[go: up one dir, main page]

CN110572321A - Data transmission method and device, storage medium and electronic equipment - Google Patents

Data transmission method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN110572321A
CN110572321A CN201910951971.7A CN201910951971A CN110572321A CN 110572321 A CN110572321 A CN 110572321A CN 201910951971 A CN201910951971 A CN 201910951971A CN 110572321 A CN110572321 A CN 110572321A
Authority
CN
China
Prior art keywords
vpn
highest priority
priority
tunnel
tunnels
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910951971.7A
Other languages
Chinese (zh)
Inventor
赵帅鹏
李金国
施德军
党帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN201910951971.7A priority Critical patent/CN110572321A/en
Publication of CN110572321A publication Critical patent/CN110572321A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/22Alternate routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/22Arrangements for detecting or preventing errors in the information received using redundant apparatus to increase reliability

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

the embodiment of the application provides a method, a device, a storage medium and an electronic device for transmitting data, wherein the method comprises the following steps: acquiring the priority of the VPN tunnels in the security policies of at least two virtual private network VPN tunnels; selecting a VPN tunnel with the highest priority from the security policies of at least two VPN tunnels; and transmitting the data by using the VPN tunnel with the highest priority. According to the embodiment of the application, the priority of the VPN tunnel in the security policies of the at least two VPN tunnels is obtained, the VPN tunnel with the highest priority is selected from the security policies of the at least two VPN tunnels, and the VPN tunnel with the highest priority is used for transmitting data. Therefore, under the condition that two VPN tunnels are established between two subnetworks, data can be transmitted by selecting the VPN tunnel with the highest priority, and the VPN tunnel with the highest priority has better data transmission performance, so that the stability of data transmission can be ensured.

Description

data transmission method and device, storage medium and electronic equipment
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, a storage medium, and an electronic device for transmitting data.
Background
VPN (Virtual Private Network) refers to a technology for establishing a Private Network on a public Network, and supports establishment of a VPN tunnel between two communicating parties, so that a transmission process is encrypted and data security is improved.
At present, in order to ensure stability of data transmission, a plurality of VPN tunnels are generally established between two subnetworks, so as to implement backup of the VPN tunnels.
For example, when multiple IPSEC (Internet Protocol Security) tunnels are established between two subnets, when one of the IPSEC tunnels is abnormally disconnected, another IPSEC tunnel may be used for data transmission. The IPSEC is a VPN technology that uses the IPSEC protocol to implement remote access.
In the process of implementing the invention, the inventor finds that the following problems exist in the prior art: at present, in the process of selecting a VPN tunnel for transmitting data, the selection of the VPN tunnel has randomness, so that the problem of poor stability of data transmission can be caused. For example, when the VPN main tunnel is abnormally disconnected, the randomly matched first VPN backup tunnel is subsequently used for data transmission. However, since the data transmission performance of the matched first VPN backup tunnel may be much weaker than that of the VPN main tunnel, a problem of poor stability of data transmission may be caused.
disclosure of Invention
An object of the embodiments of the present application is to provide a method, an apparatus, a storage medium, and an electronic device for transmitting data, so as to ensure stability of data transmission.
in a first aspect, an embodiment of the present application provides a method for transmitting data, where the method includes: acquiring the priority of the VPN tunnels in the security policies of at least two virtual private network VPN tunnels; selecting a VPN tunnel with the highest priority from the security policies of at least two VPN tunnels; and transmitting the data by using the VPN tunnel with the highest priority.
Therefore, in the embodiment of the present application, the priority of the VPN tunnel in the security policies of the at least two VPN tunnels is obtained, and the VPN tunnel with the highest priority is selected from the security policies of the at least two VPN tunnels, and the VPN tunnel with the highest priority is used for transmitting data. Therefore, under the condition that two VPN tunnels are established between two subnetworks, data can be transmitted by selecting the VPN tunnel with the highest priority, and the VPN tunnel with the highest priority has better data transmission performance, so that the stability of data transmission can be ensured.
In addition, in the embodiment of the application, the user can configure the priority of the VPN tunnel in the security policy of the VPN tunnel according to the actual situation, so that the VPN tunnel can be selected according to the security policy configured by the user, further, the data transmission is controllable, and the stability of the data transmission is further improved.
In a possible embodiment, the at least two VPN tunnels are backup tunnels, and before obtaining the priorities of the VPN tunnels in the security policies of the at least two virtual private network VPN tunnels, the method further includes: the main tunnel is determined to be broken.
Therefore, the embodiment of the application can be applied to a scene that one backup tunnel with the highest priority is selected from a plurality of backup tunnels when the main tunnel is disconnected.
In one possible embodiment, one of the at least two VPN tunnels is a primary tunnel and the remaining VPN tunnels are backup tunnels.
Therefore, the embodiment of the application can be applied to a scene of selecting a VPN tunnel with the highest priority from a plurality of VPN tunnels between two subnetworks.
