【作者】 高德昊；

【导师】 杨大全；

【作者基本信息】 沈阳工业大学 ， 计算机技术， 2007， 硕士

【摘要】 本课题在系统调研基础上，针对传统的Internet接入服务已越来越满足不了用户需求这一问题(传统的Internet只提供浏览、电子邮件等单一服务，没有服务质量保证，没有权限和安全机制，界面复杂不易掌握)，提出了利用VPN技术组网的设计目标、原则以及解决方案，实现了公网专用的功能。存在的问题是辽阳公安局原有的综合业务数据网系统比较复杂，总局与分局、交警支队、消防支队、派出所、城区所队、农村所队之间是通过拨号方式连接，受上网速度的限制，内部的文件处理速度特别慢，办公业务也受到影响，同时还会受内部数据不能共享的影响。另外使用起来安全性较差，网络安全得不到有效地保证。如果需要一些新的服务，需要填写许多的单据，再等上相当一段时间，才能享受到新的服务。更为重要的是两端的终端设备不但价格昂贵，而且管理也需要一定的专业技术人员，无疑增加了成本，而且其现有的综合业务数据网也不会像Internet那样，可立即与世界上任何一个使用Internet网络的单位连接。为解决以上问题，辽阳电信网通分公司计算机应用开发中心和辽宁信息职业技术学院华为实验室根据现有的设备、技术力量，提出了开展研究工作的设想，即使用光纤直连方式搭建一个VPN网络，以10／100M实现分局与市局原有北电Passport 6480路由器相连(交警支队、消防支队、辽阳县、灯塔市利用已经建成各自的广域网和局域网，公安局与消防支队采用DDN专线相连，与交警支队采用广电的光缆相连)。考虑公安专网与外网的分离问题，因此搭建一个VPN网络。提出了解决办法是利用VPN技术中的MPLS VPN技术解决公安行业的业务实现和安全隔离。本文较详细的阐述了利用VPN技术实现公安专用网络的处理的思路、实现过程，附有系统拓扑图，并选择了适当的硬件设备，实现了公安专用网络在使用过程中的所应具有的安全性、高效性和可靠性。更多还原

【Abstract】 Based on the system investigation and study , this topic aimed at the issue that traditional Internet service couldn’t satisfy users’ demand. (Traditional Internet only provides simple service such as browsing, email and, without service guarantee and jurisdiction and safety mechanism. Another problem is that contact surface is complex and not easy to grasp), This thesis proposed the design goal, principle and settlement of VPN technology network. The solution has realized the virtual special-purpose net’s function with the public special-purpose net.Liaoyang police station’s existing comprehensive service data networking system is quite complex, The connection between the bureau and the sub-bureau, the traffic police crew, the fire crew, the local police station, the city team and the countryside team are through the dialing way. Influenced by net speed limit, the internal file processing speed is specially slow, and the work service also comes under the influence. Meanwhile the internal data couldn’t be shared. Moreover, it has little security, and the network security cannot be effectively guaranteed. If the user needs some new services, he will need to fill in many documentary evidences and wait for a quite period of time for enjoying the new service. What’s more important, the terminal device of the beginnings and ends is expensive, and it also needs the a certain specialized technical personnel, which will increased the cost undoubtedly. And its existing comprehensive service data couldn’t immediately connect with any net unit in the world as the Internet do.In order to solve the above problem, the Liaoyang Telecommunication NetworkCompany computer application development center and Liaoning Information Vocational Technology Institute Huawei laboratory proposed the development research work tentative plan which based on the existing equipment and technical force. The plan is to build a VPN network with the optical fiber straight connecting way, and to connect the sub-bureau and the city bureau original north electricity Passport 6,480 routers by the 10/100M (traffic police crew, fire crew, the Liaoyang county, and Lighthouse county have already completed respective WAN and local area network. Police station uses the DDN special line to connect with fire crew, and broad electricity optical cable with traffic police crew). Considering the current VPN way, I think the MPLS VPN is the most suitable technology to the public security service realization and the secure isolation, and divides it to be an independent VPN, realizing the secure isolation functions between public security network and other user networks.This thesis has narrated the thought and the realization process of using the VPN technology to realize public security private network in detail, attaching the system analysis situs chart, and with the suitable hardware equipment. The technology has realized the security, effectiveness and reliability in the use of public security private network.更多还原