The Design And Implementation Of Tunnel In ADVPN

VPN is a virtual private network technology over public network. At present, more and more enterprises have achieved interconnection of multiple branches through VPN network. The existing VPN technology is mainly implemented by tunneling and relies on a great amount of manual configuration and maintenance. Because most enterprise branches use a dynamic IP address to access the public network and can not know public addresses of the peer in advance, the network administrator must update the tunnel reconfiguration after obtaining a dynamic IP address to establish a communication tunnel. If the configuration of any node changes, other nodes must make a corresponding change in a VPN network. Hence it is even more difficult to establish a fully connected VPN network between multiple dynamic nodes due to the extensive modification. VPN also has other deficiencies in NAT traversal, message encryption and dynamic routing support.To solve these problems, the paper proposes an auto discovery virtual private network, ADVPN. ADVPN can automaticly create and maintain tunnels among devices obtained dynamic IP addresses in VPN, thus these devices can communicate each other easily. In ADVPN, we develope VAM protocol to acquire and manage dynamic IP address of the peer when creating a tunnel and tunneling protocol to establish, maintain, delete dynamic tunnels. Meanwhile we combine ADVPN tunnel with IPsec security framework to get a better packet encryption protection mechanism.The thesis describes ADVPN tunnel design ideas and VAM protocol, and focuses on the design and implementation of ADVPN tunnel. By analyzing the network levels of ADVPN tunnel, we construct the encapsulation format of ADVPN tunnel packet. We design the necessary information and method of automaticly creating ADVPN tunnel and realize the dynamic point to multipoint tunnel mechanism via employing session to manage tunnels, which support one-to-one relationship between tunnels and sessions and multiple sessions on each tunnel. We achieve a ADVPN fully connected network by dynamic routing mechanism to obtain private network routing information. On Comware, we implemented ADVPN tunnel.