Webpage Journalism Post Bar know Online disk picture video Map library information purchase Encyclopedias
Baidu homepage
Sign in
register
help
home page
Second encyclopedia
Featured encyclopedia
Knowledge topics
Join Encyclopedia
Encyclopedia team
Authoritative cooperation
Personal Center
Collection
see My Collection
zero Useful+1
zero

Virtual private network service

Announce discuss Upload video
Network noun
This entry is made by Compilation and application of scientific encyclopedia entries of "Science Popularization China" to examine.
Virtual Private Network (VPN) is a kind of service that uses the resources of the public telecommunications network to provide non permanent private network services to users of large enterprises through the software control in the program-controlled network nodes. It can avoid repeated investment and network maintenance, and users can manage their own networks. Users can access VPN Get fast business applications, and the operation department can make full use of the established network resources through virtual private network services. It also has a certain market in China.
Chinese name
Virtual private network service
Foreign name
virtual Private Network
Abbreviation
VPN
Industry
network

catalog

  1. one Business function
  2. two Business characteristics
  3. three working principle
  1. four Advantages and disadvantages
  2. advantage
  3. shortcoming
  1. five laws and regulations

Business function

Announce
edit
1. Remote access - it allows a VPN user to send a call to the VPN from a phone that is not in the VPN. [1]
2. Billing call - it allows a VPN user to dial an account and record the call fee on the specified account.
3. Call forwarding - it allows a VPN user to forward a call to another phone.
4. Abbreviated dialing -- It is a virtual private network user who dials an abbreviated number to call an outside user. Calls to users in the abbreviated dial list are not restricted by calls outside the network.
5. Authentication code -- it allows a VPN user to dial an authentication code and send a call outside the network without being restricted by the call of the phone concerned.
6. Closed user group - it allows a VPN user to belong to a user group, and normal calls are allowed in the user group. It does not allow users of the closed user group to call each other with users outside the closed group.
7. VPN operator seat/automatic call distribution - it means that a operator seat is set in the network to provide users with relevant service information.
8. Operator login - it means that the operator can participate in automatic call distribution.
9. Operator cancellation - it means that the operator can no longer participate in automatic call distribution.

Business characteristics

Announce
edit
1. Economy: Compared with leased lines, VPN uses public phone Network facilities do not require additional investment to establish a physical private network, so it is quite cheap compared with leased lines.
2. Flexible networking: VPN can easily realize traditional users, ISDN users, PBX The access of multiple types of users is not limited by the region and the number of users
3. Convenient management: In the management process, the technical requirements for users are greatly reduced. Users only configure services, and the functions of applying for VPN are very simple. Most functions can be carried out on the phone, and only a few need to fill in forms to apply to the Telephony Release Department.
4. Convenient maintenance: users are relieved from the maintenance work and are no longer faced with a large number of equipment. All these work is entrusted to the centralized management of the telecom operation department.
5. Adapt to changes: For VPN users, adding or deleting an organization or region is just a logical operation, simple and does not require additional investment from users.

working principle

Announce
edit
  1. one
    Normally, VPN gateway The dual network card structure is adopted, and the external network card is accessed through the public IP Internet
  2. two
    Terminal A of network 1 (assumed to be the public internet) accesses terminal B of network 2 (assumed to be the company intranet), and the destination address of the access packet sent by it is the internal IP address of terminal B.
  3. three
    The VPN gateway of Network 1 checks the target address when receiving the access packet sent by Terminal A. If the target address belongs to the address of Network 2, the packet is encapsulated. The encapsulation method varies according to the VPN technology used. At the same time, the VPN gateway will construct a new VPN packet and use the encapsulated original packet as the load of the VPN packet, The destination address of the VPN packet is the external address of the VPN gateway of Network 2.
  4. four
    The VPN gateway of Network 1 sends VPN packets to Internet , because the destination address of the VPN packet is the external address of the VPN gateway of Network 2, the packet will be route Send to VPN gateway of Network 2 correctly.
  5. five
    The VPN gateway of Network 2 checks the received packet. If it is found that the packet is sent from the VPN gateway of Network 1, it can determine that the packet is a VPN packet, and unpack the packet. The process of unpacking is mainly to first peel off the VPN packet header, and then reverse the packet processing to restore the original packet.
  6. six
    The VPN gateway of Network 2 sends the restored original packet to the target terminal B. Since the target address of the original packet is the IP address of terminal B, the packet can be correctly sent to terminal B. From the perspective of terminal B, the packets it receives are the same as those directly sent from terminal A.
  7. seven
    The process of data packets returned from terminal B to terminal A is the same as the above process, so that the terminals in the two networks can communicate with each other. [2]
From the above description, it can be found that VPN gateway When processing data packets, there are two parameters that are very important for VPN communication: the target address of the original data packet (VPN target address) and the remote VPN gateway address. According to the VPN target address, the VPN gateway can determine which packets to process VPN, and packets that do not need to be processed can usually be directly forwarded to the superior route; The remote VPN gateway address specifies the destination address of the processed VPN packet, that is, the VPN gateway address at the other end of the VPN tunnel. Since network communication is bidirectional, VPN gateways at both ends of the tunnel must know the VPN target address and the corresponding remote VPN gateway address when carrying out VPN communication.

Advantages and disadvantages

Announce
edit

advantage

  1. one
    VPN enables mobile employees, remote employees, business partners and others to take advantage of local available high-speed broadband network connections (such as DSL , cable TV or WiFi Network) to the corporate network. In addition, high-speed broadband network connection provides a cost-effective way to connect remote offices.
  2. two
    Well designed broadband VPN is modular and scalable. VPN enables users to use an Internet infrastructure that is easy to set up, so that new users can quickly and easily add to the network. This capability means that enterprises can provide a large amount of capacity and applications without adding additional infrastructure.
  3. three
    VPN can provide a high level of security, using advanced encryption And identity recognition protocols to protect data from prying and prevent data thieves and other unauthorized users from accessing such data.
  4. four
    Full control. Virtual private networks enable users to take advantage of ISP facilities and services, while fully controlling their own networks. Users only use the network resources provided by ISP, and can manage other security settings and network management changes by themselves. You can also set up your own virtual private network within the enterprise.

shortcoming

  1. one
    Enterprises cannot directly control the reliability and performance of Internet based VPNs. Institutions must rely on Internet service providers that provide VPN to ensure the operation of services. This factor makes it very important for enterprises to sign a service level agreement with Internet service providers. It is necessary to sign an agreement that guarantees various performance indicators.
  2. two
    It is not easy for enterprises to create and deploy VPN lines. This technology requires a high level of understanding of network and security issues and careful planning and configuration. Therefore, it is a good idea to choose an Internet service provider to be responsible for most things of running VPN.
  3. three
    VPN products and solutions from different manufacturers are always incompatible, because many manufacturers are unwilling or unable to comply with VPN technical standards. Therefore, mixing products from different manufacturers may cause technical problems. On the other hand, using one supplier's equipment may increase costs.
  4. four
    VPN has security risks when using wireless devices. Roaming between access points is particularly problematic. When users roam between access points, any solution using advanced encryption technology may be broken.

laws and regulations

Announce
edit
In April 2003, Ministry of Information Industry The Classification Catalogue of Telecommunication Services was issued, and the classification of international telecommunication services was cancelled. At the same time, the virtual private network services were separated from the basic telecommunication services and became independent Value added telecommunication service Classification. However, the concept of "virtual private network" here is different from the VPN service in the industry. The new Telecom Service Classification Catalog explains the classification as follows: Internet Virtual private network service (IP-VPN) refers to that operators use their own or leased public Internet network resources to TCP/IP protocol , to customize the Internet closed user group network services for domestic users. The explanation of this classification emphasizes two characteristics, one is to use Internet network resources, the other is to use TCP/IP protocol. This explanation was corresponding to the market situation at that time, which focused on Internet based IPSec VPN, Although this explanation can basically cover the following SSL VPN mode, but no concern MPLS VPN。
In August 2003, the Ministry of Information Industry issued the Notice on Organizing Commercial Trials of Three Telecommunications Services, including Domestic Multi party Communication Services, to address three issues, including "Domestic Multi party Communication Services", "Online Data Processing and Transaction Processing Services", and "Domestic Internet Virtual Private Network Services" Value added telecommunication service Organize commercial test, valid until the end of August 2004.
In November 2004, the Ministry of Information Industry issued the Notice on Continuing the Commercial Test of Three Value added Telecommunications Services, including Domestic Multi party Communication Services, and decided to extend the commercial test period of the above three value-added telecommunications services by one year to August 31, 2005.
In January 2006, the Ministry of Information Industry issued the Notice on Two Value added Telecommunication Services and Domestic Multi party Communication Services, officially opening two value-added telecommunication services, namely, "Domestic Internet Virtual Private Network Service" and "Online Data Processing and Transaction Processing Service". The two value-added telecommunication services mentioned above were converted from commercial trials to formal commercial use.
In 2008, IP-VPN business license was officially issued. China's "Domestic Internet Virtual Private Network" called IPSec VPN Value added telecommunication service license Since its birth, it has taken MPLS VPN as its development direction, which leads to no rules to follow in the VPN market. In fact, it is "grey operation".
In 2013, Ministry of Industry and Information Technology There is still no change in the published Catalogue of Classification of Telecommunication Services (Draft for Comments).
On January 27, 2015, the Ministry of Industry and Information Technology responded to the VPN blocking event, saying that some bad information should be managed in accordance with Chinese laws. [3]
The Ministry of Industry and Information Technology has previously issued regulations that companies providing VPN services in China must register, otherwise they will "not be protected by Chinese laws".
Novice on the road
Growth task Getting Started with Editing Edit Rule Edit by myself new
I have questions
Content query Online Service Official post bar Feedback
Complaints and suggestions
Report bad information Failed to appeal through entries Complaint of infringement information Blocking query and unblocking

© 2024 Baidu  Read Before Using Baidu  |  Encyclopedia protocol  |  Privacy Policy  |  Baidu Encyclopedia cooperation platform  |  Jing ICP Certificate No. 030173

Jinggong Network Anbei No. 1100000200001