CN1642109A - Method for realizing communication load equilibrium and gateway, central gateway thereof - Google Patents
Method for realizing communication load equilibrium and gateway, central gateway thereof Download PDFInfo
- Publication number
- CN1642109A CN1642109A CN 200410040767 CN200410040767A CN1642109A CN 1642109 A CN1642109 A CN 1642109A CN 200410040767 CN200410040767 CN 200410040767 CN 200410040767 A CN200410040767 A CN 200410040767A CN 1642109 A CN1642109 A CN 1642109A
- Authority
- CN
- China
- Prior art keywords
- gateway
- load
- tunnel
- traffic
- end gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 title claims abstract description 37
- 238000000034 method Methods 0.000 title claims abstract description 21
- 230000007246 mechanism Effects 0.000 claims description 13
- 230000001105 regulatory effect Effects 0.000 claims description 3
- 238000005728 strengthening Methods 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 6
- 230000008859 change Effects 0.000 description 4
- 238000001514 detection method Methods 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000005641 tunneling Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention is a method and gateway as well as central gateway for balancing communication load, relating to the computer network communication and safety field, and especially relating to a method for balancing the loads of key network devices in the virtual private network (VPN) built by IPsec technique. The invention includes the following steps: a. tunnels are established between bottom-end gateway and many top-end gateways; b. the bottom-end gateway allocates local communication quantity to each tunnel. It adopts a simple and practical policy, by the system of and initiatively and uniformly allocating communication quantity to each opposite end, implementing the load balance for the key safety gateway devices, thus the whole performance of VPN, strengthening actual operating ability of IPsec VPN. The invention is applied to IPsec VPNs in various topological structures and can meet high usability requirement of enterprise VPN with heavy service.
Description
Technical field
The present invention relates to computer network communication and security fields, in particular a kind of in the VPN (virtual private network) of using the IPsec technology to set up, the wherein crucial network equipment is carried out the method for load balancing.
Background technology
The high speed development of Internet makes the VPN (virtual private network) (VPN) that makes up mechanism of particular organization on public network become possibility.In the technology of various establishment VPN, the IPsec technology is safe and reliable with it, it is easy and with low cost to dispose and be subjected to people's favor.IPsec refers to IP layer security protocol family, and it can provide security services such as data source authentication, confidentiality, data integrity protection and preventing playback attack for the IP bag.Adopt the IPsec technology, can guarantee organization internal network data transmission safety on public network.
IPsec is a kind of tunneling technique in essence, but this tunnel is a data transmission channel of being encrypted and authenticate the safety of protection.The IPsec tunnel is to utilize automatic key generation and the management agreement of a kind of IKE of being referred to as (Internet cipher key change) to consult to set up by transmission both sides (as the security boundary gateway).IKE is in charge of security parameter consistency and the state synchronized between the entity of two ends, IPsec tunnel, to guarantee that the IP bag is correctly carried out IPsec encapsulation and decapsulation.
Along with the increase of the traffic, be responsible for the security gateway of process IP sec message, become performance bottleneck gradually, therefore for improving the availability of whole VPN network, IPsec security gateway equipment carried out one of means that equally loaded and redundancy backup necessitate.Because the IPsec its own particularity, present technology emphasis concentrates on security gateway is carried out redundancy backup.The existing redundancy technique at security gateway mainly contains two kinds: a kind of is to combine with certain hot standby protocol, between mutually redundant security gateway group, move hot standby protocol, determine current available security gateway, other equipment are only set up the IPsec tunnel with this active security gateway, in case it is unavailable, other equipment are set up the IPsec tunnel with the new security gateway that enlivens again; Another kind is that all devices of security gateway group all can be set up the IPsec tunnel with other equipment; but wherein have only the tunnel of setting up with the highest security gateway of priority can really be used for carrying out data communication; other tunnel only backs up; and guarantee its availability by a kind of keepalive mechanism; it is a kind of before the response performance of this scheme when losing efficacy switching is better than; when master malfunction, switch to slave unit; need not to consult again to set up the IPsec tunnel, can directly use existing IPsec tunnel.Its weak point is, only can realize backup functionality, and can't realize the load balancing of IPsec communication between each equipment of security gateway group, therefore also just can not really improve the availability of VPN network.
Yet find special method in the existing various technical scheme as yet at the equally loaded of IPsec security gateway.
Summary of the invention
Technical problem to be solved by this invention is, provides a kind of the crucial VPN network equipment is carried out the method for load balancing, also can realize redundancy backup simultaneously, improves the overall usability of VPN network with this.
The technical scheme that the present invention solve the technical problem employing is, a kind of method that realizes the traffic load equilibrium is provided, and may further comprise the steps: a. bottom-end gateway and a plurality of higher level's gateway are set up the tunnel; B. bottom-end gateway is assigned to each tunnel with local traffic equilibrium.
Also comprise: c. upper end gateway is according to the time interval, to bottom-end gateway announcement load state; D. bottom-end gateway is regulated the traffic according to the load state of upper end gateway.The tunnel that described bottom-end gateway has been set up by the keepalive mechanism assurance can be used.Described tunnel is the IPsec tunnel, and described keepalive mechanism is that mechanism (Dead Peer Detection) is surveyed in the dead opposite end of IKE.The upper end gateway is provided with a traffic threshold, when the load of this gateway surpasses this threshold value, each bottom-end gateway is sent the load notice message.In the described steps d, described " the adjusting traffic " is: the newly-increased traffic is distributed to the lighter tunnel of load, existing proper communication connection is not changed.If the upper end gateway that lost efficacy, then each bottom-end gateway will with this lost efficacy between the gateway communication diversion to be connected with normal upper end gateway the tunnel in.
" time interval " among the above-mentioned steps c can be a predetermined constant time interval, also can this be adjusted at interval according to the load state of upper end gateway, as increase the length in this time interval when the traffic is big, to alleviate network burden.
The present invention also provides a kind of center gateway, has the load announcement module, and described load announcement module is announced this center gateway load state to bottom-end gateway.
The present invention also provides a kind of gateway, has the load adjusting module, and to the newly-increased traffic of each tunnel distributing, described center gateway is the center gateway that is connected by the tunnel with this gateway to described load adjusting module according to the load state of each center gateway.Described load adjusting module also is used for the communication diversion by the inefficacy tunnel is arrived normal tunnel, described inefficacy tunnel is the tunnel between the upper end gateway of this gateway and inefficacy, and described normal tunnel is the tunnel between this gateway and the upper end gateway working properly.
The invention has the beneficial effects as follows, solved the problem of load balancing that prior art still can not fine solution IPsec security gateway, avoided complicated, loaded down with trivial details equipment state backup, adopted a kind of simple and practicable strategy, the mechanism of initiatively dividing equally the traffic by each opposite end, realize the load balancing of key safety gateway device, thereby improved the overall performance of VPN network, strengthened the actual operation ability of IPsec VPN.The present invention is applicable to the IPsec VPN of various network topologies, can satisfy the high-availability requirement of the heavy enterprise VPN of traffic carrying capacity.
The present invention is further illustrated below in conjunction with the drawings and specific embodiments.
Description of drawings
Fig. 1 is a network environment schematic diagram of the present invention.
Embodiment
Referring to Fig. 1." security gateway " as herein described is meant that it has security performance, with regard to the position in the network, also is referred to herein as " upper end gateway " or " center gateway " with regard to it.
" tunnel " as herein described is a kind of communication port.The described tunnel of present embodiment focuses on the communication port that uses IPsec technology encapsulation IP bag, also is a kind of safe communication tunnel.
Consider the particularity of IPsec technology, for the correct IPsec of enforcement encapsulates and decapsulation, the security parameter that need between the tunnel both sides, be consistent, and guarantee the synchronous of correlation behavior, this just makes common load balancing scheme can not satisfy its needs; Many the VPN security gateways of making load balancing are used as a gateway group, bottom-end gateway is all set up the IPsec tunnel with each gateway wherein, the equipment of gateway group is according to the loading condition of certain time interval to bottom-end gateway announcement oneself, perhaps the loading condition of all gateway group equipment is announced to bottom-end gateway by independent flow announcement device unification, bottom-end gateway is then moved towards according to the load of certain strategy decision oneself according to these information, reaches load balancing between the gateway group equipment with this.This scheme is applied in the star VPN network topology more, the traffic of a large amount of bottom-end gateway is all through the security gateway equipment at center, this just makes central apparatus be easy to form performance bottleneck, and central apparatus is carried out the performance that load balancing can significantly improve whole network.
The present invention realizes that the several steps of equally loaded is:
1. at first, bottom-end gateway directly with the security gateway group in each gateway device all set up the IPsec tunnel, and can use by the tunnel that the assurance of IKE DPD (detection of dead opposite end) keepalive mechanism has been built up.
2. then, bottom-end gateway equipment is according to own local policy, balancedly with local traffic distribution to different tunnel that gateway group each equipment in upper end is set up in, the equilibrium distribution is all carried out to the local traffic in each lower end, so just can be so that reach load balancing between each equipment of gateway group of upper end.
3. each gateway device of upper end is according to certain time interval, by the loading condition of IKE message to each lower end announcement oneself, the data traffic size of comprise the number that connects, having born etc.; For the bottom-end gateway number when a lot, for reducing the overhead that the load notice message is brought, can by one independently flow announcement device give bottom-end gateway with the unified announcement of loading condition of each equipment; Also has a kind of method that reduces load notice message number, this is based on a kind of like this understanding, promptly when load that certain gateway device bore during much smaller than maximum load value that it can bear, its loading condition does not need to be concerned about, in other words a threshold value can be set at the load capacity of each gateway device, in case load surpasses this value, promptly need loading condition is announced lower end equipment, thus, can effectively reduce load notice message quantity, thereby reduce the additional networks expense of bringing thus.
4. after bottom-end gateway receives the load notice message, the traffic that then will increase connection newly is distributed in the IPsec tunnel of setting up with the light gateway of load, communication for the connection that has existed is then unaffected, this is can also normally carry out because need only the communication of existing connection, show that corresponding gateway still is available, and there is no need to pursuing absolute load balancing, and go to switch the existing traffic, can cause communication stream between a plurality of gateways, to vibrate because do like this, thus the normal communication of influence; Through above-mentioned processing, can reach gratifying load balancing between each gateway device of security gateway group, thereby can improve the availability of whole VPN network.
Above-mentioned " flow announcement device " function is flow or the load notice message that receives upper end gateway group, and unified each gateway of lower end that is distributed to is to reduce flow or load notice message number in the circuit.
Obviously such scheme also can be realized the redundancy backup function, loses efficacy as long as find one of them gateway, promptly can promptly switch to another available gateway, thereby makes and reduce to minimum to the influence of communication.
The present invention initiatively sets up IPsec by lower end and center gateway and is connected, thereby can realize so-called remote backup function realizing on the redundancy backup function and not requiring that the equipment of security gateway group physically is in same place.
The present invention is by crucial gateway device in the VPN network is carried out load balancing, improves the availability of whole VPN network, therefore is suitable for integrated planning and deployment to the VPN network.Especially in star VPN network topology, non-central end gateway device is implemented identical strategy, can improve the availability of center gateway group better, thereby significantly improve the overall performance of VPN.
" flow announcement device " of the present invention function is flow or the load notice message that receives upper end gateway group, and unified each gateway of lower end that is distributed to is to reduce flow or load notice message number in the circuit.Fairly simple because of its function, to those skilled in the art, there is no the difficulty of enforcement, so no longer its concrete structure is explained in detail.
As embodiment more specifically, referring to Fig. 1.
What Fig. 1 showed is a kind of more typical star network topology.The security gateway GA and the GB that are positioned at the center form a security gateway group GAB, and the lower end is connected with four security boundary gateway G1, G2, G3 and G4; Wherein G1 and G3 communicate by the IPsec tunnel that the GAB with the center sets up, and communicating by letter of G2 and G4 also undertaken by GAB; Under this environment, all communication stream are all through the GAB at center, therefore for preventing that GAB from becoming performance bottleneck, and the overall performance of raising network, need carry out load balancing and redundancy backup between the GA at center and GB.
Concrete steps are as follows.
1.G1, G2, G3 at first set up the IPsec tunnel with GA, GB respectively according to the needs of communicating by letter in this locality with G4, and keep the availability in all tunnels by IKE DPD message mechanism; Originally, G1, G2, G3 and G4 communicate by letter to this locality with algorithm according to identical strategy and shunt, and the traffic that guarantees respectively the tunnel set up with GA, GB separately about equally like this can be so that the load of GA and GB tends to balance on the whole.
2. the maximum load of hypothesis GA, GB is 100, and the measurement of load is determined according to the concrete performance of each equipment; The load threshold of setting GA, GB is respectively 60,55, and whether this value decision needs to send the load notice message to each gateway device of lower end; When the load of GA, GB is 15,14 respectively, show that GA and GB also have enough abilities to handle traffic load, need not the opposite end and be concerned about its loading condition this moment; Afterwards, along with the increase of the traffic, the load of GB surpasses its threshold value 55, and GB begins to send the load notice message to the opposite end, and this can utilize IKE existing information exchange (Informational Exchange) mechanism to realize; The processing of GA also similarly; Timing mechanism is adopted in the transmission of load notice message, the timing size can be used fixed value, also can dynamically adjust according to loading condition, for example when threshold value, adopt long fixed time interval, then reduce timing along with the increase of load, to increase load notice message transmission frequency, when reaching a certain warning value, load (supposes that GA is 90, GB is 88) time, then begin to reduce the transmission of load notice message, send the additional networks pressure that the load notice message is brought, guarantee the carrying out of normal data communication as far as possible to reduce this moment.
3. after G1 or G2 receive the load notice message of GA, GB,, carry out the tunnel at the newly-increased traffic that connects and select, it is distributed to the lighter tunnel of load according to the loading condition of the GA that is obtained, GB; As long as the existing communication that connects can normally be carried out, just should not change its original tunnel approach, can guarantee existing the stable of communication that connect like this; The connection here is at a concrete communication session, promptly come unique definite by source address, destination address, source port, destination interface and agreement, for example 192.168.1.1 promptly is a connection to the FTP of 192.168.2.1 communication, and 192.168.1.1 promptly is another connection to the Web application (http protocol) of 192.168.2.1.
4. the purpose that center gateway GA, GB are carried out load balancing is in order to improve the overall usability of VPN network, if therefore existing connection communication can normally be carried out, just needn't change the existing communication tunnel that connects, unless existing communication occurs unusually according to the load of GA, GB is different; In other words, for G1, G2, G3 or G4, the upper end load notice message that obtains only works to its newly-increased selection strategy that connects communication, its purpose is that one is can guarantee existing communication stable, avoid meaningless communication vibration, the load that second can more promptly obtain center gateway GA, GB is tending towards balanced.
5. if certain center gateway lost efficacy, as GA, G1, G2, G3 and G4 can react more rapidly, and the communication diversion that will carry out with GA guarantees not to be interrupted with communicating by letter of GA with this in the IPsec tunnel of setting up with GB.
Certainly, the front is mentioned, and such scheme is not limited to the star-shaped network structure that Fig. 1 shows, for CFS to CFS (Site-to-Site) network configuration, and the Dial-up Network of remote customer dialing access local security gateway, also be suitable for.
The present invention can significantly improve the load performance of key safety gateway device in the VPN network, thereby improves the overall usability of network.
The regulative mode that above embodiment provides is that the traffic that only will increase connection newly is distributed in the IPsec tunnel of setting up with the light gateway of load, and does not change for the communication of the connection that has existed.
In addition, about two kinds of following situations:
1) original normal connection is done the adjustment of part to realize equilibrium rapidly;
2) all original connections and newly-increased connecting are redistributed;
Even its effect is not ideal,, still belong to interest field of the present invention as embodiment.
The present invention also provides a kind of center gateway, and described " center gateway " is a kind of gateway, and because of its position in network, this paper is called " center gateway " to show difference.Described center gateway also has a load announcement module except that the function with common gateway, described load announcement module function is bottom-end gateway to be announced the load state of this center gateway.Can be regularly announcement, also can dynamically adjust the time limit.When load was excessive, the center gateway increased the time interval of transmit status announcement, to reduce the overhead that produces because of announcement.
The present invention also provides a kind of gateway, and usually, in network environment of the present invention, this gateway is in the lower end usually.This gateway has the load adjusting module, and to the newly-increased traffic of each tunnel distributing, described center gateway is the center gateway that is connected by the tunnel with this gateway to described load adjusting module according to the load state of each center gateway.Described load adjusting module also is used for the communication diversion by the inefficacy tunnel is arrived normal tunnel, described inefficacy tunnel is the tunnel between the upper end gateway of this gateway and inefficacy, and described normal tunnel is the tunnel between this gateway and the upper end gateway working properly.
Claims (11)
1, a kind of method that realizes the traffic load equilibrium is characterized in that, may further comprise the steps:
A. bottom-end gateway and a plurality of upper ends gateway are set up the tunnel;
B. bottom-end gateway is assigned to each tunnel with local traffic equilibrium.
2, the method for realization traffic load as claimed in claim 1 equilibrium is characterized in that, also comprises:
C. the upper end gateway is according to the time interval, to bottom-end gateway announcement load state;
D. bottom-end gateway is regulated the traffic according to the load state of upper end gateway.
3, the method for realization traffic load as claimed in claim 1 equilibrium is characterized in that, also comprises:
C. flow announcement device is according to the time interval, to the load state of bottom-end gateway announcement upper end gateway;
D. bottom-end gateway is regulated the traffic according to the load state of upper end gateway.
As the method for claim 2 or 3 described realization traffic load equilibriums, it is characterized in that 4, the tunnel that described bottom-end gateway has been set up by the keepalive mechanism assurance can be used.
5, the method for realization traffic load as claimed in claim 4 equilibrium is characterized in that, described tunnel is the IPsec tunnel, and described keepalive mechanism is that mechanism is surveyed in the dead opposite end of IKE.
6, the method for realization traffic load as claimed in claim 4 equilibrium is characterized in that, the upper end gateway is provided with a traffic threshold, when the load of this gateway surpasses this threshold value, each bottom-end gateway is sent the load notice message.
7, the method for realization traffic load as claimed in claim 6 equilibrium is characterized in that, in the described steps d, described " the adjusting traffic " is: the newly-increased traffic is distributed to the lighter tunnel of load, existing proper communication connection is not changed.
8, the method for realization traffic load as claimed in claim 6 equilibrium is characterized in that, if the upper end gateway that lost efficacy, then each bottom-end gateway will and this lost efficacy communication diversion between the gateway in the tunnel of setting up with normal upper end gateway.
9, a kind of center gateway is characterized in that have the load announcement module, described load announcement module is announced this center gateway load state to bottom-end gateway.
10, a kind of gateway is characterized in that, has the load adjusting module, and to the newly-increased traffic of each tunnel distributing, described center gateway is the center gateway that is connected by the tunnel with this gateway to described load adjusting module according to the load state of each center gateway.
11, gateway as claimed in claim 10, it is characterized in that, described load adjusting module also is used for the communication diversion by the inefficacy tunnel is arrived normal tunnel, described inefficacy tunnel is the tunnel between the upper end gateway of this gateway and inefficacy, and described normal tunnel is the tunnel between this gateway and the upper end gateway working properly.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100407673A CN100367715C (en) | 2004-09-30 | 2004-09-30 | Method for realizing communication load equilibrium and gateway, central gateway thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100407673A CN100367715C (en) | 2004-09-30 | 2004-09-30 | Method for realizing communication load equilibrium and gateway, central gateway thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1642109A true CN1642109A (en) | 2005-07-20 |
| CN100367715C CN100367715C (en) | 2008-02-06 |
Family
ID=34868620
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100407673A Expired - Fee Related CN100367715C (en) | 2004-09-30 | 2004-09-30 | Method for realizing communication load equilibrium and gateway, central gateway thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100367715C (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100459568C (en) * | 2005-09-22 | 2009-02-04 | 武汉思为同飞网络技术有限公司 | System and method for realizing VPN protocol at application layer |
| CN100466620C (en) * | 2006-06-30 | 2009-03-04 | 南京联创科技股份有限公司 | Loading balance method based on data flow in large scale paralle processing of mass data |
| CN101827010A (en) * | 2010-04-30 | 2010-09-08 | 华为技术有限公司 | Method and device for inhabiting VPN (Virtual Private Network) tunnel oscillation |
| CN101902400A (en) * | 2010-07-21 | 2010-12-01 | 成都市华为赛门铁克科技有限公司 | Gateway load balancing method, system and client device |
| CN102075433A (en) * | 2011-01-25 | 2011-05-25 | 北京中交通信科技有限公司 | Isomeric global navigation satellite system (GNSS) platform data routing method and system |
| CN102281161A (en) * | 2011-09-15 | 2011-12-14 | 浙江大学 | Multi-agent virtual private network (VPN) tunnel concurrent testing system and multi-agent load balancing method |
| CN101754279B (en) * | 2009-12-11 | 2012-03-14 | 中国科学技术大学 | Load balancing method for guaranteeing quality of service of real-time services |
| CN101478485B (en) * | 2009-01-19 | 2012-04-04 | 成都市华为赛门铁克科技有限公司 | Method for local area network access control and network gateway equipment |
| CN101442471B (en) * | 2008-12-31 | 2012-04-18 | 杭州华三通信技术有限公司 | Method for implementing backup and switch of IPSec tunnel, system and node equipment, networking architecture |
| CN102469523A (en) * | 2010-11-19 | 2012-05-23 | 中兴通讯股份有限公司 | Base station access method and base station access gateway |
| CN101521602B (en) * | 2008-02-29 | 2012-09-05 | 上海博达数据通信有限公司 | Realizing method for utilizing IKE to monitor the state of communication nodes in IPSec VPN |
| CN102705009A (en) * | 2012-05-22 | 2012-10-03 | 上海乾视通信技术有限公司 | Mine information system |
| CN102938740A (en) * | 2012-10-30 | 2013-02-20 | 汉柏科技有限公司 | Method and device for controlling internet protocol security (IPSEC) load sharing through user number |
| CN103067290A (en) * | 2012-11-30 | 2013-04-24 | 成都卫士通信息产业股份有限公司 | Virtual Private Network (VPN) tunnel implementation method based on virtual network adapter adaptable load balancing network |
| WO2016115948A1 (en) * | 2015-01-21 | 2016-07-28 | Huawei Technologies Co., Ltd. | Load balancing internet protocol security tunnels |
| CN106488416A (en) * | 2015-08-26 | 2017-03-08 | 中国联合网络通信集团有限公司 | Industry short message sending method and device |
| CN107483350A (en) * | 2017-07-11 | 2017-12-15 | 北京潘达互娱科技有限公司 | A kind of gateway distribution method and device |
| CN108712344A (en) * | 2018-03-22 | 2018-10-26 | 新华三信息安全技术有限公司 | A kind of message forwarding method and the network equipment |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1094682B1 (en) * | 1999-10-22 | 2005-06-08 | Telefonaktiebolaget LM Ericsson (publ) | Mobile phone incorporating security firmware |
| JP2001326693A (en) * | 2000-05-17 | 2001-11-22 | Nec Corp | Communication system and method for controlling communication, and control program recording medium |
| CN1154329C (en) * | 2001-02-28 | 2004-06-16 | 李建民 | Content transmission network system and realizing method thereof |
| JP4056849B2 (en) * | 2002-08-09 | 2008-03-05 | 富士通株式会社 | Virtual closed network system |
| US7428226B2 (en) * | 2002-12-18 | 2008-09-23 | Intel Corporation | Method, apparatus and system for a secure mobile IP-based roaming solution |
-
2004
- 2004-09-30 CN CNB2004100407673A patent/CN100367715C/en not_active Expired - Fee Related
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100459568C (en) * | 2005-09-22 | 2009-02-04 | 武汉思为同飞网络技术有限公司 | System and method for realizing VPN protocol at application layer |
| CN100466620C (en) * | 2006-06-30 | 2009-03-04 | 南京联创科技股份有限公司 | Loading balance method based on data flow in large scale paralle processing of mass data |
| CN101521602B (en) * | 2008-02-29 | 2012-09-05 | 上海博达数据通信有限公司 | Realizing method for utilizing IKE to monitor the state of communication nodes in IPSec VPN |
| CN101442471B (en) * | 2008-12-31 | 2012-04-18 | 杭州华三通信技术有限公司 | Method for implementing backup and switch of IPSec tunnel, system and node equipment, networking architecture |
| CN101478485B (en) * | 2009-01-19 | 2012-04-04 | 成都市华为赛门铁克科技有限公司 | Method for local area network access control and network gateway equipment |
| CN101754279B (en) * | 2009-12-11 | 2012-03-14 | 中国科学技术大学 | Load balancing method for guaranteeing quality of service of real-time services |
| CN101827010B (en) * | 2010-04-30 | 2012-02-01 | 华为技术有限公司 | Method and device for inhabiting VPN (Virtual Private Network) tunnel oscillation |
| CN101827010A (en) * | 2010-04-30 | 2010-09-08 | 华为技术有限公司 | Method and device for inhabiting VPN (Virtual Private Network) tunnel oscillation |
| CN101902400A (en) * | 2010-07-21 | 2010-12-01 | 成都市华为赛门铁克科技有限公司 | Gateway load balancing method, system and client device |
| CN102469523A (en) * | 2010-11-19 | 2012-05-23 | 中兴通讯股份有限公司 | Base station access method and base station access gateway |
| CN102075433B (en) * | 2011-01-25 | 2013-04-10 | 北京中交通信科技有限公司 | Isomeric global navigation satellite system (GNSS) platform data routing method and system |
| CN102075433A (en) * | 2011-01-25 | 2011-05-25 | 北京中交通信科技有限公司 | Isomeric global navigation satellite system (GNSS) platform data routing method and system |
| CN102281161A (en) * | 2011-09-15 | 2011-12-14 | 浙江大学 | Multi-agent virtual private network (VPN) tunnel concurrent testing system and multi-agent load balancing method |
| CN102281161B (en) * | 2011-09-15 | 2014-04-16 | 浙江大学 | Multi-agent virtual private network (VPN) tunnel concurrent testing system and multi-agent load balancing method |
| CN102705009A (en) * | 2012-05-22 | 2012-10-03 | 上海乾视通信技术有限公司 | Mine information system |
| CN102938740A (en) * | 2012-10-30 | 2013-02-20 | 汉柏科技有限公司 | Method and device for controlling internet protocol security (IPSEC) load sharing through user number |
| CN102938740B (en) * | 2012-10-30 | 2015-06-03 | 汉柏科技有限公司 | Method and device for controlling internet protocol security (IPSEC) load sharing through user number |
| CN103067290A (en) * | 2012-11-30 | 2013-04-24 | 成都卫士通信息产业股份有限公司 | Virtual Private Network (VPN) tunnel implementation method based on virtual network adapter adaptable load balancing network |
| CN103067290B (en) * | 2012-11-30 | 2016-06-01 | 成都卫士通信息产业股份有限公司 | The VPN tunnel implementation of load balancing network is adapted to based on virtual network interface card |
| WO2016115948A1 (en) * | 2015-01-21 | 2016-07-28 | Huawei Technologies Co., Ltd. | Load balancing internet protocol security tunnels |
| US9565167B2 (en) | 2015-01-21 | 2017-02-07 | Huawei Technologies Co., Ltd. | Load balancing internet protocol security tunnels |
| CN107210929A (en) * | 2015-01-21 | 2017-09-26 | 华为技术有限公司 | The load balancing of the Internet protocol security tunnel |
| CN106488416A (en) * | 2015-08-26 | 2017-03-08 | 中国联合网络通信集团有限公司 | Industry short message sending method and device |
| CN106488416B (en) * | 2015-08-26 | 2020-02-07 | 中国联合网络通信集团有限公司 | Industry short message sending method and device |
| CN107483350A (en) * | 2017-07-11 | 2017-12-15 | 北京潘达互娱科技有限公司 | A kind of gateway distribution method and device |
| CN108712344A (en) * | 2018-03-22 | 2018-10-26 | 新华三信息安全技术有限公司 | A kind of message forwarding method and the network equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100367715C (en) | 2008-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1642109A (en) | Method for realizing communication load equilibrium and gateway, central gateway thereof | |
| EP1774750B1 (en) | Method, apparatuses and computer readable medium for establishing secure end-to-end connections by binding IPSec Security Associations | |
| JP4361270B2 (en) | Clustering VPN devices using network flow switches | |
| CN113872855B (en) | System and method for virtual interfaces and advanced intelligent routing in a global virtual network | |
| CN107547366B (en) | Message forwarding method and device | |
| US6157649A (en) | Method and system for coordination and control of data streams that terminate at different termination units using virtual tunneling | |
| US8364948B2 (en) | System and method for supporting secured communication by an aliased cluster | |
| US7054264B2 (en) | Interconnect and gateway protection in bidirectional ring networks | |
| EP2064906B1 (en) | Method for recovering connectivity in the event of a failure in a radio communications system and controlling node thereof | |
| WO2009082978A1 (en) | Access network protecting method, system and access edge node | |
| US20120106523A1 (en) | Packet forwarding function of a mobility switch deployed as routed smlt (rsmlt) node | |
| CN101741740B (en) | Method, system and equipment for balancing loads | |
| US20050152383A1 (en) | Signaling gateway aggregation | |
| CN101459530A (en) | Method, system and equipment for wireless network management and maintenance | |
| CN102447703B (en) | A kind of heat backup method and system, CGN equipment | |
| CN1235346C (en) | Method for improving route repeat liability of access server | |
| CN114338607B (en) | Method, device and system for confirming IP address of 5G user terminal | |
| EP1552662B1 (en) | System and method for communicating data between networks operating under different protocols | |
| CN103023783B (en) | A kind of data transmission method and equipment based on DVPN | |
| CN101778032A (en) | Internet access method realized by aggregating tunnel links | |
| Cisco | New Features in Release 11.3 | |
| Cisco | Internetworking Design Basics | |
| Cisco | Internetworking Design Basics | |
| Cisco | Internetworking Design Basics | |
| Cisco | Internetworking Design Basics |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: MAIPU COMMUNICATION TECHNOLOGY CO., LTD. Free format text: FORMER NAME: MAIPU (SICHUAN) COMMUNICATION TECHNOLOGY CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: Sichuan city of Chengdu province high tech Zone nine Hing Road No. 16 building, Maipu Patentee after: MAIPU COMMUNICATION TECHNOLOGY Co.,Ltd. Address before: Sichuan city of Chengdu province high tech Zone nine Hing Road No. 16 building, Maipu Patentee before: Maipu (Sichuan) communication technology Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080206 |