Data encapsulation method and equipment thereof

Abstract

The invention discloses a data encapsulation method. The method comprises the following steps: first equipment judges whether an endpoint of a configured tunnel is the same as that of an IPsec tunnel; the first equipment negotiates with second equipment according to a judgment result, and determines whether encapsulation of the configured tunnel is required according to a negotiation result; and the first equipment performs IPsec tunnel encapsulation on the received data message and sends an encapsulated message to the second equipment when encapsulation of the configured tunnel is not required. In the invention, IPsec tunnel encapsulation is required only once, thus decreasing the encapsulation process of the configured tunnel. The invention also provides equipment corresponding to the data encapsulation method.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a data encapsulation method and device. Background technique [0002] IPsec (IP security, Internet Protocol Security) is a three-layer tunnel encryption protocol that provides high-quality, interoperable, and cryptography-based security guarantees for data transmitted on the Internet, that is, between specific communication parties The layer provides security services for data through encryption and data source authentication. The security service includes data confidentiality (that is, the IPsec sender encrypts the data packet before transmitting it through the network); data integrity (that is, the IPsec receiver authenticates the data packet from the sender to ensure that the data packet is in No tampering during transmission); data source authentication (that is, IPsec authenticates whether the sender of the IPsec data packet is legal at the receiving end); anti-repla...

AI Technical Summary

Problems solved by technology

However, IPsec also has its own shortcomings. (1) IPsec can only process IP data streams, which limits the scope of IPsec encapsulation

(2) IPsec cannot handle multicast or broadcast IP data streams, which brings limitations to the application of IPsec, that is, IP multicast data streams cannot pass through IPsec tunnels, and various routing protocols, such as EIGRP (Enhanced Interior Gateway Routing Protocol, Enhanced Interior Gateway Routing Protocol), OSPF (Open Shortest Path First, Open Shortest Path First) and RIPv2 (Routing Information Protocol, Routing Information Protocol), when using a multicast or broadcast address, cannot be used in IPsec peers use these routing protocols to configure dynamic routing

[0006] Before the original packet is encapsulated by the GRE tunnel and passed to IPsec for encapsulation, the length of the packet is increased by 32 bytes. For example, figure 2 As shown, the IP header takes up 20 bytes, and the Tunnel Header takes up 12 bytes (the Tunnel Header takes up 12 bytes when the GRE tunnel is set as Key). The load on the device is increased; after tunnel encapsulation, the length of the message increases by 32 bytes, which reduces the efficiency of IPsec encapsulation; the increase in the length of the message increases the network bandwidth occupied by the IPsec tunnel transmission path

Images