CN109257388A - Pseudo-wire encryption method in a kind of MPLS-TP - Google Patents

Pseudo-wire encryption method in a kind of MPLS-TP Download PDF

Info

Publication number
CN109257388A
CN109257388A CN201811386848.7A CN201811386848A CN109257388A CN 109257388 A CN109257388 A CN 109257388A CN 201811386848 A CN201811386848 A CN 201811386848A CN 109257388 A CN109257388 A CN 109257388A
Authority
CN
China
Prior art keywords
channel
pseudo
wire
ike
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811386848.7A
Other languages
Chinese (zh)
Inventor
林晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Province Postal Communication Electricity Ltd Co
Original Assignee
Anhui Province Postal Communication Electricity Ltd Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Province Postal Communication Electricity Ltd Co filed Critical Anhui Province Postal Communication Electricity Ltd Co
Priority to CN201811386848.7A priority Critical patent/CN109257388A/en
Publication of CN109257388A publication Critical patent/CN109257388A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/68Pseudowire emulation, e.g. IETF WG PWE3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Pseudo-wire encryption method in a kind of MPLS-TP can solve the technical issues of lacking the solution exclusively for the End to End Encryption of pseudo-wire design in existing network.The following steps are included: S100: establishing pseudo-wire PW between two PE equipment;S200: association channel IKE-Channel is established on pseudo-wire PW;S300: transmitting ike negotiation message on association channel IKE-Channel, generates Security Association parameter SEC SA by ike negotiation;S400: association channel SEC-Channel is established on pseudo-wire PW;S500: with the algorithm and key negotiated in SEC SA, carrying out the encryption of service message and integrity verification in pseudo-wire, the transmission encryption message on association channel SEC-Channel.The present invention can be in existing MPLS-TP network equipment, realization encrypts the flow of the pseudo-wire in existing network, the safety of network is improved, and can be used in combination with novel quantum cryptography, national secret algorithm, can be flexibly deployed in existing network.

Description

Pseudo-wire encryption method in a kind of MPLS-TP
Technical field
The present invention relates to fields of communication technology, and in particular to pseudo-wire encryption method in a kind of MPLS-TP.
Background technique
MPLS-TP is a kind of connection-oriented packet switching network technology, is the transmission proposed by ITU-T and IETF joint The expansible MPLS architecture of demand realizes that these extensions are referred to as Transport Profile for MPLS (i.e. MPLS-TP). MPLS-TP carries the business such as IP, Ethernet, ATM, TDM by pseudo-wire (PW, Pseudo Wire), and existing puppet line technology can The circuit switching of good simulation end to end, but message plaintext transmission in pseudo-wire, lack a kind of encryption method.
IPSEC (Internet Protocol Security internet protocol secure) is a kind of frame knot of open standard Structure ensures to be maintained secrecy on ip networks and the communication of safety by using the security service of encryption.IPSEC passes through ISAKMP Protocol negotiation security alliance SA.ISAKMP(Internet Security Association and Key Management Protocol) it is ipsec key management agreement, improves authentication and Internet Key Exchange for IPSEC.Security alliance SA (Security Association) is the basis of IPSec, is a kind of agreement that communicating pair is established, determines for protecting number According to the tunneling of packet, encryption and integrity verification algorithm, key and key validity period etc..IPSEC has ESP and two kinds of AH envelopes Agreement is filled, ESP provides data encryption and integrity verification, and AH only carries out integrity verification without encryption.IPSEC general work In network layer, and pseudo-wire active link layer, IPSEC cannot directly work on link layer, design so lacking exclusively for pseudo-wire End to End Encryption solution.
Summary of the invention
Pseudo-wire encryption method in a kind of MPLS-TP proposed by the present invention can solve to lack in existing network exclusively for pseudo-wire The technical issues of solution of the End to End Encryption of design.
To achieve the above object, the invention adopts the following technical scheme:
Pseudo-wire encryption method in a kind of MPLS-TP, comprising the following steps:
S100: pseudo-wire PW is established between two PE equipment;
S200: association channel IKE-Channel is established on pseudo-wire PW;
S300: transmitting ike negotiation message on association channel IKE-Channel, generates Security Association ginseng by ike negotiation Number SEC SA;
S400: association channel SEC-Channel is established on pseudo-wire PW;
S500: with the algorithm and key negotiated in SEC SA, carrying out the encryption of service message and integrity verification in pseudo-wire, The transmission encryption message on association channel SEC-Channel.
Further, the pseudo-wire that step S100 can choose the pseudo-wire of static configuration or protocol dynamic is established.
Further, step S200 the following steps are included:
S201:IKE-Channel uses PW-ACH (PW Associated Channel as IKE protocol interaction channel Header) format defines the association channel encapsulation format of pseudo-wire, and the value of the Channel Type of IKE-Channel can flexibly match It sets, recommendation 99;
The complete package format of the upper transmitting message of S202:IKE-Channel is successively from the bottom to the outer: outer layer MPLS mark Label, internal layer MPLS label, PW-ACH, IP, UDP, ISAKMP and ISAKMP load, wherein IP addresses are both ends The interface IP address of PE equipment or the address loopback.
Further, step S300 the following steps are included:
S301: both ends PE respectively as IKE originating end and responder, carry out ike negotiation;
S302:IKE protocol version can support that IKEv1, IKEv2, IKE state is close, appointing in four kinds of protocol versions of IKE quantum What is a kind of;
The IKE message that S303:PE is issued is encapsulated according to PW-ACH format;
The IKE message that S304:PE is received is decapsulated according to PW-ACH format;
S305:PE is issued and is received IKE message, is handled by IKE software module, is completed key exchange and is generated peace Full alliance parameter SEC SA;
S306: both ends PE can be negotiated according to the fixed period by IKE again, update the key in SEC SA, to guarantee Long-term safety.
Further, step S400 the following steps are included:
Transmission channel of the S401:SEC-Channel as service message, the association for defining pseudo-wire using PW-ACH format are logical Road encapsulation format, the value flexibly configurable of the Channel Type of SEC-Channel, recommendation are 50 and 51, respectively indicate ESP With AH encapsulation format;
The complete package format of the upper transmitting message of S402:SEC-Channel is successively from the bottom to the outer: outer layer MPLS mark Label, internal layer MPLS label, PW-ACH, ESP or AH, message ciphertext or plaintext, ESP tail.
Further, step S500 the following steps are included:
S501: both ends PE simultaneously as encryption end and decrypting end, right respectively according to the algorithm and key negotiated in SEC SA The service message of pseudo-wire carrying carries out encryption and decryption and integrity verification;
S502: encryption and decryption can support two kinds of encapsulation format of ESP and AH, the former can encrypt message and integrality is tested Card, the latter only carry out integrity verification to message;
ESP the or AH message that S503:PE is issued is encapsulated according to PW-ACH format;
ESP the or AH message that S504:PE is received is decapsulated according to PW-ACH format;
S505:PE is issued and is received ESP or AH message, is handled by the encryption/decryption module of system.
Compared with prior art, the method that pseudo-wire encrypts in a kind of MPLS-TP provided by the invention has following beneficial Effect:
It can realize and the flow of the pseudo-wire in existing network is encrypted in existing MPLS-TP network equipment, improve The safety of network, and can be used in combination with novel quantum cryptography, national secret algorithm, it can flexibly be deployed to existing Have in network.
Detailed description of the invention
Fig. 1 is flow chart of the method for the present invention;
Fig. 2 is network topological diagram of the invention;
Fig. 3 is the schematic diagram of PW-ACH encapsulation format;
Fig. 4 is the schematic diagram of IKE-Channel encapsulation format;
Fig. 5 is the schematic diagram of SEC-Channel encapsulation format.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.
As depicted in figs. 1 and 2, pseudo-wire encryption method in MPLS-TP described in the present embodiment, comprising the following steps:
S100: pseudo-wire PW is established between two PE equipment;
S200: association channel IKE-Channel is established on pseudo-wire PW;
S300: transmitting ike negotiation message on association channel IKE-Channel, generates Security Association ginseng by ike negotiation Number SEC SA;
S400: association channel SEC-Channel is established on pseudo-wire PW;
S500: with the algorithm and key negotiated in SEC SA, carrying out the encryption of service message and integrity verification in pseudo-wire, The transmission encryption message on association channel SEC-Channel.
The method that pseudo-wire encrypts in a kind of MPLS-TP, step S100 can choose the pseudo-wire of static configuration, or association The pseudo-wire that view dynamic is established.
Specifically, step S200 the following steps are included:
S201:IKE-Channel uses PW-ACH (PW Associated Channel as IKE protocol interaction channel Header) format defines the association channel encapsulation format (see Fig. 3) of pseudo-wire, and the value of the Channel Type of IKE-Channel can Flexible configuration, recommendation 99;
The complete package format of the upper transmitting message of S202:IKE-Channel is successively from the bottom to the outer: outer layer MPLS mark Label, internal layer MPLS label, PW-ACH, IP, UDP, ISAKMP and ISAKMP load, wherein IP addresses are both ends The interface IP address of PE equipment or the address loopback, see Fig. 4.
Specifically, step S300 the following steps are included:
S301: both ends PE respectively as IKE originating end and responder, carry out ike negotiation;
S302:IKE protocol version can support that IKEv1, IKEv2, IKE state is close, appointing in four kinds of protocol versions of IKE quantum What is a kind of;
The IKE message that S303:PE is issued is encapsulated according to PW-ACH format;
The IKE message that S304:PE is received is decapsulated according to PW-ACH format;
S305:PE is issued and is received IKE message, is handled by IKE software module, is completed key exchange and is generated peace Full alliance parameter SEC SA;
S306: both ends PE can be negotiated according to the fixed period by IKE again, update the key in SEC SA, to guarantee Long-term safety.
Specifically, step S400 the following steps are included:
Transmission channel of the S401:SEC-Channel as service message, the association for defining pseudo-wire using PW-ACH format are logical Road encapsulation format (see Fig. 3), the value flexibly configurable of the Channel Type of SEC-Channel, recommendation are 50 and 51, respectively Indicate ESP and AH encapsulation format;
The complete package format of the upper transmitting message of S402:SEC-Channel is successively from the bottom to the outer: outer layer MPLS mark Label, internal layer MPLS label, PW-ACH, ESP or AH, message ciphertext or plaintext, ESP tail, are shown in Fig. 5.
Specifically, step S500 the following steps are included:
S501: both ends PE simultaneously as encryption end and decrypting end, right respectively according to the algorithm and key negotiated in SEC SA The service message of pseudo-wire carrying carries out encryption and decryption and integrity verification;
S502: encryption and decryption can support two kinds of encapsulation format of ESP and AH, the former can encrypt message and integrality is tested Card, the latter only carry out integrity verification to message;
ESP the or AH message that S503:PE is issued is encapsulated according to PW-ACH format;
ESP the or AH message that S504:PE is received is decapsulated according to PW-ACH format;
S505:PE is issued and is received ESP or AH message, is handled by the encryption/decryption module of system.
It is the specific example of the present embodiment below:
Negotiate to carry out pseudo-wire encryption using IKEv1;The following steps are included:
Step 1: establishing pseudo-wire PW, detailed step between two PE equipment are as follows: configure MPLS- between two PE equipment TP, comprising:
1) IP address of equipment and routing are set;
2) VPWS example is defined;
3) port AC is configured;
4) pseudo wire parameter is configured;
Step 2: association channel IKE-Channel, detailed step are established on pseudo-wire PW are as follows: configuration IKE parameter set, packet It includes:
1) version and mode of IKE, such as IKEv1 holotype;
2) enciphering and deciphering algorithm, such as AES-128;
3) integrity verification algorithm, such as SHA-256;
4) identity identifying method, such as wildcard;5) encapsulation format, such as ESP are selected.Then match on pseudo-wire PW Association channel IKE-Channel is set, Channel-type value is set as 99, and is associated with and has just configured IKE parameter set;
Step 3: carrying out ike negotiation on association channel IKE-Channel, generate the Security Association parameter SA of SEC, in detail Step are as follows:
Ike negotiation is carried out on association channel IKE-Channel, for example, by using IKEv1 holotype, the first stage uses 6 A IKE mutual message, carries out SA negotiation, Diffie-Hellman exchange, the authentication of wildcard, and second stage uses Quick mode totally 3 IKE mutual messages, generate the Security Association parameter SA of SEC;
Step 4: association channel SEC-Channel, detailed step are established on pseudo-wire PW are as follows: be arranged SEC-Channel's Channel-type is set as 50, encapsulates encryption message using ESP format;
Step 5: on association channel SEC-Channel, the encryption of service message in pseudo-wire is carried out with SEC SA, is walked in detail Suddenly are as follows:
1) pseudo wire PDU encrypt when, using defined in SEC SA Security Association parameter Encryption Algorithm, key pair message into Row encryption;
2) it using ciphertext as load, is packaged according to the format of SEC-Channel, is successively outer layer from the bottom to the outer MPLS label, internal layer MPLS label, PW-ACH, ESP, message ciphertext, ESP tail;
3) when decrypting, MPLS label, PW-ACH head are successively parsed, obtains corresponding pseudo-wire and ESP encapsulated type value, parsing ESP SPI values are obtained decryption SA parameter and message ciphertext are decrypted using this decipherment algorithm and key of SA parameter, The service message carried in reduction pseudo-wire;
It can be in existing MPLS-TP net using the method for pseudo-wire encryption in a kind of MPLS-TP provided in an embodiment of the present invention In network equipment, realization encrypts the flow of the pseudo-wire in existing network, improves the safety of network.
The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to the foregoing embodiments Invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each implementation Technical solution documented by example is modified or equivalent replacement of some of the technical features;And these modification or Replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.

Claims (8)

1. pseudo-wire encryption method in a kind of MPLS-TP, which comprises the following steps:
S100: pseudo-wire PW is established between two PE equipment;
S200: association channel IKE-Channel is established on pseudo-wire PW;
S300: transmitting ike negotiation message on association channel IKE-Channel, generates Security Association parameter by ike negotiation SEC SA;
S400: association channel SEC-Channel is established on pseudo-wire PW;
S500: with the algorithm and key negotiated in SEC SA, the encryption of service message and integrity verification in pseudo-wire is carried out, is being closed Transmission encryption message on connection road SEC-Channel.
2. pseudo-wire encryption method in MPLS-TP according to claim 1, it is characterised in that: the puppet in the step S100 Line PW is the pseudo-wire of static configuration or the pseudo-wire that protocol dynamic is established.
3. pseudo-wire encryption method in MPLS-TP according to claim 1, it is characterised in that: the step S200 includes:
S201:IKE-Channel is encapsulated as IKE protocol interaction channel using the association channel that PW-ACH format defines pseudo-wire Format;
The complete package format of the upper transmitting message of S202:IKE-Channel is successively from the bottom to the outer: outer layer MPLS label, Internal layer MPLS label, PW-ACH, IP, UDP, ISAKMP and ISAKMP load, wherein IP addresses are both ends PE The interface IP address of equipment or the address loopback.
4. pseudo-wire encryption method in MPLS-TP according to claim 1, it is characterised in that step S300 includes following step It is rapid:
S301: both ends PE respectively as IKE originating end and responder, carry out ike negotiation;
S302:IKE protocol version supports that IKEv1, IKEv2, IKE state is close, any one of four kinds of protocol versions of IKE quantum;
The IKE message that S303:PE is issued is encapsulated according to PW-ACH format;
The IKE message that S304:PE is received is decapsulated according to PW-ACH format;
S305:PE is issued and is received IKE message, is handled by IKE software module, is completed key exchange and is generated safety connection Alliance parameter SEC SA;
S306: both ends PE negotiates again according to the fixed period, by IKE, the key in SEC SA is updated, to guarantee long-term peace Quan Xing.
5. pseudo-wire encryption method in MPLS-TP according to claim 1, it is characterised in that step S400 includes following step It is rapid:
Transmission channel of the S401:SEC-Channel as service message is sealed using the association channel that PW-ACH format defines pseudo-wire Fill format;
The complete package format of the upper transmitting message of S402:SEC-Channel is successively from the bottom to the outer: outer layer MPLS label, Internal layer MPLS label, PW-ACH, ESP or AH, message ciphertext or plaintext, ESP tail.
6. pseudo-wire encryption method in MPLS-TP according to claim 1, it is characterised in that step S500 includes following step It is rapid:
S501: both ends PE simultaneously as encryption end and decrypting end, respectively according to the algorithm and key negotiated in SEC SA, to pseudo-wire The service message of carrying carries out encryption and decryption and integrity verification;
S502: encryption and decryption supports two kinds of encapsulation format of ESP and AH, the former can encrypt to message and integrity verification, the latter Integrity verification only is carried out to message;
ESP the or AH message that S503:PE is issued is encapsulated according to PW-ACH format;
ESP the or AH message that S504:PE is received is decapsulated according to PW-ACH format;
S505:PE is issued and is received ESP or AH message, is handled by the encryption/decryption module of system.
7. pseudo-wire encryption method in MPLS-TP according to claim 3, which is characterized in that IKE- in step S201 The value of the Channel Type of Channel is 99.
8. pseudo-wire encryption method in MPLS-TP according to claim 5, which is characterized in that step S401SEC-Channel As the transmission channel of service message, the association channel encapsulation format of pseudo-wire is defined using PW-ACH format, SEC-Channel's The value of Channel Type is 50 and 51, respectively indicates ESP and AH encapsulation format.
CN201811386848.7A 2018-11-20 2018-11-20 Pseudo-wire encryption method in a kind of MPLS-TP Pending CN109257388A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811386848.7A CN109257388A (en) 2018-11-20 2018-11-20 Pseudo-wire encryption method in a kind of MPLS-TP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811386848.7A CN109257388A (en) 2018-11-20 2018-11-20 Pseudo-wire encryption method in a kind of MPLS-TP

Publications (1)

Publication Number Publication Date
CN109257388A true CN109257388A (en) 2019-01-22

Family

ID=65043968

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811386848.7A Pending CN109257388A (en) 2018-11-20 2018-11-20 Pseudo-wire encryption method in a kind of MPLS-TP

Country Status (1)

Country Link
CN (1) CN109257388A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109714164A (en) * 2019-02-26 2019-05-03 安徽皖通邮电股份有限公司 A kind of method that IKEv2 negotiation uses quantum key
CN111404812A (en) * 2020-03-25 2020-07-10 新华三信息安全技术有限公司 Communication method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101635727A (en) * 2009-08-24 2010-01-27 华为技术有限公司 Method, device and system for securely transmitting and receiving pseudowire network data
CN101741552A (en) * 2009-12-28 2010-06-16 华为技术有限公司 Message transmitting method, equipment and system
CN102904792A (en) * 2012-09-21 2013-01-30 北京华为数字技术有限公司 Service carrying method and router
CN106230793A (en) * 2016-07-22 2016-12-14 安徽皖通邮电股份有限公司 A kind of MPLSVPN of realization operates in the method on the IPVPN of encryption
US9843392B1 (en) * 2006-03-14 2017-12-12 Sprint Spectrum L.P. System and method for passive optical network backhaul
CN107579932A (en) * 2017-10-25 2018-01-12 北京天融信网络安全技术有限公司 A kind of data transmission method, equipment and storage medium
CN107911212A (en) * 2017-11-09 2018-04-13 安徽皖通邮电股份有限公司 One kind bridge joint transmits encrypted method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9843392B1 (en) * 2006-03-14 2017-12-12 Sprint Spectrum L.P. System and method for passive optical network backhaul
CN101635727A (en) * 2009-08-24 2010-01-27 华为技术有限公司 Method, device and system for securely transmitting and receiving pseudowire network data
CN101741552A (en) * 2009-12-28 2010-06-16 华为技术有限公司 Message transmitting method, equipment and system
CN102904792A (en) * 2012-09-21 2013-01-30 北京华为数字技术有限公司 Service carrying method and router
CN106230793A (en) * 2016-07-22 2016-12-14 安徽皖通邮电股份有限公司 A kind of MPLSVPN of realization operates in the method on the IPVPN of encryption
CN107579932A (en) * 2017-10-25 2018-01-12 北京天融信网络安全技术有限公司 A kind of data transmission method, equipment and storage medium
CN107911212A (en) * 2017-11-09 2018-04-13 安徽皖通邮电股份有限公司 One kind bridge joint transmits encrypted method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109714164A (en) * 2019-02-26 2019-05-03 安徽皖通邮电股份有限公司 A kind of method that IKEv2 negotiation uses quantum key
CN109714164B (en) * 2019-02-26 2021-11-30 安徽皖通邮电股份有限公司 Method for IKEv2 to negotiate use of quantum key
CN111404812A (en) * 2020-03-25 2020-07-10 新华三信息安全技术有限公司 Communication method and device

Similar Documents

Publication Publication Date Title
US8559640B2 (en) Method of integrating quantum key distribution with internet key exchange protocol
CN107018134B (en) Power distribution terminal safety access platform and implementation method thereof
EP2777217B1 (en) Protocol for layer two multiple network links tunnelling
CN103716196B (en) A kind of network equipment and detection method
CN107104977A (en) A kind of block chain data safe transmission method based on Stream Control Transmission Protocol
CN105471827B (en) A kind of message transmitting method and device
CN104219217A (en) SA (security association) negotiation method, device and system
US11637699B2 (en) Rollover of encryption keys in a packet-compatible network
CN103905180A (en) Method for enabling classical application to have access to quantum communication network
US20220263811A1 (en) Methods and Systems for Internet Key Exchange Re-Authentication Optimization
Dhall et al. Implementation of IPSec protocol
CN108769292A (en) Message data processing method and processing device
CN107040446B (en) VPN tunnel protocol realizing method
WO2015131609A1 (en) Method for implementing l2tp over ipsec access
CN109257388A (en) Pseudo-wire encryption method in a kind of MPLS-TP
CN115567205A (en) Method and system for realizing encryption and decryption of network session data stream by quantum key distribution
CN107911212A (en) One kind bridge joint transmits encrypted method
WO2011079717A1 (en) Message transmitting method, equipment and system
CN111885430B (en) In-band telemetry method and system based on Ethernet frame
CN108924157A (en) A kind of message forwarding method and device based on IPSec VPN
CN107431691A (en) A kind of data pack transmission method, device, node device and system
CN114338116B (en) Encryption transmission method and device and SD-WAN network system
CN106385423A (en) Data encrypting transmission method and system
Gokulakrishnan et al. A survey report on VPN security & its technologies
CN103581034B (en) Message mirroring and encrypted transmitting method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190122