公开(公告)号：WO2012026855A1

公开(公告)日：2012-03-01

申请号：PCT/SE2010/050914

申请日：2010-08-25

Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (publ) ,  WOLLBRAND, Per ,  DAMMVIK, Pål ,  JONSSON, Malin

Inventor： WOLLBRAND, Per ,  DAMMVIK, Pål ,  JONSSON, Malin

IPC: H04L29/06

CPC classification number: H04L63/164 ,  H04L63/1466 ,  H04L69/22

Abstract: The embodiments of the present invention relate to a method in a transmitting node; a method in a receiving node; a transmitting node and a receiving node in an IP network employing Internet security. The receiving node comprises a Receiving Unit, a Processing Unit and a Transmitting Unit. When an IP packet is received, the Processing Unit is adapted to derive a Security Association and a Traffic Class associated with the IP packet. The Processing unit is also adapted to maintain one anti-replay window for each Traffic Class within the Security Association and to determine if a sequence number of the IP packet is within the anti-replay window of the Traffic Class and is not a duplicate of an earlier received packet. If said sequence number is not within the anti-replay window or is a duplicate of an earlier received packet, the packet is dropped.

Abstract translation: 本发明的实施例涉及发送节点中的方法; 接收节点中的方法; 采用因特网安全的IP网络中的发送节点和接收节点。 接收节点包括接收单元，处理单元和发射单元。 当接收到IP分组时，处理单元适于导出与IP分组相关联的安全关联和流量类。 处理单元还适于为安全关联内的每个业务类别维护一个反重放窗口，并且确定IP包的序列号是否在业务类别的反重播窗口内，并且不是 较早收到的数据包。 如果所述序列号不在反重播窗口内，或者是较早接收的分组的副本，则丢弃分组。

公开(公告)号：WO2014098681A1

公开(公告)日：2014-06-26

申请号：PCT/SE2012/051465

申请日：2012-12-20

Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)

Inventor： WOLLBRAND, Per ,  AMMERVIK, Clarence ,  TÖRNKVIST, Åke

IPC: H04L29/08 ,  H04L29/12

CPC classification number: G06F11/2007 ,  G06F11/2028 ,  G06F11/2033 ,  G06F11/2041 ,  G06F2201/815 ,  G06F2201/85 ,  H04L61/103 ,  H04L67/1034 ,  H04L69/40

Abstract: A method in a host arrangement for communicating with a terminal connected to an IP communication network. The arrangement comprises at least two hosts, one operating as active host and the remaining at least one host operating as backup host(s). The arrangement is connected to the IP communication network by means of a switch, wherein each host of the arrangement is connected to the switch by means of an individual link, the active host being associated with an IP and a MAC address. The method comprises detecting (110) a link failure between the active host and the switch, or a malfunction of the active host; and determining (120) a backup host to takeover. The method comprises associating (130) the IP and the MAC address of the active host to the determined backup host to take over; and triggering (140) a MAC learning process in the switch.

Abstract translation: 一种用于与连接到IP通信网络的终端通信的主机装置中的方法。 该装置包括至少两个主机，一个作为活动主机运行，剩余的至少一个主机作为备份主机运行。 该布置通过交换机连接到IP通信网络，其中该装置的每个主机通过单独的链路连接到交换机，活动主机与IP和MAC地址相关联。 该方法包括检测（110）活动主机与交换机之间的链路故障或活动主机的故障; 以及确定（120）备份主机以接管。 该方法包括将活动主机的IP和MAC地址与确定的备份主机相关联（130），以接管; 并触发（140）交换机中的MAC学习过程。