CN102065001A - Implementation method and equipment of one-way access control - Google Patents
Implementation method and equipment of one-way access control Download PDFInfo
- Publication number
- CN102065001A CN102065001A CN2009102381952A CN200910238195A CN102065001A CN 102065001 A CN102065001 A CN 102065001A CN 2009102381952 A CN2009102381952 A CN 2009102381952A CN 200910238195 A CN200910238195 A CN 200910238195A CN 102065001 A CN102065001 A CN 102065001A
- Authority
- CN
- China
- Prior art keywords
- vpn
- data message
- message
- information
- prefix information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides implementation method and equipment of one-way access control. The method is used for a network comprising a first VPN (virtual private network) and a second VPN, wherein the safety level of the first VPN is greater than that of the second VPN; an ASPF (application specific packet filter) function is configured on a PE (provider edge) connected with the first VPN in advance, and at least one group attribute value for identifying the second VPN route as the group attribute value of the controlled route is designated. The method comprises the following steps: A, the PE learns the route information, and when the learnt route information contains the designated group attribute value, automatically stores the prefix information contained by the route information; and B, when the PE receives a data message, and if the ASPF function is enabled currently, the PE performs forwarding control on the data message according to the information carried by the received data message and the stored prefix information. By adopting the invention, the configuration can be simplified when solving the information security risk and the network development can be adapted.
Description
Technical field
The present invention relates to network management technology, particularly a kind of implementation method of unidirectional access control and equipment.
Background technology
Not only need the demand of isolating but also need part terminal or server to be exchanged visits in order to solve in the large-scale cross-region enterprise between the different departments, prior art has proposed multi protocol label exchange (MPLS:Multi-Protocol Label Switching) virtual private networks (VPN:Virtual Private Network) technology, be about to the planning of different departments in different VPN, can realize interdepartmental mutual isolation; And independently cook up a shared VPN, the server that is used for carrying out the cooperative cooperating business in each department is placed on shares VPN, afterwards, the route of sharing VPN and the VPN of department is introduced mutually, can be realized interdepartmental exchanging visit by communicating by letter of VPN of each department and shared VPN.So, not only to need can to realize in the enterprise between the different departments demand of isolating but also needing to exchange visits.
As shown in Figure 1, suppose to exist in the enterprise department 1 and department 2, for the mutual isolation between realization department 1 and the department 2, then making department 1 and department 2 be in two different VPN respectively is among VPN1 and the VPN2; Meanwhile, in order to satisfy the exchanging visit demand between two departments, then cook up a shared VPN who is different from VPN1 and VPN2, the server that carries out the cooperative cooperating business in two departments is placed among the shared VPN, and the route that will share VPN and the VPN of each department is introduced mutually, like this, just realized between each department the demand of not only isolating but also can exchange visits.
But, from top Fig. 1 as can be seen, service server in the shared VPN can have access to the terminal among all VPN of department on network level, if these service servers are controlled by the malice wooden horse, to become assailant's springboard, this brings bigger security risk for the information security of enterprise.
In order to solve above-mentioned security risk, prior art provides a kind of unidirectional access control method, as shown in Figure 2, this method mainly comprises: the other hardware firewall of hanging of backbone network edge router (PE) side that is connected with the VPN of department on the MPLS backbone network, and manual the setting shared pairing all prefix informations of VPN on this hardware firewall, here, prefix information specifically can be and shares all network segment addresses that VPN is comprised; In the service operation process, PE adopts the mode of tactful route or static routing that mutual data message between VPN of department and the shared VPN is drawn to hardware firewall, when this hardware firewall is received data message, the type of judging this data message still is at the response message of the request message correspondence that has write down for the active request message, if request message, then when prefix information that this request message carries is present in the pre-configured prefix information, refuse this data message forwarding; If response message then allows this data message forwarding.As can be seen, existing unidirectional access control method mainly is service only externally is provided and can't initiatively externally initiates visit and solve above-mentioned security risk by controlling the server of sharing in the VPN.
But, unidirectional access control method of the prior art need with PE that the VPN of department is connected on manual configuration share the pairing prefix information of VPN, such as sharing all network segment addresses that VPN comprises, obviously in that to share under the situation that there are a large amount of network segment addresses in VPN the configuration meeting very complicated.And, when changing, the network address of sharing VPN also needs to be configured or to revise at this PE again, can not well adapt to networks development.
Summary of the invention
The invention provides a kind of implementation method and equipment of unidirectional access control, so that when solving the information security risk, simplify configuration and adapt to networks development.
A kind of implementation method of unidirectional access control, this method are applied to comprise in the network of first virtual private network VPN and the 2nd VPN, and the level of security of a described VPN is greater than the 2nd VPN; On the backbone network edge routing device PE that connects a VPN, dispose application layer state-detection ASPF function in advance, and specify at least one to be used to identify the group attribute value of the group attribute value of the 2nd VPN route as controlled route; This method may further comprise the steps:
Described PE study routing iinformation when the routing iinformation of learning comprises designated body's property value, is stored the prefix information that this routing iinformation comprises automatically;
When described PE received data message, if currently enabled described ASPF function, then information of carrying according to the data message that receives and the prefix information of having stored were transmitted control to described data message.
A kind of PE connects a VPN, comprising: ASPF module, routing module and forwarding module, wherein,
Described routing module study routing iinformation when the routing iinformation of learning comprises the group attribute value of appointment, issues the prefix information that this routing iinformation comprises and gives forwarding module; Described group attribute value is used to identify the 2nd VPN route as controlled route; The level of security of a described VPN is greater than the level of security of the 2nd VPN;
Described forwarding module receives and stores the prefix information that described routing module issues; And when receiving data message, whether the information that the data message that judgement receives carries is present in the prefix information of having stored, if send unidirectional access control and be notified to described ASPF module;
Described ASPF module has been configured the ASPF function, when receiving described unidirectional access control notice, if enabled the ASPF function that disposed, then the prefix information stored of information of carrying according to described data message and described forwarding module is transmitted control to described data message.
As can be seen from the above technical solutions, be not that prior art is provided with shared pairing all prefix informations of VPN (being equivalent to the 2nd VPN among the present invention) like that by hand in the embodiment of the invention on hardware firewall, but the group attribute value that only needs to specify the 2nd VPN (shared VPN), automatically learn prefix information by PE, than prior art, need not the operation of a large amount of manual configuration prefix informations, can simplify the deployment configuration of unidirectional access control greatly;
And, in the embodiment of the invention owing to be that PE learns prefix information automatically, wherein, this prefix information specifically can be network segment address, therefore, when the shared VPN network address changes, need not to carry out manual configuration or modification at this PE again in the prior art, can well adapt to networks development than prior art.
Description of drawings
Fig. 1 is the networking schematic diagram of each department in the enterprise in the prior art;
Fig. 2 is the schematic diagram of unidirectional access control method in the prior art;
The basic flow sheet that Fig. 3 provides for the embodiment of the invention;
The detail flowchart that Fig. 4 provides for the embodiment of the invention;
The structure chart of the PE that Fig. 5 provides for the embodiment of the invention.
Embodiment
In order to make the purpose, technical solutions and advantages of the present invention clearer, describe the present invention below in conjunction with the drawings and specific embodiments.
In actual applications; the level of security of the VPN of department generally requires than higher; and the relative VPN of department of level of security that shares VPN is low a little; when both communicate; in order to protect level of security than higher VPN; can be in the prior art at the other fire compartment wall of hanging of PE side on the MPLS backbone network of being in of attachment security rank than higher VPN, this obviously increases maintenance cost.The embodiment of the invention is carried out creationary analysis to structure and the VPN characteristics of the PE on the MPLS backbone network, flow process has as shown in Figure 3 been proposed, central idea is exactly to make the attachment security rank have the function of unidirectional access control than the PE of higher VPN, specifically can be referring to shown in Figure 3.
Referring to Fig. 3, the basic flow sheet that Fig. 3 provides for the embodiment of the invention.Present embodiment is not limited to VPN of department and shared VPN, it can expand among the VPN of any two different level of securitys, for ease of describing, in the present embodiment, to require level of security to be designated as a VPN, the VPN that requires level of security to hang down some a little for a VPN is designated as the 2nd VPN than higher VPN; Then as shown in Figure 3, this flow process can comprise the steps:
ASPF is a kind of application application layer, transport layer detection technique more widely, and its major function is that the data message is transmitted control, does not meet the data message of rule with prevention; Than firewall technology of the prior art, its fail safe that has, reliability are higher.
Here, the group attribute value is used for unique identification and shares the VPN route, specifically can be route-distinguisher (RD) or is route target sign (RT) or the private information for making an appointment, and the embodiment of the invention does not specifically limit.
Here, the operation of PE study routing iinformation specifically can be described in the step 403 among Fig. 4.
As can be seen, present embodiment is by configuration ASPF function on the PE that connects a VPN, and when this ASPF function was activated, this PE can transmit control to the data message that receives.That is to say; present embodiment is by configuration ASPF function on PE; this PE is born the responsibility the data message that receives is transmitted control; so that protect the purpose of a VPN, avoided prior art owing to will protect the VPN of department (a similar VPN) to hang the defective that fire compartment wall brought on PE side side.
So far, the flow process that provides of the embodiment of the invention finishes.
Above-mentioned is the simple description that the flow process that the embodiment of the invention provides is carried out, and below in conjunction with specific embodiment method provided by the invention is described in detail.
Referring to Fig. 4, the detail flowchart that Fig. 4 provides for the embodiment of the invention.In the present embodiment, be the VPN of department with a VPN, the 2nd VPN is an example for sharing VPN, and as shown in Figure 4, this flow process can may further comprise the steps:
Present embodiment is when carrying out networking, can the group attribute value of the route correspondence among each VPN in the networking be configured, therefore, the group attribute value of the group attribute value of all shared VPN route correspondences as controlled route specified in the configuration that this step 402 is easy to when carrying out networking, also can specify the group attribute value of the group attribute value of several shared VPN route correspondences as controlled route according to actual conditions.
Here, PE can be according to Border Gateway Protocol (BGP:Border Gateway Protocol) dynamic learning routing iinformation.Wherein, BGP is a kind of dynamic routing protocol that is used between the autonomous system (AS:Autonomous System), here AS has same routing policy, the set of router that under same technical management department, moves, the operation of PE study routing iinformation specifically can be similar with prior art in this step 403, repeats no more here.
In BGP, when routing device is issued routing iinformation such as the PE in the present embodiment, can issue being configured in when the networking to carry simultaneously, so that the recipient when receiving routing iinformation, knows that this routing iinformation is for from the routing iinformation among which VPN from group attribute value on one's body.Therefore, this step 403 is easy to judge whether the routing iinformation of study has comprised the group attribute value of above-mentioned appointment.
Here, prefix information specifically can be the network segment IP address of sharing among the VPN.
So far, realized the learning manipulation of the network segment IP address in the route of group attribute value correspondence of appointment by above-mentioned steps 403 to step 405.
Step 406 when PE receives data message, is judged the current ASPF function that whether enabled, if, execution in step 407; Otherwise, according to this data message of operational processes of prior art.
Whether step 407, the data message of judging this reception are the request message from the VPN of department, if, execution in step 408; Otherwise, execution in step 409.
Here, generally carry type of message, source address and destination address in the data message, therefore, the type of message, source address and the destination address that carry according to the data message that receives of this step 407 can be easy to know that whether this data message is the request message from the VPN of department.
Step 408 writes down the message five-tuple information that this request message carries, and afterwards, transmits this request message.
Here, message five-tuple information in the step 408 specifically can be source address, destination address, source port, destination interface and protocol number, write down this message five-tuple information, mainly be to receive when sharing the data message of VPN for the ease of follow-up, determine that whether this data message is the request message corresponding response message from the VPN of department, and then according to determining that the result realizes the forwarding control to follow-up this data message, specifically sees step 411.
Because the embodiment of the invention mainly is in order to protect the safety of the VPN of department; prevent to share the control of VPN victim and, therefore, only need restriction from the data message of sharing VPN to the hidden danger that the safety of the VPN of department is brought; and the data message to sending from the VPN of department can allow to transmit without exception.
So far, the data message to current reception that finishes the embodiment of the invention and provide is transmitted the flow process of control.
Because when step 408 is request message from the VPN of department at the data message that determine to receive, write down the message five-tuple information that this data message carries, therefore, the message five-tuple information that the request message from a VPN that message five-tuple information that this step 411 can be carried according to the data message of current reception and step 408 have write down carries judges that whether described data message is the request message corresponding response message from a VPN, the class of operation of judgement response message seemingly repeats no more here in concrete decision operation and the prior art.
So far, the flow process that provides of the embodiment of the invention finishes.
As can be seen from the above technical solutions, the embodiment of the invention has following effect
1, in the embodiment of the invention by when the VPN of department communicates must through PE on configuration ASPF function, can carry out unidirectional access control to the data message that receives, in prior art, hang hardware firewall, significantly reduced maintenance cost on the PE side side that is connected with the VPN of department.
2, because need be in the prior art in the other hardware firewall of hanging of PE side, so, when receiving data message, need the configuration of this data message by tactful route or static routing is drawn to hardware firewall, and in the embodiment of the invention, because PE has the ASPF function that can realize unidirectional access control, therefore, it has avoided draw operations of the prior art, has simplified the realization of flow process greatly than prior art.
3, be not that prior art is provided with shared pairing all prefix informations of VPN on this hardware firewall like that by hand in the embodiment of the invention, but only need to specify the group attribute value of sharing VPN, automatically learn prefix information by PE, than prior art, need not the operation of a large amount of manual configuration prefix informations, can simplify the deployment of unidirectional access control greatly;
4, in the embodiment of the invention owing to be that PE learns prefix information automatically, wherein, this prefix information specifically can be network segment address, therefore, when the shared VPN network address changes, need not to carry out manual configuration or modification at this PE again in the prior art, can well adapt to networks development than prior art.
In order to realize the implementation method of above-mentioned unidirectional access control, the present invention also provides a kind of PE.Fig. 5 shows the concrete structure figure of this PE.Wherein, described PE connects a VPN.As described in Figure 5, this PE can comprise: routing module 501, forwarding module 502 and ASPF module 503;
Wherein, routing module 501 study routing iinformations when the routing iinformation of learning comprises the group attribute value of appointment, issue the prefix information that this routing iinformation comprises and give forwarding module 502; Here, described group attribute value is used to identify the 2nd VPN route as controlled route; The level of security of a described VPN is greater than the level of security of the 2nd VPN; This group attribute value can be route-distinguisher RD or is route target sign RT or the private information for making an appointment during specific implementation.
The prefix information that forwarding module 502 receives and storage routing module 501 issues; And when receiving data message, send unidirectional access control and be notified to ASPF module 503;
Preferably, in the present embodiment, routing module 501 is according to BGP dynamic learning routing iinformation.
As shown in Figure 5, forwarding module 502 specifically can comprise: judging unit 5021 and memory cell 5022.
Wherein, judging unit 5021 is used for judging the prefix information whether prefix information that routing iinformation comprised of routing module 501 study exists memory cell 5022 to store;
Here, described prefix information can be the network segment address among the 2nd VPN; So, forwarding module 502 can judge whether the source address that the message of reception carries is present in the network segment address of having stored.
Preferably, in the present embodiment, the prefix information of memory cell 5022 storages is the network segment address among the 2nd VPN;
As shown in Figure 5, ASPF module 503 can comprise: first processing unit 5031 and second processing unit 5032;
Wherein, first processing unit 5031 is used at described data message transmitting described data message for from the request message of a VPN time;
The source address that second processing unit 5032 is used for carrying at described data message is the network segment address of the 2nd VPN, when destination address is a network segment address among the VPN, judge whether described data message is request message, if refuse the forwarding of described data message; If not, judge that whether described data message is the request message corresponding response message from a VPN, if then allow the forwarding of described data message; Otherwise, refuse the forwarding of described data message.
Further this message five-tuple information of carrying of record when preferably, first processing unit 5031 is transmitted described data message from the request message of a VPN;
The message five-tuple information that message five-tuple information that second processing unit 5032 carries according to described data message and the request message from a VPN that has write down carry judges that whether described data message is the request message corresponding response message from a VPN.
So far, finish the structrual description of the PE that the embodiment of the invention provides.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (10)
1. the implementation method of a unidirectional access control is characterized in that, this method is applied to comprise in the network of first virtual private network VPN and the 2nd VPN, and the level of security of a described VPN is greater than the 2nd VPN; On the backbone network edge routing device PE that connects a VPN, dispose application layer state-detection ASPF function in advance, and specify at least one to be used to identify the group attribute value of the group attribute value of the 2nd VPN route as controlled route; This method may further comprise the steps:
A, described PE study routing iinformation when the routing iinformation of learning comprises designated body's property value, is stored the prefix information that this routing iinformation comprises automatically;
B, when described PE received data message, if currently enabled described ASPF function, then information of carrying according to the data message that receives and the prefix information of having stored were transmitted control to described data message.
2. method according to claim 1 is characterized in that, described PE is according to Border Gateway Protocol (BGP) dynamic learning routing iinformation; In the described steps A, PE stores the prefix information that routing iinformation comprises automatically and comprises:
PE judges whether the prefix information that the routing iinformation of study comprises exists in the prefix information of having stored, if not, then stores the prefix information that described routing iinformation comprises automatically.
3. method according to claim 1 and 2 is characterized in that, described group attribute value is route-distinguisher RD or is route target sign RT or the private information for making an appointment.
4. method according to claim 1 is characterized in that, the prefix information of described storage is the network segment address among the 2nd VPN; Information of carrying according to the data message that receives among the described step B and the prefix information of having stored are transmitted control to described data message and are comprised:
If the source address that the data message that receives carries is the network segment address among the 2nd VPN, destination address is the network segment address among the VPN, judges then whether described data message is request message, if refuse the forwarding of described data message; If not, judge that whether described data message is the request message corresponding response message from a VPN, if then allow the forwarding of described data message; Otherwise, refuse the forwarding of described data message.
5. method according to claim 4 is characterized in that, among the described step B, if the data message that PE receives is the request message from a VPN, then transmits described data message, and writes down the message five-tuple information that this request message carries;
Whether described judgment data message is that the request message corresponding response message from a VPN comprises:
Whether the message five-tuple information judgment data message that message five-tuple information of carrying according to described data message and the request message from a VPN that has write down carry is the request message corresponding response message from a VPN.
6. a PE is characterized in that, described PE connects a VPN; Described PE comprises: ASPF module, routing module and forwarding module, wherein,
Described routing module study routing iinformation when the routing iinformation of learning comprises the group attribute value of appointment, issues the prefix information that this routing iinformation comprises and gives forwarding module; Described group attribute value is used to identify the 2nd VPN route as controlled route; The level of security of a described VPN is greater than the level of security of the 2nd VPN;
Described forwarding module receives and stores the prefix information that described routing module issues; And when receiving data message, send unidirectional access control and be notified to described ASPF module;
Described ASPF module has been configured the ASPF function, when receiving described unidirectional access control notice, if enabled the ASPF function that disposed, then the prefix information stored of information of carrying according to described data message and described forwarding module is transmitted control to described data message.
7. PE according to claim 6 is characterized in that, described routing module is according to Border Gateway Protocol (BGP) dynamic learning routing iinformation;
Described forwarding module comprises: judging unit and memory cell, wherein,
Whether the prefix information that routing iinformation comprised of the described routing module of described judgment unit judges study exists in the prefix information that described memory cell stored;
Described memory cell for not the time, is stored the prefix information that described routing iinformation comprises in the judged result of described judging unit.
8. according to claim 6 or 7 described PE, it is characterized in that described group attribute value is route-distinguisher RD or is route target sign RT or the private information for making an appointment.
9. PE according to claim 6 is characterized in that, described prefix information is the network segment address among the 2nd VPN;
Described ASPF module comprises: first processing unit and second processing unit;
Described first processing unit is used at described data message transmitting described data message for from the request message of a VPN;
The source address that described second processing unit is used for carrying at described data message is the network segment address of the 2nd VPN, when destination address is a network segment address among the VPN, judge whether described data message is request message, if refuse the forwarding of described data message; If not, judge that whether described data message is the request message corresponding response message from a VPN, if then allow the forwarding of described data message; Otherwise, refuse the forwarding of described data message.
10. PE according to claim 9 is characterized in that, further this message five-tuple information of carrying from the request message of a VPN of record when described first processing unit is transmitted described data message;
The message five-tuple information that the request message from a VPN that message five-tuple information that described second processing unit carries according to described data message and described first processing unit have write down carries judges that whether described data message is the request message corresponding response message from a VPN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102381952A CN102065001B (en) | 2009-11-17 | 2009-11-17 | Implementation method and equipment of one-way access control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102381952A CN102065001B (en) | 2009-11-17 | 2009-11-17 | Implementation method and equipment of one-way access control |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102065001A true CN102065001A (en) | 2011-05-18 |
| CN102065001B CN102065001B (en) | 2013-04-03 |
Family
ID=44000108
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102381952A Expired - Fee Related CN102065001B (en) | 2009-11-17 | 2009-11-17 | Implementation method and equipment of one-way access control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102065001B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107707478A (en) * | 2017-09-30 | 2018-02-16 | 迈普通信技术股份有限公司 | Data forwarding method and equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1780249A (en) * | 2004-11-25 | 2006-05-31 | 华为技术有限公司 | Method for realizing different third layer virtual personnel interconnection |
| CN101022328B (en) * | 2007-03-26 | 2011-07-20 | 杭州华三通信技术有限公司 | Method for realizing redundant gateway path overhead dynamic regulation and gate way equipment |
-
2009
- 2009-11-17 CN CN2009102381952A patent/CN102065001B/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107707478A (en) * | 2017-09-30 | 2018-02-16 | 迈普通信技术股份有限公司 | Data forwarding method and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102065001B (en) | 2013-04-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11863625B2 (en) | Routing messages between cloud service providers | |
| CN107005472B (en) | Method and device for providing inter-domain service function link | |
| US10084685B2 (en) | Route reflector as a service | |
| US8767737B2 (en) | Data center network system and packet forwarding method thereof | |
| CN109462534B (en) | Local interconnect controller, local interconnect control method, and computer storage medium | |
| CN102948132B (en) | Distributed virtual network gateways | |
| JP5859519B2 (en) | Data packet delivery management method | |
| CN102812671B (en) | Methods, systems, and computer readable media for inter-diameter-message processor routing | |
| US20140230044A1 (en) | Method and Related Apparatus for Authenticating Access of Virtual Private Cloud | |
| CN102291455B (en) | Distributed cluster processing system and message processing method thereof | |
| CN106161335A (en) | A kind for the treatment of method and apparatus of network packet | |
| CN104350467A (en) | Elastic enforcement layer for cloud security using SDN | |
| CN103930882A (en) | Architecture of networks with middleboxes | |
| CN103944768A (en) | Providing logical networking functionality for managed computer networks | |
| CN101635702B (en) | Method for forwarding data packet using security strategy | |
| CN102347889B (en) | Message forwarding method, system and device in H-VPLS (Hierarchical Virtual Private local area network service) | |
| CN109525601A (en) | The lateral flow partition method and device of terminal room in Intranet | |
| CN106888145A (en) | A kind of VPN resource access methods and device | |
| EP3457640B1 (en) | Route establishment and message sending | |
| CN102571738A (en) | Intrusion prevention system (IPS) based on virtual local area network (VLAN) exchange and system thereof | |
| CN108259295B (en) | MAC address synchronization method and device | |
| CN105721487B (en) | Information processing method and electronic equipment | |
| CN112543108A (en) | Network isolation policy management method and network isolation policy management system | |
| CN110768862A (en) | Cloud platform physical link connectivity detection device, method and system | |
| CN106357443B (en) | A kind of method and apparatus of network configuration |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130403 Termination date: 20191117 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |