Encryption method for inner layer information in VXLAN (Virtual Extensible Local Area Net) tunnel
An encryption method and inner-layer technology, which is applied in the field of communication transmission in the field of network communication technology, can solve problems such as broadcast domain attacks and lack of security guarantee mechanisms in VXLAN, and achieve the effects of ensuring security, avoiding additional overhead, and improving utilization
Active Publication Date: 2014-03-05
苏州盛科科技有限公司
View PDF4 Cites 28 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0003] However, because VXLAN lacks a security guarantee mechanism, when the outer VXLAN header carries a message through the WAN, the data packet may be intercepted and parsed, so that the obtained information can be used to launch an attack on the inner broadcast domain.
If IPsec (Internet Protocol Security, Ethernet Protocol Security) used in traditional VPN networks is used for security encryption, it is necessary to add an additional IPsec header to implement encryption. For VXLAN packets, because the VXLAN header itself already has at least 50 bytes, if using IPsec will further increase the overhead, therefore, it is necessary to provide a new encryption method to improve the security of VXLAN
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0024] The technical solutions in the preferred embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings of the present invention.
[0025] The encryption method of the inner layer information in the VXLAN tunnel disclosed by the present invention is realized by performing two-level encryption on the inner layer data messages of the VXLAN header and several different VXLAN domains, such as figure 2 As shown, it is a schematic diagram of the format of the outer header of the VXLAN protocol message involved in this embodiment, combined with figure 1 As shown, when encrypting the VXLAN header, the initial key known to both parties in communication is defined as K, and the initial key K is only known to both parties in communication and will not be transmitted in the network.
[0026] The actual encryption key P used to encrypt the VXLAN header is obtained by the following calculation method, namely:
[002...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses an encryption method for inner layer information in a VXLAN (Virtual Extensible Local Area Net) tunnel. Two-layer encryption is respectively performed on data messages at the head part of the VXLAN and inner layers of different VXLAN domains, the encryption keys are dynamic keys which are respectively generated according to logical calculation of respective initial keys and network identification fields of VXLAN and subsequent MD5 calculation, the encrypted message is the value obtained from further logical calculation of the encryption keys and the message data to be encrypted in the VXLAN tunnel. The VXLAN message cannot be analyzed even when being intercepted while being transmitted in a wide area network, so that the security of the VXLAN message is ensured, and whether the VXLAN message is encrypted is marked through at least one preserved bit in the head part of the VXLAN. The encryption method disclosed by the invention is realized through the VXLAN head without extra expense, so that the utilization rate of the bandwidth is improved.
Description
technical field [0001] The invention relates to communication transmission technology in the technical field of network communication, and in particular to a method for encrypting inner layer information in a VXLAN tunnel to improve data transmission security. Background technique [0002] As IT organizations shift to a service-oriented model, it is increasingly being found that the current data center network connectivity architecture is a limiting factor. In order to solve this problem, companies such as Cisco and VMware launched the VXLAN (Virtual eXtensible Local Area Network, Virtual Extensible Local Area Network) standard in 2011, which is dedicated to solving the problem of insufficient number of VLANs in the data center network to support geographically dispersed data. Realize long-distance virtual machine migration between centers. VXLAN expands the number of LANs from 2^12=4094 in the original VLAN to 2^24. Moreover, the tunnel feature it contains also supports t...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/06H04L12/46
Inventor 龚海东
Owner 苏州盛科科技有限公司