基于MPLS/VPN及PKI体系的统一数据交换平台设计与实现
摘要
数据交换技术由来已久,发展至今已经拥有将近四十年的历史。长期以来,功能日益丰富、性能日臻完善的数据交换技术帮助人们解决了无数生产、生活中的难题。但是社会的发展一刻未曾停止,信息化建设更是日新月异,随着应用复杂度越来越高,原有的数据交换技术及数据交换方案在功能、性能、可靠性及扩展性等方面已远远不能满足时刻变化的业务需求。所以,人们开始重新思索数据交换的设计架构,力求构建一个新的经济、高效、安全、可扩展的数据交换框架来满足日益变化的业务需求。
MPLS/VPN及PKI技术的出现将能使人们寻求新的数据交换架构的梦想得以实现。本文立足于构建新的经济、高效、安全、可扩展、支持多应用及应用隔离的数据交换平台的出发点。从数据交换解决方案的现状着手,介绍了数据交换的概念、典型组成、一般流程等基本概念,在分析现有数据交换解决方案的种种不足及瓶颈的基础上,引入一种新的基于MPLS/VPN及PKI体系的统一数据交换解决方案。有效地解决了实施成本、运行性能、安全可靠性、多应用并行隔离、扩展性的问题。为中国的数据交换方案的发展提供可一个可行的、前瞻性的研究成果。
借助于面向对象以及面向服务程序设计的相关核心思想、通过Myeclipse开发环境、SSH框架及相应数据库的支持,本文成功实现了基于MPLS/VPN及PKI体系的统一数据交换平台的开发,验证了其可行性。
Now, there has been nearly four decades history for the data exchange technology. For a long time, With Increasing feature-rich, performance-perfect, Data exchange technology help us solve numerous problem in production and living. But, The development of society never stop, The process of informatization is also rapidly changing. With the increase in complexity on the application, A regular data exchange technology solution can not meet the need of ever changing businessin in functionality, performance, reliability and scalability any more. So, People began to re-thinking the design of architecture for data exchange, Seeks to build a new economic, efficient, secure, scalable framework for data exchange to meet the needs
The emergance of MPLS / VPN and PKI technologies will enable people to make the dream of searching for new data exchange structure come true. This dissertation is based on the starting point of building a new exchange system of economic, efficient, safe, scalable, supporting multiple applications and application isolation. Start from the status of data exchange solutions, Introducing the concept of data exchange, typical composition, general process, and other basic concept. By analysis the existing data exchange solutions, find out the various deficiencies and bottlenecks, then introduce a new framewok of unified data exchange solution based on the MPLS / VPN and PKI system. Solve the problem of implementation costs, operating performance, security, reliability, multi-application parallel and isolation, expansion issues effectively. Provides a viable, forward-looking research for the development of Data exchange solution in China.
Guided by the core idea of OO and SOA, Supported by Myeclipse development environment, SSH framework and corresponding database,This paper finish a data exchange platform based on MPLS / VPN, and PKI system, and vertify it’s feasibility.
MPLS/VPN及PKI技术的出现将能使人们寻求新的数据交换架构的梦想得以实现。本文立足于构建新的经济、高效、安全、可扩展、支持多应用及应用隔离的数据交换平台的出发点。从数据交换解决方案的现状着手,介绍了数据交换的概念、典型组成、一般流程等基本概念,在分析现有数据交换解决方案的种种不足及瓶颈的基础上,引入一种新的基于MPLS/VPN及PKI体系的统一数据交换解决方案。有效地解决了实施成本、运行性能、安全可靠性、多应用并行隔离、扩展性的问题。为中国的数据交换方案的发展提供可一个可行的、前瞻性的研究成果。
借助于面向对象以及面向服务程序设计的相关核心思想、通过Myeclipse开发环境、SSH框架及相应数据库的支持,本文成功实现了基于MPLS/VPN及PKI体系的统一数据交换平台的开发,验证了其可行性。
Now, there has been nearly four decades history for the data exchange technology. For a long time, With Increasing feature-rich, performance-perfect, Data exchange technology help us solve numerous problem in production and living. But, The development of society never stop, The process of informatization is also rapidly changing. With the increase in complexity on the application, A regular data exchange technology solution can not meet the need of ever changing businessin in functionality, performance, reliability and scalability any more. So, People began to re-thinking the design of architecture for data exchange, Seeks to build a new economic, efficient, secure, scalable framework for data exchange to meet the needs
The emergance of MPLS / VPN and PKI technologies will enable people to make the dream of searching for new data exchange structure come true. This dissertation is based on the starting point of building a new exchange system of economic, efficient, safe, scalable, supporting multiple applications and application isolation. Start from the status of data exchange solutions, Introducing the concept of data exchange, typical composition, general process, and other basic concept. By analysis the existing data exchange solutions, find out the various deficiencies and bottlenecks, then introduce a new framewok of unified data exchange solution based on the MPLS / VPN and PKI system. Solve the problem of implementation costs, operating performance, security, reliability, multi-application parallel and isolation, expansion issues effectively. Provides a viable, forward-looking research for the development of Data exchange solution in China.
Guided by the core idea of OO and SOA, Supported by Myeclipse development environment, SSH framework and corresponding database,This paper finish a data exchange platform based on MPLS / VPN, and PKI system, and vertify it’s feasibility.
引文
[1]章明,许青松,沈锡臣.基于XML的数据交换共享平台模型[J].清华大学学报,2003:10-65。
[2] M.Kezunovicsik.Format of Data and the keypoint for Information Exchange [C].BalKan Power Conference, 2002-07-11:122-180.
[3]薛华成.管理信息系统.清华大学出版社,2003.
[4]黄卫卫.基于交换的数据存储模式研究.教育信息化(增刊),2004-07-11:10-55.
[5] S-M Yang, W-T Lo. MEDEA - Model for the Event-Based Data Exchange Architecture[C]. Parallel and Distributed Systems International Conference s, 2000:100-200.
[6] Dave S, Shreek M. Simulation Data Exchange Implementation and Application. 2001 Winter Simulation Conference,2001:25-88.
[7] H.Chan—chen ,SHAMA OWEN, Build. reliable MPLS network based on path protection algorithm[J]. IEEE Communications Magazine, 2002:33-80.
[8] Y.P.Zhang, C.Zhang,H.P.Wang. An Internet based data exchang framework for enterprise VPN[J]. Computer in Industry, 2000-06-08:200-220.
[9] National BANERJEE A, DRAKE J, LANG J. Multi-protocol label switching_an overview of data exchange technology[J]. IEEE Communications Magazine, 2001.
[10] SHARMAL V, HELLSTER AND F. RFC 3469, Framework of multi-protocol label switch baseing recovery, IETF, 2003:232-255.
[11] Rabelo.J.2001. Interoperating Standards in Multi-agent Manufacturing Scheduling System The International Journal of Computer Applications in Technologh, July,2001:111-167.
[12]思科标签交换体系结构.清华大学出版社,2005:50-120.
[13] C.C.Tang. Trafic engineering for MPLS—based VPN[J]. Computer Networks, 2004.
[14] MPLS技术架构.Luck Det Chen,CCIE人民邮电出版社,2007.
[15]李小勇,张卫.基于MPLS的IP组播在Linux环境下的设计与实现.微计算机信息,2005.
[16] ISO. Information Technology - Security Techniques - Evaluation Criteria for IT Security -: Security Functional Requirements[S]. ISO/1EC 15408-1, 2005:89-122.
[17] ISO. Information Technology - Security Techniques - Evaluation Criteria for IT Security -: Part 2: Security Functional Requirements[S]. ISO/1EC 15408-2, 2005:122-200.
[18] ISO.Information Technology– Security Techniques– Evaluation Criteria for IT Security– Part 3: Security Assurance Requirements[S]. ISO/1EC 15408-3, 2005:210-245.
[19]谢东青,冷健.PKI原理与技术.清华大学出版社,2004-07-21:20-88.
[20]胡道元,闵京华.网络安全.清华大学出版社,2004-03-21:12-98.
[21] (英)Wenbo Mao著,王继林,伍前红.现代密码学理论与实践.电子工业出版社,2004:88-125.
[22]网络信息安全技术基础.北京:电子工业出版社,2003:12-13.
[23]冯妍.网络安全风险评估系统的研究与设计.西北大学,2006.
[24] (美)Bruce Setcher著.吴世忠,祝世雄,张文政等译.应用密码学协议、算法与C程序.机械工业出版,2001:22-99.
[25] W.Diffy and M.E. Hellboy. New Directions in cryptography. IEEE TransIT, 2009:50-120.
[26] Kishorer.c, Kerriey. Holley. Migrating to a service-oriented orchitecture..
[27]卢致杰,覃正等.SOA体系设计方法与研究[J].工业工程,2004-11-11:20-120.
[28] ISO. N1ST International Standard[S]. IS0/IEC 17799, 2000:112-143.
[29] M Kezunovic, IEEE. Data Integration an Information Exchange for Enhanced Control and Protection of Power Systems[C]. Proceedings of the 26th Hawaii International Conference on System Sciences, 2002:82-128.
[30] W3C Recommendation. XML Key Management Specification(XKMS) 2.0. 2005:12-24.
[31] T XMLKey Management(XKMS2.0). http://www.3.org/TR/xkms2-req.
[32] W3C Candidate Recommendation. XML Encryption Syntax and Processing. 2002:8-19.
[33] Doriln Vincent. Electronic commerce and traditional commerce[j]. the Amiteatru Economic Journal, 2007-09-16:48-67.
[34] A.Product data integration in B2B e-commerce.Intelligent Systems. IEEE, 2001:102-200.
[35] Internet Security System Inc. Internet Security Systems. Http:www.iss.net/, 2003.
[36] COBRA-Security Risk Assessment and Security Risk Analysis, http://www.riskworld.net/ index.htm.
[2] M.Kezunovicsik.Format of Data and the keypoint for Information Exchange [C].BalKan Power Conference, 2002-07-11:122-180.
[3]薛华成.管理信息系统.清华大学出版社,2003.
[4]黄卫卫.基于交换的数据存储模式研究.教育信息化(增刊),2004-07-11:10-55.
[5] S-M Yang, W-T Lo. MEDEA - Model for the Event-Based Data Exchange Architecture[C]. Parallel and Distributed Systems International Conference s, 2000:100-200.
[6] Dave S, Shreek M. Simulation Data Exchange Implementation and Application. 2001 Winter Simulation Conference,2001:25-88.
[7] H.Chan—chen ,SHAMA OWEN, Build. reliable MPLS network based on path protection algorithm[J]. IEEE Communications Magazine, 2002:33-80.
[8] Y.P.Zhang, C.Zhang,H.P.Wang. An Internet based data exchang framework for enterprise VPN[J]. Computer in Industry, 2000-06-08:200-220.
[9] National BANERJEE A, DRAKE J, LANG J. Multi-protocol label switching_an overview of data exchange technology[J]. IEEE Communications Magazine, 2001.
[10] SHARMAL V, HELLSTER AND F. RFC 3469, Framework of multi-protocol label switch baseing recovery, IETF, 2003:232-255.
[11] Rabelo.J.2001. Interoperating Standards in Multi-agent Manufacturing Scheduling System The International Journal of Computer Applications in Technologh, July,2001:111-167.
[12]思科标签交换体系结构.清华大学出版社,2005:50-120.
[13] C.C.Tang. Trafic engineering for MPLS—based VPN[J]. Computer Networks, 2004.
[14] MPLS技术架构.Luck Det Chen,CCIE人民邮电出版社,2007.
[15]李小勇,张卫.基于MPLS的IP组播在Linux环境下的设计与实现.微计算机信息,2005.
[16] ISO. Information Technology - Security Techniques - Evaluation Criteria for IT Security -: Security Functional Requirements[S]. ISO/1EC 15408-1, 2005:89-122.
[17] ISO. Information Technology - Security Techniques - Evaluation Criteria for IT Security -: Part 2: Security Functional Requirements[S]. ISO/1EC 15408-2, 2005:122-200.
[18] ISO.Information Technology– Security Techniques– Evaluation Criteria for IT Security– Part 3: Security Assurance Requirements[S]. ISO/1EC 15408-3, 2005:210-245.
[19]谢东青,冷健.PKI原理与技术.清华大学出版社,2004-07-21:20-88.
[20]胡道元,闵京华.网络安全.清华大学出版社,2004-03-21:12-98.
[21] (英)Wenbo Mao著,王继林,伍前红.现代密码学理论与实践.电子工业出版社,2004:88-125.
[22]网络信息安全技术基础.北京:电子工业出版社,2003:12-13.
[23]冯妍.网络安全风险评估系统的研究与设计.西北大学,2006.
[24] (美)Bruce Setcher著.吴世忠,祝世雄,张文政等译.应用密码学协议、算法与C程序.机械工业出版,2001:22-99.
[25] W.Diffy and M.E. Hellboy. New Directions in cryptography. IEEE TransIT, 2009:50-120.
[26] Kishorer.c, Kerriey. Holley. Migrating to a service-oriented orchitecture..
[27]卢致杰,覃正等.SOA体系设计方法与研究[J].工业工程,2004-11-11:20-120.
[28] ISO. N1ST International Standard[S]. IS0/IEC 17799, 2000:112-143.
[29] M Kezunovic, IEEE. Data Integration an Information Exchange for Enhanced Control and Protection of Power Systems[C]. Proceedings of the 26th Hawaii International Conference on System Sciences, 2002:82-128.
[30] W3C Recommendation. XML Key Management Specification(XKMS) 2.0. 2005:12-24.
[31] T XMLKey Management(XKMS2.0). http://www.3.org/TR/xkms2-req.
[32] W3C Candidate Recommendation. XML Encryption Syntax and Processing. 2002:8-19.
[33] Doriln Vincent. Electronic commerce and traditional commerce[j]. the Amiteatru Economic Journal, 2007-09-16:48-67.
[34] A.Product data integration in B2B e-commerce.Intelligent Systems. IEEE, 2001:102-200.
[35] Internet Security System Inc. Internet Security Systems. Http:www.iss.net/, 2003.
[36] COBRA-Security Risk Assessment and Security Risk Analysis, http://www.riskworld.net/ index.htm.