UP backup group includes a plurality of UP devices, and the IP address corresponding to each UP device is The address pools are different; the authentication server may include at least one module, and the at least one module may be used to implement the address allocation method applied to the authentication server provided by the above aspects.
  • a CP device which is applied in a communication system in which the CP and UP are separated, the communication system further includes an authentication server and an UP backup group, the UP backup group includes a plurality of UP devices, and the IP addresses corresponding to each UP device The pools are different; the CP device may include at least one module, and the at least one module may be used to implement the address allocation method applied to the CP device provided by the above aspects.
  • an authentication server which is applied in a communication system in which CP and UP are separated, the communication system further includes a CP device and a UP backup group, the UP backup group includes a plurality of UP devices, among the plurality of UP devices
  • the IP address pools corresponding to each UP device are different;
  • the authentication server can include: a memory, a processor and a computer program stored on the memory and running on the processor, and when the processor executes the computer program, realize as described above
  • the address allocation method provided by the aspect is applied to the authentication server.
  • a CP device which is applied in a communication system in which the CP and UP are separated, the communication system further includes an authentication server and an UP backup group, the UP backup group includes a plurality of UP devices, and the IP addresses corresponding to each UP device
  • the pools are different; the CP device may include: a memory, a processor, and a computer program stored on the memory and running on the processor, and when the processor executes the computer program, the application to the CP as provided in the above-mentioned aspects is implemented.
  • the address assignment method of the device is provided, the CP and UP are separated.
  • a network device may include: a main control board and an interface board, and the interface board may be used to implement the address allocation method applied to a CP device provided in the above aspect.
  • a network device is provided, the network device is a CP device in a communication system in which CP and UP are separated, the communication system further includes an authentication server and a UP backup group, and the UP backup group includes a plurality of UP devices;
  • the Network equipment includes: main control board and interface board.
  • the main control board includes: a first processor and a first memory.
  • the interface board includes: a second processor, a second memory and an interface card. The main control board and the interface board are coupled.
  • the second memory may be used to store program codes
  • the second processor may be used to call the program codes in the second memory to trigger the interface card to perform the following operations: send an authentication request for instructing the target client device to be authenticated to the authentication server, the The authentication request includes: indication information for indicating the target address pool corresponding to the target UP device; receiving an authentication response sent by the authentication server; wherein, the target client device goes online from the target UP device in the plurality of UP devices, and the The IP address pools corresponding to each UP device in the multiple UP devices are different; the authentication response includes the IP address allocated to the target client device, and the IP address is included in the target address pool corresponding to the target UP device.
  • a computer-readable storage medium is provided, and instructions are stored in the computer-readable storage medium, and the instructions are executed by a processor to implement the address allocation method provided by any of the above aspects.
  • a computer program product comprising instructions which, when run on a computer, cause the computer to perform the address allocation method provided by any of the above aspects.
  • a communication system in which CP and UP are separated includes the authentication server provided by the above-mentioned aspects, the CP device provided by the above-mentioned aspects, and a UP backup group; the UP backup group includes a plurality of UP devices, and the IP address pools corresponding to each UP device in the multiple UP devices are different.
  • the embodiments of the present application provide an address allocation method, device, and system. Because the authentication request sent by the CP device includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, avoiding the downlink traffic. bypass.
  • FIG. 1 is a schematic structural diagram of a communication system with CU separation provided by an embodiment of the present application
  • Figure 2 is a schematic diagram of a downlink traffic bypass
  • FIG. 3 is a flowchart of an address allocation method provided by an embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of another CU-separated communication system provided by an embodiment of the present application.
  • FIG. 6 is a flowchart of another address allocation method provided by an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of an authentication server provided by an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of another authentication server provided by an embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a CP device provided by an embodiment of the present application.
  • FIG. 10 is a schematic structural diagram of another CP device provided by an embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of an address allocation apparatus provided by an embodiment of the present application.
  • FIG. 12 is a schematic structural diagram of a network device provided by an embodiment of the present application.
  • Broadband remote access server is a new type of access gateway for broadband network applications, also known as broadband network gateway (BNG) or virtual BNG (virtual BNG, VBNG).
  • BNG broadband network gateway
  • VBNG virtual BNG
  • the BRAS is generally deployed in a manner in which the CP device and the UP device are disaggregated.
  • a BRAS with CP and UP separation also called CU separation
  • multiple UP devices are deployed in a scattered manner, and each UP device acts as the user plane of the BNG (or VBNG), which is used to implement user entries based on the CP device.
  • QoS quality of service
  • ACL access control lists
  • the CP device can be implemented and deployed centrally using cloud technology.
  • the control plane of the BNG or VBNG
  • it is used to control and manage client devices (also called users) and unify multiple UP devices. manage.
  • the CP device is mainly responsible for going online, delivering configurations, and user entries of client devices.
  • the UP device may also be referred to as a forwarding plane device, so CU separation may also be referred to as forwarding and control separation, that is, forwarding and control separation.
  • a system deployed in this CU separation manner is also referred to as a CU separated communication system, or a transfer control separated communication system.
  • FIG. 1 is a schematic structural diagram of a communication system with CU separation provided by an embodiment of the present application, and FIG. 1 is described by taking the communication system being a broadband remote access system as an example.
  • the system may include: an authentication server 01, a CP device 02, and at least one UP backup group 03, each UP backup group 03 includes multiple UP devices, and the multiple UP devices are backup UP devices for each other. That is, each UP device in the plurality of UP devices can be a primary UP device, and other UP devices can be used as backup UP devices of the primary UP device. Each backup UP device can back up the data in the primary UP device.
  • a UP backup group 03 is schematically shown in FIG. 1 , and the UP backup group 03 includes an UP device 031 and an UP device 032 .
  • the UP device 031 may serve as a backup UP device of the UP device 032
  • the UP device 032 may also serve as a backup UP device of the UP device 031 .
  • the CP device 02 is generally deployed in an operator's data center (DC) computer room, also called a core computer room; each UP device can be deployed in different aggregation computer rooms, also called an edge computer room.
  • the CP device 02 may include a plurality of virtual machines (virtual machines, VMs) deployed on a physical server.
  • Each UP device 02 may be a physical physical UP (physic UP, pUP) device, or may also be a virtual UP (virtual UP, vUP) device, for example, the UP device 02 may be a VM deployed on a physical server.
  • each UP device can establish a communication connection with the CP device 02 through the forwarding device 04 , and each UP device can also establish a communication connection with the client device (not shown in FIG. 1 ) through the access device 05 .
  • the client device may also be referred to as user equipment, which may be a device such as a residential gateway (RGW), a mobile phone, a notebook computer, or a desktop computer.
  • the forwarding device 04 may be a switch or a router, for example, may be a core router (core router, CR).
  • the access device 05 may also be referred to as an access node (access node, AN).
  • the access device 05 may be a switch (switch, SW), an optical line terminal (optical line terminal, OLT), or a digital subscriber line access multiplexer (digital subscriber line access multiplexer, DSLAM) or the like.
  • the authentication server 01 may be a remote authentication dial in user service (remote authentication dial in user service, RADIUS) server.
  • the authentication server 01 supports authentication, authorization and accounting (authentication authorization accounting, AAA) protocols.
  • AAA authentication authorization accounting
  • FIG. 1 the authentication server 01 has established a communication connection with the CP device 02 .
  • the CP device 02 may send an authentication request for the client device to the authentication server 01 .
  • the authentication server 01 can authenticate the client device, and after determining that the client device has passed the authentication, assign an IP address to the client device, and send an authentication response carrying the IP address to the CP device 02 .
  • the CP device 02 can send the IP address to the client device through the UP device, and the client device can then access the network based on the IP address.
  • each UP device in each UP backup group shares the same IP address pool, each UP device can advertise the network segment route of the same IP address pool to the forwarding device 04 .
  • the UP backup group includes UP device 031 and UP device 032
  • client device 1 goes online from sub-interface 1 (port1) of UP device 031
  • client device 2 goes online from sub-interface 2 (port2) of UP device 032 )online.
  • the authentication server 01 can allocate IP addresses to the client devices in the IP address pool shared by the UP backup group.
  • the CP device 02 may also designate at least one UP device with high priority in the UP backup group, and other UP devices are UP devices with low priority.
  • the priority of the routing information (for example, network segment routing) advertised by the UP device with the high priority is higher than the priority of the routing information advertised by the UP device with the low priority.
  • the UP device 031 is a high-priority UP device, and the UP device 032 is a low-priority UP device, then when the forwarding device 04 receives the packet destined for the client device 2 , the message will be sent to the UP device 031. Since client device 2 goes online from UP device 032, UP device 031 forwards the packet to UP device 032 through the inter-UP protection tunnel, and then the UP device 032 sends the packet to client device 2, resulting in Downstream traffic bypasses. That is, in the solution in the related art, the downlink traffic of the client device going online from the low-priority UP device will be bypassed.
  • the inter-UP protection tunnel may be a label switched path (label switched path, LSP) tunnel.
  • each UP device when each UP device advertises the route to the forwarding device 04, it can also advertise the detailed route of the client device going online from the UP device.
  • the forwarding device 04 may further send the packet addressed to the client device to the UP device to which the client device is connected based on the detailed route.
  • the amount of data when the UP device sends the detailed route is relatively large, and the route advertisement efficiency is low.
  • each UP device in the UP backup group corresponds to an IP address pool, and the IP address pools corresponding to different UP devices are different. That is, each UP device in each UP backup group no longer shares the same IP address pool.
  • the authentication server 01 may assign an IP address to the client device from the IP address pool corresponding to the UP device to which the client device is connected.
  • each UP device advertises the network segment route to the forwarding device 04, it can advertise the network segment route of its corresponding IP address pool.
  • the forwarding device 04 when the forwarding device 04 receives a packet addressed to a client device, it can send the packet to the client device to which the destination IP address of the packet belongs based on the IP address pool to which the packet's destination IP address belongs.
  • the UP device can avoid the detour of downstream traffic without the need to publish detailed routes.
  • each IP address pool includes multiple IP addresses of one network segment, so each IP address pool may also be referred to as a network segment.
  • FIG. 3 is a flowchart of an address allocation method provided by an embodiment of the present application, and the method may be applied to a communication system in which CUs are separated, for example, may be applied to the communication system shown in FIG. 1 .
  • the communication system includes at least one UP backup group, and the IP address pools corresponding to each UP device in each UP backup group are different.
  • the method includes:
  • Step 101 The CP device sends an authentication request to the authentication server for instructing to authenticate the target client device, where the authentication request includes: indication information for instructing the target address pool corresponding to the target UP device.
  • the target client device goes online from the target UP device among the plurality of UP devices, that is, the target client accesses the network through the target UP device.
  • the CP device may generate an authentication request for instructing the target client device to perform authentication, and send the authentication request to the authentication server.
  • Step 102 The authentication server sends an authentication response to the CP device, where the authentication response includes the IP address allocated to the target client device, and the IP address is included in the target address pool corresponding to the target UP device.
  • the authentication server can authenticate the target client device. After determining that the target client device has passed the authentication, the authentication server may determine the target address pool corresponding to the target UP device based on the indication information. After that, the authentication server may determine to allocate an IP address to the target client device from the target address pool, and send an authentication response carrying the IP address to the CP device.
  • the CP device may send the IP address carried in the authentication response to the target client device.
  • the target client device can in turn access the network based on this IP address.
  • the embodiments of the present application provide an address allocation method, because the authentication request sent by the CP device includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, thus avoiding downlink traffic. detour.
  • the IP address pool corresponding to each UP device may be divided by the CP device 02 , or may also be divided by the authentication server 01 .
  • the method includes:
  • Step 201 The CP device exchanges dial-up protocol packets with the target client device through the target UP device.
  • the target client device when the target client device goes online based on the dialing protocol, it may first exchange dialing protocol packets with the CP device through the target UP device.
  • the dialing protocol may be an Ethernet-based point-to-point protocol (point to point protocol over Ethernet, PPPoE).
  • the dial-up protocol message may include: PPPoE active discovery initiation (PPPoE active discovery initiation, PADI) message, PPPoE active discovery service (PPPoE active discovery offer, PADO) message, PPPoE active discovery request (PPPoE active discovery request) message , PADR) message and PPPoE active discovery session (PPPoE active discovery session, PADS) message, etc.
  • Step 202 The CP device determines, based on the correspondence between the UP device and the address pool, indication information for indicating the target address pool corresponding to the target UP device.
  • the CP device may pre-plan the address pools corresponding to each UP device in each UP backup group, and generate and store the correspondence between the UP devices and the address pools. For example, the CP device may generate and store the correspondence between the identifier of the UP device and the related information of the address pool.
  • the CP device After the CP device completes the dialing protocol message through the interaction between the target UP device and the target client device, that is, after the CP device determines that the target client device goes online from the target UP device, it can determine the corresponding relationship of the target UP device based on the corresponding relationship. related information of the target address pool, and determine the related information as the indication information.
  • the relevant information of the address pool may be an identifier of the address pool, or may be a gateway address of the address pool.
  • the indication information determined by the CP device may be the identifier of the target address pool, or the gateway address of the target address pool.
  • the identifier of the address pool may be the name of the address pool, and the identifier of the UP device may be the IP address of the UP device.
  • the UP backup group in the communication system includes UP device 031 and UP device 032 .
  • Table 1 shows the correspondence between the IP address of the UP device stored in the CP device and the name of the address pool. Referring to Table 1, the name of the address pool corresponding to the IP address of the UP device 031: 10.x.x.2 is poo1, and the name of the address pool corresponding to the IP address of the UP device 032: 10.y.y.2 is poo2. Assuming that the target client device goes online from the UP device 031, the CP device 02 may determine, based on the correspondence shown in Table 1, that the name of the target address pool corresponding to the target UP device 031 is poo1.
  • IP address of the UP device The name of the address pool 10.x.x.2 pool1 10.y.y.2 pool2
  • Step 203 The CP device sends an authentication request to the authentication server, where the authentication request includes indication information.
  • the CP device After the CP device interacts with the target client device and completes the dialing protocol message, it further needs to send an authentication request to the authentication server for instructing the target client device to be authenticated.
  • the authentication request further includes indication information.
  • the CP device may add a type-length-value (type-length-value, TLV) field to the authentication request to carry the indication information.
  • TLV type-length-value
  • the CP device 01 can add an IPv6 address pool (Framed-IPv6-Pool) attribute in the authentication request, an IPv6 address prefix (Framed-IPv6-Pool) Ipv6-Prefix) attribute, or prefix delegated (prefix delegated, PD) attribute to carry the indication information.
  • IP version 6 IP version 6
  • the CP device 01 may add an address pool (Framed-Pool) attribute or a gateway address attribute to the authentication request to carry the indication information.
  • the authentication request may include the name of the target address pool: pool1, or the authentication request may include the gateway address of the target address pool: 10.x.x.1.
  • the UP device 032 corresponds to the address pool named pool2, and the gateway address of the address pool is 10.y.y.1. Then, the authentication request may include the name of the target address pool: pool2, or the authentication request may include the gateway address of the target address pool: 10.y.y.1.
  • Step 204 The authentication server determines the target address pool from a plurality of address pools according to the indication information.
  • multiple address pools are pre-stored in the authentication server.
  • the authentication server can authenticate the target client device.
  • the target address pool may be determined from a plurality of address pools stored in the target client device based on the indication information.
  • the authentication server may determine the address pool named pool1 among the multiple address pools stored in the authentication request as the target address pool.
  • Step 205 The authentication server determines the IP address allocated to the target client device from the target address pool.
  • the authentication server After the authentication server determines the target address pool, it can select an IP address from the target address pool and assign it to the target client device. For example, the authentication server may randomly select an IP address of the target client from the unallocated IP addresses in the target address pool.
  • the target address pool determined by the authentication server is the address pool named pool1
  • the range of IP addresses (ie network segments) included in the address pool named pool1 is 10.xx1 to 10.xx255 .
  • the authentication server may randomly select an unassigned IP address from 10.x.x.1 to 10.x.x.255 as the IP address of the target client device.
  • the IP address assigned by the authentication server to the target client device may be 10.x.x.3.
  • the CP device may plan the correspondence between the UP device and the address pool.
  • the authentication server only needs to store each address pool, and determine the target address pool according to the indication information carried in the authentication request. As a result, the data volume of the data to be stored in the authentication server is reduced, and the complexity of data processing of the authentication server can be avoided.
  • Step 206 The authentication server sends an authentication response to the CP device, where the authentication response includes the IP address.
  • the authentication server may send an authentication response for the target client to the CP device, and the authentication response may include an IP address assigned to the target client device.
  • the authentication response may include IP address: 10.x.x.3.
  • Step 207 The CP device sends the IP address to the target client device through the target UP device.
  • the CP device can send the IP address to the target client device through the dialing protocol message through the target UP device.
  • the target client device can in turn access the network based on this IP address.
  • the CP device 02 may send the IP address: 10.x.x.3 to the target client device through the UP device 031 .
  • the dial-up message protocol message may be a PPPoE message or a dynamic host configuration protocol (dynamic host configuration protocol, DHCP) message or the like.
  • the IP addresses allocated by the authentication server to the target client device are all selected from the target address pool corresponding to the target UP device, and the target client device goes online from the target UP device. Therefore, when the UP device advertises the route to the forwarding device, even if it only advertises the network segment route of the corresponding address pool without publishing the detailed route of the client device, it can ensure that the downstream traffic sent by the subsequent forwarding device will not be bypassed.
  • the authentication server 01 can assign an IP address to the client device 1 in the address pool named pool1 corresponding to the UP device 031, and can assign an IP address to the client device 2 in the address pool named pool2 corresponding to the UP device 032 . Therefore, it can be ensured that for the client device 1, the UP device 031 in the UP backup group is an online UP device of the client device 1, and both the upstream and downstream traffic of the client device 1 are forwarded through the UP device 031. Similarly, for the client device 2, the UP device 032 in the UP backup group is the UP device on which the client device 2 goes online, and both the upstream traffic and the downstream traffic of the client device 2 are forwarded through the UP device 032.
  • the embodiment of the present application provides an address allocation method, because the authentication request sent by the CP device includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, thus avoiding downlink traffic. detour.
  • the method includes:
  • Step 301 The CP device exchanges dialing protocol packets with the target client device through the target UP device.
  • step 301 For the implementation process of this step 301, reference may be made to the relevant description of the above-mentioned step 201, which will not be repeated here.
  • Step 302 The CP device sends an authentication request to the authentication server, where the authentication request includes indication information.
  • the CP device After the CP device interacts with the target client device through the target UP device and completes the dialing protocol message, that is, after the CP device determines that the target client device goes online from the target UP device, it can send a message to the authentication server indicating that the target client
  • the authentication request for the device to authenticate further includes indication information.
  • the indication information may be the identification of the target UP device, for example, may be the IP address of the UP device.
  • the identifier of the target UP device in the authentication request reference may be made to the relevant description of the foregoing step 203, which will not be repeated here.
  • the authentication request may include the IP address of the target UP device: 10.x.x.2.
  • Step 303 The authentication server determines the target address pool corresponding to the target UP device from the correspondence between the UP device and the address pool according to the indication information.
  • the authentication server may pre-plan the address pools corresponding to each UP device in each UP backup group, and generate and store the correspondence between the UP devices and the address pools. For example, the authentication server may generate and store the correspondence between the identification (eg, IP address) of the UP device and the related information of the address pool.
  • the authentication server may determine the relevant information of the target address pool corresponding to the target UP device from the corresponding relationship based on the indication information carried in the authentication request.
  • the relevant information of the address pool may be the identifier of the address pool (for example, the name of the address pool), or may be the gateway address of the address pool.
  • the authentication server may determine, based on the correspondence shown in Table 1, that the target address pool corresponding to the target UP device is the address pool named pool1.
  • the authentication server may also plan the correspondence between the UP device and the address pool.
  • the CP device only needs to carry the identifier of the target UP device in the sent authentication request.
  • the data amount of data to be stored in the CP device is reduced, and the complexity of data processing of the CP device can be avoided.
  • Step 304 The authentication server determines the IP address allocated to the target client device from the target address pool.
  • step 304 For the implementation process of this step 304, reference may be made to the relevant description of the above-mentioned step 205, which will not be repeated here.
  • Step 305 The authentication server sends an authentication response to the CP device, where the authentication response includes the IP address.
  • step 305 For the implementation process of this step 305, reference may be made to the relevant description of the above-mentioned step 206, which will not be repeated here.
  • Step 306 The CP device sends the IP address to the target client device through the target UP device.
  • step 306 For the implementation process of this step 306, reference may be made to the relevant description of the above-mentioned step 207, which will not be repeated here.
  • sequence of steps of the address allocation method provided in this embodiment of the present application may be appropriately adjusted, and the steps may be correspondingly increased or decreased according to the situation.
  • Any person skilled in the art who is familiar with the technical scope disclosed in the present application can easily think of any variation of the method, which should be covered by the protection scope of the present application, and thus will not be repeated here.
  • the embodiment of the present application provides an address allocation method, because the authentication request sent by the CP device includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, thus avoiding downlink traffic. detour.
  • FIG. 7 is a schematic structural diagram of an authentication server provided by an embodiment of the present application.
  • the authentication server 01 may be applied to a communication system in which CUs are separated, for example, the system shown in FIG. 1 or FIG. 5 .
  • the communication system further includes a CP device 02 and an UP backup group 03.
  • the UP backup group 03 includes multiple UP devices, and the IP address pools corresponding to each UP device in the multiple UP devices are different .
  • the plurality of UP devices may include a primary UP device and a backup UP device.
  • the multiple UP devices include at least one high-priority UP device and at least one low-priority UP device, and the priority of the routing information advertised by the high-priority UP device is higher than that of the low-priority UP device The priority of routing information.
  • the authentication server 01 may include:
  • a receiving module 011 configured to receive an authentication request sent by the CP device 02 and used to instruct the target client device to be authenticated, the authentication request including: indication information used to indicate the target address pool corresponding to the target UP device; wherein the The target client device goes online from the target UP device of the plurality of UP devices.
  • a sending module 012 configured to send an authentication response to the CP device according to the indication information, where the authentication response includes an IP address assigned to the target client device, and the IP address is included in the target address pool corresponding to the target UP device .
  • the sending module 012 For the functional realization of the sending module 012, reference may be made to the relevant descriptions of the above step 102, step 206 or step 305.
  • the authentication server 01 stores multiple address pools, and the indication information may be the identifier of the target address pool or the gateway address of the target address pool.
  • the sending module 012 can be used for:
  • the target address pool is determined from the plurality of address pools; and the IP address allocated for the target client device is determined from the target address pool.
  • the authentication server 01 stores the correspondence between the UP device and the address pool, and the indication information may be the identifier of the target UP device, such as the IP address of the target UP device.
  • the sending module 012 can be used for:
  • the target address pool corresponding to the target UP device is determined from the corresponding relationship; and the IP address allocated to the target client device is determined from the target address pool.
  • the authentication server 01 may further include:
  • the generating module 013 is configured to generate the corresponding relationship between the UP device and the address pool.
  • the embodiment of the present application provides an authentication server, because the authentication request received by the authentication server includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, thus avoiding downlink traffic. detour.
  • FIG. 9 is a schematic structural diagram of a CP device provided by an embodiment of the present application.
  • the CP device 02 may be applied to a communication system where CUs are separated, for example, may be applied to the system shown in FIG. 1 or FIG. 5 . 1 and 5, the communication system further includes an authentication server 01 and a UP backup group 03, the UP backup group 03 includes a plurality of UP devices, and the IP address pools corresponding to each UP device are different.
  • the plurality of UP devices may include a primary UP device and a backup UP device.
  • the multiple UP devices include at least one high-priority UP device and at least one low-priority UP device, and the priority of the routing information advertised by the high-priority UP device is higher than that of the low-priority UP device The priority of routing information.
  • the CP device 02 may include:
  • a sending module 021 configured to send an authentication request to the authentication server 01 for instructing the target client device to be authenticated, the authentication request including: indication information for instructing the target address pool corresponding to the target UP device, wherein the target The client device goes online from the target UP device of the plurality of UP devices.
  • the receiving module 022 is configured to receive an authentication response sent by the authentication server 01, where the authentication response includes an IP address allocated to the target client device, and the IP address is included in the target address pool corresponding to the target UP device.
  • the receiving module 022 For the functional realization of the receiving module 022, reference may be made to the relevant descriptions of the foregoing step 102, step 206 or step 305.
  • the CP device 02 stores the correspondence between the UP device and the address pool; the sending module 021 can be used for:
  • relevant information of the target address pool corresponding to the target UP device is determined; wherein, the relevant information is the identifier of the target address pool, or the gateway address of the target address pool.
  • the sending module 021 For the function implementation of the sending module 021, reference may also be made to the relevant description of the above step 202.
  • the CP device 02 may further include:
  • the generating module 023 is configured to generate the corresponding relationship between the UP device and the address pool.
  • the authentication server 01 stores the correspondence between the UP device and the address pool.
  • the indication information may be the identifier of the target UP device, for example, may be the IP address of the target UP device.
  • the embodiment of the present application provides a CP device, because the authentication request sent by the CP device includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, thus avoiding downlink traffic. detour.
  • the CP device and the authentication server provided in the embodiments of the present application may also be implemented by an application-specific integrated circuit (ASIC), or a programmable logic device (PLD), and the above-mentioned PLD may be It is a complex programmable logical device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL) or any combination thereof.
  • the address allocation method provided by the above method embodiments may also be implemented by software.
  • each module in the CP device and the authentication server may also be software modules.
  • FIG. 11 is a schematic structural diagram of an address allocation apparatus provided by an embodiment of the present application.
  • the apparatus 1000 may be applied to the authentication server 01 shown in FIG. 7 or FIG. 8 , or may be applied to the authentication server 01 shown in FIG. 9 or FIG. 10 .
  • the apparatus 1100 may include: a processor 1101 , a memory 1102 , a network interface 1103 and a bus 1104 .
  • the bus 1104 is used to connect the processor 1101 , the memory 1102 and the network interface 1103 .
  • the communication connection with other devices can be realized through the network interface 1103 (which may be wired or wireless).
  • a computer program for realizing various application functions is stored in the memory 1102 .
  • the processor 1101 may be a CPU, and the processor 1101 may also be other general-purpose processors, digital signal processors (digital signal processors, DSPs), ASICs, FPGAs, and graphics processors (graphics processors). processing unit, GPU) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • a general purpose processor may be a microprocessor or any conventional processor or the like.
  • Memory 1102 may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory.
  • the non-volatile memory may be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically programmable Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory.
  • Volatile memory may be random access memory (RAM), which acts as an external cache.
  • RAM random access memory
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • SDRAM synchronous dynamic random access memory
  • Double data rate synchronous dynamic random access memory double data date SDRAM, DDR SDRAM
  • enhanced synchronous dynamic random access memory enhanced SDRAM, ESDRAM
  • synchronous link dynamic random access memory direct rambus RAM, DR RAM
  • bus 1104 may also include a power bus, a control bus, a status signal bus, and the like. However, for clarity of illustration, the various buses are labeled as bus 1104 in the figure.
  • the processor 1101 in the apparatus 1100 is configured to receive, through the communication interface, an authentication request sent by the CP device 02 and used to instruct the target client device to be authenticated.
  • the authentication request includes: indication information for indicating the target address pool corresponding to the target UP device, and according to the indication information, sends an authentication response to the CP device through the communication interface; wherein, the target client device is selected from the plurality of UP devices.
  • the target UP device is online, and the authentication response includes the IP address allocated for the target client device, and the IP address is included in the target address pool corresponding to the target UP device.
  • the processor 1101 please refer to step 102 in the embodiment shown in FIG. 3 , steps 204 to 206 in the embodiment shown in FIG. 4 , and steps 303 to 305 in the embodiment shown in FIG. 6 . The detailed description is not repeated here.
  • the processor 1101 in the apparatus 1100 is configured to send an authentication request to the authentication server 01 through the communication interface for instructing the target client device to be authenticated.
  • the request includes: indication information for indicating the target address pool corresponding to the target UP device, and receiving an authentication response sent by the authentication server 01; wherein the target client device goes online from the target UP device in the plurality of UP devices,
  • the authentication response includes the IP address assigned to the target client device, and the IP address is included in the target address pool corresponding to the target UP device.
  • steps 101 to step 302 and step 306 will not be repeated here.
  • FIG. 12 is a schematic structural diagram of a network device provided by an embodiment of the present application, and the network device may be applied to a communication system such as that shown in FIG. 1 or FIG. 5 . And, the network device may be the CP device 02 in the communication system. As shown in FIG. 12 , the network device may include: a main control board 1201 and at least one interface board (an interface board is also called a line card or a service board), for example, an interface board 1202 and an interface board 1203 are shown in FIG. 12 . In the case of multiple interface boards, a switch fabric board 1204 may be included, and the switch fabric board 1204 is used to complete data exchange among the interface boards.
  • a switch fabric board 1204 may be included, and the switch fabric board 1204 is used to complete data exchange among the interface boards.
  • the main control board 1201 is used to complete functions such as system management, equipment maintenance, and protocol processing.
  • the interface boards 1202 and 1203 are used to provide various service interfaces (eg, POS interface, GE interface, ATM interface, etc.), and realize packet forwarding.
  • the main control board 1201 , the interface board 1202 and the interface board 1203 are connected to the system backplane through the system bus to realize intercommunication.
  • the interface board 1202 includes one or more central processing units 12021.
  • the central processing unit 12021 is used to control and manage the interface board 1202, communicate with the central processing unit 12011 on the main control board 1201, and perform packet forwarding processing.
  • the forwarding table entry memory 12024 on the interface board 1202 is used to store the forwarding table entry, and the central processing unit 12021 can forward the message by searching the forwarding table entry stored in the forwarding table entry memory 12024 .
  • the interface board 1202 includes one or more physical interface cards 12023 for receiving the message sent by the previous hop node, and sending the processed message to the next hop node according to the instruction of the central processing unit 12021 .
  • the specific implementation process will not be repeated here.
  • the specific functions of the central processing unit 12021 are also not repeated here.
  • the sending module 021 and the receiving module 022 in the CP device may be located in the interface board 1202
  • the generating module 023 may be located in the main control board 1201 .
  • this embodiment includes multiple interface boards and adopts a distributed forwarding mechanism.
  • the structure of the interface board 1203 is basically the same as that of the interface board 1202 , and the interface board 1203 The operations above are basically similar to those of the interface board 1202, and are not repeated for brevity.
  • the central processing unit 12021 and/or the network processor 12022 in the interface board 1202 in FIG. 12 may be dedicated hardware or chips.
  • an application-specific integrated circuit may be used to implement the above functions. Special hardware or chip processing is adopted for the so-called forwarding plane.
  • the central processing unit 12021 and/or the network processor 12022 may also use a general-purpose processor, such as a general-purpose CPU, to implement the functions described above.
  • main control boards 1201 there may be one or more main control boards 1201, and when there are more than one main control board, it may include an active main control board and a backup main control board.
  • the multiple interface boards can communicate with each other through one or more switch fabric boards. When there are multiple interface boards, they can jointly implement load sharing and redundant backup. Under the centralized forwarding architecture, the device does not need a switching network board, and the interface board is responsible for the processing function of the service data of the entire system.
  • the device Under the distributed forwarding architecture, the device includes multiple interface boards, which can realize data exchange among the multiple interface boards through the switching network board, and provide large-capacity data exchange and processing capabilities. Therefore, the data access and processing capabilities of network devices in a distributed architecture are greater than those in a centralized architecture.
  • the specific architecture used depends on the specific networking deployment scenario, and there is no restriction here.
  • the memory 12012 and the memory 12024 may be read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (RAM) Or other types of dynamic storage devices that can store information and instructions, and can also be electrically erasable programmable read-only memory (EEPROM), compact disc read-only Memory (CD- ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disc or other magnetic storage device, or capable of carrying or storing desired in the form of instructions or data structures program code and any other medium that can be accessed by a computer, but is not limited thereto.
  • ROM read-only memory
  • RAM random access memory
  • EEPROM electrically erasable programmable read-only memory
  • CD- ROM compact disc read-only Memory
  • optical disc storage including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.
  • magnetic disc or other magnetic storage device or capable of carrying or storing desired
  • the memory 12024 in the interface board 1202 may exist independently and be connected to the central processing unit 12021 through a communication bus; or, the memory 12024 may also be integrated with the central processing unit 12021.
  • the memory 12012 in the main control board 1201 may exist independently and be connected to the central processing unit 12011 through a communication bus; or, the memory 12012 may also be integrated with the central processing unit 12011.
  • the memory 12024 is used for storing program codes, and the execution is controlled by the central processing unit 12021, and the memory 12012 is used for storing the program codes, and the execution is controlled by the central processing unit 12011.
  • the central processing unit 12021 and/or the central processing unit 12011 can implement the address allocation method applied to the CP device provided by the above method embodiments by executing program codes.
  • One or more software modules may be included in the program code stored in memory 12024 and/or memory 12012.
  • the one or more software modules may be functional modules provided in the embodiments shown in any of the above-mentioned Figures 7 to 10 .
  • the physical interface card 12023 can be a device that uses any transceiver to communicate with other devices or communication networks, such as Ethernet, radio access network (RAN), wireless local area network (wireless local area networks, WLAN), etc.
  • RAN radio access network
  • WLAN wireless local area network
  • Embodiments of the present application further provide a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and the instructions can be executed by a processor to implement the steps executed by the authentication server 01 in the foregoing method embodiments.
  • Embodiments of the present application further provide a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and the instructions can be executed by a processor to implement the steps executed by the CP device 02 in the foregoing method embodiments.
  • the embodiments of the present application also provide a computer program product containing instructions, when the computer program product runs on a computer, the computer program product causes the computer to perform the steps performed by the authentication server 01 in the above method embodiments.
  • the embodiments of the present application also provide a computer program product containing instructions, when the computer program product runs on a computer, the computer program product causes the computer to execute the steps executed by the CP device 02 in the above method embodiments.
  • the embodiment of the present application further provides a communication system in which the CP and UP are separated.
  • the communication system may include: an authentication server 01, a CP device 02, and a UP backup group 03.
  • the UP backup group 03 It includes multiple UP devices, and the IP address pools corresponding to each UP device in the multiple UP devices are different.
  • the authentication server 01 may be the authentication server shown in FIG. 7 or FIG. 8 , or include the device shown in FIG. 11 .
  • the CP device 02 may be the device shown in FIG. 9 or FIG. 10 , or include the device shown in FIG. 11 .
  • the above embodiments may be implemented in whole or in part by software, hardware, firmware or any other combination.
  • the above-described embodiments may be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions. When the computer program instructions are loaded or executed on a computer, all or part of the processes or functions described in the embodiments of the present application are generated.
  • the computer may be a general purpose computer, special purpose computer, computer network, or other programmable device.
  • the computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server, or data center Transmission to another website site, computer, server, or data center is by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.).
  • the computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, a data center, or the like that contains one or more sets of available media.
  • the usable media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media.
  • the semiconductor medium may be a solid state drive (SSD).

Abstract

The present application relates to the technical field of communications. Provided are an address allocation method, device, and system. In the solution provided by the present application, an authentication request transmitted by a CP device comprises indication information used for indicating a target address pool corresponding to a target UP device. Therefore, an authentication server can allocate, from the target address pool corresponding to the target UP device according to the indication information, an IP address for a target client device. Since the IP address pools corresponding to the UP devices in an UP backup group are different, it can be ensured that after receiving a message that is transmitted to the target client device, a forwarding device can directly transmit the message to the target UP device. In addition, since the target client device enters an online state from the target UP device, the target UP device can directly transmit the message to the target client device, without needing to perform forwarding by means of other UP devices in the UP backup group, thereby avoiding downlink traffic detour.

Description

地址分配方法、设备及系统Address allocation method, device and system
本申请要求于2020年8月19日提交的申请号为202010838460.7、发明名称为“地址分配方法、设备及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202010838460.7 and the invention title "Address Assignment Method, Device and System" filed on August 19, 2020, the entire contents of which are incorporated into this application by reference.
技术领域technical field
本申请涉及通信技术领域,特别涉及一种地址分配方法、设备及系统。The present application relates to the field of communication technologies, and in particular, to an address allocation method, device and system.
背景技术Background technique
采用控制面(controller plane,CP)和用户面(user plane,UP)分离方案的网络接入系统包括:CP设备、转发设备、多个UP设备以及远程用户拨号认证服务(remote authentication dial in user service,RADIUS)服务器。其中,UP设备通过该转发设备与CP设备连接。并且,为了确保网络接入的可靠性,网络接入系统中的UP设备可以划分为多个备份组,每个备份组包括两个UP设备,其中一个UP设备为主UP设备,另一个UP设备为备UP设备。A network access system using the separation scheme of the control plane (CP) and the user plane (UP) includes: CP equipment, forwarding equipment, multiple UP equipment, and remote authentication dial in user service , RADIUS) server. The UP device is connected to the CP device through the forwarding device. In addition, in order to ensure the reliability of network access, the UP devices in the network access system can be divided into multiple backup groups, and each backup group includes two UP devices, one of which is the main UP device and the other UP device. For the preparation of UP equipment.
相关技术中,每个备份组中的两个UP设备共享一个互联网协议(Internet protocol,IP)地址池。客户端设备在通过备份组中的某个UP设备接入网络时,RADIUS服务器可以从该共享的IP地址池中选择一个IP地址作为该客户端设备的IP地址。客户端设备进而可以基于该IP地址接入网络。In the related art, two UP devices in each backup group share an Internet protocol (Internet protocol, IP) address pool. When a client device accesses the network through an UP device in the backup group, the RADIUS server can select an IP address from the shared IP address pool as the IP address of the client device. The client device, in turn, can access the network based on the IP address.
为了确保转发设备能够正常转发发往客户端设备的报文,每个UP设备需要向转发设备发布其所共享的地址池的网段路由。由于主UP设备发送的网段路由的优先级高于备UP设备发送的网络路由的优先级,因此转发设备在接收到目的地址属于该共享的地址池的报文时,会将该报文发送至主UP设备。但是,若该报文的接收方为从备UP设备接入网络的客户端设备,则主UP设备需要将该报文转发至备UP设备,再由备UP设备将该报文发送至该客户端设备。由此,导致下行流量绕行。To ensure that the forwarding device can normally forward the packets to the client device, each UP device needs to advertise the network segment route of the shared address pool to the forwarding device. Because the priority of the network segment route sent by the master UP device is higher than that of the network route sent by the backup UP device, when the forwarding device receives a packet whose destination address belongs to the shared address pool, it will send the packet. to the main UP device. However, if the recipient of the packet is a client device that accesses the network from the standby UP device, the master UP device needs to forward the packet to the standby UP device, and then the standby UP device sends the packet to the client end device. As a result, the downstream traffic is detoured.
发明内容SUMMARY OF THE INVENTION
本申请提供了一种地址分配方法、设备及系统,可以解决相关技术的通信系统中下行流量绕行的技术问题。The present application provides an address allocation method, device and system, which can solve the technical problem of bypassing downlink traffic in the communication system of the related art.
一方面,提供了一种地址分配方法,应用于CP和UP分离的通信系统中的认证服务器,该通信系统还包括CP设备和UP备份组,该UP备份组包括多个UP设备;该方法包括:认证服务器接收该CP设备发送的用于指示对目标客户端设备进行认证的认证请求,该认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息,之后,认证服务器可以根据该指示信息向该CP设备发送认证响应;其中,该目标客户端设备从该多个UP设备中的目标UP设备上线,即该目标客户端设备通过该目标UP设备接入网络,该多个UP设备中的各个UP设备对应的IP地址池不同;该认证响应包括为该目标客户端设备分配的IP地址,且该IP地址包括在该目标UP设备对应的目标地址池中。On the one hand, an address allocation method is provided, which is applied to an authentication server in a communication system in which CP and UP are separated, the communication system further includes a CP device and a UP backup group, and the UP backup group includes a plurality of UP devices; the method includes : The authentication server receives an authentication request sent by the CP device to instruct the target client device to be authenticated. The authentication request includes: indication information used to indicate the target address pool corresponding to the target UP device. The instruction information sends an authentication response to the CP device; wherein, the target client device goes online from the target UP device among the multiple UP devices, that is, the target client device accesses the network through the target UP device, and the multiple UP devices The IP address pools corresponding to each UP device in the UP device are different; the authentication response includes the IP address assigned to the target client device, and the IP address is included in the target address pool corresponding to the target UP device.
本申请提供的方案中,认证服务器可以基于认证请求中的指示信息,从目标UP设备对应的目标地址池中为目标客户端设备分配IP地址。由于UP备份组中各个UP设备对应的IP地址池不同,因此可以确保转发设备在接收到发往该目标客户端设备的报文后,能够直接将 该报文发往该目标UP设备。又由于目标客户端设备从该目标UP设备上线,因此该目标UP设备可以直接将该报文发送至目标客户端设备,从而避免了下行流量的绕行。In the solution provided by the present application, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information in the authentication request. Because the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. In addition, since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device, thereby avoiding the detour of downlink traffic.
可选地,该认证服务器中存储有多个地址池,该指示信息为该目标地址池的标识,或者该目标地址池的网关地址,该目标地址池的标识可以为目标地址池的名称;相应的,认证服务器根据该指示信息,向CP设备发送认证响应的过程可以包括:根据该指示信息,从该多个地址池中确定目标地址池,并从该目标地址池中确定为该目标客户端设备分配的IP地址。Optionally, the authentication server stores multiple address pools, and the indication information is the identifier of the target address pool, or the gateway address of the target address pool, and the identifier of the target address pool may be the name of the target address pool; corresponding The process of the authentication server sending an authentication response to the CP device according to the indication information may include: according to the indication information, determining a target address pool from the plurality of address pools, and determining the target client from the target address pool The IP address assigned by the device.
本申请提供的方案,可以由CP设备规划UP设备与地址池的对应关系。相应的,认证服务器中仅需存储各个地址池,并根据认证请求中携带的指示信息确定目标地址池即可。由此,降低了认证服务器中所需存储的数据的数据量,以及可以避免增加认证服务器的数据处理的复杂度。In the solution provided in this application, the CP device can plan the corresponding relationship between the UP device and the address pool. Correspondingly, the authentication server only needs to store each address pool, and determine the target address pool according to the indication information carried in the authentication request. As a result, the data volume of the data to be stored in the authentication server is reduced, and the complexity of data processing of the authentication server can be avoided.
可选地,该认证服务器还可以生成该UP设备与地址池的对应关系。也即是,可以由该认证服务器来规划UP设备与地址池的对应关系。Optionally, the authentication server may also generate a correspondence between the UP device and the address pool. That is, the authentication server can plan the correspondence between the UP device and the address pool.
可选地,该认证服务器中存储有UP设备与地址池的对应关系,该指示信息为该目标UP设备的标识,该目标UP设备的标识可以为目标UP设备的IP地址;相应的,认证服务器根据该指示信息,向CP设备发送认证响应的过程可以包括:根据该指示信息,从该对应关系中确定该目标UP设备对应的目标地址池,并从该目标地址池中确定为该目标客户端设备分配的IP地址。Optionally, the authentication server stores the correspondence between the UP device and the address pool, the indication information is the identifier of the target UP device, and the identifier of the target UP device can be the IP address of the target UP device; Correspondingly, the authentication server According to the indication information, the process of sending an authentication response to the CP device may include: according to the indication information, determining a target address pool corresponding to the target UP device from the corresponding relationship, and determining from the target address pool as the target client The IP address assigned by the device.
本申请提供的方案,还可以由认证服务器规划UP设备与地址池的对应关系。相应的,CP设备仅需在发送的认证请求中携带目标UP设备的标识即可。由此,降低了CP设备中所需存储的数据的数据量,以及可以避免增加CP设备的数据处理的复杂度。In the solution provided by this application, the authentication server can also plan the corresponding relationship between the UP device and the address pool. Correspondingly, the CP device only needs to carry the identifier of the target UP device in the sent authentication request. Thus, the data amount of data to be stored in the CP device is reduced, and the complexity of data processing of the CP device can be avoided.
可选地,多个UP设备包括至少一个高优先级的UP设备和至少一个低优先级的UP设备,所述高优先级的UP设备发布的路由信息的优先级高于该低优先级的UP设备发布的路由信息的优先级。其中,该高优先级的UP设备和低优先级的UP设备可以是由CP设备确定的。Optionally, the multiple UP devices include at least one high-priority UP device and at least one low-priority UP device, and the priority of the routing information advertised by the high-priority UP device is higher than that of the low-priority UP device. The priority of the routing information advertised by the device. Wherein, the high-priority UP device and the low-priority UP device may be determined by the CP device.
本申请提供的方案中,由于各个UP设备对应的IP地址池不同,且认证服务器可以从客户端设备上线的目标UP设备对应的目标地址池中为该客户端设备分配IP地址,因此即使客户端设备从低优先级的UP设备上线,也可以避免该客户端设备的下行流量绕行。In the solution provided in this application, since the IP address pools corresponding to each UP device are different, and the authentication server can assign an IP address to the client device from the target address pool corresponding to the target UP device where the client device goes online, even if the client device is online The device goes online from the low-priority UP device, which can also avoid the bypass of the downstream traffic of the client device.
另一方面,提供了一种地址分配方法,应用于CP和UP分离的通信系统中的CP设备,该通信系统还包括认证服务器和UP备份组,该UP备份组包括多个UP设备;该方法包括:CP设备向认证服务器发送用于指示对目标客户端设备进行认证的认证请求,该认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息,之后,CP设备可以接收该认证服务器发送的认证响应;其中,该目标客户端设备从该多个UP设备中的该目标UP设备上线,该多个UP设备中的各个UP设备对应的IP地址池不同;该认证响应包括为该目标客户端设备分配的IP地址,且该IP地址包括在该目标UP设备对应的目标地址池中。On the other hand, an address allocation method is provided, which is applied to a CP device in a communication system in which CP and UP are separated, the communication system further includes an authentication server and a UP backup group, and the UP backup group includes a plurality of UP devices; the method Including: the CP device sends an authentication request to the authentication server for instructing to authenticate the target client device, the authentication request includes: indication information for instructing the target address pool corresponding to the target UP device, and then the CP device can receive the authentication The authentication response sent by the server; wherein, the target client device goes online from the target UP device in the plurality of UP devices, and the IP address pools corresponding to each UP device in the plurality of UP devices are different; the authentication response includes for the The IP address assigned by the target client device, and the IP address is included in the target address pool corresponding to the target UP device.
由于CP设备发送的认证请求中包括用于指示目标UP设备对应的目标地址池的指示信息。因此,认证服务器可以基于该指示信息,从该目标UP设备对应的目标地址池中为目标客户端设备分配IP地址。由于UP备份组中各个UP设备对应的IP地址池不同,因此可以确保转发设备在接收到发往该目标客户端设备的报文后,能够直接将该报文发往该目标UP设备。又由于目标客户端设备从该目标UP设备上线,因此该目标UP设备可以直接将该报文发送至目标客户端设备,避免了下行流量的绕行。Because the authentication request sent by the CP device includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. In addition, since the target client device goes online from the target UP device, the target UP device can directly send the message to the target client device, avoiding the detour of the downstream traffic.
可选地,该CP设备中存储有UP设备与地址池的对应关系;CP设备向该认证服务器发送用于指示对目标客户端设备进行认证的认证请求的过程可以包括:基于该对应关系,确定该指示信息,该指示信息为该目标地址池的标识,或者该目标地址池的网关地址。Optionally, the CP device stores a corresponding relationship between the UP device and the address pool; the process of the CP device sending an authentication request to the authentication server for instructing to authenticate the target client device may include: based on the corresponding relationship, determining The indication information, where the indication information is the identifier of the target address pool, or the gateway address of the target address pool.
可选地,该CP设备还可以生成UP设备与地址池的对应关系。也即是,可以由CP设备来规划UP设备与地址池的对应关系。Optionally, the CP device may also generate a correspondence between the UP device and the address pool. That is, the CP device can plan the correspondence between the UP device and the address pool.
可选地,该指示信息可以为该目标UP设备的标识。Optionally, the indication information may be the identifier of the target UP device.
又一方面,提供了一种认证服务器,应用于CP和UP分离的通信系统中,该通信系统还包括CP设备和UP备份组,该UP备份组包括多个UP设备,各个UP设备对应的IP地址池不同;该认证服务器可以包括至少一个模块,且该至少一个模块可以用于实现上述方面所提供的应用于该认证服务器的地址分配方法。In another aspect, an authentication server is provided, which is applied in a communication system in which the CP and UP are separated, the communication system further includes a CP device and an UP backup group, the UP backup group includes a plurality of UP devices, and the IP address corresponding to each UP device is The address pools are different; the authentication server may include at least one module, and the at least one module may be used to implement the address allocation method applied to the authentication server provided by the above aspects.
再一方面,提供了一种CP设备,应用于CP和UP分离的通信系统中,通信系统还包括认证服务器和UP备份组,该UP备份组包括多个UP设备,各个UP设备对应的IP地址池不同;该CP设备可以包括至少一个模块,且该至少一个模块可以用于实现上述方面所提供的应用于该CP设备的地址分配方法。In another aspect, a CP device is provided, which is applied in a communication system in which the CP and UP are separated, the communication system further includes an authentication server and an UP backup group, the UP backup group includes a plurality of UP devices, and the IP addresses corresponding to each UP device The pools are different; the CP device may include at least one module, and the at least one module may be used to implement the address allocation method applied to the CP device provided by the above aspects.
再一方面,提供了一种认证服务器,应用于CP和UP分离的通信系统中,该通信系统还包括CP设备和UP备份组,该UP备份组包括多个UP设备,该多个UP设备中的各个UP设备对应的IP地址池不同;该认证服务器可以包括:存储器,处理器及存储在该存储器上并可在该处理器上运行的计算机程序,该处理器执行该计算机程序时实现如上述方面所提供的应用于该认证服务器的地址分配方法。In yet another aspect, an authentication server is provided, which is applied in a communication system in which CP and UP are separated, the communication system further includes a CP device and a UP backup group, the UP backup group includes a plurality of UP devices, among the plurality of UP devices The IP address pools corresponding to each UP device are different; the authentication server can include: a memory, a processor and a computer program stored on the memory and running on the processor, and when the processor executes the computer program, realize as described above The address allocation method provided by the aspect is applied to the authentication server.
再一方面,提供了一种CP设备,应用于CP和UP分离的通信系统中,通信系统还包括认证服务器和UP备份组,该UP备份组包括多个UP设备,各个UP设备对应的IP地址池不同;该CP设备可以包括:存储器,处理器及存储在该存储器上并可在该处理器上运行的计算机程序,该处理器执行该计算机程序时实现如上述方面所提供的应用于该CP设备的地址分配方法。In another aspect, a CP device is provided, which is applied in a communication system in which the CP and UP are separated, the communication system further includes an authentication server and an UP backup group, the UP backup group includes a plurality of UP devices, and the IP addresses corresponding to each UP device The pools are different; the CP device may include: a memory, a processor, and a computer program stored on the memory and running on the processor, and when the processor executes the computer program, the application to the CP as provided in the above-mentioned aspects is implemented. The address assignment method of the device.
再一方面,提供了一种网络设备,该网络设备可以包括:主控板和接口板,该接口板可以用于实现上述方面提供的应用于CP设备的地址分配方法。In another aspect, a network device is provided, the network device may include: a main control board and an interface board, and the interface board may be used to implement the address allocation method applied to a CP device provided in the above aspect.
再一方面,提供了一种网络设备,该网络设备为CP和UP分离的通信系统中的CP设备,该通信系统还包括认证服务器和UP备份组,该UP备份组包括多个UP设备;该网络设备包括:主控板和接口板。主控板包括:第一处理器和第一存储器。接口板包括:第二处理器、第二存储器和接口卡。主控板和接口板耦合。第二存储器可以用于存储程序代码,第二处理器用于调用第二存储器中的程序代码,触发接口卡执行如下操作:向认证服务器发送用于指示对目标客户端设备进行认证的认证请求,该认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息;接收该认证服务器发送的认证响应;其中,该目标客户端设备从该多个UP设备中的该目标UP设备上线,该多个UP设备中的各个UP设备对应的IP地址池不同;该认证响应包括为该目标客户端设备分配的IP地址,且该IP地址包括在该目标UP设备对应的目标地址池中。In yet another aspect, a network device is provided, the network device is a CP device in a communication system in which CP and UP are separated, the communication system further includes an authentication server and a UP backup group, and the UP backup group includes a plurality of UP devices; the Network equipment includes: main control board and interface board. The main control board includes: a first processor and a first memory. The interface board includes: a second processor, a second memory and an interface card. The main control board and the interface board are coupled. The second memory may be used to store program codes, and the second processor may be used to call the program codes in the second memory to trigger the interface card to perform the following operations: send an authentication request for instructing the target client device to be authenticated to the authentication server, the The authentication request includes: indication information for indicating the target address pool corresponding to the target UP device; receiving an authentication response sent by the authentication server; wherein, the target client device goes online from the target UP device in the plurality of UP devices, and the The IP address pools corresponding to each UP device in the multiple UP devices are different; the authentication response includes the IP address allocated to the target client device, and the IP address is included in the target address pool corresponding to the target UP device.
再一方面,提供了一种计算机可读存储介质,该计算机可读存储介质中存储有指令,该指令由处理器执行以实现如上述任一方面所提供的地址分配方法。In yet another aspect, a computer-readable storage medium is provided, and instructions are stored in the computer-readable storage medium, and the instructions are executed by a processor to implement the address allocation method provided by any of the above aspects.
再一方面,提供了一种包含指令的计算机程序产品,当该计算机程序产品在计算机上运行时,使得计算机执行如上述任一方面所提供的地址分配方法。In yet another aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the address allocation method provided by any of the above aspects.
再一方面,提供了一种CP和UP分离的通信系统,该通信系统包括如上述方面所提供的认 证服务器,如上述方面所提供的CP设备,以及UP备份组;该UP备份组包括多个UP设备,且该多个UP设备中的各个UP设备对应的IP地址池不同。In yet another aspect, a communication system in which CP and UP are separated is provided, and the communication system includes the authentication server provided by the above-mentioned aspects, the CP device provided by the above-mentioned aspects, and a UP backup group; the UP backup group includes a plurality of UP devices, and the IP address pools corresponding to each UP device in the multiple UP devices are different.
综上所述,本申请实施例提供了一种地址分配方法、设备及系统。由于CP设备发送的认证请求中包括用于指示目标UP设备对应的目标地址池的指示信息。因此,认证服务器可以基于该指示信息,从该目标UP设备对应的目标地址池中为目标客户端设备分配IP地址。由于UP备份组中各个UP设备对应的IP地址池不同,因此可以确保转发设备在接收到发往该目标客户端设备的报文后,能够直接将该报文发往该目标UP设备。又由于目标客户端设备从该目标UP设备上线,因此该目标UP设备可以直接将该报文发送至目标客户端设备,而无需再通过UP备份组中的其他UP设备转发,避免了下行流量的绕行。To sum up, the embodiments of the present application provide an address allocation method, device, and system. Because the authentication request sent by the CP device includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, avoiding the downlink traffic. bypass.
附图说明Description of drawings
图1是本申请实施例提供的一种CU分离的通信系统的结构示意图;1 is a schematic structural diagram of a communication system with CU separation provided by an embodiment of the present application;
图2是一种下行流量绕行的示意图;Figure 2 is a schematic diagram of a downlink traffic bypass;
图3是本申请实施例提供的一种地址分配方法的流程图;3 is a flowchart of an address allocation method provided by an embodiment of the present application;
图4是本申请实施例提供的另一种地址分配方法的流程图;4 is a flowchart of another address allocation method provided by an embodiment of the present application;
图5是本申请实施例提供的另一种CU分离的通信系统的结构示意图;5 is a schematic structural diagram of another CU-separated communication system provided by an embodiment of the present application;
图6是本申请实施例提供的又一种地址分配方法的流程图;6 is a flowchart of another address allocation method provided by an embodiment of the present application;
图7是本申请实施例提供的一种认证服务器的结构示意图;7 is a schematic structural diagram of an authentication server provided by an embodiment of the present application;
图8是本申请实施例提供的另一种认证服务器的结构示意图;8 is a schematic structural diagram of another authentication server provided by an embodiment of the present application;
图9是本申请实施例提供的一种CP设备的结构示意图;9 is a schematic structural diagram of a CP device provided by an embodiment of the present application;
图10是本申请实施例提供的另一种CP设备的结构示意图;10 is a schematic structural diagram of another CP device provided by an embodiment of the present application;
图11是本申请实施例提供的一种地址分配装置的结构示意图;11 is a schematic structural diagram of an address allocation apparatus provided by an embodiment of the present application;
图12是本申请实施例提供的一种网络设备的结构示意图。FIG. 12 is a schematic structural diagram of a network device provided by an embodiment of the present application.
具体实施方式detailed description
下面结合附图详细介绍本申请实施例提供的地址分配方法、设备及系统。The address allocation method, device, and system provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
宽带远程接入服务器(broadband remote access server,BRAS)是面向宽带网络应用的新型接入网关,也称为宽带网络网关(broadband network gateway,BNG)或者虚拟BNG(virtual BNG,VBNG)。该BRAS一般采用CP设备和UP设备分离(disaggregated)的方式进行部署。在CP和UP分离(也称为CU分离)部署的BRAS中,多个UP设备分散部署,每个UP设备作为BNG(或者VBNG)的用户平面,用于基于CP设备下发的用户表项实现用户报文的转发,以及实现基于服务质量(quality of service,QoS)和访问控制列表(access control lists,ACL)等技术的流量策略。CP设备可以采用云化技术实现并集中部署,其作为BNG(或者VBNG)的控制平面,用于实现对客户端设备(也可以称为用户)的控制与管理,以及对多个UP设备的统一管理。例如,CP设备主要负责客户端设备的上线、下发配置和用户表项等。其中,UP设备也可以称为转发面设备,因此CU分离也可以称为转发和控制分离,即转控分离。采用该CU分离的方式进行部署的系统也称为CU分离的通信系统,或者转控分离的通信系统。Broadband remote access server (BRAS) is a new type of access gateway for broadband network applications, also known as broadband network gateway (BNG) or virtual BNG (virtual BNG, VBNG). The BRAS is generally deployed in a manner in which the CP device and the UP device are disaggregated. In a BRAS with CP and UP separation (also called CU separation) deployed, multiple UP devices are deployed in a scattered manner, and each UP device acts as the user plane of the BNG (or VBNG), which is used to implement user entries based on the CP device. Forwarding of user packets, and implementing traffic policies based on technologies such as quality of service (QoS) and access control lists (ACL). The CP device can be implemented and deployed centrally using cloud technology. As the control plane of the BNG (or VBNG), it is used to control and manage client devices (also called users) and unify multiple UP devices. manage. For example, the CP device is mainly responsible for going online, delivering configurations, and user entries of client devices. The UP device may also be referred to as a forwarding plane device, so CU separation may also be referred to as forwarding and control separation, that is, forwarding and control separation. A system deployed in this CU separation manner is also referred to as a CU separated communication system, or a transfer control separated communication system.
图1是本申请实施例提供的一种CU分离的通信系统的结构示意图,且图1以该通信系统为宽带远程接入系统为例进行说明。如图1所示,该系统可以包括:认证服务器01、CP设备02以 及至少一个UP备份组03,每个UP备份组03包括多个UP设备,该多个UP设备互为备份UP设备。也即是,该多个UP设备中的每个UP设备均可以为主UP设备,且其他UP设备均可以作为该主UP设备的备UP设备。每个备UP设备中能够备份有主UP设备中的数据,在主UP设备故障时,可以由备UP设备接替主UP设备工作,由此可以确保UP设备工作时的可靠性。例如,图1中示意性示出了一个UP备份组03,该UP备份组03包括UP设备031和UP设备032。其中,该UP设备031可以作为UP设备032的备UP设备,UP设备032也可以作为UP设备031的备UP设备。FIG. 1 is a schematic structural diagram of a communication system with CU separation provided by an embodiment of the present application, and FIG. 1 is described by taking the communication system being a broadband remote access system as an example. As shown in FIG. 1, the system may include: an authentication server 01, a CP device 02, and at least one UP backup group 03, each UP backup group 03 includes multiple UP devices, and the multiple UP devices are backup UP devices for each other. That is, each UP device in the plurality of UP devices can be a primary UP device, and other UP devices can be used as backup UP devices of the primary UP device. Each backup UP device can back up the data in the primary UP device. When the primary UP device fails, the backup UP device can take over the work of the primary UP device, thereby ensuring the reliability of the UP device during operation. For example, a UP backup group 03 is schematically shown in FIG. 1 , and the UP backup group 03 includes an UP device 031 and an UP device 032 . The UP device 031 may serve as a backup UP device of the UP device 032 , and the UP device 032 may also serve as a backup UP device of the UP device 031 .
该CP设备02一般部署在运营商的数据中心(data center,DC)机房,也称为核心机房;各个UP设备则可以分散部署在不同的汇聚机房,也称为边缘机房。并且,该CP设备02可以包括部署在物理服务器上的多个虚拟机(virtual machine,VM)。每个UP设备02可以为实体的物理UP(physic UP,pUP)设备,或者也可以为虚拟UP(virtual UP,vUP)设备,例如,UP设备02可以为部署在物理服务器上的VM。The CP device 02 is generally deployed in an operator's data center (DC) computer room, also called a core computer room; each UP device can be deployed in different aggregation computer rooms, also called an edge computer room. Also, the CP device 02 may include a plurality of virtual machines (virtual machines, VMs) deployed on a physical server. Each UP device 02 may be a physical physical UP (physic UP, pUP) device, or may also be a virtual UP (virtual UP, vUP) device, for example, the UP device 02 may be a VM deployed on a physical server.
如图1所示,每个UP设备可以通过转发设备04与CP设备02建立通信连接,且每个UP设备还可以通过接入设备05与客户端设备(图1中未示出)建立通信连接。其中,客户端设备也可以称为用户设备,其可以为家庭网关(residential gateway,RGW)、手机、笔记本电脑或者台式电脑等设备。该转发设备04可以为交换机或路由器等,例如,可以为核心层路由器(core router,CR)。该接入设备05也可以称为接入节点(access node,AN)。该接入设备05可以为交换机(switch,SW)、光线路终端(optical line terminal,OLT)或者数字用户线路接入复用器(digital subscriber line access multiplexer,DSLAM)等。As shown in FIG. 1 , each UP device can establish a communication connection with the CP device 02 through the forwarding device 04 , and each UP device can also establish a communication connection with the client device (not shown in FIG. 1 ) through the access device 05 . The client device may also be referred to as user equipment, which may be a device such as a residential gateway (RGW), a mobile phone, a notebook computer, or a desktop computer. The forwarding device 04 may be a switch or a router, for example, may be a core router (core router, CR). The access device 05 may also be referred to as an access node (access node, AN). The access device 05 may be a switch (switch, SW), an optical line terminal (optical line terminal, OLT), or a digital subscriber line access multiplexer (digital subscriber line access multiplexer, DSLAM) or the like.
可选地,该认证服务器01可以为远程用户拨号认证服务(remote authentication dial in user service,RADIUS)服务器。该认证服务器01支持验证、授权和计费(authentication authorization accounting,AAA)协议。如图1所示,该认证服务器01与CP设备02建立有通信连接。CP设备02在通过UP设备完成与客户端设备的拨号协议报文(也可以称为接入协议报文)的交互后,可以向认证服务器01发送针对该客户端设备的认证请求。认证服务器01可以对该客户端设备进行认证,并可以在确定该客户端设备认证通过后,为该客户端设备分配IP地址,以及向CP设备02发送携带有该IP地址的认证响应。CP设备02接收到该认证响应后,可以将该IP地址通过UP设备发送至客户端设备,客户端设备进而可以基于该IP地址访问网络。Optionally, the authentication server 01 may be a remote authentication dial in user service (remote authentication dial in user service, RADIUS) server. The authentication server 01 supports authentication, authorization and accounting (authentication authorization accounting, AAA) protocols. As shown in FIG. 1 , the authentication server 01 has established a communication connection with the CP device 02 . After the CP device 02 completes the interaction with the client device in dialing protocol packets (also referred to as access protocol packets) through the UP device, the CP device 02 may send an authentication request for the client device to the authentication server 01 . The authentication server 01 can authenticate the client device, and after determining that the client device has passed the authentication, assign an IP address to the client device, and send an authentication response carrying the IP address to the CP device 02 . After receiving the authentication response, the CP device 02 can send the IP address to the client device through the UP device, and the client device can then access the network based on the IP address.
相关技术的通信系统中,由于每个UP备份组中的各个UP设备共享同一个IP地址池,因此各个UP设备可以向转发设备04发布同一个IP地址池的网段路由。例如,参考图2,假设UP备份组包括UP设备031和UP设备032,客户端设备1从UP设备031的子接口1(port1)上线,客户端设备2从UP设备032的子接口2(port2)上线。则对于客户端设备1和客户端设备2,认证服务器01均可以在该UP备份组所共享的IP地址池中为客户端设备该分配IP地址。对于每个UP备份组,CP设备02还可以在该UP备份组中指定至少一个高优先级的UP设备,其他UP设备则为低优先级的UP设备。其中,该高优先级的UP设备发布的路由信息(例如网段路由)的优先级高于低优先级的UP设备发布的路由信息的优先级。In the communication system of the related art, since each UP device in each UP backup group shares the same IP address pool, each UP device can advertise the network segment route of the same IP address pool to the forwarding device 04 . For example, referring to FIG. 2 , assuming that the UP backup group includes UP device 031 and UP device 032, client device 1 goes online from sub-interface 1 (port1) of UP device 031, and client device 2 goes online from sub-interface 2 (port2) of UP device 032 )online. Then, for both the client device 1 and the client device 2, the authentication server 01 can allocate IP addresses to the client devices in the IP address pool shared by the UP backup group. For each UP backup group, the CP device 02 may also designate at least one UP device with high priority in the UP backup group, and other UP devices are UP devices with low priority. The priority of the routing information (for example, network segment routing) advertised by the UP device with the high priority is higher than the priority of the routing information advertised by the UP device with the low priority.
若在如图2所示的系统中,UP设备031为高优先级的UP设备,UP设备032为低优先级的UP设备,则当转发设备04接收到发往该客户端设备2的报文时,会将该报文发送至该UP设备031。又由于客户端设备2是从UP设备032上线的,因此UP设备031会通过UP间保护隧道将该报文转发至UP设备032,然后再由UP设备032发送至客户端设备2,由此导致下行流量绕行。也即是,相关技术中的方案,从低优先级的UP设备上线的客户端设备的下行流量会绕行。其中,该UP间保护隧道可以为标签转发路径(label switched path,LSP)隧道。If in the system shown in FIG. 2 , the UP device 031 is a high-priority UP device, and the UP device 032 is a low-priority UP device, then when the forwarding device 04 receives the packet destined for the client device 2 , the message will be sent to the UP device 031. Since client device 2 goes online from UP device 032, UP device 031 forwards the packet to UP device 032 through the inter-UP protection tunnel, and then the UP device 032 sends the packet to client device 2, resulting in Downstream traffic bypasses. That is, in the solution in the related art, the downlink traffic of the client device going online from the low-priority UP device will be bypassed. The inter-UP protection tunnel may be a label switched path (label switched path, LSP) tunnel.
为了避免流量绕行,每个UP设备在向转发设备04发布路由时,也可以发布从该UP设备上线的客户端设备的明细路由。转发设备04进而可以基于该明细路由,将发往客户端设备的报文发送至该客户端设备所接入的UP设备。但是,由于从每个UP设备上线的客户端设备的数量较多,因此UP设备发送明细路由时的数据量较大,路由发布效率较低。In order to avoid traffic detour, when each UP device advertises the route to the forwarding device 04, it can also advertise the detailed route of the client device going online from the UP device. The forwarding device 04 may further send the packet addressed to the client device to the UP device to which the client device is connected based on the detailed route. However, due to the large number of client devices going online from each UP device, the amount of data when the UP device sends the detailed route is relatively large, and the route advertisement efficiency is low.
本申请实施例提供的通信系统中,UP备份组中的每个UP设备均对应一个IP地址池,且不同UP设备对应的IP地址池不同。也即是,每个UP备份组中的各个UP设备不再共享同一个IP地址池。相应的,认证服务器01在为客户端设备分配IP地址时,可以从该客户端设备所接入的UP设备对应的IP地址池中,为该客户端设备分配IP地址。并且,每个UP设备在向转发设备04发布网段路由时,可以发布其所对应的IP地址池的网段路由。由此,当转发设备04接收到发往某个客户端设备的报文时,即可基于该报文的目的IP地址所属的IP地址池,将该报文发送至该客户端设备所接入的UP设备,从而可以在无需发布明细路由的前提下,避免下行流量的绕行。In the communication system provided by the embodiment of the present application, each UP device in the UP backup group corresponds to an IP address pool, and the IP address pools corresponding to different UP devices are different. That is, each UP device in each UP backup group no longer shares the same IP address pool. Correspondingly, when assigning an IP address to a client device, the authentication server 01 may assign an IP address to the client device from the IP address pool corresponding to the UP device to which the client device is connected. Moreover, when each UP device advertises the network segment route to the forwarding device 04, it can advertise the network segment route of its corresponding IP address pool. In this way, when the forwarding device 04 receives a packet addressed to a client device, it can send the packet to the client device to which the destination IP address of the packet belongs based on the IP address pool to which the packet's destination IP address belongs. The UP device can avoid the detour of downstream traffic without the need to publish detailed routes.
在本申请实施例中,每个IP地址池包括一个网段的多个IP地址,因此每个IP地址池也可以称为一个网段。In this embodiment of the present application, each IP address pool includes multiple IP addresses of one network segment, so each IP address pool may also be referred to as a network segment.
图3是本申请实施例提供的一种地址分配方法的流程图,该方法可以应用于CU分离的通信系统,例如可以应用于图1所示的通信系统。该通信系统中包括至少一个UP备份组,每个UP备份组中各个UP设备对应的IP地址池不同。参考图3,该方法包括:FIG. 3 is a flowchart of an address allocation method provided by an embodiment of the present application, and the method may be applied to a communication system in which CUs are separated, for example, may be applied to the communication system shown in FIG. 1 . The communication system includes at least one UP backup group, and the IP address pools corresponding to each UP device in each UP backup group are different. Referring to Figure 3, the method includes:
步骤101、CP设备向认证服务器发送用于指示对目标客户端设备进行认证的认证请求,该认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息。Step 101: The CP device sends an authentication request to the authentication server for instructing to authenticate the target client device, where the authentication request includes: indication information for instructing the target address pool corresponding to the target UP device.
其中,该目标客户端设备从该多个UP设备中的该目标UP设备上线,即该目标客户端通过该目标UP设备接入网络。在本申请实施例中,CP设备在通过该目标UP设备完成与该目标客户端设备之间的拨号协议报文的交互后,可以生成用于指示对该目标客户端设备进行认证的认证请求,并向认证服务器发送该认证请求。The target client device goes online from the target UP device among the plurality of UP devices, that is, the target client accesses the network through the target UP device. In this embodiment of the present application, after the CP device completes the interaction of dialing protocol packets with the target client device through the target UP device, the CP device may generate an authentication request for instructing the target client device to perform authentication, and send the authentication request to the authentication server.
步骤102、认证服务器向CP设备发送认证响应,该认证响应包括为该目标客户端设备分配的IP地址,且该IP地址包括在该目标UP设备对应的目标地址池中。Step 102: The authentication server sends an authentication response to the CP device, where the authentication response includes the IP address allocated to the target client device, and the IP address is included in the target address pool corresponding to the target UP device.
认证服务器接收到该认证请求后,可以对该目标客户端设备进行认证。认证服务器在确定该目标客户端设备认证通过后,可以基于该指示信息确定该目标UP设备对应的目标地址池。之后,认证服务器即可从该目标地址池中确定为该目标客户端设备分配IP地址,并向CP设备发送携带有该IP地址的认证响应。After receiving the authentication request, the authentication server can authenticate the target client device. After determining that the target client device has passed the authentication, the authentication server may determine the target address pool corresponding to the target UP device based on the indication information. After that, the authentication server may determine to allocate an IP address to the target client device from the target address pool, and send an authentication response carrying the IP address to the CP device.
CP设备接收到该认证响应后,可以将该认证响应中携带的IP地址发送至目标客户端设备。目标客户端设备进而可以基于该IP地址访问网络。After receiving the authentication response, the CP device may send the IP address carried in the authentication response to the target client device. The target client device can in turn access the network based on this IP address.
综上所述,本申请实施例提供了一种地址分配方法,由于CP设备发送的认证请求中包括用于指示该目标UP设备对应的目标地址池的指示信息。因此,认证服务器可以基于该指示信息,从该目标UP设备对应的目标地址池中为目标客户端设备分配IP地址。由于UP备份组中各个UP设备对应的IP地址池不同,因此可以确保转发设备在接收到发往该目标客户端设备的报文后,能够直接将该报文发往该目标UP设备。又由于目标客户端设备从该目标UP设备上线,因此该目标UP设备可以直接将该报文发送至目标客户端设备,而无需再通过UP备份组中的其他UP设备转发,从而避免了下行流量的绕行。To sum up, the embodiments of the present application provide an address allocation method, because the authentication request sent by the CP device includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, thus avoiding downlink traffic. detour.
在本申请实施例中,每个UP备份组中,各个UP设备所对应的IP地址池可以是由CP设备02划分的,或者,也可以是由该认证服务器01划分的。In this embodiment of the present application, in each UP backup group, the IP address pool corresponding to each UP device may be divided by the CP device 02 , or may also be divided by the authentication server 01 .
下文以各个UP设备所对应的IP地址池由该CP设备02划分为例,对本申请实施例提供的地址分配方法进行说明。参考图4,该方法包括:The following describes the address allocation method provided by the embodiment of the present application by taking the IP address pool corresponding to each UP device divided by the CP device 02 as an example. Referring to Figure 4, the method includes:
步骤201、CP设备通过目标UP设备与目标客户端设备交互拨号协议报文。Step 201: The CP device exchanges dial-up protocol packets with the target client device through the target UP device.
在本申请实施例中,目标客户端设备在基于拨号协议上线时,可以先通过目标UP设备与CP设备交互拨号协议报文。其中,该拨号协议可以为基于以太网的点对点协议(point to point protocol over Ethernet,PPPoE)。相应的,该拨号协议报文可以包括:PPPoE主动发现发起(PPPoE active discovery initiation,PADI)报文、PPPoE主动发现服务(PPPoE active discovery offer,PADO)报文、PPPoE主动发现请求(PPPoE active discovery request,PADR)报文以及PPPoE主动发现会话(PPPoE active discovery session,PADS)报文等。In this embodiment of the present application, when the target client device goes online based on the dialing protocol, it may first exchange dialing protocol packets with the CP device through the target UP device. The dialing protocol may be an Ethernet-based point-to-point protocol (point to point protocol over Ethernet, PPPoE). Correspondingly, the dial-up protocol message may include: PPPoE active discovery initiation (PPPoE active discovery initiation, PADI) message, PPPoE active discovery service (PPPoE active discovery offer, PADO) message, PPPoE active discovery request (PPPoE active discovery request) message , PADR) message and PPPoE active discovery session (PPPoE active discovery session, PADS) message, etc.
步骤202、CP设备基于UP设备与地址池的对应关系,确定用于指示该目标UP设备对应的目标地址池的指示信息。Step 202: The CP device determines, based on the correspondence between the UP device and the address pool, indication information for indicating the target address pool corresponding to the target UP device.
在本申请实施例中,CP设备可以预先规划每个UP备份组中,各个UP设备对应的地址池,生成并存储UP设备与地址池的对应关系。例如,CP设备可以生成并存储UP设备的标识与地址池的相关信息的对应关系。CP设备在通过目标UP设备与目标客户端设备交互完成拨号协议报文之后,即CP设备在确定目标客户端设备从目标UP设备上线后,即可基于该对应关系,确定出该目标UP设备对应的目标地址池的相关信息,并将该相关信息确定为该指示信息。其中,该地址池的相关信息可以为地址池的标识,或者可以是地址池的网关地址。相应的,该CP设备确定出的指示信息可以为目标地址池的标识,或者目标地址池的网关地址。其中,地址池的标识可以为地址池的名称,UP设备的标识可以为UP设备的IP地址。In this embodiment of the present application, the CP device may pre-plan the address pools corresponding to each UP device in each UP backup group, and generate and store the correspondence between the UP devices and the address pools. For example, the CP device may generate and store the correspondence between the identifier of the UP device and the related information of the address pool. After the CP device completes the dialing protocol message through the interaction between the target UP device and the target client device, that is, after the CP device determines that the target client device goes online from the target UP device, it can determine the corresponding relationship of the target UP device based on the corresponding relationship. related information of the target address pool, and determine the related information as the indication information. The relevant information of the address pool may be an identifier of the address pool, or may be a gateway address of the address pool. Correspondingly, the indication information determined by the CP device may be the identifier of the target address pool, or the gateway address of the target address pool. The identifier of the address pool may be the name of the address pool, and the identifier of the UP device may be the IP address of the UP device.
示例的,假设如图1所示,该通信系统中的UP备份组包括UP设备031和UP设备032。CP设备中存储的UP设备的IP地址与地址池的名称的对应关系如表1所示。参考表1,该UP设备031的IP地址:10.x.x.2对应的地址池的名称为poo1,该UP设备032的IP地址:10.y.y.2对应的地址池的名称为poo2。假设目标客户端设备从UP设备031上线,则CP设备02可以基于表1所示的对应关系,确定出该目标UP设备031对应的目标地址池的名称为poo1。As an example, it is assumed that as shown in FIG. 1 , the UP backup group in the communication system includes UP device 031 and UP device 032 . Table 1 shows the correspondence between the IP address of the UP device stored in the CP device and the name of the address pool. Referring to Table 1, the name of the address pool corresponding to the IP address of the UP device 031: 10.x.x.2 is poo1, and the name of the address pool corresponding to the IP address of the UP device 032: 10.y.y.2 is poo2. Assuming that the target client device goes online from the UP device 031, the CP device 02 may determine, based on the correspondence shown in Table 1, that the name of the target address pool corresponding to the target UP device 031 is poo1.
表1Table 1
UP设备的IP地址IP address of the UP device 地址池的名称The name of the address pool
10.x.x.210.x.x.2 pool1pool1
10.y.y.210.y.y.2 pool2pool2
步骤203、CP设备向认证服务器发送认证请求,该认证请求包括指示信息。Step 203: The CP device sends an authentication request to the authentication server, where the authentication request includes indication information.
CP设备在与目标客户端设备交互完成拨号协议报文之后,还需要向认证服务器发送用于指示对该目标客户端设备进行认证的认证请求。在本申请实施例中,该认证请求中还包括指示信息。After the CP device interacts with the target client device and completes the dialing protocol message, it further needs to send an authentication request to the authentication server for instructing the target client device to be authenticated. In this embodiment of the present application, the authentication request further includes indication information.
可选地,该CP设备可以在认证请求中新增一个类型-长度-值(type-length-value,TLV)字段以携带该指示信息。例如,对于支持第6版互联网协议(Internet protocol version 6,IPv6)的通信网络,该CP设备01可以在认证请求中新增IPv6地址池(Framed-IPv6-Pool)属性,IPv6地址前缀(Framed-Ipv6-Prefix)属性,或者前缀授权(prefix delegated,PD)属性以携带该指示信息。对于支持第4版互联网协议(IP version 6,IPv4)的通信网络,该CP设备01可以在认 证请求中新增地址池(Framed-Pool)属性,或者网关地址属性以携带该指示信息。Optionally, the CP device may add a type-length-value (type-length-value, TLV) field to the authentication request to carry the indication information. For example, for a communication network supporting Internet protocol version 6 (IPv6), the CP device 01 can add an IPv6 address pool (Framed-IPv6-Pool) attribute in the authentication request, an IPv6 address prefix (Framed-IPv6-Pool) Ipv6-Prefix) attribute, or prefix delegated (prefix delegated, PD) attribute to carry the indication information. For a communication network supporting Internet Protocol Version 4 (IP version 6, IPv4), the CP device 01 may add an address pool (Framed-Pool) attribute or a gateway address attribute to the authentication request to carry the indication information.
示例的,若目标客户端设备从UP设备031上线,该UP设备031对应名称为pool1的地址池,且该地址池的网关地址为10.x.x.1。则该认证请求中可以包括目标地址池的名称:pool1,或者,该认证请求中可以包括目标地址池的网关地址:10.x.x.1。For example, if the target client device goes online from the UP device 031, the UP device 031 corresponds to an address pool named pool1, and the gateway address of the address pool is 10.x.x.1. Then, the authentication request may include the name of the target address pool: pool1, or the authentication request may include the gateway address of the target address pool: 10.x.x.1.
若目标客户端设备从UP设备032上线,该UP设备032对应名称为pool2的地址池,且该地址池的网关地址为10.y.y.1。则该认证请求中可以包括目标地址池的名称:pool2,或者,该认证请求中可以包括目标地址池的网关地址:10.y.y.1。If the target client device goes online from the UP device 032, the UP device 032 corresponds to the address pool named pool2, and the gateway address of the address pool is 10.y.y.1. Then, the authentication request may include the name of the target address pool: pool2, or the authentication request may include the gateway address of the target address pool: 10.y.y.1.
步骤204、认证服务器根据该指示信息,从多个地址池中确定该目标地址池。Step 204: The authentication server determines the target address pool from a plurality of address pools according to the indication information.
在本申请实施例中,认证服务器中预先存储有多个地址池。认证服务器接收到CP设备发送的认证请求后,可以对该目标客户端设备进行认证。并且,可以在确定该目标客户端设备认证通过后,基于该指示信息,从其所存储的多个地址池中确定该目标地址池。In the embodiment of the present application, multiple address pools are pre-stored in the authentication server. After receiving the authentication request sent by the CP device, the authentication server can authenticate the target client device. Moreover, after it is determined that the target client device has passed the authentication, the target address pool may be determined from a plurality of address pools stored in the target client device based on the indication information.
示例的,假设该认证请求中携带的目标地址池的名称为pool1,则认证服务器可以将其存储的多个地址池中,名称为pool1的地址池确定为目标地址池。For example, assuming that the name of the target address pool carried in the authentication request is pool1, the authentication server may determine the address pool named pool1 among the multiple address pools stored in the authentication request as the target address pool.
步骤205、认证服务器从该目标地址池中确定为该目标客户端设备分配的IP地址。Step 205: The authentication server determines the IP address allocated to the target client device from the target address pool.
认证服务器确定出目标地址池后,即可从该目标地址池中选取一个IP地址分配至该目标客户端设备。例如,认证服务器可以从该目标地址池中还未分配的IP地址中,随机选取一个作为该目标客户端的IP地址。After the authentication server determines the target address pool, it can select an IP address from the target address pool and assign it to the target client device. For example, the authentication server may randomly select an IP address of the target client from the unallocated IP addresses in the target address pool.
示例的,假设认证服务器确定出的目标地址池为名称为pool1的地址池,且该名称为pool1的地址池所包括的IP地址的范围(即网段)为10.x.x.1至10.x.x.255。则认证服务器可以从10.x.x.1至10.x.x.255中随机选取一个未被分配的IP地址作为该目标客户端设备的IP地址。例如,认证服务器为该目标客户端设备分配的IP地址可以为10.x.x.3。For example, it is assumed that the target address pool determined by the authentication server is the address pool named pool1, and the range of IP addresses (ie network segments) included in the address pool named pool1 is 10.xx1 to 10.xx255 . Then the authentication server may randomly select an unassigned IP address from 10.x.x.1 to 10.x.x.255 as the IP address of the target client device. For example, the IP address assigned by the authentication server to the target client device may be 10.x.x.3.
在本申请实施例中,可以由CP设备规划UP设备与地址池的对应关系。相应的,认证服务器中仅需存储各个地址池,并根据认证请求中携带的指示信息确定目标地址池即可。由此,降低了认证服务器中所需存储的数据的数据量,以及可以避免增加认证服务器的数据处理的复杂度。In this embodiment of the present application, the CP device may plan the correspondence between the UP device and the address pool. Correspondingly, the authentication server only needs to store each address pool, and determine the target address pool according to the indication information carried in the authentication request. As a result, the data volume of the data to be stored in the authentication server is reduced, and the complexity of data processing of the authentication server can be avoided.
步骤206、认证服务器向CP设备发送认证响应,该认证响应包括该IP地址。Step 206: The authentication server sends an authentication response to the CP device, where the authentication response includes the IP address.
认证服务器可以向CP设备发送针对该目标客户端的认证响应,该认证响应可以包括为该目标客户端设备分配的IP地址。例如,该认证响应可以包括IP地址:10.x.x.3。The authentication server may send an authentication response for the target client to the CP device, and the authentication response may include an IP address assigned to the target client device. For example, the authentication response may include IP address: 10.x.x.3.
步骤207、CP设备通过目标UP设备将该IP地址发送至目标客户端设备。Step 207: The CP device sends the IP address to the target client device through the target UP device.
CP设备接收到该认证响应后,即可通过目标UP设备将该IP地址通过拨号协议报文发送至目标客户端设备。目标客户端设备进而可以基于该IP地址访问网络。例如,CP设备02可以将IP地址:10.x.x.3通过UP设备031发送至目标客户端设备。其中,该拨号报文协议报文可以为PPPoE报文或者动态主机配置协议(dynamic host configuration protocol,DHCP)报文等。After receiving the authentication response, the CP device can send the IP address to the target client device through the dialing protocol message through the target UP device. The target client device can in turn access the network based on this IP address. For example, the CP device 02 may send the IP address: 10.x.x.3 to the target client device through the UP device 031 . The dial-up message protocol message may be a PPPoE message or a dynamic host configuration protocol (dynamic host configuration protocol, DHCP) message or the like.
由于认证服务器为目标客户端设备分配的IP地址均是在目标UP设备对应的目标地址池中选取的,而该目标客户端设备从目标UP设备上线。因此,UP设备向转发设备发布路由时,即使仅发布其所对应的地址池的网段路由,而未发布客户端设备的明细路由,也可以确保后续转发设备发送的下行流量不会绕行。Because the IP addresses allocated by the authentication server to the target client device are all selected from the target address pool corresponding to the target UP device, and the target client device goes online from the target UP device. Therefore, when the UP device advertises the route to the forwarding device, even if it only advertises the network segment route of the corresponding address pool without publishing the detailed route of the client device, it can ensure that the downstream traffic sent by the subsequent forwarding device will not be bypassed.
示例的,参考图5,假设客户端设备1从UP备份组中的UP设备031上线,客户端设备2从UP备份组中的UP设备032上线。则认证服务器01可以在UP设备031对应的名称为pool1的地址池中为客户端设备1分配IP地址,并可以在UP设备032对应的名称为pool2的地址池中为客户端设 备2分配IP地址。由此,可以确保对于客户端设备1,该UP备份组中的UP设备031为客户端设备1上线的UP设备,该客户端设备1的上行流量和下行流量均通过UP设备031转发。同理,对于客户端设备2,该UP备份组中的UP设备032为客户端设备2上线的UP设备,该客户端设备2的上行流量和下行流量均通过UP设备032转发。For example, referring to FIG. 5 , it is assumed that client device 1 goes online from UP device 031 in the UP backup group, and client device 2 goes online from UP device 032 in the UP backup group. Then the authentication server 01 can assign an IP address to the client device 1 in the address pool named pool1 corresponding to the UP device 031, and can assign an IP address to the client device 2 in the address pool named pool2 corresponding to the UP device 032 . Therefore, it can be ensured that for the client device 1, the UP device 031 in the UP backup group is an online UP device of the client device 1, and both the upstream and downstream traffic of the client device 1 are forwarded through the UP device 031. Similarly, for the client device 2, the UP device 032 in the UP backup group is the UP device on which the client device 2 goes online, and both the upstream traffic and the downstream traffic of the client device 2 are forwarded through the UP device 032.
综上所述,本申请实施例提供了一种地址分配方法,由于CP设备发送的认证请求中包括用于指示目标UP设备对应的目标地址池的指示信息。因此,认证服务器可以基于该指示信息,从该目标UP设备对应的目标地址池中为目标客户端设备分配IP地址。由于UP备份组中各个UP设备对应的IP地址池不同,因此可以确保转发设备在接收到发往该目标客户端设备的报文后,能够直接将该报文发往该目标UP设备。又由于目标客户端设备从该目标UP设备上线,因此该目标UP设备可以直接将该报文发送至目标客户端设备,而无需再通过UP备份组中的其他UP设备转发,从而避免了下行流量的绕行。To sum up, the embodiment of the present application provides an address allocation method, because the authentication request sent by the CP device includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, thus avoiding downlink traffic. detour.
下文以各个UP设备所对应的IP地址池由认证服务器01划分为例,对本申请实施例提供的地址分配方法进行说明。参考图6,该方法包括:The following describes the address allocation method provided by the embodiment of the present application by taking the IP address pool corresponding to each UP device divided by the authentication server 01 as an example. Referring to Figure 6, the method includes:
步骤301、CP设备通过目标UP设备与目标客户端设备交互拨号协议报文。Step 301: The CP device exchanges dialing protocol packets with the target client device through the target UP device.
该步骤301的实现过程可以参考上述步骤201的相关描述,此处不再赘述。For the implementation process of this step 301, reference may be made to the relevant description of the above-mentioned step 201, which will not be repeated here.
步骤302、CP设备向认证服务器发送认证请求,该认证请求包括指示信息。Step 302: The CP device sends an authentication request to the authentication server, where the authentication request includes indication information.
CP设备在通过目标UP设备与目标客户端设备交互完成拨号协议报文之后,即CP设备在确定目标客户端设备从目标UP设备上线后,即可向认证服务器发送用于指示对该目标客户端设备进行认证的认证请求。在本申请实施例中,该认证请求中还包括指示信息。该指示信息可以为目标UP设备的标识,例如,可以为UP设备的IP地址。其中,在认证请求中携带目标UP设备的标识的实现方式可以参考上述步骤203的相关描述,此处不再赘述。After the CP device interacts with the target client device through the target UP device and completes the dialing protocol message, that is, after the CP device determines that the target client device goes online from the target UP device, it can send a message to the authentication server indicating that the target client The authentication request for the device to authenticate. In this embodiment of the present application, the authentication request further includes indication information. The indication information may be the identification of the target UP device, for example, may be the IP address of the UP device. For an implementation manner of carrying the identifier of the target UP device in the authentication request, reference may be made to the relevant description of the foregoing step 203, which will not be repeated here.
示例的,假设该目标客户端设备从UP设备031上线,该UP设备031的IP地址为10.x.x.2。则该认证请求中可以包括该目标UP设备的IP地址:10.x.x.2。For example, it is assumed that the target client device goes online from the UP device 031, and the IP address of the UP device 031 is 10.x.x.2. Then the authentication request may include the IP address of the target UP device: 10.x.x.2.
步骤303、认证服务器根据该指示信息,从UP设备与地址池的对应关系中确定该目标UP设备对应的目标地址池。Step 303: The authentication server determines the target address pool corresponding to the target UP device from the correspondence between the UP device and the address pool according to the indication information.
在本申请实施例中,认证服务器可以预先规划每个UP备份组中,各个UP设备对应的地址池,生成并存储UP设备与地址池的对应关系。例如,认证服务器可以生成并存储UP设备的标识(例如IP地址)与地址池的相关信息的对应关系。认证服务器在接收到认证请求后,即可基于该认证请求中携带的指示信息,从该对应关系中确定出该目标UP设备对应的目标地址池的相关信息。其中,该地址池的相关信息可以为地址池的标识(例如地址池的名称),或者可以是地址池的网关地址。In this embodiment of the present application, the authentication server may pre-plan the address pools corresponding to each UP device in each UP backup group, and generate and store the correspondence between the UP devices and the address pools. For example, the authentication server may generate and store the correspondence between the identification (eg, IP address) of the UP device and the related information of the address pool. After receiving the authentication request, the authentication server may determine the relevant information of the target address pool corresponding to the target UP device from the corresponding relationship based on the indication information carried in the authentication request. Wherein, the relevant information of the address pool may be the identifier of the address pool (for example, the name of the address pool), or may be the gateway address of the address pool.
示例的,假设该认证服务器中存储有如表1所示的对应关系,且该认证请求中携带的目标UP设备的IP地址为10.x.x.2。则认证服务器可以基于表1所示的对应关系,确定该目标UP设备对应的目标地址池为名称为pool1的地址池。For example, it is assumed that the authentication server stores the corresponding relationship as shown in Table 1, and the IP address of the target UP device carried in the authentication request is 10.x.x.2. Then, the authentication server may determine, based on the correspondence shown in Table 1, that the target address pool corresponding to the target UP device is the address pool named pool1.
本申请实施例中,还可以由认证服务器规划UP设备与地址池的对应关系。相应的,CP设备仅需在发送的认证请求中携带目标UP设备的标识即可。由此,降低了CP设备中所需存储的数据的数据量,以及可以避免增加CP设备的数据处理的复杂度。In this embodiment of the present application, the authentication server may also plan the correspondence between the UP device and the address pool. Correspondingly, the CP device only needs to carry the identifier of the target UP device in the sent authentication request. Thus, the data amount of data to be stored in the CP device is reduced, and the complexity of data processing of the CP device can be avoided.
步骤304、认证服务器从该目标地址池中确定为该目标客户端设备分配的IP地址。Step 304: The authentication server determines the IP address allocated to the target client device from the target address pool.
该步骤304的实现过程可以参考上述步骤205的相关描述,此处不再赘述。For the implementation process of this step 304, reference may be made to the relevant description of the above-mentioned step 205, which will not be repeated here.
步骤305、认证服务器向CP设备发送认证响应,该认证响应包括该IP地址。Step 305: The authentication server sends an authentication response to the CP device, where the authentication response includes the IP address.
该步骤305的实现过程可以参考上述步骤206的相关描述,此处不再赘述。For the implementation process of this step 305, reference may be made to the relevant description of the above-mentioned step 206, which will not be repeated here.
步骤306、CP设备通过目标UP设备将该IP地址发送至目标客户端设备。Step 306: The CP device sends the IP address to the target client device through the target UP device.
该步骤306的实现过程可以参考上述步骤207的相关描述,此处不再赘述。For the implementation process of this step 306, reference may be made to the relevant description of the above-mentioned step 207, which will not be repeated here.
可选地,本申请实施例提供的地址分配方法的步骤先后顺序可以进行适当调整,步骤也可以根据情况进行相应增减。任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化的方法,都应涵盖在本申请的保护范围之内,因此不再赘述。Optionally, the sequence of steps of the address allocation method provided in this embodiment of the present application may be appropriately adjusted, and the steps may be correspondingly increased or decreased according to the situation. Any person skilled in the art who is familiar with the technical scope disclosed in the present application can easily think of any variation of the method, which should be covered by the protection scope of the present application, and thus will not be repeated here.
综上所述,本申请实施例提供了一种地址分配方法,由于CP设备发送的认证请求中包括用于指示目标UP设备对应的目标地址池的指示信息。因此,认证服务器可以基于该指示信息,从该目标UP设备对应的目标地址池中为目标客户端设备分配IP地址。由于UP备份组中各个UP设备对应的IP地址池不同,因此可以确保转发设备在接收到发往该目标客户端设备的报文后,能够直接将该报文发往该目标UP设备。又由于目标客户端设备从该目标UP设备上线,因此该目标UP设备可以直接将该报文发送至目标客户端设备,而无需再通过UP备份组中的其他UP设备转发,从而避免了下行流量的绕行。To sum up, the embodiment of the present application provides an address allocation method, because the authentication request sent by the CP device includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, thus avoiding downlink traffic. detour.
图7是本申请实施例提供的一种认证服务器的结构示意图,该认证服务器01可以应用于CU分离的通信系统,例如可以应用于如图1或图5所示的系统。如图1和图5所示,该通信系统还包括CP设备02和UP备份组03,该UP备份组03包括多个UP设备,该多个UP设备中的各个UP设备对应的IP地址池不同。该多个UP设备可以包括主UP设备和备UP设备。并且,该多个UP设备包括至少一个高优先级的UP设备和至少一个低优先级的UP设备,该高优先级的UP设备发布的路由信息的优先级高于该低优先级的UP设备发布的路由信息的优先级。FIG. 7 is a schematic structural diagram of an authentication server provided by an embodiment of the present application. The authentication server 01 may be applied to a communication system in which CUs are separated, for example, the system shown in FIG. 1 or FIG. 5 . As shown in FIG. 1 and FIG. 5 , the communication system further includes a CP device 02 and an UP backup group 03. The UP backup group 03 includes multiple UP devices, and the IP address pools corresponding to each UP device in the multiple UP devices are different . The plurality of UP devices may include a primary UP device and a backup UP device. In addition, the multiple UP devices include at least one high-priority UP device and at least one low-priority UP device, and the priority of the routing information advertised by the high-priority UP device is higher than that of the low-priority UP device The priority of routing information.
如图7所示,该认证服务器01可以包括:As shown in Figure 7, the authentication server 01 may include:
接收模块011,用于接收该CP设备02发送的用于指示对目标客户端设备进行认证的认证请求,该认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息;其中,该目标客户端设备从该多个UP设备中的该目标UP设备上线。该接收模块011的功能实现可以参考上述步骤101、步骤203或步骤302的相关描述。A receiving module 011, configured to receive an authentication request sent by the CP device 02 and used to instruct the target client device to be authenticated, the authentication request including: indication information used to indicate the target address pool corresponding to the target UP device; wherein the The target client device goes online from the target UP device of the plurality of UP devices. For the functional realization of the receiving module 011, reference may be made to the relevant description of the above-mentioned step 101, step 203 or step 302.
发送模块012,用于根据该指示信息,向该CP设备发送认证响应,该认证响应包括为该目标客户端设备分配的IP地址,且该IP地址包括在该目标UP设备对应的目标地址池中。该发送模块012的功能实现可以参考上述步骤102、步骤206或步骤305的相关描述。A sending module 012, configured to send an authentication response to the CP device according to the indication information, where the authentication response includes an IP address assigned to the target client device, and the IP address is included in the target address pool corresponding to the target UP device . For the functional realization of the sending module 012, reference may be made to the relevant descriptions of the above step 102, step 206 or step 305.
作为一种可选的实现方式,该认证服务器01中存储有多个地址池,该指示信息可以为该目标地址池的标识,或者该目标地址池的网关地址。该发送模块012可以用于:As an optional implementation manner, the authentication server 01 stores multiple address pools, and the indication information may be the identifier of the target address pool or the gateway address of the target address pool. The sending module 012 can be used for:
根据该指示信息,从该多个地址池中确定该目标地址池;以及从该目标地址池中确定为该目标客户端设备分配的IP地址。According to the indication information, the target address pool is determined from the plurality of address pools; and the IP address allocated for the target client device is determined from the target address pool.
该发送模块012的功能实现还可以参考上述步骤204和步骤205的相关描述。For the functional realization of the sending module 012, reference may also be made to the relevant descriptions of the above-mentioned steps 204 and 205.
作为另一种可选的实现方式,该认证服务器01中存储有UP设备与地址池的对应关系,该指示信息可以为该目标UP设备的标识,例如可以为目标UP设备的IP地址。该发送模块012可以用于:As another optional implementation manner, the authentication server 01 stores the correspondence between the UP device and the address pool, and the indication information may be the identifier of the target UP device, such as the IP address of the target UP device. The sending module 012 can be used for:
根据该指示信息,从该对应关系中确定该目标UP设备对应的目标地址池;以及从该目标地址池中确定为该目标客户端设备分配的IP地址。According to the indication information, the target address pool corresponding to the target UP device is determined from the corresponding relationship; and the IP address allocated to the target client device is determined from the target address pool.
该发送模块012的功能实现可以参考上述步骤303和步骤304的相关描述。For the functional realization of the sending module 012, reference may be made to the relevant descriptions of the above-mentioned steps 303 and 304.
在该实现方式中,如图8所示,该认证服务器01还可以包括:In this implementation, as shown in FIG. 8 , the authentication server 01 may further include:
生成模块013,用于生成UP设备与地址池的对应关系。The generating module 013 is configured to generate the corresponding relationship between the UP device and the address pool.
综上所述,本申请实施例提供了一种认证服务器,由于认证服务器接收到的认证请求中包括用于指示目标UP设备对应的目标地址池的指示信息。因此,认证服务器可以基于该指示信息,从该目标UP设备对应的目标地址池中为目标客户端设备分配IP地址。由于UP备份组中各个UP设备对应的IP地址池不同,因此可以确保转发设备在接收到发往该目标客户端设备的报文后,能够直接将该报文发往该目标UP设备。又由于目标客户端设备从该目标UP设备上线,因此该目标UP设备可以直接将该报文发送至目标客户端设备,而无需再通过UP备份组中的其他UP设备转发,从而避免了下行流量的绕行。To sum up, the embodiment of the present application provides an authentication server, because the authentication request received by the authentication server includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, thus avoiding downlink traffic. detour.
图9是本申请实施例提供的一种CP设备的结构示意图,该CP设备02可以应用于CU分离的通信系统,例如可以应用于如图1或图5所示的系统。参考图1和图5,该通信系统还包括认证服务器01和UP备份组03,该UP备份组03包括多个UP设备,各个UP设备对应的IP地址池不同。该多个UP设备可以包括主UP设备和备UP设备。并且,该多个UP设备包括至少一个高优先级的UP设备和至少一个低优先级的UP设备,该高优先级的UP设备发布的路由信息的优先级高于该低优先级的UP设备发布的路由信息的优先级。FIG. 9 is a schematic structural diagram of a CP device provided by an embodiment of the present application. The CP device 02 may be applied to a communication system where CUs are separated, for example, may be applied to the system shown in FIG. 1 or FIG. 5 . 1 and 5, the communication system further includes an authentication server 01 and a UP backup group 03, the UP backup group 03 includes a plurality of UP devices, and the IP address pools corresponding to each UP device are different. The plurality of UP devices may include a primary UP device and a backup UP device. In addition, the multiple UP devices include at least one high-priority UP device and at least one low-priority UP device, and the priority of the routing information advertised by the high-priority UP device is higher than that of the low-priority UP device The priority of routing information.
如图9所示,该CP设备02可以包括:As shown in Figure 9, the CP device 02 may include:
发送模块021,用于向该认证服务器01发送用于指示对目标客户端设备进行认证的认证请求,该认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息,其中,该目标客户端设备从该多个UP设备中的该目标UP设备上线。该发送模块021的功能实现可以参考上述步骤101、步骤203或步骤302的相关描述。A sending module 021, configured to send an authentication request to the authentication server 01 for instructing the target client device to be authenticated, the authentication request including: indication information for instructing the target address pool corresponding to the target UP device, wherein the target The client device goes online from the target UP device of the plurality of UP devices. For the functional realization of the sending module 021, reference may be made to the relevant descriptions of the above step 101, step 203 or step 302.
接收模块022,用于接收该认证服务器01发送的认证响应,该认证响应包括为该目标客户端设备分配的IP地址,且该IP地址包括在该目标UP设备对应的目标地址池中。该接收模块022的功能实现可以参考上述步骤102、步骤206或步骤305的相关描述。The receiving module 022 is configured to receive an authentication response sent by the authentication server 01, where the authentication response includes an IP address allocated to the target client device, and the IP address is included in the target address pool corresponding to the target UP device. For the functional realization of the receiving module 022, reference may be made to the relevant descriptions of the foregoing step 102, step 206 or step 305.
作为一种可选的实现方式,该CP设备02中存储有UP设备与地址池的对应关系;该发送模块021可以用于:As an optional implementation manner, the CP device 02 stores the correspondence between the UP device and the address pool; the sending module 021 can be used for:
基于该对应关系,确定该目标UP设备对应的目标地址池的相关信息;其中,该相关信息为该目标地址池的标识,或者该目标地址池的网关地址。该发送模块021的功能实现还可以参考上述步骤202的相关描述。Based on the corresponding relationship, relevant information of the target address pool corresponding to the target UP device is determined; wherein, the relevant information is the identifier of the target address pool, or the gateway address of the target address pool. For the function implementation of the sending module 021, reference may also be made to the relevant description of the above step 202.
在该实现方式中,如图10所示,该CP设备02还可以包括:In this implementation, as shown in FIG. 10 , the CP device 02 may further include:
生成模块023,用于生成UP设备与地址池的对应关系。The generating module 023 is configured to generate the corresponding relationship between the UP device and the address pool.
作为另一种可选的实现方式,该认证服务器01中存储有UP设备与地址池的对应关系。相应的,该指示信息可以为该目标UP设备的标识,例如可以为目标UP设备的IP地址。As another optional implementation manner, the authentication server 01 stores the correspondence between the UP device and the address pool. Correspondingly, the indication information may be the identifier of the target UP device, for example, may be the IP address of the target UP device.
综上所述,本申请实施例提供了一种CP设备,由于该CP设备发送的认证请求中包括用于指示目标UP设备对应的目标地址池的指示信息。因此,认证服务器可以基于该指示信息,从该目标UP设备对应的目标地址池中为目标客户端设备分配IP地址。由于UP备份组中各个UP设备对应的IP地址池不同,因此可以确保转发设备在接收到发往该目标客户端设备的报文后,能够直接将该报文发往该目标UP设备。又由于目标客户端设备从该目标UP设备上线,因此该目标UP设备可以直接将该报文发送至目标客户端设备,而无需再通过UP备份组中的其他UP设备转发,从而避免了下行流量的绕行。To sum up, the embodiment of the present application provides a CP device, because the authentication request sent by the CP device includes indication information for indicating the target address pool corresponding to the target UP device. Therefore, the authentication server may allocate an IP address to the target client device from the target address pool corresponding to the target UP device based on the indication information. Since the IP address pools corresponding to each UP device in the UP backup group are different, it can be ensured that the forwarding device can directly send the packet to the target UP device after receiving the packet sent to the target client device. Since the target client device goes online from the target UP device, the target UP device can directly send the packet to the target client device without forwarding it through other UP devices in the UP backup group, thus avoiding downlink traffic. detour.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的CP设备、认证服务器以及各模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of the description, the specific working process of the CP device, the authentication server and each module described above can refer to the corresponding process in the foregoing method embodiments, and will not be repeated here. .
应理解的是,本申请实施例提供的CP设备和认证服务器还可以用专用集成电路(application-specific integrated circuit,ASIC)实现,或可编程逻辑器件(programmable logic device,PLD)实现,上述PLD可以是复杂程序逻辑器件(complex programmable logical device,CPLD),现场可编程门阵列(field-programmable gate array,FPGA),通用阵列逻辑(generic array logic,GAL)或其任意组合。也可以通过软件实现上述方法实施例提供的地址分配方法,当通过软件实现上述方法实施例提供的地址分配方法时,该CP设备和认证服务器中的各个模块也可以为软件模块。It should be understood that the CP device and the authentication server provided in the embodiments of the present application may also be implemented by an application-specific integrated circuit (ASIC), or a programmable logic device (PLD), and the above-mentioned PLD may be It is a complex programmable logical device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL) or any combination thereof. The address allocation method provided by the above method embodiments may also be implemented by software. When the address allocation method provided by the above method embodiments is implemented by software, each module in the CP device and the authentication server may also be software modules.
图11是本申请实施例提供的一种地址分配装置的结构示意图,该装置1000可以应用于如图7或图8所示的认证服务器01,或者可以应用于如图9或图10所示的CP设备02。参考图11,该装置1100可以包括:处理器1101、存储器1102、网络接口1103和总线1104。其中,总线1104用于连接处理器1101、存储器1102和网络接口1103。通过网络接口1103(可以是有线或者无线)可以实现与其他设备之间的通信连接。存储器1102中存储有计算机程序,该计算机程序用于实现各种应用功能。FIG. 11 is a schematic structural diagram of an address allocation apparatus provided by an embodiment of the present application. The apparatus 1000 may be applied to the authentication server 01 shown in FIG. 7 or FIG. 8 , or may be applied to the authentication server 01 shown in FIG. 9 or FIG. 10 . CP device 02. Referring to FIG. 11 , the apparatus 1100 may include: a processor 1101 , a memory 1102 , a network interface 1103 and a bus 1104 . The bus 1104 is used to connect the processor 1101 , the memory 1102 and the network interface 1103 . The communication connection with other devices can be realized through the network interface 1103 (which may be wired or wireless). A computer program for realizing various application functions is stored in the memory 1102 .
应理解,在本申请实施例中,处理器1101可以是CPU,该处理器1101还可以是其他通用处理器、数字信号处理器(digital signal processor,DSP)、ASIC、FPGA、图形处理器(graphics processing unit,GPU)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者是任何常规的处理器等。It should be understood that, in this embodiment of the present application, the processor 1101 may be a CPU, and the processor 1101 may also be other general-purpose processors, digital signal processors (digital signal processors, DSPs), ASICs, FPGAs, and graphics processors (graphics processors). processing unit, GPU) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or any conventional processor or the like.
存储器1102可以是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(read-only memory,ROM)、可编程只读存储器(programmable ROM,PROM)、可擦除可编程只读存储器(erasable PROM,EPROM)、电可擦除可编程只读存储器(electrically EPROM,EEPROM)或闪存。易失性存储器可以是随机存取存储器(random access memory,RAM),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(static RAM,SRAM)、动态随机存取存储器(DRAM)、同步动态随机存取存储器(synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(double data date SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(enhanced SDRAM,ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,DR RAM)。 Memory 1102 may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile memory may be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically programmable Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory. Volatile memory may be random access memory (RAM), which acts as an external cache. By way of example and not limitation, many forms of RAM are available, such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (SDRAM), Double data rate synchronous dynamic random access memory (double data date SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous link dynamic random access memory (synchlink DRAM, SLDRAM) and direct Memory bus random access memory (direct rambus RAM, DR RAM).
总线1104除包括数据总线之外,还可以包括电源总线、控制总线和状态信号总线等。但是为了清楚说明起见,在图中将各种总线都标为总线1104。In addition to the data bus, the bus 1104 may also include a power bus, a control bus, a status signal bus, and the like. However, for clarity of illustration, the various buses are labeled as bus 1104 in the figure.
当该装置1100应用于认证服务器01时,在具体实施例中,装置1100中的处理器1101用于通过通信接口接收CP设备02发送的用于指示对目标客户端设备进行认证的认证请求,该认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息,以及根据该指示信息,通过通信接口向该CP设备发送认证响应;其中,该目标客户端设备从该多个UP设备中的该目标UP设备上线,该认证响应包括为该目标客户端设备分配的IP地址,且该IP地址包括在该目标UP 设备对应的目标地址池中。该处理器1101的详细处理过程请参考上述图3所示实施例中的步骤102,图4所示实施例中的步骤204至步骤206,以及图6所示实施例中的步骤303至步骤305的详细描述,这里不再赘述。When the apparatus 1100 is applied to the authentication server 01, in a specific embodiment, the processor 1101 in the apparatus 1100 is configured to receive, through the communication interface, an authentication request sent by the CP device 02 and used to instruct the target client device to be authenticated. The authentication request includes: indication information for indicating the target address pool corresponding to the target UP device, and according to the indication information, sends an authentication response to the CP device through the communication interface; wherein, the target client device is selected from the plurality of UP devices. The target UP device is online, and the authentication response includes the IP address allocated for the target client device, and the IP address is included in the target address pool corresponding to the target UP device. For detailed processing procedures of the processor 1101, please refer to step 102 in the embodiment shown in FIG. 3 , steps 204 to 206 in the embodiment shown in FIG. 4 , and steps 303 to 305 in the embodiment shown in FIG. 6 . The detailed description is not repeated here.
当该装置1100应用于CP设备02时,在具体实施例中,装置1100中的处理器1101用于通过通信接口向认证服务器01发送用于指示对目标客户端设备进行认证的认证请求,该认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息,以及接收该认证服务器01发送的认证响应;其中,该目标客户端设备从该多个UP设备中的该目标UP设备上线,该认证响应包括为该目标客户端设备分配的IP地址,且该IP地址包括在该目标UP设备对应的目标地址池中。该处理器1101的详细处理过程请参考上述图3所示实施例中的步骤101,图4所示实施例中的步骤201至步骤203,以及步骤207,以及图6所示实施例中的步骤301、步骤302和步骤306的详细描述,这里不再赘述。When the apparatus 1100 is applied to the CP device 02, in a specific embodiment, the processor 1101 in the apparatus 1100 is configured to send an authentication request to the authentication server 01 through the communication interface for instructing the target client device to be authenticated. The request includes: indication information for indicating the target address pool corresponding to the target UP device, and receiving an authentication response sent by the authentication server 01; wherein the target client device goes online from the target UP device in the plurality of UP devices, The authentication response includes the IP address assigned to the target client device, and the IP address is included in the target address pool corresponding to the target UP device. For detailed processing procedures of the processor 1101, please refer to step 101 in the embodiment shown in FIG. 3, steps 201 to 203, and step 207 in the embodiment shown in FIG. 4, and steps in the embodiment shown in FIG. 6 The detailed description of step 301, step 302 and step 306 will not be repeated here.
图12是本申请实施例提供的一种网络设备的结构示意图,该网络设备可以应用于诸如图1或图5所示的通信系统中。并且,该网络设备可以为该通信系统中的CP设备02。如图12所示,该网络设备可以包括:主控板1201和至少一个接口板(接口板也称为线卡或业务板),例如图12中示出了接口板1202和接口板1203。多个接口板的情况下可以包括交换网板1204,该交换网板1204用于完成各接口板之间的数据交换。FIG. 12 is a schematic structural diagram of a network device provided by an embodiment of the present application, and the network device may be applied to a communication system such as that shown in FIG. 1 or FIG. 5 . And, the network device may be the CP device 02 in the communication system. As shown in FIG. 12 , the network device may include: a main control board 1201 and at least one interface board (an interface board is also called a line card or a service board), for example, an interface board 1202 and an interface board 1203 are shown in FIG. 12 . In the case of multiple interface boards, a switch fabric board 1204 may be included, and the switch fabric board 1204 is used to complete data exchange among the interface boards.
主控板1201用于完成系统管理、设备维护、协议处理等功能。接口板1202和1203用于提供各种业务接口(例如,POS接口、GE接口、ATM接口等),并实现报文的转发。主控板1201上主要有3类功能单元:系统管理控制单元、系统时钟单元和系统维护单元。主控板1201、接口板1202以及接口板1203之间通过系统总线与系统背板相连实现互通。接口板1202上包括一个或多个中央处理器12021。中央处理器12021用于对接口板1202进行控制管理并与主控板1201上的中央处理器12011进行通信,以及用于报文的转发处理。接口板1202上的转发表项存储器12024用于存储转发表项,中央处理器12021可以通过查找转发表项存储器12024中存储的转发表项进行报文的转发。The main control board 1201 is used to complete functions such as system management, equipment maintenance, and protocol processing. The interface boards 1202 and 1203 are used to provide various service interfaces (eg, POS interface, GE interface, ATM interface, etc.), and realize packet forwarding. There are mainly three types of functional units on the main control board 1201: a system management control unit, a system clock unit and a system maintenance unit. The main control board 1201 , the interface board 1202 and the interface board 1203 are connected to the system backplane through the system bus to realize intercommunication. The interface board 1202 includes one or more central processing units 12021. The central processing unit 12021 is used to control and manage the interface board 1202, communicate with the central processing unit 12011 on the main control board 1201, and perform packet forwarding processing. The forwarding table entry memory 12024 on the interface board 1202 is used to store the forwarding table entry, and the central processing unit 12021 can forward the message by searching the forwarding table entry stored in the forwarding table entry memory 12024 .
该接口板1202包括一个或多个物理接口卡12023用于接收上一跳节点发送的报文,并根据中央处理器12021的指示向下一跳节点发送处理后的报文。具体实现过程这里不再逐一赘述。所述中央处理器12021的具体功能这里同样不再逐一赘述。The interface board 1202 includes one or more physical interface cards 12023 for receiving the message sent by the previous hop node, and sending the processed message to the next hop node according to the instruction of the central processing unit 12021 . The specific implementation process will not be repeated here. The specific functions of the central processing unit 12021 are also not repeated here.
可以理解的是,CP设备中的发送模块021和接收模块022可以位于接口板1202中,生成模块023可以位于主控板1201中。It can be understood that the sending module 021 and the receiving module 022 in the CP device may be located in the interface board 1202 , and the generating module 023 may be located in the main control board 1201 .
还可以理解,如图12所示,本实施例中包括多个接口板,采用分布式的转发机制,这种机制下,接口板1203的结构与接口板1202的结构基本相同,且接口板1203上的操作与所述接口板1202的操作基本相似,为了简洁,不再赘述。此外,可以理解的是,图12中的接口板1202中的中央处理器12021和/或网络处理器12022可以是专用硬件或芯片,如可以采用专用集成电路来实现上述功能,这种实现方式即为通常所说的转发面采用专用硬件或芯片处理的方式。在另外的实施方式中,所述中央处理器12021和/或网络处理器12022也可以采用通用的处理器,如通用的CPU来实现以上描述的功能。It can also be understood that, as shown in FIG. 12 , this embodiment includes multiple interface boards and adopts a distributed forwarding mechanism. Under this mechanism, the structure of the interface board 1203 is basically the same as that of the interface board 1202 , and the interface board 1203 The operations above are basically similar to those of the interface board 1202, and are not repeated for brevity. In addition, it can be understood that the central processing unit 12021 and/or the network processor 12022 in the interface board 1202 in FIG. 12 may be dedicated hardware or chips. For example, an application-specific integrated circuit may be used to implement the above functions. Special hardware or chip processing is adopted for the so-called forwarding plane. In another implementation manner, the central processing unit 12021 and/or the network processor 12022 may also use a general-purpose processor, such as a general-purpose CPU, to implement the functions described above.
此外应理解的是,主控板1201可能有一块或多块,有多块的时候可以包括主用主控板和备用主控板。接口板可能有一块或多块,该设备的数据处理能力越强,提供的接口板越多。多块接口板的情况下,该多块接口板之间可以通过一块或多块交换网板通信,有多块的时候 可以共同实现负荷分担冗余备份。在集中式转发架构下,该设备可以不需要交换网板,接口板承担整个系统的业务数据的处理功能。在分布式转发架构下,该设备包括多块接口板,可以通过交换网板实现多块接口板之间的数据交换,提供大容量的数据交换和处理能力。所以,分布式架构的网络设备的数据接入和处理能力要大于集中式架构的设备。具体采用哪种架构,取决于具体的组网部署场景,此处不做任何限定。In addition, it should be understood that there may be one or more main control boards 1201, and when there are more than one main control board, it may include an active main control board and a backup main control board. There may be one or more interface boards. The stronger the data processing capability of the device, the more interface boards are provided. In the case of multiple interface boards, the multiple interface boards can communicate with each other through one or more switch fabric boards. When there are multiple interface boards, they can jointly implement load sharing and redundant backup. Under the centralized forwarding architecture, the device does not need a switching network board, and the interface board is responsible for the processing function of the service data of the entire system. Under the distributed forwarding architecture, the device includes multiple interface boards, which can realize data exchange among the multiple interface boards through the switching network board, and provide large-capacity data exchange and processing capabilities. Therefore, the data access and processing capabilities of network devices in a distributed architecture are greater than those in a centralized architecture. The specific architecture used depends on the specific networking deployment scenario, and there is no restriction here.
具体的实施例中,存储器12012和存储器12024可以是只读存储器(read-only memory,ROM)或可存储静态信息和指令的其它类型的静态存储设备,随机存取存储器(random access memory,RAM)或者可存储信息和指令的其它类型的动态存储设备,也可以是电可擦可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、只读光盘(compact disc read-only Memory,CD-ROM)或其它光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘或者其它磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其它介质,但不限于此。接口板1202中的存储器12024可以是独立存在,并通过通信总线与中央处理器12021相连接;或者,存储器12024也可以和中央处理器12021集成在一起。主控板1201中的存储器12012可以是独立存在,并通过通信总线与中央处理器12011相连接;或者,存储器12012也可以和中央处理器12011集成在一起。In a specific embodiment, the memory 12012 and the memory 12024 may be read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (RAM) Or other types of dynamic storage devices that can store information and instructions, and can also be electrically erasable programmable read-only memory (EEPROM), compact disc read-only Memory (CD- ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disc or other magnetic storage device, or capable of carrying or storing desired in the form of instructions or data structures program code and any other medium that can be accessed by a computer, but is not limited thereto. The memory 12024 in the interface board 1202 may exist independently and be connected to the central processing unit 12021 through a communication bus; or, the memory 12024 may also be integrated with the central processing unit 12021. The memory 12012 in the main control board 1201 may exist independently and be connected to the central processing unit 12011 through a communication bus; or, the memory 12012 may also be integrated with the central processing unit 12011.
存储器12024用于存储程序代码,并由中央处理器12021来控制执行,存储器12012用于存储程序代码,并由中央处理器12011来控制执行。该中央处理器12021和/或中央处理器12011可以通过执行程序代码来实现上述方法实施例所提供的应用于CP设备的地址分配方法。存储器12024和/或存储器12012存储的程序代码中可以包括一个或多个软件模块。这一个或多个软件模块可以为上述图7至图10中任一附图所示实施例中提供的功能模块。The memory 12024 is used for storing program codes, and the execution is controlled by the central processing unit 12021, and the memory 12012 is used for storing the program codes, and the execution is controlled by the central processing unit 12011. The central processing unit 12021 and/or the central processing unit 12011 can implement the address allocation method applied to the CP device provided by the above method embodiments by executing program codes. One or more software modules may be included in the program code stored in memory 12024 and/or memory 12012. The one or more software modules may be functional modules provided in the embodiments shown in any of the above-mentioned Figures 7 to 10 .
具体实施例中,该物理接口卡12023,可以是使用任何收发器一类的装置,用于与其它设备或通信网络通信,如以太网,无线接入网(radio access network,RAN),无线局域网(wireless local area networks,WLAN)等。In a specific embodiment, the physical interface card 12023 can be a device that uses any transceiver to communicate with other devices or communication networks, such as Ethernet, radio access network (RAN), wireless local area network (wireless local area networks, WLAN), etc.
本申请实施例还提供了一种计算机可读存储介质,该计算机可读存储介质中存储有指令,该指令可以由处理器执行以实现如上述方法实施例中由该认证服务器01执行的步骤。Embodiments of the present application further provide a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and the instructions can be executed by a processor to implement the steps executed by the authentication server 01 in the foregoing method embodiments.
本申请实施例还提供了一种计算机可读存储介质,该计算机可读存储介质中存储有指令,该指令可以由处理器执行以实现如上述方法实施例中由该CP设备02执行的步骤。Embodiments of the present application further provide a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and the instructions can be executed by a processor to implement the steps executed by the CP device 02 in the foregoing method embodiments.
本申请实施例还提供了一种包含指令的计算机程序产品,当该计算机程序产品在计算机上运行时,使得计算机执行上述方法实施例中由该认证服务器01执行的步骤。The embodiments of the present application also provide a computer program product containing instructions, when the computer program product runs on a computer, the computer program product causes the computer to perform the steps performed by the authentication server 01 in the above method embodiments.
本申请实施例还提供了一种包含指令的计算机程序产品,当该计算机程序产品在计算机上运行时,使得计算机执行上述方法实施例中由该CP设备02执行的步骤。The embodiments of the present application also provide a computer program product containing instructions, when the computer program product runs on a computer, the computer program product causes the computer to execute the steps executed by the CP device 02 in the above method embodiments.
本申请实施例还提供了一种CP和UP分离的通信系统,如图1和图5所示,该通信系统可以包括:认证服务器01,CP设备02以及UP备份组03,该UP备份组03包括多个UP设备,该多个UP设备中的各个UP设备对应的IP地址池不同。The embodiment of the present application further provides a communication system in which the CP and UP are separated. As shown in FIG. 1 and FIG. 5 , the communication system may include: an authentication server 01, a CP device 02, and a UP backup group 03. The UP backup group 03 It includes multiple UP devices, and the IP address pools corresponding to each UP device in the multiple UP devices are different.
其中,该认证服务器01可以为如图7或图8所示的认证服务器,或者包括如图11所示的装置。该CP设备02可以为如图9或图10所示的设备,或者包括如图11所示的装置。The authentication server 01 may be the authentication server shown in FIG. 7 or FIG. 8 , or include the device shown in FIG. 11 . The CP device 02 may be the device shown in FIG. 9 or FIG. 10 , or include the device shown in FIG. 11 .
上述实施例,可以全部或部分地通过软件、硬件、固件或其他任意组合来实现。当使用软件实现时,上述实施例可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载或执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以为通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集合的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质。半导体介质可以是固态硬盘(solid state drive,SSD)。The above embodiments may be implemented in whole or in part by software, hardware, firmware or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded or executed on a computer, all or part of the processes or functions described in the embodiments of the present application are generated. The computer may be a general purpose computer, special purpose computer, computer network, or other programmable device. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server, or data center Transmission to another website site, computer, server, or data center is by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, a data center, or the like that contains one or more sets of available media. The usable media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media. The semiconductor medium may be a solid state drive (SSD).
本申请中术语“至少一个”的含义是指一个或多个,本申请中术语“多个”的含义是指两个或两个以上,例如,多个UP设备是指两个或两个以上的UP设备。本文中术语“系统”和“网络”经常可互换使用。The term "at least one" in this application means one or more, and the term "plurality" in this application means two or more, for example, a plurality of UP devices means two or more UP equipment. The terms "system" and "network" are often used interchangeably herein.
以上所述,仅为本申请的可选实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求的保护范围为准。The above are only optional embodiments of the present application, but the protection scope of the present application is not limited thereto. Any person skilled in the art can easily think of various equivalents within the technical scope disclosed in the present application. Modifications or substitutions of the present application shall be included within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (20)

  1. 一种地址分配方法,其特征在于,应用于控制面CP和用户面UP分离的通信系统中的认证服务器,所述通信系统还包括CP设备和UP备份组,所述UP备份组包括多个UP设备;所述方法包括:An address allocation method, characterized in that it is applied to an authentication server in a communication system in which a control plane CP and a user plane UP are separated, the communication system further comprising a CP device and a UP backup group, and the UP backup group includes a plurality of UPs device; the method includes:
    接收所述CP设备发送的用于指示对目标客户端设备进行认证的认证请求,所述认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息,其中,所述目标客户端设备从所述多个UP设备中的所述目标UP设备上线,所述多个UP设备中的各个UP设备对应的互联网协议IP地址池不同;Receive an authentication request sent by the CP device for instructing to authenticate the target client device, the authentication request including: indication information for indicating the target address pool corresponding to the target UP device, wherein the target client device Go online from the target UP device in the multiple UP devices, and the Internet Protocol IP address pools corresponding to each UP device in the multiple UP devices are different;
    根据所述指示信息,向所述CP设备发送认证响应,所述认证响应包括为所述目标客户端设备分配的IP地址,且所述IP地址包括在所述目标UP设备对应的目标地址池中。According to the indication information, send an authentication response to the CP device, where the authentication response includes the IP address assigned to the target client device, and the IP address is included in the target address pool corresponding to the target UP device .
  2. 根据权利要求1所述的方法,其特征在于,所述认证服务器中存储有多个地址池,所述指示信息包括所述目标地址池的标识,或者所述目标地址池的网关地址;The method according to claim 1, wherein the authentication server stores a plurality of address pools, and the indication information includes an identifier of the target address pool or a gateway address of the target address pool;
    根据所述指示信息,向所述CP设备发送认证响应,包括:According to the indication information, send an authentication response to the CP device, including:
    根据所述指示信息,从所述多个地址池中确定所述目标地址池;determining the target address pool from the plurality of address pools according to the indication information;
    从所述目标地址池中确定为所述目标客户端设备分配的IP地址。The IP address assigned to the target client device is determined from the target address pool.
  3. 根据权利要求1所述的方法,其特征在于,所述认证服务器中存储有UP设备与地址池的对应关系,所述指示信息包括所述目标UP设备的标识;The method according to claim 1, wherein the authentication server stores the correspondence between the UP device and the address pool, and the indication information includes the identifier of the target UP device;
    根据所述指示信息,向所述CP设备发送认证响应,包括:According to the indication information, send an authentication response to the CP device, including:
    根据所述指示信息,从所述对应关系中确定所述目标UP设备对应的目标地址池;According to the indication information, determine the target address pool corresponding to the target UP device from the corresponding relationship;
    从所述目标地址池中确定为所述目标客户端设备分配的IP地址。The IP address assigned to the target client device is determined from the target address pool.
  4. 根据权利要求3所述的方法,其特征在于,所述方法还包括:The method according to claim 3, wherein the method further comprises:
    生成UP设备与地址池的对应关系。Generate the correspondence between the UP device and the address pool.
  5. 根据权利要求1至4任一所述的方法,其特征在于,所述多个UP设备包括至少一个高优先级的UP设备和至少一个低优先级的UP设备,所述高优先级的UP设备发布的路由信息的优先级高于所述低优先级的UP设备发布的路由信息的优先级。The method according to any one of claims 1 to 4, wherein the plurality of UP devices include at least one high-priority UP device and at least one low-priority UP device, and the high-priority UP device The priority of the advertised routing information is higher than the priority of the routing information advertised by the low-priority UP device.
  6. 一种地址分配方法,其特征在于,应用于控制面CP和用户面UP分离的通信系统中的CP设备,所述通信系统还包括认证服务器和UP备份组,所述UP备份组包括多个UP设备;所述方法包括:An address allocation method, characterized in that it is applied to a CP device in a communication system in which a control plane CP and a user plane UP are separated, the communication system further comprising an authentication server and a UP backup group, wherein the UP backup group includes a plurality of UPs device; the method includes:
    向所述认证服务器发送用于指示对目标客户端设备进行认证的认证请求,所述认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息,其中,所述目标客户端设备从所述多个UP设备中的所述目标UP设备上线,所述多个UP设备中的各个UP设备对应的互联网协议IP地址池不同;Send an authentication request to the authentication server for instructing the target client device to be authenticated, the authentication request including: indication information for indicating the target address pool corresponding to the target UP device, wherein the target client device is from The target UP device in the plurality of UP devices is online, and the Internet Protocol IP address pools corresponding to each UP device in the plurality of UP devices are different;
    接收所述认证服务器发送的认证响应,所述认证响应包括为所述目标客户端设备分配的IP地址,且所述IP地址包括在所述目标UP设备对应的目标地址池中。Receive an authentication response sent by the authentication server, where the authentication response includes an IP address assigned to the target client device, and the IP address is included in a target address pool corresponding to the target UP device.
  7. 根据权利要求6所述的方法,其特征在于,所述CP设备中存储有UP设备与地址池的对应关系;向所述认证服务器发送用于指示对目标客户端设备进行认证的认证请求,包括:The method according to claim 6, wherein the CP device stores a correspondence between the UP device and the address pool; sending an authentication request to the authentication server for instructing the target client device to be authenticated, comprising: :
    基于所述对应关系,确定所述指示信息,所述指示信息为所述目标地址池的标识,或者所述目标地址池的网关地址。Based on the corresponding relationship, the indication information is determined, where the indication information is the identifier of the target address pool or the gateway address of the target address pool.
  8. 根据权利要求7所述的方法,其特征在于,所述方法还包括:The method according to claim 7, wherein the method further comprises:
    生成UP设备与地址池的对应关系。Generate the correspondence between the UP device and the address pool.
  9. 根据权利要求6所述的方法,其特征在于,所述指示信息为所述目标UP设备的标识。The method according to claim 6, wherein the indication information is an identifier of the target UP device.
  10. 一种认证服务器,其特征在于,应用于控制面CP和用户面UP分离的通信系统,所述通信系统还包括CP设备和UP备份组,所述UP备份组包括多个UP设备;所述认证服务器包括:An authentication server, characterized in that it is applied to a communication system in which a control plane CP and a user plane UP are separated, the communication system further includes a CP device and an UP backup group, and the UP backup group includes a plurality of UP devices; the authentication The server includes:
    接收模块,用于接收所述CP设备发送的用于指示对目标客户端设备进行认证的认证请求,所述认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息,其中,所述目标客户端设备从所述多个UP设备中的所述目标UP设备上线,所述多个UP设备中的各个UP设备对应的互联网协议IP地址池不同;a receiving module, configured to receive an authentication request sent by the CP device and used to instruct the target client device to be authenticated, where the authentication request includes: indication information used to indicate the target address pool corresponding to the target UP device, wherein the The target client device goes online from the target UP device in the multiple UP devices, and the Internet Protocol IP address pools corresponding to each UP device in the multiple UP devices are different;
    发送模块,用于根据所述指示信息,向所述CP设备发送认证响应,所述认证响应包括为所述目标客户端设备分配的IP地址,且所述IP地址包括在所述目标UP设备对应的目标地址池中。A sending module, configured to send an authentication response to the CP device according to the indication information, where the authentication response includes an IP address assigned to the target client device, and the IP address is included in the corresponding IP address of the target UP device in the target address pool.
  11. 根据权利要求10所述的认证服务器,其特征在于,所述认证服务器中存储有多个地址池,所述指示信息包括所述目标地址池的标识,或者所述目标地址池的网关地址;所述发送模块,用于:The authentication server according to claim 10, wherein the authentication server stores a plurality of address pools, and the indication information includes an identifier of the target address pool or a gateway address of the target address pool; The sending module described above is used to:
    根据所述指示信息,从所述多个地址池中确定所述目标地址池;determining the target address pool from the plurality of address pools according to the indication information;
    从所述目标地址池中确定为所述目标客户端设备分配的IP地址。The IP address assigned to the target client device is determined from the target address pool.
  12. 根据权利要求10所述的认证服务器,其特征在于,所述认证服务器中存储有UP设备与地址池的对应关系,所述指示信息包括所述目标UP设备的标识;所述发送模块,用于:The authentication server according to claim 10, wherein the authentication server stores the correspondence between the UP device and the address pool, and the indication information includes the identifier of the target UP device; the sending module is used for :
    根据所述指示信息,从所述对应关系中确定所述目标UP设备对应的目标地址池;According to the indication information, determine the target address pool corresponding to the target UP device from the corresponding relationship;
    从所述目标地址池中确定为所述目标客户端设备分配的IP地址。The IP address assigned to the target client device is determined from the target address pool.
  13. 根据权利要求12所述的认证服务器,其特征在于,所述认证服务器还包括:The authentication server according to claim 12, wherein the authentication server further comprises:
    生成模块,用于生成UP设备与地址池的对应关系。The generating module is used to generate the correspondence between the UP device and the address pool.
  14. 根据权利要求10至13任一所述的认证服务器,其特征在于,所述多个UP设备包括至少一个高优先级的UP设备和至少一个低优先级的UP设备,所述高优先级的UP设备发布的路由信息的优先级高于所述低优先级的UP设备发布的路由信息的优先级。The authentication server according to any one of claims 10 to 13, wherein the plurality of UP devices include at least one high-priority UP device and at least one low-priority UP device, and the high-priority UP device The priority of the routing information advertised by the device is higher than the priority of the routing information advertised by the low-priority UP device.
  15. 一种控制面CP设备,其特征在于,应用于CP和用户面UP分离的通信系统,所述通信系统还包括认证服务器和UP备份组,所述UP备份组包括多个UP设备;所述CP设备包括:A control plane CP device, characterized in that it is applied to a communication system in which the CP and the user plane UP are separated, the communication system further comprising an authentication server and an UP backup group, the UP backup group including a plurality of UP devices; the CP Equipment includes:
    发送模块,用于向所述认证服务器发送用于指示对目标客户端设备进行认证的认证请求,所述认证请求包括:用于指示目标UP设备对应的目标地址池的指示信息,其中,所述目标客户端设备从所述多个UP设备中的所述目标UP设备上线,所述多个UP设备中的各个UP设备对应的互联网协议IP地址池不同;A sending module, configured to send an authentication request to the authentication server for instructing the target client device to be authenticated, the authentication request including: indication information for instructing the target address pool corresponding to the target UP device, wherein the The target client device goes online from the target UP device in the multiple UP devices, and the Internet Protocol IP address pools corresponding to each UP device in the multiple UP devices are different;
    接收模块,用于接收所述认证服务器发送的认证响应,所述认证响应包括为所述目标客户端设备分配的IP地址,且所述IP地址包括在所述目标UP设备对应的目标地址池中。A receiving module, configured to receive an authentication response sent by the authentication server, where the authentication response includes an IP address assigned to the target client device, and the IP address is included in the target address pool corresponding to the target UP device .
  16. 根据权利要求15所述的CP设备,其特征在于,所述CP设备中存储有UP设备与地址池的对应关系;所述发送模块,用于:The CP device according to claim 15, wherein the CP device stores the correspondence between the UP device and the address pool; the sending module is used for:
    基于所述对应关系,确定所述指示信息,所述指示信息为所述目标地址池的标识,或者所述目标地址池的网关地址。Based on the corresponding relationship, the indication information is determined, where the indication information is the identifier of the target address pool or the gateway address of the target address pool.
  17. 根据权利要求16所述的CP设备,其特征在于,所述CP设备还包括:The CP device according to claim 16, wherein the CP device further comprises:
    生成模块,用于生成UP设备与地址池的对应关系。The generating module is used to generate the correspondence between the UP device and the address pool.
  18. 根据权利要求15所述的CP设备,其特征在于,所述指示信息为所述目标UP设备的标识。The CP device according to claim 15, wherein the indication information is an identifier of the target UP device.
  19. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有指令,所述指令由处理器执行以实现如权利要求1至9任一项所述的方法。A computer-readable storage medium, characterized in that the computer-readable storage medium stores instructions, and the instructions are executed by a processor to implement the method according to any one of claims 1 to 9.
  20. 一种控制面CP和用户面UP分离的通信系统,其特征在于,所述系统包括:如权利要求10至14任一项所述的认证服务器,如权利要求15至18任一项所述的CP设备,以及UP备份组,所述UP备份组包括多个UP设备,所述多个UP设备中的各个UP设备对应的互联网协议IP地址池不同。A communication system in which a control plane CP and a user plane UP are separated, wherein the system comprises: the authentication server according to any one of claims 10 to 14, and the authentication server according to any one of claims 15 to 18 A CP device, and an UP backup group, where the UP backup group includes multiple UP devices, and the Internet Protocol IP address pools corresponding to each UP device in the multiple UP devices are different.
PCT/CN2021/113302 2020-08-19 2021-08-18 Address allocation method, device, and system WO2022037621A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010838460.7A CN114079649A (en) 2020-08-19 2020-08-19 Address allocation method, equipment and system
CN202010838460.7 2020-08-19

Publications (1)

Publication Number Publication Date
WO2022037621A1 true WO2022037621A1 (en) 2022-02-24

Family

ID=80281638

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/113302 WO2022037621A1 (en) 2020-08-19 2021-08-18 Address allocation method, device, and system

Country Status (2)

Country Link
CN (1) CN114079649A (en)
WO (1) WO2022037621A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105814922A (en) * 2014-03-17 2016-07-27 华为技术有限公司 Address identifier allocation method, and related device and system
WO2017124308A1 (en) * 2016-01-19 2017-07-27 华为技术有限公司 Method and device for allocating ip address
US20190104426A1 (en) * 2017-09-29 2019-04-04 Netscout Systems, Inc Selective user plane monitoring multiple monitoring probes when a serving gateway has multiple ip addresses
US20190230061A1 (en) * 2016-09-30 2019-07-25 Huawei Technologies Co., Ltd. Ip address assignment method and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105814922A (en) * 2014-03-17 2016-07-27 华为技术有限公司 Address identifier allocation method, and related device and system
WO2017124308A1 (en) * 2016-01-19 2017-07-27 华为技术有限公司 Method and device for allocating ip address
US20190230061A1 (en) * 2016-09-30 2019-07-25 Huawei Technologies Co., Ltd. Ip address assignment method and apparatus
US20190104426A1 (en) * 2017-09-29 2019-04-04 Netscout Systems, Inc Selective user plane monitoring multiple monitoring probes when a serving gateway has multiple ip addresses

Also Published As

Publication number Publication date
CN114079649A (en) 2022-02-22

Similar Documents

Publication Publication Date Title
JP6479169B2 (en) Automated determination of tree attributes and assignment of receiver identifiers by distributed selection in a multicast architecture relying on packets to identify target receivers
CN108574639B (en) EVPN message processing method, device and system
CN108574630B (en) EVPN message processing method, device and system
JP6722820B2 (en) Separation of control plane function and forwarding plane function of broadband remote access server
US6801528B2 (en) System and method for dynamic simultaneous connection to multiple service providers
EP2375659B1 (en) Scalable distributed user plane partitioned two-stage forwarding information base lookup for subscriber internet protocol host routes
EP3151510B1 (en) Mac (l2) level authentication, security and policy control
US8081611B2 (en) Mobility label-based networks
EP3223476B1 (en) Method, system, and apparatus for preventing tromboning in inter-subnet traffic within data center architectures
WO2020216339A1 (en) Method and apparatus for accessing gateway
WO2018019299A1 (en) Virtual broadband access method, controller, and system
US10764235B2 (en) Method and system for network access discovery
US20230156005A1 (en) Service processing method, apparatus, device, and system
US20230345273A1 (en) Fault processing method, control plane network element, steering decision-making network element, and related device
JP2019510406A (en) Addressing for customer premises LAN expansion
WO2018161795A1 (en) Routing priority configuration method, device, and controller
EP4020904B1 (en) Packet transmission method, device, and system
WO2022057810A1 (en) Service packet forwarding method, sr policy sending method, device, and system
WO2022037621A1 (en) Address allocation method, device, and system
WO2024000975A1 (en) Session establishment system and method, electronic device, and storage medium
CN116668368A (en) Message forwarding method, device and system
CN116418760A (en) Message forwarding method, device and system
CN113973072A (en) Message sending method, equipment and system
WO2023088411A1 (en) Method and apparatus for sending instruction, and method and apparatus for sending information
WO2022143572A1 (en) Message processing method and related device

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21857713

Country of ref document: EP

Kind code of ref document: A1