Yan Shen,Qi-fei Zhang,Ling-di Ping,Yan-Fei Wang,Wen-juan Li

DOI: https://doi.org/10.1109/trustcom.2012.41

2012-01-01

Abstract:In the existing large-scale performance test of IPsec tunnel, it often needs special software and hardware. To solve the problem, this article proposed a new method, in which packet was encapsulated in user space, and a multi-tunnel controller was designed and implemented with the method of FSM(finite state machine), which controlled the negotiation and establishment of multiple tunnel, including L2tp, IKEv1, IKEv2, IKEv2+EAP and L2tp Over IPsec. Libpcap was used as the bottom layer driver of package, and the application of zero copy technique had reduced system cost immensely. At last, the result of the experiment verified the performance of the IKEv1 tunnel on Tunnel-mode and Transport-mode.

LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

Song Wang,Hongbing Lv

DOI: https://doi.org/10.1109/iccps.2011.6089933

2011-01-01

Abstract:In the existing IPSec architecture, in which tunnel is built in kernel, the number of concurrent tunnels is restricted by IP address configured on the machine and user can not control the process of establishing tunnel. This brings inconvenience when we use personal computer to measure the performance parameters of VPN Gateway (e.g. the maximum number of concurrent tunnels and the maximum rate of the new tunnels built). In order to solve this problem, this paper presents a novel IPSec multi-tunnels concurrent architecture which uses distributed objects to build tunnels in user space. The architecture privodes one Console which are used to control all AgentNodes and multiple AgentNodes which are used to build tunnels. In AgentNode, the negotiation processing of tunnels, the IPSec processing of packets and the protocol processing of TCP/IP are all completed in user space by objects. Meanwhile, AgentNode uses virtual IP address instead of local IP address to negotiate tunnel and the number of concurrent tunnels will be unlimited (only limited by memory). Moreover, based on distributed architecture, the number of AgentNode can be arbitrarily extended. Therefore, the system has a great deal of flexibility on the number of concurrent tunnels and the rate of tunnel establishment, which helps to accurately measure the performance parameters of VPN Gateway.

张旭光,平玲娣,潘雪增

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.14.037

2004-01-01

Abstract:With the development of the Internet technologies and computer communication technologies, the traditionary circuit-switch based network must evolves to the new generation network which is based on the packet-switch technology. Facing the progress and status of the convergence of the three-networks, This document presents a distributed and SIP protocal based VoIP system prototype. Due to combinating of merits of SIP and IP, this model not only provides the interoperation with the existed network, but also provides an extendable plat for the NGN. This model uses private VoIP network to achieve the QoS.

David Isaac Wolinsky,Linton Abraham,Kyungyong Lee,Yonggang Liu,Jiangyan Xu,P. Oscar Boykin,Renato Figueiredo

DOI: https://doi.org/10.48550/arXiv.1001.2575

2010-01-15

Abstract:Centralized Virtual Private Networks (VPNs) when used in distributed systems have performance constraints as all traffic must traverse through a central server. In recent years, there has been a paradigm shift towards the use of P2P in VPNs to alleviate pressure placed upon the central server by allowing participants to communicate directly with each other, relegating the server to handling session management and supporting NAT traversal using relays when necessary. Another, less common, approach uses unstructured P2P systems to remove all centralization from the VPN. These approaches currently lack the depth in security options provided by other VPN solutions, and their scalability constraints have not been well studied. In this paper, we propose and implement a novel VPN architecture, which uses a structured P2P system for peer discovery, session management, NAT traversal, and autonomic relay selection and a central server as a partially-automated public key infrastructure (PKI) via a user-friendly web interface. Our model also provides the first design and implementation of a P2P VPN with full tunneling support, whereby all non-P2P based Internet traffic routes through a trusted third party and does so in a way that is more secure than existing full tunnel techniques. To verify our model, we evaluate our reference implementation by comparing it quantitatively to other VPN technologies focusing on latency, bandwidth, and memory usage. We also discuss some of our experiences with developing, maintaining, and deploying a P2P VPN.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

朱昌盛,余冬梅,王庆梅,谢鹏寿,包仲贤

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.11.041

2002-01-01

Abstract:The advent of VPN makes it possible for enterprises to transform private confidential massage securely and economically through the Internet. Security tunneling technology is the core technology of VPN, while L2TP IPSec are two tunneling technologies most widely used at present. As the two main accesses to IP network, the combination of L2TP IPSec can share the advantage of L2TP's low cost, initiative, mutual-communication and IPSec's high security, reliability，learn from others' strong points to offset one's weakness, to a great extent, to construct a secure, reliable and low-cost VPN.

Zhang Dong,Wu Chunming,Xiong Wei,Jiang Ming,Yu Jing

DOI: https://doi.org/10.1109/icfin.2009.5339594

2009-01-01

Abstract:Network Virtualization can diversify the future Internet architecture into separate virtual networks according to different applications and requirements. Telecom operators adopt network virtualization technologies to design virtual networks to meet users' requirements and achieve high efficiency, low cost, controllability, etc. Previous researches focus on virtual networks construction based on restriction conditions of link bandwidth or optimal topology design for virtual network. In this paper we propose a multi-commodity flow model to design virtual networks based on virtual router. We then define the load of node as a parameter, based on comprehensive consideration of node's capacity and load balance. We validate the effectiveness of our algorithm through simulation. Simulation experiments show that the proposed algorithm is a good solution to the problem of virtual networks construction and also improve load balance of the substrate networks.

XIAO Zhensha,LIN Chuang,YANG Ran,PANG Ling

2009-01-01

Abstract:With the popularity of the P2P technology,the security problem on P2P network has attracted more and more attention.To address the issue,a model called P2P-VPN virtual network framework is proposed,which sets up a virtual network group according to the specific application.The framework is not only to achieve the secure P2P transmission,but also to apply P2P technology to the local area network applications.The completeness of security mechanism of P2P-VPN is proved by Petri Nets and some other formal methods.The simulation results from the prototype system show that although the framework introduces a series of security processing procedure,it will not cause significant decline in data transfer rate.

陆敏锋,平玲娣,李卓

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.03.051

2010-01-01

Abstract:Aiming at the problem that the IPSec-based VPN product, this paper designs and achieves a IPSec-based VPN test system running on the Linux platform. This paper introduces the IPSec protocol and its architecture, and presents the design and achievement of the test system through analyzing the principle of the IPSec protocol. Experiment result shows that this test system is feasible and effective.

Deng, L.,Ying Zhao,Xiaodan Pang,Xianbin Yu

DOI: https://doi.org/10.1109/mwp.2011.6088698

2011-01-01

Abstract:In this paper, we propose a novel WDM-PON architecture to support efficient and bandwidth-scalable virtual private network (VPN) emulation over both inter-PON and intra-PON. The virtual ring link for the VPN communications among ONUs is realized by using additionally low-cost optical passive components and OFDMA technology. Moreover, the downstream traffic wavelength is reused for the upstream traffic signal by using re-modulation technology. We report on a successful transmission of 10.7 Gbps OOK upstream and 10.7 Gbps DPSK downstream, together with 1.25 Gbps 16-QAM OFDM VPN traffic, over 20 km no-zero dispersion shifted fiber (NZDSF).

Yin Shu-ling

Abstract:Secure socket layer protocol is developed for the security of the data transmission,SSL VPN is a kind of VPN technology based on SSL protocol.It provides remote access and has been applied in the enterprises increasingly in recent years.It analyzed the components of SSL VPN and researched the key technologies.In view of the problem that the outside users can not access the resources of enterprise network,a solution of SSL VPN is designed.SSL VPN provides remote-access connectivity from almost any Internet-enabled location using a web browser that natively supports SSL encryption,the connection of SSL VPN,the connection of SSL VPN can help enterprise to improve efficient production and information protection in security access,and decrease the management and maintenance cost.

Engineering,Computer Science

XIANG Zhong-hua,LI Qi,QING Si-han,MU Hai-bing

DOI: https://doi.org/10.3969/j.issn.1673-0291.2007.02.017

2007-01-01

Abstract:A user space VPN scheme based on TLS protocol is presented and its security is analyzed. The scheme overcomes the complexity of IPSEC and increases the usability of VPN. Under the local area network and public network, user space VPN scheme is tested. The result indicates that the user space VPN scheme can meet the requirements of low bandwidth of dial-up network and the use of encryption scheme dose not obviously increase the cost of communication.

Duan Quan

Abstract:The advantages and disadvantages of MPLS VPN over traditional VPN are compared. The methods using MPLSVPN technology interconnecting all branch offices and factories across regions through an enterprises network are described. With reduced networking complexity and cost, MPLS VPS provides the capability to deliver private network services over a shared infrastructure.

Computer Science,Engineering

Long Xiangjun,Shao Dong,Rong Guoping

DOI: https://doi.org/10.3969/j.issn.1000-386X.2011.07.068

2011-01-01

Abstract:On the internet,users located inside different local area networks are invisible to each other and unable to communicate directly for not possessing effective public IP addresses.This paper proposes a virtual local area network system based on TUN/TAP and UDP hole punching technology that gathers dispersed Internet users together into a virtual local area network,inside which users can communicate with each other while existing IP-based network applications can work fine without any modification.Compared with existing VPN systems,the novel system does not require the server to relay communication data.Meanwhile different from common P2P systems which handle communication problems on the application level the novel solution works on the network layer.

Ishaan Lodha,Lakshana Kolur,K. Sree Hari,Honnavalli Prasad

DOI: https://doi.org/10.1007/978-981-15-2612-1_70

2019-11-30

Abstract:The Internet of Things (IoT) is an exploding market as well as a important focus area for research. Security is a major issue for IoT products and solutions, with several massive problems that are still commonplace in the field. In this paper, we have successfully minimized the risk of data eavesdropping and tampering over the network by securing these communications using the concept of tunneling. We have implemented this by connecting a router to the internet via a Virtual Private network while using PPTP and L2TP as the underlying protocols for the VPN and exploring their cost benefits, compatibility and most importantly, their feasibility. The main purpose of our paper is to try to secure IoT networks without adversely affecting the selling point of IoT.

Networking and Internet Architecture

Chunle Fu,Bailing Wang,Wei Wang,Ruichao Mu,Yunxiao Sun,Guodong Xin,Yongzheng Zhang

DOI: https://doi.org/10.3390/electronics13112031

IF: 2.9

2024-05-24

Electronics

Abstract:Virtual private network (VPN) gateways are widely applied to provide secure end-to-end remote access and to relay reliable interconnected communication in cloud computing. As network convergence nodes, the performance of VPN gateways is limited by traditional methods of packet receiving and sending, the kernel protocol stack and the virtual network interface card. This paper proposes a generic high-performance architecture (GHPA) for VPN gateways in consideration of its generality and performance. In terms of generality, we redesign a generic VPN core framework by modeling a generic VPN communication model, formulating generic VPN core technologies and presenting corresponding core algorithms. In terms of performance, we propose a three-layer GHPA for VPN gateways by designing a VPN packet processing layer based on a data plane development kit (DPDK), implementing a user space basic protocol stack and applying our proposed generic VPN core framework. On the basis of the research work above, we implement a high-performance VPN (HP-VPN) and a traditional VPN (T-VPN) that complies with GHPA and traditional methods, respectively. Experimental results prove that the performance of HP-VPN based on GHPA is superior to T-VPN and other common VPNs in RTT, system throughput, packet forwarding rate and jitter. In addition, GHPA is extensible and applicable for other VPN gateways to improve their performance.

engineering, electrical & electronic,computer science, information systems,physics, applied

YH Geng,Q Sun,YZ Chen,NH Yu

DOI: https://doi.org/10.1109/korus.2004.1555266

2005-01-01

Abstract:The IP-based virtual private network (VPN) technology is now becoming a good solution for the delivery of future Internet services, and multiprotocol label switching (MPLS) technology is being adopted to offer VPNs and some value-added applications on top of VPN transport networks. In this paper, we proposed a novel approach based on using label stack properly to reduce the label size efficiently. In this way, the performance of MPLS-based VPN can be improved. Our simulation results validated our approach, demonstrating that MPLS-based VPN established by our approach has a better performance.

Ahmad R. Dhaini,Pin-Han Ho,Xiaohong Jiang

DOI: https://doi.org/10.1364/jocn.2.000400

IF: 4.508

2010-01-01

Journal of Optical Communications and Networking

Abstract:This paper proposes WiMAX-VPON, a novel framework for establishing layer-2 virtual private networks (VPNs) over the integration of WiMAX and Ethernet passive optical networks, which has lately been considered as a promising candidate for next-generation fiber-wireless backhaul-access networks. With WiMAX-VPON, layer-2 VPNs support a bundle of service requirements to the respective registered wireless/wired users. These requirements are stipulated in the service level agreement and should be fulfilled by a suite of effective bandwidth management solutions. To achieve this, we propose a novel VPN-based admission control and bandwidth allocation scheme that provides per-stream quality-of-service protection and bandwidth guarantee for real-time flows. The bandwidth allocation is performed via a common medium access control protocol working in both the optical and wireless domains. An event-driven simulation model is implemented to study the effectiveness of the proposed framework.

Yiming Liu,Zhen Cheng,Ziyu Wang,Shihan Chen,Xin Su

DOI: https://doi.org/10.1007/978-3-319-98752-1_3

2018-01-01

Abstract:With the development of the wireless network and mobile Internet service, the bandwidth of wireless network has increased obviously, and the number of wireless network user and data traffic generated by user terminal are steadily on the increase. Development in different economic and social sectors not only require higher network speed but also need low-cost information networks. The market needs a complete set of solutions, which can provide a comprehensive management system for the operation and billing of fine-grained data traffic. In this paper, we focus on the management system of fine-grained data traffic operation, which is support reverse charge and realize the fine-grained data traffic. Therefore, the proposed method can save user’s cost and improve economic efficiency.

Yan Jiang,Jing Huang,Yunsong Fan,Xiaobin Zhu

DOI: https://doi.org/10.13052/jcsm2245-1439.1345

2024-06-14

Journal of Cyber Security and Mobility

Abstract:With the development of Internet of Things technology, the security threats faced by the industrial control field are increasing, and strengthening the security protection capabilities of intelligent systems on IoT highways is becoming increasingly important. IPSec VPN tunneling technology can achieve identity authentication and encrypted data transmission, and is an important means to achieve secure data transmission in intelligent systems on Expressway intelligent tunnel system. The commonly used IPSec VPN gateway uses a traditional Linux protocol stack-based approach for data capture, which requires multiple data copies and context switching, resulting in low efficiency of IPSec services. In addition, the commonly used IPSec VPN security gateway is implemented on the basis of the open-source IPSec framework, using internationally recognized algorithms for encryption and decryption, which poses security risks. This article is based on the IPSec protocol, and studies the high-speed network packet capture framework PFRING technology, the fusion technology of national secret algorithm and IPSec protocol. It designs and implements an IPSec VPN IoT security gateway based on national secret algorithm. After experimental verification, the IPSec VPN gateway system constructed in this article has complete functions and better performance than the common open-source IPSec frameworks OpenSwan and strongSwan, and can meet the application requirements of IoT data encryption transmission.