CN117650965A - Method and device for realizing SD-WAN management network based on uCPE original port - Google Patents
Method and device for realizing SD-WAN management network based on uCPE original port Download PDFInfo
- Publication number
- CN117650965A CN117650965A CN202410114567.5A CN202410114567A CN117650965A CN 117650965 A CN117650965 A CN 117650965A CN 202410114567 A CN202410114567 A CN 202410114567A CN 117650965 A CN117650965 A CN 117650965A
- Authority
- CN
- China
- Prior art keywords
- port
- service
- management network
- client
- wan management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000015654 memory Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Abstract
The application relates to a method and a device for realizing SD-WAN management network based on original ports of uCPE, wherein the method comprises the steps that a server receives a preset identification packet sent by a client; and judging the identity of the client and the corresponding service interception port according to the identification packet, and performing SD-WAN management network deployment by utilizing the service interception port. The method has the advantages that whether the user is in original service or newly added service, the user can be intercepted on the uCPE, the identity is indicated through an identification packet sent by the client, the port where the service is actually intercepted is used for authentication and forwarding of the uCPE, the SD-WAN management network tunnel is embedded into the existing port by utilizing the original interception port on the uCPE, an additional configuration router or firewall is not needed, the original service use is not affected, and the completely transparent management network deployment is realized.
Description
Technical Field
The disclosure relates to the technical field of network communication, in particular to a method and a device for realizing an SD-WAN management network based on an original port of uCPE.
Background
The management network is an infrastructure of SD-WAN, requiring listening ports on nodes to provide various management services, such as SNMP, ssh, RPC and other API clients, etc. For nodes with public network IP, direct connection is possible, while for intranet nodes, it is usually necessary to make corresponding configuration (generally NAT) on a router or firewall to expose a listening port for services.
For ECR, it is generally managed by an operator, and a user performs little intervention on the network of ECR, so that corresponding management service interception port exposure can be implemented. However, for the cpe, since it is deployed at the boundary between the network of the user and the network of the operator, although the port can be theoretically exposed, there are many management problems in the practical process, such as configuration authority, division interface, and the like.
Disclosure of Invention
In view of this, the present application proposes a method and apparatus for implementing an SD-WAN management network based on the original port of the uCPE, so as to solve the above-mentioned problems.
In one aspect of the present application, a method for implementing an SD-WAN management network based on an original port of a ucope is provided, including the following steps:
the server receives a preset identification packet sent by the client;
and judging the identity of the client and the corresponding service interception port according to the identification packet, and performing SD-WAN management network deployment by utilizing the service interception port.
As an optional embodiment of the present application, optionally, the identification packet includes a provisioning flag, an identity token, and a forwarding port.
As an optional embodiment of the present application, optionally, before the server receives the preset identification packet sent by the client, the method further includes:
and configuring the appointment mark and the identity token in the client and the server in advance.
As an optional implementation manner of the present application, optionally, the determining, according to the identification packet, the identity of the client and the corresponding service interception port, and performing SD-WAN management network deployment by using the service interception port, includes:
the server authenticates the identity of the client through the identity token;
after passing the authentication, the server judges the corresponding session according to whether the appointed mark is read or not;
and when the server reads the about label, the session is determined to be newly added service, and the designated service interception port is utilized to manage the service.
As an optional embodiment of the present application, optionally, the assignment of the service listening port is implemented based on the forwarding port.
As an optional embodiment of the present application, optionally, the identification packet further includes a service description.
In another aspect of the present application, an apparatus for implementing SD-WAN management network based on an original port of a cpe is provided, including:
the receiving module is configured to receive a preset identification packet sent by the client side by the server side;
the judging and deploying module is configured to judge the identity of the client and the corresponding service interception port according to the identification packet, and utilize the service interception port to conduct SD-WAN management network deployment.
In another aspect of the present application, there is provided a control system comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of implementing an SD-WAN management network based on the cpe original port of any one of the above when executing the executable instructions.
In yet another aspect of the present application, there is provided a non-transitory computer readable storage medium having stored thereon computer program instructions that, when executed by a processor, implement a method of implementing an SD-WAN management network based on an original port of a cpe as set forth in any one of the above.
The invention has the technical effects that:
the method and the device utilize the ready-made interception port opened on the uCPE to carry out the SD-WAN management network, and do not need additional router or firewall configuration coordination. Specifically, the server receives a preset identification packet sent by the client; and judging the identity of the client and the corresponding service interception port according to the identification packet, and performing SD-WAN management network deployment by utilizing the service interception port. Whether the user is the original service or the newly added service, the user can be intercepted on the uCPE, the identity is indicated by the identification packet sent by the client, and the port actually intercepted by the service is used for authentication and forwarding of the uCPE, the SD-WAN management network tunnel is embedded into the existing port by utilizing the original interception port on the uCPE, an additional configuration router or a firewall is not needed, and the original service use is not influenced.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features and aspects of the present disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow chart of a method for implementing an SD-WAN management network based on an original port of a uCPE;
FIG. 2 is a schematic diagram showing the user's own services in the method of implementing an SD-WAN management network based on the original ports of uCPE according to the present invention;
FIG. 3 is a schematic diagram showing a newly added service in the method for implementing an SD-WAN management network based on the original port of uCPE according to the present invention;
fig. 4 shows a topology diagram of a server and a client in the method for implementing an SD-WAN management network based on an original port of a cpe according to the present invention.
Detailed Description
Various exemplary embodiments, features and aspects of the disclosure will be described in detail below with reference to the drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
In addition, numerous specific details are set forth in the following detailed description in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements, and circuits well known to those skilled in the art have not been described in detail in order not to obscure the present disclosure.
Example 1
As shown in fig. 1, in a first aspect of the present application, a method for implementing an SD-WAN management network based on an original cpe port is provided, including the following steps:
s100, a server receives a preset identification packet sent by a client;
and S200, judging the identity of the client and the corresponding service interception port according to the identification packet, and performing SD-WAN management network deployment by utilizing the service interception port.
Because the user router and the firewall of the site where the uCPE is located cannot be configured, the existing port can be used for SD-WAN management, but under normal conditions, one port cannot be shared to provide different applications for a plurality of factories, and therefore, the protocol needs to be modified on the premise of not affecting the original service use.
In view of this, the present application embeds the SD-WAN management network tunnel into the existing TCP port through the original listening port on the uCPE, so that the existing service is not affected at all, and no additional new configuration is required for the user router/firewall, and the completely transparent management network deployment can be realized.
Specifically, the application sequentially passes through step S100, where the server receives a preset identification packet sent by the client, and step S200, where the identity of the client and a corresponding service interception port are determined according to the identification packet, and SD-WAN management network deployment is performed by using the service interception port. Thus achieving the goal of managing SD-WAN with existing ports, the key technology is port sharing.
As shown in fig. 2, session 1 and session 2 are original services (service 0), i.e. user own services, such as http services, and user own services (service 0) on the uCPE listen to the port, and when the SD-WAN management needs to use service 1 and service 2, i.e. new services, session 3 and session 4 are respectively occupied, wherein session 1, session 2, session 3 and session 4, i.e. all sessions are listened to on the same port. However, unlike the user owned service (service 0), after the TCP handshake is finished (the scheme uses TCP as an example and the UDP principle is the same) service 1 and service 2 clients send an identification packet to the service end, so that the service 1 client and service 2 client can indicate the identity, and the service interception port, that is, the port where the service actually intercepts, is used for authentication and forwarding by the cpe.
As shown in fig. 3, after a new service (service 1, service 2) is mixed, a new service session 3 and a new service session 4 respectively identify a packet 1 and an identification packet 2 at the position of the data packet 1, wherein the structure of the identification packet is shown in table 1.
Table 1 shows the structure of the bag
The service 1 client indicates the identity and the port where the service really listens through the identification packet 1, and the service 2 client indicates the identity and the port where the service really listens through the identification packet 2.
As an optional embodiment of the present application, optionally, the identification packet includes a provisioning flag, an identity token, and a forwarding port.
Here, it should be noted that, the contract flag (0 xAF0000B 0) in the identification packet may be contracted by the SD-WAN service provider, which is not limited, and the identity token in the identification packet is used to authenticate the identity of the client, so as to prevent a security attack, so that when the client initiates a connection, the identity can be indicated by the identity token in the identification packet.
As an optional embodiment of the present application, optionally, before the server receives the preset identification packet sent by the client, the method further includes: and configuring the appointment mark and the identity token in the client and the server in advance.
That is, in order to enable the server to read the provisioning flag, the client and the server of all services need to be pre-configured with 4 bytes of flag bits, when the server receives the identification packet sent by the client, the client reads the provisioning flag, and can identify that the corresponding session is not the user own service, but a new service, and the service needs to be managed by the SD-WAN through the port where the service really monitors.
It should be further noted that, in order to prevent security attack, the client needs to indicate an identity and perform authentication when initiating connection, so that only authorized services can access the network, so that an identity token needs to be preconfigured between the server and the client, in this embodiment, the length of the identity token is 5 to 20 bytes, the content is a 128-bit identifier, and the identity token can be updated through the management network.
Further, the 21-22 bytes of the identification packet are correspondingly configured with a forwarding port, and as an optional implementation of the application, optionally, the service listening port is designated based on the forwarding port. In this embodiment, the real listening port of the service is specified through the forwarding port, for example, the service 2 client determines that the real listening port of the service is the service 2 listening port in the ucope through the forwarding port in the identification packet 2. That is, the client sends an identification packet to indicate the identity and the port actually intercepted by the service for authentication and forwarding by the uCPE.
As an optional embodiment of the present application, optionally, the identification packet further includes a service description. The service description corresponding to 25-48 bytes is an optional field, and is used for carrying out supplementary description on the service content of the current session, and encoding is carried out in a binary format. And 23-24 bytes in the identification packet of the present application are reserved fields, which are not limited.
As an optional implementation manner of the present application, optionally, the determining, according to the identification packet, the identity of the client and the corresponding service interception port, and performing SD-WAN management network deployment by using the service interception port, includes:
s210, the server authenticates the identity of the client through the identity token;
s220, after passing the authentication, the server judges the corresponding session according to whether the contract mark is read or not;
and S230, when the server reads the about label, the session is determined to be newly added service, and management service is carried out by using the designated service interception port.
That is, after the service end receives the identification packet sent by the newly added service client, the client is authenticated according to the identity token in the identification packet, and after authentication is passed, i.e. when the security attack risk does not exist, the service end judges the session according to whether the agreed mark in the identification packet is read, i.e. judges whether the original service of the user is newly added service when the session is judged, when the agreed mark is read by the service end, the session can be identified as not the user has the service but the newly added service, and special logic processing is triggered, i.e. the real interception port of the specified service is used for forwarding by the uCPE.
For example, as shown in fig. 4, the session 1 and the session 2 corresponding to the user owned service do not have an identification packet, so when the client of the user owned service (service 0) initiates a connection, the service end cannot read the contract mark, and at this time, the session 1 and the session 2 are considered to be the user owned service, and the corresponding interception port is the interception port of the user owned service (service 0) on the ucope node; the service 2 client sends an identification packet 2 to the service end to indicate the identity of the service, and the service really listens to the port (service 2 interception port), when the service end reads the agreed mark in the identification packet 2, the session 4 can be identified as not being the user self-service, and the special logic designates the service 2 really listens to the port (service 2 interception port). The service 2 interception port utilizes the ready-made interception port opened on the uCPE, no additional configuration router or firewall is needed, the problem that the user router and the firewall of the site where the uCPE is positioned cannot be configured is effectively solved, and the SD-WAN management network can realize intelligent management and control of network traffic under the condition that the existing network configuration is not influenced. The listening port assignment procedure for service 1 is the same as that for service 2, and the repetition is not repeated. The deployment mode can also provide better safety. Since no new configuration of the user firewall is required, security risks can be reduced and the security of the existing network is ensured not to be affected.
It will be appreciated by those skilled in the art that implementing all or part of the above-described embodiment methods may be implemented by a computer program for instructing relevant hardware, and the program may be stored in a computer readable storage medium, and the program may include the embodiment flow of each control method as described above when executed. The storage medium may be a magnetic disk, an optical disc, a Read-only memory (ROM), a random access memory (RandomAccessMemory, RAM), a flash memory (flash memory), a hard disk (HDD), or a Solid State Drive (SSD); the storage medium may also comprise a combination of memories of the kind described above.
Example 2
In another aspect of the present application, an apparatus for implementing SD-WAN management network based on an original port of a cpe is provided, including:
the receiving module is configured to receive a preset identification packet sent by the client side by the server side;
the judging and deploying module is configured to judge the identity of the client and the corresponding service interception port according to the identification packet, and utilize the service interception port to conduct SD-WAN management network deployment.
Example 3
Still further, another aspect of the present application provides a control system, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of implementing an SD-WAN management network based on the cpe original port of any one of the above when executing the executable instructions.
Embodiments of the present disclosure control a system that includes a processor and a memory for storing processor-executable instructions. The processor is configured to implement any of the methods for implementing the SD-WAN management network based on the cpe original port described above when executing the executable instructions.
Here, it should be noted that the number of processors may be one or more. Meanwhile, in the control system of the embodiment of the present disclosure, an input device and an output device may be further included. The processor, the memory, the input device, and the output device may be connected by a bus, or may be connected by other means, which is not specifically limited herein.
The memory is a computer-readable storage medium that can be used to store software programs, computer-executable programs, and various modules, such as: the program or module corresponding to the method for realizing the SD-WAN management network based on the original port of the uCPE in the embodiment of the disclosure. The processor executes various functional applications and data processing of the control system by running software programs or modules stored in the memory.
The input device may be used to receive an input number or signal. Wherein the signal may be a key signal generated in connection with user settings of the device/terminal/server and function control. The output means may comprise a display device such as a display screen.
Example 4
In yet another aspect of the present application, there is provided a non-transitory computer readable storage medium having stored thereon computer program instructions that, when executed by a processor, implement a method of implementing an SD-WAN management network based on an original port of a cpe as set forth in any one of the above.
The foregoing description of the embodiments of the present disclosure has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the technical improvement of the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (9)
1. The method for realizing the SD-WAN management network based on the original port of the uCPE is characterized by comprising the following steps:
the server receives a preset identification packet sent by the client;
and judging the identity of the client and the corresponding service interception port according to the identification packet, and performing SD-WAN management network deployment by utilizing the service interception port.
2. The method for implementing an SD-WAN management network based on an original port of a cpe according to claim 1, wherein the identification packet includes a provisioning flag, an identity token, and a forwarding port.
3. The method for implementing an SD-WAN management network based on an original port of a cpe according to claim 2, wherein before the server receives a preset identification packet sent by the client, the method further comprises:
and configuring the appointment mark and the identity token in the client and the server in advance.
4. The method for implementing SD-WAN management network based on the original port of the cpe according to claim 2, wherein the determining the identity of the client and the corresponding service interception port according to the identification packet, and using the service interception port to implement SD-WAN management network deployment, includes:
the server authenticates the identity of the client through the identity token;
after passing the authentication, the server judges the corresponding session according to whether the appointed mark is read or not;
and when the server reads the about label, the session is determined to be newly added service, and the designated service interception port is utilized to manage the service.
5. The method for implementing an SD-WAN management network based on an original port of a cpe according to claim 4, wherein the designation of the service listening port is implemented based on the forwarding port.
6. The method for implementing an SD-WAN management network based on an original port of a cpe according to claim 2, wherein the identification packet further includes a service description.
7. An apparatus for implementing SD-WAN management network based on an original port of a cpe, comprising:
the receiving module is configured to receive a preset identification packet sent by the client side by the server side;
the judging and deploying module is configured to judge the identity of the client and the corresponding service interception port according to the identification packet, and utilize the service interception port to conduct SD-WAN management network deployment.
8. A control system, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of any one of claims 1 to 6 based on the cpe original port implementing the SD-WAN management network when executing the executable instructions.
9. A non-transitory computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method of implementing an SD-WAN management network based on a cpe original port of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410114567.5A CN117650965B (en) | 2024-01-26 | 2024-01-26 | Method and device for realizing SD-WAN management network based on uCPE original ports |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410114567.5A CN117650965B (en) | 2024-01-26 | 2024-01-26 | Method and device for realizing SD-WAN management network based on uCPE original ports |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117650965A true CN117650965A (en) | 2024-03-05 |
| CN117650965B CN117650965B (en) | 2024-04-19 |
Family
ID=90049848
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410114567.5A Active CN117650965B (en) | 2024-01-26 | 2024-01-26 | Method and device for realizing SD-WAN management network based on uCPE original ports |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117650965B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150163327A1 (en) * | 2013-12-05 | 2015-06-11 | International Business Machines Corporation | Correct Port Identification in a Network Host Connection |
| CN111163465A (en) * | 2018-11-07 | 2020-05-15 | 北京京东尚科信息技术有限公司 | Method and device for connecting user terminal and local terminal and call center system |
| CN111371639A (en) * | 2020-02-21 | 2020-07-03 | 腾讯科技(深圳)有限公司 | Network delay analysis method and device, storage medium and computer equipment |
| US20200322182A1 (en) * | 2019-04-04 | 2020-10-08 | Tata Communications Transformation Services (US) Inc. | Virtual cloud exchange system and method |
| CN113132129A (en) * | 2019-12-30 | 2021-07-16 | 华为技术有限公司 | Network management method, device and system, and storage medium |
| US11374813B1 (en) * | 2021-04-23 | 2022-06-28 | Verizon Patent And Licensing Inc. | Software defined network device exposure to third parties |
| CN115134105A (en) * | 2021-03-26 | 2022-09-30 | 深圳云安宝科技有限公司 | Resource configuration method and device of private network, electronic equipment and storage medium |
| CN115606154A (en) * | 2020-05-15 | 2023-01-13 | 华为技术有限公司(Cn) | Internet protocol security (IPsec) simplification in Border Gateway Protocol (BGP) controlled software defined wide area networks (SD-WANs) |
| CN115643297A (en) * | 2022-10-27 | 2023-01-24 | 网络通信与安全紫金山实验室 | Link establishment method and device, nonvolatile storage medium and computer equipment |
| CN116170409A (en) * | 2023-02-21 | 2023-05-26 | 江苏云涌电子科技股份有限公司 | SD-WAN network address planning system based on virtual domain name |
-
2024
- 2024-01-26 CN CN202410114567.5A patent/CN117650965B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150163327A1 (en) * | 2013-12-05 | 2015-06-11 | International Business Machines Corporation | Correct Port Identification in a Network Host Connection |
| CN111163465A (en) * | 2018-11-07 | 2020-05-15 | 北京京东尚科信息技术有限公司 | Method and device for connecting user terminal and local terminal and call center system |
| US20200322182A1 (en) * | 2019-04-04 | 2020-10-08 | Tata Communications Transformation Services (US) Inc. | Virtual cloud exchange system and method |
| CN113132129A (en) * | 2019-12-30 | 2021-07-16 | 华为技术有限公司 | Network management method, device and system, and storage medium |
| CN111371639A (en) * | 2020-02-21 | 2020-07-03 | 腾讯科技(深圳)有限公司 | Network delay analysis method and device, storage medium and computer equipment |
| CN115606154A (en) * | 2020-05-15 | 2023-01-13 | 华为技术有限公司(Cn) | Internet protocol security (IPsec) simplification in Border Gateway Protocol (BGP) controlled software defined wide area networks (SD-WANs) |
| CN115134105A (en) * | 2021-03-26 | 2022-09-30 | 深圳云安宝科技有限公司 | Resource configuration method and device of private network, electronic equipment and storage medium |
| US11374813B1 (en) * | 2021-04-23 | 2022-06-28 | Verizon Patent And Licensing Inc. | Software defined network device exposure to third parties |
| CN115643297A (en) * | 2022-10-27 | 2023-01-24 | 网络通信与安全紫金山实验室 | Link establishment method and device, nonvolatile storage medium and computer equipment |
| CN116170409A (en) * | 2023-02-21 | 2023-05-26 | 江苏云涌电子科技股份有限公司 | SD-WAN network address planning system based on virtual domain name |
Non-Patent Citations (1)
| Title |
|---|
| 康敏: "内生安全SD-WAN网络架构与关键设备方案研究", 信息安全与通信保密, 10 July 2021 (2021-07-10) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117650965B (en) | 2024-04-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2579634B1 (en) | Methods and apparatus for a self-organized layer-2 enterprise network architecture | |
| CN112583647B (en) | Method and apparatus for common control protocol for wired and wireless nodes | |
| JP5318111B2 (en) | Various methods and apparatus for a central management station for automatically distributing configuration information to remote devices | |
| US7849495B1 (en) | Method and apparatus for passing security configuration information between a client and a security policy server | |
| EP2866389A1 (en) | Method and device thereof for automatically finding and configuring virtual network | |
| JP2016067054A (en) | Flexible system and method to manage digital certificate in wireless network | |
| US10523657B2 (en) | Endpoint privacy preservation with cloud conferencing | |
| CN114826754A (en) | Communication method and system among different networks, storage medium and electronic device | |
| CN111917694A (en) | TLS encrypted traffic identification method and device | |
| WO2009082910A1 (en) | Method and device for network configuration to user terminal | |
| EP3932044B1 (en) | Automatic distribution of dynamic host configuration protocol (dhcp) keys via link layer discovery protocol (lldp) | |
| CN113872933B (en) | Method, system, device, equipment and storage medium for hiding source station | |
| CN114499989A (en) | Security device management method and device | |
| US20060143701A1 (en) | Techniques for authenticating network protocol control messages while changing authentication secrets | |
| CN117650965B (en) | Method and device for realizing SD-WAN management network based on uCPE original ports | |
| CN114884771B (en) | Identity network construction method, device and system based on zero trust concept | |
| CN115378578B (en) | SD-WAN (secure digital-to-Wide area network) implementation method and system based on SM4 cryptographic key | |
| EP3836487A1 (en) | Internet access behavior management system, device and method | |
| CN109088883B (en) | Multi-subnet networking method and device, storage medium and computer equipment | |
| CN107888383B (en) | Login authentication method and device | |
| CN108259292B (en) | Method and device for establishing tunnel | |
| WO2022063075A1 (en) | Billing method and apparatus, communication device, and readable storage medium | |
| US9246880B2 (en) | Methods for secure communication between network device services and devices thereof | |
| CN114978747B (en) | Registration authentication method, registration authentication device, electronic equipment and storage medium | |
| US11792718B2 (en) | Authentication chaining in micro branch deployment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |