Abstract: An embodiment of a Network Virtualization Edge (NVE) device for transmitting packets receives a packet including a source address and a destination address. The NVE device obtains an active-active access configuration information list including a first entry and a second entry, where the first entry includes an identifier of a first active-active group, a Virtual Network Instance (VNI), and an identifier of the NVE device, and the second entry includes an identifier of a second active-active group, a VNI, and identifiers of at least two NVE devices that belong to the second active-active group. The NVE device obtains the VNI according to the identifier of the NVE device, searches for one active-active group corresponding to the VNI, selects a second NVE device from the at least two NVE devices; and encapsulates the packet using an identifier of the second NVE device and the VNI, and sends the packet.

Abstract: An embodiment of a Network Virtualization Edge (NVE) device for transmitting packets receives a packet including a source address and a destination address. The NVE device obtains an active-active access configuration information list including a first entry and a second entry, where the first entry includes an identifier of a first active-active group, a Virtual Network Instance (VNI), and an identifier of the NVE device, and the second entry includes an identifier of a second active-active group, a VNI, and identifiers of at least two NVE devices that belong to the second active-active group. The NVE device obtains the VNI according to the identifier of the NVE device, searches for one active-active group corresponding to the VNI, selects a second NVE device from the at least two NVE devices; and encapsulates the packet using an identifier of the second NVE device and the VNI, and sends the packet.

Abstract: A communication system includes a first apparatus and a second apparatus. The first apparatus is configured to: attach first and second message length information to a first and second SYSLOG message, respectively; form at least a portion of a transport payload by adding a first portion and a second portion thereto, wherein the first portion includes the first SYSLOG message with the attached first message length information, and the second portion includes the second SYSLOG message with the attached second message length information; and send the transport payload. The second apparatus is configured to: parse the first and second SYSLOG messages one by one from the transport payload.

Abstract: A communication system includes a first apparatus and a second apparatus. The first apparatus is configured to: attach first and second message length information to a first and second SYSLOG message, respectively; form at least a portion of a transport payload by adding a first portion and a second portion thereto, wherein the first portion includes the first SYSLOG message with the attached first message length information, and the second portion includes the second SYSLOG message with the attached second message length information; and send the transport payload. The second apparatus is configured to: parse the first and second SYSLOG messages one by one from the transport payload.

Abstract: A method for transferring network event protocol messages includes: attaching message length information to SYSLOG (network event protocol) messages; the receiver of the SYSLOG messages parses the SYSLOG messages from the received transport payload according to the message length information. By means of the method in this invention, SYSLOG messages can be rapidly parsed from the received transport payload by the receiver of the SYSLOG messages.

Abstract: A method for transferring network event protocol messages includes: attaching message length information to SYSLOG (network event protocol) messages; the receiver of the SYSLOG messages parses the SYSLOG messages from the received transport payload according to the message length information. By means of the method in this invention, SYSLOG messages can be rapidly parsed from the received transport payload by the receiver of the SYSLOG messages.

Abstract: A method for transferring network event protocol messages includes: attaching message length information to SYSLOG (network event protocol) messages; the receiver of the SYSLOG messages parses the SYSLOG messages from the received transport payload according to the message length information. By means of the method in this invention, SYSLOG messages can be rapidly parsed from the received transport payload by the receiver of the SYSLOG messages.

Abstract: Method and systems for user authentication are provided according to the embodiments of the invention. The method mainly includes: sending, by a management station, an authentication request message of an authentication protocol to a managed device via a management protocol, and sending user authentication information to the managed device; and authenticating the user by the managed device via the authentication protocol or a authentication server based on the received user authentication information, and returning an authentication acknowledgement message of the authentication protocol carrying the authentication result to the management station via the management protocol. The system mainly includes a management station and a managed device; or, a management station, a managed device and a backend authentication server. With the present invention, methods and systems for user authentication with a good extensibility and a widened application are provided.

Abstract: A system and method for implementing security of multi-party communication is disclosed in the disclosure. The system mainly includes a group key management unit and a record protocol unit. The method mainly includes when the system runs in the centralized group key management mode, the Group Controller and Key Server (GCKS) establishes and stores a Group Security Association, the GCKS negotiates with the group members to establish an Initiation Security Association, under the protection of the Initiation Security Association, the group members obtain the Group Security Association from GCKS. When the system runs in the distributed group key management mode, a Group Security Association is established by all the group members together at the beginning of the group communication.

Abstract: A method for mobile IPv6 data traversing a state firewall includes: creating an entry item of a firewall including a source HoA, a source CoA, a destination HoA, a destination CoA, a source port, a destination port and a protocol number; matching the source CoA, destination CoA, source port, destination port and protocol number of the data packet with those in the entry item; if unsuccessful, matching the source HoA or CoA, destination CoA or HoA, source port, destination port and protocol number of the data packet with those in the entry item; if successful, replacing the source CoA or destination CoA in the entry item by those of the data packet, and allowing the data packet to traverse the firewall, which improves the efficiency of a data packet traversing a firewall and guarantees that the data packet passing the filtering of firewall is able to traverse the firewall normally.

Abstract: A method for packet transmission in an MIP network is disclosed. A mobile node sends to a Home Agent (HA) a first Firewall Detection (FD) packet encapsulated with IP security (IPsec) protocol and a second FD packet encapsulated with the IPsec protocol and User Datagram Payload (UDP) protocol. The mobile node determines whether there is a firewall blocking an IPsec packet between the mobile node and the HA according to a Firewall Detection Reply (FDR) packet from the HA. If there is a firewall, packets are encapsulated with the UDP protocol and binding update and packet exchange are performed; otherwise, binding update and packet exchange are performed. A mobile node for packet transmission is also provided. Embodiments of the present invention enables the mobile node to exchange a packet with a correspondent node when there is a firewall not supporting the IPsec protocol between the mobile node and the HA.

Abstract: A method for realizing the network security by segmenting the TTL (time to live), includes: assigning the different TTL segments to the wholesale service provider network, the lower service provider network and the user network in the service provider network-building; realizing the TTL Partition Security Mechanism (TPSM) in the wholesale service provider network and the lower service provider network simultaneously using the assigned TTL segments. And a system for realizing the network security by segmenting the TTL is provided, in the condition of the service provider CsC network-building, TPSM is realized simultaneously in the wholesale service provider network and the lower service provider network.

Abstract: A method and a system for obtaining a Security Shell (SSH) host key of a managed device, including: while detecting the managed device, the management station obtaining the related information of the SSH host key in a UDP transport mode. According to the present invention, the management station can obtain the SSH host key and at the same time detect the managed device. As a result, the workload of the distribution management of the host key is reduced and the speed of the host key distribution is increased.

Abstract: A network authentication, authorization and accounting system and a method thereof, wherein said system comprises: a subscriber device, via which a subscriber is connected with the network; an access server, connected with the subscriber device and designed to enable the subscriber device to access the network; an AAA server, connected with the access server and designed to collaborate with the access server to accomplish authentication, authorization, and accounting for the subscriber accessing the network; a service server, connected with the access server, designed to provide specific services, to exchange authentication and authorization information with the AAA server, and to interact with the subscriber device to provide the service; a service accounting server, connected with the service server, designed to collaborate with the service server to accomplish accounting for service resource use of the subscriber, and to send the accounting data to the AAA server.

Abstract: Method and systems for user authentication are provided according to the embodiments of the invention. The method mainly includes: sending, by a management station, an authentication request message of an authentication protocol to a managed device via a management protocol, and sending user authentication information to the managed device; and authenticating the user by the managed device via the authentication protocol or a authentication server based on the received user authentication information, and returning an authentication acknowledgement message of the authentication protocol carrying the authentication result to the management station via the management protocol. The system mainly includes a management station and a managed device; or, a management station, a managed device and a backend authentication server. With the present invention, methods and systems for user authentication with a good extensibility and a widened application are provided.

Abstract: A system and method for implementing security of multi-party communication is disclosed in the disclosure. The system mainly includes a group key management unit and a record protocol unit. The method mainly includes when the system runs in the centralized group key management mode, the Group Controller and Key Server (GCKS) establishes and stores a Group Security Association, the GCKS negotiates with the group members to establish an Initiation Security Association, under the protection of the Initiation Security Association, the group members obtain the Group Security Association from GCKS. When the system runs in the distributed group key management mode, a Group Security Association is established by all the group members together at the beginning of the group communication.

Abstract: A management network security framework and its information processing method are disclosed. The management network security framework under the present disclosure includes a management station and a managed device. The method under the present disclosure includes: a secure transfer channel is established between the management station and the managed device; the managed device authenticates the management station; and information is exchanged between the management station and the managed device through the secure transfer channel. The embodiment of the present disclosure combines the AAA system, the upper-layer management protocol and the lower-layer security protocol organically.

Abstract: A method for communication of MIPv6 mobile nodes, comprising: the mobile node accesses network at access location and obtains care of address, calculating a privacy identifier PID using the care of address etc. the mobile node replaces its home address by the PID, and sends the PID and the care of address together as binding update message to the home agent and correspondent node, the home agent and correspondent node recover the home address for the mobile node using the PID after they have received the binding update message. The method for communication of MIPv6 mobile nodes according to the present invention uses that a configuring replaced identifier replacing the home address is sent, thereby hiding Ipv6 address. By setting PID and its algorithm, we improve the sequence number in the binding update messages enabling the sequence number has randomness, and prevent the intercepting person continue tracking the mobile node through the home address.

Abstract: A network authentication, authorization and accounting system and a method thereof, wherein said system comprises: a subscriber device, via which a subscriber is connected with the network; an access server, connected with the subscriber device and designed to enable the subscriber device to access the network; an AAA server, connected with the access server and designed to collaborate with the access server to accomplish authentication, authorization, and accounting for the subscriber accessing the network; a service server, connected with the access server, designed to provide specific services, to exchange authentication and authorization information with the AAA server, and to interact with the subscriber device to provide the service; a service accounting server, connected with the service server, designed to collaborate with the service server to accomplish accounting for service resource use of the subscriber, and to send the accounting data to the AAA server.

Abstract: A method for realizing the network security by segmenting the TTL (time to live), includes: assigning the different TTL segments to the wholesale service provider network, the lower service provider network and the user network in the service provider network-building; realizing the TTL Partition Security Mechanism (TPSM) in the wholesale service provider network and the lower service provider network simultaneously using the assigned TTL segments. And a system for realizing the network security by segmenting the TTL is provided, in the condition of the service provider CsC network-building, TPSM is realized simultaneously in the wholesale service provider network and the lower service provider network.