CN101228765B - Method for implementing access dynamic updating of virtual dial-up access network - Google Patents
Method for implementing access dynamic updating of virtual dial-up access network Download PDFInfo
- Publication number
- CN101228765B CN101228765B CN200580051258.3A CN200580051258A CN101228765B CN 101228765 B CN101228765 B CN 101228765B CN 200580051258 A CN200580051258 A CN 200580051258A CN 101228765 B CN101228765 B CN 101228765B
- Authority
- CN
- China
- Prior art keywords
- protocol
- peer
- server
- tunnel
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/40—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
Abstract
A method for updating the cut-in of VPDN dynamically comprises after detecting some faults in a master network server, the wideband accessing server of the said aggregation layer removes the tunnel connection with the master network server. The wideband accessing server transmits a tunnel connection estabilishing request to an backup network server according to the network server configuration information acquired by the authentication of a wideband VPDN subscriber. After receiving a network negotiation protocol message, the wideband accessing server of the said aggregation layer uses a local PPP to record an IP address assigned by the backup network server. The communication message of the subsequent wideband VPDN subscriber have been mapped between the a PPP port and the IP address, and then uses the L2TP to set up the tunnel connection. The method improves the reliability and QoS of the VPDN subscriber access connection, and reduces tunnel working load of the wideband cut-in server.
Description
Technical field
The present invention relates to a kind of in the communication field to broadband virtual dial-up access network (Virtual PrivateDial-Network, hereinafter to be referred as vpdn) method of service maintenance management, what be specifically related to is that the method for broadband vpdn service dynamic refreshing service is provided in a kind of broadband access network.
Background technology
Broadband of the prior art vpdn network configuration is according to Access Layer, convergence-level and backbone layer are divided, as shown in Figure 1, broadband vpdn Access Network is by the vpdn user access networks, and the LNS server of the BAS Broadband Access Server LAC of convergence-level and access public ip network is formed.Broadband user's authentication is authorized and charging, and various access service such as L2TP Tunnel services selection are mainly finished by BAS Broadband Access Server in the network, and LNS finishes the configuration management of L2TP Tunnel termination and vpdn user's private IP address.The broadband vpdn network of prior art all adopts the tunneling technique based on L2TP (Layer 2 Tunneling Protocol) standard agreement basically.Place the BAS Broadband Access Server that to finish LAC (L2TP cut-in convergent) function in convergence-level; finish vpdn user various are converged access service; can finish the vpdn gateway of LNS (L2TP Network Server) function in the inner placement of enterprise's private network; these vpdn gateways are except finishing tunnelling function; usually also finish the function of safety protection to customer traffic, the vpdn gateway directly inserts the IP public network.Generally for large and medium-sized enterprise's network; consider that vpdn user inserts quantity and the professional security reliability of using of vpn; usually can dispose a plurality of LNS servers; these LNS servers employing load sharings or priority mode are realized the tunnel finalization process to vpdn user; carrying out in the middle of the application in that business is actual at present, all is to adopt the networking applicable cases of implementing a plurality of LNS based on priority mode basically.
Be that typical BAS Broadband Access Server is handled vpdn user PPP session access service software processes flow chart as shown in Figure 2, it mainly comprises the ppp link negotiation, the aaa authentication mandate, L2TP Tunnel is set up and PPP information transmission three phases, relate to ppp protocol and handle three software modules such as AAA and vpdn.According at present common way, under two LNS networking situations based on priority, the stronger main LNS server of using of conduct of disposal ability, the more weak standby LNS server of conduct of disposal ability, the vpdn calling party is in first time vpdn calling procedure, LAC at first selects to set up the tunnel with the master of high priority with LNS according to the configuration data of LNS and is connected, after connection foundation is finished, vpdn user can visit enterprise's private network, if afterwards LAC detect with LNS between the tunnel be connected occur unusual, LAC can remove with the tunnel of LNS and be connected, notifying the vpdn dial user to disconnect PPP (peer-peer protocol) simultaneously connects, the user finds to need to initiate the vpdn calling to LAC again after PPP connects disconnection, this moment, LAC was when finding the master with the LNS communication abnormality, can finish the tunnel with standby LNS and be connected foundation, the user can continue to visit enterprise's private network service.To be LAC set up incident that the tunnel is connected with standby LNS to the shortcoming of this mode must be called out once more by vpdn user and trigger, and can cause the interruption of vpdn telex network thus, needs the user repeatedly to repeat the negotiations process that ppp calls out.Even in enterprise network configurations under a plurality of LNS server situations, the user also can't realize dynamic tunnel server selection function, and this way is when each vpdn user initiates newly to call out, LAC always needs at first to set up the tunnel with unusual master with LNS and is connected, just setting up the tunnel with standby LNS after setting up failure is connected, LAC and network service resource had so both been consumed, also cause user vpdn call connection processing efficient lower, under the more situation of vpdn number of users, this situation is more serious.
Therefore, there is defective in prior art, and awaits improving and development.
Summary of the invention
The method that purpose of the present invention provides a kind of access that realizes the virtual dial-up access network to dynamically update, by improving the L2TP treatment technology of existing broadband inserting service equipment, provide broadband vpdn access user is realized that dynamic tunnel upgrades and maintenance management, adopting the inventive method to can be implemented in the master occurs under the unusual situation with LNS, finish the tunnel is connected from main with being switched on the standby LNS, do not need the ppp that interrupts vpdn user to connect therebetween, for vpdn user provides a kind of transparent tunnel selection function, improve vpdn user's Connection Service quality, to alleviate the tunnel connection processing burden of LAC, provide real-time high reliability business for giving vpdn user.
Technical scheme of the present invention is as follows:
The method that a kind of access that realizes the virtual dial-up access network dynamically updates may further comprise the steps:
A), the BAS Broadband Access Server of convergence-level detect main communication abnormality appears with the webserver and after, remove with the main tunnel of setting up with the webserver and be connected;
B), according to the webserver configuration information that obtains behind the virtual dial-up access network authentification of user of broadband, initiate the tunnel with the backup network server and be connected to set up and ask;
C), the BAS Broadband Access Server of described convergence-level is after receiving the network negotiate protocol massages, adopt peer-peer protocol to handle, write down the IP address of described backup network server, follow-up broadband virtual dial-up access network user's communications message process peer-peer protocol port earlier carries out the processing that the Layer 2 Tunneling Protocol tunnel connects afterwards again to the IP map addresses.
Described method, wherein, described step b) also comprises:
B1), when the BAS Broadband Access Server of described convergence-level is consulted in the foundation of carrying out the Layer 2 Tunneling Protocol tunnel session with described backup network server, proxy link agreement protocol and authentication information are sent to described backup network server;
B2), described backup network server is when receiving described proxy link agreement protocol and described authentication information, the employing peer-peer protocol is handled, the peer-peer protocol of finishing the user connects foundation, sends the address assignment operation that the network negotiate protocol package is finished the user by the BAS Broadband Access Server to described convergence-level simultaneously.
Described method, wherein, described step c) also comprises:
C1), configuration service domain information, peer-peer protocol insert and aaa authentication information on the BAS Broadband Access Server of convergence-level;
C2), broadband virtual dial-up access network user initiating peer-peer protocol when calling out, the BAS Broadband Access Server of convergence-level carries out aaa authentication and obtains Layer 2 Tunneling Protocol tunnel configuration information, comprising the configuration data of the described primary, spare webserver;
C3), the Layer 2 Tunneling Protocol tunnel information that returns according to authentication of the BAS Broadband Access Server of described convergence-level, setting up Layer 2 Tunneling Protocol tunnel with the master with the webserver according to priority is connected and session, after tunnel foundation is finished, the service of broadband virtual dial-up access network user capture enterprises.
Described method, wherein, described step a) and step b) also comprise:
In the user capture service process, whether the BAS Broadband Access Server detection of described convergence-level is connected normal with main tunnel with the webserver, opposite end, detecting the Layer 2 Tunneling Protocol tunnel when unusual, the BAS Broadband Access Server of this convergence-level is removed and this main tunnel link information of setting up with the webserver, according to the backup network server configuration information that aaa authentication is returned, the BAS Broadband Access Server of convergence-level is initiated the tunnel to the backup network server and is connected foundation.
Described method, wherein, described step c) also comprises:
C4), in Layer 2 Tunneling Protocol session negotiation process, the BAS Broadband Access Server of convergence-level connects message by incoming call proxy link agreement protocol and authentication information is transmitted to described backup network server, the backup network server is when receiving proxy link agreement protocol and authentication information, adopt peer-peer protocol to handle, after the peer-peer protocol module is finished proxy link agreement protocol and authentication processing on the described backup network server, finish broadband virtual dial-up access network IP address configuration to the BAS Broadband Access Server transmission network negotiate protocol massages of convergence-level;
C5), the BAS Broadband Access Server of convergence-level is when receiving INTERNET agreement control agreement protocol message, adopt peer-peer protocol to handle, local peer-peer protocol module is finished network negotiate protocol negotiation process with the local peer-peer protocol of backup network server as broadband virtual dial-up access network user INTERNET agreement control agreement protocol agency, notes the IP address of this peer-peer protocol port correspondence simultaneously.
Described method, wherein, described step c1) also comprise:
C11), configuration broadband virtual dial-up access network authentification of user mode is far-end radius authentication mode, opens the peer-peer protocol call-handling capability on user access port, opens the Layer 2 Tunneling Protocol functional switch;
C12), on long-range access dial subscriber authentication server configuration broadband virtual dial-up access network user account number, the primary and backup webserver configuration information of configuration simultaneously and account binding comprises webserver IP address, tunnel-password and priority;
C13), on the primary, spare webserver in opposite end proxy link agreement protocol authentication function is opened.
The method that a kind of access that realizes the virtual dial-up access network provided by the present invention dynamically updates, because in the vpdn network configuration of broadband, the method that adopts L2TP Tunnel to dynamically update, realized the real-time guard in the service of visit Intranet to vpdn user, do not needing terminal vpdn user to initiate again under the situation of ppp calling, finished the masterslave switchover that the L2TP tunnel connects, LNS is transparent unknowable occurring when unusual terminal vpdn user fully, the user capture service can not be affected, therefore reliability and Connection Service quality that the vpdn user capture connects have been improved, and burden is handled in the tunnel that has reduced BAS Broadband Access Server, LNS there is not special requirement yet, to the not influence of framework of existing vpdn network; It realizes simple, can not increase the cost of existing product.
Description of drawings
Fig. 1 is a typical broadband vpdn access network architecture network topology schematic diagram;
Fig. 2 is that typical BAS Broadband Access Server is handled vpdn user PPP session access service software processes flow chart;
Fig. 3 supports dynamic L2TP Tunnel to upgrade the BAS Broadband Access Server software processes flow chart that the vpdn user who operates finishes PPP session access service in the inventive method.
Embodiment
Below in conjunction with accompanying drawing, will carry out comparatively detailed explanation to preferred embodiment of the present invention.
The method that the access of realization virtual dial-up access network of the present invention dynamically updates, it realizes that L2TP Tunnel dynamically updates, core concept is: as the BAS Broadband Access Server of LAC, detect main communication abnormality appears with LNS and after, remove with the main tunnel of setting up with LNS and be connected, initiate the tunnel according to the LNS configuration information that obtains behind the vpdn authentification of user of front with standby LNS then and be connected the request of foundation, when carrying out the foundation negotiation of L2TP Tunnel session, proxy-lcp (link negotiation agreement) and authentication information are sent to standby LNS with standby LNS; Standby LNS is when receiving these ppp negotiation information, and by local ppp protocol processes, the ppp that finishes the user connects foundation, finishes user's address assignment operation by send the NCP bag to LAC simultaneously.
LAC is after receiving NCP (network negotiate agreement) message, giving the local PPP of LAC handles, PPP writes down standby LNS distributing IP address, and follow-up vpdn user's communications message at first process ppp port carries out the processing that L2TP Tunnel connects afterwards again to the IP map addresses.Other ppp control message only need carry out L2TP Tunnel and handles just passable in the communication process.This technical scheme requires LNS group function and the proxy-lcp authentication processing function of LAC support based on priority, LNS supports proxy-lcp and authentication processing function, present most of LNS equipment all is to support this function, and other does not have specific (special) requirements, and is identical with standard LNS processing mode.
Realize on LAC in the method for the invention that the implementation that L2TP Tunnel dynamically updates comprises:
The BAS Broadband Access Server LAC of convergence-level goes up configuration service DOMAIN information, PPP inserts and aaa authentication information, if need on LAC, dispose VPDN usersaccount information and relevant primary, spare LNS configuration data under the situation of local authentication, if long-range access dial authentification of user radius authentication is gone up configuration vpdn user account number and LNS information at long-range access dial subscriber authentication server (radius server).
Vpdn user is when initiating the PPP calling, and convergence-level LAC carries out aaa authentication and obtains the L2TP Tunnel configuration information, comprises the configuration data of primary, spare LNS here.
The L2TP Tunnel information that LAC returns according to authentication sets up with the LNS server with the enterprises master at first according to priority that L2TP Tunnel is connected and session, after tunnel foundation is finished, vpdn user just can visit the service of enterprises, in the user capture service process, whether LAC detects and is connected normal with main tunnel with LNS, opposite end by sending the L2TP hello packet, detecting L2TP Tunnel when unusual, LAC removes and this main tunnel link information of setting up with LNS, the standby LNS configuration information that returns according to aaa authentication, LAC initiates the tunnel to standby LNS and connects foundation, in the l2tp session negotiations process, LAC connects the ICCN message by incoming call proxy-lcp and authentication information is transmitted to standby LNS, standby LNS is when receiving proxy-lcp and authentication information, giving local PPP handles, after the last PPP of standby LNS finishes proxy-lcp and authentication processing, send the NCP message to LAC and finish the configuration of vpdn IP address, LAC is when receiving internet agreement control agreement protocol IPCP message, giving local PPP handles, local ppp finishes NCP negotiations process with the local ppp of standby LNS as vpdn User IP CP agency, notes the IP address of this ppp port correspondence simultaneously.Follow-up vpdn user is when the visit private network, and the ppp packet will be through the PPP port of ppp protocol and the encapsulation process of processing of IP map addresses and L2TP agreement on LAC.The keepalive of other PPP, LCP control message only need be just passable through the L2TP protocol processes on LAC.
The service sub-system of the BAS Broadband Access Server of the method for the invention mainly comprises following components: the Client-initiated PPP session connection that is used to terminate of ppp protocol processing module, AAA (authentication and accounting mandate) authentication and accounting and authorization module are used for the user is authenticated and charges, and are used to safeguard vpdn user's L2TP Tunnel and session connection etc. based on the vpdn protocol process module of L2TP.
It is as follows to realize in the inventive method that L2TP Tunnel dynamically updates the software processes flow process of specific embodiment of function:
1. at first dispose the vpdn service-domain on convergence-level BAS Broadband Access Server LAC, configuration vpdn authentification of user mode is the far-end radius authentication mode that adopts usually, opens the ppp call-handling capability on the user access port, opens the L2TP functional switch; Go up configuration vpdn user account number at long-range access dial subscriber authentication server (raidus server), the primary and backup LNS configuration information of configuration and account binding simultaneously mainly comprises LNS IP address, tunnel-password and priority.The primary, spare LNS in opposite end goes up the proxy-lcp authentication function is opened.So just finished the configuration of the vpdn on LAC and the LNS.
2. a vpdn user initiates the PPP session connection request.When the PPP session connection began to authenticate, PPP module request AAA carried out authentication, and AAA sends to radius server according to DOMAIN value among the user name USERNAMEDOMAIN with usersaccount information.Radius server obtains active and standby LNS configuration information with this user binding according to user profile, issues LAC then.
3.PPP judge it is after vpdn inserts the request service according to return information, request vpdn protocol process module is set up L2TP tunnel and session connection.Give vpdn module with the proxy-lcp and the authentication information of ppp module and vpdn user's negotiation simultaneously.
4.Vpdn the L2TP Tunnel configuration information that module transmits according to PPP (mainly being meant the IP address of far-end LNS) is set up tunnel and session connection with main with LNS earlier.The master distributes an IP1 address with LNS to the user.
5.Vpdn module by regularly to main send with LNS the L2TP hello packet detect with the master with LNS between the state that is connected of tunnel.
6.Vpdn module main connect the back of losing efficacy with the LNS tunnel and removes with main tunnel with LNS foundation and be connected detecting, the standby LNS configuration information that returns according to authentication is set up L2TP Tunnel with standby LNS and is connected afterwards., when LNS sends ICCN, proxy-lcp and authentication information be encapsulated in send to standby LNS in the bag in the vpdn module.
7. standby LNS is transmitted to own ppp protocol processing with proxy-lcp and authentication information after receiving the ICCN bag, ppp protocol finishes proxy-lcp and authentication information is handled the back to LAC transmission IPCP controlling packet, distributes new IP2 address for this vpdn user.
8.LAC last vpdn module is given PPP resume module with the IPCP message, the PPP module is finished the ipcp negotiation of holding PPP with LNS as User IP CP agency.Note the IP2 address that standby LNS distributes at last.The PPP module is set up the mapping of ppp port to the IP2 address.
9. when the inside data of enterprise of vpdn user capture afterwards wraps in through LAC, need handle to the IP2 map addresses through the ppp port of PPP module, ip address, source in the ip bag is converted to IP2 from IP1 send to LNS at LAC end up direction; Down direction need indicate the IP1 map addresses through the vpdn module and handle from the tunnel, the IP2 address is reduced to the IP1 address and sends to vpdn user, the same processing mode generally speaking of the L2TP Tunnel encapsulation process of vpdn module.
10. the ppp control message that sends for vpdn user only need be finished the L2TP Tunnel encapsulation process of vpdn module through LAC the time.
Usually, large and medium-sized enterprise's network implement vpdn when professional in order to satisfy more vpdn user's visit Intranet demand, can dispose active and standby two LNS servers, the way of general LAC be with main disconnect L2TP with LNS and be connected after, needing notice vpdn user to disconnect ppp connects, initiate ppp once more by vpdn user more afterwards and call out, triggering LAC finishes L2TP Tunnel with standby LNS and is connected.
Technical solution of the present invention is utilized proxy-lcp and the authentication function that defines in the L2TP standard, dynamically is updated to standby LNS end from main with LNS by what the mapping relations of ppp port and IP address had been finished L2TP Tunnel.
As shown in Figure 3, configuration vpdn visit domain on BAS Broadband Access Server LAC, configuration aaa authentication mode is the radius far-end mode, opens the ppp call-handling capability on the interface that the user inserts, and opens the vpdn call-handling capability simultaneously.Dispose the vpdn usersaccount information on the relevant radius server, and account information is bound with LNS and standby LNS configuration information with main.On primary, spare LNS with proxy-lcp and authentication function switch opens.
To insert the user with PPPOE be example in conjunction with shown in Figure 3, and the software processes concrete steps on the BAS Broadband Access Server are as follows:
1. user and PPP module are carried out the LCP negotiation.
2. enter user authentication phase, the USERNAMEDOMAIN that PPP transmits the user passes to the AAA module and authenticates.
3.AAA module sends to far-end radiusserver according to DOMAIN with user account USERNAMEDOMAIN information; Radius server imports DOMAIN according to the user and obtains main configuration information with LNS and standby LNS, mainly comprises the ip address, tunnel-password and priority.This information is returned to the AAA module, and the AAA module is transmitted to the PPP module again.
4.PPP judge be the L2TP access service after, request vpdn module is set up l2tp session and is connected, and will lead with LNS and standby LNS configuration information and proxy-lcp and authentication information and be transmitted to the vpdn module.
Be connected 5.Vpdn module is at first set up the tunnel with the master with LNS according to tunnel configuration information, after tunnel foundation was finished, vpdn user finished the ipcp negotiation process with main with LNS, obtains the IP1 address, and the user uses the IP1 address to visit the enterprises service.
The tunnel connection appears unusually 6.Vpdn module can detect the master by timed sending L2TP hello packet with LNS, vpdn is finding that connecting unusual back active removing sets up tunnel information with main with LNS, transmit the standby LNS tunnel configuration information of coming according to ppp simultaneously, initiate tunnel connection request with standby LNS.
7. standby LNS begins to carry out the ipcp negotiation operation to receive proxy-lcp and authentication information processing from the ICCN bag after.
8.Ppp module starts the IPCP agent functionality after receiving the ipcp negotiation bag, finish the ipcp negotiation process with standby LNS, last standby LNS can give the ppp module in distributing IP 2 addresses.
9.PPP the bindings of ppp port and IP2 address is finished in IP2 address under the module records.
10. follow-up Vpdn user sends the ppp packet will indicate the processing of IP1 map addresses to IP2 map addresses and tunnel through the ppp port of PPP module, and the L2TP encapsulation process of vpdn module.
10.Vpdn the Ppp controlling packet that the user sends only need just can send to standby LNS through the L2TP encapsulation process of vpdn module.
12. vpdn user for the first time under the access success situation, can obtain under the situation of private IP1 address not changing the user, continue the vpdn connected reference.
Adopt L2TP Tunnel of the present invention to dynamically update method, realized providing broadband vpdn professional and existing access service equipment do not related on the hardware change to large and medium-sized enterprise, just on software approach, improve, the LNS server is not had special change requirement yet; Having realized that vpdn user finishes L2TP Tunnel connected from main under the unbroken situation of business is switched on the standby LNS with LNS, improved the reliability of vpdn user's service connection to a certain extent, also alleviated simultaneously access server and handled the burden that L2TP Tunnel connects, this L2TP Tunnel Dynamic Maintenance management method is the very strong broadband vpdn service implementation management method of a kind of economical and effective practicality.
Should be understood that above-mentioned description at embodiment is comparatively concrete, can not therefore think the restriction to scope of patent protection of the present invention, scope of patent protection of the present invention should be as the criterion with claims.
Claims (5)
1. method that the access that realizes the virtual dial-up access network dynamically updates may further comprise the steps:
A), the BAS Broadband Access Server of convergence-level detect main communication abnormality appears with the webserver and after, remove with the main tunnel of setting up with the webserver and be connected;
B), according to the webserver configuration information that obtains behind the virtual dial-up access network authentification of user of broadband, initiate the tunnel with the backup network server and be connected the request of foundation, described step b) also comprises: b1), when the BAS Broadband Access Server of described convergence-level is consulted in the foundation of carrying out the Layer 2 Tunneling Protocol tunnel session with described backup network server, proxy link agreement protocol and authentication information are sent to described backup network server; B2), described backup network server is when receiving described proxy link agreement protocol and described authentication information, the employing peer-peer protocol is handled, the peer-peer protocol of finishing the user connects foundation, sends the address assignment operation that the network negotiate protocol package is finished the user by the BAS Broadband Access Server to described convergence-level simultaneously;
C), the BAS Broadband Access Server of described convergence-level is after receiving the network negotiate protocol massages, adopt peer-peer protocol to handle, write down the IP address of described backup network server, follow-up broadband virtual dial-up access network user's communications message process peer-peer protocol port earlier carries out the processing that the Layer 2 Tunneling Protocol tunnel connects afterwards again to the IP map addresses.
2. method according to claim 1 is characterized in that, described step c) also comprises:
C1), configuration service domain information, peer-peer protocol insert and aaa authentication information on the BAS Broadband Access Server of convergence-level;
C2), broadband virtual dial-up access network user initiating peer-peer protocol when calling out, the BAS Broadband Access Server of convergence-level carries out aaa authentication and obtains Layer 2 Tunneling Protocol tunnel configuration information, comprising the configuration data of the described primary, spare webserver;
C3), the Layer 2 Tunneling Protocol tunnel information that returns according to authentication of the BAS Broadband Access Server of described convergence-level, setting up Layer 2 Tunneling Protocol tunnel with the master with the webserver according to priority is connected and session, after tunnel foundation is finished, the service of broadband virtual dial-up access network user capture enterprises.
3. method according to claim 2 is characterized in that, described step a) and step b) also comprise:
In the user capture service process, whether the BAS Broadband Access Server detection of described convergence-level is connected normal with main tunnel with the webserver, opposite end, detecting the Layer 2 Tunneling Protocol tunnel when unusual, the BAS Broadband Access Server of this convergence-level is removed and this main tunnel link information of setting up with the webserver, according to the backup network server configuration information that aaa authentication is returned, the BAS Broadband Access Server of convergence-level is initiated the tunnel to the backup network server and is connected foundation.
4. method according to claim 3 is characterized in that, described step c) also comprises:
C4), in Layer 2 Tunneling Protocol session negotiation process, the BAS Broadband Access Server of convergence-level connects message by incoming call proxy link agreement protocol and authentication information is transmitted to described backup network server, the backup network server is when receiving proxy link agreement protocol and authentication information, adopt peer-peer protocol to handle, after the peer-peer protocol module is finished proxy link agreement protocol and authentication processing on the described backup network server, finish broadband virtual dial-up access network IP address configuration to the BAS Broadband Access Server transmission network negotiate protocol massages of convergence-level;
C5), the BAS Broadband Access Server of convergence-level is when receiving INTERNET agreement control agreement protocol message, adopt peer-peer protocol to handle, local peer-peer protocol module is finished network negotiate protocol negotiation process with the local peer-peer protocol of backup network server as broadband virtual dial-up access network user INTERNET agreement control agreement protocol agency, notes the IP address of this peer-peer protocol port correspondence simultaneously.
5. method according to claim 4 is characterized in that, described step c1) also comprise:
C11), configuration broadband virtual dial-up access network authentification of user mode is far-end radius authentication mode, opens the peer-peer protocol call-handling capability on user access port, opens the Layer 2 Tunneling Protocol functional switch;
C12), on long-range access dial subscriber authentication server configuration broadband virtual dial-up access network user account number, the primary and backup webserver configuration information of configuration simultaneously and account binding comprises webserver IP address, tunnel-password and priority;
C13), on the primary, spare webserver in opposite end proxy link agreement protocol authentication function is opened.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2005/001516 WO2007033519A1 (en) | 2005-09-20 | 2005-09-20 | A method for updating the access of virtual private dial-network dynamically |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101228765A CN101228765A (en) | 2008-07-23 |
| CN101228765B true CN101228765B (en) | 2011-11-23 |
Family
ID=37888515
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200580051258.3A Active CN101228765B (en) | 2005-09-20 | 2005-09-20 | Method for implementing access dynamic updating of virtual dial-up access network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101228765B (en) |
| WO (1) | WO2007033519A1 (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309284B (en) * | 2007-05-14 | 2012-09-05 | 华为技术有限公司 | Remote access communication method, apparatus and system |
| CN102130818B (en) * | 2010-01-20 | 2014-03-19 | 杭州华三通信技术有限公司 | Network access server accessing method and network access server |
| CN105099703A (en) * | 2015-07-31 | 2015-11-25 | 国家电网公司 | 4G hand-held individual soldier signal internal and external network gap isolation transmission method |
| CN110932956B (en) * | 2019-11-15 | 2020-08-18 | 北京连山时代科技有限公司 | Method for networking by combining multi-path concurrent system and VPDN |
| CN111835615B (en) * | 2020-09-17 | 2021-01-15 | 南京中兴软件有限责任公司 | Session resource control method, device, equipment, system and storage medium |
| CN112383561A (en) * | 2020-11-30 | 2021-02-19 | 安徽信息工程学院 | Multi-access VPDN networking method |
| CN114650304B (en) * | 2020-12-17 | 2024-03-15 | 联通(江苏)产业互联网有限公司 | Authentication and authorization method and device |
| CN113381917B (en) * | 2021-06-11 | 2022-09-16 | 中国电信股份有限公司 | Network access method, device and system, readable storage medium and electronic equipment |
| CN113595847B (en) * | 2021-07-21 | 2023-04-07 | 上海淇玥信息技术有限公司 | Remote access method, system, device and medium |
| CN113595848B (en) * | 2021-07-28 | 2022-06-28 | 中移(杭州)信息技术有限公司 | Communication tunnel establishing method, device, equipment and storage medium |
| CN114157555B (en) * | 2021-11-12 | 2023-05-26 | 杭州迪普科技股份有限公司 | Access information synchronization method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001076186A1 (en) * | 2000-03-30 | 2001-10-11 | British Telecommunications Public Limited Company | Data networks |
| CN1392708A (en) * | 2001-06-19 | 2003-01-22 | 深圳市中兴通讯股份有限公司 | Allocation method of wide band access user |
| CN1553628A (en) * | 2003-06-04 | 2004-12-08 | 深圳市中兴通讯股份有限公司南京分公 | Method for realizing chain circuit polymer function based on strategy route |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050090902A (en) * | 2004-03-10 | 2005-09-14 | 삼성전자주식회사 | The method of vpn service about pdp type in wcdma |
-
2005
- 2005-09-20 CN CN200580051258.3A patent/CN101228765B/en active Active
- 2005-09-20 WO PCT/CN2005/001516 patent/WO2007033519A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001076186A1 (en) * | 2000-03-30 | 2001-10-11 | British Telecommunications Public Limited Company | Data networks |
| CN1392708A (en) * | 2001-06-19 | 2003-01-22 | 深圳市中兴通讯股份有限公司 | Allocation method of wide band access user |
| CN1553628A (en) * | 2003-06-04 | 2004-12-08 | 深圳市中兴通讯股份有限公司南京分公 | Method for realizing chain circuit polymer function based on strategy route |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101228765A (en) | 2008-07-23 |
| WO2007033519A1 (en) | 2007-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101228765B (en) | Method for implementing access dynamic updating of virtual dial-up access network | |
| CN101110847B (en) | Method, device and system for obtaining medium access control address | |
| US6449272B1 (en) | Multi-hop point-to-point protocol | |
| US6308213B1 (en) | Virtual dial-up protocol for network communication | |
| KR100308073B1 (en) | Network access methods, including direct wireless to internet access | |
| CN1332542C (en) | VoIP wireless telephone system and method utilizing wireless LAN | |
| EP0990335B1 (en) | Network access device b-answer method | |
| US6801509B1 (en) | Mobile point-to-point protocol | |
| US20070291716A1 (en) | Universal Ethernet Telecommunications Service | |
| US7966229B2 (en) | Method and system for accounting access by users to data networks, related computer program product | |
| WO2000044133A2 (en) | Instant activation of point-to-point protocol (ppp) connection | |
| CN101102291B (en) | Method for realizing user Internet access based on PPPOE agent function | |
| CN101426004A (en) | Three layer conversation access method, system and equipment | |
| CN101257420A (en) | Point-to-point protocol accessing method, system as well as access node equipment | |
| CN100583799C (en) | Method and system for implementing CDMA1xLNS load balancing | |
| CN103227773B (en) | A kind of method and system thereof of setting up VPDN connection | |
| US7680134B2 (en) | Tunneling Ethernet | |
| Malkin | Dial-in virtual private networks using layer 3 tunneling | |
| CA2458917C (en) | Providing end-user communication services over peer-to-peer internet protocol connections between service providers | |
| WO2008037212A1 (en) | An access terminal and a method for the terminal binding to the operator | |
| EP1094646B1 (en) | Multi channel communication control system and method | |
| CN101997904B (en) | Session distinguishing method and session distinguishing equipment | |
| CN101030974A (en) | Method for designing IPv6 mobile terminal software based on PPP protocol | |
| CN112839391B (en) | 4G communication method, device and system | |
| Cisco | Cisco IAD2420 - Cisco IOS Release 12.2 XB |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |