CN103547334A - Channel building method, base station and channel building system - Google Patents

Channel building method, base station and channel building system Download PDF

Info

Publication number
CN103547334A
CN103547334A CN201380000391.0A CN201380000391A CN103547334A CN 103547334 A CN103547334 A CN 103547334A CN 201380000391 A CN201380000391 A CN 201380000391A CN 103547334 A CN103547334 A CN 103547334A
Authority
CN
China
Prior art keywords
ipsec
base station
passage
pattern
channel switching
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201380000391.0A
Other languages
Chinese (zh)
Inventor
王江胜
陈佳佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN103547334A publication Critical patent/CN103547334A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiments of the invention provide a channel building method, a base station and a channel building system, and relates to the technical field of network. When failure or error parameter setting occurs to a security gateway, the business time after failure is reduced, and the maintenance cost for the base station is reduced. The method comprises the steps of, the base station sending IPsec rekeying instruction to the security gateway and rebuilding an operation maintenance (OM) channel in Ipsec mode, when the OM channel is not avaiable, sending DHCP request information to a DHCP-server when rebuilding the OM channel in Ipsec mode fails, receiving response message sent by the DHCP-server, wherein the response message has a setting key; matching the setting key with the IPsec channel converting port;and cancelling the bonding of the IPsec ports and shifting a transmission link to a non-IPsec mode transmission link when the key matches with the IPsec channel converting port. The invention is also applicable to channel shifting.

Description

A kind of Path Setup method, base station and Path Setup system
Technical field
The present invention relates to networking technology area, relate in particular to a kind of Path Setup method, base station and Path Setup system.
Background technology
In safe network, network element will just can be accessed the network element in perfect field by the protection of gateway.For example, in wireless networking; base station will be linked into controller and (the Operation and Maintenance Center of operation maintenance center; be called for short OMC) in; must first set up Internet Protocol Security (Internet Protocol Security with security gateway; be called for short IPsec) passage, then base station is all subject to the protection of IPsec passage with all communication of controller and OMC.
Because security gateway is the middle-level higher node of transmission network, therefore, under common safe network framework, convergence-level deployment secure gateway, sets up IPsec passage with base station respectively, in unified access security territory.But, at security gateway, break down or during parameter configuration error, can cause whole Internet Transmission paralysis, and then cause large quantities of network element chain ruptures.For fear of this situation, occur, when occurring the hardware and software failure of batch configuration mistake or security gateway, when security gateway cannot recover normal function in a short time, the mode that large quantities of base stations need to be controlled by far-end is controlled base station and is switched to the access of other transmission links or near-end base station is safeguarded.A gateway may connect thousands of websites, by the access troubleshooting meeting at station, wastes a large amount of money and time.
Summary of the invention
Embodiments of the invention provide a kind of Path Setup method, base station and Path Setup system, realize at security gateway and breaking down or during parameter configuration error, reduce business interlude after fault, reduce the maintenance cost to base station.
For achieving the above object, embodiments of the invention adopt following technical scheme:
First aspect, provides a kind of Path Setup method, comprising:
When Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern; Wherein, described OM passage is communicated by letter between described base station and operation maintenance center;
When described, re-establish OM passage when failure with Ipsec pattern, send dynamic host configuration protocol DHCP solicited message to Dynamic Host Configuration Protocol server DHCP-Server;
Receive the reply message to described dhcp request message that described DHCP-Server sends; Wherein, in described reply message, carry configuring cipher key;
Described configuring cipher key is mated with pre-stored IPsec channel switching password;
When described configuring cipher key and the success of described pre-stored IPsec channel switching password match, cancel the binding to IPsec port, transmission link is switched to the transmission link of non-Ipsec pattern.
In the possible implementation of the first, in conjunction with first aspect, described method also comprises:
When described configuring cipher key and the failure of described pre-stored IPsec channel switching password match, carry out described base station transmission Internet Protocol Security IPsec and heavily consult to order to security gateway, and re-establish the OM passage with Ipsec pattern.
In the possible implementation of the second, in conjunction with the possible implementation of the first, described when Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to before security gateway, and described method also comprises:
When described OM passage is normal, receives the described IPsec channel switching password of the OMC of operation maintenance center transmission and store described IPsec channel switching password.
In the third possible implementation, in conjunction with the possible implementation of the first or the possible implementation of the second, the binding of described cancellation to IPsec port, after transmission link being switched to the transmission link of non-Ipsec pattern, described method also comprises:
After described OM routing restoration is normal, receive the configuration order that described OMC sends;
Send IPsec and again consult order to described security gateway;
If again consulted successfully, set up the OM passage with Ipsec pattern.
Second aspect, provides a kind of base station, comprising:
Processing unit, for when Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern; Wherein, described OM passage is communicated by letter between described base station and operation maintenance center;
Transmitting element, for when described in re-establish OM passage when failure with Ipsec pattern, send dynamic host configuration protocol DHCP solicited message to DHCP public server DHCP-Server;
Receiving element, the reply message to described dhcp request message sending for receiving described DHCP-Server; Wherein, in described reply message, carry configuring cipher key;
Dispensing unit, also for mating described configuring cipher key with pre-stored IPsec channel switching password;
Described processing unit, also, for when the success of described configuring cipher key and described pre-stored IPsec channel switching password match, cancels the binding to IPsec port, transmission link is switched to the transmission link of non-Ipsec pattern.
In the possible implementation of the first, in conjunction with second aspect,
Described processing unit, if also for described configuring cipher key and the failure of described pre-stored IPsec channel switching password match, carry out described base station transmission Internet Protocol Security IPsec and heavily consult to order to security gateway, and re-establish the OM passage with Ipsec pattern.
In the possible implementation of the second, in conjunction with the possible implementation of the first,
Described receiving element, also for when described OM passage is normal, receives the described IPsec channel switching password of the OMC of operation maintenance center transmission and stores described IPsec channel switching password.
In the third possible implementation, in conjunction with the possible implementation of the first or the possible implementation of the second, described equipment also comprises:
Described receiving element, also, for after described OM routing restoration is normal, receives the configuration order that described OMC sends;
Described transmitting element, also consults order to described security gateway again for sending Ipsec;
Set up unit, if again consulted successfully for Ipsec, set up the OM passage with Ipsec pattern.
The third aspect, a kind of base station is provided, comprises: at least one processor, memory, communication interface and bus, described at least one processor, memory and communication interface are connected by bus and complete mutual communication, described memory is for program code stored, wherein:
Described processor, for calling the program code of memory, in order to carry out following operation:
When Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern; Wherein, described OM passage is communicated by letter between described base station and operation maintenance center;
When described, re-establish OM passage when failure with Ipsec pattern, send dynamic host configuration protocol DHCP solicited message to DHCP public server DHCP-Server;
Receive the reply message to described dhcp request message that described DHCP-Server sends; Wherein, in described reply message, carry configuring cipher key;
Described configuring cipher key is mated with pre-stored IPsec channel switching password;
When described configuring cipher key and the success of described pre-stored IPsec channel switching password match, cancel the binding to IPsec port, transmission link is switched to the transmission link of non-Ipsec pattern.
In the possible implementation of the first, in conjunction with the third aspect,
Described processor, also for when the failure of described configuring cipher key and described pre-stored IPsec channel switching password match, carry out described base station transmission Internet Protocol Security IPsec and heavily consult to order to security gateway, and re-establish the OM passage with Ipsec pattern.
In the possible implementation of the second, in conjunction with the possible implementation of the first, described processor also for:
When described OM passage is normal, receives the described IPsec channel switching password of the OMC of operation maintenance center transmission and store described IPsec channel switching password.
In the third possible implementation, in conjunction with the possible implementation of the first or the possible implementation of the second, described processor also for:
After described OM routing restoration is normal, receive the configuration order that described OMC sends;
Send Ipsec and again consult order to described security gateway;
If Ipsec consults successfully again, set up the OM passage with Ipsec pattern.
Fourth aspect, provides a kind of Path Setup system, comprises base station, security gateway, Dynamic Host Configuration Protocol server and operation maintenance center, wherein:
Described base station, for when Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern; When described, re-establish OM passage when failure with Ipsec pattern, send dynamic host configuration protocol DHCP solicited message to Dynamic Host Configuration Protocol server DHCP-Server; Receive the reply message to described dhcp request message that described DHCP-Server sends; Wherein, in described reply message, carry configuring cipher key; Described configuring cipher key is mated with pre-stored IPsec channel switching password; When described configuring cipher key and the success of described pre-stored IPsec channel switching password match, cancel the binding to IPsec port, transmission link is switched to the transmission link of non-Ipsec pattern;
Described security gateway, heavily consults order for receiving the Internet Protocol Security IPsec of described base station transmission;
Dynamic Host Configuration Protocol server, the dynamic host configuration protocol DHCP solicited message sending for receiving described base station; The reply message of transmission to described dhcp request message; Wherein, in described reply message, carry configuring cipher key.
In the possible implementation of the first, in conjunction with fourth aspect,
Described base station, also for when the failure of described configuring cipher key and described pre-stored IPsec channel switching password match, carries out described base station and sends Internet Protocol Security IPsec and heavily consult to order to security gateway, and re-establish the OM passage with Ipsec pattern.
In the possible implementation of the second, in conjunction with the possible implementation of the first,
The OMC of operation maintenance center, for when described OM passage is normal, sends described IPsec channel switching password;
Described base station, also for receiving the described IPsec channel switching password of described OMC transmission and storing described IPsec channel switching password.
In the third possible implementation, in conjunction with the possible implementation of the first or the possible implementation of the second,
Described operation maintenance center, also for sending configuration order after described OM routing restoration is normal;
Described base station, the configuration order also sending for receiving described OMC; Send IPsec and again consult order to described security gateway; If Ipsec consults successfully again, set up the OM passage with Ipsec pattern;
Described security gateway, also consults order again for receiving the Ipsec of described base station transmission.
The Path Setup method that embodiments of the invention provide, base station and Path Setup system, by breaking down at security gateway or during parameter configuration error, communication port is switched to non-Ipsec passage by IPsec passage, has reduced service outage duration, reduced the maintenance cost to base station.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The schematic flow sheet of a kind of Path Setup method that Fig. 1 provides for embodiments of the invention;
The schematic flow sheet of the another kind of Path Setup method that Fig. 2 provides for embodiments of the invention;
The structural representation of a kind of base station that Fig. 3 provides for embodiments of the invention;
The structural representation of the another kind of base station that Fig. 4 provides for embodiments of the invention;
The structural representation of a kind of base station that Fig. 5 provides for another embodiment of the present invention;
The structural representation of a kind of Path Setup system that Fig. 6 provides for embodiments of the invention.
The specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
In safe network framework, network element will just can be accessed the network element that is positioned at security domain by the protection of security gateway, when there is the situations such as security gateway fault or security parameter configuration error.Embodiments of the invention provide a kind of Path Setup method, shown in Fig. 1, comprising:
101,, when Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern.
Wherein, this OM passage is communicated by letter between base station and operation maintenance center.
102, when re-establishing the OM passage failure with Ipsec pattern, base station sends DHCP (Dynamic host configuration protocol is called for short DHCP) solicited message to Dynamic Host Configuration Protocol server DHCP-Server.
103, base station receives the reply message to dhcp request message that DHCP-Server sends; Wherein, reply in message and carry configuring cipher key.
104, mate configuring cipher key base station with pre-stored IPsec channel switching password.
105, whether the match is successful to judge configuring cipher key and pre-stored IPsec channel switching password.
106, when configuring cipher key and the success of pre-stored IPsec channel switching password match, the binding to IPsec port is cancelled in base station, transmission link is switched to the transmission link of non-Ipsec pattern.
Concrete, the OM channel with Ipsec pattern i.e. this OM channel is subject to IPsec protecting tunnel, and service data transmission is encrypted.The OM channel of non-Ipsec pattern i.e. this OM channel is not protected by IPsec, not encrypted transmission business datum.
The Path Setup method that embodiments of the invention provide, by breaking down at security gateway or during parameter configuration error, data flow being switched to non-Ipsec passage from IPsec passage, has reduced service outage duration, has reduced the maintenance cost to base station.
Embodiments of the invention provide a kind of Path Setup method, shown in Fig. 2, comprising:
201,, when Operation and Maintenance OM passage is normal, base station receives the IPsec channel switching password of the OMC of operation maintenance center transmission and stores this IPsec channel switching password.
Wherein, this IPsec channel switching password Shi operation maintenance center side is by manually arranging.And the form of this IPsec channel switching password can be character string, when OM passage breaks down, by this IPsec channel switching password, can realize OM passage and from thering is the transmission link of Ipsec pattern, be switched to the transmission link of non-Ipsec pattern.
202,, when OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern.
Wherein, OM passage is communicated by letter between base station and operation maintenance center.
The communication conditions of OM passage detects (Dead Peer Detection, abbreviation DPD) by inefficacy opposite end and obtains.If DPD detects successfully, illustrate that OM rebuilds successfully, if DPD detects unsuccessfully, OM reconstruction failure is described.
When OM passage is normal, the transmission link of base station and operation maintenance center is the OM passage with IPsec pattern.After OM channel failure, first base station can attempt heavily consulting IPsec with security gateway, if heavily consulted successfully, continues to use to have the OM passage of IPsec pattern, if heavily consulted unsuccessfully, is switched to the OM passage of non-IPsec pattern.
203, when re-establishing the OM passage failure with Ipsec pattern, base station sends dynamic host configuration protocol DHCP solicited message to Dynamic Host Configuration Protocol server DHCP-Server.
204, base station receives the reply message to dhcp request message that DHCP-Server sends; Wherein, reply in message and carry configuring cipher key.
Concrete, this configuring cipher key is the key that after network failure, user's manual change arranges.And this configuring cipher key is that protection sends the major way of illegal switching command to base station, so configuring cipher key end-to-end modification after using once, or the cycle upgrades automatically.
205, mate configuring cipher key base station with pre-stored IPsec channel switching password.
Concrete, the form of configuring cipher key and IPsec channel switching password can be character string, when configuring cipher key is identical with IPsec channel switching password, represents that the match is successful.
206, when configuring cipher key and the success of pre-stored IPsec channel switching password match, the binding to IPsec port is cancelled in base station, transmission link is switched to the transmission link of non-Ipsec pattern.
Therefore transmission link is now the transmission link of non-IPsec pattern, encrypted transmission business datum not.
207, when configuring cipher key and the failure of pre-stored IPsec channel switching password match, repeated execution of steps 202~205.
208,, after OM routing restoration is normal, base station receives the configuration order that OMC sends.
Concrete, OMC sends configuration order to base station, is to be switched to non-IPsec mode transfer link for informing base station.
209, transmission Ipsec in base station consults to order to security gateway again.
If 210 base stations are consulted Ipsec success again, set up the OM passage that specifically has Ipsec pattern.
