| With the rapid development and popularization of the wireless network and the handheld intelligent mobile terminal, it will be the main way of accessing the Internet that people connect the Internet using the wireless network in the future. But the characteristic of electromagnetic wave that is the physical media of wireless link brings a greater threat to the security of data transmission. As a mature technology that protect the security of data transmission, IPSec has got a great success in wired network, but it is a new topic that IPSec uses in wireless network environment.A virtual IP address mechanism is presented to solve the native IP address conflict problem in large-scale application of IPSec VPN in wireless network. A inexistent network adapter is simulate by setting up a miniport driver in operation system, so it can be configured any IP address without any restrictions of network topology and configuration. The Practice shows that users can re-plan the IP address in the whole virtual private network without changing the exist network topology and configuration by this mechanism, so that the mechanism effectively solves the native IP address conflict problem, reduces the costs of operating and management, and brings us some new application characteristics.An IPSec VPN architecture based on intercepting packet mechanism by virtual network adapter is presented, and then the packet can be enveloped by IPSec in user model. Because the architecture of software and hardware of handheld intelligent mobile terminal is more differ to the traditional PC, so a mechanism of intercepting packet by using virtual network adapter is designed for it. The experiments show that the architecture of IPSec VPN occupies more little core resources, does not results from the conflict of software, is implemented easily, has low maintenance cost and extends well. This architecture is implemented in servral intelligent mobile and the performance attains the design requirement.An improving mechanism of TCP congestion control based on statistically analyzing the change of RTT is presented. The reason of packet losing in wireless network is error bit on links, TCP's performance will be reduced because of reduce the speed of sending data by a wrong judgement of the condition of network congestion in this time. The exist improving mechanisms can not be compatibility with IPSec because these mechanisms need use the switch node in neiwork. The new improving mechanism anlysises the EBR by anlysing statictic attribute of RTT, and sends the result to data sender by ACK; when packet loss occurs, the data sender will judge the reason of packet loss throuth EBR of links, then the sender can avoid reducing the speed of data sending and improve TCP's performance. The simulation experiment shows that the improving mechanism is easy and effective, increases the performance of TCP by up to 30%, and it is compatible with IPSec because it do not use any imformation of switch node in network.The tunnel transmission guarantee is presented. NAT is not compatible with IPSec because it breaks the end-to-end attribute in data transmission, and the NATT's data transmission reliability is scant. So the IPSec packet is transmission by encased in TCP segment, it can improve the reliability by using the reliability mechanism of TCP, and the IPSec packet also can be compatible with NAT. Experiment shows that this mechanism can improve the reliability of data transmission and can bring compatible of IPSec and NAT, but users should use the mechanism by application requirement bucause it will reduce the performance.
|
PDF Full Text Request