WO2022166979A1 - 报文处理方法、客户端设备、服务器端设备和计算机可读介质 - Google Patents
报文处理方法、客户端设备、服务器端设备和计算机可读介质 Download PDFInfo
- Publication number
- WO2022166979A1 WO2022166979A1 PCT/CN2022/075472 CN2022075472W WO2022166979A1 WO 2022166979 A1 WO2022166979 A1 WO 2022166979A1 CN 2022075472 W CN2022075472 W CN 2022075472W WO 2022166979 A1 WO2022166979 A1 WO 2022166979A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- server
- client
- encrypted
- service
- address
- Prior art date
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 88
- 230000004044 response Effects 0.000 claims abstract description 41
- 238000013507 mapping Methods 0.000 claims description 27
- 238000013475 authorization Methods 0.000 claims description 26
- 238000004590 computer program Methods 0.000 claims description 21
- 238000000034 method Methods 0.000 claims description 14
- 238000012545 processing Methods 0.000 claims description 9
- 238000007726 management method Methods 0.000 description 19
- 230000005540 biological transmission Effects 0.000 description 11
- 230000009471 action Effects 0.000 description 10
- 230000006870 function Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 238000013500 data storage Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 230000005641 tunneling Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/34—Source routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/56—Routing software
- H04L45/566—Routing instructions carried by the data packet, e.g. active networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0471—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
Definitions
- the present disclosure relates to the field of communication technologies, and in particular, to a message processing method, a client device, a server device, and a computer-readable medium.
- the Segment Routing IPv6 (SRv6) architecture based on Internet Protocol Version 6 is designed based on the concept of source routing.
- a new extension is made in the extension header to realize the forwarding of IPv6 data packets.
- the new extension is called the Segment Routing Header (SRH).
- the segment routing packet header contains the IPv6 address stack, which relies on the intermediate nodes to sequentially update the destination address, thereby completing the hop-by-hop forwarding of the packet in the network.
- the intermediate nodes in the link can obtain the NE information of the source end and the destination end by parsing the packet. Therefore, there is a third party that intercepts the packet through illegal means and obtains the host by parsing the packet. The possibility of related information and server-related information, the security of message transmission cannot be guaranteed.
- an embodiment of the present disclosure provides a packet processing method, which is applied to a client device, where the client device includes a client, and the method includes:
- an embodiment of the present disclosure further provides a packet processing method, which is applied to a server-side device, where the server-side device includes a server-side, and the method includes:
- the server-side private key In response to the first service message sent by the client, use the server-side private key to decrypt the source address and destination address of the first service message, and replace the destination address of the first service message with the server-side address.
- the source address of the first service packet is the encrypted client segment identifier encrypted by the client device using the server public key
- the destination address of the first service packet is the client device using the server public key Encrypted encrypted server-side segment identifier
- the source address of the second service message is replaced with the encrypted server segment identifier corresponding to the server, and the second service The destination address of the message is the encrypted client segment identifier corresponding to the client;
- the source address and the destination address of the second service packet are encrypted by using the client public key, and the encrypted second service packet is sent to the client.
- an embodiment of the present disclosure further provides a client device, including:
- memory configured to store one or more computer programs
- the one or more processors are caused to implement the packet processing method described in the first aspect above.
- an embodiment of the present disclosure further provides a server-side device, including:
- memory configured to store one or more computer programs
- the one or more processors When the one or more computer programs are executed by the one or more processors, the one or more processors are caused to implement the message processing method described in the second aspect above.
- an embodiment of the present disclosure further provides a computer-readable medium on which a computer program is stored, and when the computer program is executed by a processor, implements the packet processing method described in the first aspect.
- an embodiment of the present disclosure further provides a computer-readable medium on which a computer program is stored, and when the computer program is executed by a processor, implements the packet processing method described in the second aspect above.
- FIG. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present disclosure
- FIG. 2 is a flowchart of a packet processing method according to an embodiment of the present disclosure
- FIG. 3 is a flowchart of a packet processing method according to an embodiment of the present disclosure.
- FIG. 4 is a flowchart of a packet processing method provided by an embodiment of the present disclosure.
- FIG. 5 is a flowchart of a specific implementation method of step S2 in an embodiment of the disclosure.
- FIG. 6 is a flowchart of a packet processing method provided by an embodiment of the present disclosure.
- FIG. 7 is a flowchart of a packet processing method according to an embodiment of the present disclosure.
- FIG. 8 is a flowchart of a packet processing method provided by an embodiment of the present disclosure.
- FIG. 9 is a flowchart of a specific implementation method of step S9 in an embodiment of the disclosure.
- FIG. 10 is a flowchart of a packet processing method provided by an embodiment of the present disclosure.
- FIG. 11 is a flowchart of a packet processing method provided by an embodiment of the present disclosure.
- FIG. 13 is a flowchart of a packet processing method provided by an embodiment of the present disclosure.
- FIG. 14 is a schematic structural diagram of a client device according to an embodiment of the present disclosure.
- FIG. 15 is a schematic structural diagram of a server-side device according to an embodiment of the present disclosure.
- FIG. 16 is a schematic structural diagram of a computer-readable medium provided by an embodiment of the present disclosure.
- first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. Thus, for example, a first service message discussed below may be referred to as a second service message without departing from the teachings of the present disclosure.
- the destination address is a service packet with a specific type of segment identifier corresponding to the receiving end.
- the service packet is sent.
- the receiving end receives the service packet, decrypts the destination address of the service packet, and replaces the destination address of the service packet with the receiving end.
- the corresponding address realizes the protection of the network element information of both the sender and the receiver of the service message, and effectively solves the security problem of the service message transmission in the network.
- FIG. 1 is a schematic structural diagram of a network architecture provided by an embodiment of the present disclosure. As shown in FIG. 1 , the network architecture includes a client device, an intermediate node, a server device and a service management controller.
- the network architecture is a segment routing architecture based on the sixth edition of the Internet Protocol.
- the client device and the server device transmit service packets through an intermediate node, and the intermediate node is a segment routing node.
- the client device includes a client and a client gateway.
- the client is a device that accesses the network through the client gateway and needs to communicate with the server, including personal computers, tablets, and mobile terminals.
- the server device includes the server and a server-side gateway, the server-side can access the network through the server-side gateway; the service management controller is a control layer, and is configured to manage and control the business communication between the server-side and the client-side; in some embodiments, the segment routing node may include Carrier backbone router (Provider), carrier edge router (Provider Edge, PE), Autonomous System Boundary Router (ASBR) and Area Border Router (ABR), etc.
- the segment routing node may include Carrier backbone router (Provider), carrier edge router (Provider Edge, PE), Autonomous System Boundary Router (ASBR) and Area Border Router (ABR), etc.
- FIG. 2 is a flowchart of a packet processing method provided by an embodiment of the present disclosure. As shown in FIG. 2 , the packet processing method is applied to a client device, and the method includes steps S1 to S3.
- Step S1 In response to the first service packet sent from the client to the server, replace the source address of the first service packet with the encrypted client segment identifier corresponding to the client.
- the client device includes a client, and the packet processing method flow is executed by the client; or, in some embodiments, the client device further includes a client gateway corresponding to the client, At this time, the flow of the packet processing method can be executed by the client gateway.
- the destination address of the first service message is an encrypted server-side segment identifier corresponding to the server-side.
- a corresponding segment identifier (Segment ID, SID for short) is configured for a network address, and the segment identifier has an explicit indication function and is a network instruction.
- the intermediate node when the corresponding service packet passes through the intermediate node, the intermediate node reads the segment identifier carried in the segment routing header of the service packet and a corresponding series of instruction operations (also called segment operations) , according to the segment identification and the indication operation, complete the corresponding forwarding action to forward the service message, and the indication operation is used for instructing the routing and transmission of the data (for example, the service message) in the network.
- segment operations also called segment operations
- the encrypted client segment identifier and the encrypted server segment identifier are respectively a specific type of segment identifiers preconfigured by the client and the server, which are different from other existing segment identifiers.
- This particular type of segment identifier is not used to indicate an existing forwarding action, but is used to indicate an encrypted forwarding action, that is, the encrypted client-side segment identifier and the encrypted server-side segment identifier are not used to indicate data (such as traffic packets).
- the encrypted client segment identifier and the encrypted server segment identifier do not represent the segment identifier. It is encrypted by itself, but is used to refer to the encrypted forwarding action described above.
- a specific type of segment identification may be marked using the type field "END.S.DECI".
- a mapping relationship between a specific type of segment identifier and an address of a corresponding device may be established through configuration or based on a routing protocol in a service authorization process.
- Step S2 Encrypt the source address and destination address of the first service message by using the server's public key according to the segment identifier of the encrypted server, and send the encrypted first service message to the server.
- the encrypted first service message means the first service message whose source address and destination address have been encrypted.
- the parameter portions of the source and destination addresses are encrypted.
- the server-side public key belongs to the server-side public-private key pair, which can be pre-configured by the server-side or pre-configured by the service management controller and delivered to the server-side, and the client device can obtain the server-side public key in advance.
- Step S3 in response to the second service message sent by the server, decrypt the destination address of the second service message by using the client's private key, and replace the destination address of the second service message with the address of the client.
- the destination address of the second service packet is the encrypted client segment identifier encrypted by the server using the client's public key; the client's private key belongs to the client's public-private key pair, and the public-private key pair can be pre-configured by the client Or pre-configured by the service management controller and delivered to the client, the server-side device can obtain the client's public key in advance.
- the packet processing method further includes: decrypting the source address of the second service packet by using the client's private key.
- the source address of the second service packet is the encrypted server-side segment identifier encrypted by the server-side using the client-side public key.
- the client gateway can decrypt the destination address of the second service packet, replace the destination address of the second service packet with the address of the client, and then send the second service packet to the client.
- the client device sends its source address to the service packet.
- the segment identifier of the specific type corresponding to the client and encrypt the source address and destination address of the service packet according to the segment identifier of the specific type, and then send the encrypted service packet to the server;
- the destination address of the service packet is decrypted, and the destination address of the service packet is replaced with the address corresponding to the client, so that the network element information of the sender and receiver of the service packet can be retrieved. It effectively solves the security problem of service packet transmission in the network.
- FIG. 3 is a flowchart of a packet processing method according to an embodiment of the present disclosure.
- the packet processing method is an implementation based on the packet processing method shown in FIG. 2 .
- the message processing method not only includes the above steps S1 to S3, but also includes steps S01 and S02 before step S1. Only step S01 and step S02 will be described in detail below.
- Step S01 in response to the service authorization request sent from the client to the server, configure an encrypted client segment identifier, and establish a mapping relationship between the encrypted client segment identifier and the address of the client.
- the client sends a service authorization request to the server to pre-establish a service communication relationship.
- the client can also send a service authorization request to the service management controller for service authorization.
- the segment identifier includes a locator field (Locator), a function field (Function), an optional parameter field (Argument), etc.; the location field is mainly responsible for the routing function and is unique in the segment routing domain; the function field is responsible for the function of identifying the device, For example, forwarding function and service function, etc.; and for the specific type of segment identification provided by the present disclosure, in some embodiments, by using at least part of the optional parameter fields as reference fields, the reference field and the client can be established.
- the mapping relationship of the addresses is used to establish the mapping relationship between the segment identifier of the encrypted client and the address of the client.
- the packet processing method further includes: performing route publishing for the encrypted client segment identifier through an Interior Gateway Protocol (Interior Gateway Protocol, IGP for short).
- IGP Interior Gateway Protocol
- Step S02 sending a service authorization request to the server, and receiving a service authorization response fed back by the server.
- the service authorization response includes an encrypted server-side segment identifier, whereby the client device obtains an encrypted server-side segment identifier corresponding to the address of the server-side, and the encrypted server-side segment identifier can actually be used as the encrypted server-side segment identifier on the client device side. server-side address.
- FIG. 4 is a flowchart of a packet processing method provided by an embodiment of the present disclosure.
- the packet processing method is an implementation based on the packet processing method shown in FIG. 2 .
- the message processing method not only includes the above steps S1 to S3, but also includes steps S4 to S6. Only steps S4 to S6 will be described in detail below.
- Step S4 establishing a mapping relationship between the encrypted client segment identifier encrypted with the server-side public key and the address of the client, and establishing the encrypted server-side segment identifier encrypted with the server-side public key and the encrypted server-side segment identifier. Mapping relations.
- the step of encrypting the specific type of segment identification using the server-side public key includes encrypting a reference field of the specific type of segment identification using the server-side public key. Therefore, in some embodiments, similar to step S01, in step S4, a mapping relationship between the reference field of the segment identifier encrypted with the server-side public key and the address of the client is established, so as to establish the encryption using the server-side public key The mapping relationship between the segment identifier and the client's address after the specific type.
- Step S5 in response to the third service message sent from the client to the server, replace the source address of the third service message with the encrypted client segment identifier encrypted with the public key of the server, and replace the third service message with the encrypted client segment identifier. Replace the destination address with the encrypted server-side segment ID encrypted with the server-side public key.
- the destination address of the third service message is the segment identifier of the encrypted server; in step S5, the client device side can establish a mapping relationship between the encrypted segment identifier of a specific type and the corresponding address in advance.
- the source address and destination address of the service packet are directly replaced, thereby reducing the response delay.
- Step S6 sending a third service message to the server.
- FIG. 5 is a flowchart of a specific implementation of step S2 in the embodiment of the disclosure.
- the client device further includes a client gateway; as shown in FIG. 5 , step S2 includes step S201.
- Step S201 according to the client gateway address, the intermediate node address in the link, and the server-side gateway address corresponding to the server-side, generate a tunnel header and a segment routing extension header in the outer layer of the first service packet, and send them to the server-side gateway.
- the first service message after the above processing.
- step S201 since the first service packet is to be sent to the server through the client gateway and the segment routing node in the communication link, the address of the client gateway, the address of the segment routing node and the server gateway address, and perform outer encapsulation on the first service message, so as to add a tunnel header and a segment routing extension header to the first service message. Therefore, in the packet processing method of the foregoing embodiment, when the service packet passes through the segment routing node, the destination address of the service packet is replaced based on the segment routing protocol mechanism. After the packet is encapsulated in the outer layer of the tunnel, when the service packet passes through the segment routing node, the outer destination address of the service packet is replaced based on the segment routing protocol mechanism.
- the packet processing method provided by the embodiments of the present disclosure can protect the transmission of service packets by using the tunneling technology and setting a specific type of segment identifier.
- FIG. 6 is a flowchart of a packet processing method according to an embodiment of the present disclosure. As shown in FIG. 6 , the message processing method is applied to a server-side device, the server-side device includes a server-side, and the message processing method includes steps S7 to S9 .
- Step S7 in response to the first service message sent by the client, decrypt the destination address of the first service message by using the private key of the server, and replace the destination address of the first service message with the address of the server.
- the source address of the first service packet is the encrypted client segment identifier encrypted by the client device using the server-side public key
- the destination address of the first service packet is the encrypted client-side segment identifier encrypted by the client device using the server-side public key.
- the server-side device includes a server-side, and the packet processing method flow is executed by the server-side; or, in some embodiments, the server-side device further includes a server-side gateway corresponding to the server-side, At this time, the flow of the packet processing method may be executed by the server-side gateway.
- the packet processing method further includes: decrypting the source address of the first service packet by using the server-side private key.
- the source address of the first service packet is the encrypted client segment identifier encrypted by the client device using the server-side public key.
- the flow of the packet processing method can be executed by the server-side gateway, so that the server-side gateway can decrypt the destination address of the first service packet, and replace the destination address of the first service packet with the server-side address. After the address, the first service message is sent to the server.
- Step S8 In response to the second service message sent from the server to the client, replace the source address of the second service message with the segment identifier of the encrypted server.
- the destination address of the second service packet is the encrypted client segment identifier corresponding to the client.
- Step S9 using the client public key to encrypt the source address and destination address of the second service message according to the encrypted client segment identification, and send the encrypted second service message to the client.
- the client public key to encrypt the source address and destination address of the second service packet, and send the encrypted second service packet to the client
- the encrypted second service message is the second service message whose source address and destination address have been encrypted
- the client's public key belongs to the client's public-private key pair, which can be pre-configured by the client or set by
- the service management controller is pre-configured and delivered to the client, and the server-side device can obtain the client's public key in advance.
- the parameter portions of the source and destination addresses are encrypted.
- the server-side device sends its source address to the service packet. Replace it with a specific type of segment identifier corresponding to the server side, and encrypt the source address and destination address of the service packet according to the specific type of segment identifier, and then send the encrypted service packet to the client;
- the service packet returned by the terminal decrypts the destination address of the service packet, and replaces the destination address of the service packet with the address corresponding to the server, so as to protect the network element information of the sender and receiver of the service packet. , which effectively solves the security problem of service packet transmission in the network.
- FIG. 7 is a flowchart of a packet processing method according to an embodiment of the present disclosure.
- the packet processing method is an implementation based on the packet processing method shown in FIG. 6 .
- the message processing method not only includes steps S7 to S9, but also includes steps S7a and S7b before step S7. Only step S7a and step S7b will be described in detail below.
- Step S7a in response to the service registration request sent from the server to the service management controller, configure the encrypted server-side segment identifier, and establish a mapping relationship between the encrypted server-side segment identifier and the server-side address.
- the service registration request may include a server identifier, such as a service ID, a server ID, and the like.
- At least part of the optional parameter fields of the encrypted server-side segment identifier can be used as reference fields to establish a mapping relationship between the reference field and the server-side address, so as to establish the encrypted server-side segment identifier and the server-side segment identifier.
- the mapping relationship of server-side addresses can be used as reference fields to establish a mapping relationship between the reference field and the server-side address, so as to establish the encrypted server-side segment identifier and the server-side segment identifier.
- Step S7b sending a service registration request to the service management controller, and receiving a service registration response fed back by the service management controller.
- step S7b receiving a service registration response fed back by the service management controller indicates that the service registration on the server side is successful.
- FIG. 8 is a flowchart of a packet processing method according to an embodiment of the present disclosure.
- the packet processing method is an implementation based on the packet processing method shown in FIG. 6 .
- the message processing method not only includes steps S7 to S9, but also includes steps S10 to S12. Only steps S10 to S12 will be described in detail below.
- Step S10 establishing a mapping relationship between the encrypted client segment identifier encrypted with the client’s public key and the encrypted client segment identifier, and establishing a relationship between the encrypted server segment identifier encrypted with the client’s public key and the address of the server. Mapping relations.
- the step of encrypting the particular type of segment identification using the client public key includes encrypting a reference field of the particular type of segment identification using the client public key. Therefore, in some embodiments, similar to step S7a, in step S10, a mapping relationship between the reference field of the segment identifier encrypted with the client's public key and the address of the server is established, so as to establish the encryption with the client's public key. The mapping relationship between the segment identifier of the specific type and the address on the server side.
- Step S11 in response to the fourth service message sent from the server to the client, replace the source address of the fourth service message with the encrypted server segment identifier encrypted with the client's public key, and replace the fourth service message with the encrypted server segment identifier. Replace the destination address with the encrypted client segment ID encrypted with the client's public key.
- the destination address of the fourth service message is the segment identifier of the encrypted client; in step S11, the server can establish a mapping relationship between the segment identifier of the specific type after encryption and the corresponding address in advance, and then perform the service report.
- the source address and destination address of the service packet are directly replaced, thereby reducing the response delay.
- Step S12 Send a fourth service message to the client.
- FIG. 9 is a flowchart of a specific implementation manner of step S9 in an embodiment of the disclosure.
- the server-side device further includes a server-side gateway; step S9 includes step S901.
- Step S901 according to the server gateway address, the intermediate node address in the link, and the client gateway address corresponding to the client, generate a tunnel header and a segment routing extension header in the outer layer of the second service packet, and send them to the client gateway.
- the second service message after the above processing.
- step S901 since the second service packet is to be sent to the client via the server-side gateway and the segment routing node in the communication link, the corresponding client-side gateway address and segment routing node address are The client gateway address of the second service packet is encapsulated in the outer layer to add a tunnel header and a segment routing extension header to the second service packet. Therefore, in the packet processing method of the foregoing embodiment, when the service packet passes through the segment routing node, the destination address of the service packet is replaced based on the segment routing protocol mechanism. After the packet is encapsulated in the outer layer of the tunnel, when the service packet passes through the segment routing node, the outer destination address of the service packet is replaced based on the segment routing protocol mechanism.
- FIG. 10 is a flowchart of a packet processing method provided by an embodiment of the present disclosure. As shown in FIG. 10 , the packet processing method is applied to the interaction between a client device and a server device via an intermediate node.
- the client device includes a client
- the server device includes a server
- the intermediate node may be one or more intermediate nodes. (only one is shown in FIG. 10 )
- the message processing method includes steps BZ01 to BZ07 .
- Step BZ01 The server prepares to send a service registration request to the service management controller, configures the encrypted server segment identifier, and establishes a mapping relationship between the encrypted server segment identifier and the address of the server.
- Step BZ02 The server sends a service registration request to the service management controller, where the service registration request includes the server identifier.
- Step BZ03 the service management controller saves the server identifier, and completes the service registration on the server side.
- Step BZ04 the service management controller sends a service registration response to the server.
- Step BZ05 the client prepares to send a service authorization request to the server, configures an encrypted client segment identifier, and establishes a mapping relationship between the encrypted client segment identifier and the address of the client.
- Step BZ06 the client sends a service authorization request to the server via the intermediate node.
- Step BZ07 The server performs service authorization, and sends a service authorization response to the client via the intermediate node, where the service authorization response includes the encrypted server-side segment identifier.
- FIG. 11 is a flowchart of a packet processing method provided by an embodiment of the present disclosure. As shown in FIG. 11 , the packet processing method is applied to the interaction process between a client device and a server device via an intermediate node.
- the client device includes a client
- the server device includes a server
- the intermediate node may be one or more intermediate nodes. (only one is shown in FIG. 11 )
- the message processing method includes steps BZ101 to BZ4 .
- Step BZ101 The client replaces the source address of the first service packet to be sent to the server with the encrypted client segment identifier, and the destination address of the first service packet is the encrypted server segment identifier corresponding to the server.
- Step BZ102 the client uses the server-side public key to encrypt the source address and destination address of the first service message based on the encrypted forwarding action indicated by the encrypted server-side segment identifier, and thereafter, sends the first service message to the server via the intermediate node .
- Step BZ2 The server decrypts the source address and destination address of the first service packet by using the server's private key, and replaces the destination address of the first service packet with the address of the server.
- Step BZ301 The server replaces the source address of the second service message to be sent to the client with the encrypted server segment identifier, and the destination address of the second service message is the encrypted client segment identifier.
- Step BZ302 the server uses the client public key to encrypt the source address and destination address of the second service message based on the encrypted forwarding action indicated by the encrypted client segment identifier, and thereafter, sends the second service to the client via the intermediate node message.
- Step BZ4 The client uses the client private key to decrypt the source address and destination address of the second service packet, and replaces the destination address of the second service packet with the address of the client.
- FIG. 12 is a flowchart of a packet processing method provided by an embodiment of the present disclosure.
- the packet processing method is applied in the interaction process between a client device and a server device via an intermediate node.
- the client device includes a client and a client gateway
- the server device includes a server and a server gateway.
- the packet processing method includes steps BZ081 to BZ0132 .
- Step BZ081 The server sends a service registration request to the server-side gateway, and the service registration request is ready to be sent to the service management controller.
- Step BZ082 The server-side gateway configures the encrypted server-side segment identifier, and establishes a mapping relationship between the encrypted server-side segment identifier and the server-side address.
- Step BZ083 The server-side gateway sends a service registration request to the service management controller, where the service registration request includes the server identifier.
- Step BZ09 the service management controller saves the server identifier, and completes the service registration on the server side.
- Step BZ0101 The service management controller sends a service registration response to the server-side gateway.
- Step BZ0102 The server-side gateway sends a service registration response to the server-side.
- Step BZ0111 the client sends a service authorization request to the client gateway, and the service authorization request is ready to be sent to the server.
- Step BZ0112 The client gateway configures the encrypted client segment identifier, and establishes a mapping relationship between the encrypted client segment identifier and the address of the client.
- Step BZ0113 The client gateway sends a service authorization request to the server via the intermediate node and the server gateway.
- Step BZ012 The server performs service authorization, and sends a service authorization response to the client gateway via the server-side gateway and the intermediate node, where the service authorization response includes the encrypted server-side segment identifier.
- Step BZ0131 The client gateway stores the encrypted server-side segment identifier.
- Step BZ0132 The client gateway sends a service authorization response to the client.
- FIG. 13 is a flowchart of a packet processing method provided by an embodiment of the present disclosure.
- the message processing method is applied in the interaction process between the client device and the server device via the intermediate node, the client device includes a client and a client gateway, and the server device includes a server and a server gateway , there may be one or more intermediate nodes, and the packet processing method includes steps BZ501 to BZ802.
- Step BZ501 The client sends a first service packet to the client gateway, and the first service packet is ready to be sent to the server.
- Step BZ502 The client gateway replaces the source address of the first service packet with the corresponding encrypted client segment identifier.
- Step BZ503 the client gateway encrypts the source address and destination address of the first service message by using the server-side public key based on the encryption forwarding action indicated by the encrypted server-side segment identifier, and thereafter, sends the first service to the server-side gateway via the intermediate node message.
- Step BZ601 The server-side gateway uses the server-side private key to decrypt the source address and destination address of the first service packet, and replaces the destination address of the first service packet with the server-side address.
- Step BZ602 The server-side gateway sends the first service message processed in step BZ601 to the server-side.
- Step BZ701 The server sends a second service packet to the server-side gateway, and the second service packet is ready to be sent to the client.
- Step BZ702 The server-side gateway replaces the source address of the second service packet with the encrypted server-side segment identifier, and the destination address of the second service packet is the encrypted client-side segment identifier.
- Step BZ703 the server-side gateway uses the client-side public key to encrypt the source address and destination address of the second service message based on the encrypted forwarding action indicated by the encrypted client-side segment identifier, and thereafter, sends the second service message to the client-side gateway via the intermediate node.
- Step BZ801 The client gateway uses the client private key to decrypt the source address and destination address of the second service packet, and replaces the destination address of the second service packet with the address of the client.
- Step BZ802 The client gateway sends the second service message processed in step BZ801 to the client.
- FIG. 14 is a schematic structural diagram of a client device according to an embodiment of the present disclosure. As shown in Figure 14, the client device includes:
- processors 101 one or more processors 101;
- a message processing method applied to a client device of any of the examples
- One or more I/O interfaces 103 are connected between the processor 101 and the memory 102 and are configured to realize information exchange between the processor 101 and the memory 102 .
- the processor 101 is a device with data processing capabilities, including but not limited to a central processing unit (CPU), etc.; the memory 102 is a device with data storage capabilities, including but not limited to random access memory (RAM, more specifically SDRAM) , DDR, etc.), read-only memory (ROM), electrified erasable programmable read-only memory (EEPROM), and flash memory (FLASH); and an I/O interface (read-write interface) 103 is connected between the processor 101 and the memory 102 , can realize the information exchange between the processor 101 and the memory 102, which includes but is not limited to a data bus (Bus) and the like.
- RAM random access memory
- ROM read-only memory
- EEPROM electrified erasable programmable read-only memory
- FLASH flash memory
- I/O interface (read-write interface) 103 is connected between the processor 101 and the memory 102 , can realize the information exchange between the processor 101 and the memory 102, which includes but is not limited to a data bus (Bus
- processor 101, memory 102, and I/O interface 103 are interconnected by bus 104, and in turn are connected to other components of the computing device.
- a client device includes a client and a client gateway.
- FIG. 15 is a schematic structural diagram of a server-side device according to an embodiment of the present disclosure. As shown in Figure 15, the server-side device includes:
- processors 201 one or more processors 201;
- the memory 202 has one or more computer programs stored thereon, and when the one or more computer programs are executed by the one or more processors 201, causes the one or more processors 201 to implement any of the above-mentioned embodiments.
- One or more I/O interfaces 203 are connected between the processor 201 and the memory 202 and are configured to realize information exchange between the processor 201 and the memory 202 .
- the processor 201 is a device with data processing capabilities, including but not limited to a central processing unit (CPU), etc.; the memory 202 is a device with data storage capabilities, including but not limited to random access memory (RAM, more specifically SDRAM) , DDR, etc.), read only memory (ROM), electrified erasable programmable read only memory (EEPROM), and flash memory (FLASH); and an I/O interface (read and write interface) 203 is connected between the processor 201 and the memory 202 , which can realize the information exchange between the processor 201 and the memory 202, which includes but is not limited to a data bus (Bus) and the like.
- RAM random access memory
- ROM read only memory
- EEPROM electrified erasable programmable read only memory
- FLASH flash memory
- I/O interface (read and write interface) 203 is connected between the processor 201 and the memory 202 , which can realize the information exchange between the processor 201 and the memory 202, which includes but is not limited to a data bus
- processor 201, memory 202, and I/O interface 203 are interconnected by bus 204, and in turn are connected to other components of the computing device.
- the server-side device includes a server-side and a server-side gateway.
- FIG. 16 is a schematic structural diagram of a computer-readable medium provided by an embodiment of the present disclosure.
- the computer-readable medium stores a computer program, and when the computer program is executed by the processor, implements the packet processing method applied to the client device or the packet processing method applied to the server device as in any of the foregoing embodiments.
- Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media).
- computer storage media includes both volatile and nonvolatile implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules or other data flexible, removable and non-removable media.
- Computer storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer.
- communication media typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and can include any information delivery media, as is well known to those of ordinary skill in the art .
- Example embodiments have been disclosed herein, and although specific terms are employed, they are used and should only be construed in a general descriptive sense and not for purposes of limitation. In some instances, it will be apparent to those skilled in the art that features, characteristics and/or elements described in connection with a particular embodiment may be used alone or in combination with features, characteristics and/or elements described in connection with other embodiments unless expressly stated otherwise. Features and/or elements are used in combination. Accordingly, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the scope of the present disclosure as set forth in the appended claims.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims (12)
- 一种报文处理方法,应用于客户端设备,所述客户端设备包括客户端,所述方法包括:响应于从客户端发送至服务器端的第一业务报文,将所述第一业务报文的源地址替换为所述客户端对应的加密客户端分段标识,其中,所述第一业务报文的目的地址为所述服务器端对应的加密服务器端分段标识;根据所述加密服务器端分段标识,使用服务器端公钥对所述第一业务报文的源地址和目的地址进行加密,并向所述服务器端发送加密后的所述第一业务报文;以及响应于所述服务器端发送的第二业务报文,使用客户端私钥对所述第二业务报文的源地址和目的地址进行解密,并将所述第二业务报文的目的地址替换为所述客户端的地址,其中,所述第二业务报文的目的地址为服务器端设备使用客户端公钥加密后的所述加密客户端分段标识。
- 根据权利要求1所述的报文处理方法,还包括:在所述响应于从客户端发送至服务器端的第一业务报文、将所述第一业务报文的源地址替换为所述客户端对应的加密客户端分段标识之前,响应于从所述客户端发送至所述服务器端的业务授权请求,配置所述加密客户端分段标识,并建立所述加密客户端分段标识与所述客户端的地址的映射关系;以及将所述业务授权请求发送至所述服务器端,并接收所述服务器端反馈的业务授权响应;其中,所述业务授权响应包括所述加密服务器端分段标识。
- 根据权利要求1所述的报文处理方法,还包括:建立使用所述服务器端公钥加密后的所述加密客户端分段标识与所述客户端的地址的映射关系,以及建立使用所述服务器端公钥加 密后的所述加密服务器端分段标识与所述加密服务器端分段标识的映射关系;响应于从所述客户端发送至所述服务器端的第三业务报文,将所述第三业务报文的源地址替换为使用所述服务器端公钥加密后的所述加密客户端分段标识,将所述第三业务报文的目的地址替换为使用所述服务器端公钥加密后的所述加密服务器端分段标识,其中,所述第三业务报文的目的地址为所述加密服务器端分段标识;以及向所述服务器端发送所述第三业务报文。
- 根据权利要求1所述的报文处理方法,其中,所述客户端设备还包括客户端网关;以及所述向所述服务器端发送所述第一业务报文包括:根据客户端网关地址、链路中的中间节点地址和所述服务器端对应的服务器端网关地址在所述第一业务报文外层生成隧道头和分段路由扩展头,并向服务器端网关发送经上述处理后的所述第一业务报文。
- 一种报文处理方法,应用于服务器端设备,所述服务器端设备包括服务器端,所述方法包括:响应于客户端发送的第一业务报文,使用服务器端私钥对所述第一业务报文的源地址和目的地址进行解密,并将所述第一业务报文的目的地址替换为服务器端的地址,其中,所述第一业务报文的源地址为客户端设备使用服务器端公钥加密后的加密客户端分段标识,所述第一业务报文的目的地址为客户端设备使用服务器端公钥加密后的加密服务器端分段标识;响应于从所述服务器端发送至所述客户端的第二业务报文,将所述第二业务报文的源地址替换为所述服务器端对应的加密服务器端分段标识,其中,所述第二业务报文的目的地址为所述客户端对应的加密客户端分段标识;以及根据所述加密客户端分段标识,使用客户端公钥对所述第二业 务报文的源地址和目的地址进行加密,并向所述客户端发送加密后的所述第二业务报文。
- 根据权利要求5所述的报文处理方法,还包括:在所述响应于客户端发送的第一业务报文、使用服务器端私钥对所述第一业务报文的源地址和目的地址进行解密之前,响应于从所述服务器端发送至服务管理控制器的业务注册请求,配置所述加密服务器端分段标识,并建立所述加密服务器端分段标识与所述服务器端的地址的映射关系;以及将所述业务注册请求发送至所述服务管理控制器,并接收所述服务管理控制器反馈的业务注册响应。
- 根据权利要求5所述的报文处理方法,还包括:建立使用所述客户端公钥加密后的所述加密客户端分段标识与所述加密客户端分段标识的映射关系,以及建立使用所述客户端公钥加密后的所述加密服务器端分段标识与所述服务器端的地址的映射关系;响应于从所述服务器端发送至所述客户端的第四业务报文,将所述第四业务报文的源地址替换为使用所述客户端公钥加密后的所述加密服务器端分段标识,将所述第四业务报文的目的地址替换为使用所述客户端公钥加密后的所述加密客户端分段标识,其中,所述第四业务报文的目的地址为所述加密客户端分段标识;以及向所述客户端发送所述第四业务报文。
- 根据权利要求5所述的报文处理方法,其中,所述服务器端设备还包括服务器端网关;以及所述向所述客户端发送所述第二业务报文包括:根据服务器端网关地址、链路中的中间节点地址和所述客户端对应的客户端网关地址,在所述第二业务报文外层生成隧道头和分段路由扩展头,并向客户端网关发送经上述处理后的所述第二业务报文。
- 一种客户端设备,包括:至少一个处理器;以及存储器,配置为存储至少一个计算机程序;当所述至少一个计算机程序被所述至少一个处理器执行时,使得所述至少一个处理器实现如权利要求1至4中任一项所述的报文处理方法。
- 一种服务器端设备,包括:至少一个处理器;以及存储器,配置为存储至少一个计算机程序;当所述至少一个计算机程序被所述至少一个处理器执行时,使得所述至少一个处理器实现如权利要求5至8中任一项所述的报文处理方法。
- 一种计算机可读介质,其上存储有计算机程序,其中,所述计算机程序被处理器执行时实现如权利要求1至4中任一项所述的报文处理方法。
- 一种计算机可读介质,其上存储有计算机程序,其中,所述计算机程序被处理器执行时实现如权利要求5至8中任一项所述的报文处理方法。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US18/276,280 US20240114013A1 (en) | 2021-02-08 | 2022-02-08 | Packet processing method, client end device, server end device, and computer-readable medium |
EP22749258.4A EP4287550A1 (en) | 2021-02-08 | 2022-02-08 | Packet processing method, client end device, server end device, and computer-readable medium |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110184521.7A CN114915583A (zh) | 2021-02-08 | 2021-02-08 | 报文处理方法、客户端设备、服务器端设备和介质 |
CN202110184521.7 | 2021-02-08 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022166979A1 true WO2022166979A1 (zh) | 2022-08-11 |
Family
ID=82741995
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2022/075472 WO2022166979A1 (zh) | 2021-02-08 | 2022-02-08 | 报文处理方法、客户端设备、服务器端设备和计算机可读介质 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20240114013A1 (zh) |
EP (1) | EP4287550A1 (zh) |
CN (1) | CN114915583A (zh) |
WO (1) | WO2022166979A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115996210A (zh) * | 2023-03-23 | 2023-04-21 | 湖南盾神科技有限公司 | 一种源变模式的地址端口跳变方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080235336A1 (en) * | 2007-03-23 | 2008-09-25 | Microsoft Corporation | Implementation of private messaging |
CN102281261A (zh) * | 2010-06-10 | 2011-12-14 | 杭州华三通信技术有限公司 | 一种数据传输方法、系统和装置 |
US20120137123A1 (en) * | 2010-08-05 | 2012-05-31 | Northeastern University Technology Transfer Center | Encryption/decryption communication system |
CN111010274A (zh) * | 2019-12-30 | 2020-04-14 | 烽火通信科技股份有限公司 | 一种安全低开销的SRv6实现方法 |
-
2021
- 2021-02-08 CN CN202110184521.7A patent/CN114915583A/zh active Pending
-
2022
- 2022-02-08 EP EP22749258.4A patent/EP4287550A1/en active Pending
- 2022-02-08 WO PCT/CN2022/075472 patent/WO2022166979A1/zh active Application Filing
- 2022-02-08 US US18/276,280 patent/US20240114013A1/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080235336A1 (en) * | 2007-03-23 | 2008-09-25 | Microsoft Corporation | Implementation of private messaging |
CN102281261A (zh) * | 2010-06-10 | 2011-12-14 | 杭州华三通信技术有限公司 | 一种数据传输方法、系统和装置 |
US20120137123A1 (en) * | 2010-08-05 | 2012-05-31 | Northeastern University Technology Transfer Center | Encryption/decryption communication system |
CN111010274A (zh) * | 2019-12-30 | 2020-04-14 | 烽火通信科技股份有限公司 | 一种安全低开销的SRv6实现方法 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115996210A (zh) * | 2023-03-23 | 2023-04-21 | 湖南盾神科技有限公司 | 一种源变模式的地址端口跳变方法 |
CN115996210B (zh) * | 2023-03-23 | 2023-06-27 | 湖南盾神科技有限公司 | 一种源变模式的地址端口跳变方法 |
Also Published As
Publication number | Publication date |
---|---|
CN114915583A (zh) | 2022-08-16 |
US20240114013A1 (en) | 2024-04-04 |
EP4287550A1 (en) | 2023-12-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10992654B2 (en) | Secure WAN path selection at campus fabric edge | |
US9100370B2 (en) | Strong SSL proxy authentication with forced SSL renegotiation against a target server | |
US7519834B1 (en) | Scalable method and apparatus for transforming packets to enable secure communication between two stations | |
CN110650076B (zh) | Vxlan的实现方法,网络设备和通信系统 | |
US8433900B2 (en) | Secure transport of multicast traffic | |
JP4407452B2 (ja) | サーバ、vpnクライアント、vpnシステム、及びソフトウェア | |
US9516061B2 (en) | Smart virtual private network | |
WO2017143611A1 (zh) | 用于处理vxlan报文的方法、设备及系统 | |
EP2874376A1 (en) | Method and system for information synchronization between cloud storage gateways, and cloud storage gateway | |
US11888818B2 (en) | Multi-access interface for internet protocol security | |
WO2020063528A1 (zh) | 数据中心中虚拟机之间的通信方法、装置和系统 | |
CN113852552B (zh) | 一种网络通讯方法、系统与存储介质 | |
WO2022166979A1 (zh) | 报文处理方法、客户端设备、服务器端设备和计算机可读介质 | |
CN108989342B (zh) | 一种数据传输的方法及装置 | |
EP3854053A1 (en) | Method and apparatus for secure messaging between network functions | |
US20100275008A1 (en) | Method and apparatus for secure packet transmission | |
WO2023272498A1 (zh) | 一种报文转发方法、装置、网络节点及存储介质 | |
WO2019076025A1 (zh) | 一种加密数据流的识别方法、设备、存储介质及系统 | |
US11610011B2 (en) | Secure transfer of data between programs executing on the same end-user device | |
CN114785536A (zh) | 一种报文处理方法及装置 | |
CN116346769A (zh) | 一种业务交互方法、装置、业务系统、电子设备及介质 | |
CN117749471A (zh) | Nat穿越的isakmp协商方法及相关装置 | |
Cui et al. | RFC 7856: Softwire Mesh Management Information Base (MIB) | |
Cui et al. | Softwire Mesh Management Information Base (MIB) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22749258 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18276280 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2022749258 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2022749258 Country of ref document: EP Effective date: 20230831 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |