摘要
随着MPLS技术在骨干网上的广泛使用,网络服务商向用户提供基于MPLS技术的虚拟专用网服务。基于MPLS网络的VPN服务在传输用户数据时存在一定的安全漏洞,文中分析了MPLS VPN的结构及存在的安全缺陷,提出一种方法,把IPSec应用在MPLS VPN中以加强用户数据传输的安全性。对IPSec的安全功能及应用场合进行了研究,给出在用户管理的网络边缘设备CE上配置IPSec的方法。实现了VPN用户数据分组进入骨干网之前的安全保护措施,并对IPSec分组的工作过程做了解释。
As the technolcgy of MPLS was widely used on backbone network, the Intemet service providers provide the services of VPN based on MPLS for VPN users. There are a lot of security leaks in sevices of VPN besed on MPLS while data packets are transported in it. Analyzes the structure of MPLS VPN and security defects existing in the VPN. Proposes a method by which IPSec is applied to MPLS VPN to enhance the security of user data. Studies the security functions and application ranges of IPSec. Put forward how to config the IPSec protocol in client edge devices of user's network. Realizes the protection of VPN user's data before the data enter into the backbone network and explains the working mechanism of IPSec packet.
出处
《计算机技术与发展》
2009年第3期168-171,174,共5页
Computer Technology and Development
基金
安徽省自然科学研究项目(KJ2007C302ZC)
