Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A load-balanced ipsec VPN device cluster system and its working method

A load balancing and cluster system technology, applied in the field of data communication, can solve problems such as inability to realize real-time synchronization of serial numbers and anti-replay windows, hot switching problems, and inability to realize automatic load distribution, etc., to achieve high reliability, reduce costs, The effect of avoiding collective failure

Active Publication Date: 2017-05-31
中电科网络安全科技股份有限公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The technical characteristics of IPSec VPN itself set up two obstacles for the realization of multi-IPSec VPN device clusters. One is that the outbound IP data packets processed by different IPSec VPN devices have different source IP addresses due to tunnel encapsulation, while the inbound IP Due to the different destination addresses of data packets, automatic load distribution cannot be realized; the second is that the serial number and anti-replay window are updated with each data packet, and the real-time synchronization of serial numbers and anti-replay windows cannot be realized between multiple different devices , there is a problem with hot switching on failure

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A load-balanced ipsec VPN device cluster system and its working method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] The system of the present invention includes a plurality of IPSec VPN devices, and each IPSec VPN device runs a computing capability evaluation module, an intra-group synchronization module, a load management module, an address responder, and a data classifier.

[0037] Computational capability evaluation module is used for computing capability evaluation module to run 10,000 RSA signature operations with 2048-bit modulus length in a multi-threaded manner, and calculate the signature speed in units of times / second as the computing capability of the IPSec VPN device where it is located evaluation result.

[0038] The intra-group synchronization module is responsible for exchanging and synchronizing security policy SP, security association SA, online status and computing capability information among all member devices in the same cluster and forming a globally consistent security policy, security association and online status.

[0039] The load management module obtains glo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a load-balanced IPSec VPN device trunking system and a working method of the load-balanced IPSec VPN device trunking system. The load-balanced IPSec VPN device trunking system comprises a plurality of IPSec VPN devices, and a computing capability assessment module, an intra-group synchronization module, a load management module, an address transponder and a data classifier run on each IPSec VPN device. Unique and effective load balancing and unique and effective redundant backup of working IP addresses of IPSec VPN clusters composed of the different IPSec VPN devices are achieved, outbound IP data messages processed by the different IPSec VPN devices have the same source IP addresses, and inbound IP data messages can achieve automatic distribution of loads. Immediate synchronization of serial numbers and replay-resistant windows is achieved between the multiple different devices, and zero-interval seamless switching of the loads is achieved.

Description

technical field [0001] The invention belongs to the field of data communication, and relates to a load-balanced IPSec VPN device cluster system and a working method thereof. Background technique [0002] IPSec: Abbreviation for Internet Protocol Security, which means Internet Protocol Security. is an open standard framework for ensuring confidential and secure communications over Internet Protocol (IP) networks through the use of encrypted security services; [0003] VPN: Virtual Private Network (Virtual Private Network, referred to as VPN) refers to the technology of establishing a private network on a public network. The reason why it is called a virtual network is mainly because the connection between any two nodes of the entire VPN network does not have the end-to-end physical link required by the traditional private network, but is structured on the network provided by the public network service provider. Platforms, such as logical networks on the Internet, ATM (Async...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/803H04L29/06H04L12/46
Inventor 罗俊
Owner 中电科网络安全科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com