WO2016138811A1 - Redirection method and related device - Google Patents

Redirection method and related device Download PDF

Info

Publication number
WO2016138811A1
WO2016138811A1 PCT/CN2016/073157 CN2016073157W WO2016138811A1 WO 2016138811 A1 WO2016138811 A1 WO 2016138811A1 CN 2016073157 W CN2016073157 W CN 2016073157W WO 2016138811 A1 WO2016138811 A1 WO 2016138811A1
Authority
WO
WIPO (PCT)
Prior art keywords
responder
initiator
negotiation
redirection
initial
Prior art date
Application number
PCT/CN2016/073157
Other languages
French (fr)
Chinese (zh)
Inventor
曾信
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2016138811A1 publication Critical patent/WO2016138811A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0083Determination of parameters used for hand-off, e.g. generation or modification of neighbour cell lists
    • H04W36/00835Determination of neighbour cell lists
    • H04W36/008355Determination of target cell based on user equipment [UE] properties, e.g. UE service capabilities

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a redirection method and related devices.
  • the responder may initiate a redirect request based on the responder's load balancing or responder failure, etc., and redirect the initiator to other responders. Let the initiator negotiate with the new responder.
  • the RFC5685 protocol supports the IKE init/IKE AUTH/Information phase in the IPsec tunnel negotiation.
  • the responder that is, the security gateway
  • initiates a redirect request to the initiator ie, the base station
  • the initiator ie, the base station
  • the target responder negotiates an IPsec tunnel.
  • the initiator A sends an IKE_SA_INIT Request (IKE-Security-Association-Initial Request) message to the initial responder B1, and the IKE_SA_INIT Request message carries the redirection capability of the initiator A. (REDIRECT_SUPPORT);
  • the initial responder B1 determines whether the IPsec redirection condition is met, and if so, returns an IKE_SA_INIT Response message to the initiator A, where the IKE_SA_INIT Response message carries a redirection request, the redirection request includes the IP address of the target responder B2, and uses Instructing the initiator A to initiate a new IPsec tunnel negotiation to the target responder B2;
  • the initiator A After receiving the redirect request, the initiator A starts a new IPsec tunnel negotiation with the target responder B2.
  • the initiator A to the target responder B2 is unreachable due to a transmission failure or the like, the initiator A and the target responder B2 cannot establish a link in step 3), and initiate an IPsec tunnel with the initial responder B1.
  • Negotiation that is, returning to step 1), will cause initiator A to continually ring at the initial The link between the responder B1 and the target responder B2 establishes a link, and the ping-pong switching effect occurs, causing a heavy air interface burden between the initiator and the responder, and even if the link between the initiator A and the initial responder B1 is Also, due to the redirection operation, the initial responder B1 cannot provide the service to the initiator A, so that the initiator can not be provided with the available responders.
  • the embodiment of the invention provides a redirection method and related device, which can guide the redirection operation according to the redirection history record of the initiator in the negotiation process, so as to improve the negotiation efficiency.
  • a first aspect of the embodiments of the present invention provides a redirection method, where the method includes:
  • the initiator During the negotiation process between the initiator and the initial responder, if the initiator is redirected by the initial responder to the first target responder, the initiator records the corresponding redirect result information;
  • the initiator When the initiator initiates the negotiation with the initial responder, the initiator carries the redirection result information in the negotiation message, so that the initial responder performs a redirection operation according to the redirection result information, where
  • the negotiation message refers to any one of the messages sent by the originating party to the initial responder during the negotiation process.
  • the redirection result information includes the identifier information of the first target responding party, and is used to indicate whether to negotiate Successful instructions;
  • the initiator If the indication information indicates that the negotiation fails, the initiator carries the redirection result information in the negotiation message, so that the initial responder redirects the initiator to the second according to the redirection result information.
  • the initiator carries the redirection result information in the negotiation message, so that the initial responder preferentially redirects the initiator to the redirection result according to the redirection result information.
  • the first target responder is
  • the redirection result information includes a correspondence relationship table, where the correspondence relationship table is established with at least one Corresponding relationship between the identification information of the first target responder and the priority value, wherein if the initial responder redirects the initiator to the first target responder, the improvement is a priority value corresponding to the identifier information of the target responder, if the initial responder fails to redirect the initiator to the first target responder, reducing the priority corresponding to the identifier information of the first target responder Level value
  • the initiator carries the redirection result information in the negotiation message, so that the initial responder preferentially redirects the initiator to the first target responder with a high priority value according to the redirection result information.
  • the negotiation is IPsec tunnel negotiation between the base station and the security gateway;
  • the negotiation message includes an Internet Key Exchange-Security Association-Initialization Request IKE_SA_INIT Request message or an Internet Key Exchange-Authentication Request IKE_AUTH Request message during IPsec tunnel negotiation.
  • a second aspect of the embodiments of the present invention provides a redirection method, where the method includes:
  • the initial responder When the initiator initiates the negotiation with the initial responder, the initial responder receives the negotiation message sent by the initiator, and the negotiation message carries the redirect result information, where the redirect result information is initiated by the initiator. Recording is obtained when the initiator is redirected to the first target responder by the initial responder during the negotiation with the initial responder; the negotiation message is sent by the initial responder by the originating direction during the negotiation process. Any one of the messages, the initial responder may be the same as the initial responder, or may be different;
  • the initial responder performs a redirection operation according to the redirection result information.
  • the redirection result information includes the identifier information of the first target responding party, and is used to indicate whether to negotiate Successful instructions;
  • the initial responder is based on the redirect result letter. Redirecting the initiator to a second target responder or abandoning a redirect operation, wherein the second target responder is different from the first target responder;
  • the initial responder preferentially redirects the initiator to the first target responder according to the redirect result information.
  • the redirection result information includes a correspondence relationship table, where the correspondence relationship table is configured with at least one of the foregoing Corresponding relationship between the identification information of the target responder and the priority value, wherein if the initial responder redirects the initiator to the first target responder successfully, the first target responder is raised The priority value corresponding to the identifier information, if the initial responder fails to redirect the initiator to the first target responder, reducing the priority value corresponding to the identifier information of the first target responder;
  • the initial responder preferentially redirects the initiator to a first target responder with a high priority value according to the redirect result information.
  • the negotiation is IPsec tunnel negotiation between the base station and the security gateway;
  • the negotiation message includes an IKE_SA_INIT Request message or an IKE_AUTH Request message during an IPsec tunnel negotiation process.
  • a third aspect of the embodiments of the present invention provides an initiator device, where the device is used to negotiate with a responder device, where the device includes:
  • a recording unit configured to: during the negotiation process between the initiator device and the initial responder device, if the initiator device is redirected by the initial responder device to the first target responder device, record corresponding redirection result information;
  • a sending unit configured to: when the initiator device initiates negotiation with the initial responder device, carry the redirection result information in the negotiation message, so that the initial responder device performs heavy according to the redirection result information.
  • a directed operation wherein the negotiation message refers to any one of messages sent by the initiator device to the initial responder device during the negotiation process.
  • the redirection result information includes the identifier information of the first target responder device and the indication information used to indicate whether the negotiation is successful.
  • the sending unit is configured to: if the indication information indicates that the negotiation fails, the redirection result information is carried in the negotiation message, so that the initial responder device sends the initiator according to the redirection result information. Redirecting the device to the second target responder device or abandoning the redirect operation, wherein the second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, then the negotiation message is And carrying the redirection result information, so that the initial responder device preferentially redirects the initiator device to the first target responder device according to the redirection result information.
  • the redirection result information includes a correspondence relationship table, where the corresponding relationship table is configured with at least one of the foregoing Corresponding relationship between the identification information of the target responder device and the priority value, wherein if the initial responder device redirects the initiator device to the first target responder device successfully, a priority value corresponding to the identifier information of the target responder device, if the initial responder device fails to redirect the initiator device to the first target responder device, reducing the device with the first target responder device The priority value corresponding to the identification information;
  • the sending unit is configured to carry the redirection result information in the negotiation message, so that the initial responder device preferentially redirects the initiator device to a high priority value according to the redirection result information.
  • the first target responder device is configured to carry the redirection result information in the negotiation message, so that the initial responder device preferentially redirects the initiator device to a high priority value according to the redirection result information.
  • the initiator The device is a base station; the responder device is a security gateway; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; the negotiation message includes an IKE_SA_INIT Request message or an IKE_AUTH Request message during the IPsec tunnel negotiation process.
  • a fourth aspect of the embodiments of the present invention provides a responder device, where the responder device is an initial responder device, and the initial responder device includes:
  • the receiving unit is configured to: when the initiator device initiates the negotiation with the initial responder device, receive the negotiation message sent by the initiator device, where the negotiation message carries the redirection result information, where the redirection result information is The initiator is initiated during the negotiation process with the initial responder. Recording is obtained when the responder redirects to the first target responder; the negotiation message refers to any one of the messages sent by the initiator device to the initial responder device during the negotiation process;
  • An execution unit configured to perform a redirection operation according to the redirection result information.
  • the redirection result information includes the identifier information of the first target responsive device, and is used to indicate whether Instructions for successful negotiation;
  • the executing unit is specifically configured to: if the indication information indicates that the negotiation fails, redirect the initiator device to the second target responder device or abandon the redirect operation according to the redirect result information, where the The second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, preferentially redirecting the initiator device to the first target according to the redirect result information Responder device.
  • the redirection result information includes a correspondence relationship table, where the corresponding relationship table is established with at least one of the foregoing Corresponding relationship between the identification information of the target responder device and the priority value, wherein if the initial responder device redirects the initiator device to the first target responder device successfully, a priority value corresponding to the identifier information of the target responder device, if the initial responder device fails to redirect the initiator device to the first target responder device, reducing the device with the first target responder device The priority value corresponding to the identification information;
  • the executing unit is specifically configured to preferentially redirect the initiator device to a first target responder device with a high priority value according to the redirect result information.
  • the feature is The responder device is a security gateway; the initiator device is a base station; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes an IKE_SA_INIT Request message or an IKE_AUTH in the IPsec tunnel negotiation process. Request message.
  • a fifth aspect of the embodiments of the present invention provides a redirection system, including an initiator device and a responder device for negotiating with the initiator device, where the responder device is an initial responder device.
  • the initiator device is used to negotiate a process between the initiator device and an initial responder device If the initiator device is redirected by the initial responder device to the first target responder device, the corresponding redirect result information is recorded; when the initiator device initiates negotiation with the initial responder device again, The negotiation message carries the redirection result information, so that the initial responder device performs a redirection operation according to the redirection result information, where the negotiation message refers to the initiator device in the negotiation process. Said any one of the messages sent by the initial responder device;
  • the initial responder device is configured to: when the initiator device initiates negotiation with the initial responder device, receive the negotiation message sent by the initiator device;
  • the initial responder device is further configured to perform a redirection operation according to the redirection result information.
  • the redirection result information includes the identifier information of the first target responsive device, and is used to indicate whether Instructions for successful negotiation;
  • the initial responder device is specifically configured to redirect the initiator device to the second target responder device or abandon the redirect operation according to the redirect result information, if the indication information indicates that the negotiation fails, where The second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, the initiator device is preferentially redirected to the first according to the redirect result information A target responder device.
  • the redirection result information includes a correspondence relationship table, where the correspondence relationship table is configured with at least one of the foregoing Corresponding relationship between the identification information of the target responder device and the priority value, wherein if the initial responder device redirects the initiator device to the first target responder device successfully, a priority value corresponding to the identifier information of the target responder device, if the initial responder device fails to redirect the initiator device to the first target responder device, reducing the device with the first target responder device The priority value corresponding to the identification information;
  • the initial responder device is specifically configured to preferentially redirect the initiator device to a first target responder device with a high priority value according to the redirect result information.
  • the initiator The device is a base station; the responder device is a security gateway; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes an IKE_SA_INIT Request during the IPsec tunnel negotiation process. Message or IKE_AUTH Request message.
  • the initiator in the negotiation process between the initiator and the initial responder, if the initiator is redirected to the first target responder by the initial responder, the initiator records the corresponding redirect result information.
  • the redirection history of the initiator in the negotiation process when the initiator initiates the negotiation with the initial responder, the initiator carries the redirection result information in the negotiation message, so that the initial responder according to the weight Directed result information performs a redirect operation.
  • the embodiment of the present invention carries the redirection result information in the negotiation message, so that the initiator can guide the redirection operation according to the redirection history record during the negotiation process, so as to improve the negotiation efficiency.
  • FIG. 1 is a schematic diagram of an embodiment of a redirection method according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of another embodiment of a redirection method according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of another embodiment of a redirection method according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of an embodiment of an initiator device according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of another embodiment of an initiator device according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic diagram of an embodiment of a responder device according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of another embodiment of a responder device according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of an embodiment of a redirection system according to an embodiment of the present invention.
  • the embodiment of the present invention provides a redirection method, which can guide the redirection operation according to the redirection history record of the initiator in the negotiation process, so as to improve the negotiation efficiency.
  • the initiator and the responder are respectively the two ends of the communication process of the negotiation process, wherein the initiator usually refers to the communication end that initiates the negotiation request or sends the first message in the negotiation process, for example, in IPsec.
  • the initiator is the base station
  • the responder is the security gateway
  • the initiator is the terminal device and the responder is the network-side device during the frequency negotiation.
  • the negotiation scenario of the specific application is not limited.
  • the responder that initially negotiates with the initiator is recorded as the initial responder.
  • the initiator is redirected to the target responder if the redirection condition is met.
  • the default initial responder can satisfy the execution condition of the redirection operation.
  • the target responder after performing the redirection operation can be the same communication network element as the initial responder, and can be interchanged under appropriate circumstances, such as a security gateway during IPsec tunnel negotiation, or a differentiated communication.
  • the network element for example, the network side device in the frequency negotiation process
  • the initial responder is the network side device in the first communication network
  • the target responder is the network side device in the second communication network, where the specific application can be negotiated. The scenario or specific needs are determined.
  • an embodiment of the redirection method in the embodiment of the present invention includes:
  • the initiator If the initiator is redirected by the initial responder to the first target responder, the initiator records the corresponding redirect result information.
  • the initiator and the initial responder negotiate through the interaction message. If the initiator is redirected to the first target responder by the initial responder in the process, the initiator records the corresponding redirect. Result information. It can be understood that the result of the initial responder redirecting the initiator to the first target responder may or may not succeed.
  • a certain touch may also be set for recording the redirection result information.
  • the qualified condition is sent, for example, only when it is determined that the initiator is redirected to the first target responder by the initial responder, the initiator records the corresponding redirect result information. At this time, the redirect result information records are all failed. Orientation results.
  • the initiator may negotiate with multiple different initial responders simultaneously or sequentially, and the initiator may record corresponding multiple redirect result information, or perform redirection result information. Live Update.
  • the initiator initiates the negotiation with the initial responder, the initiator carries the redirect result information in the negotiation message, so that the initial responder performs the redirection operation according to the redirect result information.
  • the initiator and the initial responder negotiate through the exchange of the message, and in the negotiation process, the initiator sends an at least one message to the initial responder, and The initiator carries the redirection result information in the negotiation message, so that the initial responder performs the redirection operation according to the redirection result information, where the negotiation message refers to the message sent by the initiator to the initial responder during the negotiation process.
  • the negotiation message refers to the message sent by the initiator to the initial responder during the negotiation process.
  • the initiator and the initial responder complete the negotiation by using four message messages, wherein the first message message and the third message message are sent by the initiator in the originating direction.
  • the negotiation message may be the first message message or the third message message, that is, the redirection result information is carried in the first message message or the third message message. It should be emphasized that since the performing redirect operation is triggered by the redirect request, the negotiation message must be a message before the initiator sends the redirect request in the initial response direction.
  • the initial responder in step 101 may be the same as the initial responder in step 102, or may be different. It may be understood that, in the actual application process, the initiator may be different from one another at the same time or sequentially.
  • the initial responder negotiates and realizes the sharing of the redirect result information between the multiple initial responders through the initiator's negotiation message.
  • the initiator in the negotiation process between the initiator and the initial responder, if the initiator is redirected to the first target responder by the initial responder, the initiator records the corresponding redirect result information.
  • the redirection history of the initiator in the negotiation process when the initiator initiates the negotiation with the initial responder, the initiator carries the redirection result information in the negotiation message, so that the initial responder according to the weight Directed result information performs a redirect operation. Therefore, the embodiment of the present invention carries the redirection result information in the negotiation message, so that the initiator is negotiating.
  • the redirection history can be used to guide the redirection process to improve the negotiation efficiency.
  • the redirection result information is used as the redirection history record of the initiator in the negotiation process, and may be used to guide the redirection operation when the initiator initiates the negotiation again.
  • the execution of the redirection operation specifically includes:
  • the redirection result information includes the identification information of the first target responder and the indication information for indicating whether the negotiation is successful, and the initiator carries the redirection result information in the negotiation message, so that the initial responder according to the weight Targeting result information performing a redirection operation may include:
  • the initiator If the indication information indicates that the negotiation fails, the initiator carries the redirection result information in the negotiation message, so that the initial responder redirects the initiator to the second target responder or gives up the redirection according to the redirection result information.
  • the record of the redirect failure is used to direct the initial responder to redirect the initiator to other target responders (ie, the second target responder) other than the first target responder, and the second target responder negotiates with the initiator. And establishing a communication link between the initiator and the second target responder to provide services for the initiator by the second target responder; or, in order to ensure that the negotiation is prioritized, using the record of the redirect failure to guide the initial.
  • the responder abandons the redirection operation, continues to negotiate with the initiator by the initial responder, and establishes a communication link between the initiator and the second target responder to provide service to the initiator by the initial responder.
  • the identifier information of the first target responder may be the IP address information.
  • the identifier information of the target responder may be uniquely identified.
  • the indication information used to indicate the negotiation failure may be an error code.
  • other indication codes or indication parameters may also be used, which are not limited herein.
  • the initiator If the indication message indicates that the negotiation is successful, the initiator carries the redirection result information in the negotiation message, so that the initial responder preferentially redirects the initiator to the first target responder according to the redirection result information.
  • the record of successful redirection is used to guide the initial responder to preferentially redirect the initiator to the first target responder that has been successfully negotiated, and the first target responder negotiates with the initiator, and establishes the initiator and the first a communication link between the two target responders to provide service to the initiator by the first target responder, optionally when multiple first target responders have been successfully negotiated,
  • the responding party can randomly select one of them, or according to the number of successful previous consultations, preferentially select the one with the highest number of successful negotiation, or select one of the most successful ones, where the initial responder selects the first target response.
  • the party is not limited.
  • the redirection result information includes a correspondence relationship table, where the mapping relationship between the identification information of the at least one first target responding party and the priority value is established, and the initiator carries the redirection in the negotiation message.
  • the result information such that the initial responder performs the redirection operation according to the redirection result information, may include:
  • the initiator carries the redirection result information in the negotiation message, so that the initial responder preferentially redirects the initiator to the first target responder with a high priority value according to the redirection result information.
  • the initiator responds to the corresponding redirect result information
  • the priority value corresponding to the identifier information of the first target responder is increased, if the initial If the responder fails to redirect the initiator to the first target responder, the priority value corresponding to the identifier information of the first target responder is decreased, so as to establish the identifier information and the priority value of the at least one first target responder.
  • the priority value of the first target responder is recorded in the correspondence table. It can be understood that the initial responder will according to the redirect result information. The initiator redirects to the first target responder with a higher priority value, and also updates the correspondence table accordingly.
  • FIG. 1 The embodiment shown in FIG. 1 is described from the perspective of the initiator.
  • the redirection method in the embodiment of the present invention is described in detail from the perspective of the responder (specifically, the initial responder).
  • FIG. 2 Another embodiment of the redirection method in the embodiment includes:
  • the initial responder receives the negotiation message sent by the initiator.
  • the negotiation message carries the redirection result information, wherein the redirection result information is that the initiator is redirected to the first target responder by the initial responder during the negotiation process with the initial responder.
  • the record is obtained, that is, before the initiator initiates the negotiation with the initial responder, the initiator and the initial responder negotiate through the interaction message. If the initiator is initially activated in the process, the initiator is initially activated. The responder redirects to the first target responder, and the initiator records the corresponding redirect result information. It can be understood that the result of the initial responder redirecting the initiator to the first target responder may or may not succeed. It can be understood that, in an actual application process, the initiator may negotiate with multiple different initial responders simultaneously or sequentially, and the initiator may record corresponding multiple redirect result information, or perform redirection result information. Live Update.
  • the initiator and the initial responder negotiate through the interaction message, and in the negotiation process, the initiator sends an at least one message to the initial responder, where
  • the negotiation message refers to any one of the messages sent by the initial responder in the initiating direction during the negotiation process.
  • the initiator and the initial responder complete the negotiation by using four message messages, where The first message message and the third message message are sent by the initial responder in the originating direction, and the negotiation message may be the first message message or the third message message, that is, the first message message. Or the third packet message carries the redirect result information.
  • the negotiation message since the performing redirect operation is triggered by the redirect request, the negotiation message must be a message before the initiator sends the redirect request in the initial response direction.
  • the initial responder recorded in the redirection result may be the same as the initial responder in this step, or may be different. It can be understood that, in the actual application process, the initiator may simultaneously or sequentially A different initial responder negotiates and shares the redirection result information between the multiple initial responders through the initiator's negotiation message.
  • the initial responder performs a redirection operation according to the redirection result information in the negotiation message.
  • the redirection result information is used as the redirection history record of the initiator in the negotiation process, and may be used to guide the initial responder to perform the redirection operation when the initiator initiates the negotiation again, which is embodied in the initial responder.
  • the redirection result information it is determined whether to redirect to the target responder or how to select the target target responder when it is required to redirect to the target responder.
  • the following example illustrates how the initial responder performs the redirection result information according to the negotiation message. For directional operations, specifically:
  • the redirection result information includes the identification information of the first target responding party and the indication information for indicating whether the negotiation is successful, and the initial responding party performing the redirection operation according to the redirection result information may include:
  • the initial responder will The initiator redirects to the second target responder or discards the redirect operation, wherein the second target responder is different from the first target responder;
  • the initial responder redirects the initiator to other target responders (ie, the second target responder) other than the first target responder according to the record of the redirect failure, and the second target responder negotiates with the initiator. And establishing a communication link between the initiator and the second target responder, so that the second target responder provides the service for the initiator; or in order to ensure the negotiation priority, the initial responder according to the record of the redirect failure.
  • the redirection operation is abandoned, the initial responder continues to negotiate with the initiator, and a communication link between the initiator and the second target responder is established to provide services for the initiator by the initial responder.
  • the identifier information of the first target responder may be the IP address information.
  • the identifier information of the target responder may be uniquely identified.
  • the indication information used to indicate the negotiation failure may be an error code.
  • other indication codes or indication parameters may also be used, which are not limited herein.
  • the initial responder preferentially redirects the initiator to the first target responder according to the redirect result information.
  • the initial responder preferentially redirects the initiator to the first target responder that has been successfully negotiated according to the record of the successful redirect, and the first target responder negotiates with the initiator, and establishes the initiator and the second.
  • a communication link between the target responders to provide service to the initiator by the first target responder optionally, when a plurality of previously targeted first target responders are involved, the initial responder may randomly select One of them, or according to the number of previous successful negotiations, preferentially selects the one with the highest number of successful negotiation, or selects one that has been successfully negotiated the most, and specifically does not limit how the initial responder selects the first target responder.
  • the redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence relationship between the identification information of the at least one first target responder and the priority value, whereby the initial responder performs the redirection result information according to the redirection result information.
  • Redirection operations can include:
  • the initial responder preferentially redirects the initiator to the first target responder with a high priority value according to the redirect result information.
  • the priority corresponding to the identifier information of the first target responder is increased. a value, if the initial responder fails to redirect the initiator to the first target responder, reducing the priority value corresponding to the identifier information of the first target responder, so as to establish identification information of the at least one first target responder and The correspondence between priority values.
  • the priority value of the first target responder is recorded in the correspondence table. It can be understood that the initial responder will according to the redirect result information. The initiator redirects to the first target responder with a higher priority value, and also updates the correspondence table accordingly.
  • the initial responder performs the redirection operation according to the redirection result information in the negotiation message.
  • the initial responder may also utilize the redirection result information. Perform the redirection operation in other modes.
  • the specific redirection operation process is not limited here.
  • FIG. 3 another embodiment of the redirection method in the embodiment of the present invention includes:
  • IPsec tunnel negotiation is used as a specific application scenario.
  • the following is a brief introduction to IPsec tunnel negotiation:
  • IPsec is a security architecture defined by the Internet Engineering Task Force (IETF). It is applied to the IP layer and consists of the AH (Authentication Header), ESP (Encapsulation Security Payload), and IKE (Internet Key Exchange) protocols. IPsec tunnel negotiation mainly includes two phases:
  • Phase 1 Establish an IKE SA on the network to provide protection and fast negotiation for the second phase.
  • a communication channel is created through negotiation, and the channel is authenticated to provide confidentiality, message integrity, and message source authentication services for further IKE communication.
  • the second phase Under the protection of the IKE SA established in the first phase, the IPSec SA negotiates a specific SA to establish an IPSec SA for the final secure transmission of IP data.
  • the RFC5685 protocol supports the IKE init/IKE AUTH/Information phase negotiated by the IPsec tunnel, and the SeGW initiates a redirect request to the base station, so that The base station negotiates an IPsec tunnel with a Selected SeGW (Selected Security Gateway).
  • the initial SeGW that performs IPsec tunnel negotiation with the base station is taken as an example:
  • the base station sends an IKE_SA_INIT Request message to the Initial SeGW.
  • the IKE_SA_INIT Request message carries the redirection capability of the base station (REDIRECT_SUPPORT).
  • the base station initiates IPsec tunnel negotiation by using the IKE_SA_INIT Request message as the first message.
  • Initial SeGW determines whether the IPsec redirection condition is met, and if so, step 303 is performed;
  • the first Initial SeGW determines whether the IPsec redirection condition is met, for example, according to the load status of the first Initial SeGW, and in some special application scenarios.
  • Step 302 can be omitted, as the IPsec redirection condition is met by default.
  • the Initial SeGW sends an IKE_SA_INIT Response message to the base station.
  • the IKE_SA_INIT Response message carries a redirect request (REDIRECT_REQUEST), and the REDIRECT_REQUEST includes the IP address of the first selected SeGW, and is used to instruct the base station to initiate IPsec tunnel negotiation for the first Selected SeGW.
  • REDIRECT_REQUEST includes the IP address of the first selected SeGW, and is used to instruct the base station to initiate IPsec tunnel negotiation for the first Selected SeGW.
  • the base station sends an IKE_INIT Request message to the first selected SeGW, and performs IPsec tunnel negotiation with the first selected SeGW.
  • the IKE_SA_INIT Response message carries a redirect source (REDIRECT_FROM).
  • the base station initiates IPsec tunnel negotiation to the first selected SeGW through the IKE_SA_INIT Response message, so as to redirect the base station to the first Selected SeGW.
  • the specific process of the IPsec tunnel negotiation may refer to the existing related standards and the requirements of the subsequent related standards, and details are not described herein again. It can be understood that, in order to avoid resource waste, the IKE_SA that has been established between the base station and the Initial SeGW can be deleted before the base station is redirected to the first selected SeGW.
  • the base station records the negotiation result of the IPsec tunnel negotiation with the first selected SeGW, and obtains the redirection result information (REDIRECT_RESULT).
  • the REDIRECT_RESULT includes the identifier information of the first selected SeGW and the indication information for indicating whether the negotiation is successful.
  • the identifier information of the first selected SeGW may be IP address information
  • the indication information indicating that the negotiation fails may be It is a Last Redirect Failed error code.
  • the REDIRECT_RESULT includes the Last Redirect Failed error code and the IP address information of the first Selected SeGW as an example to describe how to use the redirect result information to guide the execution of the redirection operation:
  • the base station sends an IKE_SA_INIT Request message to the Initial SeGW again.
  • step 306 is different from step 301 in that the IKE_SA_INIT Request message also carries REDIRECT_RESULT.
  • Initial SeGW determines the second Selected SeGW according to REDIRECT_RESULT
  • step 307 before performing step 307, it may also be determined whether the IPsec redirection condition is met. If it is determined that the IPsec redirection condition is met, the second Selected SeGW is determined according to REDIRECT_RESULT.
  • the Initial SeGW sends an IKE_SA_INIT Response message to the base station.
  • the IKE_SA_INIT Response message carries the REDIRECT_REQUEST, and the REDIRECT_REQUEST includes the IP address of the second selected SeGW, and is used to instruct the base station to initiate IPsec tunnel negotiation for the second selected SeGW.
  • the base station sends an IKE_INIT Request message to the second selected SeGW, and performs IPsec tunnel negotiation with the second selected SeGW.
  • the IKE_SA_INIT Response message carries a redirect source (REDIRECT_FROM).
  • the base station initiates IPsec tunnel negotiation to the second selected SeGW through the IKE_SA_INIT Response message, so as to redirect the base station to the second selected SeGW.
  • the Initial SeGW can be instructed to find a selected SeGW (ie, the second selected SeGW) other than the first Selected SeGW for the base station to perform IPsec tunnel negotiation with the base station by the second selected SeGW to avoid the ping-pong effect. .
  • the Initial SeGW directly abandons the redirection operation according to the REDIRECT_RESULT, and then continues to negotiate with the base station by the Initial SeGW, and establishes the base station and the Initial SeGW. The communication link between them to serve the base station by the Initial SeGW.
  • the foregoing messages may also be messages corresponding to other names having the same function, which are not limited herein.
  • the IKE_SA_INIT Request message/IKE_SA_INIT Response message corresponds to the IKE init phase of the IPsec tunnel negotiation.
  • the Initial SeGW sends the REDIRECT_REQUEST to the base station in the IKE init phase as an example.
  • the Initial SeGW can also send the REDIRECT_REQUEST to the base station in the subsequent IKE AUTH/Information phase.
  • the REDIRECT_RESULT can be carried in the IKE_SA_INIT Response message in the IKE init phase or the IKE_AUTH Request message in the IKE AUTH phase. It can be understood that You only need to ensure that the base station has sent REDIRECT_RESULT to the Initial SeGW before the Initial SeGW sends the REDIRECT_REQUEST to the base station. You can configure it according to actual needs.
  • the REDIRECT_SUPPORT is not limited to the IKE init phase of the IPsec tunnel negotiation. In other embodiments, the REDIRECT_SUPPORT may also be carried in the IKE_AUTH Request message in the IKE AUTH phase.
  • An embodiment of an initiator device in an example includes:
  • the recording unit 401 is configured to: during the negotiation process between the initiator device and the initial responder device, if the initiator device is redirected by the initial responder device to the first target responder device, record the corresponding redirect result information. ;
  • the sending unit 402 is configured to: when the initiator device initiates the negotiation with the initial responder device, carry the redirection result information in the negotiation message, so that the initial responder device performs according to the redirection result information.
  • a redirection operation wherein the negotiation message refers to any one of messages sent by the initiator device to the initial responder device during the negotiation process.
  • the negotiation process between the initiator device and the initial responder device if the initiator device is The initial responder device is redirected to the first target responder device, and the recording unit 401 records the corresponding redirect result information; when the initiator device initiates negotiation with the initial responder device again, the sending unit 402 carries the Redirecting result information, so that the initial responder device performs a redirection operation according to the redirection result information, wherein the negotiation message refers to the initial responder device by the initiator device during the negotiation process Any of the messages sent.
  • the recording unit 401 records the corresponding redirect result information.
  • the sending unit 402 carries the foregoing redirection result information in the negotiation message, so that the initial responder according to the weight Directed result information performs a redirect operation.
  • the embodiment of the present invention carries the redirection result information in the negotiation message, so that the initiator can guide the redirection operation according to the redirection history record during the negotiation process, so as to improve the negotiation efficiency.
  • the redirection result information includes the identifier information of the first target responder device and the indication information used to indicate whether the negotiation is successful.
  • the sending unit 402 is specifically configured to: if the indication information indicates that the negotiation fails, the redirection result information is carried in the negotiation message, so that the initial responder device sends the initiating according to the redirection result information.
  • the party device is redirected to the second target responder device or the redirection operation is abandoned, wherein the second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, then the negotiation is performed
  • the message carries the redirection result information, so that the initial responder device preferentially redirects the initiator device to the first target responder device according to the redirection result information.
  • the redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence between the identification information of at least one first target responsive party device and a priority value. And if the initial responder device successfully redirects the initiator device to the first target responder device, increasing a priority value corresponding to the identifier information of the first target responder device, if If the initial responder device fails to redirect the initiator device to the first target responder device, the priority value corresponding to the identifier information of the first target responder device is decreased;
  • the sending unit 402 is specifically configured to carry the redirection result information in the negotiation message, so that the initial responder device preferentially weights the initiator device according to the redirection result information. Directed to the first target responder device with a high priority value.
  • the initiator device is a base station; the responder device is a security gateway; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes IPsec tunnel negotiation.
  • the initiator device in the embodiment of the present invention is described above from the perspective of a modular functional entity. In the technical solution of the present invention, the initiator device in the embodiment of the present invention may also be described from a hardware processing perspective. 5. Another embodiment of the initiator device in the embodiment of the present invention includes:
  • the input device 501, the output device 502, the processor 503, and the memory 504 (wherein the number of processors 503 in the initiator device may be one or more, and one processor 503 is taken as an example in FIG. 5).
  • the input device 501, the output device 502, the processor 503, and the memory 504 may be connected by a bus or other means, wherein the bus connection is taken as an example in FIG.
  • the processor 503 is configured to perform the following steps by calling an operation instruction stored in the memory 504:
  • the redirection result information is carried in the negotiation message, so that the initial responder performs a redirection operation according to the redirection result information, where the negotiation is performed.
  • the message refers to any one of the messages sent by the initial responder in the initiating direction during the negotiation process, and the initial responder may be the same as or different from the initial responder.
  • the redirection result information includes the identification information of the first target responder and the indication information indicating whether the negotiation is successful.
  • the processor 503 may be specifically configured to perform the following steps:
  • the redirection result information is carried in the negotiation message, so that the initial responder redirects the initiator to the second target responder according to the redirection result information or Relining the redirecting operation, wherein the second target responder is different from the first target responder;
  • the redirection result message is carried in the negotiation message. And causing the initial responder to preferentially redirect the initiator to the first target responder according to the redirect result information.
  • the redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence between the identification information of at least one of the first target responders and the priority value, where And if the initial responder redirects the initiator to the first target responder successfully, increasing a priority value corresponding to the identifier information of the first target responder, if the initial responder If the initiator is redirected to the first target responder, the priority value corresponding to the identifier information of the first target responder is decreased.
  • the processor 503 may be specifically configured to perform the following steps:
  • the redirection result information is carried in the negotiation message, so that the initial responder preferentially redirects the initiator to the first target responder with a high priority value according to the redirection result information.
  • the initiator device is a base station; the responder device is a security gateway; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes an IPsec tunnel negotiation process.
  • the initiator device in the embodiment of the present invention is described above.
  • the responder device in the embodiment of the present invention is described below.
  • the responder device is used to negotiate with the initiator device. Referring to FIG. 6, the present invention is implemented.
  • An embodiment of the responder device in the example includes:
  • the responder device is an initial responder device, and the initial responder device includes:
  • the receiving unit 601 is configured to: when the initiator device initiates the negotiation with the initial responder device, receive the negotiation message sent by the initiator device, where the negotiation message carries the redirection result information, where the redirection result information is Recorded by the initiator in the negotiation process with the initial responder if the initiator is redirected to the first target responder by the initial responder; the negotiation message refers to the initiator device in the negotiation process Said any one of the messages sent by the initial responder device;
  • the executing unit 602 is configured to perform a redirection operation according to the redirection result information.
  • the receiving unit 601 receives the negotiation message sent by the initiator device, where the negotiation message carries the redirection result information, where the weight is The orientation result information is obtained by the initiator when the initiator is redirected to the first target responder by the initial responder during the negotiation process with the initial responder; the negotiation message refers to the initiation by the negotiation process. Any one of the messages sent by the party device to the initial responder device; the execution unit 602 performs a redirect operation according to the redirect result information.
  • the redirection result information includes the identifier information of the first target responder device and the indication information used to indicate whether the negotiation is successful.
  • the executing unit 602 is specifically configured to: if the indication information indicates that the negotiation fails, redirect the initiator device to the second target responder device or abandon the redirect operation according to the redirect result information, where The second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, the initiator device is preferentially redirected to the first according to the redirect result information Target responder device.
  • the redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence between the identification information of at least one first target responsive party device and a priority value. And if the initial responder device successfully redirects the initiator device to the first target responder device, increasing a priority value corresponding to the identifier information of the first target responder device, if If the initial responder device fails to redirect the initiator device to the first target responder device, the priority value corresponding to the identifier information of the first target responder device is decreased;
  • the executing unit 602 is specifically configured to preferentially redirect the initiator device to the first target responder device with a high priority value according to the redirection result information.
  • the responder device is a security gateway; the initiator device is a base station; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes IPsec tunnel negotiation.
  • the responsive device in the embodiment of the present invention is described above from the perspective of a modular functional entity. In the technical solution of the present invention, the responsive device in the embodiment of the present invention may also be described from the perspective of hardware processing. 7. Another embodiment of the responder device in the embodiment of the present invention includes:
  • the input device 701, the output device 702, the processor 703, and the memory 704 (wherein the number of processors 703 in the responder device may be one or more, and one processor 703 is taken as an example in FIG. 7).
  • input device 701, output device 702, processor 703, and storage The 704 can be connected by a bus or other means, wherein the connection by a bus is taken as an example in FIG.
  • the processor 703 is configured to perform the following steps by calling an operation instruction stored in the memory 704:
  • the negotiation message receives, by the initiator, the negotiation message sent by the initiator, where the negotiation message carries the redirection result information, where the redirection result information is sent by the initiator and the initial responder. If the initiator is redirected to the first target responder by the initial responder during the negotiation process, the negotiation message refers to any one of the messages sent by the originating party to the initial responder during the negotiation process.
  • the initial responder may be the same as or different from the initial responder;
  • the redirection result information includes the identification information of the first target responding party and the indication information indicating whether the negotiation is successful.
  • the processor 703 may be specifically configured to perform the following steps:
  • the initiator is redirected to the second target responder or the redirect operation is abandoned according to the redirect result information, wherein the second target responder is different from the first a target responder;
  • the initiator is preferentially redirected to the first target responder according to the redirect result information.
  • the redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence between the identification information of at least one of the first target responders and the priority value, where And if the initial responder redirects the initiator to the first target responder successfully, increasing a priority value corresponding to the identifier information of the first target responder, if the initial responder If the initiator is redirected to the first target responder, the priority value corresponding to the identifier information of the first target responder is decreased.
  • the processor 703 may be specifically configured to perform the following steps:
  • the initiator is preferentially redirected to the first target responder with a high priority value according to the redirection result information.
  • the responder device is a security gateway; the initiator device is a base station; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; the negotiation message packet The IKE_SA_INIT Request message or the IKE_AUTH Request message during the IPsec tunnel negotiation process.
  • an embodiment of the redirection system in the embodiment of the present invention includes an initiator.
  • the device 801 and the responder device for negotiating with the initiator device, the responder device is an initial responder device 802;
  • the initiator device 801 is configured to: during the negotiation process between the initiator device and the initial responder device, if the initiator device is redirected by the initial responder device to the first target responder device, the record corresponds to Redirecting result information; when the initiator device initiates negotiation with the initial responder device, the redirection result information is carried in the negotiation message, so that the initial responder device performs according to the redirection result information.
  • a redirecting operation wherein the negotiation message refers to any one of messages sent by the initiator device to the initial responder device during the negotiation process;
  • the initial responder device 802 is configured to: when the initiator device initiates negotiation with the initial responder device, receive the negotiation message sent by the initiator device;
  • the initial responder device 802 is further configured to perform a redirection operation according to the redirection result information.
  • the redirection result information includes the identifier information of the first target responder device and the indication information used to indicate whether the negotiation is successful.
  • the initial responder device 802 is specifically configured to: if the indication information indicates that the negotiation fails, redirect the initiator device to the second target responder device according to the redirect result information or discard the redirect operation, where The second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, the initiator device is preferentially redirected to the The first target responder device.
  • the redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence between the identification information of at least one first target responsive party device and a priority value. And if the initial responder device successfully redirects the initiator device to the first target responder device, increasing a priority value corresponding to the identifier information of the first target responder device, if If the initial responder device fails to redirect the initiator device to the first target responder device, the priority value corresponding to the identifier information of the first target responder device is decreased;
  • the initial responder device 802 is specifically configured to preferentially redirect the initiator device to a first target responder device with a high priority value according to the redirect result information.
  • the initiator device is a base station; the responder device is a security gateway; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes IPsec tunnel negotiation.
  • the disclosed system, apparatus, and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • the technical solution of the present invention which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium. , including a number of instructions to make a computer device (which can be a personal computer, a server, Or a network device or the like) performing all or part of the steps of the method of the various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed in an embodiment of the present invention is a redirection method, whereby a redirection operation can be guided by a historical redirection record of an initiator in the process of negotiation, so as to increase a negotiation efficiency. A method in an embodiment of the present invention comprises: in the process of a negotiation between an initiator and an original responder, if the initiator is redirected by the original responder to a first target responder, recording, by the initiator, corresponding redirection result information; when the initiator reinitiates negotiation with the original responder, carrying, by the initiator, the redirection result information in a negotiation message, such that the original responder executes a redirection operation according to the redirection result information.

Description

一种重定向方法及相关设备Redirection method and related equipment
本申请要求于2015年3月3日提交中国专利局、申请号为201510094979.8、发明名称为“一种重定向方法及相关设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201510094979.8, entitled "A Redirecting Method and Related Equipment", filed on March 3, 2015, the entire contents of in.
技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种重定向方法及相关设备。The present invention relates to the field of communications technologies, and in particular, to a redirection method and related devices.
背景技术Background technique
在两个通信网元(包括发起方和响应方)的协商过程中,基于响应方的负载均衡或者响应方故障等原因,响应方可以发起重定向请求,将该发起方重定向到其他响应方,让发起方与新的响应方协商。During the negotiation process of two communication network elements (including the initiator and the responder), the responder may initiate a redirect request based on the responder's load balancing or responder failure, etc., and redirect the initiator to other responders. Let the initiator negotiate with the new responder.
以IPsec隧道协商为例,RFC5685协议支持在IPsec隧道协商中的IKE init/IKE AUTH/Information阶段,响应方(即安全网关)向发起方(即基站)发起重定向请求,让发起方与新的目标响应方协商IPsec隧道,下面详细介绍支持重定向操作的IPsec隧道协商的部分流程:Taking the IPsec tunnel negotiation as an example, the RFC5685 protocol supports the IKE init/IKE AUTH/Information phase in the IPsec tunnel negotiation. The responder (that is, the security gateway) initiates a redirect request to the initiator (ie, the base station), so that the initiator and the new The target responder negotiates an IPsec tunnel. The following describes in detail the process of IPsec tunnel negotiation that supports redirection:
1)、发起方A向初始响应方B1发送IKE_SA_INIT Request(IKE-Security-Association-Initial Request,Internet密钥交换-安全联盟-初始化请求)消息,该IKE_SA_INIT Request消息携带有发起方A的重定向能力(REDIRECT_SUPPORT);1) The initiator A sends an IKE_SA_INIT Request (IKE-Security-Association-Initial Request) message to the initial responder B1, and the IKE_SA_INIT Request message carries the redirection capability of the initiator A. (REDIRECT_SUPPORT);
2)、初始响应方B1判断是否满足IPsec重定向条件,若是,则向发起方A返回IKE_SA_INIT Response消息,该IKE_SA_INIT Response消息携带重定向请求,该重定向请求包含目标响应方B2的IP地址,并用于指示发起方A对目标响应方B2发起新的IPsec隧道协商;2) The initial responder B1 determines whether the IPsec redirection condition is met, and if so, returns an IKE_SA_INIT Response message to the initiator A, where the IKE_SA_INIT Response message carries a redirection request, the redirection request includes the IP address of the target responder B2, and uses Instructing the initiator A to initiate a new IPsec tunnel negotiation to the target responder B2;
3)发起方A接收到重定向请求后,与目标响应方B2开始新的IPsec隧道协商。3) After receiving the redirect request, the initiator A starts a new IPsec tunnel negotiation with the target responder B2.
然而,若由于传输故障等原因导致发起方A到目标响应方B2是不可达的,则步骤3)中发起方A与目标响应方B2无法建立链路,并重新与初始响应方B1发起IPsec隧道协商,即返回至步骤1),会导致发起方A不断地在初始响 应方B1和目标响应方B2之间循环协商建立链路,出现乒乓切换效应,造成发起方与响应方之间的空口负担较重,且即使发起方A与初始响应方B1的链路是通的,也由于重定向操作而导致初始响应方B1无法为发起方A提供服务,以致无法为发起方提供可用的响应方。However, if the initiator A to the target responder B2 is unreachable due to a transmission failure or the like, the initiator A and the target responder B2 cannot establish a link in step 3), and initiate an IPsec tunnel with the initial responder B1. Negotiation, that is, returning to step 1), will cause initiator A to continually ring at the initial The link between the responder B1 and the target responder B2 establishes a link, and the ping-pong switching effect occurs, causing a heavy air interface burden between the initiator and the responder, and even if the link between the initiator A and the initial responder B1 is Also, due to the redirection operation, the initial responder B1 cannot provide the service to the initiator A, so that the initiator can not be provided with the available responders.
发明内容Summary of the invention
本发明实施例提供了一种重定向方法及相关设备,可根据发起方在协商过程中的重定向历史记录来指导重定向操作,以提高协商效率。The embodiment of the invention provides a redirection method and related device, which can guide the redirection operation according to the redirection history record of the initiator in the negotiation process, so as to improve the negotiation efficiency.
本发明实施例的第一方面提供一种重定向方法,所述方法包括:A first aspect of the embodiments of the present invention provides a redirection method, where the method includes:
在发起方与初始响应方的协商过程中,若所述发起方被所述初始响应方重定向至第一目标响应方,所述发起方记录对应的重定向结果信息;During the negotiation process between the initiator and the initial responder, if the initiator is redirected by the initial responder to the first target responder, the initiator records the corresponding redirect result information;
当所述发起方再次与初始响应方发起协商时,所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息执行重定向操作,其中,所述协商消息指在协商过程中由所述发起方向所述初始响应方发送的消息中的任意一个。When the initiator initiates the negotiation with the initial responder, the initiator carries the redirection result information in the negotiation message, so that the initial responder performs a redirection operation according to the redirection result information, where The negotiation message refers to any one of the messages sent by the originating party to the initial responder during the negotiation process.
结合本发明实施例的第一方面,在本发明实施例的第一方面的第一种实现方式中,所述重定向结果信息包括所述第一目标响应方的标识信息以及用于指示是否协商成功的指示信息;With reference to the first aspect of the embodiments of the present invention, in a first implementation manner of the first aspect of the embodiments, the redirection result information includes the identifier information of the first target responding party, and is used to indicate whether to negotiate Successful instructions;
则所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息执行重定向操作包括:And the performing, by the initiator, the redirection result information in the negotiation message, so that the initial responding party performs the redirection operation according to the redirection result information, including:
若所述指示信息指示协商失败,则所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息将所述发起方重定向至第二目标响应方或者放弃重定向操作,其中,所述第二目标响应方不同于所述第一目标响应方;If the indication information indicates that the negotiation fails, the initiator carries the redirection result information in the negotiation message, so that the initial responder redirects the initiator to the second according to the redirection result information. The target responder or abandon the redirect operation, wherein the second target responder is different from the first target responder;
若所述指示消息指示协商成功,则所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息优先选择将所述发起方重定向至所述第一目标响应方。If the indication message indicates that the negotiation is successful, the initiator carries the redirection result information in the negotiation message, so that the initial responder preferentially redirects the initiator to the redirection result according to the redirection result information. The first target responder.
结合本发明实施例的第一方面,在本发明实施例的第一方面的第二种实现方式中,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一 个所述第一目标响应方的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方将所述发起方重定向至第一目标响应方成功,则提高与所述第一目标响应方的标识信息对应的优先级数值,若所述初始响应方将所述发起方重定向至第一目标响应方失败,则降低与所述第一目标响应方的标识信息对应的优先级数值;With reference to the first aspect of the embodiments of the present invention, in a second implementation manner of the first aspect of the embodiments, the redirection result information includes a correspondence relationship table, where the correspondence relationship table is established with at least one Corresponding relationship between the identification information of the first target responder and the priority value, wherein if the initial responder redirects the initiator to the first target responder, the improvement is a priority value corresponding to the identifier information of the target responder, if the initial responder fails to redirect the initiator to the first target responder, reducing the priority corresponding to the identifier information of the first target responder Level value
则所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息执行重定向操作包括:And the performing, by the initiator, the redirection result information in the negotiation message, so that the initial responding party performs the redirection operation according to the redirection result information, including:
所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息优先将所述发起方重定向至优先级数值高的第一目标响应方。The initiator carries the redirection result information in the negotiation message, so that the initial responder preferentially redirects the initiator to the first target responder with a high priority value according to the redirection result information.
结合本发明实施例的第一方面、第一方面的第一种至第二种实现方式中的任意一种,在本发明实施例的第一方面的第三种实现方式中,所述协商为基站与安全网关之间的IPsec隧道协商;With reference to the first aspect of the embodiment of the present invention, any one of the first to the second implementation manners of the first aspect, in the third implementation manner of the first aspect of the embodiment of the present invention, the negotiation is IPsec tunnel negotiation between the base station and the security gateway;
所述协商消息包括IPsec隧道协商过程中的Internet密钥交换-安全联盟-初始化请求IKE_SA_INIT Request消息或者Internet密钥交换-认证请求IKE_AUTH Request消息。The negotiation message includes an Internet Key Exchange-Security Association-Initialization Request IKE_SA_INIT Request message or an Internet Key Exchange-Authentication Request IKE_AUTH Request message during IPsec tunnel negotiation.
本发明实施例的第二方面提供一种重定向方法,所述方法包括:A second aspect of the embodiments of the present invention provides a redirection method, where the method includes:
当发起方与初始响应方发起协商时,所述初始响应方接收所述发起方发送的协商消息,所述协商消息携带有重定向结果信息,其中,所述重定向结果信息是由发起方在其与初始响应方的协商过程中若发起方被初始响应方重定向至第一目标响应方时进行记录得到;所述协商消息指在协商过程中由所述发起方向所述初始响应方发送的消息中的任意一个,所述初始响应方与所述初始响应方可以相同,也可以不同;When the initiator initiates the negotiation with the initial responder, the initial responder receives the negotiation message sent by the initiator, and the negotiation message carries the redirect result information, where the redirect result information is initiated by the initiator. Recording is obtained when the initiator is redirected to the first target responder by the initial responder during the negotiation with the initial responder; the negotiation message is sent by the initial responder by the originating direction during the negotiation process. Any one of the messages, the initial responder may be the same as the initial responder, or may be different;
所述初始响应方根据所述重定向结果信息执行重定向操作。The initial responder performs a redirection operation according to the redirection result information.
结合本发明实施例的第二方面,在本发明实施例的第二方面的第一种实现方式中,所述重定向结果信息包括所述第一目标响应方的标识信息以及用于指示是否协商成功的指示信息;With reference to the second aspect of the embodiments of the present invention, in a first implementation manner of the second aspect of the embodiment, the redirection result information includes the identifier information of the first target responding party, and is used to indicate whether to negotiate Successful instructions;
则所述初始响应方根据所述重定向结果信息执行重定向操作包括:And performing, by the initial responder, the redirection operation according to the redirection result information includes:
若所述指示信息指示协商失败,则所述初始响应方根据所述重定向结果信 息将所述发起方重定向至第二目标响应方或者放弃重定向操作,其中,所述第二目标响应方不同于所述第一目标响应方;If the indication information indicates that the negotiation fails, the initial responder is based on the redirect result letter. Redirecting the initiator to a second target responder or abandoning a redirect operation, wherein the second target responder is different from the first target responder;
若所述指示消息指示协商成功,则所述初始响应方根据所述重定向结果信息优先选择将所述发起方重定向至所述第一目标响应方。If the indication message indicates that the negotiation is successful, the initial responder preferentially redirects the initiator to the first target responder according to the redirect result information.
结合本发明实施例的第二方面,在本发明实施例的第二方面的第二种实现方式中,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方将所述发起方重定向至第一目标响应方成功,则提高与所述第一目标响应方的标识信息对应的优先级数值,若所述初始响应方将所述发起方重定向至第一目标响应方失败,则降低与所述第一目标响应方的标识信息对应的优先级数值;With reference to the second aspect of the embodiments of the present invention, in a second implementation manner of the second aspect of the embodiment, the redirection result information includes a correspondence relationship table, where the correspondence relationship table is configured with at least one of the foregoing Corresponding relationship between the identification information of the target responder and the priority value, wherein if the initial responder redirects the initiator to the first target responder successfully, the first target responder is raised The priority value corresponding to the identifier information, if the initial responder fails to redirect the initiator to the first target responder, reducing the priority value corresponding to the identifier information of the first target responder;
则所述初始响应方根据所述重定向结果信息执行重定向操作包括:And performing, by the initial responder, the redirection operation according to the redirection result information includes:
所述初始响应方根据所述重定向结果信息优先将所述发起方重定向至优先级数值高的第一目标响应方。The initial responder preferentially redirects the initiator to a first target responder with a high priority value according to the redirect result information.
结合本发明实施例的第二方面、第二方面的第一种至第二种实现方式中的任意一种,在本发明实施例的第二方面的第三种实现方式中,所述协商为基站与安全网关之间的IPsec隧道协商;With reference to the second aspect of the embodiment of the present invention, the first to the second implementation manner of the second aspect, in the third implementation manner of the second aspect of the embodiment of the present invention, the negotiation is IPsec tunnel negotiation between the base station and the security gateway;
所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。The negotiation message includes an IKE_SA_INIT Request message or an IKE_AUTH Request message during an IPsec tunnel negotiation process.
本发明实施例的第三方面提供一种发起方设备,用于与响应方设备进行协商,所述设备包括:A third aspect of the embodiments of the present invention provides an initiator device, where the device is used to negotiate with a responder device, where the device includes:
记录单元,用于在发起方设备与初始响应方设备的协商过程中,若所述发起方设备被所述初始响应方设备重定向至第一目标响应方设备,记录对应的重定向结果信息;a recording unit, configured to: during the negotiation process between the initiator device and the initial responder device, if the initiator device is redirected by the initial responder device to the first target responder device, record corresponding redirection result information;
发送单元,用于当所述发起方设备再次与初始响应方设备发起协商时,在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息执行重定向操作,其中,所述协商消息指在协商过程中由所述发起方设备向所述初始响应方设备发送的消息中的任意一个。a sending unit, configured to: when the initiator device initiates negotiation with the initial responder device, carry the redirection result information in the negotiation message, so that the initial responder device performs heavy according to the redirection result information. A directed operation, wherein the negotiation message refers to any one of messages sent by the initiator device to the initial responder device during the negotiation process.
结合本发明实施例的第三方面,在本发明实施例的第三方面的第一种实现 方式中,所述重定向结果信息包括所述第一目标响应方设备的标识信息以及用于指示是否协商成功的指示信息;In conjunction with the third aspect of the embodiments of the present invention, the first implementation of the third aspect of the embodiment of the present invention In the manner, the redirection result information includes the identifier information of the first target responder device and the indication information used to indicate whether the negotiation is successful.
所述发送单元,具体用于若所述指示信息指示协商失败,则在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息将所述发起方设备重定向至第二目标响应方设备或者放弃重定向操作,其中,所述第二目标响应方设备不同于所述第一目标响应方设备;若所述指示消息指示协商成功,则在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息优先选择将所述发起方设备重定向至所述第一目标响应方设备。The sending unit is configured to: if the indication information indicates that the negotiation fails, the redirection result information is carried in the negotiation message, so that the initial responder device sends the initiator according to the redirection result information. Redirecting the device to the second target responder device or abandoning the redirect operation, wherein the second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, then the negotiation message is And carrying the redirection result information, so that the initial responder device preferentially redirects the initiator device to the first target responder device according to the redirection result information.
结合本发明实施例的第三方面,在本发明实施例的第三方面的第二种实现方式中,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方设备的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备成功,则提高与所述第一目标响应方设备的标识信息对应的优先级数值,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备失败,则降低与所述第一目标响应方设备的标识信息对应的优先级数值;With reference to the third aspect of the embodiments of the present invention, in a second implementation manner of the third aspect of the embodiments, the redirection result information includes a correspondence relationship table, where the corresponding relationship table is configured with at least one of the foregoing Corresponding relationship between the identification information of the target responder device and the priority value, wherein if the initial responder device redirects the initiator device to the first target responder device successfully, a priority value corresponding to the identifier information of the target responder device, if the initial responder device fails to redirect the initiator device to the first target responder device, reducing the device with the first target responder device The priority value corresponding to the identification information;
所述发送单元,具体用于在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息优先将所述发起方设备重定向至优先级数值高的第一目标响应方设备。The sending unit is configured to carry the redirection result information in the negotiation message, so that the initial responder device preferentially redirects the initiator device to a high priority value according to the redirection result information. The first target responder device.
结合本发明实施例的第三方面、第三方面的第一种至第二种实现方式中的任意一种,在本发明实施例的第三方面的第三种实现方式中,所述发起方设备为基站;所述响应方设备为安全网关;所述协商为基站与安全网关之间的IPsec隧道协商;所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。With reference to the third aspect of the embodiments of the present invention, any one of the first to the second implementation manners of the third aspect, in the third implementation manner of the third aspect of the embodiment of the present invention, the initiator The device is a base station; the responder device is a security gateway; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; the negotiation message includes an IKE_SA_INIT Request message or an IKE_AUTH Request message during the IPsec tunnel negotiation process.
本发明实施例的第四方面提供一种响应方设备,用于与发起方设备进行协商,所述响应方设备为初始响应方设备,所述初始响应方设备包括:A fourth aspect of the embodiments of the present invention provides a responder device, where the responder device is an initial responder device, and the initial responder device includes:
接收单元,用于当发起方设备与初始响应方设备发起协商时,接收所述发起方设备发送的协商消息,所述协商消息携带有重定向结果信息,其中,所述重定向结果信息是由发起方在其与初始响应方的协商过程中若发起方被初始 响应方重定向至第一目标响应方时进行记录得到;所述协商消息指在协商过程中由所述发起方设备向所述初始响应方设备发送的消息中的任意一个;The receiving unit is configured to: when the initiator device initiates the negotiation with the initial responder device, receive the negotiation message sent by the initiator device, where the negotiation message carries the redirection result information, where the redirection result information is The initiator is initiated during the negotiation process with the initial responder. Recording is obtained when the responder redirects to the first target responder; the negotiation message refers to any one of the messages sent by the initiator device to the initial responder device during the negotiation process;
执行单元,用于根据所述重定向结果信息执行重定向操作。An execution unit, configured to perform a redirection operation according to the redirection result information.
结合本发明实施例的第四方面,在本发明实施例的第四方面的第一种实现方式中,所述重定向结果信息包括所述第一目标响应方设备的标识信息以及用于指示是否协商成功的指示信息;With reference to the fourth aspect of the embodiments of the present invention, in a first implementation manner of the fourth aspect of the embodiments, the redirection result information includes the identifier information of the first target responsive device, and is used to indicate whether Instructions for successful negotiation;
所述执行单元,具体用于若所述指示信息指示协商失败,则根据所述重定向结果信息将所述发起方设备重定向至第二目标响应方设备或者放弃重定向操作,其中,所述第二目标响应方设备不同于所述第一目标响应方设备;若所述指示消息指示协商成功,则根据所述重定向结果信息优先选择将所述发起方设备重定向至所述第一目标响应方设备。The executing unit is specifically configured to: if the indication information indicates that the negotiation fails, redirect the initiator device to the second target responder device or abandon the redirect operation according to the redirect result information, where the The second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, preferentially redirecting the initiator device to the first target according to the redirect result information Responder device.
结合本发明实施例的第四方面,在本发明实施例的第四方面的第二种实现方式中,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方设备的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备成功,则提高与所述第一目标响应方设备的标识信息对应的优先级数值,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备失败,则降低与所述第一目标响应方设备的标识信息对应的优先级数值;With reference to the fourth aspect of the embodiments of the present invention, in a second implementation manner of the fourth aspect of the embodiments of the present disclosure, the redirection result information includes a correspondence relationship table, where the corresponding relationship table is established with at least one of the foregoing Corresponding relationship between the identification information of the target responder device and the priority value, wherein if the initial responder device redirects the initiator device to the first target responder device successfully, a priority value corresponding to the identifier information of the target responder device, if the initial responder device fails to redirect the initiator device to the first target responder device, reducing the device with the first target responder device The priority value corresponding to the identification information;
所述执行单元,具体用于根据所述重定向结果信息优先将所述发起方设备重定向至优先级数值高的第一目标响应方设备。The executing unit is specifically configured to preferentially redirect the initiator device to a first target responder device with a high priority value according to the redirect result information.
结合本发明实施例的第四方面、第四方面的第一种至第二种实现方式中的任意一种,在本发明实施例的第四方面的第三种实现方式中,所述其特征在于,所述响应方设备为安全网关;所述发起方设备为基站;所述协商为基站与安全网关之间的IPsec隧道协商;所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。In combination with the fourth aspect of the embodiment of the present invention, the first to the second implementation manner of the fourth aspect, in the third implementation manner of the fourth aspect of the embodiment of the present invention, the feature is The responder device is a security gateway; the initiator device is a base station; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes an IKE_SA_INIT Request message or an IKE_AUTH in the IPsec tunnel negotiation process. Request message.
本发明实施例的第五方面提供一种重定向系统,包括发起方设备以及用于与所述发起方设备进行协商的响应方设备,所述响应方设备为初始响应方设备,A fifth aspect of the embodiments of the present invention provides a redirection system, including an initiator device and a responder device for negotiating with the initiator device, where the responder device is an initial responder device.
所述发起方设备,用于在所述发起方设备与初始响应方设备的协商过程 中,若所述发起方设备被所述初始响应方设备重定向至第一目标响应方设备,记录对应的重定向结果信息;当所述发起方设备再次与初始响应方设备发起协商时,在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息执行重定向操作,其中,所述协商消息指在协商过程中由所述发起方设备向所述初始响应方设备发送的消息中的任意一个;The initiator device is used to negotiate a process between the initiator device and an initial responder device If the initiator device is redirected by the initial responder device to the first target responder device, the corresponding redirect result information is recorded; when the initiator device initiates negotiation with the initial responder device again, The negotiation message carries the redirection result information, so that the initial responder device performs a redirection operation according to the redirection result information, where the negotiation message refers to the initiator device in the negotiation process. Said any one of the messages sent by the initial responder device;
所述初始响应方设备,用于当所述发起方设备与所述初始响应方设备发起协商时,接收所述发起方设备发送的所述协商消息;The initial responder device is configured to: when the initiator device initiates negotiation with the initial responder device, receive the negotiation message sent by the initiator device;
所述初始响应方设备,还用于根据所述重定向结果信息执行重定向操作。The initial responder device is further configured to perform a redirection operation according to the redirection result information.
结合本发明实施例的第五方面,在本发明实施例的第五方面的第一种实现方式中,所述重定向结果信息包括所述第一目标响应方设备的标识信息以及用于指示是否协商成功的指示信息;With reference to the fifth aspect of the embodiments of the present invention, in a first implementation manner of the fifth aspect, the redirection result information includes the identifier information of the first target responsive device, and is used to indicate whether Instructions for successful negotiation;
所述初始响应方设备,具体用于若所述指示信息指示协商失败,则根据所述重定向结果信息将所述发起方设备重定向至第二目标响应方设备或者放弃重定向操作,其中,所述第二目标响应方设备不同于所述第一目标响应方设备;若所述指示消息指示协商成功,则根据所述重定向结果信息优先选择将所述发起方设备重定向至所述第一目标响应方设备。The initial responder device is specifically configured to redirect the initiator device to the second target responder device or abandon the redirect operation according to the redirect result information, if the indication information indicates that the negotiation fails, where The second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, the initiator device is preferentially redirected to the first according to the redirect result information A target responder device.
结合本发明实施例的第五方面,在本发明实施例的第五方面的第二种实现方式中,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方设备的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备成功,则提高与所述第一目标响应方设备的标识信息对应的优先级数值,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备失败,则降低与所述第一目标响应方设备的标识信息对应的优先级数值;With reference to the fifth aspect of the embodiments of the present invention, in a second implementation manner of the fifth aspect of the embodiments, the redirection result information includes a correspondence relationship table, where the correspondence relationship table is configured with at least one of the foregoing Corresponding relationship between the identification information of the target responder device and the priority value, wherein if the initial responder device redirects the initiator device to the first target responder device successfully, a priority value corresponding to the identifier information of the target responder device, if the initial responder device fails to redirect the initiator device to the first target responder device, reducing the device with the first target responder device The priority value corresponding to the identification information;
所述初始响应方设备,具体用于根据所述重定向结果信息优先将所述发起方设备重定向至优先级数值高的第一目标响应方设备。The initial responder device is specifically configured to preferentially redirect the initiator device to a first target responder device with a high priority value according to the redirect result information.
结合本发明实施例的第五方面、第五方面的第一种至第二种实现方式中的任意一种,在本发明实施例的第五方面的第三种实现方式中,所述发起方设备为基站;所述响应方设备为安全网关;所述协商为基站与安全网关之间的IPsec隧道协商;所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request 消息或者IKE_AUTH Request消息。With reference to the fifth aspect of the embodiment of the present invention, the first to the second implementation manner of the fifth aspect, in the third implementation manner of the fifth aspect of the embodiment of the present invention, the initiator The device is a base station; the responder device is a security gateway; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes an IKE_SA_INIT Request during the IPsec tunnel negotiation process. Message or IKE_AUTH Request message.
本发明实施例提供的技术方案中,在发起方与初始响应方的协商过程中,若该发起方被初始响应方重定向至第一目标响应方,该发起方记录对应的重定向结果信息,以作为该发起方在协商过程中的重定向历史记录,当该发起方再次与初始响应方发起协商时,该发起方在协商消息中携带上述重定向结果信息,以使得初始响应方根据该重定向结果信息执行重定向操作。本发明实施例在协商消息中携带重定向结果信息,以便发起方在协商过程中可根据重定向历史记录来指导重定向操作,以提高协商效率。In the technical solution provided by the embodiment of the present invention, in the negotiation process between the initiator and the initial responder, if the initiator is redirected to the first target responder by the initial responder, the initiator records the corresponding redirect result information. As the redirection history of the initiator in the negotiation process, when the initiator initiates the negotiation with the initial responder, the initiator carries the redirection result information in the negotiation message, so that the initial responder according to the weight Directed result information performs a redirect operation. The embodiment of the present invention carries the redirection result information in the negotiation message, so that the initiator can guide the redirection operation according to the redirection history record during the negotiation process, so as to improve the negotiation efficiency.
附图说明DRAWINGS
图1为本发明实施例中重定向方法一个实施例示意图;1 is a schematic diagram of an embodiment of a redirection method according to an embodiment of the present invention;
图2为本发明实施例中重定向方法另一实施例示意图;2 is a schematic diagram of another embodiment of a redirection method according to an embodiment of the present invention;
图3为本发明实施例中重定向方法另一实施例示意图;3 is a schematic diagram of another embodiment of a redirection method according to an embodiment of the present invention;
图4为本发明实施例中发起方设备一个实施例示意图;4 is a schematic diagram of an embodiment of an initiator device according to an embodiment of the present invention;
图5为本发明实施例中发起方设备另一实施例示意图;FIG. 5 is a schematic diagram of another embodiment of an initiator device according to an embodiment of the present disclosure;
图6为本发明实施例中响应方设备一个实施例示意图;6 is a schematic diagram of an embodiment of a responder device according to an embodiment of the present invention;
图7为本发明实施例中响应方设备另一实施例示意图;FIG. 7 is a schematic diagram of another embodiment of a responder device according to an embodiment of the present invention; FIG.
图8为本发明实施例中重定向系统一个实施例示意图。FIG. 8 is a schematic diagram of an embodiment of a redirection system according to an embodiment of the present invention.
具体实施方式detailed description
本发明实施例提供了一种重定向方法,可根据发起方在协商过程中的重定向历史记录来指导重定向操作,以提高协商效率,以下分别进行详细说明。The embodiment of the present invention provides a redirection method, which can guide the redirection operation according to the redirection history record of the initiator in the negotiation process, so as to improve the negotiation efficiency.
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”“第四”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里 描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third", "fourth", etc. (if present) in the specification and claims of the present invention and the above figures are used to distinguish similar objects without being used for Describe a specific order or order. It should be understood that the data used in this way can be interchanged where appropriate, so here The described embodiments can be implemented in a sequence other than what is illustrated or described herein. In addition, the terms "comprises" and "comprises" and "the" and "the" are intended to cover a non-exclusive inclusion, for example, a process, method, system, product, or device that comprises a series of steps or units is not necessarily limited to Those steps or units may include other steps or units not explicitly listed or inherent to such processes, methods, products or devices.
首先,需要说明的是,发起方和响应方分别为某协商过程的通信两端,其中,发起方通常是指协商过程中发起协商请求或者发送第一条报文消息的通信端,例如在IPsec隧道协商过程中,发起方为基站,响应方为安全网关,或者在频点协商过程中,发起方为终端设备,响应方为网络侧设备,此处对具体应用的协商场景不作限定。First, it should be noted that the initiator and the responder are respectively the two ends of the communication process of the negotiation process, wherein the initiator usually refers to the communication end that initiates the negotiation request or sends the first message in the negotiation process, for example, in IPsec. During the tunnel negotiation process, the initiator is the base station, the responder is the security gateway, or the initiator is the terminal device and the responder is the network-side device during the frequency negotiation. The negotiation scenario of the specific application is not limited.
在本实施例中,在发起方发起协商时,初始与该发起方进行协商的响应方记为初始响应方,在实际应用过程中,通常由初始响应方判断是否满足重定向操作的执行条件,并在满足重定向条件的情况下将该发起方重定向至目标响应方,当然,在某些特殊的应用场景中,也可以是默认初始响应方满足重定向操作的执行条件。In this embodiment, when the initiator initiates the negotiation, the responder that initially negotiates with the initiator is recorded as the initial responder. In the actual application process, it is usually determined by the initial responder whether the execution condition of the redirect operation is met. The initiator is redirected to the target responder if the redirection condition is met. Of course, in some special application scenarios, the default initial responder can satisfy the execution condition of the redirection operation.
可以理解的是,执行重定向操作后的目标响应方可以与初始响应方为同类通信网元,在适当的情况下可以互换,例如IPsec隧道协商过程中安全网关,也可以是有区别的通信网元,例如频点协商过程中的网络侧设备,初始响应方为第一通信网络下的网络侧设备,目标响应方为第二通信网络下的网络侧设备,此处可根据具体应用的协商场景或者具体需求决定。It can be understood that the target responder after performing the redirection operation can be the same communication network element as the initial responder, and can be interchanged under appropriate circumstances, such as a security gateway during IPsec tunnel negotiation, or a differentiated communication. The network element, for example, the network side device in the frequency negotiation process, the initial responder is the network side device in the first communication network, and the target responder is the network side device in the second communication network, where the specific application can be negotiated. The scenario or specific needs are determined.
下面从发起方的角度对本发明实施例中的重定向方法进行描述,请参阅图1,本发明实施例中重定向方法一个实施例包括:The following describes the redirection method in the embodiment of the present invention from the perspective of the initiator. Referring to FIG. 1, an embodiment of the redirection method in the embodiment of the present invention includes:
101、若发起方被初始响应方重定向至第一目标响应方,该发起方记录对应的重定向结果信息;101. If the initiator is redirected by the initial responder to the first target responder, the initiator records the corresponding redirect result information.
在本实施例中,发起方与初始响应方通过交互报文进行协商,若在此过程中,该发起方被初始响应方重定向至第一目标响应方,则该发起方记录对应的重定向结果信息。可以理解的是,初始响应方将该发起方重定向至第一目标响应方的结果可能成功,也可能失败。In this embodiment, the initiator and the initial responder negotiate through the interaction message. If the initiator is redirected to the first target responder by the initial responder in the process, the initiator records the corresponding redirect. Result information. It can be understood that the result of the initial responder redirecting the initiator to the first target responder may or may not succeed.
可选地,在实际应用过程中,也可以为记录重定向结果信息设置一定的触 发限定条件,例如只有在判断该发起方被初始响应方重定向至第一目标响应方失败时,发起方才记录对应的重定向结果信息,此时,重定向结果信息记录的均为失败的重定向结果。Optionally, in the actual application process, a certain touch may also be set for recording the redirection result information. The qualified condition is sent, for example, only when it is determined that the initiator is redirected to the first target responder by the initial responder, the initiator records the corresponding redirect result information. At this time, the redirect result information records are all failed. Orientation results.
可以理解的是,在实际应用过程中,该发起方可以同时或者先后与多个不同的初始响应方进行协商,则发起方可以记录对应的多个重定向结果信息,或者对重定向结果信息进行实时更新。It can be understood that, in an actual application process, the initiator may negotiate with multiple different initial responders simultaneously or sequentially, and the initiator may record corresponding multiple redirect result information, or perform redirection result information. Live Update.
102、当该发起方再次与初始响应方发起协商时,该发起方在协商消息中携带重定向结果信息,以使得初始响应方根据该重定向结果信息执行重定向操作。102. When the initiator initiates the negotiation with the initial responder, the initiator carries the redirect result information in the negotiation message, so that the initial responder performs the redirection operation according to the redirect result information.
在本实施例中,当该发起方再次与初始响应方发起协商时,发起方与初始响应方通过交互报文进行协商,在此协商过程中,发起方向初始响应方发送有至少一条消息,且发起方在协商消息中携带重定向结果信息,以使得初始响应方根据该重定向结果信息执行重定向操作,其中,协商消息是指在协商过程中由该发起方向初始响应方发送的消息中的任意一个,例如,在某个协商过程中,发起方与初始响应方通过四条报文消息完成该协商,其中,第一条报文消息和第三条报文消息是由发起方向初始响应方发送的,则协商消息可以是第一条报文消息或第三条报文消息,即在第一条报文消息或第三条报文消息中携带重定向结果信息。需要强调的是,由于执行重定向操作是由重定向请求触发的,因此该协商消息必然是在初始响应方向发起方发送重定向请求前的一条消息。In this embodiment, when the initiator initiates the negotiation with the initial responder again, the initiator and the initial responder negotiate through the exchange of the message, and in the negotiation process, the initiator sends an at least one message to the initial responder, and The initiator carries the redirection result information in the negotiation message, so that the initial responder performs the redirection operation according to the redirection result information, where the negotiation message refers to the message sent by the initiator to the initial responder during the negotiation process. Any one, for example, in a certain negotiation process, the initiator and the initial responder complete the negotiation by using four message messages, wherein the first message message and the third message message are sent by the initiator in the originating direction. The negotiation message may be the first message message or the third message message, that is, the redirection result information is carried in the first message message or the third message message. It should be emphasized that since the performing redirect operation is triggered by the redirect request, the negotiation message must be a message before the initiator sends the redirect request in the initial response direction.
在本实施例中,步骤101中的初始响应方与步骤102中的初始响应方可以相同,也可以不同,可以理解的是,在实际应用过程中,该发起方可以同时或者先后与多个不同的初始响应方进行协商,并通过该发起方的协商消息实现重定向结果信息在多个初始响应方之间的共享。In this embodiment, the initial responder in step 101 may be the same as the initial responder in step 102, or may be different. It may be understood that, in the actual application process, the initiator may be different from one another at the same time or sequentially. The initial responder negotiates and realizes the sharing of the redirect result information between the multiple initial responders through the initiator's negotiation message.
本发明实施例提供的技术方案中,在发起方与初始响应方的协商过程中,若该发起方被初始响应方重定向至第一目标响应方,该发起方记录对应的重定向结果信息,以作为该发起方在协商过程中的重定向历史记录,当该发起方再次与初始响应方发起协商时,该发起方在协商消息中携带上述重定向结果信息,以使得初始响应方根据该重定向结果信息执行重定向操作。因此相对于现有技术,本发明实施例在协商消息中携带重定向结果信息,以便发起方在协商 过程中可根据重定向历史记录来指导重定向操作,以提高协商效率。In the technical solution provided by the embodiment of the present invention, in the negotiation process between the initiator and the initial responder, if the initiator is redirected to the first target responder by the initial responder, the initiator records the corresponding redirect result information. As the redirection history of the initiator in the negotiation process, when the initiator initiates the negotiation with the initial responder, the initiator carries the redirection result information in the negotiation message, so that the initial responder according to the weight Directed result information performs a redirect operation. Therefore, the embodiment of the present invention carries the redirection result information in the negotiation message, so that the initiator is negotiating. The redirection history can be used to guide the redirection process to improve the negotiation efficiency.
在本实施例中,重定向结果信息作为该发起方在协商过程中的重定向历史记录,可以用于在该发起方再次发起协商时指导重定向操作,下面举例说明如何利用重定向结果信息指导重定向操作的执行,具体包括:In this embodiment, the redirection result information is used as the redirection history record of the initiator in the negotiation process, and may be used to guide the redirection operation when the initiator initiates the negotiation again. The execution of the redirection operation specifically includes:
一、重定向结果信息包括第一目标响应方的标识信息以及用于指示是否协商成功的指示信息,由此,该发起方在协商消息中携带重定向结果信息,以使得初始响应方根据该重定向结果信息执行重定向操作可以包括:The redirection result information includes the identification information of the first target responder and the indication information for indicating whether the negotiation is successful, and the initiator carries the redirection result information in the negotiation message, so that the initial responder according to the weight Targeting result information performing a redirection operation may include:
1)若该指示信息指示协商失败,则该发起方在协商消息中携带重定向结果信息,以使得初始响应方根据重定向结果信息将该发起方重定向至第二目标响应方或者放弃重定向操作,其中,该第二目标响应方不同于该第一目标响应方;1) If the indication information indicates that the negotiation fails, the initiator carries the redirection result information in the negotiation message, so that the initial responder redirects the initiator to the second target responder or gives up the redirection according to the redirection result information. An operation, wherein the second target responder is different from the first target responder;
即利用重定向失败的记录指导初始响应方将该发起方重定向至第一目标响应方以外的其他目标响应方(即第二目标响应方),由第二目标响应方与该发起方进行协商,并建立该发起方与第二目标响应方之间的通信链路,以便由第二目标响应方为该发起方提供服务;或者为了保证协商优先的情况下,利用重定向失败的记录指导初始响应方放弃重定向操作,继续由该初始响应方与该发起方进行协商,并建立该发起方与第二目标响应方之间的通信链路,以便由初始响应方为该发起方提供服务。可选地,第一目标响应方的标识信息可以是IP地址信息,当然,在其他一些实施例中,也可以是其他一些可以唯一标识目标响应方的标识信息,具体此处不作限定。可选地,用于指示协商失败的指示信息可以是错误码,当然,在其他一些实施例中,也可以是其他一些指示代码或者指示参数,具体此处不作限定。That is, the record of the redirect failure is used to direct the initial responder to redirect the initiator to other target responders (ie, the second target responder) other than the first target responder, and the second target responder negotiates with the initiator. And establishing a communication link between the initiator and the second target responder to provide services for the initiator by the second target responder; or, in order to ensure that the negotiation is prioritized, using the record of the redirect failure to guide the initial The responder abandons the redirection operation, continues to negotiate with the initiator by the initial responder, and establishes a communication link between the initiator and the second target responder to provide service to the initiator by the initial responder. Optionally, the identifier information of the first target responder may be the IP address information. In other embodiments, the identifier information of the target responder may be uniquely identified. Optionally, the indication information used to indicate the negotiation failure may be an error code. Of course, in some other embodiments, other indication codes or indication parameters may also be used, which are not limited herein.
2)若该指示消息指示协商成功,则该发起方在协商消息中携带重定向结果信息,以使得初始响应方根据重定向结果信息优先选择将该发起方重定向至该第一目标响应方。2) If the indication message indicates that the negotiation is successful, the initiator carries the redirection result information in the negotiation message, so that the initial responder preferentially redirects the initiator to the first target responder according to the redirection result information.
即利用重定向成功的记录指导初始响应方优先将该发起方重定向至之前成功协商过的第一目标响应方,由第一目标响应方与该发起方进行协商,并建立该发起方与第二目标响应方之间的通信链路,以便由第一目标响应方为该发起方提供服务,可选地,当涉及多个之前成功协商过的第一目标响应方时,初 始响应方可以随机选择其中的一个,或者根据之前成功协商的次数,优先选择协商成功次数最多的一个,或者选取最近一次协商成功的一个,具体此处对初始响应方如何选定第一目标响应方不作限定。That is, the record of successful redirection is used to guide the initial responder to preferentially redirect the initiator to the first target responder that has been successfully negotiated, and the first target responder negotiates with the initiator, and establishes the initiator and the first a communication link between the two target responders to provide service to the initiator by the first target responder, optionally when multiple first target responders have been successfully negotiated, The responding party can randomly select one of them, or according to the number of successful previous consultations, preferentially select the one with the highest number of successful negotiation, or select one of the most successful ones, where the initial responder selects the first target response. The party is not limited.
二、重定向结果信息包括对应关系表,该对应关系表建立有至少一个第一目标响应方的标识信息和优先级数值之间的对应关系,由此,该发起方在协商消息中携带重定向结果信息,以使得初始响应方根据该重定向结果信息执行重定向操作可以包括:The redirection result information includes a correspondence relationship table, where the mapping relationship between the identification information of the at least one first target responding party and the priority value is established, and the initiator carries the redirection in the negotiation message. The result information, such that the initial responder performs the redirection operation according to the redirection result information, may include:
发起方在协商消息中携带重定向结果信息,以使得初始响应方根据该重定向结果信息优先将该发起方重定向至优先级数值高的第一目标响应方。The initiator carries the redirection result information in the negotiation message, so that the initial responder preferentially redirects the initiator to the first target responder with a high priority value according to the redirection result information.
即发起方在记录对应的重定向结果信息时,若初始响应方将该发起方重定向至第一目标响应方成功,则提高与第一目标响应方的标识信息对应的优先级数值,若初始响应方将该发起方重定向至第一目标响应方失败,则降低与第一目标响应方的标识信息对应的优先级数值,以便建立至少一个第一目标响应方的标识信息和优先级数值之间的对应关系。通常,只要该发起方之前被重定向至某一目标响应方,则对应关系表中记录有该第一目标响应方的优先级数值,可以理解的是,在初始响应方根据重定向结果信息将该发起方重定向至优先级数值高的第一目标响应方,也会相应地对对应关系表进行更新。That is, when the initiator responds to the corresponding redirect result information, if the initial responder redirects the initiator to the first target responder successfully, the priority value corresponding to the identifier information of the first target responder is increased, if the initial If the responder fails to redirect the initiator to the first target responder, the priority value corresponding to the identifier information of the first target responder is decreased, so as to establish the identifier information and the priority value of the at least one first target responder. Correspondence between the two. Generally, as long as the initiator is previously redirected to a certain target responder, the priority value of the first target responder is recorded in the correspondence table. It can be understood that the initial responder will according to the redirect result information. The initiator redirects to the first target responder with a higher priority value, and also updates the correspondence table accordingly.
需要说明的是,上面仅以几个例子说明了如何利用重定向结果信息指导初始响应方执行重定向操作,具体包括如何选取目标响应方以及其否放弃重定向操作,具体此处对具体的重定向操作过程不作限定。It should be noted that only a few examples are used to explain how to use the redirection result information to guide the initial responder to perform the redirection operation, including how to select the target responder and whether to abandon the redirection operation, which is specific to the specific The directional operation process is not limited.
图1所示的实施例是从发起方的角度来描述的,下面从响应方(具体为初始响应方)的角度对本发明实施例中重定向方法进行详细说明,具体请参阅图2,本发明实施例中重定向方法另一实施例包括:The embodiment shown in FIG. 1 is described from the perspective of the initiator. The redirection method in the embodiment of the present invention is described in detail from the perspective of the responder (specifically, the initial responder). For details, refer to FIG. 2, Another embodiment of the redirection method in the embodiment includes:
201、当发起方与初始响应方发起协商时,初始响应方接收该发起方发送的协商消息;201. When the initiator initiates negotiation with the initial responder, the initial responder receives the negotiation message sent by the initiator.
在本实施例中,协商消息携带有重定向结果信息,其中,重定向结果信息是由发起方在其与初始响应方的协商过程中若发起方被初始响应方重定向至第一目标响应方时进行记录得到,即在发起方与初始响应方发起协商之前,发起方与初始响应方通过交互报文进行协商,若在此过程中,该发起方被初始响 应方重定向至第一目标响应方,则该发起方记录对应的重定向结果信息。可以理解的是,初始响应方将该发起方重定向至第一目标响应方的结果可能成功,也可能失败。可以理解的是,在实际应用过程中,该发起方可以同时或者先后与多个不同的初始响应方进行协商,则发起方可以记录对应的多个重定向结果信息,或者对重定向结果信息进行实时更新。In this embodiment, the negotiation message carries the redirection result information, wherein the redirection result information is that the initiator is redirected to the first target responder by the initial responder during the negotiation process with the initial responder. The record is obtained, that is, before the initiator initiates the negotiation with the initial responder, the initiator and the initial responder negotiate through the interaction message. If the initiator is initially activated in the process, the initiator is initially activated. The responder redirects to the first target responder, and the initiator records the corresponding redirect result information. It can be understood that the result of the initial responder redirecting the initiator to the first target responder may or may not succeed. It can be understood that, in an actual application process, the initiator may negotiate with multiple different initial responders simultaneously or sequentially, and the initiator may record corresponding multiple redirect result information, or perform redirection result information. Live Update.
在本实施例中,当该发起方再次与初始响应方发起协商时,发起方与初始响应方通过交互报文进行协商,在此协商过程中,发起方向初始响应方发送有至少一条消息,其中,协商消息是指在协商过程中由该发起方向初始响应方发送的消息中的任意一个,例如,在某个协商过程中,发起方与初始响应方通过四条报文消息完成该协商,其中,第一条报文消息和第三条报文消息是由发起方向初始响应方发送的,则协商消息可以是第一条报文消息或第三条报文消息,即在第一条报文消息或第三条报文消息中携带重定向结果信息。需要强调的是,由于执行重定向操作是由重定向请求触发的,因此该协商消息必然是在初始响应方向发起方发送重定向请求前的一条消息。In this embodiment, when the initiator initiates the negotiation with the initial responder again, the initiator and the initial responder negotiate through the interaction message, and in the negotiation process, the initiator sends an at least one message to the initial responder, where The negotiation message refers to any one of the messages sent by the initial responder in the initiating direction during the negotiation process. For example, in a certain negotiation process, the initiator and the initial responder complete the negotiation by using four message messages, where The first message message and the third message message are sent by the initial responder in the originating direction, and the negotiation message may be the first message message or the third message message, that is, the first message message. Or the third packet message carries the redirect result information. It should be emphasized that since the performing redirect operation is triggered by the redirect request, the negotiation message must be a message before the initiator sends the redirect request in the initial response direction.
在本实施例中,重定向结果中记录的初始响应方与本步骤中的初始响应方可以相同,也可以不同,可以理解的是,在实际应用过程中,该发起方可以同时或者先后与多个不同的初始响应方进行协商,并通过该发起方的协商消息实现重定向结果信息在多个初始响应方之间的共享。In this embodiment, the initial responder recorded in the redirection result may be the same as the initial responder in this step, or may be different. It can be understood that, in the actual application process, the initiator may simultaneously or sequentially A different initial responder negotiates and shares the redirection result information between the multiple initial responders through the initiator's negotiation message.
202、初始响应方根据协商消息中的重定向结果信息执行重定向操作;202. The initial responder performs a redirection operation according to the redirection result information in the negotiation message.
在本实施例中,重定向结果信息作为该发起方在协商过程中的重定向历史记录,可以用于在该发起方再次发起协商时指导初始响应方执行重定向操作,具体体现在初始响应方根据重定向结果信息决定是否需要重定向至目标响应方或者在需要重定向至目标响应方时如何选取目标目标响应方,下面举例说明初始响应方是如何根据协商消息中的重定向结果信息执行重定向操作的,具体包括:In this embodiment, the redirection result information is used as the redirection history record of the initiator in the negotiation process, and may be used to guide the initial responder to perform the redirection operation when the initiator initiates the negotiation again, which is embodied in the initial responder. According to the redirection result information, it is determined whether to redirect to the target responder or how to select the target target responder when it is required to redirect to the target responder. The following example illustrates how the initial responder performs the redirection result information according to the negotiation message. For directional operations, specifically:
一、重定向结果信息包括所述第一目标响应方的标识信息以及用于指示是否协商成功的指示信息,由此,初始响应方根据该重定向结果信息执行重定向操作可以包括:The redirection result information includes the identification information of the first target responding party and the indication information for indicating whether the negotiation is successful, and the initial responding party performing the redirection operation according to the redirection result information may include:
1)若该指示信息指示协商失败,则初始响应方根据重定向结果信息将该 发起方重定向至第二目标响应方或者放弃重定向操作,其中,该第二目标响应方不同于该第一目标响应方;1) If the indication information indicates that the negotiation fails, the initial responder will The initiator redirects to the second target responder or discards the redirect operation, wherein the second target responder is different from the first target responder;
即初始响应方根据重定向失败的记录将该发起方重定向至第一目标响应方以外的其他目标响应方(即第二目标响应方),由第二目标响应方与该发起方进行协商,并建立该发起方与第二目标响应方之间的通信链路,以便由第二目标响应方为该发起方提供服务;或者为了保证协商优先的情况下,初始响应方根据重定向失败的记录放弃重定向操作,继续由该初始响应方与该发起方进行协商,并建立该发起方与第二目标响应方之间的通信链路,以便由初始响应方为该发起方提供服务。可选地,第一目标响应方的标识信息可以是IP地址信息,当然,在其他一些实施例中,也可以是其他一些可以唯一标识目标响应方的标识信息,具体此处不作限定。可选地,用于指示协商失败的指示信息可以是错误码,当然,在其他一些实施例中,也可以是其他一些指示代码或者指示参数,具体此处不作限定。That is, the initial responder redirects the initiator to other target responders (ie, the second target responder) other than the first target responder according to the record of the redirect failure, and the second target responder negotiates with the initiator. And establishing a communication link between the initiator and the second target responder, so that the second target responder provides the service for the initiator; or in order to ensure the negotiation priority, the initial responder according to the record of the redirect failure The redirection operation is abandoned, the initial responder continues to negotiate with the initiator, and a communication link between the initiator and the second target responder is established to provide services for the initiator by the initial responder. Optionally, the identifier information of the first target responder may be the IP address information. In other embodiments, the identifier information of the target responder may be uniquely identified. Optionally, the indication information used to indicate the negotiation failure may be an error code. Of course, in some other embodiments, other indication codes or indication parameters may also be used, which are not limited herein.
2)若该指示消息指示协商成功,则初始响应方根据重定向结果信息优先选择将该发起方重定向至该第一目标响应方。2) If the indication message indicates that the negotiation is successful, the initial responder preferentially redirects the initiator to the first target responder according to the redirect result information.
即初始响应方根据重定向成功的记录优先将该发起方重定向至之前成功协商过的第一目标响应方,由第一目标响应方与该发起方进行协商,并建立该发起方与第二目标响应方之间的通信链路,以便由第一目标响应方为该发起方提供服务,可选地,当涉及多个之前成功协商过的第一目标响应方时,初始响应方可以随机选择其中的一个,或者根据之前成功协商的次数,优先选择协商成功次数最多的一个,或者选取最近一次协商成功的一个,具体此处对初始响应方如何选定第一目标响应方不作限定。That is, the initial responder preferentially redirects the initiator to the first target responder that has been successfully negotiated according to the record of the successful redirect, and the first target responder negotiates with the initiator, and establishes the initiator and the second. a communication link between the target responders to provide service to the initiator by the first target responder, optionally, when a plurality of previously targeted first target responders are involved, the initial responder may randomly select One of them, or according to the number of previous successful negotiations, preferentially selects the one with the highest number of successful negotiation, or selects one that has been successfully negotiated the most, and specifically does not limit how the initial responder selects the first target responder.
二、重定向结果信息包括对应关系表,该对应关系表建立有至少一个第一目标响应方的标识信息和优先级数值之间的对应关系,由此,初始响应方根据该重定向结果信息执行重定向操作可以包括:The redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence relationship between the identification information of the at least one first target responder and the priority value, whereby the initial responder performs the redirection result information according to the redirection result information. Redirection operations can include:
初始响应方根据该重定向结果信息优先将该发起方重定向至优先级数值高的第一目标响应方。The initial responder preferentially redirects the initiator to the first target responder with a high priority value according to the redirect result information.
即发起方在记录对应的重定向结果信息时,若初始响应方将该发起方重定向至第一目标响应方成功,则提高与第一目标响应方的标识信息对应的优先级 数值,若初始响应方将该发起方重定向至第一目标响应方失败,则降低与第一目标响应方的标识信息对应的优先级数值,以便建立至少一个第一目标响应方的标识信息和优先级数值之间的对应关系。通常,只要该发起方之前被重定向至某一目标响应方,则对应关系表中记录有该第一目标响应方的优先级数值,可以理解的是,在初始响应方根据重定向结果信息将该发起方重定向至优先级数值高的第一目标响应方,也会相应地对对应关系表进行更新。That is, when the initiator responds to the corresponding redirect result information, if the initial responder redirects the initiator to the first target responder, the priority corresponding to the identifier information of the first target responder is increased. a value, if the initial responder fails to redirect the initiator to the first target responder, reducing the priority value corresponding to the identifier information of the first target responder, so as to establish identification information of the at least one first target responder and The correspondence between priority values. Generally, as long as the initiator is previously redirected to a certain target responder, the priority value of the first target responder is recorded in the correspondence table. It can be understood that the initial responder will according to the redirect result information. The initiator redirects to the first target responder with a higher priority value, and also updates the correspondence table accordingly.
需要说明的是,上面仅以几个例子说明了初始响应方是如何根据协商消息中的重定向结果信息执行重定向操作的,在其他一些实施例中,初始响应方还可以利用重定向结果信息执行其他方式的重定向操作,具体此处对具体的重定向操作过程不作限定。It should be noted that, in the foregoing, only a few examples are used to describe how the initial responder performs the redirection operation according to the redirection result information in the negotiation message. In other embodiments, the initial responder may also utilize the redirection result information. Perform the redirection operation in other modes. The specific redirection operation process is not limited here.
为便于理解,下面以一具体的应用场景对上述实施例中描述的重定向方法进行详细描述,具体请参阅图3,本发明实施例中重定向方法另一实施例包括:For the sake of understanding, the redirection method described in the foregoing embodiment is described in detail in a specific application scenario. Referring to FIG. 3, another embodiment of the redirection method in the embodiment of the present invention includes:
在本实施例中,以IPsec隧道协商作为具体应用场景进行举例说明,下面首先对IPsec隧道协商进行简要介绍:In this embodiment, IPsec tunnel negotiation is used as a specific application scenario. The following is a brief introduction to IPsec tunnel negotiation:
IPsec是IETF(Internet Engineering Task Force,国际互联网工程任务组)定义的安全架构,应用于IP层,由AH(Authentication Header)、ESP(Encapsulation Security Payload)和IKE(Internet Key Exchange)协议组成。IPsec隧道协商主要包括两个阶段:IPsec is a security architecture defined by the Internet Engineering Task Force (IETF). It is applied to the IP layer and consists of the AH (Authentication Header), ESP (Encapsulation Security Payload), and IKE (Internet Key Exchange) protocols. IPsec tunnel negotiation mainly includes two phases:
第一阶段:在网络上建立IKE SA,为第二阶段提供保护和快速协商。通过协商创建一个通信信道,并对该信道进行认证,为双方进一步的IKE通信提供机密性、消息完整性以及消息源认证服务。Phase 1: Establish an IKE SA on the network to provide protection and fast negotiation for the second phase. A communication channel is created through negotiation, and the channel is authenticated to provide confidentiality, message integrity, and message source authentication services for further IKE communication.
第二阶段:在第一阶段中建立的IKE SA的保护下,为IPSec协商具体的SA,建立用于最终的IP数据安全传输的IPSec SA。The second phase: Under the protection of the IKE SA established in the first phase, the IPSec SA negotiates a specific SA to establish an IPSec SA for the final secure transmission of IP data.
在本实施例中,基于SeGW(Security Gateway,安全网关)的负载均衡或者SeGW故障等原因,RFC5685协议支持在IPsec隧道协商的IKE init/IKE AUTH/Information阶段,SeGW向基站发起重定向请求,让基站与Selected SeGW(Selected Security Gateway,目标安全网关)协商IPsec隧道。In this embodiment, based on the load balancing of the SeGW (Security Gateway) or the failure of the SeGW, the RFC5685 protocol supports the IKE init/IKE AUTH/Information phase negotiated by the IPsec tunnel, and the SeGW initiates a redirect request to the base station, so that The base station negotiates an IPsec tunnel with a Selected SeGW (Selected Security Gateway).
在本实施例中,以与基站进行IPsec隧道协商的Initial SeGW为同一个进行举例说明: In this embodiment, the initial SeGW that performs IPsec tunnel negotiation with the base station is taken as an example:
301、基站向Initial SeGW发送IKE_SA_INIT Request消息;301. The base station sends an IKE_SA_INIT Request message to the Initial SeGW.
其中,该IKE_SA_INIT Request消息携带有基站的重定向能力(REDIRECT_SUPPORT)。在本实施例中,基站以IKE_SA_INIT Request消息作为第一条报文消息发起IPsec隧道协商。The IKE_SA_INIT Request message carries the redirection capability of the base station (REDIRECT_SUPPORT). In this embodiment, the base station initiates IPsec tunnel negotiation by using the IKE_SA_INIT Request message as the first message.
302、Initial SeGW判断是否满足IPsec重定向条件,若是,则执行步骤303;302, Initial SeGW determines whether the IPsec redirection condition is met, and if so, step 303 is performed;
在本实施例中,第一Initial SeGW在接收到IKE_SA_INIT Request消息后,对是否满足IPsec重定向条件进行判断,例如,根据第一Initial SeGW的负载情况等,在某些特殊的应用场景下,也可以省略步骤302,如默认满足IPsec重定向条件的情况下。In this embodiment, after receiving the IKE_SA_INIT Request message, the first Initial SeGW determines whether the IPsec redirection condition is met, for example, according to the load status of the first Initial SeGW, and in some special application scenarios. Step 302 can be omitted, as the IPsec redirection condition is met by default.
303、Initial SeGW向基站发送IKE_SA_INIT Response消息;303. The Initial SeGW sends an IKE_SA_INIT Response message to the base station.
其中,该IKE_SA_INIT Response消息携带有重定向请求(REDIRECT_REQUEST),该REDIRECT_REQUEST包含第一Selected SeGW的IP地址,并用于指示基站对第一Selected SeGW发起IPsec隧道协商。The IKE_SA_INIT Response message carries a redirect request (REDIRECT_REQUEST), and the REDIRECT_REQUEST includes the IP address of the first selected SeGW, and is used to instruct the base station to initiate IPsec tunnel negotiation for the first Selected SeGW.
304、基站向第一Selected SeGW发送IKE_INIT Request消息,并与第一Selected SeGW进行IPsec隧道协商;304. The base station sends an IKE_INIT Request message to the first selected SeGW, and performs IPsec tunnel negotiation with the first selected SeGW.
其中,IKE_SA_INIT Response消息携带有重定向来源(REDIRECT_FROM),在此,由基站通过IKE_SA_INIT Response消息向第一Selected SeGW发起IPsec隧道协商,实现将基站重定向至第一Selected SeGW。The IKE_SA_INIT Response message carries a redirect source (REDIRECT_FROM). Here, the base station initiates IPsec tunnel negotiation to the first selected SeGW through the IKE_SA_INIT Response message, so as to redirect the base station to the first Selected SeGW.
需要说明的是,IPsec隧道协商的具体流程可参考现有相关标准以及后续相关标准中的规定,此处不再赘述。可以理解的是,为了避免资源浪费,在将基站重定向至第一Selected SeGW前,可以将基站与Initial SeGW之间已经建立的IKE_SA删除。It should be noted that the specific process of the IPsec tunnel negotiation may refer to the existing related standards and the requirements of the subsequent related standards, and details are not described herein again. It can be understood that, in order to avoid resource waste, the IKE_SA that has been established between the base station and the Initial SeGW can be deleted before the base station is redirected to the first selected SeGW.
305、基站记录其与第一Selected SeGW进行IPsec隧道协商的协商结果,得到重定向结果信息(REDIRECT_RESULT);305. The base station records the negotiation result of the IPsec tunnel negotiation with the first selected SeGW, and obtains the redirection result information (REDIRECT_RESULT).
在本实施例中,REDIRECT_RESULT包括第一Selected SeGW的标识信息以及用于指示是否协商成功的指示信息,例如,第一Selected SeGW的标识信息可以为IP地址信息,用于指示协商失败的指示信息可以是Last Redirect Failed错误码等。 In this embodiment, the REDIRECT_RESULT includes the identifier information of the first selected SeGW and the indication information for indicating whether the negotiation is successful. For example, the identifier information of the first selected SeGW may be IP address information, and the indication information indicating that the negotiation fails may be It is a Last Redirect Failed error code.
下面以REDIRECT_RESULT中包含Last Redirect Failed错误码和第一Selected SeGW的IP地址信息为例,描述如何利用重定向结果信息指导重定向操作的执行:The REDIRECT_RESULT includes the Last Redirect Failed error code and the IP address information of the first Selected SeGW as an example to describe how to use the redirect result information to guide the execution of the redirection operation:
306、基站再次向Initial SeGW发送IKE_SA_INIT Request消息;306. The base station sends an IKE_SA_INIT Request message to the Initial SeGW again.
在本实施例中,步骤306与步骤301的不同点在于,IKE_SA_INIT Request消息中还携带有REDIRECT_RESULT。In this embodiment, step 306 is different from step 301 in that the IKE_SA_INIT Request message also carries REDIRECT_RESULT.
307、Initial SeGW根据REDIRECT_RESULT确定第二Selected SeGW;307, Initial SeGW determines the second Selected SeGW according to REDIRECT_RESULT;
在本实施例中,在执行步骤307之前,也可以先判断是否满足IPsec重定向条件,在确定满足IPsec重定向条件的情况下,再根据REDIRECT_RESULT确定第二Selected SeGW。In this embodiment, before performing step 307, it may also be determined whether the IPsec redirection condition is met. If it is determined that the IPsec redirection condition is met, the second Selected SeGW is determined according to REDIRECT_RESULT.
308、Initial SeGW向基站发送IKE_SA_INIT Response消息;308. The Initial SeGW sends an IKE_SA_INIT Response message to the base station.
其中,该IKE_SA_INIT Response消息携带有REDIRECT_REQUEST,该REDIRECT_REQUEST包含第二Selected SeGW的IP地址,并用于指示基站对第二Selected SeGW发起IPsec隧道协商。The IKE_SA_INIT Response message carries the REDIRECT_REQUEST, and the REDIRECT_REQUEST includes the IP address of the second selected SeGW, and is used to instruct the base station to initiate IPsec tunnel negotiation for the second selected SeGW.
309、基站向第二Selected SeGW发送IKE_INIT Request消息,并与第二Selected SeGW进行IPsec隧道协商;309. The base station sends an IKE_INIT Request message to the second selected SeGW, and performs IPsec tunnel negotiation with the second selected SeGW.
其中,IKE_SA_INIT Response消息携带有重定向来源(REDIRECT_FROM),在此,由基站通过IKE_SA_INIT Response消息向第二Selected SeGW发起IPsec隧道协商,实现将基站重定向至第二Selected SeGW。The IKE_SA_INIT Response message carries a redirect source (REDIRECT_FROM). Here, the base station initiates IPsec tunnel negotiation to the second selected SeGW through the IKE_SA_INIT Response message, so as to redirect the base station to the second selected SeGW.
由此,通过利用REDIRECT_RESULT,可以指导Initial SeGW为基站寻找一个第一Selected SeGW之外的其他Selected SeGW(即第二Selected SeGW),以便由第二Selected SeGW)与基站进行IPsec隧道协商,避免乒乓效应。Therefore, by using REDIRECT_RESULT, the Initial SeGW can be instructed to find a selected SeGW (ie, the second selected SeGW) other than the first Selected SeGW for the base station to perform IPsec tunnel negotiation with the base station by the second selected SeGW to avoid the ping-pong effect. .
在本实施例中,若是在为了保证IPsec隧道协商优先的情况下,在执行步骤306后,Initial SeGW根据REDIRECT_RESULT直接放弃重定向操作,则继续由Initial SeGW与基站进行协商,并建立基站与Initial SeGW之间的通信链路,以便由Initial SeGW为基站提供服务。在实际应用中,还可以根据实际需求设定放弃重定向操作的放弃条件,在REDIRECT_RESULT指示协商失败 的情况下,在执行步骤306后,先判断是否满足放弃条件,若是,则Initial SeGW根据REDIRECT_RESULT直接放弃重定向操作。In this embodiment, if the IPsec tunnel negotiation is prioritized, after the step 306 is performed, the Initial SeGW directly abandons the redirection operation according to the REDIRECT_RESULT, and then continues to negotiate with the base station by the Initial SeGW, and establishes the base station and the Initial SeGW. The communication link between them to serve the base station by the Initial SeGW. In practical applications, it is also possible to set abandonment conditions for abandoning the redirect operation according to actual requirements, and the negotiation fails in REDIRECT_RESULT In the case of step 306, it is first determined whether the abandonment condition is satisfied, and if so, the Initial SeGW directly abandons the redirection operation according to REDIRECT_RESULT.
在本实施例中,上述各消息也可以是对应具有相同功能的其他名称的消息,具体此处不做限定。In this embodiment, the foregoing messages may also be messages corresponding to other names having the same function, which are not limited herein.
需要说明的是,在本实施例中,上述IKE_SA_INIT Request消息/IKE_SA_INIT Response消息对应IPsec隧道协商的IKE init阶段,此处,仅以Initial SeGW在IKE init阶段向基站发送REDIRECT_REQUEST为例进行说明,可以理解的是,Initial SeGW也可以在后续的IKE AUTH/Information阶段才向基站发送REDIRECT_REQUEST,此时,REDIRECT_RESULT可以携带在IKE init阶段的IKE_SA_INIT Response消息或者IKE AUTH阶段的IKE_AUTH Request消息中,可以理解的是,只需确保在Initial SeGW向基站发送REDIRECT_REQUEST之前,基站已经向Initial SeGW发送过REDIRECT_RESULT过即可,具体此处可根据实际需要进行配置。It should be noted that, in this embodiment, the IKE_SA_INIT Request message/IKE_SA_INIT Response message corresponds to the IKE init phase of the IPsec tunnel negotiation. Here, only the Initial SeGW sends the REDIRECT_REQUEST to the base station in the IKE init phase as an example. The Initial SeGW can also send the REDIRECT_REQUEST to the base station in the subsequent IKE AUTH/Information phase. At this time, the REDIRECT_RESULT can be carried in the IKE_SA_INIT Response message in the IKE init phase or the IKE_AUTH Request message in the IKE AUTH phase. It can be understood that You only need to ensure that the base station has sent REDIRECT_RESULT to the Initial SeGW before the Initial SeGW sends the REDIRECT_REQUEST to the base station. You can configure it according to actual needs.
而且,在本实施例中,REDIRECT_SUPPORT也并非限定在IPsec隧道协商的IKE init阶段,在其他一些实施例中,REDIRECT_SUPPORT也可携带在IKE AUTH阶段的IKE_AUTH Request消息中。Moreover, in this embodiment, the REDIRECT_SUPPORT is not limited to the IKE init phase of the IPsec tunnel negotiation. In other embodiments, the REDIRECT_SUPPORT may also be carried in the IKE_AUTH Request message in the IKE AUTH phase.
上面对本发明实施例中的重定向方法进行了描述,下面对本发明实施例中的发起方设备进行描述,其中,该发起方设备用于与响应方设备进行协商,请参阅图4,本发明实施例中发起方设备一个实施例包括:The redirection method in the embodiment of the present invention is described above. The initiator device in the embodiment of the present invention is described below. The initiator device is used to negotiate with the responder device. Referring to FIG. 4, the present invention is implemented. An embodiment of an initiator device in an example includes:
记录单元401,用于在发起方设备与初始响应方设备的协商过程中,若所述发起方设备被所述初始响应方设备重定向至第一目标响应方设备,记录对应的重定向结果信息;The recording unit 401 is configured to: during the negotiation process between the initiator device and the initial responder device, if the initiator device is redirected by the initial responder device to the first target responder device, record the corresponding redirect result information. ;
发送单元402,用于当所述发起方设备再次与初始响应方设备发起协商时,在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息执行重定向操作,其中,所述协商消息指在协商过程中由所述发起方设备向所述初始响应方设备发送的消息中的任意一个。The sending unit 402 is configured to: when the initiator device initiates the negotiation with the initial responder device, carry the redirection result information in the negotiation message, so that the initial responder device performs according to the redirection result information. A redirection operation, wherein the negotiation message refers to any one of messages sent by the initiator device to the initial responder device during the negotiation process.
为便于理解,下面以一具体应用场景为例,对本实施例中的发起方设备的内部运作流程进行描述:For ease of understanding, the internal operation process of the initiator device in this embodiment is described by taking a specific application scenario as an example:
在发起方设备与初始响应方设备的协商过程中,若所述发起方设备被所述 初始响应方设备重定向至第一目标响应方设备,记录单元401记录对应的重定向结果信息;当所述发起方设备再次与初始响应方设备发起协商时,发送单元402在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息执行重定向操作,其中,所述协商消息指在协商过程中由所述发起方设备向所述初始响应方设备发送的消息中的任意一个。In the negotiation process between the initiator device and the initial responder device, if the initiator device is The initial responder device is redirected to the first target responder device, and the recording unit 401 records the corresponding redirect result information; when the initiator device initiates negotiation with the initial responder device again, the sending unit 402 carries the Redirecting result information, so that the initial responder device performs a redirection operation according to the redirection result information, wherein the negotiation message refers to the initial responder device by the initiator device during the negotiation process Any of the messages sent.
本发明实施例提供的技术方案中,在发起方与初始响应方的协商过程中,若该发起方被初始响应方重定向至第一目标响应方,记录单元401记录对应的重定向结果信息,以作为该发起方在协商过程中的重定向历史记录,当该发起方再次与初始响应方发起协商时,发送单元402在协商消息中携带上述重定向结果信息,以使得初始响应方根据该重定向结果信息执行重定向操作。本发明实施例在协商消息中携带重定向结果信息,以便发起方在协商过程中可根据重定向历史记录来指导重定向操作,以提高协商效率。In the technical solution provided by the embodiment of the present invention, in the negotiation process between the initiator and the initial responder, if the initiator is redirected to the first target responder by the initial responder, the recording unit 401 records the corresponding redirect result information. As the redirection history of the initiator in the negotiation process, when the initiator initiates the negotiation with the initial responder, the sending unit 402 carries the foregoing redirection result information in the negotiation message, so that the initial responder according to the weight Directed result information performs a redirect operation. The embodiment of the present invention carries the redirection result information in the negotiation message, so that the initiator can guide the redirection operation according to the redirection history record during the negotiation process, so as to improve the negotiation efficiency.
可选地,在本实施例中,所述重定向结果信息包括所述第一目标响应方设备的标识信息以及用于指示是否协商成功的指示信息;Optionally, in the embodiment, the redirection result information includes the identifier information of the first target responder device and the indication information used to indicate whether the negotiation is successful.
所述发送单元402,具体用于若所述指示信息指示协商失败,则在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息将所述发起方设备重定向至第二目标响应方设备或者放弃重定向操作,其中,所述第二目标响应方设备不同于所述第一目标响应方设备;若所述指示消息指示协商成功,则在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息优先选择将所述发起方设备重定向至所述第一目标响应方设备。The sending unit 402 is specifically configured to: if the indication information indicates that the negotiation fails, the redirection result information is carried in the negotiation message, so that the initial responder device sends the initiating according to the redirection result information. The party device is redirected to the second target responder device or the redirection operation is abandoned, wherein the second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, then the negotiation is performed The message carries the redirection result information, so that the initial responder device preferentially redirects the initiator device to the first target responder device according to the redirection result information.
可选地,在本实施例中,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方设备的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备成功,则提高与所述第一目标响应方设备的标识信息对应的优先级数值,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备失败,则降低与所述第一目标响应方设备的标识信息对应的优先级数值;Optionally, in the embodiment, the redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence between the identification information of at least one first target responsive party device and a priority value. And if the initial responder device successfully redirects the initiator device to the first target responder device, increasing a priority value corresponding to the identifier information of the first target responder device, if If the initial responder device fails to redirect the initiator device to the first target responder device, the priority value corresponding to the identifier information of the first target responder device is decreased;
所述发送单元402,具体用于在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息优先将所述发起方设备重 定向至优先级数值高的第一目标响应方设备。The sending unit 402 is specifically configured to carry the redirection result information in the negotiation message, so that the initial responder device preferentially weights the initiator device according to the redirection result information. Directed to the first target responder device with a high priority value.
可选地,在本实施例中,所述发起方设备为基站;所述响应方设备为安全网关;所述协商为基站与安全网关之间的IPsec隧道协商;所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。Optionally, in this embodiment, the initiator device is a base station; the responder device is a security gateway; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes IPsec tunnel negotiation. The IKE_SA_INIT Request message or the IKE_AUTH Request message in the process.
上面从模块化功能实体的角度对本发明实施例中的发起方设备进行描述,在本发明的技术方案中,也可以从硬件处理的角度对本发明实施例中的发起方设备进行描述,请参阅图5,本发明实施例中发起方设备另一实施例包括:The initiator device in the embodiment of the present invention is described above from the perspective of a modular functional entity. In the technical solution of the present invention, the initiator device in the embodiment of the present invention may also be described from a hardware processing perspective. 5. Another embodiment of the initiator device in the embodiment of the present invention includes:
输入装置501、输出装置502、处理器503和存储器504(其中发起方设备中的处理器503的数量可以一个或多个,图5中以一个处理器503为例)。在本发明的一些实施例中,输入装置501、输出装置502、处理器503和存储器504可通过总线或其它方式连接,其中,图5中以通过总线连接为例。The input device 501, the output device 502, the processor 503, and the memory 504 (wherein the number of processors 503 in the initiator device may be one or more, and one processor 503 is taken as an example in FIG. 5). In some embodiments of the present invention, the input device 501, the output device 502, the processor 503, and the memory 504 may be connected by a bus or other means, wherein the bus connection is taken as an example in FIG.
其中,通过调用存储器504存储的操作指令,处理器503,用于执行如下步骤:The processor 503 is configured to perform the following steps by calling an operation instruction stored in the memory 504:
在发起方与初始响应方的协商过程中,若所述发起方被所述初始响应方重定向至第一目标响应方,记录对应的重定向结果信息;During the negotiation process between the initiator and the initial responder, if the initiator is redirected by the initial responder to the first target responder, the corresponding redirect result information is recorded;
当所述发起方再次与初始响应方发起协商时,在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息执行重定向操作,其中,所述协商消息指在协商过程中由所述发起方向所述初始响应方发送的消息中的任意一个,所述初始响应方与所述初始响应方可以相同,也可以不同。When the initiator initiates the negotiation with the initial responder, the redirection result information is carried in the negotiation message, so that the initial responder performs a redirection operation according to the redirection result information, where the negotiation is performed. The message refers to any one of the messages sent by the initial responder in the initiating direction during the negotiation process, and the initial responder may be the same as or different from the initial responder.
在本发明的一些实施例中,所述重定向结果信息包括所述第一目标响应方的标识信息以及用于指示是否协商成功的指示信息;处理器503具体可以用于执行以下步骤:In some embodiments of the present invention, the redirection result information includes the identification information of the first target responder and the indication information indicating whether the negotiation is successful. The processor 503 may be specifically configured to perform the following steps:
若所述指示信息指示协商失败,则在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息将所述发起方重定向至第二目标响应方或者放弃重定向操作,其中,所述第二目标响应方不同于所述第一目标响应方;If the indication information indicates that the negotiation fails, the redirection result information is carried in the negotiation message, so that the initial responder redirects the initiator to the second target responder according to the redirection result information or Relining the redirecting operation, wherein the second target responder is different from the first target responder;
若所述指示消息指示协商成功,则在协商消息中携带所述重定向结果信 息,以使得所述初始响应方根据所述重定向结果信息优先选择将所述发起方重定向至所述第一目标响应方。If the indication message indicates that the negotiation is successful, the redirection result message is carried in the negotiation message. And causing the initial responder to preferentially redirect the initiator to the first target responder according to the redirect result information.
在本发明的一些实施例中,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方将所述发起方重定向至第一目标响应方成功,则提高与所述第一目标响应方的标识信息对应的优先级数值,若所述初始响应方将所述发起方重定向至第一目标响应方失败,则降低与所述第一目标响应方的标识信息对应的优先级数值;处理器503具体可以用于执行以下步骤:In some embodiments of the present invention, the redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence between the identification information of at least one of the first target responders and the priority value, where And if the initial responder redirects the initiator to the first target responder successfully, increasing a priority value corresponding to the identifier information of the first target responder, if the initial responder If the initiator is redirected to the first target responder, the priority value corresponding to the identifier information of the first target responder is decreased. The processor 503 may be specifically configured to perform the following steps:
在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息优先将所述发起方重定向至优先级数值高的第一目标响应方。The redirection result information is carried in the negotiation message, so that the initial responder preferentially redirects the initiator to the first target responder with a high priority value according to the redirection result information.
在本发明的一些实施例中,所述发起方设备为基站;所述响应方设备为安全网关;所述协商为基站与安全网关之间的IPsec隧道协商;所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。In some embodiments of the present invention, the initiator device is a base station; the responder device is a security gateway; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes an IPsec tunnel negotiation process. The IKE_SA_INIT Request message or the IKE_AUTH Request message.
上面对本发明实施例中的发起方设备进行了描述,下面对本发明实施例中的响应方设备进行描述,其中,该响应方设备用于与发起方设备进行协商,请参阅图6,本发明实施例中响应方设备一个实施例包括:The initiator device in the embodiment of the present invention is described above. The responder device in the embodiment of the present invention is described below. The responder device is used to negotiate with the initiator device. Referring to FIG. 6, the present invention is implemented. An embodiment of the responder device in the example includes:
所述响应方设备为初始响应方设备,所述初始响应方设备包括:The responder device is an initial responder device, and the initial responder device includes:
接收单元601,用于当发起方设备与初始响应方设备发起协商时,接收所述发起方设备发送的协商消息,所述协商消息携带有重定向结果信息,其中,所述重定向结果信息是由发起方在其与初始响应方的协商过程中若发起方被初始响应方重定向至第一目标响应方时进行记录得到;所述协商消息指在协商过程中由所述发起方设备向所述初始响应方设备发送的消息中的任意一个;The receiving unit 601 is configured to: when the initiator device initiates the negotiation with the initial responder device, receive the negotiation message sent by the initiator device, where the negotiation message carries the redirection result information, where the redirection result information is Recorded by the initiator in the negotiation process with the initial responder if the initiator is redirected to the first target responder by the initial responder; the negotiation message refers to the initiator device in the negotiation process Said any one of the messages sent by the initial responder device;
执行单元602,用于根据所述重定向结果信息执行重定向操作。The executing unit 602 is configured to perform a redirection operation according to the redirection result information.
为便于理解,下面以一具体应用场景为例,对本实施例中的响应方设备的内部运作流程进行描述:For ease of understanding, the internal operation process of the responder device in this embodiment is described by taking a specific application scenario as an example:
当发起方设备与初始响应方设备发起协商时,接收单元601接收所述发起方设备发送的协商消息,所述协商消息携带有重定向结果信息,其中,所述重 定向结果信息是由发起方在其与初始响应方的协商过程中若发起方被初始响应方重定向至第一目标响应方时进行记录得到;所述协商消息指在协商过程中由所述发起方设备向所述初始响应方设备发送的消息中的任意一个;执行单元602根据所述重定向结果信息执行重定向操作。When the initiator device initiates a negotiation with the initial responder device, the receiving unit 601 receives the negotiation message sent by the initiator device, where the negotiation message carries the redirection result information, where the weight is The orientation result information is obtained by the initiator when the initiator is redirected to the first target responder by the initial responder during the negotiation process with the initial responder; the negotiation message refers to the initiation by the negotiation process. Any one of the messages sent by the party device to the initial responder device; the execution unit 602 performs a redirect operation according to the redirect result information.
可选地,在本实施例中,所述重定向结果信息包括所述第一目标响应方设备的标识信息以及用于指示是否协商成功的指示信息;Optionally, in the embodiment, the redirection result information includes the identifier information of the first target responder device and the indication information used to indicate whether the negotiation is successful.
所述执行单元602,具体用于若所述指示信息指示协商失败,则根据所述重定向结果信息将所述发起方设备重定向至第二目标响应方设备或者放弃重定向操作,其中,所述第二目标响应方设备不同于所述第一目标响应方设备;若所述指示消息指示协商成功,则根据所述重定向结果信息优先选择将所述发起方设备重定向至所述第一目标响应方设备。The executing unit 602 is specifically configured to: if the indication information indicates that the negotiation fails, redirect the initiator device to the second target responder device or abandon the redirect operation according to the redirect result information, where The second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, the initiator device is preferentially redirected to the first according to the redirect result information Target responder device.
可选地,在本实施例中,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方设备的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备成功,则提高与所述第一目标响应方设备的标识信息对应的优先级数值,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备失败,则降低与所述第一目标响应方设备的标识信息对应的优先级数值;Optionally, in the embodiment, the redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence between the identification information of at least one first target responsive party device and a priority value. And if the initial responder device successfully redirects the initiator device to the first target responder device, increasing a priority value corresponding to the identifier information of the first target responder device, if If the initial responder device fails to redirect the initiator device to the first target responder device, the priority value corresponding to the identifier information of the first target responder device is decreased;
所述执行单元602,具体用于根据所述重定向结果信息优先将所述发起方设备重定向至优先级数值高的第一目标响应方设备。The executing unit 602 is specifically configured to preferentially redirect the initiator device to the first target responder device with a high priority value according to the redirection result information.
可选地,在本实施例中,所述响应方设备为安全网关;所述发起方设备为基站;所述协商为基站与安全网关之间的IPsec隧道协商;所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。Optionally, in this embodiment, the responder device is a security gateway; the initiator device is a base station; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes IPsec tunnel negotiation. The IKE_SA_INIT Request message or the IKE_AUTH Request message in the process.
上面从模块化功能实体的角度对本发明实施例中的响应方设备进行描述,在本发明的技术方案中,也可以从硬件处理的角度对本发明实施例中的响应方设备进行描述,请参阅图7,本发明实施例中响应方设备另一实施例包括:The responsive device in the embodiment of the present invention is described above from the perspective of a modular functional entity. In the technical solution of the present invention, the responsive device in the embodiment of the present invention may also be described from the perspective of hardware processing. 7. Another embodiment of the responder device in the embodiment of the present invention includes:
输入装置701、输出装置702、处理器703和存储器704(其中响应方设备中的处理器703的数量可以一个或多个,图7中以一个处理器703为例)。在本发明的一些实施例中,输入装置701、输出装置702、处理器703和存储 器704可通过总线或其它方式连接,其中,图7中以通过总线连接为例。The input device 701, the output device 702, the processor 703, and the memory 704 (wherein the number of processors 703 in the responder device may be one or more, and one processor 703 is taken as an example in FIG. 7). In some embodiments of the invention, input device 701, output device 702, processor 703, and storage The 704 can be connected by a bus or other means, wherein the connection by a bus is taken as an example in FIG.
其中,通过调用存储器704存储的操作指令,处理器703,用于执行如下步骤:The processor 703 is configured to perform the following steps by calling an operation instruction stored in the memory 704:
当发起方与初始响应方发起协商时,接收所述发起方发送的协商消息,所述协商消息携带有重定向结果信息,其中,所述重定向结果信息是由发起方在其与初始响应方的协商过程中若发起方被初始响应方重定向至第一目标响应方时进行记录得到;所述协商消息指在协商过程中由所述发起方向所述初始响应方发送的消息中的任意一个,所述初始响应方与所述初始响应方可以相同,也可以不同;Receiving, by the initiator, the negotiation message sent by the initiator, where the negotiation message carries the redirection result information, where the redirection result information is sent by the initiator and the initial responder. If the initiator is redirected to the first target responder by the initial responder during the negotiation process, the negotiation message refers to any one of the messages sent by the originating party to the initial responder during the negotiation process. The initial responder may be the same as or different from the initial responder;
根据所述重定向结果信息执行重定向操作。Performing a redirection operation according to the redirection result information.
在本发明的一些实施例中,所述重定向结果信息包括所述第一目标响应方的标识信息以及用于指示是否协商成功的指示信息;处理器703具体可以用于执行以下步骤:In some embodiments of the present invention, the redirection result information includes the identification information of the first target responding party and the indication information indicating whether the negotiation is successful. The processor 703 may be specifically configured to perform the following steps:
若所述指示信息指示协商失败,则根据所述重定向结果信息将所述发起方重定向至第二目标响应方或者放弃重定向操作,其中,所述第二目标响应方不同于所述第一目标响应方;If the indication information indicates that the negotiation fails, the initiator is redirected to the second target responder or the redirect operation is abandoned according to the redirect result information, wherein the second target responder is different from the first a target responder;
若所述指示消息指示协商成功,则根据所述重定向结果信息优先选择将所述发起方重定向至所述第一目标响应方。If the indication message indicates that the negotiation is successful, the initiator is preferentially redirected to the first target responder according to the redirect result information.
在本发明的一些实施例中,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方将所述发起方重定向至第一目标响应方成功,则提高与所述第一目标响应方的标识信息对应的优先级数值,若所述初始响应方将所述发起方重定向至第一目标响应方失败,则降低与所述第一目标响应方的标识信息对应的优先级数值;处理器703具体可以用于执行以下步骤:In some embodiments of the present invention, the redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence between the identification information of at least one of the first target responders and the priority value, where And if the initial responder redirects the initiator to the first target responder successfully, increasing a priority value corresponding to the identifier information of the first target responder, if the initial responder If the initiator is redirected to the first target responder, the priority value corresponding to the identifier information of the first target responder is decreased. The processor 703 may be specifically configured to perform the following steps:
根据所述重定向结果信息优先将所述发起方重定向至优先级数值高的第一目标响应方。The initiator is preferentially redirected to the first target responder with a high priority value according to the redirection result information.
在本发明的一些实施例中,所述响应方设备为安全网关;所述发起方设备为基站;所述协商为基站与安全网关之间的IPsec隧道协商;所述协商消息包 括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。In some embodiments of the present invention, the responder device is a security gateway; the initiator device is a base station; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; the negotiation message packet The IKE_SA_INIT Request message or the IKE_AUTH Request message during the IPsec tunnel negotiation process.
上面对本发明实施例中的发起方设备和响应方设备进行了描述,下面对本发明实施例中的重定向系统进行描述,请参阅图8,本发明实施例中重定向系统一个实施例包括发起方设备801以及用于与所述发起方设备进行协商的响应方设备,所述响应方设备为初始响应方设备802;The initiator device and the responder device in the embodiment of the present invention are described above. The following describes the redirection system in the embodiment of the present invention. Referring to FIG. 8, an embodiment of the redirection system in the embodiment of the present invention includes an initiator. The device 801 and the responder device for negotiating with the initiator device, the responder device is an initial responder device 802;
所述发起方设备801,用于在所述发起方设备与初始响应方设备的协商过程中,若所述发起方设备被所述初始响应方设备重定向至第一目标响应方设备,记录对应的重定向结果信息;当所述发起方设备再次与初始响应方设备发起协商时,在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息执行重定向操作,其中,所述协商消息指在协商过程中由所述发起方设备向所述初始响应方设备发送的消息中的任意一个;The initiator device 801 is configured to: during the negotiation process between the initiator device and the initial responder device, if the initiator device is redirected by the initial responder device to the first target responder device, the record corresponds to Redirecting result information; when the initiator device initiates negotiation with the initial responder device, the redirection result information is carried in the negotiation message, so that the initial responder device performs according to the redirection result information. a redirecting operation, wherein the negotiation message refers to any one of messages sent by the initiator device to the initial responder device during the negotiation process;
所述初始响应方设备802,用于当所述发起方设备与所述初始响应方设备发起协商时,接收所述发起方设备发送的所述协商消息;The initial responder device 802 is configured to: when the initiator device initiates negotiation with the initial responder device, receive the negotiation message sent by the initiator device;
所述初始响应方设备802,还用于根据所述重定向结果信息执行重定向操作。The initial responder device 802 is further configured to perform a redirection operation according to the redirection result information.
可选地,在本实施例中,所述重定向结果信息包括所述第一目标响应方设备的标识信息以及用于指示是否协商成功的指示信息;Optionally, in the embodiment, the redirection result information includes the identifier information of the first target responder device and the indication information used to indicate whether the negotiation is successful.
所述初始响应方设备802,具体用于若所述指示信息指示协商失败,则根据所述重定向结果信息将所述发起方设备重定向至第二目标响应方设备或者放弃重定向操作,其中,所述第二目标响应方设备不同于所述第一目标响应方设备;若所述指示消息指示协商成功,则根据所述重定向结果信息优先选择将所述发起方设备重定向至所述第一目标响应方设备。The initial responder device 802 is specifically configured to: if the indication information indicates that the negotiation fails, redirect the initiator device to the second target responder device according to the redirect result information or discard the redirect operation, where The second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, the initiator device is preferentially redirected to the The first target responder device.
可选地,在本实施例中,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方设备的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备成功,则提高与所述第一目标响应方设备的标识信息对应的优先级数值,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备失败,则降低与所述第一目标响应方设备的标识信息对应的优先级数值; Optionally, in the embodiment, the redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence between the identification information of at least one first target responsive party device and a priority value. And if the initial responder device successfully redirects the initiator device to the first target responder device, increasing a priority value corresponding to the identifier information of the first target responder device, if If the initial responder device fails to redirect the initiator device to the first target responder device, the priority value corresponding to the identifier information of the first target responder device is decreased;
所述初始响应方设备802,具体用于根据所述重定向结果信息优先将所述发起方设备重定向至优先级数值高的第一目标响应方设备。The initial responder device 802 is specifically configured to preferentially redirect the initiator device to a first target responder device with a high priority value according to the redirect result information.
可选地,在本实施例中,所述发起方设备为基站;所述响应方设备为安全网关;所述协商为基站与安全网关之间的IPsec隧道协商;所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。Optionally, in this embodiment, the initiator device is a base station; the responder device is a security gateway; the negotiation is an IPsec tunnel negotiation between the base station and the security gateway; and the negotiation message includes IPsec tunnel negotiation. The IKE_SA_INIT Request message or the IKE_AUTH Request message in the process.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。A person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the system, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器, 或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium. , including a number of instructions to make a computer device (which can be a personal computer, a server, Or a network device or the like) performing all or part of the steps of the method of the various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
以上所述,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。 The above embodiments are only used to illustrate the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that The technical solutions described in the embodiments are modified, or the equivalents of the technical features are replaced by the equivalents of the technical solutions of the embodiments of the present invention.

Claims (20)

  1. 一种重定向方法,其特征在于,所述方法包括:A redirection method, the method comprising:
    在发起方与初始响应方的协商过程中,若所述发起方被所述初始响应方重定向至第一目标响应方,所述发起方记录对应的重定向结果信息;During the negotiation process between the initiator and the initial responder, if the initiator is redirected by the initial responder to the first target responder, the initiator records the corresponding redirect result information;
    当所述发起方再次与初始响应方发起协商时,所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息执行重定向操作,其中,所述协商消息指在协商过程中由所述发起方向所述初始响应方发送的消息中的任意一个。When the initiator initiates the negotiation with the initial responder, the initiator carries the redirection result information in the negotiation message, so that the initial responder performs a redirection operation according to the redirection result information, where The negotiation message refers to any one of the messages sent by the originating party to the initial responder during the negotiation process.
  2. 如权利要求1所述的重定向方法,其特征在于,所述重定向结果信息包括所述第一目标响应方的标识信息以及用于指示是否协商成功的指示信息;The redirection method according to claim 1, wherein the redirection result information includes identification information of the first target responding party and indication information indicating whether the negotiation is successful;
    则所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息执行重定向操作包括:And the performing, by the initiator, the redirection result information in the negotiation message, so that the initial responding party performs the redirection operation according to the redirection result information, including:
    若所述指示信息指示协商失败,则所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息将所述发起方重定向至第二目标响应方或者放弃重定向操作,其中,所述第二目标响应方不同于所述第一目标响应方;If the indication information indicates that the negotiation fails, the initiator carries the redirection result information in the negotiation message, so that the initial responder redirects the initiator to the second according to the redirection result information. The target responder or abandon the redirect operation, wherein the second target responder is different from the first target responder;
    若所述指示消息指示协商成功,则所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息优先选择将所述发起方重定向至所述第一目标响应方。If the indication message indicates that the negotiation is successful, the initiator carries the redirection result information in the negotiation message, so that the initial responder preferentially redirects the initiator to the redirection result according to the redirection result information. The first target responder.
  3. 如权利要求1所述的重定向方法,其特征在于,The redirection method according to claim 1, wherein
    所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方将所述发起方重定向至第一目标响应方成功,则提高与所述第一目标响应方的标识信息对应的优先级数值,若所述初始响应方将所述发起方重定向至第一目标响应方失败,则降低与所述第一目标响应方的标识信息对应的优先级数值;The redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence between the identification information of at least one of the first target responders and the priority value, wherein if the initial responder If the initiator is redirected to the first target responder, the priority value corresponding to the identifier information of the first target responder is raised, and if the initial responder redirects the initiator to the first target response If the party fails, the priority value corresponding to the identification information of the first target responder is reduced;
    则所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应方根据所述重定向结果信息执行重定向操作包括:And the performing, by the initiator, the redirection result information in the negotiation message, so that the initial responding party performs the redirection operation according to the redirection result information, including:
    所述发起方在协商消息中携带所述重定向结果信息,以使得所述初始响应 方根据所述重定向结果信息优先将所述发起方重定向至优先级数值高的第一目标响应方。The initiator carries the redirection result information in a negotiation message, so that the initial response The party preferentially redirects the initiator to the first target responder with a high priority value according to the redirect result information.
  4. 如权利要求1至3中任意一项所述的重定向方法,其特征在于,所述协商为基站与安全网关之间的IPsec隧道协商;The redirection method according to any one of claims 1 to 3, wherein the negotiation is an IPsec tunnel negotiation between a base station and a security gateway;
    所述协商消息包括IPsec隧道协商过程中的Internet密钥交换-安全联盟-初始化请求IKE_SA_INIT Request消息或者Internet密钥交换-认证请求IKE_AUTH Request消息。The negotiation message includes an Internet Key Exchange-Security Association-Initialization Request IKE_SA_INIT Request message or an Internet Key Exchange-Authentication Request IKE_AUTH Request message during IPsec tunnel negotiation.
  5. 一种重定向方法,其特征在于,所述方法包括:A redirection method, the method comprising:
    当发起方与初始响应方发起协商时,所述初始响应方接收所述发起方发送的协商消息,所述协商消息携带有重定向结果信息,其中,所述重定向结果信息是由发起方在其与初始响应方的协商过程中若发起方被初始响应方重定向至第一目标响应方时进行记录得到;所述协商消息指在协商过程中由所述发起方向所述初始响应方发送的消息中的任意一个,所述初始响应方与所述初始响应方可以相同,也可以不同;When the initiator initiates the negotiation with the initial responder, the initial responder receives the negotiation message sent by the initiator, and the negotiation message carries the redirect result information, where the redirect result information is initiated by the initiator. Recording is obtained when the initiator is redirected to the first target responder by the initial responder during the negotiation with the initial responder; the negotiation message is sent by the initial responder by the originating direction during the negotiation process. Any one of the messages, the initial responder may be the same as the initial responder, or may be different;
    所述初始响应方根据所述重定向结果信息执行重定向操作。The initial responder performs a redirection operation according to the redirection result information.
  6. 如权利要求5所述的重定向方法,其特征在于,所述重定向结果信息包括所述第一目标响应方的标识信息以及用于指示是否协商成功的指示信息;The redirection method according to claim 5, wherein the redirection result information includes identification information of the first target responder and indication information indicating whether the negotiation is successful;
    则所述初始响应方根据所述重定向结果信息执行重定向操作包括:And performing, by the initial responder, the redirection operation according to the redirection result information includes:
    若所述指示信息指示协商失败,则所述初始响应方根据所述重定向结果信息将所述发起方重定向至第二目标响应方或者放弃重定向操作,其中,所述第二目标响应方不同于所述第一目标响应方;If the indication information indicates that the negotiation fails, the initial responder redirects the initiator to the second target responder or abandons the redirect operation according to the redirect result information, wherein the second target responder Different from the first target responder;
    若所述指示消息指示协商成功,则所述初始响应方根据所述重定向结果信息优先选择将所述发起方重定向至所述第一目标响应方。If the indication message indicates that the negotiation is successful, the initial responder preferentially redirects the initiator to the first target responder according to the redirect result information.
  7. 如权利要求5所述的重定向方法,其特征在于,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方将所述发起方重定向至第一目标响应方成功,则提高与所述第一目标响应方的标识信息对应的优先级数值,若所述初始响应方将所述发起方重定向至第一目标响应方失败,则降低与所述第一目标响应方的标识信息对应的优先级数值; The redirection method according to claim 5, wherein the redirection result information comprises a correspondence relationship table, wherein the correspondence relationship table is established with at least one identification information of the first target responding party and a priority value Corresponding relationship, wherein if the initial responder redirects the initiator to the first target responder, the priority value corresponding to the identifier information of the first target responder is increased, if If the initial responder fails to redirect the initiator to the first target responder, the priority value corresponding to the identifier information of the first target responder is decreased;
    则所述初始响应方根据所述重定向结果信息执行重定向操作包括:And performing, by the initial responder, the redirection operation according to the redirection result information includes:
    所述初始响应方根据所述重定向结果信息优先将所述发起方重定向至优先级数值高的第一目标响应方。The initial responder preferentially redirects the initiator to a first target responder with a high priority value according to the redirect result information.
  8. 如权利要求5至7中任意一项所述的重定向方法,其特征在于,所述协商为基站与安全网关之间的IPsec隧道协商;The redirection method according to any one of claims 5 to 7, wherein the negotiation is an IPsec tunnel negotiation between the base station and the security gateway;
    所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。The negotiation message includes an IKE_SA_INIT Request message or an IKE_AUTH Request message during an IPsec tunnel negotiation process.
  9. 一种发起方设备,用于与响应方设备进行协商,其特征在于,所述设备包括:An initiator device, configured to negotiate with a responder device, where the device includes:
    记录单元,用于在发起方设备与初始响应方设备的协商过程中,若所述发起方设备被所述初始响应方设备重定向至第一目标响应方设备,记录对应的重定向结果信息;a recording unit, configured to: during the negotiation process between the initiator device and the initial responder device, if the initiator device is redirected by the initial responder device to the first target responder device, record corresponding redirection result information;
    发送单元,用于当所述发起方设备再次与初始响应方设备发起协商时,在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息执行重定向操作,其中,所述协商消息指在协商过程中由所述发起方设备向所述初始响应方设备发送的消息中的任意一个。a sending unit, configured to: when the initiator device initiates negotiation with the initial responder device, carry the redirection result information in the negotiation message, so that the initial responder device performs heavy according to the redirection result information. A directed operation, wherein the negotiation message refers to any one of messages sent by the initiator device to the initial responder device during the negotiation process.
  10. 如权利要求9所述的发起方设备,其特征在于,所述重定向结果信息包括所述第一目标响应方设备的标识信息以及用于指示是否协商成功的指示信息;The initiator device according to claim 9, wherein the redirection result information includes identification information of the first target responder device and indication information for indicating whether the negotiation is successful;
    所述发送单元,具体用于若所述指示信息指示协商失败,则在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息将所述发起方设备重定向至第二目标响应方设备或者放弃重定向操作,其中,所述第二目标响应方设备不同于所述第一目标响应方设备;若所述指示消息指示协商成功,则在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息优先选择将所述发起方设备重定向至所述第一目标响应方设备。The sending unit is configured to: if the indication information indicates that the negotiation fails, the redirection result information is carried in the negotiation message, so that the initial responder device sends the initiator according to the redirection result information. Redirecting the device to the second target responder device or abandoning the redirect operation, wherein the second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, then the negotiation message is And carrying the redirection result information, so that the initial responder device preferentially redirects the initiator device to the first target responder device according to the redirection result information.
  11. 如权利要求9所述的发起方设备,其特征在于,The initiator device of claim 9 wherein:
    所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方设备的标识信息和优先级数值之间的对应关系,其中,若所 述初始响应方设备将所述发起方设备重定向至第一目标响应方设备成功,则提高与所述第一目标响应方设备的标识信息对应的优先级数值,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备失败,则降低与所述第一目标响应方设备的标识信息对应的优先级数值;The redirection result information includes a correspondence relationship table, where the correspondence relationship table establishes a correspondence relationship between the identification information of at least one first target responsive party device and a priority value, where If the initial responder device redirects the initiator device to the first target responder device, the priority value corresponding to the identifier information of the first target responder device is increased, if the initial responder device If the initiator device fails to redirect to the first target responder device, the priority value corresponding to the identifier information of the first target responder device is decreased;
    所述发送单元,具体用于在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息优先将所述发起方设备重定向至优先级数值高的第一目标响应方设备。The sending unit is configured to carry the redirection result information in the negotiation message, so that the initial responder device preferentially redirects the initiator device to a high priority value according to the redirection result information. The first target responder device.
  12. 如权利要求9至11中任意一项所述的发起方设备,其特征在于,所述发起方设备为基站;所述响应方设备为安全网关;所述协商为基站与安全网关之间的IPsec隧道协商;所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。The initiator device according to any one of claims 9 to 11, wherein the initiator device is a base station; the responder device is a security gateway; and the negotiation is IPsec between the base station and the security gateway. Tunnel negotiation; the negotiation message includes an IKE_SA_INIT Request message or an IKE_AUTH Request message during an IPsec tunnel negotiation process.
  13. 一种响应方设备,用于与发起方设备进行协商,所述响应方设备为初始响应方设备,所述其特征在于,所述初始响应方设备包括:A responder device, configured to negotiate with an initiator device, where the responder device is an initial responder device, wherein the initial responder device includes:
    接收单元,用于当发起方设备与初始响应方设备发起协商时,接收所述发起方设备发送的协商消息,所述协商消息携带有重定向结果信息,其中,所述重定向结果信息是由发起方在其与初始响应方的协商过程中若发起方被初始响应方重定向至第一目标响应方时进行记录得到;所述协商消息指在协商过程中由所述发起方设备向所述初始响应方设备发送的消息中的任意一个;The receiving unit is configured to: when the initiator device initiates the negotiation with the initial responder device, receive the negotiation message sent by the initiator device, where the negotiation message carries the redirection result information, where the redirection result information is The initiator obtains the record when the initiator is redirected to the first target responder by the initial responder during the negotiation with the initial responder; the negotiation message refers to the initiator device in the negotiation process to the Any one of the messages sent by the initial responder device;
    执行单元,用于根据所述重定向结果信息执行重定向操作。An execution unit, configured to perform a redirection operation according to the redirection result information.
  14. 如权利要求13所述的响应方设备,所述其特征在于,所述重定向结果信息包括所述第一目标响应方设备的标识信息以及用于指示是否协商成功的指示信息;The responder device according to claim 13, wherein the redirection result information includes identification information of the first target responder device and indication information indicating whether the negotiation is successful;
    所述执行单元,具体用于若所述指示信息指示协商失败,则根据所述重定向结果信息将所述发起方设备重定向至第二目标响应方设备或者放弃重定向操作,其中,所述第二目标响应方设备不同于所述第一目标响应方设备;若所述指示消息指示协商成功,则根据所述重定向结果信息优先选择将所述发起方设备重定向至所述第一目标响应方设备。The executing unit is specifically configured to: if the indication information indicates that the negotiation fails, redirect the initiator device to the second target responder device or abandon the redirect operation according to the redirect result information, where the The second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, preferentially redirecting the initiator device to the first target according to the redirect result information Responder device.
  15. 如权利要求13所述的响应方设备,所述其特征在于,所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方 设备的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备成功,则提高与所述第一目标响应方设备的标识信息对应的优先级数值,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备失败,则降低与所述第一目标响应方设备的标识信息对应的优先级数值;The responder device according to claim 13, wherein the redirection result information comprises a correspondence relationship table, and the correspondence relationship table is established with at least one of the first target responders Corresponding relationship between the identification information of the device and the priority value, wherein if the initial responder device redirects the initiator device to the first target responder device, the first target responder is improved And the priority value corresponding to the identifier information of the device, if the initial responder device fails to redirect the initiator device to the first target responder device, reducing the identifier information corresponding to the first target responder device Priority value
    所述执行单元,具体用于根据所述重定向结果信息优先将所述发起方设备重定向至优先级数值高的第一目标响应方设备。The executing unit is specifically configured to preferentially redirect the initiator device to a first target responder device with a high priority value according to the redirect result information.
  16. 如权利要求13至15中任意一项所述的响应方设备,所述其特征在于,所述响应方设备为安全网关;所述发起方设备为基站;所述协商为基站与安全网关之间的IPsec隧道协商;所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。The responder device according to any one of claims 13 to 15, wherein the responder device is a security gateway; the initiator device is a base station; and the negotiation is between a base station and a security gateway. The IPsec tunnel negotiation; the negotiation message includes an IKE_SA_INIT Request message or an IKE_AUTH Request message during the IPsec tunnel negotiation process.
  17. 一种重定向系统,包括发起方设备以及用于与所述发起方设备进行协商的响应方设备,所述响应方设备为初始响应方设备,其特征在于:A redirection system includes an initiator device and a responder device for negotiating with the initiator device, where the responder device is an initial responder device, and is characterized by:
    所述发起方设备,用于在所述发起方设备与初始响应方设备的协商过程中,若所述发起方设备被所述初始响应方设备重定向至第一目标响应方设备,记录对应的重定向结果信息;当所述发起方设备再次与初始响应方设备发起协商时,在协商消息中携带所述重定向结果信息,以使得所述初始响应方设备根据所述重定向结果信息执行重定向操作,其中,所述协商消息指在协商过程中由所述发起方设备向所述初始响应方设备发送的消息中的任意一个;The initiator device is configured to: during the negotiation process between the initiator device and the initial responder device, if the initiator device is redirected by the initial responder device to the first target responder device, record the corresponding Redirecting result information; when the initiator device initiates negotiation with the initial responder device, the redirection result information is carried in the negotiation message, so that the initial responder device performs heavy according to the redirection result information. Directed operation, wherein the negotiation message refers to any one of messages sent by the initiator device to the initial responder device during the negotiation process;
    所述初始响应方设备,用于当所述发起方设备与所述初始响应方设备发起协商时,接收所述发起方设备发送的所述协商消息;The initial responder device is configured to: when the initiator device initiates negotiation with the initial responder device, receive the negotiation message sent by the initiator device;
    所述初始响应方设备,还用于根据所述重定向结果信息执行重定向操作。The initial responder device is further configured to perform a redirection operation according to the redirection result information.
  18. 如权利要求17所述的重定向系统,其特征在于:所述重定向结果信息包括所述第一目标响应方设备的标识信息以及用于指示是否协商成功的指示信息;The redirection system according to claim 17, wherein the redirection result information includes identification information of the first target responder device and indication information for indicating whether the negotiation is successful;
    所述初始响应方设备,具体用于若所述指示信息指示协商失败,则根据所述重定向结果信息将所述发起方设备重定向至第二目标响应方设备或者放弃重定向操作,其中,所述第二目标响应方设备不同于所述第一目标响应方设备;若所述指示消息指示协商成功,则根据所述重定向结果信息优先选择将所述发 起方设备重定向至所述第一目标响应方设备。The initial responder device is specifically configured to redirect the initiator device to the second target responder device or abandon the redirect operation according to the redirect result information, if the indication information indicates that the negotiation fails, where The second target responder device is different from the first target responder device; if the indication message indicates that the negotiation is successful, the sending is preferentially selected according to the redirecting result information. The originating device is redirected to the first target responder device.
  19. 如权利要求17所述的重定向系统,其特征在于:所述重定向结果信息包括对应关系表,所述对应关系表建立有至少一个所述第一目标响应方设备的标识信息和优先级数值之间的对应关系,其中,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备成功,则提高与所述第一目标响应方设备的标识信息对应的优先级数值,若所述初始响应方设备将所述发起方设备重定向至第一目标响应方设备失败,则降低与所述第一目标响应方设备的标识信息对应的优先级数值;The redirection system according to claim 17, wherein the redirection result information comprises a correspondence relationship table, and the correspondence relationship table is configured with at least one identification information and a priority value of the first target responder device. Corresponding relationship, wherein if the initial responder device redirects the initiator device to the first target responder device successfully, the priority corresponding to the identifier information of the first target responder device is increased a value, if the initial responder device fails to redirect the initiator device to the first target responder device, reducing a priority value corresponding to the identifier information of the first target responder device;
    所述初始响应方设备,具体用于根据所述重定向结果信息优先将所述发起方设备重定向至优先级数值高的第一目标响应方设备。The initial responder device is specifically configured to preferentially redirect the initiator device to a first target responder device with a high priority value according to the redirect result information.
  20. 如权利要求17至19中任意一项所述的重定向系统,其特征在于:所述发起方设备为基站;所述响应方设备为安全网关;所述协商为基站与安全网关之间的IPsec隧道协商;所述协商消息包括IPsec隧道协商过程中的IKE_SA_INIT Request消息或者IKE_AUTH Request消息。 The redirection system according to any one of claims 17 to 19, wherein: the initiator device is a base station; the responder device is a security gateway; and the negotiation is IPsec between the base station and the security gateway. Tunnel negotiation; the negotiation message includes an IKE_SA_INIT Request message or an IKE_AUTH Request message during an IPsec tunnel negotiation process.
PCT/CN2016/073157 2015-03-03 2016-02-02 Redirection method and related device WO2016138811A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510094979.8 2015-03-03
CN201510094979.8A CN104754672A (en) 2015-03-03 2015-03-03 Redirection method and related equipment

Publications (1)

Publication Number Publication Date
WO2016138811A1 true WO2016138811A1 (en) 2016-09-09

Family

ID=53593620

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/073157 WO2016138811A1 (en) 2015-03-03 2016-02-02 Redirection method and related device

Country Status (2)

Country Link
CN (1) CN104754672A (en)
WO (1) WO2016138811A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104754672A (en) * 2015-03-03 2015-07-01 上海华为技术有限公司 Redirection method and related equipment
CN113157615B (en) * 2021-02-02 2023-05-23 浙江大华技术股份有限公司 Service bus communication method, electronic equipment and computer storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101415214A (en) * 2007-10-15 2009-04-22 华为技术有限公司 Method and apparatus for negotiating relay system switching
US20100306572A1 (en) * 2009-06-01 2010-12-02 Alexandro Salvarani Apparatus and method to facilitate high availability in secure network transport
CN102244642A (en) * 2010-05-10 2011-11-16 华为技术有限公司 Redirecting method, system and terminal
CN102316542A (en) * 2011-09-09 2012-01-11 中兴通讯股份有限公司 Blind switching or blind redirection method and system
CN103327514A (en) * 2012-03-19 2013-09-25 华为技术有限公司 Information recording method, information acquisition method, equipment and system
WO2014193400A1 (en) * 2013-05-31 2014-12-04 Empire Technology Development Llc Wireless network handover
CN104754672A (en) * 2015-03-03 2015-07-01 上海华为技术有限公司 Redirection method and related equipment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101415214A (en) * 2007-10-15 2009-04-22 华为技术有限公司 Method and apparatus for negotiating relay system switching
US20100306572A1 (en) * 2009-06-01 2010-12-02 Alexandro Salvarani Apparatus and method to facilitate high availability in secure network transport
CN102244642A (en) * 2010-05-10 2011-11-16 华为技术有限公司 Redirecting method, system and terminal
CN102316542A (en) * 2011-09-09 2012-01-11 中兴通讯股份有限公司 Blind switching or blind redirection method and system
CN103327514A (en) * 2012-03-19 2013-09-25 华为技术有限公司 Information recording method, information acquisition method, equipment and system
WO2014193400A1 (en) * 2013-05-31 2014-12-04 Empire Technology Development Llc Wireless network handover
CN104754672A (en) * 2015-03-03 2015-07-01 上海华为技术有限公司 Redirection method and related equipment

Also Published As

Publication number Publication date
CN104754672A (en) 2015-07-01

Similar Documents

Publication Publication Date Title
WO2018161639A1 (en) Internet protocol secure tunnel maintenance method, apparatus and system
US9769732B2 (en) Wireless network connection establishment method and terminal device
US11889405B2 (en) Handling a UE that is in the idle state
JP5068810B2 (en) EAP method for EAP extension (EAP-EXT)
JP5323141B2 (en) Multiple PANA sessions
US11063990B2 (en) Originating caller verification via insertion of an attestation parameter
KR20190097278A (en) Security protection negotiation method and network element
KR100919142B1 (en) Fast link establishment for network access
EP3151504B1 (en) Method and device for establishing multipath network connections
EP2991318B1 (en) Hybrid cloud architecture for media communications
WO2018006306A1 (en) Network connection configuration method and apparatus
US20120243456A1 (en) Bridge Mode Firewall Mobility
TW201141157A (en) User equipment (UE), home agent node (HA), methods, and telecommunications system for home network prefix (HNP) assignment
CA2675837C (en) Solving pana bootstrapping timing problem
US10958625B1 (en) Methods for secure access to services behind a firewall and devices thereof
WO2016138811A1 (en) Redirection method and related device
WO2021135493A1 (en) Method and apparatus for accessing home gateway, system processor and storage medium
WO2017161866A1 (en) Network connection method and device
US8427956B1 (en) Facilitating packet flow in a communication network implementing load balancing and security operations
EP2770778B1 (en) Method, system, and enb for establishing secure x2 channel
WO2014067065A1 (en) Method, apparatus and system for implementing tunnel processing
US9602493B2 (en) Implicit challenge authentication process
CN110120907B (en) Proposed group-based IPSec VPN tunnel communication method and device
US20070028092A1 (en) Method and system for enabling chap authentication over PANA without using EAP
JP2010537604A (en) Mobile node location update

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16758427

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16758427

Country of ref document: EP

Kind code of ref document: A1