Method, device and equipment for preventing packet loss after IPsec SA aging and storage medium

Abstract

The invention relates to a method, device and equipment for preventing packet loss after IPsec SA aging and a storage medium, and the method comprises the steps: S1, building an IPsec channel with opposite terminal equipment, and generating a first IPsec SA; S2, when a key exchange message sent by opposite-end equipment is received or when the first IPsec SA meets an aging requirement, sending the key exchange message to the opposite-end equipment, after the opposite-end equipment negotiates a key again, creating a second IPsec SA, and retaining the first IPsec SA; S3, starting a timer, and encrypting the encrypted message sent to the opposite-end equipment by adopting the first IPsec SA before the time of the timer is up; S4, after the time of the timer is up, judging whether the encrypted message sent by the opposite-end equipment is encrypted by adopting a second IPsec SA or not; and S5, when the time of the timer is up and the encrypted message sent by the opposite terminal equipment is encrypted by adopting the second IPsec SA, deleting the first IPsec SA, otherwise, repeating the steps S3 to S4. According to the invention, the problem of frequent packet loss after SA aging at present is solved.

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to a method, device, equipment and storage medium for preventing packet loss after IPsec SA ages. Background technique [0002] In order to ensure the safety of communication, when performing IPsec communication, an SA is set up. For safety, an update aging mechanism is designed for IPsec SA. There are two ways of traffic aging and time aging. That is, when the traffic reaches a certain limit, the IPsec SA is updated; or when the time reaches Update the IPsec SA when the limit is set. [0003] At present, the common update method is: when party A's traffic or time reaches the limit, it starts to renegotiate IPsec SA, and sends renegotiation IPsec SA message; Party B receives renegotiation IPsec SA message. Both parties update the new SA, and two problems will arise at this time: [0004] 1. Party A updates the SA and deletes the old SA; Party B uses the old SA to co...

AI Technical Summary

Problems solved by technology

When the message encrypted by Party B using the old SA reaches Party A, Party A's SA has been deleted, and normal decryption cannot be performed, and the message will be discarded;

[0005] 2. Party A updates the SA, and Party B renegotiates the IPsec SA message, which is delayed in the network and does not arrive, so the new SA is not updated. At this time, the data encrypted by Party A using the new SA reaches Party B, and the message cannot be decrypted. Packets are discarded

[0006] Therefore, after the current SA ages, packet loss often occurs

Images