[0034] The following describes the present invention in further detail based on the drawings and embodiments:
[0035] Many options are defined in the DHCP protocol, one of which is Option82, such as figure 1 As shown, two sub-options, Circuit ID Sub-option (CID) and Remote ID Sub-option (RID) are defined, among which:
[0036] CID is the link identifier, generally used to identify the user's access location information (partial information);
[0037] RID is the remote identification, and is generally used to identify the attribute information (global information) of the device.
[0038] The general flow of the DHCP protocol is as follows figure 2 As shown, the DHCPDiscovery message sent by the user indicates the beginning of a user's dynamic address acquisition, and a DHCPACK (response) message returned by the server indicates the end of a successful address acquisition.
[0039] The access device (such as DSLAM) of the present invention first captures the uplink DHCP messages of all users, and at the same time records which port is captured from and the description information on this port, and then the port position information (can include frame, slot, port number, PVC information, etc.) plus its own device name as CID information, port description information (which can be more intuitive information such as telephone number or user's main name) as RID information, and CID and RID information together as DHCPOption82 option added to After the user’s original DHCP message is forwarded to the upper-layer device and then forwarded to the DHCP server, the DHCP server can obtain the detailed information of the incoming user according to the content of the DHCPOption82 in the received message, including which device and port it comes from Yes, what is the user's phone number, etc., and then you can know whether it is a dedicated line user or an ordinary Internet user based on the preset information, and then assign a fixed address or an address in the shared address pool.
[0040] The premise here is that the DHCP server is required to support the DHCP Option82 function, that is, it can recognize and allocate addresses according to the DHCP Option82 option information, and this information should be added back intact in the DHCP message returned to the client.
[0041] In the present invention, the access device is allowed to pass the message from the user in only two cases, one is a DHCP message, and the other is a message that has passed the port binding table check, where the binding table can be an IP address The binding table, the MAC address binding table, or both, determine whether the message passes the binding table check by checking whether the source IP and source MAC of the message exist in the binding table.
[0042] In the initial stage, the user binding table on the access device is empty, so only DHCP messages are allowed to pass. This restricts the user's Internet access method must be a dynamic address acquisition method, and a static IP address cannot be configured.
[0043]In the initial stage, the access device can know when the user starts to apply for an address by capturing the upstream user's DHCP message and using the detection of the DHCP Discovery message, and by capturing the downstream server's DHCP message, using the DHCP Ack The detection of the message can know when the user has successfully obtained an address, and according to the relevant information in the DHCP message, the user's MAC address and the IP address assigned to the user can be known, and the DHCP Option82 information backfilled by the DHCP server can be known. The specific location of the user (including sufficient location information such as frame, slot, port, PVC, etc.), the access device uses the obtained information to generate a dynamic binding table for the user while forwarding the DHCP message responded by the server to the client. , The packets using this IP and this user's MAC will be able to pass the binding table check of the access device smoothly, and then the user will be able to surf the Internet smoothly using this assigned IP address. Obviously, if the user wants to set up a static IP address and can go online without going through the above proper process, the access device will not add the binding table content to the user. In this case, the user cannot go online normally.
[0044] Under normal circumstances, the user will send a DHCP Release message when going offline. The access device knows that the user needs to go offline by capturing this message, and knows the user’s MAC address, MAC address, and MAC address according to the options in the DHCP message. IP address, and then delete the dynamic binding table entry previously generated by the user according to the user port number of the captured message, so that the user is restored to the initial state, the binding table is empty, and only DHCP messages are allowed to pass on the user port. In this way, the next time the user goes online, the user must still dynamically obtain an address through the DHCP process.
[0045] The above description is the case where there is only one terminal on the user port. If there are multiple terminals, a binding table entry will be generated for each terminal. They share the binding table resources on the port. The online and offline process of each terminal is as follows. The above is the same.
[0046] In the case that the user is offline abnormally and does not send a DHCP Release message, a fixed-length user online detection timer is set on the access device for each dynamic binding relationship generated, and ARP (Address Resolution Protocol) messages are used To detect if the user is still online and refresh the user’s timer, the device sends an ARP request packet requesting the IP in the user’s dynamic binding table according to this timer period. Normally, if the user is online, the user will respond to this ARP request. After receiving the ARP response message from the user, the access device refreshes the user online detection timer and re-times it. If the user goes offline abnormally, the access device will wait for a period of time (the length of time can be set) If the ARP response message is not received, it is considered that the user has been offline abnormally. At this time, this dynamic entry of the user is deleted. In this way, the user needs to restart the DHCP process to resume Internet access.
[0047] At the same time, on the access device, there is a lease timer for each dynamic binding relationship generated by the user. This timer is dynamically refreshed according to the lease period given to the client by the server in the DHCP ACK message from the server. According to the DHCP protocol definition, the client needs to resend a unicast DHCPRequest message to the server to request refresh and extend its address lease when the lease of an acquired address reaches half and 7/8. Otherwise, after the lease expires It will no longer be able to use the network. The server will respond with a unicast DHCPACK response message to the client for the new lease period, and the client can obtain the updated lease period and can continue to use the network for a long time. When the user starts to pay the fee, he obtains the lease of an address from the operator (for example, a monthly fee), so that the access device maintains the same lease timer as the DHCP server from the beginning.
[0048] When a lease is about to expire, the user’s lease on the DHCP server will only be extended after the user has paid continuously, and the user will send a renewed DHCP Request message before the lease expires. The server will respond accordingly. DHCP ACK response message, the access device extends the lease timer of the user’s dynamic binding relationship according to the returned DHCPACK message, and the client also extends the lease time of its local current address according to this DHCPACK message. The user is in this lease After the expiration of the period (the lease period before the refresh), the Internet will continue to be available.
[0049] 1. If the user does not continue to pay the fee, the user's lease on the DHCP server will not be increased. The user will continue to send DHCP Request request messages for lease renewal according to the standard protocol definition before the current lease is approaching. According to the server’s policy definition, the server will no longer respond to the client’s lease renewal request if the user does not continue to pay, that is, in this case, there will be no DHCP ACK response message from the server to the client. The DHCP ACK message cannot be captured on the access device, so the lease timer for the user's dynamic binding relationship will not be refreshed. In this way, the user's dynamic binding relationship will be synchronized with the server after the lease expires. Delete, the user will no longer be able to surf the Internet;
[0050] 2. After the above user renews the payment, the user will get a new lease. At this time, the user's local address has been automatically released because the lease has expired, and the user needs to perform the dynamic address acquisition process again to continue using the network and access the device The above will also regenerate the user's dynamic binding relationship, and have a new lease timer; the server uses a static data configuration method, so that the customer will still get the same address as before after re-applying for an address.
[0051] The following is a description of specific examples, such as image 3 As shown, the detailed process is described as follows:
[0052] In the configuration library on the DHCP Server (server), the configuration information for the DHCP Option82 option value of "xx|xx" is statically configured in advance. Here the index is the DHCP Option82 information, which can be CID, RID or a combination of them. It is best to use CID, RID is indexed together, so that there is no possibility of error. CID is the link identifier, which generally includes the name of the access device, the port number on the access device, or the PVC information on the port; the RID is the remote identifier, which generally can be an intuitive customer phone number or customer address, name And other information, it is easier to operate and maintain. Configuration information can include IP address and mask, lease period, and other configuration information such as gateway, DNS server, Wins server address, etc.;
[0053] A. The DHCP Discovery/Request message sent by the user is added with DHCP Option82 option information such as "xx|xx" format after passing through the access device;
[0054] B. According to the DHCP Option82 option information in the DHCP message received from the client, the DHCP Server searches the configuration database for the configuration items that can match the CID/RID ("xx|xx"), and passes the corresponding configuration item information through The DHCP Offer/Ack message is returned to the user, and the DHCP Option82 information is backfilled into the response message;
[0055] C. The access device learns the user's assigned IP address through the DHCP Ack message returned by the server, and uses DHCP option information (including the client's MAC address, the IP address assigned to the client, and the option information in the DHCP Option82 Port number information) generate a dynamic binding relationship for the user port, and start the user online detection timer and the lease timer at the same time;
[0056] The present invention greatly simplifies the configuration complexity of the access equipment (such as DSLAM) and the workload of frequently updating the configuration. Only some basic configurations need to be initially performed on the access equipment; after using the present invention, all management is centralized to DHCP Server-side unified management, including user authentication, billing, etc., does not require the participation of access equipment during the process, which greatly reduces network maintenance costs for operators.
[0057] The access device of the present invention uses DHCP message to trigger to dynamically generate and delete the binding relationship; use the method of ARP message detection to maintain the dynamic binding relationship from being deleted over time; and maintain according to the lease information in the DHCP message The life cycle of the dynamic binding relationship; through the combination of dynamic address binding technology and the DHCP Option82 function, the fixed address of the dedicated line user is maintained, while the authentication, billing and security of the user can be guaranteed.
[0058] Those skilled in the art can implement the present invention in a variety of variants without departing from the essence and spirit of the present invention. The above descriptions are only preferred and feasible embodiments of the present invention, and do not limit the scope of rights of the present invention. The equivalent changes made to the content of the description of the invention and the drawings are all included in the scope of the rights of the present invention.
