本文關(guān)鍵詞： VPN 隧道技術(shù) ADVPN VAM 動(dòng)態(tài)點(diǎn)到多點(diǎn)隧道機(jī)制　出處：《蘭州大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：VPN是一種在公共網(wǎng)絡(luò)上建立專用網(wǎng)絡(luò)的技術(shù)。目前越來(lái)越多的企業(yè)通過(guò)組建VPN網(wǎng)絡(luò)來(lái)實(shí)現(xiàn)企業(yè)的多個(gè)分支機(jī)構(gòu)的互聯(lián)�，F(xiàn)有VPN技術(shù)依賴大量手工配置和維護(hù),主要通過(guò)隧道技術(shù)來(lái)實(shí)現(xiàn)專用通信服務(wù)。大多數(shù)企業(yè)分支機(jī)構(gòu)采用動(dòng)態(tài)IP地址接入公共網(wǎng)絡(luò),分支機(jī)構(gòu)間無(wú)法事先知道對(duì)端的公網(wǎng)地址,因此分支機(jī)構(gòu)要建立通信隧道,每次獲取動(dòng)態(tài)IP地址后都要通知網(wǎng)絡(luò)管理員進(jìn)行隧道的重新配置。在VPN網(wǎng)絡(luò)中,任何一個(gè)節(jié)點(diǎn)的配置發(fā)生了變化,其他的節(jié)點(diǎn)都要做出相應(yīng)的更改,這樣就給組建多個(gè)動(dòng)態(tài)節(jié)點(diǎn)的全連通VPN網(wǎng)絡(luò)帶來(lái)更大的困難。同時(shí)現(xiàn)有VPN技術(shù)還在NAT穿越、動(dòng)態(tài)路由支持、報(bào)文加密等方面存在一定的缺陷。 本課題主要針對(duì)現(xiàn)有VPN技術(shù)存在的問(wèn)題,提出了ADVPN解決方案。ADVPN提供了一種靈活建立VPN的方式,實(shí)現(xiàn)了在獲得動(dòng)態(tài)IP地址的設(shè)備之間隧道的自動(dòng)創(chuàng)建、維護(hù),使接入到ADVPN域的設(shè)備能夠互相訪問(wèn)。在ADVPN方案中開發(fā)了VAM協(xié)議實(shí)現(xiàn)了動(dòng)態(tài)IP地址的獲取和管理,解決了建立隧道時(shí)動(dòng)態(tài)獲取對(duì)端IP地址的問(wèn)題；為了實(shí)現(xiàn)隧道的自動(dòng)建立、維護(hù)、刪除,開發(fā)了ADVPN隧道協(xié)議,并提出用管理會(huì)話的方式來(lái)管理ADVPN隧道。同時(shí)ADVPN隧道也實(shí)現(xiàn)了NAT的自然穿越,并通過(guò)與IPsec安全框架的結(jié)合,實(shí)現(xiàn)了更加完善的報(bào)文加密機(jī)制。 論文在闡述ADVPN隧道設(shè)計(jì)思想和VAM協(xié)議處理流程的基礎(chǔ)上,重點(diǎn)描述了ADVPN隧道的設(shè)計(jì)與實(shí)現(xiàn)。通過(guò)分析ADVPN隧道所在的網(wǎng)絡(luò)層次,設(shè)計(jì)出ADVPN隧道報(bào)文的封裝格式。通過(guò)分析動(dòng)態(tài)點(diǎn)到多點(diǎn)隧道機(jī)制,設(shè)計(jì)了自動(dòng)創(chuàng)建ADVPN隧道所必須的信息和方法；并以會(huì)話方式管理隧道,使得動(dòng)態(tài)隧道與會(huì)話一一對(duì)應(yīng)且每個(gè)隧道上可以有多個(gè)會(huì)話,由此實(shí)現(xiàn)了動(dòng)態(tài)點(diǎn)到多點(diǎn)隧道機(jī)制。結(jié)合支持動(dòng)態(tài)路由的機(jī)制,獲取私網(wǎng)的路由信息,更好地實(shí)現(xiàn)了ADVPN網(wǎng)絡(luò)節(jié)點(diǎn)的全連通。在Comware開發(fā)平臺(tái)上,完成了ADVPN隧道所有功能模塊的實(shí)現(xiàn)和測(cè)試。目前ADVPN已投入實(shí)際應(yīng)用。
[Abstract]:VPN is a kind of technology to set up private network on public network. At present, more and more enterprises realize the interconnection of many branches of enterprises by setting up VPN network. The existing VPN technology relies on a large number of manual configuration and maintenance. Most enterprise branch offices use dynamic IP address to connect to public network, and branches can not know the public network address of the opposite end in advance, so the branch should establish communication tunnel. Every time you get a dynamic IP address, you have to notify the network administrator to reconfigure the tunnel. In the VPN network, the configuration of any node has changed, and the other nodes have to make corresponding changes. This makes it more difficult to build a fully connected VPN network with multiple dynamic nodes, and the existing VPN technologies also have some defects in NAT traversing, dynamic routing support, packet encryption and so on. In view of the problems existing in the existing VPN technology, this paper puts forward a ADVPN solution. ADVPN provides a flexible way to establish VPN, and realizes the automatic creation and maintenance of tunnels between devices that obtain dynamic IP addresses. In order to realize the automatic establishment of the tunnel, the VAM protocol is developed to obtain and manage the dynamic IP address in the ADVPN scheme, which solves the problem of dynamically acquiring the IP address at the end of the tunnel. The ADVPN tunneling protocol is maintained, deleted, and developed, and the ADVPN tunnel is managed by management session. At the same time, the ADVPN tunnel also realizes the natural traversing of NAT, and through the combination with the IPsec security framework, a more perfect message encryption mechanism is realized. On the basis of expatiating ADVPN tunnel design idea and VAM protocol processing flow, this paper mainly describes the design and implementation of ADVPN tunnel, and analyzes the network level of ADVPN tunnel. The encapsulation format of ADVPN tunnel message is designed. By analyzing the dynamic point-to-multipoint tunneling mechanism, the necessary information and method for automatically creating ADVPN tunnel are designed, and the tunnel is managed by conversation. The dynamic tunnel corresponds to the session one by one and there can be more than one session in each tunnel, so the dynamic point-to-multipoint tunneling mechanism is realized, and the routing information of private network is obtained by combining the mechanism that supports dynamic routing. On the Comware development platform, the realization and test of all function modules of ADVPN tunnel have been completed. At present, ADVPN has been put into practical application.
【學(xué)位授予單位】：蘭州大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.09

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 高鵬,李鷗,邢明;在IPSec VPN中實(shí)現(xiàn)動(dòng)態(tài)路由的方法[J];計(jì)算機(jī)安全;2005年03期

2 閆睿;溫建農(nóng);王春媛;邢成起;楊波;;運(yùn)用DVPN技術(shù)構(gòu)建北京市區(qū)縣地震信息網(wǎng)絡(luò)[J];防災(zāi)科技學(xué)院學(xué)報(bào);2008年04期

3 曾勇軍,楊貞斌,羅興國(guó);通過(guò)隧道技術(shù)建立安全的虛擬專用網(wǎng)[J];計(jì)算機(jī)工程與應(yīng)用;2000年08期

4 郝輝,錢華林;VPN及其隧道技術(shù)研究[J];微電子學(xué)與計(jì)算機(jī);2004年11期

5 陳華其;;采用DVPN技術(shù)建設(shè)多校區(qū)校園網(wǎng)[J];小型微型計(jì)算機(jī)系統(tǒng);2007年08期

6 梁玉柱;;基于DMVPN技術(shù)的廣域網(wǎng)設(shè)計(jì)和實(shí)現(xiàn)[J];信息系統(tǒng)工程;2012年02期

，

本文編號(hào)：1535629