CN109088883A - A kind of network-building method of plurality of subnets, device, storage medium and computer equipment - Google Patents
A kind of network-building method of plurality of subnets, device, storage medium and computer equipment Download PDFInfo
- Publication number
- CN109088883A CN109088883A CN201811106186.3A CN201811106186A CN109088883A CN 109088883 A CN109088883 A CN 109088883A CN 201811106186 A CN201811106186 A CN 201811106186A CN 109088883 A CN109088883 A CN 109088883A
- Authority
- CN
- China
- Prior art keywords
- subnet
- subnets
- pair
- connection table
- subnet pair
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of network-building method of plurality of subnets, device, storage medium and computer equipments, this method comprises: establishing communication tunnel between two subnets of the first subnet pair, and the communication key between two subnets of the first subnet pair of configuration;Configuration data is obtained, and configuration data is saved as into the first connection table, is included at least in the first connection table: the IP of two subnets of the first subnet pair;The IP that the IP of two subnets of the first subnet pair in the first connection table is replaced with to two subnets of the second subnet pair obtains the multiplexing connection table of the second subnet pair;According to the multiplexing connection table of the second subnet pair, the communication key between two subnets of the second subnet pair is configured.The present invention is directly multiplexed by establishing connection table, and to the content other than subnet of going out in connection table, is established the tunnel in a stage and is separated with the cipher key configuration process of two-stage, on the basis of quickly carrying out subnet establishment, makes both ends that can initiate to negotiate.
Description
Technical field
The present invention relates to technical field of network security, are situated between more particularly to a kind of network-building method of plurality of subnets, device, storage
Matter and computer equipment.
Background technique
Internet protocol safety (IPSec, InternetProtocolSecurity) is a kind of frame of open standard
Frame structure, ensure to be maintained secrecy on Interne agreement (IP) network by using the security service of encryption and safety it is logical
News.Ipsec tunnel negotiation is divided into two stages: the first stage negotiates to authenticate the identity of other side, and is second-order
The negotiation of section provides a safe and reliable tunnel (IPSec tunnel).Second stage, which mainly generates, can really be used to encrypt
The code key of data flow.After first stage and second stage negotiation are completed in the tunnel of user configuration, it can be protected on subnet stream
Data provide encryption, and to guarantee the integrality and reliability of data, tunnel is established as shown in Figure 1.
In actual use, it is commonly present and needs the case where protecting multiple subnets, just needed at this time for each subnet by above-mentioned
Mode establishes a tunnel, and efficiency is lower when administrator configurations, and operability is poor.The prior art when solving the above problems,
By configuring a pair of of a Multiple tunnel in center-side, and multiple two-stage configuration is carried out respectively, as shown in Fig. 2, can be with branch
A plurality of Subnetwork connection is held, but since branch end subnet can not carry out active negotiation, branch end subnet limitation is caused to enhance.
Summary of the invention
The present invention provides network-building method, device, storage medium and the computer equipment of a kind of plurality of subnets, existing to solve
The problem of technology makes branch end subnet that can not carry out active negotiation, and branch end subnet limitation is caused to enhance.
In order to solve the above technical problems, on the one hand, the present invention provides a kind of network-building method of plurality of subnets, comprising: obtain to
First subnet pair of the subnet centering of configuration is established communication tunnel between two subnets of first subnet pair, and is configured
Communication key between two subnets of first subnet pair;According to the communication between two subnets of first subnet pair
The configuration process of key obtains configuration data, and the configuration data is saved as the first connection table, wherein described first connects
It connects in table and includes at least: the IP of two subnets of first subnet pair;By the first subnet pair in first connection table
The IP of two subnets replaces with the IP of two subnets of the second subnet pair of subnet centering to be configured, obtains second subnet
Pair multiplexing connection table;According to the multiplexing connection table of second subnet pair, configure second subnet pair two subnets it
Between communication key.
Further, the IP of two subnets of the first subnet pair in first connection table is replaced with into second subnet
Pair two subnets IP, before obtaining the multiplexing connection table of second subnet pair, further includes: be second subnet to building
Vertical two-stage strategy;The two-stage strategy is associated with to the communication tunnel between two subnets of first subnet pair.
Further, according to the multiplexing connection table of second subnet pair, establish second subnet pair two subnets it
Between communication key, comprising: the communication tunnel between two subnets of multiplexing first subnet pair;According to second subnet
Pair multiplexing connection table, establish the communication key between two subnets of second subnet pair.
Further, it is included at least in first connection table: the IP of two subnets of first subnet pair, encryption plan
Summary, authentication strategy, consulting tactical, integrity verification algorithm, Diffie-Hellman algorithm.
On the other hand, the present invention also provides a kind of network devices of plurality of subnets characterized by comprising configuration module is used
It is that communication tunnel is established between two subnets of first subnet pair in the first subnet pair for obtaining subnet centering to be configured
Road, and configure the communication key between two subnets of first subnet pair;Connection table establishes module, for according to described the
The configuration process of communication key between two subnets of one subnet pair obtains configuration data, and the configuration data is saved
For the first connection table, wherein included at least in first connection table: the IP of two subnets of first subnet pair;Replacement
Module, for the IP of two subnets of the first subnet pair in first connection table to be replaced with to subnet centering to be configured
The IP of two subnets of the second subnet pair obtains the multiplexing connection table of second subnet pair;Multiplexing module, for according to
The multiplexing connection table of second subnet pair configures the communication key between two subnets of second subnet pair.
Further, further includes: strategy establishes module, for for second subnet to establish the two-stage strategy;It is associated with mould
Block, for being associated with the two-stage strategy to the communication tunnel between two subnets of first subnet pair.
Further, the Multiplexing module, is specifically used for: the communication tunnel between two subnets of multiplexing first subnet pair
Road;According to the multiplexing connection table of second subnet pair, the communication key between two subnets of second subnet pair is established.
Further, it is included at least in first connection table: the IP of two subnets of first subnet pair, encryption plan
Summary, authentication strategy, consulting tactical, integrity verification algorithm, Diffie-Hellman algorithm.
On the other hand, the present invention also provides a kind of storage medium, it is stored with computer program on storage medium, program is located
Reason device realizes the network-building method of above-mentioned plurality of subnets when executing.
On the other hand, the present invention also provides a kind of computer equipments, which is characterized in that including memory, processor and deposits
The computer program that can be run on a memory and on a processor is stored up, processor realizes the group of above-mentioned plurality of subnets when executing program
Network method.
The present invention is directly multiplexed by establishing connection table, and to the content other than subnet of going out in connection table, makes one
The tunnel foundation in stage is separated with the cipher key configuration process of two-stage, on the basis of quickly carrying out subnet establishment, keeps both ends equal
It can initiate to negotiate, and in network paralysis, the negotiation number in a stage can be reduced by way of being multiplexed connection table, is reached
The effect built to fast quick-recovery subnet group.
Detailed description of the invention
Fig. 1 is that schematic diagram is established in IPSec list net tunnel in the prior art;
Fig. 2 is that schematic diagram is established in IPSec plurality of subnets tunnel in the prior art;
Fig. 3 is the flow chart of the network-building method of plurality of subnets in first embodiment of the invention;
Fig. 4 is the structural schematic diagram of the network device of plurality of subnets in second embodiment of the invention;
Fig. 5 is the structural schematic diagram of the network device of another plurality of subnets in second embodiment of the invention.
Specific embodiment
Make branch end subnet that can not carry out active negotiation to solve the prior art, branch end subnet limitation is caused to enhance
The problem of, the present invention provides a kind of network-building method of plurality of subnets, device, storage medium and computer equipments, below in conjunction with attached
Figure and embodiment, the present invention will be described in further detail.It should be appreciated that specific embodiment described herein is only used
To explain the present invention, the present invention is not limited.
The first embodiment of the present invention provides a kind of network-building method of plurality of subnets, can be applied to center-side or branch end
In any end, flow chart as shown in figure 3, mainly include step S101 to S104:
S101 obtains the first subnet pair of subnet centering to be configured, establishes between two subnets of the first subnet pair
Communication tunnel, and the communication key between two subnets of the first subnet pair of configuration;
S102 obtains configuration data according to the configuration process of the communication key between the two of the first subnet pair subnets, and
Configuration data is saved as into the first connection table;
The IP of two subnets of the first subnet pair in the first connection table is replaced with subnet centering to be configured by S103
The IP of two subnets of the second subnet pair obtains the multiplexing connection table of the second subnet pair;
S104, according to the multiplexing connection table of the second subnet pair, the communication established between two subnets of the second subnet pair is close
Key.
In the present embodiment, the subnet held centered on a subnet, another subnet are branch end subnet, above-mentioned two son
It needs to establish tunnel between net to be referred to as a subnet pair with the subnet carried out data transmission.When carrying out the networking of plurality of subnets,
Center-side and branch end respectively have multiple subnets to need to carry out tunnel foundation, that is, there are multiple subnets pair to be configured.
Carry out plurality of subnets networking when, choose the first subnet pair in all subnets pair to be configured first, directly into
Primary complete stage configuration is completed in the configuration of communication key when the one-to-one safety communication tunnel of row is established and transmitted
It is configured with the two-stage.Then, according to the two-stage configuration process of the first subnet pair, configuration data after the completion of being configured, and
Configuration data is saved, the first connection table is obtained.Specifically, the content of the first connection table includes at least: the first subnet pair
Two subnets IP, further include carrying out the two-stage to negotiate encryption policy, the authentication plan that inter-subnet communication used uses
Summary, consulting tactical, integrity verification algorithm, Diffie-Hellman algorithm etc..
The second subnet pair for subnet centering to be configured in addition to the first subnet to other than, using the first connection table as mould
The IP of two subnets of the first subnet pair in the first connection table is replaced with the IP of two subnets of the second subnet pair by plate, and
Remaining content is constant to get to the multiplexing connection table of the second subnet pair, is referred to as the second connection table.Carrying out the second subnet
Pair two-stage configuration when, directly according to the particular content of the second connection table, carry out the communication between the subnet of the second subnet pair
The configuration of key.
Further, the IP of two subnets of the first subnet pair in the first connection table is being replaced with into the second subnet pair
The IP of two subnets should include also for the second subnet to foundation before the step of obtaining the multiplexing connection table of the second subnet pair
Two-stage strategy, and the step of two-stage strategy is associated with to communication tunnel between two subnets of the first subnet pair.Pass through
Above-mentioned steps make the second subnet to when carrying out tunnel negotiation, it is only necessary to make the second subnet to two sons of the first subnet pair of multiplexing
Communication tunnel between net can be established between two subnets of the second subnet pair according to the multiplexing connection table of the second subnet pair
Communication key, without re-start the secure tunnel between the second subnet pair establish.
It will be appreciated that the second subnet answers an example of subnet centering only to be configured in actual use
When for subnet centering to be configured in addition to every other subnet of first subnet to other than is carried out with the second subnet to identical
Networking step makes subnet to be configured to when carrying out tunnel negotiation, is directly multiplexed the safety communication tunnel having had built up, directly
Second stage negotiation is carried out according to corresponding multiplexing connection table.
The present embodiment is directly multiplexed by establishing connection table, and to the content other than subnet of going out in connection table, is made
The tunnel foundation in one stage is separated with the cipher key configuration process of two-stage, on the basis of quickly carrying out subnet establishment, makes both ends
It can initiate to negotiate, and in network paralysis, the negotiation number in a stage can be reduced by way of being multiplexed connection table,
Achieve the effect that fast quick-recovery subnet group is built.Further, when deleting corresponding tunnel, it only will be deleted the second order to subnet
Section configuration content, configures the two-stage between a stage safety communication tunnel of multiplexing and other subnets pair, then will not
There are influences.
In actual use, can be used has IPSec and Virtual Private Network (VPN, Virtual
PrivateNetwork) the computer equipment of function, such as VPN, Security Certificate gateway.And user carries out individual character for convenience
Change configuration, change in the additions and deletions that equipment foreground can also increase two-stage configuration and look into function, to every content in multiplexing connection table into
Row personal settings and modification.
The second embodiment of the present invention provides a kind of network device of plurality of subnets, is installed in center-side or branch end
Any end, structural schematic diagram is as shown in figure 4, specifically include that configuration module 10, for obtaining subnet centering to be configured
First subnet pair establishes communication tunnel between two subnets of the first subnet pair, and configures two subnets of the first subnet pair
Between communication key;Connection table establishes module 20, couples with configuration module 10, for two subnets according to the first subnet pair
Between communication key configuration process, obtain configuration data, and configuration data saved as into the first connection table, wherein first
It is included at least in connection table: the IP of two subnets of the first subnet pair;Replacement module 30 is established module 20 with connection table and is coupled,
For the IP of two subnets of the first subnet pair in the first connection table to be replaced with to the second subnet of subnet centering to be configured
Pair two subnets IP, obtain the multiplexing connection table of the second subnet pair;Multiplexing module 40 is coupled with replacement module 30, is used for
According to the multiplexing connection table of the second subnet pair, the communication key between two subnets of the second subnet pair is configured.
In the present embodiment, the subnet held centered on a subnet, another subnet are branch end subnet, above-mentioned two son
It needs to establish tunnel between net to be referred to as a subnet pair with the subnet carried out data transmission.When carrying out the networking of plurality of subnets,
Center-side and branch end respectively have multiple subnets to need to carry out tunnel foundation, that is, there are multiple subnets pair to be configured.
When carrying out the networking of plurality of subnets, the first son is chosen in all subnets pair to be configured by configuration module 10 first
Net pair, directly carries out the configuration of communication key when one-to-one safety communication tunnel foundation and transmission, that is, completes primary complete
A stage configuration and the two-stage configuration.Then, connection table establishes module 20 according to the two-stage configuration process of the first subnet pair,
Configuration data after the completion of being configured, and configuration data is saved, obtain the first connection table.Specifically, the first connection
The content of table includes at least: the IP of two subnets of the first subnet pair, further includes lead between two-stage negotiation subnet used
Encryption policy, authentication strategy, consulting tactical, integrity verification algorithm, Diffie-Hellman algorithm of courier etc..
The second subnet pair for subnet centering to be configured in addition to the first subnet to other than, using the first connection table as mould
The IP of two subnets of the first subnet pair in the first connection table is replaced with the two of the second subnet pair by replacement module 30 by plate
The IP of a subnet, and remaining content is constant to get to the multiplexing connection table of the second subnet pair, is referred to as the second connection table.
In the two-stage configuration for carrying out the second subnet pair, Multiplexing module 40 carries out the directly according to the particular content of the second connection table
The configuration of communication key between the subnet of two subnets pair.
Further, network device provided by the present embodiment further include: strategy establishes module 50, for being the second subnet
It is tactful to the two-stage is established;Relating module 60, for being associated with two-stage strategy between two subnets of the first subnet pair
Communication tunnel, apparatus structure schematic diagram at this time is as shown in figure 5, connection table establishes module 20 couples with configuration module 10, strategy
It establishes module 50 and establishes module 20 with connection table and couple, relating module 60 and strategy establish module 50.Strategy is established module 50 and is built
Vertical two-stage strategy, and two-stage strategy is associated with to the communication between two subnets of the first subnet pair by relating module 60
After tunnel, make the second subnet to when carrying out tunnel negotiation, Multiplexing module 40 only needs to make the second subnet to the first son of multiplexing
Communication tunnel between two subnets of net pair can establish the second subnet pair according to the multiplexing connection table of the second subnet pair
Communication key between two subnets is established without re-starting the secure tunnel between the second subnet pair.
It will be appreciated that the second subnet answers an example of subnet centering only to be configured in actual use
When for subnet centering to be configured in addition to every other subnet of first subnet to other than is carried out with the second subnet to identical
Networking step makes subnet to be configured to when carrying out tunnel negotiation, is directly multiplexed the peace having had built up by Multiplexing module 40
Full communication tunnel directly carries out second stage negotiation according to corresponding multiplexing connection table.
The present embodiment is directly multiplexed by establishing connection table, and to the content other than subnet of going out in connection table, is made
The tunnel foundation in one stage is separated with the cipher key configuration process of two-stage, on the basis of quickly carrying out subnet establishment, makes both ends
It can initiate to negotiate, and in network paralysis, the negotiation number in a stage can be reduced by way of being multiplexed connection table,
Achieve the effect that fast quick-recovery subnet group is built.Further, when deleting corresponding tunnel, it only will be deleted the second order to subnet
Section configuration content, configures the two-stage between a stage safety communication tunnel of multiplexing and other subnets pair, then will not
There are influences.
Third embodiment of the invention provides a kind of storage medium, is stored with computer program, and computer program is processed
Following steps S11 to S14 is realized when device executes:
S11 obtains the first subnet pair of subnet centering to be configured, is to establish to lead between two subnets of the first subnet pair
Believe tunnel, and the communication key between two subnets of the first subnet pair of configuration;
S12 obtains configuration data according to the configuration process of the communication key between the two of the first subnet pair subnets, and
Configuration data is saved as into the first connection table;
The IP of two subnets of the first subnet pair in the first connection table is replaced with subnet centering to be configured by S13
The IP of two subnets of the second subnet pair obtains the multiplexing connection table of the second subnet pair;
S14, according to the multiplexing connection table of the second subnet pair, the communication established between two subnets of the second subnet pair is close
Key.
In the present embodiment, storage medium may be mounted in the equipment with IPSec and VPN function.Due to first
The specific steps of the network-building method of plurality of subnets are described in detail in embodiment, therefore, in the present embodiment no longer
It repeats.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (ROM,
Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or
The various media that can store program code such as CD.Optionally, in the present embodiment, processor has been deposited according in storage medium
The program code of storage executes the method and step of above-described embodiment record.Optionally, the specific example in the present embodiment can refer to
Example described in above-described embodiment and optional embodiment, details are not described herein for the present embodiment.Obviously, the technology of this field
Personnel should be understood that each module of the above invention or each step can be realized with general computing device, they can be with
It is concentrated on a single computing device, or is distributed over a network of multiple computing devices, optionally, they can be used
Computing device executable program code is realized, is held it is thus possible to be stored in storage device by computing device
Row, and in some cases, can with the steps shown or described are performed in an order that is different from the one herein, or by they point
It is not fabricated to each integrated circuit modules, or makes multiple modules or steps in them to single integrated circuit module
It realizes.In this way, the present invention is not limited to any specific hardware and softwares to combine.
The fourth embodiment of the present invention provides a kind of computer equipment, comprising: memory, processor and is stored in storage
On device and the computer program that can run on a processor, following method and step is realized when computer program is executed by processor:
S21 obtains the first subnet pair of subnet centering to be configured, is to establish to lead between two subnets of the first subnet pair
Believe tunnel, and the communication key between two subnets of the first subnet pair of configuration;
S22 obtains configuration data according to the configuration process of the communication key between the two of the first subnet pair subnets, and
Configuration data is saved as into the first connection table;
The IP of two subnets of the first subnet pair in the first connection table is replaced with subnet centering to be configured by S23
The IP of two subnets of the second subnet pair obtains the multiplexing connection table of the second subnet pair;
S24, according to the multiplexing connection table of the second subnet pair, the communication established between two subnets of the second subnet pair is close
Key.
In the present embodiment, computer equipment can be the equipment with IPSec and VPN function, such as VPN device, safety
Authentication gateway etc..Since the network-building method of plurality of subnets being described in detail in the first embodiment, in this reality
It applies in example and repeats no more.
Although for illustrative purposes, the preferred embodiment of the present invention has been disclosed, those skilled in the art will recognize
It is various improve, increase and replace be also it is possible, therefore, the scope of the present invention should be not limited to the above embodiments.
Claims (10)
1. a kind of network-building method of plurality of subnets characterized by comprising
The first subnet pair of subnet centering to be configured is obtained, is to establish communication tunnel between two subnets of first subnet pair
Road, and configure the communication key between two subnets of first subnet pair;
According to the configuration process of the communication key between two subnets of first subnet pair, configuration data is obtained, and by institute
It states configuration data and saves as the first connection table, wherein included at least in first connection table: two of first subnet pair
The IP of subnet;
The IP of two subnets of the first subnet pair in first connection table is replaced with to the second of subnet centering to be configured
The IP of two subnets of subnet pair obtains the multiplexing connection table of second subnet pair;
According to the multiplexing connection table of second subnet pair, the communication configured between two subnets of second subnet pair is close
Key.
2. network-building method as described in claim 1, which is characterized in that by two of the first subnet pair in first connection table
The IP of a subnet replaces with the IP of two subnets of second subnet pair, obtain second subnet pair multiplexing connection table it
Before, further includes:
It is tactful to the two-stage is established for second subnet;
The two-stage strategy is associated with to the communication tunnel between two subnets of first subnet pair.
3. network-building method as claimed in claim 2, which is characterized in that according to the multiplexing connection table of second subnet pair, build
Found the communication key between two subnets of second subnet pair, comprising:
The communication tunnel being multiplexed between two subnets of first subnet pair;
According to the multiplexing connection table of second subnet pair, the communication established between two subnets of second subnet pair is close
Key.
4. network-building method as claimed any one in claims 1 to 3, which is characterized in that at least wrapped in first connection table
Include: IP, encryption policy, authentication strategy, consulting tactical, the integrity verification of two subnets of first subnet pair are calculated
Method, Diffie-Hellman algorithm.
5. a kind of network device of plurality of subnets characterized by comprising
Configuration module is two subnets of first subnet pair for obtaining the first subnet pair of subnet centering to be configured
Between establish communication tunnel, and configure the communication key between two subnets of first subnet pair;
Connection table establishes module, for the configuration process of the communication key between two subnets according to first subnet pair,
Configuration data is obtained, and the configuration data is saved as into the first connection table, wherein is included at least in first connection table:
The IP of two subnets of first subnet pair;
Replacement module, for the IP of two subnets of the first subnet pair in first connection table to be replaced with son to be configured
The IP of two subnets of the second subnet pair of net centering obtains the multiplexing connection table of second subnet pair;
Multiplexing module configures two subnets of second subnet pair for the multiplexing connection table according to second subnet pair
Between communication key.
6. network device as claimed in claim 5, which is characterized in that further include:
Strategy establishes module, for for second subnet to establish the two-stage strategy;
Relating module, for being associated with the two-stage strategy to the communication tunnel between two subnets of first subnet pair
Road.
7. network device as claimed in claim 6, which is characterized in that the Multiplexing module is specifically used for:
The communication tunnel being multiplexed between two subnets of first subnet pair;
According to the multiplexing connection table of second subnet pair, the communication established between two subnets of second subnet pair is close
Key.
8. the network device as described in any one of claim 4 to 7, which is characterized in that at least wrapped in first connection table
Include: IP, encryption policy, authentication strategy, consulting tactical, the integrity verification of two subnets of first subnet pair are calculated
Method, Diffie-Hellman algorithm.
9. a kind of storage medium, it is stored with computer program on the storage medium, realization when described program is executed by processor
The step of any one of Claims 1-4 the method.
10. a kind of computer equipment, which is characterized in that including memory, processor and be stored on the memory and can be
The computer program run on the processor, the processor are realized any one in Claims 1-4 when executing described program
The step of item the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811106186.3A CN109088883B (en) | 2018-09-21 | 2018-09-21 | Multi-subnet networking method and device, storage medium and computer equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811106186.3A CN109088883B (en) | 2018-09-21 | 2018-09-21 | Multi-subnet networking method and device, storage medium and computer equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109088883A true CN109088883A (en) | 2018-12-25 |
CN109088883B CN109088883B (en) | 2021-01-15 |
Family
ID=64842204
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811106186.3A Active CN109088883B (en) | 2018-09-21 | 2018-09-21 | Multi-subnet networking method and device, storage medium and computer equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109088883B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114124619A (en) * | 2021-12-02 | 2022-03-01 | 深圳通康创智技术有限公司 | Subnet communication method and device, computer equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101557337A (en) * | 2009-05-04 | 2009-10-14 | 成都市华为赛门铁克科技有限公司 | Network tunnel establishing method, data transmission method, communication system and relevant equipment |
CN101697522A (en) * | 2009-10-16 | 2010-04-21 | 深圳华为通信技术有限公司 | Virtual private network networking method, communication system and related equipment |
US20100278181A1 (en) * | 2004-11-16 | 2010-11-04 | Juniper Networks, Inc. | Point-to-multi-point/non-broadcasting mutli-access vpn tunnels |
CN103152343A (en) * | 2013-03-04 | 2013-06-12 | 北京神州绿盟信息安全科技股份有限公司 | Method for establishing Internet protocol security virtual private network tunnel and network equipment |
CN104821951A (en) * | 2015-05-26 | 2015-08-05 | 杭州华三通信技术有限公司 | Safety communication method and device |
CN106685956A (en) * | 2016-12-27 | 2017-05-17 | 上海斐讯数据通信技术有限公司 | Method and system for router VPN network connection |
-
2018
- 2018-09-21 CN CN201811106186.3A patent/CN109088883B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100278181A1 (en) * | 2004-11-16 | 2010-11-04 | Juniper Networks, Inc. | Point-to-multi-point/non-broadcasting mutli-access vpn tunnels |
CN101557337A (en) * | 2009-05-04 | 2009-10-14 | 成都市华为赛门铁克科技有限公司 | Network tunnel establishing method, data transmission method, communication system and relevant equipment |
CN101697522A (en) * | 2009-10-16 | 2010-04-21 | 深圳华为通信技术有限公司 | Virtual private network networking method, communication system and related equipment |
CN103152343A (en) * | 2013-03-04 | 2013-06-12 | 北京神州绿盟信息安全科技股份有限公司 | Method for establishing Internet protocol security virtual private network tunnel and network equipment |
CN104821951A (en) * | 2015-05-26 | 2015-08-05 | 杭州华三通信技术有限公司 | Safety communication method and device |
CN106685956A (en) * | 2016-12-27 | 2017-05-17 | 上海斐讯数据通信技术有限公司 | Method and system for router VPN network connection |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114124619A (en) * | 2021-12-02 | 2022-03-01 | 深圳通康创智技术有限公司 | Subnet communication method and device, computer equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN109088883B (en) | 2021-01-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10972452B2 (en) | Secure access to virtual machines in heterogeneous cloud environments | |
EP3785412B1 (en) | Dynamic scaling of virtual private network connections | |
US10841341B2 (en) | Policy-based configuration of internet protocol security for a virtual private network | |
US10382401B1 (en) | Cloud over IP for enterprise hybrid cloud network and security | |
US10348767B1 (en) | Cloud over IP session layer network | |
WO2017181894A1 (en) | Method and system for connecting virtual private network by terminal, and related device | |
US8327129B2 (en) | Method, apparatus and system for internet key exchange negotiation | |
CN111193698B (en) | Data processing method, device, terminal and storage medium | |
CN105873031B (en) | Distributed unmanned plane cryptographic key negotiation method based on credible platform | |
CN104219217B (en) | Security association negotiation method, device and system | |
US11558184B2 (en) | Unification of data flows over network links with different internet protocol (IP) addresses | |
WO2008108821A2 (en) | Virtual security interface | |
Samociuk | Secure communication between OpenFlow switches and controllers | |
US20090271852A1 (en) | System and Method for Distributing Enduring Credentials in an Untrusted Network Environment | |
CN109088883A (en) | A kind of network-building method of plurality of subnets, device, storage medium and computer equipment | |
CN110943996B (en) | Management method, device and system for business encryption and decryption | |
CN110086750A (en) | A kind of encryption system based on optical fiber data link road network and satellite communication network | |
CN115378578B (en) | SD-WAN (secure digital-to-Wide area network) implementation method and system based on SM4 cryptographic key | |
CN105099849B (en) | A kind of method for building up and equipment in the tunnels IPsec | |
JP2023531034A (en) | Service transmission method, device, network equipment and storage medium | |
CN117478428B (en) | Stealth communication system and configuration method | |
CN113115306B (en) | Encryption method, system and storage medium for enhancing LoraWan network architecture security | |
CN116801239B (en) | Point-to-point virtual communication method and system based on SM4 cryptographic | |
CN117640087A (en) | IPSec VPN security gateway system integrating quantum key distribution network technology | |
CN116915486A (en) | Cloud service communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |