CN103095722A - Method for updating network security table and network device and dynamic host configuration protocol (DHCP) server - Google Patents
Method for updating network security table and network device and dynamic host configuration protocol (DHCP) server Download PDFInfo
- Publication number
- CN103095722A CN103095722A CN2013100415946A CN201310041594A CN103095722A CN 103095722 A CN103095722 A CN 103095722A CN 2013100415946 A CN2013100415946 A CN 2013100415946A CN 201310041594 A CN201310041594 A CN 201310041594A CN 103095722 A CN103095722 A CN 103095722A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- address
- dhcp
- request message
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method for updating network security table, a network device and a dynamic host configuration protocol (DHCP) server. When a virtual machine moves in a management domain of a network device, the network device analyses a first received request message from the virtual machine, an internet protocol (IP) address and a medium access control (MAC) address of the virtual machine are obtained, when a security table item including the IP address and the MAC address doesn't exist in a network security table of the network device, the network device sends a second request message generated according to the IP address and the MAC address to the DHCP server, so that the DHCP server is enabled to launch mandatory communication between the DHCP server and the virtual machine, the network device monitors an interactive message between the DHCP server and the virtual machine to obtain the security table item of the virtual machine, the network security table is updated according to the security table item. Through the above mode, the method for updating network security table, the network device and the DHCP server ensure that the virtual machine can access the network normally when the virtual machine moves in the management domain of the network device, reliability of the network security table is also ensured, and therefore network security is ensured.
Description
Technical field
The present invention relates to the network security technology field, particularly relate to a kind of method of upgrading the network security table and the network equipment, DHCP(Dynamic Host Configuration Protocol, DynamicHost arranges agreement) server.
Background technology
Virtual machine refer to by software simulation have the complete hardware system function, operate in a complete computer in complete isolation environment.At present, people usually provide service by virtual machine to the user.Because virtual machine has to operate on physical server, along with the virtual machine that loads on physical server is more and more, load is increasing, is necessary physical server is carried out load balancing, perhaps, the data on physical server is backed up.When physical server is carried out load balancing or data backup, need to running on a virtual machine (vm) migration on physical server to another physical server, not interrupt to keep service.
See also Fig. 1, Fig. 1 is the transition process schematic diagram of virtual machine in the existing network system.Data center 10 comprises router one 01, the first switch 102, the second switch 103, first server 104, second server 105 and virtual machine 106.The first switch 102 connects respectively first server 104 and router one 01, the second switch 103 connects respectively second server 105 and router one 01.Virtual machine 106 originally operated on first server 104.Generally, in order to ensure the safety of data center 10, can enable DHCP Snooping Defend (DynamicHost arranges the anti-spoofing attack of agreement) and relevant IP/ARP (the Internet Protocol/Address Resolution Protocol of the first switch 102 and the second switch 103, Internet Protocol/address resolution protocol) safety function, DHCP Snooping Defend and IP/ARP safety function all depend on the anti-deception of DHCP binding table.The anti-deception of DHCP binding table is that switch is set up by monitoring DHCP message mutual between virtual machine and Dynamic Host Configuration Protocol server.For load or the Backup Data that alleviates the first switch 104, need to move to second server 105 to virtual machine 106 from first server 104.Due to first server 104 with second server 105 not at the same network segment, the corresponding list item of safe list item that there is no virtual machine 104 in the anti-deception of DHCP in the second switch binding table, thereby cause the second switch 103 at the message of receiving self virtualizing machine 106, think that this message is invalid packet, and with this packet loss, cause virtual machine 106 that service cannot be provided.
In prior art, after making virtual machine 106 move to second server 105, virtual machine 106 still can provide service, and normal conditions do not enable DHCPSnooping Defend and the IP/ARP safety function of the second switch 103.The second switch 103 receives the ARP request message of self virtualizing machine 106, obtain the IP address and MAC Address of virtual machine 106 from the ARP request message after, generate the safe list item of ARP according to IP address and MAC Address, substitute the anti-deception of DHCP binding table with the ARP security table.
Yet, the present application people finds in long-term R ﹠ D, the ARP request message is easy to emit imitative, if when emitting in a large number imitative ARP request message to be sent to the second switch 103, invalid IP address and MAC Address can be filled up the ARP security table, make legal message can't pass through the second switch 103, and then make normally accesses network of virtual machine 106.
Summary of the invention
The technical problem that the present invention mainly solves is to provide a kind of method of upgrading the network security table and Dynamic Host Configuration Protocol server, the network equipment, both ensured when virtual machine is moved under the management domain of the network equipment, virtual machine is accesses network normally, ensured again the reliability of the network security table in the network equipment, and then guaranteed network security.
First aspect present invention, a kind of method of upgrading the network security table is provided, comprise when virtual machine and moving into lower time of management domain of the network equipment, the network equipment is resolved first of the self virtualizing machine that comes that receives and is asked message, and MAC Address is controlled in the Internet Protocol IP address and the media interviews that obtain virtual machine; Whether there is the safe list item of this IP address and this MAC Address in network equipment requester network security table; If there is not this IP address and this MAC Address in the network security table, the network equipment generates the second request message according to this IP address and this MAC Address; The network equipment arranges the protocol DHCP server to DynamicHost and sends the second request message, so that the Dynamic Host Configuration Protocol server initiation is communicated by letter with the pressure between virtual machine; The network equipment is monitored mutual DHCP request message or DHCP confirmation message in pressure communication process between Dynamic Host Configuration Protocol server and virtual machine, and obtaining the safe list item of virtual machine according to DHCP request message or DHCP confirmation message, safe list item comprises IP address and the MAC Address of virtual machine; The network equipment is according to safe entry updating network security table.
Tie full first aspect implementation, in the first possibility implementation of first aspect, the network equipment comprises according to the step of safe entry updating network security table: the network equipment writes safe list item in the network security table.
In conjunction with the first possibility implementation of first aspect implementation or first aspect, in the second possibility implementation of first aspect, the first request message is the ARP request message.
In conjunction with the first possibility implementation of first aspect implementation or first aspect or the second possibility implementation of first aspect, in the third possibility implementation of first aspect, the second request message is the DHCP notice message of expansion, wherein, the DHCP of expansion notice message carries IP address, the MAC Address of virtual machine and the mark of asking the Dynamic Host Configuration Protocol server initiation to be communicated by letter with the pressure between virtual machine.
The first possibility implementation or the second possibility implementation of first aspect or the third possibility implementation of first aspect in conjunction with first aspect implementation or first aspect, in the 4th kind of possibility implementation of first aspect, the network security table is the anti-deception of DHCP binding table; Safe list item also comprises sign and the access interface of the local area network (LAN) at virtual machine place.
Second aspect present invention provides a kind of method of upgrading the network security table, comprising: DynamicHost arranges the reception of protocol DHCP server from the request message of the network equipment, and request message is used for the initiation of request Dynamic Host Configuration Protocol server and communicates by letter with the pressure between virtual machine; Dynamic Host Configuration Protocol server is resolved the described request message, and MAC Address is controlled in the Internet Protocol IP address and the media interviews that obtain virtual machine; Dynamic Host Configuration Protocol server initiates to force to communicate by letter to virtual machine with MAC Address according to the IP address of virtual machine, so that the network equipment can be by monitoring DHCP request message or DHCP confirmation message mutual in the pressure communication process between Dynamic Host Configuration Protocol server and virtual machine, and obtain the safe list item of virtual machine according to DHCP request message or DHCP confirmation message, and entry updating network security table safe according to this, wherein, this safe list item comprises IP address and the MAC Address of virtual machine.
In conjunction with the second aspect implementation, in the first of second aspect may implementation, the DHCP request message was that request message is re-rented in the IP address, and the DHCP confirmation message is that confirmation message is re-rented in the IP address; Dynamic Host Configuration Protocol server initiates to force communication to comprise to virtual machine: Dynamic Host Configuration Protocol server sends to virtual machine and forces to re-rent message; The Dynamic Host Configuration Protocol server sink virtual machine is re-rented request message according to forcing to re-rent message sends IP address; It is after virtual machine is re-rented the IP address that Dynamic Host Configuration Protocol server is re-rented request message according to the IP address, returns to the IP address to virtual machine and re-rents confirmation message.
In conjunction with the second aspect implementation, in the second possibility implementation of second aspect, the DHCP request message is IP Address requests message, and the DHCP confirmation message is the IP address assignment confirmation message; Dynamic Host Configuration Protocol server initiates to force communication to comprise to virtual machine: Dynamic Host Configuration Protocol server sends to virtual machine and forces again to apply for the IP address message; The Dynamic Host Configuration Protocol server sink virtual machine is according to the IP Address requests message of forcing to apply for that again the IP address message sends; Dynamic Host Configuration Protocol server is according to IP Address requests message, for after virtual machine distributes the IP address, sends the IP address assignment confirmation message to virtual machine.
In conjunction with the first possibility implementation of second aspect implementation or second aspect or the second possibility implementation of second aspect, in the third possibility implementation of second aspect, request message is the DHCP notice message of expansion, wherein, the DHCP of expansion notice message carries IP address, the MAC Address of virtual machine and the mark of asking the Dynamic Host Configuration Protocol server initiation to be communicated by letter with the pressure between virtual machine.
The first possibility implementation or the second possibility implementation of second aspect or the third possibility implementation of second aspect in conjunction with second aspect implementation or second aspect, in the 4th kind of possibility implementation of second aspect, the network security table is the anti-deception of DHCP binding table; Safe list item also comprises LAN ID and the access interface at virtual machine place.
Third aspect present invention, a kind of network equipment is provided, comprises: receiver module, for the lower time of management domain of the network equipment of moving into when virtual machine, receive the first request message of self virtualizing machine, the first request message carries Internet Protocol IP address and the media interviews of virtual machine and controls MAC Address; Parsing module is used for resolving the first request message, obtains IP address and the MAC Address of virtual machine; Enquiry module is used for the requester network security table and whether has the safe list item that comprises this IP address and MAC Address; Generation module is used for when there is not this safe list item in the network security table, generates the second request message according to this IP address and MAC Address; Sending module is used for to DynamicHost, the protocol DHCP server being set and sends the second request message, so that the Dynamic Host Configuration Protocol server initiation is communicated by letter with the pressure between virtual machine; Monitor acquisition module, be used for monitoring mutual DHCP request message or the DHCP confirmation message of pressure communication process between Dynamic Host Configuration Protocol server and virtual machine, and obtaining the safe list item of virtual machine according to DHCP request message or DHCP confirmation message, safe list item comprises IP address and the MAC Address of virtual machine; Update module is used for the safe entry updating network security table according to virtual machine.
In conjunction with third aspect implementation, in the first possibility implementation of the third aspect, update module specifically is used for safe list item is write the network security table.
In conjunction with the first possibility implementation of third aspect implementation or the third aspect, in the second possibility implementation of the third aspect, the first request message is the ARP request message.
In conjunction with the first possibility implementation of third aspect implementation or the third aspect or the second possibility implementation of the third aspect, in the third possibility implementation of the third aspect, the second request message is the DHCP notice message of expansion, wherein, the DHCP of expansion notice message carries IP address, the MAC Address of virtual machine and the mark of asking the Dynamic Host Configuration Protocol server initiation to be communicated by letter with the pressure between virtual machine.
The first possibility implementation or the second possibility implementation of the third aspect or the third possibility implementation of the third aspect in conjunction with third aspect implementation or the third aspect, in the 4th kind of possibility implementation of the third aspect, the network security table is the anti-deception of DHCP binding table; Safe list item also comprises LAN ID and the access interface at virtual machine place.
Fourth aspect present invention provides a kind of Dynamic Host Configuration Protocol server, comprising: receiver module, be used for receiving the request message from the network equipment, and the described request message is used for the initiation of request Dynamic Host Configuration Protocol server and communicates by letter with the pressure between virtual machine; Parsing module is used for the analysis request message, obtains IP address and the MAC Address of virtual machine; Communication module, be used for initiating to force to communicate by letter to virtual machine with MAC Address according to the IP address of virtual machine, so that the network equipment can be by monitoring DHCP request message or DHCP confirmation message mutual in the pressure communication process between Dynamic Host Configuration Protocol server and virtual machine, and obtain the safe list item of virtual machine according to DHCP request message or DHCP confirmation message, and according to safe entry updating network security table, wherein, safe list item comprises IP address and the MAC Address of virtual machine.
In conjunction with the fourth aspect implementation, in the first of fourth aspect may implementation, the DHCP request message was that request message is re-rented in the IP address, and the DHCP confirmation message is that confirmation message is re-rented in the IP address; Communication module comprises the first transmitting element, the first receiving element, re-rents unit and the second transmitting element; The first transmitting element is used for sending to virtual machine and forces to re-rent message; The first receiving element is used for sink virtual machine and re-rents request message according to forcing to re-rent message sends IP address; Re-rent the unit, being used for re-renting request message according to the IP address is that virtual machine is re-rented the IP address; The second transmitting element is used for re-renting for virtual machine after the IP address completes, and re-rents confirmation message to virtual machine transmission IP address.
In conjunction with the fourth aspect implementation, in the second possibility implementation of fourth aspect, the DHCP request message is IP Address requests message, and the DHCP confirmation message is the IP address assignment confirmation message; Communication module comprises the 3rd transmitting element, the second receiving element, dispensing unit and the 4th transmitting element; The 3rd transmitting element is used for sending to virtual machine and forces again to apply for the IP address message; The second receiving element is used for sink virtual machine and again applies for according to described pressure the IP Address requests message that the IP address message sends; Dispensing unit is used for according to IP Address requests message, is virtual machine distributing IP address again; The 4th transmitting element is used for sending the IP address assignment confirmation message to virtual machine after completing for virtual machine distributing IP address.
In conjunction with the first possibility implementation of fourth aspect implementation or fourth aspect or the second possibility implementation of fourth aspect, in the third possibility implementation of fourth aspect, request message is the DHCP notice message of expansion, wherein, the DHCP of expansion notice message carries IP address, the MAC Address of virtual machine and the mark of asking the Dynamic Host Configuration Protocol server initiation to be communicated by letter with the pressure between described virtual machine.
