WO2012149745A1 - Procédé, dispositif et système de transmission à multiplexage de données - Google Patents
Procédé, dispositif et système de transmission à multiplexage de données Download PDFInfo
- Publication number
- WO2012149745A1 WO2012149745A1 PCT/CN2011/079809 CN2011079809W WO2012149745A1 WO 2012149745 A1 WO2012149745 A1 WO 2012149745A1 CN 2011079809 W CN2011079809 W CN 2011079809W WO 2012149745 A1 WO2012149745 A1 WO 2012149745A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- address
- private network
- logical
- security gateway
- tunnel
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
Definitions
- the present invention relates to the field of communications technologies, and in particular, to a data split transmission method, apparatus, and system. Background technique
- IP Security IP Security
- IP Security IP Security
- IP Security IP Security
- Figure 1 is a schematic diagram of a system structure in which IPsec is applied in the prior art.
- the source device, the security gateway, and the destination device communicate through the public network IP, and the source device and the security gateway supporting the IPsec client protocol (at least the IPSec server are supported).
- An IPSec tunnel is established between the side protocols for secure data transmission, and data is routed to the destination device through the security gateway.
- Embodiments of the present invention provide a data split transmission method, apparatus, and system, which can implement end-to-end data isolation between a source device and multiple destination devices.
- the source device requests the security gateway for the private network IP address of at least two logical tunnels in the Internet Protocol security IPsec tunnel;
- the source device Obtaining, by the source device, a private network IP address of the at least two logical tunnels and corresponding relationship information with each destination device;
- the source device maps the data stream sent to the destination device to the corresponding logical tunnel according to the correspondence information, and transmits the data flow to the security gateway, so that the security gateway will receive the data stream. Send to the corresponding destination device.
- a data shunt transmission method includes:
- the security gateway receives the request of the source device for the private network IP address of at least two logical tunnels in the IPsec tunnel;
- the security gateway allocates a private network IP address to at least two logical tunnels in the IPsec tunnel, and feeds back the private network IP address of the at least two logical tunnels to the source device;
- the security gateway receives the data stream sent by the source device through different logical tunnels; the security gateway identifies the received data stream according to the private network IP address of the at least two logical tunnels, and according to at least two logical tunnels The corresponding relationship between the private network IP address and each destination device sends the identified data stream to the corresponding destination device.
- a communication device comprising:
- An address requesting unit configured to request, from the security gateway, a private network IP address of at least two logical tunnels in the IPsec tunnel;
- An address receiving unit configured to obtain a private network IP address of the at least two logical tunnels and corresponding relationship information with each destination device;
- a data isolation unit configured to map, according to the correspondence information, a data flow sent to each destination device to a corresponding logical tunnel, and transmit the data flow to the security gateway, so that the security gateway receives the data flow Send to the corresponding destination device.
- a security gateway including:
- a request receiving unit configured to receive, by the source device, a request for a private network IP address of at least two logical tunnels in the IPsec tunnel;
- An address allocation unit configured to separately allocate a private network IP address to at least two logical tunnels in the IPsec tunnel, and feed back, to the source device, a private network IP address of the at least two logical tunnels;
- a data shunt transmission system includes a source device, a security gateway, and at least two destination devices, where
- the source device is configured to request, by the security gateway, a private network IP address of at least two logical tunnels in the IPsec tunnel; obtain a private network IP address of the at least two logical tunnels, and a corresponding relationship between each of the destination devices And mapping, according to the correspondence information, the data stream sent to each destination device to a corresponding logical tunnel, and transmitting the data stream to the security gateway, so that the security gateway sends the received data stream to the Corresponding destination device.
- a plurality of logical tunnels are set up in an IPsec tunnel, so that the source device can transmit data streams sent to different destination devices through different logical tunnels, and the data is shunted by the security gateway, and finally sent to the corresponding
- the destination device realizes the end-to-end secure transmission of data, such as splitting the service flow and the data flow, that is, ensuring data security and ensuring data isolation, which can better support the networking, and the method is implemented.
- To save external resources, such as IP addresses, ports, etc. it is possible to use end-to-end secure transmission with existing equipment more reasonably. This method is simple to implement, and this solution can be completed by standard protocols.
- FIG. 1 is a schematic structural diagram of a system for applying IPsec in the prior art
- FIG. 2 is a flowchart of a data split transmission method according to an embodiment of the present invention.
- FIG. 3a is a flowchart of another data split transmission method according to an embodiment of the present invention.
- Figure 3b is a schematic diagram of end-to-end data shunt transmission in the embodiment shown in Figure 3a;
- FIG. 4 is a schematic diagram of an IPSec tunnel negotiation between a source device and a security gateway in the embodiment shown in FIG. 3a;
- FIG. 5 is a schematic diagram of an IKE-SA-AUTH exchange between a source device and a security gateway in the embodiment shown in FIG. 3a;
- Figure 6 is a diagram showing the source device and the security gateway performing CREATE_CHILD-SA handover in the embodiment shown in Figure 3a. Schematic diagram of the exchange;
- FIG. 7 is a schematic structural diagram of a communication device according to an embodiment of the present invention.
- FIG. 8 is a schematic structural diagram of a security gateway according to an embodiment of the present invention.
- FIG. 9 is a schematic structural diagram of another security gateway according to an embodiment of the present invention.
- FIG. 10 is a schematic structural diagram of a data split transmission system according to an embodiment of the present invention.
- FIG. 2 is a flowchart of a data split transmission method according to an embodiment of the present invention.
- the method can include:
- Step 201 The source device requests the security gateway to request a private network IP address of at least two logical tunnels in the IPsec tunnel.
- the source device can exchange messages with the security gateway or through the source device and the security gateway.
- the other newly added interactive message is negotiated with the security gateway to request the private network IP address of the logical tunnel in the IPsec tunnel.
- the source device can also request the private network IP address of the logical tunnel, such as the network management system, from other intermediate network elements.
- the number of the logical tunnels is at least two, so as to implement isolation of at least two sets of data flows, and the request may also carry other information such as a network segment of the private network IP address to be allocated.
- Step 202 The source device obtains a private network IP address of at least two logical tunnels and corresponding relationship information with each destination device.
- the source device obtains the private network IP address of the logical tunnel and its corresponding relationship with each destination device.
- the private network IP address of the logical tunnel obtained by the source device may be allocated by the security gateway or the network management system. Sent to the source device.
- the mapping between the private IP address of the logical tunnel and the destination device may be pre-assigned by the source device when requesting the private IP address of the logical tunnel, or may be assigned by the security gateway or the network management device as needed.
- the corresponding relationship is informed to the source device. For example, when the source device initiates the logical tunnel private network IP address request, the request includes the network segment of the private network IP address of the logical tunnel corresponding to each destination device, and the security gateway allocates the network segment according to the specified network segment.
- the source device After the IP address of the private network is received, the source device obtains the mapping between the private IP address of the logical tunnel and the destination device. The corresponding relationship may be further notified by the source device to the security gateway. Of course, the source device and the security gateway may pre-negotiate the destination device corresponding to the specified network segment, and the security gateway receives the network segment specified by the source device and allocates the private network accordingly. After the IP address, the above correspondence can be obtained.
- the security gateway allocates the private network IP address, and establishes the correspondence between the private network IP address of each logical tunnel and the peer destination device. The security gateway then sends the private network IP address of the logical tunnel and its correspondence with the destination device to the source device.
- the security gateway allocates the private network IP address, and the network management system assigns the correspondence between the private network IP address of the logical tunnel and the destination device, and then The gateway sends the correspondence to the source device and the security gateway.
- the security gateway allocates the private network IP address, and the network management system assigns the correspondence between the private network IP address of the logical tunnel and the destination device, and then The gateway sends the correspondence to the source device and the security gateway.
- the private network IP addresses of each logical tunnel are different. Further, they can be in different network segments. Correspondence between the private IP address of the logical tunnel and the destination device, for example:
- the corresponding relationship may be divided into multiple lists for storage, and the specific storage form is not limited, and the foregoing correspondence may be included in the security gateway.
- Step 203 The source device maps the data stream sent to each destination device to the corresponding logical tunnel according to the correspondence information, and transmits the data stream to the security gateway.
- the source device determines a logical tunnel corresponding to each data flow according to the correspondence information between the private network IP address of the received logical tunnel and each destination device. For example, the data stream 1 to be sent by the source device to the destination device 1 is sent to the private network. In the logical tunnel 1 corresponding to the network IP address 1, the data stream to be sent by the source device to the destination device 2 is sent to the logical tunnel 2 corresponding to the private network IP address 2.
- the source device After determining the logical tunnel corresponding to the data flow, the source device according to the private network IP address of each logical tunnel The address maps each data stream into a corresponding logical tunnel, for example, mapping data stream 1 into logical tunnel 1 and data stream 2 into logical tunnel 2.
- the process of mapping the data stream to the corresponding logical tunnel is a process of isolating the sent data.
- the specific mapping process may be to insert the private network IP address of the corresponding logical tunnel into the data.
- the source device After the data flow mapping is completed, the source device sends each data stream to the security gateway through a different logical tunnel. After receiving the data flow of each logical tunnel, the security gateway can identify each data flow according to the private network IP address of the logical tunnel, that is, the private network IP address of the logical tunnel inserted in the data flow, and then according to each logical tunnel.
- the corresponding relationship between the private network IP address and the destination device, and the identified data stream is sent to the corresponding destination device, for example, the data stream carrying the private network IP address 1 and the data stream transmitted by the logical tunnel 1 is received, according to The corresponding relationship between the private network IP address of the logical tunnel 1 and the destination device 1 is sent to the destination device 1 to complete the end-to-end data split transmission of the data from the source device to the destination device.
- the process of obtaining the correspondence between the IP address of the logical tunnel private network and the destination device by the security gateway may be as described in step 202.
- a plurality of logical tunnels are set up in an IPsec tunnel, so that the source device can transmit data streams sent to different destination devices through different logical tunnels, and the data is shunted by the security gateway, and finally sent to the corresponding
- the destination device realizes the end-to-end secure transmission of data, such as splitting the service flow and the data flow, that is, ensuring data security and ensuring data isolation, which can better support the networking, and the method is implemented.
- To save external resources, such as IP addresses, ports, etc. it is possible to use end-to-end secure transmission with existing equipment more reasonably. This method is simple to implement, and this solution can be completed by standard protocols.
- FIG. 3a a flowchart of another data split transmission method according to an embodiment of the present invention is shown.
- FIG. 3b An example of the end-to-end data split transmission in this embodiment is as shown in FIG. 3b.
- the two logical tunnels are set up in an IPsec tunnel as an example.
- the method may include:
- Step 301 The source device and the security gateway establish a pair of IKE SAs through IKE-SA-INIT exchange.
- IKEv2-based IPSec tunnel negotiation process between the source device and the security gateway, as shown in Figure 4, the establishment of a pair of IKE SAs and a pair of IPSec SAs is completed through IKE-SA-INIT exchange and IKE-SA-AUTH exchange.
- IKE-SA-AUTH exchange Through the CREATE-CHILD-SA exchange, another pair of IPSec SAs is established.
- the source device and the security gateway can complete the establishment of the IPSec tunnel.
- the IKE SA AUTH and CREATE - CHILD - SA two exchanges are adjusted to create multiple IPSec logical tunnels.
- the process of establishing a pair of IKE SAs through IKE-SA-INIT exchange is not adjusted, which is the same as the prior art. I won't go into details here.
- Step 302 The source device sends the first exchange information to the security gateway, where the exchange information includes the request for obtaining the private network IP address of the first logical tunnel in the IPsec tunnel and the designated private network IP address of the first logical tunnel. Network segment.
- the IKE-SA-AUTH exchange information in the prior art can be adjusted as the first exchange information.
- the source device requests the security gateway to request the first logical tunnel in the IPsec tunnel through the exchange message. Private network IP address.
- the exchange message may carry a CP and a TSr payload, where the CP payload indicates that an IP address needs to be obtained; the TSr payload: indicates which network segment is desired to obtain an address; and the remaining payloads are carried as needed, and FIG. 5 is only an example.
- Step 303 The source device sends the second exchange information to the security gateway, where the exchange information includes the request for obtaining the private network IP address of the second logical tunnel in the IPsec tunnel and the network to which the private network IP address of the second logical tunnel belongs. segment.
- the information exchange and the CREATE_CHILD-SA exchange information can be adjusted as the second exchange information.
- the source device requests the security gateway to request the private network of the second logical tunnel in the IPsec tunnel through the exchange message. IP address.
- the information exchange and the CREATE-CHILD-SA exchange message may respectively carry the CP and the TSR payload, where the CP payload indicates that the IP address needs to be obtained; the TSr payload: indicates which network segment is desired to obtain the address; Carrying, Figure 6 is only an example.
- the private network IP addresses of the logical tunnels specified by the source device belong to different network segments, and the different network segments correspond to different logical tunnels and different destination devices, for example, the private network IP address of the first network segment specified by the source device.
- the address is corresponding to the destination device 1
- the private network IP address of the designated second network segment is corresponding to the destination device 2.
- the corresponding relationship between the specified network segment and the destination device may be negotiated by the source device and the security gateway in advance; in other embodiments, the subsequent security gateway may allocate the private network IP address according to the specified network segment.
- the source device obtains the private network IP address, it informs the security gateway of the corresponding relationship between the private network IP address of the logical tunnel and the destination device.
- Step 304 After receiving the exchange message of the source device, the security gateway is the logic in the IPsec tunnel.
- the tunnels are assigned private network IP addresses, and the mappings between the private IP addresses of the logical tunnels and the destination devices are established.
- the security gateway allocates the first logical tunnel according to the network segment to which the private IP address of the first logical tunnel specified in the IKE-SA-AUTH exchange information belongs, that is, the TSr payload in the IKE-SA-AUTH exchange information.
- the IP address of the private network, and the correspondence between the private network IP address of the first logical tunnel and the first destination device is established according to the correspondence between the specified network segment and the destination device negotiated by the source device and the security gateway.
- the security gateway allocates a private network to the second logical tunnel according to the network segment to which the private IP address of the second logical tunnel specified in the information exchange and CREATE_CHILD-SA exchange information belongs, that is, according to the TSR payload in the exchange information.
- the IP address, and the correspondence between the private network IP address of the second logical tunnel and the second destination device is established according to the correspondence between the specified network segment and the destination device negotiated by the source device and the security gateway.
- the security gateway may allocate a private network IP address for the first logical tunnel, and after receiving the request of step 303, allocate a private network IP address for the second logical tunnel, and may also receive After all the requests are received, the private network IP address is assigned to each logical tunnel, and the mapping relationship between the private IP address of the logical tunnel and the destination device is established.
- the source device and the security gateway can complete the establishment of two logical tunnels, and then the source device can map the data to different logical tunnels for end-to-end secure transmission.
- the process of establishing the second logical tunnel may be repeated.
- the security gateway repeatedly allocates the private network IP address.
- Step 305 The source device maps the data stream sent to each destination device to the corresponding logical tunnel according to the private network IP address of each logical tunnel and the corresponding relationship information with each destination device, and transmits the data to the security gateway.
- the source device receives the private network IP address of the two logical tunnels sent by the security gateway, and further obtains the corresponding relationship between the private network IP address of the logical tunnel and the destination device according to the pre-designated network segment, and then sends the data to the destination device.
- the data is mapped to the corresponding logical tunnel, and the mapping process is similar to the step 203 in the foregoing embodiment, and details are not described herein again.
- Step 306 The security gateway receives the data stream sent by the source device through different logical tunnels.
- Step 307 The security gateway identifies the received data stream according to the private network IP address of the logical tunnel in the data, and sends the identified data stream according to the correspondence between the private network IP address of the two logical tunnels and each destination device. To the corresponding destination device.
- a plurality of logical tunnels are set up in an IPsec tunnel, so that the source device can transmit data streams sent to different destination devices through different logical tunnels, and the data is shunted by the security gateway, and finally sent to the corresponding
- the destination device realizes the end-to-end secure transmission of data, such as splitting the service flow and the data flow, that is, ensuring data security and ensuring data isolation, which can better support the networking, and the method is implemented.
- To save external resources, such as IP addresses, ports, etc. it is possible to use end-to-end secure transmission with existing equipment more reasonably. This method is simple to implement, and this solution can be completed by standard protocols.
- FIG. 7 a schematic structural diagram of a communication device according to an embodiment of the present invention is shown.
- the communication device can include:
- the address requesting unit 701 is configured to request a private network IP address of at least two logical tunnels in the IPsec tunnel.
- the address receiving unit 702 is configured to obtain a private network IP address of the at least two logical tunnels and corresponding relationship information with each destination device.
- the data isolation unit 703 is configured to map, according to the correspondence information, a data flow sent to each destination device to a corresponding logical tunnel, and transmit the data to the security gateway, so that the security gateway will receive the data.
- the stream is sent to the corresponding destination device.
- the address requesting unit 701 of the communication device can exchange messages with the security gateway.
- the private network IP address of the logical tunnel in the IPsec tunnel is requested by the security gateway, and the number of the logical tunnel is at least two.
- the address receiving unit 702 obtains the private network IP address of the at least two logical tunnels and the correspondence between the private network addresses of the logical tunnels, and obtains the private network IP address of the logical tunnel and its correspondence with each destination device.
- the private network IP address of the obtained logical tunnel can be obtained by a security gateway or a network management system.
- the corresponding relationship between the private network IP address of the logical tunnel and the destination device that is allocated and sent to the address receiving unit 702 may also be pre-designated by the address requesting unit 701 when requesting the private network IP address of the logical tunnel, or may be specified. After the security gateway or the network management device allocates the information as needed, the corresponding relationship is notified to the address receiving unit 702.
- the data isolation unit 703 determines a logical tunnel corresponding to each data stream, and after determining the logical tunnel corresponding to the data flow, maps each data flow to a corresponding logical tunnel according to the private network IP address of each logical tunnel, and maps the data flow.
- the process of the corresponding logical tunnel is a process of isolating the transmitted data.
- each data stream is sent to the security gateway through a different logical tunnel.
- the security gateway can identify each data flow according to the private network IP address of the logical tunnel, and then identify the data according to the correspondence between the private network IP address of the logical tunnel and the destination device. The stream is sent to the corresponding destination device.
- the communication device in the embodiment of the present invention implements the end-to-end data transmission security of the data through the above-mentioned unit, for example, the service flow and the data flow are separately transmitted, that is, the data security is ensured and the data isolation is ensured, and the group can be better supported.
- the network, and the method realizes saving external resources, such as an IP address, a port, etc., and can realize the end-to-end secure transmission by using the existing equipment more reasonably.
- the method is simple to implement, and the solution can be completed by using a standard protocol.
- the address requesting unit in the communications device may further include: a first requesting subunit, configured to exchange information by using the first exchange information, such as IKE_SA_AUTH, when the logical tunnel is two Requesting the security gateway to obtain the private IP address of the first logical tunnel.
- a first requesting subunit configured to exchange information by using the first exchange information, such as IKE_SA_AUTH, when the logical tunnel is two Requesting the security gateway to obtain the private IP address of the first logical tunnel.
- a second request subunit configured to: when the logical tunnel is two, pass the second exchange information, such as
- the SA exchange information requests the security gateway to obtain the private IP address of the second logical tunnel.
- the first exchange information and the second exchange information include a specified network segment of the requested private network IP address, and the private network IP addresses of the logical tunnels belong to different network segments.
- FIG. 8 is a schematic structural diagram of a security gateway according to an embodiment of the present invention.
- the security gateway can include:
- the request receiving unit 801 is configured to receive, by the source device, a request for a private network IP address of at least two logical tunnels in the IPsec tunnel;
- the address allocation unit 802 is configured to separately allocate a private network IP address to at least two logical tunnels in the IPsec tunnel, and feed back, to the source device, a private network IP address of the at least two logical tunnels;
- the data receiving unit 803 is configured to receive a data stream that is sent by the source device by using a different logical tunnel.
- the data offloading unit 804 is configured to identify the received data stream according to the private network IP address of the at least two logical tunnels, and according to at least two The data relationship between the private IP address of the logical tunnel and the destination device sends the identified data stream to the corresponding destination device.
- the request receiving unit 801 After receiving the request of the source device for the private network IP address of at least two logical tunnels in the IPsec tunnel, the request receiving unit 801 respectively allocates a private network IP address for the logical tunnel by the address assigning unit 802, and feeds back the above information to the source device.
- the source device maps the different data streams to the respective logical tunnels according to the foregoing information, and then transmits the data stream to the security gateway, and the data receiving unit 803 receives the data stream, and the data stream splitting unit 804 identifies the data stream and distributes the data stream to the corresponding destination device.
- Transmission such as the transmission of traffic and data streams, guarantees data security and data isolation, which can better support networking.
- this method saves external resources, such as IP addresses, ports, etc. More reasonable use of existing equipment to achieve end-to-end secure transmission, the method is simple to implement, this solution can be completed using standard protocols.
- FIG. 9 is a schematic structural diagram of another security gateway according to an embodiment of the present invention.
- the security gateway may also include a request receiving unit 901, an address assigning unit 902, a data receiving unit 903, and a data splitting unit 904.
- the request receiving unit 901 may further include:
- the first receiving subunit 9011 is configured to: when the logical tunnel is two, receive first exchange information, such as IKE_SA_AUTH exchange information, sent by the source device to request to obtain a private network IP address of the first logical tunnel;
- first exchange information such as IKE_SA_AUTH exchange information
- the second receiving subunit 9012 is configured to: when the logical tunnel is two, receive second exchange information, such as Informational exchange and CREATE, sent by the source device to request a private network IP address of the second logical tunnel.
- second exchange information such as Informational exchange and CREATE
- the first exchange information and the second exchange information include a specified network segment of the requested private network IP address.
- the private network IP addresses of logical tunnels belong to different network segments.
- the address allocation unit 902 is specifically configured to allocate a private network IP address for each of the two logical tunnels in the IPsec tunnel according to the specified network segment of the requested private network IP address included in the first exchange information and the second exchange information.
- the data receiving unit 903 and the data distributing unit 904 are similar to the data receiving unit 803 and the data distributing unit 804 in the foregoing embodiments, and details are not described herein again.
- Transmission such as the transmission of traffic and data streams, guarantees data security and data isolation, which can better support networking.
- this method saves external resources, such as IP addresses, ports, etc. More reasonable use of existing equipment to achieve end-to-end secure transmission, the method is simple to implement, this solution can be completed using standard protocols.
- FIG. 10 is a schematic structural diagram of a data split transmission system according to an embodiment of the present invention.
- the system can include a source device 1001, a security gateway 1002, and at least two destination devices 1003.
- the source device 1001 is configured to request at least two logical tunnels from the security gateway 1002.
- the system realizes end-to-end data transmission and secure transmission.
- the service flow and the data flow are transmitted separately, that is, the data security is ensured and the data isolation is ensured, which can better support the networking, and the method achieves the saving.
- External resources such as IP addresses, ports, etc., can make more reliable use of existing devices to achieve end-to-end secure transmission. This method is simple to implement, and this solution can be completed by standard protocols.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
L'invention porte sur un procédé de transmission à multiplexage de données d'extrémité, comprenant les opérations suivantes : un dispositif source demande à une passerelle de sécurité les adresses IP de réseau privé d'au moins deux tunnels logiques dans un tunnel de sécurité de protocole Internet (IPsec); le dispositif source obtient les adresses IP de réseau privé des au moins deux tunnels logiques et des informations concernant la corrélation entre celles-ci et chaque dispositif destinataire; le dispositif source mappe le flux de données envoyé à chaque dispositif destinataire au tunnel logique correspondant et le transmet à la passerelle de sécurité conformément aux informations de corrélation, de sorte que la passerelle de sécurité envoie les flux de données reçus au dispositif destinataire correspondant. Le procédé réalise une transmission à multiplexage de données de bout en bout sécurisée.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201180001855.0A CN102742247B (zh) | 2011-09-19 | 2011-09-19 | 一种数据分路传输方法及装置、系统 |
PCT/CN2011/079809 WO2012149745A1 (fr) | 2011-09-19 | 2011-09-19 | Procédé, dispositif et système de transmission à multiplexage de données |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2011/079809 WO2012149745A1 (fr) | 2011-09-19 | 2011-09-19 | Procédé, dispositif et système de transmission à multiplexage de données |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012149745A1 true WO2012149745A1 (fr) | 2012-11-08 |
Family
ID=46995195
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2011/079809 WO2012149745A1 (fr) | 2011-09-19 | 2011-09-19 | Procédé, dispositif et système de transmission à multiplexage de données |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN102742247B (fr) |
WO (1) | WO2012149745A1 (fr) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104601550B (zh) * | 2014-12-24 | 2020-08-11 | 国家电网公司 | 基于集群阵列的反向隔离文件传输系统及其方法 |
CN109218157B (zh) * | 2017-07-04 | 2020-10-09 | 大唐移动通信设备有限公司 | 一种虚拟专用网络系统的数据处理方法、装置和系统 |
CN107204994B (zh) * | 2017-07-24 | 2019-09-17 | 杭州迪普科技股份有限公司 | 一种基于IKEv2确定保护网段的方法和装置 |
CN116074038B (zh) * | 2022-11-29 | 2023-08-22 | 杭州海兴电力科技股份有限公司 | 一种用于IPv6数据安全传输的网关系统及方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101136778A (zh) * | 2006-08-02 | 2008-03-05 | 美国凹凸微系有限公司 | 防火墙/vpn安全网关设备的基于vpn配置的策略 |
CN101188542A (zh) * | 2006-11-17 | 2008-05-28 | 华为技术有限公司 | 建立ip隧道的方法及系统及分发ip地址的装置 |
CN101364910A (zh) * | 2007-08-09 | 2009-02-11 | 中兴通讯股份有限公司 | 一种自组织网络的系统和方法 |
WO2010043254A1 (fr) * | 2008-10-15 | 2010-04-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Accès sécurisé au sein d'un réseau de communication |
CN101998442A (zh) * | 2009-08-10 | 2011-03-30 | 北京三星通信技术研究有限公司 | 一种远程接入方法和系统 |
-
2011
- 2011-09-19 WO PCT/CN2011/079809 patent/WO2012149745A1/fr active Application Filing
- 2011-09-19 CN CN201180001855.0A patent/CN102742247B/zh active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101136778A (zh) * | 2006-08-02 | 2008-03-05 | 美国凹凸微系有限公司 | 防火墙/vpn安全网关设备的基于vpn配置的策略 |
CN101188542A (zh) * | 2006-11-17 | 2008-05-28 | 华为技术有限公司 | 建立ip隧道的方法及系统及分发ip地址的装置 |
CN101364910A (zh) * | 2007-08-09 | 2009-02-11 | 中兴通讯股份有限公司 | 一种自组织网络的系统和方法 |
WO2010043254A1 (fr) * | 2008-10-15 | 2010-04-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Accès sécurisé au sein d'un réseau de communication |
CN101998442A (zh) * | 2009-08-10 | 2011-03-30 | 北京三星通信技术研究有限公司 | 一种远程接入方法和系统 |
Also Published As
Publication number | Publication date |
---|---|
CN102742247A (zh) | 2012-10-17 |
CN102742247B (zh) | 2015-09-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107810627B (zh) | 用于建立媒体会话的方法和装置 | |
US7561586B2 (en) | Method and apparatus for providing network VPN services on demand | |
EP2136504B1 (fr) | Procédé d'émission et de réception, appareil et système pour la politique de sécurité d'une session en multidiffusion | |
US7917948B2 (en) | Method and apparatus for dynamically securing voice and other delay-sensitive network traffic | |
US8272046B2 (en) | Network mobility over a multi-path virtual private network | |
WO2006010648A2 (fr) | Procedes et systemes de communication securises | |
WO2009021428A1 (fr) | Dispositif de protection sécurisé et procédé permettant le transfert de messages | |
US10411994B2 (en) | Multi-link convergence method, server, client, and system | |
CN101515896B (zh) | 安全套接字层协议报文转发方法、装置、系统及交换机 | |
WO2011144154A1 (fr) | Procédé, dispositif et système d'attribution d'adresse de protocole internet de réseau externe dans une fonction d'intercommunication à traduction d'adresse réseau | |
JP2006262466A (ja) | リレーによって割り当てられるポート数を削減する方法およびシステム | |
WO2009129707A1 (fr) | Procédé, appareil et système de communication pour envoyer et recevoir des informations entre réseaux locaux | |
WO2010020151A1 (fr) | Procédé, appareil et système de traitement de paquet | |
US20100303072A1 (en) | Multicast Source Mobility | |
WO2016180020A1 (fr) | Procédé, dispositif et système de traitement de message | |
WO2007019809A1 (fr) | Procede et systeme d'etablissement d'un canal direct point par point | |
US11647069B2 (en) | Secure remote computer network | |
WO2012149745A1 (fr) | Procédé, dispositif et système de transmission à multiplexage de données | |
WO2008134971A1 (fr) | Procédé, système et dispositif d'auto-réalisation de la liaison du dispositif de gestion et du dispositif géré | |
KR20060132639A (ko) | 자원 공유 광대역 액세스 시스템, 방법, 및 장치 | |
WO2013020267A1 (fr) | Procédé, système et dispositif d'attribution d'adresse ip | |
CN109547392B (zh) | 一种在sdn网络中支持多用户隔离的加密接入方法及系统 | |
KR101686995B1 (ko) | 소프트웨어 정의 네트워크와 네트워크 기능 가상화를 이용하는 IPSec VPN 장치, IPSec VPN 시스템 및 IPSec VPN 방법 | |
TWI504213B (zh) | 第三代合作夥伴計劃網路中位址轉譯器穿越方法 | |
KR101329968B1 (ko) | IPSec VPN 장치들 사이의 보안 정책을 결정하기 위한 방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201180001855.0 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11864861 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11864861 Country of ref document: EP Kind code of ref document: A1 |