VPN-Virtual Private Network
The
full name of VPN in English is “Virtual Private Network”, which is “virtual
private network”. Think of it as a virtual intranet. It can establish a
proprietary communication line between two or more intranets located in different
places on the Internet through a special encrypted communication protocol.
The
virtual private network function is to establish a private network on the
public network for encrypted communication. Widely used in enterprise networks.
The VPN gateway implements remote access by encrypting the data packet and
converting the destination address of the data packet. There are many ways to
classify VPNs, mainly by classification. VPN can be implemented in various ways
such as server, hardware, and software. VPNs are low cost and easy to use.
A
virtual private network (VPN) refers to a technology for establishing a private
network on a public network. It is called virtual network, mainly because the
connection between any two nodes of the entire VPN network does not have the
end-to-end physical link required by the traditional private network, but is
the network provided by the public network service provider. Platform, such as
the logical network above the Internet, ATM (Asynchronous Transfer Mode), Frame
Relay, etc., user data is transmitted in a logical link. It covers
encapsulation, encryption and identity across shared or public networks. Verify
the extension of the linked private network. VPN mainly uses tunnel technology,
encryption and decryption technology, key management technology and user and
device identity authentication technology.
1.VPN
function
In
a network, Quality of Service (QoS) refers to the level of bandwidth that can
be provided. Integrating QoS into a VPN allows administrators to fully control
the flow of data across the network. Packet classification and bandwidth
management are two ways to achieve control:
1.1
Packet classification
Packet
classification groups data by importance. The more important the data, the
higher its level. Of course, its operation will also take precedence over the
relatively minor data in the same network.
1.2
Bandwidth management
Through
bandwidth management, a VPN administrator can monitor the data flow of all
input and output in the network, allowing different packet classes to obtain
different bandwidth.
1.3
Other forms of bandwidth control are:
1.3.1
Traffic management
The
formation of traffic management methods is a service provider found in Internet
traffic congestion. A large number of input and output data streams are queued
through, which makes bandwidth not used properly.
1.3.2
Fair bandwidth
Fair
bandwidth allows all users on the network to equally use bandwidth to access
the Internet. With fair bandwidth, when an application needs to use a larger
data stream, such as MP3, it will reduce the bandwidth used to give others
access.
1.3.3
Transmission guarantee
Transmission
guarantees a portion of the bandwidth reserved for special services in the
network, such as video conferencing, IP telephony and cash transactions. It
determines which service has a higher priority and allocates the corresponding
bandwidth.
1.4
According to different classification criteria, VPNs can be classified
according to several criteria:
1.4.1
Classified by VPN protocol:
There
are three types of VPN tunneling protocols: PPTP, L2TP, and IPSec. PPTP and
L2TP work in the second layer of the OSI model, also known as Layer 2 tunneling
protocol; IPSec is the Layer 3 tunneling protocol.
1.4.2
Classified by VPN application:
1.4.2.1
Access VPN (Remote Access VPN): The client-to-gateway uses the public network
as the backbone network to transmit VPN data traffic between devices;
1.4.2.2
Intranet VPN (Intranet VPN): Gateway to gateway, connecting resources from the
same company through the company's network architecture;
1.4.2.3
Extranet VPN: An external network is formed with a partner enterprise network
to connect one company to another company's resources.
1.5
Sort by the type of equipment used:
Network
equipment providers have developed different VPN network devices for different
customer needs, mainly switches, routers and firewalls:
1.5.1
Router-type VPN: Router-type VPN deployment is easier, as long as the VPN
service is added to the router;
1.5.2
Switched VPN: mainly used to connect VPN networks with fewer users;
1.5.3
Firewall VPN: Firewall VPN is the most common VPN implementation, and many
vendors offer this type of configuration.
1.6
According to the implementation principle:
1.6.1
Overlapping VPN: This VPN requires the user to establish a VPN link between end
nodes, including: GRE, L2TP, IPSec and many other technologies.
1.6.2
Peer-to-Peer VPN: The network operator completes the establishment of the VPN
tunnel on the backbone network, mainly including MPLS and VPN technologies.
2. VPN features
2.1 Security
VPN
establishes a tunnel and encrypts the transmitted data by using encryption
technology to ensure the privacy and security of the data. (But don't trust the
software that connects to the VPN for free. Sometimes it may be a bundled virus
software.)
2.2 Quality of service guarantee
VPNs
can provide different levels of service quality assurance for different users.
2.3 expandable and flexible
VPN
supports any type of data flow over the Internet and extranet.
2.4 Manageability
VPNs
can be easily managed from the perspective of users and operators.
3.VPN
technology
3.1
Tunnel technology
The
most important part of implementing VPN is to establish a virtual channel on
the public network, and the establishment of virtual channel is realized by
tunnel technology. The establishment of IP tunnel can be at the link layer and
the network layer. The Layer 2 tunnel is mainly a PPP connection, such as PPTP
and L2TP. It is characterized by simple protocol and easy encryption, and is
suitable for remote dial-up users. The third layer tunnel is IPinIP, such as
IPSec, which is superior to the second layer tunnel in reliability and
scalability. But no one is simple and straightforward.
3.2
Tunneling agreement
A
tunnel is a technology that uses one protocol to transmit another protocol,
that is, a tunneling protocol to implement a VPN function. To create a tunnel,
the client and server of the tunnel must use the same tunneling protocol.
3.2.1
PPTP (Point-to-Point Tunneling Protocol) is a new technology for remote users
to dial-up to a local ISP to securely access corporate resources over the
Internet. It encapsulates PPP (Point-to-Point Protocol) frames into IP packets
for transmission over IP-based Internet. PPTP uses TCP (Transmission Control
Protocol) connections to create, maintain, and terminate tunnels, and uses GRE
(Generic Routing Encapsulation) to encapsulate PPP frames into tunneled data.
The payload of the encapsulated PPP frame can be encrypted or compressed or
both encrypted and compressed.
3.2.2
L2TP Protocol: L2TP is a combination of PPTP and L2F (Layer 2 Forwarding). It
is a technology introduced by Cisco.
3.2.3
IPSec protocol: It is a standard Layer 3 security protocol, which is
re-encapsulated outside the tunnel to ensure security during transmission. The
main feature of IPSec is that it can encrypt all IP-level communications.
3.3
Addition and decryption technology.
Encryption
and decryption technology is a more mature technology in data communication.
VPN can directly use existing technology to implement encryption and
decryption.
3.4
Key Management Technology
The
main task of key management technology is how to securely transfer keys on
public data networks without being stolen.
3.5
User and device identity authentication technology.
User
and device authentication are most commonly used in the form of user name and
password or card authentication.
Comments
Post a Comment