CN111294223B - Method and system for configuring multiple isolation spaces in strongswan - Google Patents
Method and system for configuring multiple isolation spaces in strongswan Download PDFInfo
- Publication number
- CN111294223B CN111294223B CN201811497869.6A CN201811497869A CN111294223B CN 111294223 B CN111294223 B CN 111294223B CN 201811497869 A CN201811497869 A CN 201811497869A CN 111294223 B CN111294223 B CN 111294223B
- Authority
- CN
- China
- Prior art keywords
- isolation
- isolation space
- space
- names
- isolated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a system for configuring multiple isolation spaces in strongswan, wherein the method comprises the following steps: adding an isolation space keyword used for representing an isolation space name in the keyword of the strongswan in advance; creating each configuration file of strongswan in the current equipment, wherein at least two isolation spaces are defined in each configuration file through the key words of the isolation spaces; and establishing a respective security association for each isolation space based on the respective profiles, each security association being used for characterizing a vpn connection of the current device. The technical scheme provided by the application can realize multi-isolation space configuration in the strongswan, thereby improving the resource utilization rate of equipment.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a method and a system for configuring multiple isolated spaces in strongswan.
Background
With the continuous development of internet technology, VPN (Virtual Private Network) is gradually applied to networking interconnection between a headquarters of an organization and branch offices. The VPN virtualizes a 'private line' by using the existing internet outlet of an organization, and connects the branch organization and the headquarters of the organization to form a large local area network.
In the original VPN system based on TCP/IP, any user capable of entering the line can analyze all communication data. In order to improve the Security of the VPN system, an IPsec (Internet Protocol Security) Protocol is introduced into the VPN. The IPsec VPN can provide site-to-site (site-to-site), end-to-end (end-to-end) and end-to-site (end-to-site) secure communication, and the IPsec protocol can use routable addresses in the Internet to package IP addresses of internal networks through a data packet packaging technology, so that the intercommunication of different-place networks is realized.
At present, strongswan can be utilized to implement a specific scheme of IPsec VPN. Strongswan may use an Internet key exchange protocol to establish a Security Association (SA) between two peers, through which secure transmission of data packets may be achieved.
However, the existing strongswan does not support a scenario with multiple isolated spaces, and thus has a low resource utilization rate.
Disclosure of Invention
The application aims to provide a method and a system for configuring multiple isolation spaces in a strongswan, which can realize the configuration of the multiple isolation spaces in the strongswan, thereby improving the resource utilization rate of equipment.
In order to achieve the above object, an aspect of the present application provides a method for configuring multiple isolated spaces in a strongswan, where the method includes: adding an isolation space keyword used for representing an isolation space name in the keyword of the strongswan in advance; creating each configuration file of strongswan in current equipment, wherein at least two isolation spaces are defined in each configuration file through the key words of the isolation spaces; and creating a respective security association for each of the isolated spaces based on the respective profiles, each security association being used to characterize a vpn connection of the current device.
In order to achieve the above object, another aspect of the present application further provides a system for configuring multiple isolated spaces in a strongswan, the system including: the system comprises an isolation space keyword adding unit, a separating space keyword adding unit and a separating space keyword adding unit, wherein the isolation space keyword adding unit is used for adding an isolation space keyword used for representing an isolation space name in a strongswan keyword in advance; a configuration file creating unit, configured to create each configuration file of strongswan in current equipment, where at least two isolation spaces are defined in each configuration file by the isolation space keyword; and a security association creating unit, configured to create, based on the respective profiles, a respective security association for each isolation space, where each security association is used to characterize one vpn connection of the current device.
Therefore, according to the technical scheme provided by the application, the isolation space keyword used for representing the name of the isolation space can be added in the strongswan keyword in advance. The isolation space key may be "ns", for example, and a value is assigned to the isolation space key, so that a plurality of isolation spaces can be defined in each configuration file of strongswan. The resources used by these isolated spaces can be isolated from each other, thereby ensuring that each isolated space is a separate individual. In this way, a plurality of resource-isolated isolation spaces can be partitioned in the current device by the created configuration file, and then according to the created configuration file, a respective security association can be created for each isolation space, and each security association can represent one vpn connection on the current device. Thus, the current device which originally can only support one vpn connection can simultaneously support a plurality of different vpn connections after being configured in a multi-isolation space. Subsequently, after a data packet is sent to the current device, the current device may determine which isolation space the data packet is sent for, so that the data packet may be processed through the SA corresponding to the determined isolation space. Therefore, the technical scheme provided by the application can realize multi-isolation space configuration of resource isolation in the strongswan, so that the resource utilization rate of the current equipment is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a diagram illustrating the steps of a method for configuring multiple isolation spaces according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a method for configuring multiple isolation spaces according to an embodiment of the present invention;
fig. 3 is a functional block diagram of a multi-isolated space configuration system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
The present application provides a method for configuring multiple isolated spaces in a strongswan, please refer to fig. 1 and fig. 2, which may include the following steps.
S1: adding an isolation space keyword used for representing the name of an isolation space in the keyword of the strongswan in advance.
In strongswan, there are usually some preset keywords (keywords) that can be used as legal characters in creating a configuration file. For example, strongswan may include "IP" in the keyword, and then in the configuration file, a value may be assigned to a certain IP address in such a manner of "IP = 114.114.114.114". The keywords predefined in the strongswan can be directly used in the configuration file, and the strongswan can normally recognize the predefined keywords.
Currently, if a multi-isolation space configuration needs to be implemented in a strongswan, isolation space names of different isolation spaces need to be defined in a configuration file of the strongswan. In the original strongswan, the keyword for representing the name of the isolation space is not defined in advance. Therefore, if the isolated space name is defined directly in the configuration file, strongswan will report an error when reading the configuration file because the isolated space name cannot be identified. In view of this, in the present embodiment, an isolated space key for representing an isolated space name may be added to the key of the strongswan in advance. For example, the isolation space key that characterizes the name of the isolation space may be "ns". Of course, in an actual application scenario, the form of the isolation space keyword may be changed as needed. After the above mentioned isolated space keyword is added to the strongswan keyword, the isolated space keyword becomes a legal character in the configuration file. In this way, an isolated space with an isolated space name "user1" can be defined in the configuration file in a manner similar to "ns = user 1".
S3: creating each configuration file of strongswan in the current equipment, wherein at least two isolation spaces are defined in each configuration file through the key words of the isolation spaces.
In this embodiment, the current device may be a device installed with strongswan, so that the current device may be configured as a VPN server supporting multiple isolation spaces through strongswan. After the isolation space key is added to the key of the strongswan, the creation of each configuration file of the strongswan in the current device can be started. Specifically, the configuration files may include, for example, ipsec. Since the isolation space keyword is added to the strongswan keyword, in each configuration file, a plurality of isolation spaces can be defined by the isolation space keyword, and then corresponding content is set for each isolation space.
In one embodiment, in the connection configuration conn of the ipsec. For example, the isolation space names "user1" and "user2" may be defined by "ns = user1" and "ns = user2", respectively. Each isolation space name may correspond to an independent isolation space for resource isolation. After defining the quarantine space names, a public network IP address may be assigned to each of the quarantine space names, respectively. Specifically, the current device may select a plurality of different public network IP addresses, the number of which is consistent with the number of defined isolation space names, from currently available public network IP addresses, and then assign the different public network IP addresses to the respective isolation space names one by one, so that each defined isolation space name has its own public network IP address, and the public network IP addresses corresponding to different isolation space names are different from each other. Therefore, the public network IP address can be used as a key value of the isolation space, and the corresponding isolation space can be inquired through the public network IP address.
In one embodiment, for configuration files of a key system and a log system, the at least two isolated space names defined in an ipsec. Conf configuration file may be added to the key system and the log system, so that an isolated configuration of each of the at least two isolated space names may be created in the key system and the log system.
In an embodiment, after a plurality of isolation spaces are defined in each configuration file, a corresponding intranet IP address segment may be continuously allocated to each isolation space, so as to complete the creation of a virtual IP pool (virtual IP pool). The intranet IP address segment may be used to direct external traffic to devices on the internal network. Specifically, the isolated space names of the at least two isolated spaces in the configuration file may be obtained, and an intranet IP address segment may be allocated to each obtained isolated space name. In order to prevent repeated intranet IP address segments from being present between different isolation spaces, which may cause address conflicts when processing externally introduced data traffic, in this embodiment, for a current isolation space name in each of the isolation space names, after allocating an intranet IP address segment to the current isolation space name, the current isolation space name may be marked in the intranet IP address segment allocated to the current isolation space name. Wherein, the current isolation space name can be marked in the allocated intranet IP address segment as a prefix or a suffix. For example, if the current namespace name is test, then after assigning an intranet IP address segment of 192.168.1.1/24 to the current namespace name, the intranet IP address segment to which the current namespace name corresponds may be represented as "test _192.168.1.1/24". Therefore, when the intranet IP address section is subsequently distributed to other isolation space names, the intranet IP address section which is not marked with the isolation space name can be selected, and the problem of intranet IP address conflict among different isolation spaces is solved. Thus, after the intranet IP address segment is allocated in the above manner, the intranet IP address segments corresponding to different isolation space names are different from each other.
In this embodiment, after a plurality of isolation spaces are defined in each configuration file, the name of each isolation space in the configuration file may be read by a message passing process in strongswan. The message transmission process can be a click process created by a message transmission mechanism click msg in the click process, the click process can transmit the read names of the isolation spaces to a click main process, and subsequently, the names of the isolation spaces can be allocated with non-conflicting intranet IP address segments through the click main process, so that the creation process of the virtual IP pool is completed.
S5: and establishing a respective security association for each isolation space based on the respective profiles, each security association being used for characterizing a vpn connection of the current device.
In this embodiment, after completing the creation of the configuration file, the strongswan main process may create respective Security Associations (SAs) for each isolation space based on each configuration file, where each SA may represent one vpn connection of the current device, so that the current device may have a plurality of different vpn connections at the same time.
In this embodiment, each SA can implement secure transmission of data packets between two peers in the existing manner. Specifically, in the SA of the isolation space, various pieces of information of the isolation space set in the configuration file created before may be included, and these pieces of information may define the network configuration corresponding to the isolation space and the forwarding rule of the data packet. For example, the SA of the isolated space may indicate an encryption/decryption policy of the data packet, how the data packet should be transmitted, and to which intranet device the data packet should be led or forwarded to which relay device for further transmission. Thus, in this embodiment, when the current device receives a data packet, a target security association to which the data packet points may be determined in each created security association, and the data packet is processed according to a network configuration and a forwarding rule defined by the target security association.
Specifically, in an embodiment, a destination public network IP address may be noted in the data packet, so that after receiving the data packet, the current device may extract the destination public network IP address from the data packet, and query the target isolation space having the destination public network IP address in the at least two defined isolation spaces. Specifically, since the isolation space and the public network IP address are in a one-to-one correspondence relationship, the target public network IP address can be used as a key value to query the corresponding target isolation space. The security association created for the target isolation space may then be used as the target security association to which the data packet is directed. After the target security association is determined, the data message can be processed through a network configuration and forwarding rule defined by the target security association.
In practical application, the data packet may be encapsulated or unpacked according to a mode limited by a target security association. In addition, the key information of the target isolation space can be inquired in a key system, and the data message is encrypted or decrypted based on the key information of the target isolation space. In addition, the log information of the target isolation space can be queried in a log system, and the processing process aiming at the data message at this time is recorded in the log information of the target isolation space.
In one embodiment, the target security association may define whether the data packet corresponding to the target isolation space is forwarded to the relay device or is introduced into the intranet device according to the previously allocated intranet IP address segment. Therefore, when the data packet is processed according to the network configuration and forwarding rule defined by the target security association, the data packet may be forwarded to the relay device, so as to continue to transmit the data packet through the relay device, or the intranet IP address segment of the target isolation space may be queried, and the data packet may be forwarded to the intranet device corresponding to the intranet IP address segment.
As can be seen from the above, by defining a plurality of isolation spaces for resource isolation in each configuration file, isolation of connection configuration, isolation of a key system, isolation of a log system, isolation of security association, and isolation of a virtual ip pool among the plurality of isolation spaces can be implemented in the current device. Each isolation space can correspond to a public network IP address, and for the current equipment, the situation that only one vpn connection is originally supported can be changed into the situation that a plurality of vpn connections can be simultaneously supported, so that the resources of the current equipment are fully utilized.
Referring to fig. 3, the present application further provides a multiple isolated space configuration system in a strongswan, where the system includes:
the system comprises an isolation space keyword adding unit, a separating space keyword adding unit and a separating space keyword adding unit, wherein the isolation space keyword adding unit is used for adding an isolation space keyword used for representing an isolation space name in a strongswan keyword in advance;
a configuration file creating unit, configured to create each configuration file of strongswan in current equipment, where at least two isolation spaces are defined in each configuration file by the isolation space keyword;
and a security association creating unit, configured to create, based on the respective profiles, a respective security association for each isolation space, where each security association is used to characterize one vpn connection of the current device.
In one embodiment, the profile creating unit includes:
the connection configuration module is used for defining at least two isolation space names through the isolation space keywords in connection configuration and respectively distributing public network IP addresses to the isolation space names; the public network IP addresses corresponding to different isolation space names are different;
a key configuration module to add the at least two isolated space names to a key system to create an isolated configuration for each of the at least two isolated space names in the key system;
a log configuration module, configured to add the at least two isolated space names to a log system, so as to create an isolated configuration of each of the at least two isolated space names in the log system.
As shown in fig. 3, in one embodiment, the system further comprises:
an intranet IP address segment allocation unit, configured to acquire isolation space names of the at least two isolation spaces in the configuration file, and allocate respective intranet IP address segments to the acquired isolation space names; and the intranet IP address sections corresponding to different isolation space names are different.
As shown in fig. 3, in one embodiment, the system further comprises:
and the data message processing unit is used for determining a target security association pointed by the data message in each created security association when the current equipment receives the data message, and processing the data message through a network configuration and forwarding rule limited by the target security association.
Therefore, according to the technical scheme provided by the application, the isolation space keywords used for representing the names of the isolation spaces can be added in the keywords of the strongswan in advance. The isolation space key may be "ns", for example, and a value is assigned to the isolation space key, so that a plurality of isolation spaces can be defined in each configuration file of strongswan. The resources used by these isolated spaces can be isolated from each other, thereby ensuring that each isolated space is a separate individual. In this way, a plurality of resource-isolated isolation spaces can be partitioned in the current device by the created configuration file, and then according to the created configuration file, a respective security association can be created for each isolation space, and each security association can represent one vpn connection on the current device. Thus, the current device which originally can only support one vpn connection can simultaneously support a plurality of different vpn connections after being configured by multiple isolation spaces. Subsequently, after a data packet is sent to the current device, the current device may determine which isolation space the data packet is sent for, so that the data packet may be processed through the SA corresponding to the determined isolation space. Therefore, the technical scheme provided by the application can realize multi-isolation space configuration of resource isolation in the strongswan, so that the resource utilization rate of the current equipment is improved.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (13)
1. A method for configuring multiple isolated spaces in Strongswan, the method comprising:
adding isolation space keywords for representing names of isolation spaces in a keyword list of the strongswan in advance, wherein each isolation space name corresponds to one isolation space; creating each configuration file of strongswan in current equipment, wherein at least two isolation spaces are defined in each configuration file through the key words of the isolation spaces;
and creating a respective security association for each of the isolated spaces based on the respective profiles, each security association being used to characterize a vpn connection of the current device.
2. The method of claim 1, wherein after creating the respective configuration files for strongswan in the current device, the method further comprises:
obtaining the isolated space names of the at least two isolated spaces in the configuration file, and allocating respective intranet IP address segments to the obtained isolated space names; and the intranet IP address sections corresponding to different isolation space names are different.
3. The method of claim 2, wherein obtaining the namespace names of the at least two isolation spaces in the configuration file comprises:
and reading the isolated space names of the at least two isolated spaces in the configuration file through a message transmission process in the strongswan, and transmitting the read isolated space names to a strongswan main process.
4. The method according to claim 2 or 3, wherein allocating a respective intranet IP address segment to each obtained isolation space name comprises:
and aiming at the current isolation space name in each isolation space name, allocating an intranet IP section to the current isolation space name, and marking the current isolation space name in the intranet IP address section allocated to the current isolation space name.
5. The method according to claim 1, wherein defining at least two isolated spaces in each configuration file by the isolated space keyword comprises:
defining at least two isolation space names through the isolation space keywords in the connection configuration, and respectively allocating public network IP addresses to the isolation space names; the public network IP addresses corresponding to different isolation space names are different;
adding the at least two isolation space names to a key system and a log system to create an isolation configuration for each of the at least two isolation space names in the key system and the log system.
6. The method of claim 5, wherein after creating a respective security association for each of the isolated spaces, the method further comprises:
when the current equipment receives a data message, determining a target security association pointed by the data message in each created security association, and processing the data message according to a network configuration and a forwarding rule limited by the target security association.
7. The method of claim 6, wherein determining a target security association to which the data packet is directed among the created security associations comprises:
extracting a destination public network IP address from the data message, and inquiring a target isolation space with the destination public network IP address in the at least two defined isolation spaces;
and taking the security association established for the target isolation space as the target security association pointed by the data message.
8. The method of claim 6, wherein processing the data packet according to the network configuration and forwarding rules defined by the target security association comprises:
inquiring key information of the target isolation space in a key system, and encrypting or decrypting the data message based on the key information of the target isolation space;
and inquiring the log information of the target isolation space in a log system, and recording the processing process aiming at the data message in the log information of the target isolation space.
9. The method of claim 6 or 8, wherein processing the data packet according to the network configuration and forwarding rules defined by the target security association comprises:
forwarding the data message to relay equipment so as to continuously transmit the data message through the relay equipment;
or
And inquiring the intranet IP address segment of the target isolation space, and forwarding the data message to intranet equipment corresponding to the intranet IP address segment.
10. A system for configuring multiple isolated spaces in a strongswan, the system comprising:
the system comprises an isolation space keyword adding unit, a separating space keyword adding unit and a separating space keyword adding unit, wherein the isolation space keyword adding unit is used for adding an isolation space keyword used for representing an isolation space name in a strongswan keyword in advance, and each isolation space name corresponds to an isolation space;
a configuration file creating unit, configured to create each configuration file of strongswan in current equipment, where at least two isolation spaces are defined in each configuration file by the isolation space keyword;
and a security association creating unit, configured to create a respective security association for each isolation space based on the respective configuration file, where each security association is used to characterize a vpn connection of the current device.
11. The system according to claim 10, wherein the profile creating unit comprises:
the connection configuration module is used for defining at least two isolated space names through the isolated space keywords in connection configuration and respectively allocating public network IP addresses to the isolated space names; the public network IP addresses corresponding to different isolation space names are different;
a key configuration module to add the at least two isolation space names to a key system to create an isolation configuration for each of the at least two isolation space names in the key system;
a log configuration module, configured to add the at least two isolated space names to a log system, so as to create an isolated configuration of each of the at least two isolated space names in the log system.
12. The system of claim 10, further comprising:
an intranet IP address segment allocation unit, configured to acquire isolation space names of the at least two isolation spaces in the configuration file, and allocate respective intranet IP address segments to the acquired isolation space names; and the intranet IP address sections corresponding to different isolation space names are different.
13. The system according to claim 10 or 12, characterized in that the system further comprises:
and the data message processing unit is used for determining a target security association pointed by the data message in each created security association when the current equipment receives the data message, and processing the data message according to a network configuration and forwarding rule limited by the target security association.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811497869.6A CN111294223B (en) | 2018-12-07 | 2018-12-07 | Method and system for configuring multiple isolation spaces in strongswan |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811497869.6A CN111294223B (en) | 2018-12-07 | 2018-12-07 | Method and system for configuring multiple isolation spaces in strongswan |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111294223A CN111294223A (en) | 2020-06-16 |
| CN111294223B true CN111294223B (en) | 2022-11-18 |
Family
ID=71028042
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811497869.6A Active CN111294223B (en) | 2018-12-07 | 2018-12-07 | Method and system for configuring multiple isolation spaces in strongswan |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111294223B (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6938155B2 (en) * | 2001-05-24 | 2005-08-30 | International Business Machines Corporation | System and method for multiple virtual private network authentication schemes |
| ZA200508074B (en) * | 2004-10-14 | 2007-12-27 | Microsoft Corp | System and methods for providing network quarantine using ipsec |
| US7643488B2 (en) * | 2006-09-29 | 2010-01-05 | Nortel Networks Limited | Method and apparatus for supporting multiple customer provisioned IPSec VPNs |
| US9813343B2 (en) * | 2013-12-03 | 2017-11-07 | Akamai Technologies, Inc. | Virtual private network (VPN)-as-a-service with load-balanced tunnel endpoints |
-
2018
- 2018-12-07 CN CN201811497869.6A patent/CN111294223B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111294223A (en) | 2020-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11362987B2 (en) | Fully qualified domain name-based traffic control for virtual private network access control | |
| US12015666B2 (en) | Systems and methods for distributing partial data to subnetworks | |
| CN105453488B (en) | For handling the method and system of DNS request | |
| US10645057B2 (en) | Domain name system identification and attribution | |
| US12058094B1 (en) | System and method for enabling communication between networks with overlapping IP address ranges | |
| US9344429B2 (en) | Network apparatus based on content name and method for protecting content | |
| US20160226815A1 (en) | System and method for communicating in an ssl vpn | |
| US9787581B2 (en) | Secure data flow open information analytics | |
| US8543676B2 (en) | Delegated resource use in a content based routing environment | |
| CN110971714B (en) | Enterprise exit access request processing method, device and system | |
| JP4835569B2 (en) | Virtual network system and virtual network connection device | |
| CN102447626A (en) | Backbone network with policy driven routing | |
| US9860171B2 (en) | Large scale message routing in a distributed network | |
| CN114422160B (en) | Virtual firewall setting method and device, electronic equipment and storage medium | |
| CN111294223B (en) | Method and system for configuring multiple isolation spaces in strongswan | |
| CN101803343B (en) | Identifying subnet address range from DNS information | |
| CN109451094B (en) | Method, system, electronic device and medium for acquiring IP address of source station | |
| KR102103704B1 (en) | Systems and Methods for Providing a ReNAT Communications Environment | |
| CN114531417B (en) | Communication method and device | |
| CN102299942A (en) | Method and system for managing agent network device | |
| AU2023203129B2 (en) | Systems and methods for distributing partial data to subnetworks | |
| US12149755B2 (en) | Streaming proxy service | |
| US11949593B2 (en) | Stateless address translation at an autonomous system (AS) boundary for host privacy | |
| KR100891713B1 (en) | Gateway, method and computer program recording medium for making ip address transparent | |
| US20230336793A1 (en) | Streaming proxy service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |