CN108429646B - Method and device for optimizing Ipsec VPN - Google Patents
Method and device for optimizing Ipsec VPN Download PDFInfo
- Publication number
- CN108429646B CN108429646B CN201810185977.3A CN201810185977A CN108429646B CN 108429646 B CN108429646 B CN 108429646B CN 201810185977 A CN201810185977 A CN 201810185977A CN 108429646 B CN108429646 B CN 108429646B
- Authority
- CN
- China
- Prior art keywords
- pop point
- information
- client
- zabbix
- pop
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 210000001503 joint Anatomy 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 19
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
- H04L45/028—Dynamic adaptation of the update intervals, e.g. event-triggered updates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for optimizing an Ipsec VPN, relates to the technical field of communication, and aims to solve the problems that the existing VPN opening is in a mode of manually knocking a command line on network equipment by an engineer, and is low in speed and easy to make mistakes. The method comprises the following steps: receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information, and acquiring equipment information of the POP point through Zabbix; sending the CE to a client so that the CE is registered at a control end according to the MAC address of the client and the IP information of the client; and according to a dynamic path selection algorithm, determining a first POP point connected with the CE in the full-network topological graph, and sending VPN configuration at the CE and the first POP point.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a method and a device for optimizing an IpsecVPN.
Background
An internet protocol Security (IpSec) VPN (virtual private Network (VPN) in chinese) is a widely used VPN technology, and Security in a transmission process is ensured by data encryption. The biggest disadvantage is that QoS is not guaranteed and transmission speed is slow. MPLS VPNs have faster forwarding speeds, but are generally secure and expensive.
In the current market, a second-level operator opens the VPN mainly in a mode that an engineer manually clicks a command line on network equipment, so that the problems of low opening speed and high possibility of errors are solved. The quality of the equipment at the two ends of the VPN before and after the opening is difficult to ensure, the workload of operation and maintenance personnel is increased, and once the equipment fails, the equipment needs to be reconfigured by an engineer.
In summary, the conventional VPN opening is in a form of manually knocking a command line on a network device by an engineer, and has the problems of low speed and high error probability.
Disclosure of Invention
The embodiment of the invention provides a method and a device for optimizing an IpsecVPN (Internet protocol private network), which are used for solving the problems of low speed and easy error existing in the conventional mode of opening the VPN by manually knocking a command line on network equipment by an engineer.
The embodiment of the invention provides a method for optimizing an IpsecVPN, which comprises the following steps:
receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information, and acquiring equipment information of the POP point through Zabbix;
sending the CE to a client so that the CE is registered at a control end according to the MAC address of the client and the IP information of the client;
and according to a dynamic path selection algorithm, determining a first POP point connected with the CE in the full-network topological graph, and sending VPN configuration at the CE and the first POP point.
Preferably, the device information of the POP point includes any one or more of the following combinations:
network equipment time delay, jitter and packet loss rate;
the dynamic path selection algorithm is determined according to the following formula:
V=f1*x1+f2*x2+f3*x3
wherein f is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter.
Preferably, the method also comprises a PE, wherein the POP point sends VRF configuration to the PE connected with the POP point, and the butt joint of the POP point and the PE at the edge of the MPLS network is completed.
Preferably, the acquiring the device information of the POP point through Zabbix specifically includes:
the Zabbix is arranged in the controller in a plug-in mode, and equipment information of the POP point is acquired through the Zabbix; or
And the controller calls a northbound interface of Zabbix to acquire the equipment information of the POP point.
An embodiment of the present invention further provides a device for optimizing Ipsec VPN, including:
the acquisition unit is used for receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information and acquiring equipment information of the POP point through Zabbix;
the registration unit is used for sending the CE to a client so that the CE is registered at a control end according to the MAC address of the client and the IP information of the client;
and the sending unit is used for determining a first POP point connected with the CE in the full-network topological graph according to a dynamic path selection algorithm and sending VPN configuration at the CE and the first POP point.
Preferably, the device information of the POP point includes any one or more of the following combinations:
network equipment time delay, jitter and packet loss rate;
the dynamic path selection algorithm is determined according to the following formula:
V=f1*x1+f2*x2+f3*x3
wherein f is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter.
Preferably, the method also comprises a PE, wherein the POP point sends VRF configuration to the PE connected with the POP point, and the interface between the POP point and the PE at the edge of the MPLS network is completed.
Preferably, the acquisition unit is specifically configured to:
the Zabbix is arranged in the controller in a plug-in mode, and equipment information of the POP point is acquired through the Zabbix; or
And the controller calls a northbound interface of Zabbix to acquire the equipment information of the POP point.
The embodiment of the invention provides a method and a device for optimizing an IpsecVPN, wherein the method comprises the following steps: receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information, and acquiring equipment information of the POP point through Zabbix; sending the CE to a client so that the CE is registered at a control end according to the MAC address of the client and the IP information of the client; and according to a dynamic path selection algorithm, determining a first POP point connected with the CE in the full-network topological graph, and sending VPN configuration at the CE and the first POP point. In the method, the ODL controller is used for issuing the VPN configuration, so that the VPN opening period is prolonged; by the dynamic path selection algorithm, the defects that the IPsecVPN has poor network quality perception and may have time delay and the like are avoided. The method solves the problems that the existing VPN opening is in a mode of manually knocking a command line on network equipment by an engineer, and is low in speed and easy to make mistakes.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for optimizing an ipseccvpn according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a combination of an Ipsec VPN and an MPLS VPN according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating an ODL controller issuing an Ipsec VPN between a CE and a POP according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an ODL controller issuing an Ipsec VPN between a CE and a POP when Zabbix is added as a plug-in to an ODL framework according to an embodiment of the present invention;
fig. 5 is a schematic diagram of an ODL controller invoking Zabbix to issue an Ipsec VPN between a CE and a POP according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an apparatus for optimizing an Ipsec VPN according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 schematically illustrates a flowchart of a method for optimizing an Ipsec VPN according to an embodiment of the present invention. As shown in fig. 1, the method mainly comprises the following steps:
102, sending a CE to a client so that the CE is registered at a control end according to the MAC address of the client and the IP information of the client;
and 103, determining a first POP point connected with the CE in the full-network topological graph according to a dynamic path selection algorithm, and sending VPN configuration at the CE and the first POP point.
It should be noted that, according to the method for optimizing an Ipsec VPN provided in the embodiments of the present invention, an execution subject in the method is an ODL controller. One end of the ODL controller is connected with the service arrangement layer, and the other end of the ODL controller is respectively connected with the CE and the POP point through Zabbix.
In step 101, the ODL controller receives registration information sent by the POP point, where the registration information mainly includes a public network IP of the POP point and location information of the POP point, and it should be noted that the location information of the POP point may be a data center of an operator at a location a or a data center of an operator at a location B. For example, the location of the POP point may be a beijing data center of the operator, or a data center of the operator in shenzhen.
Further, after the ODL controller receives the registration information sent by the POP point, the ODL controller may form a full-network topology map according to the registration information of the plurality of POP points, where the full-network topology map includes public network IPs of the plurality of POP points and location information of the POP points.
Fig. 2 is a schematic diagram illustrating a combination of an ipsec VPN and an MPLS VPN according to an embodiment of the present invention, and as shown in fig. 2, in the embodiment of the present invention, the ipsec VPN and the MPLS VPN may be combined.
Fig. 3 is a schematic diagram of an ODL controller issuing an Ipsec VPN between a CE and a POP according to an embodiment of the present invention, and as shown in fig. 3, on the basis of combining the Ipsec VPN and an MPLS VPN, the ODL controller issues an Ipsec VPN between the CE and the POP, and a VRF configuration is issued between a POP point and a PE, so that an edge PE of an MPLS network can be docked.
Fig. 4 is a schematic diagram of the application of Zabbix as a plug-in added to an ODL framework, where an ODL controller issues an Ipsec VPN between a CE and a POP, and in comparison with the schematic diagrams of the application of Zabbix as a plug-in added to an ODL controller layer in the ODL controller of fig. 4 and 3, Zabbix is added to the ODL controller layer in the form of a plug-in.