The first possibility implementation or the second possibility implementation of fourth aspect or the third possibility implementation of fourth aspect in conjunction with fourth aspect implementation or fourth aspect, in the 4th kind of possibility implementation of fourth aspect, the network security table is the anti-deception of DHCP binding table; Safe list item also comprises LAN ID and the access interface at virtual machine place.
The beneficial effect of embodiment of the present invention is: when the network equipment detects the safe list item of the virtual machine under the management domain that does not have the network equipment in the Network security table, the network equipment sends the second request message to Dynamic Host Configuration Protocol server, so that the Dynamic Host Configuration Protocol server initiation is communicated by letter with the pressure between virtual machine.Because the communication pattern between virtual machine and Dynamic Host Configuration Protocol server is client and server communication, Dynamic Host Configuration Protocol server plays the effect of the legitimacy of verifying virtual machines.The network equipment is by monitoring the communication process between virtual machine and Dynamic Host Configuration Protocol server, obtain the safe list item of virtual machine, and should write in the network security table by safe list item, both ensured and moved into lower time of management domain of the new network equipment when virtual machine, virtual machine is accesses network normally, ensured again the reliability of network security table, and then guaranteed network security.
Description of drawings
In order to be illustrated more clearly in embodiment of the present invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in execution mode or description of the Prior Art, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the transition process schematic diagram of virtual machine in the existing network system;
Fig. 2 is the structural representation of network system execution mode of the present invention;
Fig. 3 is the flow chart that the present invention upgrades method first execution mode of network security table;
Fig. 4 is the flow chart that the present invention upgrades method second execution mode of network security table;
Fig. 5 is that the present invention upgrades and forces to re-rent the flow chart of communication in method second execution mode of network security table;
Fig. 6 is that the present invention upgrades the flow chart of forcing again to apply for the IP address communication in method second execution mode of network security table;
Fig. 7 is the structural representation of the network equipment the first execution mode of the present invention;
Fig. 8 is the structural representation of the network equipment the second execution mode of the present invention;
Fig. 9 is the structural representation of Dynamic Host Configuration Protocol server the first execution mode of the present invention;
Figure 10 is the structural representation of Dynamic Host Configuration Protocol server the second execution mode of the present invention.
Embodiment
See also Fig. 2, Fig. 2 is the structural representation of network system execution mode of the present invention.As shown in the figure, network system 20 comprises first network equipment 21, second network equipment 22, first server 25, second server 26 and Dynamic Host Configuration Protocol server 24.
For the load or the Backup Data that alleviate first server 25, virtual machine 23 migrates to second server 26 from first server 25.Due to first server 25 with second server 26 not at the same network segment, so do not store the safe list item of virtual machine 23 in the network security table of second network equipment 22, but this moment, virtual machine 23 was positioned under the management domain of second network equipment 22, and virtual machine 23 all needs to forward by second network equipment 22 with the message of network interaction.
After second network equipment 22 receives the first request message of virtual machine 23, resolve the first request message, obtain IP address and the MAC Address of virtual machine 23.The content of the first request message can describe in detail hereinafter.Whether there is the safe list item that comprises this IP address and this MAC Address in second network equipment 22 requester network security tables, if there is not described safe list item, second network equipment generates the second request message according to this IP address and this MAC Address, and sends the second request message to Dynamic Host Configuration Protocol server 24.The content of described the second request message can describe in detail hereinafter.After Dynamic Host Configuration Protocol server 24 receives this second request message, initiate to communicate by letter with the pressure of 23 of virtual machines.At this moment, virtual machine 23 is positioned under the management domain of second network equipment 22, and therefore, the mutual message of virtual machine 23 and Dynamic Host Configuration Protocol server 24 must pass through second network equipment 22.Mutual message in the pressure communication process that second network equipment 22 is monitored between Dynamic Host Configuration Protocol server 24 and virtual machine, get the safe list item of virtual machine 23, this safe list item comprises IP address and the MAC Address of virtual machine 23, and second network equipment 22 writes the network security table to the safe list item of virtual machine 23.
After the network security table of second network equipment 22 stored the safe list item of virtual machine 23, virtual machine 23 can pass through the normal accesses network of second network equipment 22.Because the safe list item of virtual machine 23 is pressure communication process acquisitions by monitoring 23 of Dynamic Host Configuration Protocol server 24 and virtual machines by second network equipment 22, and Dynamic Host Configuration Protocol server 24 is that client server mode is communicated by letter with communicating by letter of 23 of virtual machines, only have legal virtual machine to communicate with Dynamic Host Configuration Protocol server 24, thereby ensure the legitimacy of the safe list item of the virtual machine 23 that obtains, and then ensured the reliability of network security table.
In embodiment of the present invention, when second network equipment 22 is determined not have the safe list item that comprises virtual machine 23 in the Network security table, second network equipment 22 sends the second request message to Dynamic Host Configuration Protocol server 24, so that Dynamic Host Configuration Protocol server 24 initiates to communicate by letter with the pressure of 23 of virtual machines.And the communication pattern of 24 of virtual machine 23 and Dynamic Host Configuration Protocol server is the client-to-server communication pattern, plays the effect of the legitimacy of verifying virtual machines 23.And second network equipment 22 is by the mutual message of the pressure communication process of monitoring 24 of virtual machine 23 and Dynamic Host Configuration Protocol server, obtain the safe list item of legal virtual machine 23, the network equipment writes the Network security table with the safe list item of legal virtual machine 23, both ensured that virtual machine 23 moved into lower time of management domain of second network equipment 22, virtual machine 23 is accesses network normally, the reliability that guarantees network security again and show, and then guarantee network security.
See also Fig. 3, Fig. 3 is the flow chart that the present invention upgrades method first execution mode of network security table.As shown in the figure, described method comprises:
Step S301: move into lower time of management domain of the network equipment when virtual machine, the network equipment is resolved the first request message that comes self virtualizing machine that receives, and obtains IP address and the MAC Address of virtual machine.
The network equipment is used for realizing the interconnection of virtual machine and network, and wherein, the network equipment comprises switch, router etc.The first request message is virtual machine during to the network request content, the message of transmission, and in embodiment of the present invention, the first request message is the ARP request message, is used for the MAC Address of the opposite end virtual machine that communicates to network request and virtual machine.The IP address is that network is the address that virtual machine distributes, and MAC Address is the address of virtual machine the machine.
Step S302: whether there is the safe list item that comprises this IP address and MAC Address in network equipment requester network security table, if there is not described safe list item in the network security table, enters step S304, otherwise, enter step S303.
Stored the safe list item of legal virtual machine in the network security table, safe list item comprises the information such as IP address and MAC Address, and the network equipment filters the message of illegal virtual machine according to the network security table, thereby ensures the safety of network.
Step S303: the network equipment forwards the first request message.
If there is the safe list item that comprises this IP address and MAC Address in the network security table, illustrate that the network security table stored the safe list item of this virtual machine, illustrate that perhaps virtual machine is legal virtual machine, therefore the message that this virtual machine of network equipment trusted sends directly forwards this first request message and gets final product.
Step S304: the network equipment generates the second request message according to this IP address and MAC Address, and sends the second request message to Dynamic Host Configuration Protocol server, so that the Dynamic Host Configuration Protocol server initiation is communicated by letter with the pressure between virtual machine.
Dynamic Host Configuration Protocol server is used for the distribution of management ip address and re-renting of IP address.When virtual machine needs accesses network, first login Dynamic Host Configuration Protocol server, Dynamic Host Configuration Protocol server is that after virtual machine distributes the IP address, virtual machine is accesses network normally.
The second request message is used for the initiation of request Dynamic Host Configuration Protocol server and communicates by letter with the pressure between virtual machine, in embodiment of the present invention, the second request message can be the DHCP notice message of expansion, the IP address that the DHCP notice message of expansion carries virtual machine and MAC Address and request Dynamic Host Configuration Protocol server initiate with virtual machine between the pressure mark of communicating by letter.Wherein, a kind of DHCP of expansion notice message format is as follows:
The IP address of virtual machine is packaged in the Ciaddr field, the MAC Address of virtual machine is packaged in the Chaddr field, wherein, Ciaddr field and Chaddr field are IP address field and the MAC Address field of the client in standard DHCP notice message, the Options field adopts new definition format, and the Options field carries the mark that the initiation of request Dynamic Host Configuration Protocol server is communicated by letter with the pressure between virtual machine, and other fields are the DHCP criteria field, remain unchanged.
The new definition format of Options (variable) field is as follows:
| Code | Len | Tag |
The Code value is just supported for the former DHCP agreement of 55(), the length of the Tag byte that the Len value representation is follow-up, Tag is value of statistical indicant, in embodiment of the present invention, Tag is chosen as 213.When Dynamic Host Configuration Protocol server is received Code value 55 in Options, when the Tag value is 213 DHCP notice message, Dynamic Host Configuration Protocol server initiate with virtual machine between pressure communicate by letter, such as: Dynamic Host Configuration Protocol server sends to virtual machine and forces to re-rent message, makes to re-rent between virtual machine and Dynamic Host Configuration Protocol server to communicate by letter.
Step S305: the network equipment is monitored mutual DHCP request message or DHCP confirmation message in pressure communication process between Dynamic Host Configuration Protocol server and virtual machine, and obtains the IP address that comprises described virtual machine and the safe list item of MAC Address according to described DHCP request message or DHCP confirmation message.
Virtual machine is positioned under the management domain of the whole equipment of net, and therefore, mutual message in communication process between virtual machine and Dynamic Host Configuration Protocol server must be through netting whole device forwards.Net whole equipment and can obtain according to mutual DHCP request message or DHCP confirmation message the safe list item of virtual machine.In embodiment of the present invention, the network security table is the anti-deception of DHCP binding table, and the safe list item of described virtual machine comprises IP address and the MAC Address of virtual machine, can further include LAN ID and the access interface at described virtual machine place.
Step S306: the network equipment is according to the safe entry updating network security table of virtual machine.
After the safe list item of network security table record virtual machine, come the message of self virtualizing machine can pass through the network equipment.In embodiment of the present invention, the network equipment according to a kind of embodiment of the safe entry updating network security table of virtual machine is: the network equipment writes the safe list item of virtual machine in the network security table.
In embodiment of the present invention, if when not having the safe list item of virtual machine in the Network security table, the network equipment sends the second request message to Dynamic Host Configuration Protocol server, so that the Dynamic Host Configuration Protocol server initiation is communicated by letter with the pressure between virtual machine.Because the communication pattern between virtual machine and Dynamic Host Configuration Protocol server is client and server communication, if virtual machine is legal terminal, Dynamic Host Configuration Protocol server can communicate with virtual machine, plays the effect of the legitimacy of verifying virtual machines.And the network equipment is by monitoring the mutual message of communication process between virtual machine and Dynamic Host Configuration Protocol server, obtain the safe list item of legal virtual machine, the network equipment writes the Network security table with the safe list item of legal virtual machine, both ensured that virtual machine moved into lower time of management domain of the new network equipment, virtual machine is accesses network normally, ensured again the reliability of network security table, and then guaranteed network security.
See also Fig. 4, Fig. 4 is the flow chart that the present invention upgrades method second execution mode of network security table.As shown in the figure, described method comprises:
Step S401:DHCP server receives the request message from the network equipment, and request message is used for the initiation of request Dynamic Host Configuration Protocol server and communicates by letter with the pressure between virtual machine.
Dynamic Host Configuration Protocol server is used for the distribution of management ip address and re-renting of IP address.The network equipment is used for realizing the interconnection of virtual machine and network.
Wherein, the described request message carries IP address, the MAC Address of virtual machine and the mark of asking the Dynamic Host Configuration Protocol server initiation to be communicated by letter with the pressure between virtual machine.In embodiment of the present invention, request message is the DHCP notice message of expansion, and the form of the DHCP notice message of expansion can be consulted the description in method the first execution mode that the present invention upgrades the network security table, gives unnecessary details no longer one by one locating.
Step S402:DHCP resolves the described request message, obtains IP address and the MAC Address of virtual machine.
The IP address is that network is the address that virtual machine distributes, and MAC Address is the address of virtual machine the machine.
Step S403:DHCP server initiates to force to communicate by letter to virtual machine with MAC Address according to the IP address of virtual machine, so that the network equipment can be by monitoring DHCP request message or DHCP confirmation message mutual in the pressure communication process between Dynamic Host Configuration Protocol server and virtual machine, and according to obtaining the safe list item of virtual machine in DHCP request message or DHCP confirmation message, and according to described safe entry updating network security table, wherein, safe list item comprises IP address and the MAC Address of virtual machine.
In embodiment of the present invention, the network security table can be the anti-deception of DHCP binding table, and safe list item also comprises LAN ID and the access interface at virtual machine place; The network equipment can be specially according to the method for safe entry updating network security table: the network equipment writes the network security table with safe list item.
Be positioned at due to virtual machine under the management domain of the network equipment, therefore, between Dynamic Host Configuration Protocol server and virtual machine, mutual message all needs to forward through the network equipment, and the network equipment can be monitored DHCP message mutual between Dynamic Host Configuration Protocol server and virtual machine, and obtains the safe list item of virtual machine according to the DHCP message.
In one implementation, the DHCP request message is that request message is re-rented in the IP address, and the DHCP confirmation message is that confirmation message is re-rented in the IP address, Dynamic Host Configuration Protocol server initiate with virtual machine between pressure communicate by letter can be and force to re-rent the IP address communication.As shown in Figure 5, forcing to re-rent IP address communication process comprises the following steps:
The S4031:DHCP server sends to virtual machine and forces to re-rent message.
S4032:DHCP server sink virtual machine is re-rented request message according to forcing to re-rent message sends IP address.
It is after virtual machine is re-rented the IP address that the S4033:DHCP server is re-rented request message according to the IP address, returns to the IP address to virtual machine and re-rents confirmation message.
In another implementation, the DHCP request message is IP Address requests message, and the DHCP confirmation message is the IP address assignment confirmation message, and Dynamic Host Configuration Protocol server is initiated to force communication can be to virtual machine and forced Shen IP address communication again.As shown in Figure 6, force to apply for that again IP address communication process comprises the following steps:
The S4041:DHCP server sends to virtual machine and forces again to apply for the IP address message.
S4042:DHCP server sink virtual machine is according to the IP Address requests message of forcing to apply for that again the IP address message sends.
It should be noted that: the pressure that virtual machine receives Dynamic Host Configuration Protocol server after Shen IP Address requests message, can abandon former IP address again.
The S4043:DHCP server is according to IP Address requests message, for behind virtual machine distributing IP address, sends the IP address assignment confirmation message to virtual machine.
In embodiment of the present invention, after Dynamic Host Configuration Protocol server receives the request message of the network equipment, initiate with request message in the IP address of entrained virtual machine communicate by letter with the pressure between MAC Address.And the communication pattern between virtual machine and Dynamic Host Configuration Protocol server is client and server communication, if virtual machine is legal terminal, Dynamic Host Configuration Protocol server can communicate with virtual machine, plays the effect of the legitimacy of verifying virtual machines.And the network equipment is by monitoring the communication process between virtual machine and Dynamic Host Configuration Protocol server, obtain the safe list item of legal virtual machine, the network equipment writes the Network security table with the safe list item of legal virtual machine, both ensured that virtual machine moved into lower time of management domain of the network equipment, virtual machine is accesses network normally, ensured again the reliability of network security table, and then guaranteed network security.
See also Fig. 7, Fig. 7 is the structural representation of the network equipment the first execution mode of the present invention.As shown in the figure, the network equipment 50 comprises receiver module 501, parsing module 502, enquiry module 503, generation module 504, sending module 505, monitors acquisition module 506 and update module 507.
Whether there is the safe list item that comprises described IP address and MAC Address in enquiry module 503 requester network security tables.If inquire when not having described safe list item in the network security table, generation module 504 generates the second request message according to described IP address and MAC Address.Wherein, the second request message is used for asking the Dynamic Host Configuration Protocol server initiation to communicate by letter with the pressure between virtual machine.In embodiment of the present invention, the second request message is the DHCP notice message of expansion, the DHCP notice message of expansion carries IP address, the MAC Address of virtual machine and the mark of asking the Dynamic Host Configuration Protocol server initiation to be communicated by letter with the pressure between virtual machine, wherein, the form of the DHCP notice message of expansion can be consulted the description in method first execution mode of new network device more, gives unnecessary details no longer one by one herein.
Sending module 505 sends the second request message to Dynamic Host Configuration Protocol server.After Dynamic Host Configuration Protocol server received the second request message, initiation was communicated by letter with the pressure between virtual machine.Monitor DHCP request message or DHCP confirmation message mutual in the pressure communication process between acquisition module 506 monitoring Dynamic Host Configuration Protocol server and virtual machine, and obtaining the safe list item of virtual machine according to DHCP request message or DHCP confirmation message, safe list item comprises IP address and the MAC Address of virtual machine.The Dynamic Host Configuration Protocol server initiation is communicated by letter with the pressure between virtual machine and can be re-rented communication or force again to apply for the IP address communication for forcing.Update module 507 is according to described safe entry updating network security table.Wherein, update module 507 according to a kind of specific implementation of described safe entry updating network security table is: update module 507 writes described safe list item in network peace table.The network security table is used for filtering invalid packet, and in embodiment of the present invention, the network security table is the anti-deception of DHCP binding table, and safe list item also comprises LAN ID and the access interface at virtual machine place.The network equipment 50 also comprises forwarding module 508, is used for directly forwarding the first request message when enquiry module 503 inquires the network security table and has the safe list item of virtual machine.
In embodiment of the present invention, the network equipment 50 inquires when not having the safe list item that comprises virtual machine in the Network security table, and the network equipment 50 sends the second request message to Dynamic Host Configuration Protocol server, so that the Dynamic Host Configuration Protocol server initiation is communicated by letter with the pressure between virtual machine.Communication pattern between virtual machine and Dynamic Host Configuration Protocol server is client and server communication, if virtual machine is legal terminal, Dynamic Host Configuration Protocol server can communicate with virtual machine, plays the effect of the legitimacy of verifying virtual machines.The network equipment 50 is by monitoring the communication process between virtual machine and Dynamic Host Configuration Protocol server, obtain the safe list item of legal virtual machine, the network equipment 50 writes the Network security table with the safe list item of legal virtual machine, both ensured and moved into lower time of management domain of the network equipment 50 when virtual machine, virtual machine is accesses network normally, the reliability that guarantees network security again and show, and then guarantee network security.
See also Fig. 8, Fig. 8 is the structural representation of the network equipment the second execution mode of the present invention.As shown in the figure, the network equipment 60 comprises processor 601, memory 602, network interface 603 and bus 604.Processor 601, memory 602 are connected with network interface and all are connected with bus 604.
Wherein, the above-mentioned processing procedure that processor 601 is carried out is normally completed by one section program control, and program is deposited in memory 602, when needs carry out above-mentioned action, program is called in processor 601, is controlled by processor 601 and completes.Certainly, above-mentioned processing procedure can also be to be completed by hardware.
See also Fig. 9, Fig. 9 is the structural representation of Dynamic Host Configuration Protocol server the first execution mode of the present invention.As shown in the figure, Dynamic Host Configuration Protocol server 70 comprises receiver module 701, parsing module 702 and communication module 703.
The request message that receiver module 701 receives from the network equipment.Request message is that the network equipment is resolved the message from the virtual machine under its management domain that receives, obtain IP address and the MAC Address of virtual machine, and inquire when in the network security table, not bag deposit contains the safe list item of this IP address and MAC Address, to the message that the initiation of request Dynamic Host Configuration Protocol server is communicated by letter with the pressure between virtual machine that is used for of Dynamic Host Configuration Protocol server 70 transmissions.In embodiment of the present invention, request message is the DHCP request message of expansion, the DHCP notice message of expansion carries IP address, the MAC Address of virtual machine and the mark of asking the Dynamic Host Configuration Protocol server initiation to be communicated by letter with the pressure between virtual machine, wherein, the form of the DHCP request message of expansion can be consulted the description in method the first execution mode that upgrades the network security table, gives unnecessary details no longer one by one herein.
Parsing module 702 analysis request messages, IP address and the MAC Address of acquisition virtual machine.Communication module 703 is initiated to force to communicate by letter to virtual machine with MAC Address according to the IP address of virtual machine, so that the network equipment can be by monitoring DHCP request message or DHCP confirmation message mutual in the pressure communication process between Dynamic Host Configuration Protocol server 70 and virtual machine, and obtain the safe list item of virtual machine and entry updating network security table safe according to this according to DHCP request message or DHCP confirmation message.In embodiment of the present invention, the anti-deception of DHCP binding table, safe list item comprises IP address, the MAC Address of virtual machine, LAN ID and the access interface at virtual machine place.
In one implementation, communication module 703 initiations are communicated by letter can be with the pressure between virtual machine and are forced to re-rent communication, the DHCP request message is that request message is re-rented in the IP address, the DHCP confirmation message is that confirmation message is re-rented in the IP address, and communication module 703 comprises the first transmitting element 7031, the first receiving element 7032, re-rents unit 7033 and the second transmitting element 7034.
The first transmitting element 7031 sends to virtual machine and forces to re-rent message.The first receiving element 7032 sink virtual machines are re-rented request message according to forcing to re-rent message sends IP address.Re-renting unit 7033, to re-rent request message according to the IP address be that virtual machine is re-rented the IP address.After re-rented the IP address of re-renting unit 7033 and complete virtual machine, the second transmitting element 7034 sent the IP address to virtual machine and re-rents confirmation message.
In another implementation, communication module 703 initiations are communicated by letter with the pressure between virtual machine as forcing again to apply for the IP address communication, the DHCP request message is IP Address requests message, the DHCP confirmation message is the IP address assignment confirmation message, and communication module 703 can comprise again the 3rd transmitting element (not shown), the second receiving element (not shown), dispensing unit (not shown) and the 4th transmitting element (not shown).
The 3rd transmitting element sends to virtual machine and forces again to apply for the IP address message.The second receiving element sink virtual machine is according to the IP Address requests message of forcing to apply for that again the IP address message sends.Wherein, virtual machine can abandon former IP address after receiving and forcing again to apply for the IP address message.Dispensing unit according to IP Address requests message, is virtual machine distributing IP address again.The 4th transmitting element sends the IP address assignment confirmation message to virtual machine after completing for virtual machine distributing IP address.
In embodiment of the present invention, parsing module 701 is resolved the request message that receives, and obtains IP address and the MAC Address of virtual machine, and communication module 703 initiations are communicated by letter with the pressure between virtual machine.The communication pattern that virtual machine and Dynamic Host Configuration Protocol server are 70 is client and server communication, and when only having virtual machine to be legal terminal, Dynamic Host Configuration Protocol server 70 can communicate with virtual machine, plays the effect of the legitimacy of verifying virtual machines.The network equipment is by monitoring the communication process of 70 of virtual machine and Dynamic Host Configuration Protocol server, obtain the safe list item of legal virtual machine, the network equipment writes the Network security table with the safe list item of legal virtual machine, both ensured that virtual machine moved into lower time of management domain of the network equipment, virtual machine is accesses network normally, the reliability that guarantees network security again and show, and then guarantee network security.
See also Figure 10, Figure 10 is the structural representation of Dynamic Host Configuration Protocol server the second execution mode of the present invention.As shown in the figure, Dynamic Host Configuration Protocol server 80 comprises processor 801, memory 802, network interface 803 and bus 804.Processor 801, memory 802 are connected with network interface and all are connected with bus 804.
The request message that processor 801 receives from the network equipment by network interface 803, analysis request message, IP address and the MAC Address of acquisition virtual machine; Initiate to force to communicate by letter to virtual machine with MAC Address according to the IP address of virtual machine, so that the network equipment can be by monitoring DHCP request message or DHCP confirmation message mutual in the pressure communication process between Dynamic Host Configuration Protocol server 80 and virtual machine, and obtain the safe list item of virtual machine according to DHCP request message or DHCP confirmation message, and according to described safe entry updating network security table, wherein, safe list item comprises IP address and the MAC Address of virtual machine.
Wherein, the above-mentioned processing procedure that processor 801 is carried out is normally completed by one section program control, and program is deposited in memory 802, when needs carry out above-mentioned action, program is called in processor 801, is controlled by processor 801 and completes.Certainly, above-mentioned processing procedure can also be to be completed by hardware.
The above is only embodiments of the present invention; not thereby limit the scope of the claims of the present invention; every equivalent structure or equivalent flow process conversion that utilizes specification of the present invention and accompanying drawing content to do; or directly or indirectly be used in other relevant technical fields, all in like manner be included in scope of patent protection of the present invention.
Claims (20)
1. a method of upgrading the network security table, is characterized in that, described method comprises:
Move into lower time of management domain of the network equipment when virtual machine, the described network equipment is resolved the first request message from described virtual machine that receives, and MAC Address is controlled in the Internet Protocol IP address and the media interviews that obtain described virtual machine;
Whether there is the safe list item that comprises described IP address and described MAC Address in described network equipment requester network security table;
If there is not the safe list item of described IP address and described MAC Address in described network security table, the described network equipment generates the second request message according to described IP address and described MAC Address;
The described network equipment arranges the protocol DHCP server to DynamicHost and sends described the second request message, so that the initiation of described Dynamic Host Configuration Protocol server is communicated by letter with the pressure between described virtual machine;
The described network equipment is monitored mutual DHCP request message or DHCP confirmation message in pressure communication process between described Dynamic Host Configuration Protocol server and described virtual machine, and obtaining the safe list item of described virtual machine according to described DHCP request message or described DHCP confirmation message, described safe list item comprises IP address and the MAC Address of described virtual machine;
Described network equipment network security table according to described safe entry updating.
2. method according to claim 1, is characterized in that, the described network equipment comprises according to the step of the described network security table of described safe entry updating:
The described network equipment writes described safe list item in described network security table.
3. according to claim 1 or claim 2, it is characterized in that,
Described the first request message is the ARP request message.
4. the described method of any one according to claim 1 to 3, is characterized in that,
Described the second request message is the DHCP notice message of expansion, wherein, and the mark that the DHCP of described expansion notice message carries IP address, the MAC Address of described virtual machine and asks described Dynamic Host Configuration Protocol server initiation to be communicated by letter with the pressure between described virtual machine.
5. the described method of any one according to claim 1 to 4, is characterized in that,
Described network security table is the anti-deception of DHCP binding table;
Described safe list item also comprises sign and the access interface of the local area network (LAN) at described virtual machine place.
6. a method of upgrading the network security table, is characterized in that, described method comprises:
DynamicHost arranges the reception of protocol DHCP server from the request message of the network equipment, and the described request message is used for asking described Dynamic Host Configuration Protocol server initiation to communicate by letter with the pressure between virtual machine;
Described Dynamic Host Configuration Protocol server is resolved the described request message, and MAC Address is controlled in the Internet Protocol IP address and the media interviews that obtain described virtual machine;
Described Dynamic Host Configuration Protocol server initiates to force to communicate by letter to described virtual machine with MAC Address according to the IP address of described virtual machine, so that the described network equipment can be by monitoring DHCP request message or DHCP confirmation message mutual in the pressure communication process between Dynamic Host Configuration Protocol server and described virtual machine, and obtain the safe list item of described virtual machine according to described DHCP request message or DHCP confirmation message, and according to described safe entry updating network security table, wherein, described safe list item comprises IP address and the MAC Address of described virtual machine.
7. method according to claim 6, is characterized in that,
Described DHCP request message is that request message is re-rented in the IP address, and described DHCP confirmation message is that confirmation message is re-rented in the IP address;
Described pressure communication process comprises:
Described Dynamic Host Configuration Protocol server sends to described virtual machine and forces to re-rent message;
Described Dynamic Host Configuration Protocol server receives the IP address that described virtual machine re-rents according to described pressure that message sends and re-rents request message;
It is after described virtual machine is re-rented the IP address that described Dynamic Host Configuration Protocol server is re-rented request message according to described IP address, returns to the IP address to described virtual machine and re-rents confirmation message.
8. method according to claim 6, is characterized in that,
Described DHCP request message is IP Address requests message, and described DHCP confirmation message is the IP address assignment confirmation message;
Described pressure communication process comprises:
Described Dynamic Host Configuration Protocol server sends to described virtual machine and forces again to apply for the IP address message;
Described Dynamic Host Configuration Protocol server receives described virtual machine and again applies for according to described pressure the IP Address requests message that the IP address message sends;
Described Dynamic Host Configuration Protocol server is according to described IP Address requests message, for after described virtual machine again distributes the IP address, sends the IP address assignment confirmation message to described virtual machine.
9. the described method of any one according to claim 6 to 8, is characterized in that,
The described request message is the DHCP notice message of expansion, wherein, and the mark that the DHCP of described expansion notice message carries IP address, the MAC Address of described virtual machine and asks described Dynamic Host Configuration Protocol server initiation to be communicated by letter with the pressure between described virtual machine.
10. the described method of any one according to claim 6 to 9, is characterized in that,
Described network security table is the anti-deception of DHCP binding table;
Described safe list item also comprises LAN ID and the access interface at described virtual machine place.
11. a network equipment is characterized in that, the described network equipment comprises:
Receiver module, the lower time of management domain for the described network equipment of moving into when virtual machine, receive the first request message from described virtual machine, described the first request message carries Internet Protocol IP address and the media interviews of described virtual machine and controls MAC Address;
Parsing module is used for resolving described the first request message, obtains IP address and the MAC Address of described virtual machine;
Enquiry module is used for the requester network security table and whether has the safe list item that comprises described IP address and described MAC Address;
Generation module is used for when there is not described safe list item in described network security table, generates the second request message according to described IP address and described MAC Address;
Sending module is used for to DynamicHost, the protocol DHCP server being set and sends described the second request message, so that the initiation of described Dynamic Host Configuration Protocol server is communicated by letter with the pressure between described virtual machine;
Monitor acquisition module, be used for monitoring mutual DHCP request message or the DHCP confirmation message of pressure communication process between described Dynamic Host Configuration Protocol server and described virtual machine, and obtaining the safe list item of described virtual machine according to described DHCP request message or DHCP confirmation message, described safe list item comprises IP address and the MAC Address of described virtual machine;
Update module is used for network security table according to described safe entry updating.
12. the network equipment according to claim 11 is characterized in that,
Described update module specifically is used for described safe list item is write described network security table.
13. according to claim 11 or the 12 described network equipments, it is characterized in that,
Described the first request message is the ARP request message.
14. according to claim 11 to the described network equipment of any one in 13, it is characterized in that,
Described the second request message is the DHCP notice message of expansion, wherein, and the mark that the DHCP of described expansion notice message carries IP address, the MAC Address of described virtual machine and asks described Dynamic Host Configuration Protocol server initiation to be communicated by letter with the pressure between described virtual machine.
15. according to claim 11 to the described network equipment of any one in 14, it is characterized in that,
Described network security table is the anti-deception of DHCP binding table;
Described safe list item also comprises LAN ID and the access interface at described virtual machine place.
16. a Dynamic Host Configuration Protocol server is characterized in that, described Dynamic Host Configuration Protocol server comprises:
Receiver module is used for receiving the request message from the network equipment, and the described request message is used for asking described Dynamic Host Configuration Protocol server initiation to communicate by letter with the pressure between virtual machine;
Parsing module is used for resolving the described request message, and MAC Address is controlled in the Internet Protocol IP address and the media interviews that obtain virtual machine;
Communication module, be used for initiating to force to communicate by letter to described virtual machine with MAC Address according to the IP address of described virtual machine, so that the described network equipment can be by monitoring DHCP request message or DHCP confirmation message mutual in the pressure communication process between Dynamic Host Configuration Protocol server and described virtual machine, and obtain the safe list item of described virtual machine according to described DHCP request message or DHCP confirmation message, and according to described safe entry updating network security table, wherein, described safe list item comprises IP address and the MAC Address of described virtual machine.
17. Dynamic Host Configuration Protocol server according to claim 16 is characterized in that,
Described DHCP request message is that request message is re-rented in the IP address, and described DHCP confirmation message is that confirmation message is re-rented in the IP address;
Described communication module comprises the first transmitting element, the first receiving element, re-rents unit and the second transmitting element;
Described the first transmitting element is used for sending to described virtual machine and forces to re-rent message;
Described the first receiving element is used for receiving the IP address that described virtual machine re-rents according to described pressure that message sends and re-rents request message;
The described unit of re-renting, being used for re-renting request message according to described IP address is that described virtual machine is re-rented the IP address;
Described the second transmitting element is used for re-renting for described virtual machine after the IP address completes, and sends the IP address to described virtual machine and re-rents confirmation message.
18. Dynamic Host Configuration Protocol server according to claim 16 is characterized in that,
Described DHCP request message is IP Address requests message, and described DHCP confirmation message is the IP address assignment confirmation message;
Described communication module comprises the 3rd transmitting element, the second receiving element, dispensing unit and the 4th transmitting element;
Described the 3rd transmitting element is used for sending to described virtual machine and forces again to apply for the IP address message;
The second receiving element is used for receiving described virtual machine and again applies for according to described pressure the IP Address requests message that the IP address message sends;
Described dispensing unit is used for according to described IP Address requests message, is described virtual machine distributing IP address again;
Described the 4th transmitting element is used for sending the IP address assignment confirmation message to described virtual machine after completing for described virtual machine distributing IP address.
19. according to claim 16 to the described Dynamic Host Configuration Protocol server of any one in 18, it is characterized in that,
The described request message is the DHCP notice message of expansion, wherein, and the mark that the DHCP of described expansion notice message carries IP address, the MAC Address of described virtual machine and asks described Dynamic Host Configuration Protocol server initiation to be communicated by letter with the pressure between described virtual machine.
20. according to claim 16 to the described Dynamic Host Configuration Protocol server of any one in 19, it is characterized in that,
Described network security table is the anti-deception of DHCP binding table;
Described safe list item also comprises LAN ID and the access interface at described virtual machine place.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100415946A CN103095722A (en) | 2013-02-01 | 2013-02-01 | Method for updating network security table and network device and dynamic host configuration protocol (DHCP) server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100415946A CN103095722A (en) | 2013-02-01 | 2013-02-01 | Method for updating network security table and network device and dynamic host configuration protocol (DHCP) server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103095722A true CN103095722A (en) | 2013-05-08 |
Family
ID=48207855
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100415946A Pending CN103095722A (en) | 2013-02-01 | 2013-02-01 | Method for updating network security table and network device and dynamic host configuration protocol (DHCP) server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103095722A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991791A (en) * | 2015-05-12 | 2016-10-05 | 杭州迪普科技有限公司 | Message forwarding method and device |
| WO2016180351A1 (en) * | 2015-05-13 | 2016-11-17 | Hangzhou H3C Technologies Co., Ltd. | Endpoint migration detection |
| CN107222856A (en) * | 2017-06-16 | 2017-09-29 | 北京星网锐捷网络技术有限公司 | A kind of implementation method and device in wireless controller AC internetwork roamings |
| CN109274784A (en) * | 2018-11-13 | 2019-01-25 | 郑州云海信息技术有限公司 | IP and MAC Address binding method, device, terminal and storage medium based on openstack |
| CN111510435A (en) * | 2020-03-25 | 2020-08-07 | 新华三大数据技术有限公司 | Network security policy migration method and device |
| CN111835764A (en) * | 2020-07-13 | 2020-10-27 | 中国联合网络通信集团有限公司 | ARP anti-spoofing method, tunnel endpoint and electronic equipment |
| CN112291079A (en) * | 2017-03-28 | 2021-01-29 | 华为技术有限公司 | Network service configuration method and network management equipment |
| CN114710388A (en) * | 2022-03-25 | 2022-07-05 | 江苏科技大学 | Campus network security architecture and network monitoring system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1855939A (en) * | 2005-04-25 | 2006-11-01 | 阿尔卡特公司 | Detection of duplicated network addresses by a proxy |
| CN101060495A (en) * | 2007-05-22 | 2007-10-24 | 华为技术有限公司 | Message processing method, system and equipment |
| CN101442516A (en) * | 2007-11-20 | 2009-05-27 | 华为技术有限公司 | Method, system and apparatus for DHCP authentication |
| CN101656764A (en) * | 2009-09-22 | 2010-02-24 | 中兴通讯股份有限公司 | Method, system and device for keeping session of DHCP user active |
| CN101883090A (en) * | 2010-04-29 | 2010-11-10 | 北京星网锐捷网络技术有限公司 | Client access method, equipment and system |
| WO2011085612A1 (en) * | 2010-01-15 | 2011-07-21 | 中兴通讯股份有限公司 | Method and apparatus for processing state synchronization |
| WO2012003742A1 (en) * | 2010-07-06 | 2012-01-12 | 中兴通讯股份有限公司 | Method, apparatus and system for preventing user from modifying ip address privately |
| CN102413000A (en) * | 2011-12-23 | 2012-04-11 | 华为数字技术有限公司 | Online method for clients, DHCP (dynamic host configuration protocol) server and network management system |
-
2013
- 2013-02-01 CN CN2013100415946A patent/CN103095722A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1855939A (en) * | 2005-04-25 | 2006-11-01 | 阿尔卡特公司 | Detection of duplicated network addresses by a proxy |
| CN101060495A (en) * | 2007-05-22 | 2007-10-24 | 华为技术有限公司 | Message processing method, system and equipment |
| CN101442516A (en) * | 2007-11-20 | 2009-05-27 | 华为技术有限公司 | Method, system and apparatus for DHCP authentication |
| CN101656764A (en) * | 2009-09-22 | 2010-02-24 | 中兴通讯股份有限公司 | Method, system and device for keeping session of DHCP user active |
| WO2011085612A1 (en) * | 2010-01-15 | 2011-07-21 | 中兴通讯股份有限公司 | Method and apparatus for processing state synchronization |
| CN101883090A (en) * | 2010-04-29 | 2010-11-10 | 北京星网锐捷网络技术有限公司 | Client access method, equipment and system |
| WO2012003742A1 (en) * | 2010-07-06 | 2012-01-12 | 中兴通讯股份有限公司 | Method, apparatus and system for preventing user from modifying ip address privately |
| CN102413000A (en) * | 2011-12-23 | 2012-04-11 | 华为数字技术有限公司 | Online method for clients, DHCP (dynamic host configuration protocol) server and network management system |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991791A (en) * | 2015-05-12 | 2016-10-05 | 杭州迪普科技有限公司 | Message forwarding method and device |
| WO2016180351A1 (en) * | 2015-05-13 | 2016-11-17 | Hangzhou H3C Technologies Co., Ltd. | Endpoint migration detection |
| CN112291079A (en) * | 2017-03-28 | 2021-01-29 | 华为技术有限公司 | Network service configuration method and network management equipment |
| CN112291079B (en) * | 2017-03-28 | 2021-10-26 | 华为技术有限公司 | Network service configuration method and network management equipment |
| CN107222856A (en) * | 2017-06-16 | 2017-09-29 | 北京星网锐捷网络技术有限公司 | A kind of implementation method and device in wireless controller AC internetwork roamings |
| CN107222856B (en) * | 2017-06-16 | 2020-01-21 | 北京星网锐捷网络技术有限公司 | Method and device for realizing roaming between wireless controllers (AC) |
| CN109274784A (en) * | 2018-11-13 | 2019-01-25 | 郑州云海信息技术有限公司 | IP and MAC Address binding method, device, terminal and storage medium based on openstack |
| CN111510435A (en) * | 2020-03-25 | 2020-08-07 | 新华三大数据技术有限公司 | Network security policy migration method and device |
| CN111510435B (en) * | 2020-03-25 | 2022-02-22 | 新华三大数据技术有限公司 | Network security policy migration method and device |
| CN111835764A (en) * | 2020-07-13 | 2020-10-27 | 中国联合网络通信集团有限公司 | ARP anti-spoofing method, tunnel endpoint and electronic equipment |
| CN114710388A (en) * | 2022-03-25 | 2022-07-05 | 江苏科技大学 | Campus network security architecture and network monitoring system |
| CN114710388B (en) * | 2022-03-25 | 2024-01-23 | 江苏科技大学 | Campus network security system and network monitoring system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103095722A (en) | Method for updating network security table and network device and dynamic host configuration protocol (DHCP) server | |
| CN102571996B (en) | IP (Internet Protocol) address assignment method, IP address assignment device and network system | |
| CN107800743B (en) | Cloud desktop system, cloud management system and related equipment | |
| CN101465756B (en) | Method and device for making automatic avoidance of illegal DHCP service and DHCP server | |
| CN103534994A (en) | Method, device and system for realizing communication after virtual machine migration | |
| CN103281203A (en) | Ecos (Embedded Configurable Operating System) system-based DHCP (Dynamic Host Configuration Protocol) address assignment management method | |
| CN103024028A (en) | Virtual machine IP (Internet Protocol) address detection system and method in cloud computing | |
| CN106301897A (en) | A kind of (SuSE) Linux OS installs collocation method and device | |
| CN107770010A (en) | A kind of home intranet method and home networking system based on OpenFlow | |
| CN103795581A (en) | Address processing method and address processing device | |
| CN103401954B (en) | The implementation method of virtual DHCP | |
| CN100349433C (en) | Method of distributing switchin-in address for user terminal | |
| CN112187718B (en) | Remote access cloud terminal and system of IDV cloud desktop | |
| CN105208137A (en) | Internet Protocol (IP) address allocation methods, device, server and terminal | |
| CN114124812A (en) | Method and device for maintaining consistency of table items and electronic equipment | |
| CN101945053B (en) | Method and device for transmitting message | |
| CN103795584A (en) | Client side identity detection method and gateway | |
| CN109819064B (en) | Method for communication between modules, operating system module and conference panel | |
| CN106470193A (en) | A kind of anti-DoS of DNS recursion server, the method and device of ddos attack | |
| CN105530187B (en) | Physical address acquisition methods and device | |
| CN103138961B (en) | server control method, controlled server and central control server | |
| CN102148760B (en) | Identification (ID) application method, device and system | |
| CN106375489B (en) | Method and device for processing Media Access Control (MAC) address | |
| CN101500005B (en) | Method for access to equipment on server based on iSCSI protocol | |
| CN103634844A (en) | Method and system for realizing distributed multi-port DHCP relay |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130508 |