In communication field, “AAA” refers to Authentication, Authorization and Accounting. From the birth of communication networks, the authentication, authorization and accounting mechanism has become the foundation for operation of the communication networks. The use of various resources in the networks has to be managed through authentication, authorization and accounting. For a commercial system, authentication is vital, because the exact person who should be charged for service provision can be ascertained and illegal users (hackers) can be prevented from attacking the network only when the user's identity is confirmed. After the user's identity is confirmed, the system can grant the user corresponding authority according to the service category requested by the user when the user opens his/her account. Finally, when the user uses resources of the system, an appropriate device is required to perform statistics on the user's occupation of resources, and charge the user according to the statistics. In existing schemes, operators set an appropriate server for clients to perform the above management.
In practical management, due to various reasons, there often occur cases in which a client requires changing the server assigned for it by the system. At present, Diameter protocol is employed to handle related server changes and assign a different server for the client, i.e., to perform a redirection operation. Diameter messages can be routed via a Redirect Agent. In Diameter protocol, Remote Authentication Dial In User Service (RADIUS) can be translated into a new generation of AAA protocol, i.e., RADIUS*2=Diameter. In Diameter protocol, there are defined relevant Network Elements (NEs), including client, server and agent.
FIG. 1 shows a process of client redirection. As shown in FIG. 1, the redirection process mainly includes the steps as follows.
In Step S01, a client sends a request message to a redirect agent.
In Step S02, the redirect agent returns a response message to the client to tell the address of a redirected server.
For example, the content of a redirect response message for authorization and authentication is as follows:
<AAA> ::= < Diameter Header: 275, PXY > //content of Diameterheader: “275”, the command code; “PXY”, indicating the message isproxiable< Session-Id > //indicating the session identifier, which is a copy of the session identifier in the request{ Result-Code } //having a value of “3006” which indicates aredirect response{ Origin-Host } //the name of the host from which this response isreturned{ Origin-Realm } //the name of the realm from which this responseis returned{ Redirect-Host } //the name of the server to be redirected to,e.g., Server1.china.com
In Step S03, the client sends a request to the server according to the address of server carried in the response from the redirect agent;
In Step S04, the server handles the request from the client and returns a response to the client.
In the above scheme, servers are managed on realm basis, and route data may be maintained centrally by the redirect agent without being maintained on multiple clients. The existing redirect agent can return the address of a server in the origin realm but can't return a new realm name; therefore, it can be redirected to a server in the current realm but can't be redirected to a server in a new realm. As shown in FIG. 1, both the redirect agent and the server have to be in the same realm: Realm1.com. That is because the routing method is carried as first, routing according to the information of the realm and then routing through the server in the realm. For example, when the client makes a routing in the realm China Mobile, it sends a message to the agent of the realm China Mobile according to the name of the realm (China Mobile); then, the agent in the realm China Mobile determines the service belongs to Beijing Mobile according to the server name.
In today's communication management, there often occur cases in which a client has to be redirected to other realms and servers. For example, an operator (with a realm name) may want to stop a service and hope all of his customers are redirected by a redirect agent to another operator (with another realm name) so as to continue the provision of the service without affecting the services for his customers. Because the existing redirect interface doesn't support redirection between different realms, all clients have to be upgraded so that the clients can send a request message to a new realm. That requires modifying the realm information originally configured on each client to information of the new realm. With the existing scheme, such an upgrade and maintenance will cause heavy workload, because there are usually a huge number of clients.