CN101582888B - Method for creating neighbor discovery table item and server - Google Patents
Method for creating neighbor discovery table item and server Download PDFInfo
- Publication number
- CN101582888B CN101582888B CN2009100858153A CN200910085815A CN101582888B CN 101582888 B CN101582888 B CN 101582888B CN 2009100858153 A CN2009100858153 A CN 2009100858153A CN 200910085815 A CN200910085815 A CN 200910085815A CN 101582888 B CN101582888 B CN 101582888B
- Authority
- CN
- China
- Prior art keywords
- address
- prefix
- message
- list item
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method for creating a neighbor discovery (ND) table item, comprising the following steps: a DHCP v6 server generates a legal prefix table according to the assigned prefix; the DHCPv6 server generates an address binding table according to the received duplication address detection neighbor solicitation (DAD NS) message and the legal prefix table; the DHCPv6 server generates an ND table according to the received address resolution neighbor solicitation (NS)/neighbor advertisement (NA) messages and the address binding table. The invention further discloses a DHCPv6 server. The technical proposal of the invention can ensure the safety of the ND table item created by the DHCPv6 server.
Description
Technical field
The present invention relates to network communications technology field, refer to that especially a kind of neighbours of establishment find method and a kind of DHCPv6 server of list item.
Background technology
The DHCP (DHCPv6, Dynamic Host Configuration Protocol for IPv6) of supporting IPv6 be to the design of IPv6 addressing scheme, be the agreement of host assignment IPv6 address and other network configuration parameters.
DHCPv6 adopts the client/server communication pattern, proposes the configuration application by client to the DHCPv6 server, and the DHCPv6 server is returned as corresponding configuration informations such as client IP address allocated, to realize the dynamic-configuration of information such as IP address.Specifically may be summarized to be:
1) client initiatively initiates to implore (Solicit), and sending purpose toward this network segment is the multicast message of FF02::1:2;
2) if there is the DHCPv6 server in the subnet section, then respond announcement (Advertise) message, carry the sign and the priority information of DHCPv6 server in this notification packet.
3) client is collected the Advertise message that all DHCPv6 servers return at the appointed time, selects a DHCPv6 server according to priority information wherein.
4) client is sent request (Request) message to selected DHCPv6 server.
5) after corresponding D HCPv6 server is received the Request message, from the prefix pond, select a prefix, and return to client through replying (Reply) message.
6) client is according to the IPv6 address of the prefix in Reply message configuration self, and according to the parameter of other information configuration in the Reply message self.
7) when fixed time T1 arrives, client is sent (Renew) message of renewing a contract to the DHCPv6 server, for employed IP renews a contract; The DHCPv6 server returns the Reply message according to the binding situation, agrees to renew a contract.
8) if client does not re-use the IP address, during like user offline, client device sends the DHCP lease to the DHCPv6 server and discharges (Release) message; By the DHCPv6 server corresponding IP address is labeled as the free time, in order to follow-up reusing.
Neighbours find that (ND, Neighbor Discovery) agreement is the element of IPv6.The ND agreement uses five types the 6th version the Internet Internet Control Message Protocol (ICMPv6, Internet Control Message Protocol Version 6) message to realize following function: whether address resolution, checking neighbours can reach, duplicate address detection, the discovery of router discoverys/prefix, the address disposes automatically and be redirected etc.Five types the ICMPv6 packets that the ND agreement is used and act on as shown in table 1:
Table 1
The neighbours' address resolution and the duplicate address detection function that are realized in the face of the ND protocol massages are down carried out brief account:
1, address resolution
Address resolution is the link layer address that obtains the neighbor node on the same link, realizes through neighbor request message NS and neighbor advertisement message NA.
Fig. 1 is the sketch map of the address resolution procedure of prior art.As shown in Figure 1; Node A will obtain the link layer address of Node B; Then node A sends the NS message with the multicast mode; The source address of this NS message is the interface IPv6 address of node A, destination address be Node B by the requesting node multicast address, comprised link layer address in the message content as the node A of source link address; After Node B is received the NS message; Judge wherein destination address whether be own IPv6 address correspondence by the requesting node multicast address; If then the link layer address of Node B study node A generates corresponding N D list item; And return the NA message to node A with mode of unicast, comprised link layer address in this NA message as the Node B of source link address; Node A receives the NA message, therefrom obtains the link layer address of Node B, generates corresponding N D list item.
2, duplicate address detection (DAD)
After node gets access to an IPv6 address, need to use the duplicate address detection function to confirm whether this address is used by other nodes.
Fig. 2 is the sketch map of duplicate address detection process of the prior art.As shown in Figure 2, node A sends the NS message, and the source address of this NS message is unspecified address, with ":: " expression, destination address be IPv6 address to be detected corresponding by the requesting node multicast address, comprised IPv6 address to be detected in the NS content of message; If Node B has been used this IPv6 address to be detected, then can return the NA message, comprised the IPv6 address of Node B self in this NA message; Node A just knows this IPv6 address after receiving the NA message of Node B transmission, otherwise, explaining that then this address is not used, node A can use this IPv6 address.
At present; In enterprise's networking; Generally the DHCPv6 department server is deployed on the gateway device, below directly insert main frame through Layer 2 switch, main frame through the DHCPv6 agreement to DHVPv6 server application prefix; And generate oneself IP address, then through the address detected of conflicting of the duplicate address detection DAD mechanism in the ND agreement.At carrier network, also can dispose the DHCPv6 server in convergence-level, link to each other the address of couple in router application prefix and configuration oneself with each couple in router through Layer 2 switch.In the above-mentioned address configuration process,,, possibly cause attack for the ND list item of DHCPv6 server through the mode of forging the ND message if there is the adulterator on the main frame because the ND protocol massages all is expressly to transmit.For example, forge the NS message, make that the ND list item of DHCPv6 server is too much, perhaps forge the NA message, the ND list item of change DHCPv6 server has increased unsafe factor to network.
Suffer the problem of attack of counterfeit message easily to the ND list item of above-mentioned DHCPv6 server, adopted in the prior art with static address and distributed and " SEND " scheme.Wherein, the static address allocative decision is on access switch, to be directed against each possible connector, allocates the IPv6 address in advance, and itself and link address, access point are bound, and access point is the link layer tie point, like the port in the Ethernet.The SEND scheme is carried out encrypting and authenticating to the ND message, guarantees the mutual fail safe of ND, needs router and main frame all to support encrypting and authenticating.
But the static address allocative decision is disposed for large-scale IPv6, and management cost is higher, and the SEND scheme then needs current device and main frame upgrading IPv6 protocol stack, and to support the encrypting and authenticating process, the system that supports at present is few, lacks the possibility of deployment.
Therefore, need a new attack of counterfeit message that prevents, with the scheme of the ND list item safety that guarantees the DHCPv6 server.
Summary of the invention
The invention provides the method that a kind of neighbours of establishment find the ND list item, this method can guarantee the fail safe of the ND list item that the DHCPv6 server is created.
The present invention also provides a kind of DHCPv6 server, the fail safe of the ND list item that this DHCPv6 server can guarantee self to create.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
The invention discloses the method that a kind of neighbours of establishment find the ND list item, this method comprises:
Support IPv6 dynamic host configuration protocol DHCP v6 server to generate legal prefix table, the legal prefix in this legal prefix table is the prefix that the DHCPv6 server has distributed;
The DHCPv6 server receives duplicate address detection neighbor request DAD NS message; Prefix according to the purpose IP address in this DAD NS message is inquired about legal prefix table; Judge whether to be legal prefix; If legal prefix, then purpose IP address, source link address in this DAD NS message and the access point that receives this DAD NS message are added in the list item in the address binding table, and the state of this list item is changed to initial condition;
DHCPv6 server receiver address is resolved neighbor request NS/ neighbor advertisement NA message, according to source IP address, source link address in this address resolution NS/NA message and the access point inquire address binding table that receives this address resolution NS/NA message; If have consistent list item in the address binding table, and be initial condition, then the state with this list item is changed to known state, and creates the ND list item according to this address resolution NS/NA message.
The invention also discloses a kind of DHCPv6 server, this DHCPv6 server comprises: prefix table is set up module, memory module, module set up by the address binding table and the ND table is set up module, wherein,
Prefix table is set up module, is used for generating legal prefix table and is saved in memory module; Legal prefix in the said legal prefix table is the prefix that the DHCPv6 server has distributed;
Memory module is used to preserve legal prefix table, address binding table and ND table;
The address binding table is set up module; Be used to receive duplicate address detection neighbor request DAD NS message; Prefix according to the purpose IP address in this DAD NS message is inquired about legal prefix table, judges whether to be legal prefix, if legal prefix; Then purpose IP address, source link address in this DAD NS message and the access point that receives this DAD NS message are added in the list item in the address binding table, and the state of this list item is changed to initial condition;
The ND table is set up module; Be used for receiver address and resolve neighbor request NS/ neighbor advertisement NA message; According to source IP address, source link address in this address resolution NS/NA message and the access point inquire address binding table that receives this address resolution NS/NA message,, and be initial condition if there is consistent list item in the address binding table; Then the state with this list item is changed to known state, and creates the ND list item according to this address resolution NS/NA message.
Visible by technique scheme, this DHCPv6 server of the present invention generates legal prefix table, and the legal prefix in this legal prefix table is the prefix that the DHCPv6 server has distributed; The DHCPv6 server receives duplicate address detection neighbor request DAD NS message; Prefix according to the purpose IP address in this DAD NS message is inquired about legal prefix table; Judge whether to be legal prefix; If legal prefix, then purpose IP address, source link address in this DAD NS message and the access point that receives this DAD NS message are added in the list item in the address binding table, and the state of this list item is changed to initial condition; DHCPv6 server receiver address is resolved neighbor request NS/ neighbor advertisement NA message, according to source IP address, source link address in this address resolution NS/NA message and the access point inquire address binding table that receives this address resolution NS/NA message; If there is consistent list item in the address binding table; And be initial condition; Then the state with this list item is changed to known state; And create the technical scheme of ND list item according to this address resolution NS/NA message, and according to legal prefix of having distributed and the ND protocol massages that is listened to, the fail safe of the ND list item that has guaranteed to be created.
Description of drawings
Fig. 1 is the sketch map of the address resolution procedure of prior art;
Fig. 2 is the sketch map of duplicate address detection process of the prior art;
Fig. 3 is the flow chart of the method for a kind of ND of establishment list item of the embodiment of the invention;
Fig. 4 is the composition structured flowchart of a kind of DHCPv6 server of the embodiment of the invention.
Embodiment
Core concept of the present invention is: adopts the prefix assignment mode to realize the DHCPv6 server of address assignment,, creates the ND list item of safety through the prefix of intercepting the ND message and self distributing, and then the safety of assurance equipment and network.
For making the object of the invention, technical scheme and advantage clearer, below ginseng is to further explain of the present invention.
Fig. 3 is the flow chart of the method for a kind of ND of establishment list item of the embodiment of the invention.As shown in Figure 3, this method may further comprise the steps:
Legal in one embodiment of the invention prefix table is as shown in table 2:
| Legal prefix | The prefix bulletin sends the time | Prefix life cycle |
| Prefix 1 | T11 | T12 |
| Prefix 2 | T21 | T22 |
| …… | …… | …… |
Table 2
As shown in table 2, each list item of legal prefix table comprises: legal prefix, prefix bulletin sends time and prefix life cycle.The DHCPv6 server exceeds its corresponding prefix during life cycle in the prefix of a prefix entries, deletes this prefix entries.In addition, when the DHCPv6 server receives that the DHCP lease discharges message, discharge the prefix that message discharged, delete list item corresponding in the legal prefix table according to this DHCP lease.
In this step, the purpose IP address of DAD NS message is the IP address of pending collision detection.
In this step,, there is not corresponding prefix in the promptly legal prefix table, then with this DAD NS packet loss if the prefix of the purpose IP address in the DAD NS message is not legal prefix.Be only to set up the address binding table in the embodiment of the invention according to the legal DAD NS message of prefix.
Address binding table in embodiments of the present invention is as shown in table 3:
| The IP address | Link address | Access point | The list item state |
| IP1 | LA1 | ACP1 | Initially |
| IP2 | LA2 | ACP2 | Initially |
| …… | …… | …… | …… |
Table 3
As shown in table 3, each list item of address binding table comprises: Internet protocol IP address, link address, access point and list item state.Wherein, link address is the address of link layer protocol, like link corresponding address in the Ethernet; Access point is the link layer tie point, like port in the Ethernet etc.; The list item state is got a kind of in the following two states at any time: initial condition, known state.
In this step; The DHCPv6 server is according to IP address, link address in the address resolution NS/NA message that receives and when receiving the access point inquire address binding table of this address resolution NS/NA message; If there is not consistent list item in the address binding table; Then the HCPv6 server can directly abandon the address resolution NS/NA message that is received; Perhaps the HCPv6 server is created other ND list item of low level security according to address resolution NS/NA message, is about to its ageing time and is set to the ageing time less than the ND list item of ND agreement defined, to delete other ND list item of these low level security at first.
ND table in embodiments of the present invention is as shown in table 4:
| The IP address | Link address | Access point |
| IP1 | LA1 | ACP1 |
| IP2 | LA2 | ACP2 |
| …… | …… | …… |
Table 4
As shown in table 4, each list item of address binding table comprises: IP address, link address and access point.Certainly, table 4 just ND table one illustrate and with, the HCPv6 server also can be the same with prior art, the content of in the ND list item, adding other according to other information in the address resolution NS/NA message is like vlan information etc.
The ND list item of the DHCPv6 server of creating according to scheme shown in Figure 3 can guarantee its fail safe, and then can protect the fail safe of equipment and network.
In the method for establishment ND list item shown in Figure 3; The DHCPv6 server can also send address resolution NS message according to the IP address in the address binding list item that is in initial condition; If receive the NA message of response; The address binding list item that then will be in initial condition is changed to known state, and creates corresponding N D list item according to the NA message of being responded.For example; When the IP address is that the address binding list item of IP1 is when being initial condition; It is that (concrete message encapsulation can be referring to RFC4861 for the NS of destination address that the DHCPv6 server sends with IP1; 4.3 joint), if link address and access point in the address binding list item of the link address of the NA message of the said NS of response that the DHCPv6 server is received and access point and IP1 are consistent, then create corresponding N D list item.
In scheme shown in Figure 3; When expire the life cycle of a prefix in the legal prefix; The DHCPv6 server can be deleted the list item of this prefix from legal prefix table, at this moment, the DHCPv6 server also need be deleted the list item with this prefix matching from address binding table and ND table.For example, expire the life cycle of the prefix 1 in the legal prefix table, and then the DHCPv6 server is deleted prefix 1 corresponding list item from legal prefix table, and from address binding table and ND table, delete all list items of the prefix and prefix 1 coupling of IP address.
In addition; When the DHCPv6 server receives that the DHCP lease discharges message, can discharge the prefix that message discharged according to this DHCP lease, delete list item corresponding in the legal prefix table; At this moment, the DHCPv6 server also need be deleted list item in address binding table and the ND table and prefix matching this release.For example, the DHCP lease discharges the prefix 2 that message discharged, when then the DHCPv6 server is deleted prefix 2 corresponding list items from legal prefix table, and all list items that also prefix of deletion IP address and prefix 2 are mated from address binding table and ND table.
In scheme shown in Figure 3; Because the DHCPv6 server is guaranteed with the fail safe of the ND list item of being created; Therefore the ageing time of the ND list item that can be created of DHCPv6 server is set to, greater than the ageing time of the ND list item of ND agreement defined.As for than the ageing time of the ND list item of ND agreement defined big what can decide according to actual conditions.
Based on the foregoing description, provide the composition structured flowchart of a kind of DHCPv6 server among the present invention below.
Fig. 4 is the composition structured flowchart of a kind of DHCPv6 server of the embodiment of the invention.As shown in Figure 4, this DHCPv6 server comprises: prefix table is set up module 401, memory module 402, module 403 set up by the address binding table and the ND table is set up module 404, wherein:
Prefix table is set up module 401, is used for generating legal prefix table and is saved in memory module 402; Legal prefix in the said legal prefix table is the prefix that the DHCPv6 server has distributed;
The address binding table is set up module 403; Be used to receive duplicate address detection neighbor request DAD NS message; Prefix according to the purpose IP address in this DAD NS message is inquired about legal prefix table, judges whether to be legal prefix, if legal prefix; Then purpose IP address, source link address in this DAD NS message and the access point that receives this DAD NS message are added in the list item in the address binding table, and the state of this list item is changed to initial condition;
The ND table is set up module 404; Be used for receiver address and resolve neighbor request NS/ neighbor advertisement NA message; According to source IP address, source link address in this address resolution NS/NA message and the access point inquire address binding table that receives this address resolution NS/NA message,, and be initial condition if there is consistent list item in the address binding table; Then the state with this list item is changed to known state, and creates the ND list item according to this address resolution NS/NA message.
In Fig. 4; The ND table is set up module 404; Be further used for sending address resolution NS message according to the IP address in the address binding list item that is in initial condition; If receive the NA message of response, the address binding list item that then will be in initial condition is changed to known state, and creates the ND list item according to the NA message of being responded.
In Fig. 4; Prefix table is set up module 401; The life cycle that is further used for a prefix in legal prefix is when expiring, the list item of this prefix of deletion from legal prefix table, and the prefix Notify Address binding table of deletion is set up module 403 set up module 404 with the ND table; Also be further used for when receiving that the DHCP lease discharges message; Discharge the prefix that message discharged according to this DHCP lease; Delete prefix entries corresponding in the legal prefix table, and the prefix Notify Address binding table of deletion is set up module 403 set up module 404 with the ND table.The address binding list item is set up module 403, is further used for setting up the prefix that module 401 is notified according to prefix table the list item of deletion and this prefix matching from the address binding table.The ND table is set up module 404, is further used for setting up the prefix that module 401 is notified according to prefix table the list item of deletion and this prefix matching from the ND table.
In Fig. 4, ND table is set up module 404, and the ageing time of the ND list item that is further used for being created is set to, greater than the ageing time of the ND list item of ND agreement defined.
In Fig. 4; ND table is set up module 404, resolves neighbor request NS/ neighbor advertisement NA message at receiver address, according to source IP address, source link address in this address resolution NS/NA message and when receiving the access point inquire address binding table of this address resolution NS/NA message; If there is not consistent list item in the address binding table; Then be further used for, directly abandon the address resolution NS/NA message that is received, perhaps; Create the ND list item according to address resolution NS/NA message, and its ageing time is set to the ageing time less than the ND list item of ND agreement defined.
In sum, this DHCPv6 server of the present invention generates legal prefix table, and the legal prefix in this legal prefix table is the prefix that the DHCPv6 server has distributed; The DHCPv6 server receives duplicate address detection neighbor request DAD NS message; Prefix according to the purpose IP address in this DAD NS message is inquired about legal prefix table; Judge whether to be legal prefix; If legal prefix, then purpose IP address, source link address in this DAD NS message and the access point that receives this DAD NS message are added in the list item in the address binding table, and the state of this list item is changed to initial condition; DHCPv6 server receiver address is resolved neighbor request NS/ neighbor advertisement NA message, according to source IP address, source link address in this address resolution NS/NA message and the access point inquire address binding table that receives this address resolution NS/NA message; If there is consistent list item in the address binding table; And be initial condition; Then the state with this list item is changed to known state; And create the technical scheme of ND list item according to this address resolution NS/NA message, and according to legal prefix of having distributed and the ND protocol massages that is listened to, the fail safe of the ND list item that has guaranteed to be created.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention, all any modifications of within spirit of the present invention and principle, being made, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. create the method that neighbours find the ND list item for one kind, it is characterized in that, this method comprises:
Support IPv6 dynamic host configuration protocol DHCP v6 server to generate legal prefix table, the legal prefix in this legal prefix table is the prefix that the DHCPv6 server has distributed;
The DHCPv6 server receives duplicate address detection neighbor request DAD NS message; Prefix according to the purpose IP address in this DADNS message is inquired about legal prefix table; Judge whether to be legal prefix; If legal prefix, then purpose IP address, source link address in this DAD NS message and the access point that receives this DAD NS message are added in the list item in the address binding table, and the state of this list item is changed to initial condition;
DHCPv6 server receiver address is resolved neighbor request NS/ neighbor advertisement NA message, according to source IP address, source link address in this address resolution NS/NA message and the access point inquire address binding table that receives this address resolution NS/NA message; If have consistent list item in the address binding table, and be initial condition, then the state with this list item is changed to known state, and creates the ND list item according to this address resolution NS/NA message.
2. the method for claim 1 is characterized in that, this method further comprises:
The DHCPv6 server sends address resolution NS message according to the IP address in the address binding list item that is in initial condition; If receive the NA message of response; The address binding list item that then will be in initial condition is changed to known state, and creates the ND list item according to the NA message of being responded.
3. according to claim 1 or claim 2 method is characterized in that this method further comprises:
When expired the life cycle of a prefix in the legal prefix, the DHCPv6 server was deleted the list item of this prefix from legal prefix table, and from address binding table and ND table the list item of deletion and this prefix matching;
When the DHCPv6 server receives that the DHCP lease discharges message, discharge the prefix that message discharged according to this DHCP lease, delete list item corresponding in the legal prefix table, and the list item of the prefix matching of this release in deletion address binding table and the ND table.
4. according to claim 1 or claim 2 method is characterized in that this method further comprises:
The ageing time of the ND list item that the DHCPv6 server is created is set to, greater than the ageing time of the ND list item of ND agreement defined.
5. according to claim 1 or claim 2 method; It is characterized in that; The DHCPv6 server is according to IP address, link address in the address resolution NS/NA message that receives and when receiving the access point inquire address binding table of this address resolution NS/NA message; If there is not consistent list item in the address binding table, then this method further comprises:
The HCPv6 server directly abandons the address resolution NS/NA message that is received;
Perhaps, create the ND list item according to address resolution NS/NA message, and its ageing time is set to the ageing time less than the ND list item of ND agreement defined.
6. a DHCPv6 server is characterized in that, this DHCPv6 server comprises: prefix table is set up module, memory module, module set up by the address binding table and the ND table is set up module, wherein,
Prefix table is set up module, is used for generating legal prefix table and is saved in memory module; Legal prefix in the said legal prefix table is the prefix that the DHCPv6 server has distributed;
Memory module is used to preserve legal prefix table, address binding table and ND table;
The address binding table is set up module; Be used to receive duplicate address detection neighbor request DAD NS message; Prefix according to the purpose IP address in this DAD NS message is inquired about legal prefix table, judges whether to be legal prefix, if legal prefix; Then purpose IP address, source link address in this DAD NS message and the access point that receives this DAD NS message are added in the list item in the address binding table, and the state of this list item is changed to initial condition;
The ND table is set up module; Be used for receiver address and resolve neighbor request NS/ neighbor advertisement NA message; According to source IP address, source link address in this address resolution NS/NA message and the access point inquire address binding table that receives this address resolution NS/NA message,, and be initial condition if there is consistent list item in the address binding table; Then the state with this list item is changed to known state, and creates the ND list item according to this address resolution NS/NA message.
7. DHCPv6 server as claimed in claim 6 is characterized in that,
The ND table is set up module; Be further used for sending address resolution NS message according to the IP address in the address binding list item that is in initial condition; If receive the NA message of response; The address binding list item that then will be in initial condition is changed to known state, and creates the ND list item according to the NA message of being responded.
8. like claim 6 or 7 described DHCPv6 servers, it is characterized in that,
Prefix table is set up module, and the life cycle that is further used for a prefix in legal prefix is when expiring, the list item of this prefix of deletion from legal prefix table, and the prefix Notify Address binding table of deletion is set up module show to set up module with ND; Be further used for when receiving that the DHCP lease discharges message, discharging the prefix that message discharged, delete prefix entries corresponding in the legal prefix table, and the prefix Notify Address binding table of deletion is set up module show to set up module with ND according to this DHCP lease;
The address binding list item is set up module, is further used for setting up the prefix that module is notified according to prefix table the list item of deletion and this prefix matching from the address binding table;
The ND table is set up module, is further used for setting up the prefix that module is notified according to prefix table the list item of deletion and this prefix matching from the ND table.
9. like claim 6 or 7 described DHCPv6 servers, it is characterized in that,
Said ND table is set up module, and the ageing time of the ND list item that is further used for being created is set to, greater than the ageing time of the ND list item of ND agreement defined.
10. like claim 6 or 7 described DHCPv6 servers, it is characterized in that,
Said ND table is set up module; Resolve neighbor request NS/ neighbor advertisement NA message at receiver address; According to source IP address, source link address in this address resolution NS/NA message and when receiving the access point inquire address binding table of this address resolution NS/NA message,, then be further used for if there is not consistent list item in the address binding table; Directly abandon the address resolution NS/NA message that is received; Perhaps, create the ND list item according to address resolution NS/NA message, and its ageing time is set to the ageing time less than the ND list item of ND agreement defined.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100858153A CN101582888B (en) | 2009-06-01 | 2009-06-01 | Method for creating neighbor discovery table item and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100858153A CN101582888B (en) | 2009-06-01 | 2009-06-01 | Method for creating neighbor discovery table item and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101582888A CN101582888A (en) | 2009-11-18 |
| CN101582888B true CN101582888B (en) | 2012-04-18 |
Family
ID=41364851
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100858153A Active CN101582888B (en) | 2009-06-01 | 2009-06-01 | Method for creating neighbor discovery table item and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101582888B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101834778B (en) * | 2009-12-18 | 2013-10-16 | 中兴通讯股份有限公司 | Method for processing neighbor discovery protocol item and three-layer switching equipment |
| CN102244651B (en) * | 2010-05-14 | 2014-04-16 | 杭州华三通信技术有限公司 | Method for preventing attack of illegal neighbor discovery protocol message and access equipment |
| CN101888387B (en) * | 2010-07-14 | 2014-09-10 | 福建星网锐捷网络有限公司 | Method, device and snooping equipment for reestablishing binding table entry |
| CN102130905B (en) * | 2011-01-27 | 2015-09-16 | 中兴通讯股份有限公司 | A kind of method and device improving safety of neighbor discovery snooping |
| CN102209122A (en) * | 2011-05-18 | 2011-10-05 | 中兴通讯股份有限公司 | Method and system for automatically recovering after address duplication of IPv6 (Internet Protocol version 6) and node |
| CN102571592B (en) * | 2012-01-18 | 2016-02-24 | 神州数码网络(北京)有限公司 | There is three-layer switching equipment and the data message forwarding method of port binding function |
| CN102594882A (en) * | 2012-02-08 | 2012-07-18 | 神州数码网络(北京)有限公司 | Neighbor discovery proxy method and system based on Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) monitoring |
| CN104506437B (en) * | 2014-12-29 | 2018-08-24 | 新华三技术有限公司 | A kind of item establishing method and device |
| CN112887209B (en) | 2019-11-30 | 2023-06-20 | 华为技术有限公司 | Entry establishment method and related equipment for data transmission |
| CN115865800A (en) * | 2022-11-24 | 2023-03-28 | 深圳创维数字技术有限公司 | IPv6 address obtaining method and device and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1744528A (en) * | 2004-09-01 | 2006-03-08 | 华为技术有限公司 | Method for realizing user detection based on neightbour discovery technique |
| CN1866883A (en) * | 2005-10-19 | 2006-11-22 | 华为技术有限公司 | Method for carrying out consistency test on Internet protocol vesion 6 protocol suite |
-
2009
- 2009-06-01 CN CN2009100858153A patent/CN101582888B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1744528A (en) * | 2004-09-01 | 2006-03-08 | 华为技术有限公司 | Method for realizing user detection based on neightbour discovery technique |
| CN1866883A (en) * | 2005-10-19 | 2006-11-22 | 华为技术有限公司 | Method for carrying out consistency test on Internet protocol vesion 6 protocol suite |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101582888A (en) | 2009-11-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101582888B (en) | Method for creating neighbor discovery table item and server | |
| CN101656725B (en) | Method for implementing safety access and access equipment | |
| CN101572712B (en) | Method for preventing attack of counterfeit message and repeater equipment thereof | |
| US7414996B2 (en) | Address autoconfiguration in ad hoc networks | |
| KR100886433B1 (en) | IPv6 Support Method for Bridge Extension Using Wireless Communications System | |
| JP5459809B2 (en) | Method for obtaining the IP address of a dynamic host configuration protocol version 6 server, dynamic host configuration protocol version 6 server, and dynamic host configuration protocol version 6 communication system | |
| US20120324063A1 (en) | Method, network device, and system for automatically configuring network device in ipv6 network | |
| CN101552783B (en) | Method and apparatus for preventing counterfeit message attack | |
| WO2012146120A1 (en) | Method for forwarding response packet from dhcp server, forwarding device and system | |
| JP5241957B2 (en) | Method and apparatus for connecting a subscriber unit to an aggregation network supporting IPv6 | |
| CN103384282A (en) | Method for obtaining IPV6ND address and broadband remote access server (BARS) | |
| CN101110817B (en) | Method and system for address selection | |
| CN102752414B (en) | Method and equipment for releasing Internet protocol (IP)v6 address | |
| CN101808145A (en) | IP address distributing method and system | |
| CN108632198B (en) | Equipment management method and device | |
| KR100687746B1 (en) | Method and apparatus for preventing collision of address | |
| CN102986186A (en) | Method for terminal network element registration, terminal network element and router | |
| Colitti et al. | RFC 9663 Using DHCPv6 Prefix Delegation (DHCPv6-PD) to Allocate Unique IPv6 Prefixes per Client in Large Broadcast Networks | |
| CN105471615A (en) | Processing method and device of dynamic host configuration protocol (DHCP) information abnormality | |
| CN102377832A (en) | Policy management entity address acquisition method and equipment | |
| Long | Implementing DHCPv6 on an IPv6 network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address |