CN1725723A - Method and system for increasing safety of VPN user - Google Patents
Method and system for increasing safety of VPN user Download PDFInfo
- Publication number
- CN1725723A CN1725723A CN 200510077084 CN200510077084A CN1725723A CN 1725723 A CN1725723 A CN 1725723A CN 200510077084 CN200510077084 CN 200510077084 CN 200510077084 A CN200510077084 A CN 200510077084A CN 1725723 A CN1725723 A CN 1725723A
- Authority
- CN
- China
- Prior art keywords
- vpn
- user
- equipment
- operator
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A method for raising user safety of virtual special network includes forbidding interface bounding with VPN to switch in VPN service. Carrying out certification on user requesting to switch in virtual special network and enabling user to switch in VPN service only after certification is passed. Another safety method carries out certification on user requesting to switch in virtual special network and finalizes the user configuration on operator's device switched in by the user. The safety system comprises user's device, device of operation company and AAA server.
Description
Technical field
The present invention relates to the network security technology field, be specifically related to a kind of method and system that improve safety of VPN user.
Background technology
VPN (Virtual Private Network) is the technology that the private data network is provided on public communication infrastructure platform, and operator generally satisfies client's private demand by tunnel protocol and employing security mechanism.VPN compares with traditional proprietary line/leased line, and expense is cheap and can meet customer need preferably.
MPLS VPN then is meant the Virtual Private Network based on MPLS (multiprotocol label switching) technique construction, promptly adopt the MPLS technology, on public IP (Internet Protocol) network, make up the IP of enterprise private network, realize data, voice, image multi-service broadband connection, and in conjunction with correlation techniques such as differentiated services, traffic engineerings, for the user provides high quality services.MPLS VPN can provide strong QoS (service quality) ability when original VPN network all functions are provided, have reliability height, safe, characteristics such as extended capability is strong, control strategy is flexible and managerial ability is powerful.
With traditional VPN difference, MPLS VPN does not rely on encapsulation and encryption technology, transmits the VPN that creates a safety with the mark of packet but rely on.VPN data comprise one group of CE (customer edge), and with its PE (provider edge equipment) that links to each other.
Fig. 1 is based on the basic structure of the VPN of MPLS:
CE is a customer edge, can be router, also can be switch, or even a main frame; PE is a provider edge, is positioned at backbone network; PE is responsible for VPN user is managed, and sets up LSP between each PE (label switched path) and connects route assignment between each branch of same VPN user.
In MPLS VPN framework, in case networking determines that CE just decides with the interface binding relationship of PE.Therefore,, and need on PE, configure all VPN information in advance, finish of the binding of user's access interface with VPN in the prior art not to VPN user's authentication.Like this, not only reduced the fail safe that VPN user inserts, even and CE do not have business, also can trigger the bulk information that PE safeguards VPN, cause the performance bottleneck on the PE.
Summary of the invention
The purpose of this invention is to provide a kind of method that improves safety of VPN user,, improve the fail safe that VPN user inserts to overcome the shortcoming that can't guarantee in the prior art that the VPN user security inserts.
Another object of the present invention provides a kind of method that improves safety of VPN user, the user is not authenticated to overcome in the prior art, and no matter whether the user inserts all and need carry out on PE and user-dependent configuration, make PE need safeguard a large amount of VPN information, influence the shortcoming of PE performance, reduce the pressure of PE, and improve the fail safe that VPN user inserts.
Another object of the present invention provides a kind of system that improves safety of VPN user, realizes the dynamic binding based on the MPLS VPN of authentication.
For this reason, the invention provides following technical scheme:
A kind of method that improves safety of VPN user, described method comprises step:
A ', the interface of having forbidden binding VPN insert vpn service;
B ', the user that request is inserted described Virtual Private Network authenticate;
C ', after described authentication is passed through, the interface that enables described user's correspondence inserts vpn service.
Preferably, described steps A ' specifically comprise:
With server that described operator equipment links to each other on the described VPN information of configuration;
Behind the described operator device start, send the VPN configuration request message to described server;
Described server sends to described operator equipment with described VPN information;
The interface that described operator equipment has forbidden binding VPN according to described VPN information inserts vpn service.
Described step B ' comprising:
B1 ', described user send authentication request message to described operator equipment;
B2 ', described operator equipment send to described server with described authentication request and authenticate;
B3 ', described server are to the described equipment return authentication result of operator.
Alternatively,
Finish to described user's verification process with to the layoutprocedure of described VPN information by the same server that links to each other with described operator equipment; Perhaps
Finish to described user's verification process with to the layoutprocedure of described VPN information by aaa server that links to each other with described operator equipment and vpn server respectively.
Alternatively, described method also comprises step:
After described user leaves, forbid that the interface of described user's correspondence inserts vpn service.
A kind of method that improves safety of VPN user, described method comprises step:
A, the user that request is inserted described Virtual Private Network authenticate;
B, after described authentication is passed through, on operator's equipment that described user asks to insert, finish the configuration of this user profile.
Especially, finish to described user's verification process with to the layoutprocedure of described user profile by the server that links to each other with described operator equipment.
Preferably, described steps A specifically comprises:
A11, described user send authentication request to described operator equipment;
A12, described operator equipment send to described server with described authentication request and authenticate;
A13, described server are to the described equipment return authentication result of operator.
Alternatively, before described steps A, also comprise step:
Configuration and subscriber-related VPN information on described server.
Correspondingly, described step B specifically comprises:
B11, described server will send to described operator equipment with described subscriber-related VPN information;
B12, described operator equipment are finished the binding of described user's access interface and VPN according to described user's configuration information.
Alternatively, before described steps A, also comprise step:
All VPN information of configuration on described server;
Behind the described operator device start, send the common configuration request message to described server;
After described server is received described common configuration request message, will send to described operator equipment with the VPN information that the user has nothing to do.
Preferably, finish to described user's verification process with to the layoutprocedure of described user profile by aaa server that links to each other with described operator equipment and vpn server respectively.
Alternatively, described method also comprises step:
After described user leaves, the unit deletion of described operator and this subscriber-related VPN information.
A kind of system that improves safety of VPN user comprises: subscriber equipment and coupled operator's equipment also comprise:
Server, link to each other with described operator equipment, be used to finish to the access authentication of described subscriber equipment or finish the access authentication of described subscriber equipment and the configuration of VPN information, described server issues the VPN configuration information to described operator equipment finishing the authentication back.
A kind of system that improves safety of VPN user comprises: subscriber equipment and coupled operator's equipment also comprise:
Aaa server links to each other with described operator equipment, is used to finish the access authentication to described subscriber equipment;
Vpn server links to each other with described operator equipment, is used for authentication and finishes the back to the corresponding user VPN of operator's equipment disposition information.
By above technical scheme provided by the invention as can be seen, CE user must could set up MPLS VPN connection through authentication in the present invention, and security of users has been had further guarantee.Before CE user is unverified, not setting up MPLS VPN connects, corresponding MPLS L3VPN (three layers of MPLS VPN), PE does not need to safeguard the CE user's who does not have authentication route, corresponding MPLS L2VPN (two layers of MPLS VPN), reduce the linking number of VLL (VLL), reduced the pressure of PE.By the following brush of server to configuration information, make PE before CE is through authentication and do not know which interface is which CE serves, have only through after the authentication, just finish of the binding of user's access interface according to this user's configuration information with VPN by PE, it is VPN interface dynamic binding, thereby can make VPN insert different interfaces, and not need extra configuration, realize plug and play.By RADIUS (remote identification dial user service) server or independent vpn server the dynamic of VPN relevant configuration information brushed down, guaranteed the correctness of configuration.
Description of drawings
Fig. 1 is based on the basic structure schematic diagram of the VPN of MPLS;
Fig. 2 is the topological diagram of first embodiment of system of the present invention;
Fig. 3 is based on the flow chart of first embodiment of the inventive method of system shown in Figure 2;
Fig. 4 is based on the flow chart of second embodiment of the inventive method of system shown in Figure 2;
Fig. 5 is based on the flow chart of the 3rd embodiment of the inventive method of system shown in Figure 2;
Fig. 6 is based on the flow chart of the 4th embodiment of the inventive method of system shown in Figure 2;
Fig. 7 is the topological diagram of second embodiment of system of the present invention;
Fig. 8 is based on the flow chart of the 5th embodiment of the inventive method of system shown in Figure 7;
Fig. 9 is based on the flow chart of the 6th embodiment of the inventive method of system shown in Figure 7.
Embodiment
Core of the present invention needed earlier by authentication before CE inserts PE use VPN resource to be.By PE the authentication request of CE is sent to corresponding server, and the authentication result of server is returned to CE.After the CE authentication was passed through, PE finished dynamic binding and the relevant configuration of user's access interface with VPN according to VPN user's configuration information.Authentication to CE can be finished by special aaa server; VPN user's configuration information is preserved by vpn server, is handed down to PE after authentication is finished, or configures on PE in advance.
In order to make those skilled in the art person understand the present invention program better, the present invention is described in further detail below in conjunction with drawings and embodiments.
With reference to Fig. 2, Fig. 2 is the topological diagram of first embodiment of system of the present invention:
In this embodiment, subscriber equipment S1 inserts VPN by the equipment S2 of operator, and server S 3 links to each other with the equipment S2 of operator, for subscriber equipment S1 provides the access authentication service, in addition, also can provide VPN configuration service for the equipment S2 of operator as required.
Can on the equipment S2 of operator, finish the configuration of all VPN information; Also can on server S 3, preserve and the user-dependent configuration of VPN, behind operator's device start, to the relevant configuration of server S 3 application VPN, server S 3 is handed down to the equipment S2 of operator with the VPN configuration information of preserving, and the equipment S2 of operator finishes the configuration of VPN.
Describe VPN user's access procedure below in detail based on said system.
With reference to Fig. 3, Fig. 3 is the flow chart of first embodiment of the inventive method:
In this embodiment, do not preserve in advance on the server on operator's equipment and dispose with user-dependent VPN, these VPN information all configure on operator's equipment.
Step 10: on operator's equipment, dispose VPN information, and forbidden binding the interface access vpn service of VPN;
Step 11: the user sends authentication request message to operator's equipment;
Step 12: operator's equipment is with authentication request and add necessary information, such as, equipment is accepted interface, the device identification of authentication request packet, sends to server as information such as LSRID and authenticates;
Step 13: server is to the equipment return authentication result of operator.If authentication is passed through, then the interface of operator's devices enable user correspondence inserts vpn service; Otherwise, continue to forbid that the interface of user's correspondence inserts vpn service.
With reference to Fig. 4, Fig. 4 is the flow chart of second embodiment of the inventive method:
In this embodiment, at the configuration information on operator's equipment of preserving the user on the server, server not only will be finished the authentication to VPN user, also will provide VPN configuration information to operator's equipment.
Step 20: configuration VPN information on server;
Step 21: behind operator's device start, send the VPN configuration request message to server;
Step 22: server sends to operator's equipment with VPN information;
Step 23 (not shown): the interface that operator's equipment has forbidden binding VPN according to the VPN information of receiving inserts vpn service;
Step 24: the user sends authentication request message to operator's equipment;
Step 25: operator's equipment is with authentication request and add necessary information, such as, equipment is accepted interface, the device identification of authentication request packet, sends to server as information such as LSRID and authenticates;
Step 26: server is to the equipment return authentication result of operator.If authentication is passed through, then the interface of operator's devices enable user correspondence inserts vpn service; Otherwise, continue to forbid that the interface of user's correspondence inserts vpn service.
As seen, utilize Fig. 3 or embodiment illustrated in fig. 4, no matter by manual configuration and subscriber-related VPN information on operator's equipment, still dynamically brush and subscriber-related VPN information down to operator's equipment by server, insert vpn service as long as before authentification of user, on operator's equipment, forbidden binding the interface of VPN, the interface that just enables this user's correspondence through authentication inserts vpn service, thereby has guaranteed the fail safe that VPN user inserts effectively.
With reference to Fig. 5, Fig. 5 is the flow chart of the 3rd embodiment of the inventive method:
In this embodiment, only preserve in advance on the server on operator's equipment and user-dependent VPN information, the VPN information that other and user have nothing to do all configures on operator's equipment.Like this, before authentification of user, operator's equipment does not need to safeguard the user's who does not have authentication route, does not need to set up relevant VLL (VLL) yet.
Step 30: on server, preserve and subscriber-related VPN information;
Step 31: the user sends authentication request to operator's equipment;
Step 32: operator's equipment is with authentication request and add necessary information, such as, equipment is accepted interface, the device identification of authentication request packet, sends to server as information such as LSRID and authenticates;
Step 33: server is to the equipment return authentication result of operator;
Step 34: after authentification of user passes through, server will send to operator's equipment with this subscriber-related VPN information;
Step 35 (not shown): operator's equipment is finished the binding of this user's access interface and VPN according to user's configuration information.
With reference to Fig. 6, Fig. 6 is the flow chart of the 4th embodiment of the inventive method:
In this embodiment, preserve all VPN information on operator's equipment on the server in advance, promptly with subscriber-related VPN information and the VPN information that has nothing to do with the user.Behind operator's device start, will send to operator's equipment with the VPN information that the user has nothing to do earlier, after the user is by authentication, will send to operator's equipment with this subscriber-related VPN information again.Like this, before authentification of user, operator's equipment does not need to safeguard the user's who does not have authentication route equally, does not need to set up relevant VLL (VLL) yet.
Step 40: all VPN information of configuration on server;
Step 41: behind operator's device start, send the common configuration request message to server;
Step 42: after server is received the common configuration request message, will send to operator's equipment with the VPN information that the user has nothing to do;
Step 43: the user sends authentication request to operator's equipment;
Step 44: operator's equipment is with authentication request and add necessary information, such as, equipment is accepted interface, the device identification of authentication request packet, sends to server as information such as LSRID and authenticates;
Step 45: server is to the equipment return authentication result of operator;
Step 46: after authentification of user passes through, server will send to operator's equipment with this subscriber-related VPN information;
Step 47 (not shown): operator's equipment is finished the binding of this user's access interface and VPN according to user's configuration information.
As seen, utilize Fig. 5 or embodiment illustrated in fig. 6, at first the user to the request access virtual special network authenticates; After authentication is passed through, on operator's equipment that the user inserts, finish the configuration of this user profile again.Not only improve the fail safe that VPN user inserts, and realized the dynamic binding of VPN interface, reduced the pressure of operator's equipment.
The foregoing description adopts same server to finish user's the authentication and the preservation of VPN configuration information, in the present invention, also can adopt different servers to finish respectively user's the authentication and the preservation of VPN configuration information.For example, by aaa server the user is authenticated, vpn server is preserved the VPN configuration information.
With reference to Fig. 7, Fig. 7 is the topological diagram of second embodiment of system of the present invention:
In this embodiment, subscriber equipment S1 inserts VPN by the equipment S2 of operator, aaa server S4 links to each other with the equipment S2 of operator respectively with vpn server S5, and aaa server S4 provides the access authentication service for subscriber equipment S1, and vpn server S5 provides VPN configuration service for the equipment S2 of operator.
When the user asks to insert, at first this user is authenticated by aaa server S4, after authentication is passed through, to send to the equipment S2 of operator with this subscriber-related VPN configuration information by vpn server, the VPN configuration information that other and user have nothing to do in advance manual configuration on the equipment S2 of operator, also can be kept on the vpn server, after the equipment S2 of operator starts, be handed down to the equipment S2 of operator.The equipment S2 of operator finishes user's access interface and the dynamic binding of VPN according to the VPN configuration information of receiving.That is to say, before subscriber equipment S1 does not authenticate, not setting up MPLS VPN connects, corresponding to MPLS L3VPN, the equipment S2 of operator does not need to safeguard the subscriber equipment S1 user's who does not have authentication route, corresponding to MPLS L2VPN, reduced the linking number of VLL, thereby reduced the pressure that the equipment S2 of operator need preserve and safeguard numerous VP N information.
Describe VPN user's access procedure below in detail based on said system.
With reference to Fig. 8, Fig. 8 is the flow chart of the 5th embodiment of the inventive method:
In this embodiment, preserve in advance on the vpn server on operator's equipment and subscriber-related VPN information.After the user is through the aaa server authentication, will send to operator's equipment with this subscriber-related VPN information.Like this, before authentification of user, operator's equipment does not need to safeguard the user's who does not have authentication route, does not need to set up relevant VLL (VLL) yet.
Step 50: configuration and subscriber-related VPN information on vpn server;
Step 51: the user sends authentication request to operator's equipment;
Step 52: operator's equipment is with authentication request and add necessary information, such as, equipment is accepted interface, the device identification of authentication request packet, sends to aaa server as information such as LSRID and authenticates;
Step 53:AAA server is to the equipment return authentication result of operator;
Step 54: after authentication was passed through, operator's equipment sent user's configuration request message to vpn server;
Step 55:VPN server will send to operator's equipment with this subscriber-related configuration information;
Step 56 (not shown): operator's equipment is finished the binding of this user's access interface and VPN according to user's configuration information.
Like this, this user can use relevant VPN resource.
With reference to Fig. 9, Fig. 9 is the flow chart of the 6th embodiment of the inventive method:
In this embodiment, preserve all VPN information on operator's equipment on the vpn server in advance, promptly with subscriber-related VPN information and the VPN information that has nothing to do with the user.Behind operator's device start, will send to operator's equipment with the VPN information that the user has nothing to do earlier, after the user is by the aaa server authentication, will send to operator's equipment with this subscriber-related VPN information again.Like this, before authentification of user, operator's equipment does not need to safeguard the user's who does not have authentication route equally, does not need to set up relevant VLL (VLL) yet.
Step 60: all VPN information of configuration on vpn server;
Step 61: behind operator's device start, send the common configuration request message to vpn server;
After step 62:VPN server is received the common configuration request message, will send to operator's equipment with the VPN information that the user has nothing to do.
Step 63: the user sends authentication request to operator's equipment;
Step 64: operator's equipment is with authentication request and add necessary information, such as, equipment is accepted interface, the device identification of authentication request packet, sends to aaa server as information such as LSRID and authenticates;
Step 65:AAA server is to the equipment return authentication result of operator;
Step 66: after authentication was passed through, operator's equipment sent user's configuration request message to vpn server;
Step 67:VPN server will send to operator's equipment with this subscriber-related configuration information;
Step 68 (not shown): operator's equipment is finished the binding of this user's access interface and VPN according to user's configuration information.
As seen, utilize Fig. 8 or embodiment illustrated in fig. 9, at first the user to the request access virtual special network authenticates; After authentication is passed through, on operator's equipment that the user inserts, finish the configuration of this user profile again.Not only improve the fail safe that VPN user inserts, and realized the dynamic binding of VPN interface, reduced the pressure of operator's equipment.By the dynamic down brush of vpn server, avoided configuration error to the VPN configuration information.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (15)
1, a kind of method that improves safety of VPN user is characterized in that, described method comprises step:
A ', the interface of having forbidden binding VPN insert vpn service;
B ', the user that request is inserted described Virtual Private Network authenticate;
C ', after described authentication is passed through, the interface that enables described user's correspondence inserts vpn service.
2, method according to claim 1 is characterized in that, described steps A ' specifically comprise:
With server that described operator equipment links to each other on the described VPN information of configuration;
Behind the described operator device start, send the VPN configuration request message to described server;
Described server sends to described operator equipment with described VPN information;
The interface that described operator equipment has forbidden binding VPN according to described VPN information inserts vpn service.
3, method according to claim 2 is characterized in that, described step B ' comprising:
B1 ', described user send authentication request message to described operator equipment;
B2 ', described operator equipment send to described server with described authentication request and authenticate;
B3 ', described server are to the described equipment return authentication result of operator.
4, method according to claim 3 is characterized in that,
Finish to described user's verification process with to the layoutprocedure of described VPN information by the same server that links to each other with described operator equipment; Perhaps
Finish to described user's verification process with to the layoutprocedure of described VPN information by aaa server that links to each other with described operator equipment and vpn server respectively.
5, method according to claim 1 is characterized in that, described method also comprises step:
After described user leaves, forbid that the interface of described user's correspondence inserts vpn service.
6, a kind of method that improves safety of VPN user is characterized in that, described method comprises step:
A, the user that request is inserted described Virtual Private Network authenticate;
B, after described authentication is passed through, on operator's equipment that described user asks to insert, finish the configuration of this user profile.
7, claim 6 described method in base area is characterized in that, is finished to described user's verification process with to the layoutprocedure of described user profile by the server that links to each other with described operator equipment.
8, method according to claim 6 is characterized in that, described steps A specifically comprises:
A11, described user send authentication request to described operator equipment;
A12, described operator equipment send to described server with described authentication request and authenticate;
A13, described server are to the described equipment return authentication result of operator.
9, method according to claim 7 is characterized in that, also comprises step before described steps A:
Configuration and subscriber-related VPN information on described server.
10, method according to claim 9 is characterized in that, described step B specifically comprises:
B11, described server will send to described operator equipment with described subscriber-related VPN information;
B12, described operator equipment are finished the binding of described user's access interface and VPN according to described user's configuration information.
11, method according to claim 7 is characterized in that, also comprises step before described steps A:
All VPN information of configuration on described server;
Behind the described operator device start, send the common configuration request message to described server;
After described server is received described common configuration request message, will send to described operator equipment with the VPN information that the user has nothing to do.
12, method according to claim 7 is characterized in that, is finished to described user's verification process with to the layoutprocedure of described user profile by aaa server that links to each other with described operator equipment and vpn server respectively.
13, method according to claim 6 is characterized in that, described method also comprises step:
After described user leaves, the unit deletion of described operator and this subscriber-related VPN information.
14, a kind of system that improves safety of VPN user comprises: subscriber equipment and coupled operator's equipment, it is characterized in that, and also comprise:
Server, link to each other with described operator equipment, be used to finish to the access authentication of described subscriber equipment or finish the access authentication of described subscriber equipment and the configuration of VPN information, described server issues the VPN configuration information to described operator equipment finishing the authentication back.
15, a kind of system that improves safety of VPN user comprises: subscriber equipment and coupled operator's equipment, it is characterized in that, and also comprise:
Aaa server links to each other with described operator equipment, is used to finish the access authentication to described subscriber equipment;
Vpn server links to each other with described operator equipment, is used for authentication and finishes the back to the corresponding user VPN of operator's equipment disposition information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510077084XA CN100409630C (en) | 2005-06-15 | 2005-06-15 | Method and system for increasing safety of VPN user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510077084XA CN100409630C (en) | 2005-06-15 | 2005-06-15 | Method and system for increasing safety of VPN user |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1725723A true CN1725723A (en) | 2006-01-25 |
| CN100409630C CN100409630C (en) | 2008-08-06 |
Family
ID=35924972
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB200510077084XA Expired - Fee Related CN100409630C (en) | 2005-06-15 | 2005-06-15 | Method and system for increasing safety of VPN user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100409630C (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011147334A1 (en) * | 2010-11-30 | 2011-12-01 | 华为技术有限公司 | Method, device and system for providing virtual private network service |
| CN103166909A (en) * | 2011-12-08 | 2013-06-19 | 上海贝尔股份有限公司 | Access method and device and system of virtual network system |
| CN103618603A (en) * | 2013-11-25 | 2014-03-05 | 网神信息技术(北京)股份有限公司 | Access method and device for multi-protocol label switching network |
| CN103634171A (en) * | 2012-08-24 | 2014-03-12 | 中兴通讯股份有限公司 | Dynamic configuration method, device and system |
| CN113691545A (en) * | 2021-08-26 | 2021-11-23 | 中国电信股份有限公司 | Routing control method and device, electronic equipment and computer readable medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1241366C (en) * | 2001-06-19 | 2006-02-08 | 中兴通讯股份有限公司 | Allocation method of wide band access user |
| CN1180582C (en) * | 2001-06-21 | 2004-12-15 | 华为技术有限公司 | Configuration management system for VPN with multi-label protocol switch and its dividing method |
| US20040230681A1 (en) * | 2002-12-06 | 2004-11-18 | John Strassner | Apparatus and method for implementing network resources to provision a service using an information model |
| CN1254059C (en) * | 2002-12-10 | 2006-04-26 | 华为技术有限公司 | Method of realizing special multiple-protocol label exchanging virtual network |
-
2005
- 2005-06-15 CN CNB200510077084XA patent/CN100409630C/en not_active Expired - Fee Related
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011147334A1 (en) * | 2010-11-30 | 2011-12-01 | 华为技术有限公司 | Method, device and system for providing virtual private network service |
| CN102480403A (en) * | 2010-11-30 | 2012-05-30 | 华为技术有限公司 | Method for providing virtual private network service, device and system |
| CN102480403B (en) * | 2010-11-30 | 2014-12-10 | 华为技术有限公司 | Method for providing virtual private network service, device and system |
| CN103166909A (en) * | 2011-12-08 | 2013-06-19 | 上海贝尔股份有限公司 | Access method and device and system of virtual network system |
| CN103166909B (en) * | 2011-12-08 | 2016-06-22 | 上海贝尔股份有限公司 | The cut-in method of a kind of Virtual Networking System, device and system |
| CN103634171A (en) * | 2012-08-24 | 2014-03-12 | 中兴通讯股份有限公司 | Dynamic configuration method, device and system |
| CN103618603A (en) * | 2013-11-25 | 2014-03-05 | 网神信息技术(北京)股份有限公司 | Access method and device for multi-protocol label switching network |
| CN113691545A (en) * | 2021-08-26 | 2021-11-23 | 中国电信股份有限公司 | Routing control method and device, electronic equipment and computer readable medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100409630C (en) | 2008-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1855926A (en) | Method and system for contributing DHCP addresses safely | |
| CN1836400A (en) | Controlling data link layer elements with network layer elements | |
| CN1941753A (en) | IP interconnected gateway in next-generation Internet and method for interconnecting IP domain | |
| CN1649320A (en) | System and its method for guaranteeing service quality in virtual special net based network | |
| CN1747400A (en) | System and realization for dynamic cooperating service quality in next generation network | |
| CN1859614A (en) | Method, device and system for radio transmission | |
| CN1929380A (en) | Public key certificate state obtaining and verification method | |
| CN1866880A (en) | Fault detecting method in next generation network | |
| CN1929398A (en) | Security setting method in wireless communication network, storage medium, network system and client device | |
| CN1713623A (en) | Network connection system, network connection method, and switch used therefor | |
| CN101079807A (en) | A mesh relaying method and IP communication system for controlling media transmission path | |
| CN1553741A (en) | Method and system for providing user network roam | |
| CN1901449A (en) | Method for connecting network | |
| CN101039311A (en) | Identification web page service network system and its authentication method | |
| CN1725723A (en) | Method and system for increasing safety of VPN user | |
| CN1731725A (en) | Access control method and apparatus | |
| CN1848799A (en) | Method for realizing virtual special network | |
| CN1946024A (en) | Method and system for identifying service block | |
| CN1863113A (en) | System and method for implementing multi-user access in LAN terminal | |
| CN1658547A (en) | Crytographic keys distribution method | |
| CN1941695A (en) | Method and system for generating and distributing key during initial access network process | |
| CN1518302A (en) | Communication system, communication method and terminal | |
| CN1697424A (en) | Method for carrying out private security data communication base on decimal communication numbers | |
| CN1665238A (en) | Networking system for next generation network | |
| CN1767493A (en) | System and method for realizing VOIP service crossing LAN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080806 Termination date: 20200615 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |