CN105763557B - Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU - Google Patents

Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU Download PDF

Info

Publication number
CN105763557B
CN105763557B CN201610212912.4A CN201610212912A CN105763557B CN 105763557 B CN105763557 B CN 105763557B CN 201610212912 A CN201610212912 A CN 201610212912A CN 105763557 B CN105763557 B CN 105763557B
Authority
CN
China
Prior art keywords
message
ipsec
cpu
acl
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610212912.4A
Other languages
Chinese (zh)
Other versions
CN105763557A (en
Inventor
王颖
饶冀
周万涛
李先鲜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fiberhome Telecommunication Technologies Co Ltd
Original Assignee
Fiberhome Telecommunication Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fiberhome Telecommunication Technologies Co Ltd filed Critical Fiberhome Telecommunication Technologies Co Ltd
Priority to CN201610212912.4A priority Critical patent/CN105763557B/en
Publication of CN105763557A publication Critical patent/CN105763557A/en
Priority to PCT/CN2016/102806 priority patent/WO2017173806A1/en
Application granted granted Critical
Publication of CN105763557B publication Critical patent/CN105763557B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up

Abstract

The invention discloses a kind of exchange chips or NP to cooperate with the method and system for completing message IPSEC encryption with CPU, method includes the following steps: from business interface message, look into routing table according to the purpose IP address of message, and if outgoing interface type is generic interface, message is subjected to routing forwarding;If IPSEC tunnel interface, then ACL is inquired according to message five-tuple and judge whether to hit, the dropping packets if miss;Otherwise judge the movement of security strategy, and routing forwarding, discarding or the privately owned head of encapsulation are carried out to message according to the movement of security strategy and are sent to CPU;CPU receives clear text, will be according to message five-tuple and ternary group polling SA information, if not finding, dropping packets;Otherwise IPSEC encrypting and transmitting is carried out to interface board to message according to SA information.The present invention first screens the message for being input to CPU processing through interface board, and only security strategy is just to send into CPU using the message of IPSEC, improves exchange network bandwidth availability ratio, strengthens the treatment effeciency of CPU.

Description

Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU
Technical field
The present invention relates to IPSEC encryption technologies, and in particular to a kind of exchange chip or NP are cooperateed with CPU and completed message The method and system of IPSEC encryption.
Background technique
IPSEC (IP Security, IP (Internet Protocol, Internet Protocol) are safely) is IETF (Internet Engineering Task Force, internet engineering task group) formulation is to guarantee to pass on internet Send the framework agreement of the safe encryption performance of data.Mainly pass through package safety load and/or the security service by using encryption The communication of safety to ensure to be maintained secrecy on Internet protocol (IP) network, it carries out data packet at IP layers high-intensitive Safe handling, provide including access control, connectionless integrality, data source authentication, anti-replay (replay) protection (sequence One component part of integrality (sequence integrity)), the service including confidentiality and definite transmission stream confidentiality. These services are to provide the protection to IP and its upper-layer protocol based on IP layers.
The distributed apparatus of IPSEC function is supported generally to be made of interface board, business board and master control borad at present.On interface board It is typically provided the forwarding chip of exchange chip or NP (network processing unit) contour performance, for reception and forwarding data packets, and The message for carrying out IPSEC encryption and decryption will be needed to be sent to business board by exchange network to handle;Business board is used for message IPSEC encryption and decryption is carried out, and message is sent to interface board by treated;Master control borad carries out routing protocol packet and IKE The interaction of (signaling protocol that (Internet Key Exchange, internet key exchange) is IPSec) protocol massages, it is raw At routing and IPSEC relevant configuration, but it is not involved in specific data forwarding.IPSEC encryption and decryption is usually real on business board CPU Existing, CPU can complete IPSEC encryption and decryption functions using software enciphering and deciphering algorithm or internal hardware crypto-engine.Fig. 1 is current The IPSEC encryption method of common business board, as shown in Figure 1, comprising the following steps: business board CPU receives interface board and passes through friendship After the message that switching network is sent, according to message five-tuple, (source IP address, purpose IP address, source port, destination port, safety are assisted View) inquiry SPD (security policy database, Security Policy Database), obtain and judge the instruction of security strategy, If security strategy is to abandon, then the message is abandoned;If security strategy is around the message is sent back to interface board and is carried out Routing forwarding;If security strategy be using IPSEC, further according to triple (SPI (Security Parameter Index, Security Parameter Index), purpose IP address, security protocol) inquiry SA (Security Association, Security Association), if It does not find, illustrates that SA is not set up also, then dropping packets;Otherwise message is encrypted according to the SA found, and will generated Ciphertext be sent to interface card after, carry out routing forwarding.
Realization IPSEC encryption function with the aforedescribed process is adopted, is had the following problems:
1) business board receives the message that interface board is sent by exchange network, after standby service plate inquires SPD, only to safe plan Slightly using IPSEC message carry out cryptographic operation, and remaining message then abandon or be sent back to interface board go forward side by side walking along the street by Forwarding, consumes excessive exchange network bandwidth in this way.
2) message for needing or not needing encryption is all sent to business board CPU and handled by interface board, and it is negative to increase CPU Load leads to the reduction of CPU processing capacity.
In view of this, being badly in need of providing the treatment effeciency of a kind of promotion exchange network bandwidth availability ratio and business board CPU The method of IPSEC encryption.
Summary of the invention
The message encrypted will be needed or not needed by exchange network the technical problem to be solved by the present invention is to interface board It is all sent to business board CPU to be handled, has added CPU to bear and consume excessive exchange network bandwidth, led to CPU processing capacity The problem of reduction.
In order to solve the above-mentioned technical problem, the technical scheme adopted by the invention is that provide a kind of exchange chip or NP with The method that message IPSEC encryption is completed in CPU collaboration, comprising the following steps:
From business interface message, routing table is looked into according to the purpose IP address of message, and judges connecing out for route table items Message is carried out routing forwarding if generic interface by mouth type;If IPSEC tunnel interface, then inquired according to message five-tuple ACL simultaneously judges whether ACL hits, such as miss, then dropping packets;Movement is by the movement for otherwise judging the security strategy of ACL Privately owned head is encapsulated using the message of IPSEC, and is sent to business board CPU;By movement for around message carry out routing forwarding;It will move Packet loss as discarding;
Business board CPU receives message to be encrypted, and SPD will be inquired according to message five-tuple and obtains corresponding SPI, then root According to this SIP and message ternary group polling SA information, and judge whether to find SA information, if not finding, dropping packets;Otherwise root IPSEC encrypting and transmitting is carried out to interface board to message according to SA information.
In the above-mentioned methods, it is identified in the privately owned head comprising encryption identification and decryption.
The present invention also provides a kind of exchange chips or NP to cooperate with the system for completing message IPSEC encryption with CPU, comprising:
Screening module: from business interface receive message, and according to the purpose IP address of the message, route table items go out connect Movement is to encapsulate privately owned head using the message of IPSEC, and be sent to business board CPU by mouth type and the movement of the security strategy of ACL; By movement for around message carry out routing forwarding;Packet loss by movement to abandon;
Encryption/decryption module: receiving message, and the message that the privately owned head of message is encryption identification is inquired SPD according to message five-tuple And corresponding SPI carries out IPSEC to the message according to query result and adds further according to this SIP and message ternary group polling SA information Processing that is close or abandoning;Encrypted message is finally sent to the screening module through exchange network.
In the above scheme, the screening module is set on the exchange chip or NP of interface board, and the encryption/decryption module is set It sets on the business board CPU.
Detailed description of the invention
Fig. 1 is the flow chart of existing message IPSEC encryption;
Fig. 2 is the flow chart of message filter provided by the invention;
Fig. 3 is the flow chart of the message IPSEC encryption after screening provided by the invention;
Fig. 4 is that exchange chip provided by the invention or NP cooperate with the system block diagram for completing message IPSEC encryption with CPU.
Specific embodiment
The present invention provides a kind of exchange chips or NP to cooperate with the method for completing message IPSEC encryption with CPU.Below with reference to Specific embodiment and Figure of description are described in detail the present invention.
Master control borad generates SPD and SA, and by these configuration distributings after receiving user configuration or carrying out ike negotiation first Onto business board CPU;Meanwhile ACL (Access Controil List, legal power safety strategy) is generated according to SPD information, ACL Matching rule be message five-tuple (source IP address, purpose IP address, source port, destination port, protocol number), the SP of ACL The movement of (Security Policy, security strategy) is to abandon, bypass or apply IPSEC, then the ACL of generation is issued to and is connect On the exchange chip or NP of oralia, after the exchange chip or NP of interface board receive message, it will continue following processing.
As shown in Fig. 2, being the flow chart of message filter provided by the invention, comprising the following steps:
S201, from business interface message, turn S202;
S202, routing table is looked into according to the purpose IP address of message, turns S203;
S203, judge that the outgoing interface type of route table items turns S208 if it is generic interface, connect if it is the tunnel IPSEC Mouthful, turn S204;
S204, ACL is inquired according to message five-tuple, turns S205;
S205, judge whether ACL hits, if hit, turns S206, otherwise turn S209;
S206, judge that the movement of the security strategy of ACL turns S207 if it is IPSEC is applied, if it is bypassing, turn S208 turns S209 if it is discarding;
S207, message encapsulate privately owned head, include encryption indicator in privately owned head, and be sent to business board CPU by exchange network, Turn S208;
S208, routing forwarding is carried out, message is sent to outlet after finding an exit, turns S210;
S209, dropping packets, turn S210;
S210, process terminate.
CPU is received after the message of above-mentioned steps screening, IPSEC encryption is carried out to message, as shown in figure 3, being The flow chart of message IPSEC encryption after screening provided by the invention, comprising the following steps:
S301, message to be encrypted is received, turns S302;
S302, SPD is inquired according to message five-tuple, obtains corresponding SPI, turns S303;
S303, the ternary group polling SA information according to message, turn S304;
S304, judge whether to find SA information, if finding SA information, turn S305, otherwise turn S306;
S305, IPSEC encryption is carried out to message according to SA information, turns S307;
S306, dropping packets;
S307, the subsequent routing forwarding process of interface board progress is sent by exchange network by message;
S308, process terminate.
The present invention also provides a kind of exchange chips or NP to cooperate with the system for completing message IPSEC encryption, such as Fig. 4 with CPU Shown, this system includes the screening module 10 and be set on business board CPU plus solution set on the exchange chip of interface board or on NP Close module 20;
Screening module 10: the message being sent into from business interface and encrypting module 20 is received, and according to the destination IP of the message The security strategy of address, the outgoing interface type of route table items and ACL acts, and is privately owned using the encapsulation of the message of IPSEC by movement Head, and it is sent to business board CPU;By movement for around message carry out routing forwarding;Packet loss by movement to abandon.
Encryption/decryption module 20: judgement is sent to the encryption and decryption mark that the privately owned head of message of this module carries, and marks if encryption Know, then SPD and corresponding SPI is inquired according to message five-tuple, further according to this SIP and message ternary group polling SA information, and root The processing of IPSEC encryption or discarding is carried out to the message according to query result;It is identified if decryption, is then according to corresponding SA information Message decryption;The message after encryption or decryption is finally sent to screening module 10 through exchange network and carries out routing forwarding.
The working principle of present system is as follows:
Master control borad generates SPD and SA after receiving user configuration or carrying out ike negotiation, to specified stream, and these are configured It is issued in encryption/decryption module 20, while ACL is generated according to SPD information, the matching rule of ACL is message five-tuple;Safe plan Movement slightly are as follows: abandon, bypass or apply IPSEC, then the ACL of generation is issued to the forwarding information storehouse of screening module 10 (FIB) in.
After screening module 10 receives message, routing table is first looked into according to the purpose IP address of message and obtains going out for route table items Interface type;If outgoing interface is common port, common routing forwarding is carried out;If outgoing interface is that IPSEC virtual channel connects Mouthful, then ACL is searched according to message five-tuple and judge whether ACL hits, if miss, illustrates that this flows corresponding security strategy It does not generate also, then by packet loss.Movement as hit and inquiring security strategy is around message is then gone to common routing Forwarding;If the movement for inquiring security strategy is that message is encapsulated privately owned head, includes encryption in privately owned head using IPSEC Or decryption mark, then given by exchange network to encryption/decryption module 20.
After encryption/decryption module 20 receives clear text, judge the privately owned head carrying of the message is encryption or decryption mark; If encryption identification, then SPD is inquired according to message five-tuple, and obtain corresponding SPI.Further according to message triple (SPI, mesh IP address, protocol number) inquiry SA if not inquiring SA abandons the message;If inquiring SA, according to the information pair of SA The message carries out IPSEC encryption, after encrypted message is finally sent back to the progress of screening module 10 by exchange network Continuous routing forwarding.
The message for being input to business board CPU processing is first passed through interface board and screened by the present invention, by only security strategy It can just send for the message of application IPSEC to business board CPU processing, security strategy is that discarding or the message bypassed are all complete in interface board At processing, exchange network bandwidth availability ratio is not only improved in this way, while strengthening the treatment effeciency of business board CPU.
The present invention is not limited to above-mentioned preferred forms, and anyone should learn that the knots made under the inspiration of the present invention Structure variation, the technical schemes that are same or similar to the present invention are fallen within the scope of protection of the present invention.

Claims (4)

1. a kind of exchange chip or NP cooperate with the method for completing message IPSEC encryption with CPU, which is characterized in that including following step It is rapid:
Master control borad generates Security Policy Database SPD and security alliance SA after receiving user configuration or carrying out ike negotiation, and It will be on these configuration distributings to business board CPU;Meanwhile the matching rule of legal power safety strategy ACL, ACL are generated according to SPD information For message five-tuple, the movement of the security strategy of ACL is to abandon, bypass or apply IPSEC, then the ACL of generation is issued to and is connect On the exchange chip or NP of oralia;
From business interface message, routing table is looked into according to the purpose IP address of message, and judges the outgoing interface class of route table items Message is carried out routing forwarding if generic interface by type;If IPSEC tunnel interface, then ACL is inquired according to message five-tuple And judge whether ACL hits, and such as miss, then dropping packets;Otherwise movement is answered in the movement for judging the security strategy of ACL Privately owned head is encapsulated with the message of IPSEC, and is sent to business board CPU;By movement for around message carry out routing forwarding;It will movement For the packet loss of discarding;
Business board CPU receives message to be encrypted, and SPD will be inquired according to message five-tuple and obtains corresponding SPI, further according to this SIP and message ternary group polling SA information, and judge whether to find SA information, if not finding, dropping packets;Otherwise according to SA Information carries out IPSEC encrypting and transmitting to interface board to message.
2. the method as described in claim 1, which is characterized in that identified in the privately owned head comprising encryption identification and decryption.
3. a kind of exchange chip or NP cooperate with the system for completing message IPSEC encryption with CPU characterized by comprising
Master control borad generates Security Policy Database SPD and security alliance SA after receiving user configuration or carrying out ike negotiation, and It will be on these configuration distributings to business board CPU;Meanwhile the matching rule of legal power safety strategy ACL, ACL are generated according to SPD information For message five-tuple, the movement of the security strategy of ACL is to abandon, bypass or apply IPSEC, then the ACL of generation is issued to and is connect On the exchange chip or NP of oralia;
Screening module: message is received from business interface, and according to the purpose IP address of the message, the outgoing interface class of route table items Type and the movement of the security strategy of ACL, by movement to encapsulate privately owned head using the message of IPSEC, and are sent to business board CPU;It will move Routing forwarding is carried out as the message bypassed;Packet loss by movement to abandon;
Encryption/decryption module: receiving message, and the message that the privately owned head of message is encryption identification is inquired SPD and right according to message five-tuple The SPI answered, further according to this SIP and message ternary group polling SA information, according to query result to the message carry out IPSEC encryption or The processing of discarding;Encrypted message is finally sent to the screening module through exchange network.
4. system as claimed in claim 3, which is characterized in that the screening module is set to the exchange chip or NP of interface board On, the encryption/decryption module is arranged on the business board CPU.
CN201610212912.4A 2016-04-07 2016-04-07 Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU Active CN105763557B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610212912.4A CN105763557B (en) 2016-04-07 2016-04-07 Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU
PCT/CN2016/102806 WO2017173806A1 (en) 2016-04-07 2016-10-21 Method and system using cooperation of switch chip or np and cpu to perform ipsec encryption on packet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610212912.4A CN105763557B (en) 2016-04-07 2016-04-07 Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU

Publications (2)

Publication Number Publication Date
CN105763557A CN105763557A (en) 2016-07-13
CN105763557B true CN105763557B (en) 2019-01-22

Family

ID=56334401

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610212912.4A Active CN105763557B (en) 2016-04-07 2016-04-07 Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU

Country Status (2)

Country Link
CN (1) CN105763557B (en)
WO (1) WO2017173806A1 (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105763557B (en) * 2016-04-07 2019-01-22 烽火通信科技股份有限公司 Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU
CN106603523A (en) * 2016-12-09 2017-04-26 北京东土军悦科技有限公司 Message forwarding method and network switching device
CN109542633A (en) * 2018-09-29 2019-03-29 江苏新质信息科技有限公司 A method of improving network packet enciphering rate
CN109302354A (en) * 2018-10-26 2019-02-01 盛科网络(苏州)有限公司 A kind of chip implementing method and device of UDP encapsulation GRE message
CN110636078B (en) * 2019-10-12 2022-02-11 苏州盛科通信股份有限公司 Method and device for realizing Cloudsec
CN111371549B (en) * 2020-03-05 2023-03-24 浙江双成电气有限公司 Message data transmission method, device and system
CN111431921B (en) * 2020-03-31 2022-08-26 杭州迪普科技股份有限公司 Configuration synchronization method
CN111800436B (en) * 2020-07-29 2022-04-08 郑州信大捷安信息技术股份有限公司 IPSec isolation network card equipment and secure communication method
CN112332982B (en) * 2020-11-25 2022-08-26 苏州盛科通信股份有限公司 Macsec decryption method and device
CN114697408B (en) * 2020-12-28 2023-09-26 国家计算机网络与信息安全管理中心 Tunnel message processing method and device
CN113347230B (en) * 2021-05-13 2022-09-06 长沙星融元数据技术有限公司 Load balancing method, device, equipment and medium based on programmable switch
CN113872956A (en) * 2021-09-24 2021-12-31 深圳供电局有限公司 Method and system for inspecting IPSEC VPN transmission content
CN114301735B (en) * 2021-12-10 2023-05-02 北京天融信网络安全技术有限公司 Method, system, terminal and storage medium for managing and controlling on-demand distribution of IPSEC tunnel data
CN114189484B (en) * 2021-12-28 2023-10-27 杭州迪普科技股份有限公司 Method and device for forwarding message internally
CN114095383B (en) * 2022-01-20 2022-04-12 紫光恒越技术有限公司 Network flow sampling method and system and electronic equipment
CN114915451B (en) * 2022-04-07 2023-07-21 南京邮电大学 Fusion tunnel encryption transmission method based on enterprise-level router

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101267399A (en) * 2008-04-24 2008-09-17 杭州华三通信技术有限公司 Packet forward method, device and its uplink interface board
CN101442470A (en) * 2008-12-18 2009-05-27 成都市华为赛门铁克科技有限公司 Method, system and equipment for establishing tunnel
CN103973687A (en) * 2014-05-08 2014-08-06 杭州华三通信技术有限公司 Method and device for maintaining IP safety alliance

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070165638A1 (en) * 2006-01-13 2007-07-19 Cisco Technology, Inc. System and method for routing data over an internet protocol security network
CN100596062C (en) * 2007-08-16 2010-03-24 杭州华三通信技术有限公司 Secure protection device and method for distributed packet transfer
CN101616084A (en) * 2009-07-29 2009-12-30 中兴通讯股份有限公司 A kind of distributed IPSec load sharing device and method
CN105763557B (en) * 2016-04-07 2019-01-22 烽火通信科技股份有限公司 Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101267399A (en) * 2008-04-24 2008-09-17 杭州华三通信技术有限公司 Packet forward method, device and its uplink interface board
CN101442470A (en) * 2008-12-18 2009-05-27 成都市华为赛门铁克科技有限公司 Method, system and equipment for establishing tunnel
CN103973687A (en) * 2014-05-08 2014-08-06 杭州华三通信技术有限公司 Method and device for maintaining IP safety alliance

Also Published As

Publication number Publication date
WO2017173806A1 (en) 2017-10-12
CN105763557A (en) 2016-07-13

Similar Documents

Publication Publication Date Title
CN105763557B (en) Exchange chip or NP cooperate with the method and system for completing message IPSEC encryption with CPU
CN102882789B (en) A kind of data message processing method, system and equipment
CN105591926B (en) A kind of flow rate protecting method and device
CN106375493B (en) Cross-network communication method and proxy server
CN100596062C (en) Secure protection device and method for distributed packet transfer
CN100594690C (en) Method and device for safety strategy uniformly treatment in safety gateway
CN106559349B (en) Control method and device, the system of service transmission rate
JP5116752B2 (en) Efficient key derivation for the security of end-to-end networks with traffic visibility
CN102932377B (en) Method and device for filtering IP (Internet Protocol) message
US8327129B2 (en) Method, apparatus and system for internet key exchange negotiation
US20070169187A1 (en) Method and system for securely scanning network traffic
CN104272674A (en) Multi-tunnel virtual private network
CN111800436B (en) IPSec isolation network card equipment and secure communication method
CN112491821B (en) IPSec message forwarding method and device
CN107181716A (en) A kind of secure communication of network system and method based on national commercial cipher algorithm
CN101521667B (en) Method and device for safety data communication
WO2015131609A1 (en) Method for implementing l2tp over ipsec access
CN108712364A (en) A kind of safety defense system and method for SDN network
CN107819685A (en) The method and the network equipment of a kind of data processing
CN103227742B (en) A kind of method of ipsec tunnel fast processing message
CN103457952A (en) IPSec processing method and device based on encrypting engine
CN106161386A (en) A kind of method and apparatus realizing that IPsec shunts
US8332639B2 (en) Data encryption over a plurality of MPLS networks
CN107294968A (en) The monitoring method and system of a kind of audio, video data
US20160366191A1 (en) Single Proxies in Secure Communication Using Service Function Chaining

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant