VPN tunnel mode optimization method and system

A technology of tunnel mode and optimization method, which is applied in the field of communication, can solve problems such as large proportion and increase of actual network load, and achieve the effect of reducing the amount of increase

Active Publication Date: 2019-12-03
BEIJING KEDONG ELECTRIC POWER CONTROL SYST
View PDF6 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As for the 104 messages of the power protocol, many data packets are small packets of no more than 64 bytes. If the existing tunnel mode is used for encrypted data transmission, the increased message length has a large proportion compared with the actual data length, resulting in Actual network load increases

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • VPN tunnel mode optimization method and system
  • VPN tunnel mode optimization method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The present invention will be further described below in conjunction with the accompanying drawings. The following examples are only used to illustrate the technical solution of the present invention more clearly, but not to limit the protection scope of the present invention.

[0021] A kind of VPN tunnel mode optimization method of the present invention comprises the following process:

[0022] Step 1. The devices on both sides use the IPsec tunnel mode to encrypt data.

[0023] Step 2. Add a policy entry for the devices on both sides. The entry includes IP address, port number, and protocol number (such as TCP, UDP, ICMP, etc.), and configure a unique number KeyID to identify the current policy entry.

[0024] Data encryption and decryption exist in pairs. For a pair of encryption devices, policies are configured for each business. It can be understood that a business needs to configure a policy. Multiple policies can be configured on the device, and these policies...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a VPN tunnel mode optimization method and system, and the method comprises the following steps that a strategy table entry is added, and a unique number KeyID is configured toidentify a current strategy table entry; wherein the strategy table item comprises an IP address and a port number; a home terminal device performs strategy matching on the plaintext message, uses a Key ID to replace an original IP message header and a port number after successful matching, then performs data encryption, adds an external IP message header and AH/ESP information to generate an encrypted message, and forwards the encrypted message to the opposite terminal device; and after receiving the encrypted message, the opposite-end device decrypts the data, searches the strategy table entry according to the KeyID after decryption, and restores the IP message header and the port number according to the strategy table entry after successful matching of the strategy table entry. According to the method, the increment of data traffic after encryption is reduced.

Description

technical field [0001] The invention belongs to the technical field of communications, and in particular relates to a VPN tunnel mode optimization method and system. Background technique [0002] When the existing IPsec VPN encryption device adopts the general tunnel mode, the local encryption device encrypts the original IP message, adds the external IP message header, AH / ESP information, and sends the new data packet to the peer device. The peer device decrypts the original data and strips the external IP packet header, ESP / AH information, and sends the original packet to the receiving end. For the existing IPsec protocol packet encapsulation format, see figure 1 As shown in the figure, in the tunnel mode, the content marked by the rectangular box is the original IP packet, and the others are newly added data. [0003] To sum up, currently using IPsec VPN tunnel for data encryption will add a lot of data content (such as external IP header, AH / ESP and other information) ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/46H04L29/06
CPCH04L12/4633H04L12/4641H04L63/0428
Inventor 徐萌李勃梁野高明慧马力张志军多志林王丹刘锦利计士禹张广文刘新龙修增哲
Owner BEIJING KEDONG ELECTRIC POWER CONTROL SYST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap