[go: up one dir, main page]

WO2016180020A1 - Procédé, dispositif et système de traitement de message - Google Patents

Procédé, dispositif et système de traitement de message Download PDF

Info

Publication number
WO2016180020A1
WO2016180020A1 PCT/CN2015/097553 CN2015097553W WO2016180020A1 WO 2016180020 A1 WO2016180020 A1 WO 2016180020A1 CN 2015097553 W CN2015097553 W CN 2015097553W WO 2016180020 A1 WO2016180020 A1 WO 2016180020A1
Authority
WO
WIPO (PCT)
Prior art keywords
gre
packet
tunnel
user
access device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2015/097553
Other languages
English (en)
Chinese (zh)
Inventor
唐亮
蒋维廉
韩涛
王滨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2016180020A1 publication Critical patent/WO2016180020A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling

Definitions

  • the present invention relates to the field of network technologies, and in particular, to a packet processing method, device, and system.
  • Tunneling is a way to pass data between networks by using the infrastructure of the Internet.
  • CPE customer premises equipment
  • DHCP dynamic host configuration protocol
  • Universal Plug and Play Universal Plug and Play
  • Server UPnP server
  • TR069 protocol Technical Report 069
  • user management functions user management functions
  • NAT network address translation
  • the multi-functional integration of CPE also causes an increase in the operation and maintenance and management costs of the existing network.
  • the different functions of the CPE can be decomposed into different devices, for example, the control plane function is decomposed into a Broadband Remote Access Server (BRAS).
  • BRAS Broadband Remote Access Server
  • the Layer 2 client-side device L2-CPE Only the basic Layer 2 forwarding function is required.
  • the BRAS device encapsulates the L2-CPE user traffic into different Generic Routing Encapsulation (GRE) and sends it to the carrier-level network address translation through the tunnel. , CGN) equipment.
  • GRE Generic Routing Encapsulation
  • the foregoing method of the prior art needs to configure an independent GRE tunnel for each user end, and at least the following problems exist: (1) For a large number of users, a large number of GRE tunnels need to be set to support, and the overhead of the tunnel resources is increased. (2) GRE tunnel is statically configured for mass use The client will greatly increase the configuration of the client; (3) The massive GRE tunnel enables Keep alive detection, which increases system overhead and occupies a large amount of network resources.
  • the embodiments of the present invention provide a packet processing method, device, and system, so as to reduce the overhead of tunnel resources when accessing a large number of users.
  • a message processing method includes:
  • the access device establishes at least one tunnel with the CGN device
  • the first data packet sent by the first user end is GRE-encapsulated to obtain a first GRE packet, where the first GRE packet carries the first user identifier;
  • the access device sends the first GRE message to the CGN device by using the at least one tunnel.
  • the method further includes:
  • the access device receives a second GRE message sent by the CGN device through the at least one tunnel, where the second GRE message is a second data packet sent by the CGN device to the server to the second user end.
  • the second GRE packet carries the second user identifier corresponding to the second user end.
  • the access device sends the second data packet to the second user end.
  • the GRE header of the first GRE packet carries the first user identifier.
  • the method before the sending the first GRE message by using the at least one tunnel, the method further includes: performing Internet protocol security on the first GRE message (English full name: Internet Protocol Security, English abbreviation: IPsec) protocol encapsulation.
  • Internet protocol security English full name: Internet Protocol Security, English abbreviation: IPsec
  • a second aspect is a message processing method, where the method is applied to a CGN device, and the CGN device and the access device include at least one tunnel established by the access device, and the method includes:
  • the CGN device Receiving, by the CGN device, the first GRE packet sent by the access device by using the at least one tunnel, where the first GRE packet is sent by the access device to the first data packet from the first user end
  • the first GRE packet carries the first user identifier corresponding to the first user end, as obtained by the GRE encapsulation;
  • the CGN device sends the first data packet to a server.
  • the method further includes:
  • the CGN device sends the second GRE message to the access device by using the at least one tunnel.
  • the GRE header of the first GRE packet carries the first user identifier.
  • the sending, by using the at least one tunnel Before the second GRE packet the method further includes: performing the second GRE packet IPsec encapsulation.
  • an access device includes at least one tunnel between the access device and the CGN device; the access device includes:
  • a first receiving unit configured to receive a first data packet sent by the first user end
  • a processing unit configured to acquire an address of the first user end from the first data packet, and acquire a first user identifier corresponding to the first user end according to a mapping relationship between the user end address and the user identifier, where the first The first GRE packet carries the first user identifier, and the first GRE packet carries the first user identifier.
  • the first sending unit is configured to send the first GRE message to the CGN device by using the at least one tunnel.
  • the access device further includes: a second receiving unit and a second sending unit, where:
  • the second receiving unit is configured to receive a second GRE message that is sent by the CGN device by using the at least one tunnel, where the second GRE message is sent by the CGN device to the second user end of the server.
  • the second data message is obtained by the GRE encapsulation, and the second GRE message carries the second user identifier corresponding to the second user end.
  • the processing unit is configured to decapsulate the second GRE message and the second user identifier, and obtain the second data packet;
  • the second sending unit is configured to send the second data packet to the second user end.
  • the GRE header of the first GRE packet carries the first user identifier.
  • the processing unit is further configured to send, by using the at least one tunnel
  • the first GRE packet is IPsec encapsulated before the first GRE packet.
  • a CGN device where the CGN device and the access device include at least one a tunnel established by the access device; the CGN device includes:
  • a first receiving unit configured to receive a first universal routing encapsulation protocol GRE packet sent by the access device by using the at least one tunnel, where the first GRE packet is sent by the access device from the first user
  • the first data packet is obtained by the GRE encapsulation, and the first GRE packet carries the first user identifier corresponding to the first user end.
  • a processing unit configured to decapsulate the first GRE packet, and obtain the first data packet
  • the first sending unit is configured to send the first data packet to the server.
  • the CGN device further includes a second receiving unit and a second sending unit, where:
  • the second receiving unit is configured to receive a second data packet sent by the server to the second user end;
  • the processing unit is configured to obtain a second user identifier corresponding to the second user end according to the mapping relationship between the user address and the user identifier, and perform the GRE encapsulation on the second data packet to obtain the second GRE report.
  • the second GRE packet carries the second user identifier;
  • the second sending unit is configured to send the second GRE message to the access device by using the at least one tunnel.
  • the GRE header of the first GRE packet carries the first user identifier.
  • the processing unit is further configured to pass Before the at least one tunnel sends the second GRE packet, performing IPsec encapsulation on the second GRE packet.
  • a message processing system includes:
  • the access device provided by any one of the foregoing third aspect or the third aspect, and the CGN provided by any one of the foregoing fourth or fourth possible implementation manners device.
  • the packet processing method, device, and system provided by the embodiment of the present invention establish at least one tunnel with the CGN device by using the access device, and the access device receives the first data packet sent by the first user end.
  • the first data packet sent by the UE is encapsulated by the GRE to obtain the first GRE packet, where the first GRE packet carries the first user identifier, and the access device uses the at least one tunnel to the
  • the CGN device sends the first GRE packet; correspondingly, the CGN device receives and decapsulates the first GRE packet, acquires the first data packet, and then sends the first data packet to the server.
  • the method, device, and system of the embodiments of the present invention are applied, so that when a large number of users access the network, the overhead of the
  • FIG. 1 is a flowchart of a message processing method according to a first embodiment of the present invention
  • FIG. 2 is a schematic diagram of a format of a GRE packet header in the prior art
  • FIG. 3 is a first schematic diagram of a format of a GRE packet header according to an embodiment of the present invention.
  • FIG. 4 is a second schematic diagram of a format of a GRE packet header according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of IPsec encapsulation of a GRE packet according to an embodiment of the present invention.
  • FIG. 6 is a flowchart of a packet processing method according to a second embodiment of the present invention.
  • FIG. 7 is a flowchart of an application scenario of an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of an access device according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of hardware of an access device according to an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of a CGN device according to an embodiment of the present invention.
  • FIG. 11 is a schematic structural diagram of hardware of a CGN device according to an embodiment of the present invention.
  • FIG. 12 is a schematic structural diagram of a system according to an embodiment of the present invention.
  • the embodiment of the invention provides a packet processing method, device and system, which can reduce the overhead of the tunnel resource, simplify the configuration process, save system overhead and network resources in the service scenario of the user accessing the network.
  • FIG. 1 is a flowchart of a packet processing method according to a first embodiment of the present invention. As shown in FIG. 1, the method may include:
  • the access device establishes at least one tunnel with the CGN device.
  • the access device is a bridge between the broadband access network and the backbone network, providing basic access means and management functions of the broadband access network, and the access device is located at the edge of the network to provide broadband access services and implement
  • the aggregation and forwarding of multiple services can meet the requirements of different users for transmission capacity and bandwidth utilization.
  • the access device may be a BRAS device; the basic function of the CGN device is to translate an internal private Internet Protocol (IP) address into a public network IP address; the access device and the CGN device may be tunneled. .
  • IP Internet Protocol
  • the access device can establish at least one tunnel with the carrier-class network address translation CGN device, wherein each tunnel can carry data messages of multiple users.
  • a tunnel can be established between the access device and the CGN device to support a large number of users.
  • access devices and More than one tunnel can be established between CGN devices.
  • two tunnels can be constructed. In this case, one tunnel can be used as the primary tunnel and the other as the standby tunnel to form the hot standby redundancy mechanism.
  • the tunnels are all primary tunnels, and load sharing is performed on a large number of users.
  • the access device receives the first data packet sent by the first user end.
  • the access device can provide an access function for the UE and a management function for the broadband access network. Therefore, one side of the access device is used to connect multiple clients, so that the access device can receive the first data packet sent by the first user.
  • the first data packet is not limited, and the first data packet may be a service request or a data stream that is sent by the UE to the server.
  • the first data packet may include an access network request message, a request message for accessing a certain web address or data, an upload data message, and the like.
  • the access device acquires a first user address that is carried in the first data packet, and obtains a first user identifier corresponding to the first user end address according to a mapping relationship between the user address and the user identifier.
  • the first data packet sent by the first user end is encapsulated by a general routing encapsulation protocol (GRE) to obtain a first GRE packet, where the first GRE packet carries the first user identifier.
  • GRE general routing encapsulation protocol
  • the user identifier is used to identify the user end, so that different user terminals can be distinguished by the user identifier.
  • the user identifier may be directly allocated by the operator to the client when the user opens the account.
  • a mapping relationship between the client address and the user identifier is established on the access device.
  • the client address may include an IP address of the client.
  • the mapping relationship may be periodically updated by the operator or updated in real time. For example, a user terminal is added. When the user opens an account, the operator assigns a unique client identifier to the client. At the same time, the operator updates the user identifier to the mapping relationship of the access device in an updated manner.
  • the access device After receiving the first data packet sent by the first user end, acquires the first client address carried in the first data packet, and obtains and is based on the mapping relationship between the client address and the user identifier. The first user identifier corresponding to the first client address. Then, the first data packet sent by the first user end is GRE Encapsulation, the first GRE message is obtained.
  • the GRE protocol is applicable to the encapsulation of IP datagrams tunneled through the Internet. GRE can be used as a Layer 3 tunneling protocol to provide transparent transmission channels for data of any protocol.
  • the first GRE message carries the first user identifier.
  • the first data packet is GRE-encapsulated, and the first GRE packet carries the first user identifier corresponding to the obtained first user address.
  • the specific location of the first user identifier in the first GRE packet is not limited.
  • the first user identifier may be located in the header of the GRE, or in the payload of the GRE packet, or in other locations of the GRE packet, as long as the first GRE packet carries the first user identifier. .
  • the access device sends the first GRE packet to the CGN device by using the at least one tunnel.
  • the access device may send the first GRE packet to the CGN device by using at least one tunnel.
  • the first user identifier can be used to identify a unique user end, and a tunnel can allow multiple GRE packets to be shared. That is to say, a tunnel allows GRE packets of multiple users to be transmitted simultaneously or non-simultaneously. Since GRE packets carry user identifiers, multiple GRE packets are not confusing when a tunnel is used to transmit data.
  • the access device establishes at least one tunnel with the CGN device, and the access device enables the GRE packet to carry the user when receiving the data packet of the user end and performing GRE encapsulation.
  • the user ID of the data packet is used to distinguish the data packets from different users by the user ID, and the multiple GRE packets are allowed to share the same tunnel. Therefore, when a large number of users access the network, the cost of the tunnel resources can be reduced and the configuration can be simplified. Process, save system overhead and network resources.
  • the access device receives a second GRE packet sent by the CGN device by using the at least one tunnel, where the second GRE packet is sent by the CGN device to the second user end of the server.
  • the second data message is obtained by the GRE encapsulation, and the second GRE message carries the second user identifier corresponding to the second user end.
  • the access device may receive the first data packet from the first user end, and then send the packet to the CGN device after processing, if such data flow direction is referred to as an uplink direction.
  • the access device can also receive the second data packet from the server from the CGN device, and such data flow direction can be referred to as a downlink direction.
  • the second data packet is not limited to the second data packet, and the second data packet may be a service request response packet or a data stream that is sent by the server to the client.
  • the second data packet may include an access network request response message, a request response message for accessing a certain web address or data, a download data message, and the like.
  • the access device receives a second GRE message sent by the CGN device by using the at least one tunnel.
  • the second GRE packet is obtained by GRE encapsulating the second data packet from the server by the CGN device.
  • the second GRE message carries a second user identifier corresponding to the second data packet.
  • the same method as that provided by S106 in the first embodiment may be used, so that the GRE message carries the user identifier corresponding to the user end, thereby distinguishing according to the user identifier.
  • the access device decapsulates the second GRE packet, and obtains the second data packet, and sends the second data packet to the user end corresponding to the second data packet.
  • a verification method may be added. That is, the decapsulated second GRE packet is verified according to the mapping relationship between the client address and the user identifier established on the access device.
  • the specific process is: the second GRE packet carries the second user identifier, and the access device obtains the corresponding second client address by using the second user identifier according to the mapping relationship between the user address and the user identifier established on the access device.
  • first data packet and the “second data packet” in the embodiment are only used to distinguish the direction of the data stream, and the “first data packet” is used to represent the data flowing from the client to the server. Stream; use “second data message” to indicate the flow of data from the server to the client.
  • the GRE header of the first GRE packet carries the first user identifier.
  • the GRE header of the second GRE message carries the second user identifier.
  • the user identifier may be located in the GRE packet header, or in the payload of the GRE packet, or other location of the GRE packet. Further, for example, the user identifier may be located in a reserved field of the GRE header or an optional field of the GRE header.
  • FIG. 2 shows a GRE header format in the prior art
  • FIG. 3 schematically shows a GRE header format in the embodiment of the present invention
  • FIG. 4 schematically shows another embodiment of the present invention. GRE header format.
  • the GRE header of the prior art includes a key field (Key Field) and has a length of 32 bits.
  • the key field is used to perform end-to-end verification on the encapsulated packets.
  • the channel identification keyword key Key, also called a keyword
  • the key field provides a weak authentication mechanism.
  • the GRE packet header further includes a recursive control field and a flag field, and the two fields may be set as a reserved field, and thus, by way of example, the reserved field may be used to carry the user identifier.
  • the user identifier may be located in an optional field of the GRE packet header.
  • the key field may be used to carry the user identifier. As shown in FIG. 3, all the fields of the key field may be used to carry the user identifier to form a user identification field.
  • the length of the user identification field is 32 bits, and the user identification field can be used to identify 2 32 -1 users.
  • a tunnel can accommodate the first data packet of 2 32 -1 clients, that is, the user identifier field of the GRE header carries different subscriber identifiers, allowing 2 32 -1 users to use the same simultaneously. A tunnel, so a tunnel can meet the requirements of a large number of users, saving tunnel resources.
  • a part of a field of a key field may also be used to carry a user identifier to form a user identification field.
  • the user identifier can be carried by using 16 bits in the key field, so that the length of the user identification field is 16 bits, and the user identification field can be used to identify 2 16 -1 users.
  • This means that a tunnel can accommodate the first data packet of 2 16 -1 clients, that is, the user identifier field of the GRE header carries different subscriber identifiers, allowing 2 16 -1 users to use the same simultaneously.
  • a tunnel so a tunnel can meet the requirements of a large number of users, saving tunnel resources, and because the user identification field occupies part of the key field, the upper 16 bits of the key field can still remain.
  • the weak authentication mechanism features.
  • the implementation shown in FIG. 4 is only a representation of using a partial field of the key field to carry the user identifier. It should be understood that the location occupied by the user identifier field in the key field is not limited, for example, The user identification field is located at the upper 16 bits. Meanwhile, the length occupied by the user identification field in the key field is not limited. For example, the user identification field occupies 24 bits or 8 bits.
  • the manner in which the user identifier is carried by the key field can be used to share a tunnel with a maximum of 2 32 -1 clients. Therefore, a tunnel can be established to meet the needs of a large number of users.
  • more than one tunnel may be established between the access device and the CGN device.
  • the construction of two tunnels is used as an example. In this case, one tunnel can be used as the primary tunnel and the other as the standby tunnel to form a hot standby redundancy mechanism.
  • the specific method for sharing the number of users in a plurality of tunnels is not limited.
  • the manner in which multiple tunnels share a large amount of users can be understood as: when a tunnel is fully loaded (for example, 2 32 -1 users are carried)
  • the second tunnel is used to carry the redundant users; or the number of users can be shared by multiple tunnels even if the number of users is not full; or there are multiple CGN devices, and at least one tunnel is established for each CGN device.
  • the first data packet can be determined to enter the tunnel of the different CGN by parsing the source address and the destination address of the first data packet.
  • IPsec encapsulation method can provide high quality and mutual access to IP datagrams by authenticating and encrypting each IP packet in the data stream. Operational, cryptographic-based security, so data streams that need to be encrypted can be encapsulated with IPsec to ensure data security. As shown in FIG.
  • the GRE packet is encapsulated by IPsec, so that the data stream to be encrypted is encrypted by performing IPsec encapsulation on the outer layer of the GRE encapsulated packet. Encapsulation ensures data security.
  • the access device establishes at least one tunnel with the CGN device, and the access device carries the GRE packet when receiving the first data packet of the user end and performing GRE encapsulation.
  • the user identifier corresponding to the first data packet of the user end is used to distinguish the first data packet from the different user terminals by using the user identifier, and the GRE packets of the multiple users are allowed to share the same tunnel, so that a large number of users can access the network.
  • Reduces the overhead of tunnel resources simplifies the configuration process, and saves system overhead and network resources.
  • FIG. 6 is a flowchart of a packet processing method according to a second embodiment of the present invention.
  • the second embodiment of the present invention describes a packet processing method from the perspective of a CGN device. As shown in FIG. 6, the method is applied to a CGN device, the CGN device and the access device include at least one tunnel established by the access device; the method may include:
  • the CGN device receives a GRE message sent by the access device by using the at least one tunnel, where the first GRE message is performed by the access device to the first data packet from the first user end.
  • the first GRE message carries the first user end obtained by the GRE encapsulation Corresponding first user identifier.
  • the function of the CGN device is to translate the internal private IP address into a public network IP address, and the CGN device receives the first GRE message sent by the access device through the at least one tunnel, where the first GRE
  • the packet is obtained by GRE encapsulating the first data packet from the first user end by the access device, where the first GRE packet carries the first user identifier.
  • the execution process of the first GRE packet encapsulation and carrying the first user identifier refer to the corresponding description in the first embodiment.
  • the CGN device decapsulates the first GRE packet, and acquires the first data packet.
  • the CGN device decapsulates the first GRE packet and obtains the first data packet.
  • the CGN device may add a verification method, that is, according to the client address established on the CGN device.
  • the first GRE packet is verified by the first user identifier, and the first GRE packet carries the first user identifier, and the CGN device obtains the first user identifier according to the mapping relationship.
  • Corresponding the first client address comparing the first client address obtained by the mapping relationship with the client address corresponding to the first data packet in the decapsulated first GRE packet, thereby verifying the first
  • the data packet belongs to the first data packet sent by the first user.
  • the CGN device sends the first data packet to a server.
  • the CGN device After acquiring the first data packet, the CGN device translates the internal private IP address into a public network IP address, and sends the first data packet to the server, and performs corresponding processing on the server according to the request of the first data packet. access.
  • the CGN searches the NAT forward session table through the information of the quintuple (source IP address, destination IP address, source port number, destination port number, protocol number), and translates the IP address of the private network into a public network IP address.
  • the access device establishes at least one tunnel with the CGN device, and the GRE packet received by the CGN carries the user identifier, thereby allowing the GRE packets of multiple users to share the same tunnel.
  • the CGN device receives a second data packet that is sent by the server to the second user end; the CGN device acquires an address of the second user end, and obtains a location according to a mapping relationship between the user end address and the user identifier.
  • the second user identifier corresponding to the second user end, the second data packet is GRE-encapsulated to obtain a second GRE packet, and the second GRE packet carries the second user identifier;
  • the CGN device sends the second GRE message to the access device by using the at least one tunnel.
  • the CGN device receives the second data packet sent by the server.
  • the second data packet is in the downlink data flow direction with respect to the first data packet, and the CGN passes the quintuple (source IP address, destination).
  • the IP address, the source port number, the destination port number, and the protocol number are used to search the NAT reverse session table, and the public network IP address is translated into the IP address of the private network.
  • the mapping relationship between the user address and the user identifier is established on the CGN device.
  • the client address may include an IP address, and the information of the mapping relationship may be updated by an operator cycle or in real time.
  • the CGN device acquires the first user identifier corresponding to the first user end, and performs the GRE encapsulation on the second data packet to obtain a second GRE packet, where the second GRE packet carries The second user identifier is sent by the CGN device to the access device by using the at least one tunnel.
  • the second GRE packet carrying the second user identifier, and transmitting the data through the tunnel refer to the corresponding description in the first embodiment.
  • the specific location of the second user identifier in the GRE packet is not limited, for example, it may be located in the GRE packet header, or in the packet payload, or other location, as long as the GRE report is guaranteed. This embodiment can be implemented by carrying a user identifier.
  • the GRE header of the first GRE packet carries the first user identifier.
  • the GRE header of the second GRE message carries the second user identifier.
  • FIG. 7 is a flowchart of an application scenario according to an embodiment of the present invention.
  • the application scenario flowchart may perform the packet processing method of the foregoing first embodiment and/or the second embodiment, as shown in FIG.
  • the device includes: a service device, a layer 2 client-side device L2-CPE, an access device, a CGN device, and a server.
  • the access device may be a BRAS device
  • the server may be an Internet network server.
  • the L2-CPE provides a basic Layer 2 forwarding function.
  • the L2-CPE as the user end is connected to multiple specific service devices.
  • the service device can be, but is not limited to, a personal computer, an intelligent mobile terminal, an IPTV, or an intelligent security device.
  • the upstream of the L2-CPE is connected to the BRAS device through a communication network (for example, Metro Network), and the BRAS device shares the control plane functions (such as user management and data forwarding) of the traditional integrated CPE, so that the L2-CPE is hanged through the BRAS.
  • the BRAS device is connected to the CGN device through a communication network (for example, the core network Core Network), the BRAS device establishes at least one tunnel with the CGN device, and the CGN device connects to the Internet network.
  • a communication network for example, the core network Core Network
  • the BRAS device establishes at least one tunnel with the CGN device
  • the CGN device connects to the Internet network.
  • the L2-CPE shown in FIG. 7 is not limited, and a conventional CPE may also be used in practical applications.
  • the flow direction of the data can be divided into an uplink process and a downlink process.
  • the following describes different data flow directions. It should be noted that, in the present embodiment, without special description, The appearance of the Tunnel - equivalent to the user identity in the present invention.
  • the BRAS device receives the first data packet sent by the user 1.
  • the BRAS device acquires the Tunnel-1 corresponding to the user 1, and performs the GRE encapsulation on the first data packet to obtain the first GRE packet, where the first GRE packet carries the Tunnel-1;
  • the mapping between the client address and the tunnel is established on the BRAS device.
  • the BRAS device sends the first GRE message by using the GRE tunnel.
  • the CGN device receives the first GRE message by using the GRE tunnel.
  • the CGN device decapsulates the first GRE packet, and obtains the first data packet.
  • the CGN device sends the first data packet to the Internet.
  • S720 The CGN device receives the second data packet sent by the Internet.
  • the CGN device acquires the Tunnel-2 corresponding to the user 2, and performs the GRE encapsulation on the second data packet to obtain the second GRE packet, where the second GRE packet carries the Tunnel-2;
  • mapping between the client address and the tunnel is established on the CGN device.
  • the CGN device sends a second GRE message by using a GRE tunnel.
  • the BRAS device receives the second GRE message by using the GRE tunnel.
  • the BRAS device decapsulates the second GRE packet, and obtains the second data packet.
  • the BRAS device sends a second data packet to the user 2.
  • the BRAS device and the CGN device shown in FIG. 7 can be used to perform the respective steps performed by the access device and the CGN device in the method of the previous embodiment.
  • the access device establishes at least one tunnel with the CGN device, so that the GRE packets of the multiple users are shared by the same tunnel, thereby reducing the overhead of the tunnel resource and simplifying the configuration process when a large number of users access the network. Save system overhead and network resources.
  • FIG. 8 is a schematic structural diagram of an access device according to an embodiment of the present invention. As shown in FIG. 8, the access device and the CGN device include at least one tunnel; the access device includes a first receiving unit 802, a processing unit 804, and First sending unit 806:
  • the first receiving unit 802 is configured to receive a first data packet sent by the first user end.
  • the processing unit 804 is configured to obtain an address of the first user end from the first data packet, and obtain a number corresponding to the first user end according to a mapping relationship between the user end address and the user identifier. a user identifier, the first data packet is GRE-encapsulated to obtain a first GRE packet, and the first GRE packet carries the first user identifier;
  • the first sending unit 806 is configured to send the first GRE message to the CGN device by using the at least one tunnel.
  • the access device further includes a second receiving unit 808 and a second sending unit 810.
  • the second receiving unit 808 is configured to receive a second GRE message that is sent by the CGN device by using the at least one tunnel, where the second GRE message is sent by the CGN device to the server to the second user end.
  • the second data packet is obtained by GRE encapsulation, and the second GRE packet carries the second user identifier corresponding to the second user end.
  • the processing unit 804 is further configured to decapsulate the second GRE report. And the second user identifier, the second data packet is obtained, and the second sending unit 810 is configured to send the second data packet to the second user end.
  • the GRE header of the first GRE packet carries the first user identifier.
  • the GRE header of the second GRE message carries the second user identifier.
  • the processing unit 804 is further configured to perform IPsec encapsulation on the first GRE packet before sending the first GRE packet by using the at least one tunnel.
  • the access device shown in Figure 8 can be used to perform the respective steps performed by the access device in the method of the previous embodiment.
  • the at least one tunnel is configured to allow the GRE packets of the multiple users to share the same tunnel. Therefore, when a large number of users access the network, the bandwidth of the tunnel resources is reduced, and the configuration process is simplified. Save system overhead and network resources.
  • FIG. 9 is a schematic structural diagram of a hardware structure of an access device according to an embodiment of the present invention.
  • the access device includes a processor 901, a memory 902, an interface 903, and a bus 904.
  • the interface 903 can be implemented by using a wireless or wired manner. Specifically, it may be an element such as a network interface card (NIC), and the processor 901, the memory 902, and the interface 903 are connected by a bus 904.
  • NIC network interface card
  • the memory 902 is configured to store program code.
  • the program code may include an operating system program and an application.
  • the interface 903 is configured to receive a first data packet sent by the first user end.
  • the processor 901 is configured to obtain an address of the first user end from the first data packet, and obtain a first user identifier corresponding to the first user end according to a mapping relationship between the user end address and the user identifier,
  • the first data packet is GRE-encapsulated to obtain a first GRE packet, where the first GRE packet carries the first user identifier;
  • the interface 903 is further configured to send the first GRE message to the CGN device by using the at least one tunnel.
  • the interface 903 is further configured to receive a second GRE message sent by the CGN device by using the at least one tunnel, where the second GRE message is sent by the CGN device to the server to the second
  • the second data packet of the user end is obtained by GRE encapsulation, and the second GRE message carries the second user identifier corresponding to the second user end.
  • the processor 901 is further configured to decapsulate the second user identifier.
  • the GRE message and the second user identifier acquire the second data packet; the interface 903 is further configured to send the second data packet to the second user end.
  • the GRE header of the first GRE packet carries the first user identifier.
  • the GRE header of the second GRE message carries the second user identifier.
  • the processor 901 is further configured to perform IPsec encapsulation on the first GRE packet before sending the first GRE packet by using the at least one tunnel.
  • the access device shown in Figure 9 can be used to perform the corresponding steps performed by the access device in the method of the previous embodiment.
  • the at least one tunnel is configured to allow the GRE packets of the multiple users to share the same tunnel. Therefore, when a large number of users access the network, the bandwidth of the tunnel resources is reduced, and the configuration process is simplified. Save system overhead and network resources.
  • the CGN device includes a first receiving unit 1002, a processing unit 1004, and a first Sending unit 1006:
  • the first receiving unit 1002 is configured to receive a first GRE message sent by the access device by using the at least one tunnel, where the first GRE message is sent by the access device from a first user end.
  • the first data packet is obtained by GRE encapsulation, and the first GRE packet carries The first user identifier corresponding to the first user end;
  • the processing unit 1004 is configured to decapsulate the first GRE packet, and obtain the first data packet.
  • the first sending unit 1006 is configured to send the first data packet to a server.
  • the CGN device further includes a second receiving unit, and further includes a second receiving unit 1008 and a second sending unit 1010.
  • the second receiving unit 1008 is configured to receive a second data packet sent by the server to the second user end, where the processing unit 1004 is further configured to acquire, according to a mapping relationship between the user end address and the user identifier, a second user identifier corresponding to the second user end, the second data packet is GRE-encapsulated to obtain a second GRE packet, and the second GRE packet carries the second user identifier; the second sending The unit 1010 is configured to send the second GRE message to the access device by using the at least one tunnel.
  • the GRE header of the first GRE packet carries the first user identifier.
  • the GRE header of the second GRE message carries the second user identifier.
  • the processing unit 1004 is further configured to perform IPsec encapsulation on the second GRE packet before sending the second GRE packet by using the at least one tunnel.
  • the CGN device shown in Figure 10 can be used to perform the respective steps performed by the CGN device in the method of the previous embodiment.
  • the at least one tunnel is configured to allow the GRE packets of the multiple users to share the same tunnel. Therefore, when a large number of users access the network, the bandwidth of the tunnel resources is reduced, and the configuration process is simplified. Save system overhead and network resources.
  • FIG. 11 is a schematic structural diagram of a hardware of a CGN device according to an embodiment of the present invention.
  • the access device includes a processor 1101, a memory 1102, an interface 1103, and a bus 1104.
  • the interface 1103 can be implemented by using a wireless or a wired manner.
  • it may be an element such as a network interface card (NIC), and the processor 1101, the memory 1102, and the interface 1103 are connected by a bus 1104.
  • NIC network interface card
  • the memory 1102 is configured to store program code.
  • the program code may include an operating system program and an application.
  • the interface 1103 is configured to receive a first GRE packet sent by the access device by using the at least one tunnel, where the first GRE packet is used by the access device to the first data from the first user end.
  • the first GRE packet carries the first user identifier corresponding to the first user end.
  • the processor 1101 is configured to decapsulate the first GRE packet, and obtain the first data packet.
  • the interface 1103 is further configured to send the first data packet to a server.
  • the interface 1103 is configured to receive a second data packet that is sent by the server to the second user end, where the processor 1101 is further configured to obtain a location according to a mapping relationship between the user address and the user identifier. a second user identifier corresponding to the second user end, the second data packet is GRE-encapsulated to obtain a second GRE packet, and the second GRE packet carries the second user identifier; the interface 1103 And sending the second data packet to the second user end.
  • the GRE header of the first GRE packet carries the first user identifier.
  • the GRE header of the second GRE message carries the second user identifier.
  • the processor 1101 is further configured to perform IPsec encapsulation on the second GRE packet before sending the second GRE packet by using the at least one tunnel.
  • the CGN device shown in Figure 11 can be used to perform the respective steps performed by the CGN device in the method of the previous embodiment.
  • the at least one tunnel is configured to allow the GRE packets of the multiple users to share the same tunnel. Therefore, when a large number of users access the network, the bandwidth of the tunnel resources is reduced, and the configuration process is simplified. Save system overhead and network resources.
  • FIG. 12 is a schematic structural diagram of a system according to an embodiment of the present invention. As shown in FIG. 12, the system includes an access device and a CGN device. The system can implement the technical solutions of the first embodiment and the second embodiment, and the implementation principles and technical effects are similar, and details are not described herein again.
  • aspects of the present invention, or possible implementations of various aspects may be embodied as a system, method, or computer program product.
  • aspects of the invention, or possible implementations of various aspects may be implemented in an entirely hardware embodiment. All software embodiments (including firmware, resident software, etc.), or a combination of software and hardware aspects, are collectively referred to herein as "circuits," “modules,” or “systems.”
  • aspects of the invention, or possible implementations of various aspects may take the form of a computer program product, which is a computer readable program code stored in a computer readable medium.
  • the computer readable medium can be a computer readable signal medium or a computer readable storage medium.
  • the computer readable storage medium includes, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or any suitable combination of the foregoing, such as a random access memory (English name: Random access memory, English abbreviation: RAM) ), read-only memory (English full name: Read-only memory, English abbreviation: ROM), erasable programmable read-only memory (English full name: Erasable programmable read only memory, English abbreviation: EPROM) or flash memory, Optical fiber, portable read-only memory (English full name: Compact disc read-only memory, English abbreviation: CD-ROM).
  • the processor in the computer reads the computer readable program code stored in the computer readable medium such that the processor is capable of performing the various functional steps specified in each step of the flowchart, or a combination of steps; A device that functions as specified in each block, or combination of blocks.
  • the computer readable program code can execute entirely on the user's local computer, partly on the user's local computer, as a separate software package, partly on the user's local computer and partly on the remote computer, or entirely on the remote computer or Executed on the server. It should also be noted that in some alternative implementations, the functions noted in the various steps in the flowcharts or in the blocks in the block diagrams may not occur in the order noted. For example, two steps, or two blocks, shown in succession may be executed substantially concurrently or the blocks may be executed in the reverse order.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé, un dispositif et un système de traitement de message. Le procédé comprend les étapes suivantes : un dispositif d'accès établit au moins un tunnel entre ce dernier et un dispositif CGN ; le dispositif d'accès reçoit un premier message de données envoyé par un premier terminal utilisateur ; le dispositif d'accès acquiert, selon la relation de mappage entre une adresse de terminal utilisateur et un identificateur d'utilisateur, un premier identificateur d'utilisateur correspondant au premier terminal utilisateur, et réalise une encapsulation de GRE sur le premier message de données, de façon à obtenir un premier message GRE, le premier message GRE transportant le premier identificateur d'utilisateur ; et le dispositif d'accès envoie le premier message GRE au dispositif CGN par l'intermédiaire desdits tunnels. Au moyen du mode de réalisation, lorsqu'un grand nombre d'utilisateurs accèdent à un réseau, le surdébit de ressources de tunnel peut être réduit, le processus de configuration peut être simplifié, et le surdébit de système et les ressources de réseau peuvent être économisés.
PCT/CN2015/097553 2015-05-13 2015-12-16 Procédé, dispositif et système de traitement de message Ceased WO2016180020A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510243026.3A CN104993993B (zh) 2015-05-13 2015-05-13 一种报文处理方法、设备和系统
CN201510243026.3 2015-05-13

Publications (1)

Publication Number Publication Date
WO2016180020A1 true WO2016180020A1 (fr) 2016-11-17

Family

ID=54305749

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/097553 Ceased WO2016180020A1 (fr) 2015-05-13 2015-12-16 Procédé, dispositif et système de traitement de message

Country Status (2)

Country Link
CN (1) CN104993993B (fr)
WO (1) WO2016180020A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112188301A (zh) * 2019-07-04 2021-01-05 中国电信股份有限公司 通信方法、装置、系统、终端以及计算机可读存储介质
CN112217909A (zh) * 2019-07-11 2021-01-12 奇安信科技集团股份有限公司 基于会话的数据转发方法及数据转发装置
CN113965910A (zh) * 2021-11-17 2022-01-21 交控科技股份有限公司 车地通信冗余组网架构
CN116401304A (zh) * 2023-04-14 2023-07-07 兴业银行股份有限公司 接口数据处理方法、装置、计算机设备和存储介质

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104993993B (zh) * 2015-05-13 2018-06-15 华为技术有限公司 一种报文处理方法、设备和系统
CN109150673B (zh) 2017-06-16 2020-04-03 华为技术有限公司 基于bras系统的报文封装方法、装置及系统
CN108667695B (zh) * 2017-09-06 2020-12-29 新华三技术有限公司 一种bras转控分离的备份方法和装置
CN114879881A (zh) 2017-10-31 2022-08-09 华为技术有限公司 在通知栏下拉菜单中管理多个自由窗口
CN112887211B (zh) * 2021-01-26 2021-11-16 北京树米网络科技有限公司 一种网际协议报文数据转发系统
CN116566763B (zh) * 2023-05-11 2025-12-09 阿里巴巴(中国)有限公司 网络系统、通信方法、网络节点和存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101128013A (zh) * 2006-08-14 2008-02-20 华为技术有限公司 一种移动通信系统中的接入网关切换方法
CN102546362A (zh) * 2010-12-20 2012-07-04 中兴通讯股份有限公司 报文处理方法、系统和用户前端设备
US20130083691A1 (en) * 2011-10-04 2013-04-04 Juniper Networks, Inc. Methods and apparatus for a self-organized layer-2 enterprise network architecture
CN104993993A (zh) * 2015-05-13 2015-10-21 华为技术有限公司 一种报文处理方法、设备和系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325557A (zh) * 2008-07-25 2008-12-17 华为技术有限公司 一种隧道负载分担的方法、系统和装置
CN102624935A (zh) * 2011-01-26 2012-08-01 华为技术有限公司 一种转发报文的方法,装置和系统
CN102546407B (zh) * 2011-12-29 2018-01-23 江苏悦达数梦技术有限公司 报文发送方法及装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101128013A (zh) * 2006-08-14 2008-02-20 华为技术有限公司 一种移动通信系统中的接入网关切换方法
CN102546362A (zh) * 2010-12-20 2012-07-04 中兴通讯股份有限公司 报文处理方法、系统和用户前端设备
US20130083691A1 (en) * 2011-10-04 2013-04-04 Juniper Networks, Inc. Methods and apparatus for a self-organized layer-2 enterprise network architecture
CN104993993A (zh) * 2015-05-13 2015-10-21 华为技术有限公司 一种报文处理方法、设备和系统

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112188301A (zh) * 2019-07-04 2021-01-05 中国电信股份有限公司 通信方法、装置、系统、终端以及计算机可读存储介质
CN112188301B (zh) * 2019-07-04 2022-07-22 中国电信股份有限公司 通信方法、装置、系统、终端以及计算机可读存储介质
CN112217909A (zh) * 2019-07-11 2021-01-12 奇安信科技集团股份有限公司 基于会话的数据转发方法及数据转发装置
CN113965910A (zh) * 2021-11-17 2022-01-21 交控科技股份有限公司 车地通信冗余组网架构
CN113965910B (zh) * 2021-11-17 2024-03-15 交控科技股份有限公司 车地通信冗余组网架构
CN116401304A (zh) * 2023-04-14 2023-07-07 兴业银行股份有限公司 接口数据处理方法、装置、计算机设备和存储介质

Also Published As

Publication number Publication date
CN104993993B (zh) 2018-06-15
CN104993993A (zh) 2015-10-21

Similar Documents

Publication Publication Date Title
CN104993993B (zh) 一种报文处理方法、设备和系统
CN107786613B (zh) 宽带远程接入服务器bras转发实现方法和装置
CN103747499B (zh) 用于针对有线和无线节点的公共控制协议的方法和设备
EP3962028B1 (fr) Procédés, appareil, produit et système pour établir une connexion de plan d'utilisateur
CN116319516A (zh) 安全sd-wan端口信息分发
CN113812126A (zh) 报文传输方法、装置及系统
CN108092893B (zh) 一种专线开通方法及装置
ES2758779T3 (es) Sistema de red de banda ancha y procedimiento de implementación del mismo
CN112422397B (zh) 业务转发方法及通信装置
CN106713100B (zh) 一种自动建立隧道的方法、cpe及汇聚设备
US8611358B2 (en) Mobile network traffic management
WO2014075312A1 (fr) Procédé, dispositif et système de fourniture de service traversant un réseau
JP5679343B2 (ja) クラウドシステム、ゲートウェイ装置、通信制御方法、及び通信制御プログラム
CN104468625A (zh) 拨号隧道代理装置、利用拨号隧道穿越nat的方法
CN114978567A (zh) 微分支部署中的认证链接
CN110752979B (zh) 报文的隧道传输方法、装置及网络设备
CN109714376B (zh) 一种固网报文的发送方法、装置及系统
WO2021174943A1 (fr) Procédé et appareil d'acheminement de données, et dispositif et support de stockage
CN110383792A (zh) 通过多包处理核心对无线订户包处理的负载平衡
WO2023125151A1 (fr) Système, procédé et appareil de migration de données pour dispositif de l'internet des objets, et support de stockage
CN111431787B (zh) 一种隧道建立方法、装置及计算机可读存储介质
WO2022007749A1 (fr) Procédé et appareil de transmission de données
CN106416146A (zh) 通信装置、通信方法和通信系统
WO2023046006A1 (fr) Procédé et dispositif de transmission de réseau
CN114338784A (zh) 一种业务处理方法、装置和存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15891714

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15891714

Country of ref document: EP

Kind code of ref document: A1