自发现虚拟专用网络中隧道的设计与实现

发布时间：2018-02-25 23:31

本文关键词： VPN 隧道技术 ADVPN VAM 动态点到多点隧道机制　出处：《兰州大学》2014年硕士论文　论文类型：学位论文

【摘要】：VPN是一种在公共网络上建立专用网络的技术。目前越来越多的企业通过组建VPN网络来实现企业的多个分支机构的互联。现有VPN技术依赖大量手工配置和维护,主要通过隧道技术来实现专用通信服务。大多数企业分支机构采用动态IP地址接入公共网络,分支机构间无法事先知道对端的公网地址,因此分支机构要建立通信隧道,每次获取动态IP地址后都要通知网络管理员进行隧道的重新配置。在VPN网络中,任何一个节点的配置发生了变化,其他的节点都要做出相应的更改,这样就给组建多个动态节点的全连通VPN网络带来更大的困难。同时现有VPN技术还在NAT穿越、动态路由支持、报文加密等方面存在一定的缺陷。本课题主要针对现有VPN技术存在的问题,提出了ADVPN解决方案。ADVPN提供了一种灵活建立VPN的方式,实现了在获得动态IP地址的设备之间隧道的自动创建、维护,使接入到ADVPN域的设备能够互相访问。在ADVPN方案中开发了VAM协议实现了动态IP地址的获取和管理,解决了建立隧道时动态获取对端IP地址的问题；为了实现隧道的自动建立、维护、删除,开发了ADVPN隧道协议,并提出用管理会话的方式来管理ADVPN隧道。同时ADVPN隧道也实现了NAT的自然穿越,并通过与IPsec安全框架的结合,实现了更加完善的报文加密机制。论文在阐述ADVPN隧道设计思想和VAM协议处理流程的基础上,重点描述了ADVPN隧道的设计与实现。通过分析ADVPN隧道所在的网络层次,设计出ADVPN隧道报文的封装格式。通过分析动态点到多点隧道机制,设计了自动创建ADVPN隧道所必须的信息和方法；并以会话方式管理隧道,使得动态隧道与会话一一对应且每个隧道上可以有多个会话,由此实现了动态点到多点隧道机制。结合支持动态路由的机制,获取私网的路由信息,更好地实现了ADVPN网络节点的全连通。在Comware开发平台上,完成了ADVPN隧道所有功能模块的实现和测试。目前ADVPN已投入实际应用。
[Abstract]:VPN is a kind of technology to set up private network on public network. At present, more and more enterprises realize the interconnection of many branches of enterprises by setting up VPN network. The existing VPN technology relies on a large number of manual configuration and maintenance. Most enterprise branch offices use dynamic IP address to connect to public network, and branches can not know the public network address of the opposite end in advance, so the branch should establish communication tunnel. Every time you get a dynamic IP address, you have to notify the network administrator to reconfigure the tunnel. In the VPN network, the configuration of any node has changed, and the other nodes have to make corresponding changes. This makes it more difficult to build a fully connected VPN network with multiple dynamic nodes, and the existing VPN technologies also have some defects in NAT traversing, dynamic routing support, packet encryption and so on. In view of the problems existing in the existing VPN technology, this paper puts forward a ADVPN solution. ADVPN provides a flexible way to establish VPN, and realizes the automatic creation and maintenance of tunnels between devices that obtain dynamic IP addresses. In order to realize the automatic establishment of the tunnel, the VAM protocol is developed to obtain and manage the dynamic IP address in the ADVPN scheme, which solves the problem of dynamically acquiring the IP address at the end of the tunnel. The ADVPN tunneling protocol is maintained, deleted, and developed, and the ADVPN tunnel is managed by management session. At the same time, the ADVPN tunnel also realizes the natural traversing of NAT, and through the combination with the IPsec security framework, a more perfect message encryption mechanism is realized. On the basis of expatiating ADVPN tunnel design idea and VAM protocol processing flow, this paper mainly describes the design and implementation of ADVPN tunnel, and analyzes the network level of ADVPN tunnel. The encapsulation format of ADVPN tunnel message is designed. By analyzing the dynamic point-to-multipoint tunneling mechanism, the necessary information and method for automatically creating ADVPN tunnel are designed, and the tunnel is managed by conversation. The dynamic tunnel corresponds to the session one by one and there can be more than one session in each tunnel, so the dynamic point-to-multipoint tunneling mechanism is realized, and the routing information of private network is obtained by combining the mechanism that supports dynamic routing. On the Comware development platform, the realization and test of all function modules of ADVPN tunnel have been completed. At present, ADVPN has been put into practical application.
【学位授予单位】：兰州大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.09

【参考文献】