ISBN 978-952-5726-07-7 (Print), 978-952-5726-08-4 (CD-ROM)

Proceedings of the Second Symposium International Computer Science and Computational Technology(ISCSCT ’09)
Huangshan, P. R. China, 26-28,Dec. 2009, pp. 270-273

New VPN Application in 3G Network

Weili Huang1, and Jian Yang2
1
Hebei University of Engineering , Handan, Hebei 056038, China
[email protected]
2
Hebei University of Engineering ,Handan, Hebei 056038, China
[email protected]

Abstract — This article will use VPN technology for new Recently,the cloud security has become the popular
wireless 3G networks, We propose the new architecture and network-based security technology for a lot of network
mechanisms of VPN in the 3G.With the new view Parallel providers .Cloud security is an effective security model,
Server Cluster and MPLS-VPN-based algorithm and the and soon will become the mainstream. But, it has not been
principles of VPN technology, we discover the current accepted by the majority of users, the reasons is that
vulnerability of VPN technology in the 3G network and cloud providers can not guarantee the security of the
prospect its application in the 3G network. We are
technology itself. Because of the special structure of cloud
contacting cloud computing and VPN to study cloud
security with VPN. This will be closely integrated VPN technology, it had a lot of big loopholes.So people put a
security with the clouds, to discover the new applications of VPN security technology into the cloud technology, we
VPN security in the cloud computing . need to be established among the clouds. The users could
control security for independent cloud, crossing cloud and
Index Terms—VPN;3G;Cloud Computing; Parallel Cluste; multi-cloud.
New Structure; Constraint-based routing Controling information ,in fact,not rely on a fixed
position. A simple example is the public key cryptography.
I. INTRODUCTION I insist the ownership of the private key so that I can
With the advent of 3G networks, a variety of control the user. Usually, the private key is stored in a
technologies to meet the 3G network will be mature. 3G secure location.However, from the ownership of the key I
network is high-speed ,wireless and mobility,providing a can try to control information, and not necessarily own the
fiber optic line, ADSL broadband access can not match ownership for other infrastructures. I can create a trusted
the convenience,so it is gradually becoming indispensable VPN by a incredible infrastructure . We can control and
to the current broadband access in a complementary protect the security of information by a key
manner. In some non-fixed location, cable broadband can connection ,and can connect service agreement[2].
not reach there, but they require high-bandwidth access to If these are very in place, then there is no inherent
the environment play a unique role. For such a nascent reason to make cloud computing environment can not be
Internet age, the network speed will remain the focus of guaranteed safe. In order to ensure safety we do not
attention. We had a lot of trial operation to increase maintain these things. We can establish a trusted VPN.
network access speed, with mixed success. However, Safety audit staff and mediators constant introduction of
presentation and application of VPN (Virtual Private new technologies and business models. If we can clearly
Network)in the 3G network has brought the gospel. In fact, show that we can control security by technology and
cable network VPN has existed for long time, but connectivity, we should make a cloud computing
accessing to 3G networks later, instead of the VPN environment safe and reliable as a private facility.
routing, VPN hardware firewalls, etc. are based on the However, we can also use the "multi-VPN
radio and there. Except wireless Internet, in the technology" to achieve multiple security detection . The
application layer,because passing through the operator's so-called "multi-VPN technology", that is, to set up
public network, so security must be taken into account, multiple VPN channels between two points.Before an
and because the tense of the current global IPV4 address, accessing point achieve another accessing point ,it must
generally the ip address from 3G network can not directly be crossed multi-layer filter,in order to achieve further
access the internet ,but VPN can create their own virtual improving security . Fig.1:
local area network business, just from the security and III. MPLS-BASED VPN TECHNOLOGY IN THE 3G
accessibility are two aspects of a good solution to both NETWORK
problems. In recent years, VPN technology has been
widely used .For business, VPN's biggest attraction is A. VPN Routing
price. It is estimated that, if an enterprise abandon the Traditional VPN transmited private network data
leased-line and use VPN, the cost of their entire network flow In the public Internet with GRE, L2TP, PPTP
can save 21% -45% .Thus, VPN in the 3G network have tunneling protocol, LSP tunnel itself is in a public Internet.
great commercial prospects, therefore, there are a lot of So, to achieve the VPN using MPLS has a natural
third-party vendor for VPN[1]. advantage. MPLS VPN is a private network through the
LSP to the different branches of banded together to form
II. CLOUD COMPUTING AND VPN a unified
© 2009 ACADEMY PUBLISHER
AP-PROC-CS-09CN005 270
network. MPLS VPN also supports interoperability （2）Using the shortest path algorithm on the rest of the
between different VPN control. MPLS VPN supports the topology map.
reuse of IP addresses among different branches, and
support interoperability between different VPN. IV. NEW VPN APPLICATION IN THE 3G NETWORK
Compared with traditional routing, VPN routing needs to
increase the branching and VPN-identifying information, A. .The 3G Network-based VPN Access to Image Data
which needs to extend BGP protocol to carry VPN routing VPN is based on the existing network to establish a
informations. virtual LAN, which means the equipment in the network
B. Constraint-Based Routing Calculation or server has two ip addresses, one is pre-wired ip address,
For the data stream of constructing transmission path, it is wired ,such as the server's ip address 212.25.4.1 is
if it had no the specific transmission requirements, we public network IP addresses, the scope of VPN network
can follow the traditional routing method( the shortest segment address we program is 192.168.2.1-255,
path ) to establish transmission path . But if the data assuming that we assign to the VPN server, the ip address
stream had a clear demand for services, you need to of 192.168.2.1, when a device-side firstly get an ip
follow the service flow and the actual state of the network address 118.34 .2.15 by 3G wireless network, but the ip
to obtain a suitable transmission path.Constraint-based address can not take the initiative to access from the
routing technology is a good solution, it can be used to outside , and then the device have an establishment of the
calculate many routes based on a variety of constraints, VPN server's virtual connection by the built-in PPTP VPN
such as under the data flow requirements, available client. It is like the device have two network cards and
network resources situation and the strategies of the establish direct connection to the network server.The VPN
network administrator we can calculate a comfortable path, server will assign the virtual links an ip address of
which not only to meet the data flow requirements but 192.168.2.2 , so that it can visit the device 192.168.2.2 by
also to focus on optimizing network resource using 192.168.2.1 .At this time if we need a remote
utilization.We can see that, compared with traditional watching for an image data from the device , first we have
constraint-based routing calculation which was only a computer which could access to the Internet , and then
considered network topology, constraint-based routing have an establishment of the VPN server,that is to say ,
technology must consider the network topology, the the client get the ip address of 192.168.2.3 which is from
distribution of network resources situation, the the VPN server , so that the client and the central VPN
administrator's strategy and business flow requirement. So server and the device just like in a real LAN, you can
constraint-based routing are able to find a link may be access each other. Clients can monitor remote image with
long but light load, rather than a heavy load of the shortest the vendor-supplied client software or the ip address
path, so that the network load distribution becomes 192.168.2.2 in the IE browser[4-6].
uniform, to avoid network transmission in the hot spot . B. New VPN Architecture In 3G Network
The focal points of constraint-based routing can be z The current most prominent feature of 3G networks
summarized as follows[3]: are not subject to geographical constraints, the
（1）Screening the network link set which was in line stability and the speed of wireless transmission are
with data flow requirement and the administrator's the most important indicator. First, in the wireless
strategies. router , we need to have a powerful processing chip
and its function should be a fast process data and fast

271
 forwarding, for example, I recommend TI davinci DDNS redundant VPN increase stability mechanism,
chip, the overall use of “ARM + which can help two dynamic IP-VPN gateways to find
DSP ”architecture,.Namely, it associated the use of each other[8] .
ARM Embedded Technology with DSP-processing
structure. V. PARALLEL VPN SERVER CLUSTERS
z Second, there must be the VPN-based server. Unlike traditional VPN server, to its current
Because the ip address of wireless Internet is not position,there are still some gaps between the VPN server
the real ip address which can be routed on the in the 3G network and traditional VPN server. However,
internet, so the client can not link point to point with in the 3G network to improve data transmission speed is
video servers and you must transit with the central what we pursue, which means that operators have a more
VPN server. rapid approach to data forwarding. With the development
z The third is to build a virtual network tunnels. In the of the algorithm, we know that in a sense, parallel
VPN, using PPP (Point to Point Protocol) packet computing method is superior to a serial operation, but we
stream is from a router on the LAN issue, through a want the clusters in parallel to further parallel them, will
shared IP network to transmit encrypted tunnel, and be quicker to
then to another router on the LAN, so that The tunnel do so? So I have proposed a parallel cluster's claim that on
is instead of dedicated lines[7]..Fig.2: the VPN server-side, firstly,with a service delivery point

of an area as the unit,we parallel combination of the server

C. New VPN Mechanism In 3G Networ
machines so as to achieve rapid data processing purposes ,
3G network has just been put into practice, to some then, with the whole Chinese 3G network as the unit, we
extent,a variety of mechanisms are not perfect. On the parallel combination of very service delivery point of an
mainland ,most of PPPoE dial-up mechanism was used to area so as to reach the data processing and transmission of
access to the network environment, the operators change data synchronization purposes, namely, the whole Chinese
IP address frequently, which led to the instability of the 3G network is an entirety, rather than the various regions
network data transmission, however, in the 3G network, for their own array. They can get each other's support and
VPN have some new mechanisms to ensure the stability use resources.This approach in the traditional network
of its data transmission, they are: DPD (Dead Peer service is not easy to achieve, but the 3G network, it can
Detection) to detect VPN disconnection mechanism and to be easily achieved, because in the 3G network, data
clear to see that whether online, in order to ensure that the transmission is wireless, and the platform they built is
VPN disconnected, it can make a first response and wireless, it broke through space and wiring constraints,
management; Keep-Alive mechanism, to continue to the idea of the parallel cluster is also relatively easy to
maintain a VPN line to help businesses automatically achieve[9-12].
attempt to reach the first line of VPN to work to further Exchange of information and data can still make use
ensure the VPN the stability of the quality of services are of existing network protocols, but I would suggest to
not dropped; NATT (NAT Traversal), ensure that the make use of the operating system Linux, on the one hand
VPN device compatible with the mechanism, which is the because of Linux to access the network operations more
mechanism for converting the packet format can be issued efficient, on the other, the higher their safety and can
by the ESP Enterprise IPSec packet format into the UDP reduce costs overhead.
format, and then through the office management the In addition, in order to achieve a server cluster in
Center's core router, VPN information can flow to achieve parallel with traditional VPN server, there is a different
the purpose; VPN guaranteed bandwidth mechanism; storage systems, and on security on the requirements.

272
 Storage system must provide the high performance of effectively improve the performance of VPN access to the
I / O operations and data for Linux cluster in order to network itself. In addition, VPN's new architecture and
meet a substantial number of server aggregation of mechanisms put forward, it also breaks the traditional
demand, of course, each computer must be in parallel framework of constraints, give full play to the 3G network,
computers, in every small 3G cluster node to install a wireless connectivity, but in their access to data security
sufficient number of chassis to provide additional capacity, issues should also be further to strengthen, should develop
through a sufficient number of Gigabit Ethernet port tied a new more secure encryption algorithm, to deal with
together and multiple cluster nodes connect to the Gigabit wireless transmission.
Ethernet switch, so that each node and the entire storage
space can be the establishment of the relationship between REFERENCES
the parallel data access so that it can effectively improve [1] Haiying Gao, VPN Technology[M],Machinery Industry
storage system performance. I say "sufficient number " Press,2004,pp.72-99. (in chinese)
of the specific number depends on the specific [2] (US) Lucas ． Firewall Policy and VPN
Configuration ． Water Resources and Hydropower
circumstances and the amount of data processed, Press,2008,pp.321-444.
depending mainly storage and unobstructed access to the [3] Zhiying Lv. On the VPN Technology .《Management and
standard. Technology》Journals, 2008 No. 3.pp.34-77.
We have to parallel the VPN server, we must share [4] Dengguo Feng ． Network Security Principles and
database, meaning that the entire 3G network data in a Technology. Science Press，2003.pp.65-87.(in chinese)
database must be accessible to each other, it is not [5] Elizabeth D.Zwicky,Simon Cooper,Tsinghua University
Press,2003,pp.54-77.
recommended the establishment of a unified database of
[6] Carasic-Hengmu.Firewall Core Technology Intensive
3G, but rather through sharing agreement with each other Solution．Hydropower Press．2005．4.pp..99-102
in all the database access, we have to use the same [7] Mei Zhang.SSL VPN Key Technology Research and
database format, but the issue of security also will bring System Design[D].PLA Information Engineering
us new troubles. Since the implementation of data sharing, University Press,2006,pp.89-99.
then there is large amounts of data may be stolen during [8] Jiazhen Xu,Comparison and Analysis of IPSec-based and
transmission, or by others, the possibility of SSL-based VPN[J],Computer Engineering and Design
Press 2004,pp.99-105. (in chinese)
eavesdropping. [13-15]
[9] Freier,karhon.The SSl Protocol Version 3,Netscape
VPN can form a virtual LAN, and this virtual local Communications November 18,1996.
area network where the computer is completely mutual [10] David Wagner,Analysis of SSL 3.0
trust.The attack among these computers is very difficult to Protocol,Http://www.Counterpane.com,2005-08-07.
be on guard. So,firstly, the VPN vendors should set up [11] Rivest RLShamir A,Adleman LA．Method for obtaining
the initial state well, let non-local area network visits. digital signatures and public key
Secondly, we should strengthen the development of cryptosystems．[J]CACM1978~21(2),pp120-122
firewall, VPN, can not be limited to such as MD5 or AES [12] KaiCheng Lu,．Computer cryptography【M】Beijing，
Tsinghua University Press．．1998．7．pp73～75 (in
encryption algorithm common to support the transmission chinese)
of data, but also should be embedded VPN to a variety of [13] DaWang.The VPN Interpretation,Netscape Tsinghua
systems so as to achieve full transparency of the VPN University Press November 18,1996. (in chinese)
infrastructure[16-17]. [14] http://www.baidu.com
[15] Ivan Pepelnjak,Jim Guichard.MPLS and VPN
VI. CONCLUSION Architectures [M]. Beijing Posts & Telecom Press ，
2001pp.89 -109, 129-155
In the emerging 3G networks ,using VPN
[16] Eric W .Gray.MPLS:Implementing the Technology [M].
technology, we can have a good access speed, especially
Electronics Industry Press ，2003.pp119- 122
if we join cluster parallel technology in this paper to the
[17] Thomas M. Thomas II. OSPF Network Design Solutions
VPN server, because this technology include the parallel
Second Edition[M ]. Electronics Industry Press，
machine and parallel algorithm,with which effectively the 2004,pp25-42
world's 3G networks all nodes are utilized, and even more

273