在民用网络安全通信中,虚拟专用网络(Virtual Private Network,VPN)是一种优先选择的通信机制;传统的VPN网关配置是按照手动进行的;然而,在网关静态配置的通信传输中,由美国国防部研制开发的全球信息栅格(Global Information Grid,GIG)存在一定的局限性;一方面GIG VPN由成千个可靠的网络组成,网关的配置要比以前的配置在数量级上要大的多;另一方面在由陆军集团或舰艇组成的可靠网络的作战领域中,由于作战单元是动态的,要求在GIG网络通信中实现无缝链接;为了解决当前VPN在动态网络中存在的可测量性和支持性问题;通过使用动态路由器协议,提出了一种利用安全广告前缀在VPN网关内部网络中实现与同级别网关的链接;实验结果表明,在由成千上万个VPN网关协议组成的GIG网络体系结构通信信息传输过程中,该方法是切实可行的.%Virtual Private Network (VPN) are the preferred mechanism for securing sensitive traffic crossing public networks.Traditionally, configuration of VPN gateways has been done manually.However, static configuration of gateways is particularly problematic within the context of the Global Information Grid (GIG), the next-generation network of networks developed by the US government.For one,GIG VPN are expected to consist of tens to hundreds of trusted networks, which is an order of magnitude greater than current deployments.Moreover, trusted networks that essentially comprise of units in the field (army companies or ships) need to be seamlessly connected to the GIG even while they are mobile.It' s goal in this paper is to address the lack of scalability and support for mobility that exists in current VPN.This paper does by providing a dynamic routing protocol which VPN gateways use to securely advertise prefixes of their internal network to peering gateways.Experiments show that this method is feasible, and it' s protocol can scale reasonably well in the GIG to over a thousand VPN gateways.
展开▼
