Background
SAVI (Source Address Validation Improvement) is a mechanism for validating a Source Address of a data packet, a Source Address spoofing message is filtered by using a binding example (the binding example binds a terminal IP Address, a terminal MAC (Media Access Control) Address and an Access port), whether the relation of the binding example is met is judged for the Source Address of the message from a terminal, if so, the message is allowed to pass, otherwise, the message is not allowed to pass.
In order to optimize the SAVI binding instance and the SAVI authentication process, a concept of an execution boundary is proposed, such as the execution boundary diagram shown in fig. 1, where a topological boundary is formed by SAVI devices (i.e., network devices capable of SAVI functions) and other network devices, traffic within the boundary does not require SAVI authentication, and traffic outside the boundary requires SAVI authentication; and the ports of the SAVI equipment are divided into a trust port and a verification port, the trust port does not verify the source address of the message, and the verification port needs to verify the source address of the message. The execution boundary reduces the storage number of binding examples, reduces the verification amount and improves the performance of the SAVI equipment by setting a trust port and a verification port and only detecting a source address for the verification port.
Taking fig. 1 as an example, trusted ports are located between the SAVI devices (SAVI 1, SAVI 2, SAVI 3, SAVI 4) and Switch a (Switch a), and between the SAVI devices, authenticated ports are located between SAVI 1 and terminals 1 and 2, authenticated ports are located between SAVI 2 and terminals 3, authenticated ports are located between SAVI 3 and terminals 4, and authenticated ports are located between SAVI 4 and Switch B (since SAVI 4 is connected to Switch B without SAVI function, and Switch B has connected under it terminals 5 and 6, and for authenticating traffic between terminals 5 and 6, authenticated ports are located between SAVI 4 and Switch B).
It should be noted that since the purpose of the SAVI is to control source address spoofing attacks, spoofing of source addresses is not allowed; when different SAVI devices have binding instances with the same source address, the flow cannot be normally forwarded, and the number of the binding instances of the SAVI devices is increased; the source address cannot create a binding instance on a different SAVI device.
But the case of creating binding instances for the same source address on different SAVI devices occurs: (1) when the method for acquiring the address by the terminal is stateless address allocation, different terminals may generate the same address; (2) an attacker may forge the same address; (3) the terminal moves among different SAVI devices. Therefore, to ensure that binding instances are not created for the same source address on different SAVI devices, the SAVI devices need to perform a consistency check of the binding instances to ensure that the source address is not reused.
In the prior art, an SAVI device monitors messages received from a verification port and a trust port, the SAVI device connected to a terminal establishes a SAVI binding instance for the terminal, and in order to maintain consistency of the binding instance, the SAVI device sends a DAD (Duplicate Address Detection) message in a broadcast manner through the trust port to check whether a source Address is repeatedly bound.
As shown in fig. 2, in the schematic diagram of the process of detecting consistency of an SAVI binding instance, when a terminal E connects to an SAVI device a, the terminal E indicates that it tries to own a source Address X through DAD _ NSOL (Duplicate Address Detection neighbor solicitation); when receiving the DAD _ NSOL, the SAVI device a records binding instance information (such as a source IP address, a source MAC address, an access port, etc., where no binding instance is created) of the source address X, and broadcasts the DAD _ NSOL through a trusted port; when receiving the DAD _ NSOL, the SAVI equipment B finds that the SAVI equipment B does not have a binding example of the source address X, and broadcasts the DAD _ NSOL through the trust port; when the SAVI device C receives the DAD _ NSOL, the SAVI device C discovers its binding instance with source address X, since the terminal F has indicated possession of source address X.
In order to verify whether the terminal F exists or not, the SAVI device C forwards the DAD _ NSOL message to the terminal F from the verification port, if the terminal F exists, the terminal F responds to DAD _ NADV (Duplicate Address detection Neighbor Advertisement), the DAD _ NADV is sent to the SAVI device A by the SAVI device C, the SAVI device A considers that the terminal E and the terminal F try to have the same source address, deletes the binding example information of the source address X, forwards the DAD _ NADV to the terminal E, and the terminal E needs to regenerate a new source address after receiving the DAD _ NADV.
However, since DAD _ NSOL and DAD _ NADV are broadcast messages, the broadcast messages need to reach all SAVI devices through trusted ports, and when a terminal frequently moves among the SAVI devices, the broadcast messages among the SAVI devices are heavily loaded. Moreover, when the SAVI device is restarted, the binding instance on the SAVI device may be lost, and then the data packet will be discarded, which affects the normal transmission of data.
