Research And Design Of Tunnel-switching Technology In VPN

Growing numbers of enterprises are embarking on the road of constructing own dedicate networks employing VPN technique with Internet's development and improvement. However, existing VPN techniques have various weak points such as security and networking which result in the birth of tunnel-switching which serves to process information flow from certain tunnel before encapsulating with another secure tunnel to make this information flow move forward along new secure tunnel. Its birth enables VPN tunnels'terminating at any point of the network and interconnection of different ISPs and VPNs, thus improves security, flexibility and scalability of VPNs effectively.As a new sector in VPN technique, tunnel-switching is yet to form a unified concept and standard which leads to further study in terms of its architecture, mode of application, method of implementation as well as switching mechanism and so on. Key issues of tunnel-switching have been deeply explored in this paper with main works as follows:1. Focuses on the analysis and comparison of tunnel technique of VPN on the basis of background, principle and key techniques.2. Systematically studies and analyzes components and working mechanism of Layer 2 Tunnel Protocol (L2TP) and Layer 3 Tunnel Protocol (IPsec) respectively and gives strong and weak points of these two protocols in VPN application respectively.3. Architecture of tunnel-switching, application mode as well as topology VPN employing tunnel-switching is studied deeply based on systematic classification, summary and comparison of tunnel-switching technique and an integrative designing idea of one kind of tunnel-switching device is centered according to dynamic routing mechanism of tunnel-switching. This device can support both L2TP and IPsec at the same time besides that it can select different way of implementation featuring direct and indirect switching respectively according to different establishment of tunnels.4. In concrete scenario of applying tunnel-switching, combining existing IPsec VPN gateway, one IPsec based tunnel-switching gateway integrating tunnel-switching and VPN function, thus enables IPsec tunnel-switching gateway to secure intranet as a security gateway and executing tunnel-switching function as switching device. Test on part system function is conducted utilizing direct switching method.