In one possible embodiment, selecting the VPN tunnel with the highest priority from the security policies of the at least two VPN tunnels includes: determining the priority of any one VPN tunnel in all the VPN tunnels as the temporary highest priority; sequentially traversing the security policies of the other VPN tunnels, and updating the temporary highest priority to determine the final temporary highest priority; and determining the VPN tunnel corresponding to the final temporary highest priority as the VPN tunnel with the highest priority.
Therefore, in the embodiment of the application, the priority of any one of all the VPN tunnels is determined to be the temporary highest priority, and the security policies of the other VPN tunnels are sequentially traversed to update the temporary highest priority so as to determine the final temporary highest priority, so that the VPN tunnel with the highest priority can be accurately and quickly determined.
In one possible embodiment, updating the temporary highest priority to determine a final temporary highest priority includes: under the condition that the priority of the current VPN tunnel is higher than the temporary highest priority, updating the temporary highest priority to the priority of the current VPN tunnel; or, in case that the priority of the current VPN tunnel is equal to or lower than the temporary highest priority, the temporary highest priority is kept unchanged.
therefore, compared with a mode of sequencing priorities, the processing efficiency can be improved by updating the temporary highest priority, so that the waiting time of the user is shortened, and the experience of the user is improved.
In a second aspect, an embodiment of the present application provides an apparatus for transmitting data, where the apparatus includes: the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring the priority of the VPN tunnel in the security policies of at least two virtual private network VPN tunnels; the selecting module is used for selecting the VPN tunnel with the highest priority from the security policies of the at least two VPN tunnels; and the transmission module is used for transmitting data by using the VPN tunnel with the highest priority.
In one possible embodiment, at least two VPN tunnels are backup tunnels, and the apparatus further includes: the first determining module is used for determining that the main tunnel is disconnected before acquiring the priority of the VPN tunnels in the security policies of the at least two virtual private network VPN tunnels.
In one possible embodiment, one of the at least two VPN tunnels is a primary tunnel and the remaining VPN tunnels are backup tunnels.
In one possible embodiment, the selection module comprises: a second determining module, configured to determine that a priority of any one of all VPN tunnels is a temporary highest priority; the third determining module is used for sequentially traversing the security policies of the other VPN tunnels and updating the temporary highest priority so as to determine the final temporary highest priority; and the fourth determining module is used for determining the final VPN tunnel corresponding to the temporary highest priority as the VPN tunnel with the highest priority.
In one possible embodiment, the third determination module is to: under the condition that the priority of the current VPN tunnel is higher than the temporary highest priority, updating the temporary highest priority to the priority of the current VPN tunnel; or, in case that the priority of the current VPN tunnel is equal to or lower than the temporary highest priority, the temporary highest priority is kept unchanged.
In a third aspect, an embodiment of the present application provides a storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the computer program performs the method according to the first aspect or any optional implementation manner of the first aspect.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating via the bus when the electronic device is running, the machine-readable instructions when executed by the processor performing the method of the first aspect or any of the alternative implementations of the first aspect.
In a fifth aspect, the present application provides a computer program product which, when run on a computer, causes the computer to perform the method of the first aspect or any possible implementation manner of the first aspect.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
in order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
FIG. 1 illustrates a schematic diagram of an application scenario to which embodiments of the present application are applicable;
Fig. 2 is a flowchart illustrating a method for transmitting data according to an embodiment of the present application;
Fig. 3 is a detailed flowchart of a method for transmitting data according to an embodiment of the present application;
fig. 4 is a block diagram illustrating a structure of an apparatus for transmitting data according to an embodiment of the present disclosure;
Fig. 5 is a block diagram of an electronic device in the embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
At present, when a plurality of VPN tunnels (including a main tunnel and at least one backup tunnel) between two subnets are established by using different IP addresses, when the main tunnel is abnormally disconnected, the backup tunnel may be subsequently used to ensure communication of devices within the subnets.
Because the matched security policy of the data stream has randomness, the data stream will use the backup tunnel corresponding to the matched first security policy as a tunnel for subsequent data transmission. However, the backup tunnel corresponding to the matched first security policy may cause a problem of poor stability of data transmission.
Therefore, the selection of the backup tunnel in the prior art is random, that is, the user cannot control the selection of the backup tunnel, which may cause a problem of poor stability of data transmission.
based on this, the embodiment of the present application skillfully provides a scheme for transmitting data, by acquiring the priorities of the VPN tunnels in the security policies of the at least two VPN tunnels, selecting the VPN tunnel with the highest priority from the security policies of the at least two VPN tunnels, and transmitting data by using the VPN tunnel with the highest priority. Therefore, under the condition that two VPN tunnels are established between two subnetworks, data can be transmitted by selecting the VPN tunnel with the highest priority, and the VPN tunnel with the highest priority has better data transmission performance, so that the stability of data transmission can be ensured.
To facilitate understanding of the embodiments of the present application, some terms in the embodiments of the present application are first explained herein as follows:
A "subnet" may be a system of devices including clients and routers. For example, a user may configure all clients within a company as a subnet.
It should be understood that a subnet may also be referred to as a protection subnet, and embodiments of the present application are not limited thereto.
A "gateway" is a complex network interconnection device that can be used to interconnect two networks with different higher layer protocols.
A "security policy" may control data transmission between subnets (or between different IP addresses). And, the security policy may decide which data from one subnet to another subnet (or from one IP address to another IP address) may be transmitted and which data may not be transmitted through policy rules. Wherein the policy rules may include filter conditions, etc.
In addition, one security policy may be set corresponding to one VPN tunnel.
"tunnel negotiation" is a process of setting up transmission rules between two network devices. For example, the tunnel negotiation includes encryption rules and the like.
referring to fig. 1, fig. 1 is a schematic diagram illustrating an application scenario 100 to which an embodiment of the present application is applicable. Specifically, the application scenario 100 includes: a first subnet 110, a first gateway 120, a second gateway 130, and a second subnet 140. Wherein the first subnet 110 may include a plurality of clients 111 and the second subnet may include a server 141.
It should be understood that, although fig. 1 shows that the first subnet 110 only includes a plurality of clients 111, those skilled in the art should understand that the first subnet 110 may also include other devices, and the embodiments of the present application are not limited thereto.
Correspondingly, the devices forming the second sub-network 140 are similar to the devices forming the first sub-network 110, and specific reference may be made to the related description of the devices forming the first sub-network 110 in the foregoing.
It should also be understood that, although the first subnet 110 and the first gateway 120 are separately arranged in fig. 1, those skilled in the art should understand that the first gateway 120 may also be arranged in the first subnet 110, and the embodiment of the present application is not limited thereto.
Correspondingly, the setting manner of the second gateway 130 is similar to that of the first gateway 120, and specific reference may be made to the foregoing description of the setting manner of the first gateway 120.
In some possible embodiments, the client 111 may be a mobile phone, a tablet computer, a virtual machine, or a desktop computer. That is, the specific device type of the client 111 may be set according to actual requirements, and the embodiment of the present application is not limited thereto.
In addition, the client 111 further has a communication function, and may run a VPN application, or may run other web pages capable of loading a VPN process, and the embodiment of the present application is not limited to this.
In some possible embodiments, the first gateway 120 may be a transmission gateway or an application gateway. That is, the specific gateway type of the first gateway 120 may also be set according to actual requirements, and the embodiment of the present application is not limited thereto.
The device type of the second gateway 130 is similar to that of the first gateway 120, and will not be described in detail herein, and specific reference may be made to the related description of the device type of the first gateway 120.
In one embodiment, the server 141 may be a single server or a group of servers. The server group may be centralized or distributed (e.g., server 141 may be a distributed system). That is, the type of the server 141 may be set according to actual requirements, and the embodiment of the present application is not limited thereto.
In the embodiment of the present application, when the user holding the client 111 wants to access the server 141, the client 111 may send a data packet including an access request to the first gateway 120. And, in case that the first gateway 120 receives a data packet sent by the client 111, the first gateway 120 may query a security policy matching the data packet by traversing in a security policy repository. One security policy may be set corresponding to one VPN tunnel, and both the configuration file and the security policy of the VPN tunnel may be set with the priority of the VPN tunnel.
and after the traversal is completed, the first gateway 120 may acquire the VPN tunnel with the highest priority, and the first gateway 120 may send the data packet to the second gateway 130 through the VPN tunnel with the highest priority. Finally, the second gateway 130 transmits the data packet to the server 141, thereby implementing the access of the remote server.
It should be noted that the scheme for transmitting data provided in the embodiment of the present application may be further extended to other suitable implementation scenarios, and is not limited to the implementation scenario shown in fig. 1. Although a specific number of clients, gateways, and servers are shown in FIG. 1, those skilled in the art will appreciate that the application scenario 100 may include more or fewer devices in the course of an actual application. It should be understood that those skilled in the art may replace the devices in the application scenario 100 according to actual needs, and the embodiments of the present application are not limited thereto.
For example, the user may replace the first gateway 120 in the application scenario 100 with a router, a switch, or other network device. Correspondingly, the user may replace the second gateway 130 with another network device such as a router or a switch.
Referring to fig. 2, fig. 2 is a flowchart illustrating a method for transmitting data according to an embodiment of the present application, where the method shown in fig. 2 includes:
Step S210, the user sets a VPN tunnel and a security policy corresponding to the VPN tunnel through the network device.
It should be understood that the specific type of the network device may be set according to actual requirements, and the embodiments of the present application are not limited thereto.
For example, the network device may be a device that transmits data as shown in fig. 4, an electronic device as shown in fig. 5, a gateway, a router, a switch, or the like.
It should also be understood that the specific tunnel type of the VPN tunnel may also be set according to actual requirements, and the embodiments of the present application are not limited thereto. For example, the VPN tunnel can be an IPSEC tunnel or the like.
it should also be understood that the specific number of VPN tunnels may also be set according to actual requirements, and the embodiments of the present application are not limited thereto.
It should also be understood that a tunnel scene corresponding to the VPN tunnel may also be set according to actual requirements, and the embodiment of the present application is not limited thereto. For example, VPN tunnels corresponding to different service providers such as mobility, connectivity, and telecommunications may be set between two subnetworks, that is, one service provider corresponds to one VPN tunnel. For another example, VPN tunnels corresponding to different IP addresses of the same service provider may also be set between two subnets, that is, one IP address corresponds to one VPN tunnel.
Specifically, a user may set up a VPN tunnel between two subnets through a device (e.g., a computer, etc.) communicatively connected to the network device. The setting of the VPN tunnels comprises adding priority options in tunnel configuration containing configuration information such as tunnel identifiers, IP addresses and the like, and assigning the priority of each VPN tunnel.
It should be understood that the priority of the VPN tunnel may be represented by a preset identifier, and the embodiments of the present application are not limited thereto. For example, the preset identifier may be an arabic numeral, a letter, a roman numeral, or the like.
It should also be understood that the value of the priority of each VPN tunnel may also be set according to actual requirements, and the embodiment of the present application is not limited thereto.
For example, a user may assign a value to the priority of the VPN tunnel according to an application scenario, and the higher the value of the priority is, the higher the priority is. For another example, since an application scenario (e.g., a network environment, etc.) may change at any time, a user may subsequently reset the priorities of one or more VPN tunnels again, so as to achieve controllability of data transmission by controlling the VPN tunnels through which data is transmitted.
It should also be understood that configuration information included in the configuration of the VPN tunnel may also be set according to actual requirements, and the embodiment of the present application is not limited thereto.
Further, after the user sets the VPN tunnel, the user may proceed to set the security policy through the device communicatively connected to the network device. The two network devices can perform tunnel negotiation according to a standard VPN tunnel negotiation method, create a security policy corresponding to the VPN tunnel, and subsequently store the created security policy in a security policy library after the security policy is completed. The security policy corresponding to the VPN tunnel may include a priority of the corresponding VPN tunnel.
It should be understood that the priority of the VPN tunnel of the security policy and the priority of the corresponding VPN tunnel may be consistent, so that, subsequently, in the case that a matching VPN tunnel is determined by the security policy, since the priority of the VPN tunnel of the security policy and the priority of the corresponding VPN tunnel may be consistent, the corresponding VPN tunnel may be quickly queried by the priority of the security policy.
It should also be understood that the security policy may include other information besides the priority of the VPN tunnel, and the embodiments of the present application are not limited thereto. For example, the security policy may also include an identification of the corresponding VPN tunnel, etc.
It should be noted that, although step S210 in the embodiment of the present application illustrates a process in which a user sets a VPN tunnel and a security policy, it should be understood by those skilled in the art that the VPN tunnel and the security policy corresponding to the VPN tunnel in the embodiment of the present application may also be set in advance, so that the embodiment of the present application may directly perform step S220, that is, step S210 does not need to be performed, and the embodiment of the present application is not limited thereto.
Step S220, the network device obtains the priority of the VPN tunnel in the security policies of the at least two VPN tunnels.
It should be understood that the tunnel type of each of the at least two VPN tunnels may be set according to actual requirements, and the embodiments of the present application are not limited thereto.
For example, when data transmission is not performed between two subnetworks, one VPN tunnel of the at least two VPN tunnels is a primary tunnel, and the other tunnels are backup tunnels, where the primary tunnel may be a subsequently selected VPN tunnel with the highest priority, that is, the scenario in the embodiment of the present application is to select the primary tunnel from multiple tunnels between the two subnetworks. For another example, before step S220, in a case that the network device determines that the main tunnel between the two subnetworks is disconnected, the at least two VPN tunnels may both be backup tunnels, that is, in the scenario of this embodiment of the application, one backup tunnel capable of transmitting data is selected from the at least two backup tunnels.
specifically, in a case where communication through a VPN tunnel is required between two subnetworks, the network device may determine the priority of the VPN tunnel in the security policy by querying the security policy repository.
It should be understood that the network device may query all security policies in the security policy repository, or may query only a part of the security policies in the security policy repository, as long as it is ensured that the number of the queried security policies is not less than two, and the embodiment of the present application is not limited thereto.
For example, the network device may traverse all the security policies in the security policy repository to determine the VPN tunnel with the highest priority according to the priority of the VPN tunnel in each security policy.
For another example, when the number of the security policies in the security policy repository exceeds the preset number, the network device may randomly select N security policies from the security policy repository, and determine, according to the priority of the VPN tunnel in each of the N security policies, a VPN tunnel with the highest priority among the N VPN tunnels corresponding to the N security policies, where N is a positive integer greater than or equal to 2, and the preset number may also be set according to an actual requirement. Therefore, the problem that the required time for traversal is long due to the fact that the number of the security policies is large can be solved through the technical scheme, the number of the security policies needing to be inquired is reduced, the waiting time of a user is further reduced, and user experience is improved.
In step S230, the network device selects a VPN tunnel with the highest priority from the security policies of the at least two VPN tunnels.
It should be understood that the specific selection manner of the network device selecting the VPN tunnel with the highest priority may be set according to actual requirements, and the embodiment of the present application is not limited to this.
Optionally, the network device determines that the priority of any one of all VPN tunnels is a temporary highest priority; sequentially traversing the security policies of the other VPN tunnels, and updating the temporary highest priority to determine the final temporary highest priority; and determining the VPN tunnel corresponding to the final temporary highest priority as the VPN tunnel with the highest priority.
The network device updates the temporary highest priority to determine a final temporary highest priority, including: under the condition that the priority of the current VPN tunnel is higher than the temporary highest priority, updating the temporary highest priority to the priority of the current VPN tunnel; or, in case that the priority of the current VPN tunnel is equal to or lower than the temporary highest priority, the temporary highest priority is kept unchanged.
For example, in a case that the network device needs to query the security policies of 2 VPN tunnels, the network device may determine the priority of a VPN tunnel in the security policies of the 1 st VPN tunnel that is matched as a temporary highest priority, where the temporary highest priority at this time may be the priority corresponding to the security policy of the 1 st VPN tunnel. Subsequently, in case the network device matches the security policy of the 2 nd VPN tunnel, the network device may compare the priority corresponding to the security policy of the 2 nd VPN tunnel with the temporary highest priority. If the priority corresponding to the security policy of the 2 nd VPN tunnel is higher than the temporary highest priority, the temporary highest priority is updated to the priority corresponding to the security policy of the 2 nd VPN tunnel, and the priority corresponding to the security policy of the 2 nd VPN tunnel is also the final temporary highest priority. If the priority of the VPN tunnel in the security policy of the 2 nd VPN tunnel is less than or equal to the temporary highest priority, the temporary highest priority remains unchanged, that is, the final temporary highest priority is the priority corresponding to the security policy of the 1 st VPN tunnel.
It should be noted that, although the foregoing describes a case where the temporary highest priority may be the same as the priority corresponding to the first matched security policy, it should be understood by those skilled in the art that, when the first security policy is matched, the temporary highest priority may also be set to be the preset priority, that is, the temporary highest priority may also be different from the priority corresponding to the first matched security policy. The preset priority may be any number except the maximum priority in all priorities corresponding to all security policies, and the embodiment of the present application is not limited thereto.
Optionally, the network device may also sequence all priorities corresponding to the security policies of all VPN tunnels, so as to select a VPN tunnel with the highest priority according to the sequencing result.
For example, in a case that the network device needs to query the security policies of 4 VPN tunnels, the network device sorts all the priorities corresponding to the security policies of the 4 VPN tunnels in descending order. Subsequently, the network device may determine the priority of the VPN tunnel in the security policy of the first VPN tunnel at the head in the sorted queue as the highest priority, and set the corresponding tunnel as the VPN tunnel with the highest priority.
in step S240, the network device transmits data by using the VPN tunnel with the highest priority.
In addition, when the network device transmits data by using the current tunnel (for example, the VPN tunnel with the highest current priority), if the application scenario changes, the user may adjust the priorities of other VPN tunnels and security policies corresponding to other VPN tunnels regardless of whether the current tunnel is disconnected. Subsequently, the network device may select a VPN tunnel suitable for the current application scenario by performing steps S220 to S240 again, and transmit data using the selected VPN tunnel (or, the network device may select a VPN tunnel with the highest transmission performance in the current changed scenario and transmit data using the selected VPN tunnel), so that the transmission performance can be ensured.
For example, when the network device transmits data using a VPN tunnel related to mobility, if a problem occurs in the mobile network, the user may adjust the priority of the VPN tunnel related to connectivity and the security policy corresponding to the VPN tunnel related to connectivity. Subsequently, the network device may perform steps S220 to S240 again to select a connection-related VPN tunnel and transmit data by using the data connection-related VPN tunnel.
In addition, if the network device needs to tear down the VPN tunnel, the network device also needs to delete the security policy in step S210, that is, when the network device tears down the VPN tunnel, the network device also needs to delete the history setting data related to the VPN tunnel that needs to be torn down.
Therefore, in the embodiment of the present application, the priority of the VPN tunnel in the security policies of the at least two VPN tunnels is obtained, and the VPN tunnel with the highest priority is selected from the security policies of the at least two VPN tunnels, and the VPN tunnel with the highest priority is used for transmitting data. Therefore, under the condition that two VPN tunnels are established between two subnetworks, data can be transmitted by selecting the VPN tunnel with the highest priority, and the VPN tunnel with the highest priority has better data transmission performance, so that the stability of data transmission can be ensured.
In order to facilitate understanding of the embodiments of the present application, the following description will be given by way of specific examples.
Referring to fig. 3, fig. 3 is a specific flowchart illustrating a method for transmitting data according to an embodiment of the present application, where the method shown in fig. 3 includes:
Step S310, sets the priority of the VPN tunnel.
In particular, a priority value V is added in the VPN tunnelpand for the priority value VpAnd carrying out assignment. Wherein the priority authority value VpThe setting can be made by the user according to the application scenario.
Step S320, according to the standard tunnel negotiation method, tunnel negotiation is carried out, a security policy is established, and a priority right value V is setpto the security policy.
Step S330, under the condition that the equipment between the two subnetworks needs to communicate through the VPN tunnel, when the inquiry is matched with the first security policy, the temporary highest priority V is usedhrecording priority authority value V of first security policyp1. That is, with a temporary highest priority VhThe priority of the first security policy is marked.
step S340, when the second security policy is searched from the security policy library in a traversing way, the temporary highest priority V is usedhAnd a priority value V in a second security policyp2A comparison is made. If the temporary highest priority Vhless than priority value Vp2then temporarily highest priority will be givenVhIs updated to the priority value Vp2. If the temporary highest priority VhGreater than or equal to the priority value Vp2Then temporarily the highest priority VhRemain unchanged.
Step S350, traversing all the security policies matched with the data stream in the security policy library in sequence by using the mode of the step S340, and using the final temporary highest priority V after the traversal is finishedhA corresponding VPN tunnel is used for communication between the two subnetworks.
Therefore, in the embodiment of the present application, a user may configure the priority of the VPN tunnel in the security policy of the VPN tunnel according to an actual situation, so that when devices in two subnetworks need to communicate through the VPN tunnel, the devices can perform policy matching according to the priority of the security policy configured by the user, so that data transmission has controllability, and stability of data transmission is increased.
It should be understood that the above method for transmitting data is only exemplary, and those skilled in the art can make various changes, modifications or variations according to the above method and also fall within the scope of the present application.
For example, while the operations of the methods of the present application are depicted in the drawings in a particular order, this does not require or imply that the operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. For example, with the method of transmission shown in fig. 3, in the case where the VPN tunnel and the security policy are set in advance, step S330 may be directly performed. Rather, the steps depicted in the flowcharts may change the order of execution. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions. For example, for the method of transmission shown in fig. 3, step S310 and step S320 may be combined into one step for execution.
Referring to fig. 4, fig. 4 shows a block diagram of a device 400 for transmitting data according to an embodiment of the present application, it should be understood that the device 400 corresponds to the method embodiment of fig. 2 to fig. 3, and is capable of performing various steps related to the method embodiment, and specific functions of the device 400 may be referred to the description above, and detailed descriptions are appropriately omitted herein to avoid repetition. The device 400 includes at least one software function module that can be stored in a memory in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the device 400. Specifically, the apparatus 400 includes:
An obtaining module 410, configured to obtain priorities of at least two virtual private network VPN tunnels in a security policy of the VPN tunnels; a selecting module 420, configured to select a VPN tunnel with a highest priority from the security policies of the at least two VPN tunnels; and a transmission module 430, configured to transmit data using the VPN tunnel with the highest priority.
In one possible embodiment, at least two VPN tunnels are backup tunnels, and the apparatus 400 further comprises: a first determining module (not shown) for determining that the main tunnel is disconnected before acquiring the priority of the VPN tunnel in the security policies of the at least two virtual private network VPN tunnels.
In one possible embodiment, one of the at least two VPN tunnels is a primary tunnel and the remaining VPN tunnels are backup tunnels.
In one possible embodiment, the selecting module 420 includes: a second determining module (not shown) for determining the priority of any one of all the VPN tunnels as a temporary highest priority; a third determining module (not shown) configured to sequentially traverse the security policies of the remaining VPN tunnels, and update the temporary highest priority to determine a final temporary highest priority; a fourth determining module (not shown) is configured to determine the final VPN tunnel corresponding to the temporary highest priority as the VPN tunnel with the highest priority.
In one possible embodiment, the third determination module is to: under the condition that the priority of the current VPN tunnel is higher than the temporary highest priority, updating the temporary highest priority to the priority of the current VPN tunnel; or, in case that the priority of the current VPN tunnel is equal to or lower than the temporary highest priority, the temporary highest priority is kept unchanged.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working process of the apparatus described above may refer to the corresponding process in the foregoing method, and will not be described in too much detail herein.
Fig. 5 is a block diagram of an electronic device 500 in an embodiment of the present application, as shown in fig. 5. Electronic device 500 may include a processor 510, a communication interface 520, a memory 530, and at least one communication bus 540. Wherein the communication bus 540 is used for realizing direct connection communication of these components. The communication interface 520 in the embodiment of the present application is used for communicating signaling or data with other devices. Processor 510 may be an integrated circuit chip having signal processing capabilities. The Processor 510 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor 510 may be any conventional processor or the like.
The Memory 530 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 530 stores computer readable instructions, and when the computer readable instructions are executed by the processor 510, the electronic device 500 may perform the steps involved in the method embodiments of fig. 2 to 3.
The electronic device 500 may further include a memory controller, an input-output unit, an audio unit, and a display unit.
The memory 530, the memory controller, the processor 510, the peripheral interface, the input/output unit, the audio unit, and the display unit are electrically connected to each other directly or indirectly to realize data transmission or interaction. For example, these elements may be electrically coupled to each other via one or more communication buses 540. The processor 510 is used to execute executable modules stored in the memory 530. Also, the apparatus 300 is configured to perform the following method: acquiring the priority of the VPN tunnels in the security policies of at least two virtual private network VPN tunnels; selecting a VPN tunnel with the highest priority from the security policies of at least two VPN tunnels; and transmitting the data by using the VPN tunnel with the highest priority.
The input and output unit is used for providing input data for a user to realize the interaction of the user and the server (or the local terminal). The input/output unit may be, but is not limited to, a mouse, a keyboard, and the like.
The audio unit provides an audio interface to the user, which may include one or more microphones, one or more speakers, and audio circuitry.
The display unit provides an interactive interface (e.g. a user interface) between the electronic device and a user or for displaying image data to a user reference. In this embodiment, the display unit may be a liquid crystal display or a touch display. In the case of a touch display, the display can be a capacitive touch screen or a resistive touch screen, which supports single-point and multi-point touch operations. The support of single-point and multi-point touch operations means that the touch display can sense touch operations simultaneously generated from one or more positions on the touch display, and the sensed touch operations are sent to the processor for calculation and processing.
It will be appreciated that the configuration shown in FIG. 5 is merely illustrative and that the electronic device 500 may include more or fewer components than shown in FIG. 5 or may have a different configuration than shown in FIG. 5. The components shown in fig. 5 may be implemented in hardware, software, or a combination thereof.
The present application also provides a storage medium having a computer program stored thereon, which, when executed by a processor, performs the method of the method embodiments.
The present application also provides a computer program product which, when run on a computer, causes the computer to perform the method of the method embodiments.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the system described above may refer to the corresponding process in the foregoing method, and will not be described in too much detail herein.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
in the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. A method of transmitting data, comprising:
Acquiring the priority of the VPN tunnels in the security policies of at least two virtual private network VPN tunnels;
Selecting a VPN tunnel with the highest priority from the security policies of the at least two VPN tunnels;
And transmitting data by using the VPN tunnel with the highest priority.
2. The method according to claim 1, wherein said at least two VPN tunnels are backup tunnels, and before said obtaining the priority of VPN tunnels in the security policies of the at least two virtual private network VPN tunnels, the method further comprises:
The main tunnel is determined to be broken.
3. The method of claim 1, wherein one of the at least two VPN tunnels is a primary tunnel and the remaining VPN tunnels are backup tunnels.
4. The method according to claim 1, wherein said selecting a VPN tunnel with a highest priority from the security policies of the at least two VPN tunnels comprises:
Determining the priority of any one VPN tunnel in all the VPN tunnels as the temporary highest priority;
Sequentially traversing the security policies of the other VPN tunnels, and updating the temporary highest priority to determine the final temporary highest priority;
And determining the VPN tunnel corresponding to the final temporary highest priority as the VPN tunnel with the highest priority.
5. The method of claim 4, wherein said updating the temporary highest priority to determine a final temporary highest priority comprises:
Under the condition that the priority of the current VPN tunnel is higher than the temporary highest priority, updating the temporary highest priority to the priority of the current VPN tunnel; or,
Keeping the temporary highest priority unchanged when the priority of the current VPN tunnel is equal to or lower than the temporary highest priority.
6. An apparatus for transmitting data, comprising:
The system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring the priority of the VPN tunnel in the security policies of at least two virtual private network VPN tunnels;
the selecting module is used for selecting the VPN tunnel with the highest priority from the security policies of the at least two VPN tunnels;
And the transmission module is used for transmitting data by utilizing the VPN tunnel with the highest priority.
7. The apparatus of claim 6, wherein the at least two VPN tunnels are backup tunnels, the apparatus further comprising:
A first determining module, configured to determine that the main tunnel is disconnected before the acquiring of the priority of the VPN tunnel in the security policies of the at least two virtual private network VPN tunnels.
8. the apparatus of claim 6, wherein one of the at least two VPN tunnels is a primary tunnel and the remaining VPN tunnels are backup tunnels.
9. The apparatus of claim 6, wherein the selecting module comprises:
a second determining module, configured to determine that a priority of any one of all VPN tunnels is a temporary highest priority;
A third determining module, configured to sequentially traverse security policies of the remaining VPN tunnels, and update the temporary highest priority to determine a final temporary highest priority;
A fourth determining module, configured to determine the VPN tunnel corresponding to the final temporary highest priority as the VPN tunnel with the highest priority.
10. The apparatus of claim 9, wherein the third determining module is configured to: under the condition that the priority of the current VPN tunnel is higher than the temporary highest priority, updating the temporary highest priority to the priority of the current VPN tunnel; or, in case that the priority of the current VPN tunnel is equal to or lower than the temporary highest priority, keeping the temporary highest priority unchanged.
11. A storage medium, having stored thereon a computer program which, when executed by a processor, performs a method of transmitting data according to any one of claims 1-5.
12. An electronic device, characterized in that the electronic device comprises: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating via the bus when the electronic device is operating, the machine-readable instructions when executed by the processor performing the method of transmitting data according to any one of claims 1-5.
CN201910951971.7A 2019-09-30 2019-09-30 Data transmission method and device, storage medium and electronic equipment Pending CN110572321A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910951971.7A CN110572321A (en) 2019-09-30 2019-09-30 Data transmission method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910951971.7A CN110572321A (en) 2019-09-30 2019-09-30 Data transmission method and device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN110572321A true CN110572321A (en) 2019-12-13

Family

ID=68784265

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910951971.7A Pending CN110572321A (en) 2019-09-30 2019-09-30 Data transmission method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN110572321A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338278A (en) * 2021-12-29 2022-04-12 北京天融信网络安全技术有限公司 Tunnel communication method, device, equipment and medium
US11477176B1 (en) 2021-05-27 2022-10-18 Microsoft Technology Licensing, Llc Throughput for a single VPN connection using multiple processing cores
CN115347943A (en) * 2021-04-28 2022-11-15 华为技术有限公司 Service transmission method and related equipment
US12231405B2 (en) 2021-05-27 2025-02-18 Microsoft Technology Licensing, Llc Selecting a VPN connection using negotiated cryptographic algorithms to improve throughput

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7801030B1 (en) * 2005-09-16 2010-09-21 Cisco Technology, Inc. Technique for using OER with an ECT solution for multi-homed spoke-to-spoke sites
US8260922B1 (en) * 2005-09-16 2012-09-04 Cisco Technology, Inc. Technique for using OER with an ECT solution for multi-homed sites
CN106936683A (en) * 2015-12-31 2017-07-07 北京网御星云信息技术有限公司 A kind of method and device for realizing tunnel configuration
CN109698769A (en) * 2019-02-18 2019-04-30 深信服科技股份有限公司 Using disaster tolerance device and method, terminal device, readable storage medium storing program for executing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7801030B1 (en) * 2005-09-16 2010-09-21 Cisco Technology, Inc. Technique for using OER with an ECT solution for multi-homed spoke-to-spoke sites
US8260922B1 (en) * 2005-09-16 2012-09-04 Cisco Technology, Inc. Technique for using OER with an ECT solution for multi-homed sites
CN106936683A (en) * 2015-12-31 2017-07-07 北京网御星云信息技术有限公司 A kind of method and device for realizing tunnel configuration
CN109698769A (en) * 2019-02-18 2019-04-30 深信服科技股份有限公司 Using disaster tolerance device and method, terminal device, readable storage medium storing program for executing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张锦盛: "《Java程序语言基础》", 31 October 2018 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115347943A (en) * 2021-04-28 2022-11-15 华为技术有限公司 Service transmission method and related equipment
US11477176B1 (en) 2021-05-27 2022-10-18 Microsoft Technology Licensing, Llc Throughput for a single VPN connection using multiple processing cores
US12231405B2 (en) 2021-05-27 2025-02-18 Microsoft Technology Licensing, Llc Selecting a VPN connection using negotiated cryptographic algorithms to improve throughput
CN114338278A (en) * 2021-12-29 2022-04-12 北京天融信网络安全技术有限公司 Tunnel communication method, device, equipment and medium

Similar Documents

Publication Publication Date Title
CN111771364B (en) Cloud-based anomaly traffic detection and protection in remote networks via DNS attributes
CN110572321A (en) Data transmission method and device, storage medium and electronic equipment
US8904491B2 (en) Network connecting device and method
US8605582B2 (en) IP network system and its access control method, IP address distributing device, and IP address distributing method
CN107547565B (en) Network access authentication method and device
US20230032802A1 (en) Methods and systems for connecting to a wireless network
CN104301141B (en) A kind of method, apparatus and system for preserving configuration information
US20070019657A1 (en) Network apparatus and method of specifying network parameter
JP6378442B2 (en) Method and apparatus for deploying services in a virtualized network
CN112333289A (en) Reverse proxy access method, device, electronic equipment and storage medium
US9537832B2 (en) Method, system and device for establishing link
CN110784549A (en) Network node selection method and device, first network node and storage medium
WO2018039901A1 (en) Method, device and system for ip address allocation, and computer program product
CN111988445B (en) Message forwarding method and device, storage medium and electronic equipment
JP2025518699A (en) Efficient provisioning of Internet connections and a secure domain name system
JP2016066853A (en) Image forming apparatus and program
US10367781B2 (en) Information processing apparatus, method of controlling the same, and storage medium
US20240028559A1 (en) Method for Obtaining Manufacturer Usage Description Mud File, Device, and System
CN109560954B (en) Equipment configuration method and device
JP5169461B2 (en) Security parameter distribution apparatus and security parameter distribution method
JP6871108B2 (en) Firewall device controls and programs
CN112737850A (en) Mutually exclusive access method and device
CN111600947A (en) Resource management method, device, storage medium and electronic equipment
CN111372322B (en) A communication method and device
US20170208035A1 (en) USER BASED STATELESS IPv6 RA-GUARD

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191213