CN106357652A - Method and device for preventing attack of VXLAN message - Google Patents
Method and device for preventing attack of VXLAN message Download PDFInfo
- Publication number
- CN106357652A CN106357652A CN201610850351.0A CN201610850351A CN106357652A CN 106357652 A CN106357652 A CN 106357652A CN 201610850351 A CN201610850351 A CN 201610850351A CN 106357652 A CN106357652 A CN 106357652A
- Authority
- CN
- China
- Prior art keywords
- vxlan message
- vxlan
- threshold
- message
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a method and a device for preventing attack of a VXLAN (virtual extensible local area network) message. The method and the device are applied to VTEP (VXLAN tunneling end point) of a VXLAN tunnel terminal. The method comprises the following steps of calculating the number of abnormal conditions of the received VXLAN messages carrying the nonlocal VN1; judging whether the calculated number of abnormal conditions of is greater than the preset first threshold value or not within the preset first unit time; when the number of abnormal conditions of is greater than the preset first threshold value, reducing the maximum number of processed VXLAN messages each second to the preset value. The method provided by the embodiment has the advantage that when the possible attack of the VXLAN message is determined, the maximum number of processed VXLAN messages each second is limited, so that the VTEP equipment can process the normal messages, thereby solving the problem of failure to process the messages (except the VXLAN messages) caused by the VTEP equipment always processing the faked VXLAN messages when a large amount of faked VXLAN messages is processed.
Description
Technical field
The application is related to communication technical field, particularly to a kind of method and apparatus of vxlan message attack protection.
Background technology
With the fast development of cloud computing, the virtualization degree more and more higher of data center, the requirement to physical network
Increasingly harsher, such as tor switch needs to support big specification mac address table;4094 vlan (virtual local area
Network, VLAN) magnanimity virtual machine cannot be divided;Need to support Network Isolation of multi-tenant etc..Exactly these demands
Make stacking network technology vxlan (virtual extensible local area network, virtual expansible LAN)
Arise at the historic moment.
However, in actual applications, may there is the attack of counterfeit vxlan message, attacker passes through counterfeit a large amount of
Vxlan message sends to vtep (vxlan tunneling end point, vxlan tunneling termination), counterfeit vxlan message
The process resource of vtep equipment can be taken so that vtep equipment does not have enough process resources to process the vxlan report receiving
Other messages beyond literary composition.
Content of the invention
In view of this, the application provides a kind of method and apparatus of vxlan message attack protection, a large amount of when existing for solving
During counterfeit vxlan message, counterfeit vxlan message takies the process resource of vtep equipment, leads to vtep equipment not enough
The problem to process the message beyond vxlan message for the process resource.
Specifically, the application is achieved by the following technical solution:
A kind of method of vxlan message attack protection, is applied to the vtep equipment of vxlan termination point of a tunnel, described vtep equipment
With its other vtep equipment neighbours each other in a network, methods described includes:
Count the abnormal quantity of the vxlan message carrying non-local vni receiving;
Judge whether the described abnormal quantity within default first unit interval counting is more than default first threshold
Value;
When described abnormal quantity is more than described first threshold, by the maximum quantity of process vxlan message per second for this equipment
It is reduced to preset value.
In the method for described vxlan message attack protection, also include:
When described abnormal quantity is less than or equal to described first threshold, normal process vxlan message.
In the method for described vxlan message attack protection, also include:
After the maximum quantity of process vxlan message that this equipment is per second is reduced to preset value, judge count pre-
If the second unit interval in described abnormal quantity whether be less than default Second Threshold;
When this abnormal quantity is less than described Second Threshold, will be extensive for the maximum quantity of process vxlan message per second for this equipment
It is initial value again.
In the method for described vxlan message attack protection, also include:
When this abnormal quantity is more than or equal to described Second Threshold, stop processing vxlan message;Or, stopping is processed
Vxlan message n second, and normal process vxlan message again after the n second.
In the method for described vxlan message attack protection, also include:
When stopping processing vxlan message, send alarm prompt;Described alarm prompt is used for pointing out user's investigation to attack
Source.
A kind of device of vxlan message attack protection, is applied to the vtep equipment of vxlan termination point of a tunnel, described vtep equipment
With its other vtep equipment neighbours each other in a network, described device includes:
Statistic unit, for counting the abnormal quantity of the vxlan message carrying non-local vni receiving;
Judging unit, whether the described abnormal quantity within default first unit interval for judging to count is more than
Default first threshold;
Arranging unit, for when described abnormal quantity is more than described first threshold, process vxlan per second for this equipment being reported
The maximum quantity of literary composition is reduced to preset value.
In the device of described vxlan message attack protection, also include:
Processing unit, for when described abnormal quantity is less than or equal to described first threshold, normal process vxlan is reported
Literary composition.
In the device of described vxlan message attack protection, also include:
Described judging unit, be further used for the maximum quantity of process vxlan message per second for this equipment is reduced to pre-
If after value, judge whether the described abnormal quantity within default second unit interval counting is less than default second threshold
Value;
Recovery unit, for when this abnormal quantity is less than described Second Threshold, by process vxlan message per second for this equipment
Maximum quantity revert to initial value.
In the device of described vxlan message attack protection, also include:
Terminate unit, for when this abnormal quantity is more than or equal to described Second Threshold, stopping processing vxlan message;
Or, stop processing the vxlan message n second, and normal process vxlan message again after the n second.
In the device of described vxlan message attack protection, also include:
Alarm Unit, for when stopping processing vxlan message, sending alarm prompt;Described alarm prompt is used for pointing out
User investigates attack source.
In the embodiment of the present application, vtep equipment passes through the exception of the vxlan message carrying non-local vni that statistics receives
Quantity, and judge whether the described abnormal quantity within default first unit interval counting is more than default first threshold
Value, if described abnormal quantity is more than described first threshold, the maximum quantity of process vxlan message per second for this equipment is reduced
To preset value.Achieve the abnormal quantity by counting the vxlan message carrying non-local vni receiving, to determine possibility
The vxlan message aggression existing, and determine there may be vxlan message aggression when, limit process vxlan message per second
Maximum quantity, thus solving when there is vxlan message counterfeit in a large number, counterfeit vxlan message takies vtep equipment
Process resource, leads to vtep equipment not have enough process resources to process the problem of the message beyond vxlan message.
Brief description
Fig. 1 is the flow chart of a kind of method of vxlan message attack protection shown in the application;
Fig. 2 is a kind of logic diagram of the device of vxlan message attack protection shown in the application;
Fig. 3 is a kind of hardware structure diagram of the device of vxlan message attack protection shown in the application.
Specific embodiment
In order that those skilled in the art more fully understand the technical scheme in the embodiment of the present invention, and make the present invention real
Apply the above-mentioned purpose of example, feature and advantage can become apparent from understandable, below in conjunction with the accompanying drawings to prior art and the present invention
Technical scheme in embodiment is described in further detail.
Vxlan encapsulates complete internal layer ether using udp (user datagram protocol, UDP)
Frame, common ether network packet is encapsulated in transmission in udp message.Because vxlan uses 24 vxlan network identifiers, therefore
Vxlan is maximum to support 16000000 logical addresses, much larger than maximum 4094 logical addresses supported of vlan, can be at some
Under applied environment (for example: extensive cloud computing center), preferably meet demand.
In vxlan network, according to the package mode of vxlan, a kind of network coverage of tunnel mode can be regarded as
Technology, endpoint of a tunnel vtep is used for the encapsulation of vxlan message and decapsulates, and passes through tunnel at one end to the other end after encapsulated message
Vtep sends the message of encapsulation.
Vtep equipment, after receiving message, judges the purpose udp port numbers of this message header and locally configured vxlan
Whether dedicated port numbers are consistent, if the purpose udp port numbers of this message header and locally configured vxlan dedicated port numbers one
Cause it is determined that this message is vxlan message.Vni (vxlan network in vtep equipment and then parsing vxlan header
Identifier, virtual expansible local net network identity), if the vni in header is identical with local vni, normally locate
Manage this vxlan message;If the vni in header is different from local vni, abandon this vxlan message.
However, in actual applications, network there may be the attack of counterfeit vxlan message, attacker can be counterfeit big
Amount vxlan message, counterfeit message is sent to vtep equipment, and counterfeit vxlan message can take the process money of vtep equipment
Source, leads to vtep equipment not have enough process resources to process the other messages beyond vxlan message.
For solving the above problems, the technical scheme of the embodiment of the present application, by determining that there may be vxlan message attacks
When hitting, limit the maximum quantity of process vxlan message per second so that in this case, the process resource of vtep equipment will not
Taken by counterfeit vxlan message, also process resource is used for processing normal message, thus solving counterfeit in a large number when existing
During vxlan message, counterfeit vxlan message takies the process resource of vtep equipment, leads to vtep equipment not have enough process
Resource is processing the problem of the message beyond vxlan message.
Referring to Fig. 1, it is an embodiment flow chart of the method for the application vxlan message attack protection, the holding of this embodiment
Row main body is vtep equipment, this vtep equipment with its other vtep equipment neighbours each other in a network;Methods described includes
Following steps:
Step 101: count the abnormal quantity of the vxlan message carrying non-local vni receiving.
Step 102: judge the described abnormal quantity within default first unit interval counting whether more than default
First threshold.
Step 103: when described abnormal quantity is more than described first threshold, by process vxlan message per second for this equipment
Maximum quantity is reduced to preset value.
Above-mentioned vtep equipment, can support multiple vxlan networks, for being packaged to the message from multiple vxlan
And decapsulation.
Above-mentioned non-local vni, refers to the other vxlan in addition to the multiple vxlan networks that vtep equipment is supported
Network identifier.Vtep equipment, after receiving the vxlan message carrying non-local vni, can abandon this vxlan message.
In the related, because the safety in existing vxlan implementation, not designing counterfeit vxlan message is prevented
Shield, therefore vtep equipment generally cannot protect the attack of counterfeit vxlan message, when there is vxlan counterfeit in a large number on network
During message, probably due to processing vxlan message to lead to do not have enough process resources to process the other in addition to vxlan message
Message.
For solving the above problems, in this example, the vxlan message carrying non-local vni that can be received by statistics
Abnormal quantity, to determine vxlan message aggression that may be present, and in the case of there may be vxlan message aggression, limit
The maximum quantity making process vxlan message per second is so that vtep, when receiving vxlan message counterfeit in a large number, can have foot
Enough process resources are processing the message beyond vxlan message.
In this example, after vtep equipment receives message, may determine that purpose udp port numbers and the basis of this message first
Whether the vxlan dedicated port numbers of ground configuration are consistent;
If the purpose udp port numbers of this message header are consistent with locally configured vxlan dedicated port numbers, show this report
Literary composition is vxlan message, and for this vxlan message, vtep equipment can parse vni in the heading of this vxlan message further
The vni carrying in field, to determine whether the vni carrying in this vxlan message is non-local vni.
On the one hand, if arbitrary in the vni carrying in the vni field in heading and locally-supported multiple vxlan
The vni of vxlan is identical, shows that the message receiving is normal vxlan message, now can be with this vxlan message of normal process.
On the other hand, if the vni in header is all different from the vni of locally-supported multiple vxlan, show to receive
Message is probably counterfeit vxlan message.
When receive carry non-local vni vxlan message when, now vtep equipment can enter detection state, right
The abnormal quantity of the vxlan message carrying non-local vni receiving is counted, and abandon after statistics completes carry non-
The vxlan message of local vni.
Wherein, when statistics carries the abnormal quantity of vxlan message of non-local vni, can be by enabling a counting
Enumerator, when receiving a vxlan message carrying non-local vni, now can plus one, by that analogy, by this by device
The mode of kind, can count to the vxlan message carrying non-local vni in real time.
In this example, vtep equipment, after carrying out statistics a period of time, can judge according to default first unit interval
Whether the above-mentioned abnormal quantity within this first unit interval is more than default first threshold;Wherein, the first unit interval and
One threshold value can be configured according to specific applied environment, and for example, the first unit interval can be 5 minutes, and first threshold can
To be 15000, when vtep equipment is to carrying the vxlan counting messages of non-local vni by 5 minutes, judge in this period
Whether abnormal quantity is more than 15000.
Wherein, when the abnormal quantity in the first unit interval is less than or equal to first threshold, that is, vtep equipment was at 5 minutes
When the abnormal quantity that interior statistics obtains is less than or equal to 15000, vtep equipment maintains detection state, continues what statistics received
Carry the abnormal quantity of the vxlan message of non-local vni, and normal process vxlan message.
In addition, when the abnormal quantity in the first unit interval is more than first threshold, that is, vtep equipment counted in 5 minutes
When the abnormal quantity arriving is more than 15000, illustrate in network, to there may be the attack of counterfeit vxlan message.
In this case, vtep equipment can be switched to monitor state from detection state, counterfeit to may face
The attack of vxlan message carries out security protection.
In this example, after being switched to monitor state, vtep equipment can be by process vxlan message per second for vtep equipment
Maximum quantity is reduced to preset value.Wherein, this preset value is obviously smaller than the initial of the maximum quantity of process vxlan message per second
Value, can be configured according to applied environment, for example, this preset value can be 1000.
It can be seen that, in this way, when the attack of counterfeit vxlan message that may be present in networking, vtep equipment can
With the maximum quantity by limiting process vxlan message per second, it is that the message beyond vxlan message reserves certain process money
Source, makes vtep equipment have enough process resources to go to process normal message, thus solving as presence vxlan counterfeit in a large number
During message, the problem of the message beyond impact vtep equipment process vxlan message.
In this example, vtep equipment switches to monitor state, the maximum quantity of process vxlan message per second is reduced to pre-
If after value, now vtep equipment can continue to count the abnormal quantity of the vxlan message carrying non-local vni receiving, and
After statistics a period of time, the above-mentioned exception within this second unit interval can be judged according to default second unit interval
Whether quantity is less than default Second Threshold.
Wherein, the second unit interval and Second Threshold can be configured according to specific applied environment, during the second unit
Between can identical with above-mentioned first unit interval it is also possible to differ.For example, it is assumed that the first unit interval was 5 minutes, then permissible
Second unit interval was also configured as 5 minutes.It is of course also possible to the second unit interval was set to one is more than or less than the
The value of one unit interval.The application ring being lowered due to the maximum quantity that Second Threshold is directed to process vxlan message per second
Border, so the ratio of Second Threshold and the second unit interval is less than the ratio of first threshold and the first unit interval.
For example, in one example, can be set to 6 minutes the second unit interval, Second Threshold is set to
12000.When vtep equipment is after being reduced to 1000 by the maximum quantity of process vxlan message per second, can continue to count 6 minutes
The abnormal quantity of the vxlan message carrying non-local vni inside receiving, and after the completion of statistics, judge above-mentioned abnormal quantity
Whether it is less than 12000.
Wherein, when the abnormal quantity in the second unit interval is less than Second Threshold, that is, vtep equipment counted in 6 minutes
When the abnormal quantity arriving is less than 12000, the attack that may there is not counterfeit vxlan message in network is described, now,
Vtep equipment can switch back into detection state from monitor state, and the maximum quantity of process vxlan message per second is reverted to initially
Value, normal process message, and continue to count the abnormal quantity of the vxlan message carrying non-local vni receiving.
In addition, when the abnormal quantity in the second unit interval is more than or equal to Second Threshold, that is, vtep equipment is in 6 minutes
When counting the abnormal quantity obtaining more than or equal to 12000, then show in network, to yet suffer from attacking of counterfeit vxlan message
Hit.
When vtep equipment determines the attack that there is counterfeit vxlan message in network, in one case, vtep equipment
Process vxlan message can be suspended, and send alarm prompt, point out user's investigation attack source.
It can be seen that, process vxlan message by suspending, and send alarm, user can be pointed out to there is currently attack, by user
Attack source is investigated in time out.
Wherein, the time out of vtep equipment can be configured according to the situation of practical application.Such as, can be temporary by this
It is set to a long period that be enough to make user can exclude attack source in this time out between the stopping time.
After the time out of vtep equipment terminates, no matter whether user investigates out attack source, and vtep equipment all can recover
To detection state, while normal process message, continue the different of the vxlan message carrying non-local vni that statistics receives
Constant amount.
For example, it is assumed that time out is the n second, then vtep equipment, when determination has vxlan message aggression, can stop locating
Reason vxlan message n second, and normal process vxlan message again after the n second.
If user is unsuccessful investigates attack source, when vtep equipment checks again for out this attack source, still can be to per second
The maximum quantity processing vxlan message is reduced to preset value, and then again pauses for processing vxlan message.So, deposit in a network
In the case of the attack of counterfeit vxlan message, vtep equipment can limit to the process resource processing vxlan message,
The impact attacked to this equipment of counterfeit vxlan message is made to be down to minimum.
Certainly, if user successfully investigates attack source, now vtep equipment still may proceed to potential attack is carried out
Detection is it is ensured that internet security.
In another case, when vtep equipment determines the attack that there is counterfeit vxlan message in network, except can
Process vxlan message to suspend, can also completely stop processing vxlan message (i.e. the value of above-mentioned n is infinitely great), and send announcement
Alert prompting prompting user's investigation attack source.
In the attack confirming to there is counterfeit vxlan message, stop process vxlan message and can save unnecessary place
The waste of reason resource, and send alarm prompt and user can be allowed to know the attack of presence, attack source is investigated by user, thus eliminating
The attack of counterfeit vxlan message.After user solves attack source, vtep equipment can be with the instruction of receive user, again
Start to process vxlan message.
In sum, vtep equipment passes through the abnormal quantity of the vxlan message carrying non-local vni that statistics receives,
To determine vxlan message aggression that may be present, and when there may be vxlan message aggression, to limit process vxlan report per second
The maximum quantity of literary composition, a step card of going forward side by side whether there is vxlan message aggression, is determining the situation that there is vxlan message aggression
Under, suspend and process vxlan message, and send alarm prompt and allow user's investigation measure such as attack source, make vxlan message aggression pair
Minimum is down in the impact of vtep equipment, solves when there is vxlan message counterfeit in a large number, vtep equipment processes counterfeit always
Vxlan message, lead to the problem that the message beyond vxlan message cannot be processed.
Corresponding with the embodiment of the method for vxlan message attack protection of the present invention, present invention also offers for execution
State the embodiment of the device of embodiment of the method.
Referring to Fig. 2, it is an embodiment block diagram of the device of vxlan message attack protection of the present invention:
As shown in Fig. 2 the device 20 of this vxlan message attack protection includes:
Statistic unit 210, for counting the abnormal quantity of the vxlan message carrying non-local vni receiving.
Whether judging unit 220, for judging the described abnormal quantity within default first unit interval that counts
More than default first threshold.
Arranging unit 230, for when described abnormal quantity is more than described first threshold, by process per second for this equipment
The maximum quantity of vxlan message is reduced to preset value.
In this example, described device also includes:
Processing unit 240, for when described abnormal quantity be less than or equal to described first threshold when, normal process vxlan
Message.
In this example, described device also includes:
Described judging unit 220, is further used for being reduced to the maximum quantity of process vxlan message per second for this equipment
After preset value, judge whether the described abnormal quantity within default second unit interval counting is less than default second threshold
Value.
Recovery unit 250, for when this abnormal quantity is less than described Second Threshold, by process vxlan per second for this equipment
The maximum quantity of message reverts to initial value.
In this example, described device also includes:
Terminate unit 260, for when this abnormal quantity is more than or equal to described Second Threshold, stopping processing vxlan report
Literary composition;Or, stop processing the vxlan message n second, and normal process vxlan message again after the n second.
In this example, described device also includes:
Alarm Unit 270, for when stopping processing vxlan message, sending alarm prompt;Described alarm prompt is used for carrying
Show user's investigation attack source.
The embodiment of the device of the application vxlan message attack protection can be applied on vtep equipment.Device embodiment can
To be realized by software it is also possible to realize in the way of by hardware or software and hardware combining.As a example implemented in software, as one
Device on logical meaning, is by computer journey corresponding in nonvolatile memory by the processor of its place vtep equipment
Sequence instruction reads and runs formation in internal memory.For hardware view, as shown in figure 3, being the application vxlan message attack protection
Device place vtep equipment a kind of hardware structure diagram, except the processor shown in Fig. 3, internal memory, network interface and non-easily
Outside the property lost memorizer, the reality of the device generally according to this vxlan message attack protection for the vtep equipment at device place in embodiment
Border function, can also include other hardware, this is repeated no more.
In said apparatus, the process of realizing of the function of unit and effect specifically refers to corresponding step in said method
Realize process, will not be described here.
For device embodiment, because it corresponds essentially to embodiment of the method, thus real referring to method in place of correlation
The part applying example illustrates.Device embodiment described above is only schematically, wherein said as separating component
The unit illustrating can be or may not be physically separate, as the part that unit shows can be or can also
It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to actual
Need to select the purpose to realize application scheme for some or all of module therein.Those of ordinary skill in the art are not paying
In the case of going out creative work, you can to understand and to implement.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all essences in the application
Within god and principle, any modification, equivalent substitution and improvement done etc., should be included within the scope of the application protection.
Claims (10)
1. a kind of method of vxlan message attack protection, is applied to the vtep equipment of vxlan termination point of a tunnel, described vtep equipment with
Its other vtep equipment in a network each other neighbours it is characterised in that methods described includes:
Count the abnormal quantity of the vxlan message carrying non-local vni receiving;
Judge whether the described abnormal quantity within default first unit interval counting is more than default first threshold;
When described abnormal quantity is more than described first threshold, the maximum quantity of process vxlan message per second for this equipment is reduced
To preset value.
2. method according to claim 1 is it is characterised in that methods described also includes:
When described abnormal quantity is less than or equal to described first threshold, normal process vxlan message.
3. method according to claim 1 is it is characterised in that methods described also includes:
After the maximum quantity of process vxlan message that this equipment is per second is reduced to preset value, judge count default
Whether the described abnormal quantity in the second unit interval is less than default Second Threshold;
When this abnormal quantity is less than described Second Threshold, the maximum quantity of process vxlan message per second for this equipment is reverted to
Initial value.
4. method according to claim 3 is it is characterised in that methods described also includes:
When this abnormal quantity is more than or equal to described Second Threshold, stop processing vxlan message;Or, stop processing vxlan
Message n second, and normal process vxlan message again after the n second.
5. method according to claim 4 is it is characterised in that methods described also includes:
When stopping processing vxlan message, send alarm prompt;Described alarm prompt is used for pointing out user's investigation attack source.
6. a kind of device of vxlan message attack protection, is applied to the vtep equipment of vxlan termination point of a tunnel, described vtep equipment with
Its other vtep equipment in a network each other neighbours it is characterised in that described device includes:
Statistic unit, for counting the abnormal quantity of the vxlan message carrying non-local vni receiving;
Whether judging unit, for judging the described abnormal quantity within default first unit interval counting more than default
First threshold;
Arranging unit, for when described abnormal quantity is more than described first threshold, by process vxlan message per second for this equipment
Maximum quantity is reduced to preset value.
7. device according to claim 6 is it is characterised in that described device also includes:
Processing unit, for when described abnormal quantity be less than or equal to described first threshold when, normal process vxlan message.
8. device according to claim 6 is it is characterised in that described device also includes:
Described judging unit, is further used for for the maximum quantity of process vxlan message per second for this equipment being reduced to preset value
Afterwards, judge whether the described abnormal quantity within default second unit interval counting is less than default Second Threshold;
Recovery unit, for when this abnormal quantity be less than described Second Threshold when, by process vxlan message per second for this equipment
Big quantity reverts to initial value.
9. device according to claim 8 is it is characterised in that described device also includes:
Terminate unit, for when this abnormal quantity is more than or equal to described Second Threshold, stopping processing vxlan message;Or,
Stop processing the vxlan message n second, and normal process vxlan message again after the n second.
10. device according to claim 9 is it is characterised in that described device also includes:
Alarm Unit, for when stopping processing vxlan message, sending alarm prompt;Described alarm prompt is used for pointing out user
Investigation attack source.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610850351.0A CN106357652B (en) | 2016-09-26 | 2016-09-26 | Method and device for preventing VXLAN message from being attacked |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610850351.0A CN106357652B (en) | 2016-09-26 | 2016-09-26 | Method and device for preventing VXLAN message from being attacked |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106357652A true CN106357652A (en) | 2017-01-25 |
CN106357652B CN106357652B (en) | 2019-12-06 |
Family
ID=57858748
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610850351.0A Active CN106357652B (en) | 2016-09-26 | 2016-09-26 | Method and device for preventing VXLAN message from being attacked |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106357652B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107204896A (en) * | 2017-05-22 | 2017-09-26 | 迈普通信技术股份有限公司 | Handle method, device and the VTEP equipment of VXLAN messages |
CN110519265A (en) * | 2019-08-27 | 2019-11-29 | 新华三信息安全技术有限公司 | A kind of method and device of defensive attack |
CN112887317A (en) * | 2021-01-30 | 2021-06-01 | 北京中安星云软件技术有限公司 | Method and system for protecting database based on VXLAN network |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101355419A (en) * | 2008-08-22 | 2009-01-28 | 成都市华为赛门铁克科技有限公司 | Method and apparatus for avoiding network attack |
CN105591841A (en) * | 2015-12-31 | 2016-05-18 | 盛科网络(苏州)有限公司 | Connectivity detection method of VXLAN tunnel |
-
2016
- 2016-09-26 CN CN201610850351.0A patent/CN106357652B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101355419A (en) * | 2008-08-22 | 2009-01-28 | 成都市华为赛门铁克科技有限公司 | Method and apparatus for avoiding network attack |
CN105591841A (en) * | 2015-12-31 | 2016-05-18 | 盛科网络(苏州)有限公司 | Connectivity detection method of VXLAN tunnel |
Non-Patent Citations (1)
Title |
---|
SEBASTIAN JEUK等: "Network segmentation in the cloud a novel architecture based on UCC and IID", 《2015 IEEE 4TH INTERNATIONAL CONFERENCE ON CLOUD NETWORKING》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107204896A (en) * | 2017-05-22 | 2017-09-26 | 迈普通信技术股份有限公司 | Handle method, device and the VTEP equipment of VXLAN messages |
CN110519265A (en) * | 2019-08-27 | 2019-11-29 | 新华三信息安全技术有限公司 | A kind of method and device of defensive attack |
CN112887317A (en) * | 2021-01-30 | 2021-06-01 | 北京中安星云软件技术有限公司 | Method and system for protecting database based on VXLAN network |
Also Published As
Publication number | Publication date |
---|---|
CN106357652B (en) | 2019-12-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108040057B (en) | Working method of SDN system suitable for guaranteeing network security and network communication quality | |
CN104601568B (en) | Virtualization security isolation method and device | |
CN108551446A (en) | SYN message processing methods, device, fire wall and the storage medium of attack protection | |
US20120317566A1 (en) | Virtual machine packet processing | |
CN107395632B (en) | SYN Flood protection method, device, cleaning equipment and medium | |
JP2008165796A (en) | Network security element utilizing end point resource | |
US11689501B2 (en) | Data transfer method and virtual switch | |
CN104137513A (en) | Protection method and device against attacks | |
CN107360182B (en) | Embedded active network defense system and defense method thereof | |
CN106357652A (en) | Method and device for preventing attack of VXLAN message | |
CN107241294B (en) | Network flow processing method and device, cleaning equipment and network equipment | |
CN114567481B (en) | Data transmission method and device, electronic equipment and storage medium | |
CN105429975B (en) | A kind of data safety system of defense, method and cloud terminal security system based on cloud terminal | |
CN113923273A (en) | Data packet control method and related device | |
CN112887312B (en) | Slow protocol message processing method and related device | |
US9591025B2 (en) | IP-free end-point management appliance | |
EP3133790B1 (en) | Message sending method and apparatus | |
CN114640574B (en) | Main and standby equipment switching method and device | |
CN102546387B (en) | Method, device and system for processing data message | |
CN102986194B (en) | Network security processing method, system and network interface card | |
CN113259387B (en) | Method for preventing honeypot from being controlled to jump board machine based on virtual exchange | |
CN104348785B (en) | The method, apparatus and system for preventing host PMTU from attacking in IPv6 nets | |
CN114598675A (en) | Control method, device, equipment and medium for realizing host blocking based on ARP | |
CN106067864B (en) | Message processing method and device | |
CN113992347B (en) | Message processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
CB02 | Change of applicant information | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |