Bidirectional forwarding detection authentication safe switching method and device

A two-way forwarding detection and security technology, applied in the field of communication, can solve problems such as traffic interruption and route deletion

Active Publication Date: 2016-11-09
NEW H3C TECH CO LTD
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] This application provides a method and device for bidirectional forwarding detection and authentication security switching

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Bidirectional forwarding detection authentication safe switching method and device
  • Bidirectional forwarding detection authentication safe switching method and device
  • Bidirectional forwarding detection authentication safe switching method and device

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0052] Embodiment one

[0053] The basic idea of ​​this application's two-way forwarding detection and authentication security switch is: after the first network device and the second network device establish a BFD session, they periodically send a two-way BFD message on the channel of the established session, and use the second network device to implement the second network device. In the detection of a network device, if the first network device does not receive the BFD message from the second network device within a certain period of time, it is considered that a certain part of the bidirectional channel has failed.

[0054]The first network device judges the authentication status of the current BFD message. If it is currently in the intermediate state of authentication, it sends two copies of the BFD message to the second network device each time. The first authentication mode is generated, and the second BFD packet is generated according to the second authentication mode ...

Example Embodiment

[0081] Embodiment two

[0082] refer to image 3 , which shows a flow chart of a method for bidirectional forwarding detection and authentication security switchover described in Embodiment 2 of the present application, specifically including:

[0083] Step 301: Set an authentication mode switching timeout timer.

[0084] When the first network device enters the authentication intermediate state, start the authentication mode switching timeout timer.

[0085] Step 302: Judging whether the authentication mode switching timeout timer has expired, if it expires, execute step 303, if not, execute step 304.

[0086] Wherein, preferably, the authentication mode switching timeout timer timeout time can be set to 5 minutes, and can also be set in any appropriate way by those skilled in the art, such as the threshold can be set by manual experience, or set for the difference value of historical data The timeout period is not limited by this application.

[0087] Step 303: Determine...

Example Embodiment

[0141] Embodiment Three

[0142] refer to Figure 8 , which shows a structural diagram of a device for bidirectional forwarding detection and authentication security switching in Embodiment 3 of the present application. When the device is the first network device, it may specifically include:

[0143]The authentication status judging module 801 is used to judge the authentication status of the current BFD message. If the authentication status judging module judges that the current BFD message is in the authentication intermediate state, the sending module 802 is executed; otherwise, the authentication module 807 is executed.

[0144] Sending module 802: Send two BFD packets to the second network device each time.

[0145] Wherein, the first BFD message is generated according to the first authentication mode before the modification of the authentication mode, and the second BFD message is generated according to the second authentication mode after the modification of the authe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a bidirectional forwarding detection authentication safe switching method and device. The method comprises the steps that judging a current authentication state of BFD (bidirectional forwarding detection) messages by a first network device; sending two BFD messages to a second network device each time if the BFD messages are currently in the authentication intermediate state; and in the authentication intermediate state, when the first network device receives the BFD messages sent by the second network device, performing the following steps of judging whether detection of a first authentication mode is successful or not, refreshing a BFD overtime detection timer if the detection of the first authentication mode is successful, continuing to judge whether the detection of a second authentication mode is successful or not, refreshing the BFD overtime detection timer if the detection of the second authentication mode is successful, thereby enabling the second authentication mode to take effect, and logging out the authentication intermediate state. The problems of traffic interruption and route deletion resulting from modifying a BFD authentication mode in the prior art can be solved.

Description

technical field [0001] The present application relates to the field of communication technologies, and in particular to a method and device for bidirectional forwarding detection authentication security switching. Background technique [0002] Bidirectional Forwarding Detection (BFD for short) is a general, standardized, media-independent and protocol-independent fast fault detection mechanism. MPLS), Pseudowire (Prisoner of War, referred to as PW), Open Shortest Path First (Open Shortest Path First, referred to as OSPF), etc. provide a unified and fast fault detection mechanism, and the fault detection time of BFD is usually in milliseconds. It greatly improves the convergence speed of the protocol and reduces the number of network packet loss and interruption time. [0003] In order to improve its own security, BFD uses an authentication mechanism, which includes Simple Authentication and Message Digest Algorithm MD5 (MD5 for short). Due to the use of the authentication m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L12/703H04L12/723H04L29/06H04L45/28H04L45/50
CPCH04L43/0811H04L45/28H04L45/50H04L63/08H04L69/22
Inventor 汪江波
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap