CN112383561A - Multi-access VPDN networking method - Google Patents
Multi-access VPDN networking method Download PDFInfo
- Publication number
- CN112383561A CN112383561A CN202011368827.XA CN202011368827A CN112383561A CN 112383561 A CN112383561 A CN 112383561A CN 202011368827 A CN202011368827 A CN 202011368827A CN 112383561 A CN112383561 A CN 112383561A
- Authority
- CN
- China
- Prior art keywords
- user
- operator
- vpdn
- router
- lns
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 230000006855 networking Effects 0.000 title claims abstract description 13
- 238000012544 monitoring process Methods 0.000 claims abstract description 7
- 238000004891 communication Methods 0.000 claims description 3
- 230000003068 static effect Effects 0.000 claims description 3
- 238000013461 design Methods 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 3
- 101150012579 ADSL gene Proteins 0.000 description 1
- 102100020775 Adenylosuccinate lyase Human genes 0.000 description 1
- 108700040193 Adenylosuccinate lyases Proteins 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
Abstract
The invention provides a multi-access VPDN networking method, which comprises a plurality of operators and a user router LNS, wherein the operators configure tunnel information and domain names on an operator AAA, each operator configures tunnel information on an operator router LAC, the user router LNS can be configured with a plurality of VPDN domains, one VPDN domain corresponds to an access user of the operator, a specific user name and a specific user password are configured on a user AAA, a monitoring process is started on the user AAA, and when the operator modifies the VPDN information, a real-time alarm notice is sent. The invention has reasonable design, can meet the access requirement only by using one user router LNS under the condition that a plurality of operators access through a multi-access VPDN network, and efficiently forwards network data under the condition of reducing investment cost.
Description
Technical Field
The invention mainly relates to the technical field of electronic information and computers, in particular to a multi-access VPDN networking method.
Background
With the development of times and economic sciences, more and more internet users are provided, and more internet users have more and more access modes, such as traditional wired ADSL, LAN, optical fiber and coaxial cable access, and wireless WLAN, 3G, 4G, 5G and quantum communication network access. There are also more and more internet operators to which users have access, including penny and great-town broadband operators, in addition to large operators such as china telecom, china mobile, china unicom and radio and television.
Besides the requirements of the user on the network quality parameters such as access bandwidth, delay packet loss and the like, the user also has high requirements on the network security. Some users require internet access, but need to be strictly separated from other users logically, and a dedicated line technology sharing a physical channel such as ATM, DDN and SDH can be adopted to implement the requirement, but the dedicated line access consumes a large amount of resources and has a high access price, so that such users generally adopt VPN (virtual private network) access.
At present, VPN application based on single access and single operator is common, but VPN technology based on multiple accesses and multiple operators is not mature.
Disclosure of Invention
Object of the Invention
The invention provides a networking method for establishing a multi-access VPDN network, which can efficiently forward network data under the condition of reducing investment as much as possible.
Technical scheme
In order to achieve the purpose, the technical scheme provided by the invention is as follows: a multi-access VPDN networking method comprises a plurality of operators and a user router LNS, wherein the operators configure tunnel information and domain names on an operator AAA, each operator configures tunnel information on an operator router LAC, the user router LNS can be configured with a plurality of VPDN domains, one VPDN domain corresponds to an access user of the operator, a specific user name and a specific user password are configured on a user AAA, a monitoring process is started on the user AAA, and when the operators modify the VPDN information, a real-time alarm notice is sent.
Further, the user router LNS needs to satisfy that the number of concurrent users L2TP is greater than 10000, and the user router LNS needs to establish a physical channel with each operator.
Further, an interface of one physical channel corresponds to one operator; and the operator AAA sets the domain name and tunnel information of the user VPDN.
Further, the user router LNS sets a domain of a user VPDN and a group name of L2TP, wherein one operator corresponds to the domain of one user VPDN and one L2TP group.
Further, the user router LNS configures a radius protocol to communicate with the user AAA, the user router LNS configures a gateway of the user AAA, the user router LNS configures an address pool of a dialed user, and allocates an IP address to the user after the user authentication is successful.
Further, the user router LNS configures tunnel information, wherein one operator corresponds to one tunnel, and establishes an L2TP tunnel with the operator router LAC, and the user router LNS configures a static router to communicate with the operator
Further, the user AAA configures a user name and a password, and enables a radius process to communicate with the user router LNS, and the user AAA starts a monitoring process to monitor the status of the operator AAA.
Advantageous effects
Compared with the prior art, the technical scheme provided by the invention has the following beneficial effects:
the invention has reasonable design, can meet the access requirement by establishing a multi-access VPDN (virtual private dialing) network and only using one user router LNS under the condition of accessing by a plurality of operators, can efficiently forward network data under the condition of reducing investment cost, and can meet the safety requirement of access and the rapidity requirement of access by a user through wireless or wired access.
Drawings
Fig. 1 is a L2TP VPDN access topology;
fig. 2 is a diagram of the access topology through L2TP VPDNs of two operators;
FIG. 3 is a multi-operator L2TP VPDN access topology of the present invention;
FIG. 4 is a schematic flow chart of the present invention.
Detailed Description
In order to facilitate an understanding of the invention, the invention will now be described more fully hereinafter with reference to the accompanying drawings, in which several embodiments of the invention are shown, but which may be embodied in many different forms and are not limited to the embodiments described herein, but rather are provided for the purpose of providing a more thorough disclosure of the invention.
It will be understood that when an element is referred to as being "secured to" another element, it can be directly on the other element or intervening elements may also be present; when an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present; the terms "vertical," "horizontal," "left," "right," and the like as used herein are for illustrative purposes only.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs; the terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention; as used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
Examples
The invention establishes a multi-access VPDN (virtual private dial) network, and efficiently forwards network data under the condition of reducing investment as much as possible.
The L2TP VPDN is a VPN technology, the L2TP protocol is positioned at a data link layer, the access can be realized by PPP dial-up, and a user can access wirelessly or by wire, so that the requirement of access safety and the requirement of access rapidity are met. A typical access topology for an L2TP VPDN is shown in fig. 1.
The process of accessing the user headquarters by the physically separated users is as follows: a user initiates a dialing request, wherein the request comprises a user name and a password, and the user name comprises a specific name and a domain name; the user dialing request is firstly sent to an AAA (authentication, accounting and authorization) server of an operator to verify whether the domain name is correct, if so, a logical tunnel (tunnel) is established between an operator router (LAC) and a user router (LNS), at the moment, the specific name and the password in the user name reach the AAA for authentication, if so, the LNS allocates an ip address to the user, and the physically dispersed user successfully accesses the network of the user.
When physically distributed users belong to different operators, since the information on the user domain names on the operator AAA is not synchronized, for one operator, the user headquarters needs to add one LNS, which increases the investment of the user, as shown in fig. 2, it is a network topology where one user accesses through two operators, and because there are two operators, it is necessary to use two LNS routers.
In the present invention, under the condition of access through multiple operators, only one LNS is needed to meet the access requirement, specifically, as shown in fig. 3, the number N of operators to which a user specifically accesses is counted; the operator configures the tunnel information and the related domain name on the AAA server; the operator configures the tunnel information on the LAC router; configuring domains of N VPDN on a user LNS router, wherein one VPDN domain corresponds to an access user of an operator; configuring specific user name and password on user AAA, starting monitoring process on user AAA, and sending out real-time alarm notice when operator modifies VPDN information. The flow of the specific technical scheme is shown in fig. 4.
In this embodiment, the user LNS needs to satisfy that the number of concurrent users L2TP is greater than 10000, the user LNS needs to establish a physical channel with each operator, and one physical interface corresponds to one operator; and setting the domain name and the tunnel information of the user VPDN on the AAA of the operator.
Specifically, a domain of a user VPDN and a group name of L2TP are set on a user LNS, one operator corresponds to one domain and one L2TP group, the user LNS configures a radius protocol to communicate with a user AAA, the user LNS configures a gateway of the user AAA, the user LNS configures an address pool of a dialed user, and allocates an IP address to the user after user authentication is successful. The subscriber LNS configures tunnel information where one operator is one tunnel and the operator's LAC establishes an L2TP tunnel. And a static route is configured on the LNS for communication with an operator.
Specifically, the user AAA configures a user name and a password, and enables the radius process to communicate with the LNS, and the user AAA starts a monitoring process to monitor the status of the operator AAA.
Specifically, after the VPDN system is established, the channel bandwidth utilization rate of the user LNS and the operator, and the delay, jitter, and packet loss rate of the user ping for measuring the user AAA are all normal (2 hours for each selection) within the randomly selected 100 sample time range, which is specifically shown in table 1:
TABLE 1 test Key indicators
| Bandwidth utilization | Time delay | Dithering | Packet loss rate | |
| Is normal | <=75% | <=20ms | <=5 | <=5 |
| Measured in fact | 48% | 7ms | 3 | 2 |
In summary, the present invention has a reasonable design, and by establishing a multi-access VPDN (virtual private dial-up) network, when there are multiple operators accessing, the need of accessing can be satisfied only by using one user router LNS, and under the condition of reducing investment cost, the network data forwarding can be performed efficiently, and the user can access wirelessly or by wire, which not only satisfies the security requirement of accessing, but also satisfies the rapidity requirement of accessing, and is suitable for medium and small enterprises to build their own enterprise local area networks.
The above-mentioned embodiments only express a certain implementation mode of the present invention, and the description thereof is specific and detailed, but not construed as limiting the scope of the present invention; it should be noted that, for those skilled in the art, without departing from the concept of the present invention, several variations and modifications can be made, which are within the protection scope of the present invention; therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (7)
1. A multi-access VPDN networking method is characterized in that: the system comprises a plurality of operators and a user router LNS, wherein the operators configure tunnel information and domain names on an operator AAA, each operator configures the tunnel information on an operator router LAC, the user router LNS can be configured with a plurality of VPDN domains, one VPDN domain corresponds to an access user of the operator, a specific user name and a specific password are configured on the user AAA, a monitoring process is started on the user AAA, and when the operator modifies the VPDN information, a real-time alarm notice is sent out.
2. The multi-access VPDN networking method according to claim 1, wherein: the user router LNS needs to satisfy the condition that the number of the concurrent users of the concurrent L2TP is more than 10000, and the user router LNS needs to establish a physical channel with each operator.
3. A multi-access VPDN networking method according to claim 2, wherein: the interface of one physical channel corresponds to one operator; and the operator AAA sets the domain name and tunnel information of the user VPDN.
4. A multi-access VPDN networking method according to claim 2, wherein: the user router LNS is provided with a domain of a user VPDN and a group name of L2TP, wherein one operator corresponds to the domain of one user VPDN and one L2TP group.
5. A multi-access VPDN networking method according to claim 2, wherein: the user router LNS is configured with radius protocol to communicate with the user AAA, the user router LNS is configured with the gateway of the user AAA, the user router LNS is configured with the address pool of the dialing user, and the user is allocated with the IP address after the user authentication is successful.
6. A multi-access VPDN networking method according to claim 2, wherein: and the user router LNS configures tunnel information, wherein one operator corresponds to one tunnel, an L2TP tunnel is established with the operator router LAC, and a static router is configured on the user router LNS for communication with the operator.
7. A multi-access VPDN networking method according to claim 2, wherein: and configuring a user name and a password on the user AAA, starting a radius process to communicate with the user router LNS, and starting a monitoring process by the user AAA to monitor the state of the operator AAA.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011368827.XA CN112383561A (en) | 2020-11-30 | 2020-11-30 | Multi-access VPDN networking method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011368827.XA CN112383561A (en) | 2020-11-30 | 2020-11-30 | Multi-access VPDN networking method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112383561A true CN112383561A (en) | 2021-02-19 |
Family
ID=74588675
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011368827.XA Pending CN112383561A (en) | 2020-11-30 | 2020-11-30 | Multi-access VPDN networking method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112383561A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116170297A (en) * | 2023-04-23 | 2023-05-26 | 北京首信科技股份有限公司 | Method and device for monitoring LNS network element in network access authentication |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007033519A1 (en) * | 2005-09-20 | 2007-03-29 | Zte Corporation | A method for updating the access of virtual private dial-network dynamically |
| CN102523583A (en) * | 2011-12-07 | 2012-06-27 | 福建星网锐捷网络有限公司 | VPDN multi-access point backup access method and equipment |
| CN108810168A (en) * | 2018-07-16 | 2018-11-13 | 迈普通信技术股份有限公司 | A kind of method and L2TP Network Server of access L2TP Network Server |
| CN109600292A (en) * | 2018-12-24 | 2019-04-09 | 安徽皖通邮电股份有限公司 | A kind of LAC router initiates the method and system of L2TP Tunnel connection from dialing |
-
2020
- 2020-11-30 CN CN202011368827.XA patent/CN112383561A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007033519A1 (en) * | 2005-09-20 | 2007-03-29 | Zte Corporation | A method for updating the access of virtual private dial-network dynamically |
| CN102523583A (en) * | 2011-12-07 | 2012-06-27 | 福建星网锐捷网络有限公司 | VPDN multi-access point backup access method and equipment |
| CN108810168A (en) * | 2018-07-16 | 2018-11-13 | 迈普通信技术股份有限公司 | A kind of method and L2TP Network Server of access L2TP Network Server |
| CN109600292A (en) * | 2018-12-24 | 2019-04-09 | 安徽皖通邮电股份有限公司 | A kind of LAC router initiates the method and system of L2TP Tunnel connection from dialing |
Non-Patent Citations (5)
| Title |
|---|
| ZHENGYI LIU: "Communication Between Remote LANs Based on L2TP", 《2018 IEEE 9TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND SERVICE SCIENCE (ICSESS)》 * |
| 李梦: "4G VPDN免认证应急机制的方案设计与实现", 《邮电设计技术》 * |
| 李梦: "基于物联网的VPDN专网应用的配置与实现", 《广东通信技术》 * |
| 熊沁晗等: "基于多运营商和多接入的VPDN网络研究", 《科技创新导报》 * |
| 陶骏等: "基于FDD-LTE 4G技术的无线VPDN网络构建", 《廊坊师范学院学报 (自然科学版)》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116170297A (en) * | 2023-04-23 | 2023-05-26 | 北京首信科技股份有限公司 | Method and device for monitoring LNS network element in network access authentication |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2624525B1 (en) | Method, apparatus and virtual private network system for issuing routing information | |
| US8195950B2 (en) | Secure and seamless wireless public domain wide area network and method of using the same | |
| US9191278B2 (en) | System and method for locating offending network device and maintaining network integrity | |
| CN100583773C (en) | Method and device for controlling data link layer elements with network layer elements | |
| RU2520380C2 (en) | Method and system for dynamic service coordination with homogeneous protective control plane in wireless network | |
| US8332525B2 (en) | Dynamic service groups based on session attributes | |
| US9674030B2 (en) | Methods and apparatus for a common control protocol for wired and wireless nodes | |
| JP4769815B2 (en) | Restricted WLAN access for unknown wireless terminals | |
| EP1886447B1 (en) | System and method for authentication of sp ethernet aggregation networks | |
| US20090109946A1 (en) | Open-Host Wireless Access System | |
| CN106131068B (en) | The system and method that user independently selects domain name system DNS parsing route | |
| US7630386B2 (en) | Method for providing broadband communication service | |
| CN1992637B (en) | Wimax network control and management system and method | |
| WO2007071002A1 (en) | Method and system for testing a connection | |
| WO2007006200A1 (en) | A method and system for realizing the access management of the network devices | |
| CN106027491A (en) | Independent link type communication processing method and system based on isolated IP (Internet Protocol) address | |
| CN110611893B (en) | Extending subscriber services for roaming wireless user equipment | |
| CN112383561A (en) | Multi-access VPDN networking method | |
| WO2015090035A1 (en) | Network resource sharing processing and sharing method, device and system | |
| CN100370768C (en) | Method for triggering user IP address assignment | |
| JP2007150633A (en) | Wireless lan access point, ip address management method using the same, and management program | |
| JP4776582B2 (en) | Network system and aggregation device | |
| CN102843379B (en) | A kind of authenticating network towards multiple access pattern | |
| EP2852242B1 (en) | Session establishment method and device | |
| CN100488192C (en) | Method for implementing dedicated network access by using PPPOE protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210219 |