[go: up one dir, main page]

CN101282232A - Remote equipment management method, equipment and system - Google Patents

Remote equipment management method, equipment and system Download PDF

Info

Publication number
CN101282232A
CN101282232A CNA2007100739757A CN200710073975A CN101282232A CN 101282232 A CN101282232 A CN 101282232A CN A2007100739757 A CNA2007100739757 A CN A2007100739757A CN 200710073975 A CN200710073975 A CN 200710073975A CN 101282232 A CN101282232 A CN 101282232A
Authority
CN
China
Prior art keywords
access
address
network
network terminal
terminal device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2007100739757A
Other languages
Chinese (zh)
Inventor
吴黄伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNA2007100739757A priority Critical patent/CN101282232A/en
Publication of CN101282232A publication Critical patent/CN101282232A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention relates to a method, equipment and a system for managing remote equipment in the technical field of communication. The method is applied to a system for communication connection of a management device and a network terminal device through a network access device, and comprises the following steps: the method comprises the steps that a management device receives a first access address of a network terminal device reported by the network terminal device; the management equipment acquires a second access address corresponding to a first access address of the network terminal equipment from the network access equipment, wherein the network access equipment forwards data according to the address corresponding relation between the first access address and the second access address; and the management equipment sends a management request to the network terminal equipment by using the obtained second access address. In the embodiment of the invention, the access address information is interacted through the management equipment, so that the risk that the network terminal equipment is easily attacked due to address theft can be reduced.

Description

一种远端设备管理方法、设备及系统 A remote device management method, device and system

技术领域 technical field

本发明涉及通信技术领域,尤其涉及一种远端设备管理方法、设备及系统。The present invention relates to the field of communication technology, in particular to a remote device management method, device and system.

背景技术 Background technique

数字用户线(Digital Subscriber Line,DSL)作为一种宽带接入技术已经得到了广泛应用。相应的DSL组网结构如图1所示,主要包括:自动配置服务器(Auto-Configuration Server,ACS),以及作为宽带网络终端(如网关)或局域网设备的用户驻地设备(Customer Premises Equipment,CPE)(如IPTV)等。As a broadband access technology, Digital Subscriber Line (DSL) has been widely used. The corresponding DSL network structure is shown in Figure 1, mainly including: Auto-Configuration Server (ACS), and Customer Premises Equipment (CPE) as a broadband network terminal (such as a gateway) or a LAN device (such as IPTV) and so on.

如图1所示的基于DSL技术的组网结构可以支持各种宽带业务应用的实现,例如VoIP(基于IP的语音)、IPTV(IP电视)等;其中,作为IP应用终端的CPE即为针对各宽带业务应用或应用的组合形成的基于IP的设备,ACS负责对CPE进行自动配置,以实现无需用户设置CPE,便可以保证CPE的正常工作;ACS具体可以使用远程过程调用(Remote Procedure Call,RPC)的方法来实现对CPE参数的修改和设置。The network structure based on DSL technology as shown in Figure 1 can support the realization of various broadband service applications, such as VoIP (Voice over IP), IPTV (IP TV), etc.; wherein, the CPE as an IP application terminal is for For IP-based devices formed by various broadband service applications or combinations of applications, the ACS is responsible for automatically configuring the CPE, so that the normal operation of the CPE can be guaranteed without the need for users to configure the CPE; the ACS can use Remote Procedure Call (Remote Procedure Call, RPC) method to realize the modification and setting of CPE parameters.

目前,在DSL系统中,与数字用户线路接入复用器(Digital SubscriberLine Access Multiplexer,DSLAM)连接的作为宽带网络终端的CPE(如网关)可以直接与ACS完成自动配置和管理的过程,而位于局域网内作为局域网设备的CPE(如IPTV)可以通过与其相连的网关与ACS完成自动配置和管理的过程。At present, in the DSL system, the CPE (such as the gateway) connected to the digital subscriber line access multiplexer (Digital Subscriber Line Access Multiplexer, DSLAM) as a broadband network terminal can directly complete the process of automatic configuration and management with the ACS. The CPE (such as IPTV) as a LAN device in the LAN can complete the process of automatic configuration and management through the gateway connected to it and the ACS.

其中,在现有技术中,如图2所示现有技术方法流程图,CPE通过DHCP协议将自身的接入地址(如ConnectionRequest URL)通过DHCP消息发送给网关;网关在收到CPE送来的接入地址后,生成该接入地址对应的代理接入地址(GatewayProxy ConnectionRequest URL),该代理接入地址用于提供给ACS从公网主动访问CPE的地址(即网关在收到ACS从公网发过来的对应代理接入地址的HTTP Get请求后,会自动转发到CPE的连接请求URL上);网关将生成的代理接入地址发送给CPE;CPE在收到代理接入地址后,判断是否与先前收到的一致,如果不一致则通过Inform方式通知ACS,这样,ACS在需要主动与CPE进行通信时,使用HTTP协议向CPE对应的代理接入地址发送HTTP GET请求,该请求到达网关后,网关自动将该请求重定向到CPE的连接请求URL上。CPE在收到网关转发的HTTP Get请求后,经过鉴权等过程,CPE确定要与ACS进行通信,则CPE要以HTTP“200(OK)”或者“204(No Content)”状态码的方式向ACS发出响应报文,之后CPE通过Inform RPC方法与ACS建立CPE广域网管理协议(CPE WAN ManagementProtocol,CWMP)会话。其中,URL(Uniform Resource Locator)表示统一资源定位器。其中,HTTP(Hypertext Transfer Protocol)表示超文本传输协议。Wherein, in the prior art, as shown in Figure 2, the flow chart of the prior art method, the CPE sends its own access address (such as ConnectionRequest URL) to the gateway through the DHCP protocol through the DHCP message; After accessing the address, generate the proxy access address (GatewayProxy ConnectionRequest URL) corresponding to the access address. The proxy access address is used to provide the address for the ACS to actively access the CPE from the public network (that is, the gateway receives the ACS from the public network. After sending the HTTP Get request corresponding to the proxy access address, it will be automatically forwarded to the connection request URL of the CPE); the gateway will send the generated proxy access address to the CPE; after receiving the proxy access address, the CPE will determine whether It is consistent with the one received before, if not, it will notify ACS through Inform, so that when ACS needs to actively communicate with CPE, it will use HTTP protocol to send HTTP GET request to the proxy access address corresponding to CPE. After the request reaches the gateway, The gateway automatically redirects the request to the connection request URL of the CPE. After the CPE receives the HTTP Get request forwarded by the gateway, after authentication and other processes, the CPE confirms that it wants to communicate with the ACS, then the CPE sends an HTTP "200 (OK)" or "204 (No Content)" status code to the ACS. The ACS sends a response message, and then the CPE establishes a CPE WAN Management Protocol (CPE WAN Management Protocol, CWMP) session with the ACS through the Inform RPC method. Among them, URL (Uniform Resource Locator) represents the Uniform Resource Locator. Among them, HTTP (Hypertext Transfer Protocol) means Hypertext Transfer Protocol.

但是,在上述方案中,由于CPE和网关采用局域网内部协议(如DHCP)交互连接请求URL,这些内部协议报文交互为明文交互,并且以广播方式进行,很容易通过监听手段获得CPE的连接请求URL信息,从而使得CPE很容易受到攻击。另外,为了监测网关的公网地址的变化,CPE必须通过定期轮训的方式来向网关来获取网关代理连接请求URL,这样加重了CPE和网关的负担。However, in the above scheme, since the CPE and the gateway use the LAN internal protocol (such as DHCP) to exchange connection request URLs, these internal protocol messages are exchanged in plain text and are carried out in a broadcast manner, so it is easy to obtain the connection request of the CPE by monitoring means URL information, making the CPE vulnerable to attacks. In addition, in order to monitor the change of the public network address of the gateway, the CPE must obtain the URL of the gateway proxy connection request from the gateway through regular rotation training, which increases the burden on the CPE and the gateway.

发明内容Contents of the invention

本发明实施例提供了一种远端设备管理方法,管理设备通过网络接入设备与网络终端设备通信连接,包括:管理设备接收网络终端设备上报的所述网络终端设备的第一接入地址,并从所述网络接入设备获得所述网络终端设备的第一接入地址对应的第二接入地址,其中,所述网络接入设备根据所述第一接入地址和所述第二接入地址的地址对应关系转发数据;管理设备利用获得的第二接入地址向所述网络终端设备发送管理请求。An embodiment of the present invention provides a remote device management method. The management device communicates with the network terminal device through a network access device, including: the management device receives the first access address of the network terminal device reported by the network terminal device, And obtain a second access address corresponding to the first access address of the network terminal device from the network access device, wherein the network access device The data is forwarded according to the address correspondence relationship of the incoming address; the management device uses the obtained second access address to send a management request to the network terminal device.

本发明实施例还提供了一种管理设备,所述管理设备经由网络接入设备连接到网络终端设备,其中,所述管理设备包括:An embodiment of the present invention also provides a management device, the management device is connected to a network terminal device via a network access device, wherein the management device includes:

第一获取单元,用于从所述网络终端设备获取包含所述网络终端设备的第一接入地址的信息;a first obtaining unit, configured to obtain information including a first access address of the network terminal device from the network terminal device;

第二获取单元,用于从所述网络接入设备获得所述网络终端设备的第一接入地址对应的第二接入地址,其中,所述网络接入设备根据所述第一接入地址和所述第二接入地址的地址对应关系转发数据;The second obtaining unit is configured to obtain, from the network access device, a second access address corresponding to the first access address of the network terminal device, wherein the network access device uses the first access address Forwarding data corresponding to the address corresponding to the second access address;

管理请求单元,用于根据所述第二接入地址向所述网络终端设备发起管理请求。A management request unit, configured to initiate a management request to the network terminal device according to the second access address.

本发明实施例还提供了一种远端设备管理系统,所述系统包括:所述系统包括:管理设备,通过网络接入设备与网络终端设备通信连接,其中,The embodiment of the present invention also provides a remote device management system, the system includes: the system includes: a management device, which communicates with a network terminal device through a network access device, wherein,

所述管理设备,用于从所述网络终端设备获取所述网络终端设备的第一接入地址,从所述网络接入设备获得所述网络终端设备的第一接入地址对应的第二接入地址,利用获得的第二接入地址向所述网络终端设备发送管理请求;所述网络接入设备将接收到的所述管理请求转发和/或重定向到所述第一接入地址。The management device is configured to obtain the first access address of the network terminal device from the network terminal device, and obtain the second access address corresponding to the first access address of the network terminal device from the network access device. The network access device forwards and/or redirects the received management request to the first access address by using the obtained second access address to send a management request to the network terminal device.

本发明实施例还提供了一种网络接入设备,该网路接入设备包括:The embodiment of the present invention also provides a network access device, the network access device includes:

对应关系存储单元,用于存储所述网络终端设备的第一接入地址和所述管理设备访问所述网络终端设备的第二接入地址的地址对应关系;a correspondence storage unit, configured to store the address correspondence between the first access address of the network terminal device and the second access address for the management device to access the network terminal device;

数据转发单元,用于根据所述地址对应关系存储单元中的地址对应关系转发数据;a data forwarding unit, configured to forward data according to the address correspondence in the address correspondence storage unit;

地址提供单元,用于给所述管理设备提供所述网络终端设备的第一接入地址对应的第二接入地址。An address providing unit, configured to provide the management device with a second access address corresponding to the first access address of the network terminal device.

由上述本发明实施例提供的技术方案可以看出,本发明实施例主要是通过管理设备(自动配置服务器或业务配置服务器或运营支撑系统)获得网络终端设备的第一接入地址,并从网络接入设备上获得该第一接入地址对应的第二接入地址,利用获得的第二接入地址向所述网络终端设备发起管理请求。由于管理设备与网络终端和网络接入设备间交互信息采用的协议比局域网内部采用的协议(典型的如DHCP)具有较高的安全保障,将接入地址信息通过管理设备交互能够降低地址被盗导致网络终端设备容易受到攻击的风险。It can be seen from the technical solutions provided by the above-mentioned embodiments of the present invention that the embodiments of the present invention mainly obtain the first access address of the network terminal device through the management device (automatic configuration server or service configuration server or operation support system), and obtain the first access address of the network terminal device from the network The access device obtains a second access address corresponding to the first access address, and uses the obtained second access address to initiate a management request to the network terminal device. Since the protocol used by the management device to exchange information with network terminals and network access devices is more secure than the protocol used inside the LAN (typically such as DHCP), the exchange of access address information through the management device can reduce address theft. The risk of causing network terminal devices to be vulnerable to attacks.

附图说明 Description of drawings

图1为现有技术DSL组网结构示意图;FIG. 1 is a schematic diagram of a DSL network structure in the prior art;

图2为现有技术方法流程图;Fig. 2 is a prior art method flow chart;

图3为本发明一实施例的方法流程图;Fig. 3 is a method flowchart of an embodiment of the present invention;

图4为本发明另一实施例的方法流程图;Fig. 4 is a method flowchart of another embodiment of the present invention;

图5为本发明实施例的系统框图。Fig. 5 is a system block diagram of an embodiment of the present invention.

具体实施方式 Detailed ways

本发明实施例实现了管理设备(如自动配置服务器、业务配置服务器或运营支撑系统OSS)对局域网内的终端设备的访问、配置、管理和维护,可以降低地址被盗使得局域网内的网络终端设备容易受到攻击的风险。The embodiment of the present invention realizes the access, configuration, management and maintenance of the terminal equipment in the local area network by the management equipment (such as the automatic configuration server, the service configuration server or the operation support system OSS), which can reduce the address theft and make the network terminal equipment in the local area network Risk of vulnerability to attack.

本发明实施例中的接入方式包括但不仅限于如下一种或多种组合:电缆/数字用户线(Cable/DSL)接入、无源光网络(PON)接入(包括各种类型的PON)、网际协议(IP)接入、光纤混合同轴双绞线接入、无线接入(如WAN、WiMax、WiFi)等。相应的,本发明实施例中局域网的网络接入设备具有地址映射(或转换)功能,还可以具有协议转换等功能,包括但不仅限于:IP网关、家庭网关、PBX、无线网关等。相应的,本发明实施例的管理设备可以具有对远端设备进行设备参数配置、修改、管理和维护等功能,可以是独立实体(如自动配置服务器、业务配置服务器等)也可以是运营支撑系统(Operations Support System,OSS)中的功能组件;可以管理的设备包括但不仅限于宽带网络终端(如各种网关)或局域网内设备(如用户驻地设备),这些设备可以是具有固定接口的终端设备可以是支持无线协议和/或具有无线接口的终端设备。The access methods in the embodiments of the present invention include but are not limited to one or more of the following combinations: Cable/Digital Subscriber Line (Cable/DSL) access, Passive Optical Network (PON) access (including various types of PON ), Internet Protocol (IP) access, fiber optic hybrid coaxial twisted pair access, wireless access (such as WAN, WiMax, WiFi), etc. Correspondingly, the network access device of the LAN in the embodiment of the present invention has address mapping (or conversion) functions, and may also have functions such as protocol conversion, including but not limited to: IP gateway, home gateway, PBX, wireless gateway, etc. Correspondingly, the management device in the embodiment of the present invention can have the functions of configuring, modifying, managing and maintaining the device parameters of the remote device, and can be an independent entity (such as an automatic configuration server, a service configuration server, etc.) or an operation support system Functional components in (Operations Support System, OSS); devices that can be managed include but are not limited to broadband network terminals (such as various gateways) or devices in a local area network (such as user premises equipment), and these devices can be terminal devices with fixed interfaces Can be a terminal device supporting a wireless protocol and/or having a wireless interface.

本发明实施例提供的远端设备管理方法,该方法应用的系统包括管理设备,经由网络接入设备耦合到网络终端设备,其中In the remote device management method provided by the embodiment of the present invention, the system to which the method is applied includes a management device coupled to a network terminal device via a network access device, wherein

管理设备接收网络终端设备上报的所述网络终端设备的第一接入地址(如CPE的接入地址ConnectionRequest URL);管理设备从所述网络接入设备获得所述网络终端设备的第一接入地址对应的第二接入地址(如代理接入地址GatewayProxy ConnectionRequest URL),其中,所述网络接入设备根据所述第一接入地址和所述第二接入地址的地址对应关系转发数据;管理设备利用获得的第二接入地址向所述网络终端设备发送管理请求。The management device receives the first access address of the network terminal device reported by the network terminal device (such as the access address ConnectionRequest URL of the CPE); the management device obtains the first access address of the network terminal device from the network access device; The second access address corresponding to the address (such as the proxy access address GatewayProxy ConnectionRequest URL), wherein the network access device forwards data according to the address correspondence between the first access address and the second access address; The management device sends a management request to the network terminal device by using the obtained second access address.

其中,所述网络终端设备和所述网络接入设备交换双方的身份标识,建立关联关系。Wherein, the network terminal device and the network access device exchange identities of both parties to establish an association relationship.

其中,所述方法还包括:管理设备比较从所述网络终端设备获得的所述网络终端设备的身份标识和从所述网络接入设备上获得的所述网络终端设备的身份标识,确定所述网络终端设备和所述网络接入设备的关联关系。Wherein, the method further includes: the management device compares the identity of the network terminal device obtained from the network terminal device with the identity of the network terminal device obtained from the network access device, and determines that the The association relationship between the network terminal device and the network access device.

其中,所述方法还包括:如果所述网络接入设备没有所述网络终端设备的地址对应关系,则建立相应的地址对应关系。Wherein, the method further includes: if the network access device does not have an address correspondence of the network terminal device, establishing a corresponding address correspondence.

其中,管理设备确定所述网络接入设备没有针对所述第一地址为所述网络终端设备建立地址对应关系,则根据所述所述网络终端设备的第一接入地址对所述网络接入设备进行相应的地址对应关系配置。Wherein, the management device determines that the network access device has not established an address correspondence relationship for the network terminal device with respect to the first address, and then accesses the network according to the first access address of the network terminal device. The device configures the corresponding address correspondence.

其中,所述方法还包括:管理设备根据所述网络终端设备上报的所述网络终端设备的第一接入地址对所述网络接入设备进行相应的地址对应关系配置。Wherein, the method further includes: the management device configures corresponding address correspondences for the network access device according to the first access address of the network terminal device reported by the network terminal device.

其中,所述管理设备用所述网络终端设备上报的所述网络终端设备的第一接入地址更新所述网络接入设备中的相应的地址对应关系。Wherein, the management device uses the first access address of the network terminal device reported by the network terminal device to update the corresponding address correspondence in the network access device.

其中,所述管理设备根据对所述网络接入设备的配置获得所述网络终端设备的第一地址对应的第二地址。Wherein, the management device obtains the second address corresponding to the first address of the network terminal device according to the configuration of the network access device.

其中,管理设备将所述网络终端设备上报的所述网络终端设备的第一接入地址发送给所述网络接入设备;并接收所述网络接入设备返回的所述网络终端设备的第一接入地址对应的第二接入地址。Wherein, the management device sends the first access address of the network terminal device reported by the network terminal device to the network access device; and receives the first access address of the network terminal device returned by the network access device. The second access address corresponding to the access address.

其中,所述管理设备从所述网络接入设备、所述网络终端设备之间获得信息的方式包括:采用用户驻地设备广域网管理协议和/或远程过程调用。Wherein, the manner in which the management device obtains information from the network access device and the network terminal device includes: using a customer premises equipment wide area network management protocol and/or remote procedure call.

下面,结合实例对本发明实施例的技术方案进一步说明。In the following, the technical solutions of the embodiments of the present invention will be further described in conjunction with examples.

在下面的实施例描述的方案中,ConnectionRequest URL表示用户驻地设备CPE的接入地址,该地址通常为私网地址,也可以为公网地址。我们假设CPE的IP地址是192.168.0.2,CPE的接入地址ConnectionRequest URL为192.168.0.2:1234/RemoteManagement,与CPE连接的网关的私网侧(或局域网LAN侧)地址为192.168.0.1,公网侧(或广域网WAN侧)IP地址为202.96.123.124。In the solutions described in the following embodiments, the ConnectionRequest URL indicates the access address of the CPE, which is usually a private network address, and may also be a public network address. We assume that the IP address of the CPE is 192.168.0.2, the access address ConnectionRequest URL of the CPE is 192.168.0.2:1234/RemoteManagement, the private network side (or LAN side) address of the gateway connected to the CPE is 192.168.0.1, and the public network The IP address of the side (or WAN side) is 202.96.123.124.

实施例一Embodiment one

在本实施例中,以自动配置服务器(ACS)为例,用于为CPE和网关提供配置管理功能。本实施例的技术方案包括:ACS获得CPE的接入地址ConnectionRequest URL;ACS根据对所述网络接入设备的配置获得所述网络终端设备的CPE的接入地址ConnectionRequest URL对应的GatewayProxyConnectionRequest URL;这样,ACS在需要主动与CPE进行通信时,使用HTTP协议向CPE对应的代理接入地址发送HTTP GET请求,该请求到达网关后,网关自动将该请求转发或重定向到CPE的连接请求URL上。CPE在收到网关映射的ACS的HTTP GET请求后,后续步骤可以采用通用流程实现与ACS之间的通讯,例如,经过鉴权等过程,CPE确定要与ACS进行通信,则CPE要以HTTP“200(OK)”或者“204(No Content)”状态码的方式向ACS发出响应报文,之后CPE通过Inform RPC方法与ACS建立CWMP会话。In this embodiment, an automatic configuration server (ACS) is used as an example to provide configuration management functions for CPEs and gateways. The technical solution of this embodiment includes: the ACS obtains the access address ConnectionRequest URL of the CPE; the ACS obtains the GatewayProxyConnectionRequest URL corresponding to the access address ConnectionRequest URL of the CPE of the network terminal device according to the configuration of the network access device; thus, When the ACS needs to actively communicate with the CPE, it uses the HTTP protocol to send an HTTP GET request to the proxy access address corresponding to the CPE. After the request reaches the gateway, the gateway automatically forwards or redirects the request to the connection request URL of the CPE. After the CPE receives the HTTP GET request of the ACS mapped by the gateway, the subsequent steps can use the general process to realize the communication with the ACS. 200 (OK)" or "204 (No Content)" status code to send a response message to the ACS, and then the CPE establishes a CWMP session with the ACS through the Inform RPC method.

参见图3所示为本发明实施例一的方法流程图。Referring to FIG. 3 , it is a flow chart of the method in Embodiment 1 of the present invention.

步骤301:CPE与网关之间建立通信交互双方的身份标识,实现关联。Step 301: The CPE and the gateway establish the identities of the communication and interaction parties to realize the association.

这里,CPE与网关之间通过DHCP协议实现CPE与网关通信连接,实现关联。交互的DHCP报文中包含了双方的身份标识,其中身份标识可为设备ID、设备的产品号等。网关通过这个步骤,可以获得CPE的身份标识(如CPE的设备ID),并保存获得的CPE的身份标识,其中,网关可以将这些信息添加到网关数据模型的ManageableDevice表中以便提供外部设备查询、管理维护。同时,CPE也可通过这个步骤获取到网关的身份标识(如网关的设备ID)。Here, the communication connection between the CPE and the gateway is implemented through the DHCP protocol between the CPE and the gateway to realize association. The exchanged DHCP message contains the identifications of both parties, where the identifications may be the device ID, the product number of the device, and the like. Through this step, the gateway can obtain the identity of the CPE (such as the device ID of the CPE), and save the obtained identity of the CPE, wherein the gateway can add this information to the ManageableDevice table of the gateway data model so as to provide external device query, Manage maintenance. At the same time, the CPE can also obtain the identity of the gateway (such as the device ID of the gateway) through this step.

另外,值得注意的是,如果网关原来没有CPE的接入地址ConnectionRequest URL,则此时网关上保存的CPE的接入地址ConnectionRequest URL信息为空,因为CPE没有将该信息放在DHCP报文中发给网关。In addition, it is worth noting that if the gateway originally did not have the ConnectionRequest URL of the CPE's access address, the information about the ConnectionRequest URL of the CPE's access address saved on the gateway is empty at this time, because the CPE did not send this information in the DHCP message. to the gateway.

其中,步骤301为可选项,因为在后续步骤中如果ACS不需要确定CPE和网关的关联关系,则可以不需要交换双方的身份信息。Wherein, step 301 is optional, because in subsequent steps, if the ACS does not need to determine the association relationship between the CPE and the gateway, it is not necessary to exchange the identity information of the two parties.

步骤302:CPE与ACS建立连接,CPE向ACS上报CPE的接入地址ConnectionRequest URL;此外,CPE还可以向ACS上报CPE的身份标识(如CPE的ID)和网关的身份标识(如网关的设备ID)。Step 302: CPE establishes a connection with the ACS, and the CPE reports the access address ConnectionRequest URL of the CPE to the ACS; in addition, the CPE can also report the identity of the CPE (such as the ID of the CPE) and the identity of the gateway (such as the device ID of the gateway) to the ACS ).

这里,由于CPE上可以由运营商或设备提供商预置ACS的地址或,或者CPE可以通过广播方式获得ACS的地址,或可主动从网络上获得ACS的地址,因此CPE可以向ACS发起连接,ACS通过此连接可以使用CPE广域网管理协议(CPE WAN Management Protocol,CWMP)协议获取CPE的接入地址ConnectionRequest URL信息。同时ACS通过此连接还可以获得CPE ID和网关的ID信息。在具体实现中,ACS还可以通过TR-069 RPC来获取CPE上数据模型中ConnectionRequest URL信息。Here, since the ACS address can be preset by the operator or equipment provider on the CPE, or the CPE can obtain the ACS address through broadcasting, or can actively obtain the ACS address from the network, the CPE can initiate a connection to the ACS, Through this connection, the ACS can use the CPE WAN Management Protocol (CPE WAN Management Protocol, CWMP) protocol to obtain the access address ConnectionRequest URL information of the CPE. At the same time, the ACS can also obtain the CPE ID and gateway ID information through this connection. In a specific implementation, the ACS can also obtain the ConnectionRequest URL information in the data model on the CPE through TR-069 RPC.

步骤303:ACS与网关建立连接,从网关上获取与CPE相关联的信息。Step 303: The ACS establishes a connection with the gateway, and obtains information associated with the CPE from the gateway.

这里,ACS根据CPE上报的网关的身份标识(如网关的设备ID),与该网关建立连接,使用CWMP协议从网关上获取网关数据模型中ManageableDevice表保存的与之相关联的CPE的信息,包括CPE的ID、CPEConnectionRequest URL信息。其中,如步骤301所述,此时网关上保存的CPE的接入地址ConnectionRequest URL信息为空,则ACS获得的ConnectionRequest URL信息也为空。Here, the ACS establishes a connection with the gateway according to the identity of the gateway reported by the CPE (such as the device ID of the gateway), and uses the CWMP protocol to obtain the associated CPE information stored in the ManageableDevice table in the gateway data model from the gateway, including CPE ID, CPEConnectionRequest URL information. Wherein, as described in step 301, the access address ConnectionRequest URL information of the CPE saved on the gateway is empty at this time, and the ConnectionRequest URL information obtained by the ACS is also empty.

步骤304:ACS比较分别从CPE和网关上获得的CPE的身份标识(如CPE的设备ID),确定该CPE与网关的关联关系。Step 304: The ACS compares the identity of the CPE (such as the device ID of the CPE) obtained from the CPE and the gateway, and determines the relationship between the CPE and the gateway.

步骤305:ACS比较从CPE上和从网关上获得的CPE的接入地址ConnectionRequest URL是否一致,如果一致则执行步骤305.1,否则转步骤305.2。Step 305: ACS compares whether the access address ConnectionRequest URL of the CPE obtained from the CPE and the gateway is consistent, and if they are consistent, execute step 305.1, otherwise go to step 305.2.

步骤305.1:如果从CPE上和从网关上获得的CPE的接入地址ConnectionRequest URL一致,则确定网关已经为该CPE的接入地址ConnectionRequest URL实行地址映射。Step 305.1: If the CPE access address ConnectionRequest URL obtained from the CPE and the gateway are consistent, then determine that the gateway has implemented address mapping for the CPE access address ConnectionRequest URL.

这里,根据地址映射关系,ACS使用CWMP协议从网关上查到网关上保存(如网关的NAT表)的ConnectionReques URL(IP地址和端口)对应的代理接入地址(或公网侧或广域网WAN侧)映射地址或映射端口,比如4321端口。ACS据此确定CPE的接入地址(ConnectionRequest URL)192.168.0.2:1234/RemoteManagement被网关映射成公网侧或广域网WAN侧的代理接入地址(GatewayProxy ConnectionRequest URL)202.96.123.124:4321/RemoteManagement。Here, according to the address mapping relationship, the ACS uses the CWMP protocol to find the proxy access address (or public network side or WAN side) corresponding to the ConnectionReques URL (IP address and port) saved on the gateway (such as the NAT table of the gateway) from the gateway. ) mapping address or mapping port, such as port 4321. Based on this, the ACS determines that the access address (ConnectionRequest URL) 192.168.0.2:1234/RemoteManagement of the CPE is mapped by the gateway to the proxy access address (GatewayProxy ConnectionRequest URL) 202.96.123.124:4321/RemoteManagement on the public network side or the WAN side.

步骤305.2:如果从CPE上和从网关上获得的CPE的接入地址ConnectionRequest URL不一致,则确定需要进行端口映射,此时分两种情况:Step 305.2: If the access address ConnectionRequest URL of the CPE obtained from the CPE is inconsistent with that obtained from the gateway, it is determined that port mapping is required, and there are two cases at this time:

1)如果从网关上获得的CPE的接入地址ConnectionRequest URL为空,表明网关没有为该CPE的接入地址ConnectionRequest URL实行端口映射,则ACS可以通过CWMP方法,根据CPE的接入地址ConnectionRequest URL中IP地址和端口为该CPE建立一个端口映射。然后,ACS用从CPE上获得的ConnectionRequest URL来更新网关上保存的该CPE的接入地址ConnectionRequest URL。例如将网关的4321端口映射到CPE的1234端口上,这样CPE的接入地址(ConnectionRequest URL)192.168.0.2:1234/RemoteManagement被网关映射成公网侧或广域网WAN侧的代理接入地址(GatewayProxy ConnectionRequest URL)202.96.123.124:4321/RemoteManagement。1) If the CPE access address ConnectionRequest URL obtained from the gateway is empty, it means that the gateway has not implemented port mapping for the CPE access address ConnectionRequest URL, then the ACS can use the CWMP method according to the CPE access address ConnectionRequest URL The IP address and port establishes a port mapping for the CPE. Then, the ACS uses the ConnectionRequest URL obtained from the CPE to update the access address ConnectionRequest URL of the CPE saved on the gateway. For example, port 4321 of the gateway is mapped to port 1234 of the CPE, so that the access address (ConnectionRequest URL) of the CPE (ConnectionRequest URL) 192.168.0.2:1234/RemoteManagement is mapped by the gateway to the proxy access address (GatewayProxy ConnectionRequest URL) 202.96.123.124:4321/RemoteManagement.

2)如果从网关上获得的CPE的接入地址ConnectionRequest URL不为空,说明网关在先前已经为该CPE的旧的ConnectionRequest URL做了端口映射,但是由于CPE改变了自身的ConnectionRequest URL,产生了新的ConnectionRequest URL,所以ACS根据从网关上找到的CPE的旧的ConnectionRequest URL中IP地址和端口在网关保存的,如NAT表中查找到对应的条目,并根据从CPE上取得的新的ConnectionRequest URL中的IP地址和端口信息,刷新该条目的内容。然后,ACS用从CPE上获得的新的ConnectionRequest URL来更新网关上保存的该CPE的旧的ConnectionRequestURL。2) If the access address ConnectionRequest URL of the CPE obtained from the gateway is not empty, it means that the gateway has previously done port mapping for the old ConnectionRequest URL of the CPE, but because the CPE has changed its own ConnectionRequest URL, a new one has been generated. ConnectionRequest URL, so ACS saves the IP address and port in the gateway according to the old ConnectionRequest URL of the CPE found from the gateway, such as finding the corresponding entry in the NAT table, and according to the new ConnectionRequest URL obtained from the CPE The IP address and port information of the entry are refreshed. Then, the ACS uses the new ConnectionRequest URL obtained from the CPE to update the old ConnectionRequestURL of the CPE saved on the gateway.

例如:For example:

从CPE上获得的新的ConnectionRequest URL为:192.168.0.2:1234/RemoteManagementThe new ConnectionRequest URL obtained from the CPE is: 192.168.0.2:1234/RemoteManagement

从网关上获得的CPE的旧的ConnectionRequest URL为:192.168.0.5:5678/RemoteManagementThe old ConnectionRequest URL of the CPE obtained from the gateway is: 192.168.0.5:5678/RemoteManagement

那么ACS根据从网关上获得的CPE的旧的ConnectionRequest URL的IP地址192.168.0.5和端口5678,在网关上的NAT表中找到对应的条目,如Then ACS finds the corresponding entry in the NAT table on the gateway according to the IP address 192.168.0.5 and port 5678 of the old ConnectionRequest URL of the CPE obtained from the gateway, such as

*:4321->192.168.0.5:5678,(表示将发到网关WAN侧4321端口的报文映射到LAN侧的IP地址为192.168.0.5的5678端口)*: 4321->192.168.0.5: 5678, (indicating that the packet sent to port 4321 on the WAN side of the gateway is mapped to port 5678 with IP address 192.168.0.5 on the LAN side)

ACS之后根据从CPE上获得的新的ConnectionRequest URL中的IP地址192.168.0.2和端口1234来更新找到的NAT表中的条目,改成ACS then updates the entries in the found NAT table according to the IP address 192.168.0.2 and port 1234 in the new ConnectionRequest URL obtained from the CPE, changing it to

*:4321->192.168.0.2:1234,(标识将发到网关WAN侧4321端口的报文映射到LAN侧的IP地址为192.168.0.2的1234端口)*: 4321->192.168.0.2: 1234, (Identifies that the message sent to port 4321 on the WAN side of the gateway is mapped to port 1234 on the LAN side with an IP address of 192.168.0.2)

这样,CPE的接入地址(ConnectionRequest URL)192.168.0.2:1234/RemoteManagement被网关映射成公网侧或广域网WAN侧的代理接入地址(GatewayProxy ConnectionRequest URL)202.96.123.124:4321/RemoteManagement。In this way, the access address (ConnectionRequest URL) 192.168.0.2:1234/RemoteManagement of the CPE is mapped by the gateway to the proxy access address (GatewayProxy ConnectionRequest URL) 202.96.123.124:4321/RemoteManagement on the public network side or the WAN side.

步骤306:ACS在需要主动与CPE进行通信时,使用HTTP协议向该代理接入地址GatewayProxy ConnectionRequest URL发送HTTP GET请求。Step 306: When the ACS needs to actively communicate with the CPE, it uses the HTTP protocol to send an HTTP GET request to the proxy access address GatewayProxy ConnectionRequest URL.

ACS通过上述步骤确定CPE的接入地址ConnectionRequest URL对应的代理接入地址GatewayProxy ConnectionRequest URL。在ACS需要主动与CPE通讯时,ACS以HTTP协议向代理接入地址GatewayProxy ConnectionRequestURL发出HTTP GET请求,网关在收到该请求后,根据网关上保存的地址映射关系(如Network Address Translation,NAT表的条目),自动将该请求映射到CPE的接入地址ConnectionRequest URL,即网关自动将该请求转发或重定向到CPE的接入地址ConnectionRequest URL上。CPE在收到ACS的HTTPGET请求后,后续步骤就可以沿用现在TR-069的方法实现与ACS之间的通讯。例如,经过鉴权等过程,CPE确定要与ACS进行通信,则CPE要以HTTP“200(OK)”或者“204(No Content)”状态码的方式向ACS发出响应报文,之后CPE通过Inform RPC方法与ACS建立CWMP会话。The ACS determines the proxy access address GatewayProxy ConnectionRequest URL corresponding to the access address ConnectionRequest URL of the CPE through the above steps. When the ACS needs to actively communicate with the CPE, the ACS uses the HTTP protocol to send an HTTP GET request to the proxy access address GatewayProxy ConnectionRequestURL. entry), and automatically map the request to the ConnectionRequest URL of the CPE, that is, the gateway automatically forwards or redirects the request to the ConnectionRequest URL of the CPE. After the CPE receives the HTTP GET request from the ACS, the following steps can follow the current method of TR-069 to realize the communication with the ACS. For example, after authentication and other processes, if the CPE determines to communicate with the ACS, the CPE will send a response message to the ACS in the form of an HTTP "200 (OK)" or "204 (No Content)" status code, and then the CPE will pass the Inform The RPC method establishes a CWMP session with the ACS.

其中,上述方案中CPE和网关的关联关系可以采用表1所示的数据模型(或称ManageableDevice表)来描述。当然,CPE和网关的关联关系的描述不仅限于表1所示的方式,只要包含公网侧地址和CPE地址对应关系,采用其它格式或增加/减少选项都可以。Wherein, the relationship between the CPE and the gateway in the above solution can be described by using the data model (or called ManageableDevice table) shown in Table 1. Of course, the description of the relationship between the CPE and the gateway is not limited to the method shown in Table 1, as long as it includes the corresponding relationship between the public network side address and the CPE address, it can use other formats or increase/decrease options.

表1Table 1

  Internet GatewayDevice ManagementServer ManageableDevice Internet GatewayDevice ManagementServer ManageableDevice   对象 object - -  保存了与网关关联的CPE的信息 Save the information of the CPE associated with the gateway - -   1.2 1.2   Manufacturer UI Manufacturer UI   长度为6字节的字符串 A string of length 6 bytes - -  CPE的唯一标识符 Unique identifier for the CPE - -   1.2 1.2   Serial number Serial number   长度为64字节的字符串 A string of length 64 bytes - -  CPE的产品序列号 Product serial number of CPE - -   1.2 1.2   Product Class Product Class   长度为64字节的字符串 A string of length 64 bytes - -  CPE的设备类型 CPE device type - -   1.2 1.2   ConnectionRequestURL ConnectionRequestURL   长度为256字节的字符串 A string of length 256 bytes  CPE的ConnectionRequest URL CPE's ConnectionRequest URL

实施例二Embodiment two

在本实施例中,以自动配置服务器(ACS)为例,用于为CPE和网关提供配置管理功能。本实施例的技术方案包括:ACS获得CPE的地址ConnectionRequest URL,并将该CPE的地址ConnectionRequest URL提供给网关,由网关负责对该CPE的地址ConnectionRequest URL的端口映射或者URL重定向,即网关在收到ACS提供的CPE的地址ConnectionRequest URL后,如果没有为该CPE建立地址对应关系,则生成该ConnectionRequest URL对应的代理接入地址GatewayProxy ConnectionRequest URL;并将该代理接入地址GatewayProxy ConnectionRequest URL反馈给ACS。In this embodiment, an automatic configuration server (ACS) is used as an example to provide configuration management functions for CPEs and gateways. The technical solution of this embodiment includes: the ACS obtains the address ConnectionRequest URL of the CPE, and provides the address ConnectionRequest URL of the CPE to the gateway, and the gateway is responsible for port mapping or URL redirection of the address ConnectionRequest URL of the CPE. After going to the CPE address ConnectionRequest URL provided by the ACS, if no address correspondence is established for the CPE, generate the proxy access address GatewayProxy ConnectionRequest URL corresponding to the ConnectionRequest URL; and feed back the proxy access address GatewayProxy ConnectionRequest URL to the ACS.

参见图4所示为本发明实施例二的方法流程图。Referring to FIG. 4 , it is a flow chart of the method in Embodiment 2 of the present invention.

其中步骤401~步骤404与实施例一中步骤301~步骤304基本相同,在此不再赘述。下面具体介绍本实施例与实施例一的区别之处。Steps 401 to 404 are basically the same as steps 301 to 304 in Embodiment 1, and will not be repeated here. The difference between this embodiment and the first embodiment will be described in detail below.

步骤405:ACS确立了CPE与网关的关联关系后,将从CPE上获得ConnectionRequest URL和CPE的身份标识(如CPE的设备ID)提供给网关。Step 405: After the ACS establishes the association relationship between the CPE and the gateway, it will obtain the ConnectionRequest URL and the identity of the CPE (such as the device ID of the CPE) from the CPE and provide it to the gateway.

这里,AC S使用CWMP协议将从CPE上获得的ConnectionRequest URL和CPE的身份标识(如CPE的设备ID)发送给网关。Here, the ACS uses the CWMP protocol to send the ConnectionRequest URL obtained from the CPE and the identity of the CPE (such as the device ID of the CPE) to the gateway.

步骤406:网关在收到ACS发过来的CPE的身份标识(如CPE的设备ID)和ConnectionRequest URL,确定CPE的地址ConnectionRequest URL和公网侧代理接入地址GatewayProxy ConnectionRequest URL的映射关系或对应关系。Step 406: The gateway determines the mapping relationship or corresponding relationship between the address ConnectionRequest URL of the CPE and the proxy access address GatewayProxy ConnectionRequest URL of the public network side after receiving the identity of the CPE (such as the device ID of the CPE) and the ConnectionRequest URL sent by the ACS.

这里,网关在收到ACS发过来的CPE的身份标识(如CPE的设备ID)和ConnectionRequest URL后,根据CPE的身份标识(如CPE的设备ID)寻找对应的条目,包括如下两种情况:Here, after the gateway receives the identity of the CPE (such as the device ID of the CPE) and the ConnectionRequest URL sent by the ACS, it searches for the corresponding entry according to the identity of the CPE (such as the device ID of the CPE), including the following two situations:

A)如果没有找到CPE的身建立该设备和网关的映射关系或对应关系,则网关为该CPE的地址ConnectionRequest URL生成对应代理接入地址GatewayProxy ConnectionRequest URL,并将CPE的身份标识、CPE的接入地址ConnectionRequest URL和对应的代理接入地址GatewayProxyConnectionRequest URL保存到表中份标识(如CPE的设备ID),表明网关还没有。A) If the identity of the CPE is not found to establish the mapping relationship or corresponding relationship between the device and the gateway, the gateway generates the corresponding proxy access address GatewayProxy ConnectionRequest URL for the address ConnectionRequest URL of the CPE, and uses the identity of the CPE, the access address of the CPE The address ConnectionRequest URL and the corresponding proxy access address GatewayProxyConnectionRequest URL are stored in the table, and the identifier (such as the device ID of the CPE) indicates that the gateway has not yet.

B)如果找到CPE的身份标识(如CPE的设备ID)对应条目,则有以下两种可能:B) If an entry corresponding to the identity of the CPE (such as the device ID of the CPE) is found, there are the following two possibilities:

B-1)如果该条目中的接入地址ConnectionRequest URL与网关收到的接入地址ConnectionRequest URL不相同,表明CPE的接入地址ConnectionRequestURL有变化,网关用收到的ConnectionRequest URL信息更新条目中旧的CPE的地址ConnectionRequest URL信息。B-1) If the ConnectionRequest URL in the entry is different from the ConnectionRequest URL received by the gateway, it indicates that the ConnectionRequestURL of the CPE has changed, and the gateway updates the old one in the entry with the received ConnectionRequest URL information CPE address ConnectionRequest URL information.

B-2)如果该条目中的接入地址ConnectionRequest URL与网关收到的ConnectionRequest URL相同,表明CPE的接入地址ConnectionRequest URL没有变化,网关不需要刷新条目中的CPE的接入地址ConnectionRequest URL信息。B-2) If the access address ConnectionRequest URL in the entry is the same as the ConnectionRequest URL received by the gateway, it indicates that the access address ConnectionRequest URL of the CPE has not changed, and the gateway does not need to refresh the entry address ConnectionRequest URL information of the CPE.

步骤407:网关确定了CPE的地址和公网侧地址的映射关系或对应关系后,将公网侧地址反馈给ACS。Step 407: After determining the mapping relationship or corresponding relationship between the address of the CPE and the address on the public network side, the gateway feeds back the address on the public network side to the ACS.

这里,网关可以使用CWMP协议将CPE的地址ConnectionRequest URL对应的公网侧地址GatewayProxy ConnectionRequest URL发给ACS。Here, the gateway can use the CWMP protocol to send the public network side address GatewayProxy ConnectionRequest URL corresponding to the CPE address ConnectionRequest URL to the ACS.

ACS通过上述步骤获得代理接入地址GatewayProxy ConnectionRequestURL。The ACS obtains the proxy access address GatewayProxy ConnectionRequestURL through the above steps.

步骤408:ACS在需要主动与CPE进行通信时,使用HTTP协议向该代理接入地址GatewayProxy ConnectionRequest URL发送HTTP GET请求。Step 408: When the ACS needs to actively communicate with the CPE, it uses the HTTP protocol to send an HTTP GET request to the proxy access address GatewayProxy ConnectionRequest URL.

该请求到达网关后,根据地址映射关系(如NAT表的条目),网关自动将该请求转发或重定向到CPE的地址ConnectionRequest URL上。CPE在收到网关映射的ACS的HTTP GET请求后,后续步骤可以采用通用流程实现与ACS之间的通讯,例如,经过鉴权等过程,CPE确定要与ACS进行通信,则CPE要以HTTP“200(OK)”或者“204(No Content)”状态码的方式向ACS发出响应报文,之后CPE通过Inform RPC方法与ACS建立CWMP会话。After the request arrives at the gateway, according to the address mapping relationship (such as the entry in the NAT table), the gateway automatically forwards or redirects the request to the ConnectionRequest URL of the CPE. After the CPE receives the HTTP GET request of the ACS mapped by the gateway, the subsequent steps can use the general process to realize the communication with the ACS. 200 (OK)" or "204 (No Content)" status code to send a response message to the ACS, and then the CPE establishes a CWMP session with the ACS through the Inform RPC method.

表2Table 2

  CPE ID CPE ID   GatewayProxyConnectionRequest URL GatewayProxyConnectionRequest URL   ConnectionRequest URL ConnectionRequest URL   CPE1 ID CPE1 ID   202.96.123.124:4321 202.96.123.124:4321   192.168.0.2:1234/RemoteManagement 192.168.0.2:1234/RemoteManagement   CPE2 ID CPE2 ID   202.96.123.124:5678 202.96.123.124:5678   192.168.0.6:6543/RemoteManagementDre1 192.168.0.6:6543/RemoteManagementDre1   CPE3 ID CPE3 ID   202.96.123.124:8543 202.96.123.124:8543   192.168.0.8:2645/RemoteManagementDre2 192.168.0.8:2645/RemoteManagementDre2

表3table 3

  Internet Gateway DeviceManagement ServerManageable Device Internet Gateway DeviceManagement ServerManageable Device   对象 object - -   保存了与网关关联的CPE的信息 Save the information of the CPE associated with the gateway - -   1.2 1.2   Manufacturer OUI Manufacturer OUI   长度为6字节的字符串 A string of length 6 bytes - -   CPE的唯一标识符 The unique identifier of the CPE - -   1.2 1.2   Serial Number Serial Number   长度为64字节的字符串 A string of length 64 bytes - -   CPE的产品序列号 Product serial number of CPE - -   1.2 1.2   Product Class Product Class   长度为64字节的字符串 A string of length 64 bytes - -   CPE的设备类型 CPE device type - -   1.2 1.2   ConnectionRequest URL ConnectionRequest URL   长度为256字节的字符串 A string of length 256 bytes   CPE的ConnectionRequestURL CPE's ConnectionRequestURL   GatewayProxyConnectionRequestURL GatewayProxyConnectionRequestURL   长度为256字节的字符串 A string of length 256 bytes   CPE的GatewayProxyConnection RequestU RL CPE's GatewayProxyConnection RequestU RL

在这个实施例中,网关上CPE的接入地址ConnectionRequest URL和网关映射生成的代理接入地址GatewayProxy ConnectionRequest URL的对应关系可参考表2所示。网关根据这个对应关系,将从公网侧(或广域网WAN侧)收到的发向代理接入地址GatewayProxy ConnectionRequest URL的报文映射或者重定向到对应的ConnectionRequest URL上。此外,实施例一中,网关上CPE的接入地址ConnectionRequest URL和网关映射生成的代理接入地址GatewayProxy ConnectionRequest URL的对应关系也可参考表2所示。In this embodiment, the corresponding relationship between the access address ConnectionRequest URL of the CPE on the gateway and the proxy access address GatewayProxy ConnectionRequest URL generated by the gateway mapping can be referred to in Table 2. According to this corresponding relationship, the gateway maps or redirects the message sent to the proxy access address GatewayProxy ConnectionRequest URL received from the public network side (or the wide area network WAN side) to the corresponding ConnectionRequest URL. In addition, in Embodiment 1, the corresponding relationship between the access address ConnectionRequest URL of the CPE on the gateway and the proxy access address GatewayProxy ConnectionRequest URL generated by gateway mapping can also refer to Table 2.

在这个实施例中,可以将网络终端的接入地址和对应的代理接入地址添加到网关的数据模型中以便于管理设备的访问查询、管理、维护,参见表3所示的网关数据模型(或称ManageableDevice表)来描述。In this embodiment, the access address of the network terminal and the corresponding proxy access address can be added to the data model of the gateway so as to facilitate the access query, management and maintenance of the management device, see the gateway data model shown in Table 3 ( Or called ManageableDevice table) to describe.

参见图5所示的本发明实施例的系统框图。Refer to the system block diagram of the embodiment of the present invention shown in FIG. 5 .

本发明实施例还提供了一种管理设备,通过网络接入设备与网络终端设备通信连接,其中,该管理设备包括:The embodiment of the present invention also provides a management device that communicates with a network terminal device through a network access device, wherein the management device includes:

第一获取单元,用于从所述网络终端设备获取包含所述网络终端设备的第一接入地址的信息,其中,所述网络接入设备根据所述第一接入地址和所述第二接入地址的对应关系转发数据;A first obtaining unit, configured to obtain information including a first access address of the network terminal device from the network terminal device, wherein the network access device uses the first access address and the second The corresponding relationship of the access address forwards the data;

第二获取单元,用于从所述网络接入设备获得所述网络终端设备的第一接入地址对应的第二接入地址;a second obtaining unit, configured to obtain, from the network access device, a second access address corresponding to the first access address of the network terminal device;

管理请求单元,用于根据所述第二接入地址向所述网络终端设备发起管理请求。A management request unit, configured to initiate a management request to the network terminal device according to the second access address.

可选的,该管理设备还包括:Optionally, the management device also includes:

地址配置单元,用于根据所述第一获取单元获取的所述网络终端设备的第一接入地址对所述网络接入设备进行相应的地址对应关系配置;An address configuration unit, configured to configure corresponding address correspondences for the network access device according to the first access address of the network terminal device obtained by the first obtaining unit;

地址获取单元,用于根据配置单元的配置结果获得所述网络终端设备的第一接入地址对应的第二接入地址。The address obtaining unit is configured to obtain the second access address corresponding to the first access address of the network terminal device according to the configuration result of the configuration unit.

可选的,该地址设置单元包括:Optionally, the address setting unit includes:

地址更新单元,用于更新所述网络接入设备地址对应关系。An address updating unit, configured to update the address correspondence of the network access device.

可选的,该第二获取单元包括:Optionally, the second acquisition unit includes:

发送模块,用于将所述第一获取单元获取的所述网络终端设备的第一接入地址发送给所述网络接入设备;a sending module, configured to send the first access address of the network terminal device obtained by the first obtaining unit to the network access device;

接收模块,用于接收所述网络接入设备返回的所述网络终端设备的第一接入地址对应的第二接入地址。The receiving module is configured to receive the second access address corresponding to the first access address of the network terminal device returned by the network access device.

可选的,该管理设备还包括:Optionally, the management device also includes:

关联单元,用于比较分别从所述网络终端设备和所述网络接入设备获得的所述网络终端设备的身份标识,确定所述网络终端设备和所述网络接入设备的关联关系。The associating unit is configured to compare the identities of the network terminal equipment obtained from the network terminal equipment and the network access equipment respectively, and determine the association relationship between the network terminal equipment and the network access equipment.

本发明实施例还提供了一种远端设备管理系统,该远端管理系统包括:管理设备,经由网络接入设备耦合到网络终端设备,其中,An embodiment of the present invention also provides a remote device management system, the remote management system includes: a management device coupled to a network terminal device via a network access device, wherein,

该管理设备,用于从所述网络终端设备获取所述网络终端设备的第一接入地址,从所述网络接入设备获得所述网络终端设备的第一接入地址对应的第二接入地址,利用所述第二接入地址向所述网络终端设备发送管理请求;The management device is configured to obtain the first access address of the network terminal device from the network terminal device, and obtain the second access address corresponding to the first access address of the network terminal device from the network access device. address, using the second access address to send a management request to the network terminal device;

该网络接入设备,用于将接收到的所述管理请求转发和/或重定向到所述第一接入地址的网络终端设备。The network access device is configured to forward and/or redirect the received management request to the network terminal device at the first access address.

本发明实施例还提供了一种网络接入设备,该网络接入设备分别耦合到网路终端设备和管理设备上,其中The embodiment of the present invention also provides a network access device, the network access device is respectively coupled to a network terminal device and a management device, wherein

对应关系存储单元,用于存储所述网络终端设备的第一接入地址和所述管理设备访问所述网络终端设备的第二接入地址的地址对应关系;a correspondence storage unit, configured to store the address correspondence between the first access address of the network terminal device and the second access address for the management device to access the network terminal device;

数据转发单元,用于根据所述对应关系存储单元中的地址对应关系转发数据;a data forwarding unit, configured to forward data according to the address correspondence in the correspondence storage unit;

地址提供单元,用于给所述管理设备提供所述网络终端设备的第一接入地址对应的所述第二接入地址。An address providing unit, configured to provide the management device with the second access address corresponding to the first access address of the network terminal device.

其中,上述实施例提到的管理设备包括但不仅限于:自动配置服务器、业务配置服务器、运营支撑系统(OSS)等。Wherein, the management device mentioned in the above embodiment includes but not limited to: automatic configuration server, service configuration server, operation support system (OSS) and so on.

其中,上述提到的第一接入地址可以表示网络终端设备的接入地址,如CPE的接入地址ConnectionRequest URL,第二接入地址可以表示网络接入设备上与CPE的接入地址ConnectionRequest URL具有对应关系的代理接入地址GatewayProxy ConnectionRequest URL。Wherein, the first access address mentioned above may represent the access address of the network terminal equipment, such as the access address ConnectionRequest URL of the CPE, and the second access address may represent the connection address ConnectionRequest URL of the network access device and the CPE Corresponding proxy access address GatewayProxy ConnectionRequest URL.

从上述本发明实施例提供的技术方案可以看出,将网络终端设备的接入地址信息和网络接入设备的接入地址信息通过管理设备来交互可以降低地址被盗使得局域网内的网络终端设备容易受到攻击的风险。另外,采用本发明实施例提供的技术方案不需要对网络接入设备(如网关)进行轮训,可以有效减轻网络终端设备(CPE)和网络接入设备(如网关)的负担。It can be seen from the above-mentioned technical solutions provided by the embodiments of the present invention that exchanging the access address information of the network terminal device and the access address information of the network access device through the management device can reduce address theft and make the network terminal device in the local area network Risk of vulnerability to attack. In addition, adopting the technical solutions provided by the embodiments of the present invention does not require round training of network access devices (such as gateways), and can effectively reduce the burden of network terminal equipment (CPE) and network access devices (such as gateways).

以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。The above is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any person skilled in the art within the technical scope disclosed in the present invention can easily think of changes or Replacement should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (15)

1. 一种远端设备管理方法,其特征在于,该方法应用于管理设备通过网络接入设备与网络终端设备通信连接的系统,该方法包括:1. A remote device management method, characterized in that the method is applied to a system in which the management device communicates with the network terminal device through the network access device, the method comprising: 管理设备接收网络终端设备上报的所述网络终端设备的第一接入地址;The management device receives the first access address of the network terminal device reported by the network terminal device; 管理设备从所述网络接入设备获得所述网络终端设备的第一接入地址对应的第二接入地址,其中,所述网络接入设备根据所述第一接入地址和所述第二接入地址的地址对应关系转发数据;The management device obtains from the network access device a second access address corresponding to the first access address of the network terminal device, wherein the network access device obtains the second access address corresponding to the first access address and the second access address The address correspondence of the access address forwards the data; 管理设备利用获得的第二接入地址向所述网络终端设备发送管理请求。The management device sends a management request to the network terminal device by using the obtained second access address. 2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:2. method according to claim 1, is characterized in that, described method also comprises: 所述网络终端设备和所述网络接入设备交换双方的身份标识,建立关联关系。The network terminal device and the network access device exchange identities of both parties to establish an association relationship. 3. 根据权利要求2所述的方法,其特征在于,所述方法还包括:3. method according to claim 2, is characterized in that, described method also comprises: 管理设备比较从所述网络终端设备获得的所述网络终端设备的身份标识和从所述网络接入设备上获得的所述网络终端设备的身份标识,确定所述网络终端设备和所述网络接入设备的关联关系。The management device compares the identity of the network terminal device obtained from the network terminal device with the identity of the network terminal device obtained from the network access device, and determines that the network terminal device and the network access device Enter the association relationship of the device. 4. 根据权利要求1所述的方法,其特征在于,所述方法还包括:4. method according to claim 1, is characterized in that, described method also comprises: 所述管理设备根据所述网络终端设备的第一接入地址对所述网络接入设备进行相应的地址对应关系配置。The management device performs corresponding address correspondence configuration on the network access device according to the first access address of the network terminal device. 5. 根据权利要求1至4任意一项所述的方法,其特征在于,所述管理设备根据配置结果获得所述网络终端设备的第一接入地址对应的第二接入地址。5. The method according to any one of claims 1 to 4, wherein the management device obtains the second access address corresponding to the first access address of the network terminal device according to the configuration result. 6. 根据权利要求1所述的方法,其特征在于,所述管理设备用所述网络终端设备上报的所述网络终端设备的第一接入地址更新所述网络接入设备中的相应的地址对应关系。6. The method according to claim 1, wherein the management device uses the first access address of the network terminal device reported by the network terminal device to update the corresponding address in the network access device Correspondence. 7. 根据权利要求1至4任意一项所述的方法,其特征在于,所述管理设备从所述网络接入设备获得所述网络终端设备的第一接入地址对应的第二接入地址的步骤具体包括:7. The method according to any one of claims 1 to 4, wherein the management device obtains the second access address corresponding to the first access address of the network terminal device from the network access device The steps specifically include: 所述管理设备从所述网络接入设备获得所述网络终端设备的第一地址对应的第二地址。The management device obtains the second address corresponding to the first address of the network terminal device from the network access device. 8. 根据权利要求1至4任意一项所述的方法,其特征在于,所述管理设备从所述网络接入设备获得所述网络终端设备的第一接入地址对应的第二接入地址的步骤具体包括:8. The method according to any one of claims 1 to 4, wherein the management device obtains the second access address corresponding to the first access address of the network terminal device from the network access device The steps specifically include: 管理设备将所述网络终端设备上报的所述网络终端设备的第一接入地址发送给所述网络接入设备;The management device sends the first access address of the network terminal device reported by the network terminal device to the network access device; 管理设备接收所述网络接入设备返回的所述网络终端设备的第一接入地址对应的第二接入地址。The management device receives the second access address corresponding to the first access address of the network terminal device returned by the network access device. 9. 一种管理设备,通过网络接入设备与网络终端设备通信连接,其特征在于,所述管理设备包括:9. A management device, which is connected to a network terminal device through a network access device, is characterized in that the management device includes: 第一获取单元,用于从所述网络终端设备获取包含所述网络终端设备的第一接入地址的信息;a first obtaining unit, configured to obtain information including a first access address of the network terminal device from the network terminal device; 第二获取单元,用于从所述网络接入设备获得所述网络终端设备的第一接入地址对应的第二接入地址,其中所述网络接入设备根据所述第一接入地址和所述第二接入地址的对应关系转发数据;The second obtaining unit is configured to obtain, from the network access device, a second access address corresponding to the first access address of the network terminal device, wherein the network access device uses the first access address and The corresponding relationship of the second access address forwards data; 管理请求单元,用于根据所述第二接入地址向所述网络终端设备发起管理请求。A management request unit, configured to initiate a management request to the network terminal device according to the second access address. 10. 根据权利要求9所述的管理设备,其特征在于,所述第二获取单元包括:10. The management device according to claim 9, wherein the second acquiring unit comprises: 配置单元,用于根据所述第一获取单元获取的所述网络终端设备的第一接入地址对所述网络接入设备进行相应的地址对应关系配置;A configuration unit, configured to configure corresponding address correspondences for the network access device according to the first access address of the network terminal device obtained by the first obtaining unit; 地址获取单元,用于根据配置单元的配置结果获得所述网络终端设备的第一接入地址对应的第二接入地址。The address obtaining unit is configured to obtain the second access address corresponding to the first access address of the network terminal device according to the configuration result of the configuration unit. 11. 根据权利要求10所述的管理设备,其特征在于,所述管理设备还包括:11. The management device according to claim 10, wherein the management device further comprises: 地址更新单元,用于更新所述网络接入设备地址对应关系。An address updating unit, configured to update the address correspondence of the network access device. 12. 根据权利要求9所述的管理设备,其特征在于,所述第二获取单元包括:12. The management device according to claim 9, wherein the second acquiring unit comprises: 发送模块,用于将所述第一获取单元获取的所述网络终端设备的第一接入地址发送给所述网络接入设备;a sending module, configured to send the first access address of the network terminal device obtained by the first obtaining unit to the network access device; 接收模块,用于接收所述网络接入设备返回的所述网络终端设备的第一接入地址对应的第二接入地址。The receiving module is configured to receive the second access address corresponding to the first access address of the network terminal device returned by the network access device. 13. 根据权利要求9至11、12任意所述的管理设备,其特征在于,所述管理设备还包括:13. The management device according to any of claims 9 to 11, 12, wherein the management device further comprises: 关联单元,用于比较分别从所述网络终端设备和所述网络接入设备获得的所述网络终端设备的身份标识,确定所述网络终端设备和所述网络接入设备的关联关系。The associating unit is configured to compare the identities of the network terminal equipment obtained from the network terminal equipment and the network access equipment respectively, and determine the association relationship between the network terminal equipment and the network access equipment. 14. 一种远端设备管理系统,所述系统包括:管理设备,通过网络接入设备与网络终端设备通信连接,其特征在于,14. A remote device management system, said system comprising: a management device, connected to a network terminal device through a network access device, characterized in that, 所述管理设备,用于从所述网络终端设备获取所述网络终端设备的第一接入地址,从所述网络接入设备获得所述网络终端设备的第一接入地址对应的第二接入地址,利用所述第二接入地址向所述网络终端设备发送管理请求;The management device is configured to obtain the first access address of the network terminal device from the network terminal device, and obtain the second access address corresponding to the first access address of the network terminal device from the network access device. Incoming address, using the second access address to send a management request to the network terminal device; 所述网络接入设备,用于将接收到的所述管理请求转发和/或重定向到所述第一接入地址。The network access device is configured to forward and/or redirect the received management request to the first access address. 15. 一种网络接入设备,其特征在于,所述网路接入设备包括:15. A network access device, characterized in that, the network access device comprises: 对应关系存储单元,用于存储所述网络终端设备的第一接入地址和所述管理设备访问所述网络终端设备的第二接入地址的地址对应关系;a correspondence storage unit, configured to store the address correspondence between the first access address of the network terminal device and the second access address for the management device to access the network terminal device; 数据转发单元,用于根据所述关系存储单元中的地址对应关系转发数据;a data forwarding unit, configured to forward data according to the address correspondence in the relational storage unit; 地址提供单元,用于给所述管理设备提供所述网络终端设备的第一接入地址对应的所述第二接入地址。An address providing unit, configured to provide the management device with the second access address corresponding to the first access address of the network terminal device.
CNA2007100739757A 2007-04-05 2007-04-05 Remote equipment management method, equipment and system Pending CN101282232A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2007100739757A CN101282232A (en) 2007-04-05 2007-04-05 Remote equipment management method, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2007100739757A CN101282232A (en) 2007-04-05 2007-04-05 Remote equipment management method, equipment and system

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN2013102109199A Division CN103346899A (en) 2007-04-05 2007-04-05 Network terminal equipment managing method, network terminal equipment managing device and network terminal equipment managing system

Publications (1)

Publication Number Publication Date
CN101282232A true CN101282232A (en) 2008-10-08

Family

ID=40014527

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2007100739757A Pending CN101282232A (en) 2007-04-05 2007-04-05 Remote equipment management method, equipment and system

Country Status (1)

Country Link
CN (1) CN101282232A (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101702718A (en) * 2009-11-18 2010-05-05 中兴通讯股份有限公司 Method and device for managing user terminal equipment
CN101902741A (en) * 2010-07-21 2010-12-01 中兴通讯股份有限公司 Mobile terminal and network access method thereof
CN102571704A (en) * 2010-12-24 2012-07-11 华为终端有限公司 Management conversation initiating and notifying method, managed terminal and management server
CN101998684B (en) * 2009-08-26 2014-05-21 中国移动通信集团公司 A method, system and device for accessing a terminal
CN104426701A (en) * 2013-09-09 2015-03-18 鼎点视讯科技有限公司 Device treatment method and system for cable modem terminal system (CMTS)
CN104821891A (en) * 2009-11-23 2015-08-05 皇家Kpn公司 Method and system for remote equipment management
CN105357332A (en) * 2015-10-30 2016-02-24 北京数码视讯科技股份有限公司 Network address translation method and device
CN106487864A (en) * 2015-09-02 2017-03-08 华为终端(东莞)有限公司 The method for building up of data cube computation, service end and mobile terminal
CN106888117A (en) * 2017-02-15 2017-06-23 金钱猫科技股份有限公司 A kind of method and system for obtaining network element IP
WO2017107827A1 (en) * 2015-12-23 2017-06-29 阿里巴巴集团控股有限公司 Method and apparatus for isolating environment
WO2017211235A1 (en) * 2016-06-06 2017-12-14 中兴通讯股份有限公司 Client device management method and system, automatic configuration server, and storage medium
CN111130901A (en) * 2019-12-30 2020-05-08 京信通信系统(中国)有限公司 Device management method, device, communication device and storage medium
WO2021018210A1 (en) * 2019-07-30 2021-02-04 华为技术有限公司 Communication method and electronic device
CN113038594A (en) * 2021-04-14 2021-06-25 深圳市共进电子股份有限公司 Network management registration method and device for MESH extended equipment

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101998684B (en) * 2009-08-26 2014-05-21 中国移动通信集团公司 A method, system and device for accessing a terminal
CN101702718A (en) * 2009-11-18 2010-05-05 中兴通讯股份有限公司 Method and device for managing user terminal equipment
CN104821891B (en) * 2009-11-23 2018-11-30 皇家Kpn公司 method and system for remote device management
CN104821891A (en) * 2009-11-23 2015-08-05 皇家Kpn公司 Method and system for remote equipment management
CN101902741A (en) * 2010-07-21 2010-12-01 中兴通讯股份有限公司 Mobile terminal and network access method thereof
CN101902741B (en) * 2010-07-21 2014-07-02 中兴通讯股份有限公司 Mobile terminal and network access method thereof
CN102571704A (en) * 2010-12-24 2012-07-11 华为终端有限公司 Management conversation initiating and notifying method, managed terminal and management server
CN102571704B (en) * 2010-12-24 2015-05-27 华为终端有限公司 Management conversation initiating and notifying method, managed terminal and management server
CN104426701A (en) * 2013-09-09 2015-03-18 鼎点视讯科技有限公司 Device treatment method and system for cable modem terminal system (CMTS)
US10693967B2 (en) 2015-09-02 2020-06-23 Huawei Technologies Co., Ltd. Data connection establishment method, server, and mobile terminal
CN106487864A (en) * 2015-09-02 2017-03-08 华为终端(东莞)有限公司 The method for building up of data cube computation, service end and mobile terminal
CN106487864B (en) * 2015-09-02 2019-09-27 华为终端有限公司 Method for establishing data connection, server and mobile terminal
CN105357332A (en) * 2015-10-30 2016-02-24 北京数码视讯科技股份有限公司 Network address translation method and device
US10798218B2 (en) 2015-12-23 2020-10-06 Alibaba Group Holding Limited Environment isolation method and device
CN106911648A (en) * 2015-12-23 2017-06-30 阿里巴巴集团控股有限公司 One kind is environmentally isolated method and apparatus
CN106911648B (en) * 2015-12-23 2019-12-24 阿里巴巴集团控股有限公司 A kind of environment isolation method and equipment
WO2017107827A1 (en) * 2015-12-23 2017-06-29 阿里巴巴集团控股有限公司 Method and apparatus for isolating environment
WO2017211235A1 (en) * 2016-06-06 2017-12-14 中兴通讯股份有限公司 Client device management method and system, automatic configuration server, and storage medium
CN106888117A (en) * 2017-02-15 2017-06-23 金钱猫科技股份有限公司 A kind of method and system for obtaining network element IP
WO2021018210A1 (en) * 2019-07-30 2021-02-04 华为技术有限公司 Communication method and electronic device
US12081509B2 (en) 2019-07-30 2024-09-03 Huawei Technologies Co., Ltd. Communication method and electronic device for communicating from a mobile communications network to a network device and a router
CN111130901A (en) * 2019-12-30 2020-05-08 京信通信系统(中国)有限公司 Device management method, device, communication device and storage medium
WO2021136175A1 (en) * 2019-12-30 2021-07-08 京信网络系统股份有限公司 Device management method, apparatus, communication device, and storage medium
CN111130901B (en) * 2019-12-30 2021-12-21 京信网络系统股份有限公司 Device management method, device, communication device and storage medium
CN113038594A (en) * 2021-04-14 2021-06-25 深圳市共进电子股份有限公司 Network management registration method and device for MESH extended equipment

Similar Documents

Publication Publication Date Title
CN101282232A (en) Remote equipment management method, equipment and system
US8451826B2 (en) Method, system and apparatus for verifying validity of location information in a packet-switched network
CN101296203B (en) Device, system and method for automatically configuring application terminal in family network
US8019880B2 (en) Method for distributing service according to terminal type
US6754622B1 (en) Method for network address table maintenance in a data-over-cable system using destination reachibility
JP5876877B2 (en) Telecommunication network and method and system for efficient use of connection between telecommunication network and customer premises equipment
US9661147B2 (en) Method, system and apparatus for intelligently handling a request for a communication session
CN102845123B (en) Virtual private cloud connection method and tunnel proxy server
US6697862B1 (en) System and method for network address maintenance using dynamic host configuration protocol messages in a data-over-cable system
CN102158563B (en) Method, system and device for acquiring IPv6 (Internet Protocol Version 6) configuration information from IPv6 transition network
EP2515480B1 (en) Method and system for implementing configuration management of devices in network
US6654387B1 (en) Method for network address table maintenance in a data-over-cable system using a network device registration procedure
CN104521189B (en) Method, device and system for obtaining services by network terminal
US11356487B2 (en) Method, system and apparatus for causing a communication client to join a media-over-packet communication session
CN101668049A (en) Method and device for reporting address, method and device for establishing connection and communication system
KR20110060895A (en) Methods and gateways for providing multiple Internet access
CA2670496C (en) Method, system and apparatus for logging into a communication client
KR20120036973A (en) Method for providing information, home gateway and home network system
WO2013113201A1 (en) Sip server address acquisition method and device
CN103346899A (en) Network terminal equipment managing method, network terminal equipment managing device and network terminal equipment managing system
WO2017219856A1 (en) Circuit verification processing method and system, controller, and computer storage medium
CN101409703B (en) Method for discovering network middle/remote terminal server by terminal equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20081008