CN114465986B - IP address conflict processing method, electronic device and computer readable storage medium - Google Patents
IP address conflict processing method, electronic device and computer readable storage medium Download PDFInfo
- Publication number
- CN114465986B CN114465986B CN202011247812.8A CN202011247812A CN114465986B CN 114465986 B CN114465986 B CN 114465986B CN 202011247812 A CN202011247812 A CN 202011247812A CN 114465986 B CN114465986 B CN 114465986B
- Authority
- CN
- China
- Prior art keywords
- host
- address
- mac address
- legal
- request message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The application discloses an IP address conflict processing method, electronic equipment and a computer readable storage medium, which are used for solving the problem of low efficiency of the existing IP address conflict processing. The scheme provided by the application comprises that under the condition that the conflict exists between the IP address of a first host and the IP address of a second host, a check request message is sent to the first host and the second host, the check request message comprises a check value recorded with the IP address and a legal MAC address corresponding to the IP address, and the check request message is used for requesting the received host to check whether the MAC address of the received host is identical to the legal MAC address; determining illegal hosts in the first host and the second host according to the verification results returned by the first host and the second host in response to the verification request message; and releasing the IP address occupied by the illegal host. The method and the device can actively and timely and effectively process the IP address conflict, reduce labor cost and improve conflict processing efficiency.
Description
Technical Field
The present disclosure relates to the field of network technologies, and in particular, to an IP address conflict processing method, an electronic device, and a computer readable storage medium.
Background
The occurrence of IP address conflicts is very easy to occur due to the large number of unnormalized host deployments in the network, and with the advent of the big data age, all enterprise data center computing nodes show a big explosive growth. Thousands of hosts are deployed on the IPV4 network, and in the case where the IPV6 network is not yet fully popular, a large amount of traffic is still running on the IPV4 network. Each node occupies one IP address, and the use defect of static IP also appears, so that the headache problem of IP conflict is endless.
The prior art means usually wait for the user to report the fault passively, and reversely find out the illegal host IP to carry out the shutoff through the fault information provided by the user, and the timeliness of fault processing cannot be ensured by the means, and the efficiency is lower. One IP conflict will bring a lot of operation and maintenance costs, and an order of magnitude IP conflict will inevitably bring a deeper disaster after occurrence.
In the face of the situation, how to research and develop a processing method for effectively solving the IP address conflict in time, and improving the network operation safety is very practical.
Disclosure of Invention
An objective of the embodiments of the present application is to provide an IP address conflict processing method, an electronic device, and a computer readable storage medium, so as to solve the problem of low efficiency of existing IP address conflict processing.
In order to solve the technical problems, the present specification is implemented as follows:
in a first aspect, there is provided an IP address conflict processing method, performed in a gateway device, the method including:
when detecting that the IP address of a first host computer conflicts with the IP address of a second host computer, sending a verification request message to the first host computer and the second host computer, wherein the first host computer and the second host computer belong to a local area network managed by the gateway equipment, the verification request message comprises a verification value recorded with the IP address and a legal MAC address corresponding to the IP address, and the verification request message is used for requesting the received host computer to verify whether the MAC address of the received host computer is identical with the legal MAC address;
determining an illegal host in the first host and the second host according to a verification result returned by the first host and the second host in response to the verification request message, wherein the MAC address of the illegal host is different from the legal MAC address;
and releasing the IP address occupied by the illegal host.
Optionally, before detecting that the IP address of the first host collides with the IP address of the second host, the method further includes:
and after the first host or the second host is connected with the gateway equipment for the first time, actively acquiring the IP address allocated for the first time and the corresponding legal MAC address so as to be used for determining the check value in the check request message.
Optionally, sending a check request packet to the first host and the second host includes:
in a preset detection period, sending the check request message to the first host for multiple times at preset time intervals and sending the check request message to the second host for multiple times; wherein, the liquid crystal display device comprises a liquid crystal display device,
determining an illegal host in the first host and the second host according to the verification results returned by the first host and the second host in response to the verification request message, including:
and in the preset detection period, if the MAC address of the host returning the verification result is different from the legal MAC address, determining that the host returning the verification result is an illegal host.
Optionally, determining an illegal host in the first host and the second host according to the verification result returned by the first host and the second host in response to the verification request message, and further includes:
and in the preset detection period, if the MAC address of the host returning the verification result is the same as the legal MAC address, determining that the host returning the verification result is the legal host.
Optionally, the method further comprises:
generating a first original data table according to the IP address which is firstly allocated by the first host or the second host and the corresponding legal MAC address;
generating a first temporary data table according to the current IP address of the first host and the corresponding MAC address;
generating a second temporary data table according to the current IP address of the second host and the corresponding MAC address; wherein, the liquid crystal display device comprises a liquid crystal display device,
before releasing the IP address occupied by the illegal host, the method further includes:
performing capacity and repulsion calculation on the first original data table, the first temporary data table and the second temporary data table to obtain a new data table comprising IP addresses and MAC addresses respectively corresponding to the legal host and the illegal host;
and converting the new data table into an executable command script, wherein the executable command script is used for executing the step of releasing the IP address occupied by the illegal host.
Optionally, the method further comprises:
in the preset detection period, generating a corresponding first temporary data table according to the check result returned by the first host computer each time, and generating a corresponding second temporary data table according to the check result returned by the second host computer each time;
when the preset detection period is over, overlapping and de-duplicating repeated contents of the generated multiple first temporary data tables to obtain the first temporary data tables; and/or overlapping and de-duplicating the repeated content of the generated second temporary data tables to obtain the second temporary data tables.
Optionally, releasing the IP address occupied by the illegal host includes:
and executing error closing operation on the physical interface of the illegal host according to the executable command script, and recovering the occupation of the legal host on the IP address.
In a second aspect, there is also provided an IP address conflict processing method, performed in a host, the method including:
receiving a verification request message sent by gateway equipment, wherein the host belongs to a local area network governed by the gateway equipment, and the verification request message records a current IP address of the host and a legal MAC address corresponding to the IP address;
responding to the verification request message to compare the MAC address of the host with the legal MAC address to obtain a verification result for verifying whether the MAC address of the host is identical to the legal MAC address;
and returning the verification result to the network management equipment so that the gateway equipment determines whether the host is an illegal host with IP address conflict according to the verification result.
In a third aspect, there is provided an electronic device comprising a processor and a processor electrically connected to the memory, the memory storing a computer program executable by the processor to perform the steps of the method according to the first or second aspect.
In a fourth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method according to the first or second aspect.
According to the method and the device, under the condition that the existence of the IP address conflict among the plurality of hosts is detected, the illegal hosts in the hosts are determined by respectively sending the verification request message comprising the legal host IP and the MAC to the hosts, and the IP addresses occupied by the illegal hosts are released, so that the IP conflict can be effectively and timely eliminated. The method and the device can actively and timely and effectively solve the IP address conflict, not only are the performance consumption low, but also the workload of manual labor complex can be reduced, the cost is saved, the service operation efficiency is improved, and the industrial competitiveness is enhanced. And the performance of the network safe operation is also improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
fig. 1 is a flowchart of an IP address conflict processing method according to a first embodiment of the present application.
Fig. 2 is a flowchart of an IP address conflict processing method according to a second embodiment of the present application.
Fig. 3 is a general exemplary diagram of an IP address conflict processing method according to an embodiment of the present application.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application. The reference numerals in the present application are only used to distinguish the steps in the scheme, and are not used to limit the execution sequence of the steps, and the specific execution sequence controls the description in the specification.
In order to solve the problems in the prior art, an embodiment of the present application provides an IP address conflict processing method, which is executed in a gateway device, and fig. 1 is a schematic flow chart of the IP address conflict processing method in the first embodiment of the present application.
As shown in fig. 1, the method comprises the following steps:
step 102, sending a verification request message to a first host and a second host when detecting that an IP address of the first host conflicts with an IP address of the second host, where the first host and the second host belong to a local area network governed by the gateway device, where the verification request message includes a verification value recorded with the IP address and a legal MAC address corresponding to the IP address, and the verification request message is used to request the received host to verify whether the MAC address of the received host is the same as the legal MAC address;
step 104, determining an illegal host in the first host and the second host according to the verification result returned by the first host and the second host in response to the verification request message, wherein the MAC address of the illegal host is different from the legal MAC address;
and 106, releasing the IP address occupied by the illegal host.
Based on the solution provided in the foregoing embodiment, optionally, in step 102, the collision exists between the IP address of the first host and the IP address of the second host, including: the IP address of the first host is the same as the IP address of the second host, and the MAC address of the first host is different from the MAC address of the second host.
When a host is first connected to the local area network managed by the gateway device, that is, the host is first connected to the gateway device, a fixed static IP address is allocated, and the first-time connected host has the highest authority of occupying the use IP. And the IP address corresponds to the network card address of the host, i.e. the media access control address (Media Access Control Address, MAC), and the MAC address is a unique identifier that corresponds to the host.
In step 102, if it is detected that there is a conflict between the IP address of the first host and the IP address of the second host, it indicates that the first host and the second host have two different MAC addresses corresponding to the same IP address. A legal host exists in the first host and the second host, and an illegal host occupies the first online allocated IP address of the legal host, so that IP address conflict exists.
Therefore, after detecting that an IP conflict exists, sending a check request message to the first host and the second host that have the conflict can be performed to request the two hosts to determine an illegal host by checking whether the MAC address of the two hosts is identical to the legal MAC address. The check value included in the check request message records the conflict IP address and the corresponding legal MAC address, and the MAC address of the host machine which is allocated with the IP address for the first time is the legal MAC address.
Optionally, in one embodiment of the present application, before detecting that there is a conflict between the IP address of the first host and the IP address of the second host, the method further includes:
and after the first host or the second host is connected with the gateway equipment for the first time, actively acquiring the IP address allocated for the first time and the corresponding legal MAC address so as to be used for determining the check value in the check request message.
This step is implemented by the gateway device actively collecting host information, for example, by simple network management protocol (Simple Network Management Protocol, SNMP) or other generic protocol in real time. Specifically, after a host is first online, the host sends an address resolution protocol (Address Resolution Protocol, ARP) broadcast message containing its own IP, mask information, and MAC fields, and after receiving the message, the gateway device reads the IP fields and MAC fields in the message and maps the IP fields and the MAC fields with a gateway port that learns the host information, and then inserts the IP fields and the ARP fields in the ARP table entry of the host and records the virtual local area network (Virtual Local Area Network, VLAN) ID information corresponding to the host. Thus, the first allocated IP address and the corresponding legal MAC address corresponding to the legal host can be obtained.
Alternatively, in one embodiment, the first original data table may be generated after the first allocated IP address and the corresponding legal MAC address of the legal host are obtained. In this embodiment of the present application, the "I-M original table" may be referred to as "I-M original table", for example, the "I-M original table" including the primary key fields of the host "IP" and "MAC" is dynamically generated in the back-end database, and is saved, so as to determine, when detecting that an IP conflict exists in the corresponding host, a check value in a check request packet sent to the conflicting host.
The gateway equipment processes and modifies the two-dimensional data chain load obtained by (IP-MAC; PORT-MAC) according to the ARP table entry data of the gateway equipment, for example, according to the format comprising three elements of IP, MAC and a PORT of a switch PORT, and the generated two-dimensional data chain load can be transmitted to an I-M original database container for storage.
The generation of the first raw data table may be performed by the gateway device, however, in order to reduce the performance consumption of the gateway device, in an embodiment, this step may also be performed by the network management server corresponding to the lan. For example, the gateway device sends the ARP table entry to the network management server for data summarization, and the network management server generates the first original data table from the ARP table entry received from the gateway device through the SNMP protocol.
In addition, in practical application, the application often needs to perform IP management deployment on a host of a specific service so as to achieve a better service planning effect, so that the application can be widely applied to a software defined network (Software Defined Network, SDN). At this time, generating the first raw data table may be performed by the SDN controller instead of the network management server.
In step 102, the I-M field corresponding to the I-M original table recorded with the conflicting IP address and the legal MAC address corresponding to the IP address may be filled in the check value header of the check request packet, and the check request packet is sent to the corresponding host for checking.
The verification results returned by the verified host are two types, and the two types respectively represent that the MAC address of the verified host is the same as or different from the legal MAC address recorded in the verification value.
In step 104, if the verification result returned by the verified host indicates that its own MAC is different from the legal MAC address, the host is determined to be an illegal host. Otherwise, if the verification result returned by the verified host indicates that the MAC of the verified host is the same as the legal MAC address, the host is determined to be the legal host.
In step 102, a predetermined collision detection period may be set in order to balance the detection cost, the detection accuracy, and the timeliness.
In one embodiment, optionally, sending a check request packet to the first host and the second host includes: and in a preset detection period, sending the check request message to the first host for multiple times at preset time intervals and sending the check request message to the second host for multiple times.
That is, in the collision detection period T, a check request message is sent to the first host and the second host that collide at predetermined time intervals. For example, the collision detection period T is within 0.5 to 1.5 hours. The collision detection period T is 1 hour, i.e., t=3600 s, and the time interval is 60s. Thus, the gateway device may send a check request message to the first host and the second host at intervals of 60s, respectively. Optionally, key information of the checked host is collected once at each check, including IP address, MAC address, etc.
Correspondingly, determining an illegal host in the first host and the second host according to the verification result returned by the first host and the second host in response to the verification request message comprises: and in the preset detection period, if the MAC address of the host returning the verification result is different from the legal MAC address, determining that the host returning the verification result is an illegal host. And in the preset detection period, if the MAC address of the host returning the verification result is the same as the legal MAC address, determining that the host returning the verification result is the legal host. That is, the verification result returned by the verified host in response to the verification request message each time is that the MAC address of the host is different from the legal MAC address, and the verified host is determined to be an illegal host. And the checked host responds to the check result returned by the check request message each time, and the check result is that the MAC address of the host is the same as the legal MAC address, and the checked host is determined to be the legal host.
The IP and MAC information of the IP conflict host are collected in real time to determine the illegal host by sending a verification request message for active verification, so that the sensitivity of IP conflict detection is improved, and valuable time is saved for error correction recovery of sensitive services.
Optionally, after receiving the verification result, the gateway device generates a temporary data table according to the current IP address and the corresponding MAC address of the host to be verified, which may be referred to as an "I-M temporary table" in this application. The "I-M temporary table" records the "IP" corresponding to the authenticated host and the "MAC" primary key field of the host, relative to the "I-M original table".
That is, a first temporary data table is generated according to the current IP address and the corresponding MAC address of the first host, and a second temporary data table is generated according to the current IP address and the corresponding MAC address of the second host.
When one detection period including multiple verification detections is completed, a corresponding multiple number of entries of the "I-M temporary table" are generated for the same verified host. Optionally, in the predetermined detection period, a corresponding first temporary data table is generated according to the check result returned by the first host computer each time, and a corresponding second temporary data table is generated according to the check result returned by the second host computer each time.
Obviously, it is not necessary that a gateway device generates multiple parts of "I-M temporary table" entries for the same host, so that, optionally, at the end of the predetermined detection period, the generated multiple first temporary data tables are overlapped and de-duplicated to obtain the first temporary data tables; and/or overlapping and de-duplicating the repeated content of the generated second temporary data tables to obtain the second temporary data tables.
Therefore, only the corresponding I-M temporary table entries of 2 periodic conflict detection are actually generated for the two checked hosts, namely 1 legal host and 1 illegal host are generated.
In addition, for the checked host computer determined to be legal in IP, the gateway device can mark the corresponding I-M temporary table generated according to the check result returned by the checked host computer as legal; for the checked host determined to be illegal in IP, the gateway device can mark the corresponding I-M temporary table generated according to the returned check result as illegal, and generate an 'I-M temporary table' after conflict check detection.
The I-M temporary table is used for performing capacity-repulsion calculation with the I-M original table to determine a corresponding new data table, and optionally, performing capacity-repulsion calculation on a first original data table generated by a legal host for the first time, a first temporary data table generated by a checked first host and a second temporary data table generated by a checked second host to obtain a new data table comprising IP addresses and MAC addresses respectively corresponding to the legal host and the illegal host.
For example, if the temporary table of I-M is represented by A and the original table of I-M is represented by B, the binary capacity repulsion calculation is carried out on the two tables as follows: ab= |a+|b|a+b|, and the repulsion calculation result is the full amount of legal I-M new entries without IP conflict and illegally with IP conflict.
In one embodiment, in order to reduce resource consumption of the gateway device, the above-mentioned capacity repulsion calculation may also be performed by a network management server or an SDN controller to generate the I-M new data table.
According to the embodiment of the application, the capacity-repulsion algorithm is adopted, so that the IP conflict detection optimizing capability is greatly improved, even malicious IP occupation behaviors can be sharply found and timely processed, a core production service and important data protection area is formed, and the protection area can avoid the situation that illegal molecules steal tampered data without manual intervention, so that the method has certain safety requirements.
According to the above scheme, after steps 102 and 104 are completed, the valid verification data is already obtained, however, the gateway device still cannot perform the next substantial action of eliminating the IP conflict, and the gateway device must obtain an executable script file to solve the IP conflict, which requires compiling and converting the I-M new data table into a script executable by the gateway device, and performing a forced offline operation on the illegal host by executing the compiled executable script command, so that the illegal host cannot occupy the IP of the legal host. If the subsequent illegal host computer needs to be accessed into the network environment, the subsequent illegal host computer needs to carry out corresponding report or application to be accessed legally.
Therefore, before releasing the IP address occupied by the illegal host in step 106, the method further includes: and converting the new data table into an executable command script, wherein the executable command script is used for executing the step of releasing the IP address occupied by the illegal host.
Finally, a sh script or other type of executable file, such as in the python format, is flexibly generated depending on the underlying system of the gateway device.
In an embodiment, in order to reduce resource consumption of the gateway device, the executable command script may also be compiled by a network management server or an SDN controller and sent to the gateway device for execution.
Optionally, in step 106, releasing the IP address occupied by the illegal host includes: and executing error closing operation on the physical interface of the illegal host according to the executable command script, and recovering the occupation of the legal host on the IP address.
The gateway device executes the command in the script, rapidly closes the switch port where the conflicted host computer is located by error, immediately fails the ARP list item, and after the conflicted host computer goes off line from the network, the conflicted ARP message request is not received by the normal host computer, so that the IP confliction problem is solved. Therefore, the problem of IP conflict can be solved, and a manager can quickly locate a conflicting host through the log file of the gateway equipment, so that follow-up tracing locating work is facilitated.
According to another embodiment of the present application, there is further provided an IP address conflict processing method, which is executed in a host, and fig. 2 is a flowchart of an IP address conflict processing method according to a second embodiment of the present application.
As shown in fig. 2, the method includes:
step 202, receiving a verification request message sent by gateway equipment, wherein the host belongs to a local area network governed by the gateway equipment, and the verification request message records a current IP address of the host and a legal MAC address corresponding to the IP address;
step 204, responding to the verification request message and comparing the MAC address of the host with the legal MAC address to obtain a verification result for verifying whether the MAC address of the host is identical to the legal MAC address;
and step 206, returning the verification result to the gateway equipment so that the gateway equipment determines whether the host is an illegal host with IP address conflict according to the verification result.
The host may be an illegal host or a legal host which is requested to be checked, and the current IP address of the host recorded in the checking request message is an IP address with conflict, which may be an IP address allocated for the first time after the legal host accesses the lan, or an IP address of another legal host occupied by the illegal host.
If in step 204, the MAC address of the host itself is compared with the legal MAC address in the check request message, and the obtained check result is that the MAC address of the host itself is the same as the legal MAC address, the gateway device that receives the check result determines that the host is legal; otherwise, the host is determined to be illegal.
Next, an IP address conflict processing method according to an embodiment of the present application will be described with reference to an example of fig. 3, and fig. 3 is a general exemplary diagram of an IP address conflict processing method according to an embodiment of the present application.
In this example, it is assumed that 5 hosts are first connected to a network in a conventional network management centralized management type network environment, and each host is defined as a, b, c, d, e.
As shown in fig. 3, the method includes the step a: after the host 20 is on line, each host 20 sends an ARP broadcast message containing its own IP information, MAC information, VLAN-ID information, and switch port information, and after receiving the message, gateway apparatus 10 reads the IP field and MAC field in the ARP broadcast message and maps the ARP broadcast message with the gateway port of the host 20, thereby obtaining mapping relationships between IP1-MAC1, IP2-MAC2, and IPn-MACn corresponding to n hosts.
And (B) step (B): the gateway device 10 sends the broadcast message information to the network management server or SDN controller 30.
Step C: the network management server or SDN controller 30 collects the IP, MASK information MASK, MAC address, VLAN-ID, and switch PORT of the 5 hosts in real time through SNMP or OPEN FLOW network protocol, extracts key IP information, MAC information, VLAN-ID information, and switch PORT information, and creates a two-dimensional data table with the IP field and MAC field as two primary keys, and records the two-dimensional data table as an "I-M original table".
The IP field (first lease IP DB information) and the MAC field (first lease IP MAC DB information) corresponding to the "I-M original table" are dumped into the back-end I-M original DB database 40 as reference for the comparison copy. If one host f sets its own IP as that of the host a, the gateway device 10 learns the same IP and different MAC information from the switch ports corresponding to the two hosts at the same time, and triggers an IP conflict penalty checking mechanism.
Step D: regardless of whether an IP conflict occurs, the gateway device 10 periodically collects host information, and in order to avoid that the gateway device 10 collects an increasing number of filled ARP entries, which results in exceeding the maximum ARP entry upper limit that the device can support, the present application proposes to set a conflict penalty value (Conflicting values) CvT for the IP conflicting hosts.
For example, an initial value of the collision penalty value CvT is set based on the set collision detection period T and the time interval for transmitting the check request message. Taking t=3600 s, the gateway device 10 sends a request message every 60s as an example, and the initial value is CvT 0 =59. The gateway device recognizes the I-M data of the first online host as a conflict state, and assigns the CvT of the first online host at the moment 0 The value is maximum (cvt0=59).
When an IP conflict occurs, the IP conflict penalty mechanism is started, the gateway device 10 initiates an IP conflict penalty check challenge to the hosts a and f every other time T, and the action sends a request message containing a penalty check value C header, wherein the message fills the original I-M field into the check value C header, and the length is 80 bits. After receiving the request message, the host a and the host f read the C header field of the request message, and perform AND operation on the own IP-MAC field and 80 bits of the C header in the C request message.
Since the host a is the host that starts to be online for the first time, the value obtained by the calculation result of the host a is the same as the 80bit of the header C, the host a immediately generates a conflict number t, and fills the form of setting the value t to "1" into the t field bit of the conflict punishment challenge response message, and returns the t field bit to the gateway device 10. After receiving the response message returned by the host a, the gateway device 10 reads the t field bit in the response message, and after finding the position 1, considers that the IP of the host a is in conflict, and immediately sends the conflict penalty value CvT 0 -1。
Meanwhile, after receiving the challenge request message initiated by the gateway device 10, the host f also compares the challenge request message with the first 32 bits of the IP field of the host f and the C header after the operation, but due to the difference of the fMAC field of the host, the comparison is finally performedThe value after the and operation is different from the 80bit of the header C, the host f generates a response message with the t field set to 0 and returns the response message to the gateway device 10. After receiving the response message returned by the host f, the gateway device 10 reads the t field, finds that the t field is set to 0, and still sets the conflict penalty value CvT of the host f to be the initial CvT 0 . Similarly, each time the collision penalty challenge check ends, gateway device 10 generates a "I-M temporary table" for hosts a and f, when the 58 th collision penalty challenge check ends, the collision penalty value for host a has been decremented to 0, and the collision penalty value for host f remains 59. The IP field (collision IP DB information recorded in the collision period) and the MAC field (collision MAC DB information recorded in the collision period) corresponding to the "I-M temporary table" are dumped into the I-M temporary DB database 50.
Since the conflict penalty value assumes that the host IP on line for the first time is all in conflict, if the host a is in conflict every time it is checked by the challenge, the IP of the host a is legal, and the opposite host f does not collide every time in the periodic challenge, and the IP of the host f is determined to be illegal according to the same logic principle.
According to the scheme, the conflict penalty value CvT 0 Initial value 59, penalty value CvT 0 There is a linear relationship function with the number of collisions t, i.e., { f (CvT) =cvt 0 -[(I-M)&C]Sum { F (CvT) =CvT }/C × t }, and 0 * t=0 }. Wherein, I-M represents the 'IP-MAC' field parameter of the host computer which is challenged and checked, C is the field parameter of the head of the challenged and checked, and is concretely executed by the database, t is the conflict number variable, and the value range of t is 0-59. By the above function, the set position can be calculated to obtain the corresponding f (CvT) =0, which indicates that the IP of the challenged host is legal, or (CvT) =59, which indicates that the IP of the challenged host is illegal.
The conflict penalty value relation function t value is set to be the self-subtracting concept, the verification period is skillfully matched, the conflict penalty value presents a Boolean type value expected by a symbol after the period is ended, and whether the IP of the challenged host is legal or not can be accurately distinguished.
Step E: the network management server or the calculation module 34 in the SDN controller 30 needs to perform the repulsion calculation processing in the t-t binary repulsive device 60 for the "I-M temporary table" generated by each challenge check and stored in the I-M temporary DB database 50 and the "I-M original table" stored in the I-M original DB database 40, and remove the table entry with repeated content, and finally only obtain the I-M new table containing the IP address, MAC address, switch PORT and VLAN-ID key information corresponding to the legal host a and the illegal host f. T-t refers to two tables, I-M temporary table and I-M original table, respectively.
Step F: the compiling module 32 in the network management server or the SDN controller 30 converts the generated new I-M table into a command script executable by the gateway device 10 in the cancellation execution script generation container 70, for example, an SH format offline sentence or other format such as python, and transmits the command script to the gateway device 10 through SNMP. The gateway device 10 automatically performs the offline operation on the host f with the conflict according to the switch port information of the host f in the executable script, so that the host a is restored to be normal, and finally, the IP conflict between the hosts a and f is eliminated.
According to the method and the device, under the condition that the existence of the IP address conflict among the plurality of hosts is detected, the illegal hosts in the hosts are determined by respectively sending the verification request message comprising the legal hosts IP and the MAC to the hosts, and the IP addresses occupied by the illegal hosts are released, so that the IP conflict can be actively and timely effectively eliminated, and the performance of network safe operation is improved. Not only has low performance consumption, but also reduces the workload of manual labor, saves cost, improves service operation efficiency, enhances industry competitiveness,
in addition, the method and the device realize the active reduction of IP address conflict by establishing an I-M original table, an I-M temporary table and a conflict penalty value algorithm. The IP, MAC, mask, VLAN-ID, switch port and other information of the host are automatically collected through the existing network software and hardware environment to generate a corresponding I-M original table, so that the labor cost can be effectively reduced, the system operation efficiency is improved, and the intelligent operation and maintenance requirements are met.
In the process of collecting key information of a host, the current TCP/IP protocol stack standard protocol is relied on to automatically deploy and collect. In the process of the repulsion calculation, the calculation is efficient, reliable and excellent in algorithm support. In the conflict elimination process, the direct IP conflict host can be rapidly positioned through the gateway equipment log file, and the root of the problem can be fundamentally solved.
The network deployment method and the network deployment system can utilize the existing network deployment environment, are high in portability, can be smoothly embedded and deployed in the traditional network management operation and maintenance mode or the novel SDN network environment, are suitable for operation and maintenance personnel, and are more suitable for back-end development testers such as system integration manufacturers.
Optionally, the embodiment of the present application further provides an electronic device 2000, as shown in fig. 4, and fig. 4 is a schematic structural diagram of the electronic apparatus according to the embodiment of the present application.
The electronic device 2000 includes a memory 2200 and a processor 2400 electrically connected to the memory 2200, where the memory 2200 stores a computer program that can be executed by the processor 2400, and the computer program implements each process of any one of the above embodiments of the IP address conflict processing method when executed by the processor 2400, and can achieve the same technical effects, so that repetition is avoided and redundant description is omitted herein.
The embodiment of the application further provides a computer readable storage medium, on which a computer program is stored, where the computer program when executed by a processor implements each process of any one of the above embodiments of the IP address conflict processing method, and the same technical effects can be achieved, so that repetition is avoided, and no redundant description is given here. Wherein the computer readable storage medium is selected from Read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic disk or optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), including several instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method described in the embodiments of the present application.
The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those of ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are also within the protection of the present application.
Claims (7)
1. A method of IP address conflict handling, performed at a gateway device, the method comprising:
when detecting that the IP address of a first host computer conflicts with the IP address of a second host computer, sending a verification request message to the first host computer and the second host computer, wherein the first host computer and the second host computer belong to a local area network managed by the gateway equipment, the verification request message comprises a verification value recorded with the IP address and a legal MAC address corresponding to the IP address, and the verification request message is used for requesting the received host computer to verify whether the MAC address of the received host computer is identical with the legal MAC address; the sending a check request message to the first host and the second host includes: in a preset detection period, sending the check request message to the first host for multiple times at preset time intervals and sending the check request message to the second host for multiple times;
determining an illegal host in the first host and the second host according to a verification result returned by the first host and the second host in response to the verification request message, wherein the MAC address of the illegal host is different from the legal MAC address; the determining, according to the verification results returned by the first host and the second host in response to the verification request message, an illegal host in the first host and the second host includes: in the preset detection period, if the MAC address of the host returning the verification result is different from the legal MAC address, determining that the host returning the verification result is an illegal host; in the preset detection period, if the MAC address of the host returning the verification result is the same as the legal MAC address, determining that the host returning the verification result is a legal host;
generating a first original data table according to the IP address and the corresponding legal MAC address which are firstly distributed by the first host or the second host; generating a first temporary data table according to the current IP address of the first host and the corresponding MAC address; generating a second temporary data table according to the current IP address of the second host and the corresponding MAC address; performing capacity and repulsion calculation on the first original data table, the first temporary data table and the second temporary data table to obtain a new data table comprising IP addresses and MAC addresses respectively corresponding to the legal host and the illegal host; converting the new data table into an executable command script, wherein the executable command script is used for executing the step of releasing the IP address occupied by the illegal host;
and releasing the IP address occupied by the illegal host.
2. The method of claim 1, further comprising, prior to detecting that there is a conflict between the IP address of the first host and the IP address of the second host:
and after the first host or the second host is connected with the gateway equipment for the first time, actively acquiring the IP address allocated for the first time and the corresponding legal MAC address so as to be used for determining the check value in the check request message.
3. The method as recited in claim 1, further comprising:
in the preset detection period, generating a corresponding first temporary data table according to the check result returned by the first host computer each time, and generating a corresponding second temporary data table according to the check result returned by the second host computer each time;
when the preset detection period is over, overlapping and de-duplicating repeated contents of the generated multiple first temporary data tables to obtain the first temporary data tables; and/or overlapping and de-duplicating the repeated content of the generated second temporary data tables to obtain the second temporary data tables.
4. The method of claim 1, wherein releasing the IP address occupied by the illegitimate host comprises:
and executing error closing operation on the physical interface of the illegal host according to the executable command script, and recovering the occupation of the legal host on the IP address.
5. A method for processing an IP address conflict, the method comprising, executing at a host:
receiving a verification request message sent by gateway equipment, wherein the host belongs to a local area network governed by the gateway equipment, and the verification request message records a current IP address of the host and a legal MAC address corresponding to the IP address; the check request message sent by the receiving gateway device includes: receiving the check request message sent by the gateway equipment for multiple times at preset time intervals in a preset detection period;
responding to the verification request message to compare the MAC address of the host with the legal MAC address to obtain a verification result for verifying whether the MAC address of the host is identical to the legal MAC address;
returning the verification result to the gateway equipment so that the gateway equipment determines whether the host is an illegal host with IP address conflict according to the verification result; the step of enabling the gateway device to determine whether the host is an illegal host with IP address conflict according to the verification result comprises the following steps: in the preset detection period, if the MAC address of the host returning the verification result is different from the legal MAC address, determining that the host is an illegal host; in the preset detection period, if the MAC address of the host returning the verification result is the same as the legal MAC address, determining that the host is a legal host; and
the gateway equipment generates a first original data table according to the IP address and the corresponding legal MAC address which are firstly allocated by the host; generating a first temporary data table and a second temporary data table according to the current IP address of the host and the corresponding MAC address; performing capacity and repulsion calculation on the first original data table, the first temporary data table and the second temporary data table to obtain a new data table comprising IP addresses and MAC addresses respectively corresponding to the legal host and the illegal host; and converting the new data table into an executable command script, wherein the executable command script is used for executing the step of releasing the IP address occupied by the illegal host.
6. An electronic device, comprising: a memory and a processor electrically connected to the memory, the memory storing a computer program executable by the processor, the computer program implementing the steps of the method of any one of claims 1 to 5 when executed by the processor.
7. A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, implements the steps of the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011247812.8A CN114465986B (en) | 2020-11-10 | 2020-11-10 | IP address conflict processing method, electronic device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011247812.8A CN114465986B (en) | 2020-11-10 | 2020-11-10 | IP address conflict processing method, electronic device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114465986A CN114465986A (en) | 2022-05-10 |
| CN114465986B true CN114465986B (en) | 2023-07-21 |
Family
ID=81404970
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011247812.8A Active CN114465986B (en) | 2020-11-10 | 2020-11-10 | IP address conflict processing method, electronic device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114465986B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1614942A (en) * | 2003-11-06 | 2005-05-11 | 北京佳讯飞鸿电气有限责任公司 | Method for soluting IP address conflicts in network communication |
| KR20080090834A (en) * | 2007-04-06 | 2008-10-09 | 삼성전자주식회사 | Network switch and method for protecting ip address conflict thereof |
| CN106936944A (en) * | 2017-03-31 | 2017-07-07 | 苏州科达科技股份有限公司 | A kind of method and device for detecting and processing network address collision |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8539055B2 (en) * | 2011-06-30 | 2013-09-17 | Aruba Networks, Inc. | Device abstraction in autonomous wireless local area networks |
| US9413713B2 (en) * | 2013-12-05 | 2016-08-09 | Cisco Technology, Inc. | Detection of a misconfigured duplicate IP address in a distributed data center network fabric |
-
2020
- 2020-11-10 CN CN202011247812.8A patent/CN114465986B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1614942A (en) * | 2003-11-06 | 2005-05-11 | 北京佳讯飞鸿电气有限责任公司 | Method for soluting IP address conflicts in network communication |
| KR20080090834A (en) * | 2007-04-06 | 2008-10-09 | 삼성전자주식회사 | Network switch and method for protecting ip address conflict thereof |
| CN106936944A (en) * | 2017-03-31 | 2017-07-07 | 苏州科达科技股份有限公司 | A kind of method and device for detecting and processing network address collision |
Non-Patent Citations (5)
| Title |
|---|
| 吴建军 ; 吴建国 ; .IP地址冲突的分析与对策.云南师范大学学报(自然科学版).2008,(第06期),第1-4页. * |
| 张万强 ; .校园网IP地址冲突的分析及解决方案.硅谷.2013,(第20期), 全文. * |
| 方工文 ; 于淼 ; .快速解决医院局域网IP地址冲突的策略与方法.中国医疗设备.2012,(第10期), 全文. * |
| 许丽光 ; .解决网络中IP地址冲突的途径综述.电脑知识与技术(学术交流).2007,(第12期), 全文. * |
| 陈松 ; .基于端口隔离静态IP地址冲突防范策略.计算机工程与设计.2009,(第01期), 全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114465986A (en) | 2022-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7463593B2 (en) | Network host isolation tool | |
| CN103077345B (en) | Based on software authorization method and the system of virtual machine | |
| CN101809968A (en) | Facilitating heterogeneous authentication for allowing network access | |
| CN109284140B (en) | Configuration method and related equipment | |
| CN109936480B (en) | Network topology discovery method and device, storage medium and electronic equipment | |
| CN114679292B (en) | Honeypot identification method, device, equipment and medium based on network space mapping | |
| CN112637377B (en) | Method and equipment for detecting IP address conflict | |
| CN105245386A (en) | Method and system for automatic positioning of server connection relation | |
| WO2012014509A1 (en) | Unauthorized access blocking control method | |
| US11503032B2 (en) | Method and apparatus for detecting invalidity of access control list ACL rule | |
| CN114189390A (en) | Domain name detection method, system, equipment and computer readable storage medium | |
| CN111585949B (en) | Vulnerability scanning method and related equipment | |
| CN114465986B (en) | IP address conflict processing method, electronic device and computer readable storage medium | |
| CN109787865B (en) | Method, system, switch and storage medium for verifying upgrading condition | |
| US10623421B2 (en) | Detecting IP address theft in data center networks | |
| CN112019361A (en) | Migration method and device of access control list, storage medium and electronic equipment | |
| CN116719868A (en) | Network asset identification method, device and equipment | |
| CN114629725A (en) | User domain dumb terminal management method, device, system and storage medium | |
| CN110769008B (en) | Data security protection method and device and service equipment | |
| CN110611678B (en) | Method for identifying message and access network equipment | |
| CN111258711B (en) | Multi-protocol network micro-isolation method and system | |
| JP4617898B2 (en) | ACCESS CONTROL METHOD AND METHOD, SERVER DEVICE, TERMINAL DEVICE, AND PROGRAM | |
| US20180124012A1 (en) | Domain name system (dns) resolution processing method and device | |
| CN114124568A (en) | Connection control method and system | |
| CN113542192B (en) | Illegal network equipment access detection method and device, computing equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |