IPsec效能分析及IPsec VPN架構設計之研究 = IPsec Performance and IPsec VPN Architecture study｜Airiti Library 華藝線上圖書館

透過您的圖書館登入 IP:3.145.151.141

透過您的圖書館登入

IP:3.145.151.141

繁體中文
English
简体中文

精確檢索 : 冠狀病毒
模糊檢索 : 冠狀病毒
冠狀病毒感染

冠狀病毒疾病
查詢出版品: 冠狀病毒

主題瀏覽

【下載完整報告】AI熱潮從學術研究也能看出端倪？哪些議題是2023熱搜議題？

學位論文

IPsec效能分析及IPsec VPN架構設計之研究

IPsec Performance and IPsec VPN Architecture study

呂佐鴻(Tso-Hung Lu)

指導教授：李鴻璋

淡江大學/管理學院/資訊管理學系碩士班/碩士(2007年)

https://doi.org/10.6846/TKU.2007.00521

摘要

目前較熱門的虛擬私有網路技術有IPsec和SSL虛擬私有網路，雖然IPsec在IPv4網路環境與NAT有建置上的複雜度，但在未來的五年，隨著IPv4的位址用盡和IPsec已成為IPv6協定標準的一部分，使得IPsec在IPv6網路環境上的建置更顯的重要和簡單，所以本論文探討IPsec虛擬私有網路在不同網路環境下的策略研究，以顯示出在IPv6網路環境下的不同網路架構建置IPsec都簡單而且大同小異，不需繁雜的設定步驟。本研究實驗IPsec在IPv6網路環境上使用不同整數運算能力主機時TCP和UDP傳輸資料的輸出量(throughput)，以探討使用不同整數運算能力主機對於IPsec套用認證標頭和加密安全承載資料時效能的差異性。本論文實驗結果顯示出，在TCP協定上使用IPsec的輸出量為未使用IPsec時的77.04%(較高運算能力主機)和75.46%(較低運算能力主機)，而ARIGA只有未使用IPsec時的四分之ㄧ。同樣的，在UDP協定上，未使用IPsec的輸出量分別為80.31%和75.36%，ARIGA為未使用IPsec的九分之ㄧ。本文效能實驗結果希望能夠泯除在IPv6上使用IPsec導致效能嚴重下降的疑慮。

關鍵字

IPsec ； IPv6 ；認證標頭；加密安全承載資料；虛擬私有網路

並列摘要

IPsec VPN and SSL VPN are getting popular nowadays. It is complex when IPsec is established with NAT in the IPv4 network. Future five years, when the IPv4 address is used finished and IPsec have now become a part of IPv6 standard, the establishment which IPsec is in the IPv6 network will be more important and easier. This research is about the policy setting which IPsec VPN is in the different network architecture. There are similar settings even if the network architecture is different. This research also do some experiment to gain the throughput of TCP/UDP data transmission by using different ability host and IPsec is implemented in the IPv6 network. We also research the different of throughput which different host uses the authentication header (AH) and encapsulating security payload (ESP). With both the AH and the ESP by using TCP, the throughput degrades to about 77.04% (higher ability host) and 75.46% (lower ability host), but ARIGA’s result shows that the throughput degrades to 1/4. When it is by using UDP, the throughput degrades to about 80.31% and 75.36%, but ARIGA’s result shows that the throughput degrades to 1/9. We hope this research can reduce the misgivings which the throughput dropped seriously when IPsec is used in the IPv6 network.

並列關鍵字

IPsec ； AH ； ESP ； VPN ； IPv6

參考文獻

[2] B.Carpenter and K.Moore, ” Connection of IPv6 Domains via IPv4 Clouds”, RFC3056, 2001

[4] Internet Engineering Task Force: http://www.ietf.org/

[10] W.Stallings , “Network Security Essentials : Applications and Standards”, Second Edition, Prentice Hall, 2002

[14] S.Deering and R.Hinden, “Internet Protocol, Version 6 Specifications”, RFC 2460 , 1998

[17] S.Kent and R.Atkinson, “Security Architecture for the Internet Protocol”, RFC 2401, 1998

延伸閱讀

Chuang, J. W. (2002). 利用IPSec來實現VPN [master's thesis, Chung Yuan Christian University]. Airiti Library. https://doi.org/10.6840/cycu200200187
卓德忠（2006）。無線網狀網路下TCP效能提升之研究〔碩士論文，國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU.2006.02415
（2019）。網路功能虛擬化之效能測試實驗室。電腦與通訊，(177)，76-76。https://www.airitilibrary.com/Article/Detail?DocID=1019391x-201905-201905150008-201905150008-76-76
朱保全（2008）。兩岸資安專利佈局分析 -- 以網路型入侵預防系統(IPS)為例〔碩士論文，國立臺北科技大學〕。華藝線上圖書館。https://doi.org/10.6841/NTUT.2008.00433
Kim, J. B., Song, M. B., Hwang, C. S., & Lee, S. K. (2008). FASiRec: A Fast Session Recovery Scheme for Large-scale VPNs Using IPSec. Journal of Information Science and Engineering, 24(5), 1329-1346. https://doi.org/10.6688/JISE.2008.24.5.3

國際替代計量

IPsec效能分析及IPsec VPN架構設計之研究