IP Virtual Private network is a very complex technology, involving all aspects, the most critical of which is the tunnel technology. Simply put, the virtual private network is actually the data encapsulation of the enterprise network in the tunnel for transmission. Because the tunneling protocol is relatively complex, the virtual private network technology is complicated. The most typical of tunneling protocols are IPSec, L2TP, GRE, PPTP, L2F, and so on. Where GRE, IPSec belongs to the third-tier tunneling protocol, L2TP, PPTP and L2F belong to the second-tier tunneling protocol. The essential difference between the second and third-tier tunnels is that the user's IP packets are encapsulated in which packets are transmitted in the tunnel.
Currently, among the many protocols of the virtual private network, the two most compelling protocols are L2TP and IPSec. Where IPSec has basically done standardization work. L2TP evolved from the http://www.aliyun.com/zixun/aggregation/15069.html ">cisco-led L2F and the Microsoft-led PPTP base." Network companies such as Cisco, Ascend and 3Com are members of the team.
At present, the standardization process of L2TP is nearing the end, and the related products of several large companies have also been tested. L2TP defines a method for encapsulating the PPP frames of a transport link layer using public network facilities such as IP networks, ATM, and Frame Relay networks. dial-up networking in the Internet now supports only IP protocols and must use registered IP addresses, whereas L2TP allows dial-up users to support multiple protocols, such as IP, IPX, AppleTalk, and the use of reserved network addresses, including reserved IP addresses. The Dial-up VPN service provided by L2TP makes sense for end users, businesses, and service providers, enabling more user groups to share dial-up and backbone IP network facilities, and to save dial-up users long-distance communication costs.
At the same time, because L2TP supports a variety of network protocols, enterprises ' investment in non-IP networks and applications is not wasted. Another benefit of L2TP is its ability to support the bundling of multiple links. IPSec defines how to add a field in an IP packet to ensure the integrity, privacy, and authenticity of the IP packet, which provides a way to encrypt the packet and combine several security technologies into a complete system. The security technologies used by IPSec include: Key exchange technology, asymmetric encryption algorithm, large data encryption algorithm, security algorithm with key, and CA technology for identity authentication and key distribution.
IPSec defines two new packet headers added to IP packets, which are used to secure IP packets. These two data headers are AH and esp. Ah is inserted behind the standard IP header, which guarantees the integrity and authenticity of the packet, preventing hackers from truncating packets or inserting forged packets into the network. ESP encrypts the user data that needs to be protected and then encapsulates it in the IP packet, and ESP guarantees the integrity, authenticity, and privacy of the data. IPSec has two ways to work with tunnels and transmissions.
In tunnel mode, the user's entire IP packet is used to compute the ESP header, and encrypted, the ESP header and encrypted user data are encapsulated in a new IP packet, in which only the transport layer data is used to compute the ESP header, and the ESP header and the encrypted transport layer data are placed behind the original IP header. In addition, some of the other IETF working groups are making relevant agreements for VPNs, many of which have been drafted. The agreements covered in these drafts are: MPLS, RADIUS, LDAP, VPMT, etc.