CN102195843B - Flow control system and method - Google Patents
Flow control system and method Download PDFInfo
- Publication number
- CN102195843B CN102195843B CN201010116760.0A CN201010116760A CN102195843B CN 102195843 B CN102195843 B CN 102195843B CN 201010116760 A CN201010116760 A CN 201010116760A CN 102195843 B CN102195843 B CN 102195843B
- Authority
- CN
- China
- Prior art keywords
- flow
- abnormal flow
- abnormal
- cleaning equipment
- mark
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a flow control system and method. The system provided by the invention comprises flow marking equipment, a shunting router and cleaning equipment, wherein the flow marking equipment identifies abnormal flow from the current flow and marks the abnormal flow; the shunting router routes the marked abnormal flow to the cleaning equipment; and the cleaning equipment cleans the abnormal flow. According to the invention, the abnormal flow can be cleaned, and the resource pressure of the cleaning equipment can be reduced.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of flow control system and method.
Background technology
In communication system, except normal service traffics, also may have the abnormal flows such as malicious attack, how carrying out abnormal flow control is the problem that various communication systems generally face.
At present, the scheme of carrying out abnormal flow control mainly contains two kinds, specifically refers to Fig. 1 and 2.
Fig. 1 is the first current abnormal flow control system structure chart.
As shown in Figure 1, this first abnormal flow control system comprises checkout equipment (DFI or DPI) 101, router one 02 and cleaning equipment 103.
Checkout equipment bypass section is wherein deployed in outside flow circuit, by light splitting or the mirror image mode flow that notes abnormalities, then notifies cleaning equipment to draw under fire whole flows of equipment by out-band method, by cleaning equipment, whole flows of equipment is under fire cleaned.
Cleaning equipment draws the under fire method of whole flows of equipment three kinds: method one, cleaning equipment is set up bgp neighbor, and broadcast host route makes router recalculate route table items, change former routed path and make under fire whole flows of equipment flow into cleaning equipments; Method two, the router policy route that checkout equipment or cleaning equipment change cleaning equipment access, makes under fire whole flows of equipment flow into cleaning equipment according to this strategy; Method three, the router policy route that checkout equipment or cleaning equipment change cleaning equipment access, makes under fire whole flows of equipment enter blackhole route, thereby abandons under fire whole flows of equipment.
Fig. 2 is the second current abnormal flow control system structure chart.
As shown in Figure 2, this second abnormal flow control system comprises router two 01, cleaning equipment 202 and management server 203.
From such scheme, the first abnormal flow control system need to be cleaned whole flows of equipment under fire, this can make on the one hand normal discharge in equipment under fire take the cleaning resource of cleaning equipment, strengthen the cleaning resource pressure of cleaning equipment, on the other hand, because abnormal flow control system is identified under fire whole flows of equipment according to the destination address of flow, after cleaning, the destination address of flow is constant, the cleaning equipment of the every aspect that therefore abnormal flow is flowed through all can clean abnormal flow, this can cause the problem that secondary cleaning is even repeatedly cleaned.
In the second abnormal flow control system, all flows all will pass through checkout equipment and cleaning equipment, and this can normal stream amount cause delay, affects service quality.
Summary of the invention
In view of this, the object of the embodiment of the present invention is to provide a kind of flow control system and method, abnormal flow is cleaned and to be reduced the resource pressure of cleaning equipment.
For achieving the above object, the technical scheme of the embodiment of the present invention is specifically achieved in that
A kind of flow control system, this system comprises flow marking arrangement, shunting router and cleaning equipment;
Described flow marking arrangement identifies abnormal flow from present flow rate, identifies this abnormal flow;
Described shunting router, routes to cleaning equipment by the abnormal flow of mark;
Described cleaning equipment, cleans abnormal flow.
A kind of flow control methods, the method comprises:
From present flow rate, identify abnormal flow, identify this abnormal flow;
The abnormal flow of mark is routed to cleaning equipment;
Cleaning equipment cleans abnormal flow.
As shown from the above technical solution, the present invention, by identify abnormal flow from present flow rate, identifies this abnormal flow, only the abnormal flow of mark is routed to cleaning equipment, can in cleaning abnormal flow, reduce the resource pressure to cleaning equipment.
Brief description of the drawings
Fig. 1 is the first current abnormal flow control system structure chart.
Fig. 2 is the second current abnormal flow control system structure chart.
Fig. 3 is first flow control system structure chart provided by the invention.
Fig. 4 is second amount control system structure chart provided by the invention.
Fig. 5 is abnormal flow cleaning method flow chart provided by the invention.
Embodiment
For making object of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is described in more detail.
Fig. 3 is first flow control system structure chart provided by the invention.
As shown in Figure 3, first flow control system provided by the invention comprises flow marking arrangement 301, shunting router three 02 and cleaning equipment 303.
Shunting router three 02, routes to cleaning equipment 303 by the abnormal flow of mark.
Conventionally, after cleaning equipment 303 cleans abnormal flow, the flow tag delete that flow after cleaning is comprised, then returns to shunting router three 02, and shunting router three 02 carries out route by flow after this cleaning according to normal discharge.
Described identification field can be any position except application data in data message, is generally TOS field or dscp field.
Identify abnormal flow by identification field is set, and identify abnormal flow by identification marking field, can avoid the full-text data bag of abnormal flow to analyze, saved the computational resource of shunting router three 02.
By abnormal flow is carried out to classification, and change abnormal flow mark after cleaning abnormal flow, can realize multistage cleaning.For example, abnormal flow is divided into small-scale, general scale and extensive, small-scale abnormal flow just can be completed by the less Access Layer cleaning equipment of ability, and corresponding mark can be set in the packet of this small-scale abnormal flow, represents to be cleaned by Access Layer cleaning equipment, large-scale abnormal flow need to be by the cleaning equipment of key stratum reticulare, the cleaning equipment of metropolitan area stratum reticulare and the cleaning equipment of Access Layer clean jointly, the Part I in this large-scale abnormal flow is squeezed into the first mark, represent to be cleaned by the cleaning equipment of key stratum reticulare, Part II in this large-scale abnormal flow is squeezed into the second mark, represent to be cleaned by the cleaning equipment of metropolitan area stratum reticulare, remainder in this large-scale abnormal flow is squeezed into the 3rd mark, represent to be cleaned by the cleaning equipment of Access Layer, wherein, as long as belonging to the flow of same link is cleaned by same cleaning equipment.
Clean by this classification to abnormal flow, can improve the efficiency that abnormal flow cleans.
When abnormal flow is carried out to classification cleaning, conventionally adopt 3 grades of cleanings, i.e. key level, provincial or metropolitan area level and access level is as follows with the corresponding formula of cleaning progression for mark figure place:
2
i-1=j, wherein, i represents mark figure place, j represents the maximum series that can dispose.
With TOS reserved place for example, as used TOS reserved place i=2, can meet maximum three grades of cleanings.In the time that reserved place is 00, represent not clean or cleaned, 11 represent one-level cleaning, and 10 represent 2 grades of cleanings, and 01 represents three grades of cleanings.
Shunting router three 02 wherein, its effect is that the abnormal flow of mark is shunted, from current all flows, separate normal discharge and abnormal flow according to described mark zone, because abnormal flow mark is arranged in header fields conventionally, therefore shunt router three 02 and conventionally possess the module that data packet header field is identified, separate abnormal flow by the cog region to header fields.
Shunting router three 02 can also route to corresponding cleaning equipment by abnormal flow according to the mark of abnormal flow, for example the extensive abnormal flow being labeled is routed to the first cleaning equipment, the general scale abnormal flow being labeled is routed to the second cleaning equipment, the small-scale abnormal flow being labeled is routed to the 3rd cleaning equipment.
In addition, shunting router three 02 can also possess the module that the flow of particular port inflow is carried out to assigned tags change, and for example, the flux scale after the cleaning that described the first cleaning equipment is sent is designated as normally.Preferably, the module that the mark of abnormal flow is changed is arranged in cleaning equipment, is changed accordingly having cleaned after abnormal flow, to simplify the structure of shunting router three 02 by cleaning equipment.
Adopt blacklist mode or white list mode or carry out the judgement of source address existence or carry out Denial of Service attack judgement or carry out Connection Proxy or identify attack signature or packet content is filtered.These modes are all prior aries, do not repeat herein.
Fig. 4 is second amount control system structure chart provided by the invention.
The amount control system of second shown in Fig. 4 has further comprised management equipment 404 on the control system of first flow shown in Fig. 3 basis.
Abnormal flow marking arrangement 301 and cleaning equipment 303 can also report management equipment 404 by abnormal flow mark situation and cleaning situation respectively.
Visible, by management equipment 404 is set, can mark and the cleaning of unified management to abnormal flow, mark situation and the cleaning situation that can also report according to abnormal flow marking arrangement 301 and cleaning equipment 303 generate corresponding form, are convenient to follow-up same management or improve cleaning strategy etc.
In Fig. 4, abnormal flow marking arrangement 301 and management equipment 404 communicate by letter and cleaning equipment 303 and communicating by letter of management equipment 404 adopt out-band method conventionally, general 1 hop distance that adopts between abnormal flow marking arrangement 301 and shunting router three 02, if but use IP head mark abnormal flow, the distance of shunting between router three 02 and abnormal flow marking arrangement 301 can be greater than 1 jumping, but this distance is limited to abnormal flow IP bag sealed in unit, such as VPN starting point, the Qos control appliance etc. of process being next time labeled.
Fig. 5 is abnormal flow cleaning method flow chart provided by the invention.
As shown in Figure 5, the method comprises:
Mark in this step hit refer to according to mark determine flow is issued to corresponding cleaning equipment.
As seen from the above technical solution, the present invention has the following advantages:
On detection efficiency, can reduce the once full bag to packet and detect, the network performance more at the larger bag number of flow improves successful.
On flow scheduling, this programme is schedules traffic accurately, avoids second traction, reduces the complexity of disposing, and improves detection efficiency.
Aspect dilatation, if need to add new cleaning equipment in system, or the cleaning capacity of change cleaning equipment, only need in checkout equipment, change the module of abnormal flow mark, less to system change, can realize the smooth expansion of system, occur under bottleneck circumstances in performance, by adding equipment, control mark reaches dilatation, avoids cutover.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any amendment of making, be equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.
Claims (10)
1. a flow control system, is characterized in that, this system comprises flow marking arrangement, shunting router and cleaning equipment;
Described flow marking arrangement identifies abnormal flow from present flow rate, identifies this abnormal flow;
Described shunting router, routes to cleaning equipment by the abnormal flow of mark;
Described cleaning equipment, cleans abnormal flow;
Wherein, described flow marking arrangement according to the ability of the scale of abnormal flow and cleaning equipment, arranges different marks for identifying the cleaning equipment that cleans this abnormal flow in the packet of this abnormal flow;
Described shunting router, for routing to corresponding cleaning equipment according to the mark of abnormal flow by abnormal flow;
Described cleaning equipment, cleans abnormal flow, and the mark of rear abnormal flow is cleaned in change.
2. system according to claim 1, is characterized in that,
Described flow marking arrangement, presets flow baseline, in the time that present flow rate exceedes this flow baseline, present flow rate is identified as to abnormal flow.
3. system according to claim 2, is characterized in that, described flow baseline is set above according to one in the application protocol of flow, IP address and port or two in advance;
Described flow marking arrangement, application protocol or IP address or the port of identification present flow rate, according to the flow baseline of current setting, whether identification present flow rate is abnormal flow.
4. system according to claim 1, is characterized in that,
Described flow marking arrangement, identification field is set in the packet of abnormal flow, and to identify this packet be abnormal flow packet;
Described shunting router identifies abnormal flow by identifying described identification field from present flow rate.
5. system according to claim 1, is characterized in that, this system further comprises management equipment, and described management equipment is connected with cleaning equipment with flow marking arrangement,
Described flow marking arrangement, according to management strategy identification abnormal flow and mark abnormal flow in described management equipment;
Described cleaning equipment, cleans abnormal flow according to the cleaning strategy in described management equipment.
6. a flow control methods, is characterized in that, the method comprises:
From present flow rate, identify abnormal flow, identify this abnormal flow;
The abnormal flow of mark is routed to cleaning equipment;
Cleaning equipment cleans abnormal flow;
Wherein, according to the ability of the scale of abnormal flow and cleaning equipment, different marks is set in the packet of this abnormal flow for identifying the cleaning equipment that cleans this abnormal flow;
Shunting router routes to corresponding cleaning equipment according to the mark of abnormal flow by abnormal flow;
Cleaning equipment cleans abnormal flow, and the mark of rear abnormal flow is cleaned in change.
7. method according to claim 6, is characterized in that, the described abnormal flow that identifies from present flow rate comprises:
Preset flow baseline, in the time that present flow rate exceedes this flow baseline, present flow rate is identified as to abnormal flow.
8. method according to claim 7, is characterized in that,
Described flow baseline is set above according to one in the application protocol of flow, IP address and port or two in advance, application protocol or IP address or the port of identification present flow rate, according to the flow baseline of current setting, whether identification present flow rate is abnormal flow.
9. method according to claim 6, is characterized in that, this abnormal flow of described mark comprises:
Identification field is set in the packet of abnormal flow, and to identify this packet be abnormal flow packet.
10. method according to claim 9, is characterized in that, the described identification field that arranges comprises:
TOS field is set or dscp field is set;
From present flow rate, identifying abnormal flow comprises:
From present flow rate, identify abnormal flow by identifying described identification field.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010116760.0A CN102195843B (en) | 2010-03-02 | 2010-03-02 | Flow control system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010116760.0A CN102195843B (en) | 2010-03-02 | 2010-03-02 | Flow control system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102195843A CN102195843A (en) | 2011-09-21 |
CN102195843B true CN102195843B (en) | 2014-06-11 |
Family
ID=44603260
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201010116760.0A Active CN102195843B (en) | 2010-03-02 | 2010-03-02 | Flow control system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102195843B (en) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103107948B (en) * | 2011-11-15 | 2016-02-03 | 阿里巴巴集团控股有限公司 | A kind of flow control methods and device |
CN103368858B (en) * | 2012-04-01 | 2016-01-20 | 百度在线网络技术(北京)有限公司 | The flow cleaning method that many strategy combinations load and device |
CN105763351B (en) * | 2014-12-17 | 2019-09-03 | 华为技术有限公司 | Dispose method, forwarding device, detection device and the management equipment of value-added service |
CN106534051B (en) * | 2015-09-11 | 2020-02-14 | 阿里巴巴集团控股有限公司 | Processing method and device for access request |
CN105282152B (en) * | 2015-09-28 | 2018-08-28 | 广东睿江云计算股份有限公司 | A kind of method of abnormal traffic detection |
CN105959253A (en) * | 2015-11-19 | 2016-09-21 | 中国银联股份有限公司 | Method and device for determining data flow to be cleaned |
CN107347056A (en) * | 2016-05-06 | 2017-11-14 | 阿里巴巴集团控股有限公司 | A kind of data processing method, apparatus and system |
CN106059939B (en) * | 2016-05-19 | 2019-12-06 | 新华三技术有限公司 | Message forwarding method and device |
CN107623663B (en) | 2016-07-15 | 2020-12-15 | 阿里巴巴集团控股有限公司 | Method and device for processing network flow |
CN106131031B (en) * | 2016-07-19 | 2020-03-10 | 北京兰云科技有限公司 | Method and device for cleaning and processing DDoS (distributed denial of service) flow |
CN106411910B (en) * | 2016-10-18 | 2019-04-05 | 优刻得科技股份有限公司 | A kind of defence method and system of distributed denial of service attack |
CN108123843B (en) * | 2016-11-28 | 2020-04-14 | 中国移动通信有限公司研究院 | Flow detection method, detection data processing method and device |
CN107360194A (en) * | 2017-09-07 | 2017-11-17 | 北京邮电大学 | The treating method and apparatus of network attack |
CN107733867B (en) * | 2017-09-12 | 2020-09-22 | 北京神州绿盟信息安全科技股份有限公司 | Botnet discovery and protection method, system and storage medium |
CN110049004B (en) * | 2019-03-03 | 2021-05-14 | 北京立思辰安科技术有限公司 | Method for generating white list baseline of industrial control environment traffic |
CN113794774A (en) * | 2021-09-15 | 2021-12-14 | 厦门畅合赢文化传媒有限公司 | Flow monitoring system based on new network audio-visual media |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101257416A (en) * | 2008-03-11 | 2008-09-03 | 南京邮电大学 | Networking type abnormal flow defense method based on combining network with host computer |
CN101431449A (en) * | 2008-11-04 | 2009-05-13 | 中国科学院计算技术研究所 | Network flux cleaning system |
CN101518021A (en) * | 2006-09-18 | 2009-08-26 | 阿尔卡特朗讯公司 | System and method of securely processing lawfully intercepted network traffic |
-
2010
- 2010-03-02 CN CN201010116760.0A patent/CN102195843B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101518021A (en) * | 2006-09-18 | 2009-08-26 | 阿尔卡特朗讯公司 | System and method of securely processing lawfully intercepted network traffic |
CN101257416A (en) * | 2008-03-11 | 2008-09-03 | 南京邮电大学 | Networking type abnormal flow defense method based on combining network with host computer |
CN101431449A (en) * | 2008-11-04 | 2009-05-13 | 中国科学院计算技术研究所 | Network flux cleaning system |
Also Published As
Publication number | Publication date |
---|---|
CN102195843A (en) | 2011-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102195843B (en) | Flow control system and method | |
CN101431449B (en) | Network flux cleaning system | |
CN103491095B (en) | Flow cleaning framework, device and flow lead, flow re-injection method | |
CN101364926B (en) | Method and apparatus for network protection | |
CN104954367B (en) | A kind of cross-domain ddos attack means of defence of internet omnidirectional | |
CN101124785B (en) | System and methods for network reachability detection | |
CN100450039C (en) | Fast convergence method and device of the end-to-end service | |
RU2520387C2 (en) | Method and device for link protection in virtual private local area network | |
CN101447913B (en) | Method and server for determining through optical path and system for establishing through optical path | |
CN101631089B (en) | Flow calculating method, flow calculating device and flow calculating system based on private network VPN | |
CN102123088B (en) | Set up the method and apparatus of traffic engineering tunnel | |
CN103053138A (en) | A device and method for egress packet forwarding using mesh tagging | |
CN106685823B (en) | A kind of flow cleaning method and device | |
CN103329469A (en) | Method of shrinking a data loss window in a packet network device | |
CN102833109A (en) | Positional information processing method and equipment of fault point | |
CN105591936B (en) | A kind of method and apparatus updating forwarding-table item | |
CN106961387A (en) | A kind of link type DDoS defence methods migrated certainly based on forward-path and system | |
CN101436976A (en) | Method, system and equipment for forwarding data frame | |
CN101815006B (en) | aggregation control method of links passing through provider network and system | |
CN102801738A (en) | Distributed DoS (Denial of Service) detection method and system on basis of summary matrices | |
CN108449314A (en) | A kind of flow lead method and apparatus | |
CN109995714A (en) | A kind of methods, devices and systems for disposing flow | |
CN103368844B (en) | Message processing method and LSR in MPLS network | |
CN103297340A (en) | Routing convergence method and device in multi-protocol label switching (MPLS) and border gateway protocol (BGP) networking | |
JP2003060681A (en) | Transmission system and transmitter |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |