本文關鍵詞： VPN 隧道技術 ADVPN VAM 動態(tài)點到多點隧道機制　出處：《蘭州大學》2014年碩士論文　論文類型：學位論文

【摘要】：VPN是一種在公共網(wǎng)絡上建立專用網(wǎng)絡的技術。目前越來越多的企業(yè)通過組建VPN網(wǎng)絡來實現(xiàn)企業(yè)的多個分支機構的互聯(lián)�，F(xiàn)有VPN技術依賴大量手工配置和維護,主要通過隧道技術來實現(xiàn)專用通信服務。大多數(shù)企業(yè)分支機構采用動態(tài)IP地址接入公共網(wǎng)絡,分支機構間無法事先知道對端的公網(wǎng)地址,因此分支機構要建立通信隧道,每次獲取動態(tài)IP地址后都要通知網(wǎng)絡管理員進行隧道的重新配置。在VPN網(wǎng)絡中,任何一個節(jié)點的配置發(fā)生了變化,其他的節(jié)點都要做出相應的更改,這樣就給組建多個動態(tài)節(jié)點的全連通VPN網(wǎng)絡帶來更大的困難。同時現(xiàn)有VPN技術還在NAT穿越、動態(tài)路由支持、報文加密等方面存在一定的缺陷。 本課題主要針對現(xiàn)有VPN技術存在的問題,提出了ADVPN解決方案。ADVPN提供了一種靈活建立VPN的方式,實現(xiàn)了在獲得動態(tài)IP地址的設備之間隧道的自動創(chuàng)建、維護,使接入到ADVPN域的設備能夠互相訪問。在ADVPN方案中開發(fā)了VAM協(xié)議實現(xiàn)了動態(tài)IP地址的獲取和管理,解決了建立隧道時動態(tài)獲取對端IP地址的問題；為了實現(xiàn)隧道的自動建立、維護、刪除,開發(fā)了ADVPN隧道協(xié)議,并提出用管理會話的方式來管理ADVPN隧道。同時ADVPN隧道也實現(xiàn)了NAT的自然穿越,并通過與IPsec安全框架的結合,實現(xiàn)了更加完善的報文加密機制。 論文在闡述ADVPN隧道設計思想和VAM協(xié)議處理流程的基礎上,重點描述了ADVPN隧道的設計與實現(xiàn)。通過分析ADVPN隧道所在的網(wǎng)絡層次,設計出ADVPN隧道報文的封裝格式。通過分析動態(tài)點到多點隧道機制,設計了自動創(chuàng)建ADVPN隧道所必須的信息和方法；并以會話方式管理隧道,使得動態(tài)隧道與會話一一對應且每個隧道上可以有多個會話,由此實現(xiàn)了動態(tài)點到多點隧道機制。結合支持動態(tài)路由的機制,獲取私網(wǎng)的路由信息,更好地實現(xiàn)了ADVPN網(wǎng)絡節(jié)點的全連通。在Comware開發(fā)平臺上,完成了ADVPN隧道所有功能模塊的實現(xiàn)和測試。目前ADVPN已投入實際應用。
[Abstract]:VPN is a kind of technology to set up private network on public network. At present, more and more enterprises realize the interconnection of many branches of enterprises by setting up VPN network. The existing VPN technology relies on a large number of manual configuration and maintenance. Most enterprise branch offices use dynamic IP address to connect to public network, and branches can not know the public network address of the opposite end in advance, so the branch should establish communication tunnel. Every time you get a dynamic IP address, you have to notify the network administrator to reconfigure the tunnel. In the VPN network, the configuration of any node has changed, and the other nodes have to make corresponding changes. This makes it more difficult to build a fully connected VPN network with multiple dynamic nodes, and the existing VPN technologies also have some defects in NAT traversing, dynamic routing support, packet encryption and so on. In view of the problems existing in the existing VPN technology, this paper puts forward a ADVPN solution. ADVPN provides a flexible way to establish VPN, and realizes the automatic creation and maintenance of tunnels between devices that obtain dynamic IP addresses. In order to realize the automatic establishment of the tunnel, the VAM protocol is developed to obtain and manage the dynamic IP address in the ADVPN scheme, which solves the problem of dynamically acquiring the IP address at the end of the tunnel. The ADVPN tunneling protocol is maintained, deleted, and developed, and the ADVPN tunnel is managed by management session. At the same time, the ADVPN tunnel also realizes the natural traversing of NAT, and through the combination with the IPsec security framework, a more perfect message encryption mechanism is realized. On the basis of expatiating ADVPN tunnel design idea and VAM protocol processing flow, this paper mainly describes the design and implementation of ADVPN tunnel, and analyzes the network level of ADVPN tunnel. The encapsulation format of ADVPN tunnel message is designed. By analyzing the dynamic point-to-multipoint tunneling mechanism, the necessary information and method for automatically creating ADVPN tunnel are designed, and the tunnel is managed by conversation. The dynamic tunnel corresponds to the session one by one and there can be more than one session in each tunnel, so the dynamic point-to-multipoint tunneling mechanism is realized, and the routing information of private network is obtained by combining the mechanism that supports dynamic routing. On the Comware development platform, the realization and test of all function modules of ADVPN tunnel have been completed. At present, ADVPN has been put into practical application.
【學位授予單位】：蘭州大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.09

【參考文獻】

相關期刊論文 前6條

1 高鵬,李鷗,邢明;在IPSec VPN中實現(xiàn)動態(tài)路由的方法[J];計算機安全;2005年03期

2 閆睿;溫建農;王春媛;邢成起;楊波;;運用DVPN技術構建北京市區(qū)縣地震信息網(wǎng)絡[J];防災科技學院學報;2008年04期

3 曾勇軍,楊貞斌,羅興國;通過隧道技術建立安全的虛擬專用網(wǎng)[J];計算機工程與應用;2000年08期

4 郝輝,錢華林;VPN及其隧道技術研究[J];微電子學與計算機;2004年11期

5 陳華其;;采用DVPN技術建設多校區(qū)校園網(wǎng)[J];小型微型計算機系統(tǒng);2007年08期

6 梁玉柱;;基于DMVPN技術的廣域網(wǎng)設計和實現(xiàn)[J];信息系統(tǒng)工程;2012年02期

，

本文編號：1535629