CN100426753C - Network managing method based on SNMP - Google Patents

Network managing method based on SNMP Download PDF

Info

Publication number
CN100426753C
CN100426753C CN 200610107903 CN200610107903A CN100426753C CN 100426753 C CN100426753 C CN 100426753C CN 200610107903 CN200610107903 CN 200610107903 CN 200610107903 A CN200610107903 A CN 200610107903A CN 100426753 C CN100426753 C CN 100426753C
Authority
CN
China
Prior art keywords
key
nms
network element
snmp
ne
Prior art date
Application number
CN 200610107903
Other languages
Chinese (zh)
Other versions
CN1901478A (en
Inventor
冬 李
李宏敏
李德胜
Original Assignee
Ut斯达康通讯有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ut斯达康通讯有限公司 filed Critical Ut斯达康通讯有限公司
Priority to CN 200610107903 priority Critical patent/CN100426753C/en
Publication of CN1901478A publication Critical patent/CN1901478A/en
Application granted granted Critical
Publication of CN100426753C publication Critical patent/CN100426753C/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. local area networks [LAN], wide area networks [WAN]
    • H04L12/44Star or tree networks

Abstract

本发明的目的在于,提出一种高度安全性的基于SNMP的网络管理方法。 Object of the present invention is to provide a high degree of security of network management method based on SNMP. 该方法包含下述步骤:(a)NMS启动并进行初始化;(b)NMS检测网元的通讯状态及密钥状态以确定是否需要与网元进行密钥同步;(c)NMS生成用于查询网元当前信息的SNMP Get请求并发送至网元,网元返回包含查询到的网元当前信息的SNMP响应;(d)NMS生成用于控制/配置网元的SNMP Set请求,并将生成的SNMP Set请求加密后发送至网元,网元返回包含控制/配置结果的SNMP响应。 The method comprises the steps of: (a) NMS starts and initializes; (b) NMS NE detected communication status and to determine whether the state key for key synchronization with the network element; (c) NMS generating a query NEs SNMP Get request and transmits information to the network element, the network element comprising SNMP query returns the NE to the response information; (d) NMS generates a control / configuration SNMP Set request to the network element, and the resulting SNMP Set request is sent to the network element encrypted, the NE returns SNMP response comprises control / configuration results. 由此,通过对SNMP Set请求进行加密,能够保护被管理的网络不会经由SNMP Set请求而受到攻击,从而确保了足够的安全性。 Thus, through the encryption of SNMP Set request, to protect the managed network will not be attacked via the SNMP Set request to ensure adequate security.

Description

一种基于SNMP的网络管理方法 One kind of SNMP-based network management

技术领域 FIELD

本发明涉及通信网络的安全管理,特别地涉及在通信网络管理中基于SNMP(Simple Network Management Protocol:简单网络管理协议)的网络管理的方法。 The present invention relates to a security management communications network, particularly to an SNMP-based management in a communication network (Simple Network Management Protocol: Simple Network Management Protocol) network management method.

背景技术 Background technique

图1是表示网络管理结构的示意图。 1 is a schematic diagram of a network management structure. 在图1中,在NMS和被管理网络(网元) 之间基于SNMP进行网络管理,其中,NMS(Network Management System,网络管理系统)包含NMS应用层和NMS通讯层。 In Figure 1, the network management based on the SNMP management between the NMS and the network (NE), wherein, NMS (Network Management System, NMS) comprising an application layer and the NMS NMS communication layer. 又,SNMP是一种电信网络管理领域中广泛使用的管理协议,它提供了一种从网络设备中收集网络管理信息以及控制/ 配置网络设置的方法,同时,SNMP也为设备向NMS报告问题和错误提供了一种方法。 And, SNMP management protocol is a telecommunication field of network management is widely used, it provides a method of network management information and control / configure the network settings collected from network devices while, SNMP also report the problem to the device and the NMS error provide a method.

一般地,在NMS和被管理网络(网元)之间根据SNMP进行电信网络管理的过程如下:NMS应用层发送查询或者控制/配置请求给NMS通讯层,NMS通讯层将这些请求转换成SNMP Get/Set请求并与被管理的电信设备进行交互,同时如果被管理的电信网络发生故障或异常,电信设备也会向NMS发送SNMP trap。 Generally, between the NMS and the managed network (NE) according to the procedure for SNMP management of telecommunications networks as follows: the application layer to send a query NMS or the control / communication layer configuration request to the NMS, NMS communication layer converts these requests into SNMP Get / Set requests and interact with the managed telecommunications equipment, and if the managed telecommunications network failure or abnormal, telecommunications equipment also sends SNMP trap to the NMS.

当前许多电信设备直接部署在Internet上,如何安全地对其进行管理、如何保证这些设备不会通过SNMP请求特别是SNMP Set请求被攻击是至关重要的。 Many of today's telecommunications equipment directly deployed on the Internet, how to safely manage, how to ensure that these devices are not particularly SNMP Set request is being attacked by critical SNMP requests. 如果黑客知道被管理电信设备的MIB定义,就可以非常容易地通过模拟或篡改SNMP Set请求来控制和/或重新配置电信设备,从而达到攻击的目的,这些控制/ 配置操作可能是:(l)软硬件重启或复位;(2)硬件下电或停止运行;(3)系统手工切换;(4)修改交叉连接;(5)重新配置与业务有关的参数。 If a hacker knows the managed telecommunication device MIB definition, it can be easily simulated tampering object SNMP Set request to control and / or reconfigure the telecommunication device to such an attack, these control / configuration operations may be: (l) hardware and software to restart or reset; (2) an electrical hardware or stopped; (3) manually switching system; (4) modify the cross-connect; (5) re-allocation and business-related parameters. 所有这些操作都可能影响或者中断电信业务,从而带给电信网络巨大的灾难。 All these operations are likely to affect or interrupt telecommunications services, telecommunications network in order to bring huge disaster.

目前解决这个问题的主要方式是使用SNMPV3,利用SNMPV3所支持的安全机制来保护被管理的电信设备免受攻击,但使用SNMP V3存在以下问题: (l)SNMP V3过于复杂,它已经不再是一个"简单,,的网络管理协议,因而加大了实现的难度;(2)目前许多电信设备以及SNMP开发工具不支持SNMP V3。 Currently the main way to solve this problem is to use SNMPV3, use SNMPV3 supported security mechanisms to protect telecommunication equipment to be managed from attacks, but there is a problem using SNMP V3: (l) SNMP V3 is too complex, it is no longer a ",, simple network management protocol, thus increasing the difficulty of implementation; (2) many of telecommunications equipment as well as SNMP tools do not support SNMP V3.

发明内容 SUMMARY

本发明鉴于上述问题,其目的在于,提供一种安全性高的基于SNMP的网络管理方法。 The present invention in view of the above problems, it is an object to provide SNMP-based network management method of high safety.

在本发明中,基于SNMP在NMS与多个网元之间进行网络管理,其特征在于,包含下述步骤: In the present invention, based on the SNMP network management between a plurality of network elements and NMS, which comprising the steps of:

(a) NMS启动并进行初始化; (A) NMS starts and initializes;

(b) NMS检测网元的通讯状态以及密钥状态以确定是否需要与网元进行密钥 (B) NMS communication state detecting NE and the key state to determine the need for a key and NEs

同步; Synchronize;

(c) NMS生成用于查询网元当前信息的SNMP Get请求并发送至网元,网元返回包含查询到的网元当前1言息的SNMP响应; (C) NMS generates query information to the NE and transmitted to the SNMP Get request to the NE, the NE returns to the SNMP query response containing the NE 1 made of interest;

(d) NMS生成用于控制/配置网元的SNMP Set请求,并将生成的SNMP Set请求加密后发送至网元,网元返回包含控制/配置结杲的SNMP响应。 (D) NMS generates a control / configuration SNMP Set request to the network element, sending the request to the NE and the resulting encrypted SNMP Set, the NE returns a control / configuration of the SNMP response Gao junction.

其中,上述步骤(a)包括: (al)NMS启动的步骤; Wherein said step (a) comprises the steps of: (al) NMS initiated;

(a2)NMS从密钥文件中读取密钥并将该密钥赋值给用于记录NMS中的最新密钥的latestKey。 (A2) NMS read the key from the key file and the key to a new key assignment latestKey record in the NMS.

其中,上述步骤(b)中包含: 通讯状态检测步骤和密钥状态检测步骤, Wherein said step (b), comprising: a communication state detecting step and a key state detecting step,

其中,设网元的密钥状态为withoutKey、 keyMatched、或keyMismatched中的任意一种, Wherein the network element is provided for the key state of any one withoutKey, keyMatched, or in keyMismatched,

其中,在所述密钥状态检测步骤中,若检测到该网元的密钥状态为keyMatched,则表示网元密钥与NMS匹配;若检测到该网元的密钥状态为withoutKey,则NMS将通过SFTP方式将密钥文件传递给该网元,将网元的密钥状态修改为keyMatched并且将当前使用的密钥设置为latestKey;若检测到该网元的密钥状态为keyMismatched,则NMS将通过SFTP方式将密钥文件传递給该网元,利用加密后SNMP Set请求通知该网元更新密钥,同时将网元的密钥状态寸奮改为keyMatched并且将网元当前使用的密钥设置为latestKey。 Wherein, in the key state detecting step, if the key state is detected for the keyMatched the network element, the network element indicates the key matches with the NMS; if the key state is detected for the withoutKey the network element, the NMS the SFTP passes by way of the key file to the network element, the network element to modify the state of the key and the key set keyMatched currently used by the latestKey; if the key state is detected for the keyMismatched the network element, the NMS the SFTP passes by way of the key file to the network element, after encryption using SNMP Set request notice key update the network element, the network element at the same time the key state to excited keyMatched inch NE and the key currently in use set latestKey.

其中,上述步骤(c)中包含下述步骤:(cl)NMS判断网元是否在线;(c2)如果网元在线,NMS生成SNMP Get请求;(c3)NMS将生成的SNMP Get请求发送给网元;(c4)NMS接收网元发送来的SNMP响应。 Wherein said step (c), comprising the steps of: (cl) NMS is determined whether NE line; (C2) if the network element line, the NMS generating SNMP Get request; (c3) NMS generated SNMP Get request to the network yuan; (c4) NMS receives SNMP network element transmitted in response.

其中,上述步骤(d)中包含下述步骤: Wherein said step (d), comprising the steps of:

(dl)NMS判断网元是否在线;(d2)如果该网元在线,NMS检查该网元的密钥状态; (d3)NMS按照控制/配置请求生成SNMP Set请求; (Dl) NMS is determined whether NE line; (D2) if the network element line, NMS checks the key state of the network element; (d3) NMS request generating SNMP Set request in accordance with a control / configuration;

(d4)NMS利用该网元当前使用的密钥加密SNMP Set请求,并且将加密的SNMP Set请求发送给网元; (D4) NMS with which NEs using SNMP Set request key encryption, and the encrypted SNMP Set request to the NE;

(d5)NMS从该网元获得包含控制/配置结果的SNMP响应。 (D5) NMS SNMP response is obtained comprising a control / configuration from the network element.

其中,在上述步骤(d2)中,若该网元的密钥状态为keyMatched,则表示网元密钥与NMS匹配;若该网元的密钥状态为withoutKey,则NMS将通过SFTP方式将密钥文件传递给该网元,将网元的密钥状态修改为keyMatched并且将当前使用的密钥设置为latestKey;如果该网元的密钥状态为keyMismatched,则NMS将通过SFTP方式将密钥文件传递给该网元,并利用加密的SNMP Set请求通知该网元更新密钥,同时将网元的密钥状态修改为keyMatched并且将网元当前使用的密钥设置为latestKey。 Wherein, in the step (d2), if the network element is the key state of the keyMatched, it indicates the network element matches with the NMS key; if the network element is the key state of the withoutKey, then the NMS to SFTP-tight manner by key file is transmitted to the network element, the network element to modify the state of the key and the key set keyMatched currently used by the latestKey; if the key state of the network element is the keyMismatched, the NMS to SFTP manner by the key file passed to the network element, encrypted using SNMP set request notice key update the network element, the network element at the same time modifying the key state keyMatched NE and the key currently used latestKey.

其中,若在网元发生故障的情况下,包含下述步骤: Wherein, if in case of failure of a network element, comprising the steps of:

(I) 网元发送SNMP trap给NMS; (I) NE transmits SNMP trap to the NMS;

(II) NMS判断该trap的类型; (II) NMS determines the type of the trap;

(III) 若该trap为NERestart,则NMS检查该网元的密钥状态,并在需要的情况下进行密钥同步:若该网元的密钥状态为keyMatched,则表示网元密钥与NMS匹配;若该网元的密钥状态为withoutKey,则NMS将通过SFTP方式将密钥文件传递给该网元,将网元的密钥状态修改为keyMatched并且将当前使用的密钥设置为latestKey;如果该网元的密钥状态为keyMismatched,则NMS将通过SFTP方式将密钥文件传递给该网元,并利用加密的SNMP Set请求通知该网元更新密钥,同时将网元的密钥状态修改为keyMatched并且将网元当前使用的密钥设置为latestKey。 (III) if the trap is NERestart, NMS checks the key state of the network element, and in the case of key synchronization needed: if the key state of the network element is the keyMatched, it indicates the network element with the key NMS matching; if the key state of the network element is the withoutKey, the NMS delivering the key file to SFTP mode by the network element, the network element keyMatched modifying the key state and the key currently in use to the latestKey; If the key state of the network element is the keyMismatched, the NMS delivering to the NE SFTP mode key file, encrypted using SNMP Set request to update the network element notifies the key while the key state of the network element modified to keyMatched NE and the key currently used latestKey.

(IV)若该trap为NERequestKeyInfo,则NMS通过SFTP方式将密钥文件传递给网元,并且NMS将该网元的密钥状态从withoutKey修改成keyMatched,同时将该网元当前使用的密钥设置为latestKey。 (IV) if the trap is NERequestKeyInfo, the NMS by SFTP mode key file is passed to the network element, the NMS and the network element to modify the key state from the withoutKey keyMatched, while the network element is provided using the current key as latestKey.

又,在NMS上创建一个新网元的情况下,包含下述步骤: Further, the case of creating a new network element in the NMS, comprising the steps of:

NMS将该网元的密钥状态修改为withoutKey; The NMS network element modifying the key state the withoutKey;

NMS检测该网元是否在线,若该网元在线,NMS将通过SFTP方式将密钥文件传递给该网元,并且将该网元的密钥状态从withoutKey修改为keyMatched, 同时将该网元当前使用的密钥设置为latestKey。 Detecting whether the NE NMS line, if the online network element, the NMS passes through SFTP mode key file to the network element, the network element and the key state is modified from the keyMatched withoutKey, while the NEs key settings used to latestKey.

又,若从NMS侧修改网元侧密钥的情况下,包含下述步骤: Further, when the case where the modified NMS NE side key, comprising the steps of:

(I) NMS生成新的密钥并将它赋值给latestKey; (I) NMS generating a new key and assign it to the latestKey;

(II) NMS根据新生成的密钥生成新的密钥文件; (II) NMS generating a new key file newly generated according to the key;

(III) NMS与网元进行通讯,更新网元侧的密钥文件和密钥。 (III) NMS communication, the key file and the key side and more new NE NE.

其中,上述步骤(III)中,如果该网元在线,NMS将通过SFTP方式将密钥文件传递给该网元,并利用加密后的SNMP Set请求通知该网元更新密钥,同时, 将该网元的密钥状态修改给keyMatched,并且将该网元当前使用的密钥设置为latestKey;如果该网元处于离线状态且其密钥状态为keyMatched, NMS则将其密钥状态^多改为keyMismatched。 Wherein said step (III), if the online network element, the NMS to SFTP passes by way of the key file to the network element, the network element notifies the request and update the encryption key using the SNMP Set, while the NE modifying the key state to keyMatched, NE and the current key used to set the latestKey; if the network element is offline and which key state is keyMatched, NMS state then it is the key to a multi ^ keyMismatched.

其中,利用网元中的旧密钥对所述SNMP Set请求进行加密。 Wherein the network element using the old key encrypted SNMP Set request.

如上所述,本发明是通过对SNMP Set请求进行加密,以保护被管理的网络不会经由SNMP Set请求而受到攻击,从而确保足够的安全性。 As described above, the present invention is by SNMP Set request encrypted to protect the managed network will not be attacked via SNMP Set request, thereby ensuring sufficient safety.

进一步,如上所述,在本发明中,密钥是通过SFTP (Secured FTP,安全FTP) 方式传递到网元侧,SFTP是基于SSH (Secure Shell)的,它通过使用SSH而对所有传输的数据进行加密,这样"中间人"这种攻击方式就不可能实现了,而且也能够防止DNS和IP欺骗。 Further, as described above, in the present invention, the key is transmitted to the NE through SFTP (Secured FTP, secure FTP) mode, the SFTP based SSH (Secure Shell), which by using SSH and the data transmission for all encryption, such a "middleman" this attack can not be achieved, but also to prevent DNS and IP spoofing. 再一优点在于,SSH中传输的数据是经过压缩的,所以可以加快传输的速度。 A further advantage is that the data transmission SSH is compressed, it is possible to speed up the transmission. 由此可见,在本发明中,通过SFTP方式传递密钥,能够提高传递密钥过程中的安全性。 Thus, in the present invention, the transfer key by SFTP, it is possible to improve the security of the key transmission process.

进一步,如上所述,在本发明中,为了保证安全性,操作员可以定期修改密钥,从而也进一步保证了SNMP Set请求不被轻易模拟或篡改。 Further, as described above, in the present invention, in order to ensure safety, the operator can modify the key on a regular basis, thus further ensuring the SNMP Set request is not easily simulated tampering.

附图说明 BRIEF DESCRIPTION

图1是表示网络管理结构的示意图。 1 is a schematic diagram of a network management structure. 图2是表示网元侧密钥状态的状态图。 FIG 2 is a state diagram showing a state key NEs.

图3是表示NMS中SNMP Get请求以及SNMP响应的处理流程图。 FIG 3 is a flowchart showing the processing in the NMS SNMP SNMP Get request and response. 图4是表示NMS中SNMP Set请求的处理流程图。 FIG 4 is a flowchart showing the processing in the NMS SNMP Set request. 图5是表示NMS中的SNMP Trap的处理流程图。 FIG 5 is a flowchart showing the processing of the NMS SNMP Trap. 图6是表示NMS中创建新网元的处理流程图。 FIG 6 is a flowchart showing the processing to create a new network element of the NMS. 图7是表示NMS中修改密钥的处理流程图。 FIG 7 is a flowchart showing the processing of the key modified NMS.

具体实施方式 Detailed ways

以下,参照图2 ~图7对于本发明的基于SNMP的网络管理方法进行说明。 Or less, for 2 to 7 for SNMP based network management method of the present invention is described with reference to FIG. 在本发明的基于SNMP的网络管理方法中,基于SNMP在NMS与网元之间进行网络管理。 SNMP based network management method of the present invention, based on the SNMP network management between the NMS and the network element. 该方法的主要流程包括: NMS启动并进行初始化; The main flow of the method comprising: NMS starts and initializes;

NMS检测网元的通讯状态以及密钥状态以确定是否需要与网元进行密钥同 NMS detects whether the communication status and the status of key network elements to determine the need for key network elements with the same

步; step;

NMS生成用于查询网元当前信息的SNMP Get请求并发送至网元,网元返回包含查询到的网元当前信息的SNMP响应; NMS generates query information to the NE and transmitted to the SNMP Get request network element, the network element comprising SNMP query returns the NE to the response information;

NMS生成用于控制/配置网元的SNMP Set请求,并将生成的SNMP Set加密后发送至网元,网元返回包含控制/配置结果的SNMP响应。 NMS generates a control / configuration SNMP Set request to the network element, the network element to send encrypted and the resulting SNMP Set, the NE returns SNMP response comprises control / configuration results.

其中,关于网元的密钥状态,如图2所示,我们定义了三个状态:withoutKey、 keyMatched、以及keyMismatched。 Wherein, on the key state of the network element, shown in Figure 2, we define three states: withoutKey, keyMatched, and keyMismatched. withoutKey表示该网元处于初始状态(没有密钥),自从操作员在NMS上创建它后就一直处于离线状态(例如,网元没有上电或因为网络原因而无法与NMS进行通讯),因此NMS无法将密钥传递(或同步)给它; keyMismatched表示该网元密钥与NMS不匹配;keyMatched表示密钥已经成功传递(或同步)到网元侧并且与NMS匹配。 withoutKey indicates that the network element is in the initial state (no keys), since it was created after the operator on the NMS has been offline (for example, the network element is not powered or because the network reasons not communicate with the NMS), therefore NMS the key can not pass (or synchronous) to it; the keyMismatched key indicates the network element does not match with the NMS; represents the keyMatched key has been successfully delivered (or synchronized) to the NE and the match and the NMS.

为了管理每个网元的密钥状态和当前使用的密钥,我们可以定义如下的数据 To manage the status of each network element key and the key currently in use, we can define the following data

结构: structure:

structure { structure {

int keyState;网元的密钥状态,其取值为withoutKey 、 keyMatched或keyMismatched int keyState; key state of the network element, the value of withoutKey, keyMatched or keyMismatched

string currentKey; 记录网元当前4吏用的密钥同时,这里还引入一个全局变量latestKey,它用于记录NMS中的最新密钥。 string currentKey; recording key 4 while the NE with officials, there is also introduced into the latestKey a global variable, which is used in the most recent key record NMS. 在上述步骤(a)的NMS启动并进行初始化的过程中,具体包含:(al)NMS启动的步骤;(a2)NMS从密钥文件中读取密钥并将该密钥赋值给上述latestKey。 NMS process starts at the above step (a), and initialization, specifically comprises: step (Al) NMS initiated; (A2) NMS read the key from the key file and the key assigned to said latestKey. (a3)NMS发送SNMP请求给网元并处理从网元返回的SNMP响应;或者接收并处理网元发送来的trap(关于trap将在下文描述);或者为用户提供操作界面。 (A3) NMS send an SNMP request to the SNMP network element and process the response back from the network element; or trap to receive and process the transmitted NE (about trap will be described later); or to provide the user interface.

关于初始化, 一般在NMS初始包中包含一个缺省密钥文件。 About initialization, a default key generally comprises an initial package file NMS. 如果操作员在NMS部署后没有修改密钥,NMS将使用该缺省密钥与所有被管网元进行通讯, 这种情况下NMS初始化时赋值给latestKey的就是这个缺省密钥;反之,如果操作员在NMS部署后修改了密钥,在NMS初始化时赋值给latestKey的就是修改过的密钥。 If the operator does not modify the key after the deployment of NMS, NMS will use the default key to all the managed network elements to communicate, assign latestKey NMS initialization when this case is the default key; on the contrary, if after deploying NMS operator to modify the key, it is assigned to the modified key latestKey at NMS initialization.

另外,上述的"密钥文件,,存储于任何NMS可以访问的位置,其内容就是单纯的密钥信息(KEY)。 In addition, the above-mentioned "key file stored in any position ,, NMS can access its content is simply key information (KEY).

又,在上述步骤(b)中,包括NMS ^r测网元的通讯状态以及密钥状态这两个过程。 Further, in the above-described step (b), including the NMS ^ r NE measured communication state and the key state of these two processes.

首先,为了便于NMS将密钥传递(或同步)给网元,NMS需要检测每个网元的通信状态是否恢复。 First, in order to facilitate the NMS key delivery (or synchronous) to the NE, NMS needs to check if the communication state of each network element recovery. 在本发明中可以采用下述两种方法进行检测:(一)NMS定期轮询每个网元来检测它们是否在线;(二)网元启动或重启成功后发送trap NERestart(关于trap NERestart将在下文描述)给NMS,用于通知NMS该网元已经在线。 In the present invention, the following two methods may be employed for detecting :( a) the NMS periodically polls each network element to detect whether they are online; transmission (2) After a successful start or restart NE trap NERestart (in the trap NERestart on described below) to the NMS, the NMS to inform the network element currently online.

其次,当NMS检测到网元恢复通信或者是NMS需要向某个网元发送SNMP Set请求时,NMS需要检查该网元的密钥状态,并且在需要的情况下与网元进行"密钥同步",其处理流程包括:(l)NMS检查该网元的密钥状态,用以确定密钥是否已经被传递给该网元或者密钥是否被修改,(2)若该网元的密钥状态为KeyMatched,则表示密钥匹配;若该网元的密钥状态为w池outKey,则NMS将通过SFTP(secured FTP:安全文件传输协议)方式将密钥文件传递给该网元并且将该网元的密钥状态修改为KeyMatched并将当前使用的密钥设置为latestKey;如果该网元的密钥状态为keyMismatched,则NMS将通过SFTP方式将密钥文件传递给该网元,并通过SNMP Set请求通知该网元更新密钥,同时将网元的密钥状态修改为KeyMatched、将网元当前使用的密钥设置为latestKey。 Secondly, when the network element detects NMS or resume communication NMS SNMP Set request needs to be sent to a network element, the NMS need to check the status of key network element, NE and with the needs in the case of "key synchronization ", which is a process flow comprising: (l) NMS checks the key state of the network element, to determine whether a key has been transmitted to the network element or whether the key is modified, (2) if the key network element state keyMatched, said keys match; if the key state is NE w pool outKey, the NMS through SFTP (secured FTP: file transfer protocol security) to pass the key file to the network element and the way NE KeyMatched modifying the key state and the key provided to the latestKey currently used; if the key state of the network element is the keyMismatched, the NMS delivering the key file to SFTP mode by the network element, and via SNMP set request notice key update the network element, the network element at the same time modifying the key state keyMatched, the key is provided NEs currently used latestKey.

图3是表示NMS中SNMP Get请求以及SNMP响应的处理流程图。 FIG 3 is a flowchart showing the processing in the NMS SNMP SNMP Get request and response. NMS利用SNMP Get请求与网元通讯以获取网元的当前信息,其处理SNMP Get请求以及SNMP的响应的流程如图3所示:(l)NMS应用层发送查询请求给NMS通信层; (2)NMS通讯层检查要通讯的网元是否在线,如果该网元处于离线状态,NMS通讯层将返回"失败,,给NMS应用层;(3)如果该网元在线,NMS通讯层根椐乂人NMS应用层发送来的查询请求生成SNMP Get请求,NMS通讯层将生成的SNMP Get发送给网元,NMS通讯层接收网元发送来的SNMP响应,NMS通讯层将乂人网元查询到的结果返回NMS应用层。如此,通过从NMS侧向网元发送SNMP Get 请求,以与网元进行通讯,由此,在NMS侧能够获取网元的当前信息。 NMS using SNMP Get request for communication with the network element NE to obtain the current information, which processes SNMP Get request and response process shown in Figure 3 of SNMP: (l) NMS application layer to send a query request to the NMS communication layer; (2 ) NMS communication layer to check whether the communication line of the network element, if the network element is offline, NMS communication layer will return a "fail ,, to the NMS application layer; (3) if the network element line, NMS communication layer noted in qe human NMS query request application layer transmitted generates SNMP Get request, NMS communication layer generated SNMP Get sent to the NE, NMS communication layer receives SNMP responses NE transmitted, NMS communication layer qe human NE queries to results returned NMS application layer. thus, by sending a SNMP Get request from the NMS side network element to communicate with the network element, whereby, in the NMS side can obtain current information NE.

图4是表示NMS中SNMP Set请求的处理流程图。 FIG 4 is a flowchart showing the processing in the NMS SNMP Set request. SNMP Set请求是用于完成对网元的控制/配置操作的请求。 SNMP Set request is a request for performing control of NE / configuration operation. 在本发明中为了提高网络管理的安全性,对SNMP Set请求进行加密。 In order to improve the security of network management, SNMP Set request to encrypt the present invention. 处理SNMP Set请求的具体流程如图4所示:(l)NMS 应用层根据发送网元控制/配置请求给NMS通讯层;(2)NMS通讯层检查要通讯的网元是否在线;(3)如果该网元处于离线状态,NMS通讯层将返回"失败"给NMS 应用层;如果该网元在线,其处理流程如下: DETAILED SNMP Set request processing flow shown in Figure 4: (l) NMS application layer / layer configuration request to the NMS communication control network element according to the transmission; network (2) communication layer NMS checks whether the cell to the communication line; (3) If the network element is offline, NMS communication layer returns "failure" to the NMS application layer; if the network element line, which process is as follows:

(a) NMS通讯层检查该网元的密钥状态;如果其密钥状态为withoutKey或 (A) NMS checks the key state of the transport layer of the network element; if it is the key state or withoutKey

keyMismatched, NMS需要与网元进行"密钥同步"(该"密钥同步"流程请参见上文的描述); keyMismatched, NMS need for "sync key" (the "sync key" See procedure described above) and the network element;

(b) NMS通讯层根据从NMS应用层来的控制/配置请求生成SNMP Set请求; (B) layer NMS communication request generating SNMP Set request from the control layer NMS application / configuration;

(c) NMS通讯层使用该网元当前使用的密钥加密对SNMP Set请求进行加密; (C) NMS communication layer using the encryption key currently used by the network element for encrypting SNMP Set request;

(d) NMS通讯层将加密后的SNMP Set请求发送给网元; After (d) NMS to encrypted communication layer SNMP Set request to the NE;

(e) NMS通讯层4妄收网元发送来的SNMP响应; (E) NMS layer 4 correspond to jump to the network element received SNMP response;

(f) NMS通讯层将网元返回的控制/配置结果返回给NMS应用层;其中,作为对SNMP Set请求进行加密的方法,不限定于某种特定的加密算法,可以使用任意一种加密算法对其进行加密,例如AES(Advanced Encryption Standard,高级加密标准)、DES(Data Encryption Standard, lt据加密标准)、 RSA(Rivest Shamir Adelman)等等。 (F) NMS communication layer network element returns control / configuration result to the NMS application layer; wherein, as a method for encrypting the SNMP Set request is not limited to a particular encryption algorithm, an encryption algorithm may be any encrypt, e.g. AES (advanced encryption standard, advanced encryption standard), DES (data encryption standard, lt according encryption standard), RSA (Rivest Shamir Adelman) and the like.

如果^L管网元发生故障或异常的情况下,该网元会发送SNMP trap给NMS 。 If the event of failure or abnormality occurs ^ L network element, the network element sends the SNMP trap to the NMS. 图5是表示NMS中的SNMP Trap的处理流程图。 FIG 5 is a flowchart showing the processing of the NMS SNMP Trap. 如图5所示,SNMP Trap的处理流程如下:其中,若在网元发生故障的情况下,包含下述步骤: 5, SNMP Trap process is as follows: wherein, if in case of failure of a network element, comprising the steps of:

(1 )网元发送SNMP trap给NMS; (1) NE to send SNMP trap the NMS;

(2) NMS判断该trap的类型; (2) NMS determines the type of the trap;

(3 )若该trap为NERestart,则NMS检查该网元的密钥状态,并在需要的情况下进行密钥同步,即:若该网元的密钥状态为keyMatched,则表示网元密钥与NMS匹配;若该网元的密钥状态为withoutKey,则NMS将通过SFTP方式将密钥文件传递给该网元,将网元的密钥状态修改为keyMatched并且将当前使用的密钥设置为latestKey;如果该网元的密钥状态为keyMismatched,则NMS将通过SFTP方式将密钥文件传递给该网元,并利用加密的SNMP Set请求通知该网元更新密钥,同时将网元的密钥状态修改为keyMatched并且将网元当前使用的密钥设置为latestKey。 (3) if the trap is NERestart, NMS checks the key state of the network element, and key synchronization in case of need, that is: if the key state of the network element is the keyMatched, it indicates that the key NE matches with the NMS; if the key state of the network element is the withoutKey, the NMS delivering the key file to SFTP mode by the network element, the network element keyMatched modifying the key state and the key used to set the current the latestKey; if the key state of the network element is the keyMismatched, the NMS delivering to the NE SFTP mode key file, encrypted using SNMP Set request notice key update the network element, the network element while adhesion key and updates the status to the NE keyMatched key used to latestKey.

(4 )若该trap为NERequestKeylnfo,则NMS通过SFTP方式将密钥文件传递给网元,并且NMS将该网元的密钥状态从withoutKey修改成keyMatched,同时将该网元当前使用的密钥设置为latestKey。 (4) If the trap is NERequestKeylnfo, the NMS by SFTP mode key file is passed to the network element, the NMS and the network element to modify the key state from the withoutKey keyMatched, while the network element is provided using the current key as latestKey.

其他类型的trap的处理与现有技术相同。 trap handling other types of prior art the same. 当操作员创建新网元时,需要将密钥文件从NMS传递到新传创建的网元。 When the operator to create a new network element, the key file needs to be transferred from the NMS to NE New Biography created. 图6是表示NMS中创建新网元的处理流程图。 FIG 6 is a flowchart showing the processing to create a new network element of the NMS. 如图6所示,NMS中创建新网元的处理流程如下: 6, create a new cell in the NMS process is as follows:

(1) 用户在NMS上创建一个新网元; (1) The user creates a new network element in the NMS;

(2 ) NMS将该网元的密钥状态修改为withoutKey; (2) NMS key state of the network element to modify the withoutKey;

(3) NMS检测该网元是否在线; (3) NMS line detecting whether the network element;

(4) 如果该网元在线,NMS通过SFTP方式将密钥文件传递给网元,并且将该网元的密钥状态从withoutKey修改成keyMatched、将该网元的当前使用的密钥设置为latestKey。 (4) If the network element line, passes through the NMS SFTP mode key file to the network element, and that modifications to keyMatched withoutKey from the key state of the network element, the network element currently used key setting latestKey .

为了进一步保证该网络系统的安全性,操作员可以定期修改密钥,从而可靠地保证SNMP Set请求不被篡改或模拟。 To further ensure security of the network system, the operator can modify the key periodically, thereby reliably ensured SNMP Set request is not tampered with or simulated.

图7是表示在NMS中修改密钥的处理流程图。 7 is a process flow diagram of a key modification in the NMS. 如图7所示,修改密钥的处理流程如下: 7, the key modification process is as follows:

(1 ) 操作员使用NMS客户端触发NMS修改密钥; (2 ) NMS生成新的密钥并将它赋值给latestKey; (1) The operator uses the NMS client trigger key modification NMS; (2) generating a new key NMS and assign it to the latestKey;

(3) NMS根据新生成的密钥生成新的密钥文件; (3) NMS generating a new key file newly generated according to the key;

(4) NMS尝试与每个^皮管网元进行通讯,更新网元侧的密钥文件和密钥。 (4) NMS trying to communicate with each network element transdermal ^, key files and key more new cell side.

对于每个网元,其更新密钥文件和密钥的流程如下:(a)如果该网元在线, NMS通过SFTP方式将密钥文件传递给该网元,并通过SNMP Set请求通知该网元更新密钥,该SNMP Set请求将用记录在该网元currentKey中的旧的密钥进4亍加密,并将该网元的密钥状态修改给keyMatched,同时将该网元当前使用的密钥设置为latestKey; (b)如果该网元处于离线状态且其密钥状态为keyMatched, NMS 则将其密钥状态修改为keyMismatched,否则NMS不做任何处理。 For each network element, which is key files and key update process is as follows: (a) if the network element line, passes through the NMS SFTP mode key file to the network element, and notify the network through SNMP Set Request Element rekeying, SNMP Set request the old key in the network element 4 into the right foot currentKey encrypted recording, and to modify the state of the network element to the keyMatched key, while the key used for the NE set latestKey; (b) if the network element is offline and which key state is keyMatched, NMS modifying the key state which will keyMismatched, NMS or no treatment.

由于加密和解密是对应存在的,因此,在如上所述加入了加密才儿制之后,网元代理(NMS Agent)处理流程需要做相应的修改,修改后的流程如下: Since encryption and decryption after corresponding exist, therefore, as described above was added to the child encryption system, the network element proxy (NMS Agent) requires a processing flow modified accordingly, after the modification process are as follows:

(1) 网元代理启动并进4亍相应的初始化; (1) NE hand Agent starts initialization 4 respective right foot;

(2 ) 网元代理发送trap NERestart给NMS; (2) Send trap NERestart NE to the NMS;

(3) 网元代理将自己的状态标识为"没有密钥"; (3) NE agent own state identified as "no key";

(4) 网元代理进入如下循环:(a)如果网元代理的状态为"没有密钥", 它将定期检查NMS是否将密钥文件传递过来;如果本地已有密钥文件,它将从密钥文件中读取密钥,并将自己的状态标识为"已有密钥,,;(b)如果网元侧的代理方的状态为"没有密钥",它将定期发送trap NERequestKeylnfo向NMS请求密钥;(c)接收并处理从NMS来的SNMP请求:(cl)如果该PDU(Protocol Data Unit, 协议数据单元)为SNMP Get请求,由于SNMP Get请求和SNMP响应都不加密, 其处理与未引入加密方案的现有技术相同;(c2)如果该PDU为加密的SNMP Set 请求,且网元代理的状态为"已有密钥,,,它将解密接收到的SNMP PDU, 同时检查该SNMP Set请求是否是NMS触发其修改密钥的请求,如果是触发其修改密钥的请求情况下,网元代理将从NMS传递过来的密钥文件中读取最新的密钥; 否则该SNMP Set请求的处理与没有 (4) NE agent into the loop as follows: (a) If the NE agent's status is "no key", it will periodically check NMS will pass over key file; if the presence of a local key file, it will be from reads the key file key, and its state is identified as "key has been ,,; (b) if the status of the NE agent is" no key ", it sends periodically to trap NERequestKeylnfo NMS request key; (c) receiving and processing the SNMP request from the NMS: (cl) if the PDU (protocol data unit, PDU) for the SNMP Get request, since the SNMP Get request and unencrypted SNMP response, which the same as the prior art does not deal with the introduction of the encryption scheme; (C2) if the PDU is encrypted SNMP Set request and the NE agent's status is ",,, it has the key to decrypt the received the SNMP PDU, while the SNMP Set request to check whether the NMS triggers its request to modify the key, if it is the case that triggered the request to modify the key, the network element agent from the NMS passed over key file to read the latest key; otherwise processing and no SNMP Set request 入加密方案的现有技术相同;如果网元代理的状态为"没有密钥",它将丟弃接收到的SNMP Set请求而不做任何处理, 因为它没有密钥来解密该SNMP PDU; (d)网元代理管理所有的本地被管资源,如果出现故障或异常,它将发送SNMPtrap给NMS,其处理与没有引入加密方案的 Into the same encryption scheme prior art; if the status of the network element proxy is "No key", it discards the received SNMP Set request without any treatment, because it does not have the key to decrypt the SNMP PDU; ( d) NE local agent manages all managed resources, if a fault or exception occurs, it SNMPtrap sent to the NMS, which handles encryption scheme is not introduced

现有技术相同。 The same as in the prior art.

如上所述,通过对SNMP Set请求进行加密,能够保护被管理的网络不会通过SNMP Set请求而受到攻击,从而有效确保安全性。 As mentioned above, by encrypting SNMP Set request, to protect the network will not be managed by SNMP Set request under attack, so as to effectively ensure security.

又,如上所述,密钥是通过SFTP方式传递到网元侧,由此,能够确保传递密钥的过程中的安全性。 Further, as described above, the key is transmitted to the NE through SFTP mode, whereby safety can be ensured in the key transmission process.

又,如上所述,在本发明中,操作员可以通过定期修改密钥从而进一步l呆证SNMP Set请求不被轻易模拟或篡改,由此,能够进一步提高安全性。 Further, as described above, in the present invention, the operator can further modify the key periodically l stay permit SNMP Set request is not easily simulated tampering, it makes it possible to further improve the safety.

以上,参照附图对本发明的具体实施方式作了具体描述,然而,本领域中的普通技术人员应当理解,在不偏离本发明的精神和由权利要求书所限定的保护范围的情况下,本领域中的普通技术人员还可以对具体实施方式中所给出的情况作各种修改。 Reference to the drawings made a detailed description of specific embodiments of the present invention, however, one of ordinary skill in the art will appreciate that, without departing from the spirit of the invention and scope as defined by the claims of the present one of ordinary skill in the art that various modifications may also be a case where the specific embodiments set forth. 因此,参照上述附图对本发明所作的具体实施方式描述不应当被看作是对本发明的限定。 Thus, referring to the accompanying drawings of embodiments of the present invention are described should not be taken as limiting the present invention.

Claims (12)

1.一种基于SNMP的网络管理方法,基于SNMP在NMS与多个网元之间进行网络管理,其特征在于,包含下述步骤: (a)NMS启动并进行初始化; (b)NMS检测网元的通讯状态以及密钥状态以确定是否需要与网元进行密钥同步; (c)NMS生成用于查询网元当前信息的SNMP Get请求并发送至网元,网元返回包含查询到的网元当前信息的SNMP响应; (d)NMS生成用于控制/配置网元的SNMP Set请求,并将生成的SNMP Set请求加密后发送至网元,网元返回包含控制/配置结果的SNMP响应。 An SNMP-based network management, SNMP based network management between a plurality of network elements and NMS, which comprising the steps of: (a) NMS starts and initializes; (B) detecting NMS Network element communication state and the key state to determine the need for key synchronization with the network element; (c) NMS generates queries the NE SNMP Get request and transmits information to the network element, the network element returns a query to the network current SNMP response information element; (d) NMS generates a control / configuration SNMP Set request to the network element, the network element transmits to the post and the generated encrypted SNMP Set request, the NE returns SNMP response comprises control / configuration results.
2. 如权利要求1所述的基于SNMP的网络管理方法,其特征在于, 上述步骤(a)包括:(al)刚S启动的步骤;(a2)NMS从密钥文件中读取密钥并将该密钥赋值给用于记录NMS中的最新密钥的IatestKey。 2. The SNMP-based network management method according to claim 1, wherein said step (a) comprises: (al) to start immediately step S; (a2) NMS read the key from the key file, and the key is assigned to IatestKey latest key NMS is used for recording.
3. 如权利要求1所述的基于SNMP的网络管理方法,其特征在于, 上述步骤(b)中包含:通讯状态检测步骤和密钥状态检测步骤,其中,定义网元的密钥状态为withoutKey、或keyMatched、或keyMismatched中的l壬意之一,在所述密钥状态检测步骤中,若^r测到该网元的密钥状态为keyMatched,则表示网元密钥与NMS匹配;若检测到该网元的密钥状态为withoutKey,则NMS 通过简单文件传送协议方式将密钥文件传递给该网元,将网元的密钥状态修改为keyMatched并且将网元当前使用的密钥设置为latestKey;若检测到该网元的密钥状态为keyMismatched,则NMS将通过简单文件传送协议方式将密钥文件传递给i亥网斤j ,在步骤(d)中利用加密后SNMP Set请求通知该网元更新密钥,同时将网元的密钥状态修改为keyMatched并且将网元当前使用的密钥设置为latestKey。 3. The SNMP-based network management method according to claim 1, wherein said step (b), comprising: a communication state detecting step and a key state detecting step, wherein the network element is defined as a state key withoutKey , the keyMatched, or one or keyMismatched l of nonyl intended, in the key state detecting step, if the key state ^ r measured is the keyMatched the network element, the network element indicates the key matches with the NMS; if the key state is detected for the withoutKey the network element, the NMS transport protocol manner through simple file transfer key file to the network element, the network element keyMatched modifying the key state and the network element currently used key setting is the latestKey; key if the detected state of the network element is keyMismatched, the NMS delivering simple way file transfer protocol network key file to Hai pounds i j, the use of encryption in step (d), SNMP Set request notification the key updating network element, the network element at the same time modifying the key state keyMatched NE and the key currently used latestKey.
4. 如权利要求3所述的基于SNMP的网络管理方法,其特征在于, 其中,利用网元中的旧密钥对所述SNMP Set请求进行加密。 4. The SNMP-based network management method according to claim 3, characterized in that, wherein the network element using the old key encrypted SNMP Set request.
5. 如权利要求1所述的基于SNMP的网络管理方法,其特征在于, 上述步骤(c)中包含下述步骤:(cl)NMS判断网元是否在线;(c2)如果网元在线,NMS生成SNMP Get请求;(c3)NMS将生成的SNMP Get请求发送给网元; (c4)NMS接收网元发送来的SNMP响应。 5. The SNMP-based network management method according to claim 1, wherein said step (c), comprising the steps of: (cl) NMS is determined whether NE line; (C2) if the network element line, the NMS generating SNMP Get request; (c3) NMS generated SNMP Get request is sent to the NE; (c4) NMS receives SNMP responses sent by the network element.
6. 如权利要求1所述的基于SNMP的网络管理方法,其特征在于,上述步骤(d) 中包含下述步骤:(dl)NMS判断网元是否在线;(d2)NMS按照控制/配置请求生成SNMP Set请求;(d3)NMS利用该网元当前使用的密钥加密SNMP Set请求,并且将加密后的SNMP Set请求发送给网元;(d4)NMS从该网元获得包含控制/配置结果的SNMP响应。 (D2) NMS according to the control / configuration request; (dl) NMS is determined whether NE online: as claimed SNMP network management method based on claim 1 wherein said step (d), comprising the steps of claim generating SNMP Set request; (d3) NMS network element by using the current encryption key used SNMP Set request, and encrypted SNMP Set request to the NE; (d4) NMS results obtained contains control / configuration from the network element the SNMP responses.
7. 如权利要求6所述的基于SNMP的网络管理方法,其特征在于, 在上述步骤(b)中,若该网元的密钥状态为keyMatched,则表示网元密钥与NMS匹配;若该网元的密钥状态为withoutKey,则NMS通过简单文件传送协议方式将密钥文件传递给该网元,将网元的密钥状态修改为keyMatched并且将网元当前使用的密钥设置为latestKey;如果该网元的密钥状态为key Mismatched,则NMS将通过简单文件传送协议方式将密钥文件传递给该网元,-并在步骤(d2)中利用加密的SNMP Set请求通知该网元更新密钥,同时将网元的密钥状态修改为keyMatched并且将网元当前^f吏用的密钥i殳置为latestKey。 As claimed in claim SNMP network management method based on claim 6 wherein, in step (b), if the network element is the key state of the keyMatched, it indicates the network element matches with the NMS key; if the key state of the network element is the withoutKey, the transport protocol NMS manner through simple file transfer key file to the network element, the network element keyMatched modifying the key state and the NE is set to the currently used key latestKey ; If the key state of the network element is key Mismatched, the NMS delivering the key file to the network element by way of a simple file transfer protocol, - and using encrypted SNMP Set request to inform the network in step (d2) meta updating key, while the network element keyMatched modifying the key state and the NE ^ f i Shu officials with key set latestKey.
8. 如权利要求1所述的基于SNMP的网络管理方法,其特征在于, 若在网元发生故障的情况下,包含下述步骤:(I ) 网元发送SNMP trap给NMS; (11) NMS判断该trap的类型;(111 )若该trap为NERestart,则NMS检查该网元的密钥状态,并在需要的情况下进行密钥同步:若该网元的密钥状态为keyMatched,则表示网元密钥与NMS匹配;若该网元的密钥状态为withoutKey,则NMS将通过简单文件传送协议方式将密钥文件传递给该网元,将网元的密钥状态修改为keyMatched并且将网元当前使用的密钥设置为latestKey;如果该网元的密钥状态为keyMismatched, 则NMS将通过简单文件传送协议方式将密钥文件传递给该网元,并利用加密的SNMP Set请求通知该网元更新密钥,同时将网元的密钥状态修改为keyMatched 并旦将网元当前使用的密钥设置为1 ate stKey;(IV )若该tr叩为NERequestKeylnfo,则NMS通过简单文件传送协议方式将密 8. SNMP network management method based on claim 1 characterized in that, in the case if the network element failure, comprising the steps of claim: (I) to a network element sends SNMP trap NMS; (11) NMS determining the type of the trap; (111) if the trap is NERestart, NMS checks the key state of the network element, and in the case of key synchronization needed: if the network element is the keyMatched key state, said NE key matches with the NMS; if the network element is the key state of the withoutKey, the NMS delivering simple file transfer protocol mode key file to the network element, the network element modifying the key state and keyMatched NE key currently used by the latestKey; if the key state of the network element is the keyMismatched, the NMS to transmit the agreement document transmitted by a simple key file to the network element, encrypted using the SNMP set request notification NE key update, the network element while modifying the key state keyMatched denier and keys used by the NE is set to 1 ate stKey; (IV) if the knock is tr NERequestKeylnfo, through the NMS Trivial file transfer protocol tight manner 钥文件传递给网元,并且NMS将该网元的密钥状态从withoutKey修改成keyMatched,同时将该网元当前使用的密钥设置为latestKey。 Key file is transmitted to the NE and NMS modified to keyMatched withoutKey from the key state of the network element, while the key NE currently used latestKey.
9. 如权利要求1所述的基于SNMP的网络管理方法,其特征在于, 在NMS上创建一个新网元的情况下,包含下述步骤:NMS将该网元的密钥状态修改为withoutKey;NMS检测该网元是否在线,若该网元在线,NMS将通过简单文件传送协议方式将密钥文件传递给该网元,并且将该网元的密钥状态从withoutKey修改为keyMatched,同时将该网元当前使用的密钥设置为latestKey。 SNMP network management method based on claim 1 characterized in that, in the NMS creates a new cell case, comprising the steps of claim 9: NMS modify the key state of the network element is the withoutKey; detecting whether the NE NMS line, if the online network element, the NMS will be transferred through the Trivial file transfer protocol mode key file to the network element, the network element and the key state is modified from the keyMatched withoutKey, while the key NE currently used as latestKey.
10. 如权利要求1所述的基于SNMP的网络管理方法,其特征在于, 若从NMS侧修改网元侧密钥的情况下,包含下述步骤:(J)NMS生成新的密钥并将它赋值给latestKey;(il)NMS根据新生成的密钥生成新的密钥文件;(III)NMS与网元进行通讯,更新网元侧的密钥文件和密钥。 (J) generates a new key and NMS: SNMP network management method based on claim 1 characterized in that, in the case when the modified side NMS NE key, comprising the steps as claimed in claim 10 it is assigned to latestKey; (il) NMS generating a new key file newly generated according to the key; (III) NMS communication, the key file and the key side and more new NE NE.
11. 如权利要求IO所述的基于SNMP的网络管理方法,其特征在于, 上述步骤(III)中,如果该网元在线,NMS将通过简单文件传送协议方式将密钥文件传递给该网元,并利用加密后的SNMP Set请求通知该网元更新密钥,同时,将该网元的密钥状态修改为keyMatched,并且将该网元当前使用的密钥设置为latestKey;如菜该网元处于离线状态且其密钥状态为keyMatched, NMS则将其密钥状态修改为keyMismatched。 IO 11. The method of claim SNMP based network management, wherein the step (III), if the online network element, the NMS passes the key file to the network by way of a simple file transfer protocol element after encryption using the SNMP set request notice key update the network element, while the network element the keyMatched modifying the key state, and the network element using the current key to set the latestKey; vegetables such as the NE offline and which key state is keyMatched, NMS modifying the key state which will keyMismatched.
12. 如权利要求I所述的基于SNMP的网络管理方法,其特征在于, 其中,利用网元中的旧密钥对所述SNMP Set请求进行加密。 12. I claim SNMP based network management, wherein, wherein the network element using the old key encrypted SNMP Set request.
CN 200610107903 2006-07-24 2006-07-24 Network managing method based on SNMP CN100426753C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200610107903 CN100426753C (en) 2006-07-24 2006-07-24 Network managing method based on SNMP

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200610107903 CN100426753C (en) 2006-07-24 2006-07-24 Network managing method based on SNMP
PCT/IB2007/052925 WO2008012759A2 (en) 2006-07-24 2007-07-23 A network management method based on snmp

Publications (2)

Publication Number Publication Date
CN1901478A CN1901478A (en) 2007-01-24
CN100426753C true CN100426753C (en) 2008-10-15

Family

ID=37657228

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200610107903 CN100426753C (en) 2006-07-24 2006-07-24 Network managing method based on SNMP

Country Status (2)

Country Link
CN (1) CN100426753C (en)
WO (1) WO2008012759A2 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100544291C (en) 2007-07-03 2009-09-23 中兴通讯股份有限公司 SNMP interface based equipment arrangement testing approach and device
CN100581116C (en) 2007-09-14 2010-01-13 西安西电捷通无线网络通信有限公司 Method for managing trusted network
CN101420338B (en) * 2007-10-26 2012-07-04 华为技术有限公司 Information enquiry method, apparatus and system in PCC architecture
JP4974848B2 (en) 2007-10-30 2012-07-11 キヤノン株式会社 Network management device, a network management method, and a program for executing a network management method
CN101242306B (en) 2008-02-28 2012-10-03 成都市华为赛门铁克科技有限公司 Method, system, device and server for automatic discovery of network device
CN101800664B (en) 2010-02-25 2012-05-02 迈普通信技术股份有限公司 Mutual exclusion access method based on SNMP and system and member equipment
US9492741B2 (en) 2013-05-22 2016-11-15 Microsoft Technology Licensing, Llc Wireless gaming protocol

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6044468A (en) 1997-08-25 2000-03-28 Emc Corporation Secure transmission using an ordinarily insecure network communication protocol such as SNMP
CN1385020A (en) 1999-09-28 2002-12-11 汤姆森特许公司 System and method for intializing simple network management protocol (SNMP) agent
CN1384642A (en) 2001-04-29 2002-12-11 华为技术有限公司 Method of adding subscriber's security confirmation to simple network management protocol
CN1725701A (en) 2004-07-22 2006-01-25 华为技术有限公司 Method for implementing terminal management in network equipment
CN1771691A (en) 2003-05-29 2006-05-10 意大利电信股份公司 Method, system and computer program for the secured management of network devices

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0222549D0 (en) * 2002-09-30 2002-11-06 Marconi Comm Ltd Monitoring telecommunication network elements
KR20040061302A (en) * 2002-12-30 2004-07-07 유티스타콤코리아 유한회사 METHOD FOR FILTERING PMA SYSTEM IN CDMA 2000 1x HPDN
KR100638589B1 (en) * 2003-12-26 2006-10-26 삼성전자주식회사 Method of base station restarting on HPi system
KR100667698B1 (en) * 2004-09-09 2007-01-12 삼성전자주식회사 Administrator command authentication apparatus of high-speed internet network and thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6044468A (en) 1997-08-25 2000-03-28 Emc Corporation Secure transmission using an ordinarily insecure network communication protocol such as SNMP
CN1385020A (en) 1999-09-28 2002-12-11 汤姆森特许公司 System and method for intializing simple network management protocol (SNMP) agent
CN1384642A (en) 2001-04-29 2002-12-11 华为技术有限公司 Method of adding subscriber's security confirmation to simple network management protocol
CN1771691A (en) 2003-05-29 2006-05-10 意大利电信股份公司 Method, system and computer program for the secured management of network devices
CN1725701A (en) 2004-07-22 2006-01-25 华为技术有限公司 Method for implementing terminal management in network equipment

Also Published As

Publication number Publication date
WO2008012759A3 (en) 2008-04-03
CN1901478A (en) 2007-01-24
WO2008012759A2 (en) 2008-01-31

Similar Documents

Publication Publication Date Title
Yan et al. Tesseract: A 4D Network Control Plane.
US7421578B1 (en) Method and apparatus for electing a leader node in a computer network
US9166782B2 (en) Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks
CN101283539B (en) Network Security Appliance
US6175917B1 (en) Method and apparatus for swapping a computer operating system
US9438592B1 (en) System and method for providing unified transport and security protocols
US20040123159A1 (en) Proxy method and system for secure wireless administration of managed entities
US20060031407A1 (en) System and method for remote network access
JP4159328B2 (en) Network, IPsec setting server apparatus, IPsec processing apparatus and IPsec setting method used therefor
CN100367699C (en) Method and device for identification in passive optical ether network
Ylonen SSH–secure login connections over the Internet
US20050267954A1 (en) System and methods for providing network quarantine
Blaze et al. Trust management for IPsec
CN100539550C (en) Information communication system, information communication apparatus and method
US7171467B2 (en) Out-of-band remote management station
Arregoces et al. Data center fundamentals
EP1133132B1 (en) Method to perfom end-to-end authentication, and related customer premises network termination and access network server
US5822434A (en) Scheme to allow two computers on a network to upgrade from a non-secured to a secured session
US9461969B2 (en) Migration of complex applications within a hybrid cloud environment
Dawson et al. SKMA: a key management architecture for SCADA systems
JP5965478B2 (en) System and method for authenticating components in a network
EP1501256B1 (en) System and method for automatic negotiation of a security protocol
US8510549B2 (en) Transmission of packet data over a network with security protocol
JP5460056B2 (en) Method and system for managing security keys in a wireless network
CN105027493B (en) Secure mobile applications connecting bus

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model
EXPY Termination of patent right or utility model