WO2014032518A1 - Procédé et système d'établissement de tunnel l2tp - Google Patents

Procédé et système d'établissement de tunnel l2tp Download PDF

Info

Publication number
WO2014032518A1
WO2014032518A1 PCT/CN2013/081395 CN2013081395W WO2014032518A1 WO 2014032518 A1 WO2014032518 A1 WO 2014032518A1 CN 2013081395 W CN2013081395 W CN 2013081395W WO 2014032518 A1 WO2014032518 A1 WO 2014032518A1
Authority
WO
WIPO (PCT)
Prior art keywords
tunnel
configuration parameter
tunnel configuration
parameter
establishment
Prior art date
Application number
PCT/CN2013/081395
Other languages
English (en)
Chinese (zh)
Inventor
范亮
陈勇
袁博
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014032518A1 publication Critical patent/WO2014032518A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and system for establishing a Layer 2 Tunneling Protocol (L2TP) tunnel.
  • L2TP Layer 2 Tunneling Protocol
  • the L2TP technology is a very widely used virtual private network (VPN) technology.
  • the L2TP user first connects to the L2TP Access Concentrator (LAC) device through the access network, and then passes the lower layer.
  • LAC L2TP Access Concentrator
  • the network's L2TP tunnel is connected to the remote L2TP Network Server (LNSTP Network Server, LNS for short). Both the LAC and the LNS have user management functions.
  • LNSTP Network Server LNSTP Network Server
  • Both the LAC and the LNS have user management functions.
  • the LNS centrally manages all the L2TP users corresponding to one VPN.
  • the L2TP tunnel is between the LAC and the LNS and passes through the lower layer network device.
  • the two main application scenarios of the L2TP service are the enterprise VPN access and the wholesale of services between the operators:
  • the enterprise user accesses the LNS device of the enterprise private network through the LAC device of the carrier network, and allocates the private network address of the enterprise to implement the enterprise.
  • Employees access the company's internal network, remote office, and mobile office at any time; or other operators rent network development users of local operators, and access their own LNS equipment through the local operator's LAC equipment, and finally access their own network.
  • These two types of services are the key services of local operators, especially enterprise services, which are high value-added services that operators focus on.
  • the LAC of the local carrier often runs L2TP services with LNSs of multiple enterprises and other carriers.
  • LAC device is often used with LNS devices of different vendors and specifications.
  • An L2TP tunnel is established.
  • the performance of the LNS devices and the maintenance policy of the enterprise are different.
  • the current method of controlling the number of L2TP tunnel sessions and the total bandwidth of the tunnel is configured on the LAC and the LNS respectively, or is distributed on the two ends through Authentication, Authorization, and Accounting (AAA).
  • AAA Authentication, Authorization, and Accounting
  • the LAC and the LNS are respectively attributed to the carrier and the enterprise user, or two different carriers, and the corresponding AAA servers. This configuration method is difficult to ensure the flexibility of service configuration.
  • the embodiments of the present invention provide a method and a system for establishing an L2TP tunnel.
  • a method for establishing an L2TP tunnel including: a first device and a second device located at two ends of the tunnel acquire a unified tunnel configuration parameter by using a message interaction; The second device establishes the tunnel according to the unified tunnel configuration parameter.
  • the first device and the second device acquire the unified tunnel configuration parameter by using the message interaction, including: The first device sends a tunnel establishment request message to the second device; the first device receives a tunnel establishment first response message from the second device, where the tunnel establishment first response message carries the second The tunnel configuration parameter configured by the device. The first device sets the tunnel configuration parameter of the local end according to the configured tunnel configuration parameter of the second device.
  • the first device and the second device acquire the unified tunnel configuration parameter by using the message interaction, including: The second device receives the first device that sends a tunnel establishment request message, where the tunnel request message carries the tunnel configuration parameter that is configured by the first device, and the second device is configured according to the first device.
  • the tunnel configuration parameter sets the tunnel configuration parameter of the local device; the second device sends a tunnel to the first device to establish a first response message, where the tunnel establishment first response message carries the configured configuration of the second device.
  • Tunnel configuration parameters are:
  • the first device and the second device acquire the unified tunnel configuration parameter by using the message interaction, including: The second device receives the first device that sends a tunnel establishment request message, where the tunnel request message carries the tunnel configuration parameter that is configured by the first device, and the second device configures the first device
  • the tunnel configuration parameter is compared with the configured tunnel configuration parameter of the local device, and the smaller tunnel configuration parameter in the comparison result is set to the current tunnel configuration parameter of the second device;
  • Equipment transmission tunnel The tunnel establishes a first response message, where the tunnel establishment first response message carries the current tunnel configuration parameter of the second device.
  • the method further includes: the first device, the current tunnel configuration parameter of the second device, and the configured tunnel configuration of the local device The parameter is compared, and the smaller tunnel configuration parameter in the comparison result is set to the current tunnel configuration parameter of the first device; the first device sends a tunnel to the second device to establish a second response message, where The tunnel establishment second response message carries the current tunnel configuration parameter of the first device.
  • the tunnel configuration parameters that are configured by the first device and the second device include: a tunnel session number limiting parameter and/or a tunnel bandwidth limiting parameter.
  • the first device and/or the second device pre-configure the tunnel configuration parameter; or the first device and/or the second device acquires the tunnel from an authentication authorization and charging AAA server Configuration parameters.
  • the method further includes: determining, by the second device, the validity of the tunnel establishment request message according to the tunnel session number limitation parameter and/or the tunnel bandwidth limitation parameter of the local end; or the second device passes the The AAA server interacts to determine the validity of the tunnel establishment request message.
  • the tunnel establishment request message is a start control plane connection request.
  • the tunnel establishment first response message is a Start-Control-Connection-Reply (SCCRP), where the configured tunnel configuration parameters of the second device are carried in the AVP format.
  • SCCRP Start-Control-Connection-Reply
  • the tunnel establishment second response message is Start-Control-Connection-Connected (SCCCN), wherein the current tunnel configuration parameter of the first device is carried in the SCCCN in the AVP format.
  • SCCCN Start-Control-Connection-Connected
  • the method further includes: when a new user accesses the first device or the second device In case, it is determined whether the current L2TP tunnel meets the requirement that the new user shares the L2TP tunnel; if not, a new L2TP tunnel is established.
  • determining whether the current L2TP tunnel meets the requirement that the new user shares the L2TP tunnel includes: determining whether the number of established sessions in the current L2TP tunnel exceeds a session limit and/or a user in the current tunnel Whether the sum of the total bandwidth and the new user bandwidth exceeds the tunnel bandwidth limit.
  • the first device sends the tunnel establishment request to the second device in the following situation: the first device sends the tunnel establishment request to the second device according to a local permanent tunnel configuration; or The first device initiates the tunnel establishment request to the second device in a user access process.
  • the first device is an access concentrator LAC
  • the second device is a network server LNS
  • the first device is an LNS
  • the second device is an LAC.
  • a system for establishing an L2TP tunnel including: a first device and a second device at both ends of the tunnel, where the first device and the second device are both
  • the method includes: acquiring a module, configured to obtain a unified tunnel configuration parameter by using a message interaction; and establishing a module, configured to establish the tunnel according to the unified tunnel configuration parameter.
  • the acquiring module of the first device includes: a first sending unit, configured to: when the first device does not configure a tunnel configuration parameter, and the second device has configured a tunnel configuration parameter, The second device sends a tunnel establishment request message; the first receiving unit is configured to receive a tunnel from the second device to establish a first response message, where the tunnel establishment first response message carries the second device
  • the configured tunnel configuration parameter is configured to set the local tunnel configuration parameter according to the configured tunnel configuration parameter of the second device.
  • the acquiring module of the second device includes: a second receiving unit, configured to receive, when the first device has configured a tunnel configuration parameter, and the second device does not configure a tunnel configuration parameter
  • the first device sends a tunnel establishment request message, where the tunnel request message carries the tunnel configuration parameter that is configured by the first device, and the setting unit is set to be configured according to the configured tunnel configuration parameter of the first device.
  • a tunnel configuration parameter of the local device where the second sending unit is configured to send a tunnel to the first device to establish a first response message, where the tunnel establishment first response message carries the configured tunnel configuration of the second device parameter.
  • the acquiring module of the second device includes: the second receiving unit is further configured to configure a tunnel configuration parameter in the first device, and the second device has also configured a tunnel configuration parameter.
  • the first device sends a tunnel establishment request message, where the tunnel request message carries the tunnel configuration parameter that is configured by the first device, and the comparison unit is configured to configure the first device.
  • the tunnel configuration parameter is compared with the configured tunnel configuration parameter of the local device, and the smaller tunnel configuration parameter in the comparison result is set to the current tunnel configuration parameter of the second device; the second sending unit is further set to The first device
  • the sending tunnel establishes a first response message, where the tunnel establishment first response message carries the current tunnel configuration parameter of the second device.
  • the first device further includes: a comparison module, configured to compare a current tunnel configuration parameter of the second device with a configured tunnel configuration parameter of the local device, and compare a smaller tunnel configuration parameter in the comparison result.
  • the sending module is configured to send a tunnel to the second device to establish a second response message, where the tunnel establishment second response message carries the first device Current tunnel configuration parameters.
  • the embodiment of the present invention obtains a unified tunnel configuration parameter by using the interaction process between the first device and the second device, so that the first device and the second device can establish a tunnel through the unified tunnel configuration parameter.
  • the LAC and the LNS are configured in the related art, and the manual configuration is adopted, which results in low timeliness, high maintenance cost, and easy configuration error, and is manually configured.
  • FIG. 1 is a schematic diagram of an L2TP network topology according to the related art
  • FIG. 2 is a flowchart of a method for establishing an L2TP tunnel according to an embodiment of the present invention
  • FIG. 3 is a system for establishing an L2TP tunnel according to an embodiment of the present invention
  • FIG. 4 is a structural block diagram of an acquisition module of a first device according to an embodiment of the present invention.
  • FIG. 5 is a structural block diagram of an acquisition module of a second device according to an embodiment of the present invention.
  • FIG. 6 is a block diagram of an acquisition module according to an embodiment of the present invention.
  • FIG. 7 is a structural block diagram of a second device according to an embodiment of the present invention;
  • FIG. 8 is a structural block diagram of a first device according to an embodiment of the present invention.
  • FIG. 9 is a block diagram of a first device according to an embodiment of the present invention.
  • FIG. 10 is a flowchart of a method for establishing an L2TP tunnel according to Embodiment 1 of the present invention;
  • FIG. 11 is a flowchart of a method for establishing an L2TP tunnel according to Embodiment 2 of the present invention.
  • BEST MODE FOR CARRYING OUT THE INVENTION the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
  • the configuration of the LAC and LNS is usually configured manually. Employees need to go to the LAC and the LNS to configure them.
  • the manual configuration is less time-sensitive and the maintenance cost is high. In the configuration process, the number of devices to be configured is large. It is also very easy to cause configuration errors.
  • the embodiment of the present invention provides a method for establishing an L2TP tunnel.
  • the process of the method is as shown in FIG. 2, and includes steps S202 to S204: Step S202, the first device and the second device at both ends of the tunnel pass.
  • the message interaction acquires a unified tunnel configuration parameter.
  • Step S204 The first device and the second device establish a tunnel according to the unified tunnel configuration parameter.
  • the embodiment of the present invention obtains a unified tunnel configuration parameter by using the interaction process between the first device and the second device, so that the first device and the second device can establish a tunnel through the unified tunnel configuration parameter.
  • the LAC and the LNS are configured in the related art, and the manual configuration is adopted, which results in low timeliness, high maintenance cost, and easy configuration error, and is manually configured.
  • the device parameters of the entire network can be unified, the efficiency of configuration and the correct rate of configuration are improved, and the performance of the system is improved.
  • the first device and the second device are the LAC or the LNS, and the first device and the second device need to be in the same manner. Therefore, the first device and the second device are not the LAC or the LNS.
  • the first device is On the LAC
  • the second device is the LNS
  • the first device is the LNS
  • the second device is the LAC.
  • the configured tunnel configuration parameters of the first device and the second device include: a tunnel session number limiting parameter and/or a tunnel bandwidth limiting parameter.
  • the tunnel configuration parameter may be pre-configured by the first device or the second device, or the tunnel configuration parameter obtained by the first device from the AAA server may be obtained in a flexible manner.
  • the first device sends a tunnel establishment request to the second device in the following situation: the first device sends a tunnel establishment request to the second device according to the local permanent tunnel configuration; or the first device is in the user access process
  • the second device initiates a tunnel establishment request.
  • the second device receives the tunnel establishment request message of the first device.
  • the following three situations may exist.
  • the first device sends a tunnel establishment request message to the second device; the first device receives the tunnel establishment from the second device.
  • the first response message where the tunnel establishment first response message carries the tunnel configuration parameter that is configured by the second device; the first device sets the tunnel configuration parameter of the local end according to the configured tunnel configuration parameter of the second device.
  • the second device receives the first device to send a tunnel establishment request message, where the tunnel request message carries the first device.
  • the configured tunnel configuration parameter the second device sets the tunnel configuration parameter of the local device according to the configured tunnel configuration parameter of the first device; the second device sends a tunnel to the first device to establish a first response message, where the tunnel establishes the first response message. Carry the tunnel configuration parameters configured by the second device.
  • the second device receives the first device to send a tunnel establishment request message, where the tunnel request message carries the first device.
  • the configured tunnel configuration parameter; the second device compares the configured tunnel configuration parameter of the first device with the configured tunnel configuration parameter of the local device, and sets the smaller tunnel configuration parameter of the comparison result to the current current device of the second device.
  • a tunnel configuration parameter; the second device sends a tunnel to the first device to establish a first response message, where the tunnel establishment first response message carries the current tunnel configuration parameter of the second device.
  • the first device compares the current tunnel configuration parameter of the second device with the configured tunnel configuration parameter of the local end, and compares the result.
  • the smaller tunnel configuration parameter is set to the current tunnel configuration parameter of the first device.
  • the first device sends a tunnel to the second device to establish a second response message, where the tunnel establishment second response message carries the current tunnel configuration of the first device. parameter.
  • the validity of the tunnel establishment request message may be determined according to the tunnel session number limit parameter and/or the tunnel bandwidth limit parameter of the local device; or the second device The validity of the tunnel establishment request message is judged by interacting with the AAA server.
  • the tunnel establishment request message may be an SCCRQ, where the tunnel configuration parameter configured by the first device is carried in the SCCRQ message in the AVP format.
  • the tunnel establishment first response message is SCCRP, wherein the tunnel configuration parameter configured by the second device is carried in the SCCRP packet in the AVP format;
  • the second response message of the tunnel establishment is SCCCN, where the first device is currently The tunnel configuration parameters are carried in the SCCCN packet in the AVP format.
  • the embodiment further provides a system for establishing an L2TP tunnel.
  • the structural block diagram of the system is as shown in FIG.
  • the first device 1 and the second device 2 each include: an obtaining module, configured to acquire a unified tunnel configuration parameter by message interaction; and an establishing module, configured to establish a tunnel according to the unified tunnel configuration parameter.
  • the module is an acquisition module 110, and the module 120 is established.
  • the module is an acquisition module 210, and the module 220 is established.
  • both the first device 1 and the second device 2 include an acquisition module and an establishment module, the implementation functions of the modules are different.
  • the modules in the first device 1 and the second device 2 may be implemented in a processor, for example, a processor including an acquisition module 110 and an establishment module 120.
  • These modules may be implemented by software, for example, a software including an acquisition module 110 and an establishment module 120, which may also be stored in a computer readable medium.
  • the structure of the acquiring module 110 of the first device 1 is as shown in FIG. 4, and includes: a first sending unit 1102, where the tunnel configuration parameter is not configured in the first device, and the tunnel configuration parameter is configured in the second device. And sending a tunnel establishment request message to the second device.
  • the first receiving unit 1104 is coupled to the first sending unit 1102, and is configured to receive a tunnel from the second device to establish a first response message, where the tunnel establishes the first response message to be carried.
  • the tunnel configuration parameter is configured by the second device.
  • the configuration unit 1106 is coupled to the first receiving unit 1104, and is configured to set the tunnel configuration parameter of the local end according to the configured tunnel configuration parameter of the second device.
  • the structure of the acquiring module 210 of the second device 2 is as shown in FIG. 5, and includes: a second receiving unit 2102, configured to receive when the first device has configured the tunnel configuration parameter, and the second device does not configure the tunnel configuration parameter.
  • the first device sends a tunnel establishment request message, where the tunnel request message carries the tunnel configuration parameter that is configured by the first device.
  • the setting unit 2104 is coupled to the second receiving unit 2102 and configured to be configured according to the tunnel configuration parameter of the first device.
  • the tunneling configuration parameter of the local device is set.
  • the second sending unit 2106 is coupled to the setting unit 2104, and is configured to send a tunnel to the first device to establish a first response message, where the tunnel establishment first response message carries the configured configuration of the second device.
  • Tunnel configuration parameters The structure of the acquiring module 210 of the second device 2 may also be as shown in FIG. 6, including: a second receiving unit 2102, further configured to configure a tunnel configuration parameter in the first device, and the second device has also configured the tunnel configuration parameter.
  • the first device sends a tunnel establishment request message, where the tunnel request message carries the first device that has been configured.
  • the comparison unit 2108 is coupled to the second receiving unit 2102, and is configured to compare the configured tunnel configuration parameter of the first device with the configured tunnel configuration parameter of the local end, and compare the smaller one of the comparison results.
  • the tunnel configuration parameter is set to the current tunnel configuration parameter of the second device.
  • the second sending unit 2106 is coupled to the comparison unit 2108, and is further configured to send a tunnel establishment first response message to the first device, where the tunnel establishes the first response message. Carrying the current tunnel configuration parameters of the second device.
  • the second device 2 may further include a determining module 230, which is coupled to the obtaining module 210, and configured to determine the tunnel establishment according to the tunnel session number limiting parameter and/or the tunnel bandwidth limiting parameter of the local end.
  • the validity of the request message; or the second device determines the validity of the tunnel establishment request message by interacting with the AAA server.
  • the structure of the first device 1 may also be as shown in FIG. 8 , and further includes: a comparison module 130, coupled to the acquisition module 110, configured to compare the current tunnel configuration parameter of the second device with the configured tunnel configuration parameter of the local device, And setting a smaller tunnel configuration parameter in the comparison result to the current tunnel configuration parameter of the first device; the sending module 140, coupled to the comparison module 130 and the establishing module 120, configured to send a tunnel to the second device to establish a second response message,
  • the tunnel establishment second response message carries the current tunnel configuration parameter of the first device.
  • the preferred embodiment in conjunction with the tunnel establishment system, provides a method for improving the flexibility of the L2TP network.
  • the configuration parameters are transmitted through the L2TP control message to solve the current L2TP tunnel session number limit parameter and/or the tunnel bandwidth limit parameter.
  • the problem of being difficult to configure flexibly improves configuration efficiency and reduces maintenance costs for operators.
  • Step S902 The first device sends a tunnel establishment request SCCRQ to the second device.
  • Step S904 after receiving the SCCRQ sent by the first device, the second device extracts the session number restriction parameter and/or the tunnel bandwidth limit parameter of the tunnel carried in the SCCRQ, and the second device pre-configured or the second device receives from the AAA server.
  • the session number limit parameter and/or the tunnel bandwidth limit parameter to the tunnel are compared.
  • Step S906 The smaller value is selected from the comparison result and carried in the tunnel establishment response message SCCRP in the AVP manner, and sent to the first device.
  • Step S908 After receiving the SCCRP sent by the second device, the first device extracts the session number restriction parameter and/or the tunnel bandwidth limit parameter of the tunnel carried in the SCCRP, and the first device is pre-configured or the first device receives from the AAA server. The session number limit parameter and/or the tunnel bandwidth limit parameter to the tunnel are compared.
  • Step S910 Select a smaller value from the comparison result to be carried in the tunnel establishment response message SCCCN in the AVP manner, and send it to the second device.
  • the establishment of the L2TP tunnel is completed.
  • the first device and the second device are both LACs and LNSs. For example, when the first device is an LAC device, the second device is an LNS device. LAC device.
  • the first device may send a tunnel establishment request according to the local permanent tunnel configuration, and may also initiate a tunnel establishment request in the user access process. Similar to the LAC, if it is an LNS, the tunnel establishment request can also be initiated in the same way.
  • the LAC device determines whether the user in the current tunnel has reached the limit of the number of tunnel sessions and the total bandwidth of the user in the current tunnel after the new user access authentication is passed. Whether the sum of the bandwidth with the new user has reached the tunnel bandwidth limit. If one of the restrictions is reached, the LAC device sends a new tunnel establishment request to the LNS device to establish a new tunnel.
  • the LAC device and the LNS device advertise the session number limit parameter and/or the tunnel bandwidth limit parameter in the AVP format during the establishment of the L2TP tunnel, with a smaller value being the final value after the tunnel is established.
  • the preferred embodiment is applicable to L2TPv2 (Layer 2 Tunneling Protocol version 2) and L2TPv3 (Layer 2 Tunneling Protocol version 3).
  • the method for improving the flexibility of the L2TP network provided by the embodiment, the session number limiting parameter and/or the tunnel bandwidth limiting parameter are transmitted between the LAC device and the LNS device through a control message established by the L2TP tunnel, thereby implementing a tunnel-based L2TP session. Dynamically limit the number and bandwidth.
  • the LAC device sends an L2TP tunnel establishment request in the user access process, and the LNS device sends the tunnel session limit parameter to the LAC device during the tunnel establishment process.
  • steps S1002 to S1018 are included.
  • Step SI 002 the user uses PPP (PPP over Ethernet, PPPoE for short) on the Ethernet
  • the LAC device initiates an access request.
  • Step SI 004 the LAC device interacts with the AAA to complete user identity authentication.
  • Step S1006 The LAC device determines that the user is an L2TP user, and initiates a tunnel establishment request message SCCRQ to the LNS device.
  • Step S1008 After receiving the SCCRQ, the LNS device determines whether the request is legal. If it is legal, step S1010 is performed, otherwise step S1018 is performed.
  • Step S1010 The tunnel session number restriction parameter in the corresponding L2TP tunnel configuration is carried in the SCCRP message and sent to the LAC device.
  • the LNS device can determine whether the tunnel establishment request of the LAC device is legal according to the local tunnel configuration information, or interact with the AAA to determine the legality of the request.
  • Step S1012 After receiving the SCCRP message, the LAC device extracts the tunnel session number restriction parameter in the message and stores it in the tunnel parameter list, and sends an SCCCN message to the LNS device to complete the tunnel establishment.
  • the LAC device interacts with the LNS device to complete the L2TP session establishment.
  • Step S1016 The LNS device interacts with the user to complete user access. Step S1018, stopping the establishment process of the tunnel.
