CN110011892A - A kind of communication means and relevant apparatus of Virtual Private Network - Google Patents
A kind of communication means and relevant apparatus of Virtual Private Network Download PDFInfo
- Publication number
- CN110011892A CN110011892A CN201910196147.5A CN201910196147A CN110011892A CN 110011892 A CN110011892 A CN 110011892A CN 201910196147 A CN201910196147 A CN 201910196147A CN 110011892 A CN110011892 A CN 110011892A
- Authority
- CN
- China
- Prior art keywords
- distributed network
- network gate
- client
- cryptographic hash
- communication connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1034—Reaction to server failures by a load balancer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Abstract
The present invention relates to cloud transmission fields, provide the communication means and relevant apparatus of a kind of Virtual Private Network.A kind of communication means of Virtual Private Network includes: to obtain the first distributed network gate and Security Association that client is established when the first distributed network gate and client are established when communicating to connect;When the first distributed network gate delay machine, in other distributed network Central Shanxi Plain, the second distributed network gate of communication connection is established in selection with client;Communication connection message is established by first and issues the second distributed network gate, wherein first establishes communication connection message alliance safe to carry, and the first foundation communication connection message is used to indicate the second distributed network gate and establishes communication connection by Security Association and client.The technical solution of the embodiment of the present invention, realizes and efficiently communicates in Virtual Private Network.
Description
Technical field
The present invention relates to cloud transmission field more particularly to the communication means and relevant apparatus of a kind of Virtual Private Network.
Background technique
The function of Virtual Private Network is that dedicated network is established in common network, carries out encryption communication, realizes long-range visit
It asks, is widely used in enterprise network.Currently, the Virtual Private Network scheme that cloud computing manufacturer uses is active and standby mode,
Standby link is not involved in when primary link transmits data, and when primary link breaks down, flow switches back to standby link.
At present in Virtual Private Network, a data Communication tunnel is encapsulated out on public network using encryption technology, is passed through
Ipsec protocol provides secure communication between client and distributed network gate, wherein Security Association is client and distributed network
To the agreement of communication elements between pass, for example, being protected in the agreement used, the encapsulation mode of agreement, cryptographic algorithm, specific data stream
Shared key and the life cycle of key etc. for protecting data, in the Virtual Private Network by the way of active and standby, it is divided into two
Kind mode, one is primary links and the asynchronous Security Association of standby link, then when the distributed network gate delay machine of primary link,
The Security Association of foundation can be lost, and client and other distributed network gates need to re-establish Security Association just and can be carried out safe lead to
Letter, another kind are primary link and standby link synchronous safety alliance, then needing the same of between all distributed network gates timing
Step data, both modes all can not achieve efficiently to be communicated in Virtual Private Network.
Summary of the invention
The embodiment of the present invention provides the communication means and relevant apparatus of a kind of Virtual Private Network, to realize in virtual private
It is efficiently communicated in network.
First aspect present invention provides a kind of communication means of Virtual Private Network, and the Virtual Private Network includes N number of
Distributed network gate and Centralized Controller, wherein N is positive integer, comprising:
When the first distributed network gate and client, which are established, to be communicated to connect, first distributed network gate and the visitor are obtained
The Security Association that family end is established, wherein first distributed network gate belongs to N number of distributed network gate;
When the first distributed network gate delay machine, in other distributed network Central Shanxi Plain, selection is communicated with client foundation
Second distributed network gate of connection;
Communication connection message is established by first and issues second distributed network gate, wherein described first establishes communication link
It connects message and carries the Security Association, the first foundation communication connection message is used to indicate second distributed network gate and passes through
The Security Association and the client, which are established, to be communicated to connect.
Second aspect of the present invention provides a kind of communication device of Virtual Private Network, comprising:
Module is obtained, for obtaining first distribution when the first distributed network gate and client foundation communication connection
The Security Association that formula gateway and the client are established, wherein first distributed network gate belongs to N number of distributed network
It closes;
Selecting module, for when the first distributed network gate delay machine, in other distributed network Central Shanxi Plain selection with it is described
Client establishes the second distributed network gate of communication connection;
Sending module issues second distributed network gate for establishing communication connection message for first, wherein described the
One, which establishes communication connection message, carries the Security Association, and described first, which establishes communication connection message, is used to indicate described second point
Cloth gateway is established by the Security Association and the client and is communicated to connect.
It can be seen that the communication means and relevant apparatus of the Virtual Private Network proposed through the invention, Virtual Private Network
Network includes N number of distributed network gate and Centralized Controller, when the first distributed network gate and client foundation communication connection, first point
Cloth gateway and client establish Security Association, and Centralized Controller obtains the Security Association, in this way when the first distributed network gate is delayed
When machine, the Security Association for being formerly used for establishing communication connection with client is issued the second distributed network gate by Centralized Controller, so
The second distributed network gate is established using the Security Association and client and is communicated to connect afterwards, is not needed in this way in the first distributed network gate
Synchronous safety alliance, results in waste of resources between the second distributed network gate, does not also need the second distributed network gate and client
Security Association is re-established, realizes and is efficiently communicated in Virtual Private Network.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, below by embodiment it is required use it is attached
Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this field
For those of ordinary skill, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow chart of the communication means of Virtual Private Network provided in an embodiment of the present invention;
Fig. 2 is the flow chart of the communication means of another Virtual Private Network provided in an embodiment of the present invention;
Fig. 3 is the flow chart of the communication means of another Virtual Private Network provided in an embodiment of the present invention;
Fig. 4 is the schematic diagram of first annular hash space provided in an embodiment of the present invention;
Fig. 5 is the schematic diagram of the provided in an embodiment of the present invention second annular hash space;
Fig. 6 is a kind of schematic diagram of the communication device of Virtual Private Network provided in an embodiment of the present invention;
Fig. 7 be the present embodiments relate to hardware running environment electronic devices structure schematic diagram.
Specific embodiment
The communication means and relevant apparatus of Virtual Private Network provided in an embodiment of the present invention, to realize in Virtual Private Network
It is efficiently communicated in network.
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work
It encloses.
It is described in detail separately below.
Description and claims of this specification and term " first ", " second ", " third ", " in above-mentioned attached drawing
Four " etc. are not use to describe a particular order for distinguishing different objects.In addition, term " includes " and " having " and it
Any deformation, it is intended that cover and non-exclusive include.Such as it contains the process, method of a series of steps or units, be
System, product or equipment are not limited to listed step or unit, but optionally further comprising the step of not listing or list
Member, or optionally further comprising other step or units intrinsic for these process, methods, product or equipment.
In the embodiment of the present invention, Virtual Private Network includes N number of distributed network gate and Centralized Controller, wherein N is positive
Integer, Centralized Controller are used to control the operation of Virtual Private Network.
Referring first to Fig. 1, Fig. 1 is a kind of communication means for Virtual Private Network that one embodiment of the present of invention provides
Flow chart.Wherein, as shown in Figure 1, a kind of communication means for Virtual Private Network that one embodiment of the present of invention provides can be with
Include:
101, when the first distributed network gate and client, which are established, to be communicated to connect, first distributed network gate and institute are obtained
State the Security Association of client foundation, wherein first distributed network gate belongs to N number of distributed network gate.
First distributed network gate and client establish the communication connection of safety by ipsec protocol, and ipsec protocol is IETF
(InternetEngineeringTaskForce) series of protocols formulated, provides the safety of high quality for IP datagram
Property, ensure that private ownership and integrality of the datagram in transmission over networks, wherein Security Association be the first distributed network gate with
To the agreement of communication elements between client, including uses authentication header agreement (AH, AuthenticationHeader) or seal
It fills Se pad protocol (ESP, Encapsulating SecurityPayload) or the two combines, the encapsulation mode of agreement
Using transmission mode or tunnel mode, cryptographic algorithm uses DES or 3DES or other cryptographic algorithms, in specific data stream
Protect shared key and the life cycle of key etc. of data.
Optionally, Centralized Controller is before the Security Association for obtaining the first distributed network gate and client foundation, comprising:
Centralized Controller obtains the client identification of client, is handled by hash algorithm to obtain client identification
To the cryptographic Hash of client identification, established in the selection of N number of distributed network Central Shanxi Plain with client according to the cryptographic Hash of client identification
First distributed network gate of communication connection.
Optionally, Centralized Controller selects and client according to the cryptographic Hash of client identification in N number of distributed network Central Shanxi Plain
Establishing the first distributed network gate communicated to connect includes:
Centralized Controller obtains N number of distributed network gate mark of N number of distributed network gate, wherein N number of distributed network gate and N
A distributed network gate mark corresponds, and identifies to N number of distributed network gate and is handled by hash algorithm to obtain N number of Hash
Value, wherein N number of distributed network gate mark is corresponded with N number of cryptographic Hash, and it is empty that N number of cryptographic Hash is mapped to first annular Hash
Between in.
The cryptographic Hash of client identification is mapped in first annular hash space by Centralized Controller, according to client identification
Cryptographic Hash select the first cryptographic Hash from N number of cryptographic Hash in the position in first annular hash space, it is determining with the first Hash
Being worth corresponding distributed network gate is the first distributed network gate.
Optionally, Centralized Controller selects and client according to the cryptographic Hash of client identification in N number of distributed network Central Shanxi Plain
Establishing the first distributed network gate communicated to connect includes:
Centralized Controller obtains N number of distributed network gate mark of N number of distributed network gate, wherein N number of distributed network gate and N
A distributed network gate mark corresponds, and is handled by the hash algorithm of Weight to obtain N number of distributed network gate mark
To the cryptographic Hash of N number of Weight, wherein N number of distributed network gate mark and the cryptographic Hash of N number of Weight correspond, by N number of band
The cryptographic Hash of weight is mapped in the second annular hash space to obtain M dummy node, wherein M is just whole not less than N
Number, the corresponding distributed network gate of the bigger cryptographic Hash of Weight corresponding dummy node in the second annular hash space are more.
The cryptographic Hash of client identification is mapped in the second annular hash space by Centralized Controller, according to client identification
Position of the cryptographic Hash in the second annular hash space the first dummy node is selected from M dummy node, determine and first
The corresponding distributed network gate of dummy node is the first distributed network gate.
It is further alternative, after the Security Association that Centralized Controller obtains the first distributed network gate and client is established,
By the Security Association and the client identification associated storage in Centralized Controller, in this way, when Centralized Controller obtain it is multiple
When the Security Association that other distributed network gates and other clients are established, area can be made to Security Association according to client identification
Point.
102, when the first distributed network gate delay machine, in other distributed network Central Shanxi Plain, selection is established with the client
Second distributed network gate of communication connection.
When the first distributed network gate delay machine, Centralized Controller selects to build again with client in other distributed network Central Shanxi Plain
Second distributed network gate of vertical communication connection, comprising:
Centralized Controller deletes the first cryptographic Hash from first annular hash space, according to the cryptographic Hash of client identification
The second cryptographic Hash is selected from other cryptographic Hash in the position in first annular hash space, determination is corresponding with the second cryptographic Hash
Distributed network gate is the second distributed network gate.
Optionally, Centralized Controller re-establishes the second of communication connection with client in the selection of other distributed network Central Shanxi Plain
After distributed network gate, comprising:
Centralized Controller obtains the converting flow size of the second distributed network gate, if the converting flow of the second distributed network gate
Size is more than default converting flow threshold value, then deletes the second cryptographic Hash from first annular hash space.
Centralized Controller is according to position of the cryptographic Hash of client identification in first annular hash space from other Hash
Third cryptographic Hash is selected in value, determines that corresponding with third cryptographic Hash distributed network gate is that the communicated to connect is established with client
Three distributed network gates.
Centralized Controller establishes communication connection message for second and issues third distributed network gate, wherein second establishes communication
Connection message alliance safe to carry, second establish communication connection message be used to indicate third distributed network gate by Security Association with
Client establishes communication connection.
103, communication connection message is established by first and issue second distributed network gate, wherein first foundation is logical
Believe that connection message carries the Security Association, described first, which establishes communication connection message, is used to indicate second distributed network gate
It is established and is communicated to connect by the Security Association and the client.
Centralized Controller is before issuing the second distributed network gate for the first foundation communication connection message, lookup and client
Client identification associated storage Security Association.
Centralized Controller establishes communication connection message for first and issues the second distributed network gate, wherein first foundation is logical
Letter connection message carries the Security Association.
When second distributed network gate receives the first foundation communication connection message, passes through the Security Association and client is established
Communication connection.
Optionally, when communicating when the completion of the second distributed network gate and client, the second distributed network gate is to Centralized Controller
Sign off message is sent, sign off message carries the client identification of client, and Centralized Controller receives sign off
When message, according to client identification search with the Security Association of client identification associated storage, then Centralized Controller is by the peace
Full alliance deletes from security association database.This way it is possible to avoid invalid Security Association is stored in Centralized Controller, make
It is wasted at the storage resource of Centralized Controller.
It is further alternative, during the second distributed network gate is communicated with client, Centralized Controller according to
Predetermined period obtains the state of the first distributed network gate, when the state of the first distributed network gate is work, by the first cryptographic Hash
It is added in the first annular space.
Cutting communication connection instruction is issued the second distributed network gate by Centralized Controller, wherein cutting communication connection refers to
Order is used to indicate the second distributed network gate and client cutting communicates to connect.
Third is established communication connection message and issues the first distributed network gate by Centralized Controller, wherein the third is established logical
Believe connection message alliance safe to carry, third foundation communication connection message is used to indicate the first distributed network gate and passes through the safety
Alliance and client re-establish communication connection.
Referring to fig. 2, Fig. 2 be another embodiment of the present invention provides another Virtual Private Network communication means
Flow chart.Wherein, as shown in Fig. 2, another embodiment of the present invention provides another Virtual Private Network communication means
May include:
201, Centralized Controller obtains the client identification of client, is handled by hash algorithm client identification
To obtain the cryptographic Hash of client identification.
202, Centralized Controller is established in the selection of N number of distributed network Central Shanxi Plain with client according to the cryptographic Hash of client identification
First distributed network gate of communication connection.
Optionally, Centralized Controller selects and client according to the cryptographic Hash of client identification in N number of distributed network Central Shanxi Plain
Establishing the first distributed network gate communicated to connect includes:
Centralized Controller obtains N number of distributed network gate mark of N number of distributed network gate, wherein N number of distributed network gate and N
A distributed network gate mark corresponds, and distributed network gate mark includes the IP address or host name of distributed network gate.
N number of distributed network gate is identified and is handled by consistency hash algorithm to obtain N number of cryptographic Hash, wherein is N number of
Distributed network gate mark is corresponded with N number of cryptographic Hash, N number of cryptographic Hash is mapped in first annular hash space, the first ring
Shape hash space is a virtual annulus, is organized in the direction of the clock.
The cryptographic Hash of client identification is mapped in first annular hash space by Centralized Controller, according to client identification
Cryptographic Hash the first cryptographic Hash is selected from N number of cryptographic Hash in the position in first annular hash space, specifically, according to client
First cryptographic Hash for holding position of the cryptographic Hash of mark in first annular hash space to search out clockwise along ring, i.e.,
For the first cryptographic Hash, determine that distributed network gate corresponding with the first cryptographic Hash is the first distributed network gate.
Optionally, Centralized Controller selects and client according to the cryptographic Hash of client identification in N number of distributed network Central Shanxi Plain
Establishing the first distributed network gate communicated to connect includes:
Centralized Controller obtains N number of distributed network gate mark of N number of distributed network gate, wherein N number of distributed network gate and N
A distributed network gate mark corresponds, and distributed network gate mark includes the IP address or host name of distributed network gate.
N number of distributed network gate is identified and is handled by the hash algorithm of Weight to obtain the Hash of N number of Weight
Value, wherein N number of distributed network gate mark and the cryptographic Hash of N number of Weight correspond, and the cryptographic Hash of N number of Weight is mapped
Into the second annular hash space to obtain M dummy node, wherein M is the positive integer not less than N, and the second annular Hash is empty
Between be a virtual annulus, organize in the direction of the clock, the weight of the stronger distributed network gate band of transfer capability is bigger, due to
The corresponding distributed network gate of the bigger cryptographic Hash of Weight corresponding dummy node in the second annular hash space is more, so
The probability that client is mapped to the corresponding distributed network gate of the bigger cryptographic Hash of Weight is bigger, i.e., client and transfer capability compared with
The probability that strong distributed network gate establishes communication connection is larger.
The cryptographic Hash of client identification is mapped in the second annular hash space by Centralized Controller, according to client identification
Position of the cryptographic Hash in the second annular hash space the first dummy node is selected from M dummy node, determine and first
The corresponding distributed network gate of dummy node is the first distributed network gate.
203, when the first distributed network gate and client, which are established, to be communicated to connect, the first distributed network gate and the visitor are obtained
The Security Association that family end is established.
First distributed network gate and client establish the communication connection of safety by ipsec protocol, and ipsec protocol is IETF
(InternetEngineeringTaskForce) series of protocols formulated, provides the safety of high quality for IP datagram
Property, ensure that private ownership and integrality of the datagram in transmission over networks, wherein Security Association be the first distributed network gate with
To the agreement of communication elements between client, including uses authentication header agreement (AH, AuthenticationHeader) or seal
It fills Se pad protocol (ESP, Encapsulating SecurityPayload) or the two combines, the encapsulation mode of agreement
Using transmission mode or tunnel mode, cryptographic algorithm uses DES or 3DES or other cryptographic algorithms, in specific data stream
Protect shared key and the life cycle of key etc. of data.
204, Centralized Controller stores the Security Association.
After Centralized Controller obtains the Security Association that the first distributed network gate and client are established, by the Security Association with
The client identification associated storage is in Centralized Controller, in this way, when Centralized Controller obtains other multiple distributed network gates
When the Security Association established with other clients, differentiation can be made to Security Association according to client identification, pass through client
Mark can obtain the Security Association with client identification associated storage.
205, when the first distributed network gate delay machine, Centralized Controller is by the first cryptographic Hash from first annular hash space
It deletes.
Centralized Controller obtains the first distributed network gate mark of the first distributed network gate, identifies to the first distributed network gate
It is handled by hash algorithm to obtain the first cryptographic Hash, the first cryptographic Hash is deleted from first annular hash space.
206, Centralized Controller establishes the second distribution of communication connection from (N-1) a distributed network Central Shanxi Plain selection with client
Formula gateway.
Centralized Controller is according to position of the cryptographic Hash of client identification in first annular hash space from a Kazakhstan (N-1)
The second cryptographic Hash is selected in uncommon value, determines that distributed network gate corresponding with the second cryptographic Hash is the second distributed network gate.
207, Centralized Controller obtains the Security Association.
Optionally, due to being stored with multiple Security Associations in Centralized Controller, so Centralized Controller searches whether exist
With matched first client identification of client identification, if so, then Centralized Controller acquisition is associated with the first client identification and deposits
The Security Association that the Security Association of storage, as original first distributed network gate and client are established, if not having, second is distributed
Gateway needs establish Security Association with client again, can just securely communicate.
208, Centralized Controller establishes communication connection message for first and issues the second distributed network gate, wherein first establishes
Communication connection message carries the Security Association.
209, the second distributed network gate is established by Security Association and client and is communicated to connect.
Optionally, when communicating when the completion of the second distributed network gate and client, the second distributed network gate is to Centralized Controller
Sign off message is sent, sign off message carries the client identification of client, and Centralized Controller receives sign off
When message, according to client identification search with the Security Association of client identification associated storage, then Centralized Controller is by the peace
Full alliance deletes from security association database.This way it is possible to avoid invalid Security Association is stored in Centralized Controller, make
It is wasted at the storage resource of Centralized Controller.
Optionally, during the second distributed network gate is communicated with client, Centralized Controller is according to default week
Phase obtains the state of the first distributed network gate, which can be 10 minutes, 30 minutes, 60 minutes etc..
When the state of the first distributed network gate remains as delay machine, the second distributed network gate keeps the communication link with client
It connects.
When the state of the first distributed network gate is work, the first cryptographic Hash is added in the first annular space.
Cutting communication connection instruction is issued the second distributed network gate by Centralized Controller, wherein cutting communication connection refers to
Order is used to indicate the second distributed network gate and client cutting communicates to connect.
Third is established communication connection message and issues the first distributed network gate by Centralized Controller, wherein the third is established logical
Believe connection message alliance safe to carry, third foundation communication connection message is used to indicate the first distributed network gate and passes through the safety
Alliance and client, which are established, to be communicated to connect.
Referring to Fig. 3, Fig. 3 be another embodiment of the present invention provides another Virtual Private Network communication means
Flow chart.Wherein, as shown in figure 3, another embodiment of the present invention provides another Virtual Private Network communication means
May include:
301, Centralized Controller obtains the client identification of client, is handled by hash algorithm client identification
To obtain the cryptographic Hash of client identification.
302, Centralized Controller is established in the selection of N number of distributed network Central Shanxi Plain with client according to the cryptographic Hash of client identification
First distributed network gate of communication connection.
Optionally, Centralized Controller selects and client according to the cryptographic Hash of client identification in N number of distributed network Central Shanxi Plain
Establishing the first distributed network gate communicated to connect includes:
Centralized Controller obtains N number of distributed network gate mark of N number of distributed network gate, wherein N number of distributed network gate and N
A distributed network gate mark corresponds, and distributed network gate mark includes the IP address or host name of distributed network gate.
N number of distributed network gate is identified and is handled by consistency hash algorithm to obtain N number of cryptographic Hash, wherein is N number of
Distributed network gate mark is corresponded with N number of cryptographic Hash, N number of cryptographic Hash is mapped in first annular hash space, the first ring
Shape hash space is a virtual annulus, is organized in the direction of the clock.
The cryptographic Hash of client identification is mapped in first annular hash space by Centralized Controller, according to client identification
Cryptographic Hash the first cryptographic Hash is selected from N number of cryptographic Hash in the position in first annular hash space, specifically, according to client
First cryptographic Hash for holding position of the cryptographic Hash of mark in first annular hash space to search out clockwise along ring, i.e.,
For the first cryptographic Hash, determine that distributed network gate corresponding with the first cryptographic Hash is the first distributed network gate.
Optionally, Centralized Controller selects and client according to the cryptographic Hash of client identification in N number of distributed network Central Shanxi Plain
Establishing the first distributed network gate communicated to connect includes:
Centralized Controller obtains N number of distributed network gate mark of N number of distributed network gate, wherein N number of distributed network gate and N
A distributed network gate mark corresponds, and distributed network gate mark includes the IP address or host name of distributed network gate.
N number of distributed network gate is identified and is handled by the hash algorithm of Weight to obtain the Hash of N number of Weight
Value, wherein N number of distributed network gate mark and the cryptographic Hash of N number of Weight correspond, and the cryptographic Hash of N number of Weight is mapped
Into the second annular hash space to obtain M dummy node, wherein M is the positive integer not less than N, and the second annular Hash is empty
Between be a virtual annulus, organize in the direction of the clock, the weight of the stronger distributed network gate band of transfer capability is bigger, due to
The corresponding distributed network gate of the bigger cryptographic Hash of Weight corresponding dummy node in the second annular hash space is more, so
The probability that client is mapped to the corresponding distributed network gate of the bigger cryptographic Hash of Weight is bigger, i.e., client and transfer capability compared with
The probability that strong distributed network gate establishes communication connection is larger.
The cryptographic Hash of client identification is mapped in the second annular hash space by Centralized Controller, according to client identification
Position of the cryptographic Hash in the second annular hash space the first dummy node is selected from M dummy node, determine and first
The corresponding distributed network gate of dummy node is the first distributed network gate.
303, when the first distributed network gate and client, which are established, to be communicated to connect, the first distributed network gate and the visitor are obtained
The Security Association that family end is established.
First distributed network gate and client establish the communication connection of safety by ipsec protocol, and ipsec protocol is IETF
(InternetEngineeringTaskForce) series of protocols formulated, provides the safety of high quality for IP datagram
Property, ensure that private ownership and integrality of the datagram in transmission over networks, wherein Security Association be the first distributed network gate with
To the agreement of communication elements between client, including uses authentication header agreement (AH, AuthenticationHeader) or seal
It fills Se pad protocol (ESP, Encapsulating SecurityPayload) or the two combines, the encapsulation mode of agreement
Using transmission mode or tunnel mode, cryptographic algorithm uses DES or 3DES or other cryptographic algorithms, in specific data stream
Protect shared key and the life cycle of key etc. of data.
304, Centralized Controller stores the Security Association.
After Centralized Controller obtains the Security Association that the first distributed network gate and client are established, by the Security Association with
The client identification associated storage is in Centralized Controller, in this way, when Centralized Controller obtains other multiple distributed network gates
When the Security Association established with other clients, differentiation can be made to Security Association according to client identification, pass through client
Mark can obtain the Security Association with client identification associated storage.
305, when the first distributed network gate delay machine, Centralized Controller is selected from a distributed network Central Shanxi Plain (N-1) and client
The second distributed network gate of communication connection is established at end.
Centralized Controller obtains the first distributed network gate mark of the first distributed network gate, identifies to the first distributed network gate
It is handled by hash algorithm to obtain the first cryptographic Hash, the first cryptographic Hash is deleted from first annular hash space.
Centralized Controller is according to position of the cryptographic Hash of client identification in first annular hash space from a Kazakhstan (N-1)
The second cryptographic Hash is selected in uncommon value, determines that distributed network gate corresponding with the second cryptographic Hash is the second distributed network gate.
306, Centralized Controller obtains the converting flow size of the second distributed network gate.
If 307, the converting flow size of the second distributed network gate is more than default converting flow threshold value, Centralized Controller from
(N-2) the third distributed network gate of communication connection is established in a distributed network Central Shanxi Plain selection with client.
If the converting flow size of the second distributed network gate is more than default converting flow threshold value, if the second distributed network gate
It establishes and communicates to connect with client, will cause network congestion, influence the flow forward efficiency of the second distributed network gate, and also can
Causing the flow of the client cannot forward in time, and network delay is too big, so Centralized Controller obtains the second distribution
Second distributed network gate of gateway identifies, and identifies to the second distributed network gate and is handled by hash algorithm to obtain the second Kazakhstan
Uncommon value, the second cryptographic Hash is deleted from first annular hash space.
Centralized Controller is according to position of the cryptographic Hash of client identification in first annular hash space from a Kazakhstan (N-2)
Third cryptographic Hash is selected in uncommon value, determines that distributed network gate corresponding with third cryptographic Hash is to establish communication connection with client
Third distributed network gate.
308, Centralized Controller obtains the Security Association.
Optionally, due to being stored with multiple Security Associations in Centralized Controller, so Centralized Controller searches whether exist
With matched first client identification of client identification, if so, then Centralized Controller acquisition is associated with the first client identification and deposits
The Security Association that the Security Association of storage, as original first distributed network gate and client are established, if not having, third is distributed
Gateway needs establish Security Association with client again, can just securely communicate.
309, Centralized Controller establishes communication connection message for second and issues third distributed network gate, wherein second establishes
Communicate to connect message alliance safe to carry.
310, third distributed network gate is established by Security Association and client and is communicated to connect.
Optionally, when communicating when the completion of third distributed network gate and client, third distributed network gate is to Centralized Controller
Sign off message is sent, sign off message carries the client identification of client, and Centralized Controller receives sign off
When message, according to client identification search with the Security Association of client identification associated storage, then Centralized Controller is by the peace
Full alliance deletes from security association database.This way it is possible to avoid invalid Security Association is stored in Centralized Controller, make
It is wasted at the storage resource of Centralized Controller.
Optionally, during third distributed network gate is communicated with client, Centralized Controller is according to default week
Phase obtains the state of the first distributed network gate, which can be 10 minutes, 30 minutes, 60 minutes etc..
When the state of the first distributed network gate remains as delay machine, third distributed network gate keeps the communication link with client
It connects.
When the state of the first distributed network gate is work, the first cryptographic Hash is added in the first annular space.
Cutting communication connection instruction is issued third distributed network gate by Centralized Controller, wherein cutting communication connection refers to
Order is used to indicate third distributed network gate and client cutting communicates to connect.
Third is established communication connection message and issues the first distributed network gate by Centralized Controller, wherein the third is established logical
Believe connection message alliance safe to carry, third foundation communication connection message is used to indicate the first distributed network gate and passes through the safety
Alliance and client, which are established, to be communicated to connect.
Referring to Fig. 6, Fig. 6 be another embodiment of the present invention provides the communication device of Virtual Private Network a kind of show
It is intended to.Wherein, as shown in fig. 6, another embodiment of the present invention provides the communication device of Virtual Private Network a kind of can be with
Include:
Module 601 is obtained, for obtaining described first point when the first distributed network gate and client foundation communication connection
The Security Association that cloth gateway and the client are established, wherein first distributed network gate belongs to N number of distributed network
It closes.
Selecting module 602 is used for when the first distributed network gate delay machine, selection and institute in other distributed network Central Shanxi Plain
State the second distributed network gate that client establishes communication connection.
Sending module 603 issues second distributed network gate for establishing communication connection message for first, wherein institute
It states the first foundation communication connection message and carries the Security Association, described first, which establishes communication connection message, is used to indicate described the
Two distributed network gates are established by the Security Association and the client and are communicated to connect.
The specific implementation of the communication device of Virtual Private Network of the present invention can be found in the communication party of above-mentioned Virtual Private Network
Each embodiment of method, this will not be repeated here.
Referring to Fig. 7, Fig. 7 is the electronic devices structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.Its
In, as shown in fig. 7, the electronic equipment for the hardware running environment that the embodiment of the present invention is related to may include:
Processor 701, such as CPU.
Memory 702, optionally, memory can be high speed RAM memory, be also possible to stable memory, such as
Magnetic disk storage.
Communication interface 703, for realizing the connection communication between processor 701 and memory 702.
It will be understood by those skilled in the art that the structure of the communication electronic equipment of Virtual Private Network shown in Fig. 7 is simultaneously
The restriction to the communication electronic equipment of Virtual Private Network is not constituted, may include components more more or fewer than diagram, or
Combine certain components or different component layouts.
As shown in fig. 7, may include operating system, network communication module and Virtual Private Network in memory 702
Signal procedure.Operating system is to manage and control the program of the communication electronic equipment hardware and software resource of Virtual Private Network,
Support the signal procedure of Virtual Private Network and the operation of other software or program.Network communication module is for realizing memory
Communication between the 702 each components in inside, and between other hardware and softwares in the communication electronic equipment of Virtual Private Network
Communication.
In the communication electronic equipment of Virtual Private Network shown in Fig. 7, processor 701 is for executing in memory 702
The signal procedure of the Virtual Private Network of storage, performs the steps of
When the first distributed network gate and client, which are established, to be communicated to connect, first distributed network gate and the visitor are obtained
The Security Association that family end is established, wherein first distributed network gate belongs to N number of distributed network gate.
When the first distributed network gate delay machine, in other distributed network Central Shanxi Plain, selection is communicated with client foundation
Second distributed network gate of connection.
Communication connection message is established by first and issues second distributed network gate, wherein described first establishes communication link
It connects message and carries the Security Association, the first foundation communication connection message is used to indicate second distributed network gate and passes through
The Security Association and the client, which are established, to be communicated to connect.
The specific implementation of the communication electronic equipment of Virtual Private Network of the present invention can be found in the logical of above-mentioned Virtual Private Network
Each embodiment of letter method, this will not be repeated here.
Another embodiment of the present invention provides a kind of computer readable storage medium, computer readable storage medium is deposited
Computer program is contained, computer program is executed by processor to perform the steps of
When the first distributed network gate and client, which are established, to be communicated to connect, first distributed network gate and the visitor are obtained
The Security Association that family end is established, wherein first distributed network gate belongs to N number of distributed network gate.
When the first distributed network gate delay machine, in other distributed network Central Shanxi Plain, selection is communicated with client foundation
Second distributed network gate of connection.
Communication connection message is established by first and issues second distributed network gate, wherein described first establishes communication link
It connects message and carries the Security Association, the first foundation communication connection message is used to indicate second distributed network gate and passes through
The Security Association and the client, which are established, to be communicated to connect.
The specific implementation of computer readable storage medium of the present invention can be found in the communication means of above-mentioned Virtual Private Network
Each embodiment, this will not be repeated here.
It should also be noted that, for the various method embodiments described above, for simple description, therefore, it is stated as a systems
The combination of actions of column, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described, because
For according to the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know
It knows, the embodiments described in the specification are all preferred embodiments, and related actions and modules is not necessarily of the invention
It is necessary.In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, there is no the portion being described in detail in some embodiment
Point, reference can be made to the related descriptions of other embodiments.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although referring to before
Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding
Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these
It modifies or replaces, the range for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.
Claims (10)
1. a kind of communication means of Virtual Private Network, which is characterized in that the Virtual Private Network includes N number of distributed network gate
And Centralized Controller, wherein N is positive integer, comprising:
When the first distributed network gate and client, which are established, to be communicated to connect, first distributed network gate and the client are obtained
The Security Association of foundation, wherein first distributed network gate belongs to N number of distributed network gate;
When the first distributed network gate delay machine, in other distributed network Central Shanxi Plain, selection is established with the client is communicated to connect
The second distributed network gate;
Communication connection message is established by first and issues second distributed network gate, wherein described first, which establishes communication connection, disappears
It ceases and carries the Security Association, described first, which establishes communication connection message, is used to indicate second distributed network gate described in
Security Association and the client, which are established, to be communicated to connect.
2. the method according to claim 1, wherein described obtain first distributed network gate and the client
Before the Security Association for holding foundation, comprising:
Obtain the client identification of the client;
The client identification is handled by hash algorithm to obtain the cryptographic Hash of the client identification;
Communication link is established with the client in N number of distributed network Central Shanxi Plain selection according to the cryptographic Hash of the client identification
First distributed network gate connect.
3. according to the method described in claim 2, it is characterized in that, the cryptographic Hash according to the client identification is described
First distributed network gate of communication connection is established in N number of distributed network Central Shanxi Plain selection with the client, comprising:
Obtain N number of distributed network gate N number of distributed network gate mark, wherein N number of distributed network gate with it is described N number of
Distributed network gate mark corresponds;
N number of distributed network gate mark is handled by hash algorithm to obtain N number of cryptographic Hash, wherein described N number of point
Cloth gateway identification and N number of cryptographic Hash correspond;
N number of cryptographic Hash is mapped in first annular hash space;
The cryptographic Hash of the client identification is mapped in the first annular hash space;
According to the cryptographic Hash of the client identification in the position in the first annular hash space from N number of cryptographic Hash
Select the first cryptographic Hash;
Determine that distributed network gate corresponding with first cryptographic Hash is first distributed network gate.
4. according to the method described in claim 2, it is characterized in that, the cryptographic Hash according to the client identification is described
First distributed network gate of communication connection is established in N number of distributed network Central Shanxi Plain selection with the client, comprising:
Obtain N number of distributed network gate N number of distributed network gate mark, wherein N number of distributed network gate with it is described N number of
Distributed network gate mark corresponds;
N number of distributed network gate mark is handled by the hash algorithm of Weight to obtain the Hash of N number of Weight
Value, wherein N number of distributed network gate mark and the cryptographic Hash of N number of Weight correspond;
The cryptographic Hash of N number of Weight is mapped in the second annular hash space to obtain M dummy node, wherein M is
Positive integer not less than N;
The cryptographic Hash of the client identification is mapped in the described second annular hash space;
According to position of the cryptographic Hash of the client identification in the described second annular hash space from the M dummy node
The first dummy node of middle selection;
Determine that distributed network gate corresponding with first dummy node is first distributed network gate.
5. according to the method described in claim 3, it is characterized in that, described in the selection of other distributed network Central Shanxi Plain and the client
The second distributed network gate communicated to connect is established at end
First cryptographic Hash is deleted from the first annular hash space;
It is selected from other cryptographic Hash according to position of the cryptographic Hash of the client identification in the first annular hash space
Select the second cryptographic Hash;
Determine that distributed network gate corresponding with second cryptographic Hash is second distributed network gate.
6. according to the method described in claim 5, it is characterized in that, described in the selection of other distributed network Central Shanxi Plain and the client
End is established after the second distributed network gate of communication connection, comprising:
Obtain the converting flow size of second distributed network gate;
If the converting flow size of second distributed network gate is more than default converting flow threshold value, by second cryptographic Hash
It is deleted from the first annular hash space;
It is selected from other cryptographic Hash according to position of the cryptographic Hash of the client identification in the first annular hash space
Select third cryptographic Hash;
Determine that distributed network gate corresponding with the third cryptographic Hash is the third distribution that communication connection is established with the client
Formula gateway;
Communication connection message is established by second and issues the third distributed network gate, wherein described second, which establishes communication connection, disappears
It ceases and carries the Security Association, described second, which establishes communication connection message, is used to indicate the third distributed network gate described in
Security Association and the client, which are established, to be communicated to connect.
7. according to the method described in claim 5, it is characterized by further comprising:
The state of first distributed network gate is obtained according to predetermined period;
When the state of first distributed network gate is work, first cryptographic Hash is added to the first annular space
In;
Second distributed network gate is issued into cutting communication connection instruction, wherein the cutting communication connection instruction is for referring to
Show that second distributed network gate and client cutting communicate to connect;
Third is established into communication connection message and issues first distributed network gate, wherein the third establishes communication connection and disappears
It ceases and carries the Security Association, the third establishes communication connection message and is used to indicate first distributed network gate described in
Security Association and the client, which are established, to be communicated to connect.
8. a kind of communication device of Virtual Private Network, which is characterized in that described device includes:
Module is obtained, for obtaining first distributed network when the first distributed network gate and client foundation communication connection
Close the Security Association established with the client, wherein first distributed network gate belongs to N number of distributed network gate;
Selecting module, for being selected and the client in other distributed network Central Shanxi Plain when the first distributed network gate delay machine
The second distributed network gate of communication connection is established at end;
Sending module issues second distributed network gate for establishing communication connection message for first, wherein described first builds
Vertical communication connection message carries the Security Association, and it is distributed that the first foundation communication connection message is used to indicate described second
Gateway is established by the Security Association and the client and is communicated to connect.
9. a kind of communication electronic equipment of Virtual Private Network, which is characterized in that the electronic equipment includes processor, storage
Device, communication interface and one or more programs, wherein one or more of programs are stored in the memory, and
And be configured to be executed by the processor, described program includes the steps that requiring for perform claim in any one of 1 to 7 method
Instruction.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer journey
Sequence, the computer program are executed by processor to realize method described in claim 1 to 7 any one.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910196147.5A CN110011892B (en) | 2019-03-15 | 2019-03-15 | Communication method of virtual private network and related device |
PCT/CN2019/102738 WO2020186694A1 (en) | 2019-03-15 | 2019-08-27 | Communication method for virtual private network, and related device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910196147.5A CN110011892B (en) | 2019-03-15 | 2019-03-15 | Communication method of virtual private network and related device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110011892A true CN110011892A (en) | 2019-07-12 |
CN110011892B CN110011892B (en) | 2022-04-05 |
Family
ID=67167133
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910196147.5A Active CN110011892B (en) | 2019-03-15 | 2019-03-15 | Communication method of virtual private network and related device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110011892B (en) |
WO (1) | WO2020186694A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110267290A (en) * | 2019-07-29 | 2019-09-20 | 苏州泰铭玥智能科技有限公司 | The data processing method and device of intelligence control system |
WO2020186694A1 (en) * | 2019-03-15 | 2020-09-24 | 平安科技(深圳)有限公司 | Communication method for virtual private network, and related device |
CN112788060A (en) * | 2021-01-29 | 2021-05-11 | 北京字跳网络技术有限公司 | Data packet transmission method and device, storage medium and electronic equipment |
CN114445998A (en) * | 2022-04-11 | 2022-05-06 | 广州联客信息科技有限公司 | AI-based fire alarm monitoring method and system |
CN115296939A (en) * | 2022-10-09 | 2022-11-04 | 中国电子科技集团公司第三十研究所 | Method, device and medium for solving conflict between virtual machine migration and IPsec mechanism |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030093691A1 (en) * | 2001-11-13 | 2003-05-15 | Reefedge, Inc., A Delaware Corporation | Enabling secure communication in a clustered or distributed architecture |
CN103023741A (en) * | 2012-12-04 | 2013-04-03 | 汉柏科技有限公司 | Method for processing faults of virtual private network (VPN) device |
CN103200094A (en) * | 2013-03-14 | 2013-07-10 | 成都卫士通信息产业股份有限公司 | Method for achieving gateway dynamic load distribution |
CN106559349A (en) * | 2015-09-24 | 2017-04-05 | 阿里巴巴集团控股有限公司 | The control method and device of service transmission rate, system |
CN106873919A (en) * | 2017-03-20 | 2017-06-20 | 郑州云海信息技术有限公司 | A kind of date storage method and device based on cloud storage system |
CN108989194A (en) * | 2017-05-31 | 2018-12-11 | 微软技术许可有限责任公司 | Distributed ipsec gateway |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8908698B2 (en) * | 2012-01-13 | 2014-12-09 | Cisco Technology, Inc. | System and method for managing site-to-site VPNs of a cloud managed network |
CN103491088B (en) * | 2013-09-22 | 2016-03-02 | 成都卫士通信息产业股份有限公司 | A kind of IPSec vpn gateway data processing method |
CN110011892B (en) * | 2019-03-15 | 2022-04-05 | 平安科技(深圳)有限公司 | Communication method of virtual private network and related device |
-
2019
- 2019-03-15 CN CN201910196147.5A patent/CN110011892B/en active Active
- 2019-08-27 WO PCT/CN2019/102738 patent/WO2020186694A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030093691A1 (en) * | 2001-11-13 | 2003-05-15 | Reefedge, Inc., A Delaware Corporation | Enabling secure communication in a clustered or distributed architecture |
CN103023741A (en) * | 2012-12-04 | 2013-04-03 | 汉柏科技有限公司 | Method for processing faults of virtual private network (VPN) device |
CN103200094A (en) * | 2013-03-14 | 2013-07-10 | 成都卫士通信息产业股份有限公司 | Method for achieving gateway dynamic load distribution |
CN106559349A (en) * | 2015-09-24 | 2017-04-05 | 阿里巴巴集团控股有限公司 | The control method and device of service transmission rate, system |
CN106873919A (en) * | 2017-03-20 | 2017-06-20 | 郑州云海信息技术有限公司 | A kind of date storage method and device based on cloud storage system |
CN108989194A (en) * | 2017-05-31 | 2018-12-11 | 微软技术许可有限责任公司 | Distributed ipsec gateway |
Non-Patent Citations (1)
Title |
---|
景秀等: "基于地址解析的VPN系统负载均衡算法的设计与实现", 《实验技术与管理》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020186694A1 (en) * | 2019-03-15 | 2020-09-24 | 平安科技(深圳)有限公司 | Communication method for virtual private network, and related device |
CN110267290A (en) * | 2019-07-29 | 2019-09-20 | 苏州泰铭玥智能科技有限公司 | The data processing method and device of intelligence control system |
CN112788060A (en) * | 2021-01-29 | 2021-05-11 | 北京字跳网络技术有限公司 | Data packet transmission method and device, storage medium and electronic equipment |
CN114445998A (en) * | 2022-04-11 | 2022-05-06 | 广州联客信息科技有限公司 | AI-based fire alarm monitoring method and system |
CN114445998B (en) * | 2022-04-11 | 2022-06-07 | 广州联客信息科技有限公司 | AI-based fire alarm monitoring method and system |
CN115296939A (en) * | 2022-10-09 | 2022-11-04 | 中国电子科技集团公司第三十研究所 | Method, device and medium for solving conflict between virtual machine migration and IPsec mechanism |
Also Published As
Publication number | Publication date |
---|---|
CN110011892B (en) | 2022-04-05 |
WO2020186694A1 (en) | 2020-09-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110011892A (en) | A kind of communication means and relevant apparatus of Virtual Private Network | |
CN106790112B (en) | Node operating system integrating lightweight block chains and data updating method | |
EP2768200B1 (en) | Receiving data packets | |
CN108964880A (en) | A kind of data transmission method and device | |
CN111786867B (en) | Data transmission method and server | |
CN100499451C (en) | Network communication safe processor and its data processing method | |
CN106790221A (en) | A kind of safe ipsec protocol encryption method of internet protocol and the network equipment | |
US20230336378A1 (en) | Establishing a network micro-tunnel within a network tunnel | |
CN110213338A (en) | A kind of clustering acceleration calculating method and system based on cryptographic calculation | |
CN114500176B (en) | Multi-flow load balancing method, device and system for VPN and storage medium | |
CN115174061A (en) | Message transmission method and device based on block chain relay communication network system | |
US20240089779A1 (en) | Processing terminal device sensing data using a network function element | |
CN116647425B (en) | IPSec-VPN implementation method and device of OVN architecture, electronic equipment and storage medium | |
CN103746768A (en) | Data packet identification method and equipment thereof | |
CN110235417B (en) | SDN and message forwarding method and device thereof | |
KR102581039B1 (en) | Computational puzzle against DoS attacks | |
CN109195160B (en) | Tamper-proof storage system of network equipment resource detection information and control method thereof | |
Abraham et al. | An efficient protocol for authentication and initial shared key establishment in clustered wireless sensor networks | |
CN113810397B (en) | Protocol data processing method and device | |
WO2019165235A1 (en) | Secure encrypted network tunnels using osi layer 2 protocol | |
WO2016082363A1 (en) | User data management method and apparatus | |
CN113542431A (en) | Information processing method, information processing device, electronic equipment and storage medium | |
JP2002026927A (en) | Capsulating method and unit, and program recording medium | |
WO2023165195A1 (en) | Perception data reporting method and apparatus, information generation method and apparatus, computer-readable storage medium, computer device and computer program product | |
KR102331237B1 (en) | A method for Secure Data Transmission based on Delegated Proof of Node |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |