【作者】 沈洪洋；

【导师】 胡成全；

【作者基本信息】 吉林大学 ， 软件工程， 2007， 硕士

【摘要】 本课题对基于ATM技术和MPLS VPN技术组建新的辽阳公安局综合业务数据网进行了研究，提出了具体解决方案，实现了组建新的辽阳公安局综合业务数据网的目标。通过实际应用改变了目前公安局原有综合业务数据网的面貌，提高了公安局综合业务数据网的安全性和使用范围，提高了公安局的业务处理能力。主要做了以下几方面的工作(1)参与设计了系统的整体方案，以及系统的硬件选型。(2)完成了辽阳公安局综合业务数据网身份验证的部分原代码的编写工作。(2)在Windows 2000环境下设置了VPN服务。(4)设置了VPN路由器。本课题的组网工作虽然已经完成，但在一些方面还存在不足和值得改进之处，在今后的研究中还需要进一步进行完善，这主要包括以下几个方面：(1)现在的MPLS网络还不支持点到多点的多播通讯，使得新的辽阳公安局综合业务数据网在使用过程中这方面的业务不能很好的开展。(2) MPLS VPN的网络配置和流量管理较易实现，但与不同运营商的多个网络如何互联还存在一定问题，如何保证用户端到端的业务质量、如何快速定位故障发生地点等问题亟待解决。(3) MPLS VPN与传统光网相结合是今后研究工作中的重点研究方向。更多还原

【Abstract】 In recent years, it raises the worldwide information superhighway upsurge. The information highway construction is a huge social system project under the guidance of the state government. Its technology integrates communications technology, computer and multimedia, a number of comprehensive technogies. As the basis of the information superhighway, we must first establish a high-speed broadband communication network. Fiber medium for communication to the Broadband Integrated Services Digital Network (B -ISDN) is the main direction of the development for communication network in the future.Asynchronous transfer mode (ATM) and Synchronous digital hierarchy (SDH) is the broadband communications technology research focus. ITU-T takes ATM as the ultimate B - ISDN transmission, The ATM bwadband,intenet exchenge network which constructed on the SDH fiber is the lower infrastructure of the information in the future . Therefore, it can be considered: SDH + + AN ATM (User Access Network) + MMDB (Multimedia Database) + MMT (multimedia terminal) = ISHW (information superhighway) ATM high-speed and flexibility, taking it as the basis of the information superhighway technology, ATM broadband network for conducting business provides an excellent platformBased on the system investigation and study , this topic aimed at the issue that traditional Internet service couldn’t satisfy users’ demand. (Traditional Internet only provides simple service such as browsing, email and, without service guarantee and jurisdiction and safety mechanism. Another problem is that contact surface is complex and not easy to grasp), This thesis proposed the design goal, principle and settlement of VPN technology network. The solution has realized the virtual special-purpose net’s function with the public special-purpose net.Liaoyang police station’s existing comprehensive service data networking system is quite complex, The connection between the bureau and the sub-bureau, the traffic police crew, the fire crew, the local police station, the city team and the countryside team are through the dialing way. Influenced by net speed limit, the internal file processing speed is specially slow, and the work service also comes under the influence. Meanwhile the internal data couldn’t be shared. Moreover, it has little security, and the network security cannot be effectively guaranteed. If the user needs some new services, he will need to fill in many documentary evidences and wait for a quite period of time for enjoying the new service. What’s more important, the terminal device of the beginnings and ends is expensive, and it also needs a certain specialized technical personnel, which will increased the cost undoubtedly. And its existing comprehensive service data couldn’t immediately connect with any net unit in the world as the Internet do.In order to solve the above problem, the Liaoyang Telecommunication Network Company computer application development center and Liaoning Information Vocational Technology Institute Huawei laboratory proposed the development research work tentative plan which based on the existing equipment and technical force. The plan is to build a VPN network with the optical fiber straight connecting way, and to connect the sub-bureau and the city bureau original north electricity Passport 6,480 routers by the 10/100M. Sub-bureau belongs to the Ministry of Public Security Golden Shield Project No. 3 network, the project of the police station at the Golden Shield Project belongs to the Ministry of Public Security of four network construction.There are three nodes (sub-units) 11,4 node (the police station) 69 in the construction. Currently, traffic police detachment, the fire brigade, Liaoyang county, Dengta city have built their WAN and LAN (core equipment for Huawei and PASSPORT 3680 - 6440), The Public Security Bureau and the fire brigade using DDN special line connected with the traffic police detachment, the cable connected by radio and television, after the works for all of its nodes to achieve interoperability. The entire network should have higher requirements of security and stability.The construction of the three-tier network model using Direct Connect mode fiber to 10/100 M PUC achieve Branch and the original Nortel Passport 6480 routers connected. Branch nodes use the HuaweuARl 8-20 router equipment as the export equipment. Using Huawei VG10-40 voice gateway can access four-way ordinary telephone, to achieve VoIP. S3526E clustering various sub-port 10/100 M, access to the PUC Passport6480 router. The police station uses Huawei routers AR18-30 and voice gateway VG10-40, dial-up connections through ADSL communication established through Liaoyang ADSL network, mapped to MPLS VPN, the S8016 Liaoyang communications companies with 100 M Passport6480 linked to achieve the four public security Golden Shield Project Network VPN network with the three-tier convergence.Considering the isolation between the public security network and otheruser networks.We set up a VPN network.Proposed the solution of using the MPLS VPN technology to sove the public security service realization and the security isolution.As ADSL structures in the way of Internet, in the process of ADSL uplink, using the ATM PVC technology to strict segregate each user, after ascending to the BAS layer ,achieve ADSL to the communications companies existing MPLS VPN mapping by BAS, divided into an independent VPN, with the realization the security isolation fuction of the public security network close off other network users. Communications companies in the MPLS VPN jurisdictions, S8016 routing switches, BAS equipment respectively use as MPLS P and PE equipment to achieve decentralized nodes center equipment to the police station VPN aggregation, the final realization by the S8016 network traffic on the access layer convergence transponders.To the public security Integrated Services Data Network, highly reliable, security is a basic requirement. Guaranteed one of VPN secure main technologies is the identification authentication. In Liaoyang Public Security Bureau Data Network Integrated Services Network in the process of ensuring their use for the process of security, authentications of achieving become a major issue. To ensure that the identity of the user conclusive, and when necessary verification machinery logo, which all belong to the application security module part.his thesis has narrated the thought and the realization process of using the VPN technology to realize public security private network in detail, attaching the system analysis situs chart, and with the suitable hardware equipment. The technology has realized the security, effectiveness and reliability in the use of public security private network.更多还原