CN101917336B - Switching router searching method in data link layer safety communications - Google Patents
Switching router searching method in data link layer safety communications Download PDFInfo
- Publication number
- CN101917336B CN101917336B CN2010102513206A CN201010251320A CN101917336B CN 101917336 B CN101917336 B CN 101917336B CN 2010102513206 A CN2010102513206 A CN 2010102513206A CN 201010251320 A CN201010251320 A CN 201010251320A CN 101917336 B CN101917336 B CN 101917336B
- Authority
- CN
- China
- Prior art keywords
- node
- destination
- source
- switching equipment
- exchange routing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a switching router searching method in network security communications, which can be compatible with common switching equipment and TLSec switching equipment. The method comprises the following steps of: (1) requesting switching router searching; (2) responding the switching router searching. The invention provides a method for acquiring switching router information for secret data communications in a local network. When the common switching equipment and the TLSec switching equipment exist in the local network simultaneously, the identifications of the first TLSec switching equipment and the last TLSec switching equipment passed by a data packet in a link from a source node to a destination node can be effectively acquired. The switching router searching method provides a basis for adopting which secret communication mode in different network topologies.
Description
Technical field
The present invention relates to network safety filed, particularly a kind of can the compatible conventional switching equipment and the secure communication of network of TLSec switching equipment in exchange routing search method.
Background technology
The LAN data link layer security is the great research topic of network service; At present in the world IEEE to have issued data link layer safety IEEE802.1AE standard be Media Access Control (MAC) Security, this standard definition the encryption of data link layer.IEEE802.1AF (in the exploitation) has defined key agreement and the management that is used for 802.1AE.IEEE802.1AR (in the exploitation) has defined the equipment that network is connected with network and how to have differentiated and verified the agreement of identity each other.IEEE802.1AE, IEEE802.1AF and IEEE802.1AR have constituted the new architecture of ethernet network access control.
We study this problem; Overcome and have problems such as man-in-the-middle attack, network design complicacy in the present IEEE802.1AE solution, propose a kind ofly can realize that the local area network (LAN) media interviews of functions such as the list/two-way authentication between user and the network, access control and data secret control safe TLSec (TePA-based LAN MAC Security) method.Specifically the TLSec method comprise based on TePA local area network (LAN) authentication protocol TLA (TePA-based LAN Authentication Protocol) and based on the local area network security communication protocol TLP (TLA-based LAN Privacy Protocol) of TLA agreement.The TLA agreement provides safeguard for the LAN node Lawful access, and the TLP agreement is that secure data communication provides safeguard between the LAN node.
TLSec equipment is meant, has adopted the equipment of TLSec method, promptly on the basis of conventional equipment, has increased the function of identity authentication scheme and encryption and decryption data, can realize internodal secure communication.When TLSec equipment access network, through ternary equity framework, to carry out identity and differentiate, the service that promptly provides through authentication server between requestor and the discriminating access controller is carried out two-way and unidirectional identity and is differentiated.For differentiate successful TLSec equipment can successful access network also can with the TLSec equipment of other access network through the data encryption and decryption is carried out secure communication.It is the TLSec switching equipment that the TLSec method can be used on switching equipment, also can be used on user terminal.Conventional switching equipment does not possess the function of identity authentication scheme and encryption and decryption data.
The TLSec switching equipment can be realized internodal secure communication in the local area network (LAN), and internodal secure communication need realize through the operation of maintaining secrecy, and choosing through this process of exchange routing search of secret mode realizes.The exchange routing search process; Be meant that source node sends the exchange routing search request to destination node and divides into groups; Destination node receives after the exchange routing search request is divided into groups and sends the exchange routing search respond packet to source node that each node receives exchange routing search respond packet, according to the situation of exchange routing search; Select different secure communication modes, thereby information is provided for inter-node secret communication.
When only having conventional switching equipment in the local area network (LAN), because there is not the TLSec switching equipment, so do not need the exchange routing search process.
When only having the TLSec switching equipment in the local area network (LAN); Source node is known the information of self information, destination node information and neighbours TLSec switching equipment; So when structure exchange routing search request was divided into groups, source node, destination node and the flag of leading to first TLSec switching equipment in the link of destination node were known.In exchange routing search request grouping process, the flag of last TLSec switching equipment is unknown all the time.Have only after destination node receives that the exchange routing search request is divided into groups, during structure exchange routing search respond packet, could confirm the information of last TLSec switching equipment.
When having conventional switching equipment and TLSec switching equipment in the local area network (LAN) simultaneously; Source node has a plurality of neighbours TLSec switching equipment; Source node is only known self information and destination node information, because source node can't confirm to lead to the information of first TLSec switching equipment in the link of destination node, so; When source node is asked grouping clearly at the structure exchange routing search, above-mentioned to the method inefficacy that only has the TLSec switching equipment in the local area network (LAN).
Summary of the invention
The problem that the present invention solves is exactly for conventional switching equipment and the simultaneous network of TLSec switching equipment; Exchange routing search method in a kind of data link layer safety communications is proposed; Solve when source node and have obtaining of exchanging routing information under the situation of a plurality of neighbours TLSec switching equipment; Select different secret modes for the various network topological structure foundation is provided, and then accomplish internodal secure communication.
The objective of the invention is to realize through following technical proposals: exchange routing search method in a kind of data link layer safety communications comprises and sends source node Node
Source, destination node Node
Destination, and the packet from the source node to the destination node the switching equipment SW of process, SW comprises conventional switching equipment and TLSec switching equipment.Exchange routing search method may further comprise the steps in the said data link layer safety communications, and is as shown in Figure 1:
1. exchange routing search request process: source node Node
SourceTo destination node Node
DestiantionSending the exchange routing search request divides into groups;
2. exchange routing search response process: destination node Node
DestinationReceive exchange routing search request grouping; Destination node Node
DestinationTo source node Node
SourceSend the exchange routing search respond packet, up to source node Node
SourceReceive the exchange routing search respond packet, whole exchange routing search process is accomplished.
In network; For confirm inter-node secret communication the secret mode that will choose and accomplish internodal secure communication; Just need to initiate the exchange routing search process; Need obtain in the link from the source node to the destination node, packet the sign of first TLSec switching equipment and last TLSec switching equipment of process.
Exchange route definition between node
Transmission source node Node from data
SourceTo destination node Node
DestinationNode between exchanging routing information be defined as a four-tuple:
[ID
Source,ID
Destination,ID
ESWfirst,ID
ESWlast]
Wherein:
ID
Source: the transmission source node Node of expression data
SourceSign, send source node Node
SourceCan be user terminal, also can be the TLSec switching equipment;
ID
Destination: expression destination node Node
DestinationSign, destination node Node
DestinationCan be user terminal, also can be the TLSec switching equipment;
ID
ESWfirst: expression is from sending source node Node
SourceTo destination node Node
DestinationThe sign of first TLSec switching equipment ESWfirst of packet process;
ID
ESWlast: expression is from sending source node Node
SourceTo destination node Node
DestinationThe sign of last TLSec switching equipment ESWlast of packet process;
Unknown field is with " Unknown " expression in the four-tuple.
Transmission source node Node from data
SourceTo destination node Node
DestinationExchanging routing information [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast] corresponding network configuration is referring to Fig. 2, from source node Node
SourceTo destination node Node
DestinationPacket maybe not can in transmission course through middle TLSec switching equipment ESW
m, also maybe be through TLSec switching equipment ESW in the middle of a plurality of
m
Have only transmission source node, first TLSec switching equipment, last TLSec switching equipment and destination node need note in the whole communication process from sending the exchanging routing information of source node to destination node.
1. exchange routing search request process
When obtaining the exchanging routing information from data transmission source node to destination node, the transmission source node structure exchange routing search request grouping of data sends to destination node, and four-tuple is encapsulated in the exchange routing search request grouping.
When the request of source node structure exchange routing search is divided into groups; Only clear and definite self sign and the sign of destination node of source node; And the sign of first TLSec switching equipment from the transmission source node of data to the packet process of destination node and last TLSec switching equipment is unknown; So only fill in source node and two identification fields of destination node of four-tuple; Source node will be constructed good exchange routing search request packet forward and given next switching equipment, after conventional encryption device is received grouping, directly transmit; After each TLSec switching equipment receives grouping; All carry out same operation; Promptly four-tuple is judged that if be used for identifying field the unknown of first TLSec switching equipment in the four-tuple, then the TLSec switching equipment is inserted this field with the sign of self; Simultaneously the sign of self is inserted last field in the four-tuple, transmit then.
Exchange routing search request process flow process is referring to Fig. 3.
Said step concrete implementation 1. is:
1.1) source node structure exchange routing search request grouping, mainly comprising four-tuple in this grouping, said four-tuple comprises ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast, and it is transmitted to next switching equipment;
Wherein:
ID
Soruce: the transmission source node Node of expression data
SourceSign, send source node Node
SoruceCan be user terminal, also can be the TLSec switching equipment;
ID
Destination: expression destination node Node
DestinationSign, destination node Node
DestinationCan be user terminal, also can be the TLSec switching equipment;
ID
ESWfirst: expression is from sending source node Node
SourceTo destination node Node
DestinationFirst TLSec switching equipment ESW of packet process
FirstSign;
ID
ESWlast: expression is from sending source node Node
SourceTo destination node Node
DestinationLast TLSec switching equipment ESW of packet process
LastSign;
Unknown field is with " Unknown " expression in the four-tuple.
1.2) conventional switching equipment receives the exchange routing search request and divide into groups, directly forwarding;
1.3) the TLSec switching equipment receives the exchange routing search request and divide into groups, and judges whether the 3rd field is Unknown in the four-tuple in this groupings, if fill in self identification and arrive this field, and fill in self identification the 4th field in the four-tuple and transmit then; If not, then directly fill in self identification the 4th field in the four-tuple and transmit then;
1.4) destination node receives grouping, and the record four-tuple.
In whole process, in a single day the field of first TLSec switching equipment of sign is determined in the four-tuple, can not become, and the field of last TLSec switching equipment is every all can to change through a TLSec switching equipment and identify.
2. exchange routing search response process
Destination node Node
DestinationAfter receiving that the exchange routing search request is divided into groups, structure exchange routing search respond packet sends to the transmission source node Node of data
Source, four-tuple is encapsulated in the exchange routing search respond packet, and the value of each field of four-tuple was consistent during the value of each field of four-tuple was divided into groups with the exchange routing search request.
During destination node structure exchange routing search respond packet, the quaternary class value that receives is not made amendment, the exchange routing search respond packet that structure is good is transmitted to next switching equipment; After conventional encryption device is received grouping, directly transmit, after each encryption switching equipment receives grouping; All carry out same operation, promptly four-tuple is judged, whether the inspection self identification is in four-tuple; If self identification in four-tuple, is then noted this four-tuple and is transmitted; Otherwise directly transmit.
Exchange routing search response process flow process is referring to Fig. 4.
Said step concrete implementation 2. is:
2.1) destination node structure exchange routing search respond packet, mainly comprising four-tuple in this grouping, said four-tuple comprises ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast, and it is transmitted to next switching equipment;
Wherein:
ID
Source: the transmission source node Node of expression data
SourceSign, send source node Node
SourceCan be user terminal, also can be the TLSec switching equipment;
ID
Destination: expression destination node Node
DestinationSign, destination node Node
DestinationCan be user terminal, also can be the TLSec switching equipment;
ID
ESWfirst: expression is from sending source node Node
SourceTo destination node Node
DestinationFirst TLSec switching equipment ESW of packet process
FirstSign;
ID
ESWlast: expression is from sending source node Node
SourceTo destination node Node
DestinationLast TLSec switching equipment ESW of packet process
LastSign;
Unknown field is with " Unknown " expression in the four-tuple.
The value of four-tuple with destination node receive the exchange routing search request divide into groups in the value of four-tuple, and it is transmitted to next switching equipment;
2.2) conventional switching equipment receives the exchange routing search respond packet, directly transmit;
2.3) the TLSec switching equipment receives grouping, judges self identification whether in four-tuple, if, then write down four-tuple and transmit, otherwise directly forwarding;
2.4) source node receives grouping, and write down this four-tuple.
Exchange routing search comprise above-mentioned 1., 2. two processes, overall process is described as shown in Figure 5.
Exchange routing search overall process shown in Figure 5 is the situation that has the TLSec switching equipment of two above quantity in the link, and other situation are concrete respectively in an embodiment to be introduced.
Advantage of the present invention and good effect are following:
The present invention is the method that the secure communication of data in the local area network (LAN) provides a kind of exchanging routing information to obtain; Make when conventional switching equipment and TLSec switching equipment exist simultaneously in the local area network (LAN); Can effectively obtain in the link from the source node to the destination node, packet the sign of first TLSec switching equipment and last TLSec switching equipment of process.Exchange routing search method is to take which kind of secret mode for the heterogeneous networks topology foundation is provided.Solved when having conventional switching equipment and TLSec switching equipment in the local area network (LAN) simultaneously; Source node has a plurality of neighbours TLSec switching equipment; When the request of structure exchange routing search is divided into groups, can't confirm to lead to the problem of the information of first TLSec switching equipment in the link of destination node.Exchange routing search method of the present invention; Do not need source node to confirm the information of first TLSec switching equipment; But confirm the information of first TLSec switching equipment and last TLSec switching equipment by TLSec switching equipment oneself; And when the exchange routing search request process is accomplished, all information can be clear and definite, promptly destination node is received when the exchange routing search request is divided into groups; Information in the grouping is all clear and definite, and need when the exchange routing search respond packet, just not confirm the information of last TLSec switching equipment.With respect to confirming a part of information at the exchange routing search request process, confirm another part information again at the exchange routing search response process, convenient.
Description of drawings
Fig. 1 is the reciprocal process sketch map of exchange route between node.
Fig. 2 is the exchange routing search schematic network structure.
Fig. 3 is an exchange routing search request process schematic flow sheet.
Fig. 4 is an exchange routing search response process schematic flow sheet.
Fig. 5 is an exchange routing search process sketch map.
Fig. 6 is embodiment 1 an exchange routing search process sketch map.
Fig. 7 is embodiment 2 exchange routing search process sketch mapes.
Fig. 8 is embodiment 3 exchange routing search process sketch mapes.
Embodiment
In order to make those skilled in the art better understand summary of the invention,, content of the present invention is carried out detailed explanation below in conjunction with embodiment and accompanying drawing.
Core concept of the present invention is, when conventional switching equipment and TLSec switching equipment exist simultaneously in the local area network (LAN), and the enforcement of exchange routing search process.
Node Node among the present invention is meant user terminal or TLSec switching equipment ESW.
Embodiment 1:
Present embodiment is directed against when initiating secure communication between node, and the situation of two of existence or above quantity TLSec switching equipment is not done requirement to conventional switching equipment in the link.
Embodiment 1 exchange routing search process specifically realizes referring to Fig. 6, wherein, comprises and sends source node Node
Source, destination node Node
Destination, source node is to first TLSec switching equipment ESW of the packet process of destination node
First, last TLSec switching equipment ESW
Last, middle TLSec switching equipment ESW
mConventional switching equipment CSW can be in communication link any position.
Step 1:
Source node Node
SourceThe request of structure exchange routing search is divided into groups, because source node is known the sign ID of self
SourceWith destination node Nede
DestinationSign ID
Destination, the packet from the source node to the destination node first TLSec switching equipment ESW of process
FirstWith last TLSec switching equipment ESW
LastSign be unknown, with " Unknown " expression, thus the exchange routing search request of structure divide into groups in four-tuple be [ID
Source, ID
Destination, Unknown, Unknown];
Step 2:
Source node Node
SourceThe exchange routing search request of structure is divided into groups to send to switching equipment, and wherein four-tuple is [ID
Source, ID
Destination, Unknown, Unknown];
Step 3:
TLSec switching equipment ESW
FirstReceive the exchange routing search request and divide into groups, wherein four-tuple or [ID
Source, ID
Destination, Unknown, Unknown]; Check that first TLSec switching equipment identification field is Unknown in the four-tuple; Then the sign of self is inserted the field of first TLSec switching equipment of sign in the four-tuple, simultaneously self identification is inserted last field in the four-tuple, at this moment; Four fields in the four-tuple all identify, i.e. [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWfirst];
Step 4:
TLSec switching equipment ESW
FirstThe exchange routing search request is divided into groups to continue to transmit, and wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWfirst];
Step 5:
TLSec switching equipment ESWm receives the exchange routing search request and divides into groups, and wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWfirst], the field of checking first TLSec switching equipment of sign in the quaternary group information is not operated this field not for Unknown, only self identification is inserted the field of last TLSec switching equipment of sign in the four-tuple, and at this moment, four-tuple is [ID
Source, ID
Destination, IDE
ESWfirst, ID
ESWm];
Step 6:
TLSec switching equipment ESW
mThe exchange routing search request is divided into groups to continue to transmit, and wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWm];
Step 7:
TLSec switching equipment ESW
LastReceive the exchange routing search request and divide into groups, wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWm]; The field of checking first TLSec switching equipment of sign in the quaternary group information is not operated this field not for Unknown, just self identification is inserted the field of last TLSec switching equipment of sign in the four-tuple, and at this moment, four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast];
Step 8:
TLSec switching equipment ESW
LastThe exchange routing search request is divided into groups to continue to transmit, and wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast];
Step 9:
Destination node Node
DestinationReceive the exchange routing search request and divide into groups, wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast], the field of recognition purpose and point is ID in the inspection four-tuple
DestinationWhether consistent with self identification, if inconsistent then packet discard, all fields that identify four-tuple this moment are all clear and definite, destination node Node
DestinationRecord four-tuple [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast], whole exchange routing search request process is accomplished.
Step 10:
Destination node Node
DestinationStructure exchange routing search respond packet, the value of each field of four-tuple, i.e. [ID during each field value divides into groups with the exchange routing search request that receives in the four-tuple
Source, ID
Destination, ID
ESWfirst, ID
ESWlast]
Step 11:
Destination node Node
DestinationThe exchange routing search respond packet of structure is sent to switching equipment, and wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast];
Step 12
TLSec switching equipment ESW
LastReceive the exchange routing search respond packet, check four-tuple, self identification ID
ESWlastAt four-tuple [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast] in, so TLSec switching equipment ESW
LastNote this four-tuple;
Step 13:
TLSec switching equipment ESW
LastThe exchange routing search respond packet is continued to transmit, and wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast];
Step 14:
TLSec switching equipment ESW
mReceive the exchange routing search respond packet, check four-tuple, at this moment ESW
mSelf identification ID
ESWmNot at four-tuple [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast] in, so TLSec switching equipment ESW
mDo not revise the exchange routing search respond packet;
Step 15
TLSec switching equipment ESW
mThe exchange routing search respond packet is continued to transmit, and wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast];
Step 16:
TLSec switching equipment ESW
FirstReceive the exchange routing search respond packet, check four-tuple, at this moment ESW
FirstSelf identification ID
ESWfirstAt four-tuple [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast] in, so TLSec switching equipment ESW
FirstNote this four-tuple;
Step 17:
TLSec switching equipment ESW
FirstThe exchange routing search respond packet is continued to transmit, and wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast];
Step 18:
Source node Node
SourceReceive the exchange routing search respond packet, four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWlast], the record quaternary group information, whole exchange routing search response process is accomplished.
Embodiment 2;
Present embodiment is directed against when initiating secure communication between node, only has the situation of a TLSec switching equipment in the link, and conventional switching equipment is not done requirement.Because have only a TLSec switching equipment, so first TLSec switching equipment last TLSec switching equipment just.
Embodiment 2 exchange routing search processes specifically realize referring to Fig. 7, wherein, comprise and send source node Node
Source, destination node Node
Destination, source node is to first TLSee switching equipment ESW of the packet process of destination node
FirstConventional switching equipment CSW can be in communication link any position.
Step 1:
Source node Node
SourceThe request of structure exchange routing search is divided into groups, because source node is known the sign ID of self
SourceWith destination node Node
DestinationSign ID
Destination, the packet from the source node to the destination node first TLSec switching equipment ESW of process
FirstWith last TLSec switching equipment ESW
LastSign be unknown, with " Unknown " expression, thus the exchange routing search request of structure divide into groups in four-tuple be [ID
Source, ID
Destination, Unknown, Unknown];
Step 2:
Source node Node
SourceThe exchange routing search request of structure is divided into groups to send to switching equipment, and wherein four-tuple is [ID
Source, ID
Destination, Unknown, Unknown];
Step 3:
TLSec switching equipment ESW
FirstReceiving the exchange routing search request divides into groups; Check that first TLSec switching equipment identification field is Unknown in the four-tuple; Then the sign of self is inserted the field of first TLSec switching equipment of sign in the four-tuple, simultaneously self identification is inserted last field in the four-tuple, at this moment; Four fields in the four-tuple all identify, i.e. [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWfirst];
Step 4:
TLSec switching equipment ESW
FirstThe exchange routing search request of structure is divided into groups to continue to transmit, and wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWfirst];
Step 5:
Destination node Node
DestinationReceive the exchange routing search request and divide into groups, wherein four-tuple is [ID
Source, ID
Destinationi, ID
ESWfirst, ID
ESWlfirst], the field of sign destination node is ID in the inspection four-tuple
DestinationWhether consistent with self identification, if inconsistent then packet discard, all fields that identify four-tuple this moment are all clear and definite, destination node record four-tuple, and whole exchange routing search request process is accomplished.
Step 6:
Destination node Node
DestinationStructure exchange routing search respond packet, wherein four-tuple [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWfirst] in each field value divide into groups with the exchange routing search request that receives in the value of each field of four-tuple;
Step 7:
Destination node Node
DestinationThe exchange routing search respond packet is sent to switching equipment, and wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWfirst];
Step 8:
TLSec switching equipment ESW
FirstReceive the exchange routing search respond packet, check four-tuple, self identification ID
ESWfirstAt four-tuple [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWfirst] in, so TLSec switching equipment ESW
FirstNote this four-tuple;
Step 9:
TLSec switching equipment ESW
FirstThe exchange routing search respond packet is continued to transmit, and wherein four-tuple is [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWfirst];
Step 10:
Source node Node
SourceReceive the exchange routing search respond packet, record four-tuple [ID
Source, ID
Destination, ID
ESWfirst, ID
ESWfirst], whole exchange routing search response process is accomplished.
Embodiment 3:
Present embodiment is directed against when initiating secure communication between node, does not have the situation of TLSec switching equipment in the link.Because there is not the TLSec switching equipment, so just do not have first TLSec switching equipment and last TLSec switching equipment.
Embodiment 3 exchange routing search request process are specifically realized referring to Fig. 8, wherein, comprise and send source node Node
Source, destination node Node
Destination, source node to the packet of destination node the conventional switching equipment CSW of process.
Step 1:
Source node Node
SourceThe request of structure exchange routing search is divided into groups, because source node is known the sign ID of self
SourceWith destination node Node
DestinationSign ID
Destination, the packet from the source node to the destination node first TLSec switching equipment ESW of process
FirstWith last TLSec switching equipment ESW
LastSign be unknown, with " Unknown " expression, thus the exchange routing search request of structure divide into groups in four-tuple be [ID
Source, ID
Destination, Unknown, Unknown];
Step 2:
Source node Node
SourceThe exchange routing search request of structure is divided into groups to send to switching equipment, and wherein four-tuple is [ID
Source, ID
Destination, Unknown, Unknown];
Step 3:
Conventional switching equipment CSW receives the exchange routing search request and divides into groups, and wherein four-tuple is [ID
Source, ID
Destination, Unknown, Unknown];
Step 4:
Conventional switching equipment CSW divides into groups the exchange routing search request of structure to continue to transmit;
Step 5:
Destination node Node
SourceReceive the exchange routing search request and divide into groups, wherein four-tuple is [ID
Source, ID
Destination, Unknown, Unknown], the field of sign destination node is ID in the inspection four-tuple
DestinationWhether consistent with self identification, if inconsistent then packet discard, destination node record four-tuple, whole exchange routing search request process is accomplished.
Step 6:
Destination node Node
DestinationStructure exchange routing search respond packet, wherein four-tuple [ID
Source, ID
Destination, Unknown, Unknown] in each field value divide into groups with the exchange routing search request that receives in the value of each field of four-tuple;
Step 7:
Destination node Node
DestinationThe exchange routing search respond packet is sent to switching equipment, and wherein four-tuple is [ID
Source, ID
Destination, Unknown, Unknown];
Step 8:
Conventional switching equipment CSW receives the exchange routing search respond packet, and wherein four-tuple is [ID
Source, ID
Destination, Unknown, Unknown];
Step 9:
Conventional switching equipment CSW continues the exchange routing search respond packet to transmit, and wherein four-tuple is [ID
Source, ID
Destination, Unknown, Unknown];
Step 10:
Source node Node
SourceReceive the exchange routing search respond packet, wherein four-tuple is [ID
Source, ID
Destination, Unknown, Unknown], the record quaternary group information, whole exchange routing search response process is accomplished.
More than exchange routing search method in a kind of data link layer safety communications provided by the present invention has been carried out detailed introduction.When conventional switching equipment and TLSec switching equipment coexisted as in the network, the exchange routing search process was accomplished, can be according to the exchange routing search result who obtains, for the inter-node secret communication mode is chosen the information that provides.
Claims (2)
1. exchange routing search method in the data link layer safety communications comprises the transmission source node Node of data
Source, destination node Node
Destination, and the packet from the source node to the destination node the switching equipment SW of process, SW comprises conventional switching equipment and TLSec switching equipment, it is characterized in that: exchange routing search method may further comprise the steps in the described data link layer safety communications:
1. exchange routing search request process: source node Node
SourceTo destination node Node
DestiantionSending the exchange routing search request divides into groups;
2. exchange routing search response process: destination node Node
DestinationTo source node Node
SourceSend the exchange routing search respond packet, up to source node Node
SourceReceive the exchange routing search respond packet, whole exchange routing search process is accomplished,
Transmission source node Node from data
SourceTo destination node Node
DestinationNode between exchanging routing information be defined as a four-tuple that is described below:
[ID
Source,ID
Destination,ID
ESWfirst,ID
ESWlast]
Wherein:
ID
Source: the transmission source node Node of expression data
SourceSign, send source node Node
SourceBe user terminal, or the TLSec switching equipment;
ID
Destination: expression destination node Node
DestinationSign, destination node Node
DestinationBe user terminal, or the TLSec switching equipment;
ID
ESWfirst: expression is from sending source node Node
SourceTo destination node Node
DestinationThe sign of first TLSec switching equipment ESWfirst of packet process;
ID
ESWlast: expression is from sending source node Node
SourceTo destination node Node
DestinationThe sign of last TLSec switching equipment ESWlast of packet process;
Unknown field is represented with " Unknown " in the four-tuple,
The said step 1. concrete performing step of exchange routing search request process is:
1.1) source node structure exchange routing search request grouping, comprising four-tuple in this grouping, said four-tuple comprises [ID
Source, ID
Destination, Unknown, Unknown], and it is transmitted to next switching equipment;
1.2) conventional switching equipment receives the exchange routing search request and divide into groups, directly forwarding;
1.3) the TLSec switching equipment receives the exchange routing search request and divide into groups, and judges whether the 3rd field is Unknown in the four-tuple in this groupings, if fill in self identification and arrive this field, and fill in self identification the 4th field in the four-tuple and transmit then; If not, then directly fill in self identification the 4th field in the four-tuple and transmit then;
1.4) destination node receives exchange routing search request grouping, and the record four-tuple.
2. exchange routing search method in a kind of data link layer safety communications as claimed in claim 1 is characterized in that: the said step 2. concrete performing step of exchange routing search response process is:
2.1) after destination node receives that the exchange routing search request is divided into groups; Destination node structure exchange routing search respond packet; Comprise four-tuple in this grouping; The value of four-tuple is identical with the value that destination node receives four-tuple in the exchange routing search request grouping, and it is transmitted to next switching equipment;
2.2) conventional switching equipment receives the exchange routing search respond packet, directly transmit;
2.3) the TLSec switching equipment receives the exchange routing search respond packet, judges self identification whether in four-tuple, if, then write down four-tuple and transmit, otherwise directly forwarding;
2.4) source node receives the exchange routing search respond packet, and write down this four-tuple.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010102513206A CN101917336B (en) | 2010-08-10 | 2010-08-10 | Switching router searching method in data link layer safety communications |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010102513206A CN101917336B (en) | 2010-08-10 | 2010-08-10 | Switching router searching method in data link layer safety communications |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101917336A CN101917336A (en) | 2010-12-15 |
CN101917336B true CN101917336B (en) | 2012-05-16 |
Family
ID=43324730
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2010102513206A Active CN101917336B (en) | 2010-08-10 | 2010-08-10 | Switching router searching method in data link layer safety communications |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101917336B (en) |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2616587C (en) * | 2005-07-20 | 2017-07-11 | Firetide, Inc. | Route optimization for on-demand routing protocols for mesh networks |
CN100512312C (en) * | 2006-12-18 | 2009-07-08 | 西安西电捷通无线网络通信有限公司 | Ternary structural coordinate access control method |
-
2010
- 2010-08-10 CN CN2010102513206A patent/CN101917336B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN101917336A (en) | 2010-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9461928B2 (en) | LACP negotiation processing method, relay node, and system | |
CN101309273B (en) | Method and device for generating safety alliance | |
CN101286990B (en) | Forwarding method and apparatus of double-layer multicast | |
EP2901630B1 (en) | Method operating in a fixed access network and user equipments | |
CN101741547A (en) | Inter-node secret communication method and system | |
CN101711031B (en) | Portal authenticating method during local forwarding and access controller (AC) | |
CN103621028A (en) | Computer system, controller, and method for controlling network access policy | |
CN101895535B (en) | Network authentication method, device and system for identifying separate mapping network | |
CN106027491B (en) | Separated links formula communication processing method and system based on isolation IP address | |
CN103095508A (en) | Business access method and edge device | |
CN101166093A (en) | An authentication method and system | |
JP4202286B2 (en) | VPN connection control method and system | |
CN101854306B (en) | Exchange routing search method and system | |
CN103401751A (en) | Method and device for establishing IPSEC (Internet Protocol Security) tunnels | |
CN101917336B (en) | Switching router searching method in data link layer safety communications | |
CN101958890B (en) | Method for discovering equipment in safety communication of data link layer | |
CN103945379B (en) | A kind of method that access authentication and data communication are realized in access network | |
CN112491935A (en) | Water wave type broadcasting method and system for block chain | |
TWI254528B (en) | Process for implementing virtual local area networks over communication systems in the electricity network | |
CN110601893B (en) | Data transmission system, method and device | |
CN114710388A (en) | Campus network security architecture and network monitoring system | |
JP2004193842A (en) | Resource reservation method and packet communication system | |
CN109729107A (en) | The method of network entry and relevant device of autonomous cloud in a kind of autonomous networks | |
CN102857918A (en) | Vehicle-mounted communication system | |
US8036218B2 (en) | Technique for achieving connectivity between telecommunication stations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |