CN100563257C - An Improved PPPoE Authentication Method - Google Patents

Abstract

The invention discloses an improved PPPoE authentication method. A storage unit is configured on the host to save the PPPoE session information of the current PPPoE dial-up connection; The session information will be saved on the storage unit of the host; when the host needs to re-initiate PPPoE dial-up in an abnormal state, the host will send a PPPoE disconnection packet PADT before initiating the PPPoE dial-up request packet PADI. The previous PPPoE session information is deleted, and the original PPPoE session connection is removed. Through the above PPPoE authentication method, the host can quickly access the PPPoE dial-up network in an abnormal state, thereby greatly improving the user experience; at the same time, this realization also reduces the equipment load of the network operator, greatly The user's complaints and the operator's customer service pressure are greatly reduced.

Description

An Improved PPPoE Authentication Method

technical field

The invention relates to the technical field of authentication in network access technology, and is applied to network devices such as computers and network set-top boxes.

Background technique

At present, in the field of network access technology, the authentication technologies used mainly include PPPoE/802.1X/Web authentication, among which PPPoE technology is most commonly used in the communication field. As shown in Figure 1, it is the flow chart of the existing PPPoE dial-up access network:

PPPoE access authentication is divided into two stages, discovery stage (Discovery stage) and PPP session stage (PPP Session stage). in:

(1) The discovery stage (Discovery stage) is mainly divided into 4 steps, including the host (host) sends the initialization broadcast packet (PADI, PPPoE Active Discovery Initiation packet), one or more access servers (Access Concentrator) send back the response Packet (PADO, PPPoE Active Discovery Offer packet), the host sends a session request unicast packet (PADR, PPPoE Active Discovery Request packet), and the selected access server sends back a session confirmation packet (PADS, PPPoE Active Discovery Session- confirmation packet).

After completing these steps, the two ends participating in the authentication will establish a session (Session) connection, and know the PPPoE session identifier (SESSION_ID) corresponding to the connection and the Ethernet MAC address of the other party, these parameters will uniquely define the PPPoE Session connection. After the host receives the session confirmation (PADS) packet, the host and the access server will continue to enter the PPP session phase. The subsequent data is sent in unicast mode, and the PPPoE SESSION_ID does not change during the entire session.

After the session connection is established, the host or the access server can send a PPPoE teardown packet (PADT, PPPoE Active Discovery Terminate packet) at any time to tear down the session connection. After receiving the PADT packet, any PPP data flow is not allowed to be sent on the session connection.

(2) PPP Session stage (PPP Session stage), mainly divided into Link Establishment Phase, Authentication Phase, Network-Layer Protocol Phase, Link Termination Phase And so on. Among them, Authentication Phase is an optional link.

Link establishment is completed by the two parties in the session by exchanging configuration data packets, line testing, and sending confirmation packets; for links that require authentication (generally required in telecom operations), identity authentication needs to be performed immediately after the link is established and authorization. It is required to support the retry mechanism of authentication, if it still fails after a certain number of attempts, the link will be torn down.

After the authentication and authorization are passed, the network layer protocol (such as IP, IPX, or AppleTalk, etc.) will be selected and configured by the corresponding NCP (Network Control Protocol); after that, the corresponding network layer protocol data packets can be carried on the PPP connection.

The PPP connection can be removed at any time, and the removal of the PPP can be caused by the following reasons: carrier loss, authentication failure, poor link quality, idle timer timeout, administrative forced removal, etc. When PPP is torn down, PPP will notify the network layer protocol to take appropriate actions; at the same time, notify the physical layer to disconnect to forcibly disconnect the link.

However, the above-mentioned PPPoE authentication technology shows some areas to be improved in the actual network operation. The host (i.e. the PPPoE dial-up client, the same below) is abnormally powered off (or forced to shut down), the host does not respond, the host and the dial-up MODEM In the case of disconnection of the network cable, the access server at the central office (that is, the PPPoE authentication background system, the same below) needs a period of time (timeout time, generally 150 seconds) before detecting that the PPPoE session has timed out and disconnected. the session. If the host sends a PPPoE dial-up request again within this timeout, the request will be rejected. That is to say, the user must wait for the timeout before reconnecting to the network. This leads to the following two problems:

1) For network operators, the access server will receive a large number of repeated dialing requests, which should be accepted but rejected, thus wasting a lot of access authentication resources and causing some users to erroneously complaint;

2) For end users, it is easy to cause illusions, thinking that the network is faulty or the local machine is faulty; at the same time, it also greatly increases the authentication time for users to access the network. The authentication time is the original authentication duration plus timeout time, and the user The service experience is relatively poor, which greatly affects the service quality of network operators.

It can be seen that, for a host that is abnormally powered off, among the various reasons for PPP connection teardown: carrier loss, authentication failure, poor link quality, idle timer timeout, administrative forced teardown, etc., only the idle timer timeout (after timeout) and administrative forced dismantling, the PPP connection can only be dismantled, and all PPPoE dial-up requests before the PPP session connection is dismantled will be rejected, thus leading to the emergence of the two problems mentioned above .

Contents of the invention

In order to solve these problems, since the timeout time cannot be too short, generally 150 seconds, the only way to find a way is to remove it administratively. In fact, when a PPPoE session is established or within the session hold time, the host or access server can tear down the PPP connection by sending a PADT packet at any time. When the host initiates a PPPoE session connection again, the access server may allow the host to access the network.

The purpose of the invention is to propose a PPPoE authentication method for a host in an abnormal state.

In order to realize the above-mentioned purpose of the invention, the technical scheme that the PPPoE authentication method of the present invention adopts is as follows:

An improved PPPoE authentication method, configuring storage components on the host to save the PPPoE session information of the current PPPoE dial-up connection; when the host initiates a PPPoE connection and successfully accesses the network, the PPPoE session information of the PPPoE connection will be It is saved on the storage unit of the host; when the host needs to re-initiate PPPoE dial-up in an abnormal state, the host will send a PPPoE disconnection packet PADT before initiating the PPPoE dial-up request packet PADI. PPPoE session information, and disconnect the original PPPoE session connection.

The above-mentioned storage unit is a non-volatile memory.

The above-mentioned PPPoE authentication method includes the following specific steps:

(1) The host initiates a PPPoE dial-up request;

(2) The host sends the PPPoE disconnection packet PADT, which carries the previous PPPoE session information stored in the host storage unit, and this data packet will remove the previous PPPoE dial-up connection; if the previous PPPoE session has been removed, Then the access server ignores the PADT packet;

(3) The host sends the initialization broadcast packet PADI, looking for the access server and the required services;

(4) One or more access servers send a response packet PADO to inform the host that the access server can provide the service and its optional services; if the access server cannot provide the service, no response is made;

(5) The host sends the unicast packet PADR of the session request: the host checks all the PADO packets it receives, and if a PADO packet meets the requirements of the host, it sends a PADR packet to the corresponding access server to confirm that it is compatible with the access server. server connection request;

(6) The access server sends the session confirmation packet PADS: After the access server receives the PADR packet sent by the host, it generates a unique SESSION_ID and sends it to the host at the opposite end to confirm the establishment of the session;

(7) The host saves the session information of the PPPoE connection, including the MAC address of the PPPoE SESSION_ID and the Ethernet at the opposite end;

(8) Enter the PPP session stage, when the session ends, the host sends the PPPoE disconnection packet PADT, clears the corresponding PPPoE session information, and completes the PPPoE session.

The above-mentioned PPP session stage further includes the following specific steps:

(8.1) PPP LCP link configuration negotiation, the host participating in the PPP session exchanges configuration data packets with the access server, and when the configuration data exchange process of both parties is completed, the link is established;

(8.2) PPP PAP or CHAP authentication;

(8.3) Request and confirmation of PPP NCP configuration, complete the selection and configuration of network layer protocols, different network layer protocols require different configurations;

(8.4) Customer business data transmission process;

(8.5) The host sends a PPP LCP link teardown request packet, requesting teardown of the PPP link;

(8.6) The access server sends a PPP LCP link removal confirmation packet to confirm the removal of the link;

(8.7) The host sends the PPPoE disconnection packet PADT, clears the corresponding PPPoE session information, and completes the PPPoE session.

The above PPPoE session information includes the PPPoE session identifier SESSION_ID and the Ethernet MAC address information of the opposite end.

Compared with the prior art, the present invention has the following advantages and effects:

Through the above PPPoE authentication method, the host can quickly access the PPPoE dial-up network under abnormal conditions (the host is abnormally powered off (or forced to shut down), the host does not respond, the network cable between the host and the dial-up MODEM is disconnected, etc.) (such as the common ADSL dial-up network), thus greatly improving the user experience. At the same time, this implementation also reduces the equipment load of network operators, greatly reducing user complaints and operator customer service pressure.

1) The implementation is simple, only need to use the storage component to save the SESSION_ID and MAC address information, and add a step of sending the PADT packet at the same time.

2) The existing central office equipment does not need any adjustment, and there is no obvious difference between the user experience of the PPPoE dial-up process in the abnormal state and the normal state.

3) In an abnormal state, the user can experience fast dial-up networking services without a long Timeout waiting time.

4) The implementation scheme of this method has low cost and can be widely promoted and used.

Description of drawings

Fig. 1 is the flow chart about PPPoE dial-up access network in the prior art;

Fig. 2 is a flow chart of the PPPoE authentication method of the present invention.

Detailed ways

The present invention will be described in further detail below in conjunction with the embodiments and accompanying drawings, but the embodiments of the present invention are not limited thereto.

The present invention proposes an improved method for PPPoE authentication under abnormal conditions (for example: the host is abnormally powered off (or forced to shut down), the host has no response, the network cable between the host and the dial-up MODEM is disconnected, etc.). Configure non-volatile storage components (such as EPROM and other dielectric media, magnetic media, etc.), and save the PPPoE session information (including SESSION_ID and the Ethernet MAC address of the opposite end) of the current PPPoE dial-up connection. When the host initiates a PPPoE connection and successfully accesses the network, the PPPoE SESSION_ID of the PPPoE connection and the Ethernet MAC address of the opposite end will be saved on the storage unit of the host, and the unit can still Save the above data. When the host is abnormally powered off and then powered on immediately, or under other abnormal conditions, when the host needs to re-initiate PPPoE dial-up, the host sends a PPPoE disconnection packet PADT before sending the PPPoE dial-up request packet PADI. This data packet carries the information of the previous PPPoE session (PPPoE SESSION_ID and the Ethernet MAC address of the opposite end), and the original PPPoE session connection is removed through the PADT packet, and the access server can accept the new PPPoE session request of the host, and Continue with the next session and data transfer process.

As shown in Figure 2, the PPPoE authentication method of the present invention is realized through the following specific steps:

1) The host initiates a PPPoE dial-up request;

2) The host sends a PPPoE disconnection packet (PADT), which carries the previous PPPoE session information stored in the host storage unit, including information such as PPPoE SESSION_ID and the Ethernet MAC address of the opposite end. PPPoE dial-up connection disconnection; if the previous PPPoE session has been disconnected, the access server ignores the PADT packet;

3) The host sends the initialization broadcast packet (PADI) to find the access server (PPPoE authentication background system) and its required services;

4) One or more access servers (PPPoE authentication background system) send a response packet (PADO) to inform the host that the access server can provide this service and other optional services; if the access server cannot provide the service, it will not do so answer;

5) The host sends the unicast packet (PADR) of the session request: the host checks all the PADO packets it receives, and if a PADO packet meets the requirements of the host, it sends a PADR packet to the corresponding access server to confirm that it is compatible with the access server. Incoming server connection request;

6) The access server sends a session confirmation packet (PADS): when the access server receives the PADR packet, it generates a unique SESSION_ID and sends it to the host at the opposite end to confirm the establishment of the session; so far, the host and the access server both ends connections are uniquely defined;

7) The host saves the session information of the PPPoE connection, including PPPoE SESSION_ID and the Ethernet MAC address of the opposite end;

8) PPP LCP link configuration negotiation, the two ends (host and access server) participating in the PPP session exchange configuration data packets. the road is established;

9) PPP PAP (or CHAP) identity authentication, by default, the identity authentication of this step is not required; if identity authentication is required, it must be carried out immediately after the link in the above step (8) is established. The protocol (PAP or CHAP or other authentication protocol) needs to be negotiated and determined by both parties in the link establishment phase of step (8);

10) Request and confirmation of PPP NCP configuration, complete the selection and configuration of network layer protocols (such as IP/IPX/AppleTalk, etc.), different network layer protocols require different configurations; if the IP protocol is selected, the corresponding NCP protocol is called "PPP IPCP";

11) Customer business data transmission, through the previous steps, so far, the corresponding business data transmission can be carried out;

12) The host sends a PPP LCP link teardown request packet, requesting teardown of the PPP link;

13) The access server sends a PPP LCP link removal confirmation packet to confirm the removal of the link;

14) The host sends the PPPoE disconnection packet PADT, and the access server clears the corresponding PPPoE session information to complete the PPPoE session.

In the above steps, steps 1 to 5 are the discovery stage (Discovery stage), and the subsequent steps 6 to 14 are the PPP session stage (PPP Session stage). Compared with the existing PPPoE authentication method shown in Figure 1, the present invention adds a step after the host re-initiates PPPoE dial-up and before initiating the PPPoE dial-up request packet PADI—the host sends a PPPoE disconnection packet to the access server PADT, forcibly tear down the previously established PPPoE session connection; then resend the request to establish a new PPPoE session connection, so that the host can quickly access the PPPoE dial-up network without waiting for the timeout time, thus greatly improving the user experience. At the same time, this method also reduces the equipment load of the network operator, and greatly reduces the complaints of users and the customer service pressure of the operator.

Claims (5)

1. an improved PPPoE authentication method is characterized in that this method is a configuration store component on main frame, preserves the pppoe session information of current PPPoE dial-up connection; PPPoE connects the back and successfully behind the access network, then the pppoe session information of this PPPoE connection will be stored on the memory unit of main frame when main frame is initiated; When main frame under abnormality, need initiate PPPoE when dialing again, main frame will be before initiating PPPoE dialing request package PADI, sends the PPPoE bag PADT that takes out stitches earlier, this packet has carried pppoe session information last time, and original pppoe session is connected dismounting.

2. PPPoE authentication method according to claim 1 is characterized in that: described memory unit is a nonvolatile memory.

3. PPPoE authentication method according to claim 1 is characterized in that: described PPPoE authentication method comprises following concrete steps:

(1) main frame is initiated PPPoE dialing request;

(2) main frame transmission PPPoE takes out stitches and wraps PADT, and this PADT bag has carried the last time pppoe session information that is kept in the host stores parts, and this packet is the connection dismounting of PPPoE dialing last time; If pppoe session is last time removed, then access server is ignored this PADT bag;

(3) main frame sends initialization broadcast packet PADI, the service of seeking access server and needing;

(4) one or more access servers send response packet PADO, inform that this access server of main frame can provide this service and optionally service thereof; If access server can not provide service, then do not do and reply;

(5) main frame sends the unicast packet PADR of conversation request: main frame is checked all PADO bags that it is received, if certain PADO bag satisfies the demand of this main frame, then the access server to correspondence sends the PADR bag, confirms the connection request with this access server;

(6) access server sends session affirmation bag PADS: receive the PADR bag of main frame transmission when access server after, generate a unique pppoe session identifier, and send to the main frame of opposite end, confirm to set up session to show;

(7) main frame is preserved the session information that this PPPoE connects, and comprises the MAC Address of the Ethernet of pppoe session identifier and opposite end;

(8) enter the PPP session stage, behind this conversation end, main frame transmission PPPoE takes out stitches and wraps PADT, removes corresponding pppoe session information, finishes pppoe session.

4. according to claim 1 or 3 described PPPoE authentication methods, it is characterized in that: described pppoe session information comprises the ethernet mac address information of pppoe session identifier SESSION_ID and opposite end.

5. PPPoE authentication method according to claim 3 is characterized in that: described PPP session stage further comprises following concrete steps:

(8.1) ppp link control protocol LCP link configuration is consulted, and participates in the main frame and the access server exchange configuration data bag of PPP session, and after both sides' configuration data exchange process was finished, link promptly was established;

(8.2) carry out PPP password authentication protocol PAP or Challenge-Handshake Authentication Protocol CHAP authentication;

(8.3) selection and configuration about network layer protocol are finished in the request and the affirmation of PPP Network Control Protocol NCP configuration, and the heterogeneous networks layer protocol needs different configurations;

(8.4) client's business datum transport process;

(8.5) main frame sends ppp link control protocol LCP link and removes request package, and ppp link is removed in request;

(8.6) access server sends ppp link control protocol LCP link and removes the affirmation bag, confirms to remove this link to show;

(8.7) main frame transmission PPPoE takes out stitches and wraps PADT, removes corresponding pppoe session information, finishes pppoe session.

Images