基于RADIUS協(xié)議的高性能認證服務器研究與實現(xiàn)
發(fā)布時間:2019-01-17 12:43
【摘要】:AAA服務,即Authentication(認證),Authorization(授權),Accounting(計費)服務。隨著因特網(wǎng)的發(fā)展,網(wǎng)絡使用量得到了快速的增長。尤其進入了移動互聯(lián)網(wǎng)時代后,網(wǎng)絡使用量更是達到前所未有的數(shù)量級別,網(wǎng)絡運營商對用戶接入網(wǎng)絡的認證、授權和計費的要求也在逐步提高。一個安全、可靠、高效的AAA服務器是網(wǎng)絡接入商完成網(wǎng)絡商業(yè)化運營的有力保障。在AAA服務中,RADIUS(Remote Authentication Dial In User Service遠程用戶撥號認證系統(tǒng))是使用最廣泛的實現(xiàn)協(xié)議。本文對RADIUS協(xié)議進行了研究與分析,發(fā)現(xiàn)RADIUS采用UDP協(xié)議具有一定的設計缺陷。比如,需要增加應用層的編碼量提供可靠性的保證,UDP的無連接狀態(tài)導致AAA服務器無法發(fā)起重認證和重授權,缺乏擁塞控制的機制導致網(wǎng)絡在大量訪問的情況下產(chǎn)生擁塞崩潰效應等。而采用TCP協(xié)議可以有效地避免以上問題,于是本文設計并開發(fā)了一套傳輸層采用TCP協(xié)議的基于RADIUS的AAA服務器,并通過異步I/O、緩存和集群等技術實現(xiàn)高性能的目標。系統(tǒng)軟件結構采用分層次和模塊化的設計思想。在網(wǎng)絡層,以TCP長連接作為客戶端與服務器端之間的通信方式,采用基于異步非阻塞I/O的Boost.ASIO作為網(wǎng)絡通信庫,使系統(tǒng)具有較高的網(wǎng)絡并發(fā)性能和良好的可移植性;在RADIUS業(yè)務層中,采用觀察者設計模式進行開發(fā),有效的提高了認證業(yè)務的擴展性和可配置性;在數(shù)據(jù)庫層中,開發(fā)了讀寫緩存的機制,減少了磁盤I/O次數(shù),有效地提高了數(shù)據(jù)讀寫性能;最后利用LVS技術構建RADIUS集群提供了可伸縮的RADIUS的處理能力。經(jīng)過測試,系統(tǒng)實現(xiàn)了基礎的認證功能,在大量并發(fā)認證請求的情況下,具有較快的響應速度和較高的處理性能。與之相比,采用傳統(tǒng)RADIUS協(xié)議的服務器響應速度較慢,吞吐率低。測試結果表明,本系統(tǒng)具有更好的性能表現(xiàn),達到預期目的。
[Abstract]:AAA service, that is, Authentication (authenticated), Authorization (authorized), Accounting (billing) service. With the development of the Internet, the use of network has been increasing rapidly. Especially after entering the era of mobile Internet, network usage has reached an unprecedented number of levels, network operators to access the network authentication, authorization and billing requirements are also gradually increasing. A secure, reliable and efficient AAA server is a powerful guarantee for network access providers to complete the commercial operation of the network. , RADIUS (Remote Authentication Dial In User Service remote user Dial-User Authentication system (, RADIUS (Remote Authentication Dial In User Service) is the most widely used protocol in AAA service. In this paper, the RADIUS protocol is studied and analyzed, and it is found that there are some defects in the design of RADIUS using UDP protocol. For example, you need to increase the amount of coding in the application layer to provide reliability assurance, and the connectionless state of UDP prevents the AAA server from initiating reauthentication and reauthorization. The lack of congestion control mechanism leads to network congestion collapse in the case of a large number of visits. So this paper designs and develops a set of AAA server based on RADIUS based on TCP protocol in transport layer, and achieves the goal of high performance by asynchronous I / O, cache and cluster technology. The software structure of the system adopts the idea of hierarchical and modular design. In the network layer, TCP long connection is used as the communication mode between client and server, and Boost.ASIO based on asynchronous non-blocking I / O is used as network communication library, which makes the system have high network concurrency performance and good portability. In the RADIUS service layer, the observer design pattern is used to develop the authentication service, which effectively improves the scalability and configuration of the authentication service. In the database layer, the mechanism of read-write cache is developed, which reduces the number of I / O disks and effectively improves the performance of data reading and writing. Finally, using LVS technology to build RADIUS cluster provides the processing ability of scalable RADIUS. After testing, the system realizes the basic authentication function, under the condition of a large number of concurrent authentication requests, it has faster response speed and higher processing performance. Compared with the traditional RADIUS protocol, the server response speed is slow and the throughput is low. The test results show that the system has better performance and achieves the expected purpose.
【學位授予單位】:電子科技大學
【學位級別】:碩士
【學位授予年份】:2015
【分類號】:TP393.05
本文編號:2410073
[Abstract]:AAA service, that is, Authentication (authenticated), Authorization (authorized), Accounting (billing) service. With the development of the Internet, the use of network has been increasing rapidly. Especially after entering the era of mobile Internet, network usage has reached an unprecedented number of levels, network operators to access the network authentication, authorization and billing requirements are also gradually increasing. A secure, reliable and efficient AAA server is a powerful guarantee for network access providers to complete the commercial operation of the network. , RADIUS (Remote Authentication Dial In User Service remote user Dial-User Authentication system (, RADIUS (Remote Authentication Dial In User Service) is the most widely used protocol in AAA service. In this paper, the RADIUS protocol is studied and analyzed, and it is found that there are some defects in the design of RADIUS using UDP protocol. For example, you need to increase the amount of coding in the application layer to provide reliability assurance, and the connectionless state of UDP prevents the AAA server from initiating reauthentication and reauthorization. The lack of congestion control mechanism leads to network congestion collapse in the case of a large number of visits. So this paper designs and develops a set of AAA server based on RADIUS based on TCP protocol in transport layer, and achieves the goal of high performance by asynchronous I / O, cache and cluster technology. The software structure of the system adopts the idea of hierarchical and modular design. In the network layer, TCP long connection is used as the communication mode between client and server, and Boost.ASIO based on asynchronous non-blocking I / O is used as network communication library, which makes the system have high network concurrency performance and good portability. In the RADIUS service layer, the observer design pattern is used to develop the authentication service, which effectively improves the scalability and configuration of the authentication service. In the database layer, the mechanism of read-write cache is developed, which reduces the number of I / O disks and effectively improves the performance of data reading and writing. Finally, using LVS technology to build RADIUS cluster provides the processing ability of scalable RADIUS. After testing, the system realizes the basic authentication function, under the condition of a large number of concurrent authentication requests, it has faster response speed and higher processing performance. Compared with the traditional RADIUS protocol, the server response speed is slow and the throughput is low. The test results show that the system has better performance and achieves the expected purpose.
【學位授予單位】:電子科技大學
【學位級別】:碩士
【學位授予年份】:2015
【分類號】:TP393.05
【參考文獻】
相關期刊論文 前3條
1 衛(wèi)耀軍;RADIUS協(xié)議及其實現(xiàn)[J];計算機工程;2000年S1期
2 張琪;喻占武;李銳;;RADIUS服務器安全性分析及其改進[J];計算機工程;2007年05期
3 金敏;RADIUS服務器的模塊化及多線程實現(xiàn)[J];鐵路計算機應用;2002年03期
,本文編號:2410073
本文鏈接:http://www.sikaile.net/guanlilunwen/ydhl/2410073.html
最近更新
教材專著
