CN108023891A - A kind of tunnel switching method based on IPSEC, device and gateway - Google Patents

A kind of tunnel switching method based on IPSEC, device and gateway Download PDF

Info

Publication number
CN108023891A
CN108023891A CN201711319114.2A CN201711319114A CN108023891A CN 108023891 A CN108023891 A CN 108023891A CN 201711319114 A CN201711319114 A CN 201711319114A CN 108023891 A CN108023891 A CN 108023891A
Authority
CN
China
Prior art keywords
tunnel
main tunnel
over run
time
main
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711319114.2A
Other languages
Chinese (zh)
Inventor
李洪宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing An Polytron Technologies Inc
Original Assignee
Beijing An Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing An Polytron Technologies Inc filed Critical Beijing An Polytron Technologies Inc
Priority to CN201711319114.2A priority Critical patent/CN108023891A/en
Publication of CN108023891A publication Critical patent/CN108023891A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/40Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the present application discloses a kind of tunnel switching method based on IPSEC, device and gateway.The described method includes:Gateway detects the state in main tunnel, if the main tunnel is abnormal condition, waits the time of preset length;After wait, the state in the main tunnel is detected again;If the main tunnel is abnormal condition, over run tunnel is switched to from the main tunnel.Tunnel handoff technique scheme provided herein can be to avoid the mistake switching under the states such as network concussion, so that holding is based on the communication of main tunnel as far as possible, the problems such as reducing unnecessary switching consumption and switch the adaptation adjustment brought.

Description

A kind of tunnel switching method based on IPSEC, device and gateway
Technical field
The present invention relates to network technique field, more particularly to a kind of tunnel switching method based on IPSEC, device and net Close.
Background technology
IPSec (Internet Protocol Security, Internet protocol security) is a kind of open standard Frame structure, by using encrypted security service to ensure in IP (Internet Protocol, the association interconnected between network View) maintained secrecy on network and the communication of safety.In actual networking, gateway A and gateway B establish tunnel by operator and (use In the passage of communication), by gateway negotiations process of this tunnel based on IPSec as shown in Figure 1, comprising the following steps:(1) gateway Between A and gateway B, any one party is initiated to be based on IKE agreements (Internet Key Exchange Protocol, Internet Key Exchange Protocol) negotiation, to response after terminating to;(2) both sides are according to configuration parameter negotiation, each self-generating IKE SA (Security Association, Security Association);(3) after IKE SA generations, gateway A is initiated IPSec with gateway B and is consulted;(4) Both sides are according to configuration parameter negotiation, each self-generating IPSec SA;(5) it is double after both sides IPSec SA reach ESTABLISHED states Root carries out data transmission according to IPSEC SA.
After gateway A and gateway B establish ipsec tunnel 1 by operator 1, if tunnel 1 goes wrong, to ensure client Business normal communication, gateway A must re-initiate negotiation to another interface IP address of gateway B, be established by other operators One new tunnel, is communicated using new tunnel.But if the outlet that gateway A establishes ipsec tunnel goes wrong, Ipsec tunnel can not be re-established with gateway B.Therefore how can not continue to ensure between gateway after use in the tunnel of foundation Data transfer is normally carried out, and is problem to be solved.
The content of the invention
The application provides a kind of tunnel switching method based on IPSEC, device and gateway, to ensure in established tunnel When something goes wrong, data are normally carried out between ensureing gateway.
According to the first aspect of the embodiment of the present application, there is provided a kind of tunnel switching method based on IPSEC, it is described repeatedly For gateway, including:
The state in main tunnel is detected, if the main tunnel is abnormal condition, waits the time of preset length;
After wait, the state in the main tunnel is detected again;
If the main tunnel is abnormal condition, over run tunnel is switched to from the main tunnel, uses the over run tunnel Communicated.
Wherein, the time of the preset length is more than the time of the main tunnel Auto-reconnect.
Optionally, the time for waiting preset length, it is specially:Gateway detects main tunnel when being abnormal condition, Timer starts timing;
When the time of timer timing being equal to preset length, gateway, which waits, to be terminated.
Optionally, the time for waiting preset length, it is specially:
Gateway detects main tunnel when being abnormal condition, records detection time;
The difference of current time and the detection time is calculated, when the difference is equal to the time of preset length, gateway Wait terminates.
Optionally, it is described to switch to over run tunnel from the main tunnel and include:
According to the priority order from high in the end of over run tunnel, detect whether each over run tunnel is upstate;
Communicated using first detected for the over run tunnel of upstate.
Optionally, it is described to switch to over run tunnel from the main tunnel and include:
Detect whether each over run tunnel is upstate;
The over run tunnel of highest priority is selected from the over run tunnel for upstate, uses selected over run tunnel Communicated.
Optionally, the method further includes:If the main tunnel is normal condition, keep all over run tunnels for it is non-can Use state.
According to the second aspect of the embodiment of the present application, there is provided a kind of tunnel switching device based on IPSEC, described device should For gateway, including:
Detection unit, for detecting the state in main tunnel, if the main tunnel is abnormal condition, waits preset length Time;And after wait, the state in the main tunnel is detected again;
Switch unit, if the main tunnel is abnormal condition after being detected again for the detection unit, from the master Tunnel switches to over run tunnel, is communicated using an over run tunnel.
Wherein, the time of the preset length is more than the time of the main tunnel Auto-reconnect.
Optionally, the detection unit, including:
Detection sub-unit, for detecting the state in the main tunnel;
Timing subelement, when to detect the main tunnel be abnormal condition for the detection sub-unit, starts timing;
Subelement is controlled, for when the time of the timing subelement timing being equal to preset length, stop timing to be single The timing of member, and control detection sub-unit to detect the state in the main tunnel again.
Optionally, the detection unit, is specifically used for:
When it is abnormal condition to detect main tunnel, detection time is recorded;
The difference of current time and the detection time is calculated, when the difference is equal to the time of preset length, is waited Terminate.
Optionally, the switch unit is specifically used for:
According to the priority order from high in the end of over run tunnel, detect whether each over run tunnel is upstate;
Communicated using first detected for the over run tunnel of upstate.
Optionally, the switch unit is specifically used for:
Detect whether each over run tunnel is upstate;
The over run tunnel of highest priority is selected from the over run tunnel for upstate, uses selected over run tunnel Communicated.
Optionally, the device further includes:Setting unit, if being normal condition for the main tunnel, keeps all Over run tunnel is non-upstate.
According to the third aspect of the embodiment of the present application, there is provided a kind of gateway, it is characterised in that including processor, transceiver And memory, the processor are used for by the program or instruction for calling the memory memory storage:
Gateway detects the state in main tunnel, if the main tunnel is abnormal condition, waits the time of preset length;
After wait, the state in the main tunnel is detected again;
If the main tunnel is abnormal condition, over run tunnel is switched to from the main tunnel, uses the over run tunnel Communicated by the transceiver.
Wherein, the time of the preset length is more than the time of the main tunnel Auto-reconnect.
Optionally, the processor is specifically used for:
When it is abnormal condition to detect the main tunnel, start timing;
When the time of timing being equal to preset length, wait terminates.
Optionally, the processor is specifically used for:
When it is abnormal condition to detect the main tunnel, detection time is recorded;
The difference of current time and the detection time is calculated, when the difference is equal to the time of preset length, is waited Terminate.
Optionally, the processor is specifically used for:
According to the priority order from high in the end of over run tunnel, detect whether each over run tunnel is upstate;
Communicated using first detected for the over run tunnel of upstate.
Optionally, the processor is specifically used for:
Detect whether each over run tunnel is upstate;
The over run tunnel of highest priority is selected from the over run tunnel for upstate, uses selected over run tunnel Communicated.
Optionally, the processor is additionally operable to:If the main tunnel is normal condition, keep all over run tunnels for it is non-can Use state.
The tunnel handoff technique scheme based on IPSEC that the application provides, main tunnel and one or more are configured to gateway Bar over run tunnel, detect main tunnel be abnormal condition after, be not switched to over run tunnel at once, also by random time into Row switching, but the time of preset length is waited, the time of the preset length is more than the time of main tunnel Auto-reconnect, if waiting After treating, main tunnel remains as abnormal condition, then main tunnel is switched to an over run tunnel.Therefore it is provided herein Tunnel handoff technique scheme can to avoid under the states such as network concussion mistake switching, prevent it is unnecessary progress tunnel switching when into Row tunnel switches, so as to keep based on the communication of main tunnel, reducing the adaptation that unnecessary switching consumption and switching are brought as far as possible The problems such as adjustment.
It should be appreciated that the general description and following detailed description of the above are only exemplary and explanatory, not The application can be limited.
Brief description of the drawings
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, below will be to embodiment or existing There is attached drawing needed in technology description to be briefly described, it should be apparent that, for those of ordinary skill in the art Speech, without having to pay creative labor, can also obtain other attached drawings according to these attached drawings.
Fig. 1 is the gateway negotiations process schematic diagram of gateway A and gateway B based on IPSec in the prior art;
Fig. 2 is a kind of flow signal of tunnel switching method based on IPSEC shown in one exemplary embodiment of the application Figure;
Fig. 3 is a kind of block diagram of tunnel switching device based on IPSEC shown in one exemplary embodiment of the application;
Fig. 4 is a kind of structure diagram of gateway shown in one exemplary embodiment of the application.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to During attached drawing, unless otherwise indicated, the same numbers in different attached drawings represent the same or similar key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent apparatus and method of some aspects be described in detail in claims, the application.
For comprehensive understanding the application, numerous concrete details are refer in the following detailed description, but this area skill Art personnel are it should be understood that the application may not need these details and realize.In other embodiments, it is not described in detail known Method, process, component and circuit, obscured in order to avoid undesirably resulting in embodiment.
The application, which first configures gateway in main tunnel and over run tunnel, main tunnel and over run tunnel, can pass through distinct interface IPSEC is established with different IP addresses with opposite end to connect.The main each own characterization in tunnel and over run tunnel itself is main tunnel or spare The mark in tunnel.Main tunnel is only used as main tunnel, not as the over run tunnel in other tunnels, in order to avoid based on mutual between there is tunnel Gateway is caused not stop the situation of handover tunnel for relation.One or more over run tunnel can be configured, if configuration is a plurality of spare Tunnel, can be that each tunnel sets priority.After main tunnel and over run tunnel configuration, over run tunnel is arranged to can not With state, such over run tunnel cannot send negotiation packet, can not handle the negotiation packet that opposite end is sent, in case appearance will be standby With the situation that tunnel misuse is main tunnel.
After gateway system starts, all IPSEC configurations are traveled through, detect whether to be configured with main tunnel and over run tunnel, if inspection Measure and do not configure over run tunnel, then can be by display device display reminding message, so that user carries out relevant treatment;If detection To main tunnel and over run tunnel is configured with, continue to detect the state in main tunnel and over run tunnel.Usual main tunnel is It is normal condition that main tunnel is represented during ESTABLISHED states, and main tunnel represents that main tunnel is when being non-ESTABLISHED states Abnormal condition.If it is normal condition to detect main tunnel, such as detects that main tunnel is ESTABLISHED states, illustrate master Tunnel can be with normal communication, and it is down state to keep over run tunnel in this case;If it is improper shape to detect main tunnel State, such as detect that main tunnel is non-ESTABLISHED states, then over run tunnel is arranged to upstate, in this case Tunnel switching can be carried out, main tunnel is switched into over run tunnel.
Referring to Fig. 2, Fig. 2 is a kind of tunnel switching method based on IPSEC shown in one exemplary embodiment of the application Flow diagram, the method are applied to gateway, as shown in Fig. 2, the described method includes:
Step S201, gateway detect the state in main tunnel;
Step S202, if detecting, the main tunnel is abnormal condition, waits the time of preset length;
Step S203, after wait, detects the state in the main tunnel again;
Step S204, if the main tunnel is abnormal condition, over run tunnel is switched to from the main tunnel.
Wherein, if it is abnormal condition that gateway, which detects main tunnel, such as non-ESTABLISHED states, not at once into Row tunnel switches, if this is because network shakes, causing main tunnel connection to disconnect, (main tunnel is also non-ESTABLISHED State), gateway system acquiescence can carry out reconnection to main tunnel automatically within a certain period of time, recover the communication in main tunnel, if at once Tunnel switching is carried out, then unnecessary tunnel switching, therefore, this Shen may have been carried out in the case where tunnel switching need not be carried out Please in, gateway is detecting that main tunnel is non-ESTABLISHED states, first wait preset length time.The preset length Time be more than time of Auto-reconnect after main tunnel disconnects, such as 30s, that is, system and detecting network concussion, and examine After measuring main tunnel disconnection, give tacit consent to and reconnection is carried out to main tunnel in 30s.Gateway after wait, such as wait 30s after, The state in main tunnel is detected again, if main tunnel is normal condition, such as main tunnel is ESTABLISHED states, illustrates main tunnel Road reconnection, has recovered communication, gateway switches without tunnel in this case.If detect again, detect that main tunnel is Non- ESTABLISHED states, illustrate that main tunnel does not carry out reconnection or reconnection failure, such as other failures occur to cause main tunnel Cisco unity malfunction, in the case that system is without reconnection, or occurs network concussion, it is successful that system fails the main tunnel of reconnection In the case of, gateway carries out tunnel switching.
Wherein, the time of main tunnel Auto-reconnect can pre-set, such gateway can read the Auto-reconnect when Between time as preset length, after time of main tunnel Auto-reconnect is by system modification, the time of the preset length also can Follow change;Main tunnel can also be calculated certainly according to the situation that the situation of network concussion and main tunnel disconnect by gateway system The time of dynamic reconnection, time of the gateway using the time as the preset length, such gateway neatly can more be met The stand-by period of current network conditions, carries out tunnel switching after the stand-by period;The time of the preset length can also It is arranged to regular length.
Wherein it is possible to when it is abnormal condition that gateway, which detects main tunnel, timer starts timing, when timer timing Time when being equal to preset length, gateway, which waits, to be terminated.Or when it is abnormal condition that gateway, which detects main tunnel, gateway note Detection time is recorded, afterwards can (time short enough, such as 1s) calculating current time and during the detection at regular intervals Between difference, when the difference be equal to preset length time when, wait terminates.It is possible thereby to realize that gateway is detecting main tunnel For the waiting process after abnormal condition.
When gateway determines to carry out tunnel switching, over run tunnel is arranged to upstate.If an only over run tunnel, Gateway is communicated using the over run tunnel.If there is multiple over run tunnels, gateway can select the spare tunnel of highest priority Road is communicated.Although when determining to carry out tunnel switching, over run tunnel can be arranged to upstate by gateway, if backup tunnel Road there are failure, then can cause gateway to set backup tunnel to fail for upstate in itself, and over run tunnel remains as unavailable shape State, in this case, if an only over run tunnel, the failure of gateway handoff tunnel, gateway can send prompting message, to carry Show that user is handled;If there are multiple over run tunnels, the over run tunnel of therefrom selected as upstate is needed to be communicated.Specifically Ground, in a kind of possible embodiment, order that gateway can be by over run tunnel priority from high to low, detects over run tunnel State, using detect first over run tunnel for upstate as target is switched, led to using the over run tunnel News, such gateway need not all be detected all over run tunnels, can save resource loss and time;Alternatively possible In embodiment, gateway can first detect the state of each over run tunnel, determine which over run tunnel is upstate, Ran Houcong To select the conduct of highest priority to switch target in the over run tunnel of upstate, the over run tunnel of the highest priority is used Being communicated, this mode needs to detect all over run tunnels, but can find the situation that over run tunnel breaks down in time, Repair process is carried out easy to user.Gateway can also be randomly selected from multiple over run tunnels first, by main tunnel switch to by The over run tunnel of choosing, this mode are more suitable for not setting over run tunnel the situation of priority.
Tunnel switching method based on IPSEC provided herein, main tunnel and one or more are configured to gateway Over run tunnel, after detecting that main tunnel is abnormal condition, is not switched to over run tunnel, is not also carried out by random time at once Switching, but the time of preset length is waited, the time of the preset length is more than the time of main tunnel Auto-reconnect, if waiting After, main tunnel remains as abnormal condition, then main tunnel is switched to an over run tunnel, and the over run tunnel can be chosen The over run tunnel of the current highest priority for upstate.Therefore tunnel switching method provided herein can be to avoid net The mistake switching under state such as network concussion, prevents from carrying out tunnel switching in unnecessary progress tunnel switching, thus keep as far as possible with Based on main tunnel communication, the problems such as reducing unnecessary switching consumption and switch the adaptation adjustment brought.
The description of embodiment of the method more than, it is apparent to those skilled in the art that the application can Realized by the mode of software plus required general hardware platform, naturally it is also possible to by hardware, but in many cases the former It is more preferably embodiment.Based on such understanding, the technical solution of the application substantially makes tribute to the prior art in other words The part offered can be embodied in the form of software product, and be stored in a storage medium, including some instructions to So that a smart machine performs all or part of step of each embodiment the method for the application.And foregoing storage medium Including:Read-only storage (ROM), random access memory (RAM), magnetic disc or CD etc. are various can to store data and program The medium of code.
The application also provides a kind of tunnel switching device based on IPSEC, described device application gateway, as shown in figure 3, institute Stating device includes:
Detection unit U301, for detecting the state in main tunnel, if the main tunnel is abnormal condition, waits default length The time of degree;And after wait, the state in the main tunnel is detected again;
Switch unit U302, if the main tunnel is abnormal condition after being detected again for the detection unit, from institute State main tunnel and switch to over run tunnel.
Wherein, the time of the preset length is more than the time of the main tunnel Auto-reconnect, and such described device is in master Tunnel may switch within the time of Auto-reconnect without tunnel, and so as to avoid network concussion when carries out unnecessary cut The problems such as changing, keeping based on the communication of main tunnel, reducing unnecessary switching consumption and switching the adaptation adjustment brought as far as possible.
Wherein, the detection unit, can include:
Detection sub-unit U3011, for detecting the state in the main tunnel;
Timing subelement U3012, when for the detection sub-unit, to detect the main tunnel be abnormal condition, starts Timing;
Control subelement U3013, for when the time of the timing subelement timing being equal to preset length, stop timing The timing of subelement, and control detection sub-unit to detect the state in the main tunnel again.
The detection unit, can also be specifically used for:When it is abnormal condition to detect main tunnel, when record detects Between;
The difference of current time and the detection time is calculated, when the difference is equal to the time of preset length, is waited Terminate, it is possible thereby to realize waiting process of the gateway after detecting main tunnel and being abnormal condition.
If there is multiple over run tunnels, the switch unit can be therefrom random optionally first, main tunnel is switched to selected Over run tunnel.If over run tunnel is provided with priority, in a kind of possible embodiment, the switch unit is specifically used In:According to the priority order from high in the end of over run tunnel, detect whether each over run tunnel is upstate;Use detection To first over run tunnel for upstate communicated.In alternatively possible embodiment, the switch unit It is specifically used for:Detect whether each over run tunnel is upstate;Priority is selected from the over run tunnel for upstate most High over run tunnel, is communicated using selected over run tunnel.
The device can also include setting unit U303, if the setting unit is normal shape for the main tunnel State, it is non-upstate to keep all over run tunnels, so that since spare tunnel is arrived in misuse when avoiding being communicated using main tunnel Road and malfunction.
The application also provides a kind of gateway, as shown in figure 4, the gateway includes processor, transceiver and memory, it is described Processor, the transceiver are connected with the memory by data cable.Wherein, the processor is by calling the storage The program of device memory storage or instruction are used for:
Gateway detects the state in main tunnel, if the main tunnel is abnormal condition, waits the time of preset length;
After wait, the state in the main tunnel is detected again;
If the main tunnel is abnormal condition, over run tunnel is switched to from the main tunnel, uses the over run tunnel Communicated by the transceiver.
Wherein, the time of the preset length is more than the time of the main tunnel Auto-reconnect, and so described gateway can Avoid carrying out unnecessary switching during network concussion, so as to keep based on the communication of main tunnel, reducing unnecessary switching as far as possible The problems such as adaptation adjustment that consumption and switching are brought.
Wherein, the processor can be specifically used for:When it is abnormal condition to detect the main tunnel, start to count When;
When the time of timing being equal to preset length, wait terminates.Alternatively, the processor can be specifically used for:Work as inspection When to measure the main tunnel be abnormal condition, detection time is recorded;The difference of current time and the detection time is calculated, when When the difference is equal to the time of preset length, wait terminates.Gateway is achieved in after detecting main tunnel and being abnormal condition Waiting process.
If there is multiple over run tunnels, in a kind of possible embodiment, the processor is specifically used for:According to spare tunnel The order of the priority in road from high in the end, detects whether each over run tunnel is upstate;It is using first detected The over run tunnel of upstate is communicated.In alternatively possible embodiment, the processor is specifically used for:Detection is each Whether a over run tunnel is upstate;The over run tunnel of highest priority is selected from the over run tunnel for upstate, is made Communicated with selected over run tunnel.The processor can also therefrom it is random optionally first, by main tunnel switch to by The over run tunnel of choosing, this mode, which is particularly suitable for over run tunnel, does not have the situation of priority.
Wherein, if it is normal condition that the processor, which can be also used for the main tunnel, it is non-to keep all over run tunnels Upstate, so as to malfunction when avoiding being communicated using main tunnel due to misapplying to over run tunnel.
For convenience of description, it is divided into various units during description apparatus above with function to describe respectively.Certainly, this is being implemented The function of each unit can be realized in same or multiple softwares and/or hardware during application.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment Divide mutually referring to what each embodiment stressed is the difference with other embodiment.Especially for device or For system embodiment, since it is substantially similar to embodiment of the method, so describing fairly simple, related part is referring to method The part explanation of embodiment.Device described above, equipment and system embodiment are only schematical, wherein described The unit illustrated as separating component may or may not be physically separate, and the component shown as unit can be with It is or may not be physical location, you can with positioned at a place, or can also be distributed in multiple network unit.Can To select some or all of module therein to realize the purpose of this embodiment scheme according to the actual needs.This area is common Technical staff is without creative efforts, you can to understand and implement.
The above is only the embodiment of the application, is made skilled artisans appreciate that or realizing this Shen Please.A variety of modifications to these embodiments will be apparent to one skilled in the art, as defined herein General Principle can be realized in other embodiments in the case where not departing from spirit herein or scope.Therefore, the application The embodiments shown herein is not intended to be limited to, and is to fit to and the principles and novel features disclosed herein phase one The most wide scope caused.

Claims (16)

  1. A kind of 1. tunnel switching method based on IPSEC, it is characterised in that including:
    Gateway detects the state in main tunnel, if the main tunnel is abnormal condition, waits the time of preset length;
    After wait, the state in the main tunnel is detected again;
    If the main tunnel is abnormal condition, over run tunnel is switched to from the main tunnel.
  2. 2. the method as described in claim 1, it is characterised in that the time of the preset length weighs automatically more than the main tunnel Time even.
  3. 3. method as claimed in claim 1 or 2, it is characterised in that the time for waiting preset length, be specially:
    When it is abnormal condition that gateway, which detects main tunnel, timer starts timing;
    When the time of timer timing being equal to preset length, gateway, which waits, to be terminated.
  4. 4. method as claimed in claim 1 or 2, it is characterised in that the time for waiting preset length, be specially:
    When it is abnormal condition that gateway, which detects main tunnel, detection time is recorded;
    The difference of current time and the detection time is calculated, when the difference is equal to the time of preset length, wait terminates.
  5. 5. method as claimed in claim 1 or 2, it is characterised in that described to switch to over run tunnel from the main tunnel, bag Include:
    According to the priority order from high in the end of over run tunnel, detect whether each over run tunnel is upstate;
    Communicated using first detected for the over run tunnel of upstate.
  6. 6. method as claimed in claim 1 or 2, it is characterised in that described to switch to over run tunnel from the main tunnel, bag Include:
    Detect whether each over run tunnel is upstate;
    The over run tunnel of highest priority is selected from the over run tunnel for upstate, is carried out using selected over run tunnel Communication.
  7. 7. method as claimed in claim 1 or 2, it is characterised in that further include:
    If the main tunnel is normal condition, it is non-upstate to keep all over run tunnels.
  8. A kind of 8. tunnel switching device based on IPSEC, it is characterised in that including:
    Detection unit, for detecting the state in main tunnel, if the main tunnel is abnormal condition, wait preset length when Between;And after wait, the state in the main tunnel is detected again;
    Switch unit, if the main tunnel is abnormal condition after being detected again for the detection unit, from the main tunnel Switch to over run tunnel.
  9. 9. device as claimed in claim 8, it is characterised in that the time of the preset length weighs automatically more than the main tunnel Time even.
  10. 10. device as claimed in claim 8 or 9, it is characterised in that the detection unit, including:
    Detection sub-unit, for detecting the state in the main tunnel;
    Timing subelement, when to detect the main tunnel be abnormal condition for the detection sub-unit, starts timing;
    Control subelement, for when the time of the timing subelement timing being equal to preset length, stop timing subelement Timing, and control detection sub-unit to detect the state in the main tunnel again.
  11. 11. device as claimed in claim 8 or 9, it is characterised in that the detection unit, is specifically used for:
    When it is abnormal condition to detect main tunnel, detection time is recorded;
    The difference of current time and the detection time is calculated, when the difference is equal to the time of preset length, wait terminates.
  12. 12. device as claimed in claim 8 or 9, it is characterised in that the switch unit is specifically used for:
    According to the priority order from high in the end of over run tunnel, detect whether each over run tunnel is upstate;
    Communicated using first detected for the over run tunnel of upstate.
  13. 13. device as claimed in claims 6 or 7, it is characterised in that further include:
    Setting unit, if being normal condition for the main tunnel, it is non-upstate to keep all over run tunnels.
  14. 14. a kind of gateway, it is characterised in that including processor, transceiver and memory, the processor described in calling by depositing The program of reservoir memory storage or instruction are used for:
    The state in main tunnel is detected, if the main tunnel is abnormal condition, waits the time of preset length;
    After wait, the state in the main tunnel is detected again;
    If the main tunnel is abnormal condition, over run tunnel is switched to from the main tunnel, is passed through using the over run tunnel The transceiver is communicated.
  15. 15. gateway as claimed in claim 14, it is characterised in that it is automatic that the time of the preset length is more than the main tunnel The time of reconnection.
  16. 16. the gateway as described in claims 14 or 15, it is characterised in that the processor is additionally operable to:
    If the main tunnel is normal condition, it is non-upstate to keep all over run tunnels.
CN201711319114.2A 2017-12-12 2017-12-12 A kind of tunnel switching method based on IPSEC, device and gateway Pending CN108023891A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711319114.2A CN108023891A (en) 2017-12-12 2017-12-12 A kind of tunnel switching method based on IPSEC, device and gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711319114.2A CN108023891A (en) 2017-12-12 2017-12-12 A kind of tunnel switching method based on IPSEC, device and gateway

Publications (1)

Publication Number Publication Date
CN108023891A true CN108023891A (en) 2018-05-11

Family

ID=62072914

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711319114.2A Pending CN108023891A (en) 2017-12-12 2017-12-12 A kind of tunnel switching method based on IPSEC, device and gateway

Country Status (1)

Country Link
CN (1) CN108023891A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112448949A (en) * 2020-11-12 2021-03-05 武汉空格信息技术有限公司 Computer network monitoring system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101425972A (en) * 2008-11-28 2009-05-06 中兴通讯股份有限公司 Tunnel switching method and device
CN101902396A (en) * 2010-06-18 2010-12-01 中兴通讯股份有限公司 Method and system for protecting tunnel in multi-protocol label switching traffic engineering
CN102571497A (en) * 2012-01-29 2012-07-11 华为技术有限公司 IPSec tunnel fault detection method, apparatus thereof and system thereof
WO2013184753A1 (en) * 2012-06-05 2013-12-12 Cisco Technology, Inc. Managing trace requests over tunneled links
CN103973476A (en) * 2013-02-06 2014-08-06 上海杰之能信息科技有限公司 Gateway, and gateway hot backup system and method
CN106330475A (en) * 2015-06-15 2017-01-11 中兴通讯股份有限公司 Method and device for managing main and standby nodes in communication system and high availability cluster
CN106936683A (en) * 2015-12-31 2017-07-07 北京网御星云信息技术有限公司 A kind of method and device for realizing tunnel configuration

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101425972A (en) * 2008-11-28 2009-05-06 中兴通讯股份有限公司 Tunnel switching method and device
CN101902396A (en) * 2010-06-18 2010-12-01 中兴通讯股份有限公司 Method and system for protecting tunnel in multi-protocol label switching traffic engineering
CN102571497A (en) * 2012-01-29 2012-07-11 华为技术有限公司 IPSec tunnel fault detection method, apparatus thereof and system thereof
WO2013184753A1 (en) * 2012-06-05 2013-12-12 Cisco Technology, Inc. Managing trace requests over tunneled links
CN103973476A (en) * 2013-02-06 2014-08-06 上海杰之能信息科技有限公司 Gateway, and gateway hot backup system and method
CN106330475A (en) * 2015-06-15 2017-01-11 中兴通讯股份有限公司 Method and device for managing main and standby nodes in communication system and high availability cluster
CN106936683A (en) * 2015-12-31 2017-07-07 北京网御星云信息技术有限公司 A kind of method and device for realizing tunnel configuration

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112448949A (en) * 2020-11-12 2021-03-05 武汉空格信息技术有限公司 Computer network monitoring system

Similar Documents

Publication Publication Date Title
US10419273B2 (en) Stand-by controller assisted failover
CN103812728B (en) A kind of network diagnosis method, system and router
CN107332726B (en) Communication link detection method and device
CN102265555B (en) Conversion method between an main communicational equipment and a spare communicational equipment, the communicational equipments and a service request equipment
JP2006013827A (en) Packet transfer apparatus
CN103686854B (en) The method and apparatus for controlling AP
CN107623593A (en) The method and apparatus of two-node cluster hot backup based on CU separation
CN101442471A (en) Method for implementing backup and switch of IPSec tunnel, system and node equipment, networking architecture
CN102257848A (en) Main and secondary apparatuses conversion method betwenn communication equipment, communication equipment and system, and request equipment of system and service
CN106533736A (en) Network device reboot method and apparatus
CN106603261A (en) Hot backup method, first master device, backup device and communication system
CN102265556B (en) Conversion method between an main communicational equipment and a spare communicational equipment, the communicational equipments and a service request equipment
CN107820289A (en) A kind of WIFI network switching method, device, terminal and medium
CN104348808B (en) The method and apparatus of Dialog processing
CN108206767A (en) A kind of network equipment failure detection method and device
CN108093441A (en) The switching method and device of a kind of access controller
CN108023891A (en) A kind of tunnel switching method based on IPSEC, device and gateway
CN106487696B (en) Link failure detection method and device
WO2017000667A1 (en) Tr069 protocol information processing method, device and computer readable storage medium
CN103107956A (en) Parameter updating method, link aggregation method and communication terminal
CN113676493A (en) Communication method based on MOBIKE protocol and electronic equipment
EP2339811B1 (en) Method and system for communication capacity negotiation of physical layer chips
CN103442160B (en) A kind of method for switching network and intelligent television
CN105681122A (en) Method and system for telecommunication device monitoring
CN108683561A (en) A kind of station state detection method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180511