The service control layer in broadband metropolitan area network (MAN) is a unique level in the service access network connecting with the core switching network, in which the BRAS plays an important role. The BRAS in the convergence layer at the edge of the broadband MAN is responsible for the authentication of all kinds of broadband access users, billing gateway and the user's service control gateway, and it is mainly responsible for functions such as service access control, user management, and address management.
With requirements for high quality of the services provided by the network, there are higher requirements for performance and reliability of service control layer BRAS products, the functions of the BRAS products and their positions in the network results in that the BRAS has a high reliable network, so the concept of BRAS multi-machine backup comes into being. In networking applications, multiple BRAS equipments will be deployed in the service control layer, and the multiple equipments have master-backup redundancy and user information backup capabilities via service configuration, so as to achieve fast switching and service recovery when the equipment fails, thus to fulfill user unaware services guarantee. Meanwhile, it solves network vulnerabilities due to the single point-failure.
BRAS multi-machine backup means deploying N+1 BRAS products in the control layer of the network to achieve N: 1 backup, that is, N BRAS equipments work as the master equipments to bear services, the rest one BRAS equipment works as a backup equipment to synchronously store user information, multiple ports of the N equipments are backed up to one port of the rest one equipment. Because the probability that multiple equipments are abnormal concurrently is far less than the probability that multiple ports of one equipment are abnormal, generally, the ports 1 of N equipments are backed up to the port 1 of the backup equipment rather than the multiple ports of the same equipment are backed up to one port of the backup equipment in applications. One port of the backup equipment distinguishes the N ports of the master equipments by dividing a Virtual Local Area Network (VLAN). In N+1 backups, two ports that are in master-backup relationship belong to one backup group, and two equipments that mutually establish a master-backup relationship between them belong to one backup equipment group. At work, N of the N+1 equipments are configured to be in the master status while the rest one in the backup state through negotiation or manual configuration, the master equipments are used to control the user access and record user information, and to back up the user information to the backup equipment in real-time synchronization or bulk synchronization. When the master equipment fails, a master-backup switching can be rapidly implemented, since the user information has already been backed up to the equipment in backup state, thus the users cannot aware that the equipment is in the process of master-backup switching and the service quality is guaranteed.
In the BRAS multi-machine backup application scenarios, users access the convergence equipment through the access network, and the convergence equipment uplinks to multiple BRAS equipments, multiple backup groups of the multiple BRAS equipments negotiate the master-backup relationship through the Virtual Router Redundancy Protocol (VRRP, refer to RFC2338) to achieve N: 1 backups among the multiple BRAS equipments. Assuming three BRAS equipments are equipment A, equipment B, and equipments C, and port a of the equipment A and port b of the equipment B are backed up to port c of the equipment C, there are backup groups ac and be and backup equipment groups AC and BC. In the work scheme of N: 1 backup, for all users, the equipments A and B are equipments in master state, while the equipment C is an equipment in backup state, that is, when working normally, the ports a and b are the master ports to bear user services, while the port c is the backup port that does not bear user services but synchronously stores the user information. When the port a of the equipment A fails, the port c in the backup group ac is switched to be a master port, right now, the equipment B and the equipment C are equipments in master state, while the equipment A is an equipment in backup state.
To date, the method for the BRAS access user port locating is: to acquire the access line information of the down-linked Digital Subscriber Line Access Multiplexer (DSLAM) and the port line information when the user accesses the BRAS, and then all the information are packaged and sent to a Remote Authentication Dial In User Service (RADIUS) server for authentication so as to check whether the user access line information is correct or not. In BRAS multi-machine backup applications, the switching between master and backup ports in the backup group will change the user access line information, resulting in authentication failure, thus the original method for the user port locating is not feasible any more. Reasons of the authentication failure are: the BRAS equipment activates the user port locating functionality in the BRAS multi-machine backup scenarios so as to check the access line information during the user authentication. In the work scheme of N: 1 of the BRAS equipments, when the master port of one backup group is abnormal, the backup group switches, the original master port is switched to be a backup port, while the original backup port is switched to be a master port, for one access user, the process of the user port locating is:
1. when the master port is in normal state, the user accesses from the master port of the master equipment, the master equipment constructs a RADIUS user access line information attribute message from the DSLAM line information brought by the user and the access port line information of the master equipment, and sends the message to the RADIUS server for authentication;
2. The RADIUS server configures access line information for each user, and after the user access authentication message (including the user access line information attribute message) is sent from the BRAS to the RADIUS server, the RADIUS server inspects the line according to the user line information in the user access line information attribute message, if the information matches, then the authentication is passed;
3. when the master port of the master equipment is in abnormal state, the backup group switches, and when the backup port of the backup equipment is switched to be a master port, if the same user accesses the line again, the user will access from the backup port of the backup equipment;
4. according to the DSLAM line information brought by the user and the access port line information of the backup equipment, the backup equipment constructs a RADIUS user access line information attribute message and sends the message to the RADIUS server for authentication;
5. The RADIUS server inspects the line according to the user line information in the user access line information attribute message, meanwhile, since the BRAS access information brought by the user has changed, the line inspection does not pass, the user authentication fails, and the user can not access the line.
Since the physical access equipment and access port have changed when the user accesses the line again after the backup group switches, while the access line information set by the authentication equipment for each user is fixed, thus there is a problem, i.e., when the user access authentication is successful before the backup group switches, the authentication will fail when the same user accesses the line again after the backup group switches.