适用于私有云的动态IPsec VPN架构被引量：1

Dynamic IPsec VPN architecture for private cloud computing

下载PDF

导出

摘要 VPN技术在安全地连接企业和私有云中扮演了一个重要角色。传统直连VPN通常允许私有网络在公共网络上的小范围安全连接。而动态IPsec VPN架构基于Hub-and-Spoke和FullMesh两种IPsec VPN网络类型,适用于私有云,可以容纳大量的连接。但此架构只针对单一节点的中心网关(Hub-GW),单节点规模庞大,难以管理控制,一旦出现问题,容易产生流量拥塞,造成瓶颈。针对此问题,在动态IPsec VPN架构的基础上,提出多节点Hub-GW处理模型,实现了负载分担和冗余管理等作用,更加符合实际网络框架。 Virtual private network plays an important role to connect enterprise IT with the private cloud securely. Traditional direct connected VPN usually allows for a small scale of secure connections into a private network over the public network. Based on the Hub-and-Spoke and Full-Mesh two IPsec VPN network types,dynamic IPsec VPN architecture is suitable for private cloud,can accommodate a large number of connections. But the Hub-GW is a single node in this architecture. It is difficult to control at large scale of single node. Once appear problem,it is easy to produce traffic congestion,caused by the bottleneck. On the basis of dynamic IPsec VPN architecture,multi-node Hub-GW processing model is proposed for this problem. This model implements the load sharing and redundancy management,and is more conform to the actual network framework.

作者庄雪孙国强

机构地区上海理工大学光电信息与计算机工程学院

出处《信息技术》 2016年第2期112-116,共5页 Information Technology

关键词云计算动态IPsec-VPN 多节点 cloud computing dynamic IPsec-VPN multi-node

分类号 TP393.09 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献15

1Snader J C.VPNs Illustrated:Tunnels,VPNs,and IPSec[M].Addison-Wesley,2005.
2Wood T,et a1.Cloud Net:A Platform for Optimized WAN Migration of Virtual Machines[R].Department of Computer Science,University of Massachussets,Amherst,Tech.Rep.TR-2010-002,Jan.2010.
3Li L E,Woo T.VSITE:A scalable and secure architecture for seamless L2 enterprise extension in the cloud[C].IEEE Secure Network Protocols(NPSec),2010.
4Hata H,Kamizuru Y,Honda A,et al.Dynamic IP-VPN architecture for cloud computing[C].the 8th Asia-Pacific Symposium on Information and Telecommunication Technologies(APSITT),2010.
5Ishimura K,Tamura T,Mizuno S,et al.Dynamic IP-VPN architecture with secure IPsec tunnels[C].the 8th Asia-Pacific Symposium on Information and Telecommunication Technologies(APSITT),2010.
6Kaufman C.Internet Key Exchange(IKEv2)Protocol[S].Internet Engineering Task Force,RFC4306,Dec.2005.
7Gou Quan-deng,LIU Yi-he.DYNAMIC IPsec VPN ARCHITECTURE FOR PRIVATE CLOUD SERVICES[J].IEEE,2012.
8Eronen P.IKEv2 Mobility and Multihoming Protocol(MOBIKE)[S].Internet Engineering Task Force,RFC4555,Jun.2006.
9Rekhter Y,Li T,Hares S.RFC 4271,A border Gateway protocol 4(BGP-4)[S].2006.
10Tamura T,et al.A study of IP-VPN architecture[C].IEICE Society Conference B6_2,Japan,Sept.2006.

二级参考文献39

1REKHTER Y, LIT. A border gateway protocol 4 (BGP-4)[EB/OL]. http://datatracker.iet f.org/doc/rfc4271/,2006.
2MURPHY S. BGP security vulnerabilities analysis[EB/OL], http:// datatracker.ietf.org/doc/rfc4272/,2006.
3KENT S, LYNN C, SEO K. Secure border gateway protocol (S-BGP)[J]. IEEE Journal on Selected Areas in Communications, 2000, 18(4): 582-592.
4KRANAKIS E, OORSCHOT C. On inter-domain routing security and pretty secure BGP (psBGP)[J]. ACM Trans on Information and Sys- tem Security, 2007,10(3 ): 11.
5WHITE R. Securing BGP through secure origin BGP (soBGP)[J]. The Internet Protocol Journal, 2003,6(3): 15-22.
6SNBRAMANIAN L, ROTH V, STOICA L, et al.Listen and whisper: security mechanisms for BGP[A]. Proc of the 1st Symposium on Net- worked Systems Design and Implementation[C]. San Francisco, CA, USA,2004.
7BONEH D, GENTRY C, LYNN B, et al.Aggregate and verifiably encrypted signatures from bilinear maps[A]. EUROCRYPT 2003, vol- ume 2656 of Lecture Notes in Computer Science[C]. Springer-Verlag, 2003.416-423.
8GENTRY C, RAMZAN Z. Identity-based aggregate signatures[A]. PKC 2006: 9th International Conference on Theory and Practice of Public Key Cryptography[C]. Springer-Verlag, 2006.257-273.
9LU S, OSTROVSKY R, SAHAI A, et al. Sequential aggregate signa- tures and multisignatures without random oracles[A]. EUROCRYPT 2006[C]. Springer-Verlag, 2006.465-485.
10BOLDYREVA A, GENTRY C, O'NEILL A, et al. Ordered multisig- natures and identity-based sequential aggregate signatures, with appli- cations to secure routing[A]. ACM CCS 07: 14th Conference on Computer and Communications Security[C]. 2007.276-285.

共引文献2

1孔令晶,曾华燊,窦军,李耀.基于关键节点的域间路由安全机制[J].计算机应用研究,2013,30(12):3753-3757. 被引量：1
2孔令晶,曾华燊,窦军,李耀.穿越自治系统联盟的域间路由安全机制[J].通信学报,2014,35(10):155-164.

同被引文献1

1龙艳,郭华.云计算中的VPN应用研究[J].甘肃科技纵横,2013,42(3):13-16. 被引量：2

引证文献1

1张入文,罗俊,胡晓勤,龚勋.容器化VPN在K8S环境下的应用与研究[J].现代计算机,2021,27(17):31-36. 被引量：1

二级引证文献1

1杨旭,姜瑞峰,周维,辛天鹏,徐彬,杨同鹏,梁冰,赵远.NFV网络云容器引入策略及关键技术方案[J].广东通信技术,2024,44(7):21-25.

1沈忠诚.基于PKI的IPSec-VPN的研究与设计[J].福建电脑,2011,27(9):124-125.
2李翠梅.通过实验演示IPsec-VPN的创建过程[J].信息系统工程,2016,29(5):142-142.
3孟晓景,王启华.IPSec-VPN在IPv6中的应用研究[J].计算机与信息技术,2011(12):56-59.
4朱元忠,余镇危,杨民峰.基于IPSec与基于MPLS的VPN的比较与分析[J].北京工业职业技术学院学报,2008,7(1):40-43. 被引量：2
5陆霞,张永平.利用EAP-TLS和IPSEC-VPN构建安全WLAN[J].微计算机信息,2007,23(21):47-48. 被引量：2
6潘丽红.基于PKI的IPSec-VPN的研究[J].天津职业院校联合学报,2015,17(8):72-77.
7陈向荣,余胜生.IPSec-VPN中应用PKI的研究与实现方案[J].计算机与数字工程,2002,30(6):20-25. 被引量：5
8余胜生,周敬利,陈向荣.IPSec-VPN中应用PKI的研究与实现方案[J].计算机仿真,2003,20(3):45-48. 被引量：7
9徐峥.基于三层隧道技术的IPSec-VPN技术[J].微计算机信息,2006,22(03X):98-99. 被引量：2
10张海锋,李选波,倪保航.基于PKI的IPSec-VPN代理网关的设计与实现[J].海军航空工程学院学报,2005,20(1):177-180. 被引量：1

信息技术

2016年第2期

浏览历史

内容加载中请稍等...

适用于私有云的动态IPsec VPN架构被引量：1

参考文献15

二级参考文献39

共引文献2

同被引文献1

引证文献1

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

适用于私有云的动态IPsec VPN架构 被引量：1

参考文献15

二级参考文献39

共引文献2

同被引文献1

引证文献1

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

适用于私有云的动态IPsec VPN架构被引量：1