基于RADIUS协议的高性能认证服务器研究与实现

发布时间：2019-01-17 12:43

【摘要】：AAA服务,即Authentication(认证),Authorization(授权),Accounting(计费)服务。随着因特网的发展,网络使用量得到了快速的增长。尤其进入了移动互联网时代后,网络使用量更是达到前所未有的数量级别,网络运营商对用户接入网络的认证、授权和计费的要求也在逐步提高。一个安全、可靠、高效的AAA服务器是网络接入商完成网络商业化运营的有力保障。在AAA服务中,RADIUS(Remote Authentication Dial In User Service远程用户拨号认证系统)是使用最广泛的实现协议。本文对RADIUS协议进行了研究与分析,发现RADIUS采用UDP协议具有一定的设计缺陷。比如,需要增加应用层的编码量提供可靠性的保证,UDP的无连接状态导致AAA服务器无法发起重认证和重授权,缺乏拥塞控制的机制导致网络在大量访问的情况下产生拥塞崩溃效应等。而采用TCP协议可以有效地避免以上问题,于是本文设计并开发了一套传输层采用TCP协议的基于RADIUS的AAA服务器,并通过异步I/O、缓存和集群等技术实现高性能的目标。系统软件结构采用分层次和模块化的设计思想。在网络层,以TCP长连接作为客户端与服务器端之间的通信方式,采用基于异步非阻塞I/O的Boost.ASIO作为网络通信库,使系统具有较高的网络并发性能和良好的可移植性;在RADIUS业务层中,采用观察者设计模式进行开发,有效的提高了认证业务的扩展性和可配置性;在数据库层中,开发了读写缓存的机制,减少了磁盘I/O次数,有效地提高了数据读写性能;最后利用LVS技术构建RADIUS集群提供了可伸缩的RADIUS的处理能力。经过测试,系统实现了基础的认证功能,在大量并发认证请求的情况下,具有较快的响应速度和较高的处理性能。与之相比,采用传统RADIUS协议的服务器响应速度较慢,吞吐率低。测试结果表明,本系统具有更好的性能表现,达到预期目的。
[Abstract]:AAA service, that is, Authentication (authenticated), Authorization (authorized), Accounting (billing) service. With the development of the Internet, the use of network has been increasing rapidly. Especially after entering the era of mobile Internet, network usage has reached an unprecedented number of levels, network operators to access the network authentication, authorization and billing requirements are also gradually increasing. A secure, reliable and efficient AAA server is a powerful guarantee for network access providers to complete the commercial operation of the network. , RADIUS (Remote Authentication Dial In User Service remote user Dial-User Authentication system (, RADIUS (Remote Authentication Dial In User Service) is the most widely used protocol in AAA service. In this paper, the RADIUS protocol is studied and analyzed, and it is found that there are some defects in the design of RADIUS using UDP protocol. For example, you need to increase the amount of coding in the application layer to provide reliability assurance, and the connectionless state of UDP prevents the AAA server from initiating reauthentication and reauthorization. The lack of congestion control mechanism leads to network congestion collapse in the case of a large number of visits. So this paper designs and develops a set of AAA server based on RADIUS based on TCP protocol in transport layer, and achieves the goal of high performance by asynchronous I / O, cache and cluster technology. The software structure of the system adopts the idea of hierarchical and modular design. In the network layer, TCP long connection is used as the communication mode between client and server, and Boost.ASIO based on asynchronous non-blocking I / O is used as network communication library, which makes the system have high network concurrency performance and good portability. In the RADIUS service layer, the observer design pattern is used to develop the authentication service, which effectively improves the scalability and configuration of the authentication service. In the database layer, the mechanism of read-write cache is developed, which reduces the number of I / O disks and effectively improves the performance of data reading and writing. Finally, using LVS technology to build RADIUS cluster provides the processing ability of scalable RADIUS. After testing, the system realizes the basic authentication function, under the condition of a large number of concurrent authentication requests, it has faster response speed and higher processing performance. Compared with the traditional RADIUS protocol, the server response speed is slow and the throughput is low. The test results show that the system has better performance and achieves the expected purpose.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP393.05

【参考文献】