CN106685760A - Link state detecting method and apparatus - Google Patents
Link state detecting method and apparatus Download PDFInfo
- Publication number
- CN106685760A CN106685760A CN201611250005.5A CN201611250005A CN106685760A CN 106685760 A CN106685760 A CN 106685760A CN 201611250005 A CN201611250005 A CN 201611250005A CN 106685760 A CN106685760 A CN 106685760A
- Authority
- CN
- China
- Prior art keywords
- message
- link
- specified
- packet loss
- esp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0823—Errors, e.g. transmission errors
- H04L43/0829—Packet loss
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Abstract
The invention provides a link state detecting method and apparatus. The method includes the following steps: obtaining a message serial number of an appointed ESP message and an upper boundary of a current flow window, and determining whether the message serial number of the appointed ESP message is greater than the upper boundary of the current flow window; if the message serial number of the appointed ESP message is greater than the upper boundary of the current flow window, determining a disorder rate and a packet loss ratio on the basis of statistics of the disorder number and the message number of the appointed ESP message and the dimension of the flow window; determining whether the disorder rate and the packet loss ratio are greater than a preset disorder threshold value and a preset packet loss threshold value respectively; and if the disorder rate and the packet loss ratio are greater than the preset disorder threshold value and the preset packet loss threshold value respectively, determining that a link currently in use is a link in an abnormal state. An IPSec VPN apparatus can detect the actual quality of the current link through the ESP message, thereby effectively solving the problem of the prior art that a packet loss ratio and time delays based on message detection cannot accurately detect a current link state.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of detection method and device of Link State.
Background technology
IPSec (Internet Protocol Security, Internet Protocol Security) is a kind of frame of open standard
Frame structure, can be provided high-quality, interoperable and be protected based on cryptographic safety for the data of transmission on the Internet
Card.VPN (Virtual Private Network, Virtual Private Network) is a kind of remote access technology, can be by common network
Set up dedicated network on network to realize the encryption to communication data.IPSec VPN technologies are a kind of remote based on ipsec protocol realization
The VPN technologies that journey is accessed, can make communication data have more preferable safety.
In correlation technique, multilink can be set up between IPSec VPN devices, and detect currently used link
When occurring abnormal, switch another normal link as currently used link, to prevent the interruption of VPN.In detection
When whether currently used link is abnormal, correlation technique is needed first in the phase of the enterprising line link physical examination of IPSec VPN devices
Close configuration, after configuration, IPSec VPN devices can send inspection message, and based on the packet loss for checking message and
Whether time delay is abnormal to judge the link.
Although the state of the link that correlation technique can be currently used to IPSec VPN devices is detected, work as chain
When the agreement that road physical examination is used is different from the agreement that IPSec VPN devices are used, based on check message packet loss and
Whether abnormal delay judgement current ink accuracy rate be relatively low, and now, correlation technique cannot accurately detect currently used chain
The state on road.
The content of the invention
In view of this, chain is worked as during a kind of detection method and device of Link State of present invention offer is to solve correlation technique
When the agreement that road physical examination is used is different from the agreement that IPSec VPN devices are used, correlation technique cannot be based on inspection message
Packet loss and time delay accurately detect the problem of current link conditions.Specifically, the present invention is by following technical solution
Realize:
A kind of first aspect according to embodiments of the present invention, there is provided detection method of Link State, is applied to IPSec VPN
Equipment, methods described includes:
Obtain and specify the coboundary of the sequence of message number and present flow rate window of ESP messages, and judge the specified ESP
Whether the sequence of message number of message is more than the coboundary of the present flow rate window;Wherein, the specified ESP messages are by same
The ESP messages in local successful decryption that opposite equip. sends;
If the sequence of message number of the specified ESP messages is more than the coboundary of the present flow rate window, based on statistics
Out of order number and the flow window size of described specified ESP messages determine out of order rate, and the described specified ESP based on statistics
The message number of message determines packet loss with the flow window size;
Judge whether the out of order rate and packet loss are respectively greater than default out of order threshold value and packet loss threshold value;
If the out of order rate and the packet loss are respectively more than default out of order threshold value and packet loss threshold value, it is determined that working as
The front link for using is the link of abnormal state;Conversely, determining that currently used link is the normal link of state.
Optionally, methods described also includes:
Sequence of message number based on the described specified ESP messages for receiving updates flow window edge.
Optionally, the out of order number of the described specified ESP messages based on statistics determines out of order with flow window size
Rate, including:
Count the out of order number of the specified ESP messages;
By the out of order number divided by flow window size obtaining out of order rate.
Optionally, the message number of the described specified ESP messages based on statistics determines with the flow window size
Packet loss, including:
Count the message number of the specified ESP messages;
The message number that the message number is deducted the described specified ESP messages received in designation number sequence number is obtained
First pending value, and the flow window size is deducted into the designation number obtain the second pending value;
By the described first pending value divided by the described second pending value obtaining packet loss.
Optionally, methods described also includes:
If currently used link is the link of abnormal state, report is notified extremely to the opposite equip. transmission link
Text, so that the opposite equip. reduces its routing priority based on link exception notice message.
Optionally, methods described also includes:
Timing to the opposite equip. sends notice request message;
If receive the opposite equip. replys message based on the notice that the notice request message is returned, will be current
Notice request counting sets to 0;
If do not receive the opposite equip. replys message based on the notice that the notice request message is returned, will be current
Notice request count is incremented;
If the notice request is counted more than default notice request count threshold, the road of currently used link is reduced
By priority.
A kind of second aspect according to embodiments of the present invention, there is provided detection device of Link State, is applied to IPSec VPN
Equipment, described device includes:
Acquisition module, for obtaining the sequence of message number of specified ESP messages and the coboundary of present flow rate window, and sentences
Whether the sequence of message number of the disconnected specified ESP messages is more than the coboundary of the present flow rate window;Wherein, it is described to specify
ESP messages are the ESP messages in local successful decryption sent by same opposite equip.;
First determining module, if the sequence of message number for the specified ESP messages is more than the present flow rate window
Coboundary, then determine out of order rate based on the out of order number of the described specified ESP messages of statistics with flow window size, and is based on
The message number of the described specified ESP messages of statistics determines packet loss with the flow window size;
Judge module, for judging whether the out of order rate and packet loss are respectively greater than default out of order threshold value and lose
Bag threshold value;
Second determining module, if for the out of order rate and the packet loss respectively more than default out of order threshold value with
And packet loss threshold value, determine the link that currently used link is abnormal state;Conversely, determining currently used link for state just
Normal link.
Optionally, described device also includes:
Update module, for the sequence of message number based on the described specified ESP messages for receiving flow window is updated
Border.
Optionally, first determining module specifically for:
Count the out of order number of the specified ESP messages;
By the out of order number divided by flow window size obtaining out of order rate.
Optionally, first determining module specifically for:
Count the message number of the specified ESP messages;
The message number that the message number is deducted the described specified ESP messages received in designation number sequence number is obtained
First pending value, and the flow window size is deducted into the designation number obtain the second pending value;
By the described first pending value divided by the described second pending value obtaining packet loss.
Optionally, described device also includes:
Sending module, if for the link that currently used link is abnormal state, to the opposite equip. send chain
Road exception notice message, so that the opposite equip. reduces its routing priority based on link exception notice message.
Optionally, the sending module is further used for:
Timing to the opposite equip. sends notice request message;
Described device also includes:
Setup module, if replying report based on the notice that the notice request message is returned for receiving the opposite equip.
Text, then set to 0 current notice request counting;And if do not receive the opposite equip. based on it is described notice request message return
Message is replied in the notice returned, then by current notice request, count is incremented;
Module is reduced, if counting more than default notice request count threshold for the notice request, reduces current
The routing priority of the link for using.
In the present invention, current ink can be detected based on the ESP messages of actual interaction between IPSec VPN devices
State, the actual mass due to detecting current ink by ESP messages, therefore, it can effectively solve correlation technique base
The problem of current link conditions cannot be accurately detected in the packet loss and time delay for checking message.
Description of the drawings
Fig. 1 is to carry out an application scenario diagram of data interaction based on multilink between IPSec VPN devices;
Fig. 2 is a kind of flow chart of the detection method of the Link State shown in one embodiment of the invention;
Fig. 3 is a kind of hardware structure diagram of the detection device place equipment of Link State of the present invention;
Fig. 4 is one embodiment block diagram of the detection device of Link State of the present invention.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Explained below is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent and the consistent all embodiments of the present invention.Conversely, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects described in detail in claims, the present invention.
It is, only merely for the purpose of description specific embodiment, and to be not intended to be limiting the present invention in terminology used in the present invention.
" one kind ", " described " and " being somebody's turn to do " of singulative used in the present invention and appended claims is also intended to include majority
Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein is referred to and wrapped
Containing one or more associated any or all possible combinations for listing project.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the present invention
A little information should not necessarily be limited by these terms.These terms are only used for that same type of information is distinguished from each other out.For example, without departing from
In the case of the scope of the invention, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determining ".
Fig. 1 is referred to, is that an application scenarios of data interaction are carried out based on multilink between IPSec VPN devices
Figure.Wherein, device A and equipment B can be IPSec VPN devices, and intranet server 1 can be connected with device A, and by equipment
VPN connections between A and equipment B, realize the data interaction with intranet server 2.There may be between device A and equipment B many
Bar physical link, can set up a plurality of VPN connections, to guarantee current between device A and equipment B based on a plurality of physical link
In the case of the link generating state exception for using, can be by link switching to the normal link of another bar state, to guarantee number
Do not interrupt according to interaction.
In order to detect the state of currently used link, device A and equipment B can be currently used link configuration health
Check, and when physical examination occurs abnormal, currently used link is switched over.Specifically, device A or equipment B can be with
Send to opposite equip. and check message, and calculate the packet loss for checking message and time delay in a period of time, when in a period of time
Inspection message packet loss and time delay exceed default healthy threshold value when, it may be determined that the physical examination for current ink goes out
Now abnormal, i.e., currently used link is the link of abnormal state.
As shown in the above, correlation technique can be by checking that it is currently used to IPSec VPN devices that message is realized
The detection of the state of link, but when the agreement that link physical examination is used is different from the agreement that IPSec VPN devices are used,
It is now, related based on checking that whether abnormal the currently used link of the packet loss and delay judgement of message accuracy rate be relatively low
Technology cannot accurately detect the state of currently used link.
It can be assumed for instance that checking that message is based on ICMP (Internet Control Message Protocol, control
Message protocol processed) protocol transmission message, between IPSec VPN devices interaction message be based on ESP (Encapsulate
Security Payload, ESP) or UDP (User Datagram Protocol, UDP) associations
The message of view transmission, because the packet loss of the message based on ICMP protocol transmissions could possibly be higher than what is transmitted based on ESP or udp protocol
Message, therefore, the state of currently used link cannot accurately be detected based on the packet loss for checking message.
In view of this, the invention provides a kind of detection method of Link State to solve correlation technique in when link it is strong
When the agreement that health inspection is used is different from the agreement that IPSec VPN devices are used, correlation technique cannot be based on and check losing for message
Bag rate and time delay accurately detect the problem of current link conditions.In the present invention, IPSec VPN devices can obtain specified
The sequence of message number of ESP messages and the coboundary of present flow rate window, and whether judge to specify the sequence of message number of ESP messages
More than the coboundary of present flow rate window, the sequence of message number of ESP messages is being specified more than the coboundary of present flow rate window
In the case of, IPSec VPN devices can be determined out of order based on the out of order number of the specified ESP messages of statistics with flow window size
Rate, and packet loss is determined with flow window size based on the message number of the specified ESP messages of statistics, then, IPSec VPN
Equipment may determine that whether out of order rate and packet loss are respectively greater than default out of order threshold value and packet loss threshold value, and out of order at this
When rate and packet loss are respectively more than default out of order threshold value with packet loss threshold value, determine that currently used link is abnormal state
Link;And when the out of order rate and packet loss are not respectively more than default out of order threshold value with packet loss threshold value, it is determined that working as
The front link for using is the normal link of state.
In the present invention, current ink can be detected based on the ESP messages of actual interaction between IPSec VPN devices
State, the actual mass due to detecting current ink by ESP messages, therefore, it can effectively solve correlation technique base
The problem of current link conditions cannot be accurately detected in the packet loss and time delay for checking message.
Fig. 2 is referred to, is a kind of flow chart of the detection method of Link State shown in one embodiment of the invention, the enforcement
Example is applied to IPSec VPN devices, comprises the following steps:
Step 201:Obtain and specify the coboundary of the sequence of message number and present flow rate window of ESP messages, and judge institute
Whether the sequence of message number for stating specified ESP messages is more than the coboundary of the present flow rate window;Wherein, the specified ESP reports
Text is the ESP messages in local successful decryption sent by same opposite equip..
In the present invention, above-mentioned IPSec VPN devices can obtain the sequence of message number and current stream of specified ESP messages
The coboundary of amount window, and judge whether the sequence of message number of the specified ESP messages is more than the coboundary of present flow rate window;Its
In, the specified ESP messages are the ESP messages in local successful decryption sent by same opposite equip..
In the present invention, above-mentioned IPSec VPN devices are with opposite equip. being successfully established after IPSec VPN are connected, can be with
Receive the ESP messages that the opposite equip. sends, and locally the ESP messages are being decrypted, after successful decryption, the decryption
ESP messages after success are above-mentioned specified ESP messages.
Wherein, IPSec VPN devices are prior art in the technology being locally decrypted to ESP messages, therefore the present invention exists
This is repeated no more.
After above-mentioned specified ESP messages are got, above-mentioned IPSec VPN devices can obtain above-mentioned specified ESP messages
Sequence of message number, and judge whether the sequence of message number of above-mentioned specified ESP messages is more than the top of the present flow rate window for obtaining
Boundary.
In the present invention, after IPSec VPN connections are successfully established between IPSec VPN devices, the connection can be set
Flow window size, for example, can be 512, after the flow window size of the connection is provided with, for the initial of the connection
The coboundary of flow window and lower boundary can be respectively 0 and 511.
The coboundary that assume that present flow rate window is 511, if the sequence of message number of the above-mentioned specified ESP messages for obtaining
For 516, then the coboundary of the sequence of message number more than present flow rate window of above-mentioned specified ESP messages is can determine;If obtaining
The sequence of message number of above-mentioned specified ESP messages is 490, then the sequence of message number that can determine above-mentioned specified ESP messages is not more than
The coboundary of present flow rate window.
In the present invention, above-mentioned IPSec VPN devices can be based on the sequence of message of the above-mentioned specified ESP messages for receiving
Number updating flow window edge.
The coboundary that assume that present flow rate window is 511, and lower boundary is 0, if the above-mentioned specified ESP messages for obtaining
Sequence of message number is 516, then above-mentioned IPSec VPN devices can be based on the sequence of message number and update the coboundary of flow window
For 516, lower boundary is updated to 5.
Step 202:If the sequence of message number of the specified ESP messages is more than the coboundary of the present flow rate window,
Out of order rate, and the institute based on statistics are determined with flow window size based on the out of order number of the described specified ESP messages of statistics
The message number and the flow window size for stating specified ESP messages determines packet loss.
In the present invention, if the sequence of message number of above-mentioned specified ESP messages is more than the coboundary of present flow rate window,
IPSec VPN devices can be based on the out of order number of the specified ESP messages of statistics and determine out of order rate with flow window size.
Specifically, above-mentioned IPSec VPN devices can first count the out of order number of specified ESP messages, it is then possible to should
Out of order number is divided by flow window size obtaining out of order rate.
In the present invention, after the sequence of message number for getting above-mentioned specified ESP messages, it can be determined that the sequence of message number
The whether sequence of message number of the newly designated ESP messages arrived less than local reception, if the sequence of message number is arrived less than local reception
Newly designated ESP messages sequence of message number, then can determine above-mentioned specified ESP messages be out of order message.
Above-mentioned IPSec VPN devices can be counted to the number of out of order message, to obtain the system of out of order message number
Evaluation.
In one embodiment, the sequence of message number of above-mentioned specified ESP messages can be 514, present flow rate window it is upper
Border can be 511, then can determine the coboundary of the sequence of message number more than present flow rate window of above-mentioned specified ESP messages,
Now, above-mentioned IPSec VPN devices can be based on the out of order number of the specified ESP messages of statistics and flow window size determines disorderly
Sequence rate.The out of order number that assume that the specified ESP messages of statistics is 50, and flow window size is 512, then can determine out of order
Rate is
In the present invention, when the sequence of message number of above-mentioned specified ESP messages is more than the coboundary of present flow rate window, on
The message number for stating the specified ESP messages that IPSec VPN devices are also based on statistics determines packet loss with flow window size.
Specifically, above-mentioned IPSec VPN devices can first count the message number of specified ESP messages, then by the message
Number deducts the message number of the above-mentioned specified ESP messages received in designation number sequence number and obtains the first pending value, and
Flow window size is deducted into above-mentioned designation number and obtains the second pending value, then above-mentioned IPSec VPN devices will can be somebody's turn to do
First pending value is divided by the second pending value obtaining packet loss.
Wherein, above-mentioned designation number can be arranged by User Defined, or equipment default value, the present invention to this not
It is limited.In one embodiment, above-mentioned designation number can be 32.
In one embodiment, the sequence of message number of above-mentioned specified ESP messages can be 514, present flow rate window it is upper
Border can be 511, then can determine the coboundary of the sequence of message number more than present flow rate window of above-mentioned specified ESP messages,
Now, above-mentioned IPSec VPN devices can be based on the message number of the ESP messages for counting and flow window size determines packet loss
Rate.The message number that assume that the ESP messages of statistics is 80, and flow window size is 512, and above-mentioned designation number is 32,
The message number of the above-mentioned specified ESP messages received in 32 sequence numbers is 30, then packet loss can be
Step 203:Judge whether the out of order rate and packet loss are respectively greater than default out of order threshold value and packet loss threshold
Value.
Step 204:If the out of order rate and the packet loss are respectively more than default out of order threshold value and packet loss threshold
Value, determines the link that currently used link is abnormal state;Conversely, determining that currently used link is the normal chain of state
Road.
In the present invention, after out of order rate and packet loss is obtained, can respectively judge the out of order rate whether more than pre-
If out of order threshold value, and whether the packet loss be more than default packet loss threshold value.Wherein, the default out of order threshold value is preset with this
Packet loss threshold value can be arranged by User Defined, or the default value of equipment, both can be with identical, it is also possible to not phase
Together, the present invention is without limitation.
In one embodiment, it can be assumed that out of order rate isPacket loss isIf default out of order threshold value is
0.05th, default packet loss threshold value is 0.06, then can determine out of order rate more than default out of order threshold value, and packet loss is more than default
Packet loss threshold value;If default out of order threshold value is 0.05, default packet loss threshold value is 0.2, then can determine out of order rate more than pre-
If out of order threshold value, and packet loss be less than default packet loss threshold value.
In the present invention, if out of order rate and packet loss are all higher than default out of order threshold value and packet loss threshold value, can be with
Determine the link that currently used link is abnormal state;Otherwise, it may be determined that currently used link is the normal chain of state
Road.
In the present invention, after the link that currently used link is abnormal state is determined, IPSec VPN devices can be with
To above-mentioned opposite equip. transmission link exception notice message, so that the opposite equip. reduces it based on the link exception notice message
Routing priority.
IPSec VPN devices can receive above-mentioned opposite end after the transmission for completing above-mentioned link exception notice message
The link exception confirmation message of device replied, IPSec VPN devices can be based on link exception confirmation message by local road
Minimized by priority.
If IPSec VPN devices are in a period of time, such as in 1 second, above-mentioned opposite equip. is not received for above-mentioned link
The link exception confirmation message that exception message is replied, then can resend above-mentioned link and confirm report extremely to above-mentioned opposite equip.
Text, if IPSec VPN devices are interior for a period of time, does not receive yet the above-mentioned link confirmation report extremely that above-mentioned opposite equip. is replied
Text, then can again up state opposite equip. and resend above-mentioned link exception notice message.If IPSec VPN devices are upwards
State opposite equip. to have sent several times, such as 3 times, after above-mentioned link exception notice message, above-mentioned opposite equip. is not received yet and is returned
Multiple above-mentioned link exception confirmation message, then no longer can send above-mentioned link notice message to above-mentioned opposite equip., and voluntarily
Local routing priority is minimized.
In one embodiment, above-mentioned link exception notice message can be the ESP messages of extension, wherein, the extension
ESP messages can be the self-defining ESP messages of related personnel.
In one embodiment, it can be assumed that above-mentioned link exception notice message is the ESP messages of extension, then the extension
The encapsulation of data type of the protocol headers Next Header of ESP messages can be 254, the number of the loading section that the message is carried
Can be according to form:
Wherein, the first row of the data form can be function name;Second row and the third line can identify one back and forth
Interaction;Fourth line can represent that out of order rate isFifth line can represent that packet loss is6th row can be another function
Title;7th row can represent that the message is that above-mentioned IPSec VPN devices are sent to the link notice extremely of above-mentioned opposite equip.
Message.
When above-mentioned link exception notice message is to extend ESP messages, link exception confirmation message corresponding with the message
Extension ESP messages can be similarly, in one embodiment, link corresponding with above-mentioned link exception notice message confirms extremely
The encapsulation of data type of the protocol headers Next Header of message can be 254, and the data form of the loading section of carrying can be with
For:
The first three rows and the 6th row of the data form of the loading section that above-mentioned link exception confirmation message is carried with it is above-mentioned
Link exception notice message it is identical, therefore the present invention will not be described here;The load portion that above-mentioned link exception confirmation message is carried
Point the fourth line of data form, fifth line and the 7th row can represent the message and send to above-mentioned IPSec for opposite equip.
The link exception confirmation message of VPN device.
In the present invention, above-mentioned IPSec VPN devices regularly can send notice request message to above-mentioned opposite equip., if
Receive above-mentioned opposite equip. and message is replied based on the notice that the notice request message is returned, then current notice can be asked
Counting sets to 0;If do not receive above-mentioned opposite equip. replys message based on the notice that the notice request message is returned, will can work as
Front by request, count is incremented, when notice request is counted more than default notice request count threshold, such as when 3, IPSec
VPN device can reduce the routing priority of currently used link.
In one embodiment, above-mentioned notice request message can be the ESP messages of extension, wherein, the ESP reports of the extension
Text can be the self-defining ESP messages of related personnel.
In one embodiment, it can be assumed that above-mentioned notice request message is the ESP messages of extension, then the ESP of the extension
The encapsulation of data type of the protocol headers Next Header of message can be 254, the data lattice of the loading section that the message is carried
Formula can be:
Wherein, the first row of the data form can be function name;Second row and the third line can identify one back and forth
Interaction;Fourth line, fifth line are the self-defined setting of related personnel, do not indicate that particular meaning;6th row can be another function name
Claim;7th row can represent that the message is that above-mentioned IPSec VPN devices are sent to the notice request message of above-mentioned opposite equip..
When above-mentioned notice request message is to extend ESP messages, message is replied in notice corresponding with the message can be same
To extend ESP messages, in one embodiment, the protocol headers of message are replied in notice corresponding with above-mentioned notice request message
The encapsulation of data type of Next Header can be 254, and the data form of the loading section of carrying can be:
The first six row and above-mentioned notice request message of the data form of the loading section that message is carried is replied in above-mentioned notice
It is identical, therefore the present invention will not be described here;7th row can represent that the message is sent to above-mentioned IPSec for above-mentioned opposite equip.
Message is replied in the notice of VPN device.
In the present invention, IPSec VPN devices can obtain the sequence of message number and present flow rate window of specified ESP messages
The coboundary of mouth, and judge whether the sequence of message number of specified ESP messages is more than the coboundary of present flow rate window, specifying
In the case of coboundary of the sequence of message number of ESP messages more than present flow rate window, IPSec VPN devices can be based on statistics
Out of order number and the flow window size of specified ESP messages determine out of order rate, and the report of the specified ESP messages based on statistics
Literary number and flow window size determine packet loss, and then, IPSec VPN devices may determine that whether are out of order rate and packet loss
Respectively greater than default out of order threshold value and packet loss threshold value, and in the out of order rate and packet loss respectively more than default out of order
When threshold value is with packet loss threshold value, the link that currently used link is abnormal state is determined;And in the out of order rate and packet loss
When not respectively more than default out of order threshold value with packet loss threshold value, determine that currently used link is the normal link of state.
In the present invention, current ink can be detected based on the ESP messages of actual interaction between IPSec VPN devices
State, the actual mass due to detecting current ink by ESP messages, therefore, it can effectively solve correlation technique base
The problem of current link conditions cannot be accurately detected in the packet loss and time delay for checking message.
It is corresponding with the embodiment of the detection method of aforementioned Link State, present invention also offers the detection dress of Link State
The embodiment put.
The embodiment of the detection device of Link State of the present invention can be applied in IPSec VPN devices.Device embodiment can
To be realized by software, it is also possible to realized by way of hardware or software and hardware combining.As a example by implemented in software, as one
Device on logical meaning, is to be referred to corresponding computer program in nonvolatile memory by the processor of its place equipment
Order reads what operation in internal memory was formed.From for hardware view, as shown in figure 3, for the detection device of Link State of the present invention
A kind of hardware structure diagram of place equipment, except the processor shown in Fig. 3, internal memory, network interface and nonvolatile memory
Outside, the equipment that device is located in embodiment can also generally include other hardware, such as be responsible for processing the forwarding chip of message
Deng.
Fig. 4 is refer to, is one embodiment block diagram of the detection device of Link State of the present invention:
The device can include:Acquisition module 410, the first determining module 420, judge module 430 and second determine mould
Block 440.
Wherein, acquisition module 410, for obtaining the sequence of message number and present flow rate window of specified ESP messages
Border, and judge whether the sequence of message number of the specified ESP messages is more than the coboundary of the present flow rate window;Wherein,
The specified ESP messages are the ESP messages in local successful decryption sent by same opposite equip.;
First determining module 420, if the sequence of message number for the specified ESP messages is more than the present flow rate window
Coboundary, then out of order rate, Yi Jiji are determined based on out of order number and the flow window size of the described specified ESP messages of statistics
Determine packet loss with the flow window size in the message number of the described specified ESP messages of statistics;
Judge module 430, for judge the out of order rate and packet loss whether be respectively greater than default out of order threshold value with
And packet loss threshold value;
Second determining module 440, if being respectively more than default out of order threshold for the out of order rate and the packet loss
Value and packet loss threshold value, determine the link that currently used link is abnormal state;Conversely, determining that currently used link is shape
The normal link of state.
In an optional implementation, described device can also be included (not shown in Fig. 4):
Update module, for the sequence of message number based on the described specified ESP messages for receiving flow window edge is updated.
In an optional implementation, first determining module 420 can be specifically for:
Count the out of order number of the specified ESP messages;
By the out of order number divided by flow window size obtaining out of order rate.
In an optional implementation, first determining module 420 can be specifically for:
Count the message number of the specified ESP messages;
The message number that the message number is deducted the described specified ESP messages received in designation number sequence number is obtained
First pending value, and the flow window size is deducted into the designation number obtain the second pending value;
By the described first pending value divided by the described second pending value obtaining packet loss.
In an optional implementation, described device can also be included (not shown in Fig. 4):
Sending module, if for the link that currently used link is abnormal state, to the opposite equip. send chain
Road exception notice message, so that the opposite equip. reduces its routing priority based on link exception notice message.
In an optional implementation, the sending module can be further used for:
Timing to the opposite equip. sends notice request message;
Described device can also be included (not shown in Fig. 4):
Setup module, if replying report based on the notice that the notice request message is returned for receiving the opposite equip.
Text, then set to 0 current notice request counting;And if do not receive the opposite equip. based on it is described notice request message return
Message is replied in the notice returned, then by current notice request, count is incremented;
Module is reduced, if counting more than default notice request count threshold for the notice request, reduces current
The routing priority of the link for using.
In the present invention, IPSec VPN devices can obtain the sequence of message number and present flow rate window of specified ESP messages
The coboundary of mouth, and judge whether the sequence of message number of specified ESP messages is more than the coboundary of present flow rate window, specifying
In the case of coboundary of the sequence of message number of ESP messages more than present flow rate window, IPSec VPN devices can be based on statistics
Out of order number and the flow window size of specified ESP messages determine out of order rate, and the report of the specified ESP messages based on statistics
Literary number and flow window size determine packet loss, and then, IPSec VPN devices may determine that whether are out of order rate and packet loss
Respectively greater than default out of order threshold value and packet loss threshold value, and in the out of order rate and packet loss respectively more than default out of order
When threshold value is with packet loss threshold value, the link that currently used link is abnormal state is determined;And in the out of order rate and packet loss
When not respectively more than default out of order threshold value with packet loss threshold value, determine that currently used link is the normal link of state.
In the present invention, current ink can be detected based on the ESP messages of actual interaction between IPSec VPN devices
State, the actual mass due to detecting current ink by ESP messages, therefore, it can effectively solve correlation technique base
The problem of current link conditions cannot be accurately detected in the packet loss and time delay for checking message.
The function of unit and effect realizes that process specifically refers in said method correspondence step in said apparatus
Process is realized, be will not be described here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is referring to method reality
Apply the part explanation of example.Device embodiment described above is only schematic, wherein described as separating component
The unit of explanation can be or may not be physically separate, can be as the part that unit shows or can also
It is not physical location, you can be located at a place, or can also be distributed on multiple NEs.Can be according to reality
Need the purpose for selecting some or all of module therein to realize the present invention program.Those of ordinary skill in the art are not paying
In the case of going out creative work, you can to understand and implement.
Presently preferred embodiments of the present invention is the foregoing is only, not to limit the present invention, all essences in the present invention
Within god and principle, any modification, equivalent substitution and improvements done etc. should be included within the scope of protection of the invention.
Claims (12)
1. a kind of detection method of Link State, is applied to Internet Protocol Security IPSec virtual private network equipment, its
It is characterised by, methods described includes:
Obtain and specify the coboundary of the sequence of message number and present flow rate window of ESP messages, and judge the specified ESP messages
Sequence of message number whether more than the coboundary of the present flow rate window;Wherein, the specified ESP messages are by same a pair of end
The ESP messages in local successful decryption that equipment sends;
If the sequence of message number of the specified ESP messages is more than the coboundary of the present flow rate window, the institute based on statistics
The out of order number and flow window size for stating specified ESP messages determines out of order rate, and the described specified ESP messages based on statistics
Message number determine packet loss with the flow window size;
Judge whether the out of order rate and packet loss are respectively greater than default out of order threshold value and packet loss threshold value;
If the out of order rate and the packet loss are respectively more than default out of order threshold value and packet loss threshold value, it is determined that currently making
Link is the link of abnormal state;Conversely, determining that currently used link is the normal link of state.
2. method according to claim 1, it is characterised in that methods described also includes:
Sequence of message number based on the described specified ESP messages for receiving updates flow window edge.
3. method according to claim 2, it is characterised in that the described specified ESP messages based on statistics it is out of order
Number determines out of order rate with flow window size, including:
Count the out of order number of the specified ESP messages;
By the out of order number divided by flow window size obtaining out of order rate.
4. method according to claim 2, it is characterised in that the message of the described specified ESP messages based on statistics
Number determines packet loss with the flow window size, including:
Count the message number of the specified ESP messages;
The message number that the message number is deducted the described specified ESP messages received in designation number sequence number obtains first
Pending value, and the flow window size is deducted into the designation number obtain the second pending value;
By the described first pending value divided by the described second pending value obtaining packet loss.
5. method according to claim 1, it is characterised in that methods described also includes:
If currently used link for abnormal state link, to the opposite equip. transmission link exception notice message, with
The opposite equip. is set to reduce its routing priority based on link exception notice message.
6. method according to claim 1, it is characterised in that methods described also includes:
Timing to the opposite equip. sends notice request message;
If receive the opposite equip. replys message based on the notice that the notice request message is returned, by current notice
Request counting sets to 0;
If do not receive the opposite equip. replys message based on the notice that the notice request message is returned, current is led to
Count is incremented to accuse request;
If the notice request is counted more than default notice request count threshold, the route for reducing currently used link is excellent
First level.
7. a kind of detection device of Link State, is applied to Internet Protocol Security IPSec virtual private network equipment, its
It is characterised by, described device includes:
Acquisition module, for obtaining the sequence of message number of specified ESP messages and the coboundary of present flow rate window, and judges institute
Whether the sequence of message number for stating specified ESP messages is more than the coboundary of the present flow rate window;Wherein, the specified ESP reports
Text is the ESP messages in local successful decryption sent by same opposite equip.;
First determining module, if the sequence of message number for the specified ESP messages is more than the top of the present flow rate window
Boundary, then determine out of order rate based on the out of order number of the described specified ESP messages of statistics with flow window size, and based on statistics
The message number of described specified ESP messages determine packet loss with the flow window size;
Judge module, for judging whether the out of order rate and packet loss are respectively greater than default out of order threshold value and packet loss threshold
Value;
Second determining module, if respectively more than default out of order threshold value and losing for the out of order rate and the packet loss
Bag threshold value, determines the link that currently used link is abnormal state;Conversely, determining that currently used link is that state is normal
Link.
8. device according to claim 7, it is characterised in that described device also includes:
Update module, for the sequence of message number based on the described specified ESP messages for receiving flow window edge is updated.
9. device according to claim 8, it is characterised in that first determining module specifically for:
Count the out of order number of the specified ESP messages;
By the out of order number divided by flow window size obtaining out of order rate.
10. device according to claim 8, it is characterised in that first determining module specifically for:
Count the message number of the specified ESP messages;
The message number that the message number is deducted the described specified ESP messages received in designation number sequence number obtains first
Pending value, and the flow window size is deducted into the designation number obtain the second pending value;
By the described first pending value divided by the described second pending value obtaining packet loss.
11. devices according to claim 7, it is characterised in that described device also includes:
Sending module, if for the link that currently used link is abnormal state, it is different to the opposite equip. transmission link
Normal notice message, so that the opposite equip. reduces its routing priority based on link exception notice message.
12. devices according to claim 7, it is characterised in that the sending module is further used for:
Timing to the opposite equip. sends notice request message;
Described device also includes:
Setup module, if replying message based on the notice that the notice request message is returned for receiving the opposite equip.,
Then current notice request counting is set to 0;And if not receiving the opposite equip. based on the notice request message return
Notice reply message, then by current notice request, count is incremented;
Module is reduced, if counting more than default notice request count threshold for the notice request, reduces currently used
Link routing priority.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611250005.5A CN106685760A (en) | 2016-12-29 | 2016-12-29 | Link state detecting method and apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611250005.5A CN106685760A (en) | 2016-12-29 | 2016-12-29 | Link state detecting method and apparatus |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106685760A true CN106685760A (en) | 2017-05-17 |
Family
ID=58872191
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611250005.5A Pending CN106685760A (en) | 2016-12-29 | 2016-12-29 | Link state detecting method and apparatus |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106685760A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109831328A (en) * | 2019-01-30 | 2019-05-31 | 杭州迪普科技股份有限公司 | Switching method, device, the electronic equipment of intelligent route selection |
CN109905310A (en) * | 2019-03-26 | 2019-06-18 | 杭州迪普科技股份有限公司 | Data transmission method, device, electronic equipment |
CN110098975A (en) * | 2019-04-03 | 2019-08-06 | 新浪网技术(中国)有限公司 | User passes through the detection method and system of virtual private network access internet |
CN113824636A (en) * | 2020-06-18 | 2021-12-21 | 中兴通讯股份有限公司 | Message sending method, message receiving method, electronic device, system and storage medium |
CN116232944A (en) * | 2023-05-06 | 2023-06-06 | 珠海星云智联科技有限公司 | Method, equipment and medium for transport layer security protocol message service |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101488835A (en) * | 2009-02-13 | 2009-07-22 | 华为技术有限公司 | Link detection method, apparatus and communication system |
CN101640629A (en) * | 2008-07-29 | 2010-02-03 | 华为技术有限公司 | Method for monitoring link packet loss and bidirectional forwarding detector |
CN102724086A (en) * | 2012-06-21 | 2012-10-10 | 中兴通讯股份有限公司 | Method and device for detecting quality of transmission link |
CN105591843A (en) * | 2016-02-06 | 2016-05-18 | 中国科学院计算技术研究所 | Network performance detection method and system based on receiving end in TCP transmission stream |
-
2016
- 2016-12-29 CN CN201611250005.5A patent/CN106685760A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101640629A (en) * | 2008-07-29 | 2010-02-03 | 华为技术有限公司 | Method for monitoring link packet loss and bidirectional forwarding detector |
CN101488835A (en) * | 2009-02-13 | 2009-07-22 | 华为技术有限公司 | Link detection method, apparatus and communication system |
CN102724086A (en) * | 2012-06-21 | 2012-10-10 | 中兴通讯股份有限公司 | Method and device for detecting quality of transmission link |
CN105591843A (en) * | 2016-02-06 | 2016-05-18 | 中国科学院计算技术研究所 | Network performance detection method and system based on receiving end in TCP transmission stream |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109831328A (en) * | 2019-01-30 | 2019-05-31 | 杭州迪普科技股份有限公司 | Switching method, device, the electronic equipment of intelligent route selection |
CN109905310A (en) * | 2019-03-26 | 2019-06-18 | 杭州迪普科技股份有限公司 | Data transmission method, device, electronic equipment |
CN109905310B (en) * | 2019-03-26 | 2020-12-29 | 杭州迪普科技股份有限公司 | Data transmission method and device and electronic equipment |
CN110098975A (en) * | 2019-04-03 | 2019-08-06 | 新浪网技术(中国)有限公司 | User passes through the detection method and system of virtual private network access internet |
CN113824636A (en) * | 2020-06-18 | 2021-12-21 | 中兴通讯股份有限公司 | Message sending method, message receiving method, electronic device, system and storage medium |
CN116232944A (en) * | 2023-05-06 | 2023-06-06 | 珠海星云智联科技有限公司 | Method, equipment and medium for transport layer security protocol message service |
CN116232944B (en) * | 2023-05-06 | 2023-08-04 | 珠海星云智联科技有限公司 | Method, equipment and medium for transport layer security protocol message service |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106685760A (en) | Link state detecting method and apparatus | |
CN105071987B (en) | Refined net path quality analysis method based on flow analysis | |
US8799504B2 (en) | System and method of TCP tunneling | |
CN109756501B (en) | High-privacy network proxy method and system based on HTTP (hyper text transport protocol) | |
US10742555B1 (en) | Network congestion detection and resolution | |
CN105847034B (en) | Source verifying and path authentication method and device | |
SA515360321B1 (en) | Based discovery engine configurations for neighborhood aware wi-fi networks | |
CN108353015A (en) | Relay | |
CN105960781A (en) | System and method for securing source routing using public key based digital signature | |
CN104796405B (en) | Rebound connecting detection method and apparatus | |
CN106790221A (en) | A kind of safe ipsec protocol encryption method of internet protocol and the network equipment | |
CN105939297A (en) | TCP message reassembling method and TCP message reassembling device | |
CN107104929A (en) | The methods, devices and systems of defending against network attacks | |
CN104067562A (en) | Protocol for layer two multiple network links tunnelling | |
CN108667898A (en) | The snapshot of content of buffer in network element is provided using outgoing mirror image | |
CN108933763B (en) | Data message sending method, network equipment, control equipment and network system | |
CN110535888A (en) | Port Scan Attacks detection method and relevant apparatus | |
EP2784997A1 (en) | Re-marking of packets for congestion control | |
CN104283716B (en) | Data transmission method, equipment and system | |
CN104579973B (en) | Message forwarding method and device in a kind of Virtual Cluster | |
CN108989152A (en) | Obtain the method and device and computer storage medium of network delay | |
CN104579788B (en) | A kind of location of mistake method of distributed dynamic route network | |
CN110999221A (en) | Dynamic TCP stream processing with modification notification | |
CN108092971A (en) | A kind of method and device of processing business message | |
CN108712388A (en) | A kind of data safe transmission method and device based on HTTP |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170517 |
|
RJ01 | Rejection of invention patent application after publication |