Method and system for controlling internet protocol security (IPSEC) load sharing

A load sharing and flow control technology, which is applied in the field of network communication, can solve the problems of uniform outbound interface traffic, inability to select interfaces, and select load sharing interfaces with small traffic, etc., to achieve uniform flow and flexible interface allocation.

Inactive Publication Date: 2013-02-20
OPZOON TECH
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When using the IPSEC function to forward packets, usually the interface cannot be selected. Therefore, it is impossible to select a load-sharing interface with smaller traffic according to different traffic, so that the outbound interface traffic is more uniform.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for controlling internet protocol security (IPSEC) load sharing
  • Method and system for controlling internet protocol security (IPSEC) load sharing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0034] Such as figure 1 As shown, this embodiment records a method for controlling IPSEC load sharing through traffic, including the following steps:

[0035] S1: The network device is configured with a load sharing interface group, and each load sharing interface group includes multiple load sharing interfaces;

[0036] S2: Configuring multiple IPSEC tunnels to bind to the load sharing interface group;

[0037] S3: According to the difference in traffic of each load-sharing interface in the load-sharing interface group, select the load-sharing interface with the smallest traffic to negotiate and establish a tunnel when creating a new connection.

[0038] Wherein, the step S3 is specifically:

[0039] S31: Perform routing search on the message, if the outbound interface of the message is found to be a load-sharing interface group (wherein, if the outbound interface of the message is not a load-sharing interface group, only one outbound interface is optional, then Just forwa...

Embodiment 2

[0055] Such as figure 2 As shown, this embodiment records a system for controlling IPSEC load sharing through traffic, including:

[0056] The network device 201 is configured to configure a load sharing interface group, and each load sharing interface group includes a plurality of load sharing interfaces;

[0057] Tunnel configuration module 202, configured to configure multiple IPSEC tunnels to be bound to the load sharing interface group;

[0058] The tunnel establishment module 203 is used for selecting the load sharing interface with the smallest traffic for negotiation and establishing a tunnel when creating a new connection according to the difference in traffic of each load sharing interface in the load sharing interface group.

[0059]The network device 201 is one of a firewall, a router and a switch.

[0060] The present invention configures the IPSEC tunnel on the load sharing group, and the interfaces in the group are different according to the traffic. When cre...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for controlling internet protocol security (IPSEC) load sharing. The method comprises the following steps: S1, configuring load sharing interface groups on a network device, wherein each load sharing interface group comprises a plurality of load sharing interfaces; S2, configuring a plurality of IPSEC tunnels to be bound onto the load sharing interface groups; and S3, according to different flow of the load sharing interfaces in each load sharing interface group, choosing the load sharing interface with the smallest flow during new connection building for consulting to build the tunnels. Additionally, the invention further discloses a system for controlling IPSEC load sharing to achieve the method. By means of the method and system for controlling IPSEC load sharing, IPSEC and interface load sharing are perfectly combined, the aim of IPSEC interface load sharing is achieved, and outlet interface distribution is more flexible and even in flow.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a method and system for controlling IPSEC load sharing through traffic. Background technique [0002] Most of the current network devices are equipped with IPSEC function and traffic load sharing function. Interface traffic load balancing usually distributes the data flow with the same destination address to the load sharing interface as evenly as possible in the way of load sharing (the load sharing interface is greater than or equal to 2). At this time, the load sharing interface has a route to the same destination address, so it can be Send data to the same destination through two different interfaces. However, when using the IPSEC function to forward packets, usually the interface cannot be selected. Therefore, it is not possible to select a load-sharing interface with smaller traffic according to different traffic, so that the outbound interface traffic is mor...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/803
Inventor 陈海滨
Owner OPZOON TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap