CN100407721C - Method for network server to support multiple examples based on two layre tunnel protocol - Google Patents
Method for network server to support multiple examples based on two layre tunnel protocol Download PDFInfo
- Publication number
- CN100407721C CN100407721C CN021474230A CN02147423A CN100407721C CN 100407721 C CN100407721 C CN 100407721C CN 021474230 A CN021474230 A CN 021474230A CN 02147423 A CN02147423 A CN 02147423A CN 100407721 C CN100407721 C CN 100407721C
- Authority
- CN
- China
- Prior art keywords
- name
- opposite end
- lac
- virtual private
- access concentrator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention discloses a method for supporting multiple examples in a network server based on the layer two tunnel protocol. In the method, different L2TP access concentrators (LAC) of opposite terminals are configured with the LAC names of opposite terminals and a virtual private dial-up network group (VPDN group) of an enterprise domain name in an L2TP based network server (LNS); as a result, the LAC which is connected to an enterprise user sends the information of the enterprise domain name, which is offered by the user, and the information of the LAC name of the LAC to the LNS when the enterprise user carries out network access; the LNS configures a tunnel between the LNS and the LAC through using the information of the LAC names of opposite terminals, the information of the enterprise domain name is used for determining the VPDN group which is matched with the domain name, and a session process is established through using the configuration of the tunnel and the VPDN group. The proposal solves the practical problem existing in the support of multiple examples by the LNS, and the method of the present invention can offer abundant VPN solutions to users.
Description
Technical field
The present invention relates to the webserver and support the method for many examples.
Background technology
Virtual Private Dial-up Network VPDN (Virtual Private Dial Network,) be meant and utilize the dial feature and the Access Network of public network (as Integrated Service Digital Network or public switched telephone network (PSTN)) to realize Virtual Private Network, thereby provide access service for enterprise, small-sized ISP (ISP), mobile office personnel.
VPDN adopts special-purpose network encryption communication protocol, sets up the VPN of safety on public network for enterprise.Institution functioning abroad of enterprise and employee on business trip can connect by the network between virtual encryption tunnel realization and the enterprise headquarters from long-range via public network, and other user then can't pass the resource of virtual channel access enterprise networks inside on the public network.(VPDN is one of present VPN of three types AccessVPN) to Virtual Private Dial-up Network, and Layer 2 Tunneling Protocol (L2TP) is a kind of implementation of VPDN.At present along with the continuous development of network technology, three-layer VPN can be supported the situation of many examples, but three-layer VPN and two-layer VPN are used in combination in concrete networking plan, so two-layer VPN also requires to support many examples.Here so-called many examples are exactly that a webserver (as the router of Huawei Company) can be managed a plurality of VPN Site (point), are exactly that a webserver can be done the webserver for a plurality of enterprises specific to two-layer VPN.
The VPDN typical case networking of using the L2TP protocol construction is with reference to figure 1.Among Fig. 1, LAC is L2TP Access Concentrator (L2TP Access Concentrator), be the equipment that is attached on the switching network with PPP(Point-to-Point Protocol) end system and L2TP protocol processes ability, it is the side point of L2TP Tunnel, LAC generally is a network access server (NAS), is mainly used in by the PSTN/ISDN network and provides access service for the user.LNS is the webserver (L2TP Network Server) based on L2TP, is to be used to handle L2TP protocol server end on the PPP end system.LAC is positioned between LNS and the far end system (remote user and far branch), be used between LNS and far end system, transmitting packets of information, the packets of information of receiving from far end system is encapsulated and be sent to LNS according to the L2TP agreement, maybe will carry out decapsulation and be sent to far end system from the packets of information that LNS receives.Can adopt local the connection or ppp link (being generally ppp link in the VPDN application) between LAC and the far end system.LNS is the opposite equip. of LAC as the opposite side end points of L2TP Tunnel, and the logic of being carried out the PPP session of tunnel transmission by LAC stops end points.
Different VPDN groups (group) based on the LNS of above-mentioned network only are configured according to the LAC name of opposite end, receive the beginning control connection request (SCCRQ that LAC transmits by the tunnel at LNS like this, Start-Control-Connection-Request) message, obtain opposite end LAC name by resolving SCCRQ message, search the VPDNgroup that is complementary with it in this locality by the LAC name of opposite end again, if do not find, tunnel and session be can not set up, otherwise tunnel and session set up according to configuration and the opposite end of corresponding VPDNgroup.In said process, if two identical opposite end names (LAC name) that different enterprise adopts are held us can't distinguish certain user at LNS so and are that enterprises of belonging to, so just can't realize that a LNS does the functional requirement of LNS to a plurality of enterprises.Because existing LNS does not support many examples, must influence the comprehensive solution of VPN, promptly influences the comprehensive use of three-layer VPN and two-layer VPN.
Summary of the invention
The object of the present invention is to provide a kind of webserver to support the method for many examples, use this method to provide abundant more vpn solution, make a LNS can be used as a plurality of enterprise network servers as the user based on Layer 2 Tunneling Protocol.
For achieving the above object, the webserver based on Layer 2 Tunneling Protocol provided by the invention is supported the method for many examples, comprising:
Step 1: the Virtual Private Dial-up Network group (VPDN group) that in based on the webserver (LNS) of Layer 2 Tunneling Protocol (L2TP), comprises opposite end LAC name and enterprise domain name for different opposite end L2TP Access Concentrator (LAC) configurations;
Step 2: carry out network the enterprise customer and connect man-hour, the LAC that is connected with this user sends to LNS with the LAC name information of oneself, and LNS utilizes the tunnel between above-mentioned opposite end LAC name information configuration and this LAC;
Step 3:LAC utilizes session connection message ICCN to send the username information that comprises enterprise domain name to LNS, utilize above-mentioned enterprise domain name to determine the VPDNgroup that is complementary with this domain name in this locality, utilize the configuration of above-mentioned tunnel and VPDN group to set up conversation procedure again.
In step 2, LAC utilizes beginning control connection request (SCCRQ) to send LAC name information.
The described LNS of step 2 utilizes the tunneling process between opposite end LAC name information configuration and this LAC to realize according to following step:
Step 21:LNS resolves the SCCRQ message of receiving, obtains the LAC name of opposite end;
Step 22: search the VPDN group that is complementary with it according to opposite end LAC name in this locality;
Step 23: configuration and opposite end LAC according to above-mentioned VPDN group set up the tunnel;
Described step 3 also comprises: if the VPDN group that is complementary with domain name not, original VPDN group is definite VPDN group.
The described configuration of step 1 VPDN group is that configuration opposite end LAC name is identical, but the VPDN group that the domain name in the user name is different, perhaps dispose opposite end LAC name difference, but the VPDN group that the domain name in the user name is identical, perhaps dispose opposite end LAC name difference, the VPDN group that the domain name in the user name is also different.
The tunnel authentication order of a plurality of VPDN group of disposing identical opposite end name is identical.
Because the present invention is by comprising the VPDN group of opposite end LAC name and enterprise domain name for different opposite end LAC configurations in LNS, carry out network the enterprise customer like this and connect man-hour, LNS just can utilize the tunnel between above-mentioned opposite end LAC name information configuration and this LAC, utilize above-mentioned enterprise domain name information to determine the VPDN group that is complementary with this domain name, thereby utilize the configuration of above-mentioned tunnel and VPDNgroup to set up conversation procedure, be user's service of different enterprises; Because such scheme has solved this practical problem that LNS supports many examples, make the method for the invention to provide abundant more vpn solution for the user.
Description of drawings
Fig. 1 is the VPDN typical case networking diagram of existing use L2TP protocol construction;
Fig. 2 is the method for the invention embodiment flow chart.
Fig. 3 is the VPDN typical case networking diagram that adopts the use L2TP protocol construction of the method for the invention.
Embodiment
The present invention is described in further detail below in conjunction with accompanying drawing
Fig. 2 is the method for the invention embodiment flow chart.Implement the present invention according to Fig. 2, at first will in based on the webserver (LNS) of Layer 2 Tunneling Protocol (L2TP), comprise the Virtual Private Dial-up Network group (VPDN group) of opposite end LAC name and enterprise domain name for different opposite end L2TP Access Concentrator (LAC) configurations.In the present embodiment, L2TP is the agreement that realizes the VPDN function, for realizing above-mentionedly just some configuration orders must being arranged, set up corresponding L2TP Tunnel and session by these configuration orders, because configuration is different, the L2TP Tunnel of setting up is also just different with session, for these different configurations of fine differentiation, present embodiment adopts the method for configuration VPDN group in LNS, different configurations is placed under the different VPDN group, so just can finds corresponding information to set up L2 TP tunnel and session sooner.
Above-mentioned concrete configuration can utilize the order of the configuration opposite end name of LNS to finish, if concrete configuration order is not supported the configuration of user's domain name, can make it have the ability of configure user domain name by expanding this order.For example original configuration order of two layers of router of the many examples of support of Huawei Company is accept dialin 12tp virtual-template<virtual-template-number〉remote<remote-peer-name 〉, but in configuration LNS when end, do not have in the configurations match user name with the such order of domain name (being generally the name of enterprise).In order to support many examples, just on the basis of mentioned order, increase a domain name keyword domain, newer command becomes accept dialin 12tpvirtual-template<virtual-template-number〉remote<remote-peer-name〉domain<domain-name 〉, newly-increased domain name domain-name is used for disposing the name of enterprise, and require VPDN user when online user name adopt user name " username@ enterprise name " or " enterprise's name " of similar following form, (wherein can with/, %, # replaces) import.
Configuration in this example also comprises following requirement:
1, allow configuration opposite end name identical, but the domain name difference, opposite end name difference, the VPDN group that domain name is identical, but do not allow to dispose the identical VPDN group of both; Be that described configuration VPDNgroup is that configuration opposite end LAC name is identical, but the different VPDN group of the domain name in the user name perhaps dispose opposite end LAC name difference, but the identical VPDN group of the domain name in the user name, perhaps dispose opposite end LAC name difference, the VPDN group that the domain name in the user name is also different.Reason according to the above-mentioned requirements configuration is: if the opposite end LAC name of two VPDN group configuration set is all identical with domain name, just can't determine when setting up tunnel and session so then that this uses that VPDN group.
2, in order to set up normal L2TP Tunnel, the order unanimity among a plurality of VPDNgroup of the identical opposite end of requirement configuration name about tunnel authentication.Pei Zhi reason is like this, when setting up the tunnel, need carry out tunnel authentication, implementation of the present invention is to search first VPDN group identical with opposite end LAC name to set up the tunnel when setting up the tunnel, also can change VPDNgroup afterwards according to domain name, after changing vpdn Group group, also can use the password of tunnel authentication, if session meeting failure is set up in inconsistent words and opposite end.
Based on above-mentioned configuration, when carrying out network, enterprise customer's (comprising the geographical user who disperses that goes up) connects man-hour, and enterprise domain name information that the LAC that is connected with this user at first provides the user in step 1 and the LAC name information of oneself send to LNS.Described transmission enterprise domain name information and LAC name information are that LAC utilizes beginning control connection request (SCCRQ) message to finish, this message is a control messages among the L2TP, or perhaps message, be that LAC is used for initiating the request use that L2TP Tunnel is set up to LNS, in this message, the LAC end can write on the life word of own local terminal the inside.After above-mentioned SCCRQ message was sent to LNS, LNS resolved in the step 2 pair SCCRQ message of receiving, obtains the LAC name of opposite end, searches the VPDN group that is complementary with it in this locality according to opposite end LAC name again.Search finish after, judge whether to find in step 3, therefore if do not find, explanation can not be set up tunnel and session, finishes this operation; If find, then set up the tunnel according to configuration and the opposite end LAC of the VPDN group that finds in step 4, after the tunnel is set up, opposite end LAC utilize to set up good tunnel to LNS send comprise user name set up session connection (1CCN) message, ICCN (Incoming-Call-Connected) message also is the control messages of a L2TP, or perhaps a message, the LAC end can write this message with the user name that user side passes to LAC and pass to LNS in this message.Like this, LNS promptly resolves in the step 5 pair ICCN message of receiving, obtain the user name full name, from user name, decomposite the enterprise domain name that comprises in this user name again, utilize above-mentioned domain name to search the VPDN group that is complementary with it in this locality in step 6 then, judge whether to find in step 7, if do not find, may be that the above-mentioned domain name that decomposites is for empty, the VPDN group that also may not have the domain name correspondence, in this case, carry out step 8 and determine that original VPDNgroup is for setting up the VPDN group that session is adopted at last, otherwise determine that in step 9 new VPDNgroup sets up the VPDN group that session is adopted, last, set up according to the above-mentioned tunnel of setting up the configuration of the VPDN group that session adopts and having set up and user's session in step 10.
Fig. 3 is the VPDN typical case networking diagram that adopts the use L2TP protocol construction of the method for the invention.LNS among Fig. 3 is the LNS of a plurality of enterprise networks.In Fig. 3, when coupling VPDN group, at first when receiving SCCRQ message, mate once, but also will separate out domain name from user name after receiving ICCN message mates once with the domain name that increases this locality configuration the order newly again, different like this enterprises adopts different domain names, dispose different VPDN group, after each user comes up, can find the corresponding VPDN group of correct enterprise with it, and then set up session, so just realized that a router is to the function of a plurality of enterprises as LNS.
Claims (6)
1. the webserver based on Layer 2 Tunneling Protocol is supported the method for many examples, comprising:
Step 1: the Virtual Private Dial-up Network group that in based on the webserver of Layer 2 Tunneling Protocol L2TP, comprises opposite end L2TP Access Concentrator name and enterprise domain name for different opposite end L2TP Access Concentrator configurations;
Step 2: carry out network the enterprise customer and connect man-hour, the L2TP Access Concentrator that is connected with this user sends to the webserver with the L2TP Access Concentrator name information of oneself, and the webserver utilizes the tunnel between above-mentioned opposite end L2TP Access Concentrator name information configuration and this L2TP Access Concentrator;
Step 3:L2TP LAC utilizes session connection message ICCN to send the username information that comprises enterprise domain name to the webserver, the webserver utilizes above-mentioned enterprise domain name to determine the Virtual Private Dial-up Network group that is complementary with this domain name in this locality, utilizes the configuration of above-mentioned tunnel and Virtual Private Dial-up Network group to set up conversation procedure again.
2. the webserver based on Layer 2 Tunneling Protocol according to claim 1 is supported the method for many examples, it is characterized in that: in step 2, the L2TP Access Concentrator utilization begins control connection request SCCRQ and sends L2TP Access Concentrator name information.
3. the webserver based on Layer 2 Tunneling Protocol according to claim 2 is supported the method for many examples, it is characterized in that the described webserver of step 2 utilizes the tunneling process between opposite end L2TP Access Concentrator name information configuration and this L2TP Access Concentrator to realize according to following step:
Step 21: the webserver is resolved the beginning control connection request message of receiving, obtains the L2TP Access Concentrator name of opposite end;
Step 22: search the Virtual Private Dial-up Network group that is complementary with it according to opposite end L2TP Access Concentrator name in this locality;
Step 23: configuration and opposite end L2TP Access Concentrator according to above-mentioned Virtual Private Dial-up Network group are set up the tunnel.
4. the webserver based on Layer 2 Tunneling Protocol according to claim 3 is supported the method for many examples, it is characterized in that, described step 3 also comprises: if the Virtual Private Dial-up Network group that is complementary with domain name not, original Virtual Private Dial-up Network group is definite Virtual Private Dial-up Network group.
5. support the method for many examples according to claim 1,2, the 3 or 4 described webservers based on Layer 2 Tunneling Protocol, it is characterized in that: the described configuration virtual private dialing network of step 1 group is that configuration opposite end L2TP Access Concentrator name is identical, but the Virtual Private Dial-up Network group that the domain name in the user name is different, perhaps dispose opposite end L2TP Access Concentrator name difference, but the Virtual Private Dial-up Network group that the domain name in the user name is identical, perhaps dispose opposite end L2TP Access Concentrator name difference, the Virtual Private Dial-up Network group that the domain name in the user name is also different.
6. the webserver based on Layer 2 Tunneling Protocol according to claim 5 is supported the method for many examples, it is characterized in that: the tunnel authentication order of a plurality of Virtual Private Dial-up Network groups of disposing identical opposite end name is identical.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN021474230A CN100407721C (en) | 2002-10-24 | 2002-10-24 | Method for network server to support multiple examples based on two layre tunnel protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN021474230A CN100407721C (en) | 2002-10-24 | 2002-10-24 | Method for network server to support multiple examples based on two layre tunnel protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1492650A CN1492650A (en) | 2004-04-28 |
| CN100407721C true CN100407721C (en) | 2008-07-30 |
Family
ID=34232968
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN021474230A Expired - Fee Related CN100407721C (en) | 2002-10-24 | 2002-10-24 | Method for network server to support multiple examples based on two layre tunnel protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100407721C (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4407452B2 (en) * | 2004-09-29 | 2010-02-03 | 株式会社日立製作所 | Server, VPN client, VPN system, and software |
| CN100438502C (en) * | 2005-07-05 | 2008-11-26 | 华为技术有限公司 | L2TP message processing method |
| CN100420220C (en) * | 2006-01-09 | 2008-09-17 | 华为技术有限公司 | Two layer tunnel protocol network server and method for establishing tunnel thereof |
| CN101110847B (en) * | 2007-08-27 | 2011-06-08 | 华为技术有限公司 | Method, device and system for obtaining medium access control address |
| CN101426004A (en) * | 2007-10-29 | 2009-05-06 | 华为技术有限公司 | Three layer conversation access method, system and equipment |
| CN101304387B (en) * | 2008-06-18 | 2010-09-01 | 中兴通讯股份有限公司 | Method for implementing tunnel conversion of bi-layer tunnel protocol |
| CN103747116A (en) * | 2014-01-24 | 2014-04-23 | 杭州华三通信技术有限公司 | Business access method and device based on Layer 2 Tunneling Protocol (L2TP) |
| CN109327376A (en) * | 2018-11-15 | 2019-02-12 | 北京首信科技股份有限公司 | The method and apparatus for establishing VPDN session |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1043869A2 (en) * | 1999-02-26 | 2000-10-11 | Lucent Technologies Inc. | Providing quality of service in layer two tunneling protocol networks |
| WO2002073932A1 (en) * | 2001-03-09 | 2002-09-19 | Siemens Aktiengesellschaft | Method and device for l2tp reconnection handling |
| WO2002078253A2 (en) * | 2001-03-27 | 2002-10-03 | Marconi Uk Intellectual Property Ltd | Tunneling through access networks |
| US6463475B1 (en) * | 1997-09-26 | 2002-10-08 | 3Com Corporation | Method and device for tunnel switching |
-
2002
- 2002-10-24 CN CN021474230A patent/CN100407721C/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6463475B1 (en) * | 1997-09-26 | 2002-10-08 | 3Com Corporation | Method and device for tunnel switching |
| EP1043869A2 (en) * | 1999-02-26 | 2000-10-11 | Lucent Technologies Inc. | Providing quality of service in layer two tunneling protocol networks |
| WO2002073932A1 (en) * | 2001-03-09 | 2002-09-19 | Siemens Aktiengesellschaft | Method and device for l2tp reconnection handling |
| WO2002078253A2 (en) * | 2001-03-27 | 2002-10-03 | Marconi Uk Intellectual Property Ltd | Tunneling through access networks |
Non-Patent Citations (4)
| Title |
|---|
| L2TP虚拟专用网. 谭兴烈,周明天.电子科技大学学报,第31卷第4期. 2002 |
| L2TP虚拟专用网. 谭兴烈,周明天.电子科技大学学报,第31卷第4期. 2002 * |
| 远程接入虚拟专用网的两种增强型设计方案. 梁健.计算机工程,第28卷第9期. 2002 |
| 远程接入虚拟专用网的两种增强型设计方案. 梁健.计算机工程,第28卷第9期. 2002 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1492650A (en) | 2004-04-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100366009C (en) | Wireless local area network with clients having extended freedom of movement | |
| CN101582904B (en) | Implementation method of symmetry of multi-line access flow rate of data center, device and system | |
| CN105025044A (en) | Device control method and device control system | |
| CN102868722A (en) | Caller-callee association of a plurality of networked devices | |
| CN1437811A (en) | A platform information switch | |
| CN105991796A (en) | Configuration services for user terminals | |
| CA2734041A1 (en) | Communication control system, communication system and communication control method | |
| CN103684958B (en) | Method and system for providing flexible VPN (virtual private network) service and VPN service center | |
| CN100407721C (en) | Method for network server to support multiple examples based on two layre tunnel protocol | |
| CN103227773A (en) | Method and system for establishing virtual private dial-up network connection | |
| CN1319336C (en) | Method for building special analog network | |
| CN1947455B (en) | Supporting a network behind a wireless station | |
| CN101904156A (en) | Exchanging control codes between SIP/IMS and UPnP network element | |
| EP0939522A1 (en) | Method of communicating with subscriber devices through a global communication network | |
| WO2000051331A1 (en) | Automatic conversion of telephone number to internet protocol address | |
| CN102904879A (en) | Dialing mobile terminal and dialing method thereof | |
| WO1998054913A1 (en) | A method and arrangement in communication networks for managing user related features through a user interface | |
| KR100604566B1 (en) | VPN service provisioning method using session agent | |
| KR100598336B1 (en) | Internet VPN service provisioning method using service gateway | |
| CN100450030C (en) | Mapping method for implementing connection from calling service grade to carrying calling | |
| CN101009611A (en) | A method for terminal access to different service networks | |
| ITPI20010039A1 (en) | APPARATUS AND METHOD FOR SELECTION AUTOMATICALLY AT THE PHONE CONNECTION OF A TELEPHONE DEVICE FIXED WITH THE | |
| CN101902483B (en) | Network service realization method for portable satellite station | |
| CN100488192C (en) | Method for implementing dedicated network access by using PPPOE protocol | |
| CN110636489A (en) | Wireless ad hoc network multimedia broadband transmission system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080730 Termination date: 20181024 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |