[go: up one dir, main page]

CN100550857C - Method, system and access device for realizing layer-2 intercommunication of local specific services - Google Patents

Method, system and access device for realizing layer-2 intercommunication of local specific services Download PDF

Info

Publication number
CN100550857C
CN100550857C CNB2007100985658A CN200710098565A CN100550857C CN 100550857 C CN100550857 C CN 100550857C CN B2007100985658 A CNB2007100985658 A CN B2007100985658A CN 200710098565 A CN200710098565 A CN 200710098565A CN 100550857 C CN100550857 C CN 100550857C
Authority
CN
China
Prior art keywords
message
access node
source
characteristic information
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2007100985658A
Other languages
Chinese (zh)
Other versions
CN101035088A (en
Inventor
李峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2007100985658A priority Critical patent/CN100550857C/en
Publication of CN101035088A publication Critical patent/CN101035088A/en
Priority to PCT/CN2008/070333 priority patent/WO2008128449A1/en
Application granted granted Critical
Publication of CN100550857C publication Critical patent/CN100550857C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提供了实现本地特定业务二层互通的方法、系统和接入设备,属于通信领域。所述方法包括:选择本地特定业务的源设备对应的源接入节点和目的设备对应的目的接入节点,在源接入节点增加对特定业务报文的区分能力,当源接入节点接收到报文后,判断所述报文是否为特定业务报文,如果是,将所述报文通过虚拟局域网发送给目的接入节点;目的接入节点收到所述报文后,将所述报文发送给所述目的设备。所述系统包括:网络接入服务器、源接入设备和目的接入设备。所述接入设备包括:接收模块、判断模块和发送模块。本发明所述方案用于减轻NAS的负担,并同时保证接入网的安全性。

Figure 200710098565

The invention provides a method, a system and an access device for realizing two-layer intercommunication of local specific services, belonging to the communication field. The method includes: selecting a source access node corresponding to a source device of a local specific service and a destination access node corresponding to a destination device, increasing the ability to distinguish specific service packets at the source access node, and when the source access node receives After the message, determine whether the message is a specific service message, if so, send the message to the destination access node through the virtual local area network; after the destination access node receives the message, send the message to the The text is sent to the destination device. The system includes: a network access server, a source access device and a destination access device. The access device includes: a receiving module, a judging module and a sending module. The scheme of the present invention is used to reduce the burden of NAS and ensure the security of the access network at the same time.

Figure 200710098565

Description

实现本地特定业务二层互通的方法、系统和接入设备 Method, system and access device for realizing layer-2 intercommunication of local specific services

技术领域 technical field

本发明涉及通信领域,特别涉及实现本地特定业务二层互通的方法、系统和接入设备。The invention relates to the communication field, in particular to a method, a system and an access device for realizing the two-layer intercommunication of local specific services.

背景技术 Background technique

现有的接入网架构包括三个部分:NAS(Network Access Server,网络接入服务器)、汇聚层和接入层。其中,NAS为接入网络与IP网络的边界,用户之间的所有流量都需要经过NAS转发,汇聚层由多个汇聚点组成,用于实现用户物理或逻辑接入通道到NAS的二层汇聚,接入层由AN(Access Node,接入节点)组成,AN负责接入用户的数据链路层和物理层,并做简单的二层接入控制,目前AN主要为DSLAM(Digital Subscriber Line Access Mutliplexer,数字用户线接入复用器)或以太网二层交换机。参见图1,图1是现有技术提供的宽带接入网示意图,用户A和用户B与同一个NAS相连,当用户A要与用户B进行通信时,需要通过接入节点AN1、汇聚点1和汇聚点2将数据发送给NAS,NAS收到数据后,通过汇聚点2、汇聚点3和接入节点AN2将数据转发给用户B。随着用户的不断增长和P2P(Peer to Peer,点到点)流媒体业务的不断出现,现有接入网的架构会使经过NAS的流量过高,造成网络负荷过重。The existing access network architecture includes three parts: NAS (Network Access Server, Network Access Server), aggregation layer and access layer. Among them, NAS is the boundary between the access network and the IP network. All traffic between users needs to be forwarded through the NAS. The convergence layer is composed of multiple convergence points, which are used to realize the two-layer convergence of the user's physical or logical access channel to the NAS. , the access layer is composed of AN (Access Node, access node), AN is responsible for accessing the user's data link layer and physical layer, and performs simple two-layer access control. Currently, AN is mainly DSLAM (Digital Subscriber Line Access Mutliplexer, digital subscriber line access multiplexer) or Ethernet Layer 2 switch. Referring to Figure 1, Figure 1 is a schematic diagram of a broadband access network provided by the prior art. User A and user B are connected to the same NAS. When user A wants to communicate with user B, it needs to pass through access node AN1 and convergence point 1 and the convergence point 2 to send the data to the NAS, and the NAS forwards the data to the user B through the convergence point 2, the convergence point 3 and the access node AN2 after receiving the data. With the continuous growth of users and the continuous emergence of P2P (Peer to Peer, point-to-point) streaming media services, the existing access network architecture will make the traffic passing through the NAS too high, resulting in an overloaded network.

