摘要:
In a system for providing an IPTV service, if a multicast address of an IPTV channel received from a head-end is a multicast address requested by a mobile node through a tunnel, an end router confirms a care of address (CoA) of the mobile node corresponding to the multicast address of the IPTV channel, sets the multicast address in the first header of broadcasting traffic, sets the CoA of the mobile node in the second header of the broadcasting traffic, and then sends the broadcasting traffic.
摘要:
Technology for forming a virtual private network (VPN) is provided. A VPN gateway that supports mobility with a connection node having a virtual home address (HoA) and a care of address (CoA) includes a mobility support unit, a data security unit, and a virtual address converter. When a packet is transferred from the connection node, the mobility support unit sustains a binding relationship between a home address (HoA) of the connection node and the changed CoA, and processes a mobility tunnel for the packet, thereby generating a first conversion packet. The data security unit performs a security test of the first conversion packet. The virtual address converter converts the HoA of the connection node, which is a source address of the first conversion packet in which the security test is complete, to a private network internal address that can be used in the VPN, thereby generating a second conversion packet.
摘要:
In a system for providing an IPTV service, if a multicast address of an IPTV channel received from a head-end is a multicast address requested by a mobile node through a tunnel, an end router confirms a care of address (CoA) of the mobile node corresponding to the multicast address of the IPTV channel, sets the multicast address in the first header of broadcasting traffic, sets the CoA of the mobile node in the second header of the broadcasting traffic, and then sends the broadcasting traffic.
摘要:
A method and apparatus for collaboratively protecting against a Distributed Denial of Service (DDoS) attack are provided. The method performed by a network apparatus includes detecting data suspected as being used in the DDoS attack by monitoring traffic forwarded to a service server, notifying a security apparatus that the detected data is suspected as being used in the DDoS attack, and performing at least one of a first operation and a second operation, the first operation being receiving an analysis result for the detected data from the security apparatus and controlling the traffic based on the analysis result, and the second operation being controlling, prior to the first operation, the traffic based on a rule set in advance.
摘要:
Disclosed are a system for managing virtual private networks (VPNs) includes: terminals configured to transmit user data; a manager configured to transmit information for concealing networks and managing the VPNs; border gateways configured to decrypt the user data and perform a network address translation (NAT) procedure and a filtering procedure on the decrypted user data based on the information; and servers configured to receive the user data subjected to the NAT procedure and the filtering procedure, wherein the filtering procedure is a procedure discarding the user data to be transferred to the servers that are not allowed so as to allow the terminals to access only the allowed servers, the NAT procedure is a procedure changing an Internet protocol (IP) address used in a first network to an IP address used in a second network, and the first network and the second network are different networks.
摘要:
A device for providing forwarding and QoS information in a flow based network environment acquires first information and second information from a flow table therein on the basis of status information of a predetermined flow in order to provide dynamically updated information in a flow based network environment. When it is determined that first information and second information acquired based on a route ID of a series of information are updated, the flow table is updated and the updated information is provided.
摘要:
A device for providing forwarding and QoS information in a flow based network environment acquires first information and second information from a flow table therein on the basis of status information of a predetermined flow in order to provide dynamically updated information in a flow based network environment. When it is determined that first information and second information acquired based on a route ID of a series of information are updated, the flow table is updated and the updated information is provided.
摘要:
A network control method for controlling a client-and-server based high-reliability session for secure payment using a multi interface user terminal in the wired or wireless Internet is provided. The network control method establishes an active and standby secure channel between a client equipped to a terminal including a plurality of network interfaces and a server to control each terminal based on a terminal identifier (ID). The method continuously receives terminal state information through the secure channel, and identifies a homogeneous or heterogeneous access network and the secure channel to which a user terminal connects based on the terminal state information, thereby securely authenticating the user terminal requesting payment to a payment gateway (PG) system. Accordingly, the PG system may securely authenticate the user terminal and perform the payment.
摘要:
A communication node detects a communication fault thereof, and when a communication fault is detected, the communication node determines whether the communication node is included in a transmission path of a data packet with reference to a routing table and transmits the stored communication fault notification message to peripheral communication nodes.
摘要:
Provided are a network resource control method and apparatus for guaranteeing an admission rate of a high-priority service. In the method and apparatus, the admission rate of the high-priority service is increased by differentiating between the high-priority service and a low-priority service by either rejecting the low-priority service or reducing a bandwidth allocated to the low-priority service when the low-priority service has already been accepted.