[go: up one dir, main page]

WO2018039901A1 - Procédé, dispositif et système d'attribution d'adresse ip, et produit programme informatique - Google Patents

Procédé, dispositif et système d'attribution d'adresse ip, et produit programme informatique Download PDF

Info

Publication number
WO2018039901A1
WO2018039901A1 PCT/CN2016/097285 CN2016097285W WO2018039901A1 WO 2018039901 A1 WO2018039901 A1 WO 2018039901A1 CN 2016097285 W CN2016097285 W CN 2016097285W WO 2018039901 A1 WO2018039901 A1 WO 2018039901A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
area code
vpn
access node
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2016/097285
Other languages
English (en)
Chinese (zh)
Inventor
王华涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cloudminds Shenzhen Robotics Systems Co Ltd
Original Assignee
Cloudminds Shenzhen Robotics Systems Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cloudminds Shenzhen Robotics Systems Co Ltd filed Critical Cloudminds Shenzhen Robotics Systems Co Ltd
Priority to CN201680002833.9A priority Critical patent/CN107005603A/zh
Priority to PCT/CN2016/097285 priority patent/WO2018039901A1/fr
Publication of WO2018039901A1 publication Critical patent/WO2018039901A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Definitions

  • the present invention relates to the field of virtual private networks, and more particularly to a method, apparatus, system and computer program product for IP address allocation.
  • the Remote Authentication Dial In User Service is a widely used protocol.
  • the RADIUS server also has the function of assigning an IP address to the RADIUS client.
  • the IP address of the network access service can be implemented based on an IP address pool or multiple IP address pools. distribution.
  • the RADIUS server can implement IP address allocation by using the following methods:
  • VSA Vendor-Specific Attributes
  • the IP address pool identifier Pool Name needs to be defined on the NAS.
  • the NAS needs to comply with the RADIUS extension protocol RFC 2869.
  • the RADIUS server can send the packet in the Access-Receive packet (type 88 attribute).
  • the frame pool property, and the system administrator needs to manually configure the NAS for the user and update the authorization properties.
  • the independent software vendor (ISV: Independent Software Vendors) cannot use the framing pool attribute, but can define an IP address pool, that is, the RADIUS server uses the defined IP address pool by using the VSA model.
  • the method is related to the implementation of each ISV, such as Cisco, which uses the Cisco AV-Pair attribute to send IP address pool information.
  • the RADIUS server matches the configured IP address pool according to the NAS-IP-Address and NAS-Port attributes of the RADIUS client. Once RADIUS service After the device is started, the IP address pool configuration information of the RADIUS server cannot be changed unless the RADIUS authentication service is stopped.
  • the inventor of the present invention finds that the first method needs to configure an IP address pool on each NAS, and the centralized management capability is poor; the second method is related to each ISV device, resulting in private attributes being The ISV is mastered and the compatibility is poor.
  • the third method is to restart the RADIUS authentication service to make the modification of the IP address pool take effect and the operation flexibility is poor.
  • the embodiment of the invention provides a method, a device, a system and a computer program product for IP address allocation, so as to solve the Open VPN (Open Virtual Private Network) authentication without stopping the authentication service.
  • Open VPN Open Virtual Private Network
  • the coupling between the IP address allocation of the service and the IP address of the access node is strong, and the technical problem of poor deployment capability based on the expansion of the access node is poor.
  • an embodiment of the present invention provides a method for IP address allocation, which is used in an access node, and includes:
  • an embodiment of the present invention provides a method for IP address allocation, including:
  • an embodiment of the present invention provides an apparatus for IP address allocation, including:
  • a sending module configured to send an area code of the access node to the authentication server when the connection request sent by the client is received, where the area code is used to indicate an area where the access node is located;
  • the receiving module is configured to receive an IP address selected by the authentication server from the IP address pool corresponding to the area code, and forward the IP address to the client.
  • an embodiment of the present invention provides an apparatus for IP address allocation, including:
  • An allocating module configured to select an IP address from the pool of IP addresses corresponding to the area code according to the area code in the authentication request message from the access node, and send the IP address to the access node, where the area code is used to indicate The area where the access node is located.
  • an embodiment of the present invention provides a system for IP address allocation, including:
  • An access device configured to send an area code of the access device to the authentication device when receiving the connection request sent by the client, receive an IP address sent by the authentication device according to the area code, and forward the IP address to the client end;
  • an authentication device configured to select an IP address from the pool of IP addresses corresponding to the area code and send the IP address to the access device.
  • embodiments of the present invention provide a computer program product for use with an apparatus for IP address allocation, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein
  • the computer program mechanism includes instructions for performing the various steps of any of the above methods.
  • the access node side of the present invention receives the user IP address sent by the authentication server according to the area code, so that when the access node is extended, the solution between the IP address allocation and the IP address of the access node can be realized without changing the configuration of the authentication server. Coupling, and flexible deployment of access nodes.
  • FIG. 1 is a schematic diagram of a method for an IP address allocation on a VPN node side according to Embodiment 1 of the present invention
  • FIG. 2 is a schematic diagram of an application scenario for IP address allocation according to Embodiment 2 of the present invention.
  • Embodiment 3 is a flowchart of a method for IP address allocation in Embodiment 2 of the present invention.
  • FIG. 4 is a schematic diagram of an application scenario for IP address allocation in Embodiment 3 of the present invention.
  • FIG. 5 is a flowchart of a method for IP address allocation according to Embodiment 3 of the present invention.
  • FIG. 6 is a flowchart of an operation for IP address allocation in Embodiment 3 of the present invention.
  • FIG. 7 is a structural diagram of an apparatus for assigning an IP address on a VPN node side according to Embodiment 4 of the present invention.
  • FIG. 8 is a structural diagram of a system for IP address allocation according to Embodiment 5 of the present invention.
  • the present invention provides that the VPN node sends an authentication request message including the area code to the RADIUS server, and receives the area code from the RADIUS server after the authentication request message is successfully authenticated according to the authentication request message. Sending the user IP address, and sending the received user IP address to the VPN client, so that the VPN node sends an access request message containing the user IP address from the VPN client to the gateway, and then the gateway according to the access The user IP address in the request message is routed to the destination IP address via the tunnel.
  • the RADIUS server is configured to perform an Open VPN server extension by configuring an extended attribute value in the RADIUS protocol as an area code and configuring a correspondence between the area code and the IP address pool identifier in the configuration file on the RADIUS server side.
  • the IP address pool can be dynamically selected according to the area code value, so that the Open VPN server can be flexibly deployed without changing the RADIUS server configuration, that is, when the Open VPN server needs to be added, the Open is implemented. Rapid expansion of the VPN server and rapid replacement of the Open VPN server when the existing Open VPN server is unavailable. The details will be described below.
  • FIG. 1 is a schematic diagram of a method for an IP address allocation on a VPN node side according to Embodiment 1 of the present invention. As shown in FIG. 1 , the method is used in an access node, and the method includes:
  • Step 101 When receiving the connection request sent by the client, send the area code of the access node to the authentication server, where the area code is used to indicate the area where the access node is located.
  • Step 102 Receive an IP address selected by the authentication server from an IP address pool corresponding to the area code, and forward the IP address to the client.
  • the VPN node After receiving the connection request (for example, the login request) from the user, the VPN node carries the area code information in the authentication request message and sends it to the RADIUS server.
  • the access node used in the authentication service network is a VPN node
  • the authentication server is a RADIUS server
  • the client is a VPN client
  • the login request from the user may also be an access request from the user, that is, used for the RADIUS server. Authenticate whether the user has access rights.
  • the VPN node carries its own area code in an authentication request message and sends it to the RADIUS server.
  • the RADIUS server authenticates the authentication request message, and after the authentication succeeds, sends the available user IP address in the IP address pool corresponding to the area code to the VPN node, and the VPN node sends the user IP address to the VPN client for VPN.
  • the client carries the user IP address in the subsequent access request message.
  • the VPN node After receiving the access request message from the VPN client, including the user IP address, the VPN node directly forwards the access request message to the gateway, and the gateway resolves the access request message to obtain the user IP address in the access request message. Based on the obtained user IP address, the gateway uses the correspondence between the user IP address and the destination IP address pre-stored on the gateway side to route the access request message to the destination IP address corresponding to the user IP address through the tunnel, thereby implementing message interworking.
  • the gateway may be a router, that is, a routing rule is set on the router, such as a correspondence between a pre-stored user IP address and a destination IP address.
  • the RADIUS server is modified, that is, the custom extended attribute field is added to the RADIUS database, and the corresponding relationship between the customized extended attribute and the IP address pool is configured in the configuration file.
  • the RADIUS server dynamically selects an IP address pool according to the area code of the Open VPN service, and returns the source IP address corresponding to the area code to the VPN client via the VPN node. Therefore, when the VPN node is expanded and replaced, the decoupling between the IP address allocation and the IP address of the Open VPN server is implemented.
