• Journal of the Institute of Convergence Signal Processing
• /
• v.8 no.1
• /
• pp.51-57
• /
• 2007

In this paper we introduce the concept of MPLS-based VPN and propose a scheme for providing VPN services in MPLS networks. Furthermore, we design the control components and the operational procedures and evaluated the performance of traditional VPN implementation methods and MPLS-based VPN. In this scheme it is possible to solve several problems that IP-based VPN pertains via the allocation of VPN ID and virtual space without tunneling, thereby providing effective VPN services. In other words, the MPLS-based VPN scheme uses MPLS networking technology together with the PSTN which can achieve a perfect segregation of user traffic on per-customer basis in a physical link and can guarantee high reliability and security levels. Specially, in the perspective of customers, it can save networking facilities installation and maintenance costs considerably. On the contrary, it possesses some shortcomings in that its deployment tends to be restricted within an ISP's network boundary and it is vulnerable to external security break-ins when going through public networks such as the Internet due to its lack of data encryption capability.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.10B
• /
• pp.927-937
• /
• 2003

Network based VPN(Virtual Private Network) using MPLS(Multiprotocol Label Switching) technology is regarded as a good solution for intranets or extranets because of the low cost and the flexibility of the service provision. In this paper, we describea mechanism that allows the VPN users to move from one site to another site of the VPN network based on the BGP-E MPLS technology. This mechanism is designed for and implemented on PE(Provider Edge) routers of the backbone network. PE routers connected to the VPN sites establish a new MPLS path to the mobile node after they detect movement of the mobile VPN node. The new location may belong to the same VPN or to different VPN. We designed VPN management and control functions of the PE routers in order to interface with the Mobile IP protocol. The pilot implementation and performance measurement were carried out on a testbed.

• Journal of KIISE:Information Networking
• /
• v.29 no.1
• /
• pp.31-39
• /
• 2002

The VPN(Virtual Private Network) is a private network constructed logically on a public network infrastructure. There have been numerous studies to support the VPN services by using different technologies such as IP in IP, GRE, L2TP, MPLS and so on. Among these technologies, MPLS has shown many merits in aspects of QoS, security, and management, compared with other technologies. As an enhancement of the VPN that is controlled by MPLS PE(Provider Edge) routers, this paper presents the VPN controlled by MPLS CE(Customer Edge) routers. The functional architecture of the CE based VPN and operations of the CE routers are described along with the performance comparison of CE based MPLS VPN. It has been shown that the CE based VPN has more advantages than PE based VPN with respect to independency, scalability, security, and complexity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.11-21
• /
• 2004

To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.721-724
• /
• 2003

본 논문에서는 CDMA 3G 환경에서의 Wireless VPN에 있어서의 문제점을 분석하고 설계/구현 방안을 제시하고자 한다. Wireless VPN의 최종 목표는 Wireline VPN과의 통합을 이루어서 진정한 Mobile VPN을 구현하는 것이지만 아직까지 Mobile IP 지원에 대한 국제 표준이 완전히 정비되지 않은 상태이고 또한 Mobile VPN에 대한 기술적 검증이 이루어진 적이 없기 때문에 본 논문에서는 Wireless VPN에 초점을 맞추도록 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1589-1592
• /
• 2005

VPN(Virtual Private Network)은 물리적인 장비나 회선을 논리적으로 구분하여 기존 전용회선을 기반으로 하는 사설 네트워크에 비해 상대적으로 적은 구축 비용, 융통성 있는 확장성, 저렴한 운용비용의 장점을 보유한 별도의 사설 네트워크를 구성하는 기술이다. 다양한 VPN 기술 중에서도 MPLS VPN 은 확장성, QoS 제공을 용이하게 해주는 장점을 가지고 있어 차세대 네트워크 기술로 부각되고 있다. 일반적으로 MPLS VPN 은 ISP 에서 제공하는 서비스로 인식되나 규모가 크고 다양한 사설 네트워크를 필요로 하는 기업의 네트워크 모델로도 적합하다. 또한 Virtual Router VPN 은 Customer Edge(CE) 장비로서 활용성이 큰 Switch 장비에 적용하여, CE 를 MPLS VPN 과 쉽게 연동하게 한다. 본 논문에서는 MPLS VPN 및 Virtual Router VPN 을 이용하여 기업 네트워크를 효과적으로 구성하는 방안을 기술한다.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.6
• /
• pp.727-735
• /
• 2002

In this paper, we design and implement a MPLS based IP-VPN service module as an application for ACE2000 MPLS system. ACE2000 MPLS VPN service module has been developed using the BGP4 extension protocol. The IP-VPN service module supports differentiated QoS using the MPLS traffic engineering. In addition, it offers a path protection mechanism and the restart mechanism of MPLS system and forwarding engine for supporting a highly reliable service.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.5
• /
• pp.926-932
• /
• 2007

Various research groups proposed various architecture of hardware VPN for the high performance VPN system. However, the VPN based on hardware researcher are focused only on the encryption acceleration. Soft based VPN is only useful when the network connection is slow. We have to consider the hardware performance (encryption/decryption processing capability, packet processing, architecture method) to implement hardware based VPN. In this paper, we have analysed architecture of hardware, consideration and problems for high-speed VPN system, From the result, we can choose the proper design guideline.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.04a
• /
• pp.343-345
• /
• 2000

통신 사업자는 많은 상호 독립적인 보이지 않는 네트워크를 제공하기 위해 가상의 네트워크를 운영한다. 기업 입장에서는 인트라넷이 주로 웹과 기타 IP 기술에 기초하는데, 이를 투명성 있게 확장하기 위해 IP VPN의 요구가 증가했었다. VPN은 사용자의 요구에 따라 WWW 및 멀티미디어 서비스 등의 IP 서비스를 수용하는 방향으로 전개되고 있다. 그러나 IP VPN으로 가는데 있어서의 단점인 터널링과 암호화에 따른 오버헤드 문제를 해결해야 하는데, 이를 위하여 인터넷 솔루션으로 도입하여 있는 MPLS 망을 기반으로 하여 VPN을 제공하면 터널링이 주는 오버헤드 없이 서비스를 제공할 수 있다. 본 논문에서는 MPLS 망에서 VPN을 지원하는 방안을 제안하고, MPLS VPN 제어 요소 및 동작 절차를 설계하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.688-690
• /
• 2002

최근 인터넷의 성장과 함께 인터넷을 이용한 사설망인 VPN의 필요성이 커지고 있다. 본 논문에서는 확장된 NAT 기능을 이용한 VPN 기능을 임베이드 리눅스 환경에서 구현하여 기존 VPN의 단점을 보완하고 VPN 장비의 크기를 최소화 할 수 있도록 한다. 제안된 VPN 기능은 실제 인터넷 환경에 적용하기 쉬우며 보안 프로토콜이나 암호화 알고리즘을 생략하고도 강한 보안성을 제공하고, 기존의 공개망을 최대한 활용할 수 있어 그 활용가치가 높을 것으로 생각된다. 또한, 임베이드 시스템에서 VPN을 구현함으로써 장비의 소형화, 안정성 및 경제성을 실현하여 그 활용가치가 높을 것으로 생각된다.