Method for multicast transport in Internet protocol secure tunnel and device

Abstract

The invention provides a method for multicast transport in an Internet protocol secure tunnel and a device. The method comprises: a local terminal device of an IPSec tunnel automatically mirrors a destination address configured by an opposite terminal device to be an ACL rule of a multicast address, bases on the respective configured destination addresses of the local terminal device and the opposite terminal device to the ACL rule of the PIM protocol multicast address and builds an IPSEC tunnel of a PIM protocol message between the local terminal device and the opposite terminal device; the local terminal device receives the PIM protocol message transmitted by the opposite terminal device on the IPSEC tunnel of the PIM protocol message, and directly adds the opposite terminal device intoa primary PIM neighbor table when the local terminal device judges that the received PIM protocol message is a PIM hello message, and the PIM neighborhood between the local terminal device and the opposite terminal device is built; the local terminal device transmits messages of a multicast group according to PIM protocol. According to the invention, the PIM neighborhood based on the IPSec tunnelis built between two private networks by IPSec so as to realize multicast transport in the IPSec tunnel.

Description

technical field [0001] The invention relates to the technical field of data communication, in particular to a method and equipment for Internet protocol security (IPsec, IPSecurity) tunnel transmission multicast. Background technique [0002] Protocol Independent Multicast (PIM, Protocol Independent Multicast) protocol is a multicast routing protocol widely used at present. The PIM protocol can use static routes or unicast routing tables generated by any unicast routing protocol (such as RIP, OSPF, IS-IS, BGP, etc.) to provide routes for IP multicast. The PIMv2 control message has a protocol number of 103, which is assigned by the Internet Assigned Numbers Authority (IANA). In the PIM protocol, the group address 224.0.0.13 is used to identify routers running the PIM protocol. PIMv2 uses the PIM protocol multicast address 224.0.0.13 to send PIM protocol packets to implement operations such as neighbor discovery, joining, and pruning. PIM uses the neighbor discovery mechanis...

AI Technical Summary

Problems solved by technology

[0007] 1. The configuration is very complex and requires high technical requirements for implementation and maintenance personnel

And the GRE tunnel does not support dynamic IP addresses. If the public IP address of the device at one end is a dynamic address, a loopback port must be established on the device as the source address of the GRE tunnel.

[0008] 2. Using multi-layer tunnel encapsulation adds unnecessary headers, wasting actual bandwidth and encryption resources

The multicast data stream needs to be encapsulated and decapsulated twice by GER and IPsec before it can be finally processed. This has a great impact on services that are sensitive to transmission delays, such as voice services, and will also cause large delays in video services.

[0009] 3. Some devices do not support GRE tunnels, so this method cannot be used

Images