基于MPLS和BGP的跨域VPN研究与应用
发布时间:2018-07-17 15:56
【摘要】:多协议标签交换和边界网关协议构建的虚拟专用网络,凭借着该技术隧道的建立是动态的,扩展性好,且有效解决不同VPN用户地址冲突、互访控制、数据隔离等问题,已越来越受各行各业的青睐。近年来,随着企业规模的不断增大,企业网络需要跨自治系统互联互通,但是现有的基于MPLS和BGP技术构建的VPN网络不支持跨自治系统,因此,如何跨越自治系统域或跨运营商构建VPN网络,已成为互联网工作组正在着力研究问题。论文主要研究的内容如下:首先,针对传统VPN技术构建的虚拟专用网络在扩展性、可管理性、地址复用、安全性等方面存在的缺陷,提出了采用MPLS和BGP构建的VPN方案。方案中通过MPLS标签的分配,形成具有动态特性的标签转发路径。在公网上架设一座“桥梁”,为私网数据穿越公网提供了通道。针对不同VPN用户使用相同的私有地址,使连接不同VPN用户的运营商边缘设备学习到两个相同的地址信息,进而引起地址冲突的问题。使用多进程、VRF(虚拟路由技术)、VPN实例、BGP的RT、RD、LABLE属性,解决了地址复用、不同VPN用户的数据分离、VPN互访控制等问题,其诸多问题的解决充分说明其方案可行性。其次,针对某组织机构构建的VPN网络存在的问题,剖析其产生这些问题的根源,提出了背靠背的跨域平台网络改造方案。且在方案实施前对设备命名、IP地址、路由协议、BGP的RT、RD属性作了具体的规划,为方案的顺利实施提供其保障。通过仿真实验,并对其相关实验数据进行测试,测试结果说明该方案在可靠性、可管理性、扩展性、安全性方面优于传统的VPN。最后,针对MPLS和BGP构建的VPN网络系统,在跨自治域平台中存在自治系统边界网络设备负担过重以及标签转发路径无法形成的两个问题,根据MPLS标签分配原理和数据转发平面分析产生这些问题的原因。通过剖析问题根源,提出两种解决方案。优化方案一无需维护众多的链路与接口,有效的减轻了跨域平台构建中网络管理人员的工作量。优化方案二在跨域平台的网络系统中,使公网数据与不同VPN用户的私网数据由不同的设备类型来承担,进而减轻自治系统边界设备的负担,拓展该VPN技术的应用领域。
[Abstract]:The virtual private network constructed by multi-protocol label exchange and border gateway protocol is dynamic and extensible with the help of this technology, and it can effectively solve the problems of different VPN user address conflicts, exchange access control, data isolation, etc. Has been more and more favored by various industries. In recent years, with the increasing of enterprise scale, enterprise networks need to be interconnected across autonomous systems. However, the existing VPN network based on MPLS and BGP technology does not support cross-autonomous systems. How to build VPN network across autonomous system domain or across operators has become a problem of Internet working group. The main contents of this paper are as follows: firstly, a VPN scheme based on MPLS and BGP is proposed to overcome the shortcomings in scalability, manageability, address reuse and security of the virtual private network constructed by traditional VPN technology. In the scheme, the label forwarding path with dynamic characteristics is formed through the assignment of MPLS label. Build a "bridge" in the public network, for the private network data traversing the public network. Using the same private address for different VPN users, the operator edge devices connected with different VPN users can learn two identical address information, which will cause the problem of address conflict. Using VRF (Virtual routing Technology) to solve the problems of address reuse, data separation and VPN access control of different VPN users, the solution of the VRF VPN instance and the RDLBLE attribute of BGP is presented, which fully explains the feasibility of the scheme. Secondly, aiming at the existing problems of VPN network constructed by an organization, this paper analyzes the root causes of these problems, and puts forward a scheme of network transformation of cross-domain platform based on back-to-back. Before the implementation of the scheme, the IP address of the device named and the RTRD attribute of the routing protocol BGP are specifically planned, which provides the guarantee for the smooth implementation of the scheme. The test results show that the scheme is superior to the traditional VPN in reliability, manageability, expansibility and security. Finally, aiming at the VPN network system constructed by MPLS and BGP, there are two problems in the cross autonomous domain platform, such as the overburden of the network equipment of the autonomous system boundary and the unable to form the label forwarding path. According to the principle of MPLS label assignment and the analysis of data forwarding plane, the causes of these problems are analyzed. By analyzing the root of the problem, two solutions are put forward. Optimization scheme one does not need to maintain a large number of links and interfaces, effectively reducing the workload of network managers in cross-domain platform construction. In the network system of cross-domain platform, the optimization scheme makes the public network data and the private network data of different VPN users bear by different device types, thus lightens the burden of the boundary equipment of the autonomous system, and expands the application field of the VPN technology.
【学位授予单位】:国防科学技术大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.01
本文编号:2130170
[Abstract]:The virtual private network constructed by multi-protocol label exchange and border gateway protocol is dynamic and extensible with the help of this technology, and it can effectively solve the problems of different VPN user address conflicts, exchange access control, data isolation, etc. Has been more and more favored by various industries. In recent years, with the increasing of enterprise scale, enterprise networks need to be interconnected across autonomous systems. However, the existing VPN network based on MPLS and BGP technology does not support cross-autonomous systems. How to build VPN network across autonomous system domain or across operators has become a problem of Internet working group. The main contents of this paper are as follows: firstly, a VPN scheme based on MPLS and BGP is proposed to overcome the shortcomings in scalability, manageability, address reuse and security of the virtual private network constructed by traditional VPN technology. In the scheme, the label forwarding path with dynamic characteristics is formed through the assignment of MPLS label. Build a "bridge" in the public network, for the private network data traversing the public network. Using the same private address for different VPN users, the operator edge devices connected with different VPN users can learn two identical address information, which will cause the problem of address conflict. Using VRF (Virtual routing Technology) to solve the problems of address reuse, data separation and VPN access control of different VPN users, the solution of the VRF VPN instance and the RDLBLE attribute of BGP is presented, which fully explains the feasibility of the scheme. Secondly, aiming at the existing problems of VPN network constructed by an organization, this paper analyzes the root causes of these problems, and puts forward a scheme of network transformation of cross-domain platform based on back-to-back. Before the implementation of the scheme, the IP address of the device named and the RTRD attribute of the routing protocol BGP are specifically planned, which provides the guarantee for the smooth implementation of the scheme. The test results show that the scheme is superior to the traditional VPN in reliability, manageability, expansibility and security. Finally, aiming at the VPN network system constructed by MPLS and BGP, there are two problems in the cross autonomous domain platform, such as the overburden of the network equipment of the autonomous system boundary and the unable to form the label forwarding path. According to the principle of MPLS label assignment and the analysis of data forwarding plane, the causes of these problems are analyzed. By analyzing the root of the problem, two solutions are put forward. Optimization scheme one does not need to maintain a large number of links and interfaces, effectively reducing the workload of network managers in cross-domain platform construction. In the network system of cross-domain platform, the optimization scheme makes the public network data and the private network data of different VPN users bear by different device types, thus lightens the burden of the boundary equipment of the autonomous system, and expands the application field of the VPN technology.
【学位授予单位】:国防科学技术大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.01
【参考文献】
中国期刊全文数据库 前10条
1 李卫;陈旭东;周飞;;通过移动网络实现MPLS VPN专网接入备份研究[J];移动通信;2013年18期
2 任韬松;余江;常俊;施继红;罗忠成;;基于MPLS的快速重路由故障恢复综合模型[J];计算机工程;2012年23期
3 卢众宁;苏厚勤;;MPLS-VPN在企业ERP实施过程中的应用研究[J];计算机应用与软件;2012年02期
4 李海华;;BGP MPLS VPN数据转发过程分析[J];计算机技术与发展;2011年06期
5 曾文龙;王晟;王雄;;IGP/MPLS混合的IP网络不确定流量规划方法[J];计算机应用;2011年05期
6 侯剑锋;马明凯;;MPLS VPN中PE-CE互连仿真研究[J];计算机工程;2010年12期
7 江勇;胡松华;;汇聚组播:新型MPLS服务质量组播体系结构[J];软件学报;2010年04期
8 张成;石雪萍;任林源;;基于GRE VPN的校园网接入方式及实现[J];现代电子技术;2010年06期
9 刘化君;;基于IPSec的VPN技术应用与实现[J];电脑开发与应用;2010年03期
10 侯剑锋;马明凯;李向红;;MPLS VPN中动态服务质量机制的应用[J];计算机工程;2010年03期
,本文编号:2130170
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2130170.html