Fig. 5 is a schematic diagram of the ODL controller invoking Zabbix and issuing Ipsec VPN between CE and POP according to the embodiment of the present invention, and compared with the schematic diagram of the ODL controller issuing Ipsec VPN between CE and POP according to fig. 5 and fig. 3, Zabbix is added to fig. 5, and the ODL controller may invoke data by invoking a northbound debit of Zabbix.
In the embodiment of the present invention, because the ODL controller and Zabbix are connected in the above two manners, that is, when the OLD controller needs to obtain the device information of the POP point through Zabbix, the OLD controller can obtain the device information through the above two manners. The first method comprises the following steps: because the Zabbix is embedded into the OLD controllers in the form of plug-ins, the Zabbix is called among the OLD controllers to acquire the equipment information of the POP point; and the second method comprises the following steps: and the OLD controller calls data through a northbound interface of the Zabbix, namely, the equipment information of the POP point is acquired through the northbound interface of the Zabbix.
It should be noted that, in the embodiment of the present invention, the device information of the POP point mainly includes: network equipment time delay, jitter, packet loss rate.
In step 102, the ODL controller sends the CE to the client, the CE sent to the client acquires the MAC address of the client and the IP information of the client, and registers the acquired MAC address and IP information of the client in the ODL controller. After the CE completes registration of the client at the ODL controller, the OLD controller may determine the current location of the CE, that is, the location of the CE in the full-network topology map.
In step 103, after determining the locations of the plurality of POP points and the client of the CE in the topology map of the whole network, the ODL controller may determine the first POP point connected to the CE in the topology map of the whole network by a QOS priority rule, that is, by a dynamic path selection algorithm. It should be noted that the first POP point is a POP point having the best path between a CE and one selected from a plurality of POP points in the full-network topology. That is, in the embodiment of the present invention, the first POP point is not a specific POP point, and the first POP point is a concept determined with respect to the CE.
After determining the first POP point and the CE within the full network topology, the ODL controller may send the VPN configuration between the first POP point and the CE, so that the VPN configuration between the first POP point and the CE may be completed.
It should be noted that, in step 103, the QOS preference rule can be determined by the following formula (1):
V=f1*x1+f2*x2+f3*x3 (1)
wherein f is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter. Since f is a coefficient and x is an impact factor, the service has different grades in different scenes, and the satisfying range of v can be different. Under default conditions, for example, the quality requirement of video conference is higher than that of ordinary Internet application, so the value range of v (video conference) must be smaller than v (ordinary Internet application).
Further, the operator administrator can also reset f according to the situation of the operator administrator. In the embodiment of the present invention, the specific setting of f is not limited.
It should be noted that, as shown in fig. 2, fig. 3, fig. 4, and fig. 5, in the method for optimizing an Ipsec VPN according to the embodiment of the present invention, a PE is further included, where a POP point sends a VRF configuration to a PE connected to the POP point, so that the POP point can complete interfacing with a PE on an edge of an MPLS network.
Based on the same inventive concept, embodiments of the present invention provide an apparatus for optimizing an ipseccvpn, and since the principle of the apparatus for solving the technical problem is similar to a method for optimizing an ipseccvpn, the method may be used for implementing the apparatus, and repeated details are not described herein.
Fig. 6 shows an apparatus for optimizing an ipseccvpn according to an embodiment of the present invention, as shown in fig. 6, the apparatus mainly includes an acquisition unit 601, a registration unit 602, and a sending unit 603.
The acquisition unit 601 is used for receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information, and acquiring equipment information of the POP point through Zabbix;
a registering unit 602, configured to send a CE to a client, so that the CE registers at a control end according to a MAC address of the client and IP information of the client;
a sending unit 603, configured to determine, according to a dynamic path selection algorithm, a first POP point connected to the CE in the full-network topology map, and send a VPN configuration between the CE and the first POP point.
Preferably, the device information of the POP point includes any one or more of the following combinations:
network equipment time delay, jitter and packet loss rate;
the dynamic path selection algorithm is determined according to the following formula:
V=f1*x1+f2*x2+f3*x3
wherein f is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter.
Preferably, the method also comprises a PE, wherein the POP point sends VRF configuration to the PE connected with the POP point, and the interface between the POP point and the PE at the edge of the MPLS network is completed.
Preferably, the acquisition unit 601 is specifically configured to:
the Zabbix is arranged in the controller in a plug-in mode, and equipment information of the POP point is acquired through the Zabbix; or
And the controller calls a northbound interface of Zabbix to acquire the equipment information of the POP point.
It should be understood that the above apparatus for optimizing ipseccvpn includes only a logical division according to the functions implemented by the device apparatus, and in practical applications, the above units may be stacked or separated. The functions of the apparatus for optimizing Ipsec VPN according to this embodiment correspond to the method for optimizing Ipsec VPN according to the foregoing embodiment, and for the more detailed processing flow implemented by the apparatus, the detailed description is already described in the above method embodiment, and the detailed description is not repeated here.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (6)
1. A method of optimizing an Ipsec VPN, comprising:
receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information, and acquiring equipment information of the POP point through Zabbix;
sending the MAC address of the client and the IP information of the client to a CE (client side) so that the CE registers at a control end according to the MAC address of the client and the IP information of the client;
according to a dynamic path selection algorithm, determining a first POP point connected with the CE in the full-network topological graph, and sending VPN configuration at the CE and the first POP point;
and the POP point sends VRF configuration to the PE connected with the POP point, and the butt joint of the POP point and the PE at the edge of the MPLS network is completed.
2. The method of claim 1, wherein the device information of the POP point comprises any one or more of the following in combination:
network equipment time delay, jitter and packet loss rate;
the dynamic path selection algorithm is determined according to the following formula:
V=f1*x1+f2*x2+f3*x3
wherein f is1、f2、f3Is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter.
3. The method as claimed in claim 1, wherein the collecting the device information of the POP point through Zabbix specifically includes:
the Zabbix is arranged in the controller in a plug-in mode, and equipment information of the POP point is acquired through the Zabbix; or
And the controller calls a northbound interface of Zabbix to acquire the equipment information of the POP point.
4. An apparatus for optimizing an Ipsec VPN, comprising:
the acquisition unit is used for receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information and acquiring equipment information of the POP point through Zabbix;
the registration unit is used for sending the MAC address of the client and the IP information of the client to the CE so that the CE registers at the control end according to the MAC address of the client and the IP information of the client;
a sending unit, configured to determine, according to a dynamic path selection algorithm, a first POP point connected to the CE in the full-network topology map, and send a VPN configuration between the CE and the first POP point;
and the POP point sends VRF configuration to the PE connected with the POP point, and the butt joint of the POP point and the PE at the edge of the MPLS network is completed.
5. The apparatus of claim 4, wherein the device information of the POP point comprises any one or more of the following in combination:
network equipment time delay, jitter and packet loss rate;
the dynamic path selection algorithm is determined according to the following formula:
V=f1*x1+f2*x2+f3*x3
wherein f is1、f2、f3Is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter.
6. The apparatus of claim 4, wherein the acquisition unit is specifically configured to:
the Zabbix is arranged in the controller in a plug-in mode, and equipment information of the POP point is acquired through the Zabbix; or
And the controller calls a northbound interface of Zabbix to acquire the equipment information of the POP point.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810185977.3A CN108429646B (en) | 2018-03-07 | 2018-03-07 | Method and device for optimizing Ipsec VPN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810185977.3A CN108429646B (en) | 2018-03-07 | 2018-03-07 | Method and device for optimizing Ipsec VPN |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108429646A CN108429646A (en) | 2018-08-21 |
| CN108429646B true CN108429646B (en) | 2021-05-11 |
Family
ID=63157464
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810185977.3A Active CN108429646B (en) | 2018-03-07 | 2018-03-07 | Method and device for optimizing Ipsec VPN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108429646B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109639510B (en) * | 2019-01-23 | 2021-09-10 | 中国人民解放军战略支援部队信息工程大学 | Regional PoP division method based on subnet analysis |
| CN115022168B (en) * | 2022-06-30 | 2024-03-19 | 南斗六星系统集成有限公司 | Unified monitoring method based on zabbix and related equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103841022A (en) * | 2014-03-12 | 2014-06-04 | 华为技术有限公司 | Method and device for building tunnel |
| CN106789537A (en) * | 2017-01-20 | 2017-05-31 | 网宿科技股份有限公司 | A kind of VPN construction method and system |
| CN107040469A (en) * | 2015-12-30 | 2017-08-11 | 丛林网络公司 | The network equipment and method |
| CN107426102A (en) * | 2017-07-26 | 2017-12-01 | 桂林电子科技大学 | Multipath parallel transmission dynamic decision method based on path quality |
| CN107579897A (en) * | 2017-09-14 | 2018-01-12 | 广州西麦科技股份有限公司 | A kind of method and device based on OpenDaylight configurations VPN |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7505402B2 (en) * | 2005-06-23 | 2009-03-17 | Cisco Technology, Inc. | Method and apparatus for providing faster convergence for redundant sites |
| CN103746914B (en) * | 2013-12-31 | 2017-08-18 | 华为技术有限公司 | Set up method, the apparatus and system of private network tags and original VRF corresponding relations |
-
2018
- 2018-03-07 CN CN201810185977.3A patent/CN108429646B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103841022A (en) * | 2014-03-12 | 2014-06-04 | 华为技术有限公司 | Method and device for building tunnel |
| CN107040469A (en) * | 2015-12-30 | 2017-08-11 | 丛林网络公司 | The network equipment and method |
| CN106789537A (en) * | 2017-01-20 | 2017-05-31 | 网宿科技股份有限公司 | A kind of VPN construction method and system |
| CN107426102A (en) * | 2017-07-26 | 2017-12-01 | 桂林电子科技大学 | Multipath parallel transmission dynamic decision method based on path quality |
| CN107579897A (en) * | 2017-09-14 | 2018-01-12 | 广州西麦科技股份有限公司 | A kind of method and device based on OpenDaylight configurations VPN |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108429646A (en) | 2018-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230283549A1 (en) | Loop prevention in virtual layer 2 networks | |
| CA2950206C (en) | Flow entry configuration method, apparatus, and system | |
| US10148556B2 (en) | Link aggregation group (LAG) support on a software-defined network (SDN) | |
| US10606454B2 (en) | Stage upgrade of image versions on devices in a cluster | |
| US9832136B1 (en) | Streaming software to multiple virtual machines in different subnets | |
| US10341131B2 (en) | Avoiding unknown unicast floods resulting from MAC address table overflows | |
| US20150163243A1 (en) | Data stream security processing method and apparatus | |
| US9819574B2 (en) | Concerted multi-destination forwarding in a joint TRILL fabric and VXLAN/IP fabric data center | |
| WO2017166136A1 (en) | Vnf resource allocation method and device | |
| WO2019233124A1 (en) | Network slice creation method and management and orchestration system | |
| CN108429646B (en) | Method and device for optimizing Ipsec VPN | |
| US20190097840A1 (en) | Method, apparatus, and device for pptp vpn based access acceleration | |
| US20230344777A1 (en) | Customized processing for different classes of rdma traffic | |
| CN111953661A (en) | SDN-based east-west flow security protection method and system | |
| CN109756419B (en) | Routing information distribution method and device and RR | |
| US20150113105A1 (en) | Automated provisioning of a hybrid network | |
| US9306955B2 (en) | Early policy evaluation of multiphase attributes in high-performance firewalls | |
| WO2016192402A1 (en) | Method and apparatus for adjusting maximum transmission unit of ipv6 tunnel | |
| US20220417139A1 (en) | Routing policies for graphical processing units | |
| US10270660B2 (en) | Function virtualization for multimedia network topology adaptation | |
| US20240106760A1 (en) | Network device level optimizations for latency sensitive rdma traffic | |
| US20230344778A1 (en) | Network device level optimizations for bandwidth sensitive rdma traffic | |
| US9036646B2 (en) | Distributed routing mechanisms for a virtual switch enabled by a trill-based fabric | |
| CN103220227B (en) | The QoS realization method and system of Ezvpn | |
| US20170373922A1 (en) | Autoclassification of network interfaces based on name |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A method and device for optimizing Ipsec VPN Granted publication date: 20210511 Pledgee: Bank of China Limited Guangzhou Pearl River Branch Pledgor: GUANGZHOU VCMY TECHNOLOGY Co.,Ltd. Registration number: Y2024980020601 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |