Method and device for switching single-plate grade IPSec active and standby plates
A single board and backup board technology, applied in the field of network security communication, can solve problems such as difficult system guarantee, high user requirements, difficult user adaptation, etc., and achieve a simple and reliable effect
Active Publication Date: 2012-01-11
ZTE CORP
View PDF0 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, this solution has the following disadvantages: a set of additional configuration is required, which is difficult to adapt to users with tight IP resources; asymmetric routing needs to be configured, which has relatively high requirements for users; if both ends support redundancy, additional The configuration will have a 2 n increase, it is difficult for users in complex environments to configure
However, the disadvantages of this solution are: the implementation is relatively complicated, and in order to achieve information synchronization of different interface boards, a large amount of synchronization information will be brought, and the processing of these synchronization messages requires high timeliness, which is difficult to guarantee in the system
But like the previous solution, the implementation is more complicated, requiring a large number of synchronization messages, and also requires configuration and maintenance of a state machine
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0036] The core idea of the present invention is: by modifying the SA information parameters synchronized between the main and standby boards, including controlling the sending sequence and the receiving window, the service messages received and sent after the master-standby switchover will not be affected by the anti-replay window. The mechanism is discarded, which leads to service interruption, so that the service is not interrupted after the switchover, and the reliability of the network is improved.
[0037] To achieve the above object, the present invention adopts the following technical solutions:
[0038] After the main board successfully negotiates IKE with the peer device, it synchronizes the negotiated SA information to the standby board;
[0039] After the standby board receives the synchronized SA information, it sets the initial outgoing sequence number to the predetermined initial value; sets the anti-replay window of the receiving SA to the minimum value;
[...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a method and a device for switching single-plate grade IPSec active and standby plates. The method comprises the following steps: when an active plate successfully performs internet key exchange protocol IKE negotiation with an opposite end device, synchronizing security association SA information of the negotiation to a standby plate; after receiving the SA information, setting an out-direction serial number for sending the SA as a scheduled starting value by the standby plate; and setting the in-direction serial number for receiving the SA as the minimum value. The method and the device solve the problem of service interruption caused by error discarded message because of the security protection measures of IPSec in the process of active-standby plate switching. The method and the device can switch services from the active plate to the standby plate smoothly under the condition of no service interruption, and only need to set certain specific values to realize simplicity and reliability.
Description
technical field [0001] The present invention relates to the field of network security communication, and more specifically, relates to a single-board-level IPSec master-backup method and device. Background technique [0002] IPSec (Internet Protocol Security, IP Security Protocol) is defined by IETF (Internet Engineering Task Force, Internet Engineering Task Force, Internet Engineering Task Force), a set of protocol general routing encapsulation that provides security at the IP layer, which gives the network data applied to the IP layer A complete set of secure architecture, including AH (Authentication Header, Authentication Header Protocol), ESP (Encapsulating Security Payload, Encapsulating Security Payload Protocol), IKE (Internet Key Exchange, Internet Key Exchange Protocol) and some authentication and encryption protocols for network algorithm etc. IPsec is a network security protocol that is widely used at present. It specifies how to select a security protocol, dete...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L1/22H04L9/08H04L29/06
Inventor 汪淮汪科夫
Owner ZTE CORP