Design And Implementation On The Functions Of IPSec VPN Gateway Based On Linux

Posted on:2005-08-05

Degree:Master

Type:Thesis

Country:China

Candidate:Y Tian

Full Text:PDF

GTID:2168360152955316

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

With the times of information coming, information becomes more and more important. Currently, the Internet is rapidly changing the way we do business, but even the Internet' s rapid growth has been slowed by a lack of security. The Internet is subject to many threats, including loss of privacy, loss of data integrity, identity spoofing, and denial-of-service. So, Security is critical for any corporate network.VPNs offer enterprise-scale connectivity deployed on a shared infrastructure with the same policies enjoyed in a private network. On the other hand, the goal of IPSec is to address all of these threats in the network infrastucture itself, without requiring expensive host and application modifications. IPSec provides IP network-layer encryption. The VPN and the IPSec combined to make the IPSec VPN.In this paper, the function model of the IPSec VPN gateway is described based on the analysis of the IPSecVPN and the characters of Linux OS. Then, the implementation of the model is given on the platform of the Linux. The functions of the IPSecVPN gateway can be divided into the modules of SPD, SAD, AF, ESP and so on. The process of data disposal and three mainly modules running on different environment in the gateway were introduced. These modules are IPSec kernel IKE and PF_key module. The IPSec kernel module runs in the Linux kernel with high efficiencyto accomplish IP packages' deal, such as authentication and encryption. The IKE module is used to make SA for data, which runs in the user space. The PF_KEY module' s function is to accomplish the former two modules' communication.Generally, in the IPSecVPIV, people pay more attention to the security and VPN' s functions, less to its Qos. In fact, there are a lot of the different information in the networks so that the their QoS are difference . As the IPSec VPN gateway, we should consider how to meet the QoS of the different information. The queue scheduling function in the gateway is added to meet the QoS of the different packets. The common algorithms in scheduling include FIFCk FQ, GPS, WFQ and so on. Through the comparing of these algorithms, WFQ was selected for its fairness and high efficiency. Based on WFQ, the queue scheduling function in the gateway is realized. Finally, the simulation results are given and showed the right of the design idea.

Keywords/Search Tags:

Virtual Private Net, IP Security Protocol, Weighted Fair Queue algorithm, Qos,Security Association

PDF Full Text Request

Related items

1	Research And Application Of IPSec In IPv6
2	The Study And Realization Of VPN Based On The Protocol Of IP Security On Linux Platform
3	The Study And Realization Of Vpn Based On The Protocol Of Ip Security On Linux Platform
4	Research And Implementation Of High Performance Virtual Private Network Based On Network Processor
5	Research And Implementation Of VPN Based On IPSec
6	Based Ipsec Vpn Network Security Technology Research And Realization
7	Implementation Of VPN System In Linux Based On IPSec
8	Distributed Virtual Private Key Technologies - The Design And Realization Of The Internet Key Exchange Module
9	IPSec VPN System Design And Implementation Based On PKI And GRE
10	Analysis,Design And Implementation Of The Dynamic P2P VPN System