现有技术提供了一种接入网中实现P2P流量二层互通方案,此方案首先需要在接入网中新创建一个专门的VLAN(Virtual Local Area Network,虚拟局域网),称为P2P VLAN,即在所有AN和汇聚点设备上创建P2P VLAN,使这些设备通过P2P VLAN实现二层互通;同时在所有AN上增加ARP(Address Resolution Protocol,地址解析协议)代理功能和判断功能,AN上的ARP代理功能包括三个模块:上行ARP模块、下行ARP模块和ARP缓存模块;AN上的判断功能用于判断当前与它直接相连的用户是否使能P2P业务。参见图2,图2是现有技术提供的实现P2P流量二层互通的接入网示意图,该接入网包括:两个用户设备(源设备D2和目的设备D1)、通过汇聚层相连的接入节点AN1和接入节点AN2、网关BRAS(Broadband RemoteAccess Server,宽带远程接入服务器)。其中,网关BRAS的功能与NAS相同。The prior art provides a scheme for realizing P2P traffic Layer 2 intercommunication in the access network. This scheme first needs to create a new dedicated VLAN (Virtual Local Area Network, Virtual Local Area Network) in the access network, which is called P2P VLAN, namely Create P2P VLANs on all ANs and convergence point devices, so that these devices can realize Layer 2 intercommunication through P2P VLANs; at the same time, add ARP (Address Resolution Protocol, Address Resolution Protocol) proxy function and judgment function on all ANs, and ARP proxy on ANs The function includes three modules: uplink ARP module, downlink ARP module and ARP cache module; the judging function on the AN is used to judge whether the user directly connected to it currently enables P2P services. Referring to FIG. 2, FIG. 2 is a schematic diagram of an access network for realizing P2P traffic Layer 2 intercommunication provided by the prior art. Ingress node AN1 and access node AN2, gateway BRAS (Broadband Remote Access Server, broadband remote access server). Wherein, the function of the gateway BRAS is the same as that of the NAS.

参见图3,图3是现有技术提供的实现P2P流量二层互通的方法流程图,以图2提供的接入网为例,建立源设备D2到目的设备D1二层互通的具体步骤如下:Referring to FIG. 3, FIG. 3 is a flow chart of a method for realizing P2P traffic Layer 2 intercommunication provided by the prior art. Taking the access network provided in FIG. 2 as an example, the specific steps for establishing the source device D2 to the destination device D1 Layer 2 intercommunication are as follows:

步骤101:源设备D2向目的设备D1发送ARP请求,请求目的设备D1的MAC(Media AccessControl,介质访问控制)地址。Step 101: The source device D2 sends an ARP request to the destination device D1, requesting the MAC (Media Access Control, Media Access Control) address of the destination device D1.

步骤102:接入节点AN2执行ARP代理功能,接收源设备D2发送的ARP请求。Step 102: the access node AN2 performs an ARP proxy function, and receives the ARP request sent by the source device D2.

步骤103:接入节点AN2判断源设备D2是否已经使能P2P业务,如果源设备D2已经使能P2P业务,则继续执行步骤104;如果源设备D2没有使能P2P业务,则执行步骤105。Step 103: The access node AN2 judges whether the source device D2 has enabled the P2P service, if the source device D2 has enabled the P2P service, proceed to step 104; if the source device D2 has not enabled the P2P service, proceed to step 105.

步骤104:接入节点AN2中的上行ARP模块在P2P VLAN中广播收到的ARP请求,然后执行步骤106。Step 104: The uplink ARP module in the access node AN2 broadcasts the received ARP request in the P2P VLAN, and then executes step 106.

步骤105:接入节点AN2向源设备D2应答BRAS的MAC地址。Step 105: the access node AN2 replies to the source device D2 with the MAC address of the BRAS.

步骤106:接入节点AN1中的下行ARP模块接收接入节点AN2广播的请求目的设备D1的ARP请求。Step 106: The downlink ARP module in the access node AN1 receives the ARP request of the request destination device D1 broadcast by the access node AN2.

步骤107:接入节点AN1判断目的设备D1是否已经使能P2P业务,如果目的设备D1已经使能P2P业务,则继续执行步骤108;如果目的设备没有使能P2P业务,则执行步骤109。Step 107: The access node AN1 judges whether the destination device D1 has enabled the P2P service, if the destination device D1 has enabled the P2P service, proceed to step 108; if the destination device has not enabled the P2P service, proceed to step 109.

步骤108:接入节点AN1在ARP缓存模块中查询目的设备D1的MAC地址,并由目的接入节点AN1中的上行ARP模块在P2P VLAN中向接入节点AN2应答目的设备D1的MAC地址,即发送ARP应答报文,然后执行步骤110。Step 108: the access node AN1 queries the MAC address of the destination device D1 in the ARP cache module, and the uplink ARP module in the destination access node AN1 responds to the access node AN2 in the P2P VLAN with the MAC address of the destination device D1, namely Send an ARP reply packet, and then perform step 110.

步骤109:接入节点AN1向接入节点AN2应答BRAS的MAC地址。Step 109: the access node AN1 responds to the access node AN2 with the MAC address of the BRAS.

步骤110:接入节点AN2的下行ARP模块接收AN1发送的ARP应答报文,并把此ARP应答报文转发给源设备D2。Step 110: The downlink ARP module of the access node AN2 receives the ARP reply message sent by AN1, and forwards the ARP reply message to the source device D2.

步骤111:源设备D2接收ARP应答报文,获得目的设备D1的MAC地址,此时源设备D2使用目的设备D1的MAC地址来发送报文,该报文不经过BRAS,而是通过接入节点AN1和接入节点AN2进行在P2P VLAN中二层转发给目的设备D1。Step 111: The source device D2 receives the ARP reply message and obtains the MAC address of the destination device D1. At this time, the source device D2 uses the MAC address of the destination device D1 to send the message. The message does not pass through the BRAS, but through the access node AN1 and access node AN2 perform Layer 2 forwarding to the destination device D1 in the P2P VLAN.

在这种方案中,用户间通过P2P VLAN实现了二层互通,减轻了NAS的负荷,但在互通过程中,源设备知道目的设备的MAC地址,存在一定的安全隐患。In this solution, users realize Layer 2 intercommunication through P2P VLAN, which reduces the load on the NAS. However, during the intercommunication process, the source device knows the MAC address of the destination device, which has certain security risks.

发明内容 Contents of the invention

为了分担NAS上的负载和保证接入网的安全性,本发明实施例提供了实现本地特定业务二层互通的方法、系统和接入设备,所述技术方案如下:In order to share the load on the NAS and ensure the security of the access network, the embodiment of the present invention provides a method, system and access device for realizing layer-2 intercommunication of local specific services, and the technical solution is as follows:

一种实现本地特定业务二层互通的方法,所述方法包括:A method for realizing two-layer intercommunication of local specific services, the method comprising:

在同一个虚拟局域网中选择本地特定业务的源设备对应的源接入节点和目的设备对应的目的接入节点,在所述源接入节点和所述目的接入节点之间创建二层通道;Selecting a source access node corresponding to a source device of a local specific service and a destination access node corresponding to a destination device in the same virtual local area network, and creating a layer-2 channel between the source access node and the destination access node;

当所述源接入节点接收到报文后,判断所述报文是否为特定业务报文,如果是,将所述报文通过所述二层通道发送给所述目的接入节点;After the source access node receives the message, judge whether the message is a specific service message, and if so, send the message to the destination access node through the layer-2 channel;

所述目的接入节点收到所述报文后,将所述报文发送给所述目的设备。After receiving the packet, the destination access node sends the packet to the destination device.

本发明实施例还提供了一种实现本地特定业务二层互通的系统,所述系统包括:网络接入服务器、源接入设备和目的接入设备;The embodiment of the present invention also provides a system for realizing Layer 2 intercommunication of local specific services, and the system includes: a network access server, a source access device, and a destination access device;

所述网络接入服务器用于通知所述源接入设备记录特定业务报文的特征信息;The network access server is used to notify the source access device to record characteristic information of specific service packets;

所述源接入设备和目的接入设备在同一虚拟局域网中,并且所述源接入设备和目的接入设备间有二层通道;The source access device and the destination access device are in the same virtual local area network, and there is a layer-2 channel between the source access device and the destination access device;

所述源接入设备用于接收报文,并提取所述报文的特征信息,判断所述报文的特征信息是否与所述特定业务报文的特征信息相同,如果相同,将所述报文通过所述二层通道发送给所述目的接入设备;The source access device is used to receive the message, extract the feature information of the message, judge whether the feature information of the message is the same as the feature information of the specific service message, and if they are the same, extract the feature information of the message sending the message to the destination access device through the Layer 2 channel;

所述目的接入设备用于接收所述源接入设备发送的报文,并将所述报文发送给目的设备。The destination access device is configured to receive the message sent by the source access device, and send the message to the destination device.

本发明实施例还提供了一种接入设备,所述设备包括:The embodiment of the present invention also provides an access device, and the device includes:

接收模块,用于接收报文;A receiving module, configured to receive messages;

判断模块,用于判断所述接收模块中接收的报文是否为特定业务报文;A judging module, configured to judge whether the message received in the receiving module is a specific service message;

发送模块,用于当所述判断模块的判断结果为所述报文为特定业务报文时,通过虚拟局域网中的二层通道转发所述报文,否则,通过网络接入服务器转发所述报文。A sending module, configured to forward the message through a Layer 2 channel in the virtual local area network when the judging result of the judging module is that the message is a specific service message, otherwise, forward the message through a network access server arts.

采用本发明实施例提供的技术方案,通过在虚拟局域网的特定两个接入节点之间建立二层通道,使用二层通道转发报文,不需要将特定业务报文转发给NAS,减轻NAS的负荷。并且,源设备不需要知道目的设备的MAC地址,保证了接入网的安全性。By adopting the technical solution provided by the embodiment of the present invention, by establishing a layer-2 channel between two specific access nodes of the virtual local area network, and using the layer-2 channel to forward messages, it is not necessary to forward specific service messages to the NAS, reducing the burden on the NAS load. Moreover, the source device does not need to know the MAC address of the destination device, which ensures the security of the access network.

附图说明 Description of drawings

图1是现有技术提供的宽带接入网示意图;FIG. 1 is a schematic diagram of a broadband access network provided by the prior art;

图2是现有技术提供的实现P2P流量二层互通的接入网示意图;FIG. 2 is a schematic diagram of an access network for realizing P2P traffic Layer 2 intercommunication provided by the prior art;

图3是现有技术提供的实现P2P流量二层互通的方法流程图;FIG. 3 is a flow chart of a method for realizing P2P traffic Layer 2 intercommunication provided by the prior art;

图4是本发明实施例1提供的接入网络拓扑示意图;FIG. 4 is a schematic diagram of an access network topology provided by Embodiment 1 of the present invention;

图5是本发明实施例1提供的实现本地特定业务二层互通的方法流程图;FIG. 5 is a flow chart of a method for implementing Layer 2 interworking of local specific services provided by Embodiment 1 of the present invention;

图6是本发明实施例2提供的实现本地特定业务二层互通的系统结构图;FIG. 6 is a system structure diagram for implementing Layer 2 intercommunication of local specific services provided by Embodiment 2 of the present invention;

图7是本发明实施例3提供的接入设备的结构图。FIG. 7 is a structural diagram of an access device provided by Embodiment 3 of the present invention.

具体实施方式 Detailed ways

为使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明实施方式作进一步地详细描述。In order to make the object, technical solution and advantages of the present invention clearer, the implementation manner of the present invention will be further described in detail below in conjunction with the accompanying drawings.

本发明实施例通过对特定业务报文创建专门的二层通道,使得这些报文在转发时不经过NAS,从而减少NAS的负担,并保证接入网的安全性。The embodiment of the present invention creates a special layer-2 channel for specific service messages, so that these messages do not pass through the NAS when they are forwarded, thereby reducing the burden of the NAS and ensuring the security of the access network.

实施例1Example 1

参见图4,是本发明实施例1提供的接入网络拓扑示意图,图中包括:两个用户设备(用户1和用户2)、接入节点AN1和接入节点AN2、汇聚层、网络接入服务器NAS。Referring to Figure 4, it is a schematic diagram of the access network topology provided by Embodiment 1 of the present invention, which includes: two user equipments (user 1 and user 2), access node AN1 and access node AN2, aggregation layer, network access Server NAS.

其中,用户1和用户2通过与汇聚层相连的接入节点AN1和AN2与同一个NAS相连。用户1和用户2之间传输的特定业务报文为本地特定业务报文,例如:IPTV(Internet ProtocolTeleVision,网络电视)业务报文、FTP(File Transfer Protocol,文件传输协议)业务报文、SMTP(Simple Mail Transfer Protocol,简单邮件传输协议)业务报文等。Wherein, user 1 and user 2 are connected to the same NAS through access nodes AN1 and AN2 connected to the convergence layer. The specific service message transmitted between user 1 and user 2 is a local specific service message, for example: IPTV (Internet Protocol TeleVision, Internet TV) service message, FTP (File Transfer Protocol, file transfer protocol) service message, SMTP ( Simple Mail Transfer Protocol, Simple Mail Transfer Protocol) business messages, etc.

接入节点AN1和AN2与汇聚层中的节点处在同一个VLAN中,NAS根据网络的物理拓扑结构,选择用户1对应的接入节点AN1和用户2对应的接入节点AN2,在接入节点AN1和AN2之间创建二层通道;并且在接入节点AN1上增加区分本地特定业务报文的能力,例如:ACL(Access Control List,访问控制表)功能。当AN2作为源接入节点时,也需要在AN2上增加区分本地特定业务报文的能力。The access nodes AN1 and AN2 are in the same VLAN as the nodes in the aggregation layer. According to the physical topology of the network, the NAS selects the access node AN1 corresponding to user 1 and the access node AN2 corresponding to user 2. Create a layer-2 channel between AN1 and AN2; and add the ability to distinguish local specific service messages on the access node AN1, for example: ACL (Access Control List, access control list) function. When AN2 is used as a source access node, it is also necessary to increase the capability of distinguishing local specific service packets on AN2.

参见图5,图5是本发明实施例1提供的实现本地特定业务二层互通的方法流程图,本实施例提供了一种实现本地特定业务二层互通的方法,以图4提供的接入网为例进行说明。其中,用户1和用户2分别作为源设备和目的设备,AN1和AN2分别作为源接入节点和目的接入节点。该方法包括:Referring to Fig. 5, Fig. 5 is a flow chart of the method for implementing Layer 2 intercommunication of local specific services provided by Embodiment 1 of the present invention. This embodiment provides a method for realizing Layer 2 interworking of local specific services. network as an example. Wherein, user 1 and user 2 are respectively used as a source device and a destination device, and AN1 and AN2 are respectively used as a source access node and a destination access node. The method includes:

步骤201:NAS启动二层互通并记录本地特定业务报文的特征信息,和此本地特定业务报文对应的用户1的MAC地址和用户2的MAC地址,以及AN1和AN2的MAC地址。Step 201: NAS starts Layer 2 interworking and records the feature information of the local specific service message, the MAC address of user 1 and the MAC address of user 2 corresponding to the local specific service message, and the MAC addresses of AN1 and AN2.

特征信息可以是五元组信息,包括用户1的IP地址、用户2的IP地址、用户1的传输层端口号、用户2的传输层端口号和传输层类型;特征信息还可以是六元组信息,包括用户1的IP地址、用户2的IP地址、用户1的传输层端口号、用户2的传输层端口号、传输层类型、业务类型域;或者特征信息简化为用户1的传输层端口号;或者特征信息简化为用户2的传输层端口号;或者特征信息简化为业务类型域;或者为用户1的传输层端口号和用户2的传输层端口号;或者为用户1的传输层端口号、用户2的传输层端口号和业务类型域。Feature information can be five-tuple information, including IP address of user 1, IP address of user 2, transport layer port number of user 1, transport layer port number and transport layer type of user 2; feature information can also be a six-tuple Information, including the IP address of user 1, the IP address of user 2, the transport layer port number of user 1, the transport layer port number of user 2, the transport layer type, and the service type field; or the feature information is simplified to the transport layer port of user 1 or the feature information is simplified to the transport layer port number of user 2; or the feature information is simplified to the service type field; or the transport layer port number of user 1 and the transport layer port number of user 2; or the transport layer port number of user 1 number, the transport layer port number of user 2, and the service type field.

仅用于举例说明,本实施例中的本地特定业务为IPTV业务报文,IPTV业务报文的特征信息为五元组信息,即IPTV报文中携带的用户1的IP地址、用户2的IP地址、用户1的传输层端口号、用户2的传输层端口号和传输层类型。For example only, the local specific service in this embodiment is an IPTV service message, and the feature information of the IPTV service message is quintuple information, that is, the IP address of user 1 and the IP address of user 2 carried in the IPTV message. Address, transport layer port number of user 1, transport layer port number and transport layer type of user 2.

NAS可以通过其它外部业务设备告知的方式或通过自我感知的方式启动用户1和用户2之间特定业务的二层互通。这里的其它外部业务设备可以是策略控制服务器,或具有策略控制能力的设备。The NAS can initiate Layer 2 intercommunication of a specific service between user 1 and user 2 through notification from other external service devices or through self-awareness. Other external service devices here may be policy control servers, or devices capable of policy control.

步骤202:NAS通知AN1创建并存储特征信息表,将记录的特征信息存储在该特征信息表中,以匹配用户1和用户2间的本地特定业务报文,实现匹配此特征的报文通过VLAN转发到对应的AN上。Step 202: NAS notifies AN1 to create and store a feature information table, and store the recorded feature information in the feature information table to match the local specific service message between user 1 and user 2, so that the message matching this feature passes through the VLAN Forward to the corresponding AN.

举例来说,本实施例中的特征信息表的具体形式为ACL表,通过在AN1上增加ACL功能,当AN1收到报文时,如果能够在ACL表中找到匹配的表项,即该报文的五元组信息与IPTV业务报文的五元组信息相同,说明该报文是IPTV业务报文,则不通过NAS转发该报文,如果在ACL表中没有找到匹配的表项,即该报文的五元组信息与IPTV业务报文的五元组信息不相同,说明该报文不是IPTV业务报文,则按现有技术的转发方式,通过NAS转发该报文。For example, the specific form of the feature information table in this embodiment is an ACL table. By adding the ACL function on AN1, when AN1 receives a message, if a matching entry can be found in the ACL table, the message The five-tuple information of the text is the same as the five-tuple information of the IPTV service message, indicating that the message is an IPTV service message, and the message will not be forwarded through the NAS. If no matching entry is found in the ACL table, that is The quintuple information of the message is different from the quintuple information of the IPTV service message, indicating that the message is not an IPTV service message, and the message is forwarded through the NAS according to the forwarding method in the prior art.

步骤203:在AN1和AN2所处的同一个VLAN中,创建一条AN1和AN2的二层通道。Step 203: Create a Layer 2 channel between AN1 and AN2 in the same VLAN where AN1 and AN2 are located.

创建二层通道的具体过程如下:The specific process of creating a Layer 2 channel is as follows:

AN1和AN2通过互发广播帧、互发携带对方MAC地址的单帧或互发报文的方式,开启二层通道;或者先使能ACL功能,通过本地特定业务报文来创建二层通道。AN1 and AN2 open a Layer 2 channel by sending broadcast frames, single frames carrying each other's MAC address, or messages to each other; or enable the ACL function first, and create a Layer 2 channel through local specific service messages.

同时,在AN1上记录用户1的MAC地址与IP地址的对应关系,在AN2上记录用户2的MAC地址与IP地址的对应关系;At the same time, record the corresponding relationship between the MAC address and IP address of user 1 on AN1, and record the corresponding relationship between the MAC address and IP address of user 2 on AN2;

AN1学习AN2的MAC地址和AN2学习AN1的MAC地址完成后,AN1使能报文区分功能,即通过ACL功能区分IPTV业务报文。After AN1 learns the MAC address of AN2 and AN2 learns the MAC address of AN1, AN1 enables the packet differentiation function, that is, distinguishes IPTV service packets through the ACL function.

步骤204:AN1收到报文后,提取报文的特征信息,判断提取的特征信息是否与本地特定业务报文的特征信息相同,即在ACL中查找是否有与该报文的特征信息相匹配的表项,如果相同,则执行步骤205;否则,执行步骤207。Step 204: After receiving the message, AN1 extracts the feature information of the message, and judges whether the extracted feature information is the same as the feature information of the local specific service message, that is, checks in the ACL whether there is a match with the feature information of the message entries, if they are the same, go to step 205; otherwise, go to step 207.

举例来说,本实施例具体提取的是报文的五元组信息,判断提取的五元组信息是否与IPTV业务报文的五元组信息相同,即在ACL中查找是否有与该报文的五元组信息相匹配的表项。For example, what this embodiment specifically extracts is the quintuple information of the message, and it is judged whether the extracted quintuple information is the same as the quintuple information of the IPTV service message, that is, whether there is a quintuple information corresponding to the message in the ACL The entry that matches the five-tuple information.

步骤205:AN1将该报文的目的MAC地址修改为AN2的MAC地址,源MAC地址修改为AN1的MAC地址,并通过VLAN将该报文转发给AN2。Step 205: AN1 modifies the destination MAC address of the packet to the MAC address of AN2, modifies the source MAC address to the MAC address of AN1, and forwards the packet to AN2 through the VLAN.

步骤206:AN2收到报文后,查找该报文的目的IP地址对应的MAC地址,本实施例查到的MAC地址为用户2的MAC地址,这时将报文中原有的目的MAC地址修改为用户2的MAC地址,源MAC地址修改为NAS的MAC地址,然后将该报文发送给用户2。Step 206: After AN2 receives the message, search for the MAC address corresponding to the destination IP address of the message. The MAC address found in this embodiment is the MAC address of user 2. At this time, the original destination MAC address in the message is modified is the MAC address of user 2, the source MAC address is changed to the MAC address of the NAS, and then the packet is sent to user 2.

步骤207:将该报文通过汇聚层发送给NAS,由NAS将该报文转发给用户2。Step 207: Send the packet to the NAS through the convergence layer, and the NAS forwards the packet to User 2.

实施例2Example 2

参见图6,图6是本发明实施例2提供的实现本地特定业务二层互通的系统结构图,本实施例提供了一种实现本地特定业务二层互通的系统,该系统包括:网络接入服务器、源接入设备和目的接入设备;本实施例中的本地特定业务可以是IPTV、FTP或SMTP业务报文。Referring to Fig. 6, Fig. 6 is a system structure diagram for implementing Layer 2 intercommunication of local specific services provided by Embodiment 2 of the present invention. This embodiment provides a system for realizing Layer 2 intercommunication of local specific services. The system includes: network access A server, a source access device, and a destination access device; the local specific service in this embodiment may be an IPTV, FTP or SMTP service message.

其中,网络接入服务器用于通知源接入设备记录特定业务报文的特征信息;Wherein, the network access server is used to notify the source access device to record the characteristic information of the specific service message;

源接入设备和目的接入设备在同一虚拟局域网中,并且源接入设备和目的接入设备间有二层通道;The source access device and the destination access device are in the same VLAN, and there is a Layer 2 channel between the source access device and the destination access device;

源接入设备用于接收报文,并提取该报文的特征信息,判断所提取的特征信息是否与特定业务报文的特征信息相同,如果相同,将该报文通过上述虚拟局域网中的二层通道发送给目的接入设备;The source access device is used to receive the message, extract the feature information of the message, judge whether the extracted feature information is the same as the feature information of the specific service message, and if they are the same, pass the message through the two The layer channel is sent to the destination access device;

目的接入设备用于接收源接入设备发送的报文,并将其发送给目的设备。The destination access device is used to receive the packet sent by the source access device and send it to the destination device.

上述源接入设备上预先保存了特定业务报文的特征信息,作为判断接收到的报文是否通过虚拟局域网中的二层通道转发的依据。The feature information of the specific service message is pre-stored on the above-mentioned source access device as a basis for judging whether the received message is forwarded through the layer-2 channel in the virtual local area network.

实施例3Example 3

参见图7,图7是本发明实施例3提供的接入设备的结构图,本实施例提供了一种接入设备,该设备包括:Referring to FIG. 7, FIG. 7 is a structural diagram of an access device provided in Embodiment 3 of the present invention. This embodiment provides an access device, which includes:

接收模块,用于接收报文;A receiving module, configured to receive messages;

判断模块,用于判断接收模块中接收的报文是否为特定业务报文;A judging module, configured to judge whether the message received in the receiving module is a specific service message;

发送模块,用于当判断模块的判断结果为该报文为特定业务报文时,通过虚拟局域网中的二层通道转发该报文,否则,通过网络接入服务器转发该报文。The sending module is used to forward the message through the layer-2 channel in the virtual local area network when the judging result of the judging module is that the message is a specific service message, otherwise, forward the message through the network access server.

其中,判断模块通过判断报文的特征信息是否与特定业务报文的特征信息相同来判断接收模块中接收的报文是否为特定业务报文,如果报文的特征信息与特定业务报文的特征信息相同,则报文为特定业务报文。Wherein, the judging module judges whether the message received in the receiving module is a specific service message by judging whether the feature information of the message is the same as the feature information of the specific service message, if the feature information of the message is the same as the feature information of the specific service message If the information is the same, the message is a specific service message.

采用本发明实施例提供的技术方案通过增加业务报文区分功能,对特定业务报文通过虚拟局域网进行转发,减轻了NAS的负担;同时,源设备与目的设备不知道对方的MAC地址,从而保证了接入网的安全性。Adopting the technical solution provided by the embodiment of the present invention adds the function of distinguishing business messages and forwards specific service messages through a virtual local area network, which reduces the burden on the NAS; at the same time, the source device and the destination device do not know the MAC address of the other party, thereby ensuring security of the access network.

以上实施例提供的技术方案可以通过硬件和软件实现,软件存储在可读取的存储介质上,如计算机的软盘,硬盘或光盘等。The technical solutions provided by the above embodiments can be implemented by hardware and software, and the software is stored on a readable storage medium, such as a computer floppy disk, hard disk or optical disk.

以上所述的实施例,只是本发明较优选的具体实施方式,本领域的技术人员在本发明技术方案范围内进行的通常变化和替换都应包含在本发明的保护范围内。The above-described embodiments are only preferred specific implementations of the present invention, and ordinary changes and replacements performed by those skilled in the art within the scope of the technical solution of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. a method that realizes intercommunication of two layers of local specific service is characterized in that, described method comprises:
The source access node of the source device correspondence of selection local specific service and the purpose access node of destination device correspondence are created double layer channel between described source access node and described purpose access node in same VLAN;
After described source access node receives message, judge whether described message is the specific transactions message, if described message is sent to described purpose access node by described double layer channel;
After described purpose access node is received described message, described message is sent to described destination device.
2. the method for realization intercommunication of two layers of local specific service as claimed in claim 1 is characterized in that, after described source access node receives message, judges that whether described message is the specific transactions message, comprising:
After described source access node receives message, extract the characteristic information of described message;
Whether the characteristic information of judging described message is identical with the characteristic information of specific transactions message.
3. the method for realization intercommunication of two layers of local specific service as claimed in claim 2 is characterized in that, the characteristic information of described specific transactions message is specially:
The transport layer source port number;
Or, transport layer destination slogan;
Or, the type of service territory;
Or, transport layer source port number and transport layer destination slogan;
Or, transport layer source port number, transport layer destination slogan and type of service territory;
Or, source IP address, purpose IP address, transport layer source port number, transport layer destination slogan and transport layer type;
Or, source IP address, purpose IP address, transport layer source port number, transport layer destination slogan, transport layer type and type of service territory.
4. the method for realization intercommunication of two layers of local specific service as claimed in claim 2 is characterized in that, describedly judges whether the characteristic information of described message is identical with the characteristic information of specific transactions message, comprising:
Search the list item that the characteristic information with described message is complementary in the characteristic information table of described source access node, if find, then the characteristic information of described message is identical with the characteristic information of specific transactions message, otherwise, inequality.
5. the method for realization intercommunication of two layers of local specific service as claimed in claim 4 is characterized in that, described characteristic information table specifically is access control list.
6. the method for realization intercommunication of two layers of local specific service as claimed in claim 1 is characterized in that, describedly creates double layer channel between described source access node and described purpose access node, comprising:
Described source access node and described purpose access node are sent out broadcast frame mutually or are sent out mutually and carry the single frames of side mac address or the literary composition of transmitting messages mutually;
The characteristic information of record specific transactions message, MAC Address and the corresponding relation of IP address and the MAC Address of described purpose access node of described source device on the access node of described source;
Write down MAC Address and the corresponding relation of IP address and the MAC Address of described source access node of described destination device at described purpose access node;
On the access node of described source, described specific transactions message is enabled message and distinguish function.
7. as the method for the described realization intercommunication of two layers of local specific service of arbitrary claim in the claim 1 to 6, it is characterized in that, described described message sent to described purpose access node by described double layer channel, comprising:
The target MAC (Media Access Control) address that described source access node is revised in the described message is the MAC Address of described purpose access node, and source MAC is the MAC Address of described source access node;
Described message is sent to described purpose access node by described double layer channel;
Correspondingly, after described purpose access node is received described message, described message is sent to described destination device, comprising:
After described purpose access node is received described message, search the MAC Address of the purpose IP address correspondence of described message, with the MAC Address found MAC Address as destination device, the target MAC (Media Access Control) address of revising described message is the MAC Address of described destination device, and source MAC is the MAC Address of network access server;
Described message is sent to described destination device.
8. a system that realizes intercommunication of two layers of local specific service is characterized in that, described system comprises: network access server, source access device and purpose access device;
Described network access server is used to notify the characteristic information of described source access device record specific transactions message;
Described source access device and purpose access device and have double layer channel between described source access device and purpose access device in same VLAN;
Described source access device is used to receive message, and extract the characteristic information of described message, whether the characteristic information of judging described message is identical with the characteristic information of described specific transactions message, if identical, described message sent to described purpose access device by described double layer channel;
Described purpose access device is used to receive the message that described source access device sends, and described message is sent to destination device.
9. an access device is characterized in that, described equipment comprises:
Receiver module is used to receive message;
Judge module is used for judging whether the message that described receiver module receives is the specific transactions message;
Sending module when being used for judged result when described judge module and being described message and being the specific transactions message, is transmitted described message by the double layer channel in the VLAN, otherwise, transmit described message by network access server.
10. access device as claimed in claim 9, it is characterized in that, whether the characteristic information of described judge module by judging described message be identical with the characteristic information of specific transactions message judges whether the message that receives in the described receiver module is the specific transactions message, if the characteristic information of described message is identical with the characteristic information of specific transactions message, then described message is the specific transactions message.
CNB2007100985658A 2007-04-20 2007-04-20 Method, system and access device for realizing layer-2 intercommunication of local specific services Expired - Fee Related CN100550857C (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CNB2007100985658A CN100550857C (en) 2007-04-20 2007-04-20 Method, system and access device for realizing layer-2 intercommunication of local specific services
PCT/CN2008/070333 WO2008128449A1 (en) 2007-04-20 2008-02-20 Method, system and access device for implementing two-layer intercommunication of special service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2007100985658A CN100550857C (en) 2007-04-20 2007-04-20 Method, system and access device for realizing layer-2 intercommunication of local specific services

Publications (2)

Publication Number Publication Date
CN101035088A CN101035088A (en) 2007-09-12
CN100550857C true CN100550857C (en) 2009-10-14

Family

ID=38731400

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2007100985658A Expired - Fee Related CN100550857C (en) 2007-04-20 2007-04-20 Method, system and access device for realizing layer-2 intercommunication of local specific services

Country Status (2)

Country Link
CN (1) CN100550857C (en)
WO (1) WO2008128449A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102447669A (en) * 2010-09-30 2012-05-09 迈普通信技术股份有限公司 Method and equipment for forwarding multimedia data stream

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100550857C (en) * 2007-04-20 2009-10-14 华为技术有限公司 Method, system and access device for realizing layer-2 intercommunication of local specific services
CN101515944B (en) * 2008-02-22 2013-08-28 华为技术有限公司 Method, system and device for P2P service access
JP5159421B2 (en) * 2008-05-14 2013-03-06 株式会社日立製作所 Storage system and storage system management method using management device
CN101631135A (en) * 2008-07-15 2010-01-20 华为技术有限公司 Method and device for two-layer intercommunication for data stream
GB2462615A (en) * 2008-08-12 2010-02-17 Nec Corp Optional Access Stratum security activation depending on purpose of request or message parameter in an evolved UTRAN communication network.
CN102957755B (en) * 2011-08-22 2018-06-19 中兴通讯股份有限公司 A kind of address resolution method, device and information transferring method
CN108712520B (en) * 2018-05-31 2021-03-23 安科讯(福建)科技有限公司 Terminal IP address transparent transmission system and method based on LTE wireless private network

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7660253B2 (en) * 2005-02-14 2010-02-09 Telefonaktiebolaget L M Ericsson (Publ) Method and nodes for aggregating data traffic through unicast messages over an access domain using service bindings
CN101248647B (en) * 2005-05-23 2012-05-30 艾利森电话股份有限公司 Method and system for local peer-to-peer traffic
CN1863215B (en) * 2005-09-28 2010-09-15 华为技术有限公司 Method and system for providing various business services to users
CN100550857C (en) * 2007-04-20 2009-10-14 华为技术有限公司 Method, system and access device for realizing layer-2 intercommunication of local specific services

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102447669A (en) * 2010-09-30 2012-05-09 迈普通信技术股份有限公司 Method and equipment for forwarding multimedia data stream

Also Published As

Publication number Publication date
WO2008128449A1 (en) 2008-10-30
CN101035088A (en) 2007-09-12

Similar Documents

Publication Publication Date Title
JP7395643B2 (en) Routing within a hybrid network
US9407495B2 (en) Combining locally addressed devices and wide area network (WAN) addressed devices on a single network
CN100550857C (en) Method, system and access device for realizing layer-2 intercommunication of local specific services
US9118687B2 (en) Methods and apparatus for a scalable network with efficient link utilization
CN101741742B (en) Message processing method, access equipment and communication system
KR101317969B1 (en) Inter-node link aggregation system and method
EP2213080B1 (en) Vrrp and learning bridge cpe
CN101248647B (en) Method and system for local peer-to-peer traffic
CN106878310B (en) Method for real-time streaming data distribution in named data network
WO2012171169A1 (en) Communications method and load balancer
CN101808107B (en) Storage device and user communication method, device and system
WO2022117018A1 (en) Packet transmission method and apparatus
US9166884B2 (en) Network location service
KR100811890B1 (en) Anycast Routing Method and Device for Guaranteeing Service Flow in Internet System
CN107070790A (en) A kind of route learning method and routing device
CN101184039B (en) A Method of Ethernet Load Balancing
CN107135118B (en) Unicast communication method, gateway and VXLAN access equipment
WO2012075768A1 (en) Method and system for monitoring locator/identifier separation network
WO2011035582A1 (en) Load sharing method and device for data flows of multiple interfaces in wimax system
US9025606B2 (en) Method and network node for use in link level communication in a data communications network
CN102136988A (en) Multicast data message transferring method and device
CN102064997B (en) Method and device for implementing network telephone service
CN101599891A (en) Method, device and system for data processing
WO2025185376A1 (en) Communication method, apparatus and system
KR20210066641A (en) Method for processing push data in icn system and apparatus for the same

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20091014

Termination date: 20160420

CF01 Termination of patent right due to non-payment of annual fee