Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DPD method and equipment based on IPsec

A detection method and technology of the detection party, applied in the field of communication, can solve the problems of wasting CPU, losing IP connectivity, etc., and achieve the effect of saving CPU resources

Active Publication Date: 2013-02-27
NEW H3C TECH CO LTD
View PDF5 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In order to establish an IPsec session between IPsec peers, there needs to be IP connectivity between IPsec peers, but due to routing, peer restart, etc., IPsec peers may lose IP connectivity, thus As a result, one end of the IPsec session continues to send encrypted data streams to the unreachable IPsec peer, wasting CPU (Central Processing Unit, central processing unit) resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DPD method and equipment based on IPsec
  • DPD method and equipment based on IPsec
  • DPD method and equipment based on IPsec

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The embodiment of the present invention proposes an IPsec-based DPD detection method, which is applied to an IPsec network including a detecting device and a detected device, and the detecting device may be an IPsec initiator or an IPsec responder in an IPsec peer , the corresponding detected device is the IPsec responder or IPsec initiator in the IPsec peer; with figure 2 It is a schematic diagram of the application scenario of the embodiment of the present invention. The egress address from Device A to the IP network is 1.1.1.1, and IPsec is deployed on the interface, and the egress address from Device B to the IP network is 2.2.2.2, and IPsec is deployed on the interface. Therefore, Device A and Device B are IPsec peers, and it is assumed that Device A is the detecting device and Device B is the detected device.

[0041] exist figure 2 In the application scenario shown, there is host HOST1 in the private network protected by Device A, and host HOST2 in the private...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a DPD (Dead Peer Detection) method and equipment based on IPsec (Internet Protocol Security). The method comprises the steps that detecting equipment selects a finally negotiated IKESA (Internet Key Exchange Security Association) from a plurality of IKESAs when the IKESAs corresponding to detected equipment exist on the detecting equipment, conducts encryption processing on a DPD request message by the selected IKESA, and sends the DPD request message to the detected equipment; if the detecting equipment receives a DPD response message, the detecting equipment conducts decryption processing on the DPD response message; if the decryption is successful, the detected equipment exists; and if the decryption is unsuccessful or no DPD response message is received, the detected equipment does not exist. With the adoption of the method and the equipment, CPU (Central Processing Unit) resources can be saved.

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to an IPsec (IP Security, IP security)-based DPD (Dead Peer Detection, dead peer detection) detection method and device. Background technique [0002] IPsec is a layer-3 tunnel encryption protocol and a security technology for implementing a layer-3 VPN (Virtual Private Network, virtual private network). IPsec provides secure communication between two endpoints. The two endpoints are called IPsec peers, respectively. It is the IPsec initiator and the IPsec responder; further, IPsec is used to provide the following security services at the IP layer: (1) Data confidentiality: the IPsec sender encrypts the message before transmitting the message through the network; (2) the data Integrity: The IPsec responder authenticates the received message to ensure that the message has not been tampered with during transmission; (3) Data source authentication: the IPsec responder ca...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L29/06
Inventor 杨超
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com