CN105763557A - Method and system for message IPSEC (Internet Protocol Security) encryption by switching chip or NP collaborated with CPU - Google Patents
Method and system for message IPSEC (Internet Protocol Security) encryption by switching chip or NP collaborated with CPU Download PDFInfo
- Publication number
- CN105763557A CN105763557A CN201610212912.4A CN201610212912A CN105763557A CN 105763557 A CN105763557 A CN 105763557A CN 201610212912 A CN201610212912 A CN 201610212912A CN 105763557 A CN105763557 A CN 105763557A
- Authority
- CN
- China
- Prior art keywords
- message
- ipsec
- encryption
- cpu
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a system for message IPSEC (Internet Protocol Security) encryption by a switching chip or an NP collaborated with a CPU. The method comprises the following steps: a message is received from a service interface, a routing table is checked according to the destination IP address of the message, and if the interface is a common interface, the message is subjected to routing forwarding; if the interface is an IPSEC tunnel interface, an ACL is checked according to message quintet, whether to hit is judged, the message is discarded if not; or otherwise, an action of a safety strategy is judged, the message is subjected to routing forwarding, discarding or private header packaging according to the action of the safety strategy, and the message is sent to the CPU; the CPU receives a to-be-encrypted message, SA information is checked according to the message quintet and message triplet, and if the SA information is not checked, the message is discarded; or otherwise, according to the SA information, the message is subjected to IPSEC encryption and the message is sent to an interface board. Messages inputted to the CPU for processing are firstly screened via the interface board, only the messages whose safety strategies are application IPSEC are sent to the CPU, the switching network bandwidth utilization ratio is enhanced, and the CPU processing efficiency is enhanced.
Description
Technical field
The present invention relates to IPSEC encryption technology, be specifically related to a kind of exchange chip or NP and CPU has worked in coordination with the message IPSEC method and system encrypted.
Background technology
IPSEC (IPSecurity, IP (InternetProtocol, Internet Protocol) safely) it is IETF (InternetEngineeringTaskForce, the internet engineering task group) framework agreement for ensureing to transmit on internet the safe encryption performance of data formulated.Mainly through ESP and or by use encrypt security service to guarantee to carry out maintaining secrecy and the communication of safety on Internet protocol (IP) network; packet is carried out the safe handling of high intensity at IP layer by it, it is provided that include the service accessing control, connectionless integrity, data source authentication, anti-replay (replay) protection (ingredient of sequence integrity (sequenceintegrity)), confidentiality and definite transmission stream confidentiality.These services are based on IP layer, it is provided that the protection to IP and upper-layer protocol thereof.
Support that the distributed apparatus of IPSEC function is generally made up of interface board, business board and master control borad at present.Interface board is typically provided exchange chip or the forwarding chip of NP (network processing unit) contour performance, for receiving and forwarding data packets, and is processed needing the message carrying out IPSEC encryption and decryption to be sent to business board by exchange network;Business board for carrying out IPSEC encryption and decryption to message, and the message after processing is sent to interface board;Master control borad carries out routing protocol packet and IKE ((InternetKeyExchange, internet key exchange) be the signaling protocol of IPSec) protocol massages is mutual, generate route and IPSEC relevant configuration, but be not involved in concrete data and forward.IPSEC encryption and decryption is usually on business board CPU and realizes, and CPU can adopt software enciphering and deciphering algorithm or internal hardware crypto-engine to complete IPSEC encryption and decryption functions.Fig. 1 is the IPSEC encryption method of business board conventional at present, as shown in Figure 1, comprise the following steps: after business board CPU receives the message that interface board is sent here by exchange network, SPD (securitypolicydatabase is inquired about according to message five-tuple (source IP address, purpose IP address, source port, destination interface, security protocol), Security Policy Database), obtain and judge the instruction of security strategy, if security strategy is for abandoning, then abandon this message;If security strategy is for walking around, then this message is sent back to interface board and carries out routing forwarding;If security strategy is application IPSEC, then further according to tlv triple (SPI (SecurityParameterIndex, Security Parameter Index), purpose IP address, security protocol) inquire about SA (SecurityAssociation, Security Association), if do not found, illustrate that SA does not also set up, then dropping packets;Otherwise according to the SA that finds, message is encrypted, and after the ciphertext of generation is sent to interface card, carries out routing forwarding.
Adopt and realize IPSEC encryption function with the aforedescribed process, there is problems in that
1) business board receives the message that interface board is sent here by exchange network, after standby service plate inquiry SPD, it is only that the message applying IPSEC is encrypted operation to security strategy, remaining message then abandons or is sent back to interface board and carries out routing forwarding, so consumes too much exchange network bandwidth.
2) interface board will need the message maybe need not encrypted all to deliver to business board CPU process, adds CPU burden, causes that CPU disposal ability reduces.
In view of this, the method being badly in need of providing the IPSEC encryption of a kind for the treatment of effeciency promoting exchange network bandwidth availability ratio and business board CPU.
Summary of the invention
The technical problem to be solved is that interface board passes through exchange network and the message maybe need not encrypted will be needed all to deliver to business board CPU process, has added CPU burden and has consumed too much exchange network bandwidth, having caused the problem that CPU disposal ability reduces.
In order to solve above-mentioned technical problem, a kind of method that the technical solution adopted in the present invention there is provided exchange chip or NP and CPU has worked in coordination with message IPSEC encryption, comprise the following steps:
From business interface message, look into routing table according to the purpose IP address of message, and judge the outgoing interface type of route table items, if generic interface, message is carried out routing forwarding;If IPSEC tunnel interface, then inquire about ACL according to message five-tuple and judge whether ACL hits, as miss, then dropping packets;Otherwise judge the action of the security strategy of ACL, the message that action is application IPSEC is encapsulated privately owned head, and mails to business board CPU;It is that the message walked around carries out routing forwarding by action;It it is the packet loss abandoned by action;
Business board CPU receives message to be encrypted, by inquiring about SPD according to message five-tuple and obtaining corresponding SPI, inquires about SA information further according to this SIP and message tlv triple, and judges whether to find SA information, if not finding, then and dropping packets;Otherwise message carried out IPSEC encrypting and transmitting to interface board according to SA information.
In the above-mentioned methods, described privately owned head comprises encryption identification and deciphering mark.
Present invention also offers a kind of exchange chip or NP and CPU has worked in coordination with the message IPSEC system encrypted, including:
Screening module: receive message the security strategy action according to the purpose IP address of this message, the outgoing interface type of route table items and ACL from business seam, encapsulates privately owned head by the message that action is application IPSEC, and mails to business board CPU;It is that the message walked around carries out routing forwarding by action;It it is the packet loss abandoned by action;
Encryption/decryption module: receive message, message that privately owned for message head is encryption identification is inquired about according to message five-tuple the SPI of SPD and correspondence, inquire about SA information further according to this SIP and message tlv triple, according to Query Result, this message carried out IPSEC encryption or the process abandoned;Finally the message after encryption is sent to described screening module through exchange network.
In such scheme, described screening module is located on exchange chip or the NP of interface board, and described encryption/decryption module is arranged on described business board CPU.
Accompanying drawing explanation
Fig. 1 is the flow chart of existing message IPSEC encryption;
Fig. 2 is the flow chart of message filter provided by the invention;
Fig. 3 is the flow chart of the message IPSEC encryption after screening provided by the invention;
Fig. 4 is the system block diagram that exchange chip provided by the invention or NP and CPU have worked in coordination with message IPSEC encryption.
Detailed description of the invention
The invention provides a kind of exchange chip or NP and CPU has worked in coordination with the message IPSEC method encrypted.Below in conjunction with specific embodiment and Figure of description, the present invention is described in detail.
First master control borad is after receiving user's configuration or carrying out ike negotiation, generates SPD and SA, and by these configuration distributings to business board CPU;Simultaneously, ACL (AccessControilList is generated according to SPD information, legal power safety strategy), the matched rule of ACL is message five-tuple (source IP address, purpose IP address, source port, destination interface, protocol number), SP (the SecurityPolicy of ACL, security strategy) action for abandoning, walk around or applying IPSEC, again the ACL of generation is issued on exchange chip or the NP of interface board, after the exchange chip of interface board or NP receive message, it will continue following process.
As in figure 2 it is shown, be the flow chart of message filter provided by the invention, comprise the following steps:
S201, from business interface message, turn S202;
Routing table is looked in S202, purpose IP address according to message, turns S203;
S203, judge if generic interface, to turn the outgoing interface type of route table items S208, if IPSEC tunnel interface, turn S204;
S204, according to message five-tuple inquire about ACL, turn S205;
S205, judge whether ACL hits, if hit, turn S206, otherwise turn S209;
S206, judge the action of the security strategy of ACL, if application IPSEC, turning S207, if walking around, turning S208, if abandoning, turning S209;
S207, message encapsulate privately owned head, comprise encryption indicator, and mail to business board CPU by exchange network, turn S208 in privately owned head;
S208, carry out routing forwarding, after finding an exit, message is mail to outlet, turn S210;
S209, dropping packets, turn S210;
S210, flow process terminate.
CPU receives after the message of above-mentioned steps screening, and message is carried out IPSEC encryption, as it is shown on figure 3, be the flow chart encrypted of the message IPSEC after screening provided by the invention, comprises the following steps:
S301, receive message to be encrypted, turn S302;
S302, according to message five-tuple inquire about SPD, obtain correspondence SPI, turn S303;
S303, inquire about SA information according to the tlv triple of message, turn S304;
S304, judge whether to find SA information, if finding SA information, turning S305, otherwise turning S306;
S305, according to SA information, message is carried out IPSEC encryption, turn S307;
S306, dropping packets;
S307, message is sent to interface board by exchange network carries out follow-up routing forwarding flow process;
S308, flow process terminate.
Present invention also offers a kind of exchange chip or NP and CPU has worked in coordination with the system of message IPSEC encryption, as shown in Figure 4, screening module 10 on exchange chip that native system includes being located at interface board or NP and the encryption/decryption module 20 being located on business board CPU;
Screening module 10: receive the message sent into from business interface and encrypting module 20, and the security strategy action according to the purpose IP address of this message, the outgoing interface type of route table items and ACL, the message that action is application IPSEC is encapsulated privately owned head, and mails to business board CPU;It is that the message walked around carries out routing forwarding by action;It it is the packet loss abandoned by action.
Encryption/decryption module 20: judge to send to the privately owned head of message of this module the encryption and decryption mark carried, if encryption identification, the SPI of SPD and correspondence is then inquired about according to message five-tuple, inquire about SA information further according to this SIP and message tlv triple, and according to Query Result, this message carried out IPSEC encryption or the process abandoned;If deciphering mark, then according to corresponding SA information be message deciphering;Finally the message after encryption or deciphering is sent extremely screening module 10 through exchange network and carry out routing forwarding.
The operation principle of present system is as follows:
Master control borad is receiving user's configuration or after carrying out ike negotiation, and to specifying stream to generate SPD and SA, and by these configuration distributings to encryption/decryption module 20, generate the matched rule of ACL, ACL according to SPD information is message five-tuple simultaneously;The action of security strategy is: abandons, walk around or applies IPSEC, then be issued to by the ACL of generation in the forwarding information storehouse (FIB) of screening module 10.
After screening module 10 receives message, first the purpose IP address according to message is looked into routing table and obtains the outgoing interface type of route table items;If outgoing interface is common port, then carry out common routing forwarding;If outgoing interface is IPSEC virtual channel interface, then searches ACL according to message five-tuple and judge whether ACL hits, if miss, illustrating that the security strategy that this stream is corresponding does not also generate, then by packet loss.Such as hit and inquire the action of security strategy for walking around, then message is gone to common routing forwarding;If the action inquiring security strategy is application IPSEC, then message is encapsulated privately owned head, privately owned head comprises encryption or deciphering mark, delivers to encryption/decryption module 20 again through exchange network.
After encryption/decryption module 20 receives clear text, it is judged that what the privately owned head of this message carried is encryption or deciphering mark;If encryption identification, then inquire about SPD according to message five-tuple, and obtain corresponding SPI.Inquiring about SA further according to message tlv triple (SPI, purpose IP address, protocol number), if not inquiring SA, then abandoning this message;If inquiring SA, then according to the information of SA, this message being carried out IPSEC encryption, finally the message after encryption being sent back to screening module 10 by exchange network and carrying out follow-up routing forwarding.
The message that input to business board CPU processes is first passed through interface board and screens by the present invention, the message that only security strategy is application IPSEC just can be delivered to business board CPU process, security strategy is that the message abandoning or walking around all completes to process at interface board, so not only improve exchange network bandwidth availability ratio, strengthen the treatment effeciency of business board CPU simultaneously.
The present invention is not limited to above-mentioned preferred forms, and anyone should learn the structure change made under the enlightenment of the present invention, and every have same or like technical scheme with the present invention, each falls within protection scope of the present invention.
Claims (4)
1. the method that exchange chip or NP and CPU have worked in coordination with message IPSEC encryption, it is characterised in that comprise the following steps:
From business interface message, look into routing table according to the purpose IP address of message, and judge the outgoing interface type of route table items, if generic interface, message is carried out routing forwarding;If IPSEC tunnel interface, then inquire about ACL according to message five-tuple and judge whether ACL hits, as miss, then dropping packets;Otherwise judge the action of the security strategy of ACL, the message that action is application IPSEC is encapsulated privately owned head, and mails to business board CPU;It is that the message walked around carries out routing forwarding by action;It it is the packet loss abandoned by action;
Business board CPU receives message to be encrypted, by inquiring about SPD according to message five-tuple and obtaining corresponding SPI, inquires about SA information further according to this SIP and message tlv triple, and judges whether to find SA information, if not finding, then and dropping packets;Otherwise message carried out IPSEC encrypting and transmitting to interface board according to SA information.
2. the method for claim 1, it is characterised in that comprise encryption identification and deciphering mark in described privately owned head.
3. exchange chip or NP and CPU have worked in coordination with the system of message IPSEC encryption, it is characterised in that including:
Screening module: receive message the security strategy action according to the purpose IP address of this message, the outgoing interface type of route table items and ACL from business seam, encapsulates privately owned head by the message that action is application IPSEC, and mails to business board CPU;It is that the message walked around carries out routing forwarding by action;It it is the packet loss abandoned by action;
Encryption/decryption module: receive message, message that privately owned for message head is encryption identification is inquired about according to message five-tuple the SPI of SPD and correspondence, inquire about SA information further according to this SIP and message tlv triple, according to Query Result, this message carried out IPSEC encryption or the process abandoned;Finally the message after encryption is sent to described screening module through exchange network.
4. system as claimed in claim 3, it is characterised in that described screening module is located on exchange chip or the NP of interface board, and described encryption/decryption module is arranged on described business board CPU.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610212912.4A CN105763557B (en) | 2016-04-07 | 2016-04-07 | Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU |
| PCT/CN2016/102806 WO2017173806A1 (en) | 2016-04-07 | 2016-10-21 | Method and system using cooperation of switch chip or np and cpu to perform ipsec encryption on packet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610212912.4A CN105763557B (en) | 2016-04-07 | 2016-04-07 | Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105763557A true CN105763557A (en) | 2016-07-13 |
| CN105763557B CN105763557B (en) | 2019-01-22 |
Family
ID=56334401
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610212912.4A Active CN105763557B (en) | 2016-04-07 | 2016-04-07 | Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105763557B (en) |
| WO (1) | WO2017173806A1 (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106603523A (en) * | 2016-12-09 | 2017-04-26 | 北京东土军悦科技有限公司 | Message forwarding method and network switching device |
| WO2017173806A1 (en) * | 2016-04-07 | 2017-10-12 | 烽火通信科技股份有限公司 | Method and system using cooperation of switch chip or np and cpu to perform ipsec encryption on packet |
| CN109302354A (en) * | 2018-10-26 | 2019-02-01 | 盛科网络(苏州)有限公司 | A kind of chip implementing method and device of UDP encapsulation GRE message |
| CN110636078A (en) * | 2019-10-12 | 2019-12-31 | 盛科网络(苏州)有限公司 | Method and device for realizing Cloudsec |
| CN111371549A (en) * | 2020-03-05 | 2020-07-03 | 浙江双成电气有限公司 | Message data transmission method, device and system |
| CN111800436A (en) * | 2020-07-29 | 2020-10-20 | 郑州信大捷安信息技术股份有限公司 | IPSec isolation network card equipment and secure communication method |
| CN113347230A (en) * | 2021-05-13 | 2021-09-03 | 长沙星融元数据技术有限公司 | Load balancing method, device, equipment and medium based on programmable switch |
| CN114301735A (en) * | 2021-12-10 | 2022-04-08 | 北京天融信网络安全技术有限公司 | Method, system, terminal and storage medium for managing and controlling IPSEC tunnel data distribution on demand |
| CN114915451A (en) * | 2022-04-07 | 2022-08-16 | 南京邮电大学 | Fusion tunnel encryption transmission method based on enterprise router |
| CN115766172A (en) * | 2022-11-09 | 2023-03-07 | 中科驭数(北京)科技有限公司 | Message forwarding method, device, equipment and medium based on DPU and national password |
| CN115941290A (en) * | 2022-11-15 | 2023-04-07 | 迈普通信技术股份有限公司 | Data packet processing method, device, central node and storage medium |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109542633A (en) * | 2018-09-29 | 2019-03-29 | 江苏新质信息科技有限公司 | A method of improving network packet enciphering rate |
| CN111431921B (en) * | 2020-03-31 | 2022-08-26 | 杭州迪普科技股份有限公司 | Configuration synchronization method |
| CN112332982B (en) * | 2020-11-25 | 2022-08-26 | 苏州盛科通信股份有限公司 | Macsec decryption method and device |
| CN114697408B (en) * | 2020-12-28 | 2023-09-26 | 国家计算机网络与信息安全管理中心 | Tunnel message processing method and device |
| CN113872956A (en) * | 2021-09-24 | 2021-12-31 | 深圳供电局有限公司 | Method and system for inspecting IPSEC VPN transmission content |
| CN114189484B (en) * | 2021-12-28 | 2023-10-27 | 杭州迪普科技股份有限公司 | Method and device for forwarding message internally |
| CN114095383B (en) * | 2022-01-20 | 2022-04-12 | 紫光恒越技术有限公司 | Network flow sampling method and system and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267399A (en) * | 2008-04-24 | 2008-09-17 | 杭州华三通信技术有限公司 | Packet forward method, device and its uplink interface board |
| CN101442470A (en) * | 2008-12-18 | 2009-05-27 | 成都市华为赛门铁克科技有限公司 | Method, system and equipment for establishing tunnel |
| CN103973687A (en) * | 2014-05-08 | 2014-08-06 | 杭州华三通信技术有限公司 | Method and device for maintaining IP safety alliance |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070165638A1 (en) * | 2006-01-13 | 2007-07-19 | Cisco Technology, Inc. | System and method for routing data over an internet protocol security network |
| CN100596062C (en) * | 2007-08-16 | 2010-03-24 | 杭州华三通信技术有限公司 | Secure protection device and method for distributed packet transfer |
| CN101616084A (en) * | 2009-07-29 | 2009-12-30 | 中兴通讯股份有限公司 | A kind of distributed IPSec load sharing device and method |
| CN105763557B (en) * | 2016-04-07 | 2019-01-22 | 烽火通信科技股份有限公司 | Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU |
-
2016
- 2016-04-07 CN CN201610212912.4A patent/CN105763557B/en active Active
- 2016-10-21 WO PCT/CN2016/102806 patent/WO2017173806A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267399A (en) * | 2008-04-24 | 2008-09-17 | 杭州华三通信技术有限公司 | Packet forward method, device and its uplink interface board |
| CN101442470A (en) * | 2008-12-18 | 2009-05-27 | 成都市华为赛门铁克科技有限公司 | Method, system and equipment for establishing tunnel |
| CN103973687A (en) * | 2014-05-08 | 2014-08-06 | 杭州华三通信技术有限公司 | Method and device for maintaining IP safety alliance |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017173806A1 (en) * | 2016-04-07 | 2017-10-12 | 烽火通信科技股份有限公司 | Method and system using cooperation of switch chip or np and cpu to perform ipsec encryption on packet |
| CN106603523A (en) * | 2016-12-09 | 2017-04-26 | 北京东土军悦科技有限公司 | Message forwarding method and network switching device |
| CN109302354A (en) * | 2018-10-26 | 2019-02-01 | 盛科网络(苏州)有限公司 | A kind of chip implementing method and device of UDP encapsulation GRE message |
| CN110636078A (en) * | 2019-10-12 | 2019-12-31 | 盛科网络(苏州)有限公司 | Method and device for realizing Cloudsec |
| CN111371549A (en) * | 2020-03-05 | 2020-07-03 | 浙江双成电气有限公司 | Message data transmission method, device and system |
| CN111800436B (en) * | 2020-07-29 | 2022-04-08 | 郑州信大捷安信息技术股份有限公司 | IPSec isolation network card equipment and secure communication method |
| CN111800436A (en) * | 2020-07-29 | 2020-10-20 | 郑州信大捷安信息技术股份有限公司 | IPSec isolation network card equipment and secure communication method |
| CN113347230A (en) * | 2021-05-13 | 2021-09-03 | 长沙星融元数据技术有限公司 | Load balancing method, device, equipment and medium based on programmable switch |
| CN114301735A (en) * | 2021-12-10 | 2022-04-08 | 北京天融信网络安全技术有限公司 | Method, system, terminal and storage medium for managing and controlling IPSEC tunnel data distribution on demand |
| CN114915451A (en) * | 2022-04-07 | 2022-08-16 | 南京邮电大学 | Fusion tunnel encryption transmission method based on enterprise router |
| CN114915451B (en) * | 2022-04-07 | 2023-07-21 | 南京邮电大学 | Fusion tunnel encryption transmission method based on enterprise-level router |
| CN115766172A (en) * | 2022-11-09 | 2023-03-07 | 中科驭数(北京)科技有限公司 | Message forwarding method, device, equipment and medium based on DPU and national password |
| CN115941290A (en) * | 2022-11-15 | 2023-04-07 | 迈普通信技术股份有限公司 | Data packet processing method, device, central node and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017173806A1 (en) | 2017-10-12 |
| CN105763557B (en) | 2019-01-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105763557A (en) | Method and system for message IPSEC (Internet Protocol Security) encryption by switching chip or NP collaborated with CPU | |
| CN102882789B (en) | A kind of data message processing method, system and equipment | |
| US8327129B2 (en) | Method, apparatus and system for internet key exchange negotiation | |
| US7231664B2 (en) | System and method for transmitting and receiving secure data in a virtual private group | |
| CN102932377B (en) | Method and device for filtering IP (Internet Protocol) message | |
| WO2009021428A1 (en) | Secure protection device and method for message transfer | |
| WO2014143030A1 (en) | Creating and managing a network security tag | |
| JP2004524768A (en) | System and method for distributing protection processing functions for network applications | |
| CN101521667B (en) | Method and device for safety data communication | |
| CN103929299A (en) | Self-securing lightweight network message transmitting method with address as public key | |
| MX2008015298A (en) | Method and apparatus for encrypted communications using ipsec keys. | |
| WO2015131609A1 (en) | Method for implementing l2tp over ipsec access | |
| US20140122876A1 (en) | System and method for providing a secure book device using cryptographically secure communications across secure networks | |
| CN103227742B (en) | A kind of method of ipsec tunnel fast processing message | |
| US20130219172A1 (en) | System and method for providing a secure book device using cryptographically secure communications across secure networks | |
| CN110691074B (en) | IPv6 data encryption method and IPv6 data decryption method | |
| WO2016165277A1 (en) | Ipsec diversion implementing method and apparatus | |
| CN107645513A (en) | A kind of IPsec content auditings device and method | |
| Sumathi et al. | Using Artificial Intelligence (AI) and Internet of Things (IoT) for Improving Network Security by Hybrid Cryptography Approach | |
| CN113726795A (en) | Message forwarding method and device, electronic equipment and readable storage medium | |
| Cisco | Configuring IPSec Network Security | |
| JP5932709B2 (en) | Transmission side device and reception side device | |
| Raheem et al. | A secure authentication protocol for IP-based wireless sensor communications using the Location/ID Split Protocol (LISP) | |
| CN108809888B (en) | Safety network construction method and system based on safety module | |
| US11019044B2 (en) | Correlating network flows through a proxy device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |