CN104301133B - A kind of management method and equipment of generic route encapsulation key assignments - Google Patents
A kind of management method and equipment of generic route encapsulation key assignments Download PDFInfo
- Publication number
- CN104301133B CN104301133B CN201410390629.1A CN201410390629A CN104301133B CN 104301133 B CN104301133 B CN 104301133B CN 201410390629 A CN201410390629 A CN 201410390629A CN 104301133 B CN104301133 B CN 104301133B
- Authority
- CN
- China
- Prior art keywords
- vam
- clients
- servers
- hub
- gre key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of GRE Key management method, including:VAM servers are in the first keep Alive Packet that the VAM clients in receiving ADVPN are sent; attribute information according to being carried in keep Alive Packet determines the tunnel encapsulation type of VAM clients and affiliated Hub groups; the first information request message of GRE Key corresponding to the Hub groups for carrying and determining is sent then to the VAM clients, so that VAM clients configure according to the GRE Key carried in first information request message to itself.That is, the present invention realizes automatically configuring for the GRE Key of ADVPN tunnel nodes, administrator configurations work can be greatly reduced in the case where a large amount of ADVPN nodes and ADVPN network case of frequent changes be present, so as to improve network management efficiency.The present invention also discloses a kind of VAM servers.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of generic route encapsulation key assignments (Generic Routing
Encapsulation Key, GRE Key) management method.The present invention also relates to a kind of VPN address administration
(VPN Address Management, VAM) server.
Background technology
Increasing enterprise be desirable with public network set up VPN (Virtual Private Network, it is virtual specially
With network), the different multiple branches in connection geographical position.However, enterprise branch office's generally use dynamic address access
Public network, one side of communication can not know the public network address of opposite end in advance.This just proposes a problem to set up VPN.At present,
ADVPN (Auto Discovery Virtual Private Network, find virtual private networks automatically) is by VAM agreements
The information such as the public network address collect, safeguarded and distribute dynamic change, Correspondent Node public network address can not be obtained in advance by solving
Problem.ADVPN can be built in the case where each branch of enterprise network uses dynamic address access public network between each branch
Vertical VPN.
For ADVPN, it has two kinds of typical networking modes:Hub-Spoke networkings and Full-Mesh networkings.
As shown in figure 1, be Hub-Spoke networking structure schematic diagrames, wherein Hub1 and the gateway device that Hub2 is enterprise headquarters, Spoke1
With the gateway device that Spoke2 is enterprise branch.Under the Hub-Spoke networking modes, Spoke and Hub establish persistent tunnel
(Tunnel) connect, for example, Hub1 and Spoke1 establishes Tunnel 1, Hub2 and Spoke2 and establishes Tunnel 1;Spoke and
Tunnel connection is not established between Spoke directly, so, all data messages are forwarded by Spoke-Hub tunnels.
As shown in Fig. 2 be Full-Mesh networking structure schematic diagrames, under Full-Mesh networking modes, all ADVPN
Tunnel link is could set up between node (i.e. Spoke and Hub), persistent tunnel connection is established between Spoke and Hub, for example,
Hub1 establishes persistent tunnel with Spoke1 and is connected;Dynamic tunnel connection is established in same domain between any two Spoke, for example,
Spoke1 establishes dynamic tunnel with Spoke2 and connected, and so, data message is sent to ADVPN pairs by Spoke-Spoke tunnels
End node;Before Spoke-Hub tunnel buildings, data message is forwarded by Spoke-Hub tunnels.
For ADVPN, usually rely on dynamic routing protocol and carry out route learning, such as IBGP, EBGP and OSPF etc.
Routing Protocol.Due to being limited by Routing Protocol neighbours, generally require to establish large-scale network-estabilishing as shown in Figure 3, extensive
In networking, generally in the presence of substantial amounts of ADVPN nodes, in order to mitigate Hub burden, ADVPN is divided into several Hub groups, often
Individual Hub groups can include some groups of Hub and Spoke again, and so, Hubs of the Spoke only with this group in a Hub group establishes tunnel
Road, not the Hub with other Hub groups establish tunnel.
In general, above-mentioned large-scale network-estabilishing has following features:
(1) VAM servers give the Spoke for belonging to same group to distribute Hub.
(2) Hub does not have number limitation in same Hub groups, and the Spoke in the Hub groups and all Hub in the Hub groups are built
Vertical tunnel, Mesh tunnel is established between all Hub in the Hub groups.
(3) with the Mesh network in Hub groups or Hub-spoke networks by the dynamic routing protocol in this group.
(4) Spoke in different Hub groups is interacted by dynamic routing protocol by Hub;The Spoke of different Hub groups
Need to establish Spoke to Spoke direct tunnel.
(5) the tunnel encapsulation type of ADVPN nodes have gre tunneling encapsulation and UDP (User Datagram Protocol,
UDP) tunnel encapsulation two types.
In large-scale network-estabilishing, if the tunnel encapsulation type of ADVPN nodes is gre tunneling encapsulation, due to different Hub
Multiple different Hub groups may be respectively present in, then, it is necessary to a plurality of Tunnel be created for each Hub, to ensure to control message
With the correct forwarding of data message.For example, Hub1 and Hub2 is present in Hub groups 1 (Group1) and Hub groups 3 (Group3) simultaneously
In, Hub3 is present in Hub groups 2 (Group2) and Hub groups 3 (Group3) simultaneously, and this just needs keeper by hand for Hub1's
Two tunnel Tunnel 1 and Tunnel 2 configure different GRE Key, and the equipment for being in Hub1 same Hub groups also needs
Configure identical GRE Key.
From the above, it can be seen that being necessary for each node configuring GRE Key is just avoided that flow forwarding malfunctions, and mesh
These preceding operations are required for manually completing, and when a large amount of ADVPN nodes be present, administrator configurations workload can be very big.Together
When, if the ADVPN nodes newly added and original ADVPN network node communications, it is also necessary to which keeper newly adds by hand
ADVPN nodes configure corresponding GRE Key.So not only labor intensive, efficiency are low, and are easy to configuration error occur,
So as to cause flow forwarding to be affected.
The content of the invention
The application provides a kind of GRE Key management method and equipment, and solution needs manually to configure in the prior art
Manpower consumption caused by GRE Key is larger and the problem of network management efficiency is relatively low.
To reach above-mentioned purpose, on the one hand the embodiment of the present application provides a kind of GRE Key management method, this method should
For in ADVPN, methods described to include:
The first keep-alive report that VAM client of the VAM servers in the ADVPN is received in the ADVPN is sent
Wen Shi, according to the attribute information of the VAM clients carried in the keep Alive Packet, determine the tunnel of the VAM clients
Encapsulated type;
When the tunnel encapsulation type for determining the VAM clients encapsulates for gre tunneling, according in the keep Alive Packet
The attribute information of carrying, determine the Hub groups belonging to the VAM clients;
The first information that GRE Key corresponding to the Hub groups for carrying and determining are sent to the VAM clients asks report
Text, so that the VAM clients configure according to the GRE Key carried in described information request message to itself.
On the other hand, the embodiment of the present application additionally provides a kind of VAM servers, the VAM server applications in ADVPN,
The VAM servers include interface module, in addition to:
Tunnel encapsulation determination type module, for the VAM clients hair in receiving the ADVPN in the interface module
During the first keep Alive Packet sent, according to the attribute information of the VAM clients carried in the keep Alive Packet, it is determined that described
The tunnel encapsulation type of VAM clients;
Hub group determining modules, for determining the tunnel of the VAM clients in the tunnel encapsulation determination type module
When encapsulated type is that gre tunneling encapsulates, according to the attribute information carried in the keep Alive Packet, the VAM clients institute is determined
The Hub groups of category;
The interface module, it is additionally operable to send GRE corresponding to the Hub groups for carrying and determining to the VAM clients
Key first information request message, so that the VAM clients are according to the GRE Key couple carried in described information request message
Itself is configured.
Compared with prior art, the technical scheme that the embodiment of the present application is proposed has advantages below:
By the technical scheme of application the embodiment of the present application, VAM servers are receiving the first guarantor of VAM clients transmission
During message living, the tunnel encapsulation type of VAM clients and affiliated Hub are determined according to the attribute information carried in keep Alive Packet
Group, the first information request message of GRE Key corresponding to the Hub groups for carrying and determining is sent then to the VAM clients, it is real
Automatically configuring for the GRE Key of ADVPN nodes is showed, in the feelings that a large amount of ADVPN nodes and ADVPN networks be present and frequently change
Administrator configurations work can be greatly reduced under condition, so as to improve network management efficiency.The present invention also discloses a kind of VAM
Server.
Brief description of the drawings
Fig. 1 is Hub-Spoke networking structures schematic diagram in the prior art;
Fig. 2 is Full-Mesh networking structures schematic diagram in the prior art;
Fig. 3 is the large-scale network-estabilishing structural representation for applying ADVPN in the prior art;
Fig. 4 is the schematic flow sheet for carrying out initializing connection between VAM servers and VAM clients in the prior art;
Fig. 5 is the schematic flow sheet registered in the prior art between VAM servers and VAM clients;
Fig. 6 is the schematic flow sheet for carrying out authentication between VAM servers and VAM clients in the prior art;
Fig. 7 establishes the schematic flow sheet in tunnel between VAM clients in the prior art;
Fig. 8 is a kind of schematic flow sheet of GRE Key management method proposed by the present invention;
Fig. 9 is a kind of structural representation of VAM servers proposed by the present invention.
Embodiment
As shown in figure 4, in the prior art, the VAM clients (VAM client, including Hub and Spoke) in ADVPN
It is as follows with the interaction flow of VAM servers (VAM server):
S401, VAM client send connection initialization requests message to VAM servers, and local terminal Connecting quantity is sent to
VAM servers.
S402, VAM server receive the connection initialization requests message of VAM clients transmission, and it is carried out to handle backward
VAM clients respond connection initialization response message.
Herein, VAM servers are prior art to the concrete processing procedure for connecting initialization requests message, herein no longer
It is described in detail.
After S403, VAM client receive connection initialization response message, send connection initialization to VAM servers and complete
Message.
S404, VAM server respond connection initialization to VAM clients and complete message, to confirm to initialize successfully.
VAM clients initiate register flow path after initialization is connected with VAM servers and is completed, to VAM servers, such as scheme
Shown in 5, concrete implementation flow is:VAM clients send the registration request report for including self attributes information to VAM servers
Text, the attribute information include itself private net address, public network address and tunnel encapsulation type etc..VAM servers receive registration
After request message, determined whether to carry out authentication to VAM clients according to corresponding configuration strategy, if it is not, VAM servers are remembered
The corresponding relation of the private net addresses of VAM clients, public network address and tunnel encapsulation type is recorded, and after carrying out relevant treatment, to VAM
Client returns to registration response message.
Herein, keep-alive attribute is carried in above-mentioned registration response message, after VAM clients receive registration response message,
Keep-alive flow with VAM servers is started according to the keep-alive attribute of its carrying.
For VAM servers, if necessary to carry out authentication to VAM clients, as shown in fig. 6, specifically recognizing
Demonstrate,proving flow is:VAM servers send authentication request message to VAM clients.VAM clients receive authentication request report
Wen Hou, the authentication information message for carrying Authentication Property is returned to VAM servers.VAM servers receive VAM client
Verified after holding the authentication information message sent, if being verified, registration response message is sent to VAM clients.
Afterwards, after VAM clients are reached the standard grade, VAM servers can send the keep-alive for carrying Hub information to VAM clients
Message, so, after VAM clients receive this keep Alive Packet, the Hub carried into keep Alive Packet initiates tunnel building flow.Such as
Shown in Fig. 7, specific tunnel building flow is:Originating end (VAM clients) is sent out to responder (Hub carried in keep Alive Packet)
Send tunnel building request message;After the responder receives tunnel building request message, searching in the tunnel session locally preserved is
It is no the tunnel session interacted with originating end to be present, if it does not, sending tunnel building response message to originating end, create and first
The new tunnel of beginningization.
Based on above-mentioned existing procedure, the application receives the first keep Alive Packet of VAM clients transmission to VAM servers
Handling process is improved, as shown in figure 8, a kind of GRE Key proposed by the embodiment of the present application management method, is applied to
In ADVPN, comprise the following steps:
S801, VAM server are taken when receiving the first keep Alive Packet of VAM clients transmission according in keep Alive Packet
The attribute information of the VAM clients of band, determine the tunnel encapsulation type of VAM clients.
In this step, for the consideration of security standpoint, VAM servers, can be to this after keep Alive Packet is received
Keep Alive Packet carries out the checking of legitimacy and integrality, and continues follow-up handling process after being all verified;If keep-alive
Message by legitimate verification, does not then abandon the keep Alive Packet, continues to follow-up keep Alive Packet;If keep Alive Packet passes through conjunction
Method is verified, but does not then send error notification message to VAM clients by integrity verification.
For example, VAM servers may be accomplished by the legitimate verification of keep Alive Packet:
(1), judge whether the type (the type field) in keep Alive Packet is keep-alive attribute;
(2), judge whether the message total length (Length fields) in keep Alive Packet meets preparatory condition;
(3), judge whether the sequence number (SequenceNumber fields) in keep Alive Packet meets preset requirement, for example,
Judge whether the sequence number in keep Alive Packet is consistent with the sequence number in the authentication information message that VAM servers are previously received
Deng;
(4) judge whether version number's (Version fields) in keep Alive Packet is default version number, for example, judging keep-alive
Whether the version number in message is V5 etc..
It should be noted that above-mentioned keep Alive Packet needs to meet 4 conditions of the above simultaneously, it is legal to be just considered.
VAM servers may be accomplished by the integrity verification of keep Alive Packet:
(1), judge whether the integrity verification position in the Flags fields in keep Alive Packet is default checking position, for example, sentencing
Whether the integrity verification position in Flags fields in disconnected keep Alive Packet is 1 etc.;
(2), judge whether the encrypted bits in the Flags fields in keep Alive Packet are predetermined encryption position, for example, judging keep-alive
Whether the integrity verification position in Flags fields in message is 1 etc..
It should be noted that if keep Alive Packet meets above-mentioned two condition simultaneously, also to call respectively and VAM clients
The verification algorithm and AES of offered, are verified to keep Alive Packet, are being verified all in the case of, are just being meaned
Keep Alive Packet and pass through integrity verification;If authentication failed is not just illustrated, it is necessary to objective to VAM by the checking of any algorithm
Family end sends error notification message.
Certainly, the legitimacy to keep Alive Packet and integrity verification are not limited in above-mentioned verification mode, can also pass through this
Already present feasible program is realized in art, is no longer described in detail one by one herein.
Further, in this step, VAM servers can determine the tunnel encapsulation class of VAM clients by following manner
Type:
VAM servers first obtain the private net address of the VAM clients included by the attribute information carried in keep Alive Packet;With
The private net address and tunnel encapsulation class recorded afterwards further according to the private net address got, inquiry VAM servers in registration phase
The corresponding relation of type, tunnel encapsulation type corresponding to the private net address got.
S802, when the tunnel encapsulation type for determining VAM clients encapsulates for gre tunneling, taken according in keep Alive Packet
The attribute information of band, determine the Hub groups belonging to VAM clients.
Specifically, in the particular embodiment, this step obtains the attribute letter carried in keep Alive Packet using VAM servers
The private net address of the included VAM clients of breath;Further according to the private net address got, inquire about the private net address that is locally stored with
(corresponding relation is after the keep Alive Packet for carrying Hub information is issued VAM clients by VAM servers to the corresponding relation of Hub groups
Establish what is preserved), obtain the Hub groups belonging to VAM clients.
S803, the first information that GRE Key corresponding to the Hub groups for carrying and determining are sent to VAM clients ask report
Text, so that VAM clients configure according to the GRE Key carried in first information request message to itself.
In this step, the form of above-mentioned first information request message can be as shown in table 1 below:
Table 1
Wherein, the association attributes field in above-mentioned first information request message is as shown in table 2 below:
| Field | Value | Explanation |
| Type | 22 | Type, GREKey information attributes |
| Length | N | Length, the summation of following field length |
| GRE Key | N | GRE Key values |
| Operation | 1/2 | 1 represents addition, and 2 represent to delete |
| Reserved | 0 | Reserved bit |
Table 2
It should be noted that in this step, set which the Hub groups belonging to VAM clients specifically correspond in advance
One GRE Key, if the GRE Key without corresponding to of the Hub belonging to VAM clients, there is no in this explanation network need to be to Hub groups
It is distinguish between, in this case, does not do any operation;Correspondingly, there are corresponding GRE Key in the Hub belonging to VAM clients
When, after first information request message is received, its GRE Key carried of direct basis can complete to automatically configure VAM clients,
Without manually participating in, manpower consumption is greatly reduced, and also improve network management efficiency.
For VAM clients, it can also enter after first information request message is received to first information request message
Row legitimacy and integrity verification, specific verification mode are similar to the verification mode of above-mentioned keep Alive Packet, will not be described in detail herein.This
Sample, after being verified, VAM clients are marked further according to the GRE Key in first information request message to the GRE Key of itself
Will position carries out set operation, and at the same time, one information response's message of structure feeds back to VAM servers.
Afterwards, after VAM servers receive information response's message, can also legitimacy and integrality be carried out to information response's message
Checking, specific verification mode are similar to the verification mode of above-mentioned keep Alive Packet, will not be described in detail herein.
In embodiments of the present invention, in order to ensure VAM clients success configuring GRE Key, VAM server can receive
During first keep Alive Packet, retransmission timer is created, it is fixed that information response's message until receiving VAM client feedbacks deletes re-transmission again
When device.
In addition, in embodiments of the present invention, VAM servers are by entering to the first keep Alive Packet that VAM clients are sent
The GRE Key's that the above-mentioned processing of row is realized automatically configures, the keep Alive Packet subsequently sent for VAM clients, still according to existing
Some processing mode processing.
Further, in embodiments of the present invention, in order to save human resources, network management efficiency is improved, in VAM client
When GRE Key corresponding to Hub groups belonging to end change, VAM servers can carry out following locate according to different situations of change
Reason:
(1) if, VAM servers find to increase new GRE in GRE Key corresponding to the Hub groups belonging to VAM clients
Key, then it is the second information added that all VAM clients into Hub groups, which send and carry new GRE Key and action type,
Request message.
So, can be according in the second information request message after corresponding VAM clients receive the second information request message
The new GRE Key and action type carried, processing is added to respective GRE Key.
(2) if, VAM servers find VAM clients belonging to Hub groups corresponding to GRE Key change, to Hub
All VAM clients in group send the GRE Key before carrying change and action type is the 3rd information request report deleted
Text, and it is the 4th information request message added to carry the GRE Key after change and action type.
So, the 3rd information request message that corresponding VAM clients first receive basis, by respective GRE
Key is deleted, and then according to the GRE Key carried in the 4th information request message, does corresponding addition processing.
(3) if, VAM servers find VAM clients belonging to Hub groups corresponding to GRE Key be deleted, to Hub groups
It is the 5th information request message deleted that interior all VAM clients, which send and carry the GRE Key before deleting and action type,.
So, corresponding VAM clients delete respective GRE Key after the 5th information request message is received.
In actual applications, large-scale network-estabilishing as shown in Figure 3, three Hub groups be present, be respectively:Including Hub1,
Hub2, Spoke1 and Spoke1 Hub groups 1 (Group1);Hub groups 2 (Group2) including Hub3, Spoke3 and Spoke4;
Hub groups 3 (Group3) including Hub1, Hub2 and Hub3.
Assuming that the tunnel encapsulation type of VAM clients encapsulates for gre tunneling, it is assumed that needs configure on VAM servers
Group1 GRE Key are 1, and now, Spkoe1, Spoke2, Hub1 Tunnel1 and Hub2 Tunnel1 are required to GRE
Key, which puts 1, Group1, can just establish Spoke-Hub tunnel sessions.
For Group2, according to business demand, if necessary to one of Spoke3 and Spoke4 and across Hub groups
One of Spoke1 and Spoke2 establish Spoke-Spoke tunnel sessions, now need the GRE in VAM servers configuration Group2
Key is 1, and now, one of Spoke3 and Spoke4, and Hub3 Tunnel1 GRE Key are set in 1, Group2
Spoke-Hub tunnel sessions can be established, while the Spoke-Spoke tunnel sessions across Hub groups can also be established.Certainly, such as
Fruit can be using configuring GRE Key as 2 across the Spoke-Spoke tunnels of Hub groups, Group2 without establishing.
For Group3, the GRE Key values that VAM servers need to configure Group3 are 3, with Group1's and Group2
GRE Key are differed, correctly to distinguish two tunnels.At this moment, the Hub equipment in Group3, can establish the meeting of Hub-Hub tunnels
Words.
When the ADPVN nodes in above-mentioned large-scale network-estabilishing are more and more, and when ADVPN networks frequently change,
If by the way of that manual configuration of prior art, it will make it that administrator configurations workload is very big, cause manpower consumption
It is larger, and network management efficiency is relatively low;If the above-mentioned implementation automatically configured referred to using the present invention, it is not necessary to by hand
Configuring GRE Key, administrator configurations work is greatly reduced, improves network management efficiency.
To reach above technical purpose, the invention also provides a kind of VAM servers, as shown in figure 9, the VAM is serviced
Device is applied in ADVPN, and the VAM servers include interface module 901, in addition to:
Tunnel encapsulation determination type module 902, for the VAM client in receiving the ADVPN in the interface module
When holding the first keep Alive Packet sent, according to the attribute information of the VAM clients carried in the keep Alive Packet, institute is determined
State the tunnel encapsulation type of VAM clients;
Hub groups determining module 903, for determining the VAM clients in the tunnel encapsulation determination type module
When tunnel encapsulation type is that gre tunneling encapsulates, according to the attribute information carried in the keep Alive Packet, the VAM client is determined
Hub groups belonging to end;
The interface module 901, it is additionally operable to send GRE corresponding to the Hub groups for carrying and determining to the VAM clients
Key first information request message, so that the VAM clients are according to the GRE Key couple carried in described information request message
Itself is configured.
In specific application scenarios, the tunnel encapsulation determination type module 902 specifically includes:
Acquisition submodule, for obtaining the VAM clients included by the attribute information carried in the keep Alive Packet
Private net address;
Submodule is inquired about, for the private net address got according to the acquisition submodule, inquires about the private network being locally stored
Address and the corresponding relation of tunnel encapsulation type, tunnel encapsulation type corresponding to the private net address got.
In specific application scenarios, the Hub groups determining module 903, specifically include:
Acquisition submodule, for obtaining the VAM clients included by the attribute information carried in the keep Alive Packet
Private net address;
Submodule is inquired about, for the private net address got according to the acquisition submodule, inquires about the private network being locally stored
Address and the corresponding relation of Hub groups, obtain the Hub groups belonging to the VAM clients.
In specific application scenarios, in addition to:
Authentication module, for carrying out the checking of legitimacy and integrality to the keep Alive Packet.
In specific application scenarios, in addition to:
Add module, for increasing new GRE in GRE Key corresponding to the Hub groups belonging to the VAM clients are found
During Key, it is the second information added that all VAM clients into Hub groups, which send and carry new GREKey and action type,
Request message;
Module is changed, for when finding that GRE Key corresponding to the Hub groups belonging to the VAM clients are changed, to
All VAM clients in Hub groups send the GRE Key before carrying change and action type is the 3rd information request deleted
Message, and it is the 4th information request message added to carry the GRE Key after change and action type;
Removing module, for when finding that GRE Key are deleted corresponding to the Hub groups belonging to the VAM clients, to
It is the 5th information request deleted that all VAM clients in Hub groups, which send and carry the GRE Key before deleting and action type,
Message.
As can be seen here, VAM clients hair is being received by the technical scheme of application the embodiment of the present application, VAM servers
During the first keep Alive Packet sent, according to the attribute information carried in keep Alive Packet determine VAM clients tunnel encapsulation type and
Affiliated Hub groups, the first information that GRE Key corresponding to the Hub groups for carrying and determining are sent then to the VAM clients please
Message is sought, the GRE Key for realizing ADVPN tunnel nodes are automatically configured, and a large amount of ADVPN nodes and ADVPN nets be present
Administrator configurations work can be greatly reduced under network case of frequent changes, so as to improve network management efficiency.The present invention is simultaneously
Also disclose a kind of VAM servers.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can lead to
Hardware realization is crossed, the mode of necessary general hardware platform can also be added by software to realize.Based on such understanding, this hair
Bright technical scheme can be embodied in the form of software product, and the software product can be stored in a non-volatile memories
In medium (can be CD-ROM, USB flash disk, mobile hard disk etc.), including some instructions are causing a computer equipment (can be
Personal computer, server, or network equipment etc.) perform method described in each implement scene of the present invention.
It will be appreciated by those skilled in the art that accompanying drawing is a schematic diagram for being preferable to carry out scene, module in accompanying drawing or
Flow is not necessarily implemented necessary to the present invention.
It will be appreciated by those skilled in the art that the module in device in implement scene can be described according to implement scene into
Row is distributed in the device of implement scene, can also carry out one or more dresses that respective change is disposed other than this implement scene
In putting.The module of above-mentioned implement scene can be merged into a module, can also be further split into multiple submodule.
The invention described above sequence number is for illustration only, does not represent the quality of implement scene.
Disclosed above is only several specific implementation scenes of the present invention, and still, the present invention is not limited to this, Ren Heben
What the technical staff in field can think change should all fall into protection scope of the present invention.
Claims (12)
1. a kind of generic route encapsulation key assignments GRE Key management method, it is characterised in that methods described is applied to automatic find
In virtual private networks ADVPN, methods described includes:
VAM client of the VPN address administration VAM servers in the ADVPN is received in the ADVPN
During the first keep Alive Packet sent, according to the attribute information of the VAM clients carried in the keep Alive Packet, it is determined that described
The tunnel encapsulation type of VAM clients;
When the tunnel encapsulation type for determining the VAM clients encapsulates for gre tunneling, carried according in the keep Alive Packet
Attribute information, determine the Hub groups belonging to the VAM clients;
The first information request message of GRE Key corresponding to the Hub groups for carrying and determining is sent to the VAM clients, with
The VAM clients are made to be configured according to the GRE Key carried in the first information request message to itself.
2. the method as described in claim 1, it is characterised in that the VAM servers in the keep Alive Packet according to carrying
The attribute information of the VAM clients, the tunnel encapsulation type of the VAM clients is determined, is specifically included:
The VAM servers obtain the private network of the VAM clients included by the attribute information carried in the keep Alive Packet
Address;
According to the private net address got, the corresponding relation for the private net address and tunnel encapsulation type being locally stored is inquired about, is obtained
Tunnel encapsulation type corresponding to the private net address got.
3. the method as described in claim 1, it is characterised in that the VAM servers in the keep Alive Packet according to carrying
The attribute information of the VAM clients, the Hub groups belonging to the VAM clients are determined, are specifically included:
The VAM servers obtain the private network of the VAM clients included by the attribute information carried in the keep Alive Packet
Address;
According to the private net address got, the corresponding relation for the private net address and Hub groups being locally stored is inquired about, obtains the VAM
Hub groups belonging to client.
4. such as method according to any one of claims 1 to 3, it is characterised in that receive the guarantor in the VAM servers
After message living, before the tunnel encapsulation type for determining the VAM clients, in addition to:
The VAM servers carry out the checking of legitimacy and integrality to the keep Alive Packet.
5. method as claimed in claim 4, it is characterised in that send first to the VAM clients in the VAM servers
After information request message, in addition to:
If increase new GRE in GRE Key corresponding to the Hub groups belonging to the VAM servers discovery VAM clients
Key, then it is the second information added that all VAM clients into Hub groups, which send and carry new GRE Key and action type,
Request message;
If GRE Key corresponding to the Hub groups belonging to the VAM servers discovery VAM clients are changed, to Hub
All VAM clients in group send the GRE Key before carrying change and action type is the 3rd information request report deleted
Text, and it is the 4th information request message added to carry the GRE Key after change and action type;
If GRE Key corresponding to the Hub groups belonging to the VAM servers discovery VAM clients are deleted, to Hub groups
It is the 5th information request message deleted that interior all VAM clients, which send and carry the GRE Key before deleting and action type,.
6. a kind of VPN address administration VAM servers, it is characterised in that the VAM server applications are in automatic hair
In existing virtual private networks ADVPN, the VAM servers include interface module, in addition to:
Tunnel encapsulation determination type module, sent for the VAM clients in receiving the ADVPN in the interface module
During first keep Alive Packet, according to the attribute information of the VAM clients carried in the keep Alive Packet, the VAM visitors are determined
The tunnel encapsulation type at family end;
Hub group determining modules, for determining the tunnel encapsulation of the VAM clients in the tunnel encapsulation determination type module
When type is that gre tunneling encapsulates, according to the attribute information carried in the keep Alive Packet, determine belonging to the VAM clients
Hub groups;
The interface module, it is additionally operable to send GRE Key corresponding to the Hub groups for carrying and determining to the VAM clients
First information request message so that the VAM clients according to the GRE Key carried in the first information request message to from
Body is configured.
7. VAM servers as claimed in claim 6, it is characterised in that the tunnel encapsulation determination type module specifically includes:
Acquisition submodule, for obtaining the private of the VAM clients included by the attribute information carried in the keep Alive Packet
Net address;
Submodule is inquired about, for the private net address got according to the acquisition submodule, inquires about the private net address being locally stored
With the corresponding relation of tunnel encapsulation type, tunnel encapsulation type corresponding to the private net address got.
8. VAM servers as claimed in claim 6, it is characterised in that the Hub groups determining module, specifically include:
Acquisition submodule, for obtaining the private of the VAM clients included by the attribute information carried in the keep Alive Packet
Net address;
Submodule is inquired about, for the private net address got according to the acquisition submodule, inquires about the private net address being locally stored
With the corresponding relation of Hub groups, the Hub groups belonging to the VAM clients are obtained.
9. VAM servers as claimed in claim 6, it is characterised in that also include:
Authentication module, for carrying out the checking of legitimacy and integrality to the keep Alive Packet.
10. VAM servers as claimed in claim 7, it is characterised in that also include:
Authentication module, for carrying out the checking of legitimacy and integrality to the keep Alive Packet.
11. VAM servers as claimed in claim 8, it is characterised in that also include:
Authentication module, for carrying out the checking of legitimacy and integrality to the keep Alive Packet.
12. the VAM servers as described in claim 7 or 9 or 10 or 11 any one, it is characterised in that also include:
Add module, for increasing new GRE Key in GRE Key corresponding to the Hub groups belonging to the VAM clients are found
When, it is that the second information added please that all VAM clients into Hub groups, which send and carry new GRE Key and action type,
Seek message;
Module is changed, for when finding that GRE Key corresponding to the Hub groups belonging to the VAM clients are changed, to Hub
All VAM clients in group send the GRE Key before carrying change and action type is the 3rd information request report deleted
Text, and it is the 4th information request message added to carry the GRE Key after change and action type;
Removing module, for when finding that GRE Key are deleted corresponding to the Hub groups belonging to the VAM clients, to Hub groups
It is the 5th information request message deleted that interior all VAM clients, which send and carry the GRE Key before deleting and action type,.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410390629.1A CN104301133B (en) | 2014-08-08 | 2014-08-08 | A kind of management method and equipment of generic route encapsulation key assignments |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410390629.1A CN104301133B (en) | 2014-08-08 | 2014-08-08 | A kind of management method and equipment of generic route encapsulation key assignments |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104301133A CN104301133A (en) | 2015-01-21 |
| CN104301133B true CN104301133B (en) | 2018-03-16 |
Family
ID=52320712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410390629.1A Active CN104301133B (en) | 2014-08-08 | 2014-08-08 | A kind of management method and equipment of generic route encapsulation key assignments |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104301133B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105591870B (en) * | 2015-08-13 | 2019-04-09 | 新华三技术有限公司 | A kind of tunnel establishing method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101488902A (en) * | 2009-02-25 | 2009-07-22 | 杭州华三通信技术有限公司 | Dynamic establishing method and device for GRE tunnel |
| CN101488904A (en) * | 2009-02-27 | 2009-07-22 | 杭州华三通信技术有限公司 | Method for GRE tunnel crossing network address translation apparatus and network address translation apparatus |
| CN101848171A (en) * | 2010-07-01 | 2010-09-29 | 杭州华三通信技术有限公司 | Data transmission method based on GRE tunnel, device and system |
| CN102739497A (en) * | 2012-06-07 | 2012-10-17 | 杭州华三通信技术有限公司 | Automatic generation method for routes and device thereof |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090304003A1 (en) * | 2008-05-27 | 2009-12-10 | Olivier Huynh Van | Global Virtual VPN |
| CN101873572B (en) * | 2009-04-27 | 2012-08-29 | 中国移动通信集团公司 | Data transmission method, system and relevant network equipment based on PMIPv6 |
-
2014
- 2014-08-08 CN CN201410390629.1A patent/CN104301133B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101488902A (en) * | 2009-02-25 | 2009-07-22 | 杭州华三通信技术有限公司 | Dynamic establishing method and device for GRE tunnel |
| CN101488904A (en) * | 2009-02-27 | 2009-07-22 | 杭州华三通信技术有限公司 | Method for GRE tunnel crossing network address translation apparatus and network address translation apparatus |
| CN101848171A (en) * | 2010-07-01 | 2010-09-29 | 杭州华三通信技术有限公司 | Data transmission method based on GRE tunnel, device and system |
| CN102739497A (en) * | 2012-06-07 | 2012-10-17 | 杭州华三通信技术有限公司 | Automatic generation method for routes and device thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104301133A (en) | 2015-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103747499B (en) | For for the wired and public control protocol of radio node method and apparatus | |
| CN108881308B (en) | User terminal and authentication method, system and medium thereof | |
| EP2819363B1 (en) | Method, device and system for providing network traversing service | |
| CN101572643B (en) | Method and system for realizing data transmission among private networks | |
| CN103209108B (en) | A kind of route generating method based on DVPN and equipment | |
| CN104506670B (en) | Establish method, equipment and the system of network game connection | |
| CN104767666B (en) | Virtual expansible local area network tunneling termination establishes tunnel approach and equipment | |
| EP2579634A2 (en) | Methods and apparatus for a self-organized layer-2 enterprise network architecture | |
| WO2017054576A1 (en) | Unicast tunnel building method, apparatus and system | |
| US8325733B2 (en) | Method and system for layer 2 manipulator and forwarder | |
| CN102761482B (en) | A kind of method for building up of bgp neighbor and equipment | |
| CN103580980A (en) | Automatic searching and automatic configuration method and device of VN | |
| CN110290093A (en) | The SD-WAN network architecture and network-building method, message forwarding method | |
| CN102845123A (en) | Virtual private cloud connection method and tunnel proxy server | |
| CN103095543A (en) | Method and equipment for inter-domain virtual private network connection | |
| CN106412142A (en) | Resource device address obtaining method and device | |
| CN102739497A (en) | Automatic generation method for routes and device thereof | |
| CN105430059A (en) | Smart client routing | |
| CN111865903A (en) | Message transmission method, device and system | |
| WO2019196860A1 (en) | 5g and fixed network residential gateway for wireline access network handling | |
| US20150229523A1 (en) | Virtual extensible local area network (vxlan) system of automatically configuring multicasting tunnel for segment of virtual extensible local area network according to life cycle of end system and operating method thereof | |
| CN106878133A (en) | Message forwarding method and device | |
| CN108989342B (en) | Data transmission method and device | |
| CN104301133B (en) | A kind of management method and equipment of generic route encapsulation key assignments | |
| CN104426864A (en) | Cross-domain remote command realization method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |