Based On Ipv6, Yanbian University Campus Network Security Technology Research And Realization

Internet has rapid development at recent years, which growing exceeds all past events. But this growth also caused technical problems, such as lack of IPv4 address, and the service problem due to IPv4 protocol itself. IPv6 protocol can improve these problems effectively. Being next generation network protocol IPv6 will consequentily replace the current IPv4 protocol, and will be deployed widely.CERNET2 is the largest IPv6 network, due to the major universities with the deployment of CERNET2; university became the most experienced users. Yanbian University, as the major universities, in 2009 the deployment of IPv6 campus network. This paper taking Yanbian University Campus Network as example and by studying topology, deployment, makes study for the security protection and deployment.By comparing IPv4, this paper introduces first the brief of IPv6 protocol, especially format of message. Following writer makes analysis for campus network topology and deployment of Yanbian University. Yanbian University campus network using the classic three-layer network. And according to the network structure and equipment deployment, management strategies were divided into three regions:Teaching office area, experimental area and the students area. This paper from the campus network structure, analyzes the existing campus network neighbor discovery protocol (ND) spoofing, routing announcement (RA) spoofing, source address spoofing, illegal multicast and other security threats. In response to these security threats with the actual situation of Yanbian University designed a specific preventive measures. In the teaching office area, it used Source Address Validation Improvements (SAVI) to prevent ND spoofing and source address spoofing. In the student area, it used static ND entry to prevent ND spoofing, and used Unicast Reverse Path Forwarding (URPF) to prevent source address spoofing. Deployment the security RA in all access switches to prevent RA spoofing. And deployment the security multicast in all convergence switches to prevent illegal multicast. These preventive measures have greatly enhanced the Yanbian University campus network security and operational stability,...