Disclosure of Invention
The invention provides a method and equipment for detecting repeatability of a source address, which are used for reducing the load among SAVI (software architecture virtualization infrastructure) equipment and ensuring normal transmission of data.
In order to achieve the above object, the present invention provides a method for detecting source address repeatability, comprising the following steps:
a first SAVI device receives a message sent by a terminal, if the SAVI binding example of the message source address is not locally stored, a second SAVI device recording the storage information of the SAVI binding example is determined, a source address repeatability detection message inquiring the existence information of the SAVI binding example is sent to the second SAVI device, if the source address repeatability detection message is not received within preset time, the first SAVI device locally establishes the SAVI binding example of the source address, otherwise, the SAVI binding example of the source address is not established;
after the second SAVI device receives the source address repeatability detection message of the first SAVI device, which is used for inquiring the existence information of the SAVI binding instance, if the storage information of the SAVI binding instance is not locally recorded, the information of the SAVI binding instance stored in the first SAVI device is locally recorded; if the SAVI binding instance storage information is locally recorded, the SAVI equipment storing the SAVI binding instance is judged according to the SAVI binding instance storage information, and if the SAVI binding instance storage information is third SAVI equipment, a source address repeatability detection message for inquiring whether the message source address is repeated is sent to the third SAVI equipment; if the second SAVI equipment does not receive the source address repeated message within the preset time, locally recording the information stored in the first SAVI equipment by the SAVI binding instance, and otherwise, sending the received source address repeated message to the first SAVI equipment;
and after receiving a source address repeatability detection message of the second SAVI equipment for inquiring whether the message source address is repeated, the third SAVI equipment inquires a terminal corresponding to the source address, and sends a source address repetition message to the second SAVI equipment if the source address is repeated.
The determining, by the first SAVI, a second SAVI device that records the SAVI binding instance storage information specifically includes: and the first SAVI equipment obtains an address identifier through the HASH calculation of the message source address, and determines second SAVI equipment for recording the SAVI binding instance storage information according to the relationship between the address identifier and the SAVI equipment identifier.
Determining a second SAVI device recording the SAVI binding instance storage information according to the relationship between the address identifier and the SAVI device identifier, which specifically comprises: the first SAVI equipment determines that the second SAVI equipment is SAVI equipment with an SAVI equipment identification which is larger than the address identification and has the smallest difference with the address identification; or, the first SAVI device determines that the second SAVI device is a SAVI device whose SAVI device identity is smaller than the address identity and whose difference from the address identity is the smallest.
The SAVI equipment identifications are notified to other SAVI equipment by each SAVI equipment in a broadcasting mode, the first SAVI equipment locally records each SAVI equipment identification after receiving the broadcasting notification of each SAVI equipment, and the SAVI equipment identifications are obtained through Hash calculation.
A source address repeatability detection apparatus, comprising:
the receiving module is used for receiving the message sent by the terminal; receiving a source address repeatability detection message for inquiring the SAVI binding example existence information of the message source address; receiving a source address repeatability detection message for inquiring whether the message source address is repeated;
the processing module is used for determining the SAVI equipment for recording the storage information of the SAVI binding instance when the SAVI binding instance of the message source address is not locally stored after receiving the message sent by the terminal; when a source address repeated message is not received within preset time, an SAVI binding example of the source address is established locally, otherwise, the SAVI binding example of the source address is not established;
after receiving a source address repeatability detection message for inquiring the SAVI binding instance existence information of the message source address, locally recording the information of the SAVI binding instance stored in the SAVI equipment receiving the message of the terminal when the SAVI binding instance storage information is not locally recorded or the source address repeatability message is not received within a preset time; when the SAVI binding instance storage information is locally recorded, the SAVI equipment storing the SAVI binding instance is judged according to the SAVI binding instance storage information;
after receiving a source address repeatability detection message for inquiring whether the message source address is repeated, inquiring a terminal corresponding to the source address;
a sending module, configured to send a source address repeatability detection message for querying presence information of the SAVI binding instance; sending a source address repeatability detection message for inquiring whether the message source address is repeated; and sending the source address repeated message.
The processing module is specifically configured to obtain an address identifier through calculation of the message source address HASH, and determine the SAVI device that records the storage information of the SAVI binding instance according to a relationship between the address identifier and the SAVI device identifier.
The processing module is further configured to determine that the SAVI device that records the storage information of the SAVI binding instance is a SAVI device whose SAVI device identifier is greater than the address identifier and whose difference from the address identifier is minimum; or determining that the SAVI equipment recording the SAVI binding instance storage information is SAVI equipment with an SAVI equipment identifier smaller than the address identifier and with the minimum difference with the address identifier.
The SAVI equipment identifications are notified to other SAVI equipment by each SAVI equipment in a broadcasting mode, and after the broadcasting notification of each SAVI equipment is received, each SAVI equipment identification is locally recorded, and the SAVI equipment identifications are obtained through Hash calculation.
Compared with the prior art, the invention has at least the following advantages:
by maintaining the binding instance information of the same source address on the two SAVI devices, the load between the SAVI devices can be reduced, and the normal transmission of data is ensured.
Detailed Description
The invention provides a method for detecting source address repeatability, which is applied to a network system comprising a plurality of SAVI devices, and takes figure 3 as a reference network schematic diagram of the invention, wherein SAVI devices A, SAVI, B, SAVI, C, SAVI, D, SAVI, E are network devices (such as switches, routers and the like) which enable SAVI functions, trust ports are arranged among the SAVI devices, verification ports are arranged between a terminal A and the SAVI devices A, and verification ports are arranged between a terminal B and the SAVI devices C.
In the invention, each SAVI device can have an access function and a storage function; the access function is used for establishing an SAVI binding example for the source address of the terminal, filtering a source address deception message by using the binding example, allowing the message of which the source address meets the binding example to pass through, and filtering the message of which the source address does not meet the binding example; the storage function is used to store information of which SAVI device a binding instance of a certain source address is located in, and at this time, a mapping relationship between the source address and the device identifier needs to be established. For example, for the source address of the terminal a, an access function of the SAVI device a may be used to establish a SAVI binding instance for the source address, and a storage function of the SAVI device D may be used to establish a mapping relationship between the source address and the device identifier.
In order to implement the above functions, each SAVI device may calculate a device identifier (the number of bits of the device identifier may be selected according to actual conditions, for example, 128 bits) by using device information (such as an IP address and a name of the SAVI device) HASH, where all SAVI devices have a 128-bit device identifier.
Based on the device identifier of each SAVI device, each SAVI device needs to obtain the device identifiers of other SAVI devices, and maintain a SAVI device list, where the device identifiers of other SAVI devices and the export information between the SAVI devices are recorded in the SAVI device list. For example, the SAVI device list of SAVI device a has recorded therein: the device identification of the SAVI device B and the egress information to the SAVI device B, and so on. The message transmission can be carried out between the SAVI devices by utilizing the information maintained in the SAVI device list; for example, when the SAVI device a sends a message to the SAVI device C, the message may be sent to the SAVI device C based on the device identifier of the SAVI device C and the egress information that reaches the SAVI device C.
The device identification of other SAVI devices can be obtained through manual configuration or automatic configuration, and the manual configuration can be prioritized over the automatic configuration. The manual configuration mode is suitable for the situation that the SAVI equipment is few, and the equipment identifiers of other SAVI equipment are directly configured on the SAVI equipment. The automatic configuration mode is suitable for the conditions that SAVI equipment is more and the SAVI equipment is unstable, each SAVI equipment periodically broadcasts the own equipment identifier through a trusted port, the SAVI equipment receiving the broadcast message maintains an SAVI equipment list, a timer is set for each SAVI equipment, the broadcast message of the SAVI equipment is received before the timer is overtime, the record of the SAVI equipment is continuously maintained, and the record of the SAVI equipment is deleted from the SAVI equipment list when the timer is overtime and the broadcast message of the SAVI equipment is not received.
For the broadcast message carrying the device identifier, the message format diagram shown in fig. 4 may be adopted, where a first Type field indicates a frame Type, and a Type of 8888 indicates an SAVI data frame. The second Type field describes the Type of the SAVI message, the Type of the SAVI message is 0, the SAVI device requests the device identifiers of other SAVI devices, the destination MAC address is a broadcast address, and the SAVI Identifier fields are all 0; type is 1, which indicates that the SAVI device broadcasts the device Identifier of the SAVI device, the message is a response of Type 0 or a heartbeat for maintaining the device Identifier of the SAVI device, the destination MAC address is a broadcast address, and the SAVI Identifier is an SAVI device Identifier; the Type of 2 indicates that the SAVI device encapsulates the packet, that is, data from the terminal is filled in the Padding field. The Length field describes the Length from the second Type to the end of Padding. The SAVI Identifier describes a device identification of the SAVI device.
It should be noted that the above values (e.g. Type is 8888, Type is 1, etc.) are only for convenience of description, and can be adjusted in practical applications; in addition, in order to maintain the SAVI device list, the SAVI device may send a message with a Type of 0 and a Type of 1 multiple times (for example, 3 times).
When an SAVI device accesses a network, the SAVI device requests the device identifiers of other SAVI devices by using the broadcast message with the Type of 0, and broadcasts the message carrying the device identifier of the SAVI device by using the broadcast message with the Type of 1. Thus, the SAVI device may maintain a SAVI device list, and other SAVI devices may update the device identification of the SAVI device into their own SAVI device list.
It should be noted that, before broadcasting the message carrying the device identifier of the SAVI device, the SAVI device may further determine whether the device identifiers of the other SAVI devices are the same as the device identifier of the SAVI device, and if not, the message is broadcasted; if the two SAVI devices are the same, the HASH obtains a new device identifier by negating the IP address of the device, and continuously judges whether the new device identifier is the same as the device identifiers of the other SAVI devices, if not, the message is broadcast; if the two are the same, an error is reported and a log is recorded, and an administrator is prompted to configure the equipment identifier.
Taking the device id of the SAVI device a is IDa, the device id of the SAVI device B is IDb, the device id of the SAVI device C is IDc, the device id of the SAVI device D is IDd, and the device id of the SAVI device E is IDe as an example, as shown in fig. 5, the device ids are distributed in a 128-bit address space, the device id values increase clockwise, and IDa < IDb < IDc < IDd < IDe.
In order to establish a mapping relationship between a source address and a device identifier on an SAVI device, (1) a specific device (such as an SAVI device D) can be selected to establish a mapping relationship between all source addresses and device identifiers; (2) the method comprises the steps that the SAVI equipment with the equipment identifier larger than the address identifier (the address identifier calculated by utilizing source address information HASH, the equipment identifier and the address identifier are numerical values with the same number of bits, such as the address identifier is also 128 bits) and the difference with the address identifier is minimum is selected to establish the mapping relation between the source address and the equipment identifier, for example, when the address identifier of the source address of the terminal A is positioned between IDb and IDc, the SAVI equipment C establishes the mapping relation between the source address of the terminal A and IDa; (3) selecting the SAVI equipment with the equipment identifier smaller than the address identifier and the minimum difference with the address identifier to establish the mapping relation between the source address and the equipment identifier, namely, the SAVI equipment A establishes the mapping relation between all the source addresses and the equipment identifiers of the address identifier positioned between IDa and IDb, and so on, the SAVI equipment E establishes the mapping relation between all the source addresses and the equipment identifiers of the address identifier positioned between [ IDe, 2^128) and [0, IDa); for example, when the address identifier of the source address of the terminal a is located between IDb and IDc, the SAVI device B establishes a mapping relationship between the source address of the terminal a and IDa.
It should be noted that, when the method (2) or the method (3) is adopted, if an SAVI device (e.g., the SAVI device F) joins the network (receives the broadcast message carrying the device identifier IDf of the SAVI device F) or an SAVI device (e.g., the SAVI device E) leaves the network (does not receive the broadcast message of the SAVI device E for a predetermined time), the storage device in the mapping relationship between the source address and the IDa may be changed. If the method (3) is adopted, if IDf is located between IDa and IDb, the mapping relationship between all source addresses and device identifiers located between IDf and IDb of the address identifiers is to be established by the SAVI device F (previously established by the SAVI device a); the mapping relationship recorded on the SAVI device E will also be established by other SAVI devices.
Therefore, the storage location of the mapping relationship between the SAVI devices may be adjusted, for example, when the mapping relationship of the address 2 is recorded by the SAVI device a currently, after the SAVI device F joins the network, when it is known that the mapping relationship of the address 2 needs to be recorded by the SAVI device F according to the device identifier and the address identifier of the address 2, the SAVI device a may send the mapping relationship of the address 2 (may send by using a DAD _ NSOL packet) to the SAVI device F, the SAVI device F records the mapping relationship of the address 2, and the SAVI device a deletes the mapping relationship of the address 2 recorded by the SAVI device a.
Based on the SAVI device list maintained on each SAVI device, as shown in fig. 6, the method comprises the steps of:
step 601, a first SAVI device (e.g., SAVI device a) receives a message from a terminal (e.g., terminal a). If the SAVI equipment A records the SAVI binding example of the message source address, executing the existing filtering process, which is not described again; if the SAVI device a does not store the SAVI binding instance of the source address of the message, the binding instance information of the source address is recorded, and step 602 is executed.
In step 602, the first SAVI device determines a second SAVI device that records the SAVI binding instance storage information of the source address (address 1 is taken as an example).
Specifically, the SAVI equipment A calculates by using the address 1HASH to obtain an address identifier, and determines second SAVI equipment according to the equipment identifiers and the address identifiers of other SAVI equipment; for example, when an SAVI device with a device identifier larger than the address identifier and with the smallest difference with the address identifier is selected to establish a mapping relationship between a source address and the device identifier, determining that the second SAVI device is the SAVI device with the device identifier larger than the address identifier and with the smallest difference with the address identifier; and when the SAVI equipment with the equipment identifier smaller than the address identifier and the minimum difference with the address identifier is selected to establish the mapping relation between the source address and the equipment identifier, determining that the second SAVI equipment is the SAVI equipment with the equipment identifier smaller than the address identifier and the minimum difference with the address identifier.
In practical application, the first SAVI device may further determine that the designated device is a second SAVI device; for example, when the SAVI device D is used to record whether there is a binding instance for establishing active address information on the SAVI device, the second SAVI device is the SAVI device D.
Taking the second SAVI device as the SAVI device whose device identifier is smaller than the address identifier and whose difference from the address identifier is the minimum, the SAVI device a obtains a 128-bit address identifier X through the HASH address 1, and compares the address identifier X with each device identifier by searching the SAVI device list to obtain IDd < X < IDe, thereby determining the second device as the SAVI device D.
Step 603, the first SAVI device sends a source address repeatability detection message for querying presence information of the SAVI binding instance (i.e., whether the SAVI binding instance exists and the SAVI device in which the SAVI binding instance exists) to the second SAVI device.
It should be noted that the message from the terminal may be a DAD _ NSOL message or a data message, and for the DAD _ NSOL message, the SAVI device a packages the message into a source address repeatability detection message of Type 2 through a trusted port (known from the SAVI device list) and sends the source address repeatability detection message to the SAVI device D; and for the data message, the SAVI equipment A caches the data message, sends a source address repeatability detection message to the second SAVI equipment, and sends the cached data message if the source address is not repeated subsequently, or discards the cached data message.
In the invention, the source address repeatability detection message for inquiring the existence information of the SAVI binding instance can be a message encapsulated with DAD _ NSOL, and the destination MAC address of the message is the MAC address of the second SAVI device.
Step 604, the second SAVI device determines whether a SAVI binding instance with address 1 is recorded according to the SAVI binding instance storage information; if not, go to step 605, otherwise, go to step 606.
Whether an SAVI binding instance of the source address exists is represented on the SAVI device D by maintaining the corresponding relationship (not including the MAC address and the access port information) between the device identifier and the source address of the SAVI device, and if the SAVI device D has an address 1 and a corresponding device identifier, the SAVI binding instance of the address 1 on the SAVI device corresponding to the device identifier is described. For example, when the corresponding relationship between the address 1 and the IDc is recorded on the SAVI device D, the SAVI device C has a SAVI binding instance with the address 1.
It should be noted that, after the SAVI device D receives the source address repeatability detection message for querying the presence information of the SAVI binding instance from the trusted port, if the destination MAC address of the source address repeatability detection message is the MAC address of itself, the above step 604 is executed; otherwise, the source address repeatability detection is continuously sent according to the destination MAC address of the source address repeatability detection message.
Step 605, the second SAVI device records the SAVI binding instance with the address 1 established on the first SAVI device, and the first SAVI device establishes the SAVI binding instance by using the address 1. For example, the SAVI device D records the corresponding relationship between address 1 and IDa, and the SAVI device a establishes a SAVI binding instance by using binding instance information such as address 1.
It should be noted that the SAVI device D may not return a response message to the SAVI device a, and on the SAVI device a, if a source address duplicate message is not received within a predetermined time, the SAVI device a directly establishes a SAVI binding instance locally using the address 1.
In step 606, the second SAVI device determines, according to the SAVI binding instance storage information, that the SAVI device having the address 1 of the SAVI binding instance is the third SAVI device (e.g., SAVI device C).
The SAVI device D may directly determine, by using the correspondence between the device identifier and the address 1, that the SAVI binding instance with the address 1 is established on the third SAVI device, and execute step 607.
In practical application, when the SAVI device a loses the SAVI binding instance due to a restart or the like, the SAVI device D may also know that the address 1 of the SAVI device a is established on the SAVI device D, and notify the SAVI device a to establish the SAVI binding instance by using the address 1; or ending the process, and establishing the SAVI binding example after the SAVI equipment A does not receive the source address repeated message within the preset time.
In step 607, the second SAVI device sends a source address duplication detection message (i.e., DAD _ NSOL message) for inquiring whether the message source address is duplicated to the third SAVI device.
In step 608, the third SAVI device queries whether address 1 is in use, and if so, performs step 609, otherwise, performs step 610.
If the SAVI device C does not have the SAVI binding instance corresponding to the address 1, the address 1 is not used; if the SAVI device C has a SAVI binding instance corresponding to the address 1, the SAVI device C forwards the DAD _ NSOL packet from the verification port to the corresponding terminal in order to verify whether the terminal corresponding to the address 1 exists, and if the corresponding terminal exists, the SAVI device C receives the DAD _ NADV, which indicates that the address 1 is in use, otherwise, indicates that the address 1 is not in use.
Step 609, the third SAVI device sends a source address duplicate message (such as DAD _ NADV) to the second SAVI device, the second SAVI device sends the source address duplicate message to the first SAVI device, and after receiving the source address duplicate message, the first SAVI device learns that the terminal a does not allow to use the address 1, deletes the binding instance information of the address 1, does not establish the SAVI binding instance of the address 1, forwards the source address duplicate message to the terminal a, and the terminal a needs to regenerate a new address.
Step 610, the second SAVI device records the SAVI binding instance with address 1 established on the first SAVI device, and the address 1 of the first SAVI device establishes the SAVI binding instance.
If the SAVI equipment D does not receive the source address repeated message within the preset time, the fact that the address 1 is not used is known, the SAVI equipment D updates the corresponding relation between the address 1 and the equipment identifier of the SAVI equipment C into the corresponding relation between the address 1 and the equipment identifier of the SAVI equipment A, namely, an SAVI binding example with the address 1 established on the SAVI equipment A is recorded; if the SAVI equipment A does not receive the message for informing the terminal that the use of the address 1 is not allowed within the preset time, the SAVI binding example is established by using the address 1.
It should be noted that the predetermined time can be realized by waiting for the DAD _ NADV timer to time out, and the setting of the waiting DAD _ NADV timer of each SAVI device needs to be consistent.
Based on the same inventive concept as the above method, the present invention further provides a source address repeatability detection apparatus, as shown in fig. 7, including:
a receiving module 11, configured to receive a message sent by a terminal; receiving a source address repeatability detection message for inquiring the SAVI binding example existence information of the message source address; receiving a source address repeatability detection message for inquiring whether the message source address is repeated;
a processing module 12, configured to determine, after receiving a message sent by a terminal, an SAVI device that records storage information of an SAVI binding instance when the local SAVI binding instance that stores a source address of the message is not available; when a source address repeated message is not received within preset time, an SAVI binding example of the source address is established locally, otherwise, the SAVI binding example of the source address is not established;
after receiving a source address repeatability detection message for inquiring the SAVI binding instance existence information of the message source address, locally recording the information of the SAVI binding instance stored in the SAVI equipment receiving the message of the terminal when the SAVI binding instance storage information is not locally recorded or the source address repeatability message is not received within a preset time; when the SAVI binding instance storage information is locally recorded, the SAVI equipment storing the SAVI binding instance is judged according to the SAVI binding instance storage information;
after receiving a source address repeatability detection message for inquiring whether the message source address is repeated, inquiring a terminal corresponding to the source address;
a sending module 13, configured to send a source address repeatability detection message for querying presence information of the SAVI binding instance; sending a source address repeatability detection message for inquiring whether the message source address is repeated; and sending the source address repeated message.
The processing module 12 is specifically configured to obtain an address identifier through calculation of the message source address HASH, and determine, according to a relationship between the address identifier and an SAVI device identifier, the SAVI device that records the storage information of the SAVI binding instance.
The processing module 12 is further configured to determine that the SAVI device that records the storage information of the SAVI binding instance is a SAVI device that has a SAVI device identifier that is greater than the address identifier and has a minimum difference from the address identifier; or determining that the SAVI equipment recording the SAVI binding instance storage information is SAVI equipment with an SAVI equipment identifier smaller than the address identifier and with the minimum difference with the address identifier.
The SAVI equipment identifications are notified to other SAVI equipment by each SAVI equipment in a broadcasting mode, and after the broadcasting notification of each SAVI equipment is received, each SAVI equipment identification is locally recorded, and the SAVI equipment identifications are obtained through Hash calculation.
In addition, to further illustrate the source address repeatability detection device shown in fig. 7, based on the same inventive concept as the method, the source address repeatability detection device may be in the role of a first SAVI device, a second SAVI device, and a third SAVI device, and includes: the device comprises a receiving module, a determining module, a sending module, a recording module and an establishing module;
when the role of the source address repeatability detection device is used as a first SAVI device, the receiving module is used for receiving a message sent by a terminal; the determining module is configured to determine, when the local sai i binding instance storing the message source address does not exist, a second sai i device recording storage information of the sai i binding instance; the sending module is used for sending a source address repeatability detection message for inquiring the existence information of the SAVI binding instance to the second SAVI device; the establishing module is used for locally establishing the SAVI binding example of the source address when the repeated message of the source address is not received within the preset time, otherwise, not establishing the SAVI binding example of the source address.
When the role of the source address repeatability detection equipment serves as second SAVI equipment, the receiving module is used for receiving the source address repeatability detection message of the first SAVI equipment, wherein the source address repeatability detection message is used for inquiring the existence information of the SAVI binding instance; the recording module is used for locally recording the information that the SAVI binding instance is stored in the first SAVI device when the SAVI binding instance storage information is not locally recorded; if the source address repeated message is not received within the preset time, the information stored in the first SAVI device by the SAVI binding instance is locally recorded; the determining module is configured to, when the storage information of the SAVI binding instance is locally recorded, determine, according to the storage information of the SAVI binding instance, that the SAVI device storing the SAVI binding instance is a third SAVI device; the sending module is configured to send a source address repeatability detection message for querying whether the message source address is repeated to the third SAVI device; and if the source address repeated message is received within the preset time, sending the received source address repeated message to the first SAVI equipment.
When the role of the source address repeatability detection equipment is used as third SAVI equipment, the receiving module is used for receiving a source address repeatability detection message of second SAVI equipment; the determining module is used for inquiring the terminal corresponding to the source address; and the sending module is used for sending a source address repeat message to the second SAVI device when the source address is repeated.
When the source address repeatability detection device is a role first SAVI device, the determining module is specifically configured to calculate an address identifier through the message source address HASH, and determine a second SAVI device recording the SAVI binding instance storage information according to a relationship between the address identifier and an SAVI device identifier. The second SAVI device is further used for determining that the device identifier is larger than the address identifier and has the smallest difference with the address identifier; or, determining that the second SAVI device is a SAVI device whose device identifier is smaller than the address identifier and whose gap from the address identifier is the smallest.
The SAVI equipment identifications are notified to other SAVI equipment by each SAVI equipment in a broadcasting mode, and after the broadcasting notification of each SAVI equipment is received, each SAVI equipment identification is locally recorded, and the SAVI equipment identifications are obtained through Hash calculation.
The modules of the device can be integrated into a whole or can be separately deployed. The modules can be combined into one module, and can also be further split into a plurality of sub-modules.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by hardware, or by software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments of the present invention.
Those skilled in the art will appreciate that the drawings are merely schematic representations of one preferred embodiment and that the blocks or flow diagrams in the drawings are not necessarily required to practice the present invention.
Those skilled in the art will appreciate that the modules in the devices in the embodiments may be distributed in the devices in the embodiments according to the description of the embodiments, and may be correspondingly changed in one or more devices different from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
The above-mentioned serial numbers of the present invention are for description only and do not represent the merits of the embodiments.
The above disclosure is only for a few specific embodiments of the present invention, but the present invention is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present invention.