二层隧道协议研究及L2TPv3守护进程的实现
摘要
二层隧道协议是一种对二层协议进行封装后前传的协议。由于它主要的封装对象是PPP协议,因此,也有人把它看成是PPP协议的扩展。另外,由于它提供了一定的安全机制,可以在一定程度上保证封装在其中的数据的安全性,因此也被视为组建第2层虚拟专线网络(VPN)的基本手段。
但是,早期的二层隧道协议(第一版的L2F和PPTP,以及第2版的L2TP)的通用性不强,分别在封装对象上有局限性(例如只针对PPP);应用工作模式为非对称的,未能将该技术的应用范围拓宽。
本论文反映的工作包括两个方面:对二层隧道协议技术的研究和对第三版二层隧道协议(L2TPv3)的实现。
针对前两版二层隧道协议中存在的不足,本课题小组在对相关协议的分析研究中,提出了将二层隧道协议的基本思想从非对称应用模式拓宽对称应用模式;将隧道传输的对象从单一的PPP协议拓宽到多种第2层协议和其他层的协议。
本项目反映的二层隧道协议实现,是以项目组对该技术进行拓宽的思想为基础进行的,最后参考了2003年IETF的草案文本L2TPv3。该版本包容了非对称应用模式和两种对称模式的应用,但隧道传输对象仍局限于第二层协议。
本协议实现是在Linux操作系统为平台进行的,并将所开发的基本程序嵌入其系统内核。本协议实现覆盖了L2TPv3中的所有报文,建立了较完整的“属性值对库”(AVP);在协议实现过程中对原文本中用文字描述的协议状态变迁过程,采用了半形式化的状态变迁表的形式进行了描述。在开发工作基本完成之后,对试验系统进行了相关的测试,测试结果初步表明该系统达到了预期的目的。
L2TP (Layer 2 tunneling Protocol) is a protocol that can be used for encapsulating the second layer frame. Someone regard it as a extension for PPP (Point to Point Protocol). There are two causes to explain this. The one is that L2TP encapsulating PPP frames can cross the Packet-Switched Network, so can reduce the fee for remote communication. On the other hand, L2TP provide a security mechanism that can ensure a higher degree of the encapsulated data's safety than without it. These characteristics give L2TP an advantage on building VPN. There are some disadvantages :one is that L2TP has a little of universality because it only encapsulate PPP frames; The other is that the working of L2TP is dissymmetrical because LAC is one end of L2TP and LNS is other end of L2TP. So the development of L2TP is limited by these disadvantages.
Our team study L2TP much hard and looked for the newest resources on the international. We embarked on the work for ameliorating L2TP (i.e. L2TP version 3). In this paper editor has analyzed and compared the differences between the version 2 and version 3. And designed the whole system structure, the format of L2TP message, the sort of L2TP message, states transition table, the AVP library and so on. At last, our team completed some functions of our designed L2TP version 3 on linux software operation platform and tested codes.
Finally editor put forward own reflection on L2TP and prospected the trend of VPN.
但是,早期的二层隧道协议(第一版的L2F和PPTP,以及第2版的L2TP)的通用性不强,分别在封装对象上有局限性(例如只针对PPP);应用工作模式为非对称的,未能将该技术的应用范围拓宽。
本论文反映的工作包括两个方面:对二层隧道协议技术的研究和对第三版二层隧道协议(L2TPv3)的实现。
针对前两版二层隧道协议中存在的不足,本课题小组在对相关协议的分析研究中,提出了将二层隧道协议的基本思想从非对称应用模式拓宽对称应用模式;将隧道传输的对象从单一的PPP协议拓宽到多种第2层协议和其他层的协议。
本项目反映的二层隧道协议实现,是以项目组对该技术进行拓宽的思想为基础进行的,最后参考了2003年IETF的草案文本L2TPv3。该版本包容了非对称应用模式和两种对称模式的应用,但隧道传输对象仍局限于第二层协议。
本协议实现是在Linux操作系统为平台进行的,并将所开发的基本程序嵌入其系统内核。本协议实现覆盖了L2TPv3中的所有报文,建立了较完整的“属性值对库”(AVP);在协议实现过程中对原文本中用文字描述的协议状态变迁过程,采用了半形式化的状态变迁表的形式进行了描述。在开发工作基本完成之后,对试验系统进行了相关的测试,测试结果初步表明该系统达到了预期的目的。
L2TP (Layer 2 tunneling Protocol) is a protocol that can be used for encapsulating the second layer frame. Someone regard it as a extension for PPP (Point to Point Protocol). There are two causes to explain this. The one is that L2TP encapsulating PPP frames can cross the Packet-Switched Network, so can reduce the fee for remote communication. On the other hand, L2TP provide a security mechanism that can ensure a higher degree of the encapsulated data's safety than without it. These characteristics give L2TP an advantage on building VPN. There are some disadvantages :one is that L2TP has a little of universality because it only encapsulate PPP frames; The other is that the working of L2TP is dissymmetrical because LAC is one end of L2TP and LNS is other end of L2TP. So the development of L2TP is limited by these disadvantages.
Our team study L2TP much hard and looked for the newest resources on the international. We embarked on the work for ameliorating L2TP (i.e. L2TP version 3). In this paper editor has analyzed and compared the differences between the version 2 and version 3. And designed the whole system structure, the format of L2TP message, the sort of L2TP message, states transition table, the AVP library and so on. At last, our team completed some functions of our designed L2TP version 3 on linux software operation platform and tested codes.
Finally editor put forward own reflection on L2TP and prospected the trend of VPN.
引文
[1] RFC 1661, The Point-to-Point Protocol "PPP", July 1994
[2] RFC 2637, Point-to-Point Tunneling Protocol (PPTP), July 1999
[3] RFC 2341 Cisco Layer Two Forwarding (Protocol) "L2F", May 1998
[4] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing Encapsulation (GRE)", RFC 1701, October 1994.
[5] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing Encapsulation (GRE) over IPv4 Networks", RFC 1702, October
[6] RFC 2661 Layer Two Tunneling Protocol "L2TP",August 1999.
[7] 曾华燊,《现代网络通信技术基础》,西南交通大学出版社(预计2003年9月正式出版)。
[8] http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/frame.htm
[9] RFC 1994, PPP Challenge Handshake Authentication Protocol, "CHAP", August 1996
[10] RFC 1334, PPP Authentication Protocols, "PAP", October 1992
[11] Casey Wilson Peter Doak,虚拟专用网的创建和实现,机械工业出版社,2000年8月
[12] Internet-Draft, draft-ietf-12tpext-12tp-base-03.txt, Layer Two Tunneling Protocol (Version 3), August 2002
[13] Internet-Draft, draft-ietf-12tpext-12tp-base-06.txt, Layer Two Tunneling Protocol (Version 3), January 2003
[14] Internet-Draft, draft-ietf-12tpext-12tp-base-07.txt, Layer Two Tunneling Protocol (Version 3), February 2003
[15] RFC 1700, ASSIGNED NUMBERS, October 1994
[16] Richard Petersen. Linux: The Complete Reference. McGraw-Hill February 1999
[17] http://www.cisco.com/warp/public/cc/so/neso/vpn/unvpnst/2tpv3_ov.htm
[18] 郑人杰,殷人昆,陶永雷,实用软件工程(第二版),清华大学出版社,1997
[19] RFC 2401 Security Architecture for the Internet Protocol "IPSec" November 1998
[20] RFC 3308 Layer Two Tunneling Protocol (L2TP) Differentiated Services Extension November 2002
[21] Internet-Draft, draft-ietf-12tpext-tunnel-switching-03.txt, L2TP Tunnel Switching, August 2002
[22] Internet-Draft, draft-ietf-12tpext-sesinfo-04.txt, L2TP Session Information "sesinfo", February 2002
[23] Internet-Draft, draft-ietf-12tpext-12tpmib-base-00.txt, Layer Two Tunneling Protocol (Version 3) "L2TPv3" Management Information Base, June 2002
[24] 李杰、刘晓斌和任挺,L2TPv3的分析和实现,计算机应用
[25] Steven Brown, Implementing Virtual Private Networks,人民邮电出版社, 1999
[26] C. Rigney, A. Rubens, W. Simpson, S. Willens, Remote Authentication Dial In User Service (RADIUS) [RFC 2138]
[27] RFC 791, Postel, J.,"Internet Protocol", September 1981
[28] RFC 1034 Mockapetris, P., "Domain Names-Concepts and Facilities", November 1987
[29] RFC 1144 Jacobson, V., "Compressing TCP/IP Headers for Low-Speed Serial Links", February 1990
[30] RFC 1662 Simpson, W.,"PPP in HDLC-like Framing", July 1994
[31] RFC 1663 Rand, D., "PPP Reliable Transmission", July 1994
[32] RFC 1990 "The PPP Multilink Protocol(MP)",August 1996
[33] RFC 1918 "Address Allocation for Private Internets", February 1996
[34] RFC 2119"Key words for use in RFCs to Indicate Requirement
Levels",March 1997
[35] RFC 2809 "Implementation of L2TP Compulsory Tunneling via RADIUS", April 2000
[36] RFC 3193 "Securing L2TP using IPsec", November 2001
[37] RFC 3070 "Layer Two Tunneling Protocol (L2TP) over Frame Relay", February 2001
[38] Stevens, W. Richard, "TCP/IP Illustrated, Volume Ⅰ: The Protocols", Addison-Wesley Publishing Company, Inc., March 1996, ISBN 0-201-63346-9
[39] Internet Draft,draft-ietf-12tpext-12tp-atm-02.txt. "L2TP Over AAL5," L2TPAAL5, August 2001
[40] 马修、叶小虎、龙浩,Linux高级编程,北京:机械工业出版社,2002.1
[41] Douglas E. Comer. Internetworking With TCP/IP. 电子工业出版社.
[42] Meilir Page-Jones. UML 面向对象设计基础.人民邮电出版设.
[43] 任用铮. Linux C 程序员指南.国防工业出版设.
[44] W. Richard Stevens. Advanced Programming in the UNIX Environment. 机械工业出版社
[45] Frank Buschmann等(著),贲可荣(译) 面向模式的软件体系结构 卷1:模式系统 机械工业出版社,2003
[46] Jon C.Snader 高级TCP/IP编程 中国电力出版社
[47] Satchell,S.T., Clifford, H. B. J. Linux IP协议栈源代码分析机械工业出版社
[48] 王延年.隧道及其应用技术研究.郑州大学学报 Vol.33 No.1.2001.3
[49] 葛湘英,吕丽民.虚拟专用网安全隧道技术方案.浙江工业大学学报 Vol.30 No.2,2002
[50] 罗婷 张颖江 陈雯.虚拟专用网的二层隧道协议研究及实现.湖北工学院学报 Vol.16 No.4,2001
[2] RFC 2637, Point-to-Point Tunneling Protocol (PPTP), July 1999
[3] RFC 2341 Cisco Layer Two Forwarding (Protocol) "L2F", May 1998
[4] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing Encapsulation (GRE)", RFC 1701, October 1994.
[5] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing Encapsulation (GRE) over IPv4 Networks", RFC 1702, October
[6] RFC 2661 Layer Two Tunneling Protocol "L2TP",August 1999.
[7] 曾华燊,《现代网络通信技术基础》,西南交通大学出版社(预计2003年9月正式出版)。
[8] http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/frame.htm
[9] RFC 1994, PPP Challenge Handshake Authentication Protocol, "CHAP", August 1996
[10] RFC 1334, PPP Authentication Protocols, "PAP", October 1992
[11] Casey Wilson Peter Doak,虚拟专用网的创建和实现,机械工业出版社,2000年8月
[12] Internet-Draft, draft-ietf-12tpext-12tp-base-03.txt, Layer Two Tunneling Protocol (Version 3), August 2002
[13] Internet-Draft, draft-ietf-12tpext-12tp-base-06.txt, Layer Two Tunneling Protocol (Version 3), January 2003
[14] Internet-Draft, draft-ietf-12tpext-12tp-base-07.txt, Layer Two Tunneling Protocol (Version 3), February 2003
[15] RFC 1700, ASSIGNED NUMBERS, October 1994
[16] Richard Petersen. Linux: The Complete Reference. McGraw-Hill February 1999
[17] http://www.cisco.com/warp/public/cc/so/neso/vpn/unvpnst/2tpv3_ov.htm
[18] 郑人杰,殷人昆,陶永雷,实用软件工程(第二版),清华大学出版社,1997
[19] RFC 2401 Security Architecture for the Internet Protocol "IPSec" November 1998
[20] RFC 3308 Layer Two Tunneling Protocol (L2TP) Differentiated Services Extension November 2002
[21] Internet-Draft, draft-ietf-12tpext-tunnel-switching-03.txt, L2TP Tunnel Switching, August 2002
[22] Internet-Draft, draft-ietf-12tpext-sesinfo-04.txt, L2TP Session Information "sesinfo", February 2002
[23] Internet-Draft, draft-ietf-12tpext-12tpmib-base-00.txt, Layer Two Tunneling Protocol (Version 3) "L2TPv3" Management Information Base, June 2002
[24] 李杰、刘晓斌和任挺,L2TPv3的分析和实现,计算机应用
[25] Steven Brown, Implementing Virtual Private Networks,人民邮电出版社, 1999
[26] C. Rigney, A. Rubens, W. Simpson, S. Willens, Remote Authentication Dial In User Service (RADIUS) [RFC 2138]
[27] RFC 791, Postel, J.,"Internet Protocol", September 1981
[28] RFC 1034 Mockapetris, P., "Domain Names-Concepts and Facilities", November 1987
[29] RFC 1144 Jacobson, V., "Compressing TCP/IP Headers for Low-Speed Serial Links", February 1990
[30] RFC 1662 Simpson, W.,"PPP in HDLC-like Framing", July 1994
[31] RFC 1663 Rand, D., "PPP Reliable Transmission", July 1994
[32] RFC 1990 "The PPP Multilink Protocol(MP)",August 1996
[33] RFC 1918 "Address Allocation for Private Internets", February 1996
[34] RFC 2119"Key words for use in RFCs to Indicate Requirement
Levels",March 1997
[35] RFC 2809 "Implementation of L2TP Compulsory Tunneling via RADIUS", April 2000
[36] RFC 3193 "Securing L2TP using IPsec", November 2001
[37] RFC 3070 "Layer Two Tunneling Protocol (L2TP) over Frame Relay", February 2001
[38] Stevens, W. Richard, "TCP/IP Illustrated, Volume Ⅰ: The Protocols", Addison-Wesley Publishing Company, Inc., March 1996, ISBN 0-201-63346-9
[39] Internet Draft,draft-ietf-12tpext-12tp-atm-02.txt. "L2TP Over AAL5," L2TPAAL5, August 2001
[40] 马修、叶小虎、龙浩,Linux高级编程,北京:机械工业出版社,2002.1
[41] Douglas E. Comer. Internetworking With TCP/IP. 电子工业出版社.
[42] Meilir Page-Jones. UML 面向对象设计基础.人民邮电出版设.
[43] 任用铮. Linux C 程序员指南.国防工业出版设.
[44] W. Richard Stevens. Advanced Programming in the UNIX Environment. 机械工业出版社
[45] Frank Buschmann等(著),贲可荣(译) 面向模式的软件体系结构 卷1:模式系统 机械工业出版社,2003
[46] Jon C.Snader 高级TCP/IP编程 中国电力出版社
[47] Satchell,S.T., Clifford, H. B. J. Linux IP协议栈源代码分析机械工业出版社
[48] 王延年.隧道及其应用技术研究.郑州大学学报 Vol.33 No.1.2001.3
[49] 葛湘英,吕丽民.虚拟专用网安全隧道技术方案.浙江工业大学学报 Vol.30 No.2,2002
[50] 罗婷 张颖江 陈雯.虚拟专用网的二层隧道协议研究及实现.湖北工学院学报 Vol.16 No.4,2001
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |