CN102263664A - Session flow processing method and device - Google Patents
Session flow processing method and device Download PDFInfo
- Publication number
- CN102263664A CN102263664A CN2011102290749A CN201110229074A CN102263664A CN 102263664 A CN102263664 A CN 102263664A CN 2011102290749 A CN2011102290749 A CN 2011102290749A CN 201110229074 A CN201110229074 A CN 201110229074A CN 102263664 A CN102263664 A CN 102263664A
- Authority
- CN
- China
- Prior art keywords
- session
- network equipment
- stream
- session stream
- management equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a session flow processing method and device. The session flow processing method and device are used for solving the problem of the prior art that the safety of information interaction of network equipments is reduced. The session flow processing method comprises the steps: a first network equipment receives a session message sent from a second network equipment; when the unoccupied capacity of a session flow table is not smaller than a set threshold, or the second network equipment is a management equipment, a session flow table entry is created for the session flow corresponding to the session message; and when the occupied capacity of the session flow table is smaller than the set threshold, and the second network equipment is not a management equipment, a session flow table entry is not created. In the embodiment of the invention, when the unoccupied capacity of the session flow table is smaller than the set threshold, the session flow table entry is created for the session flow initiated by the management equipment, thus the session flow initiated by the management equipment at any time can be ensured to be accepted, and further the session configuration information sent by the management equipment is received so as to block the session flows attacked by blood, therefore, the safety of information interaction of the network equipments is improved.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of session method for stream processing and device.
Background technology
Generally carry out information interaction between each network equipment in the network, comprise a plurality of session messages in the session stream by session stream.When the network equipment receives the session stream that other network equipments initiate, need in the session stream table of self, create the corresponding session stream list item of this session stream according to the session configuration information of preserving for this session stream, be used for managing this session and flow.Wherein, the session that this session stream is corresponding is flowed in the list item and is comprised the processing policy that this session stream is handled, and comprises the information of whether blocking this session stream, and other additional treatments operation informations.
And, usually adopt management equipment each network equipment to be carried out the remote session management by network, be specially, management equipment sends to each network equipment by network with the session configuration information and preserves, the type information that comprises the session stream of needs blocking-up in this session configuration information, wherein, this session that need block stream flows for the attack session that the lawless person may initiate.Simultaneously, management equipment can also be monitored the session stream of each network equipment, and which the session stream of discerning each network equipment automatically flows for attacking session, attack session stream if recognize, and the type information that does not comprise this attack session stream that identifies in the type information that the session of determining to send to the needs blocking-up that comprises in the session configuration information of each network equipment is flowed, then the type information of this attack session stream of identifying is added to sending to each network equipment in the session configuration information, each network equipment then upgrades the session configuration information of preserving accordingly.
If certain network equipment receives the type information of the session stream of other network equipments initiations, during the type information of the session stream of the needs blocking-up that comprises in the session configuration information of preserving, then the processing policy that comprises in the session stream list item that this certain network equipment is created for this session stream is this session of blocking-up and flows.
Fig. 1 is the session stream processing procedure of the network equipment in the prior art, specifically may further comprise the steps:
S101: first network equipment receives the session message that second network equipment sends.
Wherein, when second network equipment flows to first network equipment initiation session, a plurality of session message sequences that this session stream is comprised send to first network equipment.
S102: the identification information of the session stream that first network equipment carries according to this session message, judge the session stream list item that whether has the identification information correspondence of this session stream in self the session stream table, if then carry out step S104, otherwise carry out step S103.
Wherein, each session message that this session stream comprises all carries the identification information of this session stream, the identification information of this session stream comprises source internet protocol (Internet Protocol, IP) address, purpose IP address, protocol number, transmission control protocol (Transmission Control Protocol, TCP)/User Datagram Protoco (UDP) (User Datagram Protocol, UDP) source port number, TCP/UDP destination slogan.
If this session message is first session message of this session stream, the also conversation request message of i.e. this session stream, then this moment, first network equipment was not also created the corresponding session stream list item of this session stream as yet in the session stream table of self, if this session message is not first session message of this session stream, then this moment, first network equipment must be created the corresponding session stream list item of this session stream in the session stream table of self.Therefore in this step, first network equipment is judged the session stream list item that whether has the identification information correspondence of this session stream in self the session stream table, also promptly judges first session message whether this session message flows for this session.
S103:, in the session stream table of self, create the corresponding session stream list item of this session stream, execution in step S104 according to the session configuration information of preserving.
When in first network equipment is determined self session stream table, not having the session stream list item of identification information correspondence of this session stream, determine this session message first session message for this session stream, the also conversation request message of i.e. this session stream, then, in the session stream table of self, create the corresponding session stream list item of this session stream according to the session configuration information of preserving.
S104:, this session message is handled according to the processing policy that comprises in the corresponding session stream list item of this session stream.
When first network equipment determines to exist in self the session stream table session stream list item of identification information correspondence of this session stream, determine that this session message is not first session message of this session stream, then, this session message is handled according to the processing policy that comprises in the corresponding session stream list item of this session stream.Perhaps,
When first network equipment is determined this session message first session message for this session stream, and after creating the corresponding session stream list item of this session stream, according to the processing policy that comprises in the corresponding session stream list item of this session stream of creating, this session message is handled.
And, when this session message first session message for this session stream, and when the processing policy that comprises in the session stream list item of this session stream correspondence of creating is this session stream of blocking-up, first network equipment is blocked this session stream that second network equipment is initiated, and discharges the corresponding session stream list item of creating of this session stream.
Yet, for the network equipment, the capacity of session stream table is limited, when the network equipment is subjected to flood attack, and when each session stream of this flood attack is not blocked again, the network equipment can not created corresponding session stream list item for each session flow point of flood attack in session stream table, thereby the very fast meeting of capacity of session stream watch is taken by the corresponding session stream list item of the session of flood attack stream, causes this network equipment to block other normal session stream because of creating session stream list item for other normal session streams.
In the prior art, though management equipment has disposed the type information that needs the session of blocking-up stream in sending to the session configuration information of each network equipment, but the type information of the session of flood attack stream is diversified, management equipment is impossible all contingent attack sessions of disposable prediction to flow, and the type information of all possible attack session stream is configured in the session configuration information.Therefore carry out in the process of information interaction the type information of the attack session stream that always can occur reckoning without by session stream at the network equipment.
If the session stream of the flood attack that reckons without, also promptly do not comprise the type information of the session stream of this flood attack in the type information that the session of the needs blocking-up that the session configuration information comprises is flowed, then the session of this flood attack stream still can consume all told of the session stream table of the network equipment.And if this moment, management equipment was monitored by the session stream to the network equipment, identify this flood attack, and the type information that the session of this flood attack is flowed adds in the session configuration information, the process that the session configuration information sent to the network equipment owing to management equipment also is based on carries out to network equipment initiation session stream, but all told of the session stream table of the network equipment is all consumed by this flood attack at this moment, also can't accept the session stream that management equipment is initiated, even therefore management equipment has been upgraded the session configuration information, also the session configuration information after upgrading can't be sent to the network equipment, so that it blocks the session stream of this flood attack.
In sum, based on the session method for stream processing of prior art, the network equipment can not effectively be resisted flood attack, and the fail safe of information interaction between the network equipment is reduced.
Summary of the invention
The embodiment of the invention provides a kind of session method for stream processing and device, can not effectively resist flood attack in order to the network equipment in the solution prior art, makes the problem of the fail safe reduction of information interaction between the network equipment.
A kind of session method for stream processing that the embodiment of the invention provides comprises:
First network equipment receives the session message that second network equipment sends; And
Judge whether unappropriated capacity is not less than setting threshold in self the session stream table, and the identification information of the session stream that carries according to the described session message that receives, judge whether described second network equipment is management equipment;
Unappropriated capacity is not less than setting threshold in the session stream table of described first network equipment judgement self, and, described second network equipment is in the management equipment at least one when setting up, and creates the corresponding session stream list item of described session stream in the session stream table of self;
When described first network equipment is judged in self the session stream table unappropriated capacity less than setting threshold, and judge when described second network equipment is not management equipment, do not create the corresponding session stream list item of described session stream.
A kind of session current processing device that the embodiment of the invention provides comprises:
Receiver module is used to receive the session message that second network equipment sends;
First judge module is used for judging whether the unappropriated capacity of session stream table of self is not less than setting threshold;
Second judge module, the identification information that the session that is used for carrying according to the described session message that receives is flowed judges whether described second network equipment is management equipment;
Processing module, be used for being not less than setting threshold when the unappropriated capacity of session stream table of judging self, and, judge that described second network equipment is that in the management equipment at least one is when setting up, in the session stream table of self, create the corresponding session stream list item of described session stream, unappropriated capacity is less than setting threshold in the session stream table of judging self, and judges when described second network equipment is not management equipment, do not create the corresponding session stream list item of described session stream.
A kind of network equipment that the embodiment of the invention provides comprises aforesaid session current processing device.
The embodiment of the invention provides a kind of session method for stream processing and device, this method first network equipment receives the session message that second network equipment sends, unappropriated capacity is not less than setting threshold in the session stream table of judging self, perhaps judge when second network equipment is management equipment, for the session stream of this session message correspondence is created session stream list item, occupied capacity is less than setting threshold in the session stream table of judging self, and when second network equipment is not management equipment, do not create session stream list item.Because when unappropriated capacity is less than setting threshold in session stream is shown in the embodiment of the invention, only the session stream of initiating for management equipment is created session stream list item, and the session stream of no longer initiating for other network equipments is created session stream list item, can guarantee no matter when to accept the session stream that management equipment is initiated, and then the session configuration information after the renewal that can receiving management equipment sends, session stream with the blocking-up flood attack, therefore can effectively resist flood attack, improve the fail safe of information interaction between the network equipment.
Description of drawings
The process that software is tested that Fig. 1 provides for the embodiment of the invention;
The state path schematic diagram that Fig. 2 provides for the embodiment of the invention;
Each state information according to software to be tested that Fig. 3 provides for the embodiment of the invention, and each operational order of user input are determined the annexation of each state information and the process schematic diagram of definite state path;
The detailed process that software is tested that Fig. 4 provides for the embodiment of the invention;
The testing apparatus structural representation that Fig. 5 provides for the embodiment of the invention.
Embodiment
Flood attack is meant the assailant by initiating a large amount of attack session stream, and the session current capacity of consumption network equipment flows thereby block other normal sessions, to reach the purpose of attack.In embodiments of the present invention, in order to prevent that flood attack from all consuming the session current capacity of the network equipment, cause the network equipment to block the session stream that management equipment is initiated because of creating session stream list item for the session stream that management equipment is initiated, in the network equipment, set a threshold value, unappropriated capacity in session stream table, also be that idle capacity in the session stream table is when being not less than this setting threshold, for all session stream is created session stream list item, when the idle capacity in the session stream table during less than this setting threshold, only the session stream of initiating for management equipment is created session stream list item, no longer the session stream of initiating for other network equipments is created session stream list item, makes the network equipment no matter when can both carry out normal session with management equipment.
Below in conjunction with Figure of description, the embodiment of the invention is described in detail.
The process that Fig. 2 handles for the session stream that the embodiment of the invention provides specifically may further comprise the steps:
S201: first network equipment receives the session message that second network equipment sends.
S202: first network equipment judges whether unappropriated capacity is not less than setting threshold in self the session stream table, if then carry out step S204, otherwise carry out step S203.
In embodiments of the present invention, after first network equipment receives the session message of second network equipment transmission, judge whether unappropriated capacity is not less than setting threshold in self the session stream table, judge promptly also whether the idle capacity in self the session stream table is not less than setting threshold, judge in other words in the session stream table and whether also have enough idle capacities, wherein, this setting threshold can be set as required.
S203: the identification information that first network equipment flows according to the session that the session message that receives carries, judge whether second network equipment is management equipment, if then carry out step S204, otherwise carry out step S205.
If the idle capacity in the session of first network equipment stream table is less than setting threshold, idle capacity deficiency in the session stream table then is described, therefore the identification information of the session stream that further carries according to this session message, judge whether second network equipment is management equipment, judge promptly also whether the promoter who initiates this session stream is management equipment.
S204: first network equipment is created the corresponding session stream list item of this session stream in the session stream table of self.
When unappropriated capacity was not less than setting threshold in the session stream table of first network equipment judgement self, illustrating in the session stream table had enough idle capacities, therefore was that list item is flowed in the corresponding session of session stream establishment of this session message correspondence.Perhaps,
When first network equipment judges that second network equipment of initiating this session stream is management equipment, also to create corresponding session stream list item for this session stream, make first network equipment and management equipment carry out normal session, with the session configuration information after the renewal of receiving management equipment transmission, and according to the type information of the session stream of the needs that dispose in session configuration information blocking-up, corresponding session stream is blocked, reached the purpose of resisting flood attack.
S205: do not create the corresponding session stream list item of this session stream.
Unappropriated capacity is less than setting threshold in the session stream table of first network equipment judgement self, promptly in session stream table, there are not enough idle capacities yet, and judge that second network equipment is not a management equipment, also promptly initiate the promoter of this session stream neither management equipment the time, do not create corresponding session stream list item, with this session packet loss for this session stream.
And in said process, the execution sequence of step S202 and step S203 can judge earlier promptly also whether second network equipment is management equipment, judges whether unappropriated capacity is not less than setting threshold in the session stream table, as shown in Figure 3 again in no particular order.
The process that Fig. 3 handles for the another kind of session stream that the embodiment of the invention provides specifically may further comprise the steps:
S301: first network equipment receives the session message that second network equipment sends.
S302: the identification information that first network equipment flows according to the session that this session message carries, judge whether second network equipment is management equipment, if then carry out step S304, otherwise carry out step S303.
S303: first network equipment judges whether unappropriated capacity is not less than setting threshold in self the session stream table, if then carry out step S304, otherwise carry out step S305.
S304: first network equipment is created the corresponding session stream list item of this session stream in the session stream table of self.
S305: do not create the corresponding session stream list item of this session stream.
In above-mentioned Fig. 2 and process shown in Figure 3, first network equipment receives the session message that second network equipment sends, unappropriated capacity is not less than setting threshold in the session stream table of judging self, and second the network equipment be that in the management equipment at least one is when setting up, for the session stream of this session message correspondence is created session stream list item, occupied capacity is less than setting threshold in the session stream table of judging self, and second network equipment is not created session stream list item when being not management equipment.
Because when unappropriated capacity is less than setting threshold in session stream is shown in the embodiment of the invention, only the session stream of initiating for management equipment is created session stream list item, and the session stream of no longer initiating for other network equipments is created session stream list item, thereby when the session of the flood attack that has taken place to reckon without is flowed, the session stream table of first network equipment can all not taken by the session of this flood attack stream yet, still can guarantee to carry out normal session with management equipment.And then, identify the session stream of this flood attack when management equipment, and after adding the type information of the session that identifies stream to the session configuration information, still the session configuration information after upgrading can be sent to first network equipment based on the session with first network equipment, first network equipment then can be blocked the session stream of this flood attack according to the type information of the session stream of the needs blocking-up of disposing in the session configuration information after upgrading.Therefore the session method for stream processing that can the embodiment of the invention provides can effectively be resisted flood attack, has improved the fail safe of information interaction between the network equipment.
In embodiments of the present invention, in order to improve the efficient of session, after first network equipment receives the session message of second network equipment transmission, and whether unappropriated capacity is not less than setting threshold in judging the session stream table of self, and the identification information of the session of carrying according to the described session message that receives stream, judge that whether described second network equipment is before the management equipment, the identification information of the session stream that also will carry according to this session message that receives determines not exist in self the session stream table session stream list item of the identification information correspondence of this session stream.Also promptly, determine this session message first session message, determine the conversation request message of this session message in other words for this session stream for this session stream.When the session stream list item of the identification information correspondence that has this session stream in the table is flowed in the session of determining self, illustrate that this session message that receives is not first session message of this session stream, then directly flow the processing policy that comprises in the list item, this session message is handled getting final product according to the session of this session stream correspondence.
In embodiments of the present invention, the identification information that first network equipment flows according to the session that the session message that receives carries, judge that whether second network equipment is that the method for management equipment is specially, IP address according to the management equipment of preserving, judge whether the source IP address that comprises in the identification information of the session stream that this session message carries is identical with the IP address of this management equipment, if identical, determine that then second network equipment is a management equipment, otherwise determine that second network equipment is not a management equipment.
And, the IP address corresponding priorities of management equipment can also be set in first network equipment, and the IP address corresponding priorities of each network equipment, wherein, the IP address corresponding priorities of management equipment is set to limit priority, and the IP address corresponding priorities of each network equipment all is lower than this limit priority.At this moment, first network equipment judge second network equipment whether be management equipment method can also for, the source IP address that comprises in the identification information of the session stream that carries according to this session message that receives, search this source IP address corresponding priorities, and judge whether the source IP address corresponding priorities that finds is limit priority, when judged result when being, determine that second network equipment is a management equipment, otherwise determine that second network equipment is not a management equipment.Also be, unappropriated capacity is not less than setting threshold in the session stream table of first network equipment judgement self, for the session stream of all priority is created session stream list item, otherwise the session stream that only is limit priority is created session stream list item, and this limit priority is the IP address corresponding priorities of management equipment.
In addition, receive the session message of second network equipment transmission when first network equipment after, the source IP address that comprises in the identification information of the session stream that carries according to this session message, when not finding this source IP address corresponding priorities, the network equipment that this source IP address correspondence is described may be the network equipment newly-increased in the network, then can this source IP address corresponding priorities be set to be lower than arbitrary priority of limit priority.Concrete, can this source IP address corresponding priorities be set to default priorities, this default priorities is lower than this limit priority.
Certainly, can also dispose corresponding priority level on other network equipments in management equipment and network, same, for the priority of management equipment configuration is limit priority, for the priority of other network equipments configuration all is lower than this limit priority.At this moment, when certain network equipment when first network equipment initiation session flows, in the session message of this session stream, carry this certain network equipment corresponding priorities information, first network equipment is then according to the precedence information that carries in the session message that receives, judge whether this priority is limit priority, if determine that then this certain network equipment is a management equipment, otherwise determine that this certain network equipment is not a management equipment.
The detailed process that Fig. 4 handles for the session stream that the embodiment of the invention provides specifically may further comprise the steps:
S401: first network equipment receives the session message that second network equipment sends.
S402: the identification information of the session stream that carries according to this session message, judge the session stream list item that whether has the identification information correspondence of this session stream in self the session stream table, if then carry out step S403, otherwise carry out step S404.
S403: the processing policy that comprises in the session stream list item according to the identification information correspondence of this session stream, this session message is handled.
S404: judge whether unappropriated capacity is not less than setting threshold in self the session stream table, if then carry out step S407, otherwise carry out step S405.
S405: the source IP address that comprises in the identification information of the session stream that carries according to this session message, search this source IP address corresponding priorities.
S406: judge whether the priority that finds is limit priority, if then carry out step S407, otherwise carry out step S408.
S407: in the session stream table of self, create the corresponding session stream list item of this session stream, and, this session message is handled according to the processing policy that comprises in this session stream list item of creating.
S408: do not create the corresponding session stream list item of this session stream, abandon this session message.
Fig. 5 is the session current processing device that the embodiment of the invention provides, and specifically comprises:
Described device also comprises:
Described second judge module 503, specifically be used for Internet protocol IP address according to the management equipment of preserving, judge whether the source IP address that comprises in the identification information of the session stream that described session message carries is identical with the IP address of management equipment, when judged result when being, determine that described second network equipment is a management equipment, otherwise determine that described second network equipment is not a management equipment.
Described second judge module 503 comprises:
Priority is preserved unit 5031, be used to preserve the Internet protocol IP address corresponding priorities of management equipment, and the IP address corresponding priorities of each network equipment, wherein, the IP address corresponding priorities of management equipment is a limit priority, and the IP address corresponding priorities of each network equipment all is lower than described limit priority;
Judging unit 5033, be used to judge whether the described source IP address corresponding priorities that finds is described limit priority, when judged result when being, determine that described second network equipment is a management equipment, otherwise determine that described second network equipment is not a management equipment.
The described unit 5032 of searching also is used for when not finding described source IP address corresponding priorities, and described source IP address corresponding priorities is set to be lower than arbitrary priority of described limit priority.
In addition, the embodiment of the invention also provides a kind of network equipment, comprises aforesaid session current processing device, and this network equipment is specifically as follows firewall box in the network, gateway device, flow-control equipment etc.
The embodiment of the invention provides a kind of session method for stream processing and device, this method first network equipment receives the session message that second network equipment sends, unappropriated capacity is not less than setting threshold in the session stream table of judging self, perhaps judge when second network equipment is management equipment, for the session stream of this session message correspondence is created session stream list item, occupied capacity is less than setting threshold in the session stream table of judging self, and when second network equipment is not management equipment, do not create session stream list item.Because when unappropriated capacity is less than setting threshold in session stream is shown in the embodiment of the invention, only the session stream of initiating for management equipment is created session stream list item, and the session stream of no longer initiating for other network equipments is created session stream list item, can guarantee no matter when to accept the session stream that management equipment is initiated, and then the session configuration information after the renewal that can receiving management equipment sends, session stream with the blocking-up flood attack, therefore can effectively resist flood attack, improve the fail safe of information interaction between the network equipment.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (11)
1. a session method for stream processing is characterized in that, comprising:
First network equipment receives the session message that second network equipment sends; And
Judge whether unappropriated capacity is not less than setting threshold in self the session stream table, and the identification information of the session stream that carries according to the described session message that receives, judge whether described second network equipment is management equipment;
Unappropriated capacity is not less than setting threshold in the session stream table of described first network equipment judgement self, and, described second network equipment is in the management equipment at least one when setting up, and creates the corresponding session stream list item of described session stream in the session stream table of self;
When described first network equipment is judged in self the session stream table unappropriated capacity less than setting threshold, and judge when described second network equipment is not management equipment, do not create the corresponding session stream list item of described session stream.
2. the method for claim 1, it is characterized in that, judge whether unappropriated capacity is not less than setting threshold in self the session stream table, and the identification information of the session of carrying according to the described session message that receives stream, judge that whether described second network equipment is before the management equipment, described method also comprises:
The identification information of the session stream that described first network equipment carries according to described session message determines not exist in self the session stream table session stream list item of the identification information correspondence of described session stream.
3. the method for claim 1 is characterized in that, the identification information of the session stream that carries according to the described session message that receives judges that whether described second network equipment is management equipment, specifically comprises:
Described first network equipment judges according to the Internet protocol IP address of the management equipment of preserving whether the source IP address that comprises in the identification information of the session stream that described session message carries is identical with the IP address of management equipment; And
When judged result when being, determine that described second network equipment is a management equipment, otherwise determine that described second network equipment is not a management equipment.
4. the method for claim 1, it is characterized in that, described first network equipment is preserved the Internet protocol IP address corresponding priorities of management equipment, and the IP address corresponding priorities of each network equipment, wherein, the IP address corresponding priorities of management equipment is a limit priority, and the IP address corresponding priorities of each network equipment all is lower than described limit priority;
The identification information of the session stream that carries according to the described session message that receives, judge that whether described second network equipment is management equipment, specifically comprises:
The source IP address that comprises in the identification information of the session stream that described first network equipment carries according to described session message is searched described source IP address corresponding priorities; And
Judge whether the described source IP address corresponding priorities that finds is described limit priority; And
When judged result when being, determine that described second network equipment is a management equipment, otherwise determine that described second network equipment is not a management equipment.
5. method as claimed in claim 4 is characterized in that, when described first network equipment did not find described source IP address corresponding priorities, described source IP address corresponding priorities was set to be lower than arbitrary priority of described limit priority.
6. a session current processing device is characterized in that, comprising:
Receiver module is used to receive the session message that second network equipment sends;
First judge module is used for judging whether the unappropriated capacity of session stream table of self is not less than setting threshold;
Second judge module, the identification information that the session that is used for carrying according to the described session message that receives is flowed judges whether described second network equipment is management equipment;
Processing module, be used for being not less than setting threshold when the unappropriated capacity of session stream table of judging self, and, judge that described second network equipment is that in the management equipment at least one is when setting up, in the session stream table of self, create the corresponding session stream list item of described session stream, unappropriated capacity is less than setting threshold in the session stream table of judging self, and judges when described second network equipment is not management equipment, do not create the corresponding session stream list item of described session stream.
7. device as claimed in claim 6 is characterized in that, described device also comprises:
Determination module, be used for whether being not less than setting threshold at the unappropriated capacity of session stream table of judging self, and the identification information of the session of carrying according to the described session message that receives stream, judge that whether described second network equipment is before the management equipment, the identification information of the session stream that carries according to described session message determines not exist in self the session stream table session stream list item of the identification information correspondence of described session stream.
8. device as claimed in claim 6, it is characterized in that, described second judge module, specifically be used for Internet protocol IP address according to the management equipment of preserving, judge whether the source IP address that comprises in the identification information of the session stream that described session message carries is identical with the IP address of management equipment, when judged result when being, determine that described second network equipment is a management equipment, otherwise determine that described second network equipment is not a management equipment.
9. device as claimed in claim 6 is characterized in that, described second judge module comprises:
Priority is preserved the unit, be used to preserve the Internet protocol IP address corresponding priorities of management equipment, and the IP address corresponding priorities of each network equipment, wherein, the IP address corresponding priorities of management equipment is a limit priority, and the IP address corresponding priorities of each network equipment all is lower than described limit priority;
Search the unit, the source IP address that the identification information that the session that is used for carrying according to described session message is flowed comprises is searched described source IP address corresponding priorities;
Judging unit is used to judge whether the described source IP address corresponding priorities that finds is described limit priority, when judged result when being, determine that described second network equipment is a management equipment, otherwise determine that described second network equipment is not a management equipment.
10. device as claimed in claim 9 is characterized in that, the described unit of searching also is used for when not finding described source IP address corresponding priorities, and described source IP address corresponding priorities is set to be lower than arbitrary priority of described limit priority.
11. a network equipment is characterized in that, comprises as the arbitrary described session current processing device of claim 6~10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102290749A CN102263664A (en) | 2011-08-11 | 2011-08-11 | Session flow processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102290749A CN102263664A (en) | 2011-08-11 | 2011-08-11 | Session flow processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102263664A true CN102263664A (en) | 2011-11-30 |
Family
ID=45010133
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011102290749A Pending CN102263664A (en) | 2011-08-11 | 2011-08-11 | Session flow processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102263664A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103220225A (en) * | 2012-05-21 | 2013-07-24 | 华为技术有限公司 | Message processing method, device and system |
| CN104767634A (en) * | 2014-01-06 | 2015-07-08 | 韩国电子通信研究院 | Method and apparatus for managing flow table |
| CN104869064A (en) * | 2014-02-21 | 2015-08-26 | 华为技术有限公司 | Flow table updating method and device |
| CN104871499A (en) * | 2012-12-19 | 2015-08-26 | 日本电气株式会社 | Communication node, control device, method for managing control information entries, and program |
| CN104871501A (en) * | 2012-12-19 | 2015-08-26 | 日本电气株式会社 | Packet processing device, flow entry arrangement method and program |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119324A (en) * | 2007-09-21 | 2008-02-06 | 杭州华三通信技术有限公司 | Network address converting attribute self-adaptive method and apparatus |
| CN101345755A (en) * | 2008-08-29 | 2009-01-14 | 中兴通讯股份有限公司 | Method and system for preventing address analysis protocol message attack |
| US20100183033A1 (en) * | 2009-01-20 | 2010-07-22 | Nokia Corporation | Method and apparatus for encapsulation of scalable media |
| CN101800707A (en) * | 2010-04-22 | 2010-08-11 | 华为技术有限公司 | Method for establishing stream forwarding list item and data communication equipment |
-
2011
- 2011-08-11 CN CN2011102290749A patent/CN102263664A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119324A (en) * | 2007-09-21 | 2008-02-06 | 杭州华三通信技术有限公司 | Network address converting attribute self-adaptive method and apparatus |
| CN101345755A (en) * | 2008-08-29 | 2009-01-14 | 中兴通讯股份有限公司 | Method and system for preventing address analysis protocol message attack |
| US20100183033A1 (en) * | 2009-01-20 | 2010-07-22 | Nokia Corporation | Method and apparatus for encapsulation of scalable media |
| CN101800707A (en) * | 2010-04-22 | 2010-08-11 | 华为技术有限公司 | Method for establishing stream forwarding list item and data communication equipment |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103220225A (en) * | 2012-05-21 | 2013-07-24 | 华为技术有限公司 | Message processing method, device and system |
| CN103220225B (en) * | 2012-05-21 | 2015-07-08 | 华为技术有限公司 | Message processing method, device and system |
| US9385948B2 (en) | 2012-05-21 | 2016-07-05 | Huawei Technologies Co., Ltd. | Packet processing method, device and system |
| US9742667B2 (en) | 2012-05-21 | 2017-08-22 | Huawei Technologies Co., Ltd. | Packet processing method, device and system |
| CN104871499A (en) * | 2012-12-19 | 2015-08-26 | 日本电气株式会社 | Communication node, control device, method for managing control information entries, and program |
| CN104871501A (en) * | 2012-12-19 | 2015-08-26 | 日本电气株式会社 | Packet processing device, flow entry arrangement method and program |
| US9843516B2 (en) | 2012-12-19 | 2017-12-12 | Nec Corporation | Communication node, control apparatus, method for management of control information entries and program |
| US9876716B2 (en) | 2012-12-19 | 2018-01-23 | Nec Corporation | Packet processing apparatus, flow entry configuration method and program |
| CN104767634A (en) * | 2014-01-06 | 2015-07-08 | 韩国电子通信研究院 | Method and apparatus for managing flow table |
| CN104869064A (en) * | 2014-02-21 | 2015-08-26 | 华为技术有限公司 | Flow table updating method and device |
| CN104869064B (en) * | 2014-02-21 | 2018-03-16 | 华为技术有限公司 | A kind of flow table update method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9130983B2 (en) | Apparatus and method for detecting abnormality sign in control system | |
| CN102263664A (en) | Session flow processing method and device | |
| EP3166349A1 (en) | Internet access traffic sharing method, device and terminal | |
| EP2683138A1 (en) | Public network address allocation method and device | |
| CN102572939B (en) | Heartbeat packet sending method, device thereof and system thereof | |
| CN101340444A (en) | Fireproof wall and server policy synchronization method, system and apparatus | |
| US20160065452A1 (en) | Protection against rule map update attacks | |
| CN102447711A (en) | Method and device for sending protocol messages | |
| CN108092940B (en) | DNS protection method and related equipment | |
| CN104102570A (en) | APP (application) running control method and APP running control device | |
| CN104268470A (en) | Security control method and security control device | |
| CN107154915A (en) | The method of defending distributed refusal service DDoS attack, apparatus and system | |
| CN105743981A (en) | Monitoring method, monitoring terminal and monitoring system | |
| CN102572814B (en) | A kind of mobile terminal virus monitor method, system and device | |
| CN105592141A (en) | Connection number control method and device | |
| CN106817267B (en) | Fault detection method and equipment | |
| CN107911229B (en) | Running state change reminding method and device, electronic equipment and storage medium | |
| EP3263407A1 (en) | Device for controlling operation of modem for vehicle in order to prevent battery discharge and method for controlling same | |
| CN103825812A (en) | Network speed limiting device and method | |
| CN112910831A (en) | Message matching method and device, firewall equipment and storage medium | |
| WO2020064250A1 (en) | Network slice redirection management | |
| CN107517493A (en) | Connection method, device and the terminal of radio resource control RRC | |
| CN111262846B (en) | Control method of bus controller, bus controller and readable storage medium | |
| CN104380686A (en) | Method and system used for applying NG firewall, NG firewall client-side and NG firewall servicer | |
| CN101159713A (en) | Method, system and device of limiting instant communication application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20111130 |