  • the LAC device receives the new PPP user access request and completes the user identity authentication, if the user is also an L2TP user that belongs to the same LNS device, and the new tunnel is not mandatory (for example, the AAA does not send a new one).
  • the LAC device determines whether the number of currently existing sessions in the established L2TP tunnel has reached the session number limit of the tunnel, and determines whether the user can share the established L2TP tunnel with the accessed user. If the current number of sessions is less than the number of sessions in the tunnel, the LAC device interacts with the LNS device to establish an L2TP session. If the number of sessions has reached the limit of the number of sessions in the tunnel, the device re-establishes a new L2TP tunnel.
  • Step S1102 After the LNS device is powered on, the LNSTP tunnel is sent to the LAC device according to the pre-configured static L2TP tunnel information to establish an L2TP tunnel, and carries the pre-configured tunnel bandwidth limit parameter.
  • Step S1104 After receiving the SCCRQ message, the LAC device determines whether the request is legal. If it is legal, step S1106 is performed; otherwise, step S1110 is performed. Step S1106, returning an SCCRP message to the LNS device.
  • the LAC device can determine whether the tunnel establishment request of the LNS device is legal according to the local tunnel configuration information, or interact with the AAA to determine whether the request is legal. If the LAC device is configured with the tunnel bandwidth limit parameter, or the AAA carries the tunnel bandwidth limit parameter in the authorization message after the tunnel authentication is passed, the LAC device compares the parameter with the tunnel bandwidth limit parameter carried in the SCCRQ. The value is sent to the LNS device. Step S1108: The LNS device returns an SCCCN message to the LAC device to complete tunnel establishment. If the tunnel bandwidth limit parameter in the SCCRP is smaller than the tunnel bandwidth limit parameter configured on the LNS device, the LNS device uses a smaller value in the tunnel. Step S1110, stopping the establishment process of the tunnel.
  • the AAA carries the subscription bandwidth information of the user to the LAC device in the authorization message. If the LAC device determines that the user is an L2TP user and belongs to the same LNS device, the comparison is established.
  • the LAC device and the LNS device establish an L2TP session.
  • the LNS device interacts with the user to complete the L2TP user access.
  • the LAC device initiates a new L2TP tunnel establishment request to the LNS device, or the LAC device rejects the request.
  • the LAC device sends an advertisement message to the LNS device to notify the L2TP user that the total bandwidth has exceeded the tunnel bandwidth limit, and the L2TP tunnel is re-established to meet the access requirement of the user.
  • the embodiment of the present invention obtains unified tunnel configuration parameters by using the interaction process between the first device and the second device, so that the first device and the second device are Tunnels can be established through uniform tunnel configuration parameters.
  • the LAC and the LNS are configured in the related art, and the manual configuration is adopted, which results in low timeliness, high maintenance cost, and easy configuration error, and is manually configured.
  • the device parameters of the entire network can be unified, the efficiency of configuration and the correct rate of configuration are improved, and the performance of the system is improved.
  • modules or steps of the embodiments of the present invention can be implemented by a general computing device, which can be concentrated on a single computing device or distributed in multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from The steps shown or described are performed sequentially, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
  • the above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé et un système d'établissement d'un tunnel L2TP. Le procédé met en œuvre un premier dispositif et un second dispositif placés aux deux extrémités d'un tunnel qui font l'acquisition d'un paramètre unifié de configuration de tunnel au moyen d'interaction de messages ; et le premier et le second dispositif établissent le tunnel conformément au paramètre unifié de configuration de tunnel. En appliquant la présente invention, on résout le problème de la technique concernée, car au cours du processus de configuration d'un LAC et d'un LNS, on aboutit à une efficacité de courte durée et à des coûts de maintenance élevés, et il est facile de provoquer une erreur de configuration, lorsqu'une configuration manuelle est généralement adoptée, et ensuite, au cours du processus de configuration artificielle, l'unification des paramètres des dispositifs de la totalité du réseau peut être réalisée en ne configurant qu'un seul dispositif, ce qui améliore la performance du système.
PCT/CN2013/081395 2012-08-29 2013-08-13 Procédé et système d'établissement de tunnel l2tp WO2014032518A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210312664.2A CN103634189A (zh) 2012-08-29 2012-08-29 L2tp隧道的建立方法及系统
CN201210312664.2 2012-08-29

Publications (1)

Publication Number Publication Date
WO2014032518A1 true WO2014032518A1 (fr) 2014-03-06

Family

ID=50182478

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/081395 WO2014032518A1 (fr) 2012-08-29 2013-08-13 Procédé et système d'établissement de tunnel l2tp

Country Status (2)

Country Link
CN (1) CN103634189A (fr)
WO (1) WO2014032518A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108183849B (zh) * 2016-12-08 2021-01-08 上海朋熙半导体有限公司 基于l2tp的设备管理方法、设备及系统
CN114793187B (zh) * 2021-01-07 2024-03-01 大唐移动通信设备有限公司 L2tp消息的处理方法、装置及存储介质
CN114928664B (zh) * 2022-06-16 2023-10-31 中国电信股份有限公司 网络隧道建立方法及装置、存储介质及电子设备
CN115190132B (zh) * 2022-06-30 2024-01-19 上海量讯物联技术有限公司 L2tp负载调度方法,装置及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6950862B1 (en) * 2001-05-07 2005-09-27 3Com Corporation System and method for offloading a computational service on a point-to-point communication link
CN101378349A (zh) * 2007-08-30 2009-03-04 华为技术有限公司 数据传输隧道计算方法以及数据传输隧道管理装置
CN101453527A (zh) * 2007-11-30 2009-06-10 华为技术有限公司 一种动态策略转换的方法、网络系统及网络设备
CN101742690A (zh) * 2008-11-27 2010-06-16 华为技术有限公司 一种ap网络传输优化方法、系统及设备

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098201B (zh) * 2009-12-14 2014-08-20 中兴通讯股份有限公司 一种实现l2tp用户接入备份的方法及网络系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6950862B1 (en) * 2001-05-07 2005-09-27 3Com Corporation System and method for offloading a computational service on a point-to-point communication link
CN101378349A (zh) * 2007-08-30 2009-03-04 华为技术有限公司 数据传输隧道计算方法以及数据传输隧道管理装置
CN101453527A (zh) * 2007-11-30 2009-06-10 华为技术有限公司 一种动态策略转换的方法、网络系统及网络设备
CN101742690A (zh) * 2008-11-27 2010-06-16 华为技术有限公司 一种ap网络传输优化方法、系统及设备

Also Published As

Publication number Publication date
CN103634189A (zh) 2014-03-12

Similar Documents

Publication Publication Date Title
EP3627793B1 (fr) Procédé et dispositif de traitement de session
JP7035163B2 (ja) ネットワークセキュリティ管理方法および装置
CN107580065B (zh) 一种私有云接入方法及设备
EP2533466B1 (fr) Procédé et appareil pour la fourniture d'un accès au réseau à une entité utilisateur
JP6074520B2 (ja) オープンフロー可能なWiFi管理エンティティアーキテクチャ
US8363658B1 (en) Dynamic firewall and dynamic host configuration protocol configuration
US9258295B1 (en) Secure over-the-air provisioning for handheld and desktop devices and services
JP6936393B2 (ja) パラメータ保護方法及びデバイス、並びに、システム
WO2013155943A1 (fr) Procédé et système permettant de créer un réseau virtuel
WO2013107136A1 (fr) Procédé d'authentification d'accès de terminal et équipement des locaux d'abonné
WO2019041937A1 (fr) Procédé de délestage de trafic et appareil associé dans un scénario d'itinérance
WO2014029367A1 (fr) Procédé, dispositif et système de configuration dynamique
WO2018192179A1 (fr) Procédé et dispositif d'attribution d'adresse ip
WO2011150610A1 (fr) Procédé et système permettant d'ajuster dynamiquement des services de bande passante, et système de politique de large bande
WO2018196587A1 (fr) Procédé et appareil d'authentification d'utilisateur dans un réseau convergent
WO2014176964A1 (fr) Procédé de gestion de communication et système de communication
CN103781073B (zh) 移动用户固网的接入方法及系统
WO2014032518A1 (fr) Procédé et système d'établissement de tunnel l2tp
WO2009074072A1 (fr) Procédé, système de réseau et équipement de réseau de conversion de stratégie dynamique
WO2012163159A1 (fr) Procédé et dispositif d'unification de serveur aaa de réseau d'entreprise et de serveur aaa de réseau public
WO2022193086A1 (fr) Procédé de communication, appareil de communication et système de communication
US20190171610A1 (en) Managing actions of a network device based on policy settings corresponding to a removable wireless communication device
WO2015090035A1 (fr) Procédé, dispositif et système de partage et de traitement de partage de ressources de réseau
JP2023527193A (ja) サービス取得方法、装置、通信機器及び可読記憶媒体
WO2022067831A1 (fr) Procédé et appareil d'établissement d'une communication sécurisée

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13833756

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13833756

Country of ref document: EP

Kind code of ref document: A1