| The VPN technology based on IPSec is an important solution to ensure securetransmission of data. This solution provides security of data transmission, but at the sametime, because of its management and complex configuration problems, it also causesdifficulties to manage VPN to some extent. The coming of SDN technology has broughtnew ideas for solving these problems.This article analyzes the implementation of existing IPSec VPN and studies SDNnetwork architecture, then puts forward the centralized management solution of IPSecVPN based on SDN. This system follows the thought of detaching control and forwarding,the thought of SDN. In SDN network architecture, it using controller to configure VPNgateway device in the network and manage VPN. This system using centralizedcontrolling function of SDN controller to configure the peers of IPSec communication inthe network. It establishes SA between the VPN gateways using IKE negotiation, andsends configuration parameters from the controller to the devices. The communicationsfollow OpenFlow protocol and use SSL encryption to ensure the security of datatransmission. Meanwhile, the controller holds the global information of the network,making it easy to maintain IPSec tunnels between multiple peers and making each IPSectunnels independent. After the analysis of the SDN network architecture and at thefoundation of further study and research on controller and IPSec VPN principle,thisarticle realizes the SDN-IPSec VPN prototype system.At last this article tests the SDN-IPSec VPN system in Mininet network simulationplatform. The results indicates the system is running normally, and the controller is able tocentralized control and unified manage VPN gateways, simplifying the configuration andmanagement of IPSec VPN. In the end, this article verified the feasibility of the IPSecVPN unified management solution based on SDN controller. |
PDF Full Text Request