  • the method further includes:
  • the CPU usage of the VPN node is detected.
  • the CPU usage setting can be set according to the actual situation.
  • a new VPN node is created by using the image.
  • the node instance pre-creates a mirror, that is, starts a new VPN node by mirroring.
  • the method further includes:
  • the area code is obtained from the existing access node, and the acquired area code is configured for the access node.
  • the affiliated VPN node When the affiliated VPN node detects that it has been created, it obtains the area code and RADIUS server identifier in the original VPN node, and sets its own area code and RADIUS server identifier according to the area code and RADIUS server identifier respectively.
  • the new VPN The area code and RADIUS server ID in the node are the same as the area code and RADIUS server ID in the original VPN node.
  • the new VPN node is an extended VPN node of the original VPN node.
  • the new VPN node sends an authentication request message containing the area code to the RADIUS server, receives the user IP address sent by the RADIUS server according to the area code in the authentication request message, and sends the received user IP address to the VPN client. So that the new VPN node sends an access request message containing the user IP address from the VPN client to the gateway, and then the gateway routes the access request message to the destination IP address according to the user IP address in the access request message.
  • the area code is obtained from the existing VPN node, and the obtained area code is configured for the VPN node, including:
  • EAP Extensible Authentication Protocol
  • PPP Point to Point Protocol
  • EAP can support additional authentication methods in PPP.
  • the RADIUS protocol can utilize EAP-Message and Message-
  • the Authenticator attribute supports EAP, where the attribute consists of a Type-Length-Value triplet that can be used to add new attribute values without affecting the implementation of the protocol.
  • the RADIUS attribute carries detailed information about authentication, authorization, and accounting requests and responses. It is generally recommended that the same type of attributes remain in the same order, but the order of different types of attributes does not have to be maintained. In addition, the length of the RADIUS packet is usually specified at the end of the attribute list. For the convenience of reference, the attribute format is listed here. The fields are transmitted in the order from left to right, specifically:
  • the Type field occupies one byte, and the latest RADIUS Type field value is currently allocated in the latest RFC. Attribute values 192-223 are reserved for experimentation, attribute values 224-240 are reserved for specific implementations, and attribute values 241-255 are reserved.
  • the RADIUS Plugin is open source software and can be used as the RADIUS client of Open VPN.
  • the RADIUS Plugin mainly includes two functions, namely:
  • the RADIUS protocol provides some reserved attributes for the customer to customize. Therefore, the extended area code of the Open VPN server is added to the extended attribute value by using the extended attribute value 224-240 in the RADIUS protocol, and the RADIUS using Open VPN is used.
  • Plugin acts as a RADIUS client and uses Free RADIUS as the RADIUS server to modify Free RADIUS. That is, the custom extended attribute field is added to the Free RADIUS database, and the corresponding extended attribute and IP address pool are configured in the configuration file. relationship.
  • Free RADIUS can dynamically select an IP address pool according to the area code of the Open VPN service, and return a service-related IP address to the VPN client.
  • the specific implementation method for the IP address allocation on the RADIUS server side is: selecting an IP address from the IP address pool corresponding to the area code according to the area code in the authentication request message from the access node, and sending the IP address to the connection In the ingress node, the area code is used to indicate the area where the access node is located.
  • the RADIUS server receives the authentication request message from the Open VPN node, and authenticates the user login information (ie, the connection request) in the authentication request message to determine whether the user has the login right (ie, the connection permission). If the user does not have the login permission, The authentication fails, and the authentication failure message is returned to the VPN client via the Open VPN node. If the user has the login right, the authentication succeeds, and the corresponding area code is used to correspond to the IP address pool identifier according to the area code in the authentication request message. The relationship is obtained by obtaining an IP address pool identifier corresponding to the area code in the authentication request message, obtaining an available IP address from the corresponding IP address pool according to the obtained IP address pool identifier, and sending the available IP address to the Open VPN node.
  • the method further comprises:
  • the IP address pool is dynamically selected based on the area code of the Open VPN service, and the IP address obtained by the Open VPN client is decoupled from the Open VPN server (ie, the Open VPN node), that is, multiple IP address pools are pre-configured. Multiple area codes, so that when the Open VPN server is extended, the Open VPN server can be quickly expanded and replaced without changing the configuration of the RADIUS server.
  • the Open VPN server ie, the Open VPN node
  • multiple IP address pools are pre-configured. Multiple area codes, so that when the Open VPN server is extended, the Open VPN server can be quickly expanded and replaced without changing the configuration of the RADIUS server.
  • FIG. 2 is a schematic diagram of an application scenario for IP address allocation in Embodiment 2 of the present invention.
  • an Open VPN node is set up in Beijing, Shanghai, and Guangzhou to form an Open VPN service network, and for each The Open VPN nodes are assigned a zone code.
  • Open VPN users in Beijing can interact with Open VPN users in Guangzhou and Shanghai.
  • Open VPN users in Guangzhou can only interact with Open VPN users in Beijing.
  • Open VPN users in Shanghai can only work with Beijing.
  • Open VPN user interaction, Shanghai Open VPN users and Guangzhou Open VPN users can not interact.
  • the reserved attribute Type field storage area code of the RADIUS extended protocol is set, that is, the reserved attribute of the RADIUS plugin of the Open VPN (such as the type field attribute value 224) is area_code, the Open VPN access point in Beijing, RADIUS Plugin
  • the area_code attribute value is area_bj; in Guangzhou's Open VPN access point, the RADIUS Plugin's area_code attribute value is area_gz; in Shanghai's Open VPN access point, the RADIUS Plugin's area_code attribute value is area_sh.
  • the RADIUS server configure the IP address pool with the area_code attribute value as area_bj as bj_pool, and the area_code attribute value for the area_gz IP address pool as gz_pool, area_code attribute.
  • the IP address pool with the value of area_sh is sh_pool.
  • the available IP address of bj_pool is 10.100.0.0/16
  • the available IP address of gz_pool is 10.101.0.0/16
  • the available IP address of sh_pool is 10.102.0.0/16.
  • the path with the source IP address being 10.100.0.0/16 and the destination IP address being 10.101.0.0/16 and 10.102.0.0/16 Go to the corresponding Open VPN server in Guangzhou and Shanghai.
  • the source IP address is 10.102.0.0/16 and the destination IP address is 10.100.0.0/16.
  • the path is routed to the Open VPN server in Beijing.
  • Open VPN users in Beijing can interact with Open VPN users in Shanghai and Guangzhou.
  • Open VPN users in Guangzhou can only interact with Open VPN users in Beijing.
  • Open VPN users in Shanghai can only work with Open in Beijing.
  • the IP address pool matching the area code area_bj is bj_pool, the available IP address is 10.100.0.0/16; the IP address pool matching the area code area_gz is gz_pool, the available IP address is 10.101.0.0/16; and the area code area_sh matches.
  • the IP address pool is sh_pool and the available IP address is 10.102.0.0/16.
  • Configure the RADIUS Plugin reserved attribute area_code (such as type field attribute value 224) as the area code area_bj on the Open VPN server in Beijing.
  • Configure the RADIUS Plugin reserved attribute area_code (such as the type field attribute value 224) on the Open VPN server in Guangzhou.
  • FIG. 3 is a flowchart of a method for IP address allocation according to Embodiment 2 of the present invention.
  • a user access amount of a hot spot is steeply increased, such as Open VPN Server bj.
  • Open VPN Server bj When the user's access requirements are not met, the Beijing Open VPN access service is quickly deployed to meet the user's explosive access.
  • the specific implementation method of rapidly deploying Open VPN access service is as follows:
  • Step 301 The first Open VPN server extends the second Open VPN server.
  • the first Open VPN server uses the image to create a new Open VPN server in the cloud platform or the Internet Data Center (IDC: Internet Data Center), and sets the second.
  • the Open VPN server name is Open VPN Serverbj02.
  • Step 302 The first Open VPN server configures the RADIUS Plugin on the second Open VPN server by using the image.
  • the first Open VPN server uses the image to install the RADIUS Plugin of the Open VPN server on the Open VPN Server bj02, and the second Open VPN server obtains the reserved attribute of the RADIUS Plugin by obtaining the area code of the first Open VPN server and the RADIUS server identifier.
  • the type field attribute value 224) is area_code, set the area_code attribute value to the area code area_bj, and set the RADIUS authentication service to the RADIUS server.
  • Step 303 Start the Open VPN service of the second Open VPN server.
  • the elastic expansion of the Open VPN access service is implemented based on pre-configured service rules without modifying the RADIUS Server configuration.
  • the RADIUS plugin of the Open VPN server is used as a RADIUS client, and the RADIUS server (such as a Free RADIUS server) is modified accordingly.
  • the area code of the Open VPN service is attached to the reserved attribute (224-240) of the RADIUS extension protocol, so that the RADIUS server can dynamically select the IP address pool according to the area code and the correspondence between the configured area code and the IP address pool identifier.
  • the service rules are pre-defined in the routers in the Open VPN network, and tunnels are established with the Open VPN server, which are used to implement Open VPN users with different access rights when using different IP address pools.
  • the Open VPN user group is used in a centralized manner, the Open VPN server and the centralized RADIUS authentication can be used to flexibly provide Open VPN services without interrupting the RADIUS server.
  • FIG. 4 is a schematic diagram of an application scenario for IP address allocation in Embodiment 3 of the present invention.
  • FIG. 4(a) it is a cloud platform Cloud BJ (ie, Open VPN Server bj) in the Beijing area and a cloud in the Guangzhou area.
  • the platform Cloud GZ Open VPN Server gz
  • FIG. 5 is a flowchart of a method for IP address allocation according to Embodiment 3 of the present invention.
  • a technician needs to be provided before providing an Open VPN access service.
  • the RADIUS server is modified.
  • the pre-configuration of the rapid deployment includes:
  • Step 501 Set a correspondence between the area code and the IP address pool on the RADIUS server side.
  • the IP address pool with the area code area_bj is bj_pool, the available IP address is 10.100.0.0/16; the IP address pool with the area code area_gz is gz_pool, and the available IP address is 10.101.0.0/16.
  • Step 502 Deploy an Open VPN server on the cloud platform side. Deploy on the cloud platform Cloud BJ
  • the public network IP address is 202.106.1.1
  • the reserved attribute area_code of the RADIUS Plugin (such as the type field attribute value 224) is set to the area code area_bj.
  • the public network IP address is 202.106.2.1.
  • an image vpn_image_bj is created for the Open VPN Server instance of the cloud platform Cloud BJ
  • an image vpn_image_gz is created for the Open VPN Server instance of the cloud platform Cloud GZ.
  • Step 503 Configure routes of the area codes area_bj and area_gz on the router, and establish a tunnel with the cloud platform. That is, the interconnection of IP addresses 10.100.0.0/16 and 10.101.0.0/16 can be used.
  • Step 504 Configure an A record of the domain name on the DNS server side.
  • the A record of the domain name bj.pop.cloudvpn.com configured on the Domain Name System Server (DNS Server: Domain Name System Server) in the Open VPN service network is 202.106.1.1, and the domain name gz.pop.cloudvpn.com Recorded as 202.106.2.1.
  • the Open VPN Client in the Beijing area can use the domain name bj.pop.cloudvpn.com to connect to the Open VPN service.
  • the Open VPN Client in the Guangzhou area can use gz.pop.cloudvpn.com. This domain name connects to the Open VPN service.
  • the CPU usage setting value can be set to 70%.
  • the Open VPN access is flexibly extended. The specific implementation method is as follows:
  • Step 505 The Open VPN server on the cloud platform side uses an image to open an instance.
  • the Open VPN server uses the image vpn_image_bj to open two Open VPN instances.
  • the IP addresses of the instances are 202.106.1.2 and 202.106.1.3 respectively.
  • the cloud platform Cloud GZ use the image vpn_image_gz to enable two Open VPN instances.
  • the IP addresses of the instances are 202.106.2.2 and 202.106.2.3 respectively.
  • Step 506 The DNS server increases the resolution record. That is, the DNS server adds the A records 202.106.1.2 and 202.106.1.3 of the domain name bj.pop.cloudvpn.com, and the domain name. A records of gz.pop.cloudvpn.com 202.106.2.2 and 202.106.2.3.
  • the Open VPN access service capability in the Beijing area and the Open VPN access service capability in the Guangzhou area can be effectively improved, without modifying the RADIUS server configuration and following predetermined business rules.
  • the convenience of the flexible expansion of the Open VPN access service is realized.
  • FIG. 6 is a flowchart showing the work of IP address allocation in the third embodiment of the present invention. As shown in FIG. 6, after completing all the above configurations, the specific workflow of the elastic extension for the Open VPN access service is as follows:
  • Step 601 The client BJ obtains the public network IP address, and sends an authentication request message to the Cloud BJ according to the public network IP address.
  • the client BJ sends an access request message to the DNS server.
  • the DNS server parses the public network IP address 202.106.1.1 according to the domain name in the received access request message, and sends the public network IP address 202.106.1.2 to the client BJ.
  • the client BJ sends an authentication request message to the public network IP address 202.106.1.2, which is the Open VPN instance of Cloud BJ, according to the received public network IP address 202.106.1.2.
  • Step 602 The Cloud BJ receives the source IP address sent by the RADIUS server according to the area code after the authentication request message is successfully authenticated, and sends the received source IP address to the client BJ.
  • the Open VPN instance of Cloud BJ carries the area code in the authentication request message and sends it to the RADIUS server.
  • the RADIUS server authenticates the received authentication request message, and after the authentication succeeds, determines an IP address pool corresponding to the area code according to the area code carried in the authentication request message.
  • the obtained IP address is obtained from the IP address pool, that is, the source IP address, and the obtained source IP address is sent to the Open VPN instance of the Cloud BJ.
  • the Open VPN instance of Cloud BJ sends a message indicating that the authentication of the source IP address is successful to Client BJ.
  • Step 603 The client BJ sends an access request message including the source IP address to the router via the Cloud BJ, so that the router routes the access request message to the destination IP address according to the source IP address.
  • the Client BJ sends an access request message containing the source IP address to the router via the tunnel via the Open VPN instance of Cloud BJ.
  • the router utilizes the source IP address in the access request message.
  • the preset service rule is to route the access request message to the destination IP address corresponding to the source IP address through the tunnel to implement information exchange between the users.
  • the technical personnel in the field can adapt to different application scenarios according to actual needs, for example, the client BJ can access the Internet resources, and can perform point-to-point access with the client gz, or other application scenarios, which is not limited in this application. .
  • an Open VPN server in the existing Cloud BJ fails and is unavailable, a new Open VPN server can be deployed, and all information about the unavailable Open VPN server is configured to the new Open VPN server, and a new one is started.
  • the Open VPN server can replace the unavailable Open VPN server and repair the Open VPN access service without modifying the configuration of the RADIUS server, thus achieving rapid replacement of the Open VPN server.
  • an apparatus for IP address allocation is also provided in the embodiment of the present invention. Since the principle of solving the problem of these devices is similar to the method of assigning an IP address, the implementation of these devices can refer to the implementation of the method. , the repetition will not be repeated.
  • FIG. 7 is a structural diagram of an apparatus for assigning an IP address on a VPN node side according to Embodiment 4 of the present invention. As shown in FIG. 7, the apparatus may include:
  • the sending module 701 is configured to send the area code of the access node to the RADIUS server when receiving the connection request sent by the client.
  • the receiving module 702 is configured to receive an IP address selected by the authentication server from the IP address pool corresponding to the area code, and forward the IP address to the client.
  • the creating module 703 is configured to create a new access node when the load rate of the associated access node exceeds a set value.
  • the configuration module 704 is configured to: when detecting that the access node to which the access node is created, obtain the area code from the existing access node, and configure the acquired area code for the access node.
  • the access node used in the authentication service network is a VPN node
  • the authentication server is a RADIUS server
  • the client is a VPN client.
  • the sending module includes:
  • the area code of the VPN node is carried in the authentication request message and sent to the RADIUS server.
  • the configuration module further includes:
  • an apparatus for IP address allocation is also provided in the embodiment of the present invention. Since the principle of solving the problem of these devices is similar to the method of assigning an IP address, the implementation of these devices can refer to the implementation of the method. , the repetition will not be repeated.
  • An allocating module configured to select an IP address from the pool of IP addresses corresponding to the area code according to the area code in the authentication request message from the access node, and send the IP address to the access node, where the area code is used to indicate The area where the access node is located.
  • a system for IP address allocation is also provided in the embodiment of the present invention. Since the principle of solving the problem is similar to the method for IP address allocation, the implementation of the system can be referred to the method. The implementation, repetitions will not be repeated.
  • FIG. 8 is a structural diagram of a system for IP address allocation according to Embodiment 5 of the present invention. As shown in FIG. 8, the system may include:
  • the access device 801 is configured to: when receiving the connection request sent by the client, send the area code of the access device to the authentication device 802, receive the IP address sent by the authentication device 802 according to the area code, and forward the The client.
  • the authentication device 802 is configured to select an IP address from the IP address pool corresponding to the area code and send the IP address to the access device 801.
  • an embodiment of the present invention further provides a computer program product for IP address allocation used in conjunction with a system for IP address allocation, due to its principle and one for IP.
  • the method of address allocation is similar, so the implementation can refer to the implementation of the method, and the repeated description will not be repeated.
  • the computer program product comprises a computer readable storage medium and a computer program mechanism embodied therein, the computer program mechanism comprising instructions for performing the various steps of any of the foregoing methods.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. Instructions are provided for implementation in the flowchart The steps of a process or a plurality of processes and/or block diagrams of a function specified in a block or blocks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé, un dispositif et un système d'attribution d'adresse IP, et un produit programme informatique. Le procédé d'attribution d'adresse IP comprend les étapes suivantes : lors de la réception d'une requête de connexion transmise par un client, transmettre, à un serveur d'authentification, un code de région associé à un nœud d'accès, le code de région indiquant une région dans laquelle se trouve le nœud d'accès ; et recevoir une adresse IP sélectionnée par le serveur d'authentification à partir d'un groupe d'adresses IP correspondant au code de région, et transmettre celle-ci au client. L'invention modifie un serveur d'authentification, de telle sorte que, lorsque l'expansion d'un nœud d'accès est effectuée, le découplage d'une attribution d'adresse IP et d'une adresse IP du nœud d'accès peut être réalisé sans modifier une configuration du serveur d'authentification.
PCT/CN2016/097285 2016-08-30 2016-08-30 Procédé, dispositif et système d'attribution d'adresse ip, et produit programme informatique Ceased WO2018039901A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201680002833.9A CN107005603A (zh) 2016-08-30 2016-08-30 用于ip地址分配的方法、装置、系统和计算机程序产品
PCT/CN2016/097285 WO2018039901A1 (fr) 2016-08-30 2016-08-30 Procédé, dispositif et système d'attribution d'adresse ip, et produit programme informatique

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/097285 WO2018039901A1 (fr) 2016-08-30 2016-08-30 Procédé, dispositif et système d'attribution d'adresse ip, et produit programme informatique

Publications (1)

Publication Number Publication Date
WO2018039901A1 true WO2018039901A1 (fr) 2018-03-08

Family

ID=59431088

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/097285 Ceased WO2018039901A1 (fr) 2016-08-30 2016-08-30 Procédé, dispositif et système d'attribution d'adresse ip, et produit programme informatique

Country Status (2)

Country Link
CN (1) CN107005603A (fr)
WO (1) WO2018039901A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116566765A (zh) * 2023-05-26 2023-08-08 中国联合网络通信集团有限公司 一种网络访问方法、装置及存储介质

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109194774B (zh) * 2018-08-09 2021-10-22 中兴克拉科技(苏州)有限公司 一种lpwan网络服务器的设备地址扩展方法
CN110401666B (zh) * 2019-07-30 2022-05-13 四川虹魔方网络科技有限公司 一种基于用户身份的网络权限分配方法
CN110677426B (zh) * 2019-09-30 2021-11-16 北京天融信网络安全技术有限公司 一种数据传输方法、装置、存储介质及vpn设备
CN111683164B (zh) * 2020-07-08 2022-11-04 厦门网宿有限公司 一种ip地址的配置方法及vpn服务系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002015490A1 (fr) * 2000-08-14 2002-02-21 Telefonaktiebolaget L M Ericsson (Publ) Procede permettant de doter un routeur d'un groupe d'adresses de sous-reseaux dans un reseau de telecommunication cellulaire
US20050122946A1 (en) * 2003-11-18 2005-06-09 Won Chan Y. DHCP pool sharing mechanism in mobile environment
CN102025798A (zh) * 2010-12-15 2011-04-20 华为技术有限公司 地址分配处理方法、装置和系统
WO2013020267A1 (fr) * 2011-08-08 2013-02-14 华为数字技术有限公司 Procédé, système et dispositif d'attribution d'adresse ip
CN103828333A (zh) * 2011-09-26 2014-05-28 三菱电机株式会社 Ip地址分配系统及ip地址分配方法

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7366182B2 (en) * 2004-08-13 2008-04-29 Qualcomm Incorporated Methods and apparatus for efficient VPN server interface, address allocation, and signaling with a local addressing domain
CN101114972B (zh) * 2006-07-26 2011-01-26 成都迈普产业集团有限公司 Ip电信网系统中建立虚拟专网的方法
CN102480403B (zh) * 2010-11-30 2014-12-10 华为技术有限公司 提供虚拟私有网业务的方法、设备和系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002015490A1 (fr) * 2000-08-14 2002-02-21 Telefonaktiebolaget L M Ericsson (Publ) Procede permettant de doter un routeur d'un groupe d'adresses de sous-reseaux dans un reseau de telecommunication cellulaire
US20050122946A1 (en) * 2003-11-18 2005-06-09 Won Chan Y. DHCP pool sharing mechanism in mobile environment
CN102025798A (zh) * 2010-12-15 2011-04-20 华为技术有限公司 地址分配处理方法、装置和系统
WO2013020267A1 (fr) * 2011-08-08 2013-02-14 华为数字技术有限公司 Procédé, système et dispositif d'attribution d'adresse ip
CN103828333A (zh) * 2011-09-26 2014-05-28 三菱电机株式会社 Ip地址分配系统及ip地址分配方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116566765A (zh) * 2023-05-26 2023-08-08 中国联合网络通信集团有限公司 一种网络访问方法、装置及存储介质

Also Published As

Publication number Publication date
CN107005603A (zh) 2017-08-01

Similar Documents

Publication Publication Date Title
US9485147B2 (en) Method and device thereof for automatically finding and configuring virtual network
US8605582B2 (en) IP network system and its access control method, IP address distributing device, and IP address distributing method
CN107580065B (zh) 一种私有云接入方法及设备
CN103036784B (zh) 用于自组织二层企业网络架构的方法和装置
EP3905598B1 (fr) Procédé et appareil de traitement de message, dispositif de panneau de commande, et support de stockage informatique
CN104506670B (zh) 建立网游连接的方法、设备及系统
CN106487556B (zh) 业务功能sf的部署方法及装置
WO2014166247A1 (fr) Procédé d'implémentation et système de gestion d'un réseau virtuel
CN111865621A (zh) 接入网关的方法及装置
CN103379010A (zh) 一种虚拟网络实现方法及系统
US20180083968A1 (en) Method and system for authorizing service of user, and apparatus
WO2018039901A1 (fr) Procédé, dispositif et système d'attribution d'adresse ip, et produit programme informatique
CN108259356B (zh) 路由控制方法和装置
JP2005252717A (ja) ネットワーク管理方法及びネットワーク管理サーバ
JP2005517352A (ja) ネットワーク・アドレス・トランスレータ設定のためにパラメータを借りる方法及び装置
JP6378442B2 (ja) 仮想化ネットワークにおいてサービスを展開するための方法、及び装置
CN114556868A (zh) 虚拟专用网络vpn客户端的专用子网络
CN105207909A (zh) 一种发送信息的方法和网络装置
JP2005236394A (ja) ネットワークシステム及びネットワーク制御方法
WO2012041168A1 (fr) Procédé de traitement pour une connexion à distance destinée à un réseau ipv6 et dispositif associé
WO2011147334A1 (fr) Procédé, dispositif et système pour fournir un service de réseau privé virtuel
US20060193330A1 (en) Communication apparatus, router apparatus, communication method and computer program product
CN113595848B (zh) 一种通信隧道建立方法、装置、设备及存储介质
TW201517654A (zh) 傳輸路徑控制系統
WO2023273877A1 (fr) Procédé et système de configuration d'élément réseau basés sur un système d'approvisionnement automatique, dispositif et support de stockage

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16914471

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 07/06/2019)

122 Ep: pct application non-entry in european phase

Ref document number: 16914471

Country of ref document: EP

Kind code of ref document: A1