[Virtual private network: virtual private network (Virtual Private Network, referred to as the VPN) refers to the private network technology on the public network. Is called a virtual network, mainly because of the connection between any two nodes of the entire VPN network and the traditional private network required for end-to-end physical link, but the network architecture in the public network service providers platforms, such as the Internet, ATM (Asynchronous Transfer Mode> Frame Relay (FR), on top of the logic network, the user data transmission in a logical link. it covers a package of cross-sharing networks or public networks, encryption and authentication private network, a validation link extension. VPN mainly uses tunneling technology, encryption technology, key management and user and device authentication.
[Significance]
VPN are remote access technology, it simply is the use of public network links set up a private network. For example, company employees travel to the field, he wants to access the intranet server resources, such access is a remote access. How to make the field staff access to intranet resources? VPN solution, including network set up a VPN server, VPN server has two network cards, and a connection within the network, a connection to the public network. Connected to the Internet in the local field staff, via the Internet to find VPN server, and then use the VPN server as a springboard into the intranet. In order to ensure communication between the data in the data security and VPN server and client are encrypted. With data encryption, that data is on a dedicated data link for secure transmission, just as dedicated to erect a private network. But in fact the VPN use is a public link on the Internet, and therefore can only be called a virtual private network. Namely: VPN is essentially the use of encryption technology to encapsulate a data communication tunnel over the public. With VPN technology, users both in the field of business or home office, as long as the Internet will be able to use VPN is very easy access to internal network resources, which is why VPN in the enterprise application so widely.
[Features]
(1) security
VPN through the establishment of a tunnel, the use of encryption technology to encrypt the transmission of data to ensure that the data private and secure.
(2) quality of service
VPN can be provided for the different requirements of different levels of service quality assurance.
(3) scalable, flexible
VPN support via Internet and Extranet any type of data flow.
(4) can be managed
VPN from the perspective of users and operators to facilitate management.
[Role]
Virtual private network is to solve these problems: (1) lower costs - through the public network to establish the VPN, you can save a lot of communication costs, without having to invest substantial human and material resources to install and maintain the WAN using a VPN ( WAN) equipment and remote access devices. (2) safe and reliable transmission of data - virtual private network encryption and authentication and other security technology to ensure the security and confidentiality of the user's connection reliability and transfer data. (3) connection convenient and flexible - If you want to networking with partners, if there is no virtual private network, the IT department must be negotiated between the parties to the establishment of a leased line or Frame Relay line, with a virtual private network The two sides simply configure security and connection information can be. (4) complete control - virtual private network enables the user to use the ISP's facilities and services, while complete control of their own network control of. Users only use the network resources provided by your ISP, and other security settings, network management change by its own management. Within the enterprise can establish a virtual private network.
[Classify]
According to different criteria for the classification, VPN segments according to several criteria. There are three main classification VPN tunneling protocol VPN protocol, PPTP, L2TP and IPSec, PPTP and L2TP protocol over the second layer of the OSI model. also known as Layer 2 Tunneling Protocol; IPSec is the third Layer Two Tunneling Protocol is the most common protocol. L2TP and IPSec used in conjunction with the best performance, the most extensive. VPN application of Category 1) Access VPN (remote access VPN): customer end to the gateway, using the public network as a backbone network of data transmission between the device VPN traffic) intranet VPN (Intranet VPN): network off to the gateway through the company's network infrastructure to connect the resources from the same company) extranet VPN (extranet VPN): and of partner enterprise network Extranet, a company with the resources of another company to connect the device type classification network equipment providers to develop a different VPN network equipment for the needs of different customers, mainly switches, routers, and firewall 1) router VPN: Router type VPN deployment is easier to add VPN services on the router to two) switches VPN: mainly used in connection user-less VPN network 3) VPN: firewall, VPN firewall type is the most common form of VPN implementations, many vendors offer this type of configuration.
[Technology]
A tunneling technology to achieve the most critical part of the VPN virtual channel, while the public Internet to create a virtual channel tunnel technology, IP tunnel can be in the link layer and network layer. Layer Two Tunneling PPP connection, such as PPTP, L2TP, which is characterized by the protocol is simple, easy encryption for remote dial-up users; the third layer of the tunnel is IPinIP, such as IPSec, reliability and scalability than the Layer Two Tunneling , but not the former is simple and direct. Tunneling Protocol tunnel is a protocol to transfer to another protocol technology, which uses tunneling protocols to achieve the VPN functionality. To create a tunnel, the tunnel client and server must use the same tunneling protocol. 1) PPTP (Point to Point Tunneling Protocol) is one for the remote user dial-up connection to the local ISP, Internet security, remote access to corporate resources, new technologies. It will be PPP (Point to Point Protocol) frames encapsulated into IP packets, in order to be able to transmit IP-based Internet. PPTP uses TCP (Transmission Control Protocol) connections to create, maintain, and terminate the tunnels, and GRE (Generic Routing Encapsulation) encapsulates PPP frames to tunnel data. The payloads of encapsulated PPP frames can be encrypted or compressed or be encrypted and compressed. 2) the L2TP protocol: L2TP PPTP and L2F (Layer Two Forwarding), an integrated, he is a technology introduced by Cisco. 3) IPSec protocol: the third layer is a standard security protocol, which is then encapsulated in the tunnel outside, to ensure security during transmission. The main features of IPSec is that it can encrypt all IP-level communication. Encryption and decryption technology. Encryption and decryption technology is a data communication in a now more mature technology, VPN can be directly used existing technology to encrypt and decrypt. The main task of the key management key management technology on public data networks securely deliver key without being stolen. 5 user and device authentication technology. User and device authentication in a timely manner the most common is a user name and password or card authentication.
没有评论:
发表评论