CN109088883A - A kind of network-building method of plurality of subnets, device, storage medium and computer equipment - Google Patents

A kind of network-building method of plurality of subnets, device, storage medium and computer equipment Download PDF

Info

Publication number
CN109088883A
CN109088883A CN201811106186.3A CN201811106186A CN109088883A CN 109088883 A CN109088883 A CN 109088883A CN 201811106186 A CN201811106186 A CN 201811106186A CN 109088883 A CN109088883 A CN 109088883A
Authority
CN
China
Prior art keywords
subnet
subnets
pair
connection table
subnet pair
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811106186.3A
Other languages
Chinese (zh)
Other versions
CN109088883B (en
Inventor
付恒涛
万志宇
李金国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN201811106186.3A priority Critical patent/CN109088883B/en
Publication of CN109088883A publication Critical patent/CN109088883A/en
Application granted granted Critical
Publication of CN109088883B publication Critical patent/CN109088883B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of network-building method of plurality of subnets, device, storage medium and computer equipments, this method comprises: establishing communication tunnel between two subnets of the first subnet pair, and the communication key between two subnets of the first subnet pair of configuration;Configuration data is obtained, and configuration data is saved as into the first connection table, is included at least in the first connection table: the IP of two subnets of the first subnet pair;The IP that the IP of two subnets of the first subnet pair in the first connection table is replaced with to two subnets of the second subnet pair obtains the multiplexing connection table of the second subnet pair;According to the multiplexing connection table of the second subnet pair, the communication key between two subnets of the second subnet pair is configured.The present invention is directly multiplexed by establishing connection table, and to the content other than subnet of going out in connection table, is established the tunnel in a stage and is separated with the cipher key configuration process of two-stage, on the basis of quickly carrying out subnet establishment, makes both ends that can initiate to negotiate.

Description

A kind of network-building method of plurality of subnets, device, storage medium and computer equipment
Technical field
The present invention relates to technical field of network security, are situated between more particularly to a kind of network-building method of plurality of subnets, device, storage Matter and computer equipment.
Background technique
Internet protocol safety (IPSec, InternetProtocolSecurity) is a kind of frame of open standard Frame structure, ensure to be maintained secrecy on Interne agreement (IP) network by using the security service of encryption and safety it is logical News.Ipsec tunnel negotiation is divided into two stages: the first stage negotiates to authenticate the identity of other side, and is second-order The negotiation of section provides a safe and reliable tunnel (IPSec tunnel).Second stage, which mainly generates, can really be used to encrypt The code key of data flow.After first stage and second stage negotiation are completed in the tunnel of user configuration, it can be protected on subnet stream Data provide encryption, and to guarantee the integrality and reliability of data, tunnel is established as shown in Figure 1.
In actual use, it is commonly present and needs the case where protecting multiple subnets, just needed at this time for each subnet by above-mentioned Mode establishes a tunnel, and efficiency is lower when administrator configurations, and operability is poor.The prior art when solving the above problems, By configuring a pair of of a Multiple tunnel in center-side, and multiple two-stage configuration is carried out respectively, as shown in Fig. 2, can be with branch A plurality of Subnetwork connection is held, but since branch end subnet can not carry out active negotiation, branch end subnet limitation is caused to enhance.
Summary of the invention
The present invention provides network-building method, device, storage medium and the computer equipment of a kind of plurality of subnets, existing to solve The problem of technology makes branch end subnet that can not carry out active negotiation, and branch end subnet limitation is caused to enhance.
In order to solve the above technical problems, on the one hand, the present invention provides a kind of network-building method of plurality of subnets, comprising: obtain to First subnet pair of the subnet centering of configuration is established communication tunnel between two subnets of first subnet pair, and is configured Communication key between two subnets of first subnet pair;According to the communication between two subnets of first subnet pair The configuration process of key obtains configuration data, and the configuration data is saved as the first connection table, wherein described first connects It connects in table and includes at least: the IP of two subnets of first subnet pair;By the first subnet pair in first connection table The IP of two subnets replaces with the IP of two subnets of the second subnet pair of subnet centering to be configured, obtains second subnet Pair multiplexing connection table;According to the multiplexing connection table of second subnet pair, configure second subnet pair two subnets it Between communication key.
Further, the IP of two subnets of the first subnet pair in first connection table is replaced with into second subnet Pair two subnets IP, before obtaining the multiplexing connection table of second subnet pair, further includes: be second subnet to building Vertical two-stage strategy;The two-stage strategy is associated with to the communication tunnel between two subnets of first subnet pair.
Further, according to the multiplexing connection table of second subnet pair, establish second subnet pair two subnets it Between communication key, comprising: the communication tunnel between two subnets of multiplexing first subnet pair;According to second subnet Pair multiplexing connection table, establish the communication key between two subnets of second subnet pair.
Further, it is included at least in first connection table: the IP of two subnets of first subnet pair, encryption plan Summary, authentication strategy, consulting tactical, integrity verification algorithm, Diffie-Hellman algorithm.
On the other hand, the present invention also provides a kind of network devices of plurality of subnets characterized by comprising configuration module is used It is that communication tunnel is established between two subnets of first subnet pair in the first subnet pair for obtaining subnet centering to be configured Road, and configure the communication key between two subnets of first subnet pair;Connection table establishes module, for according to described the The configuration process of communication key between two subnets of one subnet pair obtains configuration data, and the configuration data is saved For the first connection table, wherein included at least in first connection table: the IP of two subnets of first subnet pair;Replacement Module, for the IP of two subnets of the first subnet pair in first connection table to be replaced with to subnet centering to be configured The IP of two subnets of the second subnet pair obtains the multiplexing connection table of second subnet pair;Multiplexing module, for according to The multiplexing connection table of second subnet pair configures the communication key between two subnets of second subnet pair.
Further, further includes: strategy establishes module, for for second subnet to establish the two-stage strategy;It is associated with mould Block, for being associated with the two-stage strategy to the communication tunnel between two subnets of first subnet pair.
Further, the Multiplexing module, is specifically used for: the communication tunnel between two subnets of multiplexing first subnet pair Road;According to the multiplexing connection table of second subnet pair, the communication key between two subnets of second subnet pair is established.
Further, it is included at least in first connection table: the IP of two subnets of first subnet pair, encryption plan Summary, authentication strategy, consulting tactical, integrity verification algorithm, Diffie-Hellman algorithm.
On the other hand, the present invention also provides a kind of storage medium, it is stored with computer program on storage medium, program is located Reason device realizes the network-building method of above-mentioned plurality of subnets when executing.
On the other hand, the present invention also provides a kind of computer equipments, which is characterized in that including memory, processor and deposits The computer program that can be run on a memory and on a processor is stored up, processor realizes the group of above-mentioned plurality of subnets when executing program Network method.
The present invention is directly multiplexed by establishing connection table, and to the content other than subnet of going out in connection table, makes one The tunnel foundation in stage is separated with the cipher key configuration process of two-stage, on the basis of quickly carrying out subnet establishment, keeps both ends equal It can initiate to negotiate, and in network paralysis, the negotiation number in a stage can be reduced by way of being multiplexed connection table, is reached The effect built to fast quick-recovery subnet group.
Detailed description of the invention
Fig. 1 is that schematic diagram is established in IPSec list net tunnel in the prior art;
Fig. 2 is that schematic diagram is established in IPSec plurality of subnets tunnel in the prior art;
Fig. 3 is the flow chart of the network-building method of plurality of subnets in first embodiment of the invention;
Fig. 4 is the structural schematic diagram of the network device of plurality of subnets in second embodiment of the invention;
Fig. 5 is the structural schematic diagram of the network device of another plurality of subnets in second embodiment of the invention.
Specific embodiment
Make branch end subnet that can not carry out active negotiation to solve the prior art, branch end subnet limitation is caused to enhance The problem of, the present invention provides a kind of network-building method of plurality of subnets, device, storage medium and computer equipments, below in conjunction with attached Figure and embodiment, the present invention will be described in further detail.It should be appreciated that specific embodiment described herein is only used To explain the present invention, the present invention is not limited.
The first embodiment of the present invention provides a kind of network-building method of plurality of subnets, can be applied to center-side or branch end In any end, flow chart as shown in figure 3, mainly include step S101 to S104:
S101 obtains the first subnet pair of subnet centering to be configured, establishes between two subnets of the first subnet pair Communication tunnel, and the communication key between two subnets of the first subnet pair of configuration;
S102 obtains configuration data according to the configuration process of the communication key between the two of the first subnet pair subnets, and Configuration data is saved as into the first connection table;
The IP of two subnets of the first subnet pair in the first connection table is replaced with subnet centering to be configured by S103 The IP of two subnets of the second subnet pair obtains the multiplexing connection table of the second subnet pair;
S104, according to the multiplexing connection table of the second subnet pair, the communication established between two subnets of the second subnet pair is close Key.
In the present embodiment, the subnet held centered on a subnet, another subnet are branch end subnet, above-mentioned two son It needs to establish tunnel between net to be referred to as a subnet pair with the subnet carried out data transmission.When carrying out the networking of plurality of subnets, Center-side and branch end respectively have multiple subnets to need to carry out tunnel foundation, that is, there are multiple subnets pair to be configured.
Carry out plurality of subnets networking when, choose the first subnet pair in all subnets pair to be configured first, directly into Primary complete stage configuration is completed in the configuration of communication key when the one-to-one safety communication tunnel of row is established and transmitted It is configured with the two-stage.Then, according to the two-stage configuration process of the first subnet pair, configuration data after the completion of being configured, and Configuration data is saved, the first connection table is obtained.Specifically, the content of the first connection table includes at least: the first subnet pair Two subnets IP, further include carrying out the two-stage to negotiate encryption policy, the authentication plan that inter-subnet communication used uses Summary, consulting tactical, integrity verification algorithm, Diffie-Hellman algorithm etc..
The second subnet pair for subnet centering to be configured in addition to the first subnet to other than, using the first connection table as mould The IP of two subnets of the first subnet pair in the first connection table is replaced with the IP of two subnets of the second subnet pair by plate, and Remaining content is constant to get to the multiplexing connection table of the second subnet pair, is referred to as the second connection table.Carrying out the second subnet Pair two-stage configuration when, directly according to the particular content of the second connection table, carry out the communication between the subnet of the second subnet pair The configuration of key.
Further, the IP of two subnets of the first subnet pair in the first connection table is being replaced with into the second subnet pair The IP of two subnets should include also for the second subnet to foundation before the step of obtaining the multiplexing connection table of the second subnet pair Two-stage strategy, and the step of two-stage strategy is associated with to communication tunnel between two subnets of the first subnet pair.Pass through Above-mentioned steps make the second subnet to when carrying out tunnel negotiation, it is only necessary to make the second subnet to two sons of the first subnet pair of multiplexing Communication tunnel between net can be established between two subnets of the second subnet pair according to the multiplexing connection table of the second subnet pair Communication key, without re-start the secure tunnel between the second subnet pair establish.
It will be appreciated that the second subnet answers an example of subnet centering only to be configured in actual use When for subnet centering to be configured in addition to every other subnet of first subnet to other than is carried out with the second subnet to identical Networking step makes subnet to be configured to when carrying out tunnel negotiation, is directly multiplexed the safety communication tunnel having had built up, directly Second stage negotiation is carried out according to corresponding multiplexing connection table.
The present embodiment is directly multiplexed by establishing connection table, and to the content other than subnet of going out in connection table, is made The tunnel foundation in one stage is separated with the cipher key configuration process of two-stage, on the basis of quickly carrying out subnet establishment, makes both ends It can initiate to negotiate, and in network paralysis, the negotiation number in a stage can be reduced by way of being multiplexed connection table, Achieve the effect that fast quick-recovery subnet group is built.Further, when deleting corresponding tunnel, it only will be deleted the second order to subnet Section configuration content, configures the two-stage between a stage safety communication tunnel of multiplexing and other subnets pair, then will not There are influences.
In actual use, can be used has IPSec and Virtual Private Network (VPN, Virtual PrivateNetwork) the computer equipment of function, such as VPN, Security Certificate gateway.And user carries out individual character for convenience Change configuration, change in the additions and deletions that equipment foreground can also increase two-stage configuration and look into function, to every content in multiplexing connection table into Row personal settings and modification.
The second embodiment of the present invention provides a kind of network device of plurality of subnets, is installed in center-side or branch end Any end, structural schematic diagram is as shown in figure 4, specifically include that configuration module 10, for obtaining subnet centering to be configured First subnet pair establishes communication tunnel between two subnets of the first subnet pair, and configures two subnets of the first subnet pair Between communication key;Connection table establishes module 20, couples with configuration module 10, for two subnets according to the first subnet pair Between communication key configuration process, obtain configuration data, and configuration data saved as into the first connection table, wherein first It is included at least in connection table: the IP of two subnets of the first subnet pair;Replacement module 30 is established module 20 with connection table and is coupled, For the IP of two subnets of the first subnet pair in the first connection table to be replaced with to the second subnet of subnet centering to be configured Pair two subnets IP, obtain the multiplexing connection table of the second subnet pair;Multiplexing module 40 is coupled with replacement module 30, is used for According to the multiplexing connection table of the second subnet pair, the communication key between two subnets of the second subnet pair is configured.
In the present embodiment, the subnet held centered on a subnet, another subnet are branch end subnet, above-mentioned two son It needs to establish tunnel between net to be referred to as a subnet pair with the subnet carried out data transmission.When carrying out the networking of plurality of subnets, Center-side and branch end respectively have multiple subnets to need to carry out tunnel foundation, that is, there are multiple subnets pair to be configured.
When carrying out the networking of plurality of subnets, the first son is chosen in all subnets pair to be configured by configuration module 10 first Net pair, directly carries out the configuration of communication key when one-to-one safety communication tunnel foundation and transmission, that is, completes primary complete A stage configuration and the two-stage configuration.Then, connection table establishes module 20 according to the two-stage configuration process of the first subnet pair, Configuration data after the completion of being configured, and configuration data is saved, obtain the first connection table.Specifically, the first connection The content of table includes at least: the IP of two subnets of the first subnet pair, further includes lead between two-stage negotiation subnet used Encryption policy, authentication strategy, consulting tactical, integrity verification algorithm, Diffie-Hellman algorithm of courier etc..
The second subnet pair for subnet centering to be configured in addition to the first subnet to other than, using the first connection table as mould The IP of two subnets of the first subnet pair in the first connection table is replaced with the two of the second subnet pair by replacement module 30 by plate The IP of a subnet, and remaining content is constant to get to the multiplexing connection table of the second subnet pair, is referred to as the second connection table. In the two-stage configuration for carrying out the second subnet pair, Multiplexing module 40 carries out the directly according to the particular content of the second connection table The configuration of communication key between the subnet of two subnets pair.
Further, network device provided by the present embodiment further include: strategy establishes module 50, for being the second subnet It is tactful to the two-stage is established;Relating module 60, for being associated with two-stage strategy between two subnets of the first subnet pair Communication tunnel, apparatus structure schematic diagram at this time is as shown in figure 5, connection table establishes module 20 couples with configuration module 10, strategy It establishes module 50 and establishes module 20 with connection table and couple, relating module 60 and strategy establish module 50.Strategy is established module 50 and is built Vertical two-stage strategy, and two-stage strategy is associated with to the communication between two subnets of the first subnet pair by relating module 60 After tunnel, make the second subnet to when carrying out tunnel negotiation, Multiplexing module 40 only needs to make the second subnet to the first son of multiplexing Communication tunnel between two subnets of net pair can establish the second subnet pair according to the multiplexing connection table of the second subnet pair Communication key between two subnets is established without re-starting the secure tunnel between the second subnet pair.
It will be appreciated that the second subnet answers an example of subnet centering only to be configured in actual use When for subnet centering to be configured in addition to every other subnet of first subnet to other than is carried out with the second subnet to identical Networking step makes subnet to be configured to when carrying out tunnel negotiation, is directly multiplexed the peace having had built up by Multiplexing module 40 Full communication tunnel directly carries out second stage negotiation according to corresponding multiplexing connection table.
The present embodiment is directly multiplexed by establishing connection table, and to the content other than subnet of going out in connection table, is made The tunnel foundation in one stage is separated with the cipher key configuration process of two-stage, on the basis of quickly carrying out subnet establishment, makes both ends It can initiate to negotiate, and in network paralysis, the negotiation number in a stage can be reduced by way of being multiplexed connection table, Achieve the effect that fast quick-recovery subnet group is built.Further, when deleting corresponding tunnel, it only will be deleted the second order to subnet Section configuration content, configures the two-stage between a stage safety communication tunnel of multiplexing and other subnets pair, then will not There are influences.
Third embodiment of the invention provides a kind of storage medium, is stored with computer program, and computer program is processed Following steps S11 to S14 is realized when device executes:
S11 obtains the first subnet pair of subnet centering to be configured, is to establish to lead between two subnets of the first subnet pair Believe tunnel, and the communication key between two subnets of the first subnet pair of configuration;
S12 obtains configuration data according to the configuration process of the communication key between the two of the first subnet pair subnets, and Configuration data is saved as into the first connection table;
The IP of two subnets of the first subnet pair in the first connection table is replaced with subnet centering to be configured by S13 The IP of two subnets of the second subnet pair obtains the multiplexing connection table of the second subnet pair;
S14, according to the multiplexing connection table of the second subnet pair, the communication established between two subnets of the second subnet pair is close Key.
In the present embodiment, storage medium may be mounted in the equipment with IPSec and VPN function.Due to first The specific steps of the network-building method of plurality of subnets are described in detail in embodiment, therefore, in the present embodiment no longer It repeats.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or The various media that can store program code such as CD.Optionally, in the present embodiment, processor has been deposited according in storage medium The program code of storage executes the method and step of above-described embodiment record.Optionally, the specific example in the present embodiment can refer to Example described in above-described embodiment and optional embodiment, details are not described herein for the present embodiment.Obviously, the technology of this field Personnel should be understood that each module of the above invention or each step can be realized with general computing device, they can be with It is concentrated on a single computing device, or is distributed over a network of multiple computing devices, optionally, they can be used Computing device executable program code is realized, is held it is thus possible to be stored in storage device by computing device Row, and in some cases, can with the steps shown or described are performed in an order that is different from the one herein, or by they point It is not fabricated to each integrated circuit modules, or makes multiple modules or steps in them to single integrated circuit module It realizes.In this way, the present invention is not limited to any specific hardware and softwares to combine.
The fourth embodiment of the present invention provides a kind of computer equipment, comprising: memory, processor and is stored in storage On device and the computer program that can run on a processor, following method and step is realized when computer program is executed by processor:
S21 obtains the first subnet pair of subnet centering to be configured, is to establish to lead between two subnets of the first subnet pair Believe tunnel, and the communication key between two subnets of the first subnet pair of configuration;
S22 obtains configuration data according to the configuration process of the communication key between the two of the first subnet pair subnets, and Configuration data is saved as into the first connection table;
The IP of two subnets of the first subnet pair in the first connection table is replaced with subnet centering to be configured by S23 The IP of two subnets of the second subnet pair obtains the multiplexing connection table of the second subnet pair;
S24, according to the multiplexing connection table of the second subnet pair, the communication established between two subnets of the second subnet pair is close Key.
In the present embodiment, computer equipment can be the equipment with IPSec and VPN function, such as VPN device, safety Authentication gateway etc..Since the network-building method of plurality of subnets being described in detail in the first embodiment, in this reality It applies in example and repeats no more.
Although for illustrative purposes, the preferred embodiment of the present invention has been disclosed, those skilled in the art will recognize It is various improve, increase and replace be also it is possible, therefore, the scope of the present invention should be not limited to the above embodiments.

Claims (10)

1. a kind of network-building method of plurality of subnets characterized by comprising
The first subnet pair of subnet centering to be configured is obtained, is to establish communication tunnel between two subnets of first subnet pair Road, and configure the communication key between two subnets of first subnet pair;
According to the configuration process of the communication key between two subnets of first subnet pair, configuration data is obtained, and by institute It states configuration data and saves as the first connection table, wherein included at least in first connection table: two of first subnet pair The IP of subnet;
The IP of two subnets of the first subnet pair in first connection table is replaced with to the second of subnet centering to be configured The IP of two subnets of subnet pair obtains the multiplexing connection table of second subnet pair;
According to the multiplexing connection table of second subnet pair, the communication configured between two subnets of second subnet pair is close Key.
2. network-building method as described in claim 1, which is characterized in that by two of the first subnet pair in first connection table The IP of a subnet replaces with the IP of two subnets of second subnet pair, obtain second subnet pair multiplexing connection table it Before, further includes:
It is tactful to the two-stage is established for second subnet;
The two-stage strategy is associated with to the communication tunnel between two subnets of first subnet pair.
3. network-building method as claimed in claim 2, which is characterized in that according to the multiplexing connection table of second subnet pair, build Found the communication key between two subnets of second subnet pair, comprising:
The communication tunnel being multiplexed between two subnets of first subnet pair;
According to the multiplexing connection table of second subnet pair, the communication established between two subnets of second subnet pair is close Key.
4. network-building method as claimed any one in claims 1 to 3, which is characterized in that at least wrapped in first connection table Include: IP, encryption policy, authentication strategy, consulting tactical, the integrity verification of two subnets of first subnet pair are calculated Method, Diffie-Hellman algorithm.
5. a kind of network device of plurality of subnets characterized by comprising
Configuration module is two subnets of first subnet pair for obtaining the first subnet pair of subnet centering to be configured Between establish communication tunnel, and configure the communication key between two subnets of first subnet pair;
Connection table establishes module, for the configuration process of the communication key between two subnets according to first subnet pair, Configuration data is obtained, and the configuration data is saved as into the first connection table, wherein is included at least in first connection table: The IP of two subnets of first subnet pair;
Replacement module, for the IP of two subnets of the first subnet pair in first connection table to be replaced with son to be configured The IP of two subnets of the second subnet pair of net centering obtains the multiplexing connection table of second subnet pair;
Multiplexing module configures two subnets of second subnet pair for the multiplexing connection table according to second subnet pair Between communication key.
6. network device as claimed in claim 5, which is characterized in that further include:
Strategy establishes module, for for second subnet to establish the two-stage strategy;
Relating module, for being associated with the two-stage strategy to the communication tunnel between two subnets of first subnet pair Road.
7. network device as claimed in claim 6, which is characterized in that the Multiplexing module is specifically used for:
The communication tunnel being multiplexed between two subnets of first subnet pair;
According to the multiplexing connection table of second subnet pair, the communication established between two subnets of second subnet pair is close Key.
8. the network device as described in any one of claim 4 to 7, which is characterized in that at least wrapped in first connection table Include: IP, encryption policy, authentication strategy, consulting tactical, the integrity verification of two subnets of first subnet pair are calculated Method, Diffie-Hellman algorithm.
9. a kind of storage medium, it is stored with computer program on the storage medium, realization when described program is executed by processor The step of any one of Claims 1-4 the method.
10. a kind of computer equipment, which is characterized in that including memory, processor and be stored on the memory and can be The computer program run on the processor, the processor are realized any one in Claims 1-4 when executing described program The step of item the method.
CN201811106186.3A 2018-09-21 2018-09-21 Multi-subnet networking method and device, storage medium and computer equipment Active CN109088883B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811106186.3A CN109088883B (en) 2018-09-21 2018-09-21 Multi-subnet networking method and device, storage medium and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811106186.3A CN109088883B (en) 2018-09-21 2018-09-21 Multi-subnet networking method and device, storage medium and computer equipment

Publications (2)

Publication Number Publication Date
CN109088883A true CN109088883A (en) 2018-12-25
CN109088883B CN109088883B (en) 2021-01-15

Family

ID=64842204

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811106186.3A Active CN109088883B (en) 2018-09-21 2018-09-21 Multi-subnet networking method and device, storage medium and computer equipment

Country Status (1)

Country Link
CN (1) CN109088883B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124619A (en) * 2021-12-02 2022-03-01 深圳通康创智技术有限公司 Subnet communication method and device, computer equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101557337A (en) * 2009-05-04 2009-10-14 成都市华为赛门铁克科技有限公司 Network tunnel establishing method, data transmission method, communication system and relevant equipment
CN101697522A (en) * 2009-10-16 2010-04-21 深圳华为通信技术有限公司 Virtual private network networking method, communication system and related equipment
US20100278181A1 (en) * 2004-11-16 2010-11-04 Juniper Networks, Inc. Point-to-multi-point/non-broadcasting mutli-access vpn tunnels
CN103152343A (en) * 2013-03-04 2013-06-12 北京神州绿盟信息安全科技股份有限公司 Method for establishing Internet protocol security virtual private network tunnel and network equipment
CN104821951A (en) * 2015-05-26 2015-08-05 杭州华三通信技术有限公司 Safety communication method and device
CN106685956A (en) * 2016-12-27 2017-05-17 上海斐讯数据通信技术有限公司 Method and system for router VPN network connection

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100278181A1 (en) * 2004-11-16 2010-11-04 Juniper Networks, Inc. Point-to-multi-point/non-broadcasting mutli-access vpn tunnels
CN101557337A (en) * 2009-05-04 2009-10-14 成都市华为赛门铁克科技有限公司 Network tunnel establishing method, data transmission method, communication system and relevant equipment
CN101697522A (en) * 2009-10-16 2010-04-21 深圳华为通信技术有限公司 Virtual private network networking method, communication system and related equipment
CN103152343A (en) * 2013-03-04 2013-06-12 北京神州绿盟信息安全科技股份有限公司 Method for establishing Internet protocol security virtual private network tunnel and network equipment
CN104821951A (en) * 2015-05-26 2015-08-05 杭州华三通信技术有限公司 Safety communication method and device
CN106685956A (en) * 2016-12-27 2017-05-17 上海斐讯数据通信技术有限公司 Method and system for router VPN network connection

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124619A (en) * 2021-12-02 2022-03-01 深圳通康创智技术有限公司 Subnet communication method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN109088883B (en) 2021-01-15

Similar Documents

Publication Publication Date Title
US10972452B2 (en) Secure access to virtual machines in heterogeneous cloud environments
EP3785412B1 (en) Dynamic scaling of virtual private network connections
US10841341B2 (en) Policy-based configuration of internet protocol security for a virtual private network
US10382401B1 (en) Cloud over IP for enterprise hybrid cloud network and security
US10348767B1 (en) Cloud over IP session layer network
WO2017181894A1 (en) Method and system for connecting virtual private network by terminal, and related device
US8327129B2 (en) Method, apparatus and system for internet key exchange negotiation
CN111193698B (en) Data processing method, device, terminal and storage medium
CN105873031B (en) Distributed unmanned plane cryptographic key negotiation method based on credible platform
CN104219217B (en) Security association negotiation method, device and system
US11558184B2 (en) Unification of data flows over network links with different internet protocol (IP) addresses
WO2008108821A2 (en) Virtual security interface
Samociuk Secure communication between OpenFlow switches and controllers
US20090271852A1 (en) System and Method for Distributing Enduring Credentials in an Untrusted Network Environment
CN109088883A (en) A kind of network-building method of plurality of subnets, device, storage medium and computer equipment
CN110943996B (en) Management method, device and system for business encryption and decryption
CN110086750A (en) A kind of encryption system based on optical fiber data link road network and satellite communication network
CN115378578B (en) SD-WAN (secure digital-to-Wide area network) implementation method and system based on SM4 cryptographic key
CN105099849B (en) A kind of method for building up and equipment in the tunnels IPsec
JP2023531034A (en) Service transmission method, device, network equipment and storage medium
CN117478428B (en) Stealth communication system and configuration method
CN113115306B (en) Encryption method, system and storage medium for enhancing LoraWan network architecture security
CN116801239B (en) Point-to-point virtual communication method and system based on SM4 cryptographic
CN117640087A (en) IPSec VPN security gateway system integrating quantum key distribution network technology
CN116915486A (en) Cloud service communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant