【摘要】：AAA服務(wù),即Authentication(認(rèn)證),Authorization(授權(quán)),Accounting(計(jì)費(fèi))服務(wù)。隨著因特網(wǎng)的發(fā)展,網(wǎng)絡(luò)使用量得到了快速的增長(zhǎng)。尤其進(jìn)入了移動(dòng)互聯(lián)網(wǎng)時(shí)代后,網(wǎng)絡(luò)使用量更是達(dá)到前所未有的數(shù)量級(jí)別,網(wǎng)絡(luò)運(yùn)營(yíng)商對(duì)用戶接入網(wǎng)絡(luò)的認(rèn)證、授權(quán)和計(jì)費(fèi)的要求也在逐步提高。一個(gè)安全、可靠、高效的AAA服務(wù)器是網(wǎng)絡(luò)接入商完成網(wǎng)絡(luò)商業(yè)化運(yùn)營(yíng)的有力保障。在AAA服務(wù)中,RADIUS(Remote Authentication Dial In User Service遠(yuǎn)程用戶撥號(hào)認(rèn)證系統(tǒng))是使用最廣泛的實(shí)現(xiàn)協(xié)議。本文對(duì)RADIUS協(xié)議進(jìn)行了研究與分析,發(fā)現(xiàn)RADIUS采用UDP協(xié)議具有一定的設(shè)計(jì)缺陷。比如,需要增加應(yīng)用層的編碼量提供可靠性的保證,UDP的無連接狀態(tài)導(dǎo)致AAA服務(wù)器無法發(fā)起重認(rèn)證和重授權(quán),缺乏擁塞控制的機(jī)制導(dǎo)致網(wǎng)絡(luò)在大量訪問的情況下產(chǎn)生擁塞崩潰效應(yīng)等。而采用TCP協(xié)議可以有效地避免以上問題,于是本文設(shè)計(jì)并開發(fā)了一套傳輸層采用TCP協(xié)議的基于RADIUS的AAA服務(wù)器,并通過異步I/O、緩存和集群等技術(shù)實(shí)現(xiàn)高性能的目標(biāo)。系統(tǒng)軟件結(jié)構(gòu)采用分層次和模塊化的設(shè)計(jì)思想。在網(wǎng)絡(luò)層,以TCP長(zhǎng)連接作為客戶端與服務(wù)器端之間的通信方式,采用基于異步非阻塞I/O的Boost.ASIO作為網(wǎng)絡(luò)通信庫(kù),使系統(tǒng)具有較高的網(wǎng)絡(luò)并發(fā)性能和良好的可移植性;在RADIUS業(yè)務(wù)層中,采用觀察者設(shè)計(jì)模式進(jìn)行開發(fā),有效的提高了認(rèn)證業(yè)務(wù)的擴(kuò)展性和可配置性;在數(shù)據(jù)庫(kù)層中,開發(fā)了讀寫緩存的機(jī)制,減少了磁盤I/O次數(shù),有效地提高了數(shù)據(jù)讀寫性能;最后利用LVS技術(shù)構(gòu)建RADIUS集群提供了可伸縮的RADIUS的處理能力。經(jīng)過測(cè)試,系統(tǒng)實(shí)現(xiàn)了基礎(chǔ)的認(rèn)證功能,在大量并發(fā)認(rèn)證請(qǐng)求的情況下,具有較快的響應(yīng)速度和較高的處理性能。與之相比,采用傳統(tǒng)RADIUS協(xié)議的服務(wù)器響應(yīng)速度較慢,吞吐率低。測(cè)試結(jié)果表明,本系統(tǒng)具有更好的性能表現(xiàn),達(dá)到預(yù)期目的。
[Abstract]:AAA service, that is, Authentication (authenticated), Authorization (authorized), Accounting (billing) service. With the development of the Internet, the use of network has been increasing rapidly. Especially after entering the era of mobile Internet, network usage has reached an unprecedented number of levels, network operators to access the network authentication, authorization and billing requirements are also gradually increasing. A secure, reliable and efficient AAA server is a powerful guarantee for network access providers to complete the commercial operation of the network. , RADIUS (Remote Authentication Dial In User Service remote user Dial-User Authentication system (, RADIUS (Remote Authentication Dial In User Service) is the most widely used protocol in AAA service. In this paper, the RADIUS protocol is studied and analyzed, and it is found that there are some defects in the design of RADIUS using UDP protocol. For example, you need to increase the amount of coding in the application layer to provide reliability assurance, and the connectionless state of UDP prevents the AAA server from initiating reauthentication and reauthorization. The lack of congestion control mechanism leads to network congestion collapse in the case of a large number of visits. So this paper designs and develops a set of AAA server based on RADIUS based on TCP protocol in transport layer, and achieves the goal of high performance by asynchronous I / O, cache and cluster technology. The software structure of the system adopts the idea of hierarchical and modular design. In the network layer, TCP long connection is used as the communication mode between client and server, and Boost.ASIO based on asynchronous non-blocking I / O is used as network communication library, which makes the system have high network concurrency performance and good portability. In the RADIUS service layer, the observer design pattern is used to develop the authentication service, which effectively improves the scalability and configuration of the authentication service. In the database layer, the mechanism of read-write cache is developed, which reduces the number of I / O disks and effectively improves the performance of data reading and writing. Finally, using LVS technology to build RADIUS cluster provides the processing ability of scalable RADIUS. After testing, the system realizes the basic authentication function, under the condition of a large number of concurrent authentication requests, it has faster response speed and higher processing performance. Compared with the traditional RADIUS protocol, the server response speed is slow and the throughput is low. The test results show that the system has better performance and achieves the expected purpose.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP393.05

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 衛(wèi)耀軍;RADIUS協(xié)議及其實(shí)現(xiàn)[J];計(jì)算機(jī)工程;2000年S1期

2 張琪;喻占武;李銳;;RADIUS服務(wù)器安全性分析及其改進(jìn)[J];計(jì)算機(jī)工程;2007年05期

3 金敏;RADIUS服務(wù)器的模塊化及多線程實(shí)現(xiàn)[J];鐵路計(jì)算機(jī)應(yīng)用;2002年03期

，

本文編號(hào)：2410073