Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for multicast transport in Internet protocol secure tunnel and device

An Internet protocol and tunnel technology, applied in the field of data communication, can solve the problem of wasting actual bandwidth and encryption resources, GRE tunnel does not support dynamic IP address, adding and other problems, to avoid data traffic and waste of resources, simplify the configuration of ACL rules Effect

Inactive Publication Date: 2011-07-27
NEW H3C TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] 1. The configuration is very complex and requires high technical requirements for implementation and maintenance personnel
And the GRE tunnel does not support dynamic IP addresses. If the public IP address of the device at one end is a dynamic address, a loopback port must be established on the device as the source address of the GRE tunnel.
[0008] 2. Using multi-layer tunnel encapsulation adds unnecessary headers, wasting actual bandwidth and encryption resources
The multicast data stream needs to be encapsulated and decapsulated twice by GER and IPsec before it can be finally processed. This has a great impact on services that are sensitive to transmission delays, such as voice services, and will also cause large delays in video services.
[0009] 3. Some devices do not support GRE tunnels, so this method cannot be used

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for multicast transport in Internet protocol secure tunnel and device
  • Method for multicast transport in Internet protocol secure tunnel and device
  • Method for multicast transport in Internet protocol secure tunnel and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] First of all, it needs to be explained that the ACL rules mentioned in the present invention specifically refer to the ACL rules used for IPSec. In the present invention, IPsec uses the ACL rules to determine which data needs to be encrypted. Packets that match the ACL rule (permit) will be encrypted by IPSec, and packets that do not match the ACL rule (deny) will not be encrypted. Moreover, in order to decrypt data encrypted at one end at the opposite end, it is required that the ACL rules configured on the local and remote routers correspond to each other (that is, they are mirror images of each other).

[0048] In the embodiment of the present invention, the existing PIM protocol is modified and improved, and the PIM neighbor relationship based on the IPSec tunnel is added to the PIM neighbor relationship, and the IPSec node device can exchange PIM hello messages through the IPSec tunnel to establish an IPSec tunnel The PIM neighbor relationship enables the two priva...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for multicast transport in an Internet protocol secure tunnel and a device. The method comprises: a local terminal device of an IPSec tunnel automatically mirrors a destination address configured by an opposite terminal device to be an ACL rule of a multicast address, bases on the respective configured destination addresses of the local terminal device and the opposite terminal device to the ACL rule of the PIM protocol multicast address and builds an IPSEC tunnel of a PIM protocol message between the local terminal device and the opposite terminal device; the local terminal device receives the PIM protocol message transmitted by the opposite terminal device on the IPSEC tunnel of the PIM protocol message, and directly adds the opposite terminal device intoa primary PIM neighbor table when the local terminal device judges that the received PIM protocol message is a PIM hello message, and the PIM neighborhood between the local terminal device and the opposite terminal device is built; the local terminal device transmits messages of a multicast group according to PIM protocol. According to the invention, the PIM neighborhood based on the IPSec tunnelis built between two private networks by IPSec so as to realize multicast transport in the IPSec tunnel.

Description

technical field [0001] The invention relates to the technical field of data communication, in particular to a method and equipment for Internet protocol security (IPsec, IPSecurity) tunnel transmission multicast. Background technique [0002] Protocol Independent Multicast (PIM, Protocol Independent Multicast) protocol is a multicast routing protocol widely used at present. The PIM protocol can use static routes or unicast routing tables generated by any unicast routing protocol (such as RIP, OSPF, IS-IS, BGP, etc.) to provide routes for IP multicast. The PIMv2 control message has a protocol number of 103, which is assigned by the Internet Assigned Numbers Authority (IANA). In the PIM protocol, the group address 224.0.0.13 is used to identify routers running the PIM protocol. PIMv2 uses the PIM protocol multicast address 224.0.0.13 to send PIM protocol packets to implement operations such as neighbor discovery, joining, and pruning. PIM uses the neighbor discovery mechanis...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/18H04L29/06H04L12/46H04L12/56H04L45/16
Inventor 沈岭肖立婧任俊峰
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com