CN116389359A - Data communication addressing method and system based on route isolation - Google Patents
Data communication addressing method and system based on route isolation Download PDFInfo
- Publication number
- CN116389359A CN116389359A CN202310266670.7A CN202310266670A CN116389359A CN 116389359 A CN116389359 A CN 116389359A CN 202310266670 A CN202310266670 A CN 202310266670A CN 116389359 A CN116389359 A CN 116389359A
- Authority
- CN
- China
- Prior art keywords
- protection equipment
- service
- directory
- boundary protection
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006854 communication Effects 0.000 title claims abstract description 48
- 238000004891 communication Methods 0.000 title claims abstract description 48
- 238000002955 isolation Methods 0.000 title claims abstract description 40
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000005540 biological transmission Effects 0.000 claims abstract description 31
- 230000002457 bidirectional effect Effects 0.000 claims abstract description 10
- 230000006855 networking Effects 0.000 claims description 9
- 238000005538 encapsulation Methods 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000007789 sealing Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 3
- 230000007175 bidirectional communication Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a data communication addressing method and a system based on route isolation, wherein the system adopts a set of effective private directory route generation technology, a trusted cross-network terminal and boundary protection equipment are used as directory communication forwarding nodes to perform unified summarization learning to form a set of multi-path and multi-node communication addressing tables, so that on the premise of route isolation among different networks, how a service terminal performs cross-network communication addressing is ensured, and the reliable, reachable and recoverable cross-network service transmission paths are realized. The invention effectively ensures the routing isolation requirement of the prior network edge protection equipment, supports the bidirectional intercommunication of service levels of different network services on the premise of routing isolation, adopts a private directory routing process, and has better safety and sealing performance.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a data communication addressing method and system based on route isolation.
Background
On the premise that network security becomes a national strategic background, network security puts higher requirements on boundary protection, routing isolation is a necessary requirement of boundary protection, and traditional boundary isolation equipment mainly comprises a firewall, a gateway, a bastion machine and the like. General data ferry is based on fixed-point transmission of internet servers, and the use scene and the application background of the data ferry are limited to a certain extent.
How to support multi-service based bi-directional interactions in the internet that require communication addressing with inter-network routing isolation. Therefore, it is needed to propose a data communication addressing method based on route isolation, so as to cope with network security boundary protection, and how to realize multi-service-based bidirectional access under the route isolation.
Disclosure of Invention
The invention aims to provide a data communication addressing method and a system based on route isolation, which ensure that a service terminal can carry out cross-network communication addressing on the premise of route isolation among different networks, thereby realizing reliable, reachable and recoverable cross-network service transmission paths.
The technical solution for realizing the purpose of the invention is as follows: a data communication addressing method based on route isolation comprises the following specific steps:
s1, loading a trusted authentication certificate file on boundary protection equipment offline, configuring IP addresses of different network service processing boards of the equipment through service configuration, and configuring adjacent boundary protection equipment IP addresses as neighbors of the equipment for learning and publishing directory routes;
s2, the boundary protection equipment performs bidirectional authentication based on certificates to the configured neighbor equipment, and actively learns directory routing information of the other party to the neighbor equipment after the authentication is successful;
s3, loading a certificate file of a trusted authentication on the service terminal provided with the access authentication transmission software, and configuring a trusted access IP address, wherein the configured IP address is a deployed IP address of boundary protection equipment;
s4, the access authentication transmission software on the service terminal performs access authentication on the boundary protection equipment, the local ip address and the MAC address are announced to the boundary protection equipment after authentication is completed, and a trusted relationship is formed between the local ip address and the MAC address and the boundary protection equipment after authentication is successful;
s5, after the boundary protection equipment receives the authentication of the service terminal, directory routing information of the service terminal is formed locally;
s6, after forming a directory route information table of the service terminal, the boundary protection equipment performs directory route notification to the neighbor equipment;
s7, after the boundary protection equipment completes neighbor establishment and directory route notification and learning, the boundary protection equipment has the capability of providing directory route addressing for the accessed service terminal;
s8, when the service terminal accesses the data between networks, and the access authentication transmission software judges that the target IP is not the address in the local network, a directory forwarding path request is carried out on the authentication boundary protection equipment;
s9, after receiving the directory forwarding path request, the boundary protection equipment traverses the local directory routing table entry, queries through the target address, acquires the IP address of the access point of the target address, takes the access point of the target address as the next hop of the inter-network forwarding path, and sends the next hop to the service terminal;
s10, after receiving the next hop of the forwarding path, the access authentication transmission software of the service terminal performs cross-domain next hop tunnel encapsulation on the inter-network data and encapsulates the inter-network data on target boundary protection equipment;
and S11, after the target boundary protection equipment receives the inter-network tunnel, carrying out tunnel stripping on the data and ferrying and transmitting the data to the target service terminal.
Further, in S5, after receiving the authentication of the service terminal, the border protection device locally forms directory routing information of the service terminal, where the service routing information specifically includes:
1) SrcIP: a service end IP address;
2) Mac_addr: a service end MAC address;
3) Access_addr: access point IP address.
Further, in S6, the directory route generation flow is as follows:
the service terminal and the boundary protection equipment conduct certificate file importing;
the service terminal and the boundary protection equipment perform access bidirectional authentication;
the service terminal announces IP and MAC addresses to the boundary protection equipment and forms a terminal directory route;
and the boundary protection equipment performs directory route notification to the neighbor equipment.
Further, after the target boundary protection equipment receives the inter-network tunnel, the data is stripped and ferred to the target service terminal, and the specific process is as follows:
the method comprises the steps that a service terminal A firstly initiates an inter-network service request, then judges whether data are local network targets or not, and if the data are not local network service terminals A, performs directory routing query on boundary protection equipment A, the boundary protection equipment A returns directory routing query results to the service terminal A; and the service terminal A performs cross-domain next-hop target tunnel encapsulation to the boundary protection equipment B, and the boundary protection equipment B performs tunnel stripping and service data ferrying to the service terminal B.
A data communication addressing system based on route isolation, the system comprising:
the plurality of boundary protection devices are deployed at a boundary outlet of the service communication network, are used for boundary security protection, route isolation and cross-domain service access registration, serve as intermediate forwarding nodes for forwarding the private directory route between networks, and participate in the whole directory route learning process;
the access authentication transmission software is deployed on terminals needing to carry out cross-network service communication in each service, is used for terminal trusted access authentication and participates in the generation of directory routing;
the data communication addressing system based on route isolation realizes data communication addressing based on the data communication addressing method.
Further, the system deployment networking mode is as follows: in the system networking, boundary protection equipment is deployed at a network edge outlet of a service network, and access authentication transmission software is installed on a cross-network service seat.
Compared with the prior art, the invention has the remarkable advantages that: (1) By adopting a set of effective private directory routing technology, a reliable cross-network terminal and boundary protection equipment are used as directory communication forwarding nodes to perform unified summarization learning, and a set of multi-path and multi-node communication addressing tables are formed, so that the business terminal can perform cross-network communication addressing on the premise of ensuring routing isolation among different networks, and the reliable, reachable and recoverable cross-network business transmission paths are realized; (2) The routing isolation requirement of the existing network edge protection equipment is effectively ensured; (3) The bidirectional intercommunication of the service layers is supported on the premise of route isolation of different network services; (4) The private directory routing process is adopted, so that the security and the sealing performance are achieved.
Drawings
FIG. 1 is a schematic diagram of a system deployment networking approach.
Fig. 2 is a directory route generation flow chart.
Fig. 3 is a schematic diagram of a border protection apparatus neighbor learning advertisement directory routing process.
Fig. 4 is a process diagram of a target edge protection device performing tunnel stripping and ferrying transmission to a target service terminal.
Detailed Description
It is easy to understand that various embodiments of the present invention can be envisioned by those of ordinary skill in the art without altering the true spirit of the present invention in light of the present teachings. Accordingly, the following detailed description and drawings are merely illustrative of the invention and are not intended to be exhaustive or to limit or restrict the invention.
Various exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless it is specifically stated otherwise.
The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the invention, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any specific values should be construed as merely illustrative, and not a limitation. Thus, other examples of exemplary embodiments may have different values.
The invention provides a data communication addressing method and a system based on route isolation, which adopt a set of effective private directory route generation technology, take a trusted cross-network terminal and boundary protection equipment as directory communication forwarding nodes to perform unified summarization learning, and form a set of multi-path and multi-node communication addressing tables, thereby ensuring how a service terminal performs cross-network communication addressing on the premise of route isolation among different networks, and realizing reliable, reachable and recoverable cross-network service transmission paths.
The invention discloses a data communication addressing method based on route isolation, which comprises the following steps:
s1, loading a trusted authentication certificate file on boundary protection equipment offline, configuring IP addresses of different network service processing boards of the equipment through service configuration, and configuring adjacent boundary protection equipment IP addresses as neighbors of the equipment for learning and publishing directory routes;
s2, the boundary protection equipment performs bidirectional authentication based on certificates to the configured neighbor equipment, and actively learns directory routing information of the other party to the neighbor equipment after the authentication is successful;
s3, loading a certificate file of a trusted authentication on the service terminal provided with the access authentication transmission software, and configuring a trusted access IP address, wherein the configured IP address is a deployed IP address of boundary protection equipment;
s4, the access authentication transmission software on the service terminal performs access authentication on the boundary protection equipment, the local ip address and the MAC address are announced to the boundary protection equipment after authentication is completed, and a trusted relationship is formed between the local ip address and the MAC address and the boundary protection equipment after authentication is successful;
s5, after the boundary protection equipment receives the authentication of the service terminal, directory routing information of the service terminal is formed locally;
s6, after forming a directory route information table of the service terminal, the boundary protection equipment performs directory route notification to the neighbor equipment;
s7, after the boundary protection equipment completes neighbor establishment and directory route notification and learning, the boundary protection equipment has the capability of providing directory route addressing for the accessed service terminal;
s8, when the service terminal accesses the data between networks, and the access authentication transmission software judges that the target IP is not the address in the local network, a directory forwarding path request is carried out on the authentication boundary protection equipment;
s9, after receiving the directory forwarding path request, the boundary protection equipment traverses the local directory routing table entry, queries through the target address, acquires the IP address of the access point of the target address, takes the access point of the target address as the next hop of the inter-network forwarding path, and sends the next hop to the service terminal;
s10, after receiving the next hop of the forwarding path, the access authentication transmission software of the service terminal performs cross-domain next hop tunnel encapsulation on the inter-network data and encapsulates the inter-network data on target boundary protection equipment;
and S11, after the target boundary protection equipment receives the inter-network tunnel, carrying out tunnel stripping on the data and ferrying and transmitting the data to the target service terminal.
Further, in S5, after receiving the authentication of the service terminal, the border protection device locally forms directory routing information of the service terminal, where the service routing information specifically includes:
1) SrcIP: a service end IP address;
2) Mac_addr: a service end MAC address;
3) Access_addr: access point IP address.
As a specific example, in S6, the directory route generation flow is as follows:
the service terminal and the boundary protection equipment conduct certificate file importing;
the service terminal and the boundary protection equipment perform access bidirectional authentication;
the service terminal announces IP and MAC addresses to the boundary protection equipment and forms a terminal directory route;
and the boundary protection equipment performs directory route notification to the neighbor equipment.
As a specific example, after the target boundary protection device receives the inter-network tunnel, the target boundary protection device strips the tunnel and ferries the data to the target service terminal, and the specific process is as follows:
the method comprises the steps that a service terminal A firstly initiates an inter-network service request, then judges whether data are local network targets or not, and if the data are not local network service terminals A, performs directory routing query on boundary protection equipment A, the boundary protection equipment A returns directory routing query results to the service terminal A; and the service terminal A performs cross-domain next-hop target tunnel encapsulation to the boundary protection equipment B, and the boundary protection equipment B performs tunnel stripping and service data ferrying to the service terminal B.
A data communication addressing system based on route isolation, the system comprising:
the plurality of boundary protection devices are deployed at a boundary outlet of the service communication network, are used for boundary security protection, route isolation and cross-domain service access registration, serve as intermediate forwarding nodes for forwarding the private directory route between networks, and participate in the whole directory route learning process;
the access authentication transmission software is deployed on terminals needing to carry out cross-network service communication in each service, is used for terminal trusted access authentication and participates in the generation of directory routing;
the data communication addressing system based on route isolation realizes data communication addressing based on the data communication addressing method.
As a specific example, the system deployment networking approach is as follows: in the system networking, boundary protection equipment is deployed at a network edge outlet of a service network, and access authentication transmission software is installed on a cross-network service seat.
The invention will be described in further detail with reference to the accompanying drawings and specific examples.
Examples
Aiming at the routing problem that when a plurality of service networks are interconnected, the boundary safety protection equipment performs routing isolation on the network routing and performs multi-service bidirectional communication, the invention provides a data communication addressing method and system based on the routing isolation.
In order to achieve the aim of the invention, the invention adopts the following technical scheme:
in one aspect, a data communication addressing system based on route isolation is provided, the system comprising:
the border protection equipment is deployed at a border outlet of the service communication network, is used for border security protection, route isolation and cross-domain service access registration, is used as an intermediate forwarding node for forwarding the private directory route between networks, and participates in the whole directory route learning process.
The access authentication transmission software is deployed on terminals needing to carry out cross-network service communication in each service, is used for terminal trusted access authentication and participates in the generation of directory routes.
The system deployment networking mode is shown in fig. 1.
In the system networking, boundary protection equipment is deployed at a network edge outlet of a service network, and access authentication transmission software is installed on a cross-network service seat.
A second aspect provides a data communication addressing method based on route isolation:
the method comprises the steps of loading a certificate file of trusted authentication on the boundary protection equipment in an off-line mode, configuring IP addresses of different network service processing boards of the equipment through service configuration, and configuring the adjacent IP addresses of the boundary protection equipment as neighbors of the adjacent equipment for learning and publishing directory routes.
The boundary protection equipment performs bidirectional authentication based on the certificate to the configured neighbor equipment, and actively learns directory routing information of the opposite party to the neighbor after the authentication is successful.
And loading a certificate file of the trusted authentication on the service terminal provided with the access authentication transmission software, and configuring a trusted access IP address, wherein the configured IP address is a deployed boundary protection equipment IP address.
The access authentication transmission software on the service terminal performs access authentication to the boundary protection equipment, and after authentication is completed, the local ip address and the MAC address are announced to the boundary protection equipment. And after authentication is successful, a trusted relationship is formed with the boundary protection equipment.
After receiving the authentication of the service terminal, the boundary protection equipment forms directory routing information of the terminal locally, wherein the routing information specifically comprises the following steps:
1) SrcIP: a service end IP address;
2) MAC_addr is the MAC address of the service end;
3) Access_addr, the IP address of the Access point;
and the boundary protection equipment performs directory route notification to the neighbor equipment after forming a directory route information table of the service terminal.
The directory route generation flowchart is shown in fig. 2.
The process of learning advertisement directory routing between edge protection device neighbors is shown in fig. 3.
After the boundary protection equipment completes neighbor establishment and directory route notification and learning, the boundary protection equipment has the capability of providing directory route addressing for the accessed service terminal.
When the service terminal accesses the data between networks, the access authentication transmission software judges that the target IP is not the address in the local network, and performs a directory forwarding path request to the authentication boundary protection equipment.
After receiving the directory forwarding path request, the boundary protection equipment traverses the local directory routing table entry, queries through the target address, acquires the IP address of the access point of the target address, takes the access point of the target address as the next hop of the inter-network forwarding path, and sends the next hop of the inter-network forwarding path to the service terminal.
And after receiving the next hop of the forwarding path, the access authentication transmission software of the service terminal performs cross-domain next hop tunnel encapsulation on the inter-network data and encapsulates the inter-network data on the target boundary protection equipment.
After the target boundary protection equipment receives the inter-network tunnel, the data is subjected to tunnel stripping and ferrying transmission to the target service terminal, and the specific process is shown in fig. 4.
The present invention is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present invention are intended to be included in the scope of the present invention.
It should be appreciated that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes described in the context of a single embodiment or with reference to a single figure in order to streamline the invention and aid those skilled in the art in understanding the various aspects of the invention. The present invention should not, however, be construed as including features that are essential to the patent claims in the exemplary embodiments.
Claims (6)
1. The data communication addressing method based on route isolation is characterized by comprising the following steps:
s1, loading a trusted authentication certificate file on boundary protection equipment offline, configuring IP addresses of different network service processing boards of the equipment through service configuration, and configuring adjacent boundary protection equipment IP addresses as neighbors of the equipment for learning and publishing directory routes;
s2, the boundary protection equipment performs bidirectional authentication based on certificates to the configured neighbor equipment, and actively learns directory routing information of the other party to the neighbor equipment after the authentication is successful;
s3, loading a certificate file of a trusted authentication on the service terminal provided with the access authentication transmission software, and configuring a trusted access IP address, wherein the configured IP address is a deployed IP address of boundary protection equipment;
s4, the access authentication transmission software on the service terminal performs access authentication on the boundary protection equipment, the local ip address and the MAC address are announced to the boundary protection equipment after authentication is completed, and a trusted relationship is formed between the local ip address and the MAC address and the boundary protection equipment after authentication is successful;
s5, after the boundary protection equipment receives the authentication of the service terminal, directory routing information of the service terminal is formed locally;
s6, after forming a directory route information table of the service terminal, the boundary protection equipment performs directory route notification to the neighbor equipment;
s7, after the boundary protection equipment completes neighbor establishment and directory route notification and learning, the boundary protection equipment has the capability of providing directory route addressing for the accessed service terminal;
s8, when the service terminal accesses the data between networks, and the access authentication transmission software judges that the target IP is not the address in the local network, a directory forwarding path request is carried out on the authentication boundary protection equipment;
s9, after receiving the directory forwarding path request, the boundary protection equipment traverses the local directory routing table entry, queries through the target address, acquires the IP address of the access point of the target address, takes the access point of the target address as the next hop of the inter-network forwarding path, and sends the next hop to the service terminal;
s10, after receiving the next hop of the forwarding path, the access authentication transmission software of the service terminal performs cross-domain next hop tunnel encapsulation on the inter-network data and encapsulates the inter-network data on target boundary protection equipment;
and S11, after the target boundary protection equipment receives the inter-network tunnel, carrying out tunnel stripping on the data and ferrying and transmitting the data to the target service terminal.
2. The routing isolation-based data communication addressing method of claim 1, wherein in S5, after receiving authentication of a service terminal, the border protection apparatus locally forms directory routing information of the service terminal, and the service routing information specifically includes:
1) SrcIP: a service end IP address;
2) Mac_addr: a service end MAC address;
3) Access_addr: access point IP address.
3. The data communication addressing method based on route isolation according to claim 1, wherein in S6, a directory route generation flow is as follows:
the service terminal and the boundary protection equipment conduct certificate file importing;
the service terminal and the boundary protection equipment perform access bidirectional authentication;
the service terminal announces IP and MAC addresses to the boundary protection equipment and forms a terminal directory route;
and the boundary protection equipment performs directory route notification to the neighbor equipment.
4. The data communication addressing method based on route isolation according to claim 1, wherein after the target boundary protection device receives the inter-network tunnel, the data is tunneled and ferred to the target service terminal, and the specific process is as follows:
the method comprises the steps that a service terminal A firstly initiates an inter-network service request, then judges whether data are local network targets or not, and if the data are not local network service terminals A, performs directory routing query on boundary protection equipment A, the boundary protection equipment A returns directory routing query results to the service terminal A; and the service terminal A performs cross-domain next-hop target tunnel encapsulation to the boundary protection equipment B, and the boundary protection equipment B performs tunnel stripping and service data ferrying to the service terminal B.
5. A data communication addressing system based on route isolation, characterized in that the system comprises the following parts:
the plurality of boundary protection devices are deployed at a boundary outlet of the service communication network, are used for boundary security protection, route isolation and cross-domain service access registration, serve as intermediate forwarding nodes for forwarding the private directory route between networks, and participate in the whole directory route learning process;
the access authentication transmission software is deployed on terminals needing to carry out cross-network service communication in each service, is used for terminal trusted access authentication and participates in the generation of directory routing;
the data communication addressing system based on route isolation realizes data communication addressing based on the data communication addressing method of any one of claims 1 to 4.
6. The routing isolation based data communication addressing system of claim 5, wherein the system is deployed in a networking manner as follows: in the system networking, boundary protection equipment is deployed at a network edge outlet of a service network, and access authentication transmission software is installed on a cross-network service seat.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310266670.7A CN116389359B (en) | 2023-03-20 | 2023-03-20 | Data communication addressing method and system based on route isolation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310266670.7A CN116389359B (en) | 2023-03-20 | 2023-03-20 | Data communication addressing method and system based on route isolation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116389359A true CN116389359A (en) | 2023-07-04 |
| CN116389359B CN116389359B (en) | 2024-05-24 |
Family
ID=86977969
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310266670.7A Active CN116389359B (en) | 2023-03-20 | 2023-03-20 | Data communication addressing method and system based on route isolation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116389359B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060126502A1 (en) * | 2004-12-14 | 2006-06-15 | Jean-Philippe Vasseur | Efficient mechanism for fast recovery in case of border router node failure in a computer network |
| WO2016058261A1 (en) * | 2014-12-16 | 2016-04-21 | 北京大学深圳研究生院 | Network-based flat routing method |
| CN111669317A (en) * | 2020-05-29 | 2020-09-15 | 深圳市风云实业有限公司 | Cross-domain secure communication transmission system and method based on hidden network routing |
-
2023
- 2023-03-20 CN CN202310266670.7A patent/CN116389359B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060126502A1 (en) * | 2004-12-14 | 2006-06-15 | Jean-Philippe Vasseur | Efficient mechanism for fast recovery in case of border router node failure in a computer network |
| WO2016058261A1 (en) * | 2014-12-16 | 2016-04-21 | 北京大学深圳研究生院 | Network-based flat routing method |
| CN111669317A (en) * | 2020-05-29 | 2020-09-15 | 深圳市风云实业有限公司 | Cross-domain secure communication transmission system and method based on hidden network routing |
Non-Patent Citations (1)
| Title |
|---|
| 钟耿辉;唐加山;: "基于VXLAN的EVPN技术研究与实现", 计算机技术与发展, no. 05 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116389359B (en) | 2024-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI821373B (en) | System for first hop gateway redundancy in a network computing environment | |
| US9825847B2 (en) | System and method for enabling services chaining in a provider network | |
| US20190007312A1 (en) | Techniques for routing and forwarding between multiple virtual routers implemented by a single device | |
| US8898334B2 (en) | System for network deployment and method for mapping and data forwarding thereof | |
| CN106572021B (en) | Method for realizing network virtualization superposition and network virtualization edge node | |
| EP3014859B1 (en) | Method for enabling services chaining in a provider network | |
| CN102571587B (en) | Method and equipment for forwarding messages | |
| CN103905284B (en) | A kind of flow load sharing method and apparatus based on EVI networks | |
| JP5231657B2 (en) | Method and apparatus for forming, maintaining and / or using overlapping networks | |
| JP2014529926A (en) | System and method for implementing and managing virtual networks | |
| CN108737273B (en) | Message processing method and device | |
| CN116389359B (en) | Data communication addressing method and system based on route isolation | |
| CN103023783B (en) | A kind of data transmission method and equipment based on DVPN | |
| US9025606B2 (en) | Method and network node for use in link level communication in a data communications network | |
| CN115277720A (en) | Multicast group management method, device, equipment and storage medium | |
| EP3942748B1 (en) | Seamless multipoint label distribution protocol (mldp) transport over a bit index explicit replication (bier) core | |
| CN103095507B (en) | Based on message transmitting method and the edge device of Ethernet virtualization internet network | |
| WO2011150710A1 (en) | Service data transmission method and system based on personal network | |
| CN117424778B (en) | Method for realizing large two-layer communication across control domain SD-WAN network | |
| CN106452992A (en) | Remote multi-homing networking method and apparatus | |
| CN115733643A (en) | MAC learning method, device, electronic equipment and storage medium | |
| Garcia-Luna-Aceves | Towards loop-free forwarding of anonymous internet datagrams that enforce provenance | |
| CN101729515B (en) | Method for acquiring information of neighbor nodes in IP telecommunication network system | |
| JP2004080268A (en) | Path information exchange method in dynamically reconfigured optical network, and path information exchange system employing the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |