Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device of obtaining IPSec SA (Internet Protocol Security Association)

An acquisition method and server technology, applied in the field of IPSec SA acquisition, can solve the problem of consuming large system resources, etc.

Active Publication Date: 2014-09-03
NEW H3C TECH CO LTD
View PDF4 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, when there are many nodes, the entire ADVPN network needs to establish and maintain a large number of IKE SAs and IPSEC SAs. For example, if there are 3000 branches in a network, the Hub device needs to establish and maintain 3000 IKE SAs and IPSEC SAs. Need to consume a lot of system resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device of obtaining IPSec SA (Internet Protocol Security Association)
  • Method and device of obtaining IPSec SA (Internet Protocol Security Association)
  • Method and device of obtaining IPSec SA (Internet Protocol Security Association)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] In a specific application, in order to prevent the user's private network data carried by the ADVPN network from leaking to the public network, IPSec technology can be introduced into the ADVPN network. After the introduction of IPSec technology, each node in the ADVPN network negotiates IPSec SA one-to-one, and the private network data between nodes is encrypted and transmitted after encapsulating specific packet headers with IPSec SA. Specifically, when each node in the ADVPN network negotiates IPSec SA, it must first ensure the security of the control packets exchanged when negotiating IPSEC SA, so the whole negotiation is divided into two stages; the first stage is to establish IKE (Internet Key Exchange, Internet key exchange) peer entities, and then negotiate IKE SA between entities; IKE SA is used to protect the second stage, that is, to protect the control messages exchanged when establishing IPSEC SA; the second stage is to The process of negotiating the IPSEC ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a device of obtaining IPSec SA (Internet Protocol Security Association). The method comprises the following steps that: a VAM (Virtual Private Network Address Management) client registers with a VAM server; the VAM server issues the corresponding IPSec SA to the VAM client according to the registration information of the VAM client; the VAM client transmits a keepalive message to the VAM server; the keepalive message comprises an SPI (Security Parameter Index) of the local newest IPSec SA of the VAM client; the VAM server judges whether the SPI of the newest IPSec SA of the VAM client is equal to the SPI of the local newest IPSec SA; if the SPI of the newest IPSec SA of the VAM client is not equal to the SPI of the local newest IPSec SA, the local newest IPSec SA is issued to the VAM client. Through the method and the device, the centralized management and issuing of the IPSec SA in an ADVPN (Auto Discovery Virtual Private Network) network can be implemented, and meanwhile, the keepalive message is initiated by the VAM client, so that when the local IPSec SA of the VAM client is updated by the VAM server, the newest IPSec SA, which is issued by the VAM server, can normally pass through an NAT (Network Address Translator).

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to a method and device for acquiring IPSec SA. Background technique [0002] The traditional GRE (Generic Routing Encapsulation, general routing encapsulation) tunnel is a point-to-point tunnel, and the two ends of the communication must know the public network address of the other end; and the ADVPN (Auto Discovery Virtual Private Network, automatic discovery virtual private network) is A layer-3 tunnel that provides a point-to-multipoint tunnel and can realize intercommunication between multiple branches. Therefore, in an ADVPN network, each node needs to know the public network addresses of all peers. [0003] In the ADVPN network, the public network address of the communication peer is obtained by deploying a VAM (Virtual Private Network Address Management, virtual private network address management) server. The VAM protocol is the main protocol of the ADVPN solu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/46
Inventor 王守唐
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products