Research On IPSec-VPN In Addresses Separation-and-mapping Network

In the information era, a lot of network technologies enjoy a rapid development with the more and more demand for network. The IPv6 technology is getting perfect day by day, VPN based on IPSec is widely used in network and the separation of identifier and locator becomes a hot research topic recently, which imply expansibility, security and mobility are focus problems in network field.The separation-and-mapping network of access address identifier and route address identifier is a new type of universal network architecture. The identifiers and locators are separated by the separation-and-mapping mechanism. To upgrade the security classification and meet the network requirements of expansibility, the approach to setting up VPN runnel between access routers is chosen. By the great function of Encapsulating Security Payload, the security gets improvement when information is communicated between two hosts in access network.This paper mainly addresses the problem that how to make IPSec can co-exist in the access routers. By research the process how to deal with the date packages in the kernel, a new access router is designed and implemented. In this method, complete the NAT traversal through central network.Firstly, we introduce the mechanism of separation-and-mapping and the theory of IPSec, make a comparison among four disposition plans in the network and analyze their advantages and disadvantages. Then we choose a best plan to research in the following text.Secondly, we discuss the solution how to design and implement the access router. Modularization design, load position, date process and user console interface are emphasis in the whole design process. Based on the principle of modularization, we finish the task.Lastly, by testing and analyzing the program in our prototype, the results show that IPSec is compatible in the access router. It also proves that security and expansibility are improved, but the performance has a slight decline. The forward delay of the access router increase about 0.05 ms and main course of the delay is separation -and-mapping mechanism, because the delay which the mechanism result in is about 37% in whole delay.In this paper we just put forward a solution plan for IPSec and separation -and-mapping compatibility. Some improvements for performance need to furtherresearch.