CN117650965B - Method and device for realizing SD-WAN management network based on uCPE original ports - Google Patents
Method and device for realizing SD-WAN management network based on uCPE original ports Download PDFInfo
- Publication number
- CN117650965B CN117650965B CN202410114567.5A CN202410114567A CN117650965B CN 117650965 B CN117650965 B CN 117650965B CN 202410114567 A CN202410114567 A CN 202410114567A CN 117650965 B CN117650965 B CN 117650965B
- Authority
- CN
- China
- Prior art keywords
- service
- management network
- client
- port
- ucpe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000015654 memory Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to a method and a device for realizing SD-WAN management network based on uCPE original ports, wherein the method comprises the steps that a server receives a preset identification packet sent by a client; and judging the identity of the client and the corresponding service interception port according to the identification packet, and performing SD-WAN management network deployment by utilizing the service interception port. Whether the user is the original service or the newly added service, the user can be intercepted on uCPE, the identity is indicated by the identification packet sent by the client, the port where the service is actually intercepted is used for uCPE authentication and forwarding, the SD-WAN management network tunnel is embedded into the existing port by utilizing the original interception port on uCPE, an additional configuration router or firewall is not needed, the original service use is not affected, and the completely transparent management network deployment is realized.
Description
Technical Field
The disclosure relates to the technical field of network communication, in particular to a method and a device for realizing an SD-WAN management network based on uCPE original ports.
Background
The management network is an infrastructure of SD-WAN, requiring listening ports on nodes to provide various management services, such as SNMP, ssh, RPC and other API clients, etc. For nodes with public network IP, direct connection is possible, while for intranet nodes, it is usually necessary to make corresponding configuration (generally NAT) on a router or firewall to expose a listening port for services.
For ECR, it is generally managed by an operator, and a user performs little intervention on the network of ECR, so that corresponding management service interception port exposure can be implemented. However, for uCPE, since it is deployed at the boundary between the network of the user and the network of the operator, although the port can be theoretically exposed, there are many management problems in the practical process, such as configuration authority, division interface, and the like.
Disclosure of Invention
In view of the above, the present application provides a method and apparatus for implementing an SD-WAN management network based on uCPE original ports, so as to solve the above-mentioned problems.
In one aspect of the present application, a method for implementing an SD-WAN management network based on uCPE original ports is provided, including the following steps:
the server receives a preset identification packet sent by the client;
and judging the identity of the client and the corresponding service interception port according to the identification packet, and performing SD-WAN management network deployment by utilizing the service interception port.
As an optional embodiment of the application, optionally, the identification packet includes a provisioning flag, an identity token, and a forwarding port.
As an optional embodiment of the present application, optionally, before the server receives the preset identification packet sent by the client, the method further includes:
And configuring the appointment mark and the identity token in the client and the server in advance.
As an optional embodiment of the present application, optionally, the determining, according to the identification packet, the identity of the client and the corresponding service interception port, and performing SD-WAN management network deployment by using the service interception port, includes:
the server authenticates the identity of the client through the identity token;
After passing the authentication, the server judges the corresponding session according to whether the appointed mark is read or not;
and when the server reads the about label, the session is determined to be newly added service, and the designated service interception port is utilized to manage the service.
As an optional embodiment of the application, optionally, the assignment of the service listening port is implemented based on the forwarding port.
As an optional embodiment of the application, optionally, the identification package further comprises a service description.
In another aspect of the present application, there is provided an SD-WAN management network device based on uCPE original ports, including:
the receiving module is configured to receive a preset identification packet sent by the client side by the server side;
the judging and deploying module is configured to judge the identity of the client and the corresponding service interception port according to the identification packet, and utilize the service interception port to conduct SD-WAN management network deployment.
In another aspect of the present application, there is provided a control system including:
A processor;
A memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of implementing an SD-WAN management network based on uCPE native ports as described in any one of the above when executing the executable instructions.
In yet another aspect of the present application, there is provided a non-transitory computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement a method of implementing an SD-WAN management network based on uCPE original ports as described in any of the above.
The invention has the technical effects that:
The application uses the ready-made interception port opened on uCPE to manage the SD-WAN without needing additional router or firewall configuration cooperation. Specifically, the server receives a preset identification packet sent by the client; and judging the identity of the client and the corresponding service interception port according to the identification packet, and performing SD-WAN management network deployment by utilizing the service interception port. Whether the user is the original service or the newly added service, the user can be intercepted on uCPE, the identity is indicated by the identification packet sent by the client, and the port actually intercepted by the service is used for uCPE authentication and forwarding, the SD-WAN management network tunnel is embedded into the existing port by utilizing the original interception port on uCPE, no additional router or firewall configuration is needed, and the original service use is not affected.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features and aspects of the present disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow chart of a method for implementing an SD-WAN management network based on uCPE original ports according to the present invention;
FIG. 2 is a schematic diagram showing the user's own services in the method of implementing an SD-WAN management network based on uCPE original ports according to the present invention;
FIG. 3 is a schematic diagram showing a newly added service in the method for implementing an SD-WAN management network based on uCPE original ports according to the present invention;
Fig. 4 shows a topology diagram of a server and a client in the method for implementing an SD-WAN management network based on uCPE original ports according to the present invention.
Detailed Description
Various exemplary embodiments, features and aspects of the disclosure will be described in detail below with reference to the drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
In addition, numerous specific details are set forth in the following detailed description in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements, and circuits well known to those skilled in the art have not been described in detail in order not to obscure the present disclosure.
Example 1
As shown in fig. 1, in a first aspect of the present application, a method for implementing an SD-WAN management network based on uCPE original ports is provided, including the following steps:
S100, a server receives a preset identification packet sent by a client;
And S200, judging the identity of the client and the corresponding service interception port according to the identification packet, and performing SD-WAN management network deployment by utilizing the service interception port.
Because the user router and firewall of the site at uCPE cannot be configured, the existing port can be used for the management of the SD-WAN, but under normal conditions, one port cannot be shared to provide different applications for a plurality of factories, so that the protocol needs to be modified on the premise of not affecting the use of the original service.
Therefore, the SD-WAN management network tunnel is embedded into the existing TCP port through the original interception port on uCPE, so that the existing service is not affected at all, no additional new configuration is required to be carried out on the user router/firewall, and the completely transparent management network deployment can be realized.
Specifically, the application sequentially passes through step S100, the preset identification packet sent by the client is received by the server, and step S200, the identity of the client and the corresponding service interception port are judged according to the identification packet, and SD-WAN management network deployment is carried out by utilizing the service interception port. Thus achieving the goal of managing SD-WAN with existing ports, the key technology is port sharing.
As shown in fig. 2, session 1 and session 2 are original services (service 0), i.e. user owned services, such as http service, and at uCPE user owned services (service 0) listen to the port, and when SD-WAN management needs to use service 1 and service 2, i.e. new services, session 3 and session 4 are occupied respectively, wherein session 1, session 2, session 3 and session 4, i.e. all sessions are listened to on the same port. However, unlike the user's own service (service 0), after the TCP handshake is finished (the scheme uses TCP as an example and the UDP principle is the same) service 1 and service 2 clients send an identification packet to the service end, so that the service 1 client and service 2 client can indicate the identity, and the service interception port, that is, the port where the service actually listens, is used for uCPE authentication and forwarding.
As shown in fig. 3, after a new service (service 1, service 2) is mixed, a new service session 3 and a new service session 4 respectively identify a packet 1 and an identification packet 2 at the position of the data packet 1, wherein the structure of the identification packet is shown in table 1.
Table 1 shows the structure of the bag
The service 1 client indicates the identity and the port where the service really listens through the identification packet 1, and the service 2 client indicates the identity and the port where the service really listens through the identification packet 2.
As an optional embodiment of the application, optionally, the identification packet includes a provisioning flag, an identity token, and a forwarding port.
Here, it should be noted that, the contract flag (0 xAF0000B 0) in the identification packet may be contracted by the SD-WAN service provider, which is not limited, and the identity token in the identification packet is used to authenticate the identity of the client, so as to prevent a security attack, so that when the client initiates a connection, the identity can be indicated by the identity token in the identification packet.
As an optional embodiment of the present application, optionally, before the server receives the preset identification packet sent by the client, the method further includes: and configuring the appointment mark and the identity token in the client and the server in advance.
That is, in order to enable the server to read the provisioning flag, the client and the server of all services need to be pre-configured with 4 bytes of flag bits, when the server receives the identification packet sent by the client, the client reads the provisioning flag, and can identify that the corresponding session is not the user own service, but a new service, and the service needs to be managed by the SD-WAN through the port where the service really monitors.
It should be further noted that, in order to prevent security attack, the client needs to indicate an identity and perform authentication when initiating connection, so that only authorized services can access the network, so that an identity token needs to be preconfigured between the server and the client, in this embodiment, the length of the identity token is 5 to 20 bytes, the content is a 128-bit identifier, and the identity token can be updated through the management network.
Further, the 21-22 bytes of the identification packet are correspondingly configured with a forwarding port, and as an optional embodiment of the present application, optionally, the service listening port is designated based on the forwarding port. In this embodiment, a real listening port of the service is specified through the forwarding port, for example, the service 2 client determines that the real listening port of the service is the service 2 listening port in uCPE through identifying the forwarding port in the packet 2. That is, the client sends an identification packet to indicate the identity and the port to which the service really listens for uCPE authentication and forwarding.
As an optional embodiment of the application, optionally, the identification package further comprises a service description. The service description corresponding to 25-48 bytes is an optional field, and is used for carrying out supplementary description on the service content of the current session, and encoding is carried out in a binary format. And 23-24 bytes in the identification packet of the present application are reserved fields, which are not limited.
As an optional embodiment of the present application, optionally, the determining, according to the identification packet, the identity of the client and the corresponding service interception port, and performing SD-WAN management network deployment by using the service interception port, includes:
s210, the server authenticates the identity of the client through the identity token;
S220, after passing the authentication, the server judges the corresponding session according to whether the contract mark is read or not;
And S230, when the server reads the about label, the session is determined to be newly added service, and management service is carried out by using the designated service interception port.
That is, after receiving the identification packet sent by the newly added service client, the service end firstly authenticates the client according to the identity token in the identification packet, and after authentication passes, i.e. when no security attack risk exists, the service end judges the session according to whether the appointed mark in the identification packet is read, i.e. judges whether the original service of the user is newly added service when the session is judged, when the service end reads the appointed mark, the service end can judge that the session is not the self service of the user but the newly added service, and then special logic processing is triggered, i.e. the appointed service is really forwarded by the interception port uCPE.
For example, as shown in fig. 4, the session 1 and the session 2 corresponding to the own service of the user do not have an identification packet, so when the client of the own service of the user (service 0) initiates a connection, the service end cannot read the contract mark, and at this time, the session 1 and the session 2 are considered to be the own service of the user, and the corresponding interception port is the interception port of the own service of the user (service 0) on the uCPE node; the service 2 client sends an identification packet 2 to the service end to indicate the identity of the service, and the service really listens to the port (service 2 interception port), when the service end reads the agreed mark in the identification packet 2, the session 4 can be identified as not being the user self-service, and the special logic designates the service 2 really listens to the port (service 2 interception port). The service 2 interception port utilizes the ready-made interception port opened on uCPE, and no additional configuration router or firewall is needed, so that the problem that the user router and the firewall of the site where uCPE is located cannot be configured is effectively solved, and the SD-WAN management network can realize intelligent management and control of network traffic under the condition that the existing network configuration is not influenced. The listening port assignment procedure for service 1 is the same as that for service 2, and the repetition is not repeated. The deployment mode of the application can also provide better safety. Since no new configuration of the user firewall is required, security risks can be reduced and the security of the existing network is ensured not to be affected.
It will be appreciated by those skilled in the art that implementing all or part of the above-described embodiment methods may be implemented by a computer program for instructing relevant hardware, and the program may be stored in a computer readable storage medium, and the program may include the embodiment flow of each control method as described above when executed. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a random access memory (RandomAccessMemory, RAM), a flash memory (flash memory), a hard disk (HARDDISKDRIVE, abbreviated as HDD), a solid state disk (solid-state STATEDRIVE, SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
Example 2
In another aspect of the present application, there is provided an SD-WAN management network device based on uCPE original ports, including:
the receiving module is configured to receive a preset identification packet sent by the client side by the server side;
the judging and deploying module is configured to judge the identity of the client and the corresponding service interception port according to the identification packet, and utilize the service interception port to conduct SD-WAN management network deployment.
Example 3
Still further, another aspect of the present application provides a control system, including:
A processor;
A memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of implementing an SD-WAN management network based on uCPE native ports as described in any one of the above when executing the executable instructions.
Embodiments of the present disclosure control a system that includes a processor and a memory for storing processor-executable instructions. The processor is configured to execute the executable instructions to implement any of the methods described above for implementing an SD-WAN management network based on uCPE native ports.
Here, it should be noted that the number of processors may be one or more. Meanwhile, in the control system of the embodiment of the present disclosure, an input device and an output device may be further included. The processor, the memory, the input device, and the output device may be connected by a bus, or may be connected by other means, which is not specifically limited herein.
The memory is a computer-readable storage medium that can be used to store software programs, computer-executable programs, and various modules, such as: program or module corresponding to the method for implementing SD-WAN management network based on uCPE original ports in the embodiment of the present disclosure. The processor executes various functional applications and data processing of the control system by running software programs or modules stored in the memory.
The input device may be used to receive an input number or signal. Wherein the signal may be a key signal generated in connection with user settings of the device/terminal/server and function control. The output means may comprise a display device such as a display screen.
Example 4
In yet another aspect of the present application, there is provided a non-transitory computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement a method of implementing an SD-WAN management network based on uCPE original ports as described in any of the above.
The foregoing description of the embodiments of the present disclosure has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the technical improvement of the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (7)
1. A method for realizing SD-WAN management network based on uCPE original ports is characterized by comprising the following steps:
the server receives a preset identification packet sent by the client;
The identification packet comprises a contract mark, an identity token and a forwarding port;
Judging the identity of the client and a corresponding service interception port according to the identification packet, and performing SD-WAN management network deployment by utilizing the service interception port;
The step of judging the identity of the client and the corresponding service interception port according to the identification packet and performing SD-WAN management network deployment by using the service interception port comprises the following steps:
the server authenticates the identity of the client through the identity token;
After passing the authentication, the server judges the corresponding session according to whether the appointed mark is read or not;
and when the server reads the about label, the session is determined to be newly added service, and the designated service interception port is utilized to manage the service.
2. The method for implementing an SD-WAN management network based on uCPE original ports according to claim 1, wherein before the server receives the preset identification packet sent by the client, the method further includes:
And configuring the appointment mark and the identity token in the client and the server in advance.
3. The method for implementing an SD-WAN management network based on uCPE original ports according to claim 1, wherein the assignment of the service listening port is implemented based on the forwarding port.
4. The method for implementing an SD-WAN management network based on uCPE original ports of claim 1, wherein the identification packet further includes a service description.
5. An apparatus for implementing SD-WAN management network based on uCPE original ports, comprising:
the receiving module is configured to receive a preset identification packet sent by the client side by the server side;
The identification packet comprises a contract mark, an identity token and a forwarding port;
The judging and deploying module is configured to judge the identity of the client and the corresponding service interception port according to the identification packet, and utilize the service interception port to conduct SD-WAN management network deployment;
The step of judging the identity of the client and the corresponding service interception port according to the identification packet and performing SD-WAN management network deployment by using the service interception port comprises the following steps:
the server authenticates the identity of the client through the identity token;
After passing the authentication, the server judges the corresponding session according to whether the appointed mark is read or not;
and when the server reads the about label, the session is determined to be newly added service, and the designated service interception port is utilized to manage the service.
6. A control system, comprising:
A processor;
A memory for storing processor-executable instructions;
Wherein the processor is configured to implement the method of any one of claims 1 to 4 based on uCPE native ports to implement an SD-WAN management network when executing the executable instructions.
7. A non-transitory computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method of implementing an SD-WAN management network based on uCPE native ports of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410114567.5A CN117650965B (en) | 2024-01-26 | 2024-01-26 | Method and device for realizing SD-WAN management network based on uCPE original ports |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410114567.5A CN117650965B (en) | 2024-01-26 | 2024-01-26 | Method and device for realizing SD-WAN management network based on uCPE original ports |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117650965A CN117650965A (en) | 2024-03-05 |
| CN117650965B true CN117650965B (en) | 2024-04-19 |
Family
ID=90049848
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410114567.5A Active CN117650965B (en) | 2024-01-26 | 2024-01-26 | Method and device for realizing SD-WAN management network based on uCPE original ports |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117650965B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111163465A (en) * | 2018-11-07 | 2020-05-15 | 北京京东尚科信息技术有限公司 | Method and device for connecting user terminal and local terminal and call center system |
| CN111371639A (en) * | 2020-02-21 | 2020-07-03 | 腾讯科技(深圳)有限公司 | Network delay analysis method and device, storage medium and computer equipment |
| CN113132129A (en) * | 2019-12-30 | 2021-07-16 | 华为技术有限公司 | Network management method, device and system, and storage medium |
| US11374813B1 (en) * | 2021-04-23 | 2022-06-28 | Verizon Patent And Licensing Inc. | Software defined network device exposure to third parties |
| CN115134105A (en) * | 2021-03-26 | 2022-09-30 | 深圳云安宝科技有限公司 | Resource configuration method and device of private network, electronic equipment and storage medium |
| CN115606154A (en) * | 2020-05-15 | 2023-01-13 | 华为技术有限公司(Cn) | Internet protocol security (IPsec) simplification in Border Gateway Protocol (BGP) controlled software defined wide area networks (SD-WANs) |
| CN115643297A (en) * | 2022-10-27 | 2023-01-24 | 网络通信与安全紫金山实验室 | Link establishment method and device, nonvolatile storage medium and computer equipment |
| CN116170409A (en) * | 2023-02-21 | 2023-05-26 | 江苏云涌电子科技股份有限公司 | SD-WAN network address planning system based on virtual domain name |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2520976A (en) * | 2013-12-05 | 2015-06-10 | Ibm | Correct port identification in a network host connection |
| US11070396B2 (en) * | 2019-04-04 | 2021-07-20 | Tata Communications Transformation Services (US) Inc. | Virtual cloud exchange system and method |
-
2024
- 2024-01-26 CN CN202410114567.5A patent/CN117650965B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111163465A (en) * | 2018-11-07 | 2020-05-15 | 北京京东尚科信息技术有限公司 | Method and device for connecting user terminal and local terminal and call center system |
| CN113132129A (en) * | 2019-12-30 | 2021-07-16 | 华为技术有限公司 | Network management method, device and system, and storage medium |
| CN111371639A (en) * | 2020-02-21 | 2020-07-03 | 腾讯科技(深圳)有限公司 | Network delay analysis method and device, storage medium and computer equipment |
| CN115606154A (en) * | 2020-05-15 | 2023-01-13 | 华为技术有限公司(Cn) | Internet protocol security (IPsec) simplification in Border Gateway Protocol (BGP) controlled software defined wide area networks (SD-WANs) |
| CN115134105A (en) * | 2021-03-26 | 2022-09-30 | 深圳云安宝科技有限公司 | Resource configuration method and device of private network, electronic equipment and storage medium |
| US11374813B1 (en) * | 2021-04-23 | 2022-06-28 | Verizon Patent And Licensing Inc. | Software defined network device exposure to third parties |
| CN115643297A (en) * | 2022-10-27 | 2023-01-24 | 网络通信与安全紫金山实验室 | Link establishment method and device, nonvolatile storage medium and computer equipment |
| CN116170409A (en) * | 2023-02-21 | 2023-05-26 | 江苏云涌电子科技股份有限公司 | SD-WAN network address planning system based on virtual domain name |
Non-Patent Citations (1)
| Title |
|---|
| 内生安全SD-WAN网络架构与关键设备方案研究;康敏;信息安全与通信保密;20210710;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117650965A (en) | 2024-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10015046B2 (en) | Methods and apparatus for a self-organized layer-2 enterprise network architecture | |
| EP2866389B1 (en) | Method and device thereof for automatically finding and configuring virtual network | |
| CN112583647B (en) | Method and apparatus for common control protocol for wired and wireless nodes | |
| CN107580768B (en) | Message transmission method, device and system | |
| US10091102B2 (en) | Tunnel sub-interface using IP header field | |
| EP2731313B1 (en) | Distributed cluster processing system and message processing method thereof | |
| CN111083102A (en) | Internet of things data processing method, device and equipment | |
| CN114143283B (en) | Tunnel self-adaptive configuration method and device, central terminal equipment and communication system | |
| CN111742529B (en) | Security negotiation in service-based architecture (SBA) | |
| CN111917694A (en) | TLS encrypted traffic identification method and device | |
| EP3932044B1 (en) | Automatic distribution of dynamic host configuration protocol (dhcp) keys via link layer discovery protocol (lldp) | |
| CN113872933B (en) | Method, system, device, equipment and storage medium for hiding source station | |
| EP3884449A1 (en) | Method and system for a network device to obtain a trusted state representation of the state of the distributed ledger technology network | |
| CN117650965B (en) | Method and device for realizing SD-WAN management network based on uCPE original ports | |
| CN114884771B (en) | Identity network construction method, device and system based on zero trust concept | |
| EP3836487A1 (en) | Internet access behavior management system, device and method | |
| CN108259292B (en) | Method and device for establishing tunnel | |
| CN113300998A (en) | Method and device for realizing data encryption transmission and communication system | |
| CN111953798A (en) | Cross-network communication method, device and system and proxy server | |
| WO2022063075A1 (en) | Billing method and apparatus, communication device, and readable storage medium | |
| US11792718B2 (en) | Authentication chaining in micro branch deployment | |
| WO2024027419A1 (en) | Packet sending method, apparatus and system | |
| US9246880B2 (en) | Methods for secure communication between network device services and devices thereof | |
| CN114338784A (en) | Service processing method, device and storage medium | |
| CN116319166A (en) | Cross-public-network multi-machine-room intranet communication method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |