In the field of data communications, two communication parties usually use a packet sequence number to identify the uniqueness of a packet. The sending party maintains a sending sequence number state and updates the sending sequence number state each time when a packet is sent. The receiving party maintains a receiving sequence number state and updates the receiving sequence number state each time when a packet is received. The actual content of the sequence number state is relevant to the communication protocol. However, the sequence number state of the sending party usually includes a sequence number to be used by the next packet to be sent. Because a packet needs to be forwarded by a plurality of apparatus before it reaches the receiving party, different packets may pass through different links and apparatus, and the arrival order of the packet to the receiving party may be different from the sending order of the sending party. Therefore, the receiving party employs a sliding window to record the receiving sequence number state. As shown in FIG. 1, the sliding window usually has a certain window width W. The sliding window includes a left window border L and a plurality of small windows 110, and may also include a right window border (not shown). The left window border L corresponds to the minimal packet sequence number that may be accepted by the receiving party. Corresponding to the sending order of the packet sequence number, each small window 110 corresponds to a packet sequence number; and each time when a sequence number is received, the corresponding sequence number on the window is marked as Received. For example, it may be marked as 1. The window width W is less than or equal to the width of the packet sequence number that may be accepted by the receiving party, and the window width W may be fixed or variable.
IPsec is an IP security protocol, which provides a confidential, complete, real and anti-replay security service for communication data on the IP layer of TCP/IP protocol stack. At present, IPsec is one of the most reliable security technologies. According to the IPsec protocol, two communication parties determine the Security Association (SA) parameter via Internet Key Exchange (IKE), and take the SA parameter as the sequence number of the IPsec packet. To realize anti-replay, the sending party increases the SA sequence number by 1 each time when an SA is used for sending a packet, so that the SA may be used for sending the next packet. FIG. 2 is a flow chart of the process for delivering an IPsec packet in the prior art. As shown in FIG. 2, it has the following specific steps:
Step 201: The sending party fills a packet sequence number into a packet to be sent, and then sends the packet to the receiving party.
Step 202: After receiving the packet, the receiving party determines whether the packet sequence number lies within a sliding window, if yes, turns to Step 203; otherwise, turns to Step 205.
Step 203: The receiving party determines whether the packet sequence number is marked as Not Received on the sliding window, if yes, turns to Step 204; otherwise, turns to Step 207.
Step 204: The receiving party determines that the packet is a valid packet, and marks the packet sequence number as Received on the sliding window, and the process ends.
Step 205: The receiving party determines whether the packet sequence number lies outside the left border of the sliding window, if yes, turns to Step 207; otherwise, turns to Step 206.
Step 206: The receiving party determines that the packet is a valid packet, and at the same time, it determines that the packet sequence number lies outside the border corresponding to the sum of the left border of the sliding window and the window width; the receiving party shifts the sliding window to the right so as to make the sliding window include the packet sequence number, and marks the packet sequence number as Received on the sliding window; and the process ends.
Step 207: The receiving party determines that the packet is an invalid packet, and discards the packet, and the process ends.
The above method is only applicable for the case in which the sending party employs one unit to process the data of the same connection. When the sending party employs a plurality of units to process the data of the same connection, if the plurality of units use the same sequence number set, the packet sequence number sent by one unit may be the same as the packet sequence number sent by another unit, and the receiving party may receive a plurality of packets with the same sequence number from the plurality of units. Therefore, when a packet with a certain sequence number is received from one unit after a packet with the same sequence number is received from another unit, it will be regarded in error that the packet has been received when a sliding window detection is performed, so the packet received later will be discarded. In the prior art, to solve this problem, the sending party employs the following method: when each unit sends a packet, it notifies other units that a packet sequence number is used; the other units know that this sequence number is used, so they will not again employ this sequence number to send a packet in the subsequent sending process. As shown in FIG. 3, the specific process includes the following steps:
Step 301: A unit of the sending party determines to send a packet, selects a packet sequence number that is not used according to the general set of packet sequence numbers stored in this unit and the used packet sequence number sets sent from other units, fills this packet sequence number in the packet, and then sends the packet to the receiving party. Meanwhile, this unit notifies the other units that the packet sequence number is used.
Steps 302-307 are the same as Steps 202-207.
The disadvantage of the method lies in that: the message load of the system is increased, and packet loss may also be caused. Because when the sending party has many units, the sending sequence and the sending rate of each unit is different, and the message for notifying that a packet sequence number is used has a time delay, the following situation may most likely appear: unit A has just used a sequence number to send a packet, and the time for unit B to send the next packet has come before the information sent by unit A, which indicates that the sequence number is used, reaches unit B, so unit B may use the same sequence number as unit A to send the next packet, thus packet loss may be caused.