Method for IPSec (Internet protocol security) tunnel to rapidly process messages

A message and tunnel technology, which is applied in the field of network communication, can solve the problems that encrypted messages cannot be processed in session mode, and the processing speed of messages is slow

Inactive Publication Date: 2013-07-31
OPZOON TECH
View PDF6 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The network device processes the packets in a flow-by-flow manner, according to the IP quintuple of the packet, and if it is not a UDP packet or a non-TCP packet, it classifies the flow according to the IP address of the packet, and usually encrypts the IPSec tunnel The subsequent messages usually use a session (session) method, that is to say, only the plaintext message is processed in the session mode, but the encrypted message cannot be processed in the session mode, especially when the forwarding CPU and the encryption and decryption CPU are used together. When in use, on

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for IPSec (Internet protocol security) tunnel to rapidly process messages
  • Method for IPSec (Internet protocol security) tunnel to rapidly process messages

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.

[0024] An embodiment of the present invention provides a method for quickly processing packets through an IPSec tunnel, and the steps are as follows: figure 2 As shown, it specifically includes the following steps:

[0025] Step S1: Establish an IPSec tunnel between the first firewall and the second firewall. When the first firewall receives the forwarded message, it searches for the plaintext session according to the IP quintuple of the forwarded message. If found, it directly proceeds to step S2 , otherwise create a plaintext session according to the IP quintuple, and then go to step S2.

[0026] The encrypted message is an ESP message or an AH message, and the IP qui...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for an IPSec tunnel to rapidly process messages. A ciphertext conversation is looked up according to an encrypted message; if the ciphertext conversation is not found, an ciphertext conversation is established; if the ciphertext conversation is found, a secret key is looked up in an IPSec safety association data bank; if the secret key is found, direct decryption is performed, otherwise, the secret key is looked up in a global IPSec safety association data bank; if the secret key is found in the global IPSec safety association data bank, the secret key is added to the IPSec safety association data bank, and the encrypted message is decrypted according to the secret key; a corresponding plaintext conversation is looked up according to a new decrypted IP head; and if the plaintext conversation is found, the plaintext conversation and the ciphertext conversation are associated, otherwise, a new plaintext conversation is established, and the newly established plaintext conversation and the ciphertext are associated. According to an IP quintuple of the decrypted message, the look-up is performed in the plaintext conversation associated with the ciphertext conversation, so that the look-up range is narrowed, the searching time is shortened, the decryption time is further shortened, and the efficiency for processing the messages is accelerated.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a method for quickly processing messages in an IPSec tunnel. Background technique [0002] IPSec (Internet Protocol Security, a security standard framework defined by Internet Engineering Task Force (IETF)) protocol is a VPN technology used to realize remote access, and to provide end-to-end encryption and authentication services for public and private networks. The IPsec protocol is not a separate protocol. It provides a complete set of architecture for network data security on the IP layer, including the network authentication protocol AH (Authentication Header, authentication header), ESP (Encapsulating Security Payload, encapsulating security payload), IKE (Internet Key Exchange, Internet Key Exchange) and some algorithms for network authentication and encryption, etc. Among them, the AH protocol and the ESP protocol are used to provide security services. The ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/46H04L29/06
Inventor 陈海滨
Owner OPZOON TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap