Unlock instant, AI-driven research and patent intelligence for your innovation.

A kind of dpd detection method and equipment based on ipsec

A detection method and detection technology, applied in the field of communication, can solve the problems of wasting CPU and losing IP connectivity, and achieve the effect of saving CPU resources

Active Publication Date: 2015-12-02
NEW H3C TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In order to establish an IPsec session between IPsec peers, there needs to be IP connectivity between IPsec peers, but due to routing, peer restart, etc., IPsec peers may lose IP connectivity, thus As a result, one end of the IPsec session continues to send encrypted data streams to the unreachable IPsec peer, wasting CPU (Central Processing Unit, central processing unit) resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A kind of dpd detection method and equipment based on ipsec
  • A kind of dpd detection method and equipment based on ipsec
  • A kind of dpd detection method and equipment based on ipsec

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The embodiment of the present invention proposes an IPsec-based DPD detection method, which is applied to an IPsec network including a detecting device and a detected device, and the detecting device may be an IPsec initiator or an IPsec responder in an IPsec peer , the corresponding detected device is the IPsec responder or IPsec initiator in the IPsec peer; with figure 2 It is a schematic diagram of the application scenario of the embodiment of the present invention, the egress address from DeviceA to IPnetwork is 1.1.1.1, and IPsec is deployed on this interface, and the egress address from DeviceB to IPnetwork is 2.2.2.2, and IPsec is deployed on this interface, so DeviceA and DeviceB are IPsec peers, and assume that DeviceA is the detecting device and DeviceB is the detected device.

[0041] exist figure 2 In the application scenario shown, there is host HOST1 in the private network protected by DeviceA, and host HOST2 in the private network protected by DeviceB....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a DPD (Dead Peer Detection) method and equipment based on IPsec (Internet Protocol Security). The method comprises the steps that detecting equipment selects a finally negotiated IKESA (Internet Key Exchange Security Association) from a plurality of IKESAs when the IKESAs corresponding to detected equipment exist on the detecting equipment, conducts encryption processing on a DPD request message by the selected IKESA, and sends the DPD request message to the detected equipment; if the detecting equipment receives a DPD response message, the detecting equipment conducts decryption processing on the DPD response message; if the decryption is successful, the detected equipment exists; and if the decryption is unsuccessful or no DPD response message is received, the detected equipment does not exist. With the adoption of the method and the equipment, CPU (Central Processing Unit) resources can be saved.

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to an IPsec (IPSecurity, IP security)-based DPD (DeadPeerDetection, dead peer detection) detection method and device. Background technique [0002] IPsec is a layer-3 tunnel encryption protocol, which is a security technology for implementing a layer-3 VPN (Virtual Private Network, virtual private network), and IPsec provides secure communication between two endpoints, and the two endpoints are called IPsec peers, respectively IPsec The initiator and the IPsec responder; further, IPsec is used to provide the following security services at the IP layer: (1) Data confidentiality: the IPsec sender encrypts the message before transmitting the message through the network; (2) Data integrity : The IPsec responder authenticates the received packet to ensure that the packet has not been tampered with during transmission; (3) Data source authentication: the IPsec responder can...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 杨超
Owner NEW H3C TECH CO LTD