The OM passage of IPsec pattern is encrypted service data transmission by the OM passage of IPsec protecting tunnel, but not the OM passage that the OM passage of IPsec pattern is not subject to IPsec protecting tunnel encrypted transmission business datum not.Therefore the transmission link of base station and operation maintenance center is that IPsec pattern is also that non-IPsec pattern has larger relation with security gateway.The encryption of data is mainly undertaken by security gateway, therefore, before transmission link being switched to the OM passage of IPsec pattern, need to be carried out IPsec negotiation with security gateway, only have the OM passage of consulting successfully just can be switched to IPsec pattern.
The Path Setup method that embodiments of the invention provide, by breaking down at security gateway or during parameter configuration error, data flow being switched to non-Ipsec passage from IPsec passage, has reduced service outage duration, has reduced the maintenance cost to base station.And then, can promote the reliability of whole network.
Embodiments of the invention provide a kind of base station 3, shown in Fig. 3, comprising: processing unit 31, transmitting element 32, receiving element 33 and dispensing unit 34, wherein:
Processing unit 31, for when Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern.Wherein, OM passage is communicated by letter between base station and operation maintenance center.
Transmitting element 32, if for re-establishing the OM passage failure with Ipsec pattern, send dynamic host configuration protocol DHCP solicited message to DHCP public server DHCP-Server.
Receiving element 33, the reply message to dhcp request message sending for receiving DHCP-Server; Wherein, in this reply message, carry configuring cipher key.
Dispensing unit 34, also for mating configuring cipher key with pre-stored IPsec channel switching password.
Processing unit 31, also, for when configuring cipher key and the success of pre-stored IPsec channel switching password match, cancels the binding to IPsec port, transmission link is switched to the transmission link of non-Ipsec pattern.
The base station that embodiments of the invention provide, by breaking down at security gateway or during parameter configuration error, data flow being switched to non-Ipsec passage from IPsec passage, has reduced service outage duration, has reduced the maintenance cost to base station.
Further, shown in Fig. 4, embodiments of the invention provide a kind of base station 3, and also comprise and set up unit 35, wherein:
Processing unit 31, also for when configuring cipher key and the failure of pre-stored IPsec channel switching password match, carries out base station and sends Internet Protocol Security IPsec and heavily consult to order to security gateway, and re-establish the step of the OM passage with Ipsec pattern.
Receiving element 33, also for when OM passage is normal, receives IPsec channel switching password storing IP sec channel switching password that the OMC of operation maintenance center sends.
Receiving element 33, also, for after OM routing restoration is normal, receives the configuration order that OMC sends.
Transmitting element 32, also consults to order to security gateway for sending Ipsec again.
Set up unit 35, if again consulted successfully for Ipsec, set up the OM passage with Ipsec pattern.
The base station that embodiments of the invention provide, by breaking down at security gateway or during parameter configuration error, data flow being switched to non-Ipsec passage from IPsec passage, has reduced service outage duration, has reduced the maintenance cost to base station.And then, can promote the reliability of whole network.
Embodiments of the invention provide a kind of base station 4, shown in Fig. 5, comprise: at least one processor 41, memory 42, communication interface 43 and bus 44, at least one processor 41, memory 42 and communication interface 43 are connected by bus 44 and complete mutual communication, memory 42 is for program code stored, wherein:
This bus 44 can be industry standard architecture (Industry Standard Architecture, referred to as ISA) bus, peripheral component interconnect (Peripheral Component, referred to as PCI) bus or extended industry-standard architecture (Extended IndustryStandard Architecture, referred to as EISA) bus etc.This bus 44 can be divided into address bus, data/address bus, control bus etc.For ease of representing, in Fig. 5, only with a thick line, represent, but do not represent only to have the bus of a bus or a type.Wherein:
Memory 42 is for stores executable programs code, and this program code comprises computer-managed instruction.Memory 42 may comprise high-speed RAM memory, also may also comprise nonvolatile memory (non-volatile memory), for example at least one magnetic disc store.
Processor 41 may be a central processing unit (Central Processing Unit, referred to as CPU), or specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC), or be configured to implement one or more integrated circuits of the embodiment of the present invention.
Communication interface 43, is mainly used in realizing the communication between base station, security gateway, Dynamic Host Configuration Protocol server and the operation maintenance center in the present embodiment.
Processor 41, also for calling the program code of memory 42, in order to carry out following operation:
When Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern.
If re-establish the OM passage failure with Ipsec pattern, send dynamic host configuration protocol DHCP solicited message to DHCP public server DHCP-Server.
Receive the reply message to dhcp request message that DHCP-Server sends; Wherein, reply in message and carry configuring cipher key.
Configuring cipher key is mated with pre-stored IPsec channel switching password.
When configuring cipher key and the success of pre-stored IPsec channel switching password match, cancel the binding to IPsec port, transmission link is switched to the transmission link of non-Ipsec pattern.
Further, processor 41, also for when configuring cipher key and the failure of pre-stored IPsec channel switching password match, carries out base station and sends Internet Protocol Security IPsec and heavily consult to order to security gateway, and re-establish the step of the OM passage with Ipsec pattern.
Processor 41, also for when OM passage is normal, receives IPsec channel switching password storing IP sec channel switching password that the OMC of operation maintenance center sends.
Processor 41, also, for after OM routing restoration is normal, receives the configuration order that OMC sends.
Processor 41, also consults order to described security gateway again for sending Ipsec;
Processor 41, if also again consulted successfully for IPsec, sets up the OM passage with Ipsec pattern.
The base station that embodiments of the invention provide, by breaking down at security gateway or during parameter configuration error, data flow being switched to non-Ipsec passage from IPsec passage, has reduced service outage duration, has reduced the maintenance cost to base station.And then, can promote the reliability of whole network.
Embodiments of the invention provide a kind of Path Setup system, shown in Fig. 6, comprising: base station 1, security gateway 2, Dynamic Host Configuration Protocol server 3 and operation maintenance center 4, wherein:
Base station 1, for when Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern; If re-establish the OM passage failure with Ipsec pattern, send dynamic host configuration protocol DHCP solicited message to Dynamic Host Configuration Protocol server DHCP-Server; Receive the reply message to dhcp request message that DHCP-Server sends; Wherein, reply in message and carry configuring cipher key; Configuring cipher key is mated with pre-stored IPsec channel switching password; When configuring cipher key and the success of pre-stored IPsec channel switching password match, cancel the binding to IPsec port, transmission link is switched to the transmission link of non-Ipsec pattern.
Security gateway 2, heavily consults order for receiving the Internet Protocol Security IPsec of base station 1 transmission.
Dynamic Host Configuration Protocol server 3, the dynamic host configuration protocol DHCP solicited message sending for receiving base station 1; The reply message of transmission to dhcp request message; Wherein, in this reply message, carry configuring cipher key.
Optionally, base station 1, also for when configuring cipher key and the failure of pre-stored IPsec channel switching password match, carries out base station and sends Internet Protocol Security IPsec and heavily consult to order to security gateway, and re-establish the OM passage with Ipsec pattern.
The OMC4 of operation maintenance center, for when OM passage is normal, sends IPsec channel switching password.
Base station 1, the IPsec channel switching password the storing IP sec channel switching password that also for receiving OMC, send.
Further, operation maintenance center 4, also for sending configuration order after OM routing restoration is normal.
Base station 1, the configuration order also sending for receiving OMC; Sending Ipsec consults to order to security gateway 2 again; If Ipsec consults successfully again, set up the OM passage with Ipsec pattern.
Security gateway 2, also consults order again for receiving the Ipsec of base station 1 transmission.
The Path Setup system that embodiments of the invention provide, by breaking down at security gateway or during parameter configuration error, data flow being switched to non-Ipsec passage from IPsec passage, has reduced service outage duration, has reduced the maintenance cost to base station.And then, can promote the reliability of whole network.
Those skilled in the art can be well understood to, for convenience and simplicity of description, only the division with above-mentioned each functional module is illustrated, in practical application, can above-mentioned functions be distributed and by different functional modules, completed as required, the internal structure that is about to device is divided into different functional modules, to complete all or part of function described above.The system of foregoing description, the specific works process of device and unit, can, with reference to the corresponding process in preceding method embodiment, not repeat them here.
In the several embodiment that provide in the application, should be understood that, disclosed system, apparatus and method, can realize by another way.For example, device embodiment described above is only schematic, for example, the division of described module or unit, be only that a kind of logic function is divided, during actual realization, can have other dividing mode, for example a plurality of unit or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, INDIRECT COUPLING or the communication connection of device or unit can be electrically, machinery or other form.
The described unit as separating component explanation can or can not be also physically to separate, and the parts that show as unit can be or can not be also physical locations, can be positioned at a place, or also can be distributed on a plurality of NEs.Can select according to the actual needs some or all of unit wherein to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the application can be integrated in a processing unit, can be also that the independent physics of unit exists, and also can be integrated in a unit two or more unit.Above-mentioned integrated unit both can adopt the form of hardware to realize, and also can adopt the form of SFU software functional unit to realize.
If the form of SFU software functional unit of usining described integrated unit realizes and during as production marketing independently or use, can be stored in a computer read/write memory medium.Understanding based on such, the all or part of of the part that the application's technical scheme contributes to prior art in essence in other words or this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions are with so that a computer equipment (can be personal computer, server, or the network equipment etc.) or processor (processor) carry out all or part of step of method described in each embodiment of the application.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only storage (ROM, Read-Only Memory), the various media that can be program code stored such as random access memory (RAM, Random Access Memory), magnetic disc or CD.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can complete by the relevant hardware of programmed instruction, aforesaid program can be stored in a computer read/write memory medium, this program, when carrying out, is carried out the step that comprises said method embodiment; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CDs.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of described claim.

Claims (16)

1. a Path Setup method, is characterized in that, comprising:
When Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern; Wherein, described OM passage is communicated by letter between described base station and operation maintenance center;
When described, re-establish OM passage when failure with Ipsec pattern, send dynamic host configuration protocol DHCP solicited message to Dynamic Host Configuration Protocol server DHCP-Server;
Receive the reply message to described dhcp request message that described DHCP-Server sends; Wherein, in described reply message, carry configuring cipher key;
Described configuring cipher key is mated with pre-stored IPsec channel switching password;
When described configuring cipher key and the success of described pre-stored IPsec channel switching password match, cancel the binding to IPsec port, transmission link is switched to the transmission link of non-Ipsec pattern.
2. method according to claim 1, is characterized in that, described method also comprises:
When described configuring cipher key and the failure of described pre-stored IPsec channel switching password match, carry out described base station transmission Internet Protocol Security IPsec and heavily consult to order to security gateway, and re-establish the OM passage with Ipsec pattern.
3. method according to claim 2, is characterized in that, described when Operation and Maintenance OM passage is obstructed, and base station sends Internet Protocol Security IPsec and heavily consults to order to before security gateway, and described method also comprises:
When described OM passage is normal, receives the described IPsec channel switching password of the OMC of operation maintenance center transmission and store described IPsec channel switching password.
4. according to the method in claim 2 or 3, it is characterized in that, the binding of described cancellation to IPsec port, after transmission link being switched to the transmission link of non-Ipsec pattern, described method also comprises:
After described OM routing restoration is normal, receive the configuration order that described OMC sends;
Send IPsec and again consult order to described security gateway;
If Ipsec consults successfully again, set up the OM passage with Ipsec pattern.
5. a base station, is characterized in that, comprising:
Processing unit, for when Operation and Maintenance OM passage is obstructed, described base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern; Wherein, described OM passage is communicated by letter between described base station and operation maintenance center;
Transmitting element, for when described in re-establish OM passage when failure with Ipsec pattern, send dynamic host configuration protocol DHCP solicited message to DHCP public server DHCP-Server;
Receiving element, the reply message to described dhcp request message sending for receiving described DHCP-Server; Wherein, in described reply message, carry configuring cipher key;
Dispensing unit, also for mating described configuring cipher key with pre-stored IPsec channel switching password;
Described processing unit, also, for when the success of described configuring cipher key and described pre-stored IPsec channel switching password match, cancels the binding to IPsec port, transmission link is switched to the transmission link of non-IPsec pattern.
6. base station according to claim 5, is characterized in that,
Described processing unit, also for when the failure of described configuring cipher key and described pre-stored IPsec channel switching password match, carry out described base station transmission Internet Protocol Security IPsec and heavily consult to order to security gateway, and re-establish the OM passage with Ipsec pattern.
7. base station according to claim 6, is characterized in that,
Described receiving element, also for when described OM passage is normal, receives the described IPsec channel switching password of the OMC of operation maintenance center transmission and stores described IPsec channel switching password.
8. base station according to claim 6, is characterized in that, described equipment also comprises:
Described receiving element, also, for after described OM routing restoration is normal, receives the configuration order that described OMC sends;
Described transmitting element, also consults order to described security gateway again for sending IPsec;
Set up unit, if again consulted successfully for Ipsec, set up the OM passage with Ipsec pattern.
9. a base station, it is characterized in that, comprising: at least one processor, memory, communication interface and bus, described at least one processor, memory and communication interface are connected by bus and complete mutual communication, described memory is for program code stored, wherein:
Described processor, for calling the program code of memory, in order to carry out following operation:
When Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern; Wherein, described OM passage is communicated by letter between described base station and operation maintenance center;
When described, re-establish OM passage when failure with Ipsec pattern, send dynamic host configuration protocol DHCP solicited message to DHCP public server DHCP-Server;
Receive the reply message to described dhcp request message that described DHCP-Server sends; Wherein, in described reply message, carry configuring cipher key;
Described configuring cipher key is mated with pre-stored IPsec channel switching password;
When described configuring cipher key and the success of described pre-stored IPsec channel switching password match, cancel the binding to IPsec port, transmission link is switched to the transmission link of non-Ipsec pattern.
10. base station according to claim 9, is characterized in that,
Described processor, also for when the failure of described configuring cipher key and described pre-stored IPsec channel switching password match, carry out described base station transmission Internet Protocol Security IPsec and heavily consult to order to security gateway, and re-establish the OM passage with Ipsec pattern.
11. base stations according to claim 10, is characterized in that, described processor also for:
When described OM passage is normal, receives the described IPsec channel switching password of the OMC of operation maintenance center transmission and store described IPsec channel switching password.
12. according to the base station described in claim 10 or 11, it is characterized in that, described processor also for:
After described OM routing restoration is normal, receive the configuration order that described OMC sends;
Send IPsec and again consult order to described security gateway;
If Ipsec consults successfully again, set up the OM passage with Ipsec pattern.
13. 1 kinds of Path Setup systems, is characterized in that, comprising: base station, security gateway, Dynamic Host Configuration Protocol server and operation maintenance center, wherein:
Described base station, for when Operation and Maintenance OM passage is obstructed, base station sends Internet Protocol Security IPsec and heavily consults to order to security gateway, and re-establishes the OM passage with Ipsec pattern; When described, re-establish OM passage when failure with Ipsec pattern, send dynamic host configuration protocol DHCP solicited message to Dynamic Host Configuration Protocol server DHCP-Server; Receive the reply message to described dhcp request message that described DHCP-Server sends; Wherein, in described reply message, carry configuring cipher key; Described configuring cipher key is mated with pre-stored IPsec channel switching password; When described configuring cipher key and the success of described pre-stored IPsec channel switching password match, cancel the binding to IPsec port, transmission link is switched to the transmission link of non-Ipsec pattern;
Described security gateway, heavily consults order for receiving the Internet Protocol Security IPsec of described base station transmission;
Dynamic Host Configuration Protocol server, the dynamic host configuration protocol DHCP solicited message sending for receiving described base station; The reply message of transmission to described dhcp request message; Wherein, in described reply message, carry configuring cipher key.
14. systems according to claim 13, is characterized in that,
Described base station, also for when the failure of described configuring cipher key and described pre-stored IPsec channel switching password match, carries out described base station and sends Internet Protocol Security IPsec and heavily consult to order to security gateway, and re-establish the OM passage with Ipsec pattern.
15. systems according to claim 14, is characterized in that,
The OMC of operation maintenance center, for when described OM passage is normal, sends described IPsec channel switching password;
Described base station, also for receiving the described IPsec channel switching password of described OMC transmission and storing described IPsec channel switching password.
16. according to the system described in claim 13 or 14, it is characterized in that,
Described operation maintenance center, also for sending configuration order after described OM routing restoration is normal;
Described base station, the configuration order also sending for receiving described OMC; Send IPsec and again consult order to described security gateway; If Ipsec consults successfully again, set up the OM passage with Ipsec pattern;
Described security gateway, also consults order again for receiving the Ipsec of described base station transmission.
CN201380000391.0A 2013-04-28 2013-04-28 Channel building method, base station and channel building system Pending CN103547334A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/074927 WO2014176718A1 (en) 2013-04-28 2013-04-28 Channel establishing method, base station, and channel establishing system

Publications (1)

Publication Number Publication Date
CN103547334A true CN103547334A (en) 2014-01-29

Family

ID=49970065

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201380000391.0A Pending CN103547334A (en) 2013-04-28 2013-04-28 Channel building method, base station and channel building system

Country Status (2)

Country Link
CN (1) CN103547334A (en)
WO (1) WO2014176718A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306992A (en) * 2016-08-09 2018-07-20 大唐移动通信设备有限公司 A kind of method of the blind startup in base station, base station and centralized Dynamic Host Configuration Protocol server
CN111492682A (en) * 2017-11-30 2020-08-04 华为技术有限公司 Channel establishing method and base station

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101527729A (en) * 2009-05-05 2009-09-09 杭州华三通信技术有限公司 Reliable IKE message negotiation method, device and system thereof
WO2010132719A1 (en) * 2009-05-13 2010-11-18 Aviat Networks, Inc. Systems and methods for fractional routing redundancy
CN102571497A (en) * 2012-01-29 2012-07-11 华为技术有限公司 IPSec tunnel fault detection method, apparatus thereof and system thereof
WO2013010658A1 (en) * 2011-07-15 2013-01-24 Deutsche Telekom Ag Method to enhance high availability in a secure telecommunications network, and telecommunications network comprising a plurality of remote nodes

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101527729A (en) * 2009-05-05 2009-09-09 杭州华三通信技术有限公司 Reliable IKE message negotiation method, device and system thereof
WO2010132719A1 (en) * 2009-05-13 2010-11-18 Aviat Networks, Inc. Systems and methods for fractional routing redundancy
WO2013010658A1 (en) * 2011-07-15 2013-01-24 Deutsche Telekom Ag Method to enhance high availability in a secure telecommunications network, and telecommunications network comprising a plurality of remote nodes
CN102571497A (en) * 2012-01-29 2012-07-11 华为技术有限公司 IPSec tunnel fault detection method, apparatus thereof and system thereof

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306992A (en) * 2016-08-09 2018-07-20 大唐移动通信设备有限公司 A kind of method of the blind startup in base station, base station and centralized Dynamic Host Configuration Protocol server
CN108306992B (en) * 2016-08-09 2020-10-30 大唐移动通信设备有限公司 Blind starting method of base station, base station and centralized DHCP server
CN111492682A (en) * 2017-11-30 2020-08-04 华为技术有限公司 Channel establishing method and base station
US11432172B2 (en) 2017-11-30 2022-08-30 Huawei Technologies Co., Ltd. Channel establishment method and base station

Also Published As

Publication number Publication date
WO2014176718A1 (en) 2014-11-06

Similar Documents

Publication Publication Date Title
CN101442471B (en) Method for implementing backup and switch of IPSec tunnel, system and node equipment, networking architecture
CN104969517A (en) Automated control plane for limited user destruction
CN103731407A (en) IKE message negotiation method and system
CN107332726A (en) A kind of detection method and device of communication link
CN101416174A (en) Session persistence on a wireless network
CN107948063B (en) Method for establishing aggregation link and access equipment
CN112436966B (en) OpenStack platform-based cloud physical host network card binding configuration method and system
CN105049412A (en) Secure data exchange method, device and equipment among different networks
CN108228374A (en) A kind of fault handling method of equipment, apparatus and system
CN102571488B (en) Failure processing method, device and system for encryption card
CN103249040A (en) Method and device for wireless access authentication
CN104270339A (en) Reconnection method, equipment and system for TCP (Transmission Control Protocol) connection
CN102111754B (en) Multi-mode equipment and method for upgrading software thereof
US20190370505A1 (en) Security device and field bus system for supporting secure communication by means of a field bus
CN103547334A (en) Channel building method, base station and channel building system
CN103199990B (en) A kind of method and apparatus of Routing Protocol certification migration
CN102970172A (en) Communication link switching method, device and communication system
CN109743316A (en) Data transmission method, egress router, firewall and dual stage firewall system
CN102752752A (en) Method and device for base station maintenance
CN105933271A (en) Data processing method and apparatus based on encoder
CN106899542B (en) Secure access method, device and system
CN106533884A (en) Message transmission method, convergence device, switch and VRRP system
CN115333994B (en) Method and device for realizing VPN route rapid convergence and electronic equipment
CN102984027A (en) Method and device for message loop detection
CN103051484A (en) Method and system for processing session service and session border controller

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20140129

RJ01 Rejection of invention patent application after publication