CN106790263A - A kind of intelligent sensitivity and private data transmission protecting - Google Patents
A kind of intelligent sensitivity and private data transmission protecting Download PDFInfo
- Publication number
- CN106790263A CN106790263A CN201710069126.8A CN201710069126A CN106790263A CN 106790263 A CN106790263 A CN 106790263A CN 201710069126 A CN201710069126 A CN 201710069126A CN 106790263 A CN106790263 A CN 106790263A
- Authority
- CN
- China
- Prior art keywords
- private data
- sensitive
- packet
- service end
- sensitivity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The invention discloses a kind of intelligent sensitivity and private data transmission protecting; sensitive and private data is forwarded including sending packet and distinguishing identifier sensitivity and private data, intelligent selection virtual link, receive three steps of packet; packet can be analyzed in transmitting procedure and distinguishing identifier goes out sensitive and private data, then intelligent selection virtual link to transmit sensitive and private data;With can intelligent distribution flow, the controllability and flexible dispatching to packet transmission can be increased, resource utilization can be improved, expense cost and maintenance cost is reduced, can intelligent decision packet grade, reasonable employment QOS technologies send packet, the safety and high efficiency of data transfer can be improved, the characteristics of scalability is good;Either private data bag or routine data bag are solved in existing conventional physical equipment, is all unified to take turns doing forwarding by physical switches and is needed to increase the various problems that new link is distinguished significant data bag and general data bag and existed.
Description
Technical field
The present invention relates to network packet transmission technique field, and in particular to a kind of sensitive and private data transmission protection side
Method.
Background technology
It is the same that network packet is transmitted with real logistics, and process is similar to goods selection, goods entrucking, transportation route
Selection etc., is accompanied by situations such as circuit congestion, loss of goods in transportation;In existing conventional physical equipment no matter
It is private data bag or routine data bag, is all that unification takes turns doing forwarding by physical switches, when needs differentiation significant data
When bag and general data bag, then need to increase by two kinds of trends of packet of new link differentiation, it passes through sortord and forwards successively,
Packet priority size is not differentiated between, then occurs that network congestion postpones when network usage reaches maximization, data contain
Easily there is packet drop, it is impossible to ensure the security of data;It needs to increase link to send different packets, increased expense
With cost and maintenance cost;Physical equipment is often because the difference of area or time period causes wherein one or more link to reach
Saturation state, and other links are then in idle condition, cause resource utilization low.
The content of the invention
In view of the shortcomings of the prior art, the present invention is intended to provide one kind can be analyzed simultaneously in transmitting procedure to packet
Distinguish sensitive and private data, after being identified to sensitive and private data can intelligent selection virtual link come transmit it is sensitive and
The intelligent sensitivity and private data transmission protecting of private data.
To achieve the above object, the present invention is adopted the following technical scheme that:
A kind of intelligent sensitivity and private data transmission protecting, comprise the following steps:
A, transmission packet and distinguishing identifier sensitivity and private data, client send packet and are transmitted to first via router
Packet is directly transmitted to the first intermediary service end by interchanger, the first interchanger, and the first intermediary service end is carried out to packet
Sensitive and private data is distinguished in analysis matching, and enters rower to the sensitivity and private data distinguished by label add module
Know;
B, intelligent selection virtual link forwarding sensitivity and private data, two are set up between the first intermediary service end and second switch
Bar or the connection of the VXLAN virtual links of more than two, virtual link include that general data conversion link, sensitive and private data turn
Two kinds of link of hair, the sensitivity and private data distinguished via step a marks is forwarded by sensitive and private data conversion link
To second switch, and using link detection tool detection sensitivity and the jam situation of private data conversion link, if sensitive
And the congestion of private data conversion link then accelerates forwarding sensitive and private data using QOS accelerating modules, makes sensitive and secret number
Second switch is forwarded to according to the very first time;Need not be added using QOS if sensitive and private data conversion link not congestion
Fast module;The general data not identified in step a is then directly forwarded to second switch via general data conversion link;
C, reception packet, 3rd switch are connected by go-between and second switch, the second intermediary service end and the 3rd
Two or more VXLAN virtual links connection, the sensitive and private that second switch will be received are set up between interchanger
Ciphertext data, general data are transmitted to 3rd switch by go-between, and 3rd switch is turned by sensitive and private data again
Sensitive and private data is forwarded to the second intermediary service end by hair link, by general data conversion link directly by general data
The second intermediary service end is transmitted to, sensitive and private data, general data are forwarded to the second intermediary service end from 3rd switch
Process be forwarded to the mistake of second switch from the first intermediary service end in stepb with sensitive and private data, general data
Journey is opposite, and sensitive and private data, general data finally are transmitted into receiving terminal by the second intermediary service end.
Further, the first intermediary service end is to analyze Matching band according to source MAC in packet and source IP address
Separate sensitive and private data.
The present invention has the advantages that:
A kind of intelligent sensitivity of the present invention and private data transmission protecting, it can be divided packet in transmitting procedure
Analyse and distinguish sensitive and private data, after being identified to sensitive and private data can intelligent selection virtual link it is quick to transmit
Sense and private data;With the controllability and flexible dispatching that intelligent can distribute flow, can increase to packet transmission, can improve
Resource utilization, reduction expense cost and maintenance cost, can intelligent decision packet grade, reasonable employment QOS technologies transmission number
According to bag, the safety and high efficiency of data transfer can be improved, the characteristics of scalability is good.
Brief description of the drawings
Fig. 1 is the simple principle schematic diagram of a kind of intelligent sensitivity of the present invention and private data transmission protecting;
Fig. 2 is that a kind of intelligent sensitivity of the present invention and its mark of private data transmission protecting are sensitive and private data simple
Principle schematic;
Fig. 3 is a kind of intelligent sensitivity of the present invention and its sensitivity of private data transmission protecting and private data, general data
The simple procedure schematic diagram forwarded between the first intermediary service end and second switch.
In figure:1st, client;2nd, router;3rd, the first interchanger;4th, the first intermediary service end;5th, second switch;6、
Go-between;7th, 3rd switch;8th, the second intermediary service end;9th, receiving terminal;10th, packet;10a, sensitivity and secret number
According to;10b, general data;41st, label add module;42nd, link detection instrument;43rd, QOS accelerating modules;50th, the virtual chains of VXLAN
Road.
Specific embodiment
Below in conjunction with the accompanying drawings and specific embodiment, the invention will be further described, in order to be more clearly understood that this
The claimed technological thought of invention.
A kind of intelligent sensitivity of the invention and private data transmission protecting, comprise the following steps as Figure 1-3:a、
Packet 10 and distinguishing identifier sensitivity and private data are sent, client 1 sends packet 10 and is transmitted to first via router 2
Packet 10 is directly transmitted to the first intermediary service end 4 by interchanger 3, the first interchanger 3, and the first intermediary service end 4 is to data
Bag 10 is analyzed matching and distinguishes sensitive and private data 10a, and by 41 pairs of sensitivities distinguished of label add module and
Private data 10a is identified;
B, intelligent selection virtual link 50 forward sensitive and private data 10a, the first intermediary service end 4 and second switch 5 it
Between set up two or more VXLAN virtual links 50 and connect, virtual link 50 includes general data conversion link, sensitivity
And two kinds of private data conversion link, the sensitivity distinguished via step a marks and private data 10a are by sensitive and secret number
Second switch 5 is transmitted to according to conversion link, and sensitive and private data conversion link is detected using link detection instrument 42
Jam situation, accelerates forwarding sensitive and secret if sensitive and private data conversion link congestion using QOS accelerating modules 43
Data 10a, makes the sensitive and private data 10a very first times be forwarded to second switch 5;If sensitive and private data forwarding chain
Road not congestion need not then use QOS accelerating modules 43;The general data 10b not identified in step a then turns via general data
Hair link is directly forwarded to second switch 5;
C, reception packet 10,3rd switch 7 are connected by go-between 6 and second switch 5, the second intermediary service end 8
The VXLAN virtual links 50 that two or more is set up and 3rd switch 7 between are connected, and second switch 5 will be received
Sensitivity and private data 10a, general data 10b 3rd switch 7 is transmitted to by go-between 6,3rd switch 7 is led to again
Cross sensitive and private data conversion link and sensitive and private data 10a is forwarded to the second intermediary service end 8, by general data
General data 10b is directly transmitted to the second intermediary service end 8, sensitive and private data 10a, general data 10b by conversion link
The process and sensitive and private data 10a, general data 10b at the second intermediary service end 8 are forwarded in step from 3rd switch 7
The process for being forwarded to second switch 5 from the first intermediary service end 4 in b be it is opposite, finally will be quick by the second intermediary service end 8
Sense and private data 10a, general data 10b are transmitted to receiving terminal 9.
Specifically, the first intermediary service end 4 is to analyze Matching band according to source MAC in packet 10 and source IP address
Separate sensitive and private data 10a's.
It can be analyzed to packet 10 and distinguish sensitive and private data 10a the present invention in transmitting procedure, right
Sensitive and private data 10a be identified after can intelligent selection virtual link 50 transmit sensitive and private data 10a;With can
Intellectuality distribution flow, can increase the controllability and flexible dispatching to the transmission of packet 10, can improve resource utilization, reduction expense
With cost and maintenance cost, can the grade of intelligent decision packet 10, reasonable employment QOS technologies send packet 10, number can be improved
According to the safety and high efficiency of transmission, the characteristics of scalability is good.
For a person skilled in the art, technical scheme that can be as described above and design, make other each
Plant corresponding change and deform, and all these changes and deforms the protection model that should all belong to the claims in the present invention
Within enclosing.
Claims (2)
1. a kind of intelligent sensitivity and private data transmission protecting, it is characterised in that comprise the following steps:
A, transmission packet(10)And distinguishing identifier sensitivity and private data, client(1)Send packet(10)Via route
Device(2)It is transmitted to the first interchanger(3), the first interchanger(3)Directly by packet(10)It is transmitted to the first intermediary service end
(4), the first intermediary service end(4)To packet(10)It is analyzed matching and distinguishes sensitive and private data(10a), and pass through
Label add module(41)To the sensitivity and private data distinguished(10a)It is identified;
B, intelligent selection virtual link(50)Forwarding sensitivity and private data(10a), the first intermediary service end(4)Exchanged with second
Machine(5)Between set up two or more VXLAN virtual links(50)Connection, virtual link(50)Turn including general data
Hair link, sensitive and two kinds of private data conversion link, the sensitivity distinguished via step a marks and private data(10a)It is logical
Cross sensitive and private data conversion link and be transmitted to second switch(5), and use link detection instrument(42)Detection it is sensitive and
The jam situation of private data conversion link, uses QOS accelerating modules if sensitive and private data conversion link congestion
(43)Accelerate forwarding sensitive and private data(10a), make sensitive and private data(10a)The very first time is forwarded to second switch
(5);QOS accelerating modules need not be used if sensitive and private data conversion link not congestion(43);Do not identified in step a
General data(10b)Then second switch is directly forwarded to via general data conversion link(5);
C, reception packet(10), 3rd switch(7)By go-between(6)And second switch(5)Connection, in the middle of second
Service end(8)And 3rd switch(7)Between set up two or more VXLAN virtual links(50)Connection, second hands over
Change planes(5)The sensitivity and private data that will be received(10a), general data(10b)By go-between(6)It is transmitted to the 3rd friendship
Change planes(7), 3rd switch(7)Pass through sensitive and private data conversion link again by sensitive and private data(10a)It is forwarded to
Second intermediary service end(8), by general data conversion link directly by general data(10b)It is transmitted to the second intermediary service end
(8), sensitive and private data(10a), general data(10b)From 3rd switch(7)It is forwarded to the second intermediary service end(8)'s
Process and sensitive and private data(10a), general data(10b)In stepb from the first intermediary service end(4)It is forwarded to second
Interchanger(5)Process be opposite, finally by the second intermediary service end(8)By sensitive and private data(10a), general data
(10b)It is transmitted to receiving terminal(9).
2. a kind of intelligent sensitivity as claimed in claim 1 and private data transmission protecting, it is characterised in that in first
Between service end(4)It is according to packet(10)Middle source MAC and source IP address distinguish sensitive and secret number analyzing matching
According to(10a)'s.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710069126.8A CN106790263A (en) | 2017-02-08 | 2017-02-08 | A kind of intelligent sensitivity and private data transmission protecting |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710069126.8A CN106790263A (en) | 2017-02-08 | 2017-02-08 | A kind of intelligent sensitivity and private data transmission protecting |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106790263A true CN106790263A (en) | 2017-05-31 |
Family
ID=58956709
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710069126.8A Pending CN106790263A (en) | 2017-02-08 | 2017-02-08 | A kind of intelligent sensitivity and private data transmission protecting |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106790263A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106899405A (en) * | 2017-03-13 | 2017-06-27 | 佛山易识科技有限公司 | A kind of intelligent sensitivity and private data transmission protecting |
| CN108616515A (en) * | 2018-04-09 | 2018-10-02 | 华北水利水电大学 | A kind of processing method of enterprise communication information |
| CN115396374A (en) * | 2022-08-12 | 2022-11-25 | 徐州恒佳电子科技有限公司 | Intelligent routing system special for priority data forwarding and method thereof |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030126536A1 (en) * | 2001-12-28 | 2003-07-03 | Sridhar Gollamudi | Delay sensitive adapative quality control loop for rate adaptation |
| CN103916331A (en) * | 2013-01-08 | 2014-07-09 | 友讯科技股份有限公司 | Connection method for analyzing data packet to select connection path |
| CN104685500A (en) * | 2012-10-01 | 2015-06-03 | 国际商业机器公司 | Providing services to virtual overlay network traffic |
| CN104702577A (en) * | 2013-12-09 | 2015-06-10 | 华为技术有限公司 | Method and device for security processing of data stream |
| CN104717700A (en) * | 2013-12-12 | 2015-06-17 | 中国移动通信集团上海有限公司 | Network acceleration method and device based on wireless cell |
| CN105247832A (en) * | 2013-04-03 | 2016-01-13 | 赛门铁克公司 | Method and apparatus for integrating security context in network routing decisions |
-
2017
- 2017-02-08 CN CN201710069126.8A patent/CN106790263A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030126536A1 (en) * | 2001-12-28 | 2003-07-03 | Sridhar Gollamudi | Delay sensitive adapative quality control loop for rate adaptation |
| CN104685500A (en) * | 2012-10-01 | 2015-06-03 | 国际商业机器公司 | Providing services to virtual overlay network traffic |
| CN103916331A (en) * | 2013-01-08 | 2014-07-09 | 友讯科技股份有限公司 | Connection method for analyzing data packet to select connection path |
| CN105247832A (en) * | 2013-04-03 | 2016-01-13 | 赛门铁克公司 | Method and apparatus for integrating security context in network routing decisions |
| CN104702577A (en) * | 2013-12-09 | 2015-06-10 | 华为技术有限公司 | Method and device for security processing of data stream |
| CN104717700A (en) * | 2013-12-12 | 2015-06-17 | 中国移动通信集团上海有限公司 | Network acceleration method and device based on wireless cell |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106899405A (en) * | 2017-03-13 | 2017-06-27 | 佛山易识科技有限公司 | A kind of intelligent sensitivity and private data transmission protecting |
| CN108616515A (en) * | 2018-04-09 | 2018-10-02 | 华北水利水电大学 | A kind of processing method of enterprise communication information |
| CN115396374A (en) * | 2022-08-12 | 2022-11-25 | 徐州恒佳电子科技有限公司 | Intelligent routing system special for priority data forwarding and method thereof |
| CN115396374B (en) * | 2022-08-12 | 2023-12-22 | 徐州恒佳电子科技有限公司 | Routing system and method special for intelligent priority data forwarding |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101741547B (en) | Inter-node secret communication method and system | |
| CN101355466B (en) | Method and apparatus for transmitting continuous check information message | |
| CN106790263A (en) | A kind of intelligent sensitivity and private data transmission protecting | |
| WO2000002347A3 (en) | System and method for switching packets in a network | |
| CN106341330A (en) | Topology discovery method and system of SDN controller | |
| CN108645450B (en) | Smart city environmental protection system | |
| CN104486153B (en) | A kind of transformer station process layer network transmission performance monitoring method based on FPGA | |
| CN102783098A (en) | Communication system, path control apparatus, packet forwarding apparatus and path control method | |
| CN104380667A (en) | Method and device for routing data message | |
| CN103916319B (en) | Link selecting method and stack equipment in LACP stacking networkings | |
| CN102263697A (en) | Method and device for sharing aggregated link traffic | |
| CN105227393B (en) | A kind of bidirectional forwarding detection (BFD) method | |
| CN1514585A (en) | Method used for detecting conncetion failure, system and network entity | |
| JP4409991B2 (en) | Transmission control system using link aggregation | |
| CN104184675B (en) | The IPSec VPN devices group system and its method of work of a kind of load balancing | |
| CN101242321A (en) | An end-to-end throughput measuring method and device | |
| RU2007111857A (en) | RING NETWORK, COMMUNICATION DEVICE AND OPERATIONAL MANAGEMENT METHOD USED FOR THE RING NETWORK AND COMMUNICATION DEVICE | |
| CN101026469A (en) | Network relay apparatus and method for transmitting data packet | |
| CN101958577B (en) | Method for overhauling GOOSE in digital substation | |
| CN108075949A (en) | A kind of VPWS environment realizes the method and apparatus of RFC2544 | |
| CN103368844B (en) | Message processing method and LSR in MPLS network | |
| CN104468403B (en) | A kind of SDN controllers for carrying out network flow classification to packet based on NACC | |
| CN106961400A (en) | A kind of method and system for realizing cloud platform virtual port mirror image | |
| CN106899405A (en) | A kind of intelligent sensitivity and private data transmission protecting | |
| CN102769567B (en) | A kind of retransmission method of multilink transparent internet Frame and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |
|
| RJ01 | Rejection of invention patent application after publication |