CN108429646B - Method and device for optimizing Ipsec VPN - Google Patents

Method and device for optimizing Ipsec VPN Download PDF

Info

Publication number
CN108429646B
CN108429646B CN201810185977.3A CN201810185977A CN108429646B CN 108429646 B CN108429646 B CN 108429646B CN 201810185977 A CN201810185977 A CN 201810185977A CN 108429646 B CN108429646 B CN 108429646B
Authority
CN
China
Prior art keywords
pop point
information
client
zabbix
pop
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810185977.3A
Other languages
Chinese (zh)
Other versions
CN108429646A (en
Inventor
赖秋杰
熊常春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vcmy Guangzhou Technology Shares Co ltd
Original Assignee
Vcmy Guangzhou Technology Shares Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vcmy Guangzhou Technology Shares Co ltd filed Critical Vcmy Guangzhou Technology Shares Co ltd
Priority to CN201810185977.3A priority Critical patent/CN108429646B/en
Publication of CN108429646A publication Critical patent/CN108429646A/en
Application granted granted Critical
Publication of CN108429646B publication Critical patent/CN108429646B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/028Dynamic adaptation of the update intervals, e.g. event-triggered updates

Abstract

The invention discloses a method and a device for optimizing an Ipsec VPN, relates to the technical field of communication, and aims to solve the problems that the existing VPN opening is in a mode of manually knocking a command line on network equipment by an engineer, and is low in speed and easy to make mistakes. The method comprises the following steps: receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information, and acquiring equipment information of the POP point through Zabbix; sending the CE to a client so that the CE is registered at a control end according to the MAC address of the client and the IP information of the client; and according to a dynamic path selection algorithm, determining a first POP point connected with the CE in the full-network topological graph, and sending VPN configuration at the CE and the first POP point.

Description

Method and device for optimizing Ipsec VPN
Technical Field
The invention relates to the technical field of communication, in particular to a method and a device for optimizing an IpsecVPN.
Background
An internet protocol Security (IpSec) VPN (virtual private Network (VPN) in chinese) is a widely used VPN technology, and Security in a transmission process is ensured by data encryption. The biggest disadvantage is that QoS is not guaranteed and transmission speed is slow. MPLS VPNs have faster forwarding speeds, but are generally secure and expensive.
In the current market, a second-level operator opens the VPN mainly in a mode that an engineer manually clicks a command line on network equipment, so that the problems of low opening speed and high possibility of errors are solved. The quality of the equipment at the two ends of the VPN before and after the opening is difficult to ensure, the workload of operation and maintenance personnel is increased, and once the equipment fails, the equipment needs to be reconfigured by an engineer.
In summary, the conventional VPN opening is in a form of manually knocking a command line on a network device by an engineer, and has the problems of low speed and high error probability.
Disclosure of Invention
The embodiment of the invention provides a method and a device for optimizing an IpsecVPN (Internet protocol private network), which are used for solving the problems of low speed and easy error existing in the conventional mode of opening the VPN by manually knocking a command line on network equipment by an engineer.
The embodiment of the invention provides a method for optimizing an IpsecVPN, which comprises the following steps:
receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information, and acquiring equipment information of the POP point through Zabbix;
sending the CE to a client so that the CE is registered at a control end according to the MAC address of the client and the IP information of the client;
and according to a dynamic path selection algorithm, determining a first POP point connected with the CE in the full-network topological graph, and sending VPN configuration at the CE and the first POP point.
Preferably, the device information of the POP point includes any one or more of the following combinations:
network equipment time delay, jitter and packet loss rate;
the dynamic path selection algorithm is determined according to the following formula:
V=f1*x1+f2*x2+f3*x3
wherein f is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter.
Preferably, the method also comprises a PE, wherein the POP point sends VRF configuration to the PE connected with the POP point, and the butt joint of the POP point and the PE at the edge of the MPLS network is completed.
Preferably, the acquiring the device information of the POP point through Zabbix specifically includes:
the Zabbix is arranged in the controller in a plug-in mode, and equipment information of the POP point is acquired through the Zabbix; or
And the controller calls a northbound interface of Zabbix to acquire the equipment information of the POP point.
An embodiment of the present invention further provides a device for optimizing Ipsec VPN, including:
the acquisition unit is used for receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information and acquiring equipment information of the POP point through Zabbix;
the registration unit is used for sending the CE to a client so that the CE is registered at a control end according to the MAC address of the client and the IP information of the client;
and the sending unit is used for determining a first POP point connected with the CE in the full-network topological graph according to a dynamic path selection algorithm and sending VPN configuration at the CE and the first POP point.
Preferably, the device information of the POP point includes any one or more of the following combinations:
network equipment time delay, jitter and packet loss rate;
the dynamic path selection algorithm is determined according to the following formula:
V=f1*x1+f2*x2+f3*x3
wherein f is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter.
Preferably, the method also comprises a PE, wherein the POP point sends VRF configuration to the PE connected with the POP point, and the interface between the POP point and the PE at the edge of the MPLS network is completed.
Preferably, the acquisition unit is specifically configured to:
the Zabbix is arranged in the controller in a plug-in mode, and equipment information of the POP point is acquired through the Zabbix; or
And the controller calls a northbound interface of Zabbix to acquire the equipment information of the POP point.
The embodiment of the invention provides a method and a device for optimizing an IpsecVPN, wherein the method comprises the following steps: receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information, and acquiring equipment information of the POP point through Zabbix; sending the CE to a client so that the CE is registered at a control end according to the MAC address of the client and the IP information of the client; and according to a dynamic path selection algorithm, determining a first POP point connected with the CE in the full-network topological graph, and sending VPN configuration at the CE and the first POP point. In the method, the ODL controller is used for issuing the VPN configuration, so that the VPN opening period is prolonged; by the dynamic path selection algorithm, the defects that the IPsecVPN has poor network quality perception and may have time delay and the like are avoided. The method solves the problems that the existing VPN opening is in a mode of manually knocking a command line on network equipment by an engineer, and is low in speed and easy to make mistakes.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for optimizing an ipseccvpn according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a combination of an Ipsec VPN and an MPLS VPN according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating an ODL controller issuing an Ipsec VPN between a CE and a POP according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an ODL controller issuing an Ipsec VPN between a CE and a POP when Zabbix is added as a plug-in to an ODL framework according to an embodiment of the present invention;
fig. 5 is a schematic diagram of an ODL controller invoking Zabbix to issue an Ipsec VPN between a CE and a POP according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an apparatus for optimizing an Ipsec VPN according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 schematically illustrates a flowchart of a method for optimizing an Ipsec VPN according to an embodiment of the present invention. As shown in fig. 1, the method mainly comprises the following steps:
step 101, receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information, and collecting equipment information of the POP point through Zabbix;
102, sending a CE to a client so that the CE is registered at a control end according to the MAC address of the client and the IP information of the client;
and 103, determining a first POP point connected with the CE in the full-network topological graph according to a dynamic path selection algorithm, and sending VPN configuration at the CE and the first POP point.
It should be noted that, according to the method for optimizing an Ipsec VPN provided in the embodiments of the present invention, an execution subject in the method is an ODL controller. One end of the ODL controller is connected with the service arrangement layer, and the other end of the ODL controller is respectively connected with the CE and the POP point through Zabbix.
In step 101, the ODL controller receives registration information sent by the POP point, where the registration information mainly includes a public network IP of the POP point and location information of the POP point, and it should be noted that the location information of the POP point may be a data center of an operator at a location a or a data center of an operator at a location B. For example, the location of the POP point may be a beijing data center of the operator, or a data center of the operator in shenzhen.
Further, after the ODL controller receives the registration information sent by the POP point, the ODL controller may form a full-network topology map according to the registration information of the plurality of POP points, where the full-network topology map includes public network IPs of the plurality of POP points and location information of the POP points.
Fig. 2 is a schematic diagram illustrating a combination of an ipsec VPN and an MPLS VPN according to an embodiment of the present invention, and as shown in fig. 2, in the embodiment of the present invention, the ipsec VPN and the MPLS VPN may be combined.
Fig. 3 is a schematic diagram of an ODL controller issuing an Ipsec VPN between a CE and a POP according to an embodiment of the present invention, and as shown in fig. 3, on the basis of combining the Ipsec VPN and an MPLS VPN, the ODL controller issues an Ipsec VPN between the CE and the POP, and a VRF configuration is issued between a POP point and a PE, so that an edge PE of an MPLS network can be docked.
Fig. 4 is a schematic diagram of the application of Zabbix as a plug-in added to an ODL framework, where an ODL controller issues an Ipsec VPN between a CE and a POP, and in comparison with the schematic diagrams of the application of Zabbix as a plug-in added to an ODL controller layer in the ODL controller of fig. 4 and 3, Zabbix is added to the ODL controller layer in the form of a plug-in.
Fig. 5 is a schematic diagram of the ODL controller invoking Zabbix and issuing Ipsec VPN between CE and POP according to the embodiment of the present invention, and compared with the schematic diagram of the ODL controller issuing Ipsec VPN between CE and POP according to fig. 5 and fig. 3, Zabbix is added to fig. 5, and the ODL controller may invoke data by invoking a northbound debit of Zabbix.
In the embodiment of the present invention, because the ODL controller and Zabbix are connected in the above two manners, that is, when the OLD controller needs to obtain the device information of the POP point through Zabbix, the OLD controller can obtain the device information through the above two manners. The first method comprises the following steps: because the Zabbix is embedded into the OLD controllers in the form of plug-ins, the Zabbix is called among the OLD controllers to acquire the equipment information of the POP point; and the second method comprises the following steps: and the OLD controller calls data through a northbound interface of the Zabbix, namely, the equipment information of the POP point is acquired through the northbound interface of the Zabbix.
It should be noted that, in the embodiment of the present invention, the device information of the POP point mainly includes: network equipment time delay, jitter, packet loss rate.
In step 102, the ODL controller sends the CE to the client, the CE sent to the client acquires the MAC address of the client and the IP information of the client, and registers the acquired MAC address and IP information of the client in the ODL controller. After the CE completes registration of the client at the ODL controller, the OLD controller may determine the current location of the CE, that is, the location of the CE in the full-network topology map.
In step 103, after determining the locations of the plurality of POP points and the client of the CE in the topology map of the whole network, the ODL controller may determine the first POP point connected to the CE in the topology map of the whole network by a QOS priority rule, that is, by a dynamic path selection algorithm. It should be noted that the first POP point is a POP point having the best path between a CE and one selected from a plurality of POP points in the full-network topology. That is, in the embodiment of the present invention, the first POP point is not a specific POP point, and the first POP point is a concept determined with respect to the CE.
After determining the first POP point and the CE within the full network topology, the ODL controller may send the VPN configuration between the first POP point and the CE, so that the VPN configuration between the first POP point and the CE may be completed.
It should be noted that, in step 103, the QOS preference rule can be determined by the following formula (1):
V=f1*x1+f2*x2+f3*x3 (1)
wherein f is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter. Since f is a coefficient and x is an impact factor, the service has different grades in different scenes, and the satisfying range of v can be different. Under default conditions, for example, the quality requirement of video conference is higher than that of ordinary Internet application, so the value range of v (video conference) must be smaller than v (ordinary Internet application).
Further, the operator administrator can also reset f according to the situation of the operator administrator. In the embodiment of the present invention, the specific setting of f is not limited.
It should be noted that, as shown in fig. 2, fig. 3, fig. 4, and fig. 5, in the method for optimizing an Ipsec VPN according to the embodiment of the present invention, a PE is further included, where a POP point sends a VRF configuration to a PE connected to the POP point, so that the POP point can complete interfacing with a PE on an edge of an MPLS network.
Based on the same inventive concept, embodiments of the present invention provide an apparatus for optimizing an ipseccvpn, and since the principle of the apparatus for solving the technical problem is similar to a method for optimizing an ipseccvpn, the method may be used for implementing the apparatus, and repeated details are not described herein.
Fig. 6 shows an apparatus for optimizing an ipseccvpn according to an embodiment of the present invention, as shown in fig. 6, the apparatus mainly includes an acquisition unit 601, a registration unit 602, and a sending unit 603.
The acquisition unit 601 is used for receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information, and acquiring equipment information of the POP point through Zabbix;
a registering unit 602, configured to send a CE to a client, so that the CE registers at a control end according to a MAC address of the client and IP information of the client;
a sending unit 603, configured to determine, according to a dynamic path selection algorithm, a first POP point connected to the CE in the full-network topology map, and send a VPN configuration between the CE and the first POP point.
Preferably, the device information of the POP point includes any one or more of the following combinations:
network equipment time delay, jitter and packet loss rate;
the dynamic path selection algorithm is determined according to the following formula:
V=f1*x1+f2*x2+f3*x3
wherein f is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter.
Preferably, the method also comprises a PE, wherein the POP point sends VRF configuration to the PE connected with the POP point, and the interface between the POP point and the PE at the edge of the MPLS network is completed.
Preferably, the acquisition unit 601 is specifically configured to:
the Zabbix is arranged in the controller in a plug-in mode, and equipment information of the POP point is acquired through the Zabbix; or
And the controller calls a northbound interface of Zabbix to acquire the equipment information of the POP point.
It should be understood that the above apparatus for optimizing ipseccvpn includes only a logical division according to the functions implemented by the device apparatus, and in practical applications, the above units may be stacked or separated. The functions of the apparatus for optimizing Ipsec VPN according to this embodiment correspond to the method for optimizing Ipsec VPN according to the foregoing embodiment, and for the more detailed processing flow implemented by the apparatus, the detailed description is already described in the above method embodiment, and the detailed description is not repeated here.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (6)

1. A method of optimizing an Ipsec VPN, comprising:
receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information, and acquiring equipment information of the POP point through Zabbix;
sending the MAC address of the client and the IP information of the client to a CE (client side) so that the CE registers at a control end according to the MAC address of the client and the IP information of the client;
according to a dynamic path selection algorithm, determining a first POP point connected with the CE in the full-network topological graph, and sending VPN configuration at the CE and the first POP point;
and the POP point sends VRF configuration to the PE connected with the POP point, and the butt joint of the POP point and the PE at the edge of the MPLS network is completed.
2. The method of claim 1, wherein the device information of the POP point comprises any one or more of the following in combination:
network equipment time delay, jitter and packet loss rate;
the dynamic path selection algorithm is determined according to the following formula:
V=f1*x1+f2*x2+f3*x3
wherein f is1、f2、f3Is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter.
3. The method as claimed in claim 1, wherein the collecting the device information of the POP point through Zabbix specifically includes:
the Zabbix is arranged in the controller in a plug-in mode, and equipment information of the POP point is acquired through the Zabbix; or
And the controller calls a northbound interface of Zabbix to acquire the equipment information of the POP point.
4. An apparatus for optimizing an Ipsec VPN, comprising:
the acquisition unit is used for receiving registration information sent by a POP point, forming a full-network topological graph according to the registration information and acquiring equipment information of the POP point through Zabbix;
the registration unit is used for sending the MAC address of the client and the IP information of the client to the CE so that the CE registers at the control end according to the MAC address of the client and the IP information of the client;
a sending unit, configured to determine, according to a dynamic path selection algorithm, a first POP point connected to the CE in the full-network topology map, and send a VPN configuration between the CE and the first POP point;
and the POP point sends VRF configuration to the PE connected with the POP point, and the butt joint of the POP point and the PE at the edge of the MPLS network is completed.
5. The apparatus of claim 4, wherein the device information of the POP point comprises any one or more of the following in combination:
network equipment time delay, jitter and packet loss rate;
the dynamic path selection algorithm is determined according to the following formula:
V=f1*x1+f2*x2+f3*x3
wherein f is1、f2、f3Is a coefficient, x1For time delay, x2To the packet loss rate, x3Is jitter.
6. The apparatus of claim 4, wherein the acquisition unit is specifically configured to:
the Zabbix is arranged in the controller in a plug-in mode, and equipment information of the POP point is acquired through the Zabbix; or
And the controller calls a northbound interface of Zabbix to acquire the equipment information of the POP point.
CN201810185977.3A 2018-03-07 2018-03-07 Method and device for optimizing Ipsec VPN Active CN108429646B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810185977.3A CN108429646B (en) 2018-03-07 2018-03-07 Method and device for optimizing Ipsec VPN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810185977.3A CN108429646B (en) 2018-03-07 2018-03-07 Method and device for optimizing Ipsec VPN

Publications (2)

Publication Number Publication Date
CN108429646A CN108429646A (en) 2018-08-21
CN108429646B true CN108429646B (en) 2021-05-11

Family

ID=63157464

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810185977.3A Active CN108429646B (en) 2018-03-07 2018-03-07 Method and device for optimizing Ipsec VPN

Country Status (1)

Country Link
CN (1) CN108429646B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109639510B (en) * 2019-01-23 2021-09-10 中国人民解放军战略支援部队信息工程大学 Regional PoP division method based on subnet analysis
CN115022168B (en) * 2022-06-30 2024-03-19 南斗六星系统集成有限公司 Unified monitoring method based on zabbix and related equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103841022A (en) * 2014-03-12 2014-06-04 华为技术有限公司 Method and device for building tunnel
CN106789537A (en) * 2017-01-20 2017-05-31 网宿科技股份有限公司 A kind of VPN construction method and system
CN107040469A (en) * 2015-12-30 2017-08-11 丛林网络公司 The network equipment and method
CN107426102A (en) * 2017-07-26 2017-12-01 桂林电子科技大学 Multipath parallel transmission dynamic decision method based on path quality
CN107579897A (en) * 2017-09-14 2018-01-12 广州西麦科技股份有限公司 A kind of method and device based on OpenDaylight configurations VPN

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7505402B2 (en) * 2005-06-23 2009-03-17 Cisco Technology, Inc. Method and apparatus for providing faster convergence for redundant sites
CN103746914B (en) * 2013-12-31 2017-08-18 华为技术有限公司 Set up method, the apparatus and system of private network tags and original VRF corresponding relations

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103841022A (en) * 2014-03-12 2014-06-04 华为技术有限公司 Method and device for building tunnel
CN107040469A (en) * 2015-12-30 2017-08-11 丛林网络公司 The network equipment and method
CN106789537A (en) * 2017-01-20 2017-05-31 网宿科技股份有限公司 A kind of VPN construction method and system
CN107426102A (en) * 2017-07-26 2017-12-01 桂林电子科技大学 Multipath parallel transmission dynamic decision method based on path quality
CN107579897A (en) * 2017-09-14 2018-01-12 广州西麦科技股份有限公司 A kind of method and device based on OpenDaylight configurations VPN

Also Published As

Publication number Publication date
CN108429646A (en) 2018-08-21

Similar Documents

Publication Publication Date Title
US11689455B2 (en) Loop prevention in virtual layer 2 networks
US20220131807A1 (en) Identification of faulty sd-wan segment
US10148556B2 (en) Link aggregation group (LAG) support on a software-defined network (SDN)
US10606454B2 (en) Stage upgrade of image versions on devices in a cluster
US10341131B2 (en) Avoiding unknown unicast floods resulting from MAC address table overflows
US9401928B2 (en) Data stream security processing method and apparatus
US11757773B2 (en) Layer-2 networking storm control in a virtualized cloud environment
US9832136B1 (en) Streaming software to multiple virtual machines in different subnets
US9819574B2 (en) Concerted multi-destination forwarding in a joint TRILL fabric and VXLAN/IP fabric data center
TWI474681B (en) Connecting method for virtual machine in cloud system
WO2019233124A1 (en) Network slice creation method and management and orchestration system
CN108429646B (en) Method and device for optimizing Ipsec VPN
CN111953661A (en) SDN-based east-west flow security protection method and system
CN109756419B (en) Routing information distribution method and device and RR
US20150113105A1 (en) Automated provisioning of a hybrid network
WO2016192402A1 (en) Method and apparatus for adjusting maximum transmission unit of ipv6 tunnel
US20150304340A1 (en) Early Policy Evaluation of Multiphase Attributes in High-Performance Firewalls
US10270660B2 (en) Function virtualization for multimedia network topology adaptation
US9036646B2 (en) Distributed routing mechanisms for a virtual switch enabled by a trill-based fabric
US10122571B2 (en) Autoclassification of network interfaces based on name
CN103220227B (en) The QoS realization method and system of Ezvpn
US20240106760A1 (en) Network device level optimizations for latency sensitive rdma traffic
US20230344778A1 (en) Network device level optimizations for bandwidth sensitive rdma traffic
US20220417139A1 (en) Routing policies for graphical processing units
US20230222007A1 (en) Publishing physical topology network locality information for graphical processing unit workloads

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant