What is VPDN: VPDN technology based on GPRS

Summary

The current virtual dial-up private network (vpdn,virtual private dial-up Network) is mainly the use of Pstn/isdn-hosted VPDN. Based on the analysis and research of GPRS working principle and VPDN working principle, this paper gives the VPDN business call realization process based on GPRS, and the flow and realization of GPRS VPDN and roaming business management.

1 Preface

From the development direction of mobile communication, mobile data service will be the mainstream and focus of future development. According to analysis, in the next 10 years, the World mobile communications and Internet industry will continue to develop rapidly, the future will be a mobile interconnected world, mobile Internet terminals will be more than wired Internet. For our country's mobile communication industry, how to promote the development of mobile data service will be the biggest challenge for China's telecom sector to face this kind of market transformation. Vpdn/vpn is an important part of the domestic telecom operators, especially the mobile operators to develop data services.

VPDN (Virtual private dial-up network, VPN) using a dedicated network encryption and communication protocol, can enable enterprises to establish a secure virtual network on public networks. Business travelers can go through a public network remotely, connect to a network within the enterprise through a virtual encrypted channel, and users on the public network cannot access the enterprise's internal network through virtual channels.

At present, China Mobile has opened GPRS (General Packet Exchange service) on the basis of its GSM network. GPRS is a network based on packet switching, which has the characteristics of fast transmission rate. Based on GPRS network bearer VPDN user is not limited by the location, just have the general terminal equipment such as notebook computer and support GPRS mobile phone can access the enterprise intranet, safe, convenient and flexible. (Computer science)

2 GPRS Introduction

GPRS is to make full use of the existing GSM network on the basis of the GSM network to add some hardware equipment and software upgrades, the formation of a new network logic entity. Based on the packet switching technology, the IP Data network protocol is used to make the data service of the existing GSM network break through the limit of the maximum rate of 9.6kbit/s, and the highest data rate can reach 164kbit/s. GPRS logically, in the GSM network structure to add two new network nodes to achieve: GPRS service support node (serving GPRS Support NODE,SGSN); GPRS Gateway support node (gateway GPRS, Support node, GGSN).

The main function of SGSN is to record the current position information of the mobile station and to send and receive the moving packet data between the mobile station and the GGSN. GGSN is primarily a gateway that can connect to a variety of data networks, such as ISDN, PSPDN, and LAN. GGSN can transfer the GPRS packet packets in GSM network to the remote TCP/IP or X.25 network by the packet packets.

3 Virtual dial-up private network (VPDN)

VPDN consists primarily of a network access server (nas,network access server), a client device (Cpe,customer premise equipment), and a management system, where the client device, in addition to the tunnel server, It may also include a AAA (authenti-cation,authorization,accounting) server, typically a radius (Remote authentication dial-in User Service) server.

User access terminal is to support PPP dial-up pc, laptop, mobile phone and so on. The user access mode mainly has the following two kinds: (1) The Wired dialing way: Uses the PSTN or the ISDN through the modem dial-up access NAS; (2) The wireless dialing way: The access terminal and the mobile handset are connected through the infrared or the data line, uses the GSM wireless communication network dial-up access NAS.

NAS serves as a VPDN access server, provides a WAN interface, is responsible for connecting to the PSTN or ISDN, supports various LAN protocols, supports security management and authentication, and supports tunneling protocols such as L2TP and related technologies. All areas where VPDN business is carried out need to deploy VPDN access equipment.

The tunnel server is the VPDN client device, it is located on the user network side, according to the network function different, may be by the router or the firewall and so on provides the related function the equipment to serve.

VPDN management System by the national, provincial and user-side three-level composition. The functions of network management at all levels of VPDN Business Management Center can be divided into: fault management, configuration management, performance management and security management.

4 implementation of VPDN based on GPRS

GPRS network bearer of VPDN access to the implementation of the way, through the GPRS network assigned to the Enterprise access call (apn,access Port Name), and then through DNS (domain name resolution) to resolve APN corresponding enterprise access to the GGSN (GPRS Gateway support node), Enterprise access to the GGSN based on the APN to the Enterprise Gateway VPDN Tunnel, user data first in the GPRS network through the GTP (GPRS Tunneling Protocol) transmission, and finally in the enterprise Access GGSN and Enterprise gateway between the GRE Tunnel protocol or L2TP tunnel protocol for transmission.

4.1 Access names (APN)

The APN is composed of two parts, network identification and operator identification. The network identity defines an external network of GGSN connections. The operator identification defines the PLMN GPRS network in which the GGSN is in place. The APN stored in HLR includes only the APN network identity. The APN provided by Ms when activating the PDP context must include the network identity, which the operator identifies as optional. SGSN should be able to generate the default operator identity based on IMSI.

When the MS initiating PDP context is activated, SGSN the network identification and operator identity into a complete APN, then obtains the APN corresponding GGSN IP address after DNS resolution.

4.2 VPDN network structure based on GPRS

Enterprise Access port GGSN and enterprise gateways are connected through tunnels, and they need to have the same network address space.

The hosted network between GGSN and Enterprise gateways is a network of telecommunications service providers, but requires the Internet public IP address to be assigned for GGSN and enterprise external gateways.

If the enterprise needs to support both the traditional remote dial-up access and GPRS access, the enterprise needs the L2TP server with remote access and the external gateway router that supports the GRE tunnel. Both approaches can be implemented by routers that support both L2TP and GRE at the enterprise end. 4.3 GPRS VPDN Business Process

The business process description is as follows:

(1) Users through the enterprise-specific APN call to SGSN.

(2) SGSN through DNS resolution APN access to the GGSN IP address.

(3) The GPRS network initiates the corresponding GTP tunnel protocol between the SGSN and the GGSN, realizes the security transmission in the GPRS backbone network.

(4) The GGSN of the access-end enterprise launches the RADIUS authentication request for the APN, and GGSN the GRE tunnel selection through the APN user identification. The user name and password are authenticated by the enterprise's RADIUS server or LNS, if the enterprise trusts the telecom operator, it can also pay GGSN to the user's authentication.

(5) The enterprise will be the private IP address in advance in the GGSN or Enterprise LNS configuration, so you can through the GGSN or enterprise LNS according to the APN to the GPRS users to assign the enterprise's internal IP address.

(6) Mobile user initiates the data service and transmits the GGSN of the GRE tunnel package through the APN user identification. The solution package of the GRE tunnel is completed in the external gateway entrance of the enterprise proprietary network, and the user data packet of the enterprise private network is restored.

(7) Enterprise network to mobile users of the GRE tunnel package packets, after the GGSN Tunnel solution package, through the GPRS network forward to mobile users.

(8) The user's access and roaming is the responsibility of the GPRS network. Roaming in the GPRS backbone node (SGSN, GGSN) will generate user information on the Internet, the form of standard words into the nearest billing gateway. In a specific system, a mobile user may produce the same billing statement in multiple SGSN, one GGSN, and also facilitate interval settlement.

4.4 GPRS VPDN National Structure map and roaming management

If it is the province enterprise users in the province to visit the enterprise intranet, the user in the terminal input Enterprise APN number and username, password, and then call to the province SGSN. This province SGSN through the province DNS analysis APN, obtains the Access enterprise end GGSN IP address. The GPRS network initiates the corresponding GTP tunnel protocol between the SGSN and the GGSN, realizes the safe transmission in the GPRS province network. The GGSN of the access port enterprise initiates a RADIUS authentication request against the APN and GGSN the selection of the GRE tunnel or L2TP tunneling protocol through the APN user identity. The user name and password are authenticated by the enterprise's RADIUS server or LNS, such as a small enterprise, inability to maintain a RADIUS server, or entrusting a user's authentication to a telecommunications service provider. This allows users to access the intranet.

If it is a roaming user of the province to visit his or her intranet, the user enters the enterprise's APN number and username and password in the terminal, and then calls to the SGSN. Visit province SGSN through the provincial DNS and national DNS resolution APN, access to the enterprise-side GGSN IP address. The GPRS network initiates the corresponding GTP tunnel protocol between the SGSN and the GGSN, realizes the safe transmission in the GPRS backbone network. Similarly, the GGSN of the access-side enterprise is a RADIUS authentication request for the APN, which is certified by the enterprise's RADIUS server or LNS for the user name and password. This allows users to access the intranet.

If it is other telecom operators GPRS network or international users, the work process similar to domestic roaming business, through the national DNS resolution APN.

5 Summary

Based on the VPDN of GPRS network to break the limitation of traditional VPDN load-carrying network, the user can only have general terminal equipment, such as notebook computer and GPRS mobile phone to access the intranet, access is safe, convenient and flexible. This technology implementation has been successfully applied to domestic telecom operators, and has passed the field network test.