IPsec-based (internet protocol security-based) keep-alive method and equipment for NAT (network address translation) entries

A device and table entry technology, applied in the field of communications, can solve problems such as interruption of flow and failure to hit NAT translation entries, and achieve the effect of avoiding interruption of flow

Active Publication Date: 2013-06-26
NEW H3C TECH CO LTD
View PDF4 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] Because IKE SA and IPsec SA do not necessarily exist at the same time, when IKE SA does not exist but IPsec SA exists, RT1 will not send a NAT entry keep-alive message, and the NAT device will delete the NAT translation entry after the aging time; therefore, in When IPsec traverses NAT, because there is no NAT translation entry, the traffic sent from RT3 to RT1 will fail to hit the NAT translation entry, resulting in a disconnection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IPsec-based (internet protocol security-based) keep-alive method and equipment for NAT (network address translation) entries
  • IPsec-based (internet protocol security-based) keep-alive method and equipment for NAT (network address translation) entries
  • IPsec-based (internet protocol security-based) keep-alive method and equipment for NAT (network address translation) entries

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0042] Aiming at the problems existing in the prior art, the embodiment of the present invention proposes an IPsec-based NAT entry keep-alive method, which is applied to the IPsec initiator (NAT inside device), NAT device and IPsec responder (NAT outside device) ) network, in the network environment where IPsec traverses NAT devices, when there is no IKE SA and there is an IPsec SA, the IPsec initiator can continue to send NAT entry keep-alive messages, thereby preventing the IPsec responder from sending the IPsec initiator The flow of the other party cannot hit the NAT translation table entry on the NAT device, thereby avoiding the phenomenon of disconnection.

[0043] Such as Figure 5 As shown, the IPsec-based NAT entry keep-alive method includes the following steps:

[0044] In step 501, the IPsec initiator establishes an IKE SA between the devic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses IPsec-based (internet protocol security-based) keep-alive method and equipment for NAT (network address translation) entries. The method includes: establishing IKE SA (internet key exchange security association) between the equipment and an IPsec responder by an IPsec initiator, establishing IPsec SA between the equipment and the IPsec responder by the IKE SA, and starting an NAT messaging timer corresponding to the IKE SA; allowing the IPsec initiator to determine whether the IKE SA or IPsec SA is last one in an SA set or not when the IKE SA or the IPsec SA is deleted; if yes, allowing the IPsec initiator to delete the NAT messaging timer; and if not, allowing the IPsec initiator to reserve the NAT messaging timer. Interruptible flows can be avoided by the use of the method and equipment.

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to an IPsec (IP Security, IP Security)-based NAT (Network Address Translation, Network Address Translation) entry keep-alive method and device. Background technique [0002] IPsec is a layer-3 tunnel encryption protocol, a security technology for layer-3 VPN (Virtual Private Network, virtual private network), and is used to provide the following security services at the IP layer: (1) Data confidentiality: IPsec initiators transmit data through the network Encrypt the message before the message; (2) Data integrity: the IPsec responder authenticates the received message to ensure that the message has not been tampered with during transmission; (3) Data source authentication: the IPsec responder can authenticate Whether the IPsec initiator sending the IPsec message is legal; (4) Anti-replay: The IPsec responder can detect and refuse to receive outdated or duplicate messa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/12H04L29/06
Inventor 杨超
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap