公开(公告)号：US11277391B2

公开(公告)日：2022-03-15

申请号：US16710993

申请日：2019-12-11

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Lihua Mao ,  Bizhen Liu ,  Xueming Mei ,  Yulei Zhang ,  Bing Ni

IPC: H04L29/06 ,  H04L45/74 ,  H04L61/2503

Abstract: A method includes obtaining, by a first network device comprising a processor, characteristic information from an encrypted packet received from a second network device based on a determination that the first network device cannot decrypt the encrypted packet. The first network device is free from having an internet protocol security (IPsec) security association (SA), and the second network device has the IPsec SA. The method also includes generating, by the first network device, generating an informational exchange packet when the first network device obtains, based on the characteristic information, an internet key exchange (IKE) SA corresponding to the characteristic information. The informational exchange packet instructs the second network device to delete the IPsec SA on the second network device. The method further includes sending, by the first network device, the informational exchange packet to the second network device.