计算机科学 ›› 2024, Vol. 51 ›› Issue (9): 357-364.doi: 10.11896/jsjkx.240200062

• 计算机网络 • 上一篇    下一篇

面向集成的VPN解决方案

陶志勇1,2, 阳王东2   

  1. 1 长沙民政职业技术学院软件学院 长沙 410004
    2 湖南大学信息科学与工程学院 长沙 410082
  • 收稿日期:2024-02-09 修回日期:2024-04-24 出版日期:2024-09-15 发布日期:2024-09-10
  • 通讯作者: 阳王东(342681652 @qq.com)
  • 作者简介:(27537406@qq.com)
  • 基金资助:
    国家自然科学基金(61872127);湖南省教育厅资助科研项目(22C1433);湖南省普通高等学校教学改革研究项目(ZJGB2022159)

Integrated VPN Solution

TAO Zhiyong1,2, YANG Wangdong2   

  1. 1 Software School,Changsha Social Work College,Changsha 410004,China
    2 College of Computer Science and Electronic Engineering,Changsha 410082,China
  • Received:2024-02-09 Revised:2024-04-24 Online:2024-09-15 Published:2024-09-10
  • About author:TAO Zhiyong,born in 1980,postgra-duate,associate professor,is a member of CCF(No.C3683M).His main research interests include network communication and cloud computing.
    YANG Wangdong,born in 1974,Ph.D,professor,Ph.D supervisor,is a member of CCF(No.34909M).His main research interests include network communication,cloud computing,software engineering.
  • Supported by:
    National Natural Science Foundation of China(61872127),Research Foundation of the Education Department of Hunan Province(22C1433)and Research Project on Teaching Reform in Ordinary Higher Education Institutions in Hunan Province(ZJGB2022159).

摘要: 针对传统方式构建的VPN不支持承载多种数据类型、承载数据缺乏安全性、标签边缘设备负载过重等问题,提出了集成的VPN解决方案。该方案设计包含GRE VPN的建立、IPSEC VPN的建立、网络设备虚拟化、MPLS VPN的建立、私网数据的识别与隔离5个关键步骤,实现了各VPN技术数据的嵌套与各VPN技术的相互融合,融合后的VPN既支持承载多种数据类型,又支持数据交互的安全,且能实现私网数据访问控制与地址复用,还能实现数据的负载分担。为验证方案的可行性,对方案建立的隧道、网络资源池、标签转发路径等方面进行了测试与验证,达到了预期设定的目标。为凸显方案的优势,与传统方式在背板带宽、端口速率等方面进行了对比分析。分析结果表明,该方案的背板带宽与端口速率随着资源池中设备数的增加而增长,其数据传输能力相比传统方式成倍增长,且在数据的负载分担、数据安全、可管理性与可维护性等方面优于传统方案,为构建实用、可靠、安全的VPN提供了思路。

关键词: 虚拟私有网, 多协议标签交换, 边界网络路由协议, 虚拟化, 标签边缘设备

Abstract: Aimed at the problems that the traditional VPN does not support the carrying of multiple data types,lack of security of data,and overweight label edge devices,an integrated VPN solution is proposed..The design includes the establishment of GRE VPN,the establishment of IPSEC VPN,the virtualization of network equipment,the establishment of MPLS VPN,the recognition and isolation of private network data,to realize the nesting of each VPN technology data and the mutual integration of each VPN technology.The integrated VPN supports multiple data types,also supports the security of data interaction,and can achieve private network data access control and address reuse,and can also realize the load sharing of data.In order to verify the feasibility of the scheme,tunnels,network resource pools,and label forwarding paths established by the scheme have been tested and ve-rified,and expected goal is achieved.In order to highlight the advantages of the scheme,it is compared with traditional methods in terms of backplane bandwidth and port rate.The analysis results show that the backplane bandwidth and port rate of the scheme increase with the increase of the device number in the resource pool,and its data transmission capability is multiplied compared with the traditional mode,and the data load is reduced.It is superior to the traditional scheme in load sharing,data security,ma-nageability and maintainability,and provides an new ideal for building a practical,reliable and secure VPN.

Key words: Virtual private network, Multi-protocol label exchange, Boundary network routing protocol, Virtualization, Label edge equipment

中图分类号: 

  • TP393
[1]HAI P N P,HONG H N,QUOC B B,et al.A Comparative Research on VPN Technologies on Operating System for Routers[C]//2021 International Conference on Advanced Technologies for Communications(ATC).IEEE,2021:89-93.
[2]JUMA M,MONEM A A,SHAALAN K.Hybrid end-to-endVPN security approach for smart IoT objects[J].Journal of Network and Computer Applications,2020,158:102598.
[3]ESPER D A,DATTA S,ROY M.Implementing Protection on Internal Networks using IPSec Protocol[C]//2022 8th International Conference on Advanced Computing and Communication Systems(ICACCS).IEEE,2022,1:378-383.
[4]OJHA P D,HANSDAH R C.A Heuristic Approach to Detect MPLS L3 VPN Misconfiguration in Multi-Homed Multi-VRF Site-Redundant CE Environments[J].IEEE Transactions on Network and Service Management,2020,18(2):2294-2307.
[5]SLLAME A M.Performance Evaluation of Multimedia overMPLS VPN and IPSec Networks[C]//2022 IEEE 2nd International Maghreb Meeting of the Conference on Sciences and Techniques of Automatic Control and Computer Engineering(MI-STA).IEEE,2022:32-37.
[6]YAN J,LI F.Application of Network Security in Data CenterBased on Private Cloud[C]//2023 5th International Conference on Decision Science & Management(ICDSM).IEEE,2023:178-183.
[7]GAO Y.Newenergy vehicle engine speed control method based on vehicle networking technology[J].Journal of Computational Methods in Sciences and Engineering,2022,22(6):2201-2215.
[8]VARVELLO M,AZURMENDI I Q,NAPPA A,et al.VPN-zero:a privacy-preserving decentralized virtual private network[C]//2021 IFIP Networking Conference(IFIP Networking).IEEE,2021:1-6.
[9]XIE Y,ZHANG C,HE X,et al.Application research of meteoro-logical virtual private network security remote access technology[C]//2023 IEEE 6th Information Technology,Networking,Electronic and Automation Control Conference(ITNEC).IEEE,2023,6:423-426.
[10]LIN Q L,HU X M,LI P.Under the epidemic situation,we networking technology research on large-scale live broadcast tea-ching [J].Computer Technology and Development,2021,31(6):140-145.
[11]AMALDEEP S,SANKARAN S.Cross Protocol Attack on IPSec-based VPN[C]//2023 11th International Symposium on Digital Forensics and Security(ISDFS).IEEE,2023:1-6.
[12]HE W,ZHAO Y,LIU Z,et al.Design of Dual-link Shared GRE over IPSec VPN on P2MP Networks[C]//2023 IEEE 3rd International Conference on Power,Electronics and Computer Applications(ICPECA).IEEE,2023:1781-1783.
[13]AMALDEEP S,SANKARAN S.Cross Protocol Attack on IPSec-based VPN[C]//2023 11th International Symposium on Digital Forensics and Security(ISDFS).IEEE,2023:1-6.
[14]KOMALA C R,HEMA M,GOYAL H R,et al.PerformanceEvaluation of VPNS over MPLS-Linux Networks[C]//2023 International Conference on Advances in Computing,Communication and Applied Informatics(ACCAI).IEEE,2023:1-7.
[15]LI Y F.Based on BGP MPLS VPN Cross-the-domain GroupSimulation Design [J].Laboratory Research and Exploration,2021,40(3):121-128.
[16]LI F,SHEN H T,SHI L,et al.A mpls-based power line carrier communication can distinguish the fault recovery mechanism [J].The Journal of Tailhrtz Science and Electronic Information,2023,21(8):997-1001.
[17]QURESHI K N,AHMAD E,ANWAR M,et al.Network functions virtualization for mobile core and heterogeneous cellular networks[J].Wireless Personal Communications,2022,122(3):2543-2559.
[18]JAFF A.Software Defined Networking Automation Using Open-Daylight and Network Virtualization for security and scalability:A network enterprise case[C]//ITM Web of Conferences.EDP Sciences,2022,42:01014.
[19]EMMANUEL T,MICHEL D D E,AGBOR E O B.Virtualization of a 4G Evolved Packet Core Network Using Network Function Virtualization(NFV) Technology with NS3 for Enterprise and Educational Purpose[J].American Journal of Networks and Communications,2024,13(1):1-18.
[20]SALAGRAMA S,BIBHU V.Study of it and data center virtua-lization[C]//2022 2nd International Conference on Innovative Practices in Technology and Management(ICIPTM).IEEE,2022,2:274-278.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!