{Cisco CCIE-RS} IPSec VPN and MPLS


Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec) is an open standard framework. It refers to the use of encrypted security services to ensure confidential and secure communication on the Internet Protocol (IP) network. The Microsoft Windows 2000, Windows XP and WindowsServer 2003 families implement IPSec based on the standards developed by the IPSec working group of the Internet Engineering Task Force (IETF).

IPSec is the long-term direction of secure networking. It provides active protection through end-to-end security to prevent attacks from private networks and the Internet. In communication, the sender and receiver are the only computers that must understand IPSec protection. In the windows 2000, Windows XP, and Windows Server 2003 families, IPSec provides a capability to protect communications between workgroups, LAN computers, domain clients and servers, branch offices (physically remote offices), Extranets, and roaming clients.

IPSec is a set of IP security protocols established by the IPSec group of IETF (Internet Engineering Task Force). IPSec defines the security services used in the Internet layer. Its functions include data encryption, access control to network units, data source address verification, data integrity check, and replay prevention.

IPSec Security services require to support of shared keys to complete certification and/or confidentiality, and manual key input. The purpose is to ensure the interoperability of IPSec protocols. Of course, the expansion ability of the manual key input method is very poor. Therefore, a key management protocol, called Internet Key Exchange Protocol (IKE), is introduced into the IPSec protocol. This protocol can dynamically authenticate IPSec peers, negotiate security services, and automatically generate shared keys.

Multiprotocol Label Switching (MPLS)

Multiprotocol Label Switching (MPLS) is an IP (Internet Protocol) backbone technology. MPLS introduces the concept of connection-oriented label switching in connectionless IP networks, and combines Layer 3 routing technology with Layer 2 switching technology, giving full play to the flexibility of IP routing and the simplicity of Layer 2 switching.

MPLS originated from IPv4 (Internet Protocol version 4), and its core technology can be extended to a variety of network protocols, including IPv6 (Internet Protocol version 6), IPX (Internet Packet Exchange), and CLNP (Connectionless Network Protocol). “Multiprotocol” in MPLS refers to supporting multiple network protocols.

It can be seen that MPLS is not a service or application, but actually a tunneling technology. This technology not only supports a variety of high-level protocols and services but also ensures the security of information transmission to a certain extent.

To Top

Pin It on Pinterest

Share This