郝辉   钱华林

           （中国科学院计算机网络信息中心 中国科学院研究生院 北京 100080）

摘要：本文阐述了VPN及其实现的主要技术――隧道。先探讨了VPN的产生背景及其能够实现的功能，VPN利用不可靠的公用互联网络作为信息传输媒介，通过附加的安全隧道，用户认证，访问控制等技术实现与专用网络类似的安全性能；接着分析了实现VPN的隧道技术和隧道协议，并着重分析了第二层隧道协议和IPSec第三层隧道协议的实现原理；然后对各种协议做了深入的比较，包括实现难度和性能等；最后对VPN的未来进行了预测并说明了技术实现的趋势。

关键词：VPN，隧道，隧道协议，GRE封装

中图法分类号：TP393.03                   文献标识码：A

VPN and its Tunnelling Technology Study

   
       HAO Hui    QIAN Hua-Lin

(Computer Network Information Center, Chinese Academy of Sciences, Graduate School of the

Chinese Academy of Sciences，Beijing 100080 China)

Abstract: This article presents VPN and its main implementing technology,that is the Tunnelling Technology . First , the paper analyses the emerging background and the functions it can realize of the VPN . VPN uses the fallible Internet as its information transport media , through the additional secure tunnel,authentication,access control and other technology,it can achieve the same safe fuctions as private network;and then the acticle proposes the Tunnelling Technology and Tunnelling protocol realizing VPN,and it analyses the realizing principles of layer two protocols and IPSec layer three protocols. and then it gives a compare between the protocols, including realizing difficulty , performance and so on.in the end , it forecasts VPN and shows the the trends of realizing technology.

Key words:  VPN, Tunnel, Tunnelling Protocol, GRE Encapsulation


......

全文参见附件