Research And Implementation Of VPN System Based On Virtual Ethernet

For the opening of the public network,remote secure network building is an urgently problem to settle for the organizations needing to transport sensitivity infomation,such as army. VPN is one of the main methods of solving remote secure networking building on the open public network environment at present, but the traditional VPN dose not accomplish the task for its poor penetration of network devices,fixed access methods and limited support to protocols. Virtual ethernet technology provides a special methord of digging tunnel which can escape the shortage of traditional VPN. This dissertation designs and implements a VPN system with fine flexibility and adaptability based on Ethernet through researching the technology of virtual Ethernet. The main work of this dissertation is as follows:1. The technology about VPN is researched. The virtues and shortage of the VPN are summarized by analyzing and comparing the mechanism and digging tunnel methods of current main VPN.2. Through the research of technologies about Virtual Ethernet, the building of secure tunnel based on it and that based on traditional VPN are compared. Taking advantage of Virtual Ethernet on penetration into network equipments, dynamic addressing and multiple protocol application, a VE VPN architecture with well agility and fitness is designed.3. A bidirectional rigid identity authentication and key negotiation protocol for VE VPN is designed based on the military digital certificate authentication system.4.Taking the consideration of confidentiality, integrating, reliability, resistance against playback attack and efficiency, a VE VPN tunnel protocol with the function of encryption, message authentication, compressing and resistance against playback attack is designed.5. A kind of P2P mechanism in the communication of nodes is introduced to increase system efficiency, in virtue of the topology among VPN nodes under Ethernet application mode in the system.6. After realization of VPN system based on Virtual Ethernet, the whole system performance is tested, and the factors affecting the system transmission performance particularly is analyzed according to the testing result.