支持高性能IPv4/IPv6路由器的一体化网络管理结构
|
摘要
传统的网络管理结构一般直接采用SNMP协议提出的网络管理基本模型。随着计算机网络的迅速发展,该模型管理方式单一、扩展能力较差、应对极端情况能力不足以及管理安全性不高等方面的弱点日趋突出。作为IPv6骨干网络的重要组成部分,高性能IPv4/IPv6路由器迫切需要新型的网络管理系统。其网络管理系统在解决以上问题的基础上,还必须支持IPv4/IPv6双协议栈的网络管理,并保证较高的安全性能。
本文的主要研究内容是支持高性能IPv4/IPv6路由器的网络管理结构。课题研究得到了国家863计划信息技术领域通信技术主题的重大项目“高性能IPv6路由器基础平台及实验系统”项目和“可扩展到T比特的高性能IPv4/v6路由器基础平台及实验系统”的资助。本文在分析SNMP基本原理的基础上,结合IPv4/IPv6路由器网络管理系统的设计问题,提出了支持IPv4/IPv6双栈路由器的新型网络管理结构。该结构解决了网络管理系统管理方式单一、扩展能力较差等方面的问题,并提高了路由器网络管理的安全性能。
本文所做的主要工作如下:
研究了网络管理技术的国内外研究现状和技术发展趋势,分析了网络管理系统的总体结构,对网络管理系统的模块进行了划分,提出了支持高性能IPv4/IPv6路由器的一体化网络管理结构INMF。该结构为多种管理接入方式提供统一的接口,并对系统的运行信息和配置文件进行集中的管理。详细分析了INMF的设计思想和具体实现方法。
分析了一体化网络管理结构中网络管理工作站的结构模型,提出了一种基于消息服务器的网络管理工作站结构,采用消息服务器来负责系统内部的通信,提高了内部通信效率和系统的可扩展性;分析了网络管理代理的结构,给出了支持SNMPv3框架的代理结构。
研究了IPv6和SNMPv3协议的主要特点及功能,指出在实际开发网络管理系统时支持IPv6和SNMPv3协议的关键点,并在实现的基础上进行了相应的测试。
综合分析了SNMP协议在消息加密、认证和访问控制方面的安全特性,重点研究了SNMPv3协议定义的USM和VACM安全模型,深入探讨了基于INMF的高性能IPv4/v6路由器网络管理安全策略。
Traditional network management structures generally adopt the basic model put forward in SNMP protocol. With the rapid development of the computer network, the deficiency of this model is becoming more outstanding in the singleness of manage methods, badness of expandability, lack of the capability to reply the extreme instance, and insecurity of management. The high-performance IPv4/IPv6 router is an important component of the backbone IPv6 networks, and its need for new network management system is extremely urgent. The system should not only solve the above problems, but also support the management of IPv4/IPv6 dual-stack, and guarantee relatively high security performance.The main contents of the dissertation are network management structures which support the high-performance IPv4/IPv6 router. The study of this subject is funded by the great projects named "High-performance IPv6 router basic platform and experimental system" and "T bit high-performance IPv4/v6 router basic platform and experimental system", which belong to the information technology field communication technological subject of National High Technology Research and Development Program of China (863 Program). Based on the analysis of SNMP basic principle, this dissertation considered the design of IPv4/IPv6 router's network management system, and proposed a new network management structure support EPv4/EPv6 dual-stack router. The structure has solved the problem of the network management system in the singleness of manage methods and badness of expandability, and improved the security performance of router network management.The main work this dissertation does is as follows:Firstly, the current situation and development trend of network management technology both at home and abroad are studied. The whole architecture of network management system is analyzed, and the module to the network management system is divided. We propose an integrated network management framework which offers the unified interface for many kinds of management's access ways, and manages the operation information and configure files of system centrally. Then we analyze the design philosophy and implementation method of INMF in detail.Secondly, the dissertation analyzes the structure model of the network management station in the INMF, and proposes a structure of message-server-based network management station, which processes communication within the system through a message server. The structure has improved the efficiency of inside communication and the expansibility of system. We have analyzed the structure of network management agent, and designed the model that supports
SNMPv3 in the framework.Thirdly, the main characteristic and function of IPv6 and SNMPv3 protocol is studied, and the keys to support IPv6 and SNMPv3 protocol in the actual network management system development are pointed out. Afterwards practical tests are carried on.Fourthly, considering the security feature of SNMP protocol in message encryption, authentication and access control, the security model of USM and VACM that are defined by SNMPv3 protocol are emphasized. Then the security of network management based on INMF in high-performance FPv4/IPv6 router is discussed.
本文的主要研究内容是支持高性能IPv4/IPv6路由器的网络管理结构。课题研究得到了国家863计划信息技术领域通信技术主题的重大项目“高性能IPv6路由器基础平台及实验系统”项目和“可扩展到T比特的高性能IPv4/v6路由器基础平台及实验系统”的资助。本文在分析SNMP基本原理的基础上,结合IPv4/IPv6路由器网络管理系统的设计问题,提出了支持IPv4/IPv6双栈路由器的新型网络管理结构。该结构解决了网络管理系统管理方式单一、扩展能力较差等方面的问题,并提高了路由器网络管理的安全性能。
本文所做的主要工作如下:
研究了网络管理技术的国内外研究现状和技术发展趋势,分析了网络管理系统的总体结构,对网络管理系统的模块进行了划分,提出了支持高性能IPv4/IPv6路由器的一体化网络管理结构INMF。该结构为多种管理接入方式提供统一的接口,并对系统的运行信息和配置文件进行集中的管理。详细分析了INMF的设计思想和具体实现方法。
分析了一体化网络管理结构中网络管理工作站的结构模型,提出了一种基于消息服务器的网络管理工作站结构,采用消息服务器来负责系统内部的通信,提高了内部通信效率和系统的可扩展性;分析了网络管理代理的结构,给出了支持SNMPv3框架的代理结构。
研究了IPv6和SNMPv3协议的主要特点及功能,指出在实际开发网络管理系统时支持IPv6和SNMPv3协议的关键点,并在实现的基础上进行了相应的测试。
综合分析了SNMP协议在消息加密、认证和访问控制方面的安全特性,重点研究了SNMPv3协议定义的USM和VACM安全模型,深入探讨了基于INMF的高性能IPv4/v6路由器网络管理安全策略。
Traditional network management structures generally adopt the basic model put forward in SNMP protocol. With the rapid development of the computer network, the deficiency of this model is becoming more outstanding in the singleness of manage methods, badness of expandability, lack of the capability to reply the extreme instance, and insecurity of management. The high-performance IPv4/IPv6 router is an important component of the backbone IPv6 networks, and its need for new network management system is extremely urgent. The system should not only solve the above problems, but also support the management of IPv4/IPv6 dual-stack, and guarantee relatively high security performance.The main contents of the dissertation are network management structures which support the high-performance IPv4/IPv6 router. The study of this subject is funded by the great projects named "High-performance IPv6 router basic platform and experimental system" and "T bit high-performance IPv4/v6 router basic platform and experimental system", which belong to the information technology field communication technological subject of National High Technology Research and Development Program of China (863 Program). Based on the analysis of SNMP basic principle, this dissertation considered the design of IPv4/IPv6 router's network management system, and proposed a new network management structure support EPv4/EPv6 dual-stack router. The structure has solved the problem of the network management system in the singleness of manage methods and badness of expandability, and improved the security performance of router network management.The main work this dissertation does is as follows:Firstly, the current situation and development trend of network management technology both at home and abroad are studied. The whole architecture of network management system is analyzed, and the module to the network management system is divided. We propose an integrated network management framework which offers the unified interface for many kinds of management's access ways, and manages the operation information and configure files of system centrally. Then we analyze the design philosophy and implementation method of INMF in detail.Secondly, the dissertation analyzes the structure model of the network management station in the INMF, and proposes a structure of message-server-based network management station, which processes communication within the system through a message server. The structure has improved the efficiency of inside communication and the expansibility of system. We have analyzed the structure of network management agent, and designed the model that supports
SNMPv3 in the framework.Thirdly, the main characteristic and function of IPv6 and SNMPv3 protocol is studied, and the keys to support IPv6 and SNMPv3 protocol in the actual network management system development are pointed out. Afterwards practical tests are carried on.Fourthly, considering the security feature of SNMP protocol in message encryption, authentication and access control, the security model of USM and VACM that are defined by SNMPv3 protocol are emphasized. Then the security of network management based on INMF in high-performance FPv4/IPv6 router is discussed.
引文
[1] J.Case, M.Fedor, M.Schoffstall and J.Davin. A Simple Network Management Protocol(SNMP).RFC1157, 1990.5
[2] D.Harrington, R.Presuhn and B.Wijnen. An Architecture for Describing SNMP Management Frameworks. RFC2571, 1999.4
[3] William Stallings著,胡成松、汪凯泽.SNMP网络管理.北京:中国电力出版社,2001.9
[4] William Stallings. SNMP and SNMPv2: The Infrastructure for Network Management, IEEE Commun. Mag., 1998.3
[5] D.Harrington, R.Presuhn and B.Wijnen. An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks. RFC 3411, 2002.12
[6] William Stallings. Security Comes to SNMP: The New SNMPv3 Proposed Interact Standards, The Internet Protocol Journal, vol 1(3), 1998.12
[7] William Stallings著,胡成松、汪凯译.SNMP网络管理.北京:中国电力出版社,2001.9
[8] Mani Subramanian著.网络管理——原理与实践(影印版).北京:高等教育出版社,2001.6
[9] K.McCloghrie, M.Rose. Management Information Base for Network Management of TCP/IP-based internets: MIB-Ⅱ.RFC1213, 1991.3
[10] M.Rose, K.McCloghrie. Structure and Identification of Management Information for TCP/IP-based Internets, RFC1155, 1990.3
[11] David Zeltserman著.SNMPV3与网络管理.北京:人民邮电出版社,2000.5
[12] U.Blumenthal, B.Wijnen. User-Based Security Model (USM) for Version 3 of the Simple Network Management Protocol (SNMPv3). RFC 3414, 2002.12
[13] B.Wijnen, R.Presulm and K.McCloghrie. View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP), RFC3415, 2002.12
[14] 兰巨龙.高性能IPv6路由器基础平台及实验系统需求分析说明书,V1.0,国家数字交换系统工程技术研究中心,2002.8
[15] 汪斌强.可扩展到T比特的高性能IPv4/IPv6路由器基础平台及实验系统总体实施方案—系统总体设计,国家数字交换系统工程技术研究中心,2003.10
[16] R.Hinden and S.Deering. IP Version 6 Addressing Architecture. RFC 2373, 1998
[17] Christian Huitema著.新因特网协议IPV6(影印版第2版).北京:清华大学出版社,2000.12
[18] M.Daniele. IP Version 6 Management Information Base for the Transmission Control Protocol. RFC2452, 1998.12
[19] 岑贤道,安常青.网络管理协议及应用开发.北京:清华大学出版社,1998.7
[20] UCD-SNMP/NET-SNMP Tutorials. http://net-snmp.sourceforge.net/tutorial, 2004.9
[21] J.Case, D.Harrington, R.Presuhn and B.Wijnen. Message Processing and Dispatching for the Simple Network Management Protocol (SNMP).RFC2572, 1999.4
[22] J.Case, R.Mundy, D.Partain and B.Stewart. Introduction and Applicability Statements for Internet-Standard Management Framework. RFC 3410, 2002.12
[23] M.Rose. SNMP MUX protocol and MIB, RFC1227, 1999.3
[24] 张晓晖,李标庆.基于SNMPv3网络管理中的策略应用.通讯世界,2002.10
[25] Mark A Miller,P.E.著,晏明峰泽.用SNMP管理互联网络(第3版).北京:中国水利水电出版社,2001.3
[26] Andrew S.Tanenbaum著.计算机网络(第4版).北京:清华大学出版社,2004.8
[27] Sean Hamedy著,胡谷雨、张巍等译.简单网络管理协议教程(第2版).北京:电子工业出版社,2000.8
[28] 胡谷雨.现代通信网和计算机网管理.北京:电子工业出版社,1996.4
[29] D.Haskin, S.Onishi. Management Information Base for IP Version 6: Textual Conventions and General Group. RFC2465, 1998.12
[30] D.Haskin, S.Onishi. Management Information Base for IP Version 6: ICMPv6 Group. RFC2466, 1998.12
[31] M.Daniele. IP Version 6 Management Information Base for the User Datagram Protocol. RFC2454, 1998.12
[32] J.Case, K.McCloghrie, M.Rose and S.Waldbusser. Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2). RFC1906. 1996.1
[33] R.Gilligan, E.Nordmark. Transition Mechanisms for IPv6 Hosts and Routers. RFC2893, 2000.8
[34] R.J.Moorhead, K.Amirthalingam. SNMP-An Overview of its Merits and Demerits, 180-3. Proceedings of the Twenty-Seventh Southeastern Symposium on System Theory. Starkvill, MS, 1995.3, Los Alamitos, CA: IEEE Computer Society Press, 1995
[35] SNMP Research Intemational. http://www.snmp.com, 2004.8
[36] William Stallings. SNMPv3: A Security Enhancement For SNMP, IEEE Communications Surveys Fourth Quarter, vol 1(1), 1998
[37] Worrki H.J. Web-based internet service and network management.IEEE Communication Mag., vol 10, 1997
[38] U.Blumenthal, N.Hien, and B.Wijnen. Key Derivation for Network Management Applications. IEEE Network, 1997.5
[39] Ray Hunt. SNMP and CMIP-the technologies for multivendor network management. Computer Communication, vol 20, 1997
[40] Rabie S. Integrated network management: technologies and implementation experience. In: Proceedinds of the INFOCOM'92, 1992. p1020-1027
[41] Fei Xiang, Wu jieyi and Luo Jun et al. Intelligent integrated network management based on distributed cooperative multiagent model. In: Siririuchatapong Pansak eds. Proceedinds of the CSCWID'97. Beijing: International Academic Pubilishers, 1997, p492-495
[42] J.Filipiak. Design of network management architectures for heterogeneous networks using object oriented approach. In: Proceedinds of the Integrated Network Management. Ⅲ. 1993. p5970
[43] Wele J D. Meeting network management challenges: customization, integration and scalability. In: Proceedinds of the IEEE International Conference on Communication. 1993. p1993-1204
[44] Maston M.C. Using the world wide web and Java for network service management, Integrated Network Management V, May 1997
[45] S.Yucel, T.Kusano, T.Saydam. The Generic Service Management Architecture, Proceedings Vol. 1 ATIRP Conference January 1997
[46] 胡谷雨.网络管理技术教程.北京:希望电子出版社,2002.9
[47] 吴礼发.基于SNMP的网络管理系统分布式策略的研究.电信技术,vol 3(11),2001,p64-71
[48] 王平,赵宏,李莉.一种面向分布式网络管理的自适应可扩展模型.通信学报,vol 23(12),2002.12,p118-128
[49] Uyless Black. Network Management Standards: SNMP, CMIP, TMN, MIBs, and Object Libraries. New York McGraw Hill. 1994.12
[50] Allan Leinwand, Karen Fang. Network Management: A practical Perspective, 2nd Edition. Addison Wesley Professional. 1995.10
[51] 冯运波,夏光升,杨义先.IPv6的安全特性,电信科学,2002.3,p31-34
[52] 汪芸,顾冠群.CORBA技术及其应用,南京:东南大学出版社,1999.6
[2] D.Harrington, R.Presuhn and B.Wijnen. An Architecture for Describing SNMP Management Frameworks. RFC2571, 1999.4
[3] William Stallings著,胡成松、汪凯泽.SNMP网络管理.北京:中国电力出版社,2001.9
[4] William Stallings. SNMP and SNMPv2: The Infrastructure for Network Management, IEEE Commun. Mag., 1998.3
[5] D.Harrington, R.Presuhn and B.Wijnen. An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks. RFC 3411, 2002.12
[6] William Stallings. Security Comes to SNMP: The New SNMPv3 Proposed Interact Standards, The Internet Protocol Journal, vol 1(3), 1998.12
[7] William Stallings著,胡成松、汪凯译.SNMP网络管理.北京:中国电力出版社,2001.9
[8] Mani Subramanian著.网络管理——原理与实践(影印版).北京:高等教育出版社,2001.6
[9] K.McCloghrie, M.Rose. Management Information Base for Network Management of TCP/IP-based internets: MIB-Ⅱ.RFC1213, 1991.3
[10] M.Rose, K.McCloghrie. Structure and Identification of Management Information for TCP/IP-based Internets, RFC1155, 1990.3
[11] David Zeltserman著.SNMPV3与网络管理.北京:人民邮电出版社,2000.5
[12] U.Blumenthal, B.Wijnen. User-Based Security Model (USM) for Version 3 of the Simple Network Management Protocol (SNMPv3). RFC 3414, 2002.12
[13] B.Wijnen, R.Presulm and K.McCloghrie. View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP), RFC3415, 2002.12
[14] 兰巨龙.高性能IPv6路由器基础平台及实验系统需求分析说明书,V1.0,国家数字交换系统工程技术研究中心,2002.8
[15] 汪斌强.可扩展到T比特的高性能IPv4/IPv6路由器基础平台及实验系统总体实施方案—系统总体设计,国家数字交换系统工程技术研究中心,2003.10
[16] R.Hinden and S.Deering. IP Version 6 Addressing Architecture. RFC 2373, 1998
[17] Christian Huitema著.新因特网协议IPV6(影印版第2版).北京:清华大学出版社,2000.12
[18] M.Daniele. IP Version 6 Management Information Base for the Transmission Control Protocol. RFC2452, 1998.12
[19] 岑贤道,安常青.网络管理协议及应用开发.北京:清华大学出版社,1998.7
[20] UCD-SNMP/NET-SNMP Tutorials. http://net-snmp.sourceforge.net/tutorial, 2004.9
[21] J.Case, D.Harrington, R.Presuhn and B.Wijnen. Message Processing and Dispatching for the Simple Network Management Protocol (SNMP).RFC2572, 1999.4
[22] J.Case, R.Mundy, D.Partain and B.Stewart. Introduction and Applicability Statements for Internet-Standard Management Framework. RFC 3410, 2002.12
[23] M.Rose. SNMP MUX protocol and MIB, RFC1227, 1999.3
[24] 张晓晖,李标庆.基于SNMPv3网络管理中的策略应用.通讯世界,2002.10
[25] Mark A Miller,P.E.著,晏明峰泽.用SNMP管理互联网络(第3版).北京:中国水利水电出版社,2001.3
[26] Andrew S.Tanenbaum著.计算机网络(第4版).北京:清华大学出版社,2004.8
[27] Sean Hamedy著,胡谷雨、张巍等译.简单网络管理协议教程(第2版).北京:电子工业出版社,2000.8
[28] 胡谷雨.现代通信网和计算机网管理.北京:电子工业出版社,1996.4
[29] D.Haskin, S.Onishi. Management Information Base for IP Version 6: Textual Conventions and General Group. RFC2465, 1998.12
[30] D.Haskin, S.Onishi. Management Information Base for IP Version 6: ICMPv6 Group. RFC2466, 1998.12
[31] M.Daniele. IP Version 6 Management Information Base for the User Datagram Protocol. RFC2454, 1998.12
[32] J.Case, K.McCloghrie, M.Rose and S.Waldbusser. Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2). RFC1906. 1996.1
[33] R.Gilligan, E.Nordmark. Transition Mechanisms for IPv6 Hosts and Routers. RFC2893, 2000.8
[34] R.J.Moorhead, K.Amirthalingam. SNMP-An Overview of its Merits and Demerits, 180-3. Proceedings of the Twenty-Seventh Southeastern Symposium on System Theory. Starkvill, MS, 1995.3, Los Alamitos, CA: IEEE Computer Society Press, 1995
[35] SNMP Research Intemational. http://www.snmp.com, 2004.8
[36] William Stallings. SNMPv3: A Security Enhancement For SNMP, IEEE Communications Surveys Fourth Quarter, vol 1(1), 1998
[37] Worrki H.J. Web-based internet service and network management.IEEE Communication Mag., vol 10, 1997
[38] U.Blumenthal, N.Hien, and B.Wijnen. Key Derivation for Network Management Applications. IEEE Network, 1997.5
[39] Ray Hunt. SNMP and CMIP-the technologies for multivendor network management. Computer Communication, vol 20, 1997
[40] Rabie S. Integrated network management: technologies and implementation experience. In: Proceedinds of the INFOCOM'92, 1992. p1020-1027
[41] Fei Xiang, Wu jieyi and Luo Jun et al. Intelligent integrated network management based on distributed cooperative multiagent model. In: Siririuchatapong Pansak eds. Proceedinds of the CSCWID'97. Beijing: International Academic Pubilishers, 1997, p492-495
[42] J.Filipiak. Design of network management architectures for heterogeneous networks using object oriented approach. In: Proceedinds of the Integrated Network Management. Ⅲ. 1993. p5970
[43] Wele J D. Meeting network management challenges: customization, integration and scalability. In: Proceedinds of the IEEE International Conference on Communication. 1993. p1993-1204
[44] Maston M.C. Using the world wide web and Java for network service management, Integrated Network Management V, May 1997
[45] S.Yucel, T.Kusano, T.Saydam. The Generic Service Management Architecture, Proceedings Vol. 1 ATIRP Conference January 1997
[46] 胡谷雨.网络管理技术教程.北京:希望电子出版社,2002.9
[47] 吴礼发.基于SNMP的网络管理系统分布式策略的研究.电信技术,vol 3(11),2001,p64-71
[48] 王平,赵宏,李莉.一种面向分布式网络管理的自适应可扩展模型.通信学报,vol 23(12),2002.12,p118-128
[49] Uyless Black. Network Management Standards: SNMP, CMIP, TMN, MIBs, and Object Libraries. New York McGraw Hill. 1994.12
[50] Allan Leinwand, Karen Fang. Network Management: A practical Perspective, 2nd Edition. Addison Wesley Professional. 1995.10
[51] 冯运波,夏光升,杨义先.IPv6的安全特性,电信科学,2002.3,p31-34
[52] 汪芸,顾冠群.CORBA技术及其应用,南京:东南大学出版社,1999.6