一种面向Portal认证的IPv6可信地址分配机制

随着网络规模的增长，对网络进行精细化管控变得尤为重要。在下一代互联网中将用户可信身份嵌入 IPv6 地址后缀形成可信地址，能够进一步提高网络行为的可追溯性。目前已有研究基于 Portal 认证配合DHCPv6将用户的身份信息嵌入用户终端的IPv6地址中，但是为了分配可信地址而改动的DHCPv6过程造成了机制对用户终端不透明，无法大规模部署。提出了一种面向Portal认证的IPv6可信地址分配机制，通过服务器信令交互配合软件定义网络（SDN）技术实现IPv6可信地址的间接分配，而且与地址分配方式无关。最后，实现了一个原型系统并在江苏南京电信现网机房评估了其可行性和性能，结果表明此机制在对终端透明的情况下仅带来很少的额外开销。

A general way to assign IPv6 trusted address under portal authentication

As the network scale grows,it is especially important to fine-tune the network.In the next-generation Internet,embedding the user's trusted identity into the IPv6 address suffix to assign trusted addresses can further improve the traceability of network behavior.At present,many studies have attempted to embed the user’s identity information into IPv6 addresses based on portal authentication and DHCPv6,but the modification of DHCPv6 makes it not transparent to the terminal.A mechanism for trusted address assignment in IPv6 networks based on portal authentication was proposed.The collaboration between servers and software-defined networking (SDN) technology was used to realize the indirect assignment of IPv6 trusted addresses.Finally,a prototype system was implemented and its feasibility and performance were evaluated in the network of Nanjing Telecom in Jiangsu.The results show that the mechanism only brings little overhead and it is transparent to the terminal.