MPLS VPN实现机制与安全强度研究

【作者】 王家乐；

【导师】 吕杨； 王锋；

【作者基本信息】 昆明理工大学 ， 计算机应用技术， 2004， 硕士

【摘要】 在VPN领域里，MPLS VPN是一种新兴的VPN实现技术。MPLS VPN简单高效，结合了IP网络和ATM各自的优点，因此有越来越多的商业用户采用它来组建自己的VPN网络，也有越来越多的服务提供商建设MPLS核心网络为客户提供基于MPLS技术的VPN服务。然而，目前的一个普遍观点是：传统的以帧中继/ATM作为链路层的VPN是非常安全的，而MPLS VPN建立在无连接的IP网络之上，所人们对它所能达到的安全强度仍有疑虑。本文系统地分析了传统VPN的实现技术、MPLS协议、MPLS VPN实现技术，并且把传统的VPN和MPLS VPN做了对比，在这些讨论的基础上从三个方面(地址空间分离／路由隔离、核心网隐藏、抗攻击性)详细分析MPLS VPN的安全强度，最终得出结论：MPLS VPN可以达到和帧中继／ATM VPN同样的安全级别。由于MPLS VPN自身的种种优势，未来企业网的VPN构建，将是MPLS VPN为主，其它方法为辅的方式。更多还原

【Abstract】 In the field of VPN, MPLS VPN is a new kind of VPN implementation. MPLS VPN has combined the advantage of IP and ATM. Because of its efficiency and simplicity, there are more and more business customers adopting MPLS based VPN to build their VPN networks, and there are more and more service providers having constructed their MPLS core networks to provide the customers with MPLS VPN service.But there is a common opinion: traditional layer 2 VPNs based on Frame-Relay or ATM are quite secure, however, MPLS VPN is built on the IP network which is connectless, so people worry about the security MPLS VPN provides. In this paper, we first elaborate the technology of traditional VPNs, MPLS and MPLS based VPN, and then compare the MPLS VPN with traditional VPNs. Based on above discussion, we analyze the security of MPLS VPN from the following three aspects: address space and routing separation, hiding the SP core network, and resistance to attacks. Through the analysis, we draw the conclusion that MPLS VPN is as secure as its layer 2 counterparts such as Frame-Relay or ATM based VPNs. Because MPLS VPN has many kinds of advantage, in future, it will be the main solution to build enterprise VPNs.更多还原