【摘要】：多協(xié)議標(biāo)簽交換和邊界網(wǎng)關(guān)協(xié)議構(gòu)建的虛擬專用網(wǎng)絡(luò),憑借著該技術(shù)隧道的建立是動態(tài)的,擴(kuò)展性好,且有效解決不同VPN用戶地址沖突、互訪控制、數(shù)據(jù)隔離等問題,已越來越受各行各業(yè)的青睞。近年來,隨著企業(yè)規(guī)模的不斷增大,企業(yè)網(wǎng)絡(luò)需要跨自治系統(tǒng)互聯(lián)互通,但是現(xiàn)有的基于MPLS和BGP技術(shù)構(gòu)建的VPN網(wǎng)絡(luò)不支持跨自治系統(tǒng),因此,如何跨越自治系統(tǒng)域或跨運營商構(gòu)建VPN網(wǎng)絡(luò),已成為互聯(lián)網(wǎng)工作組正在著力研究問題。論文主要研究的內(nèi)容如下:首先,針對傳統(tǒng)VPN技術(shù)構(gòu)建的虛擬專用網(wǎng)絡(luò)在擴(kuò)展性、可管理性、地址復(fù)用、安全性等方面存在的缺陷,提出了采用MPLS和BGP構(gòu)建的VPN方案。方案中通過MPLS標(biāo)簽的分配,形成具有動態(tài)特性的標(biāo)簽轉(zhuǎn)發(fā)路徑。在公網(wǎng)上架設(shè)一座“橋梁”,為私網(wǎng)數(shù)據(jù)穿越公網(wǎng)提供了通道。針對不同VPN用戶使用相同的私有地址,使連接不同VPN用戶的運營商邊緣設(shè)備學(xué)習(xí)到兩個相同的地址信息,進(jìn)而引起地址沖突的問題。使用多進(jìn)程、VRF(虛擬路由技術(shù))、VPN實例、BGP的RT、RD、LABLE屬性,解決了地址復(fù)用、不同VPN用戶的數(shù)據(jù)分離、VPN互訪控制等問題,其諸多問題的解決充分說明其方案可行性。其次,針對某組織機(jī)構(gòu)構(gòu)建的VPN網(wǎng)絡(luò)存在的問題,剖析其產(chǎn)生這些問題的根源,提出了背靠背的跨域平臺網(wǎng)絡(luò)改造方案。且在方案實施前對設(shè)備命名、IP地址、路由協(xié)議、BGP的RT、RD屬性作了具體的規(guī)劃,為方案的順利實施提供其保障。通過仿真實驗,并對其相關(guān)實驗數(shù)據(jù)進(jìn)行測試,測試結(jié)果說明該方案在可靠性、可管理性、擴(kuò)展性、安全性方面優(yōu)于傳統(tǒng)的VPN。最后,針對MPLS和BGP構(gòu)建的VPN網(wǎng)絡(luò)系統(tǒng),在跨自治域平臺中存在自治系統(tǒng)邊界網(wǎng)絡(luò)設(shè)備負(fù)擔(dān)過重以及標(biāo)簽轉(zhuǎn)發(fā)路徑無法形成的兩個問題,根據(jù)MPLS標(biāo)簽分配原理和數(shù)據(jù)轉(zhuǎn)發(fā)平面分析產(chǎn)生這些問題的原因。通過剖析問題根源,提出兩種解決方案。優(yōu)化方案一無需維護(hù)眾多的鏈路與接口,有效的減輕了跨域平臺構(gòu)建中網(wǎng)絡(luò)管理人員的工作量。優(yōu)化方案二在跨域平臺的網(wǎng)絡(luò)系統(tǒng)中,使公網(wǎng)數(shù)據(jù)與不同VPN用戶的私網(wǎng)數(shù)據(jù)由不同的設(shè)備類型來承擔(dān),進(jìn)而減輕自治系統(tǒng)邊界設(shè)備的負(fù)擔(dān),拓展該VPN技術(shù)的應(yīng)用領(lǐng)域。
[Abstract]:The virtual private network constructed by multi-protocol label exchange and border gateway protocol is dynamic and extensible with the help of this technology, and it can effectively solve the problems of different VPN user address conflicts, exchange access control, data isolation, etc. Has been more and more favored by various industries. In recent years, with the increasing of enterprise scale, enterprise networks need to be interconnected across autonomous systems. However, the existing VPN network based on MPLS and BGP technology does not support cross-autonomous systems. How to build VPN network across autonomous system domain or across operators has become a problem of Internet working group. The main contents of this paper are as follows: firstly, a VPN scheme based on MPLS and BGP is proposed to overcome the shortcomings in scalability, manageability, address reuse and security of the virtual private network constructed by traditional VPN technology. In the scheme, the label forwarding path with dynamic characteristics is formed through the assignment of MPLS label. Build a "bridge" in the public network, for the private network data traversing the public network. Using the same private address for different VPN users, the operator edge devices connected with different VPN users can learn two identical address information, which will cause the problem of address conflict. Using VRF (Virtual routing Technology) to solve the problems of address reuse, data separation and VPN access control of different VPN users, the solution of the VRF VPN instance and the RDLBLE attribute of BGP is presented, which fully explains the feasibility of the scheme. Secondly, aiming at the existing problems of VPN network constructed by an organization, this paper analyzes the root causes of these problems, and puts forward a scheme of network transformation of cross-domain platform based on back-to-back. Before the implementation of the scheme, the IP address of the device named and the RTRD attribute of the routing protocol BGP are specifically planned, which provides the guarantee for the smooth implementation of the scheme. The test results show that the scheme is superior to the traditional VPN in reliability, manageability, expansibility and security. Finally, aiming at the VPN network system constructed by MPLS and BGP, there are two problems in the cross autonomous domain platform, such as the overburden of the network equipment of the autonomous system boundary and the unable to form the label forwarding path. According to the principle of MPLS label assignment and the analysis of data forwarding plane, the causes of these problems are analyzed. By analyzing the root of the problem, two solutions are put forward. Optimization scheme one does not need to maintain a large number of links and interfaces, effectively reducing the workload of network managers in cross-domain platform construction. In the network system of cross-domain platform, the optimization scheme makes the public network data and the private network data of different VPN users bear by different device types, thus lightens the burden of the boundary equipment of the autonomous system, and expands the application field of the VPN technology.
【學(xué)位授予單位】：國防科學(xué)技術(shù)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.01

【參考文獻(xiàn)】

中國期刊全文數(shù)據(jù)庫 前10條

1 李衛(wèi);陳旭東;周飛;;通過移動網(wǎng)絡(luò)實現(xiàn)MPLS VPN專網(wǎng)接入備份研究[J];移動通信;2013年18期

2 任韜松;余江;�？�;施繼紅;羅忠成;;基于MPLS的快速重路由故障恢復(fù)綜合模型[J];計算機(jī)工程;2012年23期

3 盧眾寧;蘇厚勤;;MPLS-VPN在企業(yè)ERP實施過程中的應(yīng)用研究[J];計算機(jī)應(yīng)用與軟件;2012年02期

4 李海華;;BGP MPLS VPN數(shù)據(jù)轉(zhuǎn)發(fā)過程分析[J];計算機(jī)技術(shù)與發(fā)展;2011年06期

5 曾文龍;王晟;王雄;;IGP/MPLS混合的IP網(wǎng)絡(luò)不確定流量規(guī)劃方法[J];計算機(jī)應(yīng)用;2011年05期

6 侯劍鋒;馬明凱;;MPLS VPN中PE-CE互連仿真研究[J];計算機(jī)工程;2010年12期

7 江勇;胡松華;;匯聚組播:新型MPLS服務(wù)質(zhì)量組播體系結(jié)構(gòu)[J];軟件學(xué)報;2010年04期

8 張成;石雪萍;任林源;;基于GRE VPN的校園網(wǎng)接入方式及實現(xiàn)[J];現(xiàn)代電子技術(shù);2010年06期

9 劉化君;;基于IPSec的VPN技術(shù)應(yīng)用與實現(xiàn)[J];電腦開發(fā)與應(yīng)用;2010年03期

10 侯劍鋒;馬明凱;李向紅;;MPLS VPN中動態(tài)服務(wù)質(zhì)量機(jī)制的應(yīng)用[J];計算機(jī)工程;2010年03期

，

本文編號：2130170