CN113852552A - Network communication method, system and storage medium - Google Patents
Network communication method, system and storage medium Download PDFInfo
- Publication number
- CN113852552A CN113852552A CN202111113185.3A CN202111113185A CN113852552A CN 113852552 A CN113852552 A CN 113852552A CN 202111113185 A CN202111113185 A CN 202111113185A CN 113852552 A CN113852552 A CN 113852552A
- Authority
- CN
- China
- Prior art keywords
- message
- node
- security association
- network communication
- sid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000004891 communication Methods 0.000 title claims abstract description 25
- 238000004590 computer program Methods 0.000 claims 1
- 230000009471 action Effects 0.000 abstract description 13
- 230000008569 process Effects 0.000 abstract description 7
- 238000005538 encapsulation Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 239000000463 material Substances 0.000 description 2
- 230000002730 additional effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/34—Source routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network communication method and system based on SRv6, and belongs to the field of IP networks. A network communication method comprises the following steps: in the first node, the message matches a segmented routing strategy according to an SR (scheduling request) drainage strategy; judging whether the segmented routing strategy has a security association index, if so, encrypting the packet message by using the matched security association, and processing the message by using an SR (sequence request) drainage strategy; if not, the message is processed by using an SR (scheduling request) drainage strategy; the tail node receives the message and carries out SR processing; judging whether the SID carries a decryption attribute, if so, decrypting the message by using the specified security association in the decryption attribute, and then processing the message by using an END action tail node of the SID; and if not, using the END action tail node of the SID to process the message.
Description
Technical Field
The invention relates to the field of network communication, in particular to a network communication method, a network communication system and a storage medium based on SRV 6.
Background
In the current IPv6 network, to implement encryption authentication of an IP packet and to implement path selection of the packet, SRv6(Segment Routing) and ipsec (IP security) are usually used in combination. The message structure of the combined ESP in SRv6 and IPsec tunnel mode is shown in fig. 1.
In the existing mode, if the two services are combined, the following problems occur:
1. both services provide tunnel encapsulation service, and when the two services need to be combined, the service processing of the forwarding plane serial will cause the encapsulation error of the message to the outer layer IP head.
2. In the forwarding process, the End node needs to process the SID instruction of SRv6 first and then process the IPsec service, but in the actions of the End node of SRv6 service, the End and other actions require to use inner layer IP packets for forwarding, and at this time, the inner layer packets are all ciphertexts and cannot be further processed.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a network communication method, a system and a storage medium based on SRv 6.
As an aspect of the present application, there is provided a network communication method, including the steps of:
at a first node, configuring a segmented routing strategy by a message according to an SR (routing request) drainage strategy, and if the segmented routing strategy comprises an index corresponding to IPsec (Internet protocol security) security association and an SID (security identifier) related to SRv6, encrypting the message of the first node through the security association corresponding to the index and sending the encrypted message to an intermediate node; and the tail node receives the encrypted message forwarded by the intermediate node and decrypts the encrypted message through the decryption attribute carried by the SID.
Optionally, the segment routing policy is configured according to the SR drainage policy.
Optionally, the security association is configured with an SPI, a decryption key, or a decryption algorithm.
Optionally, the intermediate node forwards the encrypted packet according to the path information provided by the segment routing policy.
Optionally, the SID is in IPv6 format.
Optionally, the header and the ESP trailer are encapsulated SRv6 in the packet of the head node, and the segment routing policy is configured in the header SRv 6.
Optionally, the decryption attribute decrypts the encrypted message by a security association pointed to by the index of the encrypted message.
As another aspect of the present application, there is provided a network communication system including: a sending end and a receiving end; a first node connected with the transmitting end; a tail node connected with the receiving end; and a plurality of intermediate nodes coupled between the head node and the tail node for forwarding the packet, wherein in the head node, the packet is encrypted by a security association pointed to by an index of the security association in a segment routing policy, the segment routing policy indicating an index corresponding to the IPsec security association and an SID associated with SRv 6; in the tail node, the message is decrypted by the decryption attribute in SRv 6.
Preferably, the header SRv6 and the ESP trailer are encapsulated in the message of the head node, and the segment routing policy is configured in the header SRv 6. Optionally, the security association is configured with an SPI, a decryption key, or a decryption algorithm.
Optionally, an index in the decryption attribute indicates the security association.
Optionally, the packet is encapsulated with SRv6 header and ESP trailer.
The above-described method or system can also be applied in devices, for example: a computer-readable storage medium comprising instructions stored thereon which, when executed, implement any of the above-described network communication methods.
A router comprises a storage medium and an executor, wherein the executor can execute instructions stored in the storage medium to realize any one of the network communication methods. The invention also discloses the application of the equipment, such as: the application of any one of the systems in SD-WAN.
The invention can realize SRv6 message processing combined with IPsec by adding encryption attribute in the segment routing Policy (SR-Policy) and adding additional decryption attribute in SID. Moreover, since the index of the security association is directly indicated in the decryption attribute, the corresponding security association can be quickly matched, and the processing speed of forwarding is improved.
Drawings
The invention will be further described with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of a tunnel encapsulation message combining SRv6 and IPsec ESP in the prior art;
fig. 2 is a flow chart of message processing in a head node of the present application;
fig. 3 is a flow chart of message processing in a tail node of the present application;
fig. 4 is a schematic view of an application scenario in a specific example of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In some specific examples of the present invention, a network communication method for implementing SRv6 and IPsec is disclosed, which may include the following steps: as shown in fig. 2, in the head node, the packet matches the segment routing policy according to the SR drainage policy; judging whether an index of Security Association (SA) exists in the segmented routing strategy, if so, encrypting the packet message by using the matched Security Association, and processing the message by using an SR (sequence request) drainage strategy; if not, the message is processed by using an SR (sequence request) drainage strategy, namely the segmented routing strategy is configured according to the SR drainage strategy, and the intermediate node forwards the encrypted message according to the path information provided by the segmented routing strategy. In addition, as shown in fig. 1, the encrypted message may be encapsulated between SRv6 header and ESP trailer, wherein the segment routing policy may be configured at SRv6 header.
As shown in fig. 3, the tail node receives the packet and performs segment routing processing; judging whether the SID carries a decryption attribute, if so, decrypting the message by using the security association specified by the index in the decryption attribute, and then processing the message by using the END action of the SID; and if not, using the END action tail node of the SID to process the message. Therefore, the problem that actions such as end.T and the like cannot be forwarded and processed due to the fact that the messages of the inner layer are all in an encrypted state after encapsulation can be solved. And by quickly matching the corresponding security association, the processing speed of forwarding is increased, and the accuracy is improved. The security association is configured with an SPI, a decryption key, or a decryption algorithm.
In the above process, the SRv6 Header inserted in the message is a Segment Routing Header (SRH) in the first node of the network, and the Segment Routing list is pushed into the SRH, which can direct the active segments encoded in the Segment Routing list. In some examples of the invention, when a segment is completed, the segment is retained in the segment routing list, updated to point to the next segment in the segment routing list, and intermediate nodes continually update and offset addresses to complete forwarding. And the network intermediate node forwards the information according to the path information provided by the SRH extension header.
In some examples of the invention, segments in the segment routing list may be links describing a global segment or a global node, or pointing to a neighboring node.
In some examples of the invention, the SID refers to a Segment Routing Identifier (Segment Routing Identifier), which may be configured in IPv6 format. In some examples of the present invention, the SID may include, but is not limited to, a location identification (Locator) SID, a network Function (Function) SID, and a parameters (Args) SID. The location identity is used to assign a physical address of the network node, which may direct routing and data forwarding; the stored values of network functions may be used to define device behavior; the parameters are used to define the execution of the forwarding instructions.
In some examples of the invention, a network communication system is proposed, comprising: the system comprises an information sending end, a first node connected with the information sending end, a tail node, a receiving end connected with the tail node and a plurality of intermediate nodes. The first node matches the segmented routing strategy to the message according to the SR flow guiding strategy; and judging whether the segmented routing strategy has a security association index or not, and configuring an SR (scheduling request) drainage strategy to process the message. The system can also be configured with SID for marking the destination address or link in the network communication system; the tail node can execute SR processing on the received message and judge whether the SID carries the decryption attribute. The intermediate node is arranged between the head node and the tail node and used for forwarding the message.
In other examples of the present invention, a network communication system in a specific application scenario is disclosed, as shown in fig. 4. Hosts of IPv4 on both sides, as an information sender and receiver, communicate via an intermediate node B, C, which is an IPv6 network supporting SRv6, and each node is configured in advance as follows:
at the node A, namely the head node of the exemplary system, the segment routing policy of SRv6 is configured according to the SR steering policy, the segment routing policy indicates path information (A2::1, A3::1, A4::1) and indicates indexing of tunnel encapsulation and encryption security association, and at the same time, encryption security association is configured and indicates SPI, encryption key and encryption algorithm in the security association. Configuration SRv6 policy drainage.
The SID of the End action is configured on the node B.
The SID of the End action is configured on the C node, and the additional feature PSP is configured.
At the D node, i.e., the end node of the present exemplary system, the SID of the end.dt4 action is configured, specifying the corresponding IPv4 routing table information, and configuring additional feature decryption and associated security association index, along with configuring the decryption security association, specifying the SPI, decryption key, and decryption algorithm in the security association.
The message flow is as follows:
after receiving the IPv4 message of the host side, the node A obtains the segment routing strategy according to the SR flow guiding strategy, finds the security association according to the security association index configured by the segment routing strategy, encrypts the message and further encapsulates the SRv6 expansion header. The next protocol number in the SRH head is ESP protocol number, the SID of B, C, D is indicated in the segment routing table, SL (segment left) of the message SRH is initialized to 2, and the message SRH is copied to the destination address of outer IPv6 according to SID A2::1 indicated by SL, and is forwarded by checking the route.
After receiving the message, the node B searches a Local SID table according to an outer IPv6 address A2::1, hits an End command action, subtracts 1 from SL, copies A3::1 indicated by SL to an outer IP header, and searches for a route for forwarding.
After receiving the message, the C node searches a Local SID table according to an outer IPv6 address A3::1, hits an End instruction action, subtracts 1 from SL, copies A4::1 indicated by SL to an outer IP header, pops up an SRH extension header due to an A3::1 additional action PSP and equals 0, searches a route and forwards.
After receiving the message, the node D searches a Local SID table according to an outer IPv6 address A4::1, hits an end.Dt4 instruction action, decrypts according to the additional attribute, finds security association decryption, peels off an outer message header, looks up the table in a routing table specified by the end.Dt4 by using an inner IP header, and forwards the table to a corresponding host.
It is understood that the above embodiment discloses a specific use scenario as an example, but the above network communication method or system can be applied in a router, and can also be applied in an SD-WAN scenario.
Further, in some examples of the invention, a computer-readable storage medium storing instructions is disclosed. When the instructions are executed, the network communication method in any example can be realized. More specifically, the instructions may be in a computer readable language. The computer may be a general purpose computing device or a special purpose computing device. In a specific implementation, the computer may be a desktop computer, a laptop computer, a network server, a Personal Digital Assistant (PDA), a mobile phone, a tablet computer, a wireless terminal device, a communication device, or an embedded device. The storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more integrated servers, data centers, and the like. For example, the storage medium may be, but is not limited to, a magnetic medium (e.g., a floppy Disk, a hard Disk, a magnetic tape), an optical medium (e.g., a Digital Versatile Disk (DVD)), or a semiconductor medium (e.g., a Solid State Disk (SSD)).
In the description herein, references to the description of "one embodiment," "an example," "a specific example" or the like are intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing shows and describes the general principles, essential features, and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed.
Claims (10)
1. A network communication method, comprising the steps of:
at a first node, configuring a segmented routing strategy by a message according to an SR (routing request) drainage strategy, and if the segmented routing strategy has an index corresponding to the IPsec security association, encrypting the first node message through the security association corresponding to the index and sending the encrypted message to an intermediate node;
and the tail node receives the encrypted message forwarded by the intermediate node and decrypts the encrypted message through the decryption attribute carried by the SID.
2. The method of claim 1, wherein if the segment route has no index corresponding to an IPsec security association, the message is processed using an SR steering policy.
3. The method according to claim 1, wherein the security association is configured with an SPI, a decryption key, or a decryption algorithm.
4. The network communication method according to claim 1, wherein the intermediate node forwards the encrypted packet according to the path information provided by the segment routing policy.
5. The method of claim 1, wherein the SID is in IPv6 format.
6. The network communication method of claim 1, wherein the message of the head node is encapsulated SRv6 header and ESP trailer, and the segment routing policy is configured in the SRv6 header.
7. The method according to claim 1, wherein the decryption attribute decrypts the encrypted message via a security association pointed to by an index of the encrypted message.
8. A network communication system, comprising: a sending end and a receiving end; a head node connected with the transmitting end; a tail node connected with the receiving end; and a plurality of intermediate nodes coupled between the head node and the tail node for forwarding packets,
in the head node, a message configures a segment routing strategy according to an SR (routing request) drainage strategy, if the segment routing strategy comprises an index corresponding to IPsec (Internet protocol security) security association and an SID (security identifier) related to SRv6, the head node message is encrypted through the security association corresponding to the index, and the encrypted message is sent to an intermediate node; in the tail node, the packet is decrypted by the decryption attribute in SRv 6.
9. The network communication system of claim 8, wherein the header SRv6 and the ESP trailer are encapsulated in the message of the head node, and the segment routing policy is configured in the SRv6 header.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements the network communication method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111113185.3A CN113852552B (en) | 2021-09-23 | 2021-09-23 | Network communication method, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111113185.3A CN113852552B (en) | 2021-09-23 | 2021-09-23 | Network communication method, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113852552A true CN113852552A (en) | 2021-12-28 |
| CN113852552B CN113852552B (en) | 2023-04-18 |
Family
ID=78979281
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111113185.3A Active CN113852552B (en) | 2021-09-23 | 2021-09-23 | Network communication method, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113852552B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115396354A (en) * | 2022-08-24 | 2022-11-25 | 苏州盛科通信股份有限公司 | SRv6 message SID segmented query method and application |
| CN116527405A (en) * | 2023-06-30 | 2023-08-01 | 新华三技术有限公司 | SRV6 message encryption transmission method and device and electronic equipment |
| WO2024002101A1 (en) * | 2022-06-30 | 2024-01-04 | 中国移动通信有限公司研究院 | Packet transmission method and apparatus, related device, and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7739728B1 (en) * | 2005-05-20 | 2010-06-15 | Avaya Inc. | End-to-end IP security |
| US20140317276A1 (en) * | 2013-03-15 | 2014-10-23 | Aerohive Networks, Inc. | Application based data traffic routing using network tunneling |
| WO2018167539A1 (en) * | 2017-03-16 | 2018-09-20 | Telefonaktiebolaget Lm Ericsson (Publ) | Ipsec bypass in sdn network |
| CN112350941A (en) * | 2020-09-14 | 2021-02-09 | 网络通信与安全紫金山实验室 | ESP-based encapsulation message for realizing source routing at overlay layer and sending method |
| CN112511427A (en) * | 2020-01-14 | 2021-03-16 | 中兴通讯股份有限公司 | Segment routing service processing method and device, routing equipment and storage medium |
| US20210092052A1 (en) * | 2016-02-15 | 2021-03-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Techniques for exposing maximum node and/or link segment identifier depth utilizing is-is |
| CN112600802A (en) * | 2020-12-04 | 2021-04-02 | 盛科网络(苏州)有限公司 | SRv6 encrypted message and SRv6 message encryption and decryption methods and devices |
| CN112637237A (en) * | 2020-12-31 | 2021-04-09 | 网络通信与安全紫金山实验室 | Service encryption method, system, equipment and storage medium based on SRoU |
| WO2021147372A1 (en) * | 2020-01-20 | 2021-07-29 | 华为技术有限公司 | Method, apparatus, and system for transmitting sr message |
| CN113347092A (en) * | 2021-05-27 | 2021-09-03 | 大连理工大学 | SRv6 data processing method based on IPv6 |
-
2021
- 2021-09-23 CN CN202111113185.3A patent/CN113852552B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7739728B1 (en) * | 2005-05-20 | 2010-06-15 | Avaya Inc. | End-to-end IP security |
| US20140317276A1 (en) * | 2013-03-15 | 2014-10-23 | Aerohive Networks, Inc. | Application based data traffic routing using network tunneling |
| US20210092052A1 (en) * | 2016-02-15 | 2021-03-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Techniques for exposing maximum node and/or link segment identifier depth utilizing is-is |
| WO2018167539A1 (en) * | 2017-03-16 | 2018-09-20 | Telefonaktiebolaget Lm Ericsson (Publ) | Ipsec bypass in sdn network |
| CN112511427A (en) * | 2020-01-14 | 2021-03-16 | 中兴通讯股份有限公司 | Segment routing service processing method and device, routing equipment and storage medium |
| WO2021147372A1 (en) * | 2020-01-20 | 2021-07-29 | 华为技术有限公司 | Method, apparatus, and system for transmitting sr message |
| CN112350941A (en) * | 2020-09-14 | 2021-02-09 | 网络通信与安全紫金山实验室 | ESP-based encapsulation message for realizing source routing at overlay layer and sending method |
| CN112600802A (en) * | 2020-12-04 | 2021-04-02 | 盛科网络(苏州)有限公司 | SRv6 encrypted message and SRv6 message encryption and decryption methods and devices |
| CN112637237A (en) * | 2020-12-31 | 2021-04-09 | 网络通信与安全紫金山实验室 | Service encryption method, system, equipment and storage medium based on SRoU |
| CN113347092A (en) * | 2021-05-27 | 2021-09-03 | 大连理工大学 | SRv6 data processing method based on IPv6 |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024002101A1 (en) * | 2022-06-30 | 2024-01-04 | 中国移动通信有限公司研究院 | Packet transmission method and apparatus, related device, and storage medium |
| CN115396354A (en) * | 2022-08-24 | 2022-11-25 | 苏州盛科通信股份有限公司 | SRv6 message SID segmented query method and application |
| CN115396354B (en) * | 2022-08-24 | 2023-06-02 | 苏州盛科通信股份有限公司 | SRv6 message SID segmentation query method and application |
| CN116527405A (en) * | 2023-06-30 | 2023-08-01 | 新华三技术有限公司 | SRV6 message encryption transmission method and device and electronic equipment |
| CN116527405B (en) * | 2023-06-30 | 2023-09-05 | 新华三技术有限公司 | SRV6 message encryption transmission method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113852552B (en) | 2023-04-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10992654B2 (en) | Secure WAN path selection at campus fabric edge | |
| CN113852552B (en) | Network communication method, system and storage medium | |
| CN107682284B (en) | Method and network equipment for sending message | |
| US7861080B2 (en) | Packet communication system | |
| US8437345B2 (en) | Terminal and communication system | |
| US7571463B1 (en) | Method an apparatus for providing a scalable and secure network without point to point associations | |
| JP5948001B2 (en) | Policy for secure packet transmission using required node path and cryptographic signature | |
| CN110650076B (en) | VXLAN implementation method, network equipment and communication system | |
| CN113645136B (en) | Method, network node and network system for forwarding message in network | |
| US7944854B2 (en) | IP security within multi-topology routing | |
| KR101291501B1 (en) | Technique for maintaining secure network connections | |
| US7434045B1 (en) | Method and apparatus for indexing an inbound security association database | |
| US20140153577A1 (en) | Session-based forwarding | |
| US8094565B2 (en) | Loop detection for mobile IP home agents | |
| JP2020520612A (en) | Packet transmission method, edge device, and machine-readable storage medium | |
| JP2009518995A (en) | Digital object title authentication | |
| EP4287550A1 (en) | Packet processing method, client end device, server end device, and computer-readable medium | |
| JP2024099737A (en) | Method and apparatus for SRV6 trust region boundary filtering | |
| WO2023030160A1 (en) | Packet sending method, network device, storage medium, and program product | |
| US7756061B2 (en) | Mobile router device and home agent device | |
| CN116527405B (en) | SRV6 message encryption transmission method and device and electronic equipment | |
| US7623666B2 (en) | Automatic setting of security in communication network system | |
| US11431730B2 (en) | Systems and methods for extending authentication in IP packets | |
| US7308506B1 (en) | Method and apparatus for processing data traffic across a data communication network | |
| WO2014067065A1 (en) | Method, apparatus and system for implementing tunnel processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |