| The IPSec protocol, introduced by current VPN technology, although have solved some problems such as VPN encryption, authentication and data tampering, also have many limitations. Traditional IPSec VPN protocol solves the connection problem about the endto-end tunnel, and mainly focuses on the security of the data encryption. Under the premise of the enterprise users have a large number of network communication equipment, the traditional IPSec VPN protocol have some defects, such as a large number of IPSec data encryption between branches is very complex when it is configuration and management, poor support ability about intelligent business, and so on. This paper mainly studied the Group of Domain VPN solutions. Based on GDOI and IKE protocol, through the centralized management of keys and security policy, we can construct the new virtual personal network dispense with tunnel, and then realize no tunnel point to multi-point connection.Its distributed network structure not only have the ability to large-scale extension, but also have the network intelligence feature to ensure the quality of voice and video.At first,this paper give a brief introduction to the traditional IPSec VPN works, and analyzes the implementation structure and limitations of the manner working under IKE protocol. Secondly, on the basis of the previously discussion, we came up with a new IPSec VPN on account of GDOI protocol. We put emphasis on the description of the design idea of various modules, and gave some basic data structure and system design flow chart. We verified the feasibility of this approach through the typical network. Finally, we did some performance test realized by the Group Domain VPN, and found that the throughput performance have satisfy our requirement. |
PDF Full Text Request