CN101355578A - Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocols - Google Patents
Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocols Download PDFInfo
- Publication number
- CN101355578A CN101355578A CNA200810119536XA CN200810119536A CN101355578A CN 101355578 A CN101355578 A CN 101355578A CN A200810119536X A CNA200810119536X A CN A200810119536XA CN 200810119536 A CN200810119536 A CN 200810119536A CN 101355578 A CN101355578 A CN 101355578A
- Authority
- CN
- China
- Prior art keywords
- server
- radius
- message
- diameter
- mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 238000013519 translation Methods 0.000 claims abstract description 143
- 230000006854 communication Effects 0.000 claims abstract description 45
- 238000004891 communication Methods 0.000 claims abstract description 43
- 230000004044 response Effects 0.000 claims description 14
- 230000008569 process Effects 0.000 abstract description 30
- 230000014616 translation Effects 0.000 description 119
- 238000010586 diagram Methods 0.000 description 8
- 238000012795 verification Methods 0.000 description 7
- 241000953555 Theama Species 0.000 description 6
- 238000013475 authorization Methods 0.000 description 5
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000007704 transition Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
本发明公开了一种基于RADIUS和DIAMETER协议的移动IP应用的兼容方法和系统。所述方法包括如下步骤:移动节点与接入服务器之间通讯;接入服务器与翻译代理服务器之间通讯,所述翻译代理服务器将RADIUS和DIAMETER协议的消息格式进行相互翻译;所述翻译代理服务器与认证服务器之间通讯;其中,所述接入服务器和所述认证服务器的其中之一运行RADIUS协议,另一个运行DIAMETER协议。本发明不仅能够使运行不同AAA协议的网络实体协同工作,而且由于采用基于DIAMETER协议的移动IP应用的注册流程,使得基于RADIUS协议的网络实体的注册和认证流程合二为一,提高了效率。
The invention discloses a compatible method and system for mobile IP applications based on RADIUS and DIAMETER protocols. The method includes the following steps: communication between the mobile node and the access server; communication between the access server and the translation proxy server, the translation proxy server translates the message formats of the RADIUS and DIAMETER protocols mutually; the translation proxy server Communication with the authentication server; wherein, one of the access server and the authentication server runs the RADIUS protocol, and the other runs the DIAMETER protocol. The invention not only enables network entities running different AAA protocols to work together, but also integrates the registration and authentication processes of network entities based on RADIUS protocol by adopting the registration process of mobile IP applications based on DIAMETER protocol, thereby improving efficiency.
Description
技术领域 technical field
本发明涉及基于DIAMETER协议的网络认证、授权、记账(Authentication、Authorization、Accounting,AAA)系统的移动IP扩展应用和基于RADIUS协议的AAA系统的移动IP扩展应用,具体涉及基于RADIUS和DIAMETER协议的移动IP应用的兼容方法及系统。The present invention relates to the mobile IP extension application of the network authentication, authorization, accounting (Authentication, Authorization, Accounting, AAA) system based on the DIAMETER protocol and the mobile IP extension application of the AAA system based on the RADIUS protocol, in particular to the mobile IP extension application based on the RADIUS and DIAMETER protocols A compatible method and system for mobile IP applications.
背景技术 Background technique
移动IP是一种在Internet上基于网络层提供移动功能的解决方案。移动IP使得移动节点(Mobile Node,MN)在不同网络间移动的过程中,不必改变IP地址,仍能保持与其他移动节点或者不具有移动IP功能的节点间通讯的连续性。Mobile IP is a solution that provides mobile functions on the Internet based on the network layer. Mobile IP enables the mobile node (Mobile Node, MN) to maintain the continuity of communication with other mobile nodes or nodes without mobile IP functions without changing the IP address during the process of moving between different networks.
移动IP系统主要包括移动节点(MN)、外地代理服务器(Foreign Agent,FA)、家乡代理服务器(Home Agent,HA)。每一个移动节点都有一个家乡地址(Home of Address,HoA),当移动节点离开家乡网络进入外地网络时,它需要获得一个转交地址(Care of Address,CoA),并通过外地代理服务器(或者直接)向家乡代理服务器注册,在家乡代理服务器上创建一个HoA和CoA的关联。移动节点发送给移动节点的数据包通过正常的IP路由到移动节点的家乡网络,家乡代理服务器截获这些数据包,并通过隧道技术将它们发送到移动节点的当前位置。The mobile IP system mainly includes a mobile node (MN), a foreign agent server (Foreign Agent, FA), and a home agent server (Home Agent, HA). Each mobile node has a home address (Home of Address, HoA), when the mobile node leaves the home network and enters the foreign network, it needs to obtain a care of address (Care of Address, CoA), and through the foreign agent server (or directly ) register with the home agent server, and create an association between HoA and CoA on the home agent server. The data packets sent by the mobile node to the mobile node are routed to the home network of the mobile node through the normal IP route, and the home agent server intercepts these data packets and sends them to the current location of the mobile node through tunnel technology.
移动IP系统中存在的安全问题主要存在于注册过程和通讯过程。一方面在于移动节点的注册过程中,如果不采用安全保障措施,恶意用户可通过发送假的注册请求给本地代理,导致所有数据包全部被转发到恶意用户那里。另一方面在于注册后正常的通讯过程,攻击者可以窃听会话,截取数据包。因此安全性是保证移动IP技术发挥作用需要考虑的重要因素,而注册过程中移动用户的认证、消息的完整性和保密性是移动IP安全的核心问题之一。为解决注册过程中的安全性问题,需要引入安全协议,而AAA协议就是其中之一。The security problems in the mobile IP system mainly exist in the registration process and communication process. On the one hand, during the registration process of the mobile node, if no security measures are adopted, malicious users can send false registration requests to the local agent, causing all data packets to be forwarded to the malicious users. On the other hand, in the normal communication process after registration, attackers can eavesdrop on sessions and intercept data packets. Therefore, security is an important factor to ensure the function of mobile IP technology, and the authentication of mobile users, message integrity and confidentiality in the registration process are one of the core issues of mobile IP security. In order to solve the security problem in the registration process, security protocols need to be introduced, and the AAA protocol is one of them.
AAA指的是Authentication(认证),Authorization(授权),Accounting(记账)。其中,认证是指通过验证一些预先登记的信息对用户进行身份认证,以确定用户的合法性,防止非法用户使用网络资源;授权是指在认证的基础上决定是否授予用户访问特定的网络资源或者获得某项服务的权利;记账是指网络系统记录并存储用户对网络资源、各种服务的使用信息,并按照预定的规则对用户行为进行计费、审计等。AAA refers to Authentication (authentication), Authorization (authorization), Accounting (accounting). Among them, authentication refers to authenticating users by verifying some pre-registered information to determine the legitimacy of users and prevent illegal users from using network resources; authorization refers to deciding whether to grant users access to specific network resources or The right to obtain a certain service; bookkeeping refers to the network system recording and storing information on the use of network resources and various services by users, and billing and auditing user behavior according to predetermined rules.
RADIUS协议是目前最常用的AAA协议之一,可以用于解决移动IP的注册安全问题。其网络拓扑结构如附图1所示,它包括移动节点11、外地代理服务器12、家乡代理服务器13、外地认证服务器(Foreign AAA server,AAAF)14和本地认证服务器(Home AAA server,AAAH)15。在图1所示的网络拓扑结构中,移动节点11的注册流程为:The RADIUS protocol is one of the most commonly used AAA protocols at present, and can be used to solve the registration security problem of mobile IP. Its network topology is as shown in accompanying drawing 1, and it comprises
步骤S11,开始。移动节点11开机注册前,移动节点11只有网络接入标识(Network Access Identifier,NAI)以及移动节点11和外地认证服务器15(Home AAA server,AAAH)的移动安全关联(Mobility Security Association,MSA)的安全信息。Step S11, start. Before the
步骤S12,移动节点11开机后,移动节点11向外地代理服务器12发出注册请求消息(Registration Request,RRQ)。Step S12, after the
步骤S13,外地代理服务器12收到移动节点11的注册请求(RRQ),此时外地代理服务器12和移动节点11及家乡代理服务器13之间没有移动安全关联(MSA),为此则外地代理服务器12向外地认证服务器14(Foreign AAAserver,AAAF)发送接入请求(RADIUS Access Request,AR)消息,其中MIP-Feature-Vector属性设置FA-HA-Key-Request和MN-FA-Key-Nonce-Request位。Step S13,
步骤S14,外地认证服务器14收到AR消息后转发给外地认证服务器15。In step S14, the
步骤S15,外地认证服务器15收到AR后,首先验证移动节点11的身份,如果通过验证,则分配移动节点11和外地代理服务器12之间的密钥信息(MN-FA-Key)、外地代理服务器12和家乡代理服务器13之间的密钥信息(FA-HA-Key),并发送接入允许(RADIUS Access-Accept,AA)消息给外地代理服务器12,用于外地代理服务器12建立外地代理服务器12与移动节点11、家乡代理服务器13的MSA;此接入允许消息(AA)需要经过外地认证服务器14到达外地代理服务器12。Step S15, after
步骤S16,AA消息经过外地认证服务器14到达外地代理服务器12,表明移动节点11已经通过认证。外地代理服务器12从AA消息中得到用于建立外地代理服务器12和移动节点11、家乡代理服务器13之间的MSA的安全信息,然后向家乡代理服务器13发送注册请求信息(RRQ)消息。Step S16, the AA message reaches the
步骤S17,家乡代理服务器13收到来自外地代理服务器12的RRQ,判断如果家乡代理服务器13上已经存在外地代理服务器12和家乡代理服务器13的MSA,则家乡代理服务器13可以对RRQ中的外地代理服务器12和移动节点11信息进行验证;否则家乡代理服务器13要通过外地认证服务器15对RRQ中的外地代理服务器12和移动节点11信息进行验证,此验证过程为家乡代理服务器13首先向外地认证服务器15发送AR消息,外地认证服务器15验证通过后向家乡代理服务器13发送AR消息。Step S17, the
家乡代理服务器13对RRQ中的外地代理服务器12和移动节点11信息验证通过后,家乡代理服务器13对移动节点11的注册请求进行处理,然后发送注册回复(Mobile IP Registration Reply,RRP)消息给外地代理服务器12。
步骤S18,外地代理服务器12将RRP消息转发给移动节点11,完成注册过程。In step S18, the
以上为RADIUS协议应用于移动IP注册过程的主要流程。RADIUS能够在一定程度上满足移动IP对于安全问题的需要。The above is the main flow of the RADIUS protocol applied to the mobile IP registration process. RADIUS can meet the needs of mobile IP for security issues to a certain extent.
近几年来各种互联网业务不断涌现,以各种方式接入互联网的用户不断增加,使得基于原有AAA技术的路由器和网络接入服务器难以应对。RADIUS等AAA协议已无法满足新形势下的需求。经过讨论,IETF的AAA工作组同意将DIAMETER协议作为下一代AAA协议标准。DIAMETER协议在端到端安全性、扩容、传输可靠性、漫游支持、故障切换和扩展性等方面比RADIUS协议有较大的优势,可以满足现阶段的需要。In recent years, various Internet services have emerged continuously, and the number of users accessing the Internet in various ways has continued to increase, making it difficult for routers and network access servers based on the original AAA technology to cope. AAA protocols such as RADIUS cannot meet the requirements in the new situation. After discussion, the AAA working group of IETF agreed to use the DIAMETER protocol as the next-generation AAA protocol standard. The DIAMETER protocol has greater advantages than the RADIUS protocol in terms of end-to-end security, capacity expansion, transmission reliability, roaming support, failover and scalability, and can meet the needs of the current stage.
DIAMETER协议提供了对移动IP的支持。利用DIAMETER基础协议,基于DIAMETER协议的移动IP应用比较完善地解决了移动IP中的很多问题。在基于DIAMETER协议的移动IP应用中,AAA认证服务器作为密钥分配中心,为移动节点、外地代理服务器和家乡代理服务器创建和分配会话密钥,从而使移动节点在外部网络得到接入服务。其网络拓扑结构如附图2所示。按照图2所示的网络拓扑,移动节点21的注册流程为:The DIAMETER protocol provides support for mobile IP. Using the DIAMETER basic protocol, the mobile IP application based on the DIAMETER protocol solves many problems in the mobile IP relatively well. In the mobile IP application based on the DIAMETER protocol, the AAA authentication server acts as a key distribution center to create and distribute session keys for the mobile node, foreign agent server and home agent server, so that the mobile node can obtain access services in the external network. Its network topology is shown in Figure 2. According to the network topology shown in Figure 2, the registration process of the
步骤S21,开始。移动节点21开机注册前,移动节点21只有NAI以及移动节点21和本地认证服务器25的移动安全关联(MSA)的信息。Step S21, start. Before the
步骤S22,移动节点21开机后,移动节点21向外地代理服务器22发出注册请求(Registration Request,RRQ)消息。Step S22, after the
步骤S23,外地代理服务器22接到注册请求消息后,根据其中的信息生成移动节点请求(AA-Mobile-Node-Request,AMR)消息发给外地认证服务器24。Step S23 , after receiving the registration request message, the
步骤S24,外地认证服务器24接到AMR后转发给本地认证服务器25。In step S24, the
步骤S25,本地认证服务器25收到AMR后,为移动节点21分配移动节点21和家乡代理服务器23之间、移动节点21和外地代理服务器22之间的密钥信息,以及外地代理服务器22和家乡代理服务器23之间的密钥信息,并向家乡代理服务器23发出本地代理移动IP请求(Home-Agent-MIP-Request,HAR)消息,其中的MIP-Reg-Request AVP包含移动IP注册请求信息。Step S25, after the
步骤S26,家乡代理服务器23接到HAR,处理MIP-Reg-Request AVP,生成MIP-Reg-Reply AVP,将MIP-Reg-Reply AVP包含在本地代理移动IP响应(Home-Agent-MIP-Answer,HAA)消息中发送给本地认证服务器25。Step S26,
步骤S27,本地认证服务器25收到HAA后,生成移动节点响应(AA-Mobile-Node-Answer,AMA)消息发送给外地认证服务器24。In step S27, after receiving the HAA, the
步骤S28,外地认证服务器24将AMA转发给外地代理服务器22。Step S28 , the
步骤S29,外地代理服务器22接到AMA后保留外地代理服务器22和家乡代理服务器23之间的密钥信息,将外地代理服务器22和移动节点21之间、家乡代理服务器23和移动节点21之间的密钥信息包含在注册应答(Registration-Reply,RRP)消息中,发送给移动节点21,完成注册。Step S29, after receiving the AMA, the
作为新一代的AAA协议,DIAMETER与RADIUS相比有着明显的优势,在未来移动通信网逐渐向全IP过渡的情况下,DIAMETER协议必将得到广泛的应用。但是从目前看来,使用RADIUS协议还是主要的方式,几乎所有的网络接入服务器都支持RADIUS协议,因此新的AAA协议能否顺利推广与应用在很大程度上取决于新的协议能否兼容RADIUS协议。DIAMETER协议采用了一些机制以利于兼容RADIUS协议,但是由于RADIUS和DIAMETER协议的移动IP应用之间在消息格式、属性值和注册流程方面的差异,目前还没有具体的方法能够实现RADIUS协议的移动IP应用和DIAMETER协议的移动IP应用的兼容。As a new generation of AAA protocol, DIAMETER has obvious advantages compared with RADIUS. In the future, when the mobile communication network gradually transitions to all-IP, the DIAMETER protocol will be widely used. But from the current point of view, the use of the RADIUS protocol is still the main way, almost all network access servers support the RADIUS protocol, so the smooth promotion and application of the new AAA protocol depends to a large extent on whether the new protocol is compatible RADIUS protocol. The DIAMETER protocol adopts some mechanisms to be compatible with the RADIUS protocol. However, due to the differences in message formats, attribute values, and registration procedures between the mobile IP applications of the RADIUS and DIAMETER protocols, there is currently no specific method to implement the mobile IP of the RADIUS protocol. The application is compatible with the mobile IP application of the DIAMETER protocol.
发明内容 Contents of the invention
本发明的一个目的是提供RADIUS和DIAMETER协议的消息格式兼容方法。由于DIAMETER和RADIUS协议有各自不同的消息格式,在移动IP应用方面也引入了不同的属性格式,所以为了能够使这两种移动IP应用兼容,需要使基于这两种协议的消息之间能够相互转换。It is an object of the present invention to provide message format compatible methods of RADIUS and DIAMETER protocols. Since the DIAMETER and RADIUS protocols have different message formats, different attribute formats are also introduced in the mobile IP application, so in order to make the two mobile IP applications compatible, it is necessary to make the messages based on the two protocols mutually compatible. convert.
本发明的另一个目的是提供基于RADIUS和DIAMETER协议的移动IP应用的兼容方法。由于RADIUS和DIAMETER协议的移动IP应用的注册流程有很大差异,所以需要一种方法能够使运行这两种协议的接入服务器和认证服务器能够在共同的流程下协同工作。Another object of the present invention is to provide a compatible method for mobile IP applications based on RADIUS and DIAMETER protocols. Since the registration processes of mobile IP applications of the RADIUS and DIAMETER protocols are very different, a method is needed to enable the access server and authentication server running the two protocols to work together under a common process.
本发明的又一目的是提供一种基于RADIUS和DIAMETER协议的移动IP应用的兼容系统,使得DIAMETER(或RADIUS)协议的接入服务器与RADIUS(或DIAMETER)协议的认证服务器在移动IP应用中能够兼容,并且不改变原有的网络结构和网络实体的功能。Another object of the present invention is to provide a kind of compatible system based on the mobile IP application of RADIUS and DIAMETER agreement, make the access server of DIAMETER (or RADIUS) agreement and the authentication server of RADIUS (or DIAMETER) agreement in mobile IP application Compatible, and does not change the original network structure and functions of network entities.
为了上述目的,本发明提供如下技术方案;For the above purpose, the present invention provides the following technical solutions;
一种基于RADIUS和DIAMETER协议的移动IP应用的兼容方法,包括如下步骤:A kind of compatible method based on the mobile IP application of RADIUS and DIAMETER agreement, comprises the steps:
步骤S1,移动节点与接入服务器之间通讯;Step S1, communication between the mobile node and the access server;
步骤S2,接入服务器与翻译代理服务器之间通讯,所述翻译代理服务器将RADIUS和DIAMETER协议的消息格式进行相互翻译;Step S2, communication between the access server and the translation proxy server, the translation proxy server translates the message formats of the RADIUS and DIAMETER protocols to each other;
步骤S3,所述翻译代理服务器与认证服务器之间通讯;Step S3, communication between the translation proxy server and the authentication server;
其中,所述接入服务器和所述认证服务器的其中之一运行RADIUS协议,另一个运行DIAMETER协议。Wherein, one of the access server and the authentication server runs the RADIUS protocol, and the other runs the DIAMETER protocol.
进一步地,步骤S1中的所述接入服务器为外地代理服务器,相应地步骤S3中的所述认证服务器为外地认证服务器;或者,步骤S1中的所述接入服务器为家乡代理服务器,相应地步骤S3中的所述认证服务器为本地认证服务器。Further, the access server in step S1 is a foreign proxy server, and correspondingly the authentication server in step S3 is a foreign authentication server; or, the access server in step S1 is a home proxy server, correspondingly The authentication server in step S3 is a local authentication server.
进一步地,上述的基于RADIUS和DIAMETER协议的移动IP应用的兼容方法,当步骤S1中的所述接入服务器为外地代理服务器,相应地步骤S3中的所述认证服务器为外地认证服务器时,还包括:Further, the above-mentioned compatible method for mobile IP applications based on RADIUS and DIAMETER protocols, when the access server in step S1 is a foreign proxy server, and correspondingly when the authentication server in step S3 is a foreign authentication server, include:
步骤S4,所述外地认证服务器与本地认证服务器之间通讯;Step S4, communication between the foreign authentication server and the local authentication server;
步骤S5,所述本地认证服务器与第二翻译代理服务器之间通讯,所述第二翻译代理服务器将RADIUS和DIAMETER协议的消息格式进行相互翻译;Step S5, communication between the local authentication server and the second translation proxy server, the second translation proxy server translates the message formats of RADIUS and DIAMETER protocols;
步骤S6,所述第二翻译代理服务器与家乡代理服务器之间通讯;Step S6, communication between the second translation proxy server and the home proxy server;
其中,所述本地认证服务器和所述家乡代理服务器的其中之一运行RADIUS协议,另一个运行DIAMETER协议。Wherein, one of the local authentication server and the home proxy server runs the RADIUS protocol, and the other runs the DIAMETER protocol.
进一步地,当所述家乡代理服务器和所述外地代理服务器运行DIAMETER协议,所述外地认证服务器和所述本地认证服务器运行RADIUS协议时,所述步骤S3还包括:Further, when the home agent server and the foreign agent server run the DIAMETER protocol, and the foreign authentication server and the local authentication server run the RADIUS protocol, the step S3 also includes:
所述翻译代理服务器和所述第二翻译代理服务器之间通讯。communication between the translation proxy server and the second translation proxy server.
进一步地,所述的基于RADIUS和DIAMETER协议的移动IP应用的兼容方法,还包括:Further, the described compatible method of mobile IP application based on RADIUS and DIAMETER protocol also includes:
在步骤S4中,所述外地认证服务器与所述本地认证服务器之间通过第三翻译代理服务器进行通讯,所述第三翻译代理服务器将RADIUS和DIAMETER协议的消息格式进行相互翻译;其中所述外地认证服务器与所述本地认证服务器的其中之一运行RADIUS协议,另一个运行DIAMETER协议。In step S4, the foreign authentication server communicates with the local authentication server through a third translation proxy server, and the third translation proxy server translates the message formats of the RADIUS and DIAMETER protocols; wherein the foreign One of the authentication server and the local authentication server runs the RADIUS protocol, and the other runs the DIAMETER protocol.
进一步地,所述的基于RADIUS和DIAMETER协议的移动IP应用的兼容方法,还包括:Further, the described compatible method of mobile IP application based on RADIUS and DIAMETER protocol also includes:
步骤S7,对家乡代理服务器发出的注册回复消息进行处理并发回给移动节点,完成移动节点注册。Step S7, process the registration reply message sent by the home agent server and send it back to the mobile node, completing the registration of the mobile node.
进一步地,所述的基于RADIUS和DIAMETER协议的移动IP应用的兼容方法,在步骤S2中,所述翻译代理服务器将RADIUS和DIAMETER协议的消息格式进行相互翻译的方法包括:Further, in the compatible method of the mobile IP application based on the RADIUS and DIAMETER protocols, in step S2, the method for the translation proxy server to translate the message formats of the RADIUS and DIAMETER protocols to each other includes:
DIAMETER协议的移动节点请求消息与RADIUS的接入请求消息互相翻译;Translate the mobile node request message of the DIAMETER protocol and the access request message of RADIUS;
DIAMETER协议的移动节点响应消息与RADIUS协议的接入允许及拒绝消息和注册回复消息互相翻译;其中所述接入允许及拒绝消息中的MIP-MA-Type属性设置,用于表示该消息对应的是本地认证服务器或外地认证服务器与外地代理服务器之间的DIAMETER协议消息;The mobile node response message of the DIAMETER protocol and the access permission and rejection message and the registration reply message of the RADIUS protocol are mutually translated; wherein the MIP-MA-Type attribute setting in the access permission and rejection message is used to indicate the corresponding It is a DIAMETER protocol message between the local authentication server or the foreign authentication server and the foreign proxy server;
DIAMETER协议的家乡代理请求消息与RADIUS协议的注册请求消息相互翻译;The home agent request message of the DIAMETER protocol and the registration request message of the RADIUS protocol are mutually translated;
DIAMETER协议的家乡代理响应消息与RADIUS协议的接入允许/拒绝消息和注册回复消息互相翻译;其中所述接入允许及拒绝消息中的MIP-MA-Type属性设置,用于表示该消息对应的是家乡代理服务器与本地认证服务器之间的DIAMETER协议消息。The Home Agent Response message of the DIAMETER protocol and the Access Allow/Reject message and Registration Reply message of the RADIUS protocol are mutually translated; wherein the MIP-MA-Type attribute setting in the Access Allow and Reject message is used to indicate the corresponding It is a DIAMETER protocol message between the home proxy server and the local authentication server.
本发明还提供一种基于RADIUS和DIAMETER协议的移动IP应用的兼容系统,包括:The present invention also provides a compatible system for mobile IP applications based on RADIUS and DIAMETER protocols, including:
接入服务器,与移动节点进行通讯,用于代理移动节点接入网络;Access to the server, communicate with the mobile node, and use it to access the network on behalf of the mobile node;
翻译代理服务器,设置在所述接入服务器和认证服务器之间,用于将RADIUS和DIAMETER协议的消息格式进行相互翻译;A translation proxy server is arranged between the access server and the authentication server, and is used for mutually translating the message formats of the RADIUS and DIAMETER protocols;
认证服务器,用于通过所述翻译代理服务器与所述接入服务器进行通讯;an authentication server, configured to communicate with the access server through the translation proxy server;
其中,所述接入服务器和所述认证服务器的其中之一运行RADIUS协议,另一个运行DIAMETER协议。Wherein, one of the access server and the authentication server runs the RADIUS protocol, and the other runs the DIAMETER protocol.
进一步地,所述接入服务器为外地代理服务器,相应地所述认证服务器为外地认证服务器;或者,所述接入服务器为家乡代理服务器,相应地所述认证服务器为本地认证服务器。Further, the access server is a foreign proxy server, and the authentication server is a foreign authentication server; or, the access server is a home proxy server, and the authentication server is a local authentication server.
进一步地,所述的基于RADIUS和DIAMETER协议的移动IP应用的兼容系统,当所述接入服务器为外地代理服务器,相应地所述认证服务器为外地认证服务器时,还包括:本地认证服务器,与所述外地认证服务器进行通讯。Further, the compatible system for mobile IP applications based on RADIUS and DIAMETER protocols, when the access server is a foreign proxy server, and correspondingly when the authentication server is a foreign authentication server, it also includes: a local authentication server, and The foreign authentication server communicates.
进一步地,所述的基于RADIUS和DIAMETER协议的移动IP应用的兼容系统,还包括:家乡代理服务器,通过第二翻译代理服务器与所述本地认证服务器进行通讯;所述第二翻译代理服务器用于将RADIUS和DIAMETER协议的消息格式进行相互翻译,其中所述家乡代理服务器和所述本地认证服务器的其中之一运行RADIUS协议,另一个运行DIAMETER协议。Further, the described compatible system for mobile IP applications based on RADIUS and DIAMETER protocols also includes: a home proxy server communicating with the local authentication server through a second translation proxy server; the second translation proxy server is used for The message formats of the RADIUS and DIAMETER protocols are mutually translated, wherein one of the home agent server and the local authentication server runs the RADIUS protocol, and the other runs the DIAMETER protocol.
进一步地,当所述外地代理服务器和所述家乡代理服务器是运行DIAMETER协议的服务器,所述外地认证服务器和所述本地认证服务器是运行RADIUS协议的服务器时,所述翻译代理服务器和所述第二翻译代理服务器进行通讯。Further, when the foreign proxy server and the home proxy server are servers running the DIAMETER protocol, and the foreign authentication server and the local authentication server are servers running the RADIUS protocol, the translation proxy server and the first Two translation proxy servers communicate.
进一步地,所述的基于RADIUS和DIAMETER协议的移动IP应用的兼容系统,还包括:当所述外地认证服务器和所述本地认证服务器是的其中之一运行RADIUS协议,另一个运行DIAMETER协议时,所述本地认证服务器通过一第三翻译代理服务器与所述外地认证服务器进行通讯;所述第三翻译代理服务器用于将RADIUS和DIAMETER协议的消息格式进行相互翻译。Further, the compatible system for mobile IP applications based on RADIUS and DIAMETER protocols further includes: when one of the foreign authentication server and the local authentication server runs the RADIUS protocol, and the other runs the DIAMETER protocol, The local authentication server communicates with the foreign authentication server through a third translation proxy server; the third translation proxy server is used to translate message formats of RADIUS and DIAMETER protocols to each other.
进一步地,所述的基于RADIUS和DIAMETER协议的移动IP应用的兼容系统,其特征是,所述翻译代理服务器将RADIUS和DIAMETER协议的消息格式进行相互翻译包括:Further, the compatible system of the mobile IP application based on RADIUS and DIAMETER protocol is characterized in that, the translation proxy server mutually translates the message formats of RADIUS and DIAMETER protocol including:
DIAMETER协议的移动节点请求消息与RADIUS的接入请求消息互相翻译;Translate the mobile node request message of the DIAMETER protocol and the access request message of RADIUS;
DIAMETER协议的移动节点响应消息与RADIUS协议的接入允许及拒绝消息和注册回复消息互相翻译;其中所述接入允许及拒绝消息中的MIP-MA-Type属性设置,用于表示该消息对应的是本地认证服务器或外地认证服务器与外地代理服务器之间的DIAMETER协议消息;The mobile node response message of the DIAMETER protocol and the access permission and rejection message and the registration reply message of the RADIUS protocol are mutually translated; wherein the MIP-MA-Type attribute setting in the access permission and rejection message is used to indicate the corresponding It is a DIAMETER protocol message between the local authentication server or the foreign authentication server and the foreign proxy server;
DIAMETER协议的家乡代理请求消息与RADIUS协议的注册请求消息相互翻译;The home agent request message of the DIAMETER protocol and the registration request message of the RADIUS protocol are mutually translated;
DIAMETER协议的家乡代理响应消息与RADIUS协议的接入允许/拒绝消息和注册回复消息互相翻译;其中所述接入允许及拒绝消息中的MIP-MA-Type属性设置,用于表示该消息对应的是家乡代理服务器与本地认证服务器之间的DIAMETER协议消息。The Home Agent Response message of the DIAMETER protocol and the Access Allow/Reject message and Registration Reply message of the RADIUS protocol are mutually translated; wherein the MIP-MA-Type attribute setting in the Access Allow and Reject message is used to indicate the corresponding It is a DIAMETER protocol message between the home proxy server and the local authentication server.
本发明的有益效果是:The beneficial effects of the present invention are:
通过采用本发明所述的方案,不仅能够使运行不同AAA协议的网络实体协同工作,而且由于采用基于DIAMETER协议的移动IP应用的注册流程,使得基于RADIUS协议的网络实体的注册和认证流程合二为一,提高了效率。By adopting the solution described in the present invention, not only can network entities running different AAA protocols work together, but also because the registration process of mobile IP applications based on DIAMETER protocol is adopted, the registration and authentication processes of network entities based on RADIUS protocol are combined. For one, the efficiency is improved.
本发明的技术方案完全符合基于RADIUS和DIAMETER协议的移动IP应用所描述的网络结构,在不改变原先的网络结构和网络实体功能的前提下,只用引入很少的网络实体,就可以实现基于RADIUS和DIAMETER协议的网络实体的兼容,使得在移动IP应用中RADIUS协议向DIAMETER协议的过度更加平稳。The technical scheme of the present invention fully conforms to the network structure described by the mobile IP application based on RADIUS and DIAMETER protocols, and can realize the network structure based on The compatibility of the network entities of the RADIUS and DIAMETER protocols makes the transition from the RADIUS protocol to the DIAMETER protocol more stable in mobile IP applications.
附图说明 Description of drawings
图1为基于RADIUS协议的移动IP应用网络拓扑结构图;Fig. 1 is a topological structure diagram of a mobile IP application network based on the RADIUS protocol;
图2为基于DIAMETER协议的移动IP应用网络拓扑结构图;Figure 2 is a topological structure diagram of a mobile IP application network based on the DIAMETER protocol;
图3为本发明实施例1的网络拓扑结构图;FIG. 3 is a network topology diagram of Embodiment 1 of the present invention;
图4为本发明实施例1的消息交互流程图;FIG. 4 is a flow chart of message interaction in Embodiment 1 of the present invention;
图5为本发明实施例2的网络拓扑结构图;FIG. 5 is a network topology diagram of Embodiment 2 of the present invention;
图6为本发明实施例2的消息交互流程图;FIG. 6 is a flow chart of message interaction in Embodiment 2 of the present invention;
图7为本发明实施例4的网络拓扑结构图;FIG. 7 is a network topology diagram of Embodiment 4 of the present invention;
图8为本发明实施例4的消息交互流程图。FIG. 8 is a flow chart of message interaction in Embodiment 4 of the present invention.
其中:in:
11,21,31,51,71---移动节点(MN);11, 21, 31, 51, 71---Mobile Node (MN);
12,22,32,52---外地代理服务器(FA);12, 22, 32, 52 --- foreign agent server (FA);
13,23,33,53,72---家乡代理服务器(HA);13, 23, 33, 53, 72---home agent server (HA);
14,24,34,54---外地认证服务器(AAAF);14, 24, 34, 54 --- foreign authentication server (AAAF);
15,25,35,55,74---本地认证服务器(AAAH);15, 25, 35, 55, 74---local authentication server (AAAH);
36,56---第一翻译代理服务器(TA);36, 56---the first translation proxy server (TA);
37,57---第二翻译代理服务器(TA);37, 57---the second translation proxy server (TA);
73---翻译代理服务器(TA)73---Translation proxy server (TA)
RRQ---注册请求消息(Registration Request);RRQ---Registration Request message (Registration Request);
AR---接入请求消息(Access Request);AR---Access Request message (Access Request);
AMR---移动节点请求消息(AA-Mobile-Node-Request);AMR---Mobile Node Request Message (AA-Mobile-Node-Request);
HAR---家乡代理请求消息(Home Agent Reguest);HAR---home agent request message (Home Agent Reguest);
RRP---注册应答消息(Registration-Reply);RRP---Registration Reply message (Registration-Reply);
HAA---家乡代理响应消息(Home Agent Answer);HAA---home agent response message (Home Agent Answer);
AMA---移动节点响应消息(AA-Moblie-Node-Answer);AMA --- mobile node response message (AA-Moblie-Node-Answer);
AA/AR---接入允许/拒绝消息(Access Accept/Reject);AA/AR---Access Accept/Reject message (Access Accept/Reject);
RRP---注册回复消息(Registration Reply)。RRP---Registration Reply.
具体实施方式 Detailed ways
为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明的基于RADIUS和DIAMETER协议的移动IP应用的兼容方法及系统进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the purpose, technical solution and advantages of the present invention clearer, the RADIUS and DIAMETER protocol-based mobile IP application compatible method and system of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.
实施例1Example 1
本发明通过引入翻译代理服务器网络实体使得RADIUS和DIAMETER两种AAA协议的移动IP应用相互兼容,具体包括了网络实体之间的不同协议的消息格式兼容和协议流程兼容。The invention makes the mobile IP applications of the two AAA protocols of RADIUS and DIAMETER compatible with each other by introducing the network entity of the translation proxy server, specifically including the compatibility of message formats and protocol flows of different protocols between the network entities.
为了实现网络实体之间的消息格式兼容,本发明通过引入翻译代理服务器,使用一定的消息格式转换方法(即翻译方法),使得运行RADIUS协议的网络实体和运行DIAMETER协议的网络实体之间能够进行通讯。In order to realize the compatibility of message formats between network entities, the present invention introduces a translation proxy server and uses a certain message format conversion method (i.e. translation method), so that the network entity running the RADIUS protocol and the network entity running the DIAMETER protocol can perform communication.
为了实现网络实体之间的协议流程兼容,本发明通过上述翻译代理服务器,使得流程上不兼容的运行RADIUS协议的网络实体和运行DIAMETER协议的网络实体能够协同工作。In order to achieve protocol flow compatibility between network entities, the present invention uses the above-mentioned translation proxy server to enable the incompatible network entities running the RADIUS protocol and the network entities running the DIAMETER protocol to work together.
本发明中的翻译代理服务器(Translation-Agent,TA)网络实体负责消息格式的转换(即不同协议的消息格式的相互翻译),该网络实体位于运行RADIUS协议的网络实体和运行DIAMETER协议的网络实体之间,主要功能为:Translation proxy server (Translation-Agent, TA) network entity in the present invention is responsible for the conversion of message format (that is, the mutual translation of the message format of different agreements), and this network entity is positioned at the network entity of operation RADIUS agreement and the network entity of operation DIAMETER agreement Between, the main functions are:
将DIAMETER AVP(DIAMETER属性值对)翻译为功能相同或相似的RADIUSAttribute(RADIUS属性);Translate DIAMETER AVP (DIAMETER attribute value pair) into RADIUSAttribute (RADIUS attribute) with the same or similar function;
将RADIUS Attribute翻译为功能相同或相似的DIAMETER AVP;Translate RADIUS Attribute into DIAMETER AVP with the same or similar function;
将DIAMETER消息转换为RADIUS消息;Convert DIAMETER messages to RADIUS messages;
将RADIUS消息转换为DIAMETER消息。Convert RADIUS messages to DIAMETER messages.
DIAMETER基础协议和RADIUS协议的消息转换方案已经在DIAMETER网络接入服务器应用(DIAMETER Network Access Server Application,RFC4005)中有清楚的描述,而本发明只涉及与移动IP应用相关的消息和属性。The message conversion scheme of the DIAMETER basic protocol and the RADIUS protocol has been clearly described in the DIAMETER Network Access Server Application (DIAMETER Network Access Server Application, RFC4005), and the present invention only involves messages and attributes relevant to mobile IP applications.
AAA协议移动IP应用中涉及的消息主要有以下6种:The messages involved in the mobile IP application of the AAA protocol mainly include the following six types:
DIAMETER协议中:家乡代理请求(Home Agent Reguest,HAR)、家乡代理响应(Home Agent Answer,HAA)、移动节点请求(AA-Moblie-Node-Request,AMR)、移动节点响应(AA-Moblie-Node-Answer,AMA);In the DIAMETER protocol: Home Agent Reguest (HAR), Home Agent Response (Home Agent Answer, HAA), Mobile Node Request (AA-Moblie-Node-Request, AMR), Mobile Node Response (AA-Moblie-Node -Answer, AMA);
RADIUS协议中:接入请求(Access Request,AR)、接入允许/拒绝(AccessAccept/Reject,AA/AR)、注册请求(Registration Request,RRQ)、注册回复(Registration Reply,RRP)。In the RADIUS protocol: Access Request (AR), Access Allow/Reject (AccessAccept/Reject, AA/AR), Registration Request (RRQ), Registration Reply (RRP).
作为一种可实施的方式,上述8种消息的相互翻译方法为:As an implementable way, the mutual translation method of the above 8 kinds of messages is as follows:
DIAMETER AMR和RADIUS Access Request之间相互翻译;Mutual translation between DIAMETER AMR and RADIUS Access Request;
DIAMETER AMA翻译为RADIUS Access Accept/Reject(MIP-MA-Type=0)和Registration Reply两条RADIUS消息,RADIUS Access Accept/Reject(MIP-MA-Type=0)和Registration Reply两条RADIUS消息一起翻译为DIAMETER AMA消息;DIAMETER AMA is translated into two RADIUS messages of RADIUS Access Accept/Reject (MIP-MA-Type=0) and Registration Reply, and the two RADIUS messages of RADIUS Access Accept/Reject (MIP-MA-Type=0) and Registration Reply are translated into DIAMETER AMA news;
DIAMETER HAR和Registration Request之间相互翻译;Mutual translation between DIAMETER HAR and Registration Request;
DIAMETER HAA翻译为RADIUS Access Accept/Reject(MIP-MA-Type=1)和Registration Reply两条RADIUS消息,RADIUS Access Accept/Reject(MIP-MA-Type=1)和Registration Reply两条RADIUS消息一起翻译为DIAMETER HAA消息。DIAMETER HAA is translated into two RADIUS messages of RADIUS Access Accept/Reject (MIP-MA-Type=1) and Registration Reply, and the two RADIUS messages of RADIUS Access Accept/Reject (MIP-MA-Type=1) and Registration Reply are translated into DIAMETER HAA message.
其中,通过RADIUS协议消息的MIP-MA-Type属性来标示RADIUS消息对应的是家乡代理服务器与本地认证服务器之间的DIAMETER消息还是本地认证服务器、外地认证服务器与外地代理服务器之间的DIAMETER消息,作为一种具体实施方式,此处MIP-MA-Type=0表示RADIUS消息对应的是本地认证服务器或外地认证服务器与外地代理服务器之间的DIAMETER消息,MIP-MA-Type=1表示RADIUS消息对应的是家乡代理服务器与本地认证服务器之间的DIAMETER消息。Wherein, the MIP-MA-Type attribute of the RADIUS protocol message is used to indicate whether the RADIUS message corresponds to the DIAMETER message between the home agent server and the local authentication server or the DIAMETER message between the local authentication server, the foreign authentication server, and the foreign agent server, As a specific implementation, here MIP-MA-Type=0 indicates that the RADIUS message corresponds to the DIAMETER message between the local authentication server or the foreign authentication server and the foreign proxy server, and MIP-MA-Type=1 indicates that the RADIUS message corresponds to is the DIAMETER message between the home proxy server and the local authentication server.
上述消息中所涉及的与移动IP相关的属性的翻译方法如下表1:The translation method of the attributes related to Mobile IP involved in the above message is as follows: Table 1:
表1Table 1
基于RADIUS协议的移动IP应用和基于DIAMETER协议的移动IP应用的协议流程有较大差别。其中最重要的区别是:在RADIUS协议中,移动节点的身份认证和注册分为两个过程进行,而在DIAMETER协议中是通过一个过程中完成。所以需要用采取一种方法,使得运行RADIUS协议的网络实体和运行DIAMETER协议的网络实体能够协同工作。The protocol flow of the mobile IP application based on the RADIUS protocol and the mobile IP application based on the DIAMETER protocol are quite different. The most important difference is that in the RADIUS protocol, the identity authentication and registration of the mobile node are divided into two processes, while in the DIAMETER protocol it is completed in one process. Therefore, a method needs to be adopted to enable the network entity running the RADIUS protocol and the network entity running the DIAMETER protocol to work together.
本发明所涉及的网络结构遵照Internet工程任务组(InternetEngineering Task Force,IETF)的DIAMETER移动IPv4应用(DIAMETER MobileIPv4 Application,RFC4004)中的网络结构,该结构中有家乡域、外地域、移动节点(MN)、外地代理服务器(FA)、家乡代理服务器(HA)、外地认证服务器(AAAF)、本地认证服务器(AAAH),其中移动节点位于外地域,家乡代理服务器和外地代理服务器为AAA系统的客户端,是网络接入服务器,外地认证服务器和本地认证服务器为AAA系统的服务器,网络接入服务器和认证服务器运行不同的AAA协议。本发明为了实现两种协议的流程兼容,在网络结构中引入翻译代理服务器(Translation-Agent,TA)网络实体。通过翻译代理服务器的作用,使得运行RADIUS协议的网络实体和运行DIAMETER协议的网络实体均能按照DIAMETER协议的流程进行。The network structure involved in the present invention complies with the network structure in the DIAMETER MobileIPv4 Application (RFC4004) of the Internet Engineering Task Force (InternetEngineering Task Force, IETF), in which there are home domain, foreign area, mobile node (MN ), foreign agent server (FA), home agent server (HA), foreign authentication server (AAAF), local authentication server (AAAH), where the mobile node is located in a foreign region, the home agent server and the foreign agent server are clients of the AAA system , is the network access server, the foreign authentication server and the local authentication server are servers of the AAA system, and the network access server and the authentication server run different AAA protocols. In order to realize the flow compatibility of the two protocols, the present invention introduces a translation agent server (Translation-Agent, TA) network entity into the network structure. By translating the role of the proxy server, both the network entity running the RADIUS protocol and the network entity running the DIAMETER protocol can follow the flow of the DIAMETER protocol.
为实现本发明的目的,需将翻译代理服务器部署在运行不同AAA协议的网络实体之间(外地代理服务器和家乡代理服务器之间不用部署,因为根据基于DIAMETER协议的移动IP应用流程,外地代理服务器和家乡代理服务器不用直接通讯)。In order to realize the purpose of the present invention, the translation proxy server needs to be deployed between network entities running different AAA protocols (there is no need to deploy between the foreign proxy server and the home proxy server, because according to the mobile IP application process based on the DIAMETER protocol, the foreign proxy server do not communicate directly with the home proxy server).
如图3所示,本发明在运行不同AAA协议的AAA客户端(外地代理服务器32和家乡代理服务器33)和AAA服务器(外地认证服务器34和本地认证服务器35)之间引入翻译代理服务器,即当外地代理服务器32和外地认证服务器34分别运行不同的AAA协议时,在外地代理服务器32和外地认证服务器34之间引入翻译代理服务器;同样地,当家乡代理服务器33和本地认证服务器35分别运行不同的AAA协议时,在家乡代理服务器33和本地认证服务器35之间也引入翻译代理服务器。As shown in Fig. 3, the present invention introduces translation proxy server between AAA clients (foreign proxy server 32 and home proxy server 33) and AAA server (foreign place authentication server 34 and local authentication server 35) running different AAA protocols, namely When foreign proxy server 32 and foreign authentication server 34 run different AAA agreements respectively, introduce translation proxy server between foreign proxy server 32 and foreign authentication server 34; When using different AAA protocols, a translation proxy server is also introduced between the home proxy server 33 and the local authentication server 35.
附图3是实现本发明的基于RADIUS和DIAMETER协议的移动IP应用的兼容方法的一个实施例的网络拓扑图,其中网络接入服务器(外地代理服务器32)为运行RADIUS协议的客户端,认证服务器(外地认证服务器34)为运行DIAMETER协议的服务器,在外地代理服务器32和外地认证服务器34之间引入第一翻译代理服务器36。本实施例的消息流程见附图4。参考附图3和4,本发明的基于RADIUS和DIAMETER协议的移动IP应用的兼容方法包括如下步骤:Accompanying drawing 3 is the network topological diagram of an embodiment of the compatible method that realizes the mobile IP application based on RADIUS and DIAMETER agreement of the present invention, wherein network access server (foreign proxy server 32) is the client of operation RADIUS agreement, authentication server (foreign authentication server 34 ) is a server running the DIAMETER protocol, and a first translation proxy server 36 is introduced between the foreign agent server 32 and the foreign authentication server 34 . The message flow of this embodiment is shown in Fig. 4 . With reference to accompanying drawing 3 and 4, the compatible method of the mobile IP application based on RADIUS and DIAMETER agreement of the present invention comprises the steps:
步骤S101,移动节点31与接入服务器之间通讯;Step S101, communication between the mobile node 31 and the access server;
即移动节点31发送RRQ消息到外地代理服务器32(接入服务器);That is, the mobile node 31 sends an RRQ message to the foreign agent server 32 (access server);
步骤S102,接入服务器与第一翻译代理服务器36之间通讯,所述第一翻译代理服务器36将RADIUS和DIAMETER协议的消息格式进行相互翻译;Step S102, communication between the access server and the first translation proxy server 36, and the first translation proxy server 36 translates the message formats of the RADIUS and DIAMETER protocols to each other;
外地代理服务器32是运行RADIUS协议的客户端,收到上述步骤S101中的RRQ消息后按照RADIUS协议的流程,应发送AR消息到外地认证服务器34,为此外地代理服务器32首先将AR消息发送到第一翻译代理服务器36。第一翻译代理服务器36根据外地代理服务器32发来的AR消息翻译生成AMR消息。Foreign proxy server 32 is the client of operation RADIUS agreement, after receiving the RRQ message in the above-mentioned steps S101, according to the flow process of RADIUS agreement, should send AR message to foreign local authentication server 34, for this other local proxy server 32 at first sends AR message to A first translation proxy server 36 . The first translation proxy server 36 translates and generates an AMR message according to the AR message sent by the foreign proxy server 32 .
步骤S103,所述第一翻译代理服务器36与认证服务器之间通讯;具体包括:Step S103, communication between the first translation proxy server 36 and the authentication server; specifically includes:
第一翻译代理服务器36将AMR消息发送给外地认证服务器34。The first translation proxy server 36 sends the AMR message to the foreign authentication server 34 .
当家乡代理服务器33、外地认证服务器34和本地认证服务器35运行相同的AAA协议时,它们之间的通讯按照现有技术操作,不需要引入翻译代理服务器。When the home proxy server 33, the foreign authentication server 34 and the local authentication server 35 run the same AAA protocol, the communication between them operates according to the prior art, and there is no need to introduce a translation proxy server.
较佳地,如图3所示的实施方式,其中网络接入服务器(外地代理服务器32和家乡代理服务器33)为RADIUS协议的客户端,认证服务器(外地认证服务器34和本地认证服务器35)为DIAMETER协议的服务器;由于家乡代理服务器33和本地认证服务器35分别运行不同的AAA协议,本实施例还在家乡代理服务器33与本地认证服务器35之间引入第二翻译代理服务器37,消息流程见附图4,因此本发明的兼容方法还包括如下步骤:Preferably, in the embodiment shown in Figure 3, wherein the network access server (foreign proxy server 32 and home proxy server 33) is a client of the RADIUS protocol, and the authentication server (foreign authentication server 34 and local authentication server 35) is The server of DIAMETER agreement; Since home proxy server 33 and local authentication server 35 operate different AAA agreements respectively, present embodiment also introduces the second translation proxy server 37 between home proxy server 33 and local authentication server 35, message flow sees appendix Fig. 4, therefore compatible method of the present invention also comprises the following steps:
步骤S104,所述外地认证服务器34与本地认证服务器之间通讯;具体地,外地认证服务器34将AMR消息转发给本地认证服务器35;Step S104, communication between the foreign authentication server 34 and the local authentication server; specifically, the foreign authentication server 34 forwards the AMR message to the local authentication server 35;
步骤S105,所述本地认证服务器35与第二翻译代理服务器37之间通讯,所述第二翻译代理服务器37将RADIUS和DIAMETER协议的消息格式进行相互翻译;Step S105, the local authentication server 35 communicates with the second translation proxy server 37, and the second translation proxy server 37 translates the message formats of the RADIUS and DIAMETER protocols to each other;
本地认证服务器35是运行DIAMETER协议的服务器,收到AMR后会根据AMR中的信息对移动节点31进行验证,验证通过后应当生成HAR消息发送给家乡代理服务器33,为此,本地认证服务器35首先将HAR消息发送给第二翻译代理服务器37。The local authentication server 35 is a server running the DIAMETER protocol. After receiving the AMR, the mobile node 31 will be verified according to the information in the AMR. After the verification is passed, a HAR message should be generated and sent to the home agent server 33. For this reason, the local authentication server 35 first The HAR message is sent to the second translation proxy server 37 .
第二翻译代理服务器37收到HAR消息后根据其中的信息翻译生成RRQ消息。After receiving the HAR message, the second translation proxy server 37 translates and generates an RRQ message according to the information therein.
步骤S106,所述第二翻译代理服务器37与家乡代理服务器33之间通讯。具体地,第二翻译代理服务器37将翻译生成的RRQ消息发送给家乡代理服务器33。Step S106 , communication between the second translation proxy server 37 and the home proxy server 33 . Specifically, the second translation proxy server 37 sends the RRQ message generated by translation to the home proxy server 33 .
家乡代理服务器33将发送注册回复消息,该消息将按照步骤S101-S106的逆方向进行处理并将注册回复消息发回给移动节点31,完成注册。下面详细描述该逆过程。The home agent server 33 will send a registration reply message, the message will be processed in the reverse direction of steps S101-S106 and send the registration reply message back to the MN 31 to complete the registration. The inverse process is described in detail below.
较佳地,本发明的兼容方法还包括对家乡代理服务器33的注册回复消息进行处理的步骤:Preferably, the compatible method of the present invention also includes the step of processing the registration reply message of the home agent server 33:
步骤S107,对家乡代理服务器发出的注册回复消息进行处理并发回给移动节点,完成注册。具体包括如下步骤,这些步骤与上述步骤S101-S106的消息发送方向相反,为了方便阅读采用步骤S106’-S101’的顺序描述:Step S107, process the registration reply message sent by the home agent server and send it back to the mobile node to complete the registration. Specifically include the following steps, these steps are opposite to the message sending direction of the above-mentioned steps S101-S106, for the convenience of reading, the sequence description of steps S106'-S101' is adopted:
步骤S106’,家乡代理服务器33是运行RADIUS协议的客户端,收到步骤106中的RRQ消息后对其中的注册请求进行处理,然后发送注册回复(RRP)消息给第二翻译代理服务器37。Step S106 ', the home proxy server 33 is the client that runs RADIUS protocol, after receiving the RRQ message in the step 106, the registration request therein is processed, and then the registration reply (RRP) message is sent to the second translation proxy server 37.
步骤S105’,第二翻译代理服务器37收到家乡代理服务器33的RRP消息后根据RRP和之前得到的HAR消息中的信息生成HAA消息,发送给本地认证服务器35。Step S105', after receiving the RRP message from the home agent server 33, the second translation proxy server 37 generates an HAA message according to the information in the RRP and the previously obtained HAR message, and sends it to the local authentication server 35.
步骤S104’,本地认证服务器35收到HAA后生成AMA消息发送给外地认证服务器34。Step S104', after receiving the HAA, the local authentication server 35 generates an AMA message and sends it to the foreign authentication server 34.
步骤S103’,外地认证服务器34应当将AMA消息发送给外地代理服务器32,为此,外地认证服务器34首先将AMA消息发送到第一翻译代理服务器36。In step S103', the foreign authentication server 34 should send the AMA message to the foreign proxy server 32. For this reason, the foreign authentication server 34 first sends the AMA message to the first translation proxy server 36.
步骤S102’,第一翻译代理服务器36收到AMA消息后,根据其中的信息翻译生成RRP消息和AA消息,发送给外地代理服务器32。Step S102', after the first translation proxy server 36 receives the AMA message, it translates and generates an RRP message and an AA message according to the information therein, and sends them to the foreign proxy server 32.
步骤S101’,外地代理服务器32收到RRP消息和AA消息,根据AA消息中的信息建立外地代理服务器32与移动节点31和家乡代理服务器33的MSA,并将RRP消息转发给移动节点31,完成移动节点31的注册。Step S101', the foreign agent server 32 receives the RRP message and the AA message, sets up the MSA between the foreign agent server 32, the mobile node 31 and the home agent server 33 according to the information in the AA message, and forwards the RRP message to the mobile node 31, and completes Registration of the mobile node 31.
如图3所示,一种基于RADIUS和DIAMETER协议的移动IP应用的系统,包括:As shown in Figure 3, a mobile IP application system based on RADIUS and DIAMETER protocols includes:
外地代理服务器32,与移动节点31进行通讯,用于代理移动节点31接入网络;The foreign agent server 32 communicates with the mobile node 31, and is used to act as an agent for the mobile node 31 to access the network;
第一翻译代理服务器36,设置在所述外地代理服务器32和外地认证服务器34之间,用于将RADIUS和DIAMETER协议的消息格式进行相互翻译;The first translation proxy server 36 is arranged between the foreign proxy server 32 and the foreign authentication server 34, and is used to translate the message formats of the RADIUS and DIAMETER protocols mutually;
外地认证服务器34,通过所述第一翻译代理服务器36与所述外地代理服务器32进行通讯,用于在所述外地代理服务器32和本地认证服务器35之间传递消息;The foreign authentication server 34 communicates with the foreign agent server 32 through the first translation agent server 36, and is used to transfer messages between the foreign agent server 32 and the local authentication server 35;
本地认证服务器35,与所述外地认证服务器34进行通讯。The local authentication server 35 communicates with the foreign authentication server 34 .
较佳地,该系统还包括:第二翻译代理服务器37,用于将RADIUS和DIAMETER协议的消息格式进行相互翻译;和家乡代理服务器33,通过所述第二翻译代理服务器37与所述本地认证服务器进行通讯。Preferably, the system also includes: a second translation proxy server 37, which is used to translate the message formats of the RADIUS and DIAMETER protocols mutually; The server communicates.
所述外地代理服务器32和家乡代理服务器33是运行RADIUS协议的客户端服务器,所述外地认证服务器34和本地认证服务器是运行DIAMETER协议的服务器。The foreign proxy server 32 and the home proxy server 33 are client servers running the RADIUS protocol, and the foreign authentication server 34 and the local authentication server are servers running the DIAMETER protocol.
实施例2Example 2
附图5是实现本发明的基于RADIUS和DIAMETER协议的移动IP应用的兼容方法的另一个实施例的网络拓扑图,其中外地代理服务器52和家乡代理服务器53,这两个接入服务器为运行DIAMETER协议的客户端,外地认证服务器54和本地认证服务器55为运行RADIUS协议的服务器,在AAA系统的客户端和AAA系统的服务器之间引入翻译代理服务器(TA)网络实体,即在外地代理服务器52和外地认证服务器54之间引入第一翻译代理服务器56,在家乡代理服务器53与本地认证服务器55之间引入第二翻译代理服务器57。本实施例的消息流程见附图6。结合附图5和6,本发明的基于RADIUS和DIAMETER协议的移动IP应用的兼容方法包括如下步骤:Accompanying drawing 5 is the network topological diagram of another embodiment of the compatible method that realizes the mobile IP application based on RADIUS and DIAMETER protocol of the present invention, wherein
步骤S201,移动节点51与接入服务器之间通讯;Step S201, communication between the
即移动节点51发送RRQ消息给外地代理服务器52。That is, the
步骤S202,接入服务器与第一翻译代理服务器56之间通讯,所述第一翻译代理服务器56将RADIUS和DIAMETER协议的消息格式进行相互翻译;Step S202, the access server communicates with the first
外地代理服务器52是运行DIAMETER协议的客户端,收到RRQ消息后应当生成AMR消息发送给外地认证服务器54,为此,外地代理服务器52首先将AMR消息发送给第一翻译代理服务器56。第一翻译代理服务器56根据外地代理服务器52发来的AMR消息,将AMR消息翻译为RADIUS协议的AR消息。The
步骤S203,所述第一翻译代理服务器56与认证服务器之间通讯;具体包括:Step S203, communication between the first
第一翻译代理服务器56将RADIUS协议的AR消息发送给外地认证服务器54;较佳地,步骤S203还包括:第一翻译代理服务器56将外地代理服务器52发来的AMR中与注册相关的信息即AMR中的MIP-Reg-Request AVP发送给第二翻译代理服务器57。The first
步骤S204,所述外地认证服务器54与本地认证服务器之间通讯;具体地,外地认证服务器54将AR消息转发给本地认证服务器55;Step S204, communication between the
步骤S205,所述本地认证服务器55与第二翻译代理服务器57之间通讯,所述第二翻译代理服务器57将RADIUS和DIAMETER协议的消息格式进行相互翻译;Step S205, communication between the
本地认证服务器55是运行RADIUS协议的服务器,对AR消息中的移动节点51和外地代理服务器52信息进行验证,验证通过后将AA消息发给第二翻译代理服务器57(这可以通过将第二翻译代理服务器57部署在本地认证服务器55的网络接入点来实现);The
第二翻译代理服务器57利用之前上述步骤S203得到的注册相关信息(即MIP-Reg-Request AVP)和AA消息生成HAR消息。The second
较佳地,步骤S205中还包括:本地认证服务器55在将AA消息发给第二翻译代理服务器57的同时,也发送AA消息给外地认证服务器54;外地认证服务器54收到AA消息后将其转发到第一翻译代理服务器56。Preferably, step S205 also includes: when the
步骤S206,所述第二翻译代理服务器57与家乡代理服务器53之间通讯。具体地,第二翻译代理服务器57将翻译生成的HAR消息发送给家乡代理服务器53。Step S206 , communication between the second
家乡代理服务器53将发送注册回复消息,该消息将被发回给移动节点51,完成注册。下面详细描述该过程。The
较佳地,本发明的兼容方法还包括对家乡代理服务器53的注册回复消息进行处理的步骤:Preferably, the compatible method of the present invention also includes the step of processing the registration reply message of the home agent server 53:
步骤S207,对家乡代理服务器发出的注册回复消息进行处理并发回给移动节点,完成注册。具体包括如下步骤,为了方便阅读采用步骤S205’-S201’的顺序描述:Step S207, process the registration reply message sent by the home agent server and send it back to the mobile node to complete the registration. Concretely include the following steps, for the convenience of reading, adopt the sequential description of steps S205'-S201':
步骤S205’,家乡代理服务器53是运行DIAMETER协议的客户端,它根据HAR息对移动节点51的注册请求进行处理,然后回复HAA消息给第二翻译代理服务器57。Step S205', the
步骤S204’,第二翻译代理服务器57收到HAA息后将HAA消息中的MIP-Reg-Reply AVP转发给第一翻译代理服务器56。Step S204', the second
步骤S203’,第一翻译代理服务器56收到MIP-Reg-Reply AVP后,使用MIP-Reg-Reply AVP和之前步骤S205收到的AA消息生成AMA消息,发送给外地代理服务器52。Step S203', after the first
步骤S202’,外地代理服务器52收到AMA消息后使用其中的安全相关信息建立外地代理服务器52与移动节点51、外地代理服务器52与家乡代理服务器53的MSA并且发送RRP消息给移动节点51。Step S202', after receiving the AMA message, the
步骤S201’,移动节点51收到RRP消息,完成注册。In step S201', the
如图5所示,一种基于RADIUS和DIAMETER协议的移动IP应用的系统,包括:As shown in Figure 5, a mobile IP application system based on RADIUS and DIAMETER protocols includes:
外地代理服务器52,与移动节点51进行通讯,用于代理移动节点51接入网络;The
第一翻译代理服务器56,设置在所述外地代理服务器52和外地认证服务器54之间,用于将RADIUS和DIAMETER协议的消息格式进行相互翻译;The first
外地认证服务器54,用于通过所述第一翻译代理服务器56与所述外地代理服务器52进行通讯。The
较佳地,该系统还包括本地认证服务器55与所述外地认证服务器54进行通讯,用于对所述移动节点51进行验证。Preferably, the system further includes a
较佳地,该系统还包括:第二翻译代理服务器57,用于将RADIUS和DIAMETER协议的消息格式进行相互翻译;和家乡代理服务器53,通过所述第二翻译代理服务器57与所述本地认证服务器进行通讯;所述第一和第二翻译代理服务器之间通讯。Preferably, the system also includes: a second
所述外地代理服务器52和家乡代理服务器53是运行DIAMETER协议的客户端服务器,所述外地认证服务器54和本地认证服务器是运行RADIUS协议的服务器。The
所述第一和第二翻译代理服务器将RADIUS和DIAMETER协议的消息格式进行相互翻译的方法同实施例1。The method for the first and second translation proxy servers to translate the message formats of the RADIUS and DIAMETER protocols is the same as that in Embodiment 1.
实施例3Example 3
为了本发明的目的,当外地认证服务器(AAAF)和本地认证服务器(AAAH)运行不同的AAA协议时,本发明提供实施例3。本发明的实施例3是在实施例1(或2)的基础上在外地认证服务器和本地认证服务器之间再设置第三翻译代理服务器,用于将外地认证服务器和本地认证服务器之间的两种AAA协议消息相互翻译,其他步骤与实施例1(或2)相同。For the purposes of the present invention, the present invention provides embodiment 3 when the foreign authentication server (AAAF) and the home authentication server (AAAH) run different AAA protocols. Embodiment 3 of the present invention is on the basis of Embodiment 1 (or 2) to set up a third translation proxy server between the foreign authentication server and the local authentication server, which is used to translate the two translations between the foreign authentication server and the local authentication server. The AAA protocol messages are mutually translated, and other steps are the same as those in Embodiment 1 (or 2).
相应于本实施的兼容方法,一种基于RADIUS和DIAMETER协议的移动IP应用的系统,包括:Corresponding to the compatible method of this implementation, a system of mobile IP applications based on RADIUS and DIAMETER protocols, including:
外地代理服务器,与移动节点进行通讯,用于代理移动节点接入网络;The foreign agent server communicates with the mobile node and is used to act as an agent for the mobile node to access the network;
外地认证服务器,与所述外地代理服务器进行通讯;The foreign authentication server communicates with the foreign proxy server;
本地认证服务器,通过第三翻译代理服务器与所述外地认证服务器进行通讯;所述第三翻译代理服务器用于将RADIUS和DIAMETER协议的消息格式进行相互翻译。The local authentication server communicates with the foreign authentication server through a third translation proxy server; the third translation proxy server is used to translate message formats of RADIUS and DIAMETER protocols to each other.
较佳地,该系统还包括:家乡代理服务器,与所述本地认证服务器进行通讯。Preferably, the system further includes: a home proxy server communicating with the local authentication server.
较佳地,如果所述外地代理服务器与所述外地认证服务器运行不同的AAA协议,则该系统还包括:第一翻译代理服务器,所述外地代理服务器通过所述第一翻译代理服务器与所述外地认证服务器进行通讯;所述第一翻译代理服务器用于将RADIUS和DIAMETER协议的消息格式进行相互翻译。Preferably, if the foreign proxy server and the foreign authentication server run different AAA protocols, the system further includes: a first translation proxy server, and the foreign proxy server communicates with the The foreign authentication server communicates; the first translation proxy server is used for mutual translation of message formats of RADIUS and DIAMETER protocols.
较佳地,如果所述家乡代理服务器与所述本地认证服务器运行不同的AAA协议,则该系统还包括:第二翻译代理服务器,所述家乡代理服务器通过该第二翻译代理服务器与所述本地认证服务器进行通讯,所述第二翻译代理服务器用于将RADIUS和DIAMETER协议的消息格式进行相互翻译。Preferably, if the home agent server and the local authentication server run different AAA protocols, the system further includes: a second translation proxy server, and the home agent server communicates with the local authentication server through the second translation proxy server The authentication server communicates, and the second translation proxy server is used for mutually translating message formats of the RADIUS and DIAMETER protocols.
所述第一、第二和第三翻译代理服务器将RADIUS和DIAMETER协议的消息格式进行相互翻译的方法同实施例1。The method for the first, second and third translation proxy servers to translate the message formats of the RADIUS and DIAMETER protocols is the same as that in Embodiment 1.
实施例4Example 4
附图7为实现本发明的基于RADIUS和DIAMETER协议的移动IP应用的兼容方法的另一个实施例的网络拓扑图,这个实施例的场景是移动节点71位于家乡域,直接向家乡代理服务器72注册。其中家乡代理服务器72是运行RADIUS协议的客户端,本地认证服务器74是运行DIAMETER协议的服务器,在AAA系统的客户端(即家乡代理服务器72)和AM系统的服务器(本地认证服务器74)之间引入翻译代理服务器(TA)网络实体,即在家乡代理服务器72和家乡认证服务器74之间引入翻译代理服务器73。本实施例的消息流程见附图8。结合附图7和8,本发明的基于RADIUS和DIAMETER协议的移动IP应用的兼容方法包括如下步骤:Accompanying drawing 7 is the network topology diagram of another embodiment of the compatible method for implementing the mobile IP application based on the RADIUS and DIAMETER protocols of the present invention. The scene of this embodiment is that the mobile node 71 is located in the home domain and directly registers with the home proxy server 72 . Wherein, the home agent server 72 is a client running the RADIUS protocol, and the local authentication server 74 is a server running the DIAMETER protocol, between the client (i.e. the home agent server 72) of the AAA system and the server (local authentication server 74) of the AM system A translation proxy server (TA) network entity is introduced, that is, a translation proxy server 73 is introduced between the home proxy server 72 and the home authentication server 74 . The message flow of this embodiment is shown in Fig. 8 . In conjunction with accompanying drawing 7 and 8, the compatible method of the mobile IP application based on RADIUS and DIAMETER agreement of the present invention comprises the steps:
步骤S401,移动节点71与接入服务器72之间通讯;Step S401, communication between the mobile node 71 and the access server 72;
即移动节点71发送RRQ消息给家乡代理服务器72。That is, the mobile node 71 sends an RRQ message to the home agent server 72 .
步骤S402,接入服务器72与翻译代理服务器73之间通讯,所述翻译代理服务器73将RADIUS和DIAMETER协议的消息格式进行相互翻译;Step S402, communication between the access server 72 and the translation proxy server 73, and the translation proxy server 73 translates the message formats of the RADIUS and DIAMETER protocols to each other;
家乡代理服务器72是运行RADIUS协议的客户端,收到RRQ消息后应当生成AR消息发送给本地认证服务器74,为此,家乡代理服务器72首先将AR消息发送给翻译代理服务器73。翻译代理服务器73根据家乡代理服务器72发来的AR消息,将AR消息翻译为DIAMETER协议的AMR消息。The home proxy server 72 is a client running the RADIUS protocol. After receiving the RRQ message, it should generate an AR message and send it to the local authentication server 74. For this reason, the home proxy server 72 first sends the AR message to the translation proxy server 73. The translation proxy server 73 translates the AR message into an AMR message of the DIAMETER protocol according to the AR message sent by the home proxy server 72 .
步骤S403,翻译代理服务器73与认证服务器74之间通讯;Step S403, communication between the translation proxy server 73 and the authentication server 74;
即翻译代理服务器73将AMR消息发送给本地认证服务器74。本地认证服务器74是运行DIAMETER协议的服务器,收到AMR后会根据AMR中的信息对移动节点71进行验证,验证通过后应当生成AMA消息回复给家乡代理服务器72。为了把生成的AMA消息回复给家乡代理服务器72,并完成注册,该实施例的方法还包括:That is, the translation proxy server 73 sends the AMR message to the local authentication server 74 . The local authentication server 74 is a server running the DIAMETER protocol. After receiving the AMR, it will verify the mobile node 71 according to the information in the AMR. After the verification is passed, it should generate an AMA message to reply to the home agent server 72. In order to reply the generated AMA message to the home agent server 72, and complete the registration, the method of this embodiment also includes:
步骤S404,认证服务器74向翻译代理服务器73发送消息;Step S404, the authentication server 74 sends a message to the translation proxy server 73;
即本地认证服务器74将生成的AMA消息发送给翻译代理服务器73,所述的翻译代理服务器73将RADIUS和DIAMETER协议的消息格式进行相互翻译;That is, the local authentication server 74 sends the generated AMA message to the translation proxy server 73, and the translation proxy server 73 translates the message formats of the RADIUS and DIAMETER protocols mutually;
由于家乡代理服务器72是运行RADIUS协议的客户端,因此翻译代理服务器73将收到的AMA消息翻译为对应的RADIUS消息AA。Since the home agent server 72 is a client running the RADIUS protocol, the translation proxy server 73 translates the received AMA message into a corresponding RADIUS message AA.
步骤S405,翻译代理服务器73与家乡代理服务器72通讯;Step S405, the translation proxy server 73 communicates with the home proxy server 72;
翻译代理服务器将生成的AA消息发送给家乡代理服务器72。所述的家乡代理服务器是运行RADIUS协议的客户端,收到到AA消息后需要生成RRP消息并发给移动节点71。The translation proxy server sends the generated AA message to the home proxy server 72 . The home agent server is a client running the RADIUS protocol, and needs to generate an RRP message and send it to the mobile node 71 after receiving the AA message.
步骤S406,家乡代理服务器72与移动节点71之间通讯;Step S406, communication between the home agent server 72 and the mobile node 71;
家乡代理服务器72发送RRP消息给移动节点71,完成移动节点的注册过程。The home agent server 72 sends an RRP message to the mobile node 71 to complete the registration process of the mobile node.
如图7所示,一种基于RADIUS和DIAMETER协议的移动IP应用的系统,包括:As shown in Figure 7, a mobile IP application system based on RADIUS and DIAMETER protocols includes:
家乡代理服务器72,与移动节点71进行通讯,用于代理移动节点71接入网络;The home agent server 72 communicates with the mobile node 71 and is used to access the network on behalf of the mobile node 71;
翻译代理服务器73,设置在所述家乡代理服务器72和本地认证服务器74之间,用于将RADIUS和DIAMETER协议的消息格式进行相互翻译;The translation proxy server 73 is arranged between the home proxy server 72 and the local authentication server 74, and is used for mutually translating the message formats of the RADIUS and DIAMETER protocols;
本地认证服务器74,通过所述翻译代理服务器73与所述家乡代理服务器32进行通讯。The local authentication server 74 communicates with the home proxy server 32 through the translation proxy server 73 .
所述家乡代理服务器72和所述本地认证服务器74的其中之一运行RADIUS协议,另一个运行DIAMETER协议。例如,所述家乡代理服务器72是运行RADIUS协议的客户端服务器,所述本地认证服务器74是运行DIAMETER协议的服务器。One of the home proxy server 72 and the local authentication server 74 runs the RADIUS protocol, and the other runs the DIAMETER protocol. For example, the home proxy server 72 is a client server running the RADIUS protocol, and the local authentication server 74 is a server running the DIAMETER protocol.
通过对上述实施方式的详细描述可见,本发明可以通过在网络中设置翻译代理服务器网络实体,在不改变原先的网络结构和网络实体的功能的情况下,达到兼容RADIUS和DIAMETER协议的移动IP应用的目的。It can be seen from the detailed description of the above embodiments that the present invention can achieve a mobile IP application compatible with RADIUS and DIAMETER protocols without changing the original network structure and functions of the network entity by setting the translation proxy server network entity in the network the goal of.
本发明的有益效果:Beneficial effects of the present invention:
通过采用本发明所述的方案,不仅能够使运行不同AAA协议的网络实体协同工作,而且由于采用DIAMETER协议移动IP的流程,使得RADIUS协议的网络实体的注册和认证流程合二为一,提高了效率。By adopting the solution described in the present invention, not only can network entities running different AAA protocols work together, but also because of the use of the DIAMETER protocol mobile IP process, the registration and authentication processes of the network entities of the RADIUS protocol are combined into one, improving the efficiency.
本发明的技术方案完全符合RADIUS和DIAMETER协议移动IP应用所描述的网络结构,在不改变原先的网络结构和网络实体功能的前提下,只用引入很少的网络实体,就可以实现RADIUS和DIAMETER协议的网络实体的兼容,使得RADIUS协议向DIAMETER协议的过度更加平稳。The technical scheme of the present invention fully conforms to the network structure described by the mobile IP application of the RADIUS and DIAMETER protocols. On the premise of not changing the original network structure and network entity functions, RADIUS and DIAMETER can be realized only by introducing a few network entities. The compatibility of the network entities of the protocol makes the transition from the RADIUS protocol to the DIAMETER protocol more stable.
以上所述内容,仅为本发明具体的实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围内。The above-mentioned content is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any person familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the present invention. , should be covered within the protection scope of the present invention.
Claims (14)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810119536 CN101355578B (en) | 2008-09-02 | 2008-09-02 | Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810119536 CN101355578B (en) | 2008-09-02 | 2008-09-02 | Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101355578A true CN101355578A (en) | 2009-01-28 |
| CN101355578B CN101355578B (en) | 2012-12-19 |
Family
ID=40308166
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810119536 Expired - Fee Related CN101355578B (en) | 2008-09-02 | 2008-09-02 | Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101355578B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101815295A (en) * | 2010-03-16 | 2010-08-25 | 东南大学 | Key distribution method between LMA and MAG in pmip6 |
| WO2010139220A1 (en) * | 2009-06-01 | 2010-12-09 | 中兴通讯股份有限公司 | Method and system for realizing cross-protocol failover |
| CN107396186A (en) * | 2017-08-11 | 2017-11-24 | 四川长虹电器股份有限公司 | Linux equipment WebOS system application management methods |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040062271A1 (en) * | 2002-09-26 | 2004-04-01 | Oliver Neal C. | Method and system for providing control and monitoring functionality for a telecommunication switching domain |
-
2008
- 2008-09-02 CN CN 200810119536 patent/CN101355578B/en not_active Expired - Fee Related
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010139220A1 (en) * | 2009-06-01 | 2010-12-09 | 中兴通讯股份有限公司 | Method and system for realizing cross-protocol failover |
| CN101594602B (en) * | 2009-06-01 | 2012-06-13 | 中兴通讯股份有限公司 | Method and system for realizing cross-protocol failover |
| CN101815295A (en) * | 2010-03-16 | 2010-08-25 | 东南大学 | Key distribution method between LMA and MAG in pmip6 |
| CN107396186A (en) * | 2017-08-11 | 2017-11-24 | 四川长虹电器股份有限公司 | Linux equipment WebOS system application management methods |
| CN107396186B (en) * | 2017-08-11 | 2019-11-08 | 四川长虹电器股份有限公司 | Linux equipment WebOS system application management method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101355578B (en) | 2012-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11463874B2 (en) | User profile, policy, and PMIP key distribution in a wireless communication network | |
| Perkins | Mobile IP joins forces with AAA | |
| JP5204219B2 (en) | Method and apparatus for providing a proxy mobile key hierarchy in a wireless communication network | |
| US10069803B2 (en) | Method for secure network based route optimization in mobile networks | |
| US7545768B2 (en) | Utilizing generic authentication architecture for mobile internet protocol key distribution | |
| US20060002557A1 (en) | Domain name system (DNS) IP address distribution in a telecommunications network using the protocol for carrying authentication for network access (PANA) | |
| CN101355578A (en) | Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocols | |
| Tairov et al. | Third-party AAA framework and signaling in UCWW | |
| Tsagkaropoulos et al. | On the Establishment of Dynamic Security and Trust Relations among Next Generation Heterogeneous Networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SHANGHAI YINGLIAN TIGAN INTELLIGENT TECHNOLOGY CO. Free format text: FORMER OWNER: INSTITUTE OF COMPUTING TECHNOLOGY, CHINESE ACADEMY OF SCIENCES Effective date: 20140126 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100080 HAIDIAN, BEIJING TO: 200072 ZHABEI, SHANGHAI |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20140126 Address after: 200072 Shanghai Road, Luochuan, No. 840, room 3, building 104 Patentee after: SHANGHAI YINGLIAN SOMATOSENSORY INTELLIGENT TECHNOLOGY Co.,Ltd. Address before: 100080 Haidian District, Zhongguancun Academy of Sciences, South Road, No. 6, No. Patentee before: Institute of Computing Technology, Chinese Academy of Sciences |
|
| ASS | Succession or assignment of patent right |
Owner name: SHANGHAI XINGDI COMMUNICATION ENGINEERING INSTITUT Free format text: FORMER OWNER: SHANGHAI YINGLIAN TIGAN INTELLIGENT TECHNOLOGY CO., LTD. Effective date: 20140304 |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 200072 ZHABEI, SHANGHAI TO: 201821 JIADING, SHANGHAI |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20140304 Address after: 201821 No. 1288, Yecheng Road, Jiading District Industrial Development Zone, Shanghai Patentee after: Shanghai star earth Communication Engineering Research Institute Address before: 200072 Shanghai Road, Luochuan, No. 840, room 3, building 104 Patentee before: SHANGHAI YINGLIAN SOMATOSENSORY INTELLIGENT TECHNOLOGY Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121219 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |