CN101228765A - Method for implementing access dynamic updating of virtual dial-up access network - Google Patents
Method for implementing access dynamic updating of virtual dial-up access network Download PDFInfo
- Publication number
- CN101228765A CN101228765A CN200580051258.3A CN200580051258A CN101228765A CN 101228765 A CN101228765 A CN 101228765A CN 200580051258 A CN200580051258 A CN 200580051258A CN 101228765 A CN101228765 A CN 101228765A
- Authority
- CN
- China
- Prior art keywords
- protocol
- peer
- tunnel
- server
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/40—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
Abstract
A method for updating the cut-in of VPDN dynamically comprises after detecting some faults in a master network server, the wideband accessing server of the said aggregation layer removes the tunnel connection with the master network server. The wideband accessing server transmits a tunnel connection estabilishing request to an backup network server according to the network server configuration information acquired by the authentication of a wideband VPDN subscriber. After receiving a network negotiation protocol message, the wideband accessing server of the said aggregation layer uses a local PPP to record an IP address assigned by the backup network server. The communication message of the subsequent wideband VPDN subscriber have been mapped between the a PPP port and the IP address, and then uses the L2TP to set up the tunnel connection. The method improves the reliability and QoS of the VPDN subscriber access connection, and reduces tunnel working load of the wideband cut-in server.
Description
The method and technology field that a kind of access dynamic for realizing virtual dial-up access network updates
The present invention relates to a kind of to broadband virtual dial-up access network in communication field(Virtual Private Dial-Network, hereinafter referred to as vpdn) service maintenance management method, and in particular to, in a kind of broadband access network provide broadband vpdn service dynamic refreshing services method.Background technology
Vpdn network structures in broadband of the prior art are according to Access Layer, convergence-level and backbone layer are divided, as shown in Fig. 1, broadband vpdn access networks by vpdn user access networks, the BAS Broadband Access Server LAC of convergence-level and access the LNS server groups of public ip network into.The certification of broadband user, is authorized and charging, and the various access service such as L2TP Tunnel services selection are mainly completed by network middle width strip access server, and LNS completes the configuration management of L2TP Tunnel termination and vpdn user's private IP address.The broadband vpdn networks of prior art are substantially all using the tunneling technique based on L2TP (Layer 2 Tunneling Protocol) standard agreement.LAC (L2TP cut-in convergents can be completed by being placed in convergence-level)The BAS Broadband Access Server of function, completes the various convergence access services to vpdn user, and LNS (the L2TP webservers can be completed by being placed inside enterprise's private network)The vpdn gateways of function, these vpdn gateways generally also complete the function of safety protection to customer traffic, vpdn gateways are directly accessed IP public networks in addition to completing tunnelling function.Generally for large and medium-sized enterprise's network; the security reliability that quantity and vpn business are used is accessed in view of vpdn user; multiple LNS servers would generally be configured; these LNS servers realize the tunnel finalization process to vpdn user using load sharing or priority mode; it is central in the actual development application of business at present, it is essentially all to use based on priority mode to implement multiple LNS networking application situation.
It is typical BAS Broadband Access Server processing vpdn user's PPP session access service software processing flow figures as shown in Figure 2, it mainly includes ppp link and consulted, A Certificate Authorities, L2TP Tunnel is set up and PPP information transmits three phases, it is related to ppp protocol processing, three software modules such as AAA and vpdn.According to current generally way, in the case of two LNS networkings based on priority, the strong primary LNS servers of conduct of some of one disposal ability, one standby LNS server of the weaker conduct of disposal ability, vpdn calling parties are in first time vpdn calling procedure, LAC is selected to set up tunnel with the primary LNS of high priority first and is connected according to LNS configuration data, after the completion of connection is set up, vpdn user can access enterprise's private network, if LAC detects the tunnel between LNS and is connected appearance exception afterwards, LAC can be removed to be connected with LNS tunnel, vpdn dial users are notified to disconnect PPP (peer-peer protocols simultaneously)Connection, user has found that PPP connections need to initiate vpdn callings to LAC again after disconnecting, and now LAC can complete tunnel with standby LNS and be connected foundation, user can continue to access enterprise's private network service when finding primary LNS communication abnormalities.The shortcoming of this mode, which is LAC with standby LNS, to be set up event that tunnel is connected and must again be called by vpdn user and trigger, and vpdn user thus can be caused to communicate
Interrupt, it is necessary to which the negotiations process for carrying out ppp callings is repeated several times in user.Even in enterprise network configurations under multiple LNS server conditions, user can not also realize dynamic tunnel server selection function, and this way is when each vpdn user initiates new calling, LAC, which always needs to set up tunnel with abnormal primary LNS first, to be connected, just tunnel is set up after failure is set up with standby LNS to be connected, so both consume LAC and networked communication resource, also result in user's vpdn call connection processings less efficient, in the case where vpdn numbers of users are more, such case is more serious.
Therefore, the prior art is defective, and need to be improved and develop.The content of the invention
It is an object of the invention to provide a kind of method that access dynamic for realizing virtual dial-up access network updates, by the L2TP treatment technologies for improving existing broadband inserting service equipment, offer realizes that dynamic tunnel updates and maintenance management to broadband vpdn accessing users, it can be realized using the inventive method in the case where exception occurs in primary LNS, complete tunnel connection being switched on standby LNS from primary, the ppp connections of vpdn user need not be interrupted therebetween, a kind of transparent tunnel selection function is provided for vpdn user, improve the Connection Service quality of vpdn user, processing load is connected with the tunnel for mitigating LAC, to provide real-time high reliability business to vpdn user.
Technical scheme is as follows:
A kind of method that access dynamic for realizing virtual dial-up access network updates, comprises the following steps:
A), the BAS Broadband Access Server of convergence-level is being detected after communication abnormality occurs in the primary webserver, is removed and is connected with the tunnel of primary webserver foundation;
B) webserver configuration information obtained after dial-up access network user authentication, is intended according to broadband Virtual, initiating tunnel with backup network server is connected foundation request;
C), the BAS Broadband Access Server of the convergence-level is after net negotiation protocol message is received, handled using peer-peer protocol, record the IP address of the backup network server, the communication message of subsequent wideband virtual dial-up access network user first passes through peer-peer protocol port and mapped to IP address, carries out the processing of Layer 2 Tunneling Protocol tunnel connection again afterwards.
Described method, wherein, the step b) also includes:
Bl), proxy link agreement protocol and authentication information are sent to the backup network server by the BAS Broadband Access Server of the convergence-level when the foundation that Layer 2 Tunneling Protocol tunnel session is carried out with the backup network server is consulted;
B2), the backup network server is when receiving these peer-peer protocol negotiation informations, handled using peer-peer protocol, complete to connect the peer-peer protocol of user and set up, while by sending the address batch operation that net negotiation protocol bag completes user to the BAS Broadband Access Server of the convergence-level.
Described method, wherein, the step c) also includes:
Cl), configuration service domain information, peer-peer protocol access and aaa authentication information on the BAS Broadband Access Server of convergence-level;
C2), broadband virtual dial-up access network user is when initiating peer-peer protocol calling, the BAS Broadband Access Server of convergence-level carries out aaa authentication and obtains Layer 2 Tunneling Protocol tunnel configuration information, including the configuration data of the primary, spare webserver;
C3), the Layer 2 Tunneling Protocol tunnel information that the BAS Broadband Access Server of the convergence-level is returned according to certification, Layer 2 Tunneling Protocol tunnel is set up according to priority and the primary webserver to be connected and session, after tunnel building completion, broadband Virtual intends the service that the dial-up access network user accesses enterprises.
Described method, wherein, the step a) and step b) also include:
In user accesses service process, whether normal the BAS Broadband Access Server detection of the convergence-level is connected with the tunnel to the primary webserver, when detecting Layer 2 Tunneling Protocol tunnel exception, the BAS Broadband Access Server of the convergence-level removes the tunnel link information set up with the primary webserver, the backup network server configuration information returned according to A certifications, the BAS Broadband Access Server of convergence-level is initiated tunnel connection to backup network server and set up.
Described method, wherein, the step c) also includes:
C4), during Layer 2 Tunneling Protocol session negotiation, the BAS Broadband Access Server of convergence-level connects message by incoming call and proxy link agreement protocol and authentication information is transmitted into the backup network server, backup network server is when receiving proxy link agreement protocol and authentication information, handled using peer-peer protocol, peer-peer protocol module is completed after proxy link agreement protocol and authentication processing on the backup network server, net negotiation protocol message, which is sent, to the BAS Broadband Access Server of convergence-level completes the configuration of broadband virtual dial-up access network IP address;
C5), the BAS Broadband Access Server of convergence-level is when receiving INTERNET protocol integrated test system agreement protocol messages, handled using peer-peer protocol, local peer-peer protocol module acts on behalf of the net negotiation protocol negotiations process completed with the local peer-peer protocol of backup network server as broadband virtual dial-up access network user's INTERNET protocol integrated test systems agreement protocol, while recording the corresponding IP address in peer-peer protocol port.
Described method, wherein, the step cl) also include:
Cll), configuration broadband virtual dial-up access network user authentication mode is distal end radius authentication modes, and peer-peer protocol call-handling capability is opened in user access port, opens Layer 2 Tunneling Protocol functional switch;
Cl2 broadband virtual dial-up access network user account number), is configured on Remote Access Dial-In User certificate server, the primary and backup webserver configuration information that configuration is bound with account simultaneously, including webserver IP address, tunnel-password and priority;
Cl3), proxy link agreement protocol authentication function is opened on the primary, spare webserver in opposite end.
The method that a kind of access dynamic for realizing virtual dial-up access network provided by the present invention updates; due in the vpdn network structures of broadband; the method dynamically updated using L2TP Tunnel; realize and the real-time guard of Intranet service is being accessed to vpdn user; in the case where not needing terminal vpdn user to initiate ppp callings again, L2TP is completed
The masterslave switchover of tunnel connection, LNS is entirely transparent unknowable to terminal vpdn user when occurring abnormal, user accesses service and is unaffected, therefore reliability and Connection Service quality that vpdn user accesses connection are improved, and reduce the tunnel processing load of BAS Broadband Access Server, to LNS also without special requirement, the framework of existing vpdn networks is not influenceed;It is realized simply, will not increase the cost of existing product.Brief description of the drawings
Fig. 1 is typical broadband vpdn access network architectures network topology schematic diagram;
Fig. 2 is typical BAS Broadband Access Server processing vpdn user's PPP session access service software processing flow figures;Fig. 3 is that the vpdn user of the dynamic L2TP Tunnel renewal operation of support in the inventive method completes the BAS Broadband Access Server software processing flow figure of PPP session access services.Embodiment
Below in conjunction with accompanying drawing, presently preferred embodiments of the present invention will be described in detail.
The method that the access dynamic of the present invention for realizing virtual dial-up access network updates, it realizes L2TP Tunnel dynamically renewal, and core concept is:It is used as LAC BAS Broadband Access Server, detecting after communication abnormality occurs in primary LNS, remove and be connected with the primary LNS tunnels set up, then tunnel is initiated with standby LNS with one information according to the LNS obtained after above vpdn user authentication and is connected foundation request, when the foundation that L2TP Tunnel session is carried out with standby LNS is consulted, by proxy-lcp (link negotiation agreement)Standby LNS is sent to authentication information;Standby LNS is when receiving these ppp negotiation information, by local ppp protocol processes, completes the ppp connections to user and sets up, while by sending the address batch operation that NCP bags complete user to LAC.
LAC is receiving NCP (net negotiation protocols)After message, give the local PPP of LAC to handle, PPP records standby LNS distribution IP address, the communication message of follow-up vpdn user first passes around ppp ports and mapped to IP address, carries out the processing of L2TP Tunnel connection again afterwards.In communication process other ppp control messages only need to carry out L2TP Tunnel processing just can be with.The technical scheme requires that LAC supports LNS group functions and proxy-lcp authentication processing function based on priority, LNS supports proxy-lcp and authentication processing function, current major part LNS equipment is all to support the function, other no particular/special requirements are identical with standard LNS processing modes.
Realize that the implementation that L2TP Tunnel dynamically updates includes on LAC in the method for the invention:
Configuration service DOMAIN information on the BAS Broadband Access Server LAC of convergence-level, PPP is accessed and aaa authentication information, if needing to configure VPDN usersaccount informations and related primary, spare LNS configuration datas on LAC in the case of locally recognizing E, if Remote Access Dial-In User certification radius certifications, vpdn user account numbers and LNS information are configured on Remote Access Dial-In User certificate server (radius server).
- Vpdn users are when initiating PPP callings, and convergence-level LAC carries out aaa authentication and obtains L2TP Tunnel configuration information, and primary, spare LNS configuration data is included here.
The L2TP Tunnel information that LAC is returned according to certification is set up L2TP Tunnel with the primary LNS servers of enterprises first according to priority and is connected and session, after tunnel building completion, vpdn user can just access the service of enterprises, in user accesses service process, whether normal LAC is detected by sending L2TP hello packets is connected with the primary LNS in opposite end tunnel, when detecting L2TP Tunnel exception, LAC removes the tunnel link information set up with the primary LNS, the standby LNS configuration informations returned according to MA certifications, LAC initiates tunnel connection to standby LNS and set up, in l2tp session negotiations process, LAC connects ICCN messages by incoming call and proxy-lcp and authentication information is transmitted into standby LNS, standby LNS is when receiving proxy-lcp and authentication information, local PPP is given to handle, PPP is completed after proxy-lcp and authentication processing on standby LNS, NCP messages, which are sent, to LAC completes the configuration of vpdn IP address, LAC is when receiving internet protocol integrated test system agreement protocol IPCP messages, local PPP is given to handle, local ppp acts on behalf of the NCP negotiations processes completed with standby LNS local ppp as vpdn User IPs CP, record the corresponding IP address in ppp ports simultaneously.Follow-up vpdn user is when accessing private network, and ppp packets will map the encapsulation process of processing and L2TP agreements on LAC by the PPP ports of ppp protocol with IP address.Other PPP keepalive, LCP control message are only needed to just can be with by L2TP protocol processes on LAC.
The service sub-system of the BAS Broadband Access Server of the method for the invention mainly includes following components:, which manages module, at ppp protocol is used for the PPP session connections that terminating subscriber is initiated, AAA (authentication and accounting mandates)Authentication and accounting and authorization module are used to be authenticated user and charging, and the vpdn protocol process module based on L2TP is used to safeguard vpdn user's L2TP Tunnel and session connection etc..
The software processing flow of realizing the specific embodiment of L2TP Tunnel dynamic more New function in the inventive method is following-
1. vpdn service-domains are configured first on convergence-level BAS Broadband Access Server LAC, configuration vpdn user authentication mode is the distal end radius authentication modes generally used, ppp call-handling capabilitys are opened in user access port, L2TP functional switches are opened;In Remote Access Dial-In User certificate server(Raidus server) on configure vpdn user account numbers, while configuration with account bind primary and backup LNS configuration informations, mainly include LNS IP address, tunnel-password and priority.Proxy-lcp authentication function is opened on the primary, spare LNS in opposite end.This completes the configuration of the vpdn on LAC and LNS.
2.-individual vpdn user initiates PPP session connection requests.When PPP session connections start certification, PPP module requests AAA performs certification, AAA according to DOMAIN values in user name USERNAME@DOMAIN by usersaccount information be sent to radius server radius server according to user profile obtain with the user bind active and standby LNS configuration informations, be then issued to LA (:.
3. PPP judges it is that after vpdn access requests are serviced, request vpdn protocol process module sets up L2TP according to return information
Tunnel and session connection.The proxy-lcp and authentication information for simultaneously consulting PPP modules and vpdn user give vpdn modules.
4. the L2TP Tunnel configuration information that Vpdn modules are transmitted according to PPP(It is primarily referred to as distal end LNS IP address)It is first to set up tunnel and session connection with primary LNS.Primary LNS distributes an IP1 address to user.
5. Vpdn modules send the state that tunnel is connected between the detection of L2TP hello packets and primary LNS by timing to primary LNS.
It is connected 6. Vpdn modules are removed after primary LNS tunnels Joint failure is detected with the primary LNS tunnels set up, the standby LNS configuration informations returned afterwards according to certification are set up L2TP Tunnel with standby LNS and are connected.When vpdn modules send ICCN to LNS, proxy-lcp and authentication information are encapsulated in bag and are sent to standby LNS.7. proxy-lcp and authentication information are transmitted to after the processing of oneself ppp protocol, PPP agreements completion proxy-lcp and authentication information processing to LAC transmission IPCP controls and wrapped by standby LNS after ICCN bags are received, give vpdn user distribution new IP2 addresses.
IPCP messages are given PPP resume modules by vpdn modules on the LAC of ' 8., and PPP modules act on behalf of the ipcp negotiation completed with LNS ends PPP as User IP CP.Finally record the IP2 of standby LNS distribution
Address.PPP modules set up ppp ports to the mapping of IP2 addresses.
9. after vpdn user access inside data of enterprise bag by LAC when, at LAC ends up direction need by
Ip addresses in source in ip bags are converted to IP2 from IP1 and are sent to LNS by the ppp ports of PPP modules to the processing of IP2 address of cache;Down direction needs to indicate to the processing of IP1 address of cache from tunnel by vpdn modules, and IP2 addresses are reduced to IP1 addresses and are sent to vpdn user, the same generally processing mode of L2TP Tunnel encapsulation process of vpdn modules.
10. handled for the ppp that vpdn user the sends L2TP tunnel encapsulations for controlling message to only need to be performed vpdn modules when by LAC.
Generally, large and medium-sized enterprise's network is when implementing vpdn business in order to meet the access Intranet demand of more vpdn user, active and standby two LNS servers can be configured, general LAC way is after being connected with primary LNS disconnections L2TP, need to notify vpdn user to disconnect ppp connections, initiate ppp callings again by vpdn user again afterwards, triggering LAC completes L2TP Tunnel with standby LNS and is connected.
Technical solution of the present invention is using the proxy-lcp and authentication function defined in L2TP standards, and the dynamic for completing L2TP Tunnel by the mapping relations of ppp ports and IP addresses is updated to standby LNS ends from primary LNS.
As shown in figure 3, vpdn is configured on BAS Broadband Access Server LAC accesses domain, configuration aaa authentication mode is to open PPP call-handling capabilitys on radius far-end modes, the interface of user's access, while opening vpdn call-handling capabilitys.Configure vpdn Lu's accounts on related radius server, and by account information and primary LNS and standby
LNS configuration informations are bound.Proxy-lcp and authentication function switch are opened on primary, spare LNS.
With reference to shown in Fig. 3 by taking PPP0E accessing users as an example, the software processing on BAS Broadband Access Server is comprised the following steps that:
1. user carries out LCP negotiations with PPP modules.
2. entering user authentication phase, the USERNAME@DOMAIN that user is transmitted are transmitted to MA modules and are authenticated by PPP.3. user account USERNAME@DOMAIN information is sent to distal end radius server by AAA modules according to DOMAIN;Radius server input the configuration information that DOMAIN obtains primary LNS and standby LNS according to user, mainly include ip addresses, tunnel-password and priority.The information is returned into AAA modules, AAA modules relay to PPP modules.
4. PPP is judged after being L2TP access services, request vpdn modules set up l2tp session connection, and primary LNS and standby LNS configuration informations and proxy-lcp and authentication information are transmitted into vpdn modules.
5. Vpdn modules are set up tunnel with primary LNS first according to tunnel configuration information and are connected, after the completion of tunnel building, vpdn user completes ipcp negotiation process with primary LNS, obtains IP1 addresses, user accesses enterprises service using IP1 addresses.
6. Vpdn modules can detect primary LNS by timing transmission L2TP hello packets there is tunnel connection exception, vpdn is actively removed after connection exception is found and is set up tunnel information with primary LNS, simultaneously according to ppp forwardings come standby LNS tunnel configurations information, initiate and standby LNS tunnel connection request.
7. standby LNS proceeds by ipcp negotiation operation to being received from ICCN bags after proxy-lcp and authentication information processing. -
8. Ppp modules start IPCP agent functionalitys after ipcp negotiation bag is received, the IPCP negotiations processes with standby LNS are completed, last standby LNS can distribute IP2 addresses and give ppp modules.
9. PPP modules record IP2 addresses, completion ppp ports abduct operation with IP2 addresses.
10. the ppp ports that follow-up Vpdn user's transmission ppp packets will be Jing Guo PPP modules indicate the L2TP encapsulation process to the processing of IP1 address of cache, and vpdn modules to IP2 address of cache and tunnel.
10. the L2TP encapsulation process that the Ppp control bags that Vpdn user sends are only needed to by vpdn modules can just be sent to standby LNS.
12. in the case of vpdn user's first time access success, in the case of private IP1 addresses can be obtained not changing user, continue vpdn connected references.
Using the L2TP Tunnel dynamic updating method of the present invention, realize to provide large and medium-sized enterprise broadband vpdn business and be not related to existing access service equipment on hardware and change, simply improved on software approach, LNS servers are also required without special change;Realize vpdn user to complete L2TP Tunnel connection being switched to from primary LNS on standby LNS in the case of business is unbroken, the reliability of the service connection of vpdn user is improved to a certain extent, together
When also mitigate the burden of access server processing L2TP Tunnel connection, this L2TP Tunnel Dynamic Maintenance management method is a kind of economical and effective practicality very strong broadband vpdn service implementation management methods.
It should be appreciated that the above-mentioned description for embodiment is more specific, the limitation to scope of patent protection of the present invention therefore can not be considered, scope of patent protection of the invention should be determined by the appended claims.
Claims (6)
- Claim1st, a kind of method that access dynamic for realizing virtual dial-up access network updates, comprise the following steps-a), the BAS Broadband Access Server of convergence-level detecting after communication abnormality occurs in the primary webserver, remove and be connected with the tunnel of primary webserver foundation;B), according to the webserver configuration information obtained after the virtual dial-up access network user authentication of broadband, initiate tunnel with backup network server and be connected foundation request;C), the BAS Broadband Access Server of the convergence-level is after net negotiation protocol message is received, handled using peer-peer protocol, record the IP address of the backup network server, the communication message of subsequent wideband virtual dial-up access network user first passes through peer-peer protocol port and mapped to IP address, carries out the processing of Layer 2 Tunneling Protocol tunnel connection again afterwards.2nd, according to the method described in claim 1, it is characterised in that the step b) also includes:Bl), proxy link agreement protocol and authentication information are sent to the backup network server by the BAS Broadband Access Server of the convergence-level when the foundation that Layer 2 Tunneling Protocol tunnel session is carried out with the backup network server is consulted;B2), the backup network server is when receiving these peer-peer protocol negotiation informations, handled using peer-peer protocol, complete to connect the peer-peer protocol of user and set up, while by sending the address batch operation that net negotiation protocol bag completes user to the BAS Broadband Access Server of the convergence-level.3rd, method according to claim 2, it is characterised in that the step c) also includes:Cl), configuration service domain information, peer-peer protocol access and aaa authentication information on the BAS Broadband Access Server of convergence-level;C2), broadband virtual dial-up access network user is when initiating peer-peer protocol calling, the BAS Broadband Access Server of convergence-level carries out aaa authentication and obtains Layer 2 Tunneling Protocol tunnel configuration information, including the configuration data of the primary, spare webserver; ―C3), the Layer 2 Tunneling Protocol tunnel information that the BAS Broadband Access Server of the convergence-level is returned according to certification, Layer 2 Tunneling Protocol tunnel is set up according to priority and the primary webserver to be connected and session, after tunnel building completion, broadband virtual dial-up access network user accesses the service of enterprises.4th, method according to claim 3, it is characterised in that the step a) and step b) also include:In user accesses service process, whether normal the BAS Broadband Access Server detection of the convergence-level is connected with the tunnel of the primary webserver in opposite end, when detecting Layer 2 Tunneling Protocol tunnel exception, the BAS Broadband Access Server of the convergence-level removes the tunnel link information set up with the primary webserver, the backup network server configuration information returned according to A certifications, the BAS Broadband Access Server of convergence-level is initiated tunnel connection to backup network server and set up.5th, method according to claim 4, it is characterised in that the step c) also includes:C4), during Layer 2 Tunneling Protocol session negotiation, the BAS Broadband Access Server of convergence-level connects message by incoming call Proxy link agreement protocol and authentication information are transmitted to the backup network server, backup network server is when receiving proxy link agreement protocol and authentication information, handled using peer-peer protocol, peer-peer protocol module is completed after proxy link agreement protocol and authentication processing on the backup network server, and sending net negotiation protocol message to the BAS Broadband Access Server of convergence-level completes the configuration of broadband virtual dial-up access network IP address;C5), the BAS Broadband Access Server of convergence-level is when receiving INTERNET protocol integrated test system agreement protocol messages, handled using peer-peer protocol, local peer-peer protocol module acts on behalf of the net negotiation protocol negotiations process completed with the local peer-peer protocol of backup network server as broadband virtual dial-up access network user's INTERNET protocol integrated test systems agreement protocol, while recording the corresponding IP address in peer-peer protocol port.6th, method according to claim 5, it is characterised in that the step cl) also include:Cll), configuration broadband virtual dial-up access network user authentication mode is distal end radius authentication modes, and peer-peer protocol call-handling capability is opened in user access port, opens Layer 2 Tunneling Protocol functional switch;Cl2 broadband virtual dial-up access network user account number), is configured on Remote Access Dial-In User certificate server, the primary and backup webserver configuration information that configuration is bound with account simultaneously, including webserver IP address, tunnel-password and priority;Cl3), proxy link agreement protocol authentication function is opened on the primary, spare webserver in opposite end.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2005/001516 WO2007033519A1 (en) | 2005-09-20 | 2005-09-20 | A method for updating the access of virtual private dial-network dynamically |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101228765A true CN101228765A (en) | 2008-07-23 |
| CN101228765B CN101228765B (en) | 2011-11-23 |
Family
ID=37888515
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200580051258.3A Active CN101228765B (en) | 2005-09-20 | 2005-09-20 | Method for implementing access dynamic updating of virtual dial-up access network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101228765B (en) |
| WO (1) | WO2007033519A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111835615A (en) * | 2020-09-17 | 2020-10-27 | 南京中兴软件有限责任公司 | Session resource control method, device, equipment, system and storage medium |
| CN113595848A (en) * | 2021-07-28 | 2021-11-02 | 中移(杭州)信息技术有限公司 | Communication tunnel establishment method, device, equipment and storage medium |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309284B (en) * | 2007-05-14 | 2012-09-05 | 华为技术有限公司 | Remote access communication method, apparatus and system |
| CN102130818B (en) * | 2010-01-20 | 2014-03-19 | 杭州华三通信技术有限公司 | Network access server accessing method and network access server |
| CN105099703A (en) * | 2015-07-31 | 2015-11-25 | 国家电网公司 | 4G hand-held individual soldier signal internal and external network gap isolation transmission method |
| CN110932956B (en) * | 2019-11-15 | 2020-08-18 | 北京连山时代科技有限公司 | Method for networking by combining multi-path concurrent system and VPDN |
| CN112383561A (en) * | 2020-11-30 | 2021-02-19 | 安徽信息工程学院 | Multi-access VPDN networking method |
| CN114650304B (en) * | 2020-12-17 | 2024-03-15 | 联通(江苏)产业互联网有限公司 | Authentication and authorization method and device |
| CN113381917B (en) * | 2021-06-11 | 2022-09-16 | 中国电信股份有限公司 | Network access method, device and system, readable storage medium and electronic equipment |
| CN113595847B (en) * | 2021-07-21 | 2023-04-07 | 上海淇玥信息技术有限公司 | Remote access method, system, device and medium |
| CN114157555B (en) * | 2021-11-12 | 2023-05-26 | 杭州迪普科技股份有限公司 | Access information synchronization method |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1269713B1 (en) * | 2000-03-30 | 2006-03-01 | BRITISH TELECOMMUNICATIONS public limited company | Data networks |
| CN1241366C (en) * | 2001-06-19 | 2006-02-08 | 中兴通讯股份有限公司 | Allocation method of wide band access user |
| CN1298138C (en) * | 2003-06-04 | 2007-01-31 | 中兴通讯股份有限公司 | Method for realizing chain circuit polymer function based on strategy route |
| KR20050090902A (en) * | 2004-03-10 | 2005-09-14 | 삼성전자주식회사 | The method of vpn service about pdp type in wcdma |
-
2005
- 2005-09-20 CN CN200580051258.3A patent/CN101228765B/en active Active
- 2005-09-20 WO PCT/CN2005/001516 patent/WO2007033519A1/en active Application Filing
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111835615A (en) * | 2020-09-17 | 2020-10-27 | 南京中兴软件有限责任公司 | Session resource control method, device, equipment, system and storage medium |
| CN113595848A (en) * | 2021-07-28 | 2021-11-02 | 中移(杭州)信息技术有限公司 | Communication tunnel establishment method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101228765B (en) | 2011-11-23 |
| WO2007033519A1 (en) | 2007-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101228765A (en) | Method for implementing access dynamic updating of virtual dial-up access network | |
| US6449272B1 (en) | Multi-hop point-to-point protocol | |
| US7555772B2 (en) | Wireless firewall with tear down messaging | |
| US6463475B1 (en) | Method and device for tunnel switching | |
| US6542992B1 (en) | Control and coordination of encryption and compression between network entities | |
| US6801509B1 (en) | Mobile point-to-point protocol | |
| US6496491B2 (en) | Mobile point-to-point protocol | |
| WO2000044133A2 (en) | Instant activation of point-to-point protocol (ppp) connection | |
| CN101110847B (en) | Method, device and system for obtaining medium access control address | |
| US7266715B1 (en) | Methods and apparatus for maintaining a virtual private network connection | |
| US7680134B2 (en) | Tunneling Ethernet | |
| CN103124290B (en) | Based on the load-balancing method of reverse isolation device with isolation gateway connected applications | |
| Malkin | Dial-in virtual private networks using layer 3 tunneling | |
| CN109600292A (en) | A kind of LAC router initiates the method and system of L2TP Tunnel connection from dialing | |
| CN102523583A (en) | VPDN multi-access point backup access method and equipment | |
| CN103391226A (en) | Method and system for detecting and maintaining PPP (point-to-point protocol) link | |
| US20070071035A1 (en) | LAC-based LFI support for tunneled PPP sessions | |
| US8312530B2 (en) | System and method for providing security in a network environment using accounting information | |
| CN108270593A (en) | A kind of two-node cluster hot backup method and system | |
| CN100407721C (en) | Method for network server to support multiple examples based on two layre tunnel protocol | |
| JP2001197082A (en) | System and method for multichannel communication control | |
| CN112839391B (en) | 4G communication method, device and system | |
| Cisco | Cisco IAD2420 - Cisco IOS Release 12.2 XB | |
| Cisco | Configuring PPP for Wide-Area Networking | |
| CN114465848B (en) | Data transmission method and system based on ciphertext |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |