Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

A method and device for acquiring ipsec SA

An acquisition method and an acquisition device technology, which are applied in the field of IPSecSA acquisition and can solve the problems of consuming large system resources, etc.

Active Publication Date: 2017-08-08
NEW H3C TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, when there are many nodes, the entire ADVPN network needs to establish and maintain a large number of IKE SAs and IPSEC SAs. For example, if there are 3000 branches in a network, the Hub device needs to establish and maintain 3000 IKE SAs and IPSEC SAs. Need to consume a lot of system resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for acquiring ipsec SA
  • A method and device for acquiring ipsec SA
  • A method and device for acquiring ipsec SA

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] In a specific application, in order to prevent the user's private network data carried by the ADVPN network from leaking to the public network, IPSec technology can be introduced into the ADVPN network. After the introduction of IPSec technology, each node in the ADVPN network negotiates IPSec SA one-to-one, and the private network data between nodes is encrypted and transmitted after encapsulating specific headers with IPSec SA. Specifically, when each node in the ADVPN network negotiates IPSec SA, it must first ensure the security of the control packets exchanged when negotiating IPSEC SA, so the whole negotiation is divided into two stages; the first stage is to establish IKE (Internet Key Exchange, Internet key exchange) peer entities, and then negotiate IKE SA between entities; IKE SA is used to protect the second stage, that is, to protect the control messages exchanged when establishing IPSEC SA; the second stage is to The process of negotiating the IPSEC SA unde...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a device of obtaining IPSec SA (Internet Protocol Security Association). The method comprises the following steps that: a VAM (Virtual Private Network Address Management) client registers with a VAM server; the VAM server issues the corresponding IPSec SA to the VAM client according to the registration information of the VAM client; the VAM client transmits a keepalive message to the VAM server; the keepalive message comprises an SPI (Security Parameter Index) of the local newest IPSec SA of the VAM client; the VAM server judges whether the SPI of the newest IPSec SA of the VAM client is equal to the SPI of the local newest IPSec SA; if the SPI of the newest IPSec SA of the VAM client is not equal to the SPI of the local newest IPSec SA, the local newest IPSec SA is issued to the VAM client. Through the method and the device, the centralized management and issuing of the IPSec SA in an ADVPN (Auto Discovery Virtual Private Network) network can be implemented, and meanwhile, the keepalive message is initiated by the VAM client, so that when the local IPSec SA of the VAM client is updated by the VAM server, the newest IPSec SA, which is issued by the VAM server, can normally pass through an NAT (Network Address Translator).

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to a method and device for acquiring IPSec SA. Background technique [0002] The traditional GRE (Generic Routing Encapsulation, general routing encapsulation) tunnel is a point-to-point tunnel. A layer-3 tunnel that provides a point-to-multipoint tunnel and can realize intercommunication between multiple branches. Therefore, in the ADVPN network, each node needs to know the public network addresses of all peers. [0003] In the ADVPN network, the public network address of the communication peer is obtained by deploying a VAM (Virtual Private Network Address Management, virtual private network address management) server. The VAM protocol is the main protocol of the ADVPN solution. The VAM server is responsible for collecting, maintaining, and distributing branch public network addresses and other information. Each Hub / Spoke device (collectively referred to as a VAM...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/46
Inventor 王守唐
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com