CN211531111U - Internet special line access system based on dynamic IP - Google Patents
Internet special line access system based on dynamic IP Download PDFInfo
- Publication number
- CN211531111U CN211531111U CN201922360939.XU CN201922360939U CN211531111U CN 211531111 U CN211531111 U CN 211531111U CN 201922360939 U CN201922360939 U CN 201922360939U CN 211531111 U CN211531111 U CN 211531111U
- Authority
- CN
- China
- Prior art keywords
- mgre
- local area
- area network
- branch
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 239000013307 optical fiber Substances 0.000 claims description 13
- 238000001514 detection method Methods 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims description 4
- 101150111571 mreg gene Proteins 0.000 claims description 2
- 238000004458 analytical method Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000000034 method Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005538 encapsulation Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- DWSYCUKCNSVBRA-UHFFFAOYSA-N 4-(5-methylsulfonyltetrazol-1-yl)phenol Chemical compound CS(=O)(=O)C1=NN=NN1C1=CC=C(C=C1)O DWSYCUKCNSVBRA-UHFFFAOYSA-N 0.000 description 1
- 101150012579 ADSL gene Proteins 0.000 description 1
- 102100020775 Adenylosuccinate lyase Human genes 0.000 description 1
- 108700040193 Adenylosuccinate lyases Proteins 0.000 description 1
- 101710167643 Serine/threonine protein phosphatase PstP Proteins 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000012536 packaging technology Methods 0.000 description 1
- 238000003909 pattern recognition Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model relates to an internet private line access system based on dynamic IP, including subsection LAN system, mGRE branch equipment, ISP platform, internet, mGRE central facility, headquarter LAN system that connect gradually, mGRE branch equipment registers branch equipment with NHRP and is connected, and mGRE central facility registers the headquarter equipment with NHRP and is connected, subsection LAN system pass through the dialing terminating machine with mGRE branch equipment connects. Compared with the prior art, the utility model discloses make can automatic connection and register ISP platform node when the IP changes on to through default route to ISP platform gateway, compare with data special line access network such as traditional expensive IP over ATM, IP over SDH, PTN, have access cost low, stable in quality, schedulable stability is high, the time delay is low, throughput is big, the opening time is short, characteristics such as terminal equipment can the network management.
Description
Technical Field
The utility model belongs to the technical field of the network communication technique and specifically relates to an internet private line access system based on developments IP is related to.
Background
Because a plurality of buildings are monopolized by property or small and large residential area network service providers in each building leased by a traditional enterprise, a plurality of residential area network broadband can not meet the high-end requirements of customers, and other operators can not access high-end private lines, the enterprise is connected to a private line platform by taking the ADSL dialing broadband of the enterprise as a bearing circuit, and the requirement of the enterprise for deploying various applications in each branch mechanism is met. Enterprises attempt to connect to headquarters or data centers via premise network broadband, but broadband is shared and cannot meet high quality demands, and enterprises need private lines to provide higher demands and service levels.
The traditional data private network has the problems of high rental cost, long opening period, complex newly-added service deployment and the like, and cannot meet the enterprise network requirements of quick opening and flexible deployment. In addition, due to the introduction of cloud computing, more enterprises migrate application deployment to the cloud, so that the flow of branch outlets is increased sharply, and the WAN network cost of the enterprises is further increased.
SUMMERY OF THE UTILITY MODEL
The utility model aims at providing an internet private line access system based on dynamic IP in order to overcome the defects existing in the prior art.
The purpose of the utility model can be realized through the following technical scheme:
an Internet special line access system based on dynamic IP comprises a local area network part system, an mGRE branch device, an ISP platform, the Internet, an mGRE center device and a headquarters local area network system which are connected in sequence, wherein the mGRE branch device is connected with an NHRP registration branch device, the mGRE center device is connected with an NHRP registration headquarter device, and the local area network part system is connected with the mGRE branch device through a dial-up terminal.
Preferably, the dial-up terminal is connected with a remote monitoring server.
Preferably, a host intrusion detection system is arranged in the local area network subsection system.
Preferably, the local area network system of subdivisions includes gigabit ethernet routing equipment.
Preferably, a hardware firewall is arranged between the local area network part system and the mGRE branch device.
Preferably, the local area network system is provided with a plurality of local area network systems, and the local area network systems are respectively connected with the ISP platform through the mrre branch devices corresponding to the local area network systems.
Preferably, the mreg branch device and the mreg center device are respectively connected to the ISP platform through an urban optical fiber network.
Preferably, the urban optical fiber network is a passive optical fiber network.
Compared with the prior art, the utility model has the advantages of it is following:
1. the system adopts the mGRE equipment to establish the private network, does not need to adopt the traditional two-layer circuit private line access based on ATM, SDH, PTN and the like, and saves the cost of enterprises.
2. The NHRP registration equipment is used for realizing dynamic dialing IP (such as xDSL, LTE-4G, 5G and the like), is used as a bearing network to be connected to an ISP interconnection platform, and when a line is interrupted and the IP changes, the line can be automatically registered to a headquarter node, so that the line availability is greatly improved.
3. The system can enable the existing network architecture of a user to be unchanged, multi-point routing encapsulation is realized by using the mGRE equipment, and the whole transmission process is a gigabit Ethernet frame structure, so that the data encapsulation format is simplified, excessive overhead of other upper-layer protocols is avoided, the communication transmission efficiency is improved, the equipment performance is saved, and the throughput is greatly improved.
Drawings
Fig. 1 is a schematic structural diagram of the present invention.
The figure is marked with: 1. the system comprises a local area network division system, 2, mGRE branch equipment, 3, NHRP registration branch equipment, 4, an ISP platform, 5, the Internet, 6, mGRE center equipment, 7, NHRP registration total equipment and 8, and a headquarter local area network system.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments. The embodiment is implemented on the premise of the technical solution of the present invention, and a detailed implementation manner and a specific operation process are given, but the scope of the present invention is not limited to the following embodiments.
Examples
As shown in fig. 1, the present application provides a dynamic IP-based dedicated internet access system, which includes a local area network part 1, an mcre branch device 2, an ISP platform 4, an internet 5, an mcre center device 6, and a local area network headquarters system 8, which are connected in sequence. The mGRE branch equipment 2 is connected with the NHRP registration branch equipment 3, the mGRE center equipment 6 is connected with the NHRP registration main equipment 7, and the local area network division system 1 is connected with the mGRE branch equipment 2 through a dialing terminal machine.
The local area network system 1 registers the branch equipment 3 through NHRP and automatically registers IP to the ISP platform 4, so that when the IP is changed, the local area network system can also be automatically connected and registered to the ISP platform 4 node and can be routed to the ISP platform 4 gateway through a default route.
The local area network part system 1 is unified to gigabit ethernet technology and includes gigabit ethernet routing devices. The local area network distribution system 1 adopts dialing modes such as xDSL or LTE/5G and the like, so that the cost is greatly saved, and the cost of the dialing lines is far lower than the price of the traditional WAN special lines such as ATM, MSTP, PTN and the like. The dialing terminal machine is connected with a remote monitoring server and is used for network management, operation and maintenance, log acquisition, analysis and the like of the dialing terminal machine. The local area network system 1 is provided with a host intrusion detection system, suspicious behaviors aiming at the host are found through analyzing audit logs of the host of the local area network system, characteristic analysis is carried out on a data packet text forwarded by a node through an intrusion detection module running on the routing node, and the intrusion behaviors are found through pattern recognition. A hardware firewall is arranged between the local area network division system 1 and the mGRE branch device 2.
The data packet of the network equipment of the local area network system 1 is encapsulated in a point-to-multipoint mode through the mGRE branch equipment 2, the data packet is connected to the ISP platform 4, a channel of the data packet exists permanently once being established, and the line is stable and reliable, namely when the line of the local area network system 1 is interrupted and the IP of the local area network system is changed, the next hop address resolution protocol (NHRP) of NHRP registration equipment can be used for immediately registering and updating, so that the line availability is greatly improved.
The mcre branch device 2 is connected with the ISP platform 4 through the city optical fiber network. The urban optical fiber network is a passive optical fiber network, and in the embodiment, the passive optical fiber network realizes optical fiber transmission through a GPON passive optical network technology. The optical fiber layer adopts the GEM packaging technology of GPON, namely the header of the gigabit Ethernet frame is realized by the GEM mapping technology, and the optical fiber to the local side is a passive device, so that the failure rate is greatly reduced compared with the traditional access network technology.
When an enterprise has a plurality of departments, the local area network system 1 is provided with a plurality of departments, and is respectively connected with the ISP platform 4 through the mGRE branch equipment 2 corresponding to each department.
In this embodiment, the implementation method of the system is as follows:
1. the headquarter LAN system 8 establishes a GRE P2MP (mGRE) communication channel interface through the mGRE center equipment 6, defines a data encapsulation format, defines a source interface, starts a next hop address registration protocol, starts an NHRP authentication key and starts next hop address mapping;
2. defining an mGRE channel interface of an ISP platform 4 node, starting an NHRP protocol, establishing an authentication key, and allowing dynamic multicast routes such as ospf, rip and the like to enter;
3. defining a route to the destination channel address and a default route pattern to the internet 5;
4. defining the snmp network management docking protocol, port number and character string, so that the remote monitoring server can perform network management, operation and maintenance, log acquisition and analysis and the like on the dial-up terminal.
The registration process of the NHRP protocol comprises the following steps:
statically appointing a public network address or a domain name of a headquarters locally; the terminal initiates a registration request to the headquarters;
the NHRP registration main equipment 7 of the headquarter generates a branched NHRP peer table according to the received registration request message and sends a registration request response message to the NHRP registration branch equipment 3 of the branch;
thirdly, learning routes among all the subsections through a static configuration protocol or a dynamic routing protocol, wherein the subsections only store the convergence route to the headquarter;
fourthly, when the source forwards the data message, inquiring the public network address corresponding to the next hop of the message, packaging the data message and then sending the data message to the next hop (the next hop is the headquarter);
fifthly, after the message reaches the headquarters, the headquarters sends the message to the destination, and simultaneously triggers an NHRP redirect message to be sent to the source;
sixthly, the source receives the NHRP redirect message and sends an NHRP analysis request to the destination;
seventhly, after the NHRP analysis request message reaches the headquarters, the headquarters message is sent to the destination;
receiving an NHRP (Internet local area network) analysis request by the destination, and sending an NHRP analysis request response message to the source;
and ninthly, the source follow-up and the target can carry out direct communication without transferring through the headquarters.
Claims (6)
1. An Internet special line access system based on dynamic IP is characterized by comprising a branch local area network system, an mGRE branch device, an ISP platform, the Internet, an mGRE center device and a headquarters local area network system which are connected in sequence, wherein the mGRE branch device is connected with an NHRP registration branch device, the mGRE center device is connected with an NHRP registration headquarter device, and the branch local area network system is connected with the mGRE branch device through a dialing terminal;
the dialing terminal is connected with a remote monitoring server;
and a host intrusion detection system is arranged in the local area network distribution system.
2. A dynamic IP based internet private access system as claimed in claim 1, wherein said local area network part system includes gigabit ethernet routing means.
3. A system as claimed in claim 1, wherein a hardware firewall is disposed between the local area network and the mcre splitter.
4. The system as claimed in claim 1, wherein the plurality of local area network systems are connected to the ISP platform through their mrre branches.
5. The system as claimed in claim 1, wherein the mreg branch equipment and the mreg center equipment are connected to the ISP platform via a city optical fiber network.
6. The system of claim 5, wherein the urban optical fiber network is a passive optical fiber network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201922360939.XU CN211531111U (en) | 2019-12-22 | 2019-12-22 | Internet special line access system based on dynamic IP |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201922360939.XU CN211531111U (en) | 2019-12-22 | 2019-12-22 | Internet special line access system based on dynamic IP |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN211531111U true CN211531111U (en) | 2020-09-18 |
Family
ID=72446989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201922360939.XU Active CN211531111U (en) | 2019-12-22 | 2019-12-22 | Internet special line access system based on dynamic IP |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN211531111U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110880997A (en) * | 2019-12-22 | 2020-03-13 | 上海地面通信息网络股份有限公司 | Internet special line access system based on dynamic IP |
-
2019
- 2019-12-22 CN CN201922360939.XU patent/CN211531111U/en active Active
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110880997A (en) * | 2019-12-22 | 2020-03-13 | 上海地面通信息网络股份有限公司 | Internet special line access system based on dynamic IP |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7889754B2 (en) | Address resolution mechanism for ethernet maintenance endpoints | |
| US7515542B2 (en) | Broadband access note with a virtual maintenance end point | |
| US8472314B2 (en) | Network-based dedicated backup service | |
| Parol et al. | Towards networks of the future: SDN paradigm introduction to PON networking for business applications | |
| US7821949B2 (en) | Forwarding plane data communications channel for ethernet transport networks | |
| US7570648B2 (en) | Enhanced H-VPLS service architecture using control word | |
| US20040202199A1 (en) | Address resolution in IP interworking layer 2 point-to-point connections | |
| US20090016326A1 (en) | Managed private network system | |
| CN109327374B (en) | System and method for realizing three-layer VPN network access | |
| US7653074B2 (en) | Method and apparatus for virtual private networks | |
| US7280534B2 (en) | Managed IP routing services for L2 overlay IP virtual private network (VPN) services | |
| EP1701516B1 (en) | Method for facilitating application server functionality and access node comprising the same | |
| EP2168320B1 (en) | Technique for testing peers in multicast network domain | |
| US20160359720A1 (en) | Distribution of Internal Routes For Virtual Networking | |
| CN109150566B (en) | Service path restoration method and device | |
| CN105635335B (en) | Social resource access method, device and system | |
| CN211531111U (en) | Internet special line access system based on dynamic IP | |
| CN212463235U (en) | Network access system based on mutual redundant backup of optical fiber and LTE/5G wireless network | |
| Parol et al. | Future proof access networks for B2B applications | |
| CN110880997A (en) | Internet special line access system based on dynamic IP | |
| CN219980836U (en) | Network system | |
| WO2008125603A1 (en) | Method for forwarding data packets in an access network and device | |
| CN116436729B (en) | Message transmission method, networking system and access cloud gateway | |
| CN116032690B (en) | Virtual network scheduling method under edge computing scene | |
| CN112910790B (en) | Diversion system and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |