摘要
提出一种改进的用户数据报协议(UDP)封装方案.该方案使用UDP/IP头对施加了IP安全协议(IPSec)保护的整个IP包进行封装,解决了IETF的为解决网络地址转换(NAT)应用和基于IPSec技术的虚拟专用网(VPN)不兼容的UDP封装方案建议中存在认证头包(AH)失败、TCP校验和出错等问题.对改进方案的具体实现细节进行了规范化描述,使得新的改进方案比原方案更易实现.最后讨论了改进UDP封装方案在实施过程中可能对网络性能和安全所造成的影响.
An improved scheme of UDP encapsulation is proposed, in which the whole IP package protected by IP security protocol (IPSec) is encapsulated by adding a UDP/IP header. The scheme can solve problems such as AH authentication failure and TCP invalidation resulted from the UDP encapsulation scheme presented by IETF. And the UDP encapsulation scheme is proposed to solve the problem of the incompatibility between network address translation (NAT) and virtual private network (VPN) based on IPSec. The performance detail of the scheme proposed is formulated, and it is easier to be implemented comparing with the original method. The influence of the proposed scheme of UDP encapsulation on the network performance and security in the operation process are discussed.
出处
《西安交通大学学报》
EI
CAS
CSCD
北大核心
2003年第10期1034-1038,共5页
Journal of Xi'an Jiaotong University
基金
三"计划资助项目(2001AA112120)
国家"九七三"重点基础研究基金资助项目(G1999032710).
关键词
安全协议
用户数据报协议封装
网络地址转换
虚拟专用网
security porotocal
user datagram polotacal encapsulation
network address translation
virtual private network
