摘要
针对MPLS VPN(Multi-Protocol Label Switching Virtual Private Network)在保密性要求较高场合存在安全隐患的问题,提出一种可保障其安全性的设计方案。该方案通过利用IPSec(IP Security)协议在客户路由器端对IP数据包进行加密,在MPLS(Multi-Protocol Label Switching)边缘路由器端对数据进行封装,从而解决了VPN(Virtual Private Network)采用单一MPLS,在公用骨干网进行第2层传输存在的信息不能自动加密,容易出现因误发或连接中断造成信息泄露等问题。实验结果表明,该方案在不增大网络成本的前提下,保证了数据在传输过程的私有性、完整性和真实性,从而大大提高了网络安全系数。
MPLS VPN (Multi-Protocol Label Switching Virtual Private Network) is facing a big obstacle that some High-end users worry about their security when using MPLS VPN. A designation idea that can guarantee the safety of MPLS VPN used in some higher presence occasions with some potential safety problems is introduced. IPsec agreement is used to encrypt IP packet in the customer route and encapsulate the data in the MPLS edge router. This method can solve some problems when the information is transmitted in the second layer of the public backbone network with single MPLS VPN such as the information can not be automatically cncrypted, some mistakes appear in the transmission, the leaking of information caused by continuous interruptions. Experimental results show that this method improved the network security coefficient under the premise of no increase in the cost of the network.
出处
《吉林大学学报(信息科学版)》
CAS
2008年第1期6-9,共4页
Journal of Jilin University(Information Science Edition)
基金
国家自然科学基金(60272064)
关键词
多协议标记交换
虚拟专用网
IPSEC技术
multi-protocol label switching (MPLS)
virtual private network (VPN)
IPSec technology
