CN109150916A - A method of layer of data encryption in being realized in MPLS L2VPN network - Google Patents

A method of layer of data encryption in being realized in MPLS L2VPN network Download PDF

Info

Publication number
CN109150916A
CN109150916A CN201811247980.XA CN201811247980A CN109150916A CN 109150916 A CN109150916 A CN 109150916A CN 201811247980 A CN201811247980 A CN 201811247980A CN 109150916 A CN109150916 A CN 109150916A
Authority
CN
China
Prior art keywords
message
label
encryption
mpls
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201811247980.XA
Other languages
Chinese (zh)
Inventor
郁晨
赵茂聪
何志川
徐海青
周杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Centec Networks Suzhou Co Ltd
Original Assignee
Centec Networks Suzhou Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Centec Networks Suzhou Co Ltd filed Critical Centec Networks Suzhou Co Ltd
Priority to CN201811247980.XA priority Critical patent/CN109150916A/en
Publication of CN109150916A publication Critical patent/CN109150916A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • H04L47/825Involving tunnels, e.g. MPLS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Present invention discloses a kind of methods of layer of data encryption in realizing in MPLS L2VPN network, comprising: encryption parameter information is saved in the PE equipment in MPLS L2VPN network, encryption parameter information includes MACSec Encryption Algorithm and key;When transmitting to internal layer message, PE equipment carries out encryption and decryption transmission to internal layer message according to encryption parameter information.The present invention uses lesser expense, is encrypted in the message transmitted in MPLS L2VPN network, enhances the safety of network, reduces the risk being cracked when message is trapped.

Description

A method of layer of data encryption in being realized in MPLS L2VPN network
Technical field
The present invention relates to a kind of network security protection mechanism, realized in MPLS L2VPN network more particularly, to one kind in The method of layer of data encryption.
Background technique
Existing MPLS two-layer VPN (MPLS L2VPN) MPLS L2VPN network is a kind of based on MPLS (Multi- Protocol Label Switching, multiprotocol label switching) and ethernet technology two-layer VPN (Virtual Private Network, Virtual Private Network) technology, such as more popular VPLS (VirtualPrivateLanService, that is, it is empty Quasi- private LAN service) or VPWS (Virtual Private Wire Service, virtual dedicated line service).It is specifically divided into The leading Martini mode of Juniper leading Kompella mode and Cisco, is that public network is modeled as Layer 2 switch, fits Together in point-to-multipoint business.
But since existing MPLS L2VPN network lacks safety protecting mechanism, L2VPN network is passed through in MPLS message When, data packet may be trapped, parse, so that the information of acquisition easy to use launches a offensive to the broadcast domain of internal layer.
There are also existing by using IPSec (Internet Protocol Security, Ethernet in MPLS VPN network Protocol safety) safe encryption is carried out to data packet.It is such as to be disclosed in CN200510091206.0 in Chinese Patent Application No. A kind of patent name are as follows: the method for End to End Encryption transmission is realized in MPLS VPN network.But the program is only applicable to MPLS three-layer VPN (MPLS L3VPN) network, and the additional mode for increasing IPSec is needed to realize encryption, can further it increase Increase pin cost.
Summary of the invention
It is an object of the invention to overcome the deficiencies of existing technologies, one kind is provided and realizes internal layer in MPLS L2VPN network The method of data encryption.
To achieve the above object, the following technical solutions are proposed by the present invention: one kind realizing internal layer in MPLS L2VPN network The method of data encryption, comprising:
S1, saves encryption parameter information in the PE equipment in MPLS L2VPN network, and the encryption parameter information includes MACSec Encryption Algorithm and key;
S2, when being transmitted to internal layer message, the PE equipment according to the encryption parameter information to internal layer message into The transmission of row encryption and decryption.
Preferably, in S2, the PE equipment selects the different keys to carry out encryption and decryption according to different PW Label Operation, the PW Label are determined by virgin inner layer message information.
Preferably, the S2 includes:
S21, when needing the internal layer message encrypted to be carried out data transmission by entry PE equipment, entry PE equipment is according to Internal layer message is encrypted in encryption parameter information;
After outlet PE equipment receives encrypted internal layer message, place is decrypted according to the encryption parameter information in S22 Reason, to obtain original message.
Preferably, the S21 includes:
Vlan information in S211, port that entry PE equipment enters according at least to message and message determines the LSP of message Label, PW Label and whether need to encrypt;
S212, if needing to encrypt, according to key needed for PW Label selection encryption;
S213 is encrypted using the Data section of the key pair message, and adds MacSec in the front Data sections of Tag, tail portion add ICV;
S214, PW Label, MPLS Label, LSP Label and outer layer Mac information in encapsulation, finally forwards the packet It goes out;
Wherein, information of the MacSec Tag to indicate encryption message, Data sections are encrypted information, MPLS Whether Label needs to encrypt for identification message, and ICV is for doing integrity checking.
Preferably, the S22 includes:
S221, outlet PE equipment peel packet outer layer Mac information and PW Label, MPLS Label and LSP Label off;
S222 judges whether message is encryption message according to the MPLS Label, if so, according to the PW Label Key of the selection for decryption;
S223 is decrypted using the key pair message of the decryption, peels the MacSec Tag of message after decryption off And ICV, obtain original message;
S224, according in the original message PW Label or two layers of information E-Packet.
Preferably, all PE equipment in MPLS L2VPN network need to support the MACSec Encryption Algorithm, and need to safeguard The identical key.
Preferably, the MPLS Label uses one in reserved MPLS Label.
Preferably, each one key of PW Label correspondence mappings, so that different PW Label corresponds to different keys.
Preferably, the MPLS Label of encryption message is indicated using reserved Label 6.
The beneficial effects of the present invention are: by using MACSec (Media Access Control Secu rity, MAC Safety) the internal layer information of MPLS message is encrypted, so that the internal layer information of MPLS message is in MPLS L2VPN network In can not be resolved, meanwhile, indicated using a reserved MPLS Label whether by encryption.Realization is opened using lesser Pin, is encrypted in the message transmitted in MPLS L2VPN network, enhances the safety of network, what reduction message was cracked when being trapped Risk.
Detailed description of the invention
Fig. 1 is the flow diagram of the method for the present invention;
Fig. 2 is the flow diagram of ciphering process of the present invention;
Fig. 3 is the flow diagram of decrypting process of the present invention;
Fig. 4 a and Fig. 4 b are that preceding and encrypted message format is encrypted in MPLS L2VPN network respectively;
Fig. 5 is the structural schematic diagram of MPLS L2VPN network of the embodiment of the present invention.
Specific embodiment
Below in conjunction with attached drawing of the invention, clear, complete description is carried out to the technical solution of the embodiment of the present invention.
A kind of disclosed method that interior layer of data encryption is realized in MPLS L2VPN network, by using MACSec (Media Access Control Security, MAC safety) carries out at encryption the internal layer information of MPLS message Reason, so that the internal layer information of MPLS message can not parse in MPLS L2VPN network, what reduction message was cracked when being trapped Risk enhances the safety of network, and expense is small.
As shown in Figure 1, a kind of disclosed method that interior layer of data encryption is realized in MPLS L2VPN network, Include:
S1 saves encryption in PE (Provider Edge, provider edge equipment) equipment in MPLS L2VPN network Parameter information, the encryption parameter information include MACSec Encryption Algorithm and key.
Specifically, encryption parameter information here carries out encryption and decryption use for subsequent internal layer data.Wherein, MACSec is fixed The method of data safety communication of the justice based on 802 local area network of IEEE, safe MAC layer data can be provided for user and are sent out Send and receive service, including ciphering user data, data frame integrity checking and data origin authenticity verification.This requires MPLS All PE equipment need support the Encryption Algorithm in L2VPN network.Meanwhile all PE equipment need to tie up in MPLS L2VPN network Protect identical key information.
S2, when transmitting to internal layer message, PE equipment carries out encryption and decryption to internal layer message according to encryption parameter information Transmission.
Specifically, the S2 includes:
S21, when needing the internal layer message encrypted to be carried out data transmission by entry PE (Ingress PE) equipment, entry PE Equipment is encrypted internal layer message according to encryption parameter information.
Specifically, as shown in Fig. 2, the S21 includes:
VLAN (Virtual Local in S211, port that entry PE equipment enters according at least to message and message Area Network, virtual LAN) whether information determine LSP Label, the PW Label of message and need to encrypt.
Here LSP Label, PW Label is determining all in accordance with virgin inner layer message information, i.e., what message here entered Vlan information etc. in port and message.LSP Label, that is, tunnel Label, PW Label, that is, pseudo-wire Label.PW Label is used In selection key, arbitrary PW Label (L) can be made corresponding close by being calculated by a kind of mapping mode f Key (K), it may be assumed that
K=f (L).
Which kind of mapping mode f is specifically used, which is not limited by the present invention, reflects as long as being able to achieve each PW Label correspondence Penetrate a key.It realizes that different PW Label corresponds to different keys, is sent to the sum of different PW from difference to reach The message that PW is received carries out the operation of encryption and decryption using different keys.This way can increase the difficulty that encryption message is cracked Degree, and then further enhance the safety of MPLS L2VPN.
S212, if needing to encrypt, according to key needed for PW Label selection encryption.
That is, if Ingress PE equipment judges that the message needs to encrypt according to above-mentioned virgin inner layer message information Processing then selects corresponding key according to the PW Label of message in Ingress PE equipment, and how key, which selects, can refer to Description in above-mentioned S211.
S213 is encrypted using the Data section of key pair message, and adds MacSec Tag in the front Data sections of, Tail portion adds ICV.
Encryption uses above-mentioned MACSec Encryption Algorithm.It is the format of virgin inner layer message in conjunction with shown in Fig. 4 a comprising Data sections, MAC information (i.e. outer layer MacSa&MacDa and internal layer MacSa&MacDa in Fig. 4 a), LSP Label and PW Label, Data section here are to need encrypted information.It is encrypted message format, MacSec in conjunction with shown in Fig. 4 b Some information of the Tag (Mac safety label) to indicate encryption message, are added in Data sections of fronts.Plus ICV, (figure is not for tail portion Show), for doing integrity checking.
S214, PW Label, MPLS Label, LSP Label and outer layer Mac information in encapsulation, finally forwards the packet It goes out.
In conjunction with shown in Fig. 4 b, message is successively encapsulated to upper internal layer Mac information, PW Label, MPLS Label, LSP again Label and outer layer Mac information form the message format of encrypted MPLS L2VPN shown in Fig. 4 b.It later will be encrypted Message is transmitted to Egress PE equipment.Here whether increased MPLS Label is for indicating message by encryption, when implementation, One in reserved MPLS Label (0-15) can be used in MPLS Label, such as the expression encryption message of Label 6 can be used MPLS Label.
S22 is carried out after outlet PE (Egress PE) equipment receives encrypted internal layer message according to encryption parameter information Decryption processing, to obtain original message.
Message decrypting process in Egress PE equipment is opposite with message ciphering process in Ingress PE equipment.Specifically Ground, as shown in figure 3, the S22 includes:
S221, outlet PE equipment peel packet outer layer Mac information and PW Label, MPLS Label and LSP Label off.
S222 judges whether message is encryption message according to MPLS Label, if so, being used for according to PW Label selection The key of decryption.
If the value of one of MPLS Label in outlet PE equipment discovery message is 6, then it represents that message is encryption message, How the then key according to PW Label selection for decryption specifically selects same entry PE equipment selection cipher key principle, can refer to Description in above-mentioned steps S211.
S223 is decrypted using the key pair message of decryption, is peeled the MacSec Tag and ICV of message after decryption off, is obtained Obtain original message.
Decrypting process and ciphering process obtain as shown in fig. 4 a on the contrary, peel the MacSec Tag and ICV of message after decryption off Virgin inner layer message.
S224, according in original message PW Label or two layers of information E-Packet.
Below with the structural schematic diagram of MPLS L2VPN network shown in fig. 5, to sketch lower original message in MPLS Encryption and decryption and the process of CE-B1 is forwarded to from Customer Edge router CE-A1 in L2VPN network.
1, two layer message is sent to PE-A equipment by interface circuit AC (access circuit)-A1 from CE-A1 equipment, Select a PW (Pseudo Wire, pseudo-wire, such as PW-1) message is transmitted to opposite end PE equipment (i.e. PE- on PE-A B device) on.Seal up according to the PW of selection the operation of dress and encryption simultaneously.
2, encryption message is sent to PE-B equipment by PW-1, is decapsulated in PE-B equipment, and according to PW Come select decryption when key come the operation being decrypted, obtain original two layer message, forward the packet away later.
3, message is sent to CE-B1 equipment by PE-B equipment by AC-B1.
Wherein, the decapsulation reconciliation carried out in the operation for sealing up dress and encryption and PE-B equipment carried out in PE-A equipment Close operation can refer to above-mentioned steps S21 and S22 description and Fig. 3, shown in 4, which is not described herein again.
Technology contents and technical characteristic of the invention have revealed that as above, however those skilled in the art still may base Make various replacements and modification without departing substantially from spirit of that invention, therefore, the scope of the present invention in teachings of the present invention and announcement It should be not limited to the revealed content of embodiment, and should include various without departing substantially from replacement and modification of the invention, and be this patent Shen Please claim covered.

Claims (9)

1. a kind of method for realizing interior layer of data encryption in MPLS L2VPN network, which is characterized in that the described method includes:
S1, saves encryption parameter information in the PE equipment in MPLS L2VPN network, and the encryption parameter information includes MACSec Encryption Algorithm and key;
S2, when transmitting to internal layer message, the PE equipment adds internal layer message according to the encryption parameter information Decrypted transport.
2. the method according to claim 1, wherein the PE equipment is selected according to different PW Label in S2 It selects the different keys and carries out encryption and decryption operation, the PW Label is determined by virgin inner layer message information.
3. the method according to claim 1, wherein the S2 includes:
S21, when needing the internal layer message encrypted to be carried out data transmission by entry PE equipment, entry PE equipment is according to the encryption Internal layer message is encrypted in parameter information;
S22 is decrypted after outlet PE equipment receives encrypted internal layer message according to the encryption parameter information, with Obtain original message.
4. according to the method described in claim 3, it is characterized in that, the S21 includes:
Vlan information in S211, port that entry PE equipment enters according at least to message and message determines the LSP of message Label, PW Label and whether need to encrypt;
S212, if needing to encrypt, according to key needed for PW Label selection encryption;
S213 is encrypted using the Data section of the key pair message, and adds MacSec Tag in the front Data sections of, Tail portion adds ICV;
S214, PW Label, MPLS Label, LSP Label and outer layer Mac information in encapsulation, finally forwards the packet away;
Wherein, information of the MacSec Tag to indicate encryption message, Data sections are encrypted information, MPLS Label Whether need to encrypt for identification message, ICV is for doing integrity checking.
5. according to the method described in claim 4, it is characterized in that, the S22 includes:
S221, outlet PE equipment peel packet outer layer Mac information and PW Label, MPLS Label and LSP Label off;
S222 judges whether message is encryption message according to the MPLS Label, if so, selecting according to the PW Label Key for decryption;
S223 is decrypted using the key pair message of the decryption, peeled off after decryption message the MacSec Tag and ICV obtains original message;
S224, according in the original message PW Label or two layers of information E-Packet.
6. the method according to claim 1, wherein all PE equipment in MPLS L2VPN network need to support institute MACSec Encryption Algorithm is stated, and need to safeguard the identical key.
7. method according to claim 4 or 5, which is characterized in that the MPLS Label uses reserved MPLS One in Label.
8. according to the method described in claim 2, it is characterized in that, each one key of PW Label correspondence mappings, so that not Same PW Label corresponds to different keys.
9. the method according to the description of claim 7 is characterized in that indicating the MPLS of encryption message using reserved Label 6 Label。
CN201811247980.XA 2018-10-25 2018-10-25 A method of layer of data encryption in being realized in MPLS L2VPN network Withdrawn CN109150916A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811247980.XA CN109150916A (en) 2018-10-25 2018-10-25 A method of layer of data encryption in being realized in MPLS L2VPN network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811247980.XA CN109150916A (en) 2018-10-25 2018-10-25 A method of layer of data encryption in being realized in MPLS L2VPN network

Publications (1)

Publication Number Publication Date
CN109150916A true CN109150916A (en) 2019-01-04

Family

ID=64809456

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811247980.XA Withdrawn CN109150916A (en) 2018-10-25 2018-10-25 A method of layer of data encryption in being realized in MPLS L2VPN network

Country Status (1)

Country Link
CN (1) CN109150916A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111935081A (en) * 2020-06-24 2020-11-13 武汉绿色网络信息服务有限责任公司 Data packet desensitization method and device
KR20210066229A (en) * 2019-11-28 2021-06-07 한전케이디엔주식회사 System for transmitting optical of nuclear power plants network enhanced security and method for transmitting data there of

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1909448A (en) * 2005-08-05 2007-02-07 华为技术有限公司 Method for realizing end to end encryption transmission in MPLS VPN network
CN101145904A (en) * 2007-11-07 2008-03-19 杭州华三通信技术有限公司 A method, device and system for data packet transmission
US20080192739A1 (en) * 2007-02-14 2008-08-14 Serge-Paul Carrasco Ethernet encryption over resilient virtual private LAN services
CN101820377A (en) * 2009-02-27 2010-09-01 美国博通公司 A kind of networking method and networked system
CN101971556A (en) * 2008-01-25 2011-02-09 思科技术公司 Supporting efficient and accurate sync/followup timestamps
CN103618596A (en) * 2013-05-15 2014-03-05 盛科网络(苏州)有限公司 Encryption method for inner layer information in VXLAN (Virtual Extensible Local Area Net) tunnel
US20160315853A1 (en) * 2015-04-22 2016-10-27 Cisco Technology, Inc. Traffic Flow Identifiers Resistant to Traffic Analysis
CN106230793A (en) * 2016-07-22 2016-12-14 安徽皖通邮电股份有限公司 A kind of MPLSVPN of realization operates in the method on the IPVPN of encryption

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1909448A (en) * 2005-08-05 2007-02-07 华为技术有限公司 Method for realizing end to end encryption transmission in MPLS VPN network
US20080192739A1 (en) * 2007-02-14 2008-08-14 Serge-Paul Carrasco Ethernet encryption over resilient virtual private LAN services
CN101145904A (en) * 2007-11-07 2008-03-19 杭州华三通信技术有限公司 A method, device and system for data packet transmission
CN101971556A (en) * 2008-01-25 2011-02-09 思科技术公司 Supporting efficient and accurate sync/followup timestamps
CN101820377A (en) * 2009-02-27 2010-09-01 美国博通公司 A kind of networking method and networked system
CN103618596A (en) * 2013-05-15 2014-03-05 盛科网络(苏州)有限公司 Encryption method for inner layer information in VXLAN (Virtual Extensible Local Area Net) tunnel
US20160315853A1 (en) * 2015-04-22 2016-10-27 Cisco Technology, Inc. Traffic Flow Identifiers Resistant to Traffic Analysis
CN106230793A (en) * 2016-07-22 2016-12-14 安徽皖通邮电股份有限公司 A kind of MPLSVPN of realization operates in the method on the IPVPN of encryption

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20210066229A (en) * 2019-11-28 2021-06-07 한전케이디엔주식회사 System for transmitting optical of nuclear power plants network enhanced security and method for transmitting data there of
KR102357375B1 (en) * 2019-11-28 2022-01-27 한전케이디엔주식회사 System for transmitting optical of nuclear power plants network enhanced security and method for transmitting data there of
CN111935081A (en) * 2020-06-24 2020-11-13 武汉绿色网络信息服务有限责任公司 Data packet desensitization method and device
CN111935081B (en) * 2020-06-24 2022-06-21 武汉绿色网络信息服务有限责任公司 Data packet desensitization method and device

Similar Documents

Publication Publication Date Title
US9992310B2 (en) Multi-hop Wan MACsec over IP
CN107294711B (en) Power information intranet message encryption issuing method based on VXLAN technology
Martini et al. Encapsulation methods for transport of Ethernet over MPLS networks
Andersson et al. Provider provisioned virtual private network (VPN) terminology
Lasserre et al. Framework for data center (DC) network virtualization
US9843507B2 (en) Enhanced hierarchical virtual private local area network service (VPLS) system and method for ethernet-tree (E-tree) services
US8966240B2 (en) Enabling packet handling information in the clear for MACSEC protected frames
JP5060081B2 (en) Relay device that encrypts and relays frames
US20140359275A1 (en) Method And Apparatus Securing Traffic Over MPLS Networks
Augustyn et al. Service requirements for layer 2 provider-provisioned virtual private networks
CN103259724B (en) A kind of MPLS VPN implementation method, system and customer edge devices
CN103188351B (en) IPSec VPN traffic method for processing business and system under IPv6 environment
WO2013053284A1 (en) Virtual private network implementation method and system based on traffic engineering tunnel
CN106230793A (en) A kind of MPLSVPN of realization operates in the method on the IPVPN of encryption
CN109150916A (en) A method of layer of data encryption in being realized in MPLS L2VPN network
US9106618B2 (en) Control plane encryption in IP/MPLS networks
WO2011079717A1 (en) Message transmitting method, equipment and system
WO2021208664A1 (en) Message detection method, device and system
CN101145904A (en) A method, device and system for data packet transmission
Boutros et al. Virtual Private Wire Service Support in Ethernet VPN
Martini et al. Encapsulation methods for transport of PPP/high-level data link control (HDLC) over MPLS networks
US20150281058A1 (en) Pseudo wire in layer 2 virtual private network
Zhang The solution and management of VPN based IPSec technology
Jiang et al. Ethernet-Tree (E-Tree) Support in Virtual Private LAN Service (VPLS)
Sajassi et al. Ethernet-Tree (E-Tree) Support in Ethernet VPN (EVPN) and Provider Backbone Bridging EVPN (PBB-EVPN)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20190104