CN101404586A - Control method and apparatus for multicast upstream port - Google Patents
Control method and apparatus for multicast upstream port Download PDFInfo
- Publication number
- CN101404586A CN101404586A CNA2008102234145A CN200810223414A CN101404586A CN 101404586 A CN101404586 A CN 101404586A CN A2008102234145 A CNA2008102234145 A CN A2008102234145A CN 200810223414 A CN200810223414 A CN 200810223414A CN 101404586 A CN101404586 A CN 101404586A
- Authority
- CN
- China
- Prior art keywords
- multicast message
- corresponding relation
- vlan
- upstream port
- pass
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a multicast upper port control method and a device thereof. A corresponding relation is set in advance. The corresponding relation is the corresponding relation between a virtual local area network and an upper port permitting a multicast message to pass. After the multicast message is received, whether the corresponding relation between the virtual local area network and the received upper port corresponding to the multicast message is in accordance with the preset corresponding relation is confirmed; if yes, the multicast message is permitted to pass; otherwise, the multicast message is rejected. In the proposal provided by the embodiment of the invention, one port can only permit the multicast message of a specific VLAN to pass and also can permit the multicast messages of multiple VLANs to pass or control the multicast message of any VLAN to pass, and the invention can be precise to the restriction scheme of the multicast message at every VLAN, prevents the diffusion of the VLAN multicast message without permission and improves the network safety.
Description
Technical field
The present invention relates to the computer network communication technology field, relate in particular to a kind of multicast upstream port control method and device.
Background technology
On Internet, the multimedia service that sends the multiple spot reception such as single-points such as video conference and video request programs is becoming the important component part that information transmits.To these business, selectable traditional communication mode has only clean culture or broadcasting.Clean culture is meant the datagram transmission of having only a destination.Therefore, the employing clean culture just must cause the transmission that repeats of IP bag, and this can slattern a large amount of system bandwidth resources, has also increased the weight of load of server simultaneously.Broadcasting then is copy from a grouping to each point of destination that deliver.Its major defect is to expend a large amount of host resources and Internet resources.
Multicast solves single-point effectively and sends the problem that multiple spot receives.The thought of multicast is: when the sender when a group of recipients sends data, only need the group address of data with a reservation sent, have only the recipient of this multicast group of adding just can receive multicast packet, other user on the network can not receive this piece of data.For the sender, data only need send once just can send to all recipients, has alleviated the load of network and sender's burden greatly like this.
VLAN (VLAN, Virtual Local Area Network) technology be a kind of by the equipment in the Local Area Network being divided into the network segment of logic one by one (littler local area network (LAN) in other words conj.or perhaps) thus realize the technology of virtual work group.The network segment of these logics is exactly a virtual LAN VLAN.Each VLAN all have one ID number, be used to distinguish other VLAN, abbreviate VID as, it is by IEEE 802.1Q standard definition.The advantage of vlan technology is: for the communication of equipment room in the same VLAN with in a local area network (LAN), communicate by letter the same, but directly intercommunication between the equipment of different VLAN, must could communicate by letter by router or three-tier switch equipment, strengthen the fail safe of network.Broadcasting packet is limited in the VLAN, saves the network bandwidth.Can divide different users to different working groups with VLAN, the user of same working group also need not be confined to a certain fixing physical extent, and network struction and maintenance are more convenient flexibly.
Switching port is the physical port on the network equipment, has two layers of function of exchange, and it can be access port (Access Port) or trunk mouth (Trunk Port).Each Access Port can only belong to a VLAN, and it can only receive and send the Frame that belongs to this VLAN, generally is used to connect the user's computer terminal.Each Trunk Port can belong to a plurality of VLAN, can receive and send the Frame that belongs to a plurality of VLAN, generally is used for the connection between the network equipment, also can be used to connect the user's computer terminal.Multicast upstream port refers to the switching port that multicast message enters on the network equipment, and multicast message is from these port access arrangements, again by device forwards to suitable outlet port.
In network, the certain user can send unauthorized multicast packet, causes the resource anxiety of whole multicast network, influences the network bandwidth, also brings negative effect to information security.At this problem, the specific practice of existing technology is that some the specific ports on the equipment are carried out manual configuration, and restriction multicast message stream all can not flow into from this port, thereby plays the diffusion of the multicast message of the equipment transmission that limits this port connection.Here it is existing multicast upstream port restriction technologies.
As shown in Figure 1, we lift the applied environment of a simple multicast upstream port restriction.The port one of device A and the port of equipment B 2 all are Trunk Port.The network that equipment B connects below has the user of two VLAN.VLAN1 comprises the user that needs are participated in multicast videoconference, and therefore for the port one of device A, it need be let pass to the multicast message of VLAN1.And for VLAN2, only be used to the group broadcasting video frequency service that provides recreational, so multicast packet can only send from server, can not send from the recipient, therefore need the user C of restriction VLAN2 to send multicast packet to network A, promptly the port one for device A need filter the multicast message of VLAN2.
Existing multicast upstream port restriction technologies all is at the multicast message of all VLAN, and therefore in case certain port on equipment carries out the restriction of multicast message, then the multicast message of all VLAN all is filtered by this port the time.But, for the demand of the applied environment of Fig. 1 be: on the port one of device A, need the multicast message of restriction VLAN2 to flow into, and can not be limited to the multicast message of VLAN1.As seen, the technical scheme that limits multicast message according to physical port can't address this problem.
Summary of the invention
The embodiment of the invention provides a kind of multicast upstream port control method and device, can't be accurate to the problem that VLAN carries out multicast message control in order to solve in the prior art, improves the network security performance.
A kind of multicast upstream port control method, this method comprises:
Preestablish a corresponding relation, described corresponding relation is a VLAN and the corresponding relation of the upstream port that allows multicast message to pass through;
When receiving multicast message, determine whether described multicast message corresponding virtual local area network (LAN) conforms to described predefined corresponding relation with the corresponding relation that receives upstream port, if, allow described multicast message to pass through, otherwise, described multicast message abandoned.
A kind of multicast upstream port control method, this method comprises:
Preestablish a set, described set is for allowing the set of multicast message by the VLAN of upstream port;
When described upstream port receives multicast message, determine whether described multicast message corresponding virtual local area network (LAN) is contained in the described set, if, allow described multicast message to pass through, otherwise, described multicast message abandoned.
A kind of multicast upstream port control device, this device comprises setup unit, determining unit and processing unit, wherein,
Described setup unit is used to set a corresponding relation, and described corresponding relation is a VLAN and the corresponding relation of the upstream port that allows multicast message to pass through;
Described determining unit when being used to receive multicast message, determines that whether described multicast message corresponding virtual local area network (LAN) conforms to described predefined corresponding relation, and will determine the described processing unit of result notification with the corresponding relation that receives upstream port;
Described processing unit, be used to receive definite result of described determining unit,, allow described multicast message to pass through if described multicast message corresponding virtual local area network (LAN) conforms to described predefined corresponding relation with the corresponding relation that receives upstream port, otherwise, abandon described multicast message.
The embodiment of the invention is by preestablishing a corresponding relation, and described corresponding relation is a VLAN and the corresponding relation of the upstream port that allows multicast message to pass through; When receiving multicast message, determine whether described multicast message corresponding virtual local area network (LAN) conforms to described predefined corresponding relation with the corresponding relation that receives upstream port, if, allow described multicast message to pass through, otherwise, described multicast message abandoned.The scheme that the embodiment of the invention provides, a port can only allow the multicast message of a particular vlan to pass through, also can allow the multicast message of a plurality of VLAN to pass through, or the multicast message that limits any VLAN passes through, can be as accurate as the multicast message restricted version on each VLAN, prevent the diffusion of the multicast message of unauthorized VLAN, improved internet security.
Description of drawings
Fig. 1 is a multicast upstream port restriction schematic diagram in the prior art;
Fig. 2 is the main realization principle flow chart of the embodiment of the invention 1;
Fig. 3 is the structural representation of the embodiment of the invention 2 generators.
Embodiment
The embodiment of the invention provides the essential idea of scheme to be: the restriction of multicast upstream port is not at all multicast messages, but on a port, for the multicast message of some VLAN, allows by this port; Then be dropped after arriving this port for the multicast message of other VLAN.In order to realize this essential idea, need be on equipment pre-defined permission receive the upstream port set of the multicast message of certain VLAN (might as well be called VLAN X), and as a kind of filtering policy, the forwarding behavior of the multicast message of receiving on the control port that belongs to this VLAN.Specifically, when certain port is received the multicast message of corresponding VLAN,, then directly abandon this multicast message if this port does not belong to the set of setting; Otherwise, carry out subsequent treatment.
Be explained in detail to the main realization principle of embodiment of the invention technical scheme, embodiment and to the beneficial effect that should be able to reach below in conjunction with each accompanying drawing.
As shown in Figure 2, the main realization principle process of the embodiment of the invention 1 is as follows:
As stated in the Background Art, switchport trunk Port can belong to a plurality of VLAN, can receive and sends the Frame that belongs to different VLAN.Therefore, when arriving same Trunk Port port for the multicast message of different VLAN, for the multicast message that makes part of V LAN by port in addition the multicast message of VLAN can not pass through this port, need on this port, carry out different settings.
When setting, need to set the corresponding upstream port that allows multicast message to pass through at different VLAN respectively at different VLAN.That is to say, at different VLAN, the set of the upstream port that setting permission multicast message passes through, the corresponding relation of the upstream port that formation VLAN and permission multicast message pass through.
In the corresponding relation here, the corresponding one or more upstream ports of each VLAN specifically can be VID with upstream port identify corresponding, can form the corresponding relation of VLAN and upstream port like this.Otherwise, upstream port also corresponding one or more VLAN, can form the corresponding relation of upstream port and VLAN equally.
When certain port receives multicast message, need to determine whether the VLAN of this multicast message correspondence and the corresponding relation of upstream port are contained in the set of setting, if, allow this multicast message to pass through, otherwise, this multicast message abandoned.
Step by step, need at first to determine whether this port is contained in the set of upstream port of setting, if represent that then this multicast message is allowed to enter corresponding VLAN by this upstream port and carries out multicast, thereby allow it to pass through this upstream port; Otherwise, abandon this multicast message.Here, because in the set of setting, allow multicast message on certain port by setting at VLAN, whether that is to say allow multicast message to pass through, whether the VLAN that also needs to judge this multicast message correspondence is to VLAN that should upstream port in the set, if, allow described multicast message to pass through, otherwise, described multicast message abandoned.
Here, the VLAN of multicast message correspondence can obtain by the VID that obtains this multicast message.
In the present embodiment 1, set a set at the upstream port that different VLAN allows multicast message to pass through, a VLAN and the corresponding relation that allows by the upstream port of multicast message have just been set, when receiving multicast message, judge whether this multicast message allows by this upstream port, thereby realize limiting at the multicast message of different VLAN; Can be as accurate as the multicast message restricted version on each VLAN, prevented the diffusion of the multicast message of unauthorized VLAN, improved internet security.
Still be example with Fig. 1, among the figure, can set in advance the port one that the multicast message of VLAN1 can slave unit A and enter, and the port one that the multicast message of VLAN2 can not slave unit A enters.This causes the multicast data message of VLAN2 just to be filtered when arriving port, and the multicast data message of VLAN1 then can carry out subsequent treatment.So can satisfy the multicast application demand of VLAN1 and VLAN2 simultaneously.
Present embodiment can be realized by hardware chip, also can realize by software.Such as for switch, many exchange chips can be supported the realization of present embodiment.Do not support the switch of present embodiment for exchange chip, present embodiment can be realized by software, is example with the 100M ethernet port, and surface speed forwarding on the software and packet filtering ability can be supported the realization and the practical application of the embodiment of the invention fully.
The foregoing description 1 is illustrated from the VLAN angle, and in fact, the embodiment of the invention also provides another multicast upstream port control method, is illustrated from the upstream port angle, and this method comprises:
Preestablish a set, described set is for allowing the set of multicast message by the VLAN of upstream port;
When described upstream port receives multicast message, determine whether described multicast message corresponding virtual local area network (LAN) is contained in the described set, if, allow described multicast message to pass through, otherwise, described multicast message abandoned.
In the present embodiment, on upstream port, set the set of a permission, just determine a upstream port and the corresponding relation that allows by the corresponding VLAN of multicast message by the VLAN of this upstream port.When this port receives multicast message, need the VLAN that confirms this multicast message correspondence whether to be included in the described set, whether the corresponding relation of just seeing upstream port and VLAN is included in the corresponding relation of setting, if, allow described multicast message to pass through, otherwise, abandon described multicast message.
In the present embodiment, still the VLAN with the multicast message correspondence can obtain by the VID that obtains this multicast message.
Correspondingly, the embodiment of the invention 2 also provides a kind of multicast upstream port control device, and as shown in Figure 3, this device comprises setup unit 100, determining unit 200 and processing unit 300, and is specific as follows,
When setting, need to set the corresponding upstream port that allows multicast message to pass through at different VLAN respectively at different VLAN.That is to say,, set to allow the set of the upstream port that multicast message passes through, like this, just can form the corresponding relation of the upstream port that VLAN and permission multicast message pass through at different VLAN.
In the corresponding relation here, the corresponding one or more upstream ports of each VLAN specifically can be VID with upstream port identify corresponding, can form the corresponding relation of VLAN and upstream port like this.Otherwise, upstream port also corresponding one or more VLAN, can form the corresponding relation of upstream port and VLAN equally.
Determining unit 200 when being used to receive multicast message, determines that whether described multicast message corresponding virtual local area network (LAN) conforms to described predefined corresponding relation, and will determine result notification processing unit 300 with the corresponding relation that receives upstream port.
When certain port receives multicast message, need at first to determine whether this port is contained in the set of upstream port of setting.Because in the set of setting, allow multicast message on certain port by setting at VLAN, that is to say whether allow multicast message to pass through, whether the VLAN that also needs to judge this multicast message correspondence is to VLAN that should upstream port in the set.
After having set the corresponding relation that VLAN and this VLAN allow the upstream port that multicast message passes through, then when receiving multicast message, need to determine whether the VLAN of this multicast message correspondence and the corresponding relation of upstream port are contained in the corresponding relation of setting.
Here, the VLAN of multicast message correspondence can obtain by the VID that obtains this multicast message.
Especially, above-mentioned setup unit 100 also is used to adjust described corresponding relation.
To sum up, the scheme that the embodiment of the invention provides, a port can only allow the multicast message of a particular vlan to pass through, and also can allow the multicast message of a plurality of VLAN to pass through, or the multicast message that limits any VLAN passes through; Can be as accurate as the multicast message restricted version on each VLAN, prevented the diffusion of the multicast message of unauthorized VLAN, improved internet security.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (10)
1, a kind of multicast upstream port control method is characterized in that, this method comprises:
Preestablish a corresponding relation, described corresponding relation is a VLAN and the corresponding relation of the upstream port that allows multicast message to pass through;
When receiving multicast message, determine whether described multicast message corresponding virtual local area network (LAN) conforms to described predefined corresponding relation with the corresponding relation that receives upstream port, if, allow described multicast message to pass through, otherwise, described multicast message abandoned.
2, the method for claim 1 is characterized in that, described multicast message corresponding virtual local area network (LAN) is determined by the VLAN ID that obtains in the multicast message;
Described corresponding relation is the corresponding relation that the VLAN and the corresponding relation of the upstream port that allows multicast message to pass through comprise the upstream port sign that VLAN ID and corresponding permission multicast message pass through.
3, the method for claim 1 is characterized in that, the corresponding relation of the upstream port that described VLAN and corresponding permission multicast message pass through comprises:
A VLAN is corresponding with the upstream port that one or more corresponding permission multicast messages pass through; Or
A upstream port that allows multicast message to pass through is corresponding with one or more VLANs.
4, as the arbitrary described method of claim 1~3, it is characterized in that, adjust described corresponding relation as required.
5, as the arbitrary described method of claim 1~3, it is characterized in that, determine by hardware or software whether described multicast message corresponding virtual local area network (LAN) conforms to described predefined corresponding relation with the corresponding relation that receives upstream port.
6, a kind of multicast upstream port control method is characterized in that, this method comprises:
Preestablish a set, described set is for allowing the set of multicast message by the VLAN of upstream port;
When described upstream port receives multicast message, determine whether described multicast message corresponding virtual local area network (LAN) is contained in the described set, if, allow described multicast message to pass through, otherwise, described multicast message abandoned.
7, method as claimed in claim 6 is characterized in that, described set comprises the VLAN ID of permission multicast message by upstream port;
Whether described definite described multicast message corresponding virtual local area network (LAN) is contained in the described set, comprising:
Obtain the VLAN ID of described multicast message, determine whether the VLAN ID of described multicast message is contained in the described set.
8, a kind of multicast upstream port control device is characterized in that, this device comprises setup unit, determining unit and processing unit, wherein,
Described setup unit is used to preestablish a corresponding relation, and described corresponding relation is a VLAN and the corresponding relation of the upstream port that allows multicast message to pass through;
Described determining unit when being used to receive multicast message, determines that whether described multicast message corresponding virtual local area network (LAN) conforms to described predefined corresponding relation, and will determine the described processing unit of result notification with the corresponding relation that receives upstream port;
Described processing unit, be used to receive definite result of described determining unit,, allow described multicast message to pass through if described multicast message corresponding virtual local area network (LAN) conforms to described predefined corresponding relation with the corresponding relation that receives upstream port, otherwise, abandon described multicast message.
9, device as claimed in claim 8 is characterized in that, described setup unit is used for setting at described corresponding relation the corresponding relation of VLAN ID and corresponding upstream port sign;
Described determining unit is used for determining whether the VLAN ID of described multicast message and the corresponding relation that receives the upstream port sign are contained in described predefined corresponding relation.
10, device as claimed in claim 8 is characterized in that, described setup unit also is used to adjust described corresponding relation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102234145A CN101404586A (en) | 2008-09-27 | 2008-09-27 | Control method and apparatus for multicast upstream port |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102234145A CN101404586A (en) | 2008-09-27 | 2008-09-27 | Control method and apparatus for multicast upstream port |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101404586A true CN101404586A (en) | 2009-04-08 |
Family
ID=40538464
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008102234145A Pending CN101404586A (en) | 2008-09-27 | 2008-09-27 | Control method and apparatus for multicast upstream port |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101404586A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103338152A (en) * | 2013-05-24 | 2013-10-02 | 杭州华三通信技术有限公司 | Multicast message forwarding method and main control board |
| CN106231533A (en) * | 2016-07-20 | 2016-12-14 | 华为技术有限公司 | The method and apparatus of short haul connection |
-
2008
- 2008-09-27 CN CNA2008102234145A patent/CN101404586A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103338152A (en) * | 2013-05-24 | 2013-10-02 | 杭州华三通信技术有限公司 | Multicast message forwarding method and main control board |
| CN103338152B (en) * | 2013-05-24 | 2017-12-08 | 新华三技术有限公司 | A kind of method for forwarding multicast message and master control borad |
| CN106231533A (en) * | 2016-07-20 | 2016-12-14 | 华为技术有限公司 | The method and apparatus of short haul connection |
| CN106231533B (en) * | 2016-07-20 | 2020-01-17 | 华为技术有限公司 | Method and apparatus for short-range communication |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9031069B2 (en) | Method, system, and apparatus for extranet networking of multicast virtual private network | |
| US8203943B2 (en) | Colored access control lists for multicast forwarding using layer 2 control protocol | |
| US20070025277A1 (en) | Optimal bridging over MPLS / IP through alignment of multicast and unicast paths | |
| CN101022394A (en) | Method for realizing virtual local network aggregating method and converging exchanger | |
| CN101262436B (en) | Multicast duplication method, device and line card | |
| CN102098167B (en) | Multicasting stream forwarding method, device and system | |
| CN101616014A (en) | A kind of method that realizes cross-virtual private local area network multicast | |
| CN103986658A (en) | Message output method and device | |
| CN103746922A (en) | Method and device for forwarding multicast messages | |
| CN1996956A (en) | L3 network device and method for multi-cast cross-VLAN forwarding | |
| CN102647359B (en) | Method for implementing network bridge IGMP (internet group management protocol) Snooping based on DSA TAG (digital signature algorithm tag) and user-defined protocol stack | |
| CN102368707B (en) | Method, equipment and system for multicast control | |
| Odi et al. | The proposed roles of VLAN and inter-VLAN routing in effective distribution of network services in Ebonyi State University | |
| CN103944886B (en) | A kind of realization method and system of port security | |
| CN101404586A (en) | Control method and apparatus for multicast upstream port | |
| CN102694734B (en) | Two-layer switching equipment realizes the method for multicast based on linux kernel bridge | |
| CN101247541B (en) | Method for implementing multimedia multicast service of mobile communications network | |
| CN1764188B (en) | Virtual multicast field controlled identification method and router participating method | |
| CN101409704B (en) | Method and apparatus for processing multicast member management protocol | |
| CN106302188A (en) | The multicast message transmission control method of a kind of switch device and device | |
| EP1953972A1 (en) | Method and date relay entity for relaying the date frame by the date relay entity | |
| CN100421410C (en) | Method for realizing mobile communication network multimedia enhancement service | |
| CN106375100A (en) | Multicast realization method and device in video monitoring system | |
| CN101184044A (en) | Packet processing method of multicast monitoring discovery protocol | |
| CN102195863A (en) | Multicasting realization method, access layer equipment and system under ring network framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090408 |