Method and device for controlling internet protocol security (IPSEC) load sharing through user number

A technology of load sharing and number of users, which is applied in the field of network communication, can solve problems such as impracticability, and achieve the effect of uniform interface resource allocation and flexible interface allocation

Inactive Publication Date: 2013-02-20
OPZOON TECH
View PDF6 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Each IPSEC tunnel established on an interface needs to occupy interface resources, and when using the IPSEC function to forward packets, the interface cannot usually be selected. Therefore, the number of IPSEC tunnel

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for controlling internet protocol security (IPSEC) load sharing through user number
  • Method and device for controlling internet protocol security (IPSEC) load sharing through user number

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0034] Such as figure 1 As shown, this embodiment records a method for controlling IPSEC load sharing through the number of users, including the following steps:

[0035] S1: The network device is configured with a load sharing interface group, and each load sharing interface group includes multiple load sharing interfaces;

[0036] S2: Configuring multiple IPSEC tunnels to bind to the load sharing interface group;

[0037] S3: According to the difference in the number of established tunnels of each load-sharing interface in the load-sharing interface group, when creating a new connection, select the load-sharing interface with the least number of established tunnels for negotiation and establish a tunnel.

[0038] Wherein, the step S3 is specifically:

[0039] S31: Perform routing search on the message, if the outbound interface of the message is found to be a load-sharing interface group (wherein, if the outbound interface of the message is not a load-sharing interface gro...

Embodiment 2

[0056] Such as figure 2 As shown, this embodiment records a device for controlling IPSEC load sharing through the number of users, including:

[0057] The network device 201 is configured to configure a load sharing interface group, and each load sharing interface group includes a plurality of load sharing interfaces;

[0058] Tunnel configuration module 202, configured to configure multiple IPSEC tunnels to be bound to the load sharing interface group;

[0059] The tunnel establishment module 203 is used for selecting the load sharing interface with the least number of established tunnels for negotiation and establishing a tunnel according to the number of tunnels established by each load sharing interface in the load sharing interface group.

[0060] The network device 201 is one of a firewall, a router and a switch.

[0061] The present invention configures the IPSEC tunnel on the load-sharing interface group, and the interfaces in the group are selected according to the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for controlling internet protocol security (IPSEC) load sharing through user number. The method comprises the following steps: S1, configuring load sharing interface groups on a network device, wherein each load sharing interface group comprises a plurality of load sharing interfaces; S2, configuring a plurality of IPSEC tunnels to be bound onto the load sharing interface groups; and S3, according to different numbers of the tunnels built by the load sharing interfaces in each load sharing interface group, choosing the load sharing interface with the smallest number of the built tunnels during new connection building for consulting to build the tunnels. Additionally, the invention further discloses a system for controlling IPSEC load sharing through user number to achieve the method. By means of the method and system for controlling IPSEC load sharing through user number, IPSEC and interface load sharing are perfectly combined, the aim of IPSEC interface load sharing is achieved, outlet interface distribution is more flexible, and interface resource distribution is even.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a method and equipment for controlling IPSEC load sharing through the number of users. Background technique [0002] Most of the current network devices are equipped with IPSEC function and traffic load sharing function. Interface traffic load balancing usually distributes the data flow with the same destination address to the load sharing interface as evenly as possible in the way of load sharing (the load sharing interface is greater than or equal to 2). At this time, the load sharing interface has a route to the same destination address, so it can be Send data to the same destination through two different interfaces. Each IPSEC tunnel established on an interface needs to occupy interface resources, and when using the IPSEC function to forward packets, the interface cannot usually be selected. Therefore, the number of IPSEC tunnels that have been negotiated and e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/803
Inventor 陈海滨
Owner OPZOON TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap