CN101426002B - Mobile node registration method, system and apparatus in IPv6 network - Google Patents
Mobile node registration method, system and apparatus in IPv6 network Download PDFInfo
- Publication number
- CN101426002B CN101426002B CN2007101651071A CN200710165107A CN101426002B CN 101426002 B CN101426002 B CN 101426002B CN 2007101651071 A CN2007101651071 A CN 2007101651071A CN 200710165107 A CN200710165107 A CN 200710165107A CN 101426002 B CN101426002 B CN 101426002B
- Authority
- CN
- China
- Prior art keywords
- address
- mobile node
- home
- home address
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 78
- 230000008569 process Effects 0.000 claims description 46
- 239000003795 chemical substances by application Substances 0.000 claims description 39
- 238000001514 detection method Methods 0.000 claims description 33
- 230000005540 biological transmission Effects 0.000 claims description 12
- 230000004044 response Effects 0.000 claims description 3
- 230000003068 static effect Effects 0.000 claims 1
- 238000012790 confirmation Methods 0.000 abstract 1
- 230000003247 decreasing effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005538 encapsulation Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0019—Control or signalling for completing the hand-off for data sessions of end-to-end connection adapted for mobile IP [MIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/02—Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
- H04W8/06—Registration at serving network Location Register, VLR or user mobility server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/04—Network layer protocols, e.g. mobile IP [Internet Protocol]
Abstract
The invention relates to a mobile node register method, system and device for Internet protocol version 6 (IPv6) network. After receiving binding update request transmitted by mobile node, when home address of the mobile node is not in the set home address list, home address of mobile node is judged in the protecting set safety association list; when request for using is required at other node, then the request is not received; mobile node returns the binding confirmation information carrying successful binding information, caches the binding of home address of mobile node and present care-of address, establishes tunnel between home proxy and the mobile node. The inventive method, system and device guarantees register time reduction of mobile node to home address, avoids problems of DOS attack possibility, message discarding or interruption of already existed link.
Description
Technical field
The present invention relates to realize in the internet protocol version 6 (IPv6) mobile node (MN, MobileNode) ambulant technology, MN register method, system and device in particularly a kind of IPv6 network.
Background technology
Mobile IP v 6 is in the IPv6 network, to realize the ambulant agreement of MN, when MN moves in the IPv6 network, can change its home address, still can keep its accessibility.
Realize that in the IPv6 network MN mobility relates to three kinds of entity: MN, home agent (HA; Home Agents) and Correspondent Node (CN; Correspondent Nodes), wherein, MN; Can move and insert IPv6 network of network side, but keep its accessibility through its home address all the time through different link; HA is the router in the MN home network, when MN moves in other networks; To HA registration present care-of address; HA binds the home address of MN with Care-of Address mutually, sets up the tunnel between HA and the MN, and HA intercepts and captures the message of sending out to the MN home address in the home network of MN; After the encapsulation, message is transmitted to MN in the Care-of Address of HA registration through the tunnel between HA and MN; CN and MN nodes in communication when sending message to MN, send to message in the home network of MN, are about to the home address that message sends to MN, and CN can be other MN, also can be stationary nodes.
Fig. 1 is that prior art realizes the ambulant system configuration sketch map of MN in the IPv6 network; As shown in the figure: comprise MN, HA and CN, wherein, the network at the current place of MN is not its home network; MN is mutual through IPv6 network and HA, and HA carries out through IPv6 network and CN alternately.When CN when MN sends message; Message carries medium access control (MAC) address of home address and the HA of CN; The HA that message is had the MAC Address that this message carries after through the IPv6 network intercepts and captures; The current Care-of Address that HA is corresponding according to the home address of MN, the message of the current Care-of Address of MN is carried in encapsulation again, sends to MN through the IPv6 network.
In order in the IPv6 network, to realize the mobility of MN; Be that MN moves to the network transmitting-receiving message except that home network; Usually need three steps: first step is dynamic HA discovery mechanism; Promptly no matter when MN moves to the network outside the home network, the MN HA in the home network that all tries to find out; Second step is registration step; Be that MN registers to HA, present care-of address is registered to HA, HA binds home address and the present care-of address of MN; Set up the tunnel between HA and the MN, the home address of MN is arranged in the home address tabulation; The 3rd step is message transmissions, promptly MN through and HA between the tunnel set up communicate and message transmissions, receive the message that HA sends to the current Care-of Address of MN registration.
When follow-up MN carried out message interaction through HA once more, the binding that HA has stored the home address of MN through inquiry home address tabulation discovery was promptly registered MN, thus follow-up or else with having registered, directly carry out message interaction.
Wherein, MN must carry out the registration of current Care-of Address to HA for message transmission, just carries out second step, and Fig. 2 carries out the process registration flow chart for prior art MN to HA, and its concrete steps are:
After step 202, HA receive the Binding Update request message, this MN is verified.
After step 203, HA passed through this MN checking, HA started duplicate address detection (DAD, Duplicate Address Detection), and the home address of this MN is carried out duplicate address detection.
In this step, HA need get access to the home address of this MN, as carrying through the Binding Update request message.
This duplicate address detection process can guarantee that this MN leaves home network in the process of other networks, do not belong to same home network other node configuration the home address identical with this MN.If other node configuration the home address identical with this MN; This registration process just can not be successful; HA can send binding acknowledgement message to this MN, the DAD failure of notifying this MN to carry out, the home address that uses of this MN that just when this MN stays out township's network, other node configuration arranged.
Adopt the process of step 203 to carry out the DAD detection, just can guarantee the uniqueness that follow-up this MN home address and present care-of address are bound, thereby guarantee that this MN and HA set up the uniqueness in tunnel, guarantee that the home address of this MN when message transmission can reach.
Before the home address that carries out this MN present care-of address and this MN is bound, need obtain this MN present care-of address, this MN present care-of address can be that MN passes through the transmission of Binding Update request message.
Behind the tunnel of having set up between HA and this MN; HA just exists as the agency of MN home address; HA preserves the home address of this MN always, is used to receive the message of giving this MN that sends to this home address and this message is sent to the MN present care-of address through the tunnel with MN foundation.
Process shown in Figure 2 is to move to the registration first time of the outer MN of home network to HA; In the follow-up again registration process; Move once more like MN; Also just can not carry out DAD and detect, the home address of promptly judging this MN directly carries out home address and present care-of address and binds the tunnel foundation that can accomplish between HA and this MN again in the home address tabulation of setting up.
In the process of registration first time of HA, there are two problems at MN, below describe respectively.
First problem; In registration process, may suffer the possibility of dos attack; This is because in the process of other networks, arranged when MN leaves the local network mobile time interval; In this time interval, the home address of MN is can be employed by other MN, and just there is a strong possibility, and other MN disposes in this time interval and the same home address of home address of this MN.Like this, will fail during DAD process that HA carries out, this MN just can not success to the HA registration, can not receive to move and serve.So even HA stores the home address (home address that this MN of manual configuration is arranged such as HA) of this MN, in the time interval that HA still allows in the moving process of this MN, to certainly exist, other MN configurations home address identical on home network with this MN.
Second problem, the hour of log-on in registration process are very important parameters, because time postpone a meeting or conference the abandoning and the interruption of the existing connection of this MN of the message that causes this MN transmission in the registration process.In method shown in Figure 2; Time delay when this MN moves is the setting-up time of being introduced by the DAD process (minimum is 1 second), so hour of log-on spends the time greater than 1 second at least, this time-delay is that this MN is after sending the Binding Update request message and wait for the minimum time-out time between binding acknowledgement message; In the process that this MN registers; Usually all should be the overtime DAD of withdrawing from process, thereby explanation this MN home address on HA not be used by other MN, has only the procedure failure as DAD; When just HA also received binding acknowledgement message fast after sending the Binding Update request message, the process of registration failure can be fast.
To sum up, the applicant finds in realizing process of the present invention, and to be MN cause to the overlong time of the registration first time of HA the root that causes above-mentioned two problems, how to reduce MN and becomes a problem demanding prompt solution to the time that HA registers.
Summary of the invention
The embodiment of the invention provides the MN register method in a kind of IPv6 network, and this method can guarantee the time decreased of MN to the HA registration.
The embodiment of the invention also provides the MN Accreditation System in a kind of IPv6 network, and this system can guarantee the time decreased of MN to the HA registration.
The embodiment of the invention also provides the MN register device in a kind of IPv6 network, and this device can guarantee the time decreased of MN to the HA registration.
According to above-mentioned purpose, the technical scheme of the embodiment of the invention is achieved in that
Mobile node registration method in a kind of internet protocol version 6 IPv6 networks is characterized in that this method comprises:
After receiving the Binding Update request of mobile node transmission; When the home address of this mobile node does not have in set home address tabulation; Judge whether in set Security Association tabulation; The home address of the mobile node of protection when other nodes require to use, will not be accepted in the Security Association tabulation of said setting;
If the home address of said mobile node then returns the binding acknowledgement message of carrying successfully binding information to mobile node, with the home address of this mobile node and the banding cache of present care-of address in said Security Association tabulation.
