Method for achieving IPSecVPN main link and backup link dynamic switching

A primary link and backup link technology, applied in the field of network security, can solve problems such as increased GRE overhead, complex configuration, and reduced forwarding performance, and achieve the effect of improving data forwarding performance

Active Publication Date: 2013-12-25
RAISECOM TECH
View PDF5 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

If GRE over IPSec is used, as mentioned above, it can meet the requirements of link backup, but the configuration is more complicated. More importantly, each data packet increases the overhead of GRE and reduces the forwarding performance.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for achieving IPSecVPN main link and backup link dynamic switching
  • Method for achieving IPSecVPN main link and backup link dynamic switching
  • Method for achieving IPSecVPN main link and backup link dynamic switching

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0084] according to figure 1 In the networking mode shown, branch 1 is taken as an example. Before the fault occurs, the wan0 link (connected to the telecom network) is the main link, and the wan1 link (connected to the China Unicom network) is the backup link.

[0085] For branch one, two IPSec connections need to be added corresponding to wan0 port and wan1 port respectively;

[0086] Add two static routes, the destination address points to the internal network of the headquarters, the outbound interfaces are wan0 and wan1, and the route priority of wan0 is higher than that of wan1.

[0087] When both links are normal, the routing information on Branch 1 is as follows:

[0088] destination address / mask

Next hop

out interface

priority

state

192.168.1.0 / 24

Interface IP of wan0 connection

wan0

10

efficient

192.168.1.0 / 24

Interface IP of wan1 connection

wan1

20

invalid

[0089] The switching proc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for achieving IPSecVPN main link and backup link dynamic switching, and relates to the field of network safety. The method in each period comprises the steps that 1), whether a main link is normal or not is detected through a DPD mechanism, the step 3 is carried out if yes, and the step 2 is carried out if not; 2) the traffic of a VPN is forwarded from an IPSec tunnel of a backup link, and the process is ended; 3) the traffic of the VPN is forwarded from an IPSec tunnel of the main link, and the process is ended. According to the method for achieving the IPSecVPN main link and backup link dynamic switching, the DPD detecting mechanism of the IPSec and a wan interface route are ingeniously connected, flexible processing is carried out according to the priority of the link state to the route, switching of the main link and the backup link can also be achieved even though GRE is not available, and data forwarding performance is improved.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method for realizing dynamic switching of IPSec VPN active and standby links. Background technique [0002] IPSec (Internet Protocol Security) is an industry-standard network security protocol that provides transparent security services for IP network communications, protects TCP / IP communications from eavesdropping and tampering, and can effectively resist network attacks while maintaining ease of use. IPSec has two basic goals: 1) to protect the security of IP data packets; 2) to provide protective measures against network attacks. [0003] IPSec is usually used to set up a VPN (Virtual Private Network, virtual private network), which is roughly divided into two stages: the tunnel negotiation stage and the data transmission stage. [0004] The tunnel negotiation phase is mainly completed through IKE (Internet Key Exchange Protocol), and the establishment of a tunnel requires ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04B1/74
Inventor 肖真
Owner RAISECOM TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap