WO2007033519A1 - A method for updating the access of virtual private dial-network dynamically - Google Patents

A method for updating the access of virtual private dial-network dynamically Download PDF

Info

Publication number
WO2007033519A1
WO2007033519A1 PCT/CN2005/001516 CN2005001516W WO2007033519A1 WO 2007033519 A1 WO2007033519 A1 WO 2007033519A1 CN 2005001516 W CN2005001516 W CN 2005001516W WO 2007033519 A1 WO2007033519 A1 WO 2007033519A1
Authority
WO
WIPO (PCT)
Prior art keywords
protocol
server
point
network
tunnel
Prior art date
Application number
PCT/CN2005/001516
Other languages
French (fr)
Chinese (zh)
Inventor
Jing Luo
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Priority to PCT/CN2005/001516 priority Critical patent/WO2007033519A1/en
Priority to CN200580051258.3A priority patent/CN101228765B/en
Publication of WO2007033519A1 publication Critical patent/WO2007033519A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/40Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection

Definitions

  • the present invention relates to a method for maintaining and managing a service of a broadband virtual dial-up access network (VIP) in a communication field, and specifically relates to providing a broadband vpdn service dynamic in a broadband access network. How to refresh the service.
  • VIP virtual dial-up access network
  • the broadband vpdn network structure in the prior art is divided according to the access layer, the aggregation layer and the backbone layer.
  • the broadband vpdn access network is accessed by the vpdn user access network, and the broadband access server of the convergence layer.
  • the LAC is composed of an LNS server that accesses the public IP network.
  • the access services of the broadband users are authenticated, the L2TP tunnel service selection and other access services are mainly performed by the broadband access server in the network.
  • the LNS completes the L2TP tunnel termination and the configuration management of the private IP address of the vpdn user.
  • the prior art broadband vpdn networks basically adopt a tunneling technology based on the L2TP (Layer 2 Tunneling Protocol) standard protocol.
  • a broadband access server that can complete the LAC (L2TP access aggregation) function at the aggregation layer, completes various aggregation access services for vpdn users, and places a vpdn gateway that can complete the LNS (L2TP network server) function in the private network of the enterprise.
  • these vpdn gateways usually complete the security protection function for the user data stream, and the vpdn gateway directly accesses the IP public network.
  • multiple LNS servers are usually configured. These LNS servers use the load balancing or priority mode to implement tunnel termination processing for vpdn users.
  • the networking application of multiple LNSs is implemented based on the priority mode.
  • a typical broadband access server processes a vpdn user PPP session access service software processing flowchart, which mainly includes three stages of PPP link negotiation, A authentication authorization, L2TP tunnel establishment, and PPP data transmission, involving PPP.
  • Protocol processing three software modules such as AAA and vpdn.
  • vpdn calls the user for the first time.
  • the LAC first selects a tunnel connection with the high-priority LNS based on the configuration data of the LNS.
  • the vpdn user can access the private network. Then, if the LAC detects the tunnel connection with the LNS. An exception occurs. The LAC clears the tunnel connection with the LNS and notifies the vpdn dial-up user to disconnect the PPP (point-to-point protocol). After the user discovers that the PPP connection is disconnected, the user needs to initiate a vpdn call to the LAC again. When the LNS communication is abnormal, the tunnel connection is established with the standby LNS. The user can continue to access the enterprise private network service.
  • PPP point-to-point protocol
  • the disadvantage of this method is that the event that the LAC establishes a tunnel connection with the standby LNS must be triggered by the vpdn user to call again, thereby causing vpdn user communication. Interrupt, the user needs to repeat the negotiation process of the ppp call multiple times. Even if the enterprise network is configured with multiple LNS servers, the user cannot implement the dynamic tunnel server selection function, and this method always needs to first and the abnormal primary LNS when each vpdn user initiates a new call. Establish a tunnel connection and establish a tunnel connection with the standby LNS after the establishment fails. This consumes LAC and network communication resources, and also makes the user vpdn call connection processing efficiency low. In the case of a large number of vpdn users, this situation more serious.
  • the object of the present invention is to provide a method for implementing dynamic update of a virtual dial-up access network, and to improve dynamic tunnel update and maintenance management for a broadband vpdn access user by improving the L2TP processing technology of the existing broadband access service device.
  • the method of the present invention can complete the switching of the tunnel connection from the primary to the standby LNS in the event that the primary LNS is abnormal, without interrupting the ppp connection of the vpdn user, and providing a transparent tunnel selection function for the vpdn user. To improve the quality of the connection service of the vpdn user, to reduce the burden of the LAC tunnel connection processing, and to provide real-time high-reliability services to the vpdn users.
  • a method for implementing dynamic update of access of a virtual dial-up access network includes the following steps:
  • the broadband access server of the aggregation layer clears the tunnel connection established with the primary network server after detecting that the primary network server has a communication abnormality
  • the broadband access server of the aggregation layer processes the IP address of the standby network server by using a point-to-point protocol, and the communication of the subsequent broadband virtual dial-up access network user The packet is first mapped to the IP address through the point-to-point protocol port, and then the Layer 2 tunnel protocol tunnel connection is processed.
  • step b) further comprises:
  • the broadband access server of the aggregation layer sends the proxy link negotiation protocol and the authentication information to the standby network server when negotiating the establishment of the layer 2 tunneling tunnel session with the standby network server;
  • the standby network server when receiving the point-to-point protocol negotiation information, the standby network server adopts a point-to-point protocol processing, completes a point-to-point protocol connection establishment for the user, and obtains broadband access to the aggregation layer
  • the server sends a network negotiation protocol packet to complete the user's address allocation operation.
  • step c) further comprises:
  • the broadband access server at the aggregation layer performs AAA authentication to obtain the tunnel configuration information of the layer 2 tunnel protocol, including configuration data of the primary and backup network servers.
  • the broadband access server of the aggregation layer establishes a layer 2 tunnel protocol tunnel connection and session according to the priority according to the Layer 2 tunnel protocol tunnel information returned by the authentication, and after the tunnel establishment is completed, the broadband virtual dialing Access network users access services within the enterprise.
  • step a) and the step b) further comprise:
  • the broadband access server of the aggregation layer detects whether the tunnel connection with the primary network server is normal. When the tunnel of the Layer 2 tunnel protocol is abnormal, the broadband access server of the aggregation layer is cleared and The tunnel connection information established by the primary network server is based on the standby network server configuration information returned by the A authentication, and the broadband access server at the aggregation layer initiates a tunnel connection establishment to the standby network server.
  • step c) further comprises:
  • the broadband access server of the aggregation layer forwards the proxy link negotiation protocol and the authentication information to the standby network server by using the incoming connection message, and the standby network server receives the proxy
  • the link negotiation protocol and the authentication information are processed by using a point-to-point protocol, and the point-to-point protocol module on the standby network server completes the proxy link negotiation protocol and the authentication process, and then sends a network negotiation to the broadband access server at the aggregation layer.
  • the protocol packet completes the configuration of the broadband virtual dial-up access network user IP address;
  • the broadband access server of the aggregation layer uses the point-to-point protocol to process the INTERNET protocol control negotiation protocol message, and the local-to-point protocol module acts as the broadband virtual dial-up access network user INTERNET protocol control negotiation protocol proxy.
  • the broadband access server of the aggregation layer uses the point-to-point protocol to process the INTERNET protocol control negotiation protocol message, and the local-to-point protocol module acts as the broadband virtual dial-up access network user INTERNET protocol control negotiation protocol proxy.
  • step cl further includes:
  • the proxy link negotiation protocol authentication function is enabled on the peer primary and backup network servers.
  • the invention provides a method for realizing dynamic update of access of a virtual dial-up access network.
  • the method for dynamic update of the L2TP tunnel is used to realize real-time access to the internal network service of the vpdn user. Protection, L2TP is completed without the terminal vpdn user re-initiating a ppp call The active/standby switchover of the tunnel connection.
  • the LNS is completely transparent to the terminal vpdn user when an abnormality occurs. The user access service is not affected. Therefore, the reliability of the vpdn user access connection and the connection service quality are improved, and the broadband is reduced.
  • the tunnel processing load of the access server has no special requirements for the LNS, and has no impact on the architecture of the existing vpdn network; its implementation is simple and does not increase the cost of the original product.
  • FIG. 1 is a schematic diagram of a typical broadband vpdn access network structure network topology
  • FIG. 2 is a flowchart of a typical broadband access server processing a vpdn user PPP session access service software
  • FIG. 3 is a broadband access server software for a vpdn user supporting a dynamic L2TP tunnel update operation to complete a PPP session access service in the method of the present invention
  • the method for realizing the dynamic update of the access of the virtual dial-up access network, which implements the dynamic update of the L2TP tunnel the core idea is: as the broadband access server of the LAC, after detecting the communication abnormality of the active LNS, clear and The tunnel connection established by the primary LNS is used to initiate a tunnel connection establishment request with the standby LNS according to the LNS configuration information obtained by the previous vpdn user authentication.
  • the proxy LCP link negotiation
  • the protocol and the authentication information are sent to the standby LNS.
  • the standby LNS completes the ppp connection establishment of the user through the local ppp protocol, and completes the address allocation operation of the user by sending the NCP packet to the LAC.
  • the LAC After receiving the NCP (Network Negotiation Protocol) packet, the LAC forwards it to the local PPP of the LAC for processing.
  • the PPP records the IP address of the standby LNS.
  • the subsequent communication packets of the vpdn user are first mapped to the IP address through the ppp port, and then the L2TP is performed. Handling of tunnel connections. Other ppp control messages in the communication process only need L2TP tunnel processing.
  • the technical solution requires the LAC to support the priority-based LNS group function and the proxy LCP authentication processing function.
  • the LNS supports the proxy LCP and the authentication processing function. Currently, most LNS devices support this function. Others have no special requirements and are processed by the standard LNS. The same way.
  • the implementation scheme for implementing dynamic update of the L2TP tunnel on the LAC in the method of the present invention includes:
  • the aggregation layer LAC performs AAA authentication to obtain L2TP tunnel configuration information, including the configuration data of the primary and backup LNS.
  • the LAC establishes an L2TP tunnel connection and session with the internal LNS server based on the priority of the L2TP tunnel information returned by the authentication. After the tunnel is established, the vpdn user can access the internal services of the enterprise. During the user access service, the LAC The L2TP hello packet is sent to check whether the tunnel connection with the peer LNS is normal. When the L2TP tunnel is abnormal, the LAC clears the tunnel connection information established with the active LNS and returns the standby LNS configuration information according to the MA authentication. The LAC initiates a tunnel connection to the standby LNS. During the L2TP session negotiation, the LAC forwards the proxy LCP and the authentication information to the standby LNS through the incoming CNCN packet.
  • the LAC delivers the authentication information to the standby LNS.
  • the PPP on the standby LNS completes the LCP and the authentication process, and sends an NCP packet to the LAC to complete the configuration of the vpdn user IP address.
  • the LAC receives the IPCP packet from the Internet Protocol Control Negotiation Protocol, the LAC sends the packet to the local PPP.
  • local ppp as the vpdn user IPCP proxy completes with the local LNS of the standby LNS
  • the pp NCP negotiation process records the IP address corresponding to the ppp port.
  • the ppp packet is processed by the PPP port and IP address mapping processing and L2TP protocol encapsulation on the LAC.
  • Other PPP keepalives, LCP control packets only need to be processed by the L2TP protocol on the LAC.
  • the service subsystem of the broadband access server of the method of the present invention mainly includes the following parts:
  • the PPP protocol is used to terminate the PPP session connection initiated by the user, and the AAA (Authentication and Accounting Authorization) authentication and authorization module is used. It is used to authenticate and charge users.
  • the L2TP-based vpdn protocol processing module is used to maintain vpdn user L2TP tunnels and session connections.
  • a vpdn user initiates a PPP session connection request.
  • the PPP module requests the AAA to perform the authentication.
  • the AAA sends the user account information to the radius server radius server according to the DOMAIN value in the user name USERNAME@DOMAIN to obtain the primary and backup LNS configurations bound to the user according to the user information. Information, then sent to LA (:.
  • the PPP After determining that the vpdn access request service is based on the return information, the PPP requests the vpdn protocol processing module to establish L2TP. Tunnel and session connections. At the same time, the proxy LCP and authentication information negotiated by the PPP module and the vpdn user are handed over to the vpdn module.
  • the Vpdn module first establishes a tunnel and session connection with the active LNS based on the L2TP tunnel configuration information (mainly the IP address of the remote LNS).
  • the primary LNS assigns an IP1 address to the user.
  • the Vpdn module periodically sends an L2TP hello packet to the primary LNS to detect the status of the tunnel connection with the active LNS.
  • the Vpdn module clears the tunnel connection established with the active LNS, and then establishes an L2TP tunnel connection with the standby LNS according to the standby LNS configuration information returned by the authentication.
  • the vpdn module sends the ICCN to the LNS
  • the proxy LCP and the authentication information are encapsulated in a packet and sent to the standby LNS.
  • the standby LNS forwards the proxy LCP and authentication information to its own PPP protocol.
  • the PPP protocol sends an IPCP control packet to the LAC, and assigns the new IP2 address to the vpdn user.
  • the vpdn module on the LAC forwards the IPCP packet to the PPP module.
  • the PPP module serves as the user IPCP proxy to negotiate with the IPCP of the PNS on the LNS. Finally record the IP2 assigned by the alternate LNS.
  • the PPP module establishes a mapping of ppp ports to IP2 addresses.
  • the LAC needs to go through the LAC.
  • the PPP port of the PPP module is mapped to the IP2 address.
  • the source IP address of the IP packet is translated from IP1 to IP2 and sent to the LNS.
  • the downstream direction needs to be mapped from the tunnel to the IP1 address through the vpdn module.
  • the IP2 address is restored to the IP1 address.
  • the L2TP tunnel encapsulation of the vpdn module is handled in the same way as the general case.
  • the ppp control packet sent by the vpdn user only needs to complete the L2TP tunnel encapsulation process of the vpdn module when passing through the LAC.
  • vpdn when a vpdn service is implemented in a large and medium-sized enterprise network, in order to meet the needs of more vpdn users to access the intranet, two LNS servers are configured.
  • the general LAC is required to disconnect the L2TP from the active LNS.
  • the vpdn user is notified to disconnect the ppp connection, and then the vpdn user initiates the ppp call again, triggering the LAC to complete the L2TP tunnel connection with the standby LNS.
  • the technical solution of the present invention utilizes the proxy LCP and the authentication function defined in the L2TP standard to complete the dynamic update of the L2TP tunnel from the primary LNS to the standby LNS through the mapping between the ppp port and the IP address.
  • the vpdn access domain is configured on the broadband access server LAC, and the AAA authentication mode is set to the radius remote mode.
  • the PPP call processing function is enabled on the interface accessed by the user, and the vpdn call processing function is enabled.
  • LNS configuration information is bound.
  • the proxy LCP and authentication function switches are turned on on the primary and backup LNSs.
  • the PPP0E access user is used as an example.
  • the software processing steps on the broadband access server are as follows:
  • the user performs LCP negotiation with the PPP module.
  • PPP passes the USERNAME@DOMAIN from the user to the MA module for authentication.
  • the AAA module sends the user account USERNAME@DOMAIN information to the remote radius server according to DOMAIN.
  • the radius server obtains the configuration information of the primary LNS and the standby LNS according to the user input DOMAIN, including the ip address, tunnel password and priority.
  • the information is returned to the AAA module, and the AAA module is forwarded to the PPP module.
  • the PPP judges that after the L2TP access service, the vpdn module is requested to establish an L2TP session connection, and the primary LNS and the alternate LNS configuration information and the proxy LCP and the authentication information are forwarded to the vpdn module.
  • the Vpdn module first establishes a tunnel connection with the active LNS according to the tunnel configuration information. After the tunnel is established, the vpdn user completes the IPCP negotiation process with the active LNS to obtain the IP1 address. The user uses the IP1 address to access the internal service.
  • the Vpdn module can detect the abnormality of the tunnel connection of the primary LNS by sending an L2TP hello packet periodically. After the connection is abnormal, the vpdn actively clears the tunnel information with the active LNS and the configuration information of the standby LNS tunnel forwarded by the ppp. Initiate a tunnel connection request with the alternate LNS.
  • the Ppp module After receiving the IPCP negotiation packet, the Ppp module starts the IPCP proxy function and completes the IPCP negotiation process with the standby LNS. Finally, the standby LNS allocates the IP2 address to the ppp module.
  • the PPP module records the IP2 address and completes the binding of the ppp port to the IP2 address.
  • Vpdn users send ppp packets through the PPP port of the PPP module to the IP2 address mapping and tunneling to the IP1 address mapping process, and the L2TP encapsulation process of the vpdn module.
  • the Ppp control packet sent by the Vpdn user can be sent to the standby LNS only after being processed by the L2TP encapsulation of the vpdn module.
  • the vpdn connection can be continued without changing the user's private IP1 address.
  • the broadband vpdn service is provided to large and medium-sized enterprises, and the existing access service equipment does not involve hardware changes, but the software method is improved, and there is no special for the LNS server.
  • the change request is implemented.
  • the vpdn user completes the switchover of the L2TP tunnel connection from the active LNS to the standby LNS without interrupting the service, which improves the reliability of the service connection of the vpdn user to some extent. It also reduces the burden on the access server to handle the L2TP tunnel connection.
  • This L2TP tunnel dynamic maintenance management method is a cost-effective and practical broadband vpdn service implementation management method.

Abstract

A method for updating the cut-in of VPDN dynamically comprises after detecting some faults in a master network server, the wideband accessing server of the said aggregation layer removes the tunnel connection with the master network server. The wideband accessing server transmits a tunnel connection estabilishing request to an backup network server according to the network server configuration information acquired by the authentication of a wideband VPDN subscriber. After receiving a network negotiation protocol message, the wideband accessing server of the said aggregation layer uses a local PPP to record an IP address assigned by the backup network server. The communication message of the subsequent wideband VPDN subscriber have been mapped between the a PPP port and the IP address, and then uses the L2TP to set up the tunnel connection. The method improves the reliability and QoS of the VPDN subscriber access connection, and reduces tunnel working load of the wideband cut-in server.

Description

一种实现虚拟拨号接入网络的接入动态更新的方法 技术领域  Method for realizing dynamic update of access of virtual dial-up access network
本发明涉及通讯领域中的一种对宽带虚拟拨号接入网络 (Virtual Private Dial-Network, 以下简称 vpdn)业务维护管理的方法, 具体涉及的是, 一种宽带接入网 络中提供宽带 vpdn业务动态刷新服务的方法。 背景技术  The present invention relates to a method for maintaining and managing a service of a broadband virtual dial-up access network (VIP) in a communication field, and specifically relates to providing a broadband vpdn service dynamic in a broadband access network. How to refresh the service. Background technique
现有技术中的宽带 vpdn网络结构是按照接入层, 汇聚层和骨干层来划分的, 如图 1 所示的, 宽带 vpdn接入网由 vpdn用户接入网, 汇聚层的宽带接入服务器 LAC和接入公 共 IP网络的 LNS服务器组成。宽带用户的认证,授权和计费, L2TP隧道服务选择等各种 接入业务主要由网络中宽带接入服务器来完成, LNS完成 L2TP隧道终结和 vpdn用户私有 IP地址的配置管理。现有技术的宽带 vpdn网络基本上都采用基于 L2TP (二层隧道协议) 标准协议的隧道技术。 在汇聚层放置可以完成 LAC (L2TP接入汇聚)功能的宽带接入服 务器, 完成对 vpdn用户的各种汇聚接入服务, 在企业私网内部放置可以完成 LNS (L2TP 网络服务器) 功能的 vpdn网关, 这些 vpdn网关除了完成隧道功能之外, 通常还完成对 用户数据流的安全防护功能, vpdn网关直接接入 IP公网。一般对于大中型企业网络,考 虑到 vpdn用户接入数量和 vpn业务使用的安全可靠性, 通常会配置多个 LNS服务器,这 些 LNS服务器采用负荷分担或优先级方式实现对 vpdn用户的隧道终结处理, 目前在业务 实际开展应用当中, 基本上都是采用基于优先级方式来实施多个 LNS的组网应用情况。  The broadband vpdn network structure in the prior art is divided according to the access layer, the aggregation layer and the backbone layer. As shown in FIG. 1, the broadband vpdn access network is accessed by the vpdn user access network, and the broadband access server of the convergence layer. The LAC is composed of an LNS server that accesses the public IP network. The access services of the broadband users are authenticated, the L2TP tunnel service selection and other access services are mainly performed by the broadband access server in the network. The LNS completes the L2TP tunnel termination and the configuration management of the private IP address of the vpdn user. The prior art broadband vpdn networks basically adopt a tunneling technology based on the L2TP (Layer 2 Tunneling Protocol) standard protocol. A broadband access server that can complete the LAC (L2TP access aggregation) function at the aggregation layer, completes various aggregation access services for vpdn users, and places a vpdn gateway that can complete the LNS (L2TP network server) function in the private network of the enterprise. In addition to completing the tunnel function, these vpdn gateways usually complete the security protection function for the user data stream, and the vpdn gateway directly accesses the IP public network. Generally, for large and medium-sized enterprise networks, in consideration of the number of vpdn users and the security and reliability of vpn services, multiple LNS servers are usually configured. These LNS servers use the load balancing or priority mode to implement tunnel termination processing for vpdn users. Currently, in the actual application of the service, basically, the networking application of multiple LNSs is implemented based on the priority mode.
如图 2所示是典型的宽带接入服务器处理 vpdn用户 PPP会话接入服务软件处理流程 图, 其主要包括 PPP链路协商, A认证授权, L2TP隧道建立和 PPP数据传输三个阶段, 涉及 PPP协议处理, AAA和 vpdn等三个软件模块。 按照目前通常做法, 在基于优先级的 两台 LNS组网情况下, 一台处理能力强一些的作为主用 LNS服务器, 一台处理能力弱一 些的作为备用 LNS服务器, vpdn呼叫用户在第一次 vpdn呼叫过程中, LAC根据 LNS的配 置数据首先选择与高优先级的主用 LNS建立隧道连接, 在连接建立完成后, vpdn用户可 以访问企业私网, 之后如果 LAC检测到与 LNS之间隧道连接出现异常, LAC会清除与 LNS 的隧道连接, 同时通知 vpdn拨号用户断开 PPP (点到点协议)连接, 用户发现 PPP连接 断开后需要重新向 LAC发起 vpdn呼叫, 此时 LAC在发现主用 LNS通信异常时, 会与备用 LNS完成隧道连接建立,用户可以继续访问企业私网服务。这种方式的缺点是 LAC与备用 LNS建立隧道连接的事件必须由 vpdn用户再次呼叫来触发,由此会造成 vpdn用户通信的 中断, 需要用户多次重复进行 ppp呼叫的协商过程。 即使在企业网络配置了多个 LNS服 务器情况下, 用户也无法实现动态的隧道服务器选择功能, 而且这种做法在每次 vpdn用 户发起新呼叫时, LAC总是需要首先与已经异常的主用 LNS建立隧道连接,在建立失败后 才与备用 LNS建立隧道连接, 这样既消耗了 LAC和网络通信资源, 也造成用户 vpdn呼叫 连接处理效率较低, 在 vpdn用户数量较多的情况下, 这种情况更加严重。 As shown in FIG. 2, a typical broadband access server processes a vpdn user PPP session access service software processing flowchart, which mainly includes three stages of PPP link negotiation, A authentication authorization, L2TP tunnel establishment, and PPP data transmission, involving PPP. Protocol processing, three software modules such as AAA and vpdn. According to the current common practice, in the case of two LNS networking based on priority, one processing power is stronger as the primary LNS server, and one processing power is weaker as the standby LNS server, vpdn calls the user for the first time. During the vpdn call, the LAC first selects a tunnel connection with the high-priority LNS based on the configuration data of the LNS. After the connection is established, the vpdn user can access the private network. Then, if the LAC detects the tunnel connection with the LNS. An exception occurs. The LAC clears the tunnel connection with the LNS and notifies the vpdn dial-up user to disconnect the PPP (point-to-point protocol). After the user discovers that the PPP connection is disconnected, the user needs to initiate a vpdn call to the LAC again. When the LNS communication is abnormal, the tunnel connection is established with the standby LNS. The user can continue to access the enterprise private network service. The disadvantage of this method is that the event that the LAC establishes a tunnel connection with the standby LNS must be triggered by the vpdn user to call again, thereby causing vpdn user communication. Interrupt, the user needs to repeat the negotiation process of the ppp call multiple times. Even if the enterprise network is configured with multiple LNS servers, the user cannot implement the dynamic tunnel server selection function, and this method always needs to first and the abnormal primary LNS when each vpdn user initiates a new call. Establish a tunnel connection and establish a tunnel connection with the standby LNS after the establishment fails. This consumes LAC and network communication resources, and also makes the user vpdn call connection processing efficiency low. In the case of a large number of vpdn users, this situation more serious.
因此, 现有技术存在缺陷, 而有待于改进和发展。 发明内容  Therefore, the prior art has drawbacks that need to be improved and developed. Summary of the invention
本发明的目的提供一种实现虚拟拨号接入网络的接入动态更新的方法, 通过改进现 有宽带接入服务设备的 L2TP处理技术, 提供对宽带 vpdn接入用户实现动态隧道更新和 维护管理, 采用本发明方法可以实现在主用 LNS出现异常的情况下, 完成将隧道连接从 主用倒换到备用 LNS上, 其间不需要中断 vpdn用户的 ppp连接, 为 vpdn用户提供一种 透明的隧道选择功能,提髙 vpdn用户的连接服务质量,以减轻 LAC的隧道连接处理负担, 为给 vpdn用户提供实时的高可靠性业务。  The object of the present invention is to provide a method for implementing dynamic update of a virtual dial-up access network, and to improve dynamic tunnel update and maintenance management for a broadband vpdn access user by improving the L2TP processing technology of the existing broadband access service device. The method of the present invention can complete the switching of the tunnel connection from the primary to the standby LNS in the event that the primary LNS is abnormal, without interrupting the ppp connection of the vpdn user, and providing a transparent tunnel selection function for the vpdn user. To improve the quality of the connection service of the vpdn user, to reduce the burden of the LAC tunnel connection processing, and to provide real-time high-reliability services to the vpdn users.
本发明的技术方案如下:  The technical solution of the present invention is as follows:
一种实现虚拟拨号接入网络的接入动态更新的方法, 包括以下步骤:  A method for implementing dynamic update of access of a virtual dial-up access network includes the following steps:
a)、 汇聚层的宽带接入服务器在检测到主用网络服务器出现通信异常后, 清除与主 用网络服务器建立的隧道连接;  a), the broadband access server of the aggregation layer clears the tunnel connection established with the primary network server after detecting that the primary network server has a communication abnormality;
b)、 根据宽带虛拟拨号接入网络用户认证后得到的网络服务器配置信息, 与备用网 络服务器发起隧道连接建立请求;  b), according to the network server configuration information obtained after the broadband virtual dial-up access network user authentication, initiate a tunnel connection establishment request with the standby network server;
c)、 所述汇聚层的宽带接入服务器在接收到网络协商协议报文后, 采用点到点协议 来处理, 记录所述备用网络服务器的 IP地址, 后续宽带虚拟拨号接入网络用户的通信报 文先经过点到点协议端口到 IP地址映射, 之后再进行二层隧道协议隧道连接的处理。  c), after receiving the network negotiation protocol packet, the broadband access server of the aggregation layer processes the IP address of the standby network server by using a point-to-point protocol, and the communication of the subsequent broadband virtual dial-up access network user The packet is first mapped to the IP address through the point-to-point protocol port, and then the Layer 2 tunnel protocol tunnel connection is processed.
所述的方法, 其中, 所述步骤 b)还包括:  The method, wherein the step b) further comprises:
bl )、 所述汇聚层的宽带接入服务器在与所述备用网络服务器进行二层隧道协议隧道 会话的建立协商时, 将代理链路协商协议和认证信息发送给所述备用网络服务器;  Bl), the broadband access server of the aggregation layer sends the proxy link negotiation protocol and the authentication information to the standby network server when negotiating the establishment of the layer 2 tunneling tunnel session with the standby network server;
b2)、 所述备用网络服务器在接收到这些点到点协议协商信息时, 采用点到点协议处 理 ,·完成对用户的点到点协议连接建立, 同时通过向所述汇聚层的宽带接入服务器发送 网络协商协议包完成用户的地址分配操作。  B2), when receiving the point-to-point protocol negotiation information, the standby network server adopts a point-to-point protocol processing, completes a point-to-point protocol connection establishment for the user, and obtains broadband access to the aggregation layer The server sends a network negotiation protocol packet to complete the user's address allocation operation.
所述的方法, 其中, 所述步骤 c)还包括:  The method, wherein the step c) further comprises:
cl)、汇聚层的宽带接入服务器上配置服务域信息、点到点协议接入和 AAA认证信息; c2)、 宽带虚拟拨号接入网络用户在发起点到点协议呼叫时, 汇聚层的宽带接入服务 器进行 AAA认证得到二层隧道协议隧道配置信息, 其中包括所述主、 备用网络服务器的 配置数据; Cl), configuring service domain information, point-to-point protocol access, and AAA authentication information on the broadband access server of the aggregation layer; C2) When the broadband virtual dial-up access network user initiates a point-to-point protocol call, the broadband access server at the aggregation layer performs AAA authentication to obtain the tunnel configuration information of the layer 2 tunnel protocol, including configuration data of the primary and backup network servers. ;
c3)、 所述汇聚层的宽带接入服务器根据认证返回的二层隧道协议隧道信息, 按照优 先级与主用网络服务器建立二层隧道协议隧道连接和会话, 在隧道建立完成之后, 宽带 虛拟拨号接入网络用户访问企业内部的服务。  C3), the broadband access server of the aggregation layer establishes a layer 2 tunnel protocol tunnel connection and session according to the priority according to the Layer 2 tunnel protocol tunnel information returned by the authentication, and after the tunnel establishment is completed, the broadband virtual dialing Access network users access services within the enterprise.
所述的方法, 其中, 所述步骤 a)和步骤 b)还包括:  The method, wherein the step a) and the step b) further comprise:
在用户访问服务过程中, 所述汇聚层的宽带接入服务器检测与对 主用网络服务器 的隧道连接是否正常, 在检测到二层隧道协议隧道异常时, 该汇聚层的宽带接入服务器 清除与该主用网络服务器建立的隧道连接信息, 根据 A 认证返回的备用网络服务器配 置信息, 汇聚层的宽带接入服务器向备用网络服务器发起隧道连接建立。  During the access process of the user, the broadband access server of the aggregation layer detects whether the tunnel connection with the primary network server is normal. When the tunnel of the Layer 2 tunnel protocol is abnormal, the broadband access server of the aggregation layer is cleared and The tunnel connection information established by the primary network server is based on the standby network server configuration information returned by the A authentication, and the broadband access server at the aggregation layer initiates a tunnel connection establishment to the standby network server.
所述的方法, 其中, 所述步骤 c)还包括:  The method, wherein the step c) further comprises:
c4)、 在二层隧道协议会话协商过程中, 汇聚层的宽带接入服务器通过呼入连接报文 将代理链路协商协议和认证信息转发给所述备用网络服务器, 备用网络服务器在接收到 代理链路协商协议和认证信息时, 采用点到点协议来处理, 所述备用网络服务器上点到 点协议模块完成代理链路协商协议和认证处理后, 向汇聚层的宽带接入服务器发送网络 协商协议报文完成宽带虚拟拨号接入网络用户 IP地址配置;  C4), during the negotiation process of the Layer 2 tunnel protocol session, the broadband access server of the aggregation layer forwards the proxy link negotiation protocol and the authentication information to the standby network server by using the incoming connection message, and the standby network server receives the proxy The link negotiation protocol and the authentication information are processed by using a point-to-point protocol, and the point-to-point protocol module on the standby network server completes the proxy link negotiation protocol and the authentication process, and then sends a network negotiation to the broadband access server at the aggregation layer. The protocol packet completes the configuration of the broadband virtual dial-up access network user IP address;
c5)、 汇聚层的宽带接入服务器在收到 INTERNET协议控制协商协议报文时, 采用点 到点协议来处理,本地点到点协议模块作为宽带虚拟拨号接入网络用户 INTERNET协议控 制协商协议代理完成与备用网络服务器的本地点到点协议的网络协商协议协商过程, 同 时记录下该点到点协议端口对应的 IP地址。  C5), the broadband access server of the aggregation layer uses the point-to-point protocol to process the INTERNET protocol control negotiation protocol message, and the local-to-point protocol module acts as the broadband virtual dial-up access network user INTERNET protocol control negotiation protocol proxy. Complete the network negotiation protocol negotiation process of the local-to-point protocol with the standby network server, and record the IP address corresponding to the point-to-point protocol port.
所述的方法, 其中, 所述步骤 cl )还包括:  The method, wherein the step cl) further includes:
cll )、 配置宽带虚拟拨号接入网络用户认证方式为远端 radius认证方式, 在用户接 入端口上打开点到点协议呼叫处理功能, 打开二层隧道协议功能开关;  Cll), configure the broadband virtual dial-up access network user authentication mode as the remote radius authentication mode, open the point-to-point protocol call processing function on the user access port, and open the Layer 2 tunnel protocol function switch;
cl2)、 在远程接入拨号用户认证服务器上配置宽带虚拟拨号接入网络用户帐号, 同 时配置与该帐号绑定的主用和备用网络服务器配置信息, 包括网络服务器 IP地址, 隧道 密码和优先级;  Cl2), configure the broadband virtual dial-up access network user account on the remote access dial-up user authentication server, and configure the configuration information of the primary and backup network servers bound to the account, including the network server IP address, tunnel password and priority. ;
cl3)、 对端主、 备用网络服务器上将代理链路协商协议认证功能打开。  Cl3), the proxy link negotiation protocol authentication function is enabled on the peer primary and backup network servers.
本发明所提供的一种实现虚拟拨号接入网络的接入动态更新的方法, 由于在宽带 vpdn网络结构中, 采用 L2TP隧道动态更新的方法, 实现了对 vpdn用户在访问企业内部 网络服务的实时保护,在不需要终端 vpdn用户重新发起 ppp呼叫的情况下,完成了 L2TP 隧道连接的主备倒换, LNS在出现异常时对终端 vpdn用户完全是透明不可知的, 用户访 问服务不会受到影响, 因此提高了 vpdn用户访问连接的可靠性和连接服务质量, 且降低 了宽带接入服务器的隧道处理负担, 对 LNS也没有特殊的要求, 对现有 vpdn网络的架构 没有影响; 其实现简单, 不会增加原有产品的成本。 附图说明 The invention provides a method for realizing dynamic update of access of a virtual dial-up access network. In the broadband vpdn network structure, the method for dynamic update of the L2TP tunnel is used to realize real-time access to the internal network service of the vpdn user. Protection, L2TP is completed without the terminal vpdn user re-initiating a ppp call The active/standby switchover of the tunnel connection. The LNS is completely transparent to the terminal vpdn user when an abnormality occurs. The user access service is not affected. Therefore, the reliability of the vpdn user access connection and the connection service quality are improved, and the broadband is reduced. The tunnel processing load of the access server has no special requirements for the LNS, and has no impact on the architecture of the existing vpdn network; its implementation is simple and does not increase the cost of the original product. DRAWINGS
图 1是典型的宽带 vpdn接入网结构网络拓扑示意图;  1 is a schematic diagram of a typical broadband vpdn access network structure network topology;
图 2是典型的宽带接入服务器处理 vpdn用户 PPP会话接入服务软件处理流程图; 图 3是本发明方法中支持动态 L2TP隧道更新操作的 vpdn用户完成 PPP会话接入服 务的宽带接入服务器软件处理流程图。 具体实施方式  2 is a flowchart of a typical broadband access server processing a vpdn user PPP session access service software; FIG. 3 is a broadband access server software for a vpdn user supporting a dynamic L2TP tunnel update operation to complete a PPP session access service in the method of the present invention; Process flow chart. detailed description
以下结合附图, 将对本发明的较佳实施例进行较为详细的说明。  DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.
本发明所述实现虚拟拨号接入网络的接入动态更新的方法, 其实现 L2TP隧道动态更 新, 核心思想是: 作为 LAC的宽带接入服务器, 在检测到主用 LNS出现通信异常后, 清 除与主用 LNS建立的隧道连接,然后根据前面 vpdn用户认证后得到的 LNS配壹信息与备 用 LNS发起隧道连接建立请求, 在与备用 LNS进行 L2TP隧道会话的建立协商时, 将代理 LCP (链路协商协议)和认证信息发送给备用 LNS; 备用 LNS在接收到这些 PPP协商信息 时, 通过本地 ppp协议处理, 完成对用户的 ppp连接建立, 同时通过向 LAC发送 NCP包 完成用户的地址分配操作。  The method for realizing the dynamic update of the access of the virtual dial-up access network, which implements the dynamic update of the L2TP tunnel, the core idea is: as the broadband access server of the LAC, after detecting the communication abnormality of the active LNS, clear and The tunnel connection established by the primary LNS is used to initiate a tunnel connection establishment request with the standby LNS according to the LNS configuration information obtained by the previous vpdn user authentication. When the L2TP tunnel session is negotiated with the standby LNS, the proxy LCP (link negotiation) is performed. The protocol and the authentication information are sent to the standby LNS. When receiving the PPP negotiation information, the standby LNS completes the ppp connection establishment of the user through the local ppp protocol, and completes the address allocation operation of the user by sending the NCP packet to the LAC.
LAC在接收到 NCP (网络协商协议)报文后, 交给 LAC本地 PPP来处理, PPP记录备 用 LNS分配 IP地址, 后续 vpdn用户的通信报文首先经过 ppp端口到 IP地址映射, 之后 再进行 L2TP隧道连接的处理。 通信过程中其它 ppp控制报文只需要进行 L2TP隧道处理 就可以了。 该技术方案要求 LAC支持基于优先级的 LNS group功能和代理 LCP认证处理 功能, LNS支持代理 LCP和认证处理功能, 目前大部分 LNS设备都是支持该功能的,其它 没有特殊要求, 与标准 LNS处理方式相同。  After receiving the NCP (Network Negotiation Protocol) packet, the LAC forwards it to the local PPP of the LAC for processing. The PPP records the IP address of the standby LNS. The subsequent communication packets of the vpdn user are first mapped to the IP address through the ppp port, and then the L2TP is performed. Handling of tunnel connections. Other ppp control messages in the communication process only need L2TP tunnel processing. The technical solution requires the LAC to support the priority-based LNS group function and the proxy LCP authentication processing function. The LNS supports the proxy LCP and the authentication processing function. Currently, most LNS devices support this function. Others have no special requirements and are processed by the standard LNS. The same way.
本发明所述方法中在 LAC上实现 L2TP隧道动态更新的实现方案包括:  The implementation scheme for implementing dynamic update of the L2TP tunnel on the LAC in the method of the present invention includes:
汇聚层的宽带接入服务器 LAC上配置服务 DOMAIN信息, PPP接入和 AAA认证信息, 如果是本地认 ¾E的情况下需要在 LAC上配置 VPDN用户帐号信息和相关的主、备用 LNS配 置数据, 如果是远程接入拨号用户认证 radius认证, 在远程接入拨号用户认证服务器 (radius server) 上配置 vpdn用户帐号和 LNS信息。 - Vpdn用户在发起 PPP呼叫时,汇聚层 LAC进行 AAA认证得到 L2TP隧道配置信息,这 里包括主、 备用 LNS的配置数据。 Configure the service DOMAIN information, PPP access, and AAA authentication information on the LAC of the aggregation layer. If the local authentication is required, you need to configure the VPDN user account information and related primary and backup LNS configuration data on the LAC. It is the remote access dial-up user authentication radius authentication. Configure the vpdn user account and LNS information on the remote access dial-up user authentication server (radius server). - When the Vpdn user initiates a PPP call, the aggregation layer LAC performs AAA authentication to obtain L2TP tunnel configuration information, including the configuration data of the primary and backup LNS.
LAC根据认证返回的 L2TP隧道信息按照优先级首先与企业内部主用 LNS服务器建立 L2TP隧道连接和会话, 在隧道建立完成之后, vpdn用户就可以访问企业内部的服务, 在 用户访问服务过程中, LAC通过发送 L2TP hello报文来检测与对端主用 LNS的隧道连接 是否正常, 在检测到 L2TP隧道异常时, LAC清除与该主用 LNS建立的隧道连接信息, 根 据 MA认证返回的备用 LNS配置信息, LAC向备用 LNS发起隧道连接建立, 在 L2TP会话 协商过程中, LAC通过呼入连接 ICCN报文将代理 LCP和认证信息转发给备用 LNS, 备用 LNS在接收到代理 LCP和认证信息时, 交给本地 PPP来处理, 备用 LNS上 PPP完成代理 LCP和认证处理后,向 LAC发送 NCP报文完成 vpdn用户 IP地址配置, LAC在收到 internet 协议控制协商协议 IPCP报文时, 交给本地 PPP来处理, 本地 ppp作为 vpdn用户 IPCP代 理完成与备用 LNS的本地 ppp的 NCP协商过程, 同时记录下该 ppp端口对应的 IP地址。 后续 vpdn用户在访问私网时, ppp数据包在 LAC上要经过 PPP协议的 PPP端口与 IP地址 映射处理和 L2TP协议的封装处理。 其它 PPP的 keepalive, LCP控制报文只需要在 LAC 上经过 L2TP协议处理就可以了。  The LAC establishes an L2TP tunnel connection and session with the internal LNS server based on the priority of the L2TP tunnel information returned by the authentication. After the tunnel is established, the vpdn user can access the internal services of the enterprise. During the user access service, the LAC The L2TP hello packet is sent to check whether the tunnel connection with the peer LNS is normal. When the L2TP tunnel is abnormal, the LAC clears the tunnel connection information established with the active LNS and returns the standby LNS configuration information according to the MA authentication. The LAC initiates a tunnel connection to the standby LNS. During the L2TP session negotiation, the LAC forwards the proxy LCP and the authentication information to the standby LNS through the incoming CNCN packet. When the standby LNS receives the proxy LCP and authentication information, the LAC delivers the authentication information to the standby LNS. After the local PPP is processed, the PPP on the standby LNS completes the LCP and the authentication process, and sends an NCP packet to the LAC to complete the configuration of the vpdn user IP address. When the LAC receives the IPCP packet from the Internet Protocol Control Negotiation Protocol, the LAC sends the packet to the local PPP. , local ppp as the vpdn user IPCP proxy completes with the local LNS of the standby LNS The pp NCP negotiation process records the IP address corresponding to the ppp port. When the vpdn user accesses the private network, the ppp packet is processed by the PPP port and IP address mapping processing and L2TP protocol encapsulation on the LAC. Other PPP keepalives, LCP control packets only need to be processed by the L2TP protocol on the LAC.
本发明所述方法的宽带接入服务器的业务子系统主要包括以下几个部分: PPP协议处. 理模块用于终结用户发起的 PPP会话连接, AAA (认证计费授权)认证计费和授权模块用 于对用户进行认证和计费, 基于 L2TP的 vpdn协议处理模块用于维护 vpdn用户 L2TP隧 道和会话连接等。  The service subsystem of the broadband access server of the method of the present invention mainly includes the following parts: The PPP protocol is used to terminate the PPP session connection initiated by the user, and the AAA (Authentication and Accounting Authorization) authentication and authorization module is used. It is used to authenticate and charge users. The L2TP-based vpdn protocol processing module is used to maintain vpdn user L2TP tunnels and session connections.
本发明方法中实现 L2TP隧道动态更新功能的具体实施例的软件处理流程如下- The software processing flow of the specific embodiment for implementing the L2TP tunnel dynamic update function in the method of the present invention is as follows -
1. 首先在汇聚层宽带接入服务器 LAC上配置 vpdn服务域, 配置 vpdn用户认证方式 为通常采用的远端 radius认证方式, 用户接入端口上打开 ppp呼叫处理功能, 打开 L2TP功能开关; 在远程接入拨号用户认证服务器(raidus server)上配置 vpdn用户帐号, 同时配置与该帐号绑定的主用和备用 LNS配置信息, 主要包括 LNS IP地址,隧道密码和优先级。对端主、备用 LNS上将代理 LCP认证功能打开。 这样就完成了 LAC和 LNS上的 vpdn的配置。 1. Configure the vpdn service domain on the aggregation layer broadband access server LAC. Configure the vpdn user authentication mode as the remote radius authentication mode. Open the ppp call processing function on the user access port and enable the L2TP function switch. Configure the vpdn user account on the dial-up user authentication server (raid) server, and configure the primary and backup LNS configuration information, including the LNS IP address, tunnel password, and priority. The proxy LCP authentication function is enabled on the peer primary and backup LNS. This completes the configuration of vpdn on the LAC and LNS.
2. —个 vpdn用户发起 PPP会话连接请求。在 PPP会话连接开始认证时, PPP模块请 求 AAA执行认证, AAA根据用户名 USERNAME@DOMAIN中 DOMAIN值将用户帐号信息 发送给 radius server radius server根据用户信息得到与该用户绑定的主、 备 LNS配置信息, 然后发给 LA (:。  2. A vpdn user initiates a PPP session connection request. When the PPP session connection is started, the PPP module requests the AAA to perform the authentication. The AAA sends the user account information to the radius server radius server according to the DOMAIN value in the user name USERNAME@DOMAIN to obtain the primary and backup LNS configurations bound to the user according to the user information. Information, then sent to LA (:.
3. PPP根据返回信息判断是 vpdn接入请求服务后,请求 vpdn协议处理模块建立 L2TP 隧道和会话连接。 同时将 PPP模块与 vpdn用户协商的代理 LCP和认证信息交给 vpdn模块。 3. After determining that the vpdn access request service is based on the return information, the PPP requests the vpdn protocol processing module to establish L2TP. Tunnel and session connections. At the same time, the proxy LCP and authentication information negotiated by the PPP module and the vpdn user are handed over to the vpdn module.
4. Vpdn模块根据 PPP传来的 L2TP隧道配置信息(主要是指远端 LNS的 IP地址)先 与主用 LNS建立隧道和会话连接。 主用 LNS给用户分配一个 IP1地址。  4. The Vpdn module first establishes a tunnel and session connection with the active LNS based on the L2TP tunnel configuration information (mainly the IP address of the remote LNS). The primary LNS assigns an IP1 address to the user.
5. Vpdn模块通过定时向主用 LNS发送 L2TP hello报文检测与主用 LNS之间隧道连 接的状态。  5. The Vpdn module periodically sends an L2TP hello packet to the primary LNS to detect the status of the tunnel connection with the active LNS.
6. Vpdn模块在检测到主用 LNS隧道连接失效后清除与主用 LNS建立的隧道连接,之 后根据认证返回的备用 LNS配置信息与备用 LNS建立 L2TP隧道连接。 在 vpdn模 块向 LNS发送 ICCN时, 将代理 LCP和认证信息封装在包中发送给备用 LNS。 7. 备用 LNS在收到 ICCN包后将代理 LCP和认证信息转发给自己 PPP协议处理, PPP 协议完成代理 LCP和认证信息处理后向 LAC发送 IPCP控制包, 给该 vpdn用户分 配新 IP2地址。  6. After detecting the failure of the primary LNS tunnel connection, the Vpdn module clears the tunnel connection established with the active LNS, and then establishes an L2TP tunnel connection with the standby LNS according to the standby LNS configuration information returned by the authentication. When the vpdn module sends the ICCN to the LNS, the proxy LCP and the authentication information are encapsulated in a packet and sent to the standby LNS. 7. After receiving the ICCN packet, the standby LNS forwards the proxy LCP and authentication information to its own PPP protocol. After completing the proxy LCP and authentication information processing, the PPP protocol sends an IPCP control packet to the LAC, and assigns the new IP2 address to the vpdn user.
' 8. LAC上 vpdn模块将 IPCP报文交给 PPP模块处理, PPP模块作为用户 IPCP代理完 成与 LNS端 PPP的 IPCP协商。 最后记录下备用 LNS分配的 IP2  8. The vpdn module on the LAC forwards the IPCP packet to the PPP module. The PPP module serves as the user IPCP proxy to negotiate with the IPCP of the PNS on the LNS. Finally record the IP2 assigned by the alternate LNS.
地址。 PPP模块建立 ppp端口到 IP2地址的映射。  address. The PPP module establishes a mapping of ppp ports to IP2 addresses.
9. 之后 vpdn用户访问企业内部数据包在经过 LAC时, 在 LAC端上行方向需要经过 9. After the vpdn user accesses the internal data packet of the enterprise, the LAC needs to go through the LAC.
PPP模块的 ppp端口到 IP2地址映射处理, 将 ip包中源 ip地址从 IP1转换为 IP2发送给 LNS; 下行方向需要经过 vpdn模块从隧道标示到 IP1地址映射处理, IP2地址被还原为 IP1地址发送给 vpdn用户, vpdn模块的 L2TP隧道封装处理 同一般情况下处理方式。 The PPP port of the PPP module is mapped to the IP2 address. The source IP address of the IP packet is translated from IP1 to IP2 and sent to the LNS. The downstream direction needs to be mapped from the tunnel to the IP1 address through the vpdn module. The IP2 address is restored to the IP1 address. For the vpdn user, the L2TP tunnel encapsulation of the vpdn module is handled in the same way as the general case.
10. 对于 vpdn用户发送的 ppp控制报文在经过 LAC时只需要完成 vpdn模块的 L2TP 隧道封装处理。  10. The ppp control packet sent by the vpdn user only needs to complete the L2TP tunnel encapsulation process of the vpdn module when passing through the LAC.
通常, 大中型企业网络在实施 vpdn业务时为了满足较多 vpdn用户的访问内网需求, 会配置主、备两台 LNS服务器, 一般 LAC的做法是在与主用 LNS断开 L2TP连接后, 需要 通知 vpdn用户断开 ppp连接, 之后再由 vpdn用户来再次发起 ppp呼叫, 触发 LAC与备 用 LNS完成 L2TP隧道连接。  Generally, when a vpdn service is implemented in a large and medium-sized enterprise network, in order to meet the needs of more vpdn users to access the intranet, two LNS servers are configured. The general LAC is required to disconnect the L2TP from the active LNS. The vpdn user is notified to disconnect the ppp connection, and then the vpdn user initiates the ppp call again, triggering the LAC to complete the L2TP tunnel connection with the standby LNS.
本发明技术方案利用 L2TP标准中定义的代理 LCP和认证功能, 通过 ppp端口与 IP 地址的映射关系完成了 L2TP隧道的动态从主用 LNS更新到备用 LNS端。  The technical solution of the present invention utilizes the proxy LCP and the authentication function defined in the L2TP standard to complete the dynamic update of the L2TP tunnel from the primary LNS to the standby LNS through the mapping between the ppp port and the IP address.
如图 3所示,在宽带接入服务器 LAC上配置 vpdn访问 domain,配置 AAA认证方式为 radius远端模式,用户接入的接口上打开 PPP呼叫处理功能,同时打开 vpdn呼叫处理功 能。 相关 radius server上配置 vpdn用卢帐号信息, 并将该帐号信息与主用 LNS和备用 LNS配置信息进行绑定。 在主、 备用 LNS上将代理 LCP和认证功能开关打开。 As shown in Figure 3, the vpdn access domain is configured on the broadband access server LAC, and the AAA authentication mode is set to the radius remote mode. The PPP call processing function is enabled on the interface accessed by the user, and the vpdn call processing function is enabled. Configure the vpdn account information on the related radius server, and use the account information with the primary LNS and backup. LNS configuration information is bound. The proxy LCP and authentication function switches are turned on on the primary and backup LNSs.
结合图 3所示以 PPP0E接入用户为例,宽带接入服务器上的软件处理具体步骤如下: As shown in Figure 3, the PPP0E access user is used as an example. The software processing steps on the broadband access server are as follows:
1. 用户与 PPP模块进行 LCP协商。 1. The user performs LCP negotiation with the PPP module.
2. 进入用户认证阶段, PPP将用户传来的 USERNAME@DOMAIN传给 MA模块进行认证。 3. AAA模块根据 DOMAIN将用户账号 USERNAME@DOMAIN信息发送给远端 radius server; radius server根据用户输入 DOMAIN得到主用 LNS和备用 LNS的配置信 息, 主要包括 ip地址, 隧道密码和优先级。将该信息返回给 AAA模块, AAA模块 再转发给 PPP模块。  2. In the user authentication phase, PPP passes the USERNAME@DOMAIN from the user to the MA module for authentication. 3. The AAA module sends the user account USERNAME@DOMAIN information to the remote radius server according to DOMAIN. The radius server obtains the configuration information of the primary LNS and the standby LNS according to the user input DOMAIN, including the ip address, tunnel password and priority. The information is returned to the AAA module, and the AAA module is forwarded to the PPP module.
4. PPP判断是 L2TP接入服务后, 请求 vpdn模块建立 L2TP会话连接, 将主用 LNS 和备用 LNS配置信息和代理 LCP和认证信息转发给 vpdn模块。  4. The PPP judges that after the L2TP access service, the vpdn module is requested to establish an L2TP session connection, and the primary LNS and the alternate LNS configuration information and the proxy LCP and the authentication information are forwarded to the vpdn module.
5. Vpdn模块根据隧道配置信息首先与主用 LNS建立隧道连接, 在隧道建立完成后, vpdn用户与主用 LNS完成 IPCP协商过程, 得到 IP1地址, 用户使用 IP1地址来 访问企业内部服务。  The Vpdn module first establishes a tunnel connection with the active LNS according to the tunnel configuration information. After the tunnel is established, the vpdn user completes the IPCP negotiation process with the active LNS to obtain the IP1 address. The user uses the IP1 address to access the internal service.
6. Vpdn模块通过定时发送 L2TP hello报文可以检测到主用 LNS出现隧道连接异常, vpdn在发现连接异常后主动清除与主用 LNS建立隧道信息,同时根据 ppp转发来 的备用 LNS隧道配置信息, 发起与备用 LNS的隧道连接请求。  The Vpdn module can detect the abnormality of the tunnel connection of the primary LNS by sending an L2TP hello packet periodically. After the connection is abnormal, the vpdn actively clears the tunnel information with the active LNS and the configuration information of the standby LNS tunnel forwarded by the ppp. Initiate a tunnel connection request with the alternate LNS.
7. 备用 LNS对从 ICCN包中接收到代理 LCP和认证信息处理后,开始进行 IPCP协商 操作。 - 7. After the standby LNS receives the proxy LCP and the authentication information from the ICCN packet, it starts the IPCP negotiation operation. -
8. Ppp模块在接收到 IPCP协商包后启动 IPCP代理功能, 完成与备用 LNS的 IPCP 协商过程, 最后备用 LNS会分配 IP2地址给 ppp模块。 8. After receiving the IPCP negotiation packet, the Ppp module starts the IPCP proxy function and completes the IPCP negotiation process with the standby LNS. Finally, the standby LNS allocates the IP2 address to the ppp module.
9. PPP模块记录下 IP2地址, 完成 ppp端口与 IP2地址的绑走操作。  9. The PPP module records the IP2 address and completes the binding of the ppp port to the IP2 address.
10.后续 Vpdn用户发送 ppp数据包要经过 PPP模块的 ppp端口到 IP2地址映射和隧 道标示到 IP1地址映射处理, 以及 vpdn模块的 L2TP封装处理。  10. Subsequent Vpdn users send ppp packets through the PPP port of the PPP module to the IP2 address mapping and tunneling to the IP1 address mapping process, and the L2TP encapsulation process of the vpdn module.
10. Vpdn用户发送的 Ppp控制包只需要经过 vpdn模块的 L2TP封装处理就可以发 送给备用 LNS。  10. The Ppp control packet sent by the Vpdn user can be sent to the standby LNS only after being processed by the L2TP encapsulation of the vpdn module.
12. 在 vpdn用户第一次呼叫成功情况下, 可以在不改变用户得到私用 IP1地址情况 下, 继续 vpdn连接访问。  12. In the case that the first call of the vpdn user is successful, the vpdn connection can be continued without changing the user's private IP1 address.
采用本发明的 L2TP隧道动态更新方法, 实现了对大中型企业提供宽带 vpdn业务并 对现有的接入服务设备不涉及硬件上改动, 只是在软件方法上进行了改进, 对 LNS服务 器也没有特殊改动要求; 实现了 vpdn用户在业务不中断的情况下完成将 L2TP隧道连接 从主用 LNS上倒换到备用 LNS上, 一定程度上提高了 vpdn用户的服务连接的可靠性, 同 时也减轻了接入服务器处理 L2TP隧道连接的负担, 这种 L2TP隧道动态维护管理方法是 一种经济有效实用性很强的宽带 vpdn业务实施管理方法。 By adopting the L2TP tunnel dynamic update method of the invention, the broadband vpdn service is provided to large and medium-sized enterprises, and the existing access service equipment does not involve hardware changes, but the software method is improved, and there is no special for the LNS server. The change request is implemented. The vpdn user completes the switchover of the L2TP tunnel connection from the active LNS to the standby LNS without interrupting the service, which improves the reliability of the service connection of the vpdn user to some extent. It also reduces the burden on the access server to handle the L2TP tunnel connection. This L2TP tunnel dynamic maintenance management method is a cost-effective and practical broadband vpdn service implementation management method.
应当理解的是, 上述针对具体实施方式的描述较为具体, 并不能因此而认为是对本 发明专利保护范围的限制, 本发明的专利保护范围应以所附权利要求为准。  It is to be understood that the above description of the specific embodiments is intended to be illustrative, and the scope of the invention is intended to be limited.

Claims

权利要求 Rights request
1、 一种实现虚拟拨号接入网络的接入动态更新的方法, 包括以下步骤- a)、 汇聚层的宽带接入服务器在检测到主用网络服务器出现通信异常后, 清除与主 用网络服务器建立的隧道连接; A method for implementing dynamic update of a virtual dial-up access network, comprising the following steps: a), the broadband access server at the aggregation layer clears the primary network server after detecting that the primary network server has a communication abnormality Established tunnel connection;
b)、 根据宽带虚拟拨号接入网络用户认证后得到的网络服务器配置信息, 与备用网 络服务器发起隧道连接建立请求;  b), according to the network server configuration information obtained after the broadband virtual dial-up access network user authentication, initiate a tunnel connection establishment request with the standby network server;
c)、 所述汇聚层的宽带接入服务器在接收到网络协商协议报文后, 采用点到点协议 来处理, 记录所述备用网络服务器的 IP地址, 后续宽带虚拟拨号接入网络用户的通信报 文先经过点到点协议端口到 IP地址映射, 之后再进行二层隧道协议隧道连接的处理。  c), after receiving the network negotiation protocol packet, the broadband access server of the aggregation layer processes the IP address of the standby network server by using a point-to-point protocol, and the communication of the subsequent broadband virtual dial-up access network user The packet is first mapped to the IP address through the point-to-point protocol port, and then the Layer 2 tunnel protocol tunnel connection is processed.
2、 根据权利要求 1所述的方法, 其特征在于, 所述步骤 b) 还包括:  2. The method according to claim 1, wherein the step b) further comprises:
bl )、 所述汇聚层的宽带接入服务器在与所述备用网络服务器进行二层隧道协议隧道 会话的建立协商时, 将代理链路协商协议和认证信息发送给所述备用网络服务器;  Bl), the broadband access server of the aggregation layer sends the proxy link negotiation protocol and the authentication information to the standby network server when negotiating the establishment of the layer 2 tunneling tunnel session with the standby network server;
b2)、 所述备用网络服务器在接收到这些点到点协议协商信息时, 采用点到点协议处 理, 完成对用户的点到点协议连接建立, 同时通过向所述汇聚层的宽带接入服务器发送 网络协商协议包完成用户的地址分配操作。  B2), when receiving the point-to-point protocol negotiation information, the standby network server adopts a point-to-point protocol process to complete a point-to-point protocol connection establishment to the user, and at the same time, through a broadband access server to the aggregation layer The network negotiation protocol packet is sent to complete the user's address allocation operation.
3、 根据权利要求 2所述的方法, 其特征在于, 所述步骤 c)还包括:  3. The method according to claim 2, wherein the step c) further comprises:
cl)、汇聚层的宽带接入服务器上配置服务域信息、点到点协议接入和 AAA认证信息; c2)、 宽带虚拟拨号接入网络用户在发起点到点协议呼叫时, 汇聚层的宽带接入服务 器进行 AAA认证得到二层隧道协议隧道配置信息, 其中包括所述主、 备用网络服务器的 配置数据; ―  Cl), the service domain information, the point-to-point protocol access and the AAA authentication information are configured on the broadband access server of the aggregation layer; c2), the broadband virtual dial-up access network user initiates the point-to-point protocol call, the convergence layer broadband The access server performs AAA authentication to obtain Layer 2 tunneling protocol configuration information, including configuration data of the primary and backup network servers;
c3)、 所述汇聚层的宽带接入服务器根据认证返回的二层隧道协议隧道信息, 按照优 先级与主用网络服务器建立二层隧道协议隧道连接和会话, 在隧道建立完成之后, 宽带 虚拟拨号接入网络用户访问企业内部的服务。  C3), the broadband access server of the aggregation layer establishes a layer 2 tunnel protocol tunnel connection and session according to the priority according to the Layer 2 tunnel protocol tunnel information returned by the authentication, and after the tunnel establishment is completed, the broadband virtual dialing Access network users access services within the enterprise.
4、 根据权利要求 3所述的方法, 其特征在于, 所述步骤 a) 和步骤 b)还包括: 在用户访问服务过程中, 所述汇聚层的宽带接入服务器检测与对端主用网络服务器 的隧道连接是否正常, 在检测到二层隧道协议隧道异常时, 该汇聚层的宽带接入服务器 清除与该主用网络服务器建立的隧道连接信息, 根据 A 认证返回的备用网络服务器配 置信息, 汇聚层的宽带接入服务器向备用网络服务器发起隧道连接建立。  The method according to claim 3, wherein the step a) and the step b) further comprise: during the user accessing the service, the broadband access server of the aggregation layer detects the peer primary network If the tunnel connection of the server is abnormal, the broadband access server of the aggregation layer clears the tunnel connection information established with the primary network server according to the configuration information of the standby network server returned by the A authentication. The broadband access server of the aggregation layer initiates a tunnel connection establishment to the standby network server.
5、 根据权利要求 4所述的方法, 其特征在于, 所述步骤 c)还包括:  The method according to claim 4, wherein the step c) further comprises:
c4)、 在二层隧道协议会话协商过程中, 汇聚层的宽带接入服务器通过呼入连接报文 将代理链路协商协议和认证信息转发给所述备用网络服务器, 备用网络服务器在接收到 代理链路协商协议和认证信息时, 采用点到点协议来处理, 所述备用网络服务器上点到 点协议模块完成代理链路协商协议和认证处理后, 向汇聚层的宽带接入服务器发送网络 协商协议报文完成宽带虚拟拨号接入网络用户 IP地址配置; C4) During the negotiation of the Layer 2 tunnel protocol session, the broadband access server at the aggregation layer connects the packets through the incoming call. Forwarding the proxy link negotiation protocol and the authentication information to the standby network server, where the standby network server processes the proxy link negotiation protocol and the authentication information by using a point-to-point protocol, and the standby network server is point-to-point After completing the proxy link negotiation protocol and the authentication process, the protocol module sends a network negotiation protocol packet to the broadband access server of the aggregation layer to complete the configuration of the broadband virtual dial-up access network user IP address;
c5)、 汇聚层的宽带接入服务器在收到 INTERNET协议控制协商协议报文时, 采用点 到点协议来处理,本地点到点协议模块作为宽带虚拟拨号接入网络用户 INTERNET协议控 制协商协议代理完成与备用网络服务器的本地点到点协议的网络协商协议协商过程, 同 时记录下该点到点协议端口对应的 IP地址。  C5), the broadband access server of the aggregation layer uses the point-to-point protocol to process the INTERNET protocol control negotiation protocol message, and the local-to-point protocol module acts as the broadband virtual dial-up access network user INTERNET protocol control negotiation protocol proxy. Complete the network negotiation protocol negotiation process of the local-to-point protocol with the standby network server, and record the IP address corresponding to the point-to-point protocol port.
6、 根据权利要求 5所述的方法, 其特征在于, 所述步骤 cl )还包括:  The method according to claim 5, wherein the step cl) further comprises:
cll )、 配置宽带虚拟拨号接入网络用户认证方式为远端 radius认证方式, 在用户接 入端口上打开点到点协议呼叫处理功能, 打开二层隧道协议功能开关;  Cll), configure the broadband virtual dial-up access network user authentication mode as the remote radius authentication mode, open the point-to-point protocol call processing function on the user access port, and open the Layer 2 tunnel protocol function switch;
cl2)、 在远程接入拨号用户认证服务器上配置宽带虚拟拨号接入网络用户帐号, 同 时配置与该帐号绑定的主用和备用网络服务器配置信息, 包括网络服务器 IP地址, 隧道 密码和优先级;  Cl2), configure the broadband virtual dial-up access network user account on the remote access dial-up user authentication server, and configure the configuration information of the primary and backup network servers bound to the account, including the network server IP address, tunnel password and priority. ;
cl3)、 对端主、 备用网络服务器上将代理链路协商协议认证功能打开。  Cl3), the proxy link negotiation protocol authentication function is enabled on the peer primary and backup network servers.
PCT/CN2005/001516 2005-09-20 2005-09-20 A method for updating the access of virtual private dial-network dynamically WO2007033519A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2005/001516 WO2007033519A1 (en) 2005-09-20 2005-09-20 A method for updating the access of virtual private dial-network dynamically
CN200580051258.3A CN101228765B (en) 2005-09-20 2005-09-20 Method for implementing access dynamic updating of virtual dial-up access network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2005/001516 WO2007033519A1 (en) 2005-09-20 2005-09-20 A method for updating the access of virtual private dial-network dynamically

Publications (1)

Publication Number Publication Date
WO2007033519A1 true WO2007033519A1 (en) 2007-03-29

Family

ID=37888515

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/001516 WO2007033519A1 (en) 2005-09-20 2005-09-20 A method for updating the access of virtual private dial-network dynamically

Country Status (2)

Country Link
CN (1) CN101228765B (en)
WO (1) WO2007033519A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008138274A1 (en) * 2007-05-14 2008-11-20 Huawei Technologies Co., Ltd. A method and corresponding device and system for accessing remote service
CN102130818B (en) * 2010-01-20 2014-03-19 杭州华三通信技术有限公司 Network access server accessing method and network access server
CN105099703A (en) * 2015-07-31 2015-11-25 国家电网公司 4G hand-held individual soldier signal internal and external network gap isolation transmission method
CN110932956A (en) * 2019-11-15 2020-03-27 北京连山时代科技有限公司 Method for networking by combining multi-path concurrent system and VPDN
CN112383561A (en) * 2020-11-30 2021-02-19 安徽信息工程学院 Multi-access VPDN networking method
CN113381917A (en) * 2021-06-11 2021-09-10 中国电信股份有限公司 Network access method, device and system, readable storage medium and electronic equipment
CN113595847A (en) * 2021-07-21 2021-11-02 上海淇玥信息技术有限公司 Remote access method, system, device and medium
CN114157555A (en) * 2021-11-12 2022-03-08 杭州迪普科技股份有限公司 Access information synchronization method
WO2022057758A1 (en) * 2020-09-17 2022-03-24 中兴通讯股份有限公司 Session resource control method and apparatus, device, system, and storage medium
CN114650304A (en) * 2020-12-17 2022-06-21 联通(江苏)产业互联网有限公司 Authentication and authorization method and device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113595848B (en) * 2021-07-28 2022-06-28 中移(杭州)信息技术有限公司 Communication tunnel establishing method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001076186A1 (en) * 2000-03-30 2001-10-11 British Telecommunications Public Limited Company Data networks
CN1392708A (en) * 2001-06-19 2003-01-22 深圳市中兴通讯股份有限公司 Allocation method of wide band access user
CN1553628A (en) * 2003-06-04 2004-12-08 深圳市中兴通讯股份有限公司南京分公 Method for realizing chain circuit polymer function based on strategy route
US20050201388A1 (en) * 2004-03-10 2005-09-15 Samsung Electronics Co., Ltd. Method and apparatus for providing a VPN service according to a packet data protocol in a wireless communication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001076186A1 (en) * 2000-03-30 2001-10-11 British Telecommunications Public Limited Company Data networks
CN1392708A (en) * 2001-06-19 2003-01-22 深圳市中兴通讯股份有限公司 Allocation method of wide band access user
CN1553628A (en) * 2003-06-04 2004-12-08 深圳市中兴通讯股份有限公司南京分公 Method for realizing chain circuit polymer function based on strategy route
US20050201388A1 (en) * 2004-03-10 2005-09-15 Samsung Electronics Co., Ltd. Method and apparatus for providing a VPN service according to a packet data protocol in a wireless communication system

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008138274A1 (en) * 2007-05-14 2008-11-20 Huawei Technologies Co., Ltd. A method and corresponding device and system for accessing remote service
CN102130818B (en) * 2010-01-20 2014-03-19 杭州华三通信技术有限公司 Network access server accessing method and network access server
CN105099703A (en) * 2015-07-31 2015-11-25 国家电网公司 4G hand-held individual soldier signal internal and external network gap isolation transmission method
CN110932956A (en) * 2019-11-15 2020-03-27 北京连山时代科技有限公司 Method for networking by combining multi-path concurrent system and VPDN
CN110932956B (en) * 2019-11-15 2020-08-18 北京连山时代科技有限公司 Method for networking by combining multi-path concurrent system and VPDN
WO2022057758A1 (en) * 2020-09-17 2022-03-24 中兴通讯股份有限公司 Session resource control method and apparatus, device, system, and storage medium
CN112383561A (en) * 2020-11-30 2021-02-19 安徽信息工程学院 Multi-access VPDN networking method
CN114650304A (en) * 2020-12-17 2022-06-21 联通(江苏)产业互联网有限公司 Authentication and authorization method and device
CN114650304B (en) * 2020-12-17 2024-03-15 联通(江苏)产业互联网有限公司 Authentication and authorization method and device
CN113381917A (en) * 2021-06-11 2021-09-10 中国电信股份有限公司 Network access method, device and system, readable storage medium and electronic equipment
CN113381917B (en) * 2021-06-11 2022-09-16 中国电信股份有限公司 Network access method, device and system, readable storage medium and electronic equipment
CN113595847A (en) * 2021-07-21 2021-11-02 上海淇玥信息技术有限公司 Remote access method, system, device and medium
CN113595847B (en) * 2021-07-21 2023-04-07 上海淇玥信息技术有限公司 Remote access method, system, device and medium
CN114157555A (en) * 2021-11-12 2022-03-08 杭州迪普科技股份有限公司 Access information synchronization method
CN114157555B (en) * 2021-11-12 2023-05-26 杭州迪普科技股份有限公司 Access information synchronization method

Also Published As

Publication number Publication date
CN101228765A (en) 2008-07-23
CN101228765B (en) 2011-11-23

Similar Documents

Publication Publication Date Title
WO2007033519A1 (en) A method for updating the access of virtual private dial-network dynamically
US6628671B1 (en) Instant activation of point-to point protocol (PPP) connection using existing PPP state
US6801528B2 (en) System and method for dynamic simultaneous connection to multiple service providers
WO2008106881A1 (en) A ppp access method, corresponding system and access node device
JPH11275155A (en) Message in network and communications system
WO2009059523A1 (en) An accessing method, system and equipment of layer-3 session
WO2008095365A1 (en) Reliability processing method and system of metro ethernet network which provides multi-service group network
JPH11275154A (en) Message distribution sequence
JPH11331276A (en) Registration method for network
WO2008006317A1 (en) A system and method for the multi-service access
JP2007104440A (en) Packet transmission system, its method, and tunneling device
WO2009082978A1 (en) Access network protecting method, system and access edge node
US11582113B2 (en) Packet transmission method, apparatus, and system utilizing keepalive packets between forwarding devices
CN109600292A (en) A kind of LAC router initiates the method and system of L2TP Tunnel connection from dialing
Malkin Dial-in virtual private networks using layer 3 tunneling
WO2012126335A1 (en) Access control method, access device and system
US7742479B1 (en) Method and apparatus for dynamic network address reassignment employing interim network address translation
US20070071035A1 (en) LAC-based LFI support for tunneled PPP sessions
EP1593230B1 (en) Terminating a session in a network
Cisco Configuring PPP for Wide-Area Networking
Cisco Configuring PPP for Wide-Area Networking
Cisco Configuring PPP for Wide-Area Networking
Cisco Configuring PPP for Wide-Area Networking
Cisco Configuring PPP for Wide-Area Networking
Cisco Configuring PPP for Wide-Area Networking

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 200580051258.3

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05791504

Country of ref document: EP

Kind code of ref document: A1