Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Deployment method of IPSec-VPN in address discrete mapping network

An address and network technology, applied in the field of network applications, can solve problems such as identity deception, data encryption, and data tampering, and achieve the effects of improving network reliability, improving security levels, and reducing loads

Inactive Publication Date: 2011-06-22
BEIJING JIAOTONG UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Attackers use monitoring tools to obtain all data packets in the core network and extract key information from them, causing information leakage
[0011] 2) Data tampering
[0013] 4) Identity deception
[0023] L2TP is essentially a tunnel transmission protocol, but it does not encrypt the data in the tunnel transmission, so it cannot guarantee the security of the data transmission process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Deployment method of IPSec-VPN in address discrete mapping network
  • Deployment method of IPSec-VPN in address discrete mapping network
  • Deployment method of IPSec-VPN in address discrete mapping network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] Example 1 as Figure 5 In the shown address separation mapping network IPSec-VPN deployment method, in this embodiment, an IPSec-VPN network passing through the core network is established between two access routers AR corresponding to two access networks that need to communicate with each other. VPN tunnels to protect communications between access networks.

[0053] Such as Image 6 The shown communication flow chart of the IPSec-VPN deployment method in the address separation mapping network, the communication process includes the following three stages: .

[0054] Phase 1: Negotiation of security association phase, which completes the negotiation and establishment of security association SA between access routers, which is divided into two steps:

[0055] Step 1. The source-end access router a and the peer-end access router b use the access network end as the tunnel port, and use the access address pool of the access network as the object to be protected, negotiate...

Embodiment 2

[0066] Example 2 as Figure 7 The implementation example of IPSec-VPN deployment in the address separation mapping network shown in the figure, the core network is composed of access router a, access router b, core router, authentication center and mapping server; terminal a and terminal b are used as access network users ; Establish an IPSec-VPN tunnel between access routers a and b.

[0067] In this specific implementation, the design of the access router is as follows Figure 8 As shown, the access router is composed of two parts, the user layer and the kernel layer. The user layer includes: user console module, IKE module, mapping table maintenance module and address pool module; the main body of the kernel layer is composed of three major modules: IPSec Kernel processing module, system kernel module and address separation mapping module.

[0068] The functions of each module in the user layer are as follows:

[0069] User console module: access to the router management...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a deployment method of IPSec-VPN in an address discrete mapping network, belonging to the technical field of networks. The deployment method comprises a negotiation security alliance stage which is responsible for completing negotiation and establishment of a security alliance SA among access routers, an access authentication stage which is responsible for completing the authentication of the validity of a new access terminal and a communication stage referring to mutual communication of two access terminals after the previous two stages are completed. The method realizes the application of the IPSec in the address discrete map network by combining an IPSec-VPN technology, sufficiently utilizing the advantages of the address discrete mapping network and adopting the tunnel encapsulation idea, thereby providing the high-efficiency security insurance of encryption, authentication, replay attack resistance and the like for a core network, and improving the security level of the address discrete map network.

Description

technical field [0001] The invention relates to an IPSec-VPN deployment method based on an address separation mapping network, and belongs to the technical field of network applications. Background technique [0002] The address separation mapping network separates the dual functions of the traditional IP address, which not only indicates the identity of the host, but also indicates the location of the host, and divides it into two address types: access address and routing address. The access address represents the identity information of the terminal, and the routing address represents the location information of the terminal. At the same time, the network is divided into two parts, the access network and the core network, with the access router as the boundary. The access network realizes the access of various types of terminals or fixed, mobile, and sensor networks; the core network solves location management and routing technology. [0003] By separating the access net...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/46H04L29/06H04L29/12
Inventor 周华春刘颖张宏科种鑫许涛姜巍
Owner BEIJING JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products