CN105763557B - Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU - Google Patents
Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU Download PDFInfo
- Publication number
- CN105763557B CN105763557B CN201610212912.4A CN201610212912A CN105763557B CN 105763557 B CN105763557 B CN 105763557B CN 201610212912 A CN201610212912 A CN 201610212912A CN 105763557 B CN105763557 B CN 105763557B
- Authority
- CN
- China
- Prior art keywords
- message
- ipsec
- cpu
- acl
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
Abstract
The invention discloses a kind of exchange chips or NP to cooperate with the method and system for completing message IPSEC encryption with CPU, method includes the following steps: from business interface message, look into routing table according to the purpose IP address of message, and if outgoing interface type is generic interface, message is subjected to routing forwarding;If IPSEC tunnel interface, then ACL is inquired according to message five-tuple and judge whether to hit, the dropping packets if miss;Otherwise judge the movement of security strategy, and routing forwarding, discarding or the privately owned head of encapsulation are carried out to message according to the movement of security strategy and are sent to CPU;CPU receives clear text, will be according to message five-tuple and ternary group polling SA information, if not finding, dropping packets;Otherwise IPSEC encrypting and transmitting is carried out to interface board to message according to SA information.The present invention first screens the message for being input to CPU processing through interface board, and only security strategy is just to send into CPU using the message of IPSEC, improves exchange network bandwidth availability ratio, strengthens the treatment effeciency of CPU.
Description
Technical field
The present invention relates to IPSEC encryption technologies, and in particular to a kind of exchange chip or NP are cooperateed with CPU and completed message
The method and system of IPSEC encryption.
Background technique
IPSEC (IP Security, IP (Internet Protocol, Internet Protocol) are safely) is IETF
(Internet Engineering Task Force, internet engineering task group) formulation is to guarantee to pass on internet
Send the framework agreement of the safe encryption performance of data.Mainly pass through package safety load and/or the security service by using encryption
The communication of safety to ensure to be maintained secrecy on Internet protocol (IP) network, it carries out data packet at IP layers high-intensitive
Safe handling, provide including access control, connectionless integrality, data source authentication, anti-replay (replay) protection (sequence
One component part of integrality (sequence integrity)), the service including confidentiality and definite transmission stream confidentiality.
These services are to provide the protection to IP and its upper-layer protocol based on IP layers.
The distributed apparatus of IPSEC function is supported generally to be made of interface board, business board and master control borad at present.On interface board
It is typically provided the forwarding chip of exchange chip or NP (network processing unit) contour performance, for reception and forwarding data packets, and
The message for carrying out IPSEC encryption and decryption will be needed to be sent to business board by exchange network to handle;Business board is used for message
IPSEC encryption and decryption is carried out, and message is sent to interface board by treated;Master control borad carries out routing protocol packet and IKE
The interaction of (signaling protocol that (Internet Key Exchange, internet key exchange) is IPSec) protocol massages, it is raw
At routing and IPSEC relevant configuration, but it is not involved in specific data forwarding.IPSEC encryption and decryption is usually real on business board CPU
Existing, CPU can complete IPSEC encryption and decryption functions using software enciphering and deciphering algorithm or internal hardware crypto-engine.Fig. 1 is current
The IPSEC encryption method of common business board, as shown in Figure 1, comprising the following steps: business board CPU receives interface board and passes through friendship
After the message that switching network is sent, according to message five-tuple, (source IP address, purpose IP address, source port, destination port, safety are assisted
View) inquiry SPD (security policy database, Security Policy Database), obtain and judge the instruction of security strategy,
If security strategy is to abandon, then the message is abandoned;If security strategy is around the message is sent back to interface board and is carried out
Routing forwarding;If security strategy be using IPSEC, further according to triple (SPI (Security Parameter Index,
Security Parameter Index), purpose IP address, security protocol) inquiry SA (Security Association, Security Association), if
It does not find, illustrates that SA is not set up also, then dropping packets;Otherwise message is encrypted according to the SA found, and will generated
Ciphertext be sent to interface card after, carry out routing forwarding.
Realization IPSEC encryption function with the aforedescribed process is adopted, is had the following problems:
1) business board receives the message that interface board is sent by exchange network, after standby service plate inquires SPD, only to safe plan
Slightly using IPSEC message carry out cryptographic operation, and remaining message then abandon or be sent back to interface board go forward side by side walking along the street by
Forwarding, consumes excessive exchange network bandwidth in this way.
2) message for needing or not needing encryption is all sent to business board CPU and handled by interface board, and it is negative to increase CPU
Load leads to the reduction of CPU processing capacity.
In view of this, being badly in need of providing the treatment effeciency of a kind of promotion exchange network bandwidth availability ratio and business board CPU
The method of IPSEC encryption.
Summary of the invention
The message encrypted will be needed or not needed by exchange network the technical problem to be solved by the present invention is to interface board
It is all sent to business board CPU to be handled, has added CPU to bear and consume excessive exchange network bandwidth, led to CPU processing capacity
The problem of reduction.
In order to solve the above-mentioned technical problem, the technical scheme adopted by the invention is that provide a kind of exchange chip or NP with
The method that message IPSEC encryption is completed in CPU collaboration, comprising the following steps:
From business interface message, routing table is looked into according to the purpose IP address of message, and judges connecing out for route table items
Message is carried out routing forwarding if generic interface by mouth type;If IPSEC tunnel interface, then inquired according to message five-tuple
ACL simultaneously judges whether ACL hits, such as miss, then dropping packets;Movement is by the movement for otherwise judging the security strategy of ACL
Privately owned head is encapsulated using the message of IPSEC, and is sent to business board CPU;By movement for around message carry out routing forwarding;It will move
Packet loss as discarding;
Business board CPU receives message to be encrypted, and SPD will be inquired according to message five-tuple and obtains corresponding SPI, then root
According to this SIP and message ternary group polling SA information, and judge whether to find SA information, if not finding, dropping packets;Otherwise root
IPSEC encrypting and transmitting is carried out to interface board to message according to SA information.
In the above-mentioned methods, it is identified in the privately owned head comprising encryption identification and decryption.
The present invention also provides a kind of exchange chips or NP to cooperate with the system for completing message IPSEC encryption with CPU, comprising:
Screening module: from business interface receive message, and according to the purpose IP address of the message, route table items go out connect
Movement is to encapsulate privately owned head using the message of IPSEC, and be sent to business board CPU by mouth type and the movement of the security strategy of ACL;
By movement for around message carry out routing forwarding;Packet loss by movement to abandon;
Encryption/decryption module: receiving message, and the message that the privately owned head of message is encryption identification is inquired SPD according to message five-tuple
And corresponding SPI carries out IPSEC to the message according to query result and adds further according to this SIP and message ternary group polling SA information
Processing that is close or abandoning;Encrypted message is finally sent to the screening module through exchange network.
In the above scheme, the screening module is set on the exchange chip or NP of interface board, and the encryption/decryption module is set
It sets on the business board CPU.
Detailed description of the invention
Fig. 1 is the flow chart of existing message IPSEC encryption;
Fig. 2 is the flow chart of message filter provided by the invention;
Fig. 3 is the flow chart of the message IPSEC encryption after screening provided by the invention;
Fig. 4 is that exchange chip provided by the invention or NP cooperate with the system block diagram for completing message IPSEC encryption with CPU.
Specific embodiment
The present invention provides a kind of exchange chips or NP to cooperate with the method for completing message IPSEC encryption with CPU.Below with reference to
Specific embodiment and Figure of description are described in detail the present invention.
Master control borad generates SPD and SA, and by these configuration distributings after receiving user configuration or carrying out ike negotiation first
Onto business board CPU;Meanwhile ACL (Access Controil List, legal power safety strategy) is generated according to SPD information, ACL
Matching rule be message five-tuple (source IP address, purpose IP address, source port, destination port, protocol number), the SP of ACL
The movement of (Security Policy, security strategy) is to abandon, bypass or apply IPSEC, then the ACL of generation is issued to and is connect
On the exchange chip or NP of oralia, after the exchange chip or NP of interface board receive message, it will continue following processing.
As shown in Fig. 2, being the flow chart of message filter provided by the invention, comprising the following steps:
S201, from business interface message, turn S202;
S202, routing table is looked into according to the purpose IP address of message, turns S203;
S203, judge that the outgoing interface type of route table items turns S208 if it is generic interface, connect if it is the tunnel IPSEC
Mouthful, turn S204;
S204, ACL is inquired according to message five-tuple, turns S205;
S205, judge whether ACL hits, if hit, turns S206, otherwise turn S209;
S206, judge that the movement of the security strategy of ACL turns S207 if it is IPSEC is applied, if it is bypassing, turn
S208 turns S209 if it is discarding;
S207, message encapsulate privately owned head, include encryption indicator in privately owned head, and be sent to business board CPU by exchange network,
Turn S208;
S208, routing forwarding is carried out, message is sent to outlet after finding an exit, turns S210;
S209, dropping packets, turn S210;
S210, process terminate.
CPU is received after the message of above-mentioned steps screening, IPSEC encryption is carried out to message, as shown in figure 3, being
The flow chart of message IPSEC encryption after screening provided by the invention, comprising the following steps:
S301, message to be encrypted is received, turns S302;
S302, SPD is inquired according to message five-tuple, obtains corresponding SPI, turns S303;
S303, the ternary group polling SA information according to message, turn S304;
S304, judge whether to find SA information, if finding SA information, turn S305, otherwise turn S306;
S305, IPSEC encryption is carried out to message according to SA information, turns S307;
S306, dropping packets;
S307, the subsequent routing forwarding process of interface board progress is sent by exchange network by message;
S308, process terminate.
The present invention also provides a kind of exchange chips or NP to cooperate with the system for completing message IPSEC encryption, such as Fig. 4 with CPU
Shown, this system includes the screening module 10 and be set on business board CPU plus solution set on the exchange chip of interface board or on NP
Close module 20;
Screening module 10: the message being sent into from business interface and encrypting module 20 is received, and according to the destination IP of the message
The security strategy of address, the outgoing interface type of route table items and ACL acts, and is privately owned using the encapsulation of the message of IPSEC by movement
Head, and it is sent to business board CPU;By movement for around message carry out routing forwarding;Packet loss by movement to abandon.
Encryption/decryption module 20: judgement is sent to the encryption and decryption mark that the privately owned head of message of this module carries, and marks if encryption
Know, then SPD and corresponding SPI is inquired according to message five-tuple, further according to this SIP and message ternary group polling SA information, and root
The processing of IPSEC encryption or discarding is carried out to the message according to query result;It is identified if decryption, is then according to corresponding SA information
Message decryption;The message after encryption or decryption is finally sent to screening module 10 through exchange network and carries out routing forwarding.
The working principle of present system is as follows:
Master control borad generates SPD and SA after receiving user configuration or carrying out ike negotiation, to specified stream, and these are configured
It is issued in encryption/decryption module 20, while ACL is generated according to SPD information, the matching rule of ACL is message five-tuple;Safe plan
Movement slightly are as follows: abandon, bypass or apply IPSEC, then the ACL of generation is issued to the forwarding information storehouse of screening module 10
(FIB) in.
After screening module 10 receives message, routing table is first looked into according to the purpose IP address of message and obtains going out for route table items
Interface type;If outgoing interface is common port, common routing forwarding is carried out;If outgoing interface is that IPSEC virtual channel connects
Mouthful, then ACL is searched according to message five-tuple and judge whether ACL hits, if miss, illustrates that this flows corresponding security strategy
It does not generate also, then by packet loss.Movement as hit and inquiring security strategy is around message is then gone to common routing
Forwarding;If the movement for inquiring security strategy is that message is encapsulated privately owned head, includes encryption in privately owned head using IPSEC
Or decryption mark, then given by exchange network to encryption/decryption module 20.
After encryption/decryption module 20 receives clear text, judge the privately owned head carrying of the message is encryption or decryption mark;
If encryption identification, then SPD is inquired according to message five-tuple, and obtain corresponding SPI.Further according to message triple (SPI, mesh
IP address, protocol number) inquiry SA if not inquiring SA abandons the message;If inquiring SA, according to the information pair of SA
The message carries out IPSEC encryption, after encrypted message is finally sent back to the progress of screening module 10 by exchange network
Continuous routing forwarding.
The message for being input to business board CPU processing is first passed through interface board and screened by the present invention, by only security strategy
It can just send for the message of application IPSEC to business board CPU processing, security strategy is that discarding or the message bypassed are all complete in interface board
At processing, exchange network bandwidth availability ratio is not only improved in this way, while strengthening the treatment effeciency of business board CPU.
The present invention is not limited to above-mentioned preferred forms, and anyone should learn that the knots made under the inspiration of the present invention
Structure variation, the technical schemes that are same or similar to the present invention are fallen within the scope of protection of the present invention.
Claims (4)
1. a kind of exchange chip or NP cooperate with the method for completing message IPSEC encryption with CPU, which is characterized in that including following step
It is rapid:
Master control borad generates Security Policy Database SPD and security alliance SA after receiving user configuration or carrying out ike negotiation, and
It will be on these configuration distributings to business board CPU;Meanwhile the matching rule of legal power safety strategy ACL, ACL are generated according to SPD information
For message five-tuple, the movement of the security strategy of ACL is to abandon, bypass or apply IPSEC, then the ACL of generation is issued to and is connect
On the exchange chip or NP of oralia;
From business interface message, routing table is looked into according to the purpose IP address of message, and judges the outgoing interface class of route table items
Message is carried out routing forwarding if generic interface by type;If IPSEC tunnel interface, then ACL is inquired according to message five-tuple
And judge whether ACL hits, and such as miss, then dropping packets;Otherwise movement is answered in the movement for judging the security strategy of ACL
Privately owned head is encapsulated with the message of IPSEC, and is sent to business board CPU;By movement for around message carry out routing forwarding;It will movement
For the packet loss of discarding;
Business board CPU receives message to be encrypted, and SPD will be inquired according to message five-tuple and obtains corresponding SPI, further according to this
SIP and message ternary group polling SA information, and judge whether to find SA information, if not finding, dropping packets;Otherwise according to SA
Information carries out IPSEC encrypting and transmitting to interface board to message.
2. the method as described in claim 1, which is characterized in that identified in the privately owned head comprising encryption identification and decryption.
3. a kind of exchange chip or NP cooperate with the system for completing message IPSEC encryption with CPU characterized by comprising
Master control borad generates Security Policy Database SPD and security alliance SA after receiving user configuration or carrying out ike negotiation, and
It will be on these configuration distributings to business board CPU;Meanwhile the matching rule of legal power safety strategy ACL, ACL are generated according to SPD information
For message five-tuple, the movement of the security strategy of ACL is to abandon, bypass or apply IPSEC, then the ACL of generation is issued to and is connect
On the exchange chip or NP of oralia;
Screening module: message is received from business interface, and according to the purpose IP address of the message, the outgoing interface class of route table items
Type and the movement of the security strategy of ACL, by movement to encapsulate privately owned head using the message of IPSEC, and are sent to business board CPU;It will move
Routing forwarding is carried out as the message bypassed;Packet loss by movement to abandon;
Encryption/decryption module: receiving message, and the message that the privately owned head of message is encryption identification is inquired SPD and right according to message five-tuple
The SPI answered, further according to this SIP and message ternary group polling SA information, according to query result to the message carry out IPSEC encryption or
The processing of discarding;Encrypted message is finally sent to the screening module through exchange network.
4. system as claimed in claim 3, which is characterized in that the screening module is set to the exchange chip or NP of interface board
On, the encryption/decryption module is arranged on the business board CPU.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610212912.4A CN105763557B (en) | 2016-04-07 | 2016-04-07 | Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU |
PCT/CN2016/102806 WO2017173806A1 (en) | 2016-04-07 | 2016-10-21 | Method and system using cooperation of switch chip or np and cpu to perform ipsec encryption on packet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610212912.4A CN105763557B (en) | 2016-04-07 | 2016-04-07 | Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105763557A CN105763557A (en) | 2016-07-13 |
CN105763557B true CN105763557B (en) | 2019-01-22 |
Family
ID=56334401
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610212912.4A Active CN105763557B (en) | 2016-04-07 | 2016-04-07 | Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105763557B (en) |
WO (1) | WO2017173806A1 (en) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105763557B (en) * | 2016-04-07 | 2019-01-22 | 烽火通信科技股份有限公司 | Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU |
CN106603523A (en) * | 2016-12-09 | 2017-04-26 | 北京东土军悦科技有限公司 | Message forwarding method and network switching device |
CN109542633A (en) * | 2018-09-29 | 2019-03-29 | 江苏新质信息科技有限公司 | A method of improving network packet enciphering rate |
CN109302354A (en) * | 2018-10-26 | 2019-02-01 | 盛科网络(苏州)有限公司 | A kind of chip implementing method and device of UDP encapsulation GRE message |
CN110636078B (en) * | 2019-10-12 | 2022-02-11 | 苏州盛科通信股份有限公司 | Method and device for realizing Cloudsec |
CN111371549B (en) * | 2020-03-05 | 2023-03-24 | 浙江双成电气有限公司 | Message data transmission method, device and system |
CN111431921B (en) * | 2020-03-31 | 2022-08-26 | 杭州迪普科技股份有限公司 | Configuration synchronization method |
CN111800436B (en) * | 2020-07-29 | 2022-04-08 | 郑州信大捷安信息技术股份有限公司 | IPSec isolation network card equipment and secure communication method |
CN112332982B (en) * | 2020-11-25 | 2022-08-26 | 苏州盛科通信股份有限公司 | Macsec decryption method and device |
CN114697408B (en) * | 2020-12-28 | 2023-09-26 | 国家计算机网络与信息安全管理中心 | Tunnel message processing method and device |
CN113347230B (en) * | 2021-05-13 | 2022-09-06 | 长沙星融元数据技术有限公司 | Load balancing method, device, equipment and medium based on programmable switch |
CN113872956A (en) * | 2021-09-24 | 2021-12-31 | 深圳供电局有限公司 | Method and system for inspecting IPSEC VPN transmission content |
CN114301735B (en) * | 2021-12-10 | 2023-05-02 | 北京天融信网络安全技术有限公司 | Method, system, terminal and storage medium for managing and controlling on-demand distribution of IPSEC tunnel data |
CN114189484B (en) * | 2021-12-28 | 2023-10-27 | 杭州迪普科技股份有限公司 | Method and device for forwarding message internally |
CN114095383B (en) * | 2022-01-20 | 2022-04-12 | 紫光恒越技术有限公司 | Network flow sampling method and system and electronic equipment |
CN114915451B (en) * | 2022-04-07 | 2023-07-21 | 南京邮电大学 | Fusion tunnel encryption transmission method based on enterprise-level router |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101267399A (en) * | 2008-04-24 | 2008-09-17 | 杭州华三通信技术有限公司 | Packet forward method, device and its uplink interface board |
CN101442470A (en) * | 2008-12-18 | 2009-05-27 | 成都市华为赛门铁克科技有限公司 | Method, system and equipment for establishing tunnel |
CN103973687A (en) * | 2014-05-08 | 2014-08-06 | 杭州华三通信技术有限公司 | Method and device for maintaining IP safety alliance |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070165638A1 (en) * | 2006-01-13 | 2007-07-19 | Cisco Technology, Inc. | System and method for routing data over an internet protocol security network |
CN100596062C (en) * | 2007-08-16 | 2010-03-24 | 杭州华三通信技术有限公司 | Secure protection device and method for distributed packet transfer |
CN101616084A (en) * | 2009-07-29 | 2009-12-30 | 中兴通讯股份有限公司 | A kind of distributed IPSec load sharing device and method |
CN105763557B (en) * | 2016-04-07 | 2019-01-22 | 烽火通信科技股份有限公司 | Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU |
-
2016
- 2016-04-07 CN CN201610212912.4A patent/CN105763557B/en active Active
- 2016-10-21 WO PCT/CN2016/102806 patent/WO2017173806A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101267399A (en) * | 2008-04-24 | 2008-09-17 | 杭州华三通信技术有限公司 | Packet forward method, device and its uplink interface board |
CN101442470A (en) * | 2008-12-18 | 2009-05-27 | 成都市华为赛门铁克科技有限公司 | Method, system and equipment for establishing tunnel |
CN103973687A (en) * | 2014-05-08 | 2014-08-06 | 杭州华三通信技术有限公司 | Method and device for maintaining IP safety alliance |
Also Published As
Publication number | Publication date |
---|---|
WO2017173806A1 (en) | 2017-10-12 |
CN105763557A (en) | 2016-07-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105763557B (en) | Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU | |
CN102882789B (en) | A kind of data message processing method, system and equipment | |
CN105591926B (en) | A kind of flow rate protecting method and device | |
CN106375493B (en) | Cross-network communication method and proxy server | |
CN100596062C (en) | Secure protection device and method for distributed packet transfer | |
CN100594690C (en) | Method and device for safety strategy uniformly treatment in safety gateway | |
CN106559349B (en) | Control method and device, the system of service transmission rate | |
JP5116752B2 (en) | Efficient key derivation for the security of end-to-end networks with traffic visibility | |
CN102932377B (en) | Method and device for filtering IP (Internet Protocol) message | |
US8327129B2 (en) | Method, apparatus and system for internet key exchange negotiation | |
US20070169187A1 (en) | Method and system for securely scanning network traffic | |
CN104272674A (en) | Multi-tunnel virtual private network | |
CN111800436B (en) | IPSec isolation network card equipment and secure communication method | |
CN112491821B (en) | IPSec message forwarding method and device | |
CN107181716A (en) | A kind of secure communication of network system and method based on national commercial cipher algorithm | |
CN101521667B (en) | Method and device for safety data communication | |
WO2015131609A1 (en) | Method for implementing l2tp over ipsec access | |
CN108712364A (en) | A kind of safety defense system and method for SDN network | |
CN107819685A (en) | The method and the network equipment of a kind of data processing | |
CN103227742B (en) | A kind of method of ipsec tunnel fast processing message | |
CN103457952A (en) | IPSec processing method and device based on encrypting engine | |
CN106161386A (en) | A kind of method and apparatus realizing that IPsec shunts | |
US8332639B2 (en) | Data encryption over a plurality of MPLS networks | |
CN107294968A (en) | The monitoring method and system of a kind of audio, video data | |
US20160366191A1 (en) | Single Proxies in Secure Communication Using Service Function Chaining |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |