| 摘要 |
When forming an L2VPN, each VPN server is required to decrypt data received from a VPN client using the source VPN client key and encrypt the data using the destination VPN client key. The loads of the encrypting and decrypting processings are high, thereby the VPN server through-put is lowered. In order to solve the above problem, according to the present invention, the destination address of an IP packet sent from the VPN client is used as a multicast address, then data is encrypted according to the security association of the multicast address distributed from the VPN server. The encrypted IP packet is encapsulated with the IP address of the VPN server and sent to the VPN server. Receiving this IP packet, the VPN server determines the destination VPN client according to the multicast address of the encapsulated IP packet, then encapsulated with the IP address of the destination VPN client and sent to the VPN client.
|
