论文信息 - The development research of IPSEC-VPN based on address-split-mapping mechanism

The development research of IPSEC-VPN based on address-split-mapping mechanism

Currently, Internet, adopting the TCP/IP suits, is an end-to-end architecture. TCP/IP is an open architecture, and its design principle only focuses on the efficiency of information transmission, while it does not consider the security issues. IPsec VPN has been proposed to solve the core network security issue. However, it is believed that the current use of IP addresses to denote both the location and the identity of a host is seen as the source of many Internet problems. Address-split-mapping network cleanly separates location from identity of host, and divides Internet into the backbone network and access network. This mechanism helps to solve the Internet problems such as security, mobility, multihoming, etc. Based our previous research work on Address-Split-Mapping mechanism, this paper describes the design, implementation and experiment results of IPsec-VPN based on Address-split-mapping.

Liu Ying | Zhou Huachun | Guan Jianfeng

[1] Lixia Zhang,et al. Report from the IAB Workshop on Routing and Addressing , 2007, RFC.

[2] Zhang Hong-ke. Research on Pervasive Services Based on Universal Network , 2007 .

[3] Espen Klovning,et al. Mobile IPv4 Traversal across IPsec-Based VPN Gateways , 2008, RFC.

[4] Henrik Levkowetz,et al. Mobile IP Traversal of Network Address Translation (NAT) Devices , 2003, RFC.

[5] Bernard Aboba,et al. IPsec-Network Address Translation (NAT) Compatibility Requirements , 2004, RFC.

[6] Randall J. Atkinson,et al. Security Architecture for the Internet Protocol , 1995, RFC.

[7] Ari Keränen,et al. Basic HIP Extensions for Traversal of Network Address Translators , 2010 .

[8] Randall J. Atkinson,et al. IP Encapsulating Security Payload (ESP) , 1995, RFC.

[9] Naganand Doraswamy,et al. Ipsec: the new security standard for the internet , 1999 .

[10] Hugo Krawczyk,et al. A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[11] Stephen T. Kent,et al. Security Architecture for the Internet Protocol , 1998, RFC.