面向集成的VPN解决方案  

作　　者：陶志勇[1,2] 阳王东 TAO Zhiyong;YANG Wangdong(Software School,Changsha Social Work College,Changsha 410004,China;College of Computer Science and Electronic Engineering,Changsha 410082,China)

机构地区：[1]长沙民政职业技术学院软件学院,长沙410004 [2]湖南大学信息科学与工程学院,长沙410082

出　　处：《计算机科学》2024年第9期357-364,共8页Computer Science

基　　金：国家自然科学基金(61872127);湖南省教育厅资助科研项目(22C1433);湖南省普通高等学校教学改革研究项目(ZJGB2022159)。

摘　　要：针对传统方式构建的VPN不支持承载多种数据类型、承载数据缺乏安全性、标签边缘设备负载过重等问题,提出了集成的VPN解决方案。该方案设计包含GRE VPN的建立、IPSEC VPN的建立、网络设备虚拟化、MPLS VPN的建立、私网数据的识别与隔离5个关键步骤,实现了各VPN技术数据的嵌套与各VPN技术的相互融合,融合后的VPN既支持承载多种数据类型,又支持数据交互的安全,且能实现私网数据访问控制与地址复用,还能实现数据的负载分担。为验证方案的可行性,对方案建立的隧道、网络资源池、标签转发路径等方面进行了测试与验证,达到了预期设定的目标。为凸显方案的优势,与传统方式在背板带宽、端口速率等方面进行了对比分析。分析结果表明,该方案的背板带宽与端口速率随着资源池中设备数的增加而增长,其数据传输能力相比传统方式成倍增长,且在数据的负载分担、数据安全、可管理性与可维护性等方面优于传统方案,为构建实用、可靠、安全的VPN提供了思路。Aimed at the problems that the traditional VPN does not support the carrying of multiple data types,lack of security of data,and overweight label edge devices,an integrated VPN solution is proposed..The design includes the establishment of GRE VPN,the establishment of IPSEC VPN,the virtualization of network equipment,the establishment of MPLS VPN,the recognition and isolation of private network data,to realize the nesting of each VPN technology data and the mutual integration of each VPN technology.The integrated VPN supports multiple data types,also supports the security of data interaction,and can achieve private network data access control and address reuse,and can also realize the load sharing of data.In order to verify the feasibility of the scheme,tunnels,network resource pools,and label forwarding paths established by the scheme have been tested and ve-rified,and expected goal is achieved.In order to highlight the advantages of the scheme,it is compared with traditional methods in terms of backplane bandwidth and port rate.The analysis results show that the backplane bandwidth and port rate of the scheme increase with the increase of the device number in the resource pool,and its data transmission capability is multiplied compared with the traditional mode,and the data load is reduced.It is superior to the traditional scheme in load sharing,data security,ma-nageability and maintainability,and provides an new ideal for building a practical,reliable and secure VPN.

关 键 词：虚拟私有网 多协议标签交换 边界网络路由协议 虚拟化 标签边缘设备 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]