1、附录:英文技术资料翻译 英文 原文: Solutions, such as the various encryption methods and PKI, enable businesses to securely extend their networks through the Internet. One way in which businesses accomplish this extension is through Virtual Private Networks (VPNs). A VPN is a private network that is created via tun
2、neling over a public network, usually the Internet. Instead of using a dedicated physical connection, a VPN uses virtual connections routed through the Internet from the organization to the remote site. The first VPNs were strictly IP tunnels that did not include authentication or encryption of the
3、data. For example, Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco that can encapsulate a wide variety of Network Layer protocol packet types inside IP tunnels. This creates a virtual point-to-point link to Cisco routers at remote points over an IP internetwork. Other
4、examples of VPNs that do not automatically include security measures are Frame Relay, ATM PVCs, and MultIProtocol Label Switching (MPLS) networks. A VPN is a communications environment in which access is strictly controlled to permit peer connections within a defined community of interest. Confident
5、iality is achieved by encrypting the traffic within the VPN. Today, a secure implementation of VPN with encryption is what is generally equated with the concept of virtual private networking. VPNs have many benefits: Cost savings - VPNs enable organizations to use cost-effective, third-party Interne
6、t transport to connect remote offices and remote users to the main corporate site. VPNs eliminate expensive dedicated WAN links and modem banks. Additionally, with the advent of cost-effective, high-bandwidth technologies, such as DSL, organizations can use VPNs to reduce their connectivity costs wh
7、ile simultaneously increasing remote connection bandwidth. Security - VPNs provide the highest level of security by using advanced encryption and authentication protocols that protect data from unauthorized access. Scalability - VPNs enable corporations to use the Internet infrastructure that is wit
8、hin Internet service providers (ISPs) and devices. This makes it easy to add new users, so that corporations can add significant capacity without adding significant infrastructure. Compatibility with broadband technology - VPNs allow mobile workers, telecommuters, and people who want to extend their
9、 workday to take advantage of high-speed, broadband connectivity to gain access to their corporate networks, providing workers significant flexibility and efficiency. High-speed broadband connections provide a cost-effective solution for connecting remote offices. In the simplest sense, a VPN connec
10、ts two endpoints over a public network to form a logical connection. The logical connections can be made at either Layer 2 or Layer 3 of the OSI model. VPN technologies can be classified broadly on these logical connection models as Layer 2 VPNs or Layer 3 VPNs. Establishing connectivity between sit
11、es over a Layer 2 or Layer 3 VPN is the same. A delivery header is added in front of the payload to get it to the destination site. This chapter focuses on Layer 3 VPN technology. Common examples of Layer 3 VPNs are GRE, MPLS, and IPSec. Layer 3 VPNs can be point-to-point site connections such as GR
12、E and IPSec, or they can establish any-to-any connectivity to many sites using MPLS. Generic routing encapsulation (GRE) was originally developed by Cisco and later standardized as RFC 1701. An IP delivery header for GRE is defined in RFC 1702. A GRE tunnel between two sites that have IP reachabilit
13、y can be described as a VPN, because the private data between the sites is encapsulated in a GRE delivery header. Pioneered by Cisco, MPLS was originally known as tag switching and later standardized via the IETF as MPLS. Service providers are increasingly deploying MPLS to offer MPLS VPN services t
14、o customers. MPLS VPNs use labels to encapsulate the original data, or payload, to form a VPN. How does a network administrator prevent eavesdropping of data in a VPN? Encrypting the data is one way to protect it. Data encryption is achieved by deploying encryption devices at each site. IPSec is a s
15、uite of protocols developed with the backing of the IETF to achieve secure services over IP packet-switched networks. The Internet is the most ubiquitous packet-switched public network; therefore, an IPSecVPN deployed over the public Internet can provide significant cost savings to a corporation as
16、compared to a leased-line VPN. IPSec services allow for authentication, integrity, access control, and confidentiality. With IPSec, the information exchanged between remote sites can be encrypted and verified. Both remote-access and site-to-site VPNs can be deployed using IPSec. There are two basic
17、types of VPN networks: Site-to-site Remote-access A site-to-site VPN is created when connection devices on both sides of the VPN connection are aware of the VPN configuration in advance. The VPN remains static, and internal hosts have no knowledge that a VPN exists. Frame Relay, ATM, GRE, and MPLS V
18、PNs are examples of site-to-site VPNs. A remote-access VPN is created when VPN information is not statically set up, but instead allows for dynamically changing information and can be enabled and disabled. Consider a telecommuter who needs VPN access to corporate data over the Internet. The telecommuter does not necessarily have the VPN connection set up at all times. The telecommuters PC is
