基于隧道模式的动态多出口多业务网络接入的研究与实现
|
摘要
随着高校扩招和教育信息化的开展,我国加强了高校校园网的建设。校园网从原先单一的教育网(CERNET)出口,发展到现在的多出口网络(CERNET和本地ISP两出口并存)。如今,网络服务日益增多,部分用户对网络服务质量提出了更高的要求。传统的多出口单业务网络已经不能满足高端用户的需求。
基于隧道技术的动态多出口多业务网络接入方案是为了让多个运营商同时提供宽带接入服务而提出的。多出口多业务的核心技术问题是实现面向用户面向业务的动态路由能力。这种需求是传统路由器的面向IP的路由模式所不能满足的。本方案基于隧道,客户端策略路由,网关调度三种技术有机结合,低成本的实现了多出口多业务网络解决方案。其的特点在于:
1.采用客户端策略路由,可以提供灵活的路由选择能力;
2.通过隧道,将客户端策略路由和传统IP路由结合起来完成面向业务的路由;
3.中心网关动态调度创建隧道,实现业务选择和管理;4.多接入模式并存,原有接入方式和隧道接入方式并存且互不影响,用户根据需要灵活选择;
5.采用三层隧道技术,不受具体的网络接入设备影响,适应复杂的网络结构;
6.网络建设简单,无需改变原有网络结构,成本低;
7.支持各运营商独立计费,多种网络运营方式并存;
8.支持负载平衡,当用户数量增加时,只需增加接入网关就能完成扩容。
目前此方案已经在某高校试点运行,结果证明方案的易用型、灵活性和可扩展性,可以方便在已有的校园网中实现多业务。事实证明,将隧道技术、客户端策略路由以及中心网关调度三者结合起来,低成本的解决了校园网多出口、多业务需求的技术问题。本方案不仅可用于校园网,也可用于企业或者小区的改造。
With the development of College Expansion and education informationize, our country reinforces the construction of campus network. Campus Network develops from single CERNET exports to multi-network (CERNET exists with local ISP). Today, the numbers of network services increases rapidly, thus, users need higher quality in network services. The traditional network which is multi-exports but single service has been unable to meet the demand of the users who need better service of network.
The dynamic multi-exports and multi-services network solution based on Tunnel pattern is designed to allow more ISP provide services in one campus network. The key technology of multi-exports and multi-services is implementing dynamic routing technology which is user-oriented and service-oriented. This solution integrates three technologies, which are Tunnel, strategy routing by the client and gateway scheduling, and could achieve the multi-exports and multi-services network with lower cost. This solution has many advantages as follows:
1. It can provide flexible routing capabilities by strategy routing on the client;
2. Integrated client strategy routing with traditional IP routing by Tunnel to implement business-oriented routing;
3. Centre gateway create tunnel dynamic and implement the selection and management of different business;
4. Multi-experts exist and worded independently, User can chose expert flexibly;
5. Don't affected by network equipment and adapt to complex network structure by use the layer three Tunnel technology;
6. Easy to rebuild network, It needn't to changing the original network structure and have a low cost;
7. Support billing by different ISP and multiple network operators;
8. Support load balancing, when the number of users increases, we can only increase the gateway to expand the network.
At present, this solution has been running in several colleges, It is proved to be simple, flexible and easy to expanded. It can build multi-services campus network conveniently. It is proved that the technology that integrating the Tunnel technology, strategy routing by the client and center gateway scheduling could meet the requirements of campus for multi-exports and multi-services in a lower cost. This solution not only can be used in the campus network, but also can be used in enterprises or district.
基于隧道技术的动态多出口多业务网络接入方案是为了让多个运营商同时提供宽带接入服务而提出的。多出口多业务的核心技术问题是实现面向用户面向业务的动态路由能力。这种需求是传统路由器的面向IP的路由模式所不能满足的。本方案基于隧道,客户端策略路由,网关调度三种技术有机结合,低成本的实现了多出口多业务网络解决方案。其的特点在于:
1.采用客户端策略路由,可以提供灵活的路由选择能力;
2.通过隧道,将客户端策略路由和传统IP路由结合起来完成面向业务的路由;
3.中心网关动态调度创建隧道,实现业务选择和管理;4.多接入模式并存,原有接入方式和隧道接入方式并存且互不影响,用户根据需要灵活选择;
5.采用三层隧道技术,不受具体的网络接入设备影响,适应复杂的网络结构;
6.网络建设简单,无需改变原有网络结构,成本低;
7.支持各运营商独立计费,多种网络运营方式并存;
8.支持负载平衡,当用户数量增加时,只需增加接入网关就能完成扩容。
目前此方案已经在某高校试点运行,结果证明方案的易用型、灵活性和可扩展性,可以方便在已有的校园网中实现多业务。事实证明,将隧道技术、客户端策略路由以及中心网关调度三者结合起来,低成本的解决了校园网多出口、多业务需求的技术问题。本方案不仅可用于校园网,也可用于企业或者小区的改造。
With the development of College Expansion and education informationize, our country reinforces the construction of campus network. Campus Network develops from single CERNET exports to multi-network (CERNET exists with local ISP). Today, the numbers of network services increases rapidly, thus, users need higher quality in network services. The traditional network which is multi-exports but single service has been unable to meet the demand of the users who need better service of network.
The dynamic multi-exports and multi-services network solution based on Tunnel pattern is designed to allow more ISP provide services in one campus network. The key technology of multi-exports and multi-services is implementing dynamic routing technology which is user-oriented and service-oriented. This solution integrates three technologies, which are Tunnel, strategy routing by the client and gateway scheduling, and could achieve the multi-exports and multi-services network with lower cost. This solution has many advantages as follows:
1. It can provide flexible routing capabilities by strategy routing on the client;
2. Integrated client strategy routing with traditional IP routing by Tunnel to implement business-oriented routing;
3. Centre gateway create tunnel dynamic and implement the selection and management of different business;
4. Multi-experts exist and worded independently, User can chose expert flexibly;
5. Don't affected by network equipment and adapt to complex network structure by use the layer three Tunnel technology;
6. Easy to rebuild network, It needn't to changing the original network structure and have a low cost;
7. Support billing by different ISP and multiple network operators;
8. Support load balancing, when the number of users increases, we can only increase the gateway to expand the network.
At present, this solution has been running in several colleges, It is proved to be simple, flexible and easy to expanded. It can build multi-services campus network conveniently. It is proved that the technology that integrating the Tunnel technology, strategy routing by the client and center gateway scheduling could meet the requirements of campus for multi-exports and multi-services in a lower cost. This solution not only can be used in the campus network, but also can be used in enterprises or district.
引文
[1]向杰,基于RADIUS协议的无线数据业务预付费解决方案[D],电子科技大学,2005年5月
[2]卿斯汉著,密码学与计算机网络安全[M],清华大学出版社,2001.7
[3]杨明,基于认证测试的安全协议分析[J],软件学报,2006,No.1,152-160
[4]张雪,对等网中隧道技术的研究与实现[D],国防科学技术大学,2005.9
[5]RFC2003 IP Encapsulation with in IP.C.Perkins.october1996
[6]RFC2004 Minimal Encapsulation within IP.C.Pekrins.Oetober1996
[7]RFC1701 Generic Routing Encapsulation(GRE)S.Hanks,T.Li,D.Farinacci p.Traina.October1994
[8]Carlton R.Davis.IPSec:Securing VPNs.MaGraw-Hill Companies,2001
[9]Davis Carlton RIPSec,VPN的安全实施[M],清华大学出版社,2002
[10]Carlton R.Davis.IPSec:Securing VPNs.MaGraw-Hill Companies,2001
[11]郝辉、钱华林,VPN及其隧道技术研究[J],微电子学与计算机,2004,Vol.21No.11,44-47
[12]孙鹏程,基于隧道技术的企业VPN方案研究[D],西安电子科技大学,2007.1
[13]Carlton R.Davis著.周永彬等译,IPSec VPN的安全实施[M],清华大学出版社,2002.1
[14]李睿,VPN隧道技术的研究及其实现[D],同济大学,2007.5
[15]K.Hamzeh,et al,"Point-to-Point Tunneling Protocal(PPTP)",PFC2637,1999.6
[16]Valeneia.A,Littlewood.M andT.Kolar,CiseoLayerTwoForwarding(Protoeol)L2F,RFC2341,1998.5
[17]王延年,隧道技术及其应用研究[D],郑州大学,2001.5
[18]黄浩、谢冬青,L2TP下可信的VPN方案设计与实现[J],计算机工程,2006.10,vol.32,No.20,157-159
[19]S.Kent,R.Atkinson.Security Associations.RFC2408 IETF,November 1998,p1-34
[20]胡道元,京华编著,网络安全[M],清华大学出版社,2003 12,188-191
[21]何宝宏,VPN隧道协议发展现状[M],中国数据通信,2001.6,49-51
[22]张雪,对等网中隧道技术的研究与实现[D],国防科技大学,2005.9
[23]肖永华,网络地址翻译与策略路由应该注意的问题,http://www.cew.com.en/htm/net/seminar/01824es5.asp
[24]黄敏、张卫东等,基于策略路由的网络设计与实践[J],计算机应用,2002,72-73
[25]白伟华,李吉桂,NAT技术及其穿越方案研究[J],计算机科学2005,Vol.32NQ.8,44-45
[26]Srisuresh P,Holdrege M.NAT terminology and considerations.http://www.ietf.org/rfc/rfc2663.txt
[27]Marsh M G,Linux环境下基于策略的路由.http://www.Linuxaid.com.cn/articles/5/0/507500984.shtml
[28]刘风华,丁贺龙,张永平,关于NAT技术的研究与应用[J],计算机工程与设计,2006.5,Vol27,No.10,1814-1817
[29]褚建立,马雪松,多出口校园网路由策略技术及其实现方法[J],邢台职业技术学院学报,2005.10.,Vol.22,No.5,48-50
[30]王述国,基于防火墙和策略路由的校园网双出口实现[D],大连理工大学硕,2007.5
[31]刘金锁,基于802.IX的宽带接入智能安全园区网的究与实现[D],西南交通大学,2006.12
[32]李昕,左明,WEB认证及802.1X认证的比较[J],现代计算机,2003.11,52-54
[33]邢小良,宽带网接入认证的发展方向-Web认证[J],通信世界,2002,Vol12:23-24
[34]罗传军、柴晟、赵仕伟,基于802.1x认证的校园网安全管理应用,成都航空职业技术学院学报,2007.3,Vol.23 No.1,55-57
[35]彭伟,使用802.1x实现校园网认证计算机应用[J],2003.3,Vol.23No.3,85-87
[36]赵红、刘建珍、赵伟,一种新的宽带网用户认证方式-802.1x[J],科技资讯,2007.6,112-114
[37]宗平、吉建峰,802.1x协议在宽带接入认证中的应用[J],2004年5月,Vol.30, No10,119-121
[38]L Mamakos,K Lidl,J Evarts,et al.A Method for Transmitting PPP over Ethernet (PPPoE)[S],RFC2516,1999
[39]PPP over Ethernet:A Comparison of Alternatiyes for PC-to-xESL Modern Connectivity[EB/OL],.http://www.redback.com/en-US/whitepp/pdf/wp PPPoE comparison.pdf,2002-07.
[2]卿斯汉著,密码学与计算机网络安全[M],清华大学出版社,2001.7
[3]杨明,基于认证测试的安全协议分析[J],软件学报,2006,No.1,152-160
[4]张雪,对等网中隧道技术的研究与实现[D],国防科学技术大学,2005.9
[5]RFC2003 IP Encapsulation with in IP.C.Perkins.october1996
[6]RFC2004 Minimal Encapsulation within IP.C.Pekrins.Oetober1996
[7]RFC1701 Generic Routing Encapsulation(GRE)S.Hanks,T.Li,D.Farinacci p.Traina.October1994
[8]Carlton R.Davis.IPSec:Securing VPNs.MaGraw-Hill Companies,2001
[9]Davis Carlton RIPSec,VPN的安全实施[M],清华大学出版社,2002
[10]Carlton R.Davis.IPSec:Securing VPNs.MaGraw-Hill Companies,2001
[11]郝辉、钱华林,VPN及其隧道技术研究[J],微电子学与计算机,2004,Vol.21No.11,44-47
[12]孙鹏程,基于隧道技术的企业VPN方案研究[D],西安电子科技大学,2007.1
[13]Carlton R.Davis著.周永彬等译,IPSec VPN的安全实施[M],清华大学出版社,2002.1
[14]李睿,VPN隧道技术的研究及其实现[D],同济大学,2007.5
[15]K.Hamzeh,et al,"Point-to-Point Tunneling Protocal(PPTP)",PFC2637,1999.6
[16]Valeneia.A,Littlewood.M andT.Kolar,CiseoLayerTwoForwarding(Protoeol)L2F,RFC2341,1998.5
[17]王延年,隧道技术及其应用研究[D],郑州大学,2001.5
[18]黄浩、谢冬青,L2TP下可信的VPN方案设计与实现[J],计算机工程,2006.10,vol.32,No.20,157-159
[19]S.Kent,R.Atkinson.Security Associations.RFC2408 IETF,November 1998,p1-34
[20]胡道元,京华编著,网络安全[M],清华大学出版社,2003 12,188-191
[21]何宝宏,VPN隧道协议发展现状[M],中国数据通信,2001.6,49-51
[22]张雪,对等网中隧道技术的研究与实现[D],国防科技大学,2005.9
[23]肖永华,网络地址翻译与策略路由应该注意的问题,http://www.cew.com.en/htm/net/seminar/01824es5.asp
[24]黄敏、张卫东等,基于策略路由的网络设计与实践[J],计算机应用,2002,72-73
[25]白伟华,李吉桂,NAT技术及其穿越方案研究[J],计算机科学2005,Vol.32NQ.8,44-45
[26]Srisuresh P,Holdrege M.NAT terminology and considerations.http://www.ietf.org/rfc/rfc2663.txt
[27]Marsh M G,Linux环境下基于策略的路由.http://www.Linuxaid.com.cn/articles/5/0/507500984.shtml
[28]刘风华,丁贺龙,张永平,关于NAT技术的研究与应用[J],计算机工程与设计,2006.5,Vol27,No.10,1814-1817
[29]褚建立,马雪松,多出口校园网路由策略技术及其实现方法[J],邢台职业技术学院学报,2005.10.,Vol.22,No.5,48-50
[30]王述国,基于防火墙和策略路由的校园网双出口实现[D],大连理工大学硕,2007.5
[31]刘金锁,基于802.IX的宽带接入智能安全园区网的究与实现[D],西南交通大学,2006.12
[32]李昕,左明,WEB认证及802.1X认证的比较[J],现代计算机,2003.11,52-54
[33]邢小良,宽带网接入认证的发展方向-Web认证[J],通信世界,2002,Vol12:23-24
[34]罗传军、柴晟、赵仕伟,基于802.1x认证的校园网安全管理应用,成都航空职业技术学院学报,2007.3,Vol.23 No.1,55-57
[35]彭伟,使用802.1x实现校园网认证计算机应用[J],2003.3,Vol.23No.3,85-87
[36]赵红、刘建珍、赵伟,一种新的宽带网用户认证方式-802.1x[J],科技资讯,2007.6,112-114
[37]宗平、吉建峰,802.1x协议在宽带接入认证中的应用[J],2004年5月,Vol.30, No10,119-121
[38]L Mamakos,K Lidl,J Evarts,et al.A Method for Transmitting PPP over Ethernet (PPPoE)[S],RFC2516,1999
[39]PPP over Ethernet:A Comparison of Alternatiyes for PC-to-xESL Modern Connectivity[EB/OL],.http://www.redback.com/en-US/whitepp/pdf/wp PPPoE comparison.pdf,2002-07.