IPSec VPN safety forwarding method and system for handling power protocols

Abstract

The invention provides an IPSec VPN safety forwarding method and system for handling power protocols. When an IP data packet enters an IPSec VPN device, a safety policy according with the IP data packet is sought for in a safety policy database according to IP message grouping information, data decryption is performed on the IP message grouping information according to the SP, and an original data message is obtained; then, power protocol characteristic value information identification is performed on the original data message according to characteristic value information in the SP to judge whether the current IP data packet message needs to be forwarded or not. Through the SP subjected to power protocol characteristic identification, fine grit inspecting and matching can be performed on the IP data packet bearing power service, in-tunnel attack to the data packet can be prevented, and thus the problems that because a large number of firewall policies are added into the IPSec VPN device and the data packet enters a protocol stack twice, performance is lowered, and operation maintenance difficulty is increased can be avoided, and the forwarding performance and the forwarding safety of the IPSec VPN data packet are promoted.

Description

technical field [0001] The invention relates to the technical field of data communication in the electric power industry, in particular to an IPSec VPN secure forwarding method and system for processing electric power protocols. Background technique [0002] As a national energy infrastructure, electricity is directly related to the safety of electricity consumption by workers and civilians. Failures will lead to large-scale power outages in cities, seriously affecting people's lives and economic development. To this end, relevant state departments and power companies have issued a number of regulations and systems to ensure the safety of the power secondary system and prevent group attacks such as viruses and hackers. [0003] IPSec VPN devices work at the network layer and can provide services such as data source authentication, data flow confidentiality, data integrity, and anti-replay. As a commonly used network layer security protection device, IPSec VPN equipment can ...

AI Technical Summary

Problems solved by technology

[0005] Based on this, it is necessary to provide a simple processing method for the existing complex IPSec VPN secure forwarding method for processing power protocols, which may easily lead to the problem of performance degradation of IPSec VPN equipment, and there is a large delay in decrypting and forwarding data packets. The IPSec VPN secure forwarding method and system of the Power Protocol to improve the performance of IPSec VPN equipment and reduce the delay in decrypting and forwarding data packets

Images