CN101567886A - Method and equipment for list item safety management - Google Patents
Method and equipment for list item safety management Download PDFInfo
- Publication number
- CN101567886A CN101567886A CNA2009100859940A CN200910085994A CN101567886A CN 101567886 A CN101567886 A CN 101567886A CN A2009100859940 A CNA2009100859940 A CN A2009100859940A CN 200910085994 A CN200910085994 A CN 200910085994A CN 101567886 A CN101567886 A CN 101567886A
- Authority
- CN
- China
- Prior art keywords
- equipment
- security
- level
- neighbor entry
- neighbor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and an equipment for list item safety management. The method comprises the following steps: a first equipment primarily generates a neighbor list item aiming at a second equipment; the safety level of the neighbor list item is set as a normal level and the neighbor list item is arranged to be allowed to be updated; subsequently, the first equipment and the second equipment run a safety characteristic protocol, approve the safety certification mutually and establish a neighbor relationship; the first equipment is increased as the safety protocol level according to the safety level of the neighbor list item of the second equipment and arranges that the neighbor list item is not allowed to be updated. The method and the equipment improve the safety of the list item and reduce the cost for deployment and management.
Description
Technical field
The present invention relates to list item safe practice field, be specifically related to the list item safety management method and apparatus.
Background technology
IPv6 neighbours find (ND, Neighbor Discovery) agreement is used five types the 6th generation Internet Control Message Protocol (ICMPv6, Internet Control Message Protocol version6) message, be respectively applied for realization: functions such as whether address resolution, checking neighbours can reach, duplicate address detection, the discovery of router discovery/prefix, the address disposes automatically and be redirected, as shown in table 1:
The type and the effect of the ICMPv6 message that table 1ND agreement is used
After the mutual ICMPv6 message of equipment and neighbor device, can generate neighbor entry at this neighbor device.
Use Border Gateway Protocol (BGP, Border Gateway Protocol) or ospf version 3 (OSPFv3, Open Shortest Path First Version3) as Routing Protocol between the IPv6 neighbours.
BGP is a kind of dynamic routing protocol that is used between the autonomous system (AS, Autonomous System).AS has the set of router that same routing policy moves under same technical management department.The router that sends BGP message is called BGP speaker (BGP Speaker), and BGP speaker receives or produces new routing iinformation, and is distributed to other BGP speaker.When BGP speaker is received new route from other autonomous system, if this route than current known route more excellent or current also this route not, this BGP speaker just is distributed to this route all other BGP speaker in the autonomous system.Claim peer-to-peer between the BGP speaker that exchanges messages mutually mutually, some relevant peer-to-peers can constitute peer group.The BGP regulation is used transmission control protocol (TCP, Transferring ControlProtocol) as transport layer protocol, for improving the fail safe of using BGP, can in BGP, stipulate: when setting up the TCP connection, carry out md5 authentication, promptly two routers must dispose identical password, could set up TCP and connect.IPv6BGP also supports md5 authentication.BGP also supports to use IP safety (IPSEC) to authenticate and encrypt as the transport layer cipher mode.
OSPFv3 mainly provides the support to IPv6, and the standard of following is RFC 5340.The OSPFv3 agreement is supported data authentication and encryption, and standard is RFC4552, has stipulated how OSPFv3 utilizes IPSec to realize authentication and Confidentiality protection, requires to support the transmission mode of IPSec, and tunnel mode is optional.Authentication still is ESP (ESP, the EncapsulatingSecurity Payload) agreement that confidentiality all requires to adopt IPSec, and also can select to adopt authentication header (AH, Authentication Header) to realize for authentication.After having enabled the checking of authentication and confidentiality, the OSPFv3 message that is not subjected to the AH/ESP protection that receives and the message of inspection failure all will be dropped.
No matter router adopts BGP or OSPFv3, owing to transmit ND or address resolution protocol (ARP between the router, Address Resolution Protocol) message adopts expressly load mode, therefore in same local area network (LAN), may have following attack problem at neighbor entry:
One, list item improper update: the connector sends message with non-machine IP address, comprise and respond NS, NA, RS, RA or redirection message, thereby counterfeit miscellaneous equipment, cause the neighbor entry on the normal device to be changed by mistake, in fact be exactly to make next jumping of route table items, thereby cause the message routing mistake by wrong change.
Two, list item is too much: the connector is by forging other people NS or NA message, make learning equipment be the multilist item, because the list item number that equipment can be stored is conditional, therefore, can cause equipment can't serve more user, normal neighbor entry may be deleted by mistake, and then causes the message routing mistake.
The problems referred to above appear between the router, may cause network paralysis when serious.
In the prior art, mainly contain following two kinds at the security mechanism of neighbor entry:
One, static address allocative decision
On equipment,, allocate the IPv6 address in advance, and this IPv6 address and medium access control (MAC, Media Access Control) address, access interface are bound, guarantee that crucial neighbor entry is not upgraded by malice at each possible connector.
Two, safety neighbor discovering (SEND, SEcure Neighbor Discovery) scheme
Adopt SEND (RFC3971) mechanism that the ND message is carried out encrypting and authenticating, guarantee that the neighbor entry that generates all passes through authentication.
Adopt the static address allocative decision, dispose for large-scale IPv6, deployment and management cost are higher.Adopt the SEND scheme then to need current device and the existing IPv6 protocol stack of main frame upgrading, present back-up system is few, lacks the deployment possibility, and deployment and management cost are also high.
Summary of the invention
The invention provides the list item safety management method and apparatus,, reduce the safety management cost with under the prerequisite that guarantees the list item fail safe.
Technical scheme of the present invention is achieved in that
A kind of list item safety management method, this method comprises:
The first neighbor entry that generates at second equipment of first equipment is set at regular grade with the level of security of this neighbor entry, and sets and allow to upgrade this neighbor entry; Afterwards, first equipment and the second equipment operation security feature agreement have been passed through safety certification each other, and have been set up neighborhood, then first equipment will raise at the level of security of the neighbor entry of second equipment and be the security protocol level, and set and do not allow to upgrade this neighbor entry.
Described first equipment will raise at the level of security of the neighbor entry of second equipment and further comprise for after the security protocol level:
Neighborhood between first equipment and second equipment is removed, and then first equipment will revert to regular grade at the level of security of the neighbor entry of second equipment, and sets and allow to upgrade this neighbor entry.
Described first equipment and second equipment have been set up neighborhood:
First equipment and second equipment have been set up Border Gateway Protocol (BGP) or ospf version three OSPFv3 neighborhoods.
The first neighbor entry that generates at second equipment of described first equipment is:
First equipment and the second equipment operation neighbours find ND agreement or ARP, generate the neighbor entry at second equipment.
Described neighbor entry at second equipment comprises at least: the access port identifier of the IP address of second equipment, the link layer address of second equipment, second equipment.
Described method further comprises: for level of security is the short aging duration of neighbor entry setting of regular grade, for level of security is the aging duration of the neighbor entry setting of security protocol level than length.
Described method further comprises:
The list item number of first device discovery self storage is greater than predetermined threshold value, then the deletion level of security is the neighbor entry of regular grade earlier, after if the neighbor entry of regular grade has been deleted, the list item number of self storing is still greater than predetermined threshold value, then delete the neighbor entry that level of security is the security protocol level again, be not more than predetermined threshold value until the list item number of self storing.
Described method further comprises:
The storage mode that level of security is set is the neighbor entry of security protocol level is a permanent storage, and perhaps, the storage mode that level of security is set is the neighbor entry of security protocol level is that permanent storage or impermanent storage are optional;
The storage mode that level of security is set is the neighbor entry of regular grade is impermanent storage.
Described method further comprises:
First equipment is that level of security is the higher bandwidth of neighbor device distribution of the neighbor entry correspondence of security protocol level, is that the neighbor device of the neighbor entry correspondence of regular grade distributes lower bandwidth for level of security.
A kind of list item safety management equipment, this equipment comprises:
The list item generation module, the first neighbor entry that generates at neighbor device is set at regular grade with the level of security of this neighbor entry, and sets and allow to upgrade this neighbor entry;
Level of security upgrading module, with neighbor device security of operation characteristic agreement, passed through safety certification each other, and set up neighborhood, the level of security at the neighbor entry of this neighbor device that then the list item generation module is generated raises and is the security protocol level, and sets and do not allow to upgrade this neighbor entry.
Described equipment further comprises:
Level of security degradation module, and the neighborhood between the neighbor device removes then reverts to regular grade with the level of security at the neighbor entry of this neighbor device in the list item generation module, and sets and allow to upgrade this neighbor entry.
Described equipment further comprises:
The list item module that wears out is for level of security is that the neighbor entry of security protocol level is set long aging duration, for level of security is that the neighbor entry of regular grade is set short aging duration.
Described equipment further comprises:
List item number administration module, the list item number of finding this device storage is greater than predetermined threshold value, then the deletion level of security is the neighbor entry of regular grade earlier, after if the neighbor entry of regular grade has been deleted, the list item number of this device storage is still greater than predetermined threshold value, then delete the neighbor entry that level of security is the security protocol level again, be not more than predetermined threshold value until the list item number of this device storage.
Described equipment further comprises:
List item storage mode administration module, the storage mode that level of security is set is the neighbor entry of security protocol level is a permanent storage, perhaps, the storage mode that level of security is set is the neighbor entry of security protocol level is that permanent storage or impermanent storage are optional; The storage mode that level of security is set is the neighbor entry of regular grade is impermanent storage.
Described equipment further comprises:
Bandwidth allocation module is the higher bandwidth of neighbor device distribution of the neighbor entry correspondence of security protocol level for level of security, is that the neighbor device of the neighbor entry correspondence of regular grade distributes lower bandwidth for level of security.
Compared with prior art, among the present invention, when first equipment and the second equipment operation security feature agreement, passed through safety certification each other, and after having set up neighborhood, just do not allowed to upgrade at the neighbor entry of second equipment, so just avoided list item by improper update, also avoided learning equipment to be the multilist item, thereby reduced message, improved the fail safe of list item by the possibility of wrong route, and, the present invention need not the static allocation address, and the existing IPv6 protocol stack that also need not to upgrade has reduced deployment and management cost.
Description of drawings
The list item safety management method flow diagram that Fig. 1 provides for the embodiment of the invention;
The composition diagram of the list item safety management equipment that Fig. 2 provides for the embodiment of the invention.
Embodiment
The present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
Core concept of the present invention is: be two level of securitys of neighbor entry definition in advance: regular grade and security protocol level, and the neighbor entry of regular grade permission renewal, the neighbor entry of security protocol level does not allow to upgrade.When first equipment is first when generating neighbor entry at second equipment, the level of security of this neighbor entry is set at regular grade; Afterwards, first equipment and the second equipment operation security feature agreement, passed through safety certification each other, and set up neighborhood, then first equipment will raise at the level of security of the neighbor entry of second equipment and be the security protocol level, after this do not allow to upgrade again neighbor entry, unless the level of security of this list item reverts to regular grade at second equipment.
The list item safety management method flow diagram that Fig. 1 provides for the embodiment of the invention, as shown in Figure 1, its concrete steps are as follows:
Step 101: operation ND or ARP agreement between device A and the equipment B, device A generates the neighbor entry at equipment B.
Content at the neighbor entry of equipment B comprises: the incoming end slogan of the IP address of equipment B, the link layer address of equipment B, equipment B etc.
After device A starts, if having other visitor as: equipment B sends the NS message to device A, and device A is after responding the NA message to equipment B, and IP address, link layer address and incoming end slogan that can recording equipment B generate the IPv6 neighbor entry at equipment B.
Send ARP request in device A, and after receiving the arp response that neighbor device B returns, the IP address of recording equipment B, link layer address and incoming end slogan generate the IPv4 neighbor entry at equipment B.
Step 102: device A is judged the neighbor entry that self whether has existed at equipment B, if, execution in step 104; Otherwise, execution in step 103.
Here, device A is according to the IP address of equipment B, at the neighbor entry of self searching at equipment B.
Step 103: device A is preserved this neighbor entry at equipment B, and the level of security of setting this list item is regular grade, goes to step 107.
Step 104: device A judges that the level of security of this already present neighbor entry at equipment B is that regular grade still is the security protocol level, if regular grade, execution in step 105; Otherwise, execution in step 106.
Step 105: device A is upgraded this already present neighbor entry at equipment B with the neighbor entry at equipment B newly-generated in the step 101, and keeps the level of security of this list item: regular grade is constant, goes to step 107.
Step 106: device A abandons this newly-generated neighbor entry at equipment B, and this flow process finishes.
Because the level of security of already present neighbor entry at equipment B is the security protocol level, do not allow to upgrade, therefore, the newly-generated neighbor entry at equipment B to be abandoned here.
Step 107: security of operation characteristic agreement between device A and the equipment B, through safety certification, set up neighborhood, device A will upgrade to the security protocol level at the level of security of the neighbor entry of equipment B.
For example: device A and equipment B disposed identical safety certification parameter as: after AH or MD5 or the IPSEC parameter, if correctly set up the bgp neighbor relation each other, device A will upgrade to the security protocol level at the level of security of the neighbor entry of equipment B.
After this, when the bgp neighbor relation broken of device A and equipment B, device A will revert to regular grade at the level of security of the neighbor entry of equipment B, after this can the neighbor entry at equipment B be upgraded.
Perhaps, device A and equipment B disposed identical authenticated encryption parameter as: after AH or the ESP parameter, if correctly set up the OSPFv3 neighborhood each other, then device A will upgrade to the security protocol level at the level of security of the neighbor entry of equipment B.
After this, OSPFv3 neighborhood between device A and equipment B is removed, and device A will revert to regular grade at the level of security of the neighbor entry of equipment B, after this can the neighbor entry at equipment B be upgraded.
In the embodiment of the invention, for level of security is that the neighbor entry of regular grade is set short aging duration, for level of security is that the neighbor entry of security protocol level is set long aging duration, with the life cycle of the neighbor entry that increases the security protocol level.
Usually, level of security is that the aging duration of the neighbor entry of regular grade is the aging duration of ND agreement or ARP agreement regulation.But level of security is the aging duration manual configuration of the neighbor entry of security protocol level.
In addition, in the embodiment of the invention, for a device A, if device A is found the list item number of self storage greater than predetermined threshold value, then according to the level of security of the neighbor entry of self storage, the neighbor entry of deletion regular grade earlier, after the neighbor entry of regular grade has been deleted, if the list item number that self stores is then deleted the neighbor entry of security protocol level more still greater than predetermined threshold value, be not more than predetermined threshold value until the list item number of self storing.
In addition, in the embodiment of the invention, the reliability for the neighbor entry that guarantees the security protocol level can be provided with: the neighbor entry permanent storage of security protocol level, perhaps, can be provided with: it still is impermanent storage that the neighbor entry of security protocol level can be selected permanent storage as required; The storage mode of the neighbor entry of regular grade is generally impermanent storage.The neighbor entry of impermanent storage wears out according to aging duration.
In addition, in the embodiment of the invention,, can be that each neighbor device distributes bandwidth according to the level of security of each neighbor entry of self storing for an equipment.Particularly, for the neighbor device of the neighbor entry correspondence of security protocol level distributes higher bandwidth, for the neighbor device of the neighbor entry correspondence of regular grade distributes lower bandwidth.
The composition diagram of the list item safety management equipment that Fig. 2 provides for the embodiment of the invention, as shown in Figure 2, it mainly comprises: list item generation module 21, level of security upgrading module 22 and level of security degradation module 23, wherein:
List item generation module 21: the first neighbor entry that generates at neighbor device is set at regular grade with the level of security of this neighbor entry, and sets and allow to upgrade this neighbor entry.
Level of security upgrading module 22: with neighbor device security of operation characteristic agreement, passed through safety certification each other, and set up neighborhood, the level of security at the neighbor entry of this neighbor device that then list item generation module 21 is generated raises and is the security protocol level, and sets and do not allow to upgrade this neighbor entry.
Level of security degradation module 23: and the neighborhood between the neighbor device removes, and then the level of security at the neighbor entry of this neighbor device in the list item generation module 21 reverted to regular grade, and sets and allow to upgrade this neighbor entry.
In actual applications, the list item safety management equipment that provides of the embodiment of the invention also can comprise:
The list item module that wears out: for the level of security of preserving in the list item generation module 21 is that the neighbor entry of security protocol level is set long aging duration, for level of security is that the neighbor entry of regular grade is set short aging duration.
List item number administration module: the list item number of finding this device storage is greater than predetermined threshold value, then the deletion level of security is the neighbor entry of regular grade earlier, after if the neighbor entry of regular grade has been deleted, the list item number of this device storage is still greater than predetermined threshold value, then delete the neighbor entry that level of security is the security protocol level again, be not more than predetermined threshold value until the list item number of this device storage.
List item storage mode administration module: the storage mode that level of security is set is the neighbor entry of security protocol level is a permanent storage, and perhaps, the storage mode that level of security is set is the neighbor entry of security protocol level is that permanent storage or impermanent storage are optional; The storage mode that level of security is set is the neighbor entry of regular grade is impermanent storage.
Bandwidth allocation module: for level of security is the higher bandwidth of neighbor device distribution of the neighbor entry correspondence of security protocol level, is that the neighbor device of the neighbor entry correspondence of regular grade distributes lower bandwidth for level of security.
The above only is process of the present invention and method embodiment, in order to restriction the present invention, all any modifications of being made within the spirit and principles in the present invention, is not equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (15)
1, a kind of list item safety management method is characterized in that, this method comprises:
The first neighbor entry that generates at second equipment of first equipment is set at regular grade with the level of security of this neighbor entry, and sets and allow to upgrade this neighbor entry; Afterwards, first equipment and the second equipment operation security feature agreement have been passed through safety certification each other, and have been set up neighborhood, then first equipment will raise at the level of security of the neighbor entry of second equipment and be the security protocol level, and set and do not allow to upgrade this neighbor entry.
2, the method for claim 1 is characterized in that, described first equipment will raise at the level of security of the neighbor entry of second equipment and further comprise for after the security protocol level:
Neighborhood between first equipment and second equipment is removed, and then first equipment will revert to regular grade at the level of security of the neighbor entry of second equipment, and sets and allow to upgrade this neighbor entry.
3, the method for claim 1 is characterized in that, described first equipment and second equipment have been set up neighborhood and has been:
First equipment and second equipment have been set up Border Gateway Protocol (BGP) or ospf version three OSPFv3 neighborhoods.
4, the method for claim 1 is characterized in that, the first neighbor entry that generates at second equipment of described first equipment is:
First equipment and the second equipment operation neighbours find ND agreement or ARP, generate the neighbor entry at second equipment.
5, the method for claim 1 is characterized in that, described neighbor entry at second equipment comprises at least: the access port identifier of the IP address of second equipment, the link layer address of second equipment, second equipment.
6, the method for claim 1 is characterized in that, described method further comprises: for level of security is the short aging duration of neighbor entry setting of regular grade, for level of security is the aging duration of the neighbor entry setting of security protocol level than length.
7, the method for claim 1 is characterized in that, described method further comprises:
The list item number of first device discovery self storage is greater than predetermined threshold value, then the deletion level of security is the neighbor entry of regular grade earlier, after if the neighbor entry of regular grade has been deleted, the list item number of self storing is still greater than predetermined threshold value, then delete the neighbor entry that level of security is the security protocol level again, be not more than predetermined threshold value until the list item number of self storing.
8, the method for claim 1 is characterized in that, described method further comprises:
The storage mode that level of security is set is the neighbor entry of security protocol level is a permanent storage, and perhaps, the storage mode that level of security is set is the neighbor entry of security protocol level is that permanent storage or impermanent storage are optional;
The storage mode that level of security is set is the neighbor entry of regular grade is impermanent storage.
9, the method for claim 1 is characterized in that, described method further comprises:
First equipment is that level of security is the higher bandwidth of neighbor device distribution of the neighbor entry correspondence of security protocol level, is that the neighbor device of the neighbor entry correspondence of regular grade distributes lower bandwidth for level of security.
10, a kind of list item safety management equipment is characterized in that, this equipment comprises:
The list item generation module, the first neighbor entry that generates at neighbor device is set at regular grade with the level of security of this neighbor entry, and sets and allow to upgrade this neighbor entry;
Level of security upgrading module, with neighbor device security of operation characteristic agreement, passed through safety certification each other, and set up neighborhood, the level of security at the neighbor entry of this neighbor device that then the list item generation module is generated raises and is the security protocol level, and sets and do not allow to upgrade this neighbor entry.
11, equipment as claimed in claim 10 is characterized in that, described equipment further comprises:
Level of security degradation module, and the neighborhood between the neighbor device removes then reverts to regular grade with the level of security at the neighbor entry of this neighbor device in the list item generation module, and sets and allow to upgrade this neighbor entry.
12, equipment as claimed in claim 10 is characterized in that, described equipment further comprises:
The list item module that wears out is for level of security is that the neighbor entry of security protocol level is set long aging duration, for level of security is that the neighbor entry of regular grade is set short aging duration.
13, equipment as claimed in claim 10 is characterized in that, described equipment further comprises:
List item number administration module, the list item number of finding this device storage is greater than predetermined threshold value, then the deletion level of security is the neighbor entry of regular grade earlier, after if the neighbor entry of regular grade has been deleted, the list item number of this device storage is still greater than predetermined threshold value, then delete the neighbor entry that level of security is the security protocol level again, be not more than predetermined threshold value until the list item number of this device storage.
14, equipment as claimed in claim 10 is characterized in that, described equipment further comprises:
List item storage mode administration module, the storage mode that level of security is set is the neighbor entry of security protocol level is a permanent storage, perhaps, the storage mode that level of security is set is the neighbor entry of security protocol level is that permanent storage or impermanent storage are optional; The storage mode that level of security is set is the neighbor entry of regular grade is impermanent storage.
15, equipment as claimed in claim 10 is characterized in that, described equipment further comprises:
Bandwidth allocation module is the higher bandwidth of neighbor device distribution of the neighbor entry correspondence of security protocol level for level of security, is that the neighbor device of the neighbor entry correspondence of regular grade distributes lower bandwidth for level of security.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100859940A CN101567886B (en) | 2009-06-03 | 2009-06-03 | Entry security management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100859940A CN101567886B (en) | 2009-06-03 | 2009-06-03 | Entry security management method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101567886A true CN101567886A (en) | 2009-10-28 |
| CN101567886B CN101567886B (en) | 2012-04-25 |
Family
ID=41283835
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100859940A Active CN101567886B (en) | 2009-06-03 | 2009-06-03 | Entry security management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101567886B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103078799A (en) * | 2013-01-28 | 2013-05-01 | 华为技术有限公司 | Processing method and device of neighbor entries |
| CN104283795A (en) * | 2014-10-11 | 2015-01-14 | 杭州华三通信技术有限公司 | Method and device for refreshing multicast table item |
| CN106170946A (en) * | 2015-03-13 | 2016-11-30 | 华为技术有限公司 | The network equipment and the method for terminal equipment in communication, the network equipment and terminal unit |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100536474C (en) * | 2006-09-14 | 2009-09-02 | 杭州华三通信技术有限公司 | Method and equipment for preventing network attack by using address analytic protocol |
| CN101175080A (en) * | 2007-07-26 | 2008-05-07 | 杭州华三通信技术有限公司 | Method and system for preventing ARP message attack |
-
2009
- 2009-06-03 CN CN2009100859940A patent/CN101567886B/en active Active
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103078799A (en) * | 2013-01-28 | 2013-05-01 | 华为技术有限公司 | Processing method and device of neighbor entries |
| CN103078799B (en) * | 2013-01-28 | 2015-11-25 | 华为技术有限公司 | The processing method of neighbor entry and device |
| CN104283795A (en) * | 2014-10-11 | 2015-01-14 | 杭州华三通信技术有限公司 | Method and device for refreshing multicast table item |
| CN104283795B (en) * | 2014-10-11 | 2018-04-10 | 新华三技术有限公司 | A kind of multicast list brush new method and apparatus |
| CN106170946A (en) * | 2015-03-13 | 2016-11-30 | 华为技术有限公司 | The network equipment and the method for terminal equipment in communication, the network equipment and terminal unit |
| US10469445B2 (en) | 2015-03-13 | 2019-11-05 | Huawei Technologies Co., Ltd. | Method for communication between network device and terminal device, network device, and terminal device |
| CN106170946B (en) * | 2015-03-13 | 2020-07-24 | 华为技术有限公司 | Method for communication between network equipment and terminal equipment, network equipment and terminal equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101567886B (en) | 2012-04-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10084751B2 (en) | Load balancing among a cluster of firewall security devices | |
| CN110771118B (en) | Seamless mobility and session continuity with TCP mobility options | |
| US9288183B2 (en) | Load balancing among a cluster of firewall security devices | |
| US8327437B2 (en) | Securing network traffic by distributing policies in a hierarchy over secure tunnels | |
| US9917845B2 (en) | Link discovery method and apparatus | |
| EP3070902B1 (en) | Mitigating neighbor discovery-based denial of service attacks | |
| US20080104692A1 (en) | Virtual security interface | |
| US11362837B2 (en) | Generating trustable RPL messages having root-signed rank values | |
| US9258213B2 (en) | Detecting and mitigating forwarding loops in stateful network devices | |
| US10250634B2 (en) | Apparatus, system, and method for protecting against denial of service attacks using one-time cookies | |
| US8819790B2 (en) | Cooperation method and system between send mechanism and IPSec protocol in IPV6 environment | |
| CN101567886B (en) | Entry security management method and device | |
| JP4305087B2 (en) | Communication network system and security automatic setting method thereof | |
| CN101557397B (en) | Table item management method and equipment | |
| US9571459B2 (en) | Synchronizing a routing-plane and crypto-plane for routers in virtual private networks | |
| Cisco | Network Design Considerations | |
| Chang et al. | Using resource public key infrastructure for secure border gateway protocol | |
| JP2005065004A (en) | Method, device and program for inspecting encrypted communication data | |
| CN101257486B (en) | Method for PANA client terminal to discover PANA authentication representative in IPv6 | |
| CN118511480A (en) | Communication device for facilitating IKE communications and methods therein | |
| Sami | DATA COMMUNICATION SECURITY AND VPN INSTALLATION: BANGLADESH PERSPECTIVES | |
| Chunduri et al. | The Keying and Authentication for Routing Protocol (KARP) IS-IS Security Analysis | |
| Khalid et al. | Security Issue of BGP in complex Peering and Transit Networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address |