Unlock instant, AI-driven research and patent intelligence for your innovation.

A method to prevent dpd detection failure from causing ipsec tunnel flapping

A technology for tunnel flapping and packet detection, applied in the field of computer networks

Inactive Publication Date: 2015-11-25
OPZOON TECH
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] Aiming at the deficiencies in the prior art, the present invention provides a method for preventing ipsec tunnel oscillation caused by dpd detection failure, so that when ipsec peers trigger ike negotiation at the same time, the problem of ipsec tunnel oscillation caused by erroneous deletion of ipsec tunnel is reduced

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method to prevent dpd detection failure from causing ipsec tunnel flapping

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The following is a detailed description of the method for preventing ipsec tunnel oscillation caused by dpd detection failure proposed by the present invention with reference to the accompanying drawings and embodiments.

[0026] In the prior art, when the ipsec peer sends a dpd message to the opposite ipsec peer, if the opposite ipsec peer cannot find the ikesa with the same cookie in the dpd message, then It means that the dpd packet cannot be processed, so it is directly discarded. When the ipsec peer sends 5 dpd packets in a row and still does not respond to the dpd packet, it means that the link is abnormal and the ikesa corresponding to the local dpd will be deleted. At the same time, delete the ipsecsa whose original address and destination address are the same as this ikesa, which will cause the ipsec tunnel to oscillate.

[0027] Such as figure 1 As shown, the present invention provides a method for preventing ipsec tunnel oscillation caused by dpd detection failur...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Provided is a method for preventing ipsec tunnel oscillation caused by a dpd detection failure, comprising: when an ipsec peer does not receive a dpd response packet from a remote ipsec peer after consecutively transmitting multiple dpd detection packets, the ipsec peer continues to determine whether an ike sa having the same source address and destination address as the ike sa of the ipsec peer exists; if no, then the ike sa of the ipsec peer is deleted; and if yes, then an ipsec sa corresponding to the ike sa having the same source address and destination address as the ike sa of the ipsec peer is not deleted. The present invention prevents ipsec tunnel oscillation caused by erroneous deletion of an ipsec tunnel by optimizing the dpd detection mode when ipsec peers simultaneously trigger an ike negotiation.

Description

Technical field [0001] The invention relates to the field of computer networks, and in particular to a method for preventing ipsec tunnel oscillation caused by dpd detection failure. Background technique [0002] Ipsec tunnels include two types of protocol messages and data messages. Among them, the protocol message is the ike message processed by the host message; sa is the agreement on certain elements between IPsec peers, and Ipsec can establish sa through ike negotiation. . The ike negotiation is divided into two stages when establishing sa: a first negotiation stage and a second negotiation stage; the first negotiation stage is used to generate a key for encrypting the protocol message, that is, ikesa; The second negotiation stage is used to generate a key for encrypting the data message, namely ipsecsa, and the data message is sent after the negotiation is successful in the second negotiation stage. [0003] However, due to packet retransmissions on the network, the ipsec p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/08
CPCH04L63/0428H04L63/164
Inventor 陈海滨
Owner OPZOON TECH