Research On Key Technologies Of Virtual Private Network

With the rapid development of inter-networking technology and the increasing needs of secure communications between corporations, Virtual Private Network (VPN) technology has attracted a lot of attention from researchers and developers on the broadband Internet technology. It is recently rising up as new Internet operations with rapid growth and extensive implications. VPN is a private data network that provides confidentiality, flexibility and lower cost through the use of public network infrastructure, tunneling protocol and security technologies. Characteristics of the next generation networks (NGN), such as the services interworking, complex connectivity and multi-level service architecture, have imposed higher requirements on the future development of Virtual Private Network. In order to adapt to the development of NGN, the VPN should be more diversified and flexible in order to make the technology services meet with the demands. Besides providing security insurance, the emerging requirements for VPN include supporting data, voice and video traffic simultaneously; multicast, quality of service (QoS) and mobility; service interworking scenarios, complex connectivity scenarios, customer-on-demand capabilities.The thesis studies the VPN technologies of multicast, mobility and QoS. The main research results and innovations are as follows:1,Three innovative VPN multicast mechanism on service provider backbone network and one scheme on the customer sites are proposed based on IP VPN using Virtual Routers. First, it put forward a Multicast Proxy Source/RP mechanism on the customer sites multicast, the main idea is to deploy the VR connecting to a customer site as a Multicast Proxy Source/RP of this VPN site, then the VR as the interface to access the multicast stream in customer sites. It provides consistent view of the whole network and simple configuration for customers and providers. It can effectively reduce the circuitous route and the loop within the site and complete control of multicast states within the VPN site. Second, according to different VR topology, three VPN multicast schemes on backbone network are proposed, respectively based on shared tree, Shortest Path Tree and aggregate share-based tree, then detailed analysis and evaluation on the scalability, safety, resource utilization and quality of service are presented. The results show that the proposed multicast mechanisms are superior to existing VPN Multicast schemes on scalability, security and quality of service.2,A mobile VPN scheme based on asymmetric tunnels is bring forward. It provides services of source authentication, data integrity and confidentiality through the IPSec security protocol. The establishment of the asymmetric tunnels is taking advantage of the asymmetry distribution of the total upstream and downstream traffic on Internet. It optimizes the transmission efficiency at the expense of a reasonable payload on the premise of ensuring the security, adopts pre-negotiation mechanism to achieve seamless handover and addresses the problems of the registration and data transmission effectively in the process of mobile nodes roaming. Only few modifications to existing VPN infrastructure makes it easy to be implemented. Theoretical analysis of the scheme in MIPv6 and the NEMO environment is presented and an improved solution in the NEMO environment is proposed.3,A novel bandwidth allocation model satisfied the Max-Min fairness is proposed for hose-modeled VPN. It realizes real-time hose bandwidth resource allocation based on the estimated arrival rate of the hose flow without the premise of detailed VPN network topology and traffic distribution matrix, thus achieve the predictable QoS performance guarantees and bandwidth multiplexing gain. It is proved, analytically, that the proposed model with weighing Max-Min fair allocation algorithm is able to achieve the maximum overall VPN throughput and good scalability. Moreover, we strictly prove the stability and adaptability of this fair allocation algorithm by theoretical analysis and simulation results. To better adapt to the bandwidth management in dynamic mutative network, it proposes a network traffic prediction model with error compensation. Applied to the actual VPN network, it can dynamically adjust link resources and effectively balance the payload on the sharing link of the VPN.