+

WO2016169260A1 - Authentication and registration method, device and system for optical access module - Google Patents

Authentication and registration method, device and system for optical access module Download PDF

Info

Publication number
WO2016169260A1
WO2016169260A1 PCT/CN2015/094729 CN2015094729W WO2016169260A1 WO 2016169260 A1 WO2016169260 A1 WO 2016169260A1 CN 2015094729 W CN2015094729 W CN 2015094729W WO 2016169260 A1 WO2016169260 A1 WO 2016169260A1
Authority
WO
WIPO (PCT)
Prior art keywords
volt
access module
optical access
management
optical
Prior art date
Application number
PCT/CN2015/094729
Other languages
French (fr)
Chinese (zh)
Inventor
刁渊炯
江晓林
李明生
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016169260A1 publication Critical patent/WO2016169260A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems

Definitions

  • the present invention relates to the field of communications, and in particular to a method, device, and system for authenticating an optical access module.
  • the passive optical network device can be divided into an Ethernet-based passive optical network device (Ethernet Passive Optical Network, EPON for short) and a Gigabit-capable Passive Optical Network (G).
  • XG-PON 10G Gigabit-capable passive optical networks
  • NGPON2 Next Next Passive Optical Networks
  • Passive optical network devices have a consistent system architecture, including Optical Line Terminals (OLTs) and Optical Network Units (ONUs).
  • OLTs Optical Line Terminals
  • ONUs Optical Network Units
  • a centralized OLT device discovers changes in the state of the PON port through power-up and loading of the integrated PON line card.
  • vOLT virtualized optical line terminal
  • the discovery and management mechanism of the PON port under the traditional centralized OLT architecture is no longer applicable.
  • vOLT is the management and control center of the entire system. How to solve the authentication and registration of optical access modules has become an urgent problem to be solved.
  • the vOLT cannot effectively authenticate the optical access module, and no effective solution has been proposed yet.
  • the vOLT cannot effectively register the optical access module
  • the present invention provides an authentication registration method, device, and system for the optical access module, to at least solve the above problem.
  • a method for authenticating an optical access module including: a virtualized optical line terminal vOLT receiving physical location information of an optical access module and a device identifier of the optical access module; The vOLT authenticates the optical access module according to the device identifier of the optical access module; if the vOLT authenticates the optical access module, the vOLT corresponds to the physical location information.
  • the optical access module sends management configuration information, and the vOLT establishes a management channel with the optical access module according to the management configuration information.
  • the vOLT in the case that the vOLT is authenticated by the optical access module, the vOLT sends the management configuration information to the optical access module, including at least one of: at the vOLT
  • the vOLT receives a management IP request of the optical access module, and the vOLT delivers the optical The management MAC and the management IP configured by the access module; in the case that the vOLT is authenticated by the optical access module, and the optical access module initiates 802.1x authentication, the vOLT passes the local area network The extended authentication protocol EAPoL replies to the optical access module, and the vOLT carries the management MAC and management IP of the vOLT by a type length value TLV.
  • the vOLT establishes a management channel with the optical access module according to the management configuration information, and includes at least one of the following: establishing, by using the management IP, the optical access module and the vOLT A channel is established between the optical access module and the vOLT through an Ethernet maintenance communication channel ETH-MCC.
  • the physical location information of the optical access module includes: a port number where the optical access module is located, and a slot number where the optical access module is located.
  • the device identifier of the optical access module includes: a MAC address of the optical access module, and a sequence number of the optical access module.
  • an authentication registration method for an optical access module including: an authentication request of a first vOLT of the plurality of virtualized optical line terminals vOLT to receive an optical access module; The vOLT forwards the authentication request to the centralized authentication and authorization charging AAA server; when the AAA server authenticates the optical access module, the first vOLT sends a corresponding response to the optical access module.
  • vOLT management configuration information including: an authentication request of a first vOLT of the plurality of virtualized optical line terminals vOLT to receive an optical access module; The vOLT forwards the authentication request to the centralized authentication and authorization charging AAA server; when the AAA server authenticates the optical access module, the first vOLT sends a corresponding response to the optical access module.
  • the sending, by the first vOLT, the corresponding vOLT management configuration information to the optical access module includes: sending, by the first vOLT, an 802.1x response message to the optical access module,
  • the response message includes: a management IP of the corresponding vOLT and a MAC of the corresponding vOLT; the first vOLT allocates a management IP of the vOLT corresponding to the optical access module by using a dynamic host configuration protocol subsequent protocol.
  • an authentication registration method of an optical access module including: when the access aggregation device finds that the optical access module is in place, accessing the convergence device to read Receiving the device identifier of the optical access module; the access aggregation device reporting the physical location information of the optical access module and the device identifier of the optical access module to the virtualized optical line terminal vOLT; receiving the vOLT An authentication message of the optical access module, where the vOLT authenticates the optical access module according to the device identifier of the optical access module.
  • the method further includes: The access aggregation device receives the notification of the management IP and the interface information of the vOLT; the access aggregation device notifies the vOLT of the management IP and interface information of the access aggregation device; the access aggregation device and the The vOLT establishes a management control channel.
  • the access aggregation device advertises the management IP of the access aggregation device to the vOLT, including: a static pre-configuration management IP, and a management IP obtained by using a dynamic host configuration protocol.
  • the access aggregation device reads the device identifier of the optical access module, and the access aggregation device reads the device identifier of the optical access module through the two-wire serial bus I2C control bus. .
  • the access aggregation device reports the optical access module to the virtualized optical line terminal vOLT.
  • the physical location information and the device identifier of the optical access module include: the access aggregation device reports the physical location information of the optical access module to the virtualized optical line terminal vOLT through the network configuration protocol NETCONF or the network management protocol SNMP. And device identification of the optical access module.
  • the physical location information of the optical access module includes: a port number where the optical access module is located, and a slot number where the optical access module is located.
  • the device identifier of the optical access module includes: a MAC address of the optical access module, and a sequence number of the optical access module.
  • an authentication registration device for an optical access module including: a first receiving module, configured to virtualize an optical line terminal vOLT, receive physical location information of the optical access module, and a device identifier of the optical access module; the first authentication module is configured to: the vOLT authenticates the optical access module according to the device identifier of the optical access module; and the first sending module is configured to be in the vOLT pair When the authentication of the optical access module is passed, the vOLT sends the management configuration information to the optical access module corresponding to the physical location information; and the establishing module is configured to be configured by the vOLT according to the management configuration information.
  • the optical access module establishes a management channel.
  • the first sending module includes: a sending unit, configured to: when the vOLT authenticates the optical access module, the vOLT receives the optical access module The management IP request, the vOLT sends a management MAC and a management IP configured to the optical access module; and the carrying unit is configured to be in the case that the vOLT authenticates the optical access module, and In the case that the optical access module initiates the 802.1x authentication, the vOLT responds to the optical access module by using the LAN-based extended authentication protocol EAPoL, and the vOLT carries the management MAC and management IP of the vOLT by using a type length value TLV. .
  • a sending unit configured to: when the vOLT authenticates the optical access module, the vOLT receives the optical access module The management IP request, the vOLT sends a management MAC and a management IP configured to the optical access module; and the carrying unit is configured to be in the case that the vOLT authenticates the optical access module,
  • the establishing module includes: a first management channel unit, configured to establish a management channel between the optical access module and the vOLT by using a management IP; and a second management channel unit, configured as a A management channel is established between the optical access module and the vOLT through the Ethernet maintenance communication channel ETH-MCC.
  • an authentication registration device for an optical access module comprising: a second receiving module, configured to receive the first vOLT in the plurality of virtualized optical line terminals vOLT An authentication request of the optical access module; the second authentication module is configured to forward the authentication request to the centralized authentication and authorization charging AAA server by the first vOLT; and the second sending module is configured to be in the AAA server When the optical access module is authenticated, the first vOLT sends the management configuration information corresponding to the vOLT to the optical access module.
  • the second sending module includes: a response unit, configured to send the 802.1x response message to the optical access module by the first vOLT, where the response message includes: a management IP of the corresponding vOLT And the corresponding vOLT MAC; the configuration unit is configured to allocate, by the first vOLT, the management IP of the vOLT corresponding to the optical access module by using a dynamic host configuration protocol subsequent protocol.
  • an authentication registration device for an optical access module comprising: a reading module, configured to find that the optical access module is in place at the access aggregation device
  • the access aggregation device reads the device identifier of the optical access module, and the reporting module sets the access aggregation device to the virtualized optical line terminal.
  • the vOLT reports the physical location information of the optical access module and the device identifier of the optical access module
  • the third authentication module is configured to receive the authentication message of the vOLT to the optical access module, where the vOLT And authenticating the optical access module according to the device identifier of the optical access module.
  • the device further includes: an advertisement receiving module, configured to receive, by the access aggregation device, a management IP of the vOLT An advertisement of the interface information, the notification sending module is configured to notify the vOLT of the management IP and interface information of the access aggregation device, and the management control module is configured to be the access aggregation device and the The vOLT establishes a management control channel.
  • an advertisement receiving module configured to receive, by the access aggregation device, a management IP of the vOLT An advertisement of the interface information
  • the notification sending module is configured to notify the vOLT of the management IP and interface information of the access aggregation device
  • the management control module is configured to be the access aggregation device and the The vOLT establishes a management control channel.
  • an authentication registration system for an optical access module including: an optical access module, an access aggregation device, and a virtualized optical line terminal vOLT; the vOLT includes the foregoing device,
  • the access aggregation device includes the above devices.
  • the physical location information of the optical access module and the device identifier of the optical access module are received by the virtualized optical line terminal vOLT; the vOLT authenticates the optical access module according to the device identifier of the optical access module; And the vOLT sends management configuration information to the optical access module corresponding to the physical location information, where the vOLT establishes management with the optical access module according to the management configuration information, where the vOLT is authenticated by the optical access module.
  • the channel solves the problem that the vOLT cannot effectively authenticate and register the optical access module under the virtualization architecture, and realizes the discovery, authentication, and registration of the optical access module by the vOLT.
  • FIG. 1 is a flowchart 1 of an authentication registration method of an optical access module according to an embodiment of the present invention
  • FIG. 2 is a second flowchart of a method for authenticating an optical access module according to an embodiment of the present invention
  • FIG. 3 is a third flowchart of an authentication registration method of an optical access module according to an embodiment of the present invention.
  • FIG. 4 is a structural block diagram 1 of an authentication registration apparatus of an optical access module according to an embodiment of the present invention.
  • FIG. 5 is a structural block diagram 2 of an authentication and registration device of an optical access module according to an embodiment of the present invention.
  • FIG. 6 is a structural block diagram 3 of an authentication registration apparatus of an optical access module according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a network architecture of a virtual access network in accordance with a preferred implementation of the present invention.
  • FIG. 8 is a flow chart showing the authentication and registration of an optical access module on a general-purpose Ethernet switch (access aggregation device B) according to a preferred implementation of the present invention
  • FIG. 9 is a flow chart showing the authentication and registration on a network card port of a general-purpose server (access aggregation device A) according to a preferred embodiment of the present invention.
  • FIG. 1 is a flowchart 1 of an authentication registration method of an optical access module according to an embodiment of the present invention. As shown in FIG. 1 , the process includes the following steps. step:
  • Step S102 The virtualized optical line terminal vOLT receives the physical location information of the optical access module and the device identifier of the optical access module.
  • Step S104 The vOLT authenticates the optical access module according to the device identifier of the optical access module.
  • Step S106 in the case that the vOLT is authenticated by the optical access module, the vOLT sends management configuration information to the optical access module corresponding to the physical location information, and the vOLT is configured according to the management configuration information and the optical access module. Establish a management channel.
  • the virtualized optical line terminal vOLT receives the physical location information of the optical access module and the device identifier of the optical access module, and the vOLT authenticates the optical access module according to the device identifier, and accesses the optical access at the vOLT.
  • the vOLT establishes a management channel with the optical access module according to the management configuration information, and solves the problem that the vOLT cannot effectively register the optical access module by using the above authentication registration mode, and implements the vOLT pair. Discovery, authentication and registration of optical access modules.
  • the vOLT may send the management configuration information to the optical access module in multiple manners, where the vOLT receives the optical interface in the case that the vOLT passes the authentication of the optical access module.
  • the management IP address of the incoming module the vOLT sends a management MAC and a management IP configured for the optical access module; if the vOLT authenticates the optical access module, and the optical access module initiates 802.1x
  • the vOLT answers the optical access module through the LAN-based extended authentication protocol EAPoL, and the vOLT carries the management MAC and the management IP of the vOLT through the type length value TLV.
  • the vOLT establishes a management channel with the optical access module according to the management configuration information, and the method includes: establishing, by the management module, the management channel between the optical access module and the vOLT; A management channel is established between the optical access module and the vOLT through the Ethernet maintenance communication channel ETH-MCC.
  • the physical location information of the optical access module includes: a port number where the optical access module is located, and a slot number where the optical access module is located.
  • the device identifier of the optical access module includes: a MAC address of the optical access module, and a serial number of the optical access module.
  • FIG. 2 is a flowchart 2 of an authentication registration method of an optical access module according to an embodiment of the present invention. As shown in FIG. 2, the process includes the following steps:
  • Step S202 the first vOLT of the plurality of virtualized optical line terminals vOLT receives the authentication request of the optical access module
  • Step S204 the first vOLT forwards the authentication request to the centralized authentication and authorization charging AAA server;
  • Step S206 When the AAA server authenticates the optical access module, the first vOLT sends the management configuration information corresponding to the vOLT to the optical access module.
  • the first vOLT of the plurality of virtualized optical line terminals vOLT receives the authentication request of the optical access module, and the first vOLT forwards the authentication request to the centralized authentication and authorization accounting server (Authentication, Authorization and Accounting, for short AAA), in the case that the AAA server authenticates the optical access module, the first vOLT sends the management configuration information corresponding to the vOLT to the optical access module.
  • the centralized authentication and authorization accounting server Authentication, Authorization and Accounting, for short AAA
  • the optical access module In the case of accessing multiple vOLTs, the vOLT becomes a proxy server, which completes the cross-vOLT authentication of the optical access module, and solves the problem that the vOLT cannot effectively authenticate the optical access module, and implements the vOLT optical access module. Discovery, certification and registration.
  • the first vOLT sends the corresponding vOLT management configuration information to the optical access module in multiple manners, where the method includes: the first vOLT sends an 802.1x response message to the optical access module, The response message includes: a management IP of the corresponding vOLT and a MAC of the corresponding vOLT; the first vOLT allocates a management IP of the vOLT corresponding to the optical access module by using a dynamic host configuration protocol subsequent protocol.
  • FIG. 3 is a flowchart 3 of an authentication registration method of an optical access module according to an embodiment of the present invention. As shown in FIG. 3, the process includes the following steps:
  • Step S302 the access aggregation device reads the device identifier of the optical access module when the access aggregation device finds that the optical access module is in place;
  • Step S304 the access aggregation device reports the physical location information of the optical access module and the device identifier of the optical access module to the virtualized optical line terminal vOLT.
  • Step S306 Receive an authentication message of the vOLT to the optical access module, where the vOLT authenticates the optical access module according to the device identifier of the optical access module.
  • the access aggregation device uploads the authentication information of the optical access module to the vOLT.
  • the vOLT receives the authentication message from the vOLT to the optical access module, thereby solving the problem that the vOLT cannot effectively provide light.
  • the access module performs authentication and registration, and realizes the discovery, authentication, and registration of the optical access module by the vOLT.
  • the access aggregation device receives the management IP address of the vOLT before the access aggregation device reads the device identifier of the optical access module.
  • the interface information is advertised to the vOLT to advertise the management IP and interface information of the access aggregation device; the access aggregation device establishes a management control channel with the vOLT.
  • the IP address of the access aggregation device that the access aggregation device advertises to the vOLT may include: a static pre-configuration management IP, and a management IP obtained by using a dynamic host configuration protocol.
  • the access aggregation device reads the device identification of the optical access module through the two-wire serial bus I2C control bus.
  • the access aggregation device virtualizes the light through the network configuration protocol NETCONF or the network management protocol SNMP
  • the line terminal vOLT reports the physical location information of the optical access module and the device identifier of the optical access module.
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation.
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method of various embodiments of the present invention.
  • an authentication registration device for an optical access module is further provided, and the device is located in the terminal.
  • the device is used to implement the above embodiments and preferred embodiments, and the description thereof has been omitted.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • FIG. 4 is a structural block diagram 1 of an authentication registration apparatus of an optical access module according to an embodiment of the present invention. As shown in FIG. 4, the apparatus includes:
  • the first receiving module 42 is configured to receive the physical location information of the optical access module and the device identifier of the optical access module by the virtualized optical line terminal vOLT;
  • the first authentication module 44 is configured to: the vOLT authenticates the optical access module according to the device identifier of the optical access module;
  • the first sending module 46 is configured to send, by the vOLT, the management configuration information to the optical access module corresponding to the physical location information, in the case that the vOLT is authenticated by the optical access module;
  • the establishing module 48 is configured to establish, by the vOLT, a management channel with the optical access module according to the management configuration information.
  • the first sending module 46 may include:
  • a sending unit configured to receive a management IP request of the optical access module, where the vOLT receives a management IP request of the optical access module, where the vOLT sends a management MAC and a configuration of the optical access module Management IP;
  • the portable unit is configured to answer the optical access by using the extended authentication protocol EAPoL based on the local area network, in the case that the vOLT passes the authentication of the optical access module, and the optical access module initiates the 802.1x authentication.
  • the module, the vOLT carries the management MAC and the management IP of the vOLT by the type length value TLV.
  • the establishing module 48 includes: a first management channel unit, configured to establish a management channel between the optical access module and the vOLT through management IP; and a second management channel unit, configured as the optical access module A management channel is established between the vOLT and the vOLT through the Ethernet maintenance communication channel ETH-MCC.
  • FIG. 5 is a structural block diagram 2 of an authentication and registration device of an optical access module according to an embodiment of the present invention. As shown in FIG. 5, the device includes:
  • the second receiving module 52 is configured to receive the optical access module by the first vOLT in the plurality of virtualized optical line terminals vOLT Authentication request;
  • the second authentication module 54 is configured to forward the authentication request to the centralized authentication and authorization charging AAA server by the first vOLT;
  • the second sending module 56 is configured to send, when the AAA server authenticates the optical access module, the first vOLT sends the management configuration information corresponding to the vOLT to the optical access module.
  • the second sending module 56 may include:
  • the response unit is configured to send the 802.1x response message to the optical access module, where the response message includes: a management IP of the corresponding vOLT and a MAC of the corresponding vOLT;
  • the configuration unit is configured to allocate, by the first vOLT, the management IP of the vOLT corresponding to the optical access module by using a dynamic host configuration protocol subsequent protocol.
  • FIG. 6 is a structural block diagram 3 of an authentication and registration device of an optical access module according to an embodiment of the present invention. As shown in FIG. 6, the device includes:
  • the reading module 62 is configured to: when the access aggregation device finds that the optical access module is in place, the access aggregation device reads the device identifier of the optical access module;
  • the reporting module 64 is configured to report, by the access aggregation device, the physical location information of the optical access module and the device identifier of the optical access module to the virtualized optical line terminal vOLT;
  • the third authentication module 66 is configured to receive the authentication message of the vOLT to the optical access module, where the vOLT authenticates the optical access module according to the device identifier of the optical access module.
  • the device further includes: an advertisement receiving module, configured to receive, by the access aggregation device, a management IP and interface information of the vOLT;
  • the sending module is configured to notify the vOLT of the management IP and interface information of the access aggregation device, and the management control module is configured to establish a management control channel between the access aggregation device and the vOLT.
  • an authentication registration system for an optical access module including: an optical access module, an access aggregation device, and a virtualized optical line terminal vOLT; the vOLT includes the device in the foregoing embodiment;
  • the incoming convergence device includes the apparatus of the above embodiment.
  • FIG. 7 is a schematic diagram of a network architecture of a virtual access network according to a preferred implementation of the present invention.
  • the network is composed of a network cloud platform, access aggregation devices A and B, and user-side network terminals.
  • the network cloud platform can use a common data infrastructure such as an Internet Data Center (IDC) or a data center.
  • IDC Internet Data Center
  • the access aggregation devices A and B remotely connect to the network cloud platform through the metropolitan area network.
  • Access aggregation device A includes the capabilities of the general server's IT infrastructure, so the network function virtualization module can be distributed on the access aggregation device A and the network cloud platform as needed, such as vOLT, virtual broadband network gateway control device (virtualization Broadband) Network Gateway, referred to as vBNG), virtual communication Functional modules such as the Control Communications Control Application (vCCAP) and the Virtualization Custom Premise Equipment (vCPE) can be flexibly deployed to the virtual machines in the access aggregation device A and the network cloud platform. Run on.
  • the access aggregation device B uses a universal Ethernet switch and does not have the capability of loading a virtual machine. It needs to rely on the network function virtualization function provided by the access aggregation device A to assist the work.
  • the access aggregation device B supports the OpenFlow protocol and is controlled by a Software Defined Network (SDN) controller in the aggregation device A.
  • SDN Software Defined Network
  • Access aggregation devices A and B provide standard Ethernet interfaces, such as the 10G network port of the Institute of Electrical and Electronics Engineers (IEEE), or multi-source agreement (Multi-Source Agreement). Standard Small Form-Factor Pluggable (SFP+) slots for MSA). These interfaces connect optical access modules to the user side.
  • the optical access module performs the medium conversion function of the PON to Ethernet data message.
  • the preferred embodiment provides automatic discovery of the optical access module through the vOLT under the virtualized optical line terminal (vOLT) architecture, and authenticates and registers them to realize plug and play.
  • the optical access module may be an SFP physical package optical module that resides on a universal Ethernet switch (access aggregation device B) or a general-purpose server (access aggregation device A) network card port where the vOLT is located.
  • the method for the vOLT to automatically discover, authenticate, and register the optical access module includes the following steps:
  • the access aggregation device finds that the optical access module is in place.
  • the access aggregation device A or B reads the management MAC address and serial number (as the device identifier) of the optical access module through the I2C control bus.
  • the access aggregation device A or B reports the optical access module by using a Network Configuration Protocol (NETCONF) or a Simple Network Management Protocol (SNMP) trap.
  • NETCONF Network Configuration Protocol
  • SNMP Simple Network Management Protocol
  • the physical location information of the port and the slot and the physical address (Media Access Control, MAC) and serial number of the optical access module are reported to the vOLT.
  • the vOLT checks the serial number of the optical access module to check whether it is a resource managed by itself. If it is authenticated (or the optical access module is required to further initiate 802.1x authentication).
  • the vOLT tells the access aggregation device A or B (Authenticator) to pass the authentication.
  • the subsequent optical access module requests the management IP through the Dynamic Host Configuration Protocol (DHCP), the configuration is delivered.
  • the parameter includes the MAC and IP of the vOLT.
  • the vOLT can be in the Extensible Authentication Protocol OVER LAN (EAPOL) response to the optical access module.
  • the vMAC management MAC and IP can also be carried by the type-length-value (TLV).
  • the optical access module and the vOLT can establish a management channel by using the management IP, or can also use a layer 2 connection, such as the Ethernet maintenance communication channel of the Y.1731 (Ethernet maintenance).
  • the communication channel (referred to as ETH-MCC) establishes a management channel, and the optical access module directly accepts the management and control of the vOLT.
  • the authentication and registration of the optical access module is completed.
  • the optical access module is automatically discovered, authenticated, and registered to implement the optical access module. Plug and play, in line with the need for network operators to automate and simplify network configuration and operation and maintenance under the access network virtualization architecture.
  • the optical access module on the universal Ethernet switch (accessing the aggregation device B) is summarized in the preferred embodiment, and one vOLT instance represents a certain management domain, in order to let the vOLT know its own management boundary.
  • the operator should first assign all the resource identifiers that the vOLT needs to manage to the vOLT through the human-computer interaction interface. This can be defined by the data model such as the SNMP Management Information Base (MIB) or the YANG language.
  • MIB SNMP Management Information Base
  • YANG language the binding relationship between the optical access module and the vOLT is software definable.
  • FIG. 8 is a flow chart showing the authentication and registration of an optical access module on a general-purpose Ethernet switch (access aggregation device B) according to a preferred embodiment of the present invention, as shown in FIG.
  • step S802 the vOLT control virtual switch (vSwitch) in the access aggregation device A advertises its management IP address to the access aggregation device B through the Link Layer Discovery Protocol (LLDP) protocol.
  • LLDP Link Layer Discovery Protocol
  • Step S804 after the access aggregation device B is powered on, the LLDP advertises its own management IP to the vOLT.
  • the management IP address can be statically pre-configured or obtained through a DHCP client.
  • the topology discovery is performed between the aggregation device B and the vOLT.
  • the aggregation device B registers with the vOLT authentication and accepts the vOLT control with the vOLT as the virtual network controller.
  • the Chassis ID (such as the bridge MAC address) of the LLDP of the two parties is used as one of the authentication factors, and the vOLT and the access aggregation device B are uniquely identified.
  • the vOLT and the access aggregation device B complete the mutual discovery.
  • the vOLT can establish a management control channel to the access aggregation device B, and then perform management control on the access aggregation device B through the NetConf protocol/OpenFlow protocol.
  • Step S806 after the optical access module is inserted into the access aggregation device B, the access aggregation device B finds that the optical access module is in place.
  • Step S808 the access aggregation device B reads the management MAC address and the serial number (as the device identifier) of the optical access module through the I2C control bus.
  • step S810 the access aggregation device B reports the physical location information such as the port and the slot where the optical access module is located, and the MAC address and serial number of the optical access module, and reports the vOLT to the vOLT.
  • the vOLT checks the serial number of the optical access module to check whether it is a resource managed by itself. If yes, the optical access module is required to initiate 802.1x authentication.
  • Step S812 the optical access module (suppliant) initiates the authentication of the 802.1x EAPoL to the vOLT authentication server (Authentication Server).
  • Step S814 the vOLT tells the access aggregation device B (Authenticator) that the optical access module passes the authentication, and the vOLT can carry the management MAC and IP of the vOLT through the extended TLV in the EAPoL response to the optical access module, or in the subsequent light.
  • the access module manages the IP address through DHCP
  • the configuration parameters are delivered including the MAC and IP of the vOLT.
  • the topology discovery is completed between the optical access module and the vOLT, and the vOLT is controlled by the vOLT as a virtual network controller.
  • the management module can be used to establish a management channel between the access module and the vOLT, or a Layer 2 connection, such as the ETH-MCC of the Y.1731.
  • the topology discovery is performed between the optical access module and the vOLT.
  • the optical access module and the vOLT can establish a management channel by using the management IP, or can be connected by using a layer 2, such as the ETH-MCC of the Y.1731. Management channel, the optical access module directly accepts the management and control of the vOLT.
  • the optical access module obtains the authorization of the vOLT, accepts the authentication registration of the ONT to the vOLT, completes the topology discovery between the ONT and the vOLT, and the management channel between the access module and the ONT follows the existing methods such as OMCC.
  • one aggregation access network is one management domain and only one vOLT.
  • the authentication of the optical access module can be centralized authentication across the vOLT.
  • the first vOLT acts as a proxy server (Radius Proxy), and the optical access module is authenticated.
  • the request is forwarded to the centralized AAA (Authentication, Authorization, Accounting) server.
  • AAA Authentication, Authorization, Accounting
  • the content of the response message is extended by the 802.1x, or when the DHCP assigns the optical access module to manage the IP.
  • the configuration is delivered, the management IP and MAC of the corresponding vOLT are rewritten, and the optical access module is reset to register with the correct vOLT.
  • FIG. 9 is a flow chart showing the process of authentication and registration on a network card port of a general-purpose server (access aggregation device A) according to a preferred embodiment of the present invention, as shown in FIG. Including the following steps:
  • Step S902 After the optical access module is inserted into the NIC port of the general-purpose server (accessing the aggregation device A), the access aggregation device A finds that the optical access module is in place.
  • Step S904 the access aggregation device A reads the management MAC address and serial number (as the device identifier) of the optical access module through the I2C control bus.
  • step S906 the access aggregation device A reports the physical location information such as the port where the optical access module is located, and the MAC address and serial number of the optical access module, and reports the vOLT to the vOLT.
  • the vOLT checks the serial number of the optical access module to check whether it is a resource managed by itself. If yes, the optical access module is required to initiate 802.1x authentication.
  • Step S908 the optical access module (suppliant) initiates authentication of the 802.1x EAPoL to the vOLT (Authentication Server)
  • the vOLT tells the access aggregation device A (Authenticator) that the optical access module passes the authentication, and the vOLT can carry the management MAC address and IP of the vOLT through the extended TLV in the EAPoL response to the optical access module, or in the subsequent light.
  • the access module manages the IP address through DHCP
  • the configuration parameters are delivered including the MAC and IP of the vOLT.
  • the topology discovery is performed between the optical access module and the vOLT, and a Layer 3 or Layer 2 management channel is established between the optical access module and the vOLT, and the optical access module directly accepts management and control of the vOLT.
  • the topology discovery is completed between the optical access module and the vOLT, and the vOLT is controlled by the vOLT as a virtual network controller.
  • the management module can be used to establish a management channel between the access module and the vOLT, or a Layer 2 connection, such as the ETH-MCC of the Y.1731.
  • step S912 the optical access module obtains the authorization of the vOLT, accepts the authentication registration of the ONT to the vOLT, completes the topology discovery between the ONT and the vOLT, and the management channel between the access module and the ONT follows the existing methods such as OMCC.
  • the various modules or steps of the present invention described above can be used with general calculations.
  • the devices are implemented, they may be centralized on a single computing device, or distributed over a network of multiple computing devices, optionally they may be implemented in program code executable by the computing device, such that they may be stored Executed by the computing device in a storage device, and in some cases, the steps shown or described may be performed in an order different than that herein, or separately fabricated into individual integrated circuit modules, or Multiple modules or steps are made into a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the virtualized optical line terminal vOLT receives the physical location information of the optical access module and the device identifier of the optical access module; the vOLT uses the device according to the device identifier of the optical access module.
  • the access module performs authentication.
  • the vOLT passes the authentication of the optical access module, the vOLT sends management configuration information to the optical access module corresponding to the physical location information, where the vOLT is configured according to the management configuration information.
  • the optical access module establishes a management channel, which solves the problem that the vOLT cannot effectively register and register the optical access module under the virtualization architecture, and realizes the discovery, authentication, and registration of the optical access module by the vOLT.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides an authentication and registration method, device and system for an optical access module. The method comprises: a virtualization optical line terminal (vOLT) receives physical position information about an optical access module and device identification of the optical access module; the vOLT performs authentication on the optical access module according to the device identification of the optical access module; and in the case of passing the authentication of the vOLT on the optical access module, the vOLT sends management and configuration information to the optical access module corresponding to the physical position information, and the vOLT establishes a management channel with the optical access module according to the management and configuration information. The problem of impossibility of effectively performing authentication and registration on an optical access module under a virtualization structure is solved, thereby realizing discovery, authentication and registration of a vOLT on the optical access module.

Description

光接入模块的认证注册方法、装置及系统Authentication registration method, device and system for optical access module 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种光接入模块的认证注册方法、装置及系统。The present invention relates to the field of communications, and in particular to a method, device, and system for authenticating an optical access module.
背景技术Background technique
在接入网中无源光网络(Passive Optical Network,简称为PON)的点对多点(Point to MultiPoint,简称为PToMP)通信技术/系统,并在所涉及的虚拟化光线路终端(virtualization Optical Line Terminal,简称为vOLT)架构下,光接入模块向vOLT认证及注册的方法与流程。无源光网络设备根据工作机制可以分为基于以太网的无源光网络设备(Ethernet Passive Optical Network,简称为EPON,)、千兆无源光网络设备(Gigabit-capable Passive Optical Network,简称为G-PON)、10G无源光网络设备(10-Gigabit-capable passive optical networks,简称为XG-PON1),以及下一代无源光网络(Second Next Generation Passive Optical Networks,简称为NGPON2)等其它工作机制的无源光网络设备;这些无源光网络设备系统构架一致,均包含光线路终端(Optical Line Terminal,简称为OLT)和光网络单元(Optical Network Unit,简称为ONU)。A point-to-multipoint (PtoMP) communication technology/system of a Passive Optical Network (PON) in an access network, and a virtualized optical line terminal involved in the virtualized optical line (virtualization optical) Line Terminal (referred to as vOLT) architecture, the method and process of optical access module authentication and registration to vOLT. The passive optical network device can be divided into an Ethernet-based passive optical network device (Ethernet Passive Optical Network, EPON for short) and a Gigabit-capable Passive Optical Network (G). -PON), 10G Gigabit-capable passive optical networks (XG-PON1), and other working mechanisms such as Next Next Passive Optical Networks (NGPON2) Passive optical network devices; these passive optical network devices have a consistent system architecture, including Optical Line Terminals (OLTs) and Optical Network Units (ONUs).
在相关技术中,集中式的OLT设备通过集成的PON线卡的上电和装载来发现PON端口状态的变化。在虚拟化光线路终端(vOLT)架构下,传统集中式OLT架构下PON端口的发现与管理机制已经不再适用。虚拟化架构下,vOLT作为整个系统的管理控制中心,如何解决光接入模块的认证与注册成为亟待解决的问题。In the related art, a centralized OLT device discovers changes in the state of the PON port through power-up and loading of the integrated PON line card. Under the virtualized optical line terminal (vOLT) architecture, the discovery and management mechanism of the PON port under the traditional centralized OLT architecture is no longer applicable. Under the virtualization architecture, vOLT is the management and control center of the entire system. How to solve the authentication and registration of optical access modules has become an urgent problem to be solved.
针对相关技术中,在虚拟化架构下,vOLT无法有效给光接入模块进行认证注册的问题,目前尚未提出有效的解决方案。In the related technology, under the virtualization architecture, the vOLT cannot effectively authenticate the optical access module, and no effective solution has been proposed yet.
发明内容Summary of the invention
针对相关技术中,在虚拟化架构下,vOLT无法有效给光接入模块进行认证注册的问题,本发明提供了一种光接入模块的认证注册方法、装置及系统,以至少解决上述问题。In the related art, in the virtualized architecture, the vOLT cannot effectively register the optical access module, and the present invention provides an authentication registration method, device, and system for the optical access module, to at least solve the above problem.
根据本发明的一个实施例,提供了一种光接入模块的认证注册方法,包括:虚拟化光线路终端vOLT接收光接入模块的物理位置信息和所述光接入模块的设备标识;所述vOLT根据所述光接入模块的设备标识对所述光接入模块进行认证;在所述vOLT对所述光接入模块的认证通过的情况下,所述vOLT向所述物理位置信息对应的所述光接入模块发送管理配置信息,所述vOLT根据所述管理配置信息与所述光接入模块建立管理通道。According to an embodiment of the present invention, a method for authenticating an optical access module is provided, including: a virtualized optical line terminal vOLT receiving physical location information of an optical access module and a device identifier of the optical access module; The vOLT authenticates the optical access module according to the device identifier of the optical access module; if the vOLT authenticates the optical access module, the vOLT corresponds to the physical location information. The optical access module sends management configuration information, and the vOLT establishes a management channel with the optical access module according to the management configuration information.
在本发明的实施例中,在所述vOLT对所述光接入模块的认证通过的情况下,所述vOLT向所述光接入模块发送管理配置信息包括下面至少之一:在所述vOLT对所述光接入模块的认证通过的情况下,所述vOLT接收所述光接入模块的管理IP请求,所述vOLT下发对所述光 接入模块配置的管理MAC和管理IP;在所述vOLT对所述光接入模块的认证通过的情况下,以及所述光接入模块发起802.1x的认证情况下,所述vOLT通过基于局域网的扩展认证协议EAPoL应答所述光接入模块,所述vOLT通过类型长度值TLV携带所述vOLT的管理MAC和管理IP。In an embodiment of the present invention, in the case that the vOLT is authenticated by the optical access module, the vOLT sends the management configuration information to the optical access module, including at least one of: at the vOLT When the authentication of the optical access module is passed, the vOLT receives a management IP request of the optical access module, and the vOLT delivers the optical The management MAC and the management IP configured by the access module; in the case that the vOLT is authenticated by the optical access module, and the optical access module initiates 802.1x authentication, the vOLT passes the local area network The extended authentication protocol EAPoL replies to the optical access module, and the vOLT carries the management MAC and management IP of the vOLT by a type length value TLV.
在本发明的实施例中,所述vOLT根据所述管理配置信息与所述光接入模块建立管理通道包括下面至少之一:所述光接入模块和所述vOLT之间通过管理IP建立管理通道;所述光接入模块和所述vOLT之间通过以太网维护通信信道ETH-MCC建立管理通道。In an embodiment of the present invention, the vOLT establishes a management channel with the optical access module according to the management configuration information, and includes at least one of the following: establishing, by using the management IP, the optical access module and the vOLT A channel is established between the optical access module and the vOLT through an Ethernet maintenance communication channel ETH-MCC.
在本发明的实施例中,所述光接入模块的物理位置信息包括:所述光接入模块所在的端口号,所述光接入模块所在的槽位号。In the embodiment of the present invention, the physical location information of the optical access module includes: a port number where the optical access module is located, and a slot number where the optical access module is located.
在本发明的实施例中,所述光接入模块的设备标识包括:所述光接入模块的MAC地址、所述光接入模块的序列号。In the embodiment of the present invention, the device identifier of the optical access module includes: a MAC address of the optical access module, and a sequence number of the optical access module.
根据本发明的另一个实施例,还提供了一种光接入模块的认证注册方法,包括:多个虚拟化光线路终端vOLT中的第一vOLT接收光接入模块的认证请求;所述第一vOLT将所述认证请求转发给集中的认证授权计费AAA服务器;在所述AAA服务器对所述光接入模块认证通过的情况下,所述第一vOLT向所述光接入模块发送对应vOLT的管理配置信息。According to another embodiment of the present invention, an authentication registration method for an optical access module is provided, including: an authentication request of a first vOLT of the plurality of virtualized optical line terminals vOLT to receive an optical access module; The vOLT forwards the authentication request to the centralized authentication and authorization charging AAA server; when the AAA server authenticates the optical access module, the first vOLT sends a corresponding response to the optical access module. vOLT management configuration information.
在本发明的实施例中,所述第一vOLT向所述光接入模块发送对应的vOLT管理配置信息包括:所述第一vOLT发送802.1x的应答消息给所述光接入模块,所述应答消息包括:对应的vOLT的管理IP和对应的vOLT的MAC;所述第一vOLT通过动态主机配置协议后续协议DHCP分配所述光接入模块对应的vOLT的管理IP。In the embodiment of the present invention, the sending, by the first vOLT, the corresponding vOLT management configuration information to the optical access module includes: sending, by the first vOLT, an 802.1x response message to the optical access module, The response message includes: a management IP of the corresponding vOLT and a MAC of the corresponding vOLT; the first vOLT allocates a management IP of the vOLT corresponding to the optical access module by using a dynamic host configuration protocol subsequent protocol.
根据本发明的另一个实施例,还提供了一种光接入模块的认证注册方法,包括:在所述接入汇聚设备发现所述光接入模块在位的情况下,接入汇聚设备读取光接入模块的设备标识;所述接入汇聚设备向虚拟化光线路终端vOLT上报所述光接入模块的物理位置信息和所述光接入模块的设备标识;接收所述vOLT对所述光接入模块的认证消息,其中,所述vOLT根据所述光接入模块的设备标识对所述光接入模块进行认证。According to another embodiment of the present invention, an authentication registration method of an optical access module is further provided, including: when the access aggregation device finds that the optical access module is in place, accessing the convergence device to read Receiving the device identifier of the optical access module; the access aggregation device reporting the physical location information of the optical access module and the device identifier of the optical access module to the virtualized optical line terminal vOLT; receiving the vOLT An authentication message of the optical access module, where the vOLT authenticates the optical access module according to the device identifier of the optical access module.
在本发明的实施例中,在所述接入汇聚设备是通用以太网交换机的情况下,在所述接入汇聚设备读取光接入模块的设备标识之前,所述方法还包括:所述接入汇聚设备接收所述vOLT的管理IP和接口信息的通告;所述接入汇聚设备向所述vOLT通告所述接入汇聚设备的管理IP和接口信息;所述接入汇聚设备与所述vOLT建立管理控制通道。In an embodiment of the present invention, in the case that the access aggregation device is a universal Ethernet switch, before the access aggregation device reads the device identifier of the optical access module, the method further includes: The access aggregation device receives the notification of the management IP and the interface information of the vOLT; the access aggregation device notifies the vOLT of the management IP and interface information of the access aggregation device; the access aggregation device and the The vOLT establishes a management control channel.
在本发明的实施例中,所述接入汇聚设备向所述vOLT通告所述接入汇聚设备的管理IP包括:静态预配置管理IP、通过动态主机配置协议方式获取的管理IP。In the embodiment of the present invention, the access aggregation device advertises the management IP of the access aggregation device to the vOLT, including: a static pre-configuration management IP, and a management IP obtained by using a dynamic host configuration protocol.
在本发明的实施例中,所述接入汇聚设备读取光接入模块的设备标识包括:所述接入汇聚设备通过两线式串行总线I2C控制总线读取光接入模块的设备标识。In the embodiment of the present invention, the access aggregation device reads the device identifier of the optical access module, and the access aggregation device reads the device identifier of the optical access module through the two-wire serial bus I2C control bus. .
在本发明的实施例中,所述接入汇聚设备向虚拟化光线路终端vOLT上报所述光接入模块 的物理位置信息和所述光接入模块的设备标识包括:所述接入汇聚设备通过网络配置协议NETCONF或者网络管理协议SNMP向虚拟化光线路终端vOLT上报所述光接入模块的物理位置信息和所述光接入模块的设备标识。In the embodiment of the present invention, the access aggregation device reports the optical access module to the virtualized optical line terminal vOLT. The physical location information and the device identifier of the optical access module include: the access aggregation device reports the physical location information of the optical access module to the virtualized optical line terminal vOLT through the network configuration protocol NETCONF or the network management protocol SNMP. And device identification of the optical access module.
在本发明的实施例中,所述光接入模块的物理位置信息包括:所述光接入模块所在的端口号,所述光接入模块所在的槽位号。In the embodiment of the present invention, the physical location information of the optical access module includes: a port number where the optical access module is located, and a slot number where the optical access module is located.
在本发明的实施例中,所述光接入模块的设备标识包括:所述光接入模块的MAC地址、所述光接入模块的序列号。In the embodiment of the present invention, the device identifier of the optical access module includes: a MAC address of the optical access module, and a sequence number of the optical access module.
根据本发明的另一个实施例,还提供了一种光接入模块的认证注册装置,包括:第一接收模块,设置为虚拟化光线路终端vOLT接收光接入模块的物理位置信息和所述光接入模块的设备标识;第一认证模块,设置为所述vOLT根据所述光接入模块的设备标识对所述光接入模块进行认证;第一发送模块,设置为在所述vOLT对所述光接入模块的认证通过的情况下,所述vOLT向所述物理位置信息对应的所述光接入模块发送管理配置信息;建立模块,设置为所述vOLT根据所述管理配置信息与所述光接入模块建立管理通道。According to another embodiment of the present invention, an authentication registration device for an optical access module is provided, including: a first receiving module, configured to virtualize an optical line terminal vOLT, receive physical location information of the optical access module, and a device identifier of the optical access module; the first authentication module is configured to: the vOLT authenticates the optical access module according to the device identifier of the optical access module; and the first sending module is configured to be in the vOLT pair When the authentication of the optical access module is passed, the vOLT sends the management configuration information to the optical access module corresponding to the physical location information; and the establishing module is configured to be configured by the vOLT according to the management configuration information. The optical access module establishes a management channel.
在本发明的实施例中,所述第一发送模块包括:下发单元,设置为在所述vOLT对所述光接入模块的认证通过的情况下,所述vOLT接收所述光接入模块的管理IP请求,所述vOLT下发对所述光接入模块配置的管理MAC和管理IP;携带单元,设置为在所述vOLT对所述光接入模块的认证通过的情况下,以及所述光接入模块发起802.1x的认证情况下,所述vOLT通过基于局域网的扩展认证协议EAPoL应答所述光接入模块,所述vOLT通过类型长度值TLV携带所述vOLT的管理MAC和管理IP。In an embodiment of the present invention, the first sending module includes: a sending unit, configured to: when the vOLT authenticates the optical access module, the vOLT receives the optical access module The management IP request, the vOLT sends a management MAC and a management IP configured to the optical access module; and the carrying unit is configured to be in the case that the vOLT authenticates the optical access module, and In the case that the optical access module initiates the 802.1x authentication, the vOLT responds to the optical access module by using the LAN-based extended authentication protocol EAPoL, and the vOLT carries the management MAC and management IP of the vOLT by using a type length value TLV. .
在本发明的实施例中,所述建立模块包括:第一管理通道单元,设置为所述光接入模块和所述vOLT之间通过管理IP建立管理通道;第二管理通道单元,设置为所述光接入模块和所述vOLT之间通过以太网维护通信信道ETH-MCC建立管理通道。In an embodiment of the present invention, the establishing module includes: a first management channel unit, configured to establish a management channel between the optical access module and the vOLT by using a management IP; and a second management channel unit, configured as a A management channel is established between the optical access module and the vOLT through the Ethernet maintenance communication channel ETH-MCC.
根据本发明的另一个实施例,还提供了一种光接入模块的认证注册装置,其特征在于,包括:第二接收模块,设置为多个虚拟化光线路终端vOLT中的第一vOLT接收光接入模块的认证请求;第二认证模块,设置为所述第一vOLT将所述认证请求转发给集中的认证授权计费AAA服务器;第二发送模块,设置为在所述AAA服务器对所述光接入模块认证通过的情况下,所述第一vOLT向所述光接入模块发送对应vOLT的管理配置信息。According to another embodiment of the present invention, an authentication registration device for an optical access module is further provided, comprising: a second receiving module, configured to receive the first vOLT in the plurality of virtualized optical line terminals vOLT An authentication request of the optical access module; the second authentication module is configured to forward the authentication request to the centralized authentication and authorization charging AAA server by the first vOLT; and the second sending module is configured to be in the AAA server When the optical access module is authenticated, the first vOLT sends the management configuration information corresponding to the vOLT to the optical access module.
在本发明的实施例中,第二发送模块包括:应答单元,设置为所述第一vOLT发送802.1x的应答消息给所述光接入模块,所述应答消息包括:对应的vOLT的管理IP和对应的vOLT的MAC;配置单元,设置为所述第一vOLT通过动态主机配置协议后续协议DHCP分配所述光接入模块对应的vOLT的管理IP。In an embodiment of the present invention, the second sending module includes: a response unit, configured to send the 802.1x response message to the optical access module by the first vOLT, where the response message includes: a management IP of the corresponding vOLT And the corresponding vOLT MAC; the configuration unit is configured to allocate, by the first vOLT, the management IP of the vOLT corresponding to the optical access module by using a dynamic host configuration protocol subsequent protocol.
根据本发明的另一个实施例,还提供一种光接入模块的认证注册装置,其特征在于,包括:读取模块,设置为在所述接入汇聚设备发现所述光接入模块在位的情况下,接入汇聚设备读取光接入模块的设备标识;上报模块,设置为所述接入汇聚设备向虚拟化光线路终端 vOLT上报所述光接入模块的物理位置信息和所述光接入模块的设备标识;第三认证模块,设置为接收所述vOLT对所述光接入模块的认证消息,其中,所述vOLT根据所述光接入模块的设备标识对所述光接入模块进行认证。According to another embodiment of the present invention, an authentication registration device for an optical access module is further provided, comprising: a reading module, configured to find that the optical access module is in place at the access aggregation device The access aggregation device reads the device identifier of the optical access module, and the reporting module sets the access aggregation device to the virtualized optical line terminal. The vOLT reports the physical location information of the optical access module and the device identifier of the optical access module, and the third authentication module is configured to receive the authentication message of the vOLT to the optical access module, where the vOLT And authenticating the optical access module according to the device identifier of the optical access module.
在本发明的实施例中,在所述接入汇聚设备是通用以太网交换机的情况下,所述装置还包括:通告接收模块,设置为所述接入汇聚设备接收所述vOLT的管理IP和接口信息的通告;通告发送模块,设置为所述接入汇聚设备向所述vOLT通告所述接入汇聚设备的管理IP和接口信息;管理控制模块,设置为所述接入汇聚设备与所述vOLT建立管理控制通道。In an embodiment of the present invention, in a case where the access aggregation device is a universal Ethernet switch, the device further includes: an advertisement receiving module, configured to receive, by the access aggregation device, a management IP of the vOLT An advertisement of the interface information, the notification sending module is configured to notify the vOLT of the management IP and interface information of the access aggregation device, and the management control module is configured to be the access aggregation device and the The vOLT establishes a management control channel.
根据本发明的另一个实施例,还提供一种光接入模块的认证注册系统,包括:光接入模块,接入汇聚设备,虚拟化光线路终端vOLT;所述vOLT包括上述的装置,所述接入汇聚设备包括上述的装置。According to another embodiment of the present invention, an authentication registration system for an optical access module is further provided, including: an optical access module, an access aggregation device, and a virtualized optical line terminal vOLT; the vOLT includes the foregoing device, The access aggregation device includes the above devices.
通过本发明,通过虚拟化光线路终端vOLT接收光接入模块的物理位置信息和该光接入模块的设备标识;该vOLT根据该光接入模块的设备标识对该光接入模块进行认证;在该vOLT对该光接入模块的认证通过的情况下,该vOLT向该物理位置信息对应的该光接入模块发送管理配置信息,该vOLT根据该管理配置信息与该光接入模块建立管理通道,解决了在虚拟化架构下,vOLT无法有效给光接入模块进行认证注册的问题,实现了vOLT对光接入模块的发现、认证和注册。The physical location information of the optical access module and the device identifier of the optical access module are received by the virtualized optical line terminal vOLT; the vOLT authenticates the optical access module according to the device identifier of the optical access module; And the vOLT sends management configuration information to the optical access module corresponding to the physical location information, where the vOLT establishes management with the optical access module according to the management configuration information, where the vOLT is authenticated by the optical access module. The channel solves the problem that the vOLT cannot effectively authenticate and register the optical access module under the virtualization architecture, and realizes the discovery, authentication, and registration of the optical access module by the vOLT.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是根据本发明实施例的一种光接入模块的认证注册方法的流程图一;1 is a flowchart 1 of an authentication registration method of an optical access module according to an embodiment of the present invention;
图2是根据本发明实施例的一种光接入模块的认证注册方法的流程图二;2 is a second flowchart of a method for authenticating an optical access module according to an embodiment of the present invention;
图3是根据本发明实施例的一种光接入模块的认证注册方法的流程图三;3 is a third flowchart of an authentication registration method of an optical access module according to an embodiment of the present invention;
图4是根据本发明实施例的一种光接入模块的认证注册装置的结构框图一;4 is a structural block diagram 1 of an authentication registration apparatus of an optical access module according to an embodiment of the present invention;
图5是根据本发明实施例的一种光接入模块的认证注册装置的结构框图二;FIG. 5 is a structural block diagram 2 of an authentication and registration device of an optical access module according to an embodiment of the present invention; FIG.
图6是根据本发明实施例的一种光接入模块的认证注册装置的结构框图三;6 is a structural block diagram 3 of an authentication registration apparatus of an optical access module according to an embodiment of the present invention;
图7是根据本发明优选实施的虚拟接入网的网络架构的示意图;7 is a schematic diagram of a network architecture of a virtual access network in accordance with a preferred implementation of the present invention;
图8是根据本发明优选实施的通用以太网交换机(接入汇聚设备B)上的光接入模块的认证与注册的流程示意图;8 is a flow chart showing the authentication and registration of an optical access module on a general-purpose Ethernet switch (access aggregation device B) according to a preferred implementation of the present invention;
图9是根据本发明优选实施的通用服务器(接入汇聚设备A)网卡端口上的认证与注册的流程示意图。 9 is a flow chart showing the authentication and registration on a network card port of a general-purpose server (access aggregation device A) according to a preferred embodiment of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
在本实施例中提供了光接入模块的认证注册方法,图1是根据本发明实施例的一种光接入模块的认证注册方法的流程图一,如图1所示,该流程包括如下步骤:In this embodiment, an authentication registration method for an optical access module is provided. FIG. 1 is a flowchart 1 of an authentication registration method of an optical access module according to an embodiment of the present invention. As shown in FIG. 1 , the process includes the following steps. step:
步骤S102,虚拟化光线路终端vOLT接收光接入模块的物理位置信息和该光接入模块的设备标识;Step S102: The virtualized optical line terminal vOLT receives the physical location information of the optical access module and the device identifier of the optical access module.
步骤S104,vOLT根据该光接入模块的设备标识对该光接入模块进行认证;Step S104: The vOLT authenticates the optical access module according to the device identifier of the optical access module.
步骤S106,在vOLT对该光接入模块的认证通过的情况下,该vOLT向该物理位置信息对应的该光接入模块发送管理配置信息,该vOLT根据该管理配置信息与该光接入模块建立管理通道。Step S106, in the case that the vOLT is authenticated by the optical access module, the vOLT sends management configuration information to the optical access module corresponding to the physical location information, and the vOLT is configured according to the management configuration information and the optical access module. Establish a management channel.
通过上述步骤,虚拟化光线路终端vOLT接收光接入模块的物理位置信息和该光接入模块的设备标识,vOLT根据设备标识对该光接入模块进行认证,在该vOLT对该光接入模块的认证通过的情况下,vOLT根据该管理配置信息与该光接入模块建立管理通道,通过上述认证注册方式,解决了vOLT无法有效给光接入模块进行认证注册的问题,实现了vOLT对光接入模块的发现、认证和注册。Through the above steps, the virtualized optical line terminal vOLT receives the physical location information of the optical access module and the device identifier of the optical access module, and the vOLT authenticates the optical access module according to the device identifier, and accesses the optical access at the vOLT. When the authentication of the module is passed, the vOLT establishes a management channel with the optical access module according to the management configuration information, and solves the problem that the vOLT cannot effectively register the optical access module by using the above authentication registration mode, and implements the vOLT pair. Discovery, authentication and registration of optical access modules.
在本实施例中,该vOLT向该光接入模块发送管理配置信息可以有多种方式,其中,包括:在该vOLT对该光接入模块的认证通过的情况下,该vOLT接收该光接入模块的管理IP请求,该vOLT下发对该光接入模块配置的管理MAC和管理IP;在该vOLT对该光接入模块的认证通过的情况下,以及该光接入模块发起802.1x的认证情况下,该vOLT通过基于局域网的扩展认证协议EAPoL应答该光接入模块,该vOLT通过类型长度值TLV携带该vOLT的管理MAC和管理IP。In this embodiment, the vOLT may send the management configuration information to the optical access module in multiple manners, where the vOLT receives the optical interface in the case that the vOLT passes the authentication of the optical access module. The management IP address of the incoming module, the vOLT sends a management MAC and a management IP configured for the optical access module; if the vOLT authenticates the optical access module, and the optical access module initiates 802.1x In the case of the authentication, the vOLT answers the optical access module through the LAN-based extended authentication protocol EAPoL, and the vOLT carries the management MAC and the management IP of the vOLT through the type length value TLV.
在本实施例中,该vOLT根据该管理配置信息与该光接入模块建立管理通道的方式有很多种,其中,包括:该光接入模块和该vOLT之间通过管理IP建立管理通道;该光接入模块和该vOLT之间通过以太网维护通信信道ETH-MCC建立管理通道。In this embodiment, the vOLT establishes a management channel with the optical access module according to the management configuration information, and the method includes: establishing, by the management module, the management channel between the optical access module and the vOLT; A management channel is established between the optical access module and the vOLT through the Ethernet maintenance communication channel ETH-MCC.
在本发明的实施例中,该光接入模块的物理位置信息包括:该光接入模块所在的端口号,该光接入模块所在的槽位号。该光接入模块的设备标识包括:该光接入模块的MAC地址、该光接入模块的序列号。In the embodiment of the present invention, the physical location information of the optical access module includes: a port number where the optical access module is located, and a slot number where the optical access module is located. The device identifier of the optical access module includes: a MAC address of the optical access module, and a serial number of the optical access module.
在本实施例中提供了一种界面处理方法,图2是根据本发明实施例的一种光接入模块的认证注册方法的流程图二,如图2所示,该流程包括如下步骤: In this embodiment, an interface processing method is provided. FIG. 2 is a flowchart 2 of an authentication registration method of an optical access module according to an embodiment of the present invention. As shown in FIG. 2, the process includes the following steps:
步骤S202,多个虚拟化光线路终端vOLT中的第一vOLT接收光接入模块的认证请求;Step S202, the first vOLT of the plurality of virtualized optical line terminals vOLT receives the authentication request of the optical access module;
步骤S204,该第一vOLT将该认证请求转发给集中的认证授权计费AAA服务器;Step S204, the first vOLT forwards the authentication request to the centralized authentication and authorization charging AAA server;
步骤S206,在该AAA服务器对该光接入模块认证通过的情况下,该第一vOLT向该光接入模块发送对应vOLT的管理配置信息。Step S206: When the AAA server authenticates the optical access module, the first vOLT sends the management configuration information corresponding to the vOLT to the optical access module.
通过上述步骤,多个虚拟化光线路终端vOLT中的第一vOLT接收光接入模块的认证请求,第一vOLT将该认证请求转发给集中的认证授权计费服务器(Authentication、Authorization and Accounting,简称为AAA),在该AAA服务器对该光接入模块认证通过的情况下,该第一vOLT向该光接入模块发送对应vOLT的管理配置信息,在上述实施例中,在光接入模块要接入多个vOLT的情况,所述vOLT成为代理服务器,完成了光接入模块的跨vOLT认证,解决了vOLT无法有效给光接入模块进行认证注册的问题,实现了vOLT对光接入模块的发现、认证和注册。Through the above steps, the first vOLT of the plurality of virtualized optical line terminals vOLT receives the authentication request of the optical access module, and the first vOLT forwards the authentication request to the centralized authentication and authorization accounting server (Authentication, Authorization and Accounting, for short AAA), in the case that the AAA server authenticates the optical access module, the first vOLT sends the management configuration information corresponding to the vOLT to the optical access module. In the foregoing embodiment, the optical access module In the case of accessing multiple vOLTs, the vOLT becomes a proxy server, which completes the cross-vOLT authentication of the optical access module, and solves the problem that the vOLT cannot effectively authenticate the optical access module, and implements the vOLT optical access module. Discovery, certification and registration.
在本实施例中,该第一vOLT向该光接入模块发送对应的vOLT管理配置信息可以有多种方式,其中,包括:该第一vOLT发送802.1x的应答消息给该光接入模块,该应答消息包括:对应的vOLT的管理IP和对应的vOLT的MAC;该第一vOLT通过动态主机配置协议后续协议DHCP分配该光接入模块对应的vOLT的管理IP。In this embodiment, the first vOLT sends the corresponding vOLT management configuration information to the optical access module in multiple manners, where the method includes: the first vOLT sends an 802.1x response message to the optical access module, The response message includes: a management IP of the corresponding vOLT and a MAC of the corresponding vOLT; the first vOLT allocates a management IP of the vOLT corresponding to the optical access module by using a dynamic host configuration protocol subsequent protocol.
在本实施例中提供了一种界面处理方法,图3是根据本发明实施例的一种光接入模块的认证注册方法的流程图三,如图3所示,该流程包括如下步骤:In this embodiment, an interface processing method is provided. FIG. 3 is a flowchart 3 of an authentication registration method of an optical access module according to an embodiment of the present invention. As shown in FIG. 3, the process includes the following steps:
步骤S302,在该接入汇聚设备发现该光接入模块在位的情况下,接入汇聚设备读取光接入模块的设备标识;Step S302, the access aggregation device reads the device identifier of the optical access module when the access aggregation device finds that the optical access module is in place;
步骤S304,该接入汇聚设备向虚拟化光线路终端vOLT上报该光接入模块的物理位置信息和该光接入模块的设备标识;Step S304, the access aggregation device reports the physical location information of the optical access module and the device identifier of the optical access module to the virtualized optical line terminal vOLT.
步骤S306,接收该vOLT对该光接入模块的认证消息,其中,该vOLT根据该光接入模块的设备标识对该光接入模块进行认证。Step S306: Receive an authentication message of the vOLT to the optical access module, where the vOLT authenticates the optical access module according to the device identifier of the optical access module.
通过上述步骤,接入汇聚设备将光接入模块的认证信息上传给vOLT,该vOLT对光接入模块认证完后,接收vOLT对光接入模块的认证消息,从而解决了vOLT无法有效给光接入模块进行认证注册的问题,实现了vOLT对光接入模块的发现、认证和注册。After the above steps are performed, the access aggregation device uploads the authentication information of the optical access module to the vOLT. After the optical access module authenticates the optical access module, the vOLT receives the authentication message from the vOLT to the optical access module, thereby solving the problem that the vOLT cannot effectively provide light. The access module performs authentication and registration, and realizes the discovery, authentication, and registration of the optical access module by the vOLT.
在本实施例中,在该接入汇聚设备是通用以太网交换机的情况下,在该接入汇聚设备读取光接入模块的设备标识之前,该接入汇聚设备接收该vOLT的管理IP和接口信息的通告;该接入汇聚设备向该vOLT通告该接入汇聚设备的管理IP和接口信息;该接入汇聚设备与该vOLT建立管理控制通道。其中,该接入汇聚设备向该vOLT通告该接入汇聚设备的管理IP可以包括:静态预配置管理IP、通过动态主机配置协议方式获取的管理IP。从而该接入汇聚设备In this embodiment, in the case that the access aggregation device is a universal Ethernet switch, the access aggregation device receives the management IP address of the vOLT before the access aggregation device reads the device identifier of the optical access module. The interface information is advertised to the vOLT to advertise the management IP and interface information of the access aggregation device; the access aggregation device establishes a management control channel with the vOLT. The IP address of the access aggregation device that the access aggregation device advertises to the vOLT may include: a static pre-configuration management IP, and a management IP obtained by using a dynamic host configuration protocol. Thus the access aggregation device
在上述实施例中,接入汇聚设备通过两线式串行总线I2C控制总线读取光接入模块的设备标识。该接入汇聚设备通过网络配置协议NETCONF或者网络管理协议SNMP向虚拟化光 线路终端vOLT上报该光接入模块的物理位置信息和该光接入模块的设备标识。In the above embodiment, the access aggregation device reads the device identification of the optical access module through the two-wire serial bus I2C control bus. The access aggregation device virtualizes the light through the network configuration protocol NETCONF or the network management protocol SNMP The line terminal vOLT reports the physical location information of the optical access module and the device identifier of the optical access module.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例该的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method of various embodiments of the present invention.
在本实施例中还提供了一种光接入模块的认证注册装置,该装置位于终端中。该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In this embodiment, an authentication registration device for an optical access module is further provided, and the device is located in the terminal. The device is used to implement the above embodiments and preferred embodiments, and the description thereof has been omitted. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图4是根据本发明实施例的一种光接入模块的认证注册装置的结构框图一,如图4所示,该装置包括:FIG. 4 is a structural block diagram 1 of an authentication registration apparatus of an optical access module according to an embodiment of the present invention. As shown in FIG. 4, the apparatus includes:
第一接收模块42,设置为虚拟化光线路终端vOLT接收光接入模块的物理位置信息和该光接入模块的设备标识;The first receiving module 42 is configured to receive the physical location information of the optical access module and the device identifier of the optical access module by the virtualized optical line terminal vOLT;
第一认证模块44,设置为该vOLT根据该光接入模块的设备标识对该光接入模块进行认证;The first authentication module 44 is configured to: the vOLT authenticates the optical access module according to the device identifier of the optical access module;
第一发送模块46,设置为在该vOLT对该光接入模块的认证通过的情况下,该vOLT向该物理位置信息对应的该光接入模块发送管理配置信息;The first sending module 46 is configured to send, by the vOLT, the management configuration information to the optical access module corresponding to the physical location information, in the case that the vOLT is authenticated by the optical access module;
建立模块48,设置为该vOLT根据该管理配置信息与该光接入模块建立管理通道。The establishing module 48 is configured to establish, by the vOLT, a management channel with the optical access module according to the management configuration information.
在本实施例中,该第一发送模块46可以包括:In this embodiment, the first sending module 46 may include:
下发单元,设置为在该vOLT对该光接入模块的认证通过的情况下,该vOLT接收该光接入模块的管理IP请求,该vOLT下发对该光接入模块配置的管理MAC和管理IP;a sending unit, configured to receive a management IP request of the optical access module, where the vOLT receives a management IP request of the optical access module, where the vOLT sends a management MAC and a configuration of the optical access module Management IP;
携带单元,设置为在该vOLT对该光接入模块的认证通过的情况下,以及该光接入模块发起802.1x的认证情况下,该vOLT通过基于局域网的扩展认证协议EAPoL应答该光接入模块,该vOLT通过类型长度值TLV携带该vOLT的管理MAC和管理IP。The portable unit is configured to answer the optical access by using the extended authentication protocol EAPoL based on the local area network, in the case that the vOLT passes the authentication of the optical access module, and the optical access module initiates the 802.1x authentication. The module, the vOLT carries the management MAC and the management IP of the vOLT by the type length value TLV.
在本实施例中,该建立模块48包括:第一管理通道单元,设置为该光接入模块和该vOLT之间通过管理IP建立管理通道;第二管理通道单元,设置为该光接入模块和该vOLT之间通过以太网维护通信信道ETH-MCC建立管理通道。In this embodiment, the establishing module 48 includes: a first management channel unit, configured to establish a management channel between the optical access module and the vOLT through management IP; and a second management channel unit, configured as the optical access module A management channel is established between the vOLT and the vOLT through the Ethernet maintenance communication channel ETH-MCC.
图5是根据本发明实施例的一种光接入模块的认证注册装置的结构框图二,如图5所示,该装置包括:5 is a structural block diagram 2 of an authentication and registration device of an optical access module according to an embodiment of the present invention. As shown in FIG. 5, the device includes:
第二接收模块52,设置为多个虚拟化光线路终端vOLT中的第一vOLT接收光接入模块的 认证请求;The second receiving module 52 is configured to receive the optical access module by the first vOLT in the plurality of virtualized optical line terminals vOLT Authentication request;
第二认证模块54,设置为该第一vOLT将该认证请求转发给集中的认证授权计费AAA服务器;The second authentication module 54 is configured to forward the authentication request to the centralized authentication and authorization charging AAA server by the first vOLT;
第二发送模块56,设置为在该AAA服务器对该光接入模块认证通过的情况下,该第一vOLT向该光接入模块发送对应vOLT的管理配置信息。The second sending module 56 is configured to send, when the AAA server authenticates the optical access module, the first vOLT sends the management configuration information corresponding to the vOLT to the optical access module.
在本实施例中,第二发送模块56可以包括:In this embodiment, the second sending module 56 may include:
应答单元,设置为该第一vOLT发送802.1x的应答消息给该光接入模块,该应答消息包括:对应的vOLT的管理IP和对应的vOLT的MAC;The response unit is configured to send the 802.1x response message to the optical access module, where the response message includes: a management IP of the corresponding vOLT and a MAC of the corresponding vOLT;
配置单元,设置为该第一vOLT通过动态主机配置协议后续协议DHCP分配该光接入模块对应的vOLT的管理IP。The configuration unit is configured to allocate, by the first vOLT, the management IP of the vOLT corresponding to the optical access module by using a dynamic host configuration protocol subsequent protocol.
图6是根据本发明实施例的一种光接入模块的认证注册装置的结构框图三,如图6所示,该装置包括:FIG. 6 is a structural block diagram 3 of an authentication and registration device of an optical access module according to an embodiment of the present invention. As shown in FIG. 6, the device includes:
读取模块62,设置为在该接入汇聚设备发现该光接入模块在位的情况下,接入汇聚设备读取光接入模块的设备标识;The reading module 62 is configured to: when the access aggregation device finds that the optical access module is in place, the access aggregation device reads the device identifier of the optical access module;
上报模块64,设置为该接入汇聚设备向虚拟化光线路终端vOLT上报该光接入模块的物理位置信息和该光接入模块的设备标识;The reporting module 64 is configured to report, by the access aggregation device, the physical location information of the optical access module and the device identifier of the optical access module to the virtualized optical line terminal vOLT;
第三认证模块66,设置为接收该vOLT对该光接入模块的认证消息,其中,该vOLT根据该光接入模块的设备标识对该光接入模块进行认证。The third authentication module 66 is configured to receive the authentication message of the vOLT to the optical access module, where the vOLT authenticates the optical access module according to the device identifier of the optical access module.
在本实施例中,在该接入汇聚设备是通用以太网交换机的情况下,该装置还包括:通告接收模块,设置为该接入汇聚设备接收该vOLT的管理IP和接口信息的通告;通告发送模块,设置为该接入汇聚设备向该vOLT通告该接入汇聚设备的管理IP和接口信息;管理控制模块,设置为该接入汇聚设备与该vOLT建立管理控制通道。In this embodiment, in the case that the access aggregation device is a universal Ethernet switch, the device further includes: an advertisement receiving module, configured to receive, by the access aggregation device, a management IP and interface information of the vOLT; The sending module is configured to notify the vOLT of the management IP and interface information of the access aggregation device, and the management control module is configured to establish a management control channel between the access aggregation device and the vOLT.
在本实施例中,还提供了一种光接入模块的认证注册系统,包括:光接入模块,接入汇聚设备,虚拟化光线路终端vOLT;该vOLT包括上述实施例的装置;该接入汇聚设备包括上述实施例的装置。In this embodiment, an authentication registration system for an optical access module is further provided, including: an optical access module, an access aggregation device, and a virtualized optical line terminal vOLT; the vOLT includes the device in the foregoing embodiment; The incoming convergence device includes the apparatus of the above embodiment.
下面结合优选实施例和实施方式对本发明进行详细说明。The invention will now be described in detail in conjunction with the preferred embodiments and embodiments.
图7是根据本发明优选实施的虚拟接入网的网络架构的示意图,如图7所示,该网络由网络云平台、接入汇聚设备A和B、用户侧网络终端组成。网络云平台可以使用互联网数据中心(Internet Data Center,简称为IDC),数据中心等通用IT基础设施。接入汇聚设备A和B通过城域网远程连接网络云平台。接入汇聚设备A包括了通用服务器的IT基础设施的能力,所以网络功能虚拟化模块可以按需分布在接入汇聚设备A和网络云平台中,如vOLT、虚拟宽带网络网关控制设备(virtualization Broadband Network Gateway,简称为vBNG)、虚拟通讯 控制应用程序(virtualization Communications Control Application,简称为vCCAP)、虚拟用户驻地设备(virtualization Custom Premise Equipment,简称为vCPE)等功能模块可以被灵活的部署到接入汇聚设备A和网络云平台中的虚拟机上运行。接入汇聚设备B使用通用以太网交换机,没有虚拟机加载的能力,需要依赖接入汇聚设备A提供的网络功能虚拟化功能协助工作。接入汇聚设备B支持OpenFlow协议,接受汇聚设备A中的软件定义网络(Software Defined Network,SDN)控制器控制。接入汇聚设备A、B提供标准的以太网接口,如电气和电子工程师协会(Institute of Electrical and Electronics Engineers,简称为IEEE)的万兆网口,或符合多源协议(Multi-Source Agreement,简称为MSA)标准的小型可插拔(Small Form-Factor Pluggable,简称为SFP+)插槽,这些接口向用户侧连接光接入模块。光接入模块完成PON到以太网数据报文的媒介转换功能。FIG. 7 is a schematic diagram of a network architecture of a virtual access network according to a preferred implementation of the present invention. As shown in FIG. 7, the network is composed of a network cloud platform, access aggregation devices A and B, and user-side network terminals. The network cloud platform can use a common data infrastructure such as an Internet Data Center (IDC) or a data center. The access aggregation devices A and B remotely connect to the network cloud platform through the metropolitan area network. Access aggregation device A includes the capabilities of the general server's IT infrastructure, so the network function virtualization module can be distributed on the access aggregation device A and the network cloud platform as needed, such as vOLT, virtual broadband network gateway control device (virtualization Broadband) Network Gateway, referred to as vBNG), virtual communication Functional modules such as the Control Communications Control Application (vCCAP) and the Virtualization Custom Premise Equipment (vCPE) can be flexibly deployed to the virtual machines in the access aggregation device A and the network cloud platform. Run on. The access aggregation device B uses a universal Ethernet switch and does not have the capability of loading a virtual machine. It needs to rely on the network function virtualization function provided by the access aggregation device A to assist the work. The access aggregation device B supports the OpenFlow protocol and is controlled by a Software Defined Network (SDN) controller in the aggregation device A. Access aggregation devices A and B provide standard Ethernet interfaces, such as the 10G network port of the Institute of Electrical and Electronics Engineers (IEEE), or multi-source agreement (Multi-Source Agreement). Standard Small Form-Factor Pluggable (SFP+) slots for MSA). These interfaces connect optical access modules to the user side. The optical access module performs the medium conversion function of the PON to Ethernet data message.
本优选实施例提供了虚拟化光线路终端(vOLT,virtualization Optical Line Terminal)架构下,通过vOLT对光接入模块地自动发现,并对它们进行认证和注册,实现即插即用。其中光接入模块可以是驻留在通用以太网交换机(接入汇聚设备B)或者vOLT所在的通用服务器(接入汇聚设备A)网卡端口上的一种SFP物理封装的光模块。The preferred embodiment provides automatic discovery of the optical access module through the vOLT under the virtualized optical line terminal (vOLT) architecture, and authenticates and registers them to realize plug and play. The optical access module may be an SFP physical package optical module that resides on a universal Ethernet switch (access aggregation device B) or a general-purpose server (access aggregation device A) network card port where the vOLT is located.
在本优选实施中,vOLT对光接入模块自动发现,认证和注册的方法包括以下步骤:In the preferred implementation, the method for the vOLT to automatically discover, authenticate, and register the optical access module includes the following steps:
第一步,当光接入模块插入接入汇聚设备A或B后,接入汇聚设备发现光接入模块在位。In the first step, after the optical access module is inserted into the access aggregation device A or B, the access aggregation device finds that the optical access module is in place.
第二步,接入汇聚设备A或B通过I2C控制总线,读取光接入模块的管理MAC地址和序列号(作为设备标识)。In the second step, the access aggregation device A or B reads the management MAC address and serial number (as the device identifier) of the optical access module through the I2C control bus.
第三步,接入汇聚设备A或B通过网络配置协议(Network Configuration Protocol,简称为NETCONF)或网络管理协议(Simple Network Management Protocol,简称为SNMP)陷阱(trap)的方法上报将光接入模块所在的端口、槽位等物理位置信息和光接入模块的物理地址(Media Access Control,简称为MAC)和序列号,上报vOLT。vOLT检查该光接入模块的序列号,检查是否是自己管理的资源,若是通过认证(或者要求光接入模块进一步发起802.1x的认证)。In the third step, the access aggregation device A or B reports the optical access module by using a Network Configuration Protocol (NETCONF) or a Simple Network Management Protocol (SNMP) trap. The physical location information of the port and the slot and the physical address (Media Access Control, MAC) and serial number of the optical access module are reported to the vOLT. The vOLT checks the serial number of the optical access module to check whether it is a resource managed by itself. If it is authenticated (or the optical access module is required to further initiate 802.1x authentication).
第四步,vOLT告诉接入汇聚设备A或B(Authenticator),通过了认证,在后续光接入模块通过动态主机配置协议(Dynamic Host Configuration Protocol,简称为DHCP)请求管理IP时,下发配置参数包含vOLT的MAC和IP(若要求光接入模块进一步发起了802.1x的认证,vOLT可以在给光接入模块的基于局域网的扩展认证协议(Extensible Authentication Protocol OVER LAN,简称为EAPOL)应答中,也可通过扩展类型长度值(type-length-value,简称为TLV)携带vOLT的管理MAC和IP)。In the fourth step, the vOLT tells the access aggregation device A or B (Authenticator) to pass the authentication. When the subsequent optical access module requests the management IP through the Dynamic Host Configuration Protocol (DHCP), the configuration is delivered. The parameter includes the MAC and IP of the vOLT. (If the optical access module is required to further initiate 802.1x authentication, the vOLT can be in the Extensible Authentication Protocol OVER LAN (EAPOL) response to the optical access module. The vMAC management MAC and IP can also be carried by the type-length-value (TLV).
至此,光接入模块和vOLT之间完成拓扑发现,光接入模块和vOLT之间可以用管理IP建立管理通道,也可以用2层连接,如Y.1731的以太网维护通信信道(Ethernet maintenance communication channel,简称为ETH-MCC)建立管理通道,光接入模块直接接受vOLT的管理和控制。光接入模块的认证与注册工作完成。At this point, the topology discovery between the optical access module and the vOLT is completed. The optical access module and the vOLT can establish a management channel by using the management IP, or can also use a layer 2 connection, such as the Ethernet maintenance communication channel of the Y.1731 (Ethernet maintenance). The communication channel (referred to as ETH-MCC) establishes a management channel, and the optical access module directly accepts the management and control of the vOLT. The authentication and registration of the optical access module is completed.
通过上述优选实施例,通过光接入模块的自动发现,认证和注册,实现光接入模块的即 插即用,符合接入网络虚拟化架构下网络运营者对网络配置与运维自动化、简单化的需求。Through the above preferred embodiment, the optical access module is automatically discovered, authenticated, and registered to implement the optical access module. Plug and play, in line with the need for network operators to automate and simplify network configuration and operation and maintenance under the access network virtualization architecture.
另外一个实施例中,通用以太网交换机(接入汇聚设备B)上的光接入模块,在本优选实施例汇总,1个vOLT实例代表了一定的管理域,为了让vOLT了解自己的管理边界,操作员应该先将该vOLT需要管理的所有资源标识,通过人机交互界面配置给vOLT,这可以用SNMP管理信息库(Management Information Base,简称为MIB)或YANG语言等数据模型定义。本方案中,光接入模块和vOLT的绑定关系是软件可定义的。In another embodiment, the optical access module on the universal Ethernet switch (accessing the aggregation device B) is summarized in the preferred embodiment, and one vOLT instance represents a certain management domain, in order to let the vOLT know its own management boundary. The operator should first assign all the resource identifiers that the vOLT needs to manage to the vOLT through the human-computer interaction interface. This can be defined by the data model such as the SNMP Management Information Base (MIB) or the YANG language. In this solution, the binding relationship between the optical access module and the vOLT is software definable.
图8是根据本发明优选实施的通用以太网交换机(接入汇聚设备B)上的光接入模块的认证与注册的流程示意图,如图8所示。8 is a flow chart showing the authentication and registration of an optical access module on a general-purpose Ethernet switch (access aggregation device B) according to a preferred embodiment of the present invention, as shown in FIG.
步骤S802,接入汇聚设备A中的vOLT控制虚拟交换机(vSwitch),通过链路层发现协议(Link Layer Discovery Protocol,简称为LLDP)协议,将自己的管理IP地址通告给接入汇聚设备B。In step S802, the vOLT control virtual switch (vSwitch) in the access aggregation device A advertises its management IP address to the access aggregation device B through the Link Layer Discovery Protocol (LLDP) protocol.
步骤S804,接入汇聚设备B上电后,通过LLDP向vOLT通告了自己的管理IP。管理IP可以是静态预配置的,也可以是通过DHCP终端(Client)方式获取的。Step S804, after the access aggregation device B is powered on, the LLDP advertises its own management IP to the vOLT. The management IP address can be statically pre-configured or obtained through a DHCP client.
汇聚设备B和vOLT之间完成拓扑发现,汇聚设备B向vOLT认证注册,并以vOLT作为虚拟网络控制器接受vOLT的控制。认证中以双方LLDP的Chassis ID(如bridge MAC地址)作为认证因子之一,唯一标识vOLT和接入汇聚设备B。vOLT和接入汇聚设备B完成了相互发现,vOLT可以向接入汇聚设备B建立管理控制通道,然后通过NetConf协议/OpenFlow协议对接入汇聚设备B进行管理控制。The topology discovery is performed between the aggregation device B and the vOLT. The aggregation device B registers with the vOLT authentication and accepts the vOLT control with the vOLT as the virtual network controller. In the authentication, the Chassis ID (such as the bridge MAC address) of the LLDP of the two parties is used as one of the authentication factors, and the vOLT and the access aggregation device B are uniquely identified. The vOLT and the access aggregation device B complete the mutual discovery. The vOLT can establish a management control channel to the access aggregation device B, and then perform management control on the access aggregation device B through the NetConf protocol/OpenFlow protocol.
步骤S806,当光接入模块插入接入汇聚设备B后,接入汇聚设备B发现光接入模块在位。Step S806, after the optical access module is inserted into the access aggregation device B, the access aggregation device B finds that the optical access module is in place.
步骤S808,接入汇聚设备B通过I2C控制总线,读取光接入模块的管理MAC地址和序列号(作为设备标识)。Step S808, the access aggregation device B reads the management MAC address and the serial number (as the device identifier) of the optical access module through the I2C control bus.
步骤S810,接入汇聚设备B通过Netconf或SNMP trap的方法上报将光接入模块所在的端口、槽位等物理位置信息和光接入模块的MAC地址和序列号,上报vOLT。vOLT检查该光接入模块的序列号,检查是否是自己管理的资源,如果是则要求光接入模块发起802.1x的认证In step S810, the access aggregation device B reports the physical location information such as the port and the slot where the optical access module is located, and the MAC address and serial number of the optical access module, and reports the vOLT to the vOLT. The vOLT checks the serial number of the optical access module to check whether it is a resource managed by itself. If yes, the optical access module is required to initiate 802.1x authentication.
步骤S812,光接入模块(suppliant)发起802.1x EAPoL向vOLT认证服务器(Authentication Server)进行认证Step S812, the optical access module (suppliant) initiates the authentication of the 802.1x EAPoL to the vOLT authentication server (Authentication Server).
步骤S814,vOLT告诉接入汇聚设备B(Authenticator),光接入模块通过了认证,vOLT可以在给光接入模块的EAPoL应答中,通过扩展TLV携带vOLT的管理MAC和IP,或在后续光接入模块通过DHCP请求管理IP时,下发配置参数包含vOLT的MAC和IP。Step S814, the vOLT tells the access aggregation device B (Authenticator) that the optical access module passes the authentication, and the vOLT can carry the management MAC and IP of the vOLT through the extended TLV in the EAPoL response to the optical access module, or in the subsequent light. When the access module manages the IP address through DHCP, the configuration parameters are delivered including the MAC and IP of the vOLT.
光接入模块和vOLT之间完成拓扑发现,并以vOLT作为虚拟网络控制器接受vOLT的控制。接入模块和vOLT之间可以用管理IP建立管理通道,也可以用2层连接,如Y.1731的ETH-MCC建立管理通道。 The topology discovery is completed between the optical access module and the vOLT, and the vOLT is controlled by the vOLT as a virtual network controller. The management module can be used to establish a management channel between the access module and the vOLT, or a Layer 2 connection, such as the ETH-MCC of the Y.1731.
在本实施例中,光接入模块和vOLT之间完成拓扑发现,光接入模块和vOLT之间可以用管理IP建立管理通道,也可以用2层连接,如Y.1731的ETH-MCC建立管理通道,光接入模块直接接受vOLT的管理和控制。In this embodiment, the topology discovery is performed between the optical access module and the vOLT. The optical access module and the vOLT can establish a management channel by using the management IP, or can be connected by using a layer 2, such as the ETH-MCC of the Y.1731. Management channel, the optical access module directly accepts the management and control of the vOLT.
光接入模块获得vOLT的授权,接受ONT向vOLT的认证注册,完成ONT和vOLT之间的拓扑发现,接入模块和ONT之间的管理通道沿用OMCC等现有方法The optical access module obtains the authorization of the vOLT, accepts the authentication registration of the ONT to the vOLT, completes the topology discovery between the ONT and the vOLT, and the management channel between the access module and the ONT follows the existing methods such as OMCC.
上述实施例说明了1个汇聚接入网络是1个管理域,只有1个vOLT。当有多个管理域,即存在多个vOLT实例时,对光接入模块的认证可以采用跨vOLT的集中认证,这时首个vOLT作为代理服务器(Radius Proxy),将光接入模块的认证请求转发给集中的AAA(认证(Authentication)、授权(Authorization)、记账(Accounting))服务器,认证通过后,再通过扩展802.1x的应答消息内容,或后续DHCP分配光接入模块管理IP时的配置下发,重新写入对应的vOLT的管理IP和MAC,重置光接入模块,使其向正确的vOLT注册。The above embodiment illustrates that one aggregation access network is one management domain and only one vOLT. When there are multiple management domains, that is, multiple vOLT instances exist, the authentication of the optical access module can be centralized authentication across the vOLT. At this time, the first vOLT acts as a proxy server (Radius Proxy), and the optical access module is authenticated. The request is forwarded to the centralized AAA (Authentication, Authorization, Accounting) server. After the authentication is passed, the content of the response message is extended by the 802.1x, or when the DHCP assigns the optical access module to manage the IP. The configuration is delivered, the management IP and MAC of the corresponding vOLT are rewritten, and the optical access module is reset to register with the correct vOLT.
图9是根据本发明优选实施的通用服务器(接入汇聚设备A)网卡端口上的认证与注册的流程示意图,如图9所示。包括如下步骤:9 is a flow chart showing the process of authentication and registration on a network card port of a general-purpose server (access aggregation device A) according to a preferred embodiment of the present invention, as shown in FIG. Including the following steps:
步骤S902,当光接入模块插入通用服务器(接入汇聚设备A)网卡端口后,接入汇聚设备A发现光接入模块在位。Step S902: After the optical access module is inserted into the NIC port of the general-purpose server (accessing the aggregation device A), the access aggregation device A finds that the optical access module is in place.
步骤S904,接入汇聚设备A通过I2C控制总线,读取光接入模块的管理MAC地址和序列号(作为设备标识)Step S904, the access aggregation device A reads the management MAC address and serial number (as the device identifier) of the optical access module through the I2C control bus.
步骤S906,接入汇聚设备A通过Netconf或SNMP trap的方法上报将光接入模块所在的端口等物理位置信息和光接入模块的MAC地址和序列号,上报vOLT。vOLT检查该光接入模块的序列号,检查是否是自己管理的资源,如果是则要求光接入模块发起802.1x的认证In step S906, the access aggregation device A reports the physical location information such as the port where the optical access module is located, and the MAC address and serial number of the optical access module, and reports the vOLT to the vOLT. The vOLT checks the serial number of the optical access module to check whether it is a resource managed by itself. If yes, the optical access module is required to initiate 802.1x authentication.
步骤S908,光接入模块(suppliant)发起802.1x EAPoL向vOLT(Authentication Server)进行认证Step S908, the optical access module (suppliant) initiates authentication of the 802.1x EAPoL to the vOLT (Authentication Server)
步骤S910,vOLT告诉接入汇聚设备A(Authenticator),光接入模块通过了认证,vOLT可以在给光接入模块的EAPoL应答中,通过扩展TLV携带vOLT的管理MAC和IP,或在后续光接入模块通过DHCP请求管理IP时,下发配置参数包含vOLT的MAC和IP。In step S910, the vOLT tells the access aggregation device A (Authenticator) that the optical access module passes the authentication, and the vOLT can carry the management MAC address and IP of the vOLT through the extended TLV in the EAPoL response to the optical access module, or in the subsequent light. When the access module manages the IP address through DHCP, the configuration parameters are delivered including the MAC and IP of the vOLT.
在本实施例中,光接入模块和vOLT之间完成拓扑发现,光接入模块和vOLT之间建立3层或2层管理通道,光接入模块直接接受vOLT的管理和控制。In this embodiment, the topology discovery is performed between the optical access module and the vOLT, and a Layer 3 or Layer 2 management channel is established between the optical access module and the vOLT, and the optical access module directly accepts management and control of the vOLT.
光接入模块和vOLT之间完成拓扑发现,并以vOLT作为虚拟网络控制器接受vOLT的控制。接入模块和vOLT之间可以用管理IP建立管理通道,也可以用2层连接,如Y.1731的ETH-MCC建立管理通道。The topology discovery is completed between the optical access module and the vOLT, and the vOLT is controlled by the vOLT as a virtual network controller. The management module can be used to establish a management channel between the access module and the vOLT, or a Layer 2 connection, such as the ETH-MCC of the Y.1731.
步骤S912,光接入模块获得vOLT的授权,接受ONT向vOLT的认证注册,完成ONT和vOLT之间的拓扑发现,接入模块和ONT之间的管理通道沿用OMCC等现有方法。In step S912, the optical access module obtains the authorization of the vOLT, accepts the authentication registration of the ONT to the vOLT, completes the topology discovery between the ONT and the vOLT, and the management channel between the access module and the ONT follows the existing methods such as OMCC.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算 装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art will appreciate that the various modules or steps of the present invention described above can be used with general calculations. The devices are implemented, they may be centralized on a single computing device, or distributed over a network of multiple computing devices, optionally they may be implemented in program code executable by the computing device, such that they may be stored Executed by the computing device in a storage device, and in some cases, the steps shown or described may be performed in an order different than that herein, or separately fabricated into individual integrated circuit modules, or Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性Industrial applicability
基于本发明实施例提供的上述技术方案,虚拟化光线路终端vOLT接收光接入模块的物理位置信息和该光接入模块的设备标识;该vOLT根据该光接入模块的设备标识对该光接入模块进行认证;在该vOLT对该光接入模块的认证通过的情况下,该vOLT向该物理位置信息对应的该光接入模块发送管理配置信息,该vOLT根据该管理配置信息与该光接入模块建立管理通道,解决了在虚拟化架构下,vOLT无法有效给光接入模块进行认证注册的问题,实现了vOLT对光接入模块的发现、认证和注册。 Based on the foregoing technical solution provided by the embodiment of the present invention, the virtualized optical line terminal vOLT receives the physical location information of the optical access module and the device identifier of the optical access module; the vOLT uses the device according to the device identifier of the optical access module. The access module performs authentication. When the vOLT passes the authentication of the optical access module, the vOLT sends management configuration information to the optical access module corresponding to the physical location information, where the vOLT is configured according to the management configuration information. The optical access module establishes a management channel, which solves the problem that the vOLT cannot effectively register and register the optical access module under the virtualization architecture, and realizes the discovery, authentication, and registration of the optical access module by the vOLT.

Claims (22)

  1. 一种光接入模块的认证注册方法,包括:An authentication registration method for an optical access module includes:
    虚拟化光线路终端vOLT接收光接入模块的物理位置信息和所述光接入模块的设备标识;The virtualized optical line terminal vOLT receives the physical location information of the optical access module and the device identifier of the optical access module;
    所述vOLT根据所述光接入模块的设备标识对所述光接入模块进行认证;The vOLT authenticates the optical access module according to the device identifier of the optical access module;
    在所述vOLT对所述光接入模块的认证通过的情况下,所述vOLT向所述物理位置信息对应的所述光接入模块发送管理配置信息,所述vOLT根据所述管理配置信息与所述光接入模块建立管理通道。And the vOLT sends the management configuration information to the optical access module corresponding to the physical location information, where the vOLT is configured according to the management configuration information, in the case that the vOLT is authenticated by the optical access module. The optical access module establishes a management channel.
  2. 根据权利要求1所述的方法,其中,在所述vOLT对所述光接入模块的认证通过的情况下,所述vOLT向所述光接入模块发送管理配置信息包括以下至少之一:The method according to claim 1, wherein, in the case that the vOLT is authenticated by the optical access module, the vOLT sending the management configuration information to the optical access module comprises at least one of the following:
    在所述vOLT对所述光接入模块的认证通过的情况下,所述vOLT接收所述光接入模块的管理IP请求,所述vOLT下发对所述光接入模块配置的管理媒体接入控制MAC和管理IP;And the vOLT receives the management IP request of the optical access module, where the vOLT sends a management media connection configured to the optical access module, where the vOLT is authenticated by the optical access module. Incoming control MAC and management IP;
    在所述vOLT对所述光接入模块的认证通过的情况下,以及所述光接入模块发起802.1x的认证情况下,所述vOLT通过基于局域网的扩展认证协议EAPoL应答所述光接入模块,所述vOLT通过类型长度值TLV携带所述vOLT的管理MAC和管理IP。In the case that the vOLT is authenticated by the optical access module, and the optical access module initiates 802.1x authentication, the vOLT answers the optical access by using a LAN-based extended authentication protocol EAPoL. And the vOLT carries the management MAC and the management IP of the vOLT by using a type length value TLV.
  3. 根据权利要求1所述的方法,其中,所述vOLT根据所述管理配置信息与所述光接入模块建立管理通道包括下面至少之一:The method according to claim 1, wherein the vOLT establishes a management channel with the optical access module according to the management configuration information, including at least one of the following:
    所述光接入模块和所述vOLT之间通过管理IP建立管理通道;Establishing a management channel between the optical access module and the vOLT through management IP;
    所述光接入模块和所述vOLT之间通过以太网维护通信信道ETH-MCC建立管理通道。A management channel is established between the optical access module and the vOLT through an Ethernet maintenance communication channel ETH-MCC.
  4. 根据权利要求1至3任一项所述的方法,其中,所述光接入模块的物理位置信息包括:所述光接入模块所在的端口号,所述光接入模块所在的槽位号。The method according to any one of claims 1 to 3, wherein the physical location information of the optical access module comprises: a port number where the optical access module is located, and a slot number where the optical access module is located. .
  5. 根据权利要求1至3任一项所述的方法,其中,所述光接入模块的设备标识包括:所述光接入模块的MAC地址、所述光接入模块的序列号。The device according to any one of claims 1 to 3, wherein the device identifier of the optical access module comprises: a MAC address of the optical access module, and a sequence number of the optical access module.
  6. 一种光接入模块的认证注册方法,包括:An authentication registration method for an optical access module includes:
    多个虚拟化光线路终端vOLT中的第一vOLT接收光接入模块的认证请求;The first vOLT of the plurality of virtualized optical line terminals vOLT receives the authentication request of the optical access module;
    所述第一vOLT将所述认证请求转发给集中的认证授权计费AAA服务器;Transmitting, by the first vOLT, the authentication request to a centralized authentication and authorization charging AAA server;
    在所述AAA服务器对所述光接入模块认证通过的情况下,所述第一vOLT向所述光接入模块发送对应vOLT的管理配置信息。When the AAA server authenticates the optical access module, the first vOLT sends the management configuration information corresponding to the vOLT to the optical access module.
  7. 根据权利要求6所述的方法,其中,所述第一vOLT向所述光接入模块发送对应的vOLT管理配置信息包括: The method of claim 6, wherein the sending, by the first vOLT, the corresponding vOLT management configuration information to the optical access module comprises:
    所述第一vOLT发送802.1x的应答消息给所述光接入模块,所述应答消息包括:对应的vOLT的管理IP和对应的vOLT的MAC;The first vOLT sends an 802.1x response message to the optical access module, where the response message includes: a management IP of the corresponding vOLT and a MAC of the corresponding vOLT;
    所述第一vOLT通过动态主机配置协议后续协议DHCP分配所述光接入模块对应的vOLT的管理IP。The first vOLT allocates a management IP of the vOLT corresponding to the optical access module by using a dynamic host configuration protocol subsequent protocol.
  8. 一种光接入模块的认证注册方法,包括:An authentication registration method for an optical access module includes:
    在接入汇聚设备发现所述光接入模块在位的情况下,接入汇聚设备读取光接入模块的设备标识;When the access aggregation device finds that the optical access module is in place, the access aggregation device reads the device identifier of the optical access module;
    所述接入汇聚设备向虚拟化光线路终端vOLT上报所述光接入模块的物理位置信息和所述光接入模块的设备标识;The access aggregation device reports the physical location information of the optical access module and the device identifier of the optical access module to the virtualized optical line terminal vOLT;
    接收所述vOLT对所述光接入模块的认证消息,其中,所述vOLT根据所述光接入模块的设备标识对所述光接入模块进行认证。Receiving an authentication message of the vOLT to the optical access module, where the vOLT authenticates the optical access module according to the device identifier of the optical access module.
  9. 根据权利要求8所述的方法,其中,在所述接入汇聚设备是通用以太网交换机的情况下,在所述接入汇聚设备读取光接入模块的设备标识之前,所述方法还包括:The method according to claim 8, wherein, in the case that the access aggregation device is a general-purpose Ethernet switch, before the access aggregation device reads the device identifier of the optical access module, the method further includes :
    所述接入汇聚设备接收所述vOLT的管理IP和接口信息的通告;The access aggregation device receives an advertisement of the management IP and interface information of the vOLT;
    所述接入汇聚设备向所述vOLT通告所述接入汇聚设备的管理IP和接口信息;The access aggregation device notifies the vOLT of the management IP and interface information of the access aggregation device;
    所述接入汇聚设备与所述vOLT建立管理控制通道。The access aggregation device establishes a management control channel with the vOLT.
  10. 根据权利要求9所述的方法,其中,所述接入汇聚设备向所述vOLT通告所述接入汇聚设备的管理IP包括:The method of claim 9, wherein the accessing the aggregation device to notify the vOLT of the management IP of the access aggregation device comprises:
    静态预配置管理IP、通过动态主机配置协议方式获取的管理IP。Static pre-configuration management IP and management IP obtained through dynamic host configuration protocol.
  11. 根据权利要求8所述的方法,其中,所述接入汇聚设备读取光接入模块的设备标识包括:所述接入汇聚设备通过两线式串行总线I2C控制总线读取光接入模块的设备标识。The method according to claim 8, wherein the access aggregation device reads the device identifier of the optical access module, comprising: the access aggregation device reads the optical access module through the two-wire serial bus I2C control bus Device identification.
  12. 根据权利要求8所述的方法,其中,所述接入汇聚设备向虚拟化光线路终端vOLT上报所述光接入模块的物理位置信息和所述光接入模块的设备标识包括:The method of claim 8, wherein the accessing the aggregation device to report the physical location information of the optical access module and the device identifier of the optical access module to the virtualized optical line terminal vOLT comprises:
    所述接入汇聚设备通过网络配置协议NETCONF或者网络管理协议SNMP向虚拟化光线路终端vOLT上报所述光接入模块的物理位置信息和所述光接入模块的设备标识。The access aggregation device reports the physical location information of the optical access module and the device identifier of the optical access module to the virtualized optical line terminal vOLT through the network configuration protocol NETCONF or the network management protocol SNMP.
  13. 根据权利要求8至10任一项所述的方法,其中,所述光接入模块的物理位置信息包括:所述光接入模块所在的端口号,所述光接入模块所在的槽位号。The method according to any one of claims 8 to 10, wherein the physical location information of the optical access module comprises: a port number where the optical access module is located, and a slot number where the optical access module is located. .
  14. 根据权利要求8至10任一项所述的方法,其中,所述光接入模块的设备标识包括:所述光接入模块的MAC地址、所述光接入模块的序列号。The method according to any one of claims 8 to 10, wherein the device identifier of the optical access module comprises: a MAC address of the optical access module, and a sequence number of the optical access module.
  15. 一种光接入模块的认证注册装置,应用于虚拟化光线路终端vOLT,包括: An authentication and registration device for an optical access module is applied to a virtualized optical line terminal vOLT, including:
    第一接收模块,设置为接收光接入模块的物理位置信息和所述光接入模块的设备标识;a first receiving module, configured to receive physical location information of the optical access module and a device identifier of the optical access module;
    第一认证模块,设置为根据所述光接入模块的设备标识对所述光接入模块进行认证;The first authentication module is configured to authenticate the optical access module according to the device identifier of the optical access module;
    第一发送模块,设置为在所述vOLT对所述光接入模块的认证通过的情况下,向所述物理位置信息对应的所述光接入模块发送管理配置信息;The first sending module is configured to send the management configuration information to the optical access module corresponding to the physical location information, if the vOLT passes the authentication of the optical access module;
    建立模块,设置为所述vOLT根据所述管理配置信息与所述光接入模块建立管理通道。And establishing a module, where the vOLT establishes a management channel with the optical access module according to the management configuration information.
  16. 根据权利要求15所述的装置,其中,所述第一发送模块包括:The apparatus of claim 15, wherein the first transmitting module comprises:
    下发单元,设置为在所述vOLT对所述光接入模块的认证通过的情况下,所述vOLT接收所述光接入模块的管理IP请求,所述vOLT下发对所述光接入模块配置的管理MAC和管理IP;a sending unit, configured to: when the vOLT authenticates the optical access module, the vOLT receives a management IP request of the optical access module, where the vOLT sends the optical access Management MAC and management IP of the module configuration;
    携带单元,设置为在所述vOLT对所述光接入模块的认证通过的情况下,以及所述光接入模块发起802.1x的认证情况下,所述vOLT通过基于局域网的扩展认证协议EAPoL应答所述光接入模块,所述vOLT通过类型长度值TLV携带所述vOLT的管理MAC和管理IP。a carrying unit, configured to: when the vOLT authenticates the optical access module, and the optical access module initiates 802.1x authentication, the vOLT responds by using a local area network-based extended authentication protocol EAPoL The optical access module, the vOLT carries a management MAC and a management IP of the vOLT by using a type length value TLV.
  17. 根据权利要求15所述的装置,其中,所述建立模块包括:The apparatus of claim 15 wherein said establishing module comprises:
    第一管理通道单元,设置为所述光接入模块和所述vOLT之间通过管理IP建立管理通道;a first management channel unit, configured to establish a management channel between the optical access module and the vOLT by using a management IP;
    第二管理通道单元,设置为所述光接入模块和所述vOLT之间通过以太网维护通信信道ETH-MCC建立管理通道。The second management channel unit is configured to establish a management channel between the optical access module and the vOLT through an Ethernet maintenance communication channel ETH-MCC.
  18. 一种光接入模块的认证注册装置,包括:An authentication registration device for an optical access module, comprising:
    第二接收模块,设置为多个虚拟化光线路终端vOLT中的第一vOLT接收光接入模块的认证请求;a second receiving module, configured to receive, by the first vOLT of the plurality of virtualized optical line terminals vOLT, an authentication request of the optical access module;
    第二认证模块,设置为所述第一vOLT将所述认证请求转发给集中的认证授权计费AAA服务器;a second authentication module, configured to forward, by the first vOLT, the authentication request to a centralized authentication and authorization charging AAA server;
    第二发送模块,设置为在所述AAA服务器对所述光接入模块认证通过的情况下,所述第一vOLT向所述光接入模块发送对应vOLT的管理配置信息。The second sending module is configured to send, when the AAA server authenticates the optical access module, the first vOLT sends the management configuration information of the corresponding vOLT to the optical access module.
  19. 根据权利要求18所述的装置,其中,第二发送模块包括:The apparatus of claim 18, wherein the second transmitting module comprises:
    应答单元,设置为所述第一vOLT发送802.1x的应答消息给所述光接入模块,所述应答消息包括:对应的vOLT的管理IP和对应的vOLT的MAC;The response unit is configured to send an 802.1x response message to the optical access module, where the response message includes: a management IP of the corresponding vOLT and a MAC of the corresponding vOLT;
    配置单元,设置为所述第一vOLT通过动态主机配置协议后续协议DHCP分配所述光接入模块对应的vOLT的管理IP。 The configuration unit is configured to allocate, by the first vOLT, the management IP of the vOLT corresponding to the optical access module by using a dynamic host configuration protocol subsequent protocol.
  20. 一种光接入模块的认证注册装置,包括:An authentication registration device for an optical access module, comprising:
    读取模块,设置为在接入汇聚设备发现所述光接入模块在位的情况下,接入汇聚设备读取光接入模块的设备标识;a reading module, configured to: when the access aggregation device finds that the optical access module is in place, the access aggregation device reads the device identifier of the optical access module;
    上报模块,设置为所述接入汇聚设备向虚拟化光线路终端vOLT上报所述光接入模块的物理位置信息和所述光接入模块的设备标识;The reporting module is configured to report, by the access aggregation device, the physical location information of the optical access module and the device identifier of the optical access module to the virtualized optical line terminal vOLT;
    第三认证模块,设置为接收所述vOLT对所述光接入模块的认证消息,其中,所述vOLT根据所述光接入模块的设备标识对所述光接入模块进行认证。The third authentication module is configured to receive the authentication message of the vOLT to the optical access module, where the vOLT authenticates the optical access module according to the device identifier of the optical access module.
  21. 根据权利要求20所述的装置,其中,在所述接入汇聚设备是通用以太网交换机的情况下,所述装置还包括:The device of claim 20, wherein, in the case that the access aggregation device is a universal Ethernet switch, the device further comprises:
    通告接收模块,设置为所述接入汇聚设备接收所述vOLT的管理IP和接口信息的通告;An advertisement receiving module, configured to receive, by the access aggregation device, an advertisement of the management IP and interface information of the vOLT;
    通告发送模块,设置为所述接入汇聚设备向所述vOLT通告所述接入汇聚设备的管理IP和接口信息;An advertisement sending module, configured to notify, by the access aggregation device, the management IP and interface information of the access aggregation device to the vOLT;
    管理控制模块,设置为所述接入汇聚设备与所述vOLT建立管理控制通道。The management control module is configured to establish a management control channel between the access aggregation device and the vOLT.
  22. 一种光接入模块的认证注册系统,包括:光接入模块,接入汇聚设备,虚拟化光线路终端vOLT;An authentication registration system for an optical access module, comprising: an optical access module, an access aggregation device, and a virtualized optical line terminal vOLT;
    所述vOLT包括权利要求14至18任一项所述的装置;The vOLT includes the apparatus of any one of claims 14 to 18;
    所述接入汇聚设备包括权利要求19或20任一项所述的装置。 The access aggregation device includes the device of any one of claims 19 or 20.
PCT/CN2015/094729 2015-04-24 2015-11-16 Authentication and registration method, device and system for optical access module WO2016169260A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510202164.7 2015-04-24
CN201510202164.7A CN106162387B (en) 2015-04-24 2015-04-24 Authentication registration method, device and system of optical access module

Publications (1)

Publication Number Publication Date
WO2016169260A1 true WO2016169260A1 (en) 2016-10-27

Family

ID=57143714

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/094729 WO2016169260A1 (en) 2015-04-24 2015-11-16 Authentication and registration method, device and system for optical access module

Country Status (2)

Country Link
CN (1) CN106162387B (en)
WO (1) WO2016169260A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107342820A (en) * 2017-01-09 2017-11-10 烽火通信科技股份有限公司 VOLT method and system are realized based on Template Manager
CN107493524A (en) * 2017-09-21 2017-12-19 烽火通信科技股份有限公司 A kind of method for realizing virtual OLT
WO2018157299A1 (en) * 2017-02-28 2018-09-07 华为技术有限公司 Virtualization method for optical line terminal (olt) device, and related device

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111385026B (en) * 2018-12-29 2022-08-26 中兴通讯股份有限公司 OLT equipment virtualization method and OLT equipment
CN110121123A (en) * 2019-05-10 2019-08-13 江西山水光电科技股份有限公司 A kind of PON polymerization remote device management method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050053376A1 (en) * 2003-09-08 2005-03-10 Young-Hun Joo FTTH system for convergence of broadcasting and communication through switched broadcasting
CN101621331A (en) * 2008-06-30 2010-01-06 中兴通讯股份有限公司 Optical network unit configuration method and device
CN102882717A (en) * 2012-09-26 2013-01-16 烽火通信科技股份有限公司 Method for managing optical network unit in passive optical network (PON) system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101562480A (en) * 2008-04-15 2009-10-21 华为技术有限公司 Optical access network, and method, system and apparatus for backuping optical line terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050053376A1 (en) * 2003-09-08 2005-03-10 Young-Hun Joo FTTH system for convergence of broadcasting and communication through switched broadcasting
CN101621331A (en) * 2008-06-30 2010-01-06 中兴通讯股份有限公司 Optical network unit configuration method and device
CN102882717A (en) * 2012-09-26 2013-01-16 烽火通信科技股份有限公司 Method for managing optical network unit in passive optical network (PON) system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107342820A (en) * 2017-01-09 2017-11-10 烽火通信科技股份有限公司 VOLT method and system are realized based on Template Manager
CN107342820B (en) * 2017-01-09 2019-06-25 烽火通信科技股份有限公司 The method and system of VOLT are realized based on Template Manager
WO2018157299A1 (en) * 2017-02-28 2018-09-07 华为技术有限公司 Virtualization method for optical line terminal (olt) device, and related device
CN110301104A (en) * 2017-02-28 2019-10-01 华为技术有限公司 A kind of optical line terminal OLT equipment virtual method and relevant device
CN110301104B (en) * 2017-02-28 2021-01-05 华为技术有限公司 Optical line terminal OLT equipment virtualization method and related equipment
US11336973B2 (en) 2017-02-28 2022-05-17 Huawei Technologies Co., Ltd. Optical line terminal OLT device virtualization method and related device
CN107493524A (en) * 2017-09-21 2017-12-19 烽火通信科技股份有限公司 A kind of method for realizing virtual OLT
CN107493524B (en) * 2017-09-21 2020-02-11 烽火通信科技股份有限公司 Method for realizing virtual OLT

Also Published As

Publication number Publication date
CN106162387B (en) 2020-08-18
CN106162387A (en) 2016-11-23

Similar Documents

Publication Publication Date Title
US11038751B2 (en) Information processing method, network node, authentication method, and server
CN106161077B (en) Cut-in convergent device and certification register method
US11336973B2 (en) Optical line terminal OLT device virtualization method and related device
CN106464534B (en) Sheet for provisioning and managing customer premises equipment devices
US10367693B2 (en) Service configuration data processing method and apparatus
US9124485B2 (en) Topology aware provisioning in a software-defined networking environment
US20200099546A1 (en) Method and system for establishing a service path in a communications network
CN108881308B (en) User terminal and authentication method, system and medium thereof
US9832136B1 (en) Streaming software to multiple virtual machines in different subnets
WO2016169260A1 (en) Authentication and registration method, device and system for optical access module
CN106533883A (en) Network private line establishment method, apparatus and system
CN103580980A (en) Automatic searching and automatic configuration method and device of VN
AU2014261983B2 (en) Communication managing method and communication system
US9118588B2 (en) Virtual console-port management
CN107769939B (en) Network element management method, network management, gateway network element and system in data communication network
CN103200030B (en) The apparatus and method of network management
WO2018171124A1 (en) Resource allocation method, server, optical line terminal and system
CN113872789A (en) Optical network unit ONU service opening method, electronic device and storage medium
US11956574B2 (en) Optical communication network system, optical network unit, and optical communication method
WO2017076146A1 (en) Network access authentication method and system
CN103227822B (en) A kind of P2P communication connection method for building up and equipment
US12081924B2 (en) Optical network unit, communication network system and communication method
CN107547467B (en) A circuit authentication processing method, system and controller
WO2017077760A1 (en) Station-side device, information management device, terminal authentication method and information management method
US20130275967A1 (en) Dynamic provisioning of virtual systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15889743

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15889743

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载