Mobile node Accreditation System in a kind of IPv6 network comprises mobile node and home agent, wherein,
Mobile node is used for sending the Binding Update request to home agent, receives the binding acknowledgement message of carrying the binding successful information that home agent sends;
Home agent; Be used to receive the Binding Update request that mobile node sends; When the home address of this mobile node was not arranged in the home address tabulation, the home address that detects this mobile node returned the binding acknowledgement message of carrying the binding successful information to this mobile node in the Security Association tabulation that is provided with; On home agent, generate the home address of this mobile node and the banding cache of present care-of address, the home address of mobile node is arranged on during home address tabulates.
A kind of home agent comprises: receiver module, sending module, detection module and processing module, wherein,
Receiver module is used to receive the Binding Update request that mobile node sends, get access to the home address of this mobile node after, the home address of this mobile node is sent to detection module;
Sending module is used for the binding acknowledgement message of binding successful information of carrying that receives from detection module is sent to this mobile node;
Detection module; Be used for when the home address of this mobile node is not arranged on the home address tabulation; The home address that detects this mobile node sends the binding acknowledgement message of carrying the binding successful information to sending module and processing module in the Security Association tabulation that is provided with;
Processing module; Be used for receiving the binding acknowledgement message of carrying the binding successful information from detection module; Generation is with the home address of this mobile node and the banding cache of present care-of address; Set up the tunnel between home agent and this mobile node simultaneously, the home address of mobile node is arranged in the home address tabulation.
Can find out from such scheme; The embodiment of the invention is set up a Security Association tabulation at HA, and as the home address tabulation existence of expansion, the home address that will have ambulant MN in advance is kept in this safe list to be protected; So that other MN in this home network do not dispose the home address of institute's multicast; Like this, at MN in the registration process of HA, and should the registration home address not in the address list of local; Just can not adopt the DAD process to carry out under the situation of home address re-detection of MN; And directly MN is registered, guarantee that the home address that moves to this MN in other networks is not configured to the home address of other MN by other MN in its home network, thereby saved the shared time of DAD process of carrying out; Guarantee the time decreased of MN to the HA registration, avoid MN in the HA registration process since overlong time cause by the possibility of dos attack and packet loss or have the disruption of connection.
Description of drawings
Fig. 1 is that prior art realizes the ambulant system configuration sketch map of MN in the IPv6 network;
Fig. 2 carries out the process registration flow chart for prior art MN to HA;
Fig. 3 carries out the process registration flow chart for embodiment of the invention MN to HA;
Fig. 4 is the agency of embodiment of the invention HA as MN, the method flow diagram of message transmission;
The system schematic that Fig. 5 registers to HA for embodiment of the invention MN;
Fig. 6 is the structural representation of embodiment of the invention HA;
The network diagram that the MN that Fig. 7 provides for the specific embodiment of the invention registers to HA.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, the embodiment of the invention is done further to describe in detail below in conjunction with accompanying drawing.
The overlong time of prior art MN in the HA registration process is because HA carries out the DAD process and causes.So in order to save the time of MN to the HA registration; Reduce the time delay that MN registers in moving process; Avoid MN in the HA registration process owing to overlong time causes by the possibility of dos attack and packet loss or the existing disruption that connects; The embodiment of the invention is not carried out the DAD process at MN in the process of HA registration, and guarantees that the home address of MN is not disposed by other MN in the same home network.Therefore; The embodiment of the invention is set up a Security Association tabulation in advance on HA; This Security Association is tabulated dynamically or manual configuration generates, and as the home address tabulation existence of expansion, the home address that will have ambulant MN is kept in this Security Association tabulation to be protected; So that other MN in this home network do not dispose the home address in this Security Association tabulation; Like this, in the registration process of HA, the related home address of this registration process is not in the home address tabulation of setting up at MN; Just can arrive in the Security Association tabulation and detect; If disposed the home address of this MN, just can not adopt the DAD process to carry out under the situation of home address re-detection of MN, the home address that guarantees to move to this MN in other networks is not configured to the home address of other MN by other MN in its home network and this MN is registered.
In embodiments of the present invention; The Security Association tabulation of setting up at HA can be internet protocol-based safety (IPsec; IP Security) Security Association (SA; Security alliance) tabulation, and as the home address tabulation existence of expanding among the HA, this tabulation is used for tabulation is protected as link-local address and the global address of the MN of home address; Each home address in the Security Association tabulation can also be protected needs with a sign, and the home address that uses to other MN that do not allow to reallocate identifies.
The present invention comprises several sections when specifically realizing: first part, and carry out the setting up procedure that Security Association is tabulated, and the home address in the Security Association tabulation is protected, so that make other nodes not use this home address; Second part, the registration process the when MN with the home address in the Security Association tabulation moves to non-home network, the home address that this registration process relates to is not in the home address tabulation of setting up; The 3rd part, after the registration process of second part of completion, HA is associated the home address of MN and the MAC Address of HA; Carry out multicast through neighbours' announcement message; Notify this HA of other nodes to exist, after other nodes receive this announcement message, when MN sends message as the agency of MN; Can carry the home address of MN and the MAC Address that is associated; HA intercepts and captures message according to the MAC Address of self, according to the home address that carries MN message is sent on the corresponding Care-of Address, so that MN receives.
Below three parts are carried out detailed narration respectively.
First; At HA the Security Association tabulation is set; Home address in the Security Association tabulation is manual IPSEC configuration, certainly, also can adopt other dynamical fashions to obtain configuration; After getting access to the home address of MN in HA other network entities from home network, be arranged in the Security Association tabulation.
Send request message as other nodes to HA, (NS is in the time of NeighborSolicitation) like neighbor request; Require certain home address, after HA searches this home address and is not arranged in the home address tabulation, find again and be arranged in the Security Association tabulation; Then reply response to other nodes; As reply explanation other nodes neighbours' declarations (NA, Neighbor Advertisement), carry the out of use information of this home address.Home address during the Security Association that like this, just HA is provided with is tabulated is protected.
At MN during at home network, according to prior art, other nodes will receive the NA message that the home address of explanation MN has been used from the HA of MN and home network, and then the home address of MN is protected.
In embodiments of the present invention, NA can carry home address and the information of the MAC Address that is associated of the MN of the buffer memory institute buffer memory that expression do not upgrade other nodes, and is about to over-ridebit and is set to 0, and at this moment, other nodes that receive NA do not upgrade buffer memory; If NA carries home address and the information of the MAC Address that is associated of the MN of the buffer memory institute buffer memory that expression upgrades other nodes; Then can carry home address and the information of the MAC Address that is associated of the MN of the buffer memory institute buffer memory that expression upgrades other nodes, be about to over-ridebit and be set to 1.
Second portion
Fig. 3 carries out the process registration flow chart for embodiment of the invention MN to HA, and its concrete steps are:
Behind Binding Update request message when step 302, HA receive the registration that MN initiates, this MN is verified that checking is passed through, execution in step 303; Checking is not passed through, and then execution in step 305.
This step is an optional step; HA can not verify the Binding Update request message that receives yet, and authentication function promptly is not set in HA, can alleviate the complexity that HA handles like this; At this moment, HA confirms that all Binding Update request messages that receive all can be through checking.
The home address that step 303, HA detect this MN whether in the Security Association tabulation, if, execution in step 304; If then execution in step 305 not.
In this step, HA need get access to the home address of this MN, as carrying through the Binding Update request message.
In this step, the home address of the MN in the tabulation of the Security Association of setting is protected, and after promptly HA receives the request of the home address in this Security Association tabulation of other node requirements uses, will not accept.
In this step; Because the home address of this MN is arranged in the Security Association tabulation; And this Security Association tabulation is used to protect the home address of being stored not used by other nodes, so the home address in this Security Association tabulation can guarantee the uniqueness that this MN uses, so HA has detected with regard to not carrying out DAD to the home address of this MN; Need not carry out the DAD process yet and detect the needed time, thereby save the time of registration.
Before the home address that carries out this MN present care-of address and this MN is bound, need obtain this MN present care-of address, this MN present care-of address can be that this MN sends through the Binding Update request message.
After step 305, HA were passed through this MN checking, HA started DAD, and the home address of this MN is carried out duplicate address detection.
Before carrying out step 302 shown in Figure 3, this method also comprises: HA judges that the home address of this MN is whether in the home address tabulation of setting up, if directly carry out 304; If not, execution in step 303.
Third part
After the home address in the Security Association is registered; Promptly after execution of step 304; HA notice HA exists as the agency of this MN home address, and promptly HA is associated the home address of MN and the MAC Address of HA, is carried in neighbours' announcement message; Carry out multicast, make other nodes that receive this message through multicast know that HA exists as the agency of this MN home address.At this moment, after other nodes receive this neighbours' announcement message, the MAC Address of the home address of this MN and HA is associated carries out buffer memory, as be buffered in the neighbor cache of other nodes.In this neighbours' announcement message, can also carry a sign, be used to indicate other MN whether need upgrade the neighbor cache of self, as over-ride is set is 1.When MN sends message, can carry the home address of MN and the MAC Address that is associated, HA intercepts and captures message according to the MAC Address of self, according to the home address that carries MN message is sent on the corresponding Care-of Address, so that MN receives.
In embodiments of the present invention, node has neighbor cache separately, and buffer memory has the home address of MN and the MAC Address that is associated.
In embodiments of the present invention; In Fig. 3, can also in the binding update messages that MN sends, carry the compatible sign of link layer address (L) of set, this sign is used to indicate the HA need be as the link local address of MN and the home agent of global address; After registration is accomplished; In neighbours' announcement message of HA multicast, carry the related information of MN, receive the buffer memory of the node updates self of this message as the MAC Address of the link local address of home address and global address and HA.When not carrying L or not set L in the binding update messages that MN sends; Then HA is as the agency of the global address of MN, after registration is accomplished, in neighbours' announcement message of HA multicast; Carry the related information of MN as the MAC Address of the global address of home address and HA; Receive the buffer memory of the node updates self of this message, at this moment, the link local address of this MN can be used by other nodes.
Fig. 4 is the agency of embodiment of the invention HA as MN, the method flow diagram of message transmission, and its concrete steps are:
In this step, also carries other nodes of indication in this neighbours' announcement message and whether upgrade the sign of buffer memory, as over-ride is set is 1 that sign needs renewal;
Like this, move to the outer MN of home network and received message, and other nodes that send message can not perceive this MN and moved to outside the home network with regard to making.
Fig. 5 for embodiment of the invention MN to the system schematic that HA registers, comprise MN and HA, wherein,
MN is used for sending the Binding Update request to HA, receives the binding acknowledgement message of carrying the binding successful information that HA sends;
HA is used to receive the Binding Update request that MN sends, when the home address of this MN is not arranged in the home address tabulation; The home address that detects this MN is in being provided with the Security Association tabulation; Do not carry out DAD and detect, return to this MN and carry the binding acknowledgement message of binding successful information, on HA, generate the home address of this MN and the banding cache of present care-of address; Set up the tunnel between HA and this MN simultaneously, the home address of MN is arranged in the home address tabulation.
In embodiments of the present invention, the home address that HA also is further used for detecting this MN is not arranged in the Security Association tabulation, then carries out the registration to MN according to prior art, sends and carries the binding acknowledgement message of binding successful information.
In embodiments of the present invention, this system also comprises other nodes, is used for sending NS to HA, and the home address of MN is used in request;
HA after being further used for receiving NS, confirms that the home address of this MN is arranged on the Security Association tabulation or/and in the home address tabulation, then return to other nodes and carry the NA that can not use the home address of being asked.
In embodiments of the present invention; HA also is further used for after MN registers; Carry the announcement message of MAC Address of home address and the HA of this MN that is associated to other node multicasts; Intercept and capture the message that sends to MN according to the self MAC address, message is sent on the corresponding Care-of Address according to the home address that carries MN;
Other nodes, be used to receive this announcement message after, adopt the home address of this MN be associated and the MAC Address of HA to upgrade self buffer memory, to MN transmission message the time, carry the home address of this MN that is associated and the MAC Address of HA.
Fig. 6 is the structural representation of embodiment of the invention HA, comprises receiver module, sending module, detection module and processing module, wherein,
Receiver module is used to receive the Binding Update request that MN sends, get access to the home address of this MN after, the home address of this MN is sent to detection module;
Sending module is used for the binding acknowledgement message of binding successful information of carrying that receives from detection module is sent to this MN;
Detection module is used for when the home address of this MN is not arranged on the home address tabulation, and the home address that detects this MN sends the binding acknowledgement message of carrying the binding successful information to sending module and processing module in the Security Association tabulation that is provided with;
Processing module; Be used for receiving the binding acknowledgement message of carrying the binding successful information from detection module; Generation is set up the tunnel between HA and this MN simultaneously with the home address of this MN and the banding cache of present care-of address, and the home address of MN is arranged in the home address tabulation.
In embodiments of the present invention, detection module also comprises first detection sub-module, wherein,
First detection sub-module, the home address that is used for detecting this MN do not have the Security Association tabulation that is provided with, then carry out the registration to MN according to prior art, send to transceiver module and carry the binding acknowledgement message of binding successful information.
In embodiments of the present invention; Transceiver module also comprises the second transmitting-receiving submodule; After being used to receive NS, confirm that the home address of this MN is arranged on the Security Association tabulation or/and in the home address tabulation, then return to other nodes and carry the NA that can not use the home address of being asked.
In embodiments of the present invention; Transceiver module also comprises the 3rd transmitting-receiving submodule; Be used for after MN registers; Carry the announcement message of MAC Address of home address and the HA of this MN that is associated to other node multicasts, intercept and capture the message that sends to MN, message is sent on the corresponding Care-of Address according to the home address that carries MN according to the self MAC address.
The network diagram that the MN that Fig. 7 provides for the specific embodiment of the invention registers to HA; Comprise: the address is the HA of 3ffe::1/64; It stores the home address (3ff::2/64) of MN in the Security Association tabulation; Moving to Care-of Address is the MN that moves to other networks of 8ff::2/64, and the address is the CN of 9ffe::2/64.At MN when home network moves to other networks; Need to register to HA; HA confirms the home address of this MN after the Security Association tabulation of being stored, and then Care-of Address 8ff::2/64 and the home address 3ff::2/64 with this MN carries out banding cache, sets up the tunnel between HA and the MN.After registration was accomplished, multicast carried the announcement message of home address of MAC Address and the MN of the HA that is associated, received the buffer memory of the CN renewal self of this message.When message transmission; CN sends the message of the MAC Address of the home address 3ff::2/64 carry MN and HA; The HA that this message is had MAC Address intercepts and captures, and HA sends to message on the Care-of Address 8ff::2/64 of MN through the tunnel with MN according to the home address of this MN.
Can find out from the method, system and device that the embodiment of the invention provides, owing in the process of HA registration, do not carry out the DAD process at MN, thus saved the time of registration.Owing to saved the time of registration, thus since the time-delay of registration cause MN in the HA registration process because overlong time causes by the possibility of dos attack and packet loss or has the disruption of connection, can avoid.
More than be explanation, in concrete implementation process, can carry out suitable improvement, to adapt to the concrete needs of concrete condition method of the present invention to the specific embodiment of the invention.Therefore be appreciated that embodiment according to the present invention just plays an exemplary role, not in order to restriction protection scope of the present invention.
Claims (18)
1. the mobile node registration method in the internet protocol version 6 IPv6 networks is characterized in that this method comprises:
After receiving the Binding Update request of mobile node transmission; When the home address of this mobile node does not have in set home address tabulation; Judge whether in set Security Association tabulation; The home address of the mobile node of protection when other nodes require to use, will not be accepted in the Security Association tabulation of said setting;
If the home address of said mobile node then returns the binding acknowledgement message of carrying successfully binding information to mobile node, with the home address of this mobile node and the banding cache of present care-of address in said Security Association tabulation.
2. the method for claim 1 is characterized in that, after the banding cache of said home address and present care-of address with this mobile node, this method also comprises:
Set up the tunnel between home agent and this mobile node.
3. the method for claim 1 is characterized in that, after this method, also comprises: the home address of mobile node is arranged in the home address tabulation.
4. the method for claim 1 is characterized in that, before set Security Association tabulation, this method also comprises at the home address of judging this mobile node:
Whether the home address of judging this mobile node is in set Security Association tabulation, if then carry out the home address of judging this mobile node step and the subsequent step in set Security Association tabulation; If not; After then mobile node being carried out duplicate address detection and passing through; Return the binding acknowledgement message of carrying successfully binding information to mobile node; With the home address of this mobile node and the banding cache of present care-of address, set up the tunnel between home agent and this mobile node, the home address of mobile node is arranged in the home address tabulation.
5. the method for claim 1 is characterized in that, said Security Association tabulation be dynamically obtain or static configuration.
6. the method for claim 1 is characterized in that, said when other nodes require to use, the process that will not accept is:
Receive that other nodes send carry the request that will use home address after, judge that this home address is arranged in the Security Association tabulation or/and in the home address tabulation, send then for other nodes and carry the response that indication can't be used the home address of being asked.
7. method as claimed in claim 6 is characterized in that the information that other nodal caches are not upgraded in expression is carried in said response.
8. the method for claim 1 is characterized in that, this method also comprises:
Home agent is associated the home address of mobile node and the Media Access Control address of self, carries out multicast through neighbours' announcement message, notifies this home address of other nodes to exist as the agency of mobile node;
Other nodes receive this announcement message, with the home address of the mobile node that is associated and the Media Access Control address buffer memory of self, when mobile node sends message, carry the home address of mobile node and the Media Access Control address that is associated;
Home agent is intercepted and captured message according to the Media Access Control address of self, according to the home address that carries mobile node message is sent on the corresponding Care-of Address.
9. method as claimed in claim 8 is characterized in that, said announcement message carries the sign that other nodal caches are upgraded in expression, said the home address of the mobile node that is associated and the Media Access Control address buffer memory of self is carried out according to this sign.
10. like claim 8 or 9 described methods, it is characterized in that carrying the indication home agent in the said Binding Update request need be as the sign of the home agent of the link local address of mobile node and global address;
The home address that is associated that said neighbours' announcement message carries and the Media Access Control address of home agent are the related informations as the Media Access Control address of the link local address of home address and global address and home agent;
Perhaps, carrying the indication home agent in the said Binding Update request need be as the sign of the home agent of the global address of mobile node;
The moving nodes local address that is associated that said neighbours' announcement message carries and the Media Access Control address of home agent are the related informations as the Media Access Control address of global address and home agent.
11. the mobile node Accreditation System in the IPv6 network is characterized in that, comprises mobile node and home agent, wherein,
Mobile node is used for sending the Binding Update request to home agent, receives the binding acknowledgement message of carrying the binding successful information that home agent sends;
Home agent; Be used to receive the Binding Update request that mobile node sends; When the home address of this mobile node was not arranged in the home address tabulation, the home address that detects this mobile node returned the binding acknowledgement message of carrying the binding successful information to this mobile node in the Security Association tabulation that is provided with; On home agent, generate the home address of this mobile node and the banding cache of present care-of address, the home address of mobile node is arranged on during home address tabulates.
12. system as claimed in claim 11; It is characterized in that; Home agent also is further used in the Security Association tabulation that the home address that detects this mobile node be not provided with, and after then mobile node being carried out duplicate address detection and passing through, returns the binding acknowledgement message of carrying successfully binding information to mobile node; With the home address of this mobile node and the banding cache of present care-of address, the home address of mobile node is arranged in the home address tabulation.
13., it is characterized in that this system also comprises other nodes like claim 11 or 12 described systems, be used for sending neighbor request to home agent, the home address of mobile node is used in request;
Home agent after being further used for receiving neighbor request, confirms that the home address of this mobile node is arranged on the Security Association tabulation or/and in the home address tabulation, then return to other nodes and carry the neighbours' declaration that can not use the home address of being asked.
14. like claim 11 or 12 described systems; It is characterized in that; Home agent also is further used for after mobile node is registered; Carry the announcement message of Media Access Control address of home address and the home agent of this mobile node that is associated to other node multicasts, intercept and capture the message that mails to mobile node, message is sent on the corresponding Care-of Address according to the home address that carries mobile node according to self Media Access Control address;
Other nodes; After being used to receive this announcement message; The home address of this mobile node that employing is associated and the Media Access Control address of home agent upgrade self buffer memory; When sending message, carry the home address of this mobile node that is associated and the Media Access Control address of home agent to mobile node.
15. a home agent is characterized in that, comprising: receiver module, sending module, detection module and processing module, wherein,
Receiver module is used to receive the Binding Update request that mobile node sends, get access to the home address of this mobile node after, the home address of this mobile node is sent to detection module;
Sending module is used for the binding acknowledgement message of binding successful information of carrying that receives from detection module is sent to this mobile node;
Detection module; Be used for when the home address of this mobile node is not arranged on the home address tabulation; The home address that detects this mobile node sends the binding acknowledgement message of carrying the binding successful information to sending module and processing module in the Security Association tabulation that is provided with;
Processing module is used for receiving from detection module and carries the binding acknowledgement message of binding successful information, and generation is the home address of this mobile node and the banding cache of present care-of address, and the home address of mobile node is arranged on during home address tabulates.
16. home agent as claimed in claim 15 is characterized in that, said detection module also comprises first detection sub-module, wherein,
First detection sub-module; Be used for not being arranged on the Security Association tabulation at the home address that detects this home agent; After then mobile node being carried out duplicate address detection and passing through; Return the binding acknowledgement message of carrying successfully binding information to mobile node,, the home address of mobile node is arranged in the home address tabulation the home address of this mobile node and the banding cache of present care-of address.
17. home agent as claimed in claim 15; It is characterized in that; Also comprise the second transmitting-receiving submodule; After being used to receive neighbor request, confirm that the home address of this mobile node is arranged in the Security Association tabulation, then return and carry the neighbours' declaration that to use the home address of being asked to other nodes.
18. home agent as claimed in claim 15; It is characterized in that; Also comprise the 3rd transmitting-receiving submodule, be used for after mobile node is registered, carry the announcement message of Media Access Control address of home address and the home address of this mobile node that is associated to other node multicasts; Intercept and capture the message that mails to mobile node according to self Media Access Control address, message is sent on the corresponding Care-of Address according to the home address that carries mobile node.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101651071A CN101426002B (en) | 2007-10-29 | 2007-10-29 | Mobile node registration method, system and apparatus in IPv6 network |
| PCT/CN2008/072524 WO2009056024A1 (en) | 2007-10-29 | 2008-09-25 | A method, system and device for registration of mn in ipv6 network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101651071A CN101426002B (en) | 2007-10-29 | 2007-10-29 | Mobile node registration method, system and apparatus in IPv6 network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101426002A CN101426002A (en) | 2009-05-06 |
| CN101426002B true CN101426002B (en) | 2012-05-23 |
Family
ID=40590537
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101651071A Active CN101426002B (en) | 2007-10-29 | 2007-10-29 | Mobile node registration method, system and apparatus in IPv6 network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101426002B (en) |
| WO (1) | WO2009056024A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888370B (en) * | 2009-05-11 | 2013-01-09 | 中兴通讯股份有限公司 | Device and method for preventing IPv6 (Internet Protocol version 6) from being deceptively attached |
| CN101552724B (en) * | 2009-05-11 | 2012-09-05 | 杭州华三通信技术有限公司 | Generation method and apparatus for neighbor table items |
| CN101577723B (en) * | 2009-06-03 | 2012-09-26 | 杭州华三通信技术有限公司 | Method for preventing neighbor discovery protocol message attack and device |
| CN101656641B (en) * | 2009-09-23 | 2012-01-11 | 中兴通讯股份有限公司 | Method and device for detecting repeated addresses |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5758282A (en) * | 1995-06-19 | 1998-05-26 | Sharp Kabushiki Kaisha | Radio terminal using allocated addresses |
| US20020075836A1 (en) * | 2000-12-20 | 2002-06-20 | Nec Corporation | Wireless communication system |
| CN1574777A (en) * | 2003-06-19 | 2005-02-02 | 三星电子株式会社 | Apparatus and method for detecting duplicate IP addresses in mobile ad hoc network environment |
-
2007
- 2007-10-29 CN CN2007101651071A patent/CN101426002B/en active Active
-
2008
- 2008-09-25 WO PCT/CN2008/072524 patent/WO2009056024A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5758282A (en) * | 1995-06-19 | 1998-05-26 | Sharp Kabushiki Kaisha | Radio terminal using allocated addresses |
| US20020075836A1 (en) * | 2000-12-20 | 2002-06-20 | Nec Corporation | Wireless communication system |
| CN1574777A (en) * | 2003-06-19 | 2005-02-02 | 三星电子株式会社 | Apparatus and method for detecting duplicate IP addresses in mobile ad hoc network environment |
Non-Patent Citations (1)
| Title |
|---|
| 赵成等.IPv6的移动性支持及其优化.《现代电子技术》.2004,(第12期),第5-6页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2009056024A1 (en) | 2009-05-07 |
| CN101426002A (en) | 2009-05-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Perkins | IP mobility support for IPv4, revised | |
| EP1825651B1 (en) | Communication route optimization method and corresponding system | |
| EP1139632B1 (en) | Method for packet communication with mobile node | |
| FI110975B (en) | Prevention of fraud in telecommunication systems | |
| US8112084B2 (en) | Method, system and apparatus for performing mobile internet protocol deregistering | |
| US8213387B2 (en) | Method, system and device for transmitting a media independent handover message | |
| WO2008043449A1 (en) | Method and apparatus for mobile ip route optimization | |
| US20030225887A1 (en) | Establishing IP level connectivity by use of L-2 dormant mobile node activation | |
| WO2005076573A1 (en) | Method and system for sending binding updates to correspondent nodes behind firewalls | |
| WO2004043085A2 (en) | Dynamic re-routing of mobile node support in home servers | |
| US8023503B2 (en) | Multi-homing based mobile internet | |
| Kempf et al. | Requirements and functional architecture for an IP host alerting protocol | |
| CN102118398B (en) | Access control method, device and system | |
| CN101426002B (en) | Mobile node registration method, system and apparatus in IPv6 network | |
| US20040158639A1 (en) | IP connection processing device | |
| US8761007B1 (en) | Method and apparatus for preventing a mobile device from creating a routing loop in a network | |
| CN101031133B (en) | Method and apparatus for determining mobile-node home agent | |
| Cisco | Configuring Mobile IP | |
| Perkins | RFC 5944: IP mobility support for IPv4, Revised | |
| CN113079565A (en) | LTE edge user network access method and device | |
| EP1443712B1 (en) | A method and a system for controlling handoff of a terminal | |
| JP2010021713A (en) | Proxy terminal, communication method, and communication program | |
| WO2008009239A1 (en) | Method, apparatus and system for terminal relocation in communication system under idle mode | |
| CN101179554A (en) | Method and network side for notifying boot mode of mobile subscriber terminal | |
| Howie et al. | Hybrid model for wireless mobility management using IPv6 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |