[go: up one dir, main page]

CN102158567A - Equipment configuration method, policy server and network address translation (NAT) equipment - Google Patents

Equipment configuration method, policy server and network address translation (NAT) equipment Download PDF

Info

Publication number
CN102158567A
CN102158567A CN2011100922778A CN201110092277A CN102158567A CN 102158567 A CN102158567 A CN 102158567A CN 2011100922778 A CN2011100922778 A CN 2011100922778A CN 201110092277 A CN201110092277 A CN 201110092277A CN 102158567 A CN102158567 A CN 102158567A
Authority
CN
China
Prior art keywords
user
policy server
alg
configuration
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011100922778A
Other languages
Chinese (zh)
Other versions
CN102158567B (en
Inventor
张东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Huawei Technology Co Ltd
Original Assignee
Huawei Symantec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Symantec Technologies Co Ltd filed Critical Huawei Symantec Technologies Co Ltd
Priority to CN201110092277.8A priority Critical patent/CN102158567B/en
Publication of CN102158567A publication Critical patent/CN102158567A/en
Application granted granted Critical
Publication of CN102158567B publication Critical patent/CN102158567B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提供一种设备配置方法、策略服务器及网络地址转换设备。其中方法包括:策略服务器接收来自于用户的登录请求后,对用户进行AAA认证,以验证所述用户的权限等级;当权限等级为允许登录时,使所述用户登录到所述策略服务器;登录成功后,当策略服务器接收到来自于所述用户的配置请求且所述权限等级为允许配置时,将所述配置请求中携带的ALG应用层网关软件包下发到CGN运营商级网络地址转换设备上,以在所述CGN设备上启用用户自定义的ALG功能。本发明使用户能够按照自己的需求操作NAT设备的行为特性,使NAT设备能够按照用户所配置的策略对用户的报文进行不同的操作处理,从而提高了控制的灵活性。

Figure 201110092277

The invention provides a device configuration method, a policy server and a network address conversion device. The method includes: after the policy server receives the login request from the user, it performs AAA authentication on the user to verify the user's authority level; when the authority level is to allow login, the user is allowed to log in to the policy server; After success, when the policy server receives the configuration request from the user and the permission level is to allow configuration, it will send the ALG application layer gateway software package carried in the configuration request to the CGN operator-level network address translation device to enable the user-defined ALG function on the CGN device. The invention enables the user to operate the behavior characteristics of the NAT device according to the user's needs, and enables the NAT device to perform different operations and processing on the user's message according to the strategy configured by the user, thereby improving the flexibility of control.

Figure 201110092277

Description

设备配置方法、策略服务器及网络地址转换设备Device configuration method, policy server and network address translation device

技术领域technical field

本发明涉及一种设备配置方法、策略服务器及网络地址转换设备。The invention relates to a device configuration method, a policy server and a network address conversion device.

背景技术Background technique

网络地址转换(Network Address Translation,NAT)设备是一种用于在IP数据包通过路由器或防火墙时重写源IP地址或/和目的IP地址的设备。用户分配“私网”IP地址而将“公网”IP地址交由NAT,用户统一通过NAT翻译后的IP地址访问互联网,从而大大节约了公网IP地址。运营商级NAT(Carrier Grade NAT,CGN)设备是部署在运营商网络中的NAT设备,为多个用户统一提供地址翻译的功能。A Network Address Translation (NAT) device is a device used to rewrite the source IP address or/and destination IP address when an IP data packet passes through a router or firewall. Users allocate "private network" IP addresses and hand over "public network" IP addresses to NAT, and users uniformly access the Internet through the IP addresses translated by NAT, thus greatly saving public network IP addresses. Carrier Grade NAT (CGN) device is a NAT device deployed in the carrier network, which provides address translation function for multiple users.

在现有技术中,CGN设备部署在运营商网络中,由运营商管理,其所支持的应用层网关(Application Layer Gateway,ALG)都是由设备商开发的。管理员通过手工配置的方式开启或关闭CGN设备上所支持的ALG,因此,所有用户能够使用的ALG的策略和种类都是相同的。另外,路由地址中的端口与地址的映射也是由用户向运营商申请后,由管理员手工配置到CGN设备上的。In the prior art, the CGN equipment is deployed in the operator's network and is managed by the operator, and the supported Application Layer Gateway (Application Layer Gateway, ALG) is all developed by the equipment manufacturer. The administrator enables or disables the ALG supported on the CGN device through manual configuration. Therefore, all users can use the same ALG policy and type. In addition, the mapping between the port and the address in the routing address is also manually configured on the CGN device by the administrator after the user applies to the operator.

可见现有技术中,所有的用户通常只能使用CGN设备上自带的ALG,而自带的ALG所能支持的应用的种类和数量是有限的。如果用户想自己开发了一个新的应用,那么这个新应用就会因为受到CGN设备的制约而不能够使用。而且,如果用户要对公网提供一个服务,比如web服务,还需要要求运营商为自己配置端口与地址的映射。It can be seen that in the prior art, all users usually can only use the built-in ALG of the CGN device, and the types and quantities of applications supported by the built-in ALG are limited. If the user wants to develop a new application by himself, then this new application will not be able to be used because it is restricted by the CGN equipment. Moreover, if the user wants to provide a service to the public network, such as a web service, he also needs to ask the operator to configure port-to-address mapping for himself.

因此,基于现有的CGN设备不能允许用户按照自己的需要直接控制NAT设备的行为,从而缺少灵活性。Therefore, based on the existing CGN equipment, the user cannot directly control the behavior of the NAT equipment according to his needs, thus lacking flexibility.

发明内容Contents of the invention

本发明提供一种设备配置方法、策略服务器及网络地址转换设备,用以使用户能够灵活的控制自己要使用的NAT设备的行为特性。The invention provides a device configuration method, a policy server and a network address translation device, which are used to enable users to flexibly control the behavior characteristics of the NAT devices they want to use.

本发明一方面提供一种设备配置方法,其中包括:One aspect of the present invention provides a device configuration method, which includes:

策略服务器接收来自于用户的登录请求后,对所述用户进行AAA认证,以验证所述用户的权限等级;After receiving the login request from the user, the policy server performs AAA authentication on the user to verify the authority level of the user;

当所述权限等级为允许登录时,使所述用户登录到所述策略服务器;When the permission level is to allow login, enable the user to log in to the policy server;

登录成功后,当所述策略服务器接收到来自于所述用户的配置请求且所述权限等级为允许配置时,将所述配置请求中携带的ALG应用层网关软件包下发到CGN运营商级网络地址转换设备上,以在所述CGN设备上启用用户自定义的ALG功能。After the login is successful, when the policy server receives the configuration request from the user and the permission level is to allow configuration, it sends the ALG application layer gateway software package carried in the configuration request to the CGN operator level on the network address translation device, so as to enable the user-defined ALG function on the CGN device.

本发明另一方面提供另一种设备配置方法,其中包括:Another aspect of the present invention provides another device configuration method, which includes:

接收来自策略服务器的ALG软件包;Receive ALG packages from the policy server;

安装所述ALG软件包,以启用用户自定义的ALG功能。Install the ALG package to enable user-defined ALG functions.

本发明又一方面提供一种策略服务器,其中包括:Another aspect of the present invention provides a policy server, including:

用户交互模块,用于接收来自于用户的登录请求和配置请求;The user interaction module is used to receive login requests and configuration requests from users;

权限认证模块,用于根据用户交互模块接收到的所述登录请求对所述用户进行AAA认证,以验证所述用户的权限等级,当所述权限等级为允许登录时,使所述用户登录到所述策略服务器;The authority authentication module is used to perform AAA authentication on the user according to the login request received by the user interaction module to verify the user's authority level, and when the authority level is to allow login, the user is logged in to said policy server;

策略下发模块,用于当用户交互模块接收到来自于所述用户的配置请求且权限认证模块验证出的所述权限等级为允许配置时,将所述配置请求中携带的的ALG软件包下发到CGN设备上,以在所述CGN设备上启用用户自定义的ALG功能。A strategy delivery module, configured to download the ALG software package carried in the configuration request when the user interaction module receives a configuration request from the user and the permission level verified by the permission authentication module is to allow configuration. sent to the CGN device, so as to enable the user-defined ALG function on the CGN device.

本发明再一方面提供一种网络地址转换设备,其中包括:Another aspect of the present invention provides a network address translation device, which includes:

接收模块,用于接收来自策略服务器的ALG软件包;A receiving module, configured to receive the ALG software package from the policy server;

配置模块,用于安装所述接收模块接收的ALG软件包,以启用用户自定义的ALG功能。The configuration module is used to install the ALG software package received by the receiving module, so as to enable user-defined ALG functions.

本发明使用户能够按照自己的需求操作NAT设备的行为特性,使NAT设备能够按照用户所配置的策略对用户的报文进行不同的操作处理,从而提高了控制的灵活性。The invention enables the user to operate the behavior characteristics of the NAT device according to the user's requirement, and enables the NAT device to perform different operations and processing on the user's message according to the strategy configured by the user, thereby improving the flexibility of control.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1为本发明所述设备配置方法实施例一的流程图;FIG. 1 is a flow chart of Embodiment 1 of the device configuration method of the present invention;

图2为本发明所述设备配置方法实施例二的流程图;FIG. 2 is a flow chart of Embodiment 2 of the device configuration method of the present invention;

图3为本发明所述通信系统实施例的结构示意图;FIG. 3 is a schematic structural diagram of an embodiment of the communication system of the present invention;

图4为图3所示策略服务器10的结构示意图;FIG. 4 is a schematic structural diagram of the policy server 10 shown in FIG. 3;

图5为图4所示权限认证模块12的结构示意图;FIG. 5 is a schematic structural diagram of the authority authentication module 12 shown in FIG. 4;

图6为图3所示CGN设备30的结构示意图。FIG. 6 is a schematic structural diagram of the CGN device 30 shown in FIG. 3 .

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

图1为本发明所述设备配置方法实施例一的流程图,如图所示,该方法包括:Fig. 1 is a flowchart of Embodiment 1 of the device configuration method of the present invention. As shown in the figure, the method includes:

步骤110,策略服务器接收来自于用户的登录请求后,对所述用户进行AAA认证,以验证所述用户的权限等级。Step 110, after receiving the login request from the user, the policy server performs AAA authentication on the user to verify the user's authority level.

具体地,所述策略服务器可以基于Web协议或安全外壳协议(Secure She11 Protocol,简称:SSH)或现有的其他安全协议来接收来自于用户的登录请求。此后,可以先向认证系统发送用户权限验证请求,然后由该认证系统根据所述用户权限验证请求查找所述用户的权限等级并回复给所述策略服务器。其中,所述认证系统为验证、授权和记账(Authentication、Authorization、Accounting,简称:AAA)系统。Specifically, the policy server may receive a login request from a user based on a Web protocol or a Secure Shell Protocol (Secure Shell Protocol, SSH for short) or other existing security protocols. Thereafter, a user authority verification request may be sent to the authentication system first, and then the authentication system searches for the authority level of the user according to the user authority verification request and replies to the policy server. Wherein, the authentication system is an authentication, authorization, and accounting (Authentication, Authorization, Accounting, AAA for short) system.

步骤120,当所述权限等级为允许登录时,使所述用户登录到所述策略服务器。Step 120, when the permission level is to allow login, enable the user to log in to the policy server.

步骤130,登录成功后,当所述策略服务器接收到来自于所述用户的配置请求且所述权限等级为允许配置时,将所述配置请求中携带的的ALG应用层网关软件包下发到CGN运营商级网络地址转换设备上,以在所述CGN设备上启用用户自定义的ALG功能。Step 130, after the login is successful, when the policy server receives the configuration request from the user and the permission level is to allow configuration, it sends the ALG application layer gateway software package carried in the configuration request to On the CGN carrier-class network address translation device, to enable the user-defined ALG function on the CGN device.

此后,所述CGN设备将接收到的ALG软件包安装到该CGN设备上,以实现对ALG操作的控制。本发明实施例中的CGN设备设置有软件开发工具包(Software Development Kit,简称:SDK)功能,可以接收并安装用户配置的ALG软件包。Thereafter, the CGN device installs the received ALG software package on the CGN device, so as to control the ALG operation. The CGN device in the embodiment of the present invention is provided with a software development kit (Software Development Kit, referred to as: SDK) function, which can receive and install the ALG software package configured by the user.

本实施例所述方法使用户能够按照自己的需求操作NAT设备的行为特性,使NAT设备能够按照用户所配置的策略对用户的报文进行不同的操作处理,从而提高了控制的灵活性。The method described in this embodiment enables the user to operate the behavior characteristics of the NAT device according to his own needs, and enables the NAT device to perform different operations and processing on the user's message according to the policy configured by the user, thereby improving the flexibility of control.

图2为本发明所述设备配置方法实施例二的流程图,如图所示,包括如下步骤:FIG. 2 is a flow chart of Embodiment 2 of the device configuration method of the present invention, as shown in the figure, including the following steps:

步骤210,接收来自策略服务器的ALG软件包。Step 210, receiving the ALG software package from the policy server.

其中,所述ALG软件包携带于用户在登录成功后发送给所述策略服务器的配置请求中。Wherein, the ALG software package is carried in the configuration request sent to the policy server by the user after successful login.

步骤220,安装所述ALG软件包,以启用用户自定义的ALG功能。Step 220, install the ALG software package to enable user-defined ALG functions.

另外,可选地,还可以进一步包括如下步骤:In addition, optionally, the following steps may be further included:

步骤230,设置程序开发接口,以使用户能基于所述程序开发接口,开发所述ALG软件包,并通过所述程序开发接口进行安装。Step 230, setting the program development interface, so that the user can develop the ALG software package based on the program development interface, and install it through the program development interface.

本实施例所述方法使用户能够按照自己的需求操作NAT设备的行为特性,使NAT设备能够按照用户所配置的策略对用户的报文进行不同的操作处理,从而提高了控制的灵活性,并且使网络地址转换设备具备自定义功能。The method described in this embodiment enables the user to operate the behavior characteristics of the NAT device according to his own needs, and enables the NAT device to perform different operations on the user's message according to the policy configured by the user, thereby improving the flexibility of control, and Enables customization of the Network Address Translation device.

图3为本发明所述通信系统实施例的结构示意图,为了实现上述方法,如图所示,该系统包括:策略服务器10、认证系统20和CGN设备30,例如可以通过宽带远程接入服务器(Broadband Remote Access Server,简称:BRAS)与私网中的用户通信连接。其中,如图4所示,策略服务器10包括:用户交互模块11、权限认证模块12和策略下发模块13,其工作原理如下:FIG. 3 is a schematic structural diagram of an embodiment of the communication system of the present invention. In order to implement the above method, as shown in the figure, the system includes: a policy server 10, an authentication system 20, and a CGN device 30. For example, the server can be remotely accessed through broadband ( Broadband Remote Access Server, referred to as: BRAS) communicates with users in the private network. Wherein, as shown in Figure 4, the policy server 10 includes: a user interaction module 11, an authority authentication module 12 and a policy delivery module 13, and its working principle is as follows:

策略服务器10的用户交互模块11接收来自于用户的登录请求后,由权限认证模块12根据用户交互模块11接收到的所述登录请求对所述用户进行AAA认证,以验证所述用户的权限等级。具体地,如图5所示,权限认证模块12先通过发送单元1201向认证系统20发送用户权限验证请求;所述认证系统20根据来自于所述策略服务器10的用户权限验证请求查找相应用户的权限等级并回复给所述策略服务器10;此后,权限认证模块12通过接收单元1202接收由所述认证系统20回复的所述用户的权限等级。当所述权限等级为允许登录时,使所述用户登录到所述策略服务器10。After the user interaction module 11 of the policy server 10 receives the login request from the user, the authority authentication module 12 performs AAA authentication on the user according to the login request received by the user interaction module 11 to verify the user's authority level . Specifically, as shown in FIG. 5 , the authority authentication module 12 first sends a user authority verification request to the authentication system 20 through the sending unit 1201; Then, the authority authentication module 12 receives the authority level of the user replied by the authentication system 20 through the receiving unit 1202 . When the authority level is to allow login, the user is enabled to log in to the policy server 10 .

登录成功后,当用户交互模块11接收到来自于所述用户的配置请求且权限认证模块12验证出的所述权限等级为允许配置时,由策略下发模块13将所述配置请求中携带的ALG软件包下发到CGN设备30上。After the login is successful, when the user interaction module 11 receives a configuration request from the user and the permission level verified by the permission authentication module 12 is to allow configuration, the policy issuing module 13 will send the configuration request carried in the configuration request The ALG software package is delivered to the CGN device 30 .

此后,如图6所示,CGN设备30通过接收模块31接收来自所述策略服务器10的ALG软件包;然后由配置模块32安装所述接收模块31接收的ALG软件包,以启用用户自定义的ALG功能。Thereafter, as shown in Figure 6, the CGN device 30 receives the ALG software package from the policy server 10 through the receiving module 31; then the configuration module 32 installs the ALG software package received by the receiving module 31 to enable user-defined ALG function.

另外,该CGN设备30中还可以进一步设置有程序开发接口33,用于提供程序开发接口,以使用户能基于所述程序开发接口,开发ALG软件包,并通过所述程序开发接口进行安装,从而提高该CGN设备30的自定义性能。In addition, the CGN device 30 may be further provided with a program development interface 33 for providing a program development interface, so that users can develop ALG software packages based on the program development interface, and install them through the program development interface, Therefore, the customization performance of the CGN device 30 is improved.

本实施例所述系统使用户能够按照自己的需求操作NAT设备的行为特性,使NAT设备能够按照用户所配置的策略对用户的报文进行不同的操作处理,从而提高了控制的灵活性。The system described in this embodiment enables the user to operate the behavior characteristics of the NAT device according to his own needs, and enables the NAT device to perform different operations and processing on the user's message according to the policy configured by the user, thereby improving the flexibility of control.

本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps for realizing the above-mentioned method embodiments can be completed by hardware related to program instructions, and the aforementioned program can be stored in a computer-readable storage medium. When the program is executed, the It includes the steps of the above method embodiments; and the aforementioned storage medium includes: ROM, RAM, magnetic disk or optical disk and other various media that can store program codes.

最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be Modifications are made to the technical solutions described in the foregoing embodiments, or equivalent replacements are made to some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present invention.

Claims (9)

1.一种设备配置方法,其特征在于,包括:1. A device configuration method, characterized in that, comprising: 策略服务器接收来自于用户的登录请求后,对所述用户进行AAA认证,以验证所述用户的权限等级;After receiving the login request from the user, the policy server performs AAA authentication on the user to verify the authority level of the user; 当所述权限等级为允许登录时,使所述用户登录到所述策略服务器;When the permission level is to allow login, enable the user to log in to the policy server; 登录成功后,当所述策略服务器接收到来自于所述用户的配置请求且所述权限等级为允许配置时,将所述配置请求中携带的ALG应用层网关软件包下发到CGN运营商级网络地址转换设备上,以在所述CGN设备上启用用户自定义的ALG功能。After the login is successful, when the policy server receives the configuration request from the user and the permission level is to allow configuration, it sends the ALG application layer gateway software package carried in the configuration request to the CGN operator level on the network address translation device, so as to enable the user-defined ALG function on the CGN device. 2.根据权利要求1所述的方法,其特征在于,所述验证所述用户的权限等级包括:2. The method according to claim 1, wherein the verification of the user's authority level comprises: 向认证系统发送用户权限验证请求;Send a user permission verification request to the authentication system; 所述认证系统根据所述用户权限验证请求查找所述用户的权限等级并回复给所述策略服务器。The authentication system looks up the user's authority level according to the user authority verification request and replies to the policy server. 3.根据权利要求1所述的方法,其特征在于所述策略服务器接收来自于用户的登录请求包括:所述策略服务器基于Web协议或SSH安全外壳协议接收来自于用户的登录请求。3. The method according to claim 1, wherein the policy server receiving the login request from the user comprises: the policy server receiving the login request from the user based on the Web protocol or the SSH secure shell protocol. 4.一种设备配置方法,其特征在于,包括:4. A device configuration method, characterized in that, comprising: 接收来自策略服务器的ALG软件包;Receive ALG packages from the policy server; 安装所述ALG软件包,以启用用户自定义的ALG功能。Install the ALG package to enable user-defined ALG functions. 5.根据权利要求4所述的方法,其特征在于,所述方法还包括,设置程序开发接口,以使用户能基于所述程序开发接口,开发所述ALG软件包,并通过所述程序开发接口进行安装。5. The method according to claim 4, characterized in that, the method also includes setting a program development interface, so that the user can develop the ALG software package based on the program development interface, and through the program development interface for installation. 6.一种策略服务器,其特征在于,包括:6. A policy server, characterized in that, comprising: 用户交互模块,用于接收来自于用户的登录请求和配置请求;The user interaction module is used to receive login requests and configuration requests from users; 权限认证模块,用于根据用户交互模块接收到的所述登录请求对所述用户进行AAA认证,以验证所述用户的权限等级,当所述权限等级为允许登录时,使所述用户登录到所述策略服务器;The authority authentication module is used to perform AAA authentication on the user according to the login request received by the user interaction module to verify the user's authority level, and when the authority level is to allow login, the user is logged in to said policy server; 策略下发模块,用于当用户交互模块接收到来自于所述用户的配置请求且权限认证模块验证出的所述权限等级为允许配置时,将所述配置请求中携带的的ALG软件包下发到CGN设备上,以在所述CGN设备上启用用户自定义的ALG功能。A strategy delivery module, configured to download the ALG software package carried in the configuration request when the user interaction module receives a configuration request from the user and the permission level verified by the permission authentication module is to allow configuration. sent to the CGN device, so as to enable the user-defined ALG function on the CGN device. 7.根据权利要求6所述的策略服务器,其特征在于,所述权限认证模块包括:7. The policy server according to claim 6, wherein the authority authentication module comprises: 发送单元,用于向认证系统发送用户权限验证请求;a sending unit, configured to send a user authority verification request to the authentication system; 接收单元,用于接收由所述认证系统回复的所述用户的权限等级。A receiving unit, configured to receive the authority level of the user replied by the authentication system. 8.一种网络地址转换设备,其特征在于,包括:8. A network address translation device, characterized in that it comprises: 接收模块,用于接收来自策略服务器的ALG软件包;A receiving module, configured to receive the ALG software package from the policy server; 配置模块,用于安装所述接收模块接收的ALG软件包,以启用用户自定义的ALG功能。The configuration module is used to install the ALG software package received by the receiving module, so as to enable user-defined ALG functions. 9.根据权利要求8所述的网络地址转换设备,其特征在于,所述网络地址转换设备还包括:程序开发接口,用于提供程序开发接口,以使用户能基于所述程序开发接口,开发ALG软件包,并通过所述程序开发接口进行安装。9. The network address translation device according to claim 8, wherein the network address translation device further comprises: a program development interface for providing a program development interface, so that users can develop programs based on the program development interface ALG software package and install it through the program development interface.
CN201110092277.8A 2011-04-13 2011-04-13 Equipment configuration method, strategic server and network address translation apparatus Expired - Fee Related CN102158567B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110092277.8A CN102158567B (en) 2011-04-13 2011-04-13 Equipment configuration method, strategic server and network address translation apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110092277.8A CN102158567B (en) 2011-04-13 2011-04-13 Equipment configuration method, strategic server and network address translation apparatus

Publications (2)

Publication Number Publication Date
CN102158567A true CN102158567A (en) 2011-08-17
CN102158567B CN102158567B (en) 2016-08-03

Family

ID=44439741

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110092277.8A Expired - Fee Related CN102158567B (en) 2011-04-13 2011-04-13 Equipment configuration method, strategic server and network address translation apparatus

Country Status (1)

Country Link
CN (1) CN102158567B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013091241A1 (en) * 2011-12-23 2013-06-27 France Telecom Research & Development Beijing Company Limited Method, gateway and system for managing alg functionality
CN106503493A (en) * 2016-11-03 2017-03-15 Tcl集团股份有限公司 A kind of application rights management method and system
US9736316B2 (en) 2014-04-17 2017-08-15 Institute For Information Industry Network address translation traversal system and method for real-time communications
CN113518133A (en) * 2021-05-26 2021-10-19 北京天融信网络安全技术有限公司 Information configuration method and device and communication equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1815971A (en) * 2005-02-03 2006-08-09 杭州华为三康技术有限公司 Green internet-accessing system based on concentrated management and dictributed control, and method therefor
US20080074993A1 (en) * 2006-09-27 2008-03-27 Kati Vainola UMA classmark information
CN101183968A (en) * 2006-11-14 2008-05-21 中兴通讯股份有限公司 A gateway device registration and automatic configuration method
CN101321262A (en) * 2008-07-11 2008-12-10 中国网络通信集团公司 Network TV value-added service system and method for realizing service combination
CN101374338A (en) * 2007-08-25 2009-02-25 华为技术有限公司 A method, entity and system for implementing user policy self-service

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1815971A (en) * 2005-02-03 2006-08-09 杭州华为三康技术有限公司 Green internet-accessing system based on concentrated management and dictributed control, and method therefor
US20080074993A1 (en) * 2006-09-27 2008-03-27 Kati Vainola UMA classmark information
CN101183968A (en) * 2006-11-14 2008-05-21 中兴通讯股份有限公司 A gateway device registration and automatic configuration method
CN101374338A (en) * 2007-08-25 2009-02-25 华为技术有限公司 A method, entity and system for implementing user policy self-service
CN101321262A (en) * 2008-07-11 2008-12-10 中国网络通信集团公司 Network TV value-added service system and method for realizing service combination

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013091241A1 (en) * 2011-12-23 2013-06-27 France Telecom Research & Development Beijing Company Limited Method, gateway and system for managing alg functionality
US9736316B2 (en) 2014-04-17 2017-08-15 Institute For Information Industry Network address translation traversal system and method for real-time communications
CN106503493A (en) * 2016-11-03 2017-03-15 Tcl集团股份有限公司 A kind of application rights management method and system
CN106503493B (en) * 2016-11-03 2020-10-16 Tcl科技集团股份有限公司 Application authority management method and system
CN113518133A (en) * 2021-05-26 2021-10-19 北京天融信网络安全技术有限公司 Information configuration method and device and communication equipment

Also Published As

Publication number Publication date
CN102158567B (en) 2016-08-03

Similar Documents

Publication Publication Date Title
US9331998B2 (en) Dynamic secured network in a cloud environment
US9154378B2 (en) Architecture for virtualized home IP service delivery
JP5318111B2 (en) Various methods and apparatus for a central management station for automatically distributing configuration information to remote devices
CN106487788B (en) A kind of user access method, SDN controller, forwarding device and subscriber access system
CN102136938B (en) Method and device for providing user information for carried grade network address translation (CGN) equipment
CN105228121B (en) Subscriber management using REST-like interface
CN101340334A (en) A network access method, system and device
CN101729500B (en) Method, device and system for identifying IP session
CN101247297A (en) Device, system and method for automatically configuring application terminal in home network
CN107211051A (en) For integrated inside and the method and system of cloud domain name system
CN102598592A (en) Smart Client Routing
CN102771149A (en) System and method for managing IPv6 address and access policy
CN103095705B (en) The method and apparatus of isolated area main frame in access local area network (LAN)
CN103701628A (en) Home gateway configuration management method, virtual home gateway and optical network terminal
CN106302353A (en) Identity authentication method, identity authentication system and related equipment
JP5172799B2 (en) VPN setting system, VPN setting method and VPN setting program
WO2012089001A1 (en) Ip address allocation method and device
CN103067407B (en) The authentication method and device of accessing user terminal to network
CN102158567B (en) Equipment configuration method, strategic server and network address translation apparatus
JP6329947B2 (en) Method for configuring network nodes of a telecommunication network, telecommunication network, program, and computer program
CN101867509B (en) Device, system and method for automatically configuring application terminal in household network
CN107342972B (en) Method and device for realizing remote access
CN1411223A (en) Method and device for realizing virtual GGSN of enterprise inserting business
CN108076025A (en) The register method and device of the network equipment
CN105871782B (en) Network service processing method, device, business router and platform authentication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent of invention or patent application
CB02 Change of applicant information

Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Applicant after: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd.

Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Applicant before: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES Co.,Ltd.

COR Change of bibliographic data

Free format text: CORRECT: APPLICANT; FROM: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD. TO: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD.

C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220831

Address after: No. 1899 Xiyuan Avenue, high tech Zone (West District), Chengdu, Sichuan 610041

Patentee after: Chengdu Huawei Technologies Co.,Ltd.

Address before: 611731 Qingshui River District, Chengdu hi tech Zone, Sichuan, China

Patentee before: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160803