CN102833174B - Tunnel forwarding method, device and the network equipment - Google Patents
Tunnel forwarding method, device and the network equipment Download PDFInfo
- Publication number
- CN102833174B CN102833174B CN201210345532.XA CN201210345532A CN102833174B CN 102833174 B CN102833174 B CN 102833174B CN 201210345532 A CN201210345532 A CN 201210345532A CN 102833174 B CN102833174 B CN 102833174B
- Authority
- CN
- China
- Prior art keywords
- dhcp
- tunnel
- activation
- message
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a kind of tunnel forwarding method, device and the network equipment.Wherein, method comprises: when setting up DHCP tunnel with multiple dynamic host configuration protocol DHCP client, activate a wherein DHCP tunnel, and the state arranging other DHCP tunnel is interim status according to activation strategy at every turn; Use the DHCP tunnel being in state of activation forward described in be in DHCP message between dhcp client corresponding to the DHCP tunnel of state of activation and Dynamic Host Configuration Protocol server.Technical solution of the present invention when security gateway sets up DHCP tunnel with multiple dhcp client simultaneously, can successfully forward the message between Dynamic Host Configuration Protocol server and dhcp client.
Description
Technical field
The present invention relates to data communication technology, particularly relate to a kind of tunnel forwarding method, device and the network equipment.
Background technology
DHCP (DynamicHostConfigurationProtocol, referred to as DHCP) is mainly used in internal network and distributes Internet protocol (InternetProtocol, referred to as IP) address effectively, dynamically, automatically.Internet safety protocol (InternetProtocolSecurity, referred to as IPsec) for providing security service at IP layer, the path be used between protection one or more main frame and main frame, between security gateway and security gateway, between security gateway and main frame.
DHCP(DHCPoverIPSec based on IPsec) be that DHCP message, by ipsec encryption and encapsulation, prevents it to be stolen in transmitting procedure, distorts and cause internal networking structure deployment to be revealed by IPSec message carrying DHCP message.The principle of DHCPoverIPSec comprises: dhcp client and security gateway (securitygateway) set up IPSecDHCP tunnel (referred to as DHCP tunnel), the IP address of dhcp client is by DHCP Dynamic Acquisition, in this process, the DHCP message of dhcp client passes through DHCP tunnel transmission to security gateway, security gateway forwards DHCP message to Dynamic Host Configuration Protocol server, dhcp server response DHCP message also returns dhcp response message to security gateway, and dhcp response message is returned to dhcp client by DHCP tunnel by security gateway.
In actual applications, multiple dhcp client may set up DHCP tunnel with security gateway in section at one time simultaneously.Because IPSec searches DHCP tunnel based on stream interested, stream interested on security gateway is in fact all IP is arbitrarily to any, destination interface is the Access Control List (ACL) (AccessControlList of fixed port, referred to as ACL), such as IP:AnytoAny, being meant to of this stream interested of destination:UDPport68(: can Match IP be arbitrarily to any, destination interface is the UDP message of 68), so when security gateway while and when multiple client sets up DHCP tunnel, security gateway just cannot encapsulate the dhcp response message that Dynamic Host Configuration Protocol server returns in selecting properly tunnel, thus the dhcp response message repeating that cannot successfully be returned by Dynamic Host Configuration Protocol server is to dhcp client.
Summary of the invention
The invention provides a kind of tunnel forwarding method, device and the network equipment, in order to when security gateway sets up DHCP tunnel with multiple dhcp client simultaneously, successfully forward the message between Dynamic Host Configuration Protocol server and dhcp client.
First aspect present invention provides a kind of tunnel forwarding method, comprising:
When setting up DHCP tunnel with multiple dynamic host configuration protocol DHCP client, activate a wherein DHCP tunnel according to activation strategy, and the state arranging other DHCP tunnel is interim status at every turn;
Use the DHCP tunnel being in state of activation forward described in be in DHCP message between dhcp client corresponding to the DHCP tunnel of state of activation and Dynamic Host Configuration Protocol server.
Second aspect present invention provides a kind of tunnel retransmission unit, comprising:
Tunnel activation module, for when setting up DHCP tunnel with multiple dynamic host configuration protocol DHCP client, activate a wherein DHCP tunnel, and the state arranging other DHCP tunnel is interim status according to activation strategy at every turn;
Packet forwarding module, for use the DHCP tunnel being in state of activation forward described in be in DHCP message between dhcp client corresponding to the DHCP tunnel of state of activation and Dynamic Host Configuration Protocol server.
Third aspect present invention provides a kind of network equipment, comprising: arbitrary tunnel provided by the invention retransmission unit.
Tunnel forwarding method provided by the invention, device and the network equipment, when setting up DHCP tunnel with multiple dhcp client, activate a wherein DHCP tunnel according to activation strategy at every turn, and make other DHCP tunnel be in interim status, then the tunnel being in state of activation is used to forward DHCP message between dhcp client corresponding to this tunnel and Dynamic Host Configuration Protocol server, as can be seen here, the present invention is when setting up DHCP tunnel with multiple dhcp client, the forwarding problems of message between Dynamic Host Configuration Protocol server and dhcp client is successfully solved by activating a DHCP tunnel at every turn.
Accompanying drawing explanation
The flow chart of the tunnel forwarding method that Fig. 1 provides for one embodiment of the invention;
The flow chart of the tunnel forwarding method that Fig. 2 provides for another embodiment of the present invention;
The one topology schematic diagram of the tunnel transmission network that Fig. 3 provides for one embodiment of the invention;
The flow chart of the tunnel forwarding method that Fig. 4 provides for further embodiment of this invention;
The structural representation of the tunnel retransmission unit that Fig. 5 provides for one embodiment of the invention;
The structural representation of the tunnel retransmission unit that Fig. 6 provides for another embodiment of the present invention.
Embodiment
The flow chart of the tunnel forwarding method that Fig. 1 provides for one embodiment of the invention.As shown in Figure 1, the method for the present embodiment comprises:
Step 101, when setting up DHCP tunnel with multiple dhcp client, activate a wherein DHCP tunnel according to activation strategy, and the state arranging other DHCP tunnel is interim status at every turn.
The executive agent of the present embodiment can be connected between Dynamic Host Configuration Protocol server and dhcp client, and operation has IPsec can provide any equipment in DHCP tunnel to dhcp client, such as, can be security gateway.The present embodiment is that executive agent is described with security gateway, but is not limited thereto.
In the present embodiment, security gateway sets up DHCP tunnel with multiple dhcp client within a period of time simultaneously, so on security gateway, just there are many streams interested, the corresponding tunnel of every bar stream interested, there is the encapsulate forwarded behavior of oneself uniqueness in every bar tunnel simultaneously.It is that destination interface is the ACL of fixed port, and such as stream interested can be: IP:AnytoAny, destination:UDPport68 arbitrarily to any that every bar stream interested is IP, and port 68 is ports that DHCP agreement uses.In this case, the dhcp response message returned to make Dynamic Host Configuration Protocol server can be undertaken encapsulating and being transmitted to dhcp client by correct tunnel, when there is many DHCP tunnels in the security gateway of the present embodiment, activate a DHCP tunnel in many DHCP tunnels according to activation strategy at every turn, and other DHCP tunnel is set to interim status.In the present embodiment, the DHCP tunnel being only in state of activation could be used for E-Packeting, and the DHCP tunnel being in interim status temporarily can not E-Packet.That is, in many stream IP:AnytoAny, destination:UDPport68 interested, one will be only had to be in state of activation, this stream interested being in state of activation could be used for E-Packeting.
The object of above-mentioned activation strategy mainly enables security gateway distinguish DHCP tunnel, only activates a wherein DHCP tunnel at every turn.Optionally, security gateway can pre-configured above-mentioned activation strategy.
Optionally, this activation strategy can be that the sequencing set up according to every bar DHCP tunnel activates.Based on this, security gateway activates a wherein DHCP tunnel according to activation strategy at every turn and comprises: the priority time that security gateway is set up according to every bar DHCP tunnel, each activation wherein DHCP tunnel.Such as, security gateway can the priority activation settling time of DHCP tunnel the earliest.Illustrate, suppose security gateway and the first dhcp client, between the second dhcp client and the 3rd dhcp client, there is a DHCP tunnel, the 2nd DHCP tunnel and the 3rd DHCP tunnel respectively, wherein, one DHCP tunnel settling time the earliest, next is the 2nd DHCP tunnel, is finally the 3rd DHCP tunnel; Based on this, first security gateway can activate a DHCP tunnel, and the forwarding of the DHCP message between the first dhcp client and Dynamic Host Configuration Protocol server is completed by a DHCP tunnel, then the 2nd DHCP tunnel is activated, and the forwarding of the DHCP message between the second dhcp client and Dynamic Host Configuration Protocol server is completed by the 2nd DHCP tunnel, finally activate the 3rd DHCP tunnel, and complete the forwarding of the 3rd DHCP message between dhcp client and Dynamic Host Configuration Protocol server by the 3rd DHCP tunnel.
Optionally, the activation strategy of the present embodiment can also be activate according to the information of dhcp client corresponding to every bar DHCP tunnel.Wherein, the information of dhcp client can be any information uniquely can distinguishing dhcp client, such as, can be the IP address or medium access control (MediaAccessControl, referred to as MAC) address etc. of dhcp client.The IP address being dhcp client for the information of dhcp client, then security gateway activates a wherein DHCP tunnel according to activation strategy at every turn and comprises: security gateway, according to the size of the IP address of dhcp client corresponding to every bar DHCP tunnel, activates a wherein DHCP tunnel at every turn.Such as, security gateway according to the descending order in the IP address of dhcp client, can activate every bar DHCP tunnel successively.Again such as, security gateway according to the ascending order in the IP address of dhcp client, can activate every bar DHCP tunnel successively.For the MAC Address that the information of dhcp client is dhcp client, then security gateway activates a wherein DHCP tunnel according to activation strategy at every turn and comprises: security gateway, according to the size of the MAC Address of dhcp client corresponding to every bar DHCP tunnel, activates a wherein DHCP tunnel at every turn.Such as, security gateway according to the descending order of the MAC Address of dhcp client, can activate every bar DHCP tunnel successively.Again such as, security gateway according to the ascending order of the MAC Address of dhcp client, can activate every bar DHCP tunnel successively.
Optionally, the activation strategy of the present embodiment can also be random selection strategy, and in the DHCP tunnel be namely at every turn never activated, Stochastic choice DHCP tunnel activates.
In an Alternate embodiments of the present embodiment, be activated for the ease of distinguishing which bar DHCP tunnel, which DHCP tunnel is set to interim status, and security gateway can arrange Status Flag for every bar DHCP tunnel.Based on this, after security gateway to select the DHCP tunnel needing to be activated according to activation strategy, for selecting the DHCP tunnel activated to arrange activation marker, accordingly, and fix tentatively mark for other DHCP tunnel is arranged, thus the state arranging other DHCP tunnel is interim status.
Step 102, the DHCP tunnel being in state of activation is used to forward DHCP message between dhcp client corresponding to this DHCP tunnel being in state of activation and Dynamic Host Configuration Protocol server.
Arrange after other DHCP tunnel is interim status when the DHCP tunnel activated in many DHCP tunnels, security gateway can use the DHCP tunnel that is in state of activation to the DHCP message between dhcp client corresponding to the DHCP tunnel forwarding this and be in state of activation and Dynamic Host Configuration Protocol server.
Concrete, security gateway receives the DHCP message of dhcp client transmission corresponding to this DHCP tunnel being in state of activation by the DHCP tunnel being in state of activation, can be such as that DHCP finds (discover) message or DHCP request (request) message, then the DHCP received be found that message or DHCP request message repeating are to Dynamic Host Configuration Protocol server; To the DHCP of the dhcp client received, Dynamic Host Configuration Protocol server finds that message or DHCP request message give a response, then provided by the DHCP of response (offer) message or DHCP to confirm that (ACK) message sends to security gateway, DHCP provides message or DHCP confirmation message to be transmitted to dhcp client corresponding to this DHCP tunnel being in state of activation by the DHCP tunnel being in state of activation by security gateway.Wherein, the dhcp client that DHCP provides message or DHCP confirmation message to be transmitted to this DHCP tunnel being in state of activation corresponding by the DHCP tunnel being in state of activation by security gateway specifically comprises: security gateway is according to the stream interested being in state of activation in many stream interested, the tunnel that the stream interested finding this to be in state of activation is corresponding, use the forwarding behavior in this tunnel to provide message or DHCP confirmation message to be encrypted to DHCP and the process such as tunnel encapsulation, the DHCP tunnel being then in state of activation by this is transmitted to corresponding dhcp client.In this process, owing to only having a stream interested available, cannot the problem in selecting properly tunnel so do not exist.
After this DHCP tunnel uses and terminates, can according to activation strategy next DHCP tunnel of deexcitation again, and the message repeating using this DHCP tunnel activated to carry out between dhcp client corresponding to this DHCP tunnel and Dynamic Host Configuration Protocol server.
Optionally, after a DHCP tunnel use terminates, can by this DHCP tunnel teardown.Wherein, remove a DHCP tunnel to mean information deletions such as stream interested corresponding for this tunnel, forwarding behaviors.Under DHCP scene, just mean that this DHCP request process terminates once receive DHCPACK message.Based on this, security gateway can after receiving DHCPACK message that Dynamic Host Configuration Protocol server returns and this DHCPACK message is transmitted to corresponding dhcp client by the DHCP tunnel being in state of activation, this is in the DHCP tunnel teardown of state of activation, and again selects a DHCP tunnel activation according to activation strategy from current being in the DHCP tunnel of interim status.
Illustrate at this, the trigger condition at every turn activating a wherein tunnel according to activation strategy can be that a upper DHCP tunnel being in state of activation is removed, but is not limited thereto.Such as, security gateway also can according to the activation cycle of specifying, and selects the DHCP tunnel be activated to go forward side by side line activating when activation cycle arrives according to activation strategy.Preferably, the whole process that use DHCP tunnel carries out message repeating will be longer than this activation cycle.This mode can overcome because certain reason (such as dhcp client or server failure) causes the problem that do not receive DHCP confirmation message for a long time and then cause other DHCP tunnels can not be activated always, is conducive to the fairness ensureing that each bar DHCP tunnel is activated.
Illustrate at this, after a DHCP tunnel use terminates, might not remove, such as, can also interim status be set to.Wherein, after a DHCP tunnel use terminates, its dismounting can be discharged shared resource, be conducive to the burden alleviating security gateway and dhcp client, economize on resources.
From above-mentioned, in the present embodiment, security gateway is when setting up DHCP tunnel with multiple dhcp client, activate a wherein DHCP tunnel according to activation strategy at every turn, and make other DHCP tunnel be in interim status, then the tunnel being in state of activation is used to forward DHCP message between dhcp client corresponding to this tunnel and Dynamic Host Configuration Protocol server, as can be seen here, the present invention is when setting up DHCP tunnel with multiple dhcp client, the forwarding problems of message between Dynamic Host Configuration Protocol server and dhcp client is successfully solved by activating a DHCP tunnel at every turn.In addition, the present embodiment at one time in only have a DHCP tunnel to be activated, the fail safe that DHCP message is transmitted can be ensured, prevent from responsive reveal or illegally being distorted.
The flow chart of the tunnel forwarding method that Fig. 2 provides for another embodiment of the present invention.The present embodiment is based on realization embodiment illustrated in fig. 1.As shown in Figure 2, the method for the present embodiment also comprises:
If step 103 received by the DHCP tunnel being in interim status this be in the DHCP message that dhcp client corresponding to the DHCP tunnel of interim status send, the DHCP message that the DHCP tunnel being in interim status by this receives is carried out buffer memory, forwards when being activated with the DHCP tunnel being in interim status until this.
Illustrate at this, step 103 does not limit with the sequencing of step 102.Step 103 the operation described can be carried out before step 102, and also can be carry out in step 102 implementation, can also be perform after step 102.
For the DHCP tunnel being in interim status, can not be used for E-Packeting, but the message that the dhcp client that can receive its correspondence sends, and message here mainly refers to that DHCP finds message.
After security gateway receives the DHCP message that dhcp client corresponding to the DHCP tunnel that is in interim status send, because this DHCP tunnel is in interim status, therefore temporarily the DHCP message received by it can not be transmitted to Dynamic Host Configuration Protocol server, therefore, the DHCP message received can be carried out buffer memory by security gateway, directly this DHCP message can be transmitted to Dynamic Host Configuration Protocol server when this DHCP tunnel is activated like this, then the dhcp response message that Dynamic Host Configuration Protocol server returns for this DHCP message is received, and then be transmitted to corresponding dhcp client by this DHCP tunnel (being in state of activation).
Optionally, after security gateway receives DHCP message by the DHCP tunnel being in interim status, except DHCP message being carried out, except buffer memory, also DHCP message can be abandoned.
Optionally, as shown in Figure 2, comprise before step 101:
Step 100, receive the DHCP that in above-mentioned multiple dhcp client, each dhcp client sends and find message, and receiving after DHCP finds message, carry out tunnel negotiation to set up DHCP tunnel with corresponding dhcp client.
Before this step 100 is mainly described in and performs above-mentioned steps, security gateway and multiple dhcp client set up the process in DHCP tunnel.Wherein, security gateway is identical with the process that each dhcp client sets up DHCP tunnel, is described for one of them.When dhcp client has request Dynamic Host Configuration Protocol server to be the demand of its distributing IP address, first can send DHCP to security gateway and find message, this action can trigger dhcp client and initiatively carry out tunnel negotiation with security gateway, to set up DHCP tunnel.
In tunnel establishment procedure, first DHCP message that dhcp client sends is that DHCP finds message, this DHCP finds that message is mainly used in triggering dhcp client and initiatively carries out tunnel negotiation to set up DHCP tunnel with security gateway, usually will directly be dropped at dhcp client; After DHCP finds message time-out, dhcp client again can send DHCP and find message, and at this moment DHCP finds that message just can arrive security gateway by the DHCP tunnel established.If the DHCP tunnel of correspondence is not activated, then security gateway receives after DHCP finds message and can carry out buffer memory, until this DHCP is abandoned after finding message time-out.In this process, if if dhcp client finds that DHCP finds message time-out, DHCP can be resend and finds message.Wherein, if security gateway has received and buffer memory DHCP finds message, then the DHCP of previous buffer memory can be found packet loss when it receives when DHCP finds message again, and the up-to-date DHCP received of buffer memory finds can ensure that DHCP message there will not be out of order problem like this by message.
The one topology schematic diagram of the tunnel transmission network that Fig. 3 provides for one embodiment of the invention.As shown in Figure 3, security gateway 31 is connected with Dynamic Host Configuration Protocol server 32, and security gateway 31 is also connected with the first dhcp client 33, second dhcp client 34 and the 3rd dhcp client 35.
Wherein, within a period of time, first dhcp client 33, second dhcp client 34 and the 3rd dhcp client 35 set up DHCP tunnel with security gateway 31 respectively, be respectively a DHCP tunnel, the 2nd DHCP tunnel and the 3rd DHCP tunnel, the stream interested that every bar tunnel is corresponding is IP:AnytoAny, destination:UDPport68.In order to the first dhcp client 33, second dhcp client 34 and the DHCP message between the 3rd dhcp client 35 and Dynamic Host Configuration Protocol server 32 correctly can be forwarded, security gateway, according to activation strategy, activates a DHCP tunnel, the 2nd DHCP tunnel and the 3rd DHCP tunnel successively.Wherein, when activation the one DHCP tunnel, security gateway 31 forwards the process of DHCP message as shown in Figure 4 by a DHCP tunnel.
Step a1, the first dhcp client 33 send DHCP by a DHCP tunnel to security gateway 31 and find message.
DHCP is found that message repeating is to Dynamic Host Configuration Protocol server 32 by step a2, security gateway 31.
Step a3, the second dhcp client 34 send DHCP by the 2nd DHCP tunnel to security gateway 31 and find message.
The DHCP that step a4, security gateway 31 buffer memory second dhcp client 34 send finds message.
The DHCP that step a5, security gateway 31 receive Dynamic Host Configuration Protocol server 32 transmission provides message.
DHCP provides message to send to the first dhcp client 33 by a DHCP tunnel by step a6, security gateway 31.
Step a7, the first dhcp client 33 send DHCP request message by a DHCP tunnel to security gateway 31.
Step a8, security gateway 31 by DHCP request message repeating to Dynamic Host Configuration Protocol server 32.
Step a9, the 3rd dhcp client 35 send DHCP by the 3rd DHCP tunnel to security gateway 31 and find message.
The DHCP that step a10, security gateway 31 buffer memory the 3rd dhcp client 35 send finds message.
Step a11, security gateway 31 receive the DHCP confirmation message that Dynamic Host Configuration Protocol server 32 sends.
DHCP confirmation message is sent to the first dhcp client 33 by a DHCP tunnel by step a12, security gateway 31.
Step a13, security gateway 31 remove a DHCP tunnel, and activate the 2nd DHCP tunnel.
By the DHCP that the second dhcp client 34 of buffer memory sends by the 2nd DHCP tunnel, step a14, security gateway 31 find that message sends to Dynamic Host Configuration Protocol server 32.
Subsequent step and to forward the process of the message between the first dhcp client 33 and Dynamic Host Configuration Protocol server 32 by a DHCP tunnel similar, does not repeat them here.
From above-mentioned, in the present embodiment, security gateway is when setting up DHCP tunnel with multiple dhcp client, activate a wherein DHCP tunnel according to activation strategy at every turn, and make other DHCP tunnel be in interim status, then the tunnel being in state of activation is used to forward DHCP message between dhcp client corresponding to this tunnel and Dynamic Host Configuration Protocol server, as can be seen here, the present invention is when setting up DHCP tunnel with multiple dhcp client, the forwarding problems of message between Dynamic Host Configuration Protocol server and dhcp client is successfully solved by activating a DHCP tunnel at every turn.
The structural representation of the tunnel retransmission unit that Fig. 5 provides for one embodiment of the invention.As shown in Figure 5, the device of the present embodiment comprises: tunnel activation module 51 and packet forwarding module 52.
Tunnel activation module 51, for when setting up DHCP tunnel with multiple dhcp client, activate a wherein DHCP tunnel, and the state arranging other DHCP tunnel is interim status according to activation strategy at every turn.
Packet forwarding module 52, is connected with tunnel activation module 51, and the DHCP tunnel being in state of activation activated for using tunnel activation module 51 forwards the DHCP message between dhcp client corresponding to this DHCP tunnel being in state of activation and Dynamic Host Configuration Protocol server.
In an Alternate embodiments, as shown in Figure 6, the tunnel retransmission unit of the present embodiment also comprises: packet buffer module 53.Packet buffer module 53, if this receiving for the DHCP tunnel by being in interim status is in the DHCP message that dhcp client corresponding to the DHCP tunnel of interim status sends, the DHCP message that the DHCP tunnel being in interim status by this receives is carried out buffer memory, forwards when being activated with the DHCP tunnel being in interim status until this.Optionally, packet buffer module 53 is connected with tunnel activation module 51, for tunnel activation module 51 by be in interim status DHCP tunnel activation after, the DHCP message of buffer memory is provided to the DHCP tunnel being in state of activation.
In an Alternate embodiments, tunnel activation module 51 activates the mode in a wherein DHCP tunnel according to activation strategy at every turn can be different because of the difference of activation strategy.Such as, tunnel activation module 51 specifically can be used for the priority time of setting up according to every bar DHCP tunnel, each activation wherein DHCP tunnel.Or,
Tunnel activation module 51 specifically can be used for the size of the IP address according to dhcp client corresponding to every bar DHCP tunnel, each activation wherein DHCP tunnel.Or,
Tunnel activation module 51 specifically can be used for the size of the MAC Address according to dhcp client corresponding to every bar DHCP tunnel, each activation wherein DHCP tunnel.
In an Alternate embodiments, for distinguishing the DHCP tunnel activated and the DHCP tunnel be not activated, tunnel activation module 51 specifically can be used for for selecting the DHCP tunnel activated to arrange activation marker, for other DHCP tunnel arranges tentative mark, to arrange the state in other DHCP tunnel for interim status.
In an Alternate embodiments, packet forwarding module 52 specifically can be used for after receiving the DHCP confirmation message that Dynamic Host Configuration Protocol server returns, and is transmitted to dhcp client corresponding to the DHCP tunnel that is in state of activation by the DHCP tunnel being in state of activation.Based on this, tunnel activation module 51 also can be used for the DHCP tunnel teardown this being in state of activation, and again from the DHCP tunnel being in interim status, selects a DHCP tunnel activation according to activation strategy.
In an Alternate embodiments, as shown in Figure 6, the tunnel retransmission unit of the present embodiment also comprises: module 54 is set up in tunnel.Module 54 is set up in tunnel, be connected with tunnel activation module 51, for activating a wherein DHCP tunnel in tunnel activation module 51 according to activation strategy at every turn, and before the state arranging other DHCP tunnel is interim status, receive the DHCP that in multiple dhcp client, each dhcp client sends and find message, and after receiving DHCP discovery message, carry out tunnel negotiation to set up DHCP tunnel with dhcp client.
The tunnel retransmission unit that the present embodiment provides can be arranged in security gateway and realize, but is not limited thereto.Such as, the tunnel retransmission unit of the present embodiment also can directly realize as security gateway, or is connected with security gateway independent of security gateway.
Each functional module of the tunnel retransmission unit that the present embodiment provides can be used for the flow process performing the tunnel forwarding method that above-described embodiment provides, and its specific works principle repeats no more, and refers to the description of embodiment of the method.
The tunnel retransmission unit that the present embodiment provides, when setting up DHCP tunnel with multiple dhcp client, activate a wherein DHCP tunnel according to activation strategy at every turn, and make other DHCP tunnel be in interim status, then use the tunnel being in state of activation to forward DHCP message between dhcp client corresponding to this tunnel and Dynamic Host Configuration Protocol server, successfully solve the forwarding problems of message between Dynamic Host Configuration Protocol server and dhcp client by activating a DHCP tunnel at every turn.
One embodiment of the invention provides a kind of network equipment, comprises tunnel retransmission unit.Wherein, tunnel retransmission unit can be the tunnel retransmission unit that the above embodiment of the present invention provides, and its operation principle and implementation structure all see the description of above-described embodiment, can not repeat them here.
The network equipment of the present embodiment can be connected between Dynamic Host Configuration Protocol server and dhcp client, and operation has IPsec can provide any equipment in DHCP tunnel to dhcp client, such as, can be security gateway.
The network equipment of the present embodiment comprises the tunnel retransmission unit that the embodiment of the present invention provides, and can be used for the flow process performing the tunnel forwarding method that above-described embodiment provides, therefore, when setting up DHCP tunnel with multiple dhcp client, also can activate by each the forwarding problems that a DHCP tunnel successfully solves message between Dynamic Host Configuration Protocol server and dhcp client.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each embodiment of the method can have been come by the hardware that program command is relevant.Aforesaid program can be stored in a computer read/write memory medium.This program, when performing, performs the step comprising above-mentioned each embodiment of the method; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Last it is noted that above each embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to foregoing embodiments to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein some or all of technical characteristic; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.
Claims (11)
1. a tunnel forwarding method, is characterized in that, comprising:
When setting up DHCP tunnel with multiple dynamic host configuration protocol DHCP client, activate a wherein DHCP tunnel according to activation strategy, and the state arranging other DHCP tunnel is interim status at every turn;
Use the DHCP tunnel being in state of activation forward described in be in DHCP message between dhcp client corresponding to the DHCP tunnel of state of activation and Dynamic Host Configuration Protocol server.
2. tunnel forwarding method according to claim 1, is characterized in that, also comprises:
If the DHCP message that the dhcp client that the DHCP tunnel being in interim status described in being received by the DHCP tunnel being in interim status is corresponding sends, the DHCP message that the DHCP tunnel being in interim status described in passing through receives is carried out buffer memory, with until described in be in interim status DHCP tunnel be activated time forward.
3. tunnel forwarding method according to claim 1, is characterized in that, describedly activates a wherein DHCP tunnel according to activation strategy at every turn and comprises:
According to the priority time that every bar DHCP tunnel is set up, each activation wherein DHCP tunnel; Or
According to the size of the Internet protocol IP address of dhcp client corresponding to every bar DHCP tunnel, activate a wherein DHCP tunnel at every turn; Or
According to the size of the medium access control MAC Address of dhcp client corresponding to every bar DHCP tunnel, activate a wherein DHCP tunnel at every turn.
4. the tunnel forwarding method according to claim 1 or 2 or 3, is characterized in that, described in the DHCP tunnel that described use is in state of activation forwards, the DHCP message be between dhcp client corresponding to the DHCP tunnel of state of activation and Dynamic Host Configuration Protocol server comprises:
After receiving the DHCP confirmation message that described Dynamic Host Configuration Protocol server returns, described in being transmitted to by the described DHCP tunnel being in state of activation, be in the dhcp client that the DHCP tunnel of state of activation is corresponding;
Described method also comprises:
By the described DHCP tunnel teardown being in state of activation, and again select a DHCP tunnel activation according to described activation strategy from described being in the DHCP tunnel of interim status.
5. the tunnel forwarding method according to claim 1 or 2 or 3, is characterized in that, describedly activates a wherein DHCP tunnel according to activation strategy at every turn, and the state arranging other DHCP tunnel comprises before being interim status:
Receive the DHCP that in described multiple dhcp client, each dhcp client sends and find message, and after receiving described DHCP discovery message, carry out tunnel negotiation to set up described DHCP tunnel with described dhcp client.
6. a tunnel retransmission unit, is characterized in that, comprising:
Tunnel activation module, for when setting up DHCP tunnel with multiple dynamic host configuration protocol DHCP client, activate a wherein DHCP tunnel, and the state arranging other DHCP tunnel is interim status according to activation strategy at every turn;
Packet forwarding module, for use the DHCP tunnel being in state of activation forward described in be in DHCP message between dhcp client corresponding to the DHCP tunnel of state of activation and Dynamic Host Configuration Protocol server.
7. tunnel according to claim 6 retransmission unit, is characterized in that, also comprise:
Packet buffer module, if the DHCP message that the dhcp client that the DHCP tunnel being in interim status described in receiving for the DHCP tunnel by being in interim status is corresponding sends, the DHCP message that the DHCP tunnel being in interim status described in passing through receives is carried out buffer memory, with until described in be in interim status DHCP tunnel be activated time forward.
8. tunnel according to claim 6 retransmission unit, is characterized in that, the priority time of described tunnel activation module specifically for setting up according to every bar DHCP tunnel, each activation wherein DHCP tunnel; Or
Described tunnel activation module, specifically for the size of the Internet protocol IP address according to dhcp client corresponding to every bar DHCP tunnel, activates a wherein DHCP tunnel at every turn; Or
Described tunnel activation module, specifically for the size of the medium access control MAC Address according to dhcp client corresponding to every bar DHCP tunnel, activates a wherein DHCP tunnel at every turn.
9. the tunnel retransmission unit according to claim 6 or 7 or 8, it is characterized in that, described packet forwarding module, specifically for after receiving the DHCP confirmation message that described Dynamic Host Configuration Protocol server returns, is in the dhcp client that the DHCP tunnel of state of activation is corresponding by the described DHCP tunnel being in state of activation described in being transmitted to;
Described tunnel activation module also for by the described DHCP tunnel teardown being in state of activation, and selects a DHCP tunnel activation according to described activation strategy from described being in the DHCP tunnel of interim status again.
10. the tunnel retransmission unit according to claim 6 or 7 or 8, is characterized in that, also comprise:
Module is set up in tunnel, for activating a wherein DHCP tunnel in described tunnel activation module according to activation strategy at every turn, and before the state arranging other DHCP tunnel is interim status, receive the DHCP that in described multiple dhcp client, each dhcp client sends and find message, and after receiving described DHCP discovery message, carry out tunnel negotiation to set up described DHCP tunnel with described dhcp client.
11. 1 kinds of network equipments, is characterized in that, comprising: the tunnel retransmission unit described in any one of claim 6-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210345532.XA CN102833174B (en) | 2012-09-17 | 2012-09-17 | Tunnel forwarding method, device and the network equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210345532.XA CN102833174B (en) | 2012-09-17 | 2012-09-17 | Tunnel forwarding method, device and the network equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102833174A CN102833174A (en) | 2012-12-19 |
| CN102833174B true CN102833174B (en) | 2015-11-25 |
Family
ID=47336147
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210345532.XA Active CN102833174B (en) | 2012-09-17 | 2012-09-17 | Tunnel forwarding method, device and the network equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102833174B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113890867A (en) * | 2021-10-15 | 2022-01-04 | 济南浪潮数据技术有限公司 | Communication address allocation method and device, electronic equipment and storage medium |
| CN115118548B (en) * | 2022-06-28 | 2024-02-20 | 北京天融信网络安全技术有限公司 | Network communication method and device based on virtual private network and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1348285A (en) * | 2001-07-26 | 2002-05-08 | 西安交大瑞森资讯发展股份有限公司 | Network capable of transmitting directly IP data package physical medium |
| CN101123488A (en) * | 2006-08-11 | 2008-02-13 | 展讯通信(上海)有限公司 | Channel polling access method for multi-party communication of digital no center communication system |
| CN101778389A (en) * | 2010-01-29 | 2010-07-14 | 华为技术有限公司 | Multi-system type data processing method and device |
-
2012
- 2012-09-17 CN CN201210345532.XA patent/CN102833174B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1348285A (en) * | 2001-07-26 | 2002-05-08 | 西安交大瑞森资讯发展股份有限公司 | Network capable of transmitting directly IP data package physical medium |
| CN101123488A (en) * | 2006-08-11 | 2008-02-13 | 展讯通信(上海)有限公司 | Channel polling access method for multi-party communication of digital no center communication system |
| CN101778389A (en) * | 2010-01-29 | 2010-07-14 | 华为技术有限公司 | Multi-system type data processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102833174A (en) | 2012-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107534665B (en) | Scalable intermediary network device utilizing SSL session ticket extensions | |
| CN107612776B (en) | Communication connection detection method and device | |
| US10142159B2 (en) | IP address allocation | |
| CN104601550B (en) | Reverse isolation file transmission system and method based on cluster array | |
| CN106506354B (en) | Message transmission method and device | |
| US20160285820A1 (en) | Method for processing address resolution protocol message, switch, and controller | |
| US20180351951A1 (en) | Method for transferring authorization information, relay device, and server | |
| US11418434B2 (en) | Securing MPLS network traffic | |
| CN101902482B (en) | Method and system for realizing terminal security admission control based on IPv6 (Internet Protocol Version 6) automatic configuration | |
| CN111786867B (en) | Data transmission method and server | |
| CN106714154B (en) | Proxy server, method and system for generic bootstrapping architecture protocol | |
| CN102739684A (en) | Portal authentication method based on virtual IP address, and server thereof | |
| EP3413533B1 (en) | Data transmission method and system | |
| CN102739541A (en) | Method, device and system for starting routing function and transmitting data | |
| CN110417632B (en) | Network communication method, system and server | |
| CN107277058A (en) | A kind of interface authentication method and system based on BFD agreements | |
| US11063752B2 (en) | Methods, systems, and computer readable media for utilizing predetermined encryption keys in a test simulation environment | |
| CN103067411A (en) | Method and device for preventing DoS (denial of service) attack in DS-Lite (dual stack-Lite) networking | |
| CN102833174B (en) | Tunnel forwarding method, device and the network equipment | |
| US10630479B2 (en) | Network communication method having function of recovering terminal session | |
| CN104009961A (en) | PPPoE session ID distribution method and equipment thereof | |
| CN107547621B (en) | Message forwarding method and device | |
| CN111786870B (en) | Data transmission method and strongswan server | |
| CN103036984B (en) | One-way flow detection method and network equipment | |
| WO2015131327A1 (en) | Ipv6 address assignment method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |