CN115277190B - Method for realizing neighbor discovery on network by link layer transparent encryption system - Google Patents
Method for realizing neighbor discovery on network by link layer transparent encryption system Download PDFInfo
- Publication number
- CN115277190B CN115277190B CN202210889516.0A CN202210889516A CN115277190B CN 115277190 B CN115277190 B CN 115277190B CN 202210889516 A CN202210889516 A CN 202210889516A CN 115277190 B CN115277190 B CN 115277190B
- Authority
- CN
- China
- Prior art keywords
- network
- encryption system
- data packet
- link
- link encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/162—Implementing security features at a particular protocol layer at the data link layer
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method for realizing neighbor discovery on a network by a link layer transparent encryption system. The link layer transparent encryption system does not have an IP address and a MAC address, and mainly provides data transparent transmission and load encryption functions. In the method, a link encryption system detects the content of the transmitted data packet and constructs a disguised packet with the same packet header, and the disguised packet load is provided with information such as a special identifier, a self unique ID and the like. Because the disguised packet has the same address information as the original data packet, the disguised packet can pass through the network equipment to reach the opposite network along with the original data packet, and is intercepted and analyzed by the neighbor link encryption system to obtain the identification information such as the link encryption system ID in the load. The neighbor link encryption system performs address inversion according to the received packet header information, constructs a reverse network packet, sets information such as a special identifier, a unique ID of the neighbor link encryption system and the like in a load, and sends the information back to the previous link encryption system; the two link encryption systems respectively obtain the corresponding relationship between the unique ID information of the opposite party and the source network address information. Although the source network address information does not belong to the neighbor link encryption system, but is a network host device behind it, network data packets constructed using the address information can arrive and be intercepted by the link encryptor. The method can realize that two or more link encryption systems can find neighbor systems and realize data interaction under the condition that the two or more link encryption systems do not have the MAC address and the IP address.
Description
Technical Field
The invention relates to a computer network communication transmission encryption system and technology, in particular to a link transparent encryption technology.
Background
Encryption for network transmission data is a very common information security requirement, and has a very wide application range, and common technologies include systems such as IPSecVPN and SSLVPN. The two network encryption protocol principles are that an original network data packet is entirely encrypted (comprising IP data packet header information or two-layer data packet header MAC address information), then a packet header (comprising a new MAC address and an IP address) is added again according to the route setting of a VPN system, the new encrypted packet is sent to an opposite VPN system, and the opposite VPN system decrypts the original data packet. Such a solution requires that an IP address must be allocated to the VPN system in advance, and requires that the application system directs the routing information of its default gateway or destination network to the VPN system, and at the same time, requires that relatively complex tunnel rule information be set between VPN systems, which has a certain requirement on the professional technology of the user. In many practical network encryption requirement scenarios, customer operators often do not have much network knowledge base and VPN system usage experience, resulting in very low VPN configuration and application efficiency, and potential safety hazards easily occur due to configuration errors.
For the above reasons, link layer transparent encryption systems have evolved, which generally appear as fully transparent network devices, without the operator having to configure them with IP addresses, MAC addresses, routing information, and tunnel rules. The working principle is that the whole network data packet is not encrypted, the header information of the original data packet is kept unchanged, only the load content is encrypted, and then the encrypted data is transmitted to the network. The advantage of doing so is: how the data packet originally flows (including how to route and address), the encrypted data packet can still flow according to the original network path, because the network device judges and processes the data packet according to the address information of the packet header when forwarding the data packet, the transparent encryption changes only the load content, and the address information of the packet header is not changed. Therefore, the workload and difficulty of the operator for deploying the link encryption system are greatly reduced, encryption or decryption can be automatically completed only by connecting the system in a network in series when data passes through the link encryption system, and the system is very convenient.
The link layer transparent encryption system reduces the difficulty of deployment and operation, and has a significant problem: since the system itself does not have an IP address and a MAC address, the link encryption system cannot be detected and found by the ARP protocol and the ICMP protocol. This results in the link encryption system being unaware of other neighbor systems, and thus being unable to identify and negotiate keys with them. Under the constraint, most link encryption systems in the market at present do not adopt a network key negotiation mode among devices, but adopt an off-line encryption mode, an additional network port mode for key filling and the like, so that the complexity of key management is high and a certain security risk exists.
Disclosure of Invention
Aiming at the defect that the conventional link layer transparent encryption system cannot sense other neighbor systems and perform mutual identity recognition and key negotiation, the invention provides a method for realizing neighbor discovery on a network by the link layer transparent encryption system. Because the disguised packet has the same address information as the original data packet, the disguised packet can pass through the network equipment to reach the opposite network along with the original data packet, and is intercepted and analyzed by the neighbor link encryption system to obtain the identification information such as the link encryption system ID in the load. The neighbor link encryption system inverts according to the received address information and constructs an inverted network packet, sets information such as a special identifier, a self unique ID and the like in the load, and sends back to the previous link encryption system; the two link encryption systems respectively obtain the corresponding relationship between the unique ID information of the opposite party and the source network address information. Although the source network address information does not belong to the neighbor link encryption system, but is a network host device behind it, network data packets constructed using the address information can arrive and be intercepted by the link encryptor. The method can realize that two or more link encryption systems can find neighbor systems and realize data interaction under the condition that the two or more link encryption systems do not have the MAC address and the IP address.
In order to achieve the above purpose, the present invention provides the following technical solutions:
a method for realizing neighbor discovery on a Network by a link layer transparent encryption system is characterized by at least comprising a link encryption system A, a link encryption system B, a Network host 1, a Network host 2 and a Network; the method comprises the following steps:
s1, the network host 1 sends a data packet P to the network host 2
S2, the link encryption system A judges that the data packet P comes from an intranet portal, and copies and stores address information of the data packet; the address information here is typically the MAC source address and destination address of the two-layer protocol packet
S3, direct transparent transmission data packet P of link encryption system A
S4, the link encryption system B analyzes the data packet P, does not find a special mark, directly and thoroughly transmits the data packet, and sends the data packet to the network host 2
S5, the link encryption system A constructs a new data packet PA according to the address information of the copied original data packet, and the PA adds special identification F1 and A system ID and possibly other information
S6, the link encryption system A transmits the data packet PA
S7, the link encryption system B analyzes the data packet PA, discovers the special identifier F1, and stores the ID of the system A, address information in the PA and the corresponding relation
S8, the link encryption system B inverts the address according to the acquired address information of the PA to construct a new data packet PB, and the PB is added with special identification F2 and B system ID information and possibly other information
S9, the link encryption system B sends the data packet PB
S10, the link encryption system A analyzes the data packet PB, discovers a special identifier F2, and stores address information and corresponding relation in the ID and PB of the system B
According to a preferred embodiment, the link layer transparent encryption system implements a method for neighbor discovery on a network, wherein a network packet supports a three-layer IP protocol; all the MAC address information related to resolving and constructing the two-layer network protocol in claim 1 resolves and constructs three-layer IP address information (i.e. contents such as MAC source address and destination address, IP source address and destination address, etc.) simultaneously.
In summary, compared with the prior art, the invention has the following beneficial effects:
(1) On the basis of the advantage of having completely transparent encryption transmission, the link layer transparent encryption system can find each other by means of the transparent data packet through the method, so that the identity of each other can be identified and safety authentication (such as identity authentication by adopting a digital certificate signature-based technology) can be carried out, and the safety of the network system is improved.
(2) On the basis of possessing the advantage of completely transparent encryption transmission, the link layer transparent encryption system can find each other by means of the transparent data packet by the method of the invention, so that automatic key negotiation (such as Diffie-Human key exchange protocol) can be carried out, and a key management system which is simpler, more convenient and efficient and has higher security is realized.
Drawings
Fig. 1 is a schematic diagram of a method for implementing neighbor discovery on a network by a link layer transparent encryption system of the present invention.
Detailed Description
The technical scheme of the invention is further described below with reference to the accompanying drawings and specific embodiments.
A method for realizing neighbor discovery on a Network by a link layer transparent encryption system at least comprises a link encryption system A, a link encryption system B, a Network host 1, a Network host 2 and a Network.
Referring to fig. 1, the following steps are performed:
s1, the network host 1 sends a data packet P to the network host 2
S2, the link encryption system A judges that the data packet P comes from an intranet portal, and copies and stores address information of the data packet; the address information here is typically the MAC source address and destination address of the two-layer protocol packet
S3, direct transparent transmission data packet P of link encryption system A
S4, the link encryption system B analyzes the data packet P, does not find a special mark, directly and thoroughly transmits the data packet, and sends the data packet to the network host 2
S5, the link encryption system A constructs a new data packet PA according to the address information of the copied original data packet, and the PA adds special identification F1 and A system ID and possibly other information
S6, the link encryption system A transmits the data packet PA
S7, the link encryption system B analyzes the data packet PA, discovers the special identifier F1, and stores the ID of the system A, address information in the PA and the corresponding relation
S8, the link encryption system B inverts the address according to the acquired address information of the PA to construct a new data packet PB, and the PB is added with special identification F2 and B system ID information and possibly other information
S9, the link encryption system B sends the data packet PB
S10, the link encryption system A analyzes the data packet PB, discovers the special identifier F2, and stores the ID of the system B, address information in the PB and the corresponding relation.
According to a preferred embodiment, the present invention supports a three-layer IP protocol for a network packet processing mechanism, and involves parsing and constructing MAC address information of a two-layer network protocol, which simultaneously parses and constructs three-layer IP address information (i.e., contents such as MAC source address and destination address, IP source address and destination address, etc.).
According to a preferred embodiment, the present invention supports a four-layer TCP or UDP protocol for a network packet processing mechanism, and involves parsing and constructing MAC address information of a two-layer network protocol, which simultaneously parses and constructs four-layer IP address information (i.e., contents such as a MAC source address and a destination address, an IP source address and a destination address, a source port and a destination port, etc.).
Example 1:
referring to fig. 1, the following steps are performed:
s1, the network host 1 sends a two-layer protocol data packet P to the network host 2
S2, the link encryption system A judges that the data packet P comes from an intranet portal, and copies and stores address information of the data packet; the address information is the MAC source address and destination address of the two-layer protocol packet
S3, direct transparent transmission data packet P of link encryption system A
S4, the link encryption system B analyzes the data packet P, does not find a special mark, directly and thoroughly transmits the data packet, and sends the data packet to the network host 2
S5, the link encryption system A constructs a new data packet PA according to the address information of the copied original data packet, and a special identifier F1 and A system ID are added in the PA
S6, the link encryption system A transmits the data packet PA
S7, the link encryption system B analyzes the data packet PA, discovers the special identifier F1, and stores the ID of the system A, address information in the PA and the corresponding relation
S8, the link encryption system B inverts the address to construct a new data packet PB according to the acquired address information of the PA, and adds special identification F2 and B system ID information into the PB
S9, the link encryption system B sends the data packet PB
S10, the link encryption system A analyzes the data packet PB, discovers the special identifier F2, and stores the ID of the system B, address information in the PB and the corresponding relation.
Example 2:
substantially similar to that shown in fig. 1, the following steps are performed:
s1, the network host 1 sends three layers of IP layer data packets P to the network host 2
S2, the link encryption system A judges that the data packet P comes from an intranet portal, and copies and stores IP packet head information of the data packet; the IP packet header information here contains the contents of the MAC source address and destination address, the IP source address and destination address, etc
S3, direct transparent transmission data packet P of link encryption system A
S4, the link encryption system B analyzes the data packet P, does not find a special mark, directly and thoroughly transmits the data packet, and sends the data packet to the network host 2
S5, the link encryption system A constructs a new data packet PA according to the copied original IP data packet header information, and a special identifier F1 and A system ID are added in the PA
S6, the link encryption system A transmits the data packet PA
S7, the link encryption system B analyzes the data packet PA, discovers the special identifier F1, and stores the ID of the system A, address information in the PA and the corresponding relation
S8, the link encryption system B inverts the address of the IP packet header information of the acquired PA to construct a new data packet PB, and the special identifier F2 and the B system ID information are added in the PB
S9, the link encryption system B sends the data packet PB
S10, the link encryption system A analyzes the data packet PB, discovers the special identifier F2, and stores the ID of the system B, address information in the PB and the corresponding relation.
Example 3:
substantially similar to that shown in fig. 1, the following steps are performed:
s1, the network host 1 sends a four-layer TCP layer data packet P to the network host 2
S2, the link encryption system A judges that the data packet P comes from an intranet portal, and copies and stores TCP header information of the data packet; the TCP header information includes MAC source address and destination address, IP source address and destination address, source port and destination port
S3, direct transparent transmission data packet P of link encryption system A
S4, the link encryption system B analyzes the data packet P, does not find a special mark, directly and thoroughly transmits the data packet, and sends the data packet to the network host 2
S5, the link encryption system A constructs a new data packet PA according to the copied original IP data packet header information, and a special identifier F1 and A system ID are added in the PA
S6, the link encryption system A transmits the data packet PA
S7, the link encryption system B analyzes the data packet PA, discovers the special identifier F1, and stores the ID of the system A, address information in the PA and the corresponding relation
S8, the link encryption system B inverts the address of the TCP packet header information of the acquired PA to construct a new data packet PB, and special identification F2 and B system ID information are added in the PB
S9, the link encryption system B sends the data packet PB
S10, the link encryption system A analyzes the data packet PB, discovers the special identifier F2, and stores the ID of the system B, address information in the PB and the corresponding relation.
It should be noted that the above embodiments are exemplary, and that those skilled in the art, with the benefit of the present disclosure, may devise various solutions and make insubstantial changes to the various rights of the present invention, particularly the structured camouflage package content, or for other OSI network model data layers; such solutions and changes are also within the scope of the disclosure and fall within the scope of the present invention. It should be understood by those skilled in the art that the present description and drawings are illustrative and not limiting to the claims. The scope of the invention is defined by the claims and their equivalents.
Claims (3)
1. A method for realizing neighbor discovery on a Network by a link layer transparent encryption system is characterized by at least comprising a link encryption system A, a link encryption system B, a Network host 1, a Network host 2 and a two-layer protocol Network; the network transmission data accords with the characteristics of a two-layer protocol and has MAC address information; the method comprises the following steps:
s1, the network host 1 sends a data packet P to the network host 2;
s2, the link encryption system A judges that the data packet P comes from an intranet portal, and copies and stores the two-layer network MAC address information of the data packet;
s3, the link encryption system A directly and transparently transmits the data packet P;
s4, the link encryption system B analyzes the data packet P, does not find a special mark, directly and thoroughly transmits the data packet, and sends the data packet to the network host 2;
s5, the link encryption system A constructs a new data packet PA according to the copied two-layer network MAC address information of the original data packet, and a special identifier F1 and an A system ID are added in the PA;
s6, the link encryption system A sends a data packet PA;
s7, the link encryption system B receives and analyzes the data packet PA, discovers a special identifier F1, and stores the ID of the system A, the two-layer network MAC address information in the PA and the corresponding relation;
s8, the link encryption system B inverts the address according to the acquired two-layer network MAC address information of the PA to construct a new data packet PB, and special identification F2 and B system ID information are added in the PB;
s9, the link encryption system B sends a data packet PB;
s10, the link encryption system A receives and analyzes the data packet PB, discovers a special identifier F2, and stores the ID of the system B, the two-layer network MAC address information in the PB and the corresponding relation;
through the steps, the link encryption system A and the link encryption system B can realize mutual discovery.
2. The method for implementing neighbor discovery on a network by a link layer transparent encryption system according to claim 1, wherein a three-layer protocol based network is used instead of a two-layer protocol based network; and correspondingly, three layers of IP address information are used for replacing two layers of network MAC address information.
3. The method for implementing neighbor discovery on a network by a link layer transparent encryption system according to claim 1, wherein a four-layer TCP/UDP based protocol network is used instead of a two-layer protocol network; and correspondingly, replacing the two-layer network MAC address information by using the four-layer TCP/UDP address and port information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210889516.0A CN115277190B (en) | 2022-07-27 | 2022-07-27 | Method for realizing neighbor discovery on network by link layer transparent encryption system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210889516.0A CN115277190B (en) | 2022-07-27 | 2022-07-27 | Method for realizing neighbor discovery on network by link layer transparent encryption system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115277190A CN115277190A (en) | 2022-11-01 |
| CN115277190B true CN115277190B (en) | 2023-08-15 |
Family
ID=83768133
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210889516.0A Active CN115277190B (en) | 2022-07-27 | 2022-07-27 | Method for realizing neighbor discovery on network by link layer transparent encryption system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277190B (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1440168A (en) * | 2003-03-31 | 2003-09-03 | 中国科学院计算机网络信息中心 | IPV4 network logon layered switching network method |
| CN101437293A (en) * | 2008-12-05 | 2009-05-20 | 浙江大学 | Method for polling long distance wireless multi-hop data facing transparent transmission equipment |
| CN101534215A (en) * | 2009-04-16 | 2009-09-16 | 杭州华三通信技术有限公司 | Method for discovering network topology and device thereof |
| CN101945143A (en) * | 2010-09-16 | 2011-01-12 | 中兴通讯股份有限公司 | Method and device for preventing message address spoofing on mixed network |
| CN101958890A (en) * | 2010-08-10 | 2011-01-26 | 西安邮电学院 | Method for discovering equipment in safety communication of data link layer |
| EP2425657A1 (en) * | 2009-05-01 | 2012-03-07 | QUALCOMM Incorporated | Idle handoff to hybrid femto cell based on system selection database |
| CN102377679A (en) * | 2011-12-06 | 2012-03-14 | 烽火通信科技股份有限公司 | Method for realizing link discovery and management in FTTX access system |
| CN102436240A (en) * | 2011-11-08 | 2012-05-02 | 山东省科学院自动化研究所 | Digitized information system and method for remotely and comprehensively monitoring urban inspection wells |
| CN102694689A (en) * | 2012-06-06 | 2012-09-26 | 杭州华三通信技术有限公司 | Method and device for discovering network topology |
| CN102984011A (en) * | 2012-12-04 | 2013-03-20 | 杭州华三通信技术有限公司 | Link failure positioning method and equipment |
| CN103873333A (en) * | 2014-03-17 | 2014-06-18 | 杭州华三通信技术有限公司 | Ring network three-layer convergence method and device |
| CN104144082A (en) * | 2013-05-08 | 2014-11-12 | 杭州华三通信技术有限公司 | Method for detecting loop in two-layer network and controller |
| CN104394160A (en) * | 2014-12-03 | 2015-03-04 | 武汉烽火网络有限责任公司 | Method for applying link layer discovery protocol on synchronous digital hierarchy |
| CN108540588A (en) * | 2018-03-15 | 2018-09-14 | 深信服科技股份有限公司 | MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing |
| CN111884935A (en) * | 2020-07-20 | 2020-11-03 | 北京交通大学 | Simplified protocol stack routing and neighbor discovery method applied to heaven-earth integrated network |
| CN113904857A (en) * | 2021-10-17 | 2022-01-07 | 济南浪潮数据技术有限公司 | Method, device and equipment for filtering data packets in local area network and readable medium |
| CN113972995A (en) * | 2020-07-24 | 2022-01-25 | 华为技术有限公司 | Network configuration method and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| ES2396014T3 (en) * | 2009-02-13 | 2013-02-18 | Nokia Siemens Networks Oy | Method, system and nodes for a network topology detection in communication networks |
| CN113746658B (en) * | 2020-05-30 | 2023-07-11 | 华为技术有限公司 | Method, equipment and system for determining network slice topology |
-
2022
- 2022-07-27 CN CN202210889516.0A patent/CN115277190B/en active Active
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1440168A (en) * | 2003-03-31 | 2003-09-03 | 中国科学院计算机网络信息中心 | IPV4 network logon layered switching network method |
| CN101437293A (en) * | 2008-12-05 | 2009-05-20 | 浙江大学 | Method for polling long distance wireless multi-hop data facing transparent transmission equipment |
| CN101534215A (en) * | 2009-04-16 | 2009-09-16 | 杭州华三通信技术有限公司 | Method for discovering network topology and device thereof |
| EP2425657A1 (en) * | 2009-05-01 | 2012-03-07 | QUALCOMM Incorporated | Idle handoff to hybrid femto cell based on system selection database |
| CN101958890A (en) * | 2010-08-10 | 2011-01-26 | 西安邮电学院 | Method for discovering equipment in safety communication of data link layer |
| CN101945143A (en) * | 2010-09-16 | 2011-01-12 | 中兴通讯股份有限公司 | Method and device for preventing message address spoofing on mixed network |
| CN102436240A (en) * | 2011-11-08 | 2012-05-02 | 山东省科学院自动化研究所 | Digitized information system and method for remotely and comprehensively monitoring urban inspection wells |
| CN102377679A (en) * | 2011-12-06 | 2012-03-14 | 烽火通信科技股份有限公司 | Method for realizing link discovery and management in FTTX access system |
| CN102694689A (en) * | 2012-06-06 | 2012-09-26 | 杭州华三通信技术有限公司 | Method and device for discovering network topology |
| CN102984011A (en) * | 2012-12-04 | 2013-03-20 | 杭州华三通信技术有限公司 | Link failure positioning method and equipment |
| CN104144082A (en) * | 2013-05-08 | 2014-11-12 | 杭州华三通信技术有限公司 | Method for detecting loop in two-layer network and controller |
| CN103873333A (en) * | 2014-03-17 | 2014-06-18 | 杭州华三通信技术有限公司 | Ring network three-layer convergence method and device |
| CN104394160A (en) * | 2014-12-03 | 2015-03-04 | 武汉烽火网络有限责任公司 | Method for applying link layer discovery protocol on synchronous digital hierarchy |
| CN108540588A (en) * | 2018-03-15 | 2018-09-14 | 深信服科技股份有限公司 | MAC Address acquisition methods and system, Network Security Device and readable storage medium storing program for executing |
| CN111884935A (en) * | 2020-07-20 | 2020-11-03 | 北京交通大学 | Simplified protocol stack routing and neighbor discovery method applied to heaven-earth integrated network |
| CN113972995A (en) * | 2020-07-24 | 2022-01-25 | 华为技术有限公司 | Network configuration method and device |
| CN113904857A (en) * | 2021-10-17 | 2022-01-07 | 济南浪潮数据技术有限公司 | Method, device and equipment for filtering data packets in local area network and readable medium |
Non-Patent Citations (1)
| Title |
|---|
| 基于Circle的BLE邻节点发现技术研究;李振;《中国优秀硕士学位论文全文数据库》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115277190A (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230029079A1 (en) | Intelligent service layer for separating application from physical networks and extending service layer intelligence over ip across the internet, cloud, and edge networks | |
| US9838362B2 (en) | Method and system for sending a message through a secure connection | |
| US6438612B1 (en) | Method and arrangement for secure tunneling of data between virtual routers | |
| US7738457B2 (en) | Method and system for virtual routing using containers | |
| US7643488B2 (en) | Method and apparatus for supporting multiple customer provisioned IPSec VPNs | |
| US6591306B1 (en) | IP network access for portable devices | |
| US9258282B2 (en) | Simplified mechanism for multi-tenant encrypted virtual networks | |
| CN101156420B (en) | Method for preventing duplicate sources from clients served by a network address port translator | |
| US20020083344A1 (en) | Integrated intelligent inter/intra networking device | |
| US20110113236A1 (en) | Methods, systems, and computer readable media for offloading internet protocol security (ipsec) processing using an ipsec proxy mechanism | |
| US8104082B2 (en) | Virtual security interface | |
| US20110119752A1 (en) | Method and system for including security information with a packet | |
| US20090199290A1 (en) | Virtual private network system and method | |
| CN111787025B (en) | Encryption and decryption processing method, device and system and data protection gateway | |
| US8954601B1 (en) | Authentication and encryption of routing protocol traffic | |
| US11297037B2 (en) | Method and network device for overlay tunnel termination and mirroring spanning datacenters | |
| CN112637237B (en) | Service encryption method, system, equipment and storage medium based on SRoU | |
| US7869451B2 (en) | Method for operating a local computer network connected to a remote private network by an IPsec tunnel, software module and IPsec gateway | |
| CN115277200B (en) | Multi-node key auto-negotiation management method for link layer transparent encryption system | |
| EP1379037B1 (en) | Packet routing based on user ID in virtual private networks | |
| CN115277190B (en) | Method for realizing neighbor discovery on network by link layer transparent encryption system | |
| US11968237B2 (en) | IPsec load balancing in a session-aware load balanced cluster (SLBC) network device | |
| EP4387190A1 (en) | Packet sending method, network device, storage medium, and program product | |
| WO2019165235A1 (en) | Secure encrypted network tunnels using osi layer 2 protocol | |
| CN112910791B (en) | Diversion system and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |