Research And Implementation Of IPSec VPN Proxy Cluster System

With the application of the Internet and the development of network technology,network environment is also complicated. The malicious damage, eavesdropping andtampering to the network flow have become to the main threat to the Internet securitydevelopment. Protecting information security is the core problem what we should careabout nowadays. At the same time, the growth of the network traffic results in greatpressures on the flow load of the backbone network. Network may be blocked, preventingusers from accessing information from the Internet. It is necessary to provide Cluster IPsecVPN Agency service to prevent attacks by hackers.And it can also protect the privacy andintegrity of the information and create a more convenient and safe network environment. Soresearch on key technologies of Cluster IPsec VPN Agency is quite important for the wholecluster system’s performance upgrade.The article bases on the research of Cluster IPsec VPN Agency’s key technology andcombines with the unique characteristics of IPsec agreement. It aims at improving ClusterIPsec VPN agency’s overall performance. It design Parallelization IPsec VPN agency. Thisthesis proposes a kind of load balancing technology for Cluster IPsec VPN Agency and anefficient agent forwarding technology based on network layer. The main innovation work ofthis paper is as follows:Firstly, according to the deployment way of Parallelization IPsec VPN Agency, thisthesis proposes an IPsec flow load balancing method based on node’s multiple attributedecision and task move-back. The method overcomes the traditional performancebottleneck of IPsec VPN Gateway. It combines the uncertain multiple attribute decisionmaking method and the thoughts of task mov-back and proceeds self-adaptive adjustmentsof attributes’ weights through deviation maxmization. And it can get the comprehensiveevaluation value of load for decision and choose the most suitable VPN Agency server todeal with the current load task. Meanwhile, it provides a compensation mechanism of loaddecision by task move-back. This theses validated the effectiveness of the proposed methodby contrast experiments.Secondly, This thesis proposes an efficient agent forwarding technology based onnetwork layer. The network flow can transmit without going through the transport andapplication layer. And the seamless compatibility of the Linux IPsec protocol stack avoidthe flow of data switching from the kernel mode to the user mode, frequent system call and complex transport layer mechanism. So it saves resources consumption, reduces the delaytime of forwarding visiting agency and promotes forwarding agency efficiency. The thesisanalyses the proposed high efficiency of technology through experiments.Finally, it provides an IPSec VPN proxy cluster system and improves the performanceof cluster system combining the proposed load balancing method with agent forwardingtechnology.This thesis can solve the problem of unsecurity and unstability of the network to someextent. It lays a foundation for the implement of next Internet IPsec agreement andpromotes the Internet’s positive development.