CN106685760A - Link state detecting method and apparatus - Google Patents

Link state detecting method and apparatus Download PDF

Info

Publication number
CN106685760A
CN106685760A CN201611250005.5A CN201611250005A CN106685760A CN 106685760 A CN106685760 A CN 106685760A CN 201611250005 A CN201611250005 A CN 201611250005A CN 106685760 A CN106685760 A CN 106685760A
Authority
CN
China
Prior art keywords
message
link
specified
packet loss
esp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611250005.5A
Other languages
Chinese (zh)
Inventor
孔伟政
邵国宝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201611250005.5A priority Critical patent/CN106685760A/en
Publication of CN106685760A publication Critical patent/CN106685760A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0823Errors, e.g. transmission errors
    • H04L43/0829Packet loss
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Abstract

The invention provides a link state detecting method and apparatus. The method includes the following steps: obtaining a message serial number of an appointed ESP message and an upper boundary of a current flow window, and determining whether the message serial number of the appointed ESP message is greater than the upper boundary of the current flow window; if the message serial number of the appointed ESP message is greater than the upper boundary of the current flow window, determining a disorder rate and a packet loss ratio on the basis of statistics of the disorder number and the message number of the appointed ESP message and the dimension of the flow window; determining whether the disorder rate and the packet loss ratio are greater than a preset disorder threshold value and a preset packet loss threshold value respectively; and if the disorder rate and the packet loss ratio are greater than the preset disorder threshold value and the preset packet loss threshold value respectively, determining that a link currently in use is a link in an abnormal state. An IPSec VPN apparatus can detect the actual quality of the current link through the ESP message, thereby effectively solving the problem of the prior art that a packet loss ratio and time delays based on message detection cannot accurately detect a current link state.

Description

The detection method and device of Link State
Technical field
The present invention relates to communication technical field, more particularly to a kind of detection method and device of Link State.
Background technology
IPSec (Internet Protocol Security, Internet Protocol Security) is a kind of frame of open standard Frame structure, can be provided high-quality, interoperable and be protected based on cryptographic safety for the data of transmission on the Internet Card.VPN (Virtual Private Network, Virtual Private Network) is a kind of remote access technology, can be by common network Set up dedicated network on network to realize the encryption to communication data.IPSec VPN technologies are a kind of remote based on ipsec protocol realization The VPN technologies that journey is accessed, can make communication data have more preferable safety.
In correlation technique, multilink can be set up between IPSec VPN devices, and detect currently used link When occurring abnormal, switch another normal link as currently used link, to prevent the interruption of VPN.In detection When whether currently used link is abnormal, correlation technique is needed first in the phase of the enterprising line link physical examination of IPSec VPN devices Close configuration, after configuration, IPSec VPN devices can send inspection message, and based on the packet loss for checking message and Whether time delay is abnormal to judge the link.
Although the state of the link that correlation technique can be currently used to IPSec VPN devices is detected, work as chain When the agreement that road physical examination is used is different from the agreement that IPSec VPN devices are used, based on check message packet loss and Whether abnormal delay judgement current ink accuracy rate be relatively low, and now, correlation technique cannot accurately detect currently used chain The state on road.
The content of the invention
In view of this, chain is worked as during a kind of detection method and device of Link State of present invention offer is to solve correlation technique When the agreement that road physical examination is used is different from the agreement that IPSec VPN devices are used, correlation technique cannot be based on inspection message Packet loss and time delay accurately detect the problem of current link conditions.Specifically, the present invention is by following technical solution Realize:
A kind of first aspect according to embodiments of the present invention, there is provided detection method of Link State, is applied to IPSec VPN Equipment, methods described includes:
Obtain and specify the coboundary of the sequence of message number and present flow rate window of ESP messages, and judge the specified ESP Whether the sequence of message number of message is more than the coboundary of the present flow rate window;Wherein, the specified ESP messages are by same The ESP messages in local successful decryption that opposite equip. sends;
If the sequence of message number of the specified ESP messages is more than the coboundary of the present flow rate window, based on statistics Out of order number and the flow window size of described specified ESP messages determine out of order rate, and the described specified ESP based on statistics The message number of message determines packet loss with the flow window size;
Judge whether the out of order rate and packet loss are respectively greater than default out of order threshold value and packet loss threshold value;
If the out of order rate and the packet loss are respectively more than default out of order threshold value and packet loss threshold value, it is determined that working as The front link for using is the link of abnormal state;Conversely, determining that currently used link is the normal link of state.
Optionally, methods described also includes:
Sequence of message number based on the described specified ESP messages for receiving updates flow window edge.
Optionally, the out of order number of the described specified ESP messages based on statistics determines out of order with flow window size Rate, including:
Count the out of order number of the specified ESP messages;
By the out of order number divided by flow window size obtaining out of order rate.
Optionally, the message number of the described specified ESP messages based on statistics determines with the flow window size Packet loss, including:
Count the message number of the specified ESP messages;
The message number that the message number is deducted the described specified ESP messages received in designation number sequence number is obtained First pending value, and the flow window size is deducted into the designation number obtain the second pending value;
By the described first pending value divided by the described second pending value obtaining packet loss.
Optionally, methods described also includes:
If currently used link is the link of abnormal state, report is notified extremely to the opposite equip. transmission link Text, so that the opposite equip. reduces its routing priority based on link exception notice message.
Optionally, methods described also includes:
Timing to the opposite equip. sends notice request message;
If receive the opposite equip. replys message based on the notice that the notice request message is returned, will be current Notice request counting sets to 0;
If do not receive the opposite equip. replys message based on the notice that the notice request message is returned, will be current Notice request count is incremented;
If the notice request is counted more than default notice request count threshold, the road of currently used link is reduced By priority.
A kind of second aspect according to embodiments of the present invention, there is provided detection device of Link State, is applied to IPSec VPN Equipment, described device includes:
Acquisition module, for obtaining the sequence of message number of specified ESP messages and the coboundary of present flow rate window, and sentences Whether the sequence of message number of the disconnected specified ESP messages is more than the coboundary of the present flow rate window;Wherein, it is described to specify ESP messages are the ESP messages in local successful decryption sent by same opposite equip.;
First determining module, if the sequence of message number for the specified ESP messages is more than the present flow rate window Coboundary, then determine out of order rate based on the out of order number of the described specified ESP messages of statistics with flow window size, and is based on The message number of the described specified ESP messages of statistics determines packet loss with the flow window size;
Judge module, for judging whether the out of order rate and packet loss are respectively greater than default out of order threshold value and lose Bag threshold value;
Second determining module, if for the out of order rate and the packet loss respectively more than default out of order threshold value with And packet loss threshold value, determine the link that currently used link is abnormal state;Conversely, determining currently used link for state just Normal link.
Optionally, described device also includes:
Update module, for the sequence of message number based on the described specified ESP messages for receiving flow window is updated Border.
Optionally, first determining module specifically for:
Count the out of order number of the specified ESP messages;
By the out of order number divided by flow window size obtaining out of order rate.
Optionally, first determining module specifically for:
Count the message number of the specified ESP messages;
The message number that the message number is deducted the described specified ESP messages received in designation number sequence number is obtained First pending value, and the flow window size is deducted into the designation number obtain the second pending value;
By the described first pending value divided by the described second pending value obtaining packet loss.
Optionally, described device also includes:
Sending module, if for the link that currently used link is abnormal state, to the opposite equip. send chain Road exception notice message, so that the opposite equip. reduces its routing priority based on link exception notice message.
Optionally, the sending module is further used for:
Timing to the opposite equip. sends notice request message;
Described device also includes:
Setup module, if replying report based on the notice that the notice request message is returned for receiving the opposite equip. Text, then set to 0 current notice request counting;And if do not receive the opposite equip. based on it is described notice request message return Message is replied in the notice returned, then by current notice request, count is incremented;
Module is reduced, if counting more than default notice request count threshold for the notice request, reduces current The routing priority of the link for using.
In the present invention, current ink can be detected based on the ESP messages of actual interaction between IPSec VPN devices State, the actual mass due to detecting current ink by ESP messages, therefore, it can effectively solve correlation technique base The problem of current link conditions cannot be accurately detected in the packet loss and time delay for checking message.
Description of the drawings
Fig. 1 is to carry out an application scenario diagram of data interaction based on multilink between IPSec VPN devices;
Fig. 2 is a kind of flow chart of the detection method of the Link State shown in one embodiment of the invention;
Fig. 3 is a kind of hardware structure diagram of the detection device place equipment of Link State of the present invention;
Fig. 4 is one embodiment block diagram of the detection device of Link State of the present invention.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Explained below is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent and the consistent all embodiments of the present invention.Conversely, they be only with it is such as appended The example of the consistent apparatus and method of some aspects described in detail in claims, the present invention.
It is, only merely for the purpose of description specific embodiment, and to be not intended to be limiting the present invention in terminology used in the present invention. " one kind ", " described " and " being somebody's turn to do " of singulative used in the present invention and appended claims is also intended to include majority Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein is referred to and wrapped Containing one or more associated any or all possible combinations for listing project.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the present invention A little information should not necessarily be limited by these terms.These terms are only used for that same type of information is distinguished from each other out.For example, without departing from In the case of the scope of the invention, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determining ".
Fig. 1 is referred to, is that an application scenarios of data interaction are carried out based on multilink between IPSec VPN devices Figure.Wherein, device A and equipment B can be IPSec VPN devices, and intranet server 1 can be connected with device A, and by equipment VPN connections between A and equipment B, realize the data interaction with intranet server 2.There may be between device A and equipment B many Bar physical link, can set up a plurality of VPN connections, to guarantee current between device A and equipment B based on a plurality of physical link In the case of the link generating state exception for using, can be by link switching to the normal link of another bar state, to guarantee number Do not interrupt according to interaction.
In order to detect the state of currently used link, device A and equipment B can be currently used link configuration health Check, and when physical examination occurs abnormal, currently used link is switched over.Specifically, device A or equipment B can be with Send to opposite equip. and check message, and calculate the packet loss for checking message and time delay in a period of time, when in a period of time Inspection message packet loss and time delay exceed default healthy threshold value when, it may be determined that the physical examination for current ink goes out Now abnormal, i.e., currently used link is the link of abnormal state.
As shown in the above, correlation technique can be by checking that it is currently used to IPSec VPN devices that message is realized The detection of the state of link, but when the agreement that link physical examination is used is different from the agreement that IPSec VPN devices are used, It is now, related based on checking that whether abnormal the currently used link of the packet loss and delay judgement of message accuracy rate be relatively low Technology cannot accurately detect the state of currently used link.
It can be assumed for instance that checking that message is based on ICMP (Internet Control Message Protocol, control Message protocol processed) protocol transmission message, between IPSec VPN devices interaction message be based on ESP (Encapsulate Security Payload, ESP) or UDP (User Datagram Protocol, UDP) associations The message of view transmission, because the packet loss of the message based on ICMP protocol transmissions could possibly be higher than what is transmitted based on ESP or udp protocol Message, therefore, the state of currently used link cannot accurately be detected based on the packet loss for checking message.
In view of this, the invention provides a kind of detection method of Link State to solve correlation technique in when link it is strong When the agreement that health inspection is used is different from the agreement that IPSec VPN devices are used, correlation technique cannot be based on and check losing for message Bag rate and time delay accurately detect the problem of current link conditions.In the present invention, IPSec VPN devices can obtain specified The sequence of message number of ESP messages and the coboundary of present flow rate window, and whether judge to specify the sequence of message number of ESP messages More than the coboundary of present flow rate window, the sequence of message number of ESP messages is being specified more than the coboundary of present flow rate window In the case of, IPSec VPN devices can be determined out of order based on the out of order number of the specified ESP messages of statistics with flow window size Rate, and packet loss is determined with flow window size based on the message number of the specified ESP messages of statistics, then, IPSec VPN Equipment may determine that whether out of order rate and packet loss are respectively greater than default out of order threshold value and packet loss threshold value, and out of order at this When rate and packet loss are respectively more than default out of order threshold value with packet loss threshold value, determine that currently used link is abnormal state Link;And when the out of order rate and packet loss are not respectively more than default out of order threshold value with packet loss threshold value, it is determined that working as The front link for using is the normal link of state.
In the present invention, current ink can be detected based on the ESP messages of actual interaction between IPSec VPN devices State, the actual mass due to detecting current ink by ESP messages, therefore, it can effectively solve correlation technique base The problem of current link conditions cannot be accurately detected in the packet loss and time delay for checking message.
Fig. 2 is referred to, is a kind of flow chart of the detection method of Link State shown in one embodiment of the invention, the enforcement Example is applied to IPSec VPN devices, comprises the following steps:
Step 201:Obtain and specify the coboundary of the sequence of message number and present flow rate window of ESP messages, and judge institute Whether the sequence of message number for stating specified ESP messages is more than the coboundary of the present flow rate window;Wherein, the specified ESP reports Text is the ESP messages in local successful decryption sent by same opposite equip..
In the present invention, above-mentioned IPSec VPN devices can obtain the sequence of message number and current stream of specified ESP messages The coboundary of amount window, and judge whether the sequence of message number of the specified ESP messages is more than the coboundary of present flow rate window;Its In, the specified ESP messages are the ESP messages in local successful decryption sent by same opposite equip..
In the present invention, above-mentioned IPSec VPN devices are with opposite equip. being successfully established after IPSec VPN are connected, can be with Receive the ESP messages that the opposite equip. sends, and locally the ESP messages are being decrypted, after successful decryption, the decryption ESP messages after success are above-mentioned specified ESP messages.
Wherein, IPSec VPN devices are prior art in the technology being locally decrypted to ESP messages, therefore the present invention exists This is repeated no more.
After above-mentioned specified ESP messages are got, above-mentioned IPSec VPN devices can obtain above-mentioned specified ESP messages Sequence of message number, and judge whether the sequence of message number of above-mentioned specified ESP messages is more than the top of the present flow rate window for obtaining Boundary.
In the present invention, after IPSec VPN connections are successfully established between IPSec VPN devices, the connection can be set Flow window size, for example, can be 512, after the flow window size of the connection is provided with, for the initial of the connection The coboundary of flow window and lower boundary can be respectively 0 and 511.
The coboundary that assume that present flow rate window is 511, if the sequence of message number of the above-mentioned specified ESP messages for obtaining For 516, then the coboundary of the sequence of message number more than present flow rate window of above-mentioned specified ESP messages is can determine;If obtaining The sequence of message number of above-mentioned specified ESP messages is 490, then the sequence of message number that can determine above-mentioned specified ESP messages is not more than The coboundary of present flow rate window.
In the present invention, above-mentioned IPSec VPN devices can be based on the sequence of message of the above-mentioned specified ESP messages for receiving Number updating flow window edge.
The coboundary that assume that present flow rate window is 511, and lower boundary is 0, if the above-mentioned specified ESP messages for obtaining Sequence of message number is 516, then above-mentioned IPSec VPN devices can be based on the sequence of message number and update the coboundary of flow window For 516, lower boundary is updated to 5.
Step 202:If the sequence of message number of the specified ESP messages is more than the coboundary of the present flow rate window, Out of order rate, and the institute based on statistics are determined with flow window size based on the out of order number of the described specified ESP messages of statistics The message number and the flow window size for stating specified ESP messages determines packet loss.
In the present invention, if the sequence of message number of above-mentioned specified ESP messages is more than the coboundary of present flow rate window, IPSec VPN devices can be based on the out of order number of the specified ESP messages of statistics and determine out of order rate with flow window size.
Specifically, above-mentioned IPSec VPN devices can first count the out of order number of specified ESP messages, it is then possible to should Out of order number is divided by flow window size obtaining out of order rate.
In the present invention, after the sequence of message number for getting above-mentioned specified ESP messages, it can be determined that the sequence of message number The whether sequence of message number of the newly designated ESP messages arrived less than local reception, if the sequence of message number is arrived less than local reception Newly designated ESP messages sequence of message number, then can determine above-mentioned specified ESP messages be out of order message.
Above-mentioned IPSec VPN devices can be counted to the number of out of order message, to obtain the system of out of order message number Evaluation.
In one embodiment, the sequence of message number of above-mentioned specified ESP messages can be 514, present flow rate window it is upper Border can be 511, then can determine the coboundary of the sequence of message number more than present flow rate window of above-mentioned specified ESP messages, Now, above-mentioned IPSec VPN devices can be based on the out of order number of the specified ESP messages of statistics and flow window size determines disorderly Sequence rate.The out of order number that assume that the specified ESP messages of statistics is 50, and flow window size is 512, then can determine out of order Rate is
In the present invention, when the sequence of message number of above-mentioned specified ESP messages is more than the coboundary of present flow rate window, on The message number for stating the specified ESP messages that IPSec VPN devices are also based on statistics determines packet loss with flow window size.
Specifically, above-mentioned IPSec VPN devices can first count the message number of specified ESP messages, then by the message Number deducts the message number of the above-mentioned specified ESP messages received in designation number sequence number and obtains the first pending value, and Flow window size is deducted into above-mentioned designation number and obtains the second pending value, then above-mentioned IPSec VPN devices will can be somebody's turn to do First pending value is divided by the second pending value obtaining packet loss.
Wherein, above-mentioned designation number can be arranged by User Defined, or equipment default value, the present invention to this not It is limited.In one embodiment, above-mentioned designation number can be 32.
In one embodiment, the sequence of message number of above-mentioned specified ESP messages can be 514, present flow rate window it is upper Border can be 511, then can determine the coboundary of the sequence of message number more than present flow rate window of above-mentioned specified ESP messages, Now, above-mentioned IPSec VPN devices can be based on the message number of the ESP messages for counting and flow window size determines packet loss Rate.The message number that assume that the ESP messages of statistics is 80, and flow window size is 512, and above-mentioned designation number is 32, The message number of the above-mentioned specified ESP messages received in 32 sequence numbers is 30, then packet loss can be
Step 203:Judge whether the out of order rate and packet loss are respectively greater than default out of order threshold value and packet loss threshold Value.
Step 204:If the out of order rate and the packet loss are respectively more than default out of order threshold value and packet loss threshold Value, determines the link that currently used link is abnormal state;Conversely, determining that currently used link is the normal chain of state Road.
In the present invention, after out of order rate and packet loss is obtained, can respectively judge the out of order rate whether more than pre- If out of order threshold value, and whether the packet loss be more than default packet loss threshold value.Wherein, the default out of order threshold value is preset with this Packet loss threshold value can be arranged by User Defined, or the default value of equipment, both can be with identical, it is also possible to not phase Together, the present invention is without limitation.
In one embodiment, it can be assumed that out of order rate isPacket loss isIf default out of order threshold value is 0.05th, default packet loss threshold value is 0.06, then can determine out of order rate more than default out of order threshold value, and packet loss is more than default Packet loss threshold value;If default out of order threshold value is 0.05, default packet loss threshold value is 0.2, then can determine out of order rate more than pre- If out of order threshold value, and packet loss be less than default packet loss threshold value.
In the present invention, if out of order rate and packet loss are all higher than default out of order threshold value and packet loss threshold value, can be with Determine the link that currently used link is abnormal state;Otherwise, it may be determined that currently used link is the normal chain of state Road.
In the present invention, after the link that currently used link is abnormal state is determined, IPSec VPN devices can be with To above-mentioned opposite equip. transmission link exception notice message, so that the opposite equip. reduces it based on the link exception notice message Routing priority.
IPSec VPN devices can receive above-mentioned opposite end after the transmission for completing above-mentioned link exception notice message The link exception confirmation message of device replied, IPSec VPN devices can be based on link exception confirmation message by local road Minimized by priority.
If IPSec VPN devices are in a period of time, such as in 1 second, above-mentioned opposite equip. is not received for above-mentioned link The link exception confirmation message that exception message is replied, then can resend above-mentioned link and confirm report extremely to above-mentioned opposite equip. Text, if IPSec VPN devices are interior for a period of time, does not receive yet the above-mentioned link confirmation report extremely that above-mentioned opposite equip. is replied Text, then can again up state opposite equip. and resend above-mentioned link exception notice message.If IPSec VPN devices are upwards State opposite equip. to have sent several times, such as 3 times, after above-mentioned link exception notice message, above-mentioned opposite equip. is not received yet and is returned Multiple above-mentioned link exception confirmation message, then no longer can send above-mentioned link notice message to above-mentioned opposite equip., and voluntarily Local routing priority is minimized.
In one embodiment, above-mentioned link exception notice message can be the ESP messages of extension, wherein, the extension ESP messages can be the self-defining ESP messages of related personnel.
In one embodiment, it can be assumed that above-mentioned link exception notice message is the ESP messages of extension, then the extension The encapsulation of data type of the protocol headers Next Header of ESP messages can be 254, the number of the loading section that the message is carried Can be according to form:
Wherein, the first row of the data form can be function name;Second row and the third line can identify one back and forth Interaction;Fourth line can represent that out of order rate isFifth line can represent that packet loss is6th row can be another function Title;7th row can represent that the message is that above-mentioned IPSec VPN devices are sent to the link notice extremely of above-mentioned opposite equip. Message.
When above-mentioned link exception notice message is to extend ESP messages, link exception confirmation message corresponding with the message Extension ESP messages can be similarly, in one embodiment, link corresponding with above-mentioned link exception notice message confirms extremely The encapsulation of data type of the protocol headers Next Header of message can be 254, and the data form of the loading section of carrying can be with For:
The first three rows and the 6th row of the data form of the loading section that above-mentioned link exception confirmation message is carried with it is above-mentioned Link exception notice message it is identical, therefore the present invention will not be described here;The load portion that above-mentioned link exception confirmation message is carried Point the fourth line of data form, fifth line and the 7th row can represent the message and send to above-mentioned IPSec for opposite equip. The link exception confirmation message of VPN device.
In the present invention, above-mentioned IPSec VPN devices regularly can send notice request message to above-mentioned opposite equip., if Receive above-mentioned opposite equip. and message is replied based on the notice that the notice request message is returned, then current notice can be asked Counting sets to 0;If do not receive above-mentioned opposite equip. replys message based on the notice that the notice request message is returned, will can work as Front by request, count is incremented, when notice request is counted more than default notice request count threshold, such as when 3, IPSec VPN device can reduce the routing priority of currently used link.
In one embodiment, above-mentioned notice request message can be the ESP messages of extension, wherein, the ESP reports of the extension Text can be the self-defining ESP messages of related personnel.
In one embodiment, it can be assumed that above-mentioned notice request message is the ESP messages of extension, then the ESP of the extension The encapsulation of data type of the protocol headers Next Header of message can be 254, the data lattice of the loading section that the message is carried Formula can be:
Wherein, the first row of the data form can be function name;Second row and the third line can identify one back and forth Interaction;Fourth line, fifth line are the self-defined setting of related personnel, do not indicate that particular meaning;6th row can be another function name Claim;7th row can represent that the message is that above-mentioned IPSec VPN devices are sent to the notice request message of above-mentioned opposite equip..
When above-mentioned notice request message is to extend ESP messages, message is replied in notice corresponding with the message can be same To extend ESP messages, in one embodiment, the protocol headers of message are replied in notice corresponding with above-mentioned notice request message The encapsulation of data type of Next Header can be 254, and the data form of the loading section of carrying can be:
The first six row and above-mentioned notice request message of the data form of the loading section that message is carried is replied in above-mentioned notice It is identical, therefore the present invention will not be described here;7th row can represent that the message is sent to above-mentioned IPSec for above-mentioned opposite equip. Message is replied in the notice of VPN device.
In the present invention, IPSec VPN devices can obtain the sequence of message number and present flow rate window of specified ESP messages The coboundary of mouth, and judge whether the sequence of message number of specified ESP messages is more than the coboundary of present flow rate window, specifying In the case of coboundary of the sequence of message number of ESP messages more than present flow rate window, IPSec VPN devices can be based on statistics Out of order number and the flow window size of specified ESP messages determine out of order rate, and the report of the specified ESP messages based on statistics Literary number and flow window size determine packet loss, and then, IPSec VPN devices may determine that whether are out of order rate and packet loss Respectively greater than default out of order threshold value and packet loss threshold value, and in the out of order rate and packet loss respectively more than default out of order When threshold value is with packet loss threshold value, the link that currently used link is abnormal state is determined;And in the out of order rate and packet loss When not respectively more than default out of order threshold value with packet loss threshold value, determine that currently used link is the normal link of state.
In the present invention, current ink can be detected based on the ESP messages of actual interaction between IPSec VPN devices State, the actual mass due to detecting current ink by ESP messages, therefore, it can effectively solve correlation technique base The problem of current link conditions cannot be accurately detected in the packet loss and time delay for checking message.
It is corresponding with the embodiment of the detection method of aforementioned Link State, present invention also offers the detection dress of Link State The embodiment put.
The embodiment of the detection device of Link State of the present invention can be applied in IPSec VPN devices.Device embodiment can To be realized by software, it is also possible to realized by way of hardware or software and hardware combining.As a example by implemented in software, as one Device on logical meaning, is to be referred to corresponding computer program in nonvolatile memory by the processor of its place equipment Order reads what operation in internal memory was formed.From for hardware view, as shown in figure 3, for the detection device of Link State of the present invention A kind of hardware structure diagram of place equipment, except the processor shown in Fig. 3, internal memory, network interface and nonvolatile memory Outside, the equipment that device is located in embodiment can also generally include other hardware, such as be responsible for processing the forwarding chip of message Deng.
Fig. 4 is refer to, is one embodiment block diagram of the detection device of Link State of the present invention:
The device can include:Acquisition module 410, the first determining module 420, judge module 430 and second determine mould Block 440.
Wherein, acquisition module 410, for obtaining the sequence of message number and present flow rate window of specified ESP messages Border, and judge whether the sequence of message number of the specified ESP messages is more than the coboundary of the present flow rate window;Wherein, The specified ESP messages are the ESP messages in local successful decryption sent by same opposite equip.;
First determining module 420, if the sequence of message number for the specified ESP messages is more than the present flow rate window Coboundary, then out of order rate, Yi Jiji are determined based on out of order number and the flow window size of the described specified ESP messages of statistics Determine packet loss with the flow window size in the message number of the described specified ESP messages of statistics;
Judge module 430, for judge the out of order rate and packet loss whether be respectively greater than default out of order threshold value with And packet loss threshold value;
Second determining module 440, if being respectively more than default out of order threshold for the out of order rate and the packet loss Value and packet loss threshold value, determine the link that currently used link is abnormal state;Conversely, determining that currently used link is shape The normal link of state.
In an optional implementation, described device can also be included (not shown in Fig. 4):
Update module, for the sequence of message number based on the described specified ESP messages for receiving flow window edge is updated.
In an optional implementation, first determining module 420 can be specifically for:
Count the out of order number of the specified ESP messages;
By the out of order number divided by flow window size obtaining out of order rate.
In an optional implementation, first determining module 420 can be specifically for:
Count the message number of the specified ESP messages;
The message number that the message number is deducted the described specified ESP messages received in designation number sequence number is obtained First pending value, and the flow window size is deducted into the designation number obtain the second pending value;
By the described first pending value divided by the described second pending value obtaining packet loss.
In an optional implementation, described device can also be included (not shown in Fig. 4):
Sending module, if for the link that currently used link is abnormal state, to the opposite equip. send chain Road exception notice message, so that the opposite equip. reduces its routing priority based on link exception notice message.
In an optional implementation, the sending module can be further used for:
Timing to the opposite equip. sends notice request message;
Described device can also be included (not shown in Fig. 4):
Setup module, if replying report based on the notice that the notice request message is returned for receiving the opposite equip. Text, then set to 0 current notice request counting;And if do not receive the opposite equip. based on it is described notice request message return Message is replied in the notice returned, then by current notice request, count is incremented;
Module is reduced, if counting more than default notice request count threshold for the notice request, reduces current The routing priority of the link for using.
In the present invention, IPSec VPN devices can obtain the sequence of message number and present flow rate window of specified ESP messages The coboundary of mouth, and judge whether the sequence of message number of specified ESP messages is more than the coboundary of present flow rate window, specifying In the case of coboundary of the sequence of message number of ESP messages more than present flow rate window, IPSec VPN devices can be based on statistics Out of order number and the flow window size of specified ESP messages determine out of order rate, and the report of the specified ESP messages based on statistics Literary number and flow window size determine packet loss, and then, IPSec VPN devices may determine that whether are out of order rate and packet loss Respectively greater than default out of order threshold value and packet loss threshold value, and in the out of order rate and packet loss respectively more than default out of order When threshold value is with packet loss threshold value, the link that currently used link is abnormal state is determined;And in the out of order rate and packet loss When not respectively more than default out of order threshold value with packet loss threshold value, determine that currently used link is the normal link of state.
In the present invention, current ink can be detected based on the ESP messages of actual interaction between IPSec VPN devices State, the actual mass due to detecting current ink by ESP messages, therefore, it can effectively solve correlation technique base The problem of current link conditions cannot be accurately detected in the packet loss and time delay for checking message.
The function of unit and effect realizes that process specifically refers in said method correspondence step in said apparatus Process is realized, be will not be described here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is referring to method reality Apply the part explanation of example.Device embodiment described above is only schematic, wherein described as separating component The unit of explanation can be or may not be physically separate, can be as the part that unit shows or can also It is not physical location, you can be located at a place, or can also be distributed on multiple NEs.Can be according to reality Need the purpose for selecting some or all of module therein to realize the present invention program.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
Presently preferred embodiments of the present invention is the foregoing is only, not to limit the present invention, all essences in the present invention Within god and principle, any modification, equivalent substitution and improvements done etc. should be included within the scope of protection of the invention.

Claims (12)

1. a kind of detection method of Link State, is applied to Internet Protocol Security IPSec virtual private network equipment, its It is characterised by, methods described includes:
Obtain and specify the coboundary of the sequence of message number and present flow rate window of ESP messages, and judge the specified ESP messages Sequence of message number whether more than the coboundary of the present flow rate window;Wherein, the specified ESP messages are by same a pair of end The ESP messages in local successful decryption that equipment sends;
If the sequence of message number of the specified ESP messages is more than the coboundary of the present flow rate window, the institute based on statistics The out of order number and flow window size for stating specified ESP messages determines out of order rate, and the described specified ESP messages based on statistics Message number determine packet loss with the flow window size;
Judge whether the out of order rate and packet loss are respectively greater than default out of order threshold value and packet loss threshold value;
If the out of order rate and the packet loss are respectively more than default out of order threshold value and packet loss threshold value, it is determined that currently making Link is the link of abnormal state;Conversely, determining that currently used link is the normal link of state.
2. method according to claim 1, it is characterised in that methods described also includes:
Sequence of message number based on the described specified ESP messages for receiving updates flow window edge.
3. method according to claim 2, it is characterised in that the described specified ESP messages based on statistics it is out of order Number determines out of order rate with flow window size, including:
Count the out of order number of the specified ESP messages;
By the out of order number divided by flow window size obtaining out of order rate.
4. method according to claim 2, it is characterised in that the message of the described specified ESP messages based on statistics Number determines packet loss with the flow window size, including:
Count the message number of the specified ESP messages;
The message number that the message number is deducted the described specified ESP messages received in designation number sequence number obtains first Pending value, and the flow window size is deducted into the designation number obtain the second pending value;
By the described first pending value divided by the described second pending value obtaining packet loss.
5. method according to claim 1, it is characterised in that methods described also includes:
If currently used link for abnormal state link, to the opposite equip. transmission link exception notice message, with The opposite equip. is set to reduce its routing priority based on link exception notice message.
6. method according to claim 1, it is characterised in that methods described also includes:
Timing to the opposite equip. sends notice request message;
If receive the opposite equip. replys message based on the notice that the notice request message is returned, by current notice Request counting sets to 0;
If do not receive the opposite equip. replys message based on the notice that the notice request message is returned, current is led to Count is incremented to accuse request;
If the notice request is counted more than default notice request count threshold, the route for reducing currently used link is excellent First level.
7. a kind of detection device of Link State, is applied to Internet Protocol Security IPSec virtual private network equipment, its It is characterised by, described device includes:
Acquisition module, for obtaining the sequence of message number of specified ESP messages and the coboundary of present flow rate window, and judges institute Whether the sequence of message number for stating specified ESP messages is more than the coboundary of the present flow rate window;Wherein, the specified ESP reports Text is the ESP messages in local successful decryption sent by same opposite equip.;
First determining module, if the sequence of message number for the specified ESP messages is more than the top of the present flow rate window Boundary, then determine out of order rate based on the out of order number of the described specified ESP messages of statistics with flow window size, and based on statistics The message number of described specified ESP messages determine packet loss with the flow window size;
Judge module, for judging whether the out of order rate and packet loss are respectively greater than default out of order threshold value and packet loss threshold Value;
Second determining module, if respectively more than default out of order threshold value and losing for the out of order rate and the packet loss Bag threshold value, determines the link that currently used link is abnormal state;Conversely, determining that currently used link is that state is normal Link.
8. device according to claim 7, it is characterised in that described device also includes:
Update module, for the sequence of message number based on the described specified ESP messages for receiving flow window edge is updated.
9. device according to claim 8, it is characterised in that first determining module specifically for:
Count the out of order number of the specified ESP messages;
By the out of order number divided by flow window size obtaining out of order rate.
10. device according to claim 8, it is characterised in that first determining module specifically for:
Count the message number of the specified ESP messages;
The message number that the message number is deducted the described specified ESP messages received in designation number sequence number obtains first Pending value, and the flow window size is deducted into the designation number obtain the second pending value;
By the described first pending value divided by the described second pending value obtaining packet loss.
11. devices according to claim 7, it is characterised in that described device also includes:
Sending module, if for the link that currently used link is abnormal state, it is different to the opposite equip. transmission link Normal notice message, so that the opposite equip. reduces its routing priority based on link exception notice message.
12. devices according to claim 7, it is characterised in that the sending module is further used for:
Timing to the opposite equip. sends notice request message;
Described device also includes:
Setup module, if replying message based on the notice that the notice request message is returned for receiving the opposite equip., Then current notice request counting is set to 0;And if not receiving the opposite equip. based on the notice request message return Notice reply message, then by current notice request, count is incremented;
Module is reduced, if counting more than default notice request count threshold for the notice request, reduces currently used Link routing priority.
CN201611250005.5A 2016-12-29 2016-12-29 Link state detecting method and apparatus Pending CN106685760A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611250005.5A CN106685760A (en) 2016-12-29 2016-12-29 Link state detecting method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611250005.5A CN106685760A (en) 2016-12-29 2016-12-29 Link state detecting method and apparatus

Publications (1)

Publication Number Publication Date
CN106685760A true CN106685760A (en) 2017-05-17

Family

ID=58872191

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611250005.5A Pending CN106685760A (en) 2016-12-29 2016-12-29 Link state detecting method and apparatus

Country Status (1)

Country Link
CN (1) CN106685760A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109831328A (en) * 2019-01-30 2019-05-31 杭州迪普科技股份有限公司 Switching method, device, the electronic equipment of intelligent route selection
CN109905310A (en) * 2019-03-26 2019-06-18 杭州迪普科技股份有限公司 Data transmission method, device, electronic equipment
CN110098975A (en) * 2019-04-03 2019-08-06 新浪网技术(中国)有限公司 User passes through the detection method and system of virtual private network access internet
CN113824636A (en) * 2020-06-18 2021-12-21 中兴通讯股份有限公司 Message sending method, message receiving method, electronic device, system and storage medium
CN116232944A (en) * 2023-05-06 2023-06-06 珠海星云智联科技有限公司 Method, equipment and medium for transport layer security protocol message service

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488835A (en) * 2009-02-13 2009-07-22 华为技术有限公司 Link detection method, apparatus and communication system
CN101640629A (en) * 2008-07-29 2010-02-03 华为技术有限公司 Method for monitoring link packet loss and bidirectional forwarding detector
CN102724086A (en) * 2012-06-21 2012-10-10 中兴通讯股份有限公司 Method and device for detecting quality of transmission link
CN105591843A (en) * 2016-02-06 2016-05-18 中国科学院计算技术研究所 Network performance detection method and system based on receiving end in TCP transmission stream

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101640629A (en) * 2008-07-29 2010-02-03 华为技术有限公司 Method for monitoring link packet loss and bidirectional forwarding detector
CN101488835A (en) * 2009-02-13 2009-07-22 华为技术有限公司 Link detection method, apparatus and communication system
CN102724086A (en) * 2012-06-21 2012-10-10 中兴通讯股份有限公司 Method and device for detecting quality of transmission link
CN105591843A (en) * 2016-02-06 2016-05-18 中国科学院计算技术研究所 Network performance detection method and system based on receiving end in TCP transmission stream

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109831328A (en) * 2019-01-30 2019-05-31 杭州迪普科技股份有限公司 Switching method, device, the electronic equipment of intelligent route selection
CN109905310A (en) * 2019-03-26 2019-06-18 杭州迪普科技股份有限公司 Data transmission method, device, electronic equipment
CN109905310B (en) * 2019-03-26 2020-12-29 杭州迪普科技股份有限公司 Data transmission method and device and electronic equipment
CN110098975A (en) * 2019-04-03 2019-08-06 新浪网技术(中国)有限公司 User passes through the detection method and system of virtual private network access internet
CN113824636A (en) * 2020-06-18 2021-12-21 中兴通讯股份有限公司 Message sending method, message receiving method, electronic device, system and storage medium
CN116232944A (en) * 2023-05-06 2023-06-06 珠海星云智联科技有限公司 Method, equipment and medium for transport layer security protocol message service
CN116232944B (en) * 2023-05-06 2023-08-04 珠海星云智联科技有限公司 Method, equipment and medium for transport layer security protocol message service

Similar Documents

Publication Publication Date Title
CN106685760A (en) Link state detecting method and apparatus
CN105071987B (en) Refined net path quality analysis method based on flow analysis
US8799504B2 (en) System and method of TCP tunneling
CN109756501B (en) High-privacy network proxy method and system based on HTTP (hyper text transport protocol)
US10742555B1 (en) Network congestion detection and resolution
CN105847034B (en) Source verifying and path authentication method and device
SA515360321B1 (en) Based discovery engine configurations for neighborhood aware wi-fi networks
CN108353015A (en) Relay
CN105960781A (en) System and method for securing source routing using public key based digital signature
CN104796405B (en) Rebound connecting detection method and apparatus
CN106790221A (en) A kind of safe ipsec protocol encryption method of internet protocol and the network equipment
CN105939297A (en) TCP message reassembling method and TCP message reassembling device
CN107104929A (en) The methods, devices and systems of defending against network attacks
CN104067562A (en) Protocol for layer two multiple network links tunnelling
CN108667898A (en) The snapshot of content of buffer in network element is provided using outgoing mirror image
CN108933763B (en) Data message sending method, network equipment, control equipment and network system
CN110535888A (en) Port Scan Attacks detection method and relevant apparatus
EP2784997A1 (en) Re-marking of packets for congestion control
CN104283716B (en) Data transmission method, equipment and system
CN104579973B (en) Message forwarding method and device in a kind of Virtual Cluster
CN108989152A (en) Obtain the method and device and computer storage medium of network delay
CN104579788B (en) A kind of location of mistake method of distributed dynamic route network
CN110999221A (en) Dynamic TCP stream processing with modification notification
CN108092971A (en) A kind of method and device of processing business message
CN108712388A (en) A kind of data safe transmission method and device based on HTTP

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170517

RJ01 Rejection of invention patent application after publication