Research On Application Of Distributed And Clustering VPN System Based On IPSec

The rapid expansion of Internet and broadband businesses has made possible the use of Internet,which is open and public,to build VPN for enterprises and government.While such a private networking scheme is both cheap and convenient, it has brought some security issues as well.Therefore,in this paper,the emphases are given to approaches to assure secure data transmission over public network with emciency affection accounted.Firstly,I take a lot time to study on IPSec protocol,VPN technology and Linux's kernel. we particular research the ESP,AH and IKE protocol in the IPSec protocol family and bring out much advice to amend.Secondly, we particular research the key technology of VPN.Finaly,we take advantage of Linux's open source codes and HOOK mechanism of Netfilter firewall,and implement seamless conformity of TCP/IP and IPSec after hooking IPSec model with Linux system kernel by registered funetion.After that,I recompile the new system kernel and produce a truly safe kernel,then we achieve a safe VPN gateway based on the IPSec.I make test and analysis on the performance of VPN gateway on the distributed and cluster network.The research contents include 4 aspects in this paper:1.Based on the research of VPN background, VPN basic technology and VPN types, VPN tunneling technologies are analyzed and compared in security.2. IPSec security protocol, Internet key exchange , the work principle and process of each constituent of IPSec protocol are analyzed and researched systematically.3. Based on the analysis of IPSec protocol architecture, an improved program is present for IPSec application based on the VPN application circumstance from one gateway to another gateway. Then, the implementation method of this improved program is researched, and this program is realized by a prototype system. At last, the function and performance of this system are tested, and the test results are analyzed and evaluated4. We study the performance, architecture, and the network load balancing techniques of the cluster system, and provide a basic framework to build highly scalability and highly availability network services using a large cluster of commodity servers. The TCP/IP stack of Linux kernel is extended to support IP load balancing...