CN106559342A - It is a kind of based on the protocol port guard method of SDN, device and system - Google Patents

It is a kind of based on the protocol port guard method of SDN, device and system Download PDF

Info

Publication number
CN106559342A
CN106559342A CN201610991115.0A CN201610991115A CN106559342A CN 106559342 A CN106559342 A CN 106559342A CN 201610991115 A CN201610991115 A CN 201610991115A CN 106559342 A CN106559342 A CN 106559342A
Authority
CN
China
Prior art keywords
message
address
protocol port
source
sdn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610991115.0A
Other languages
Chinese (zh)
Inventor
翟跃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Feixun Data Communication Technology Co Ltd
Original Assignee
Shanghai Feixun Data Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Feixun Data Communication Technology Co Ltd filed Critical Shanghai Feixun Data Communication Technology Co Ltd
Priority to CN201610991115.0A priority Critical patent/CN106559342A/en
Publication of CN106559342A publication Critical patent/CN106559342A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/20Traffic policing

Abstract

The present invention provides a kind of based on the protocol port guard method of SDN, device and system, and wherein method includes:Controller pre-sets the protocol port protection algorism configuration task sequence based on SDN, and the task sequence includes static protocol port Policy Table;What desampler was reported does not match the message of flow table, obtains source IP address, purpose IP address and the type of message of message, matched static protocol port Policy Table;If there is matching list item, network topology structure is obtained then, forward-path is determined according to source IP address, purpose IP address and network topology structure, and forward-path is added in flow table is handed down to switch, so that switch forwards the message according to the forward-path.The present invention is based on SDN, and all of configuration all concentrates on controller, and configuration is conveniently simple.

Description

It is a kind of based on the protocol port guard method of SDN, device and system
Technical field
Embodiment of the present invention is related to data communication technology field, more particularly to a kind of based on SDN (Software Defined Network, software defined network) webpage level load equalization methods, device and system.
Background technology
Attack of traditional protocol port protection algorism for protection equipment not by other users on network to port, Under default conditions, each protocol status on each access interface of equipment are to close, the related protocol report that miscellaneous equipment is sended over Text will not be processed by system, will not thus be attacked.Only after the related protocol on the port is enabled, the port of the agreement Number just it is released, system just can normal process.
Traditional protocol port protection algorism whole process is as shown in Figure 1.Client and server is communicated by switch, Such as switch S1 and switch S2.During client's point sends message to server, switch S1 and switch S2 point Protocol port protection is not carried out.
In implementing the present invention, it may, inventor has found prior art, and at least there are the following problems:
Traditional protocol port protection algorism is that, based on a certain forwarding unit, Control granularity is based only on port, causes Control granularity is excessive, and entirely configuration is distributed, and configuration is complicated and easily malfunctions.
It should be noted that above the introduction of technical background is intended merely to it is convenient technical scheme is carried out it is clear, Complete explanation, and facilitate the understanding of those skilled in the art and illustrate.Can not be merely because these schemes be the present invention's Background section is set forth and thinks that above-mentioned technical proposal is known to those skilled in the art.
The content of the invention
For the problems referred to above, the purpose of embodiment of the present invention is to provide a kind of protocol port protection side based on SDN Method, device and system, the protocol port protection based on SDN is end-to-end, is uniformly controlled by controller, and all of configuration all collects In in controller, configuration is convenient and simple.
For achieving the above object, embodiment of the present invention provides a kind of protocol port guard method based on SDN, including: Controller pre-sets the protocol port protection algorism configuration task sequence based on SDN, and the task sequence includes static agreement Port policy table, the configuration field of the static protocol port Policy Table include source IP address, purpose IP address and type of message; What controller desampler was reported does not match the message of flow table, obtains source IP address, purpose IP address and the report of the message Literary type, and the source IP address according to the message, purpose IP address and type of message match the static protocol port strategy Table;If there is matching list item in the static protocol port Policy Table, controller obtains network topology structure, according to described The source IP address of message, purpose IP address and the network topology structure determine forward-path, and forward-path is added to stream Switch is handed down in table, so that switch forwards the message according to the forward-path.
Further, the protocol port protection algorism configuration task sequence based on SDN also includes:Association based on SDN View port protection algorithm function, for opening or closing the protocol port protection algorism function based on SDN;The static agreement end In mouth Policy Table, the source IP address specifies the source IP address of stream, and the purpose IP address specify the purpose IP address of stream, described Type of message includes the message for needing to carry out flow control.
Further, the message for not matching flow table that the controller desampler is reported, including:When message is entered into After SDN, access switch obtains source IP address, purpose IP address and the type of message of message, and according to the message Source IP address, purpose IP address and type of message inquiry flow table, if message matching flow table, by the message according to stream Forward-path in table is forwarded;If the message does not match flow table, the message is reported into controller.
Further, if described have matching list item in the static protocol port Policy Table, controller obtains net Network topological structure, the source IP address, purpose IP address and the network topology structure according to the message determine forward-path, and Forward-path is added in flow table and is handed down to switch, including:Source IP address, purpose IP ground of the controller according to the message Location and type of message match the static protocol port Policy Table;If there is matching list in the static protocol port Policy Table , then controller finds protocol generation network topology according to linking layer, source IP address, purpose IP address according to the message and The network topology structure determines forward-path, and according to the matching list item of the static protocol port Policy Table to the forwarding On path, all switches issue flow table;If there is no matching list item, controller in the static protocol port Policy Table Abandon the message.
Further, methods described also includes:The flow table that switch in SDN and controller are supported is expanded, is expanded The matching field of flow table afterwards includes source IP address, purpose IP address and type of message;According to source IP address, purpose IP address and Type of message matches the flow table, if it does, normal forward;If mismatched, it is sent to controller and goes to matched static agreement end Mouth Policy Table;The static protocol port Policy Table is matched according to source IP address, purpose IP address and type of message, if Match somebody with somebody, issue flow table, then the protocol port number of this stream on forward-path is released;If mismatched, dropping packets.
For achieving the above object, embodiment of the present invention also provides a kind of protocol port protection system based on SDN, bag Include:Switch, for the message of flow table is not matched to controller report;Controller, for pre-setting the agreement end based on SDN Mouth protection algorism configuration task sequence, the task sequence include static protocol port Policy Table, the static protocol port plan The configuration field of sketch form includes source IP address, purpose IP address and type of message;What desampler was reported does not match flow table Message, obtains source IP address, purpose IP address and the type of message of the message, and the source IP address according to the message, mesh IP address and type of message match the static protocol port Policy Table;If existed in the static protocol port Policy Table List item is matched, then controller obtains network topology structure, the source IP address, purpose IP address and the network according to the message Topological structure determines forward-path, and forward-path is added in flow table is handed down to switch;The switch, is additionally operable to root The message is forwarded according to the forward-path.
For achieving the above object, embodiment of the present invention also provides a kind of control dress that the protocol port based on SDN is protected Put, including:First processing module, for pre-setting the protocol port protection algorism configuration task sequence based on SDN, described Business sequence includes static protocol port Policy Table, and the configuration field of the static protocol port Policy Table includes source IP address, mesh IP address and type of message;Second processing module, for the message for not matching flow table that desampler is reported, obtains described The source IP address of message, purpose IP address and type of message, and the source IP address according to the message, purpose IP address and message Static protocol port Policy Table described in type matching;3rd processing module, if in the static protocol port Policy Table There is matching list item, then obtain network topology structure, the source IP address, purpose IP address and the network according to the message is opened up Structure determination forward-path is flutterred, and forward-path is added in flow table is handed down to switch, so that switch is according to described turn Send out path and forward the message.
Therefore, the present invention provide based on the protocol port guard method of SDN, device and system, by controller It is pre-configured with the protocol port protection algorism function based on SDN and the list item of static protocol port Policy Table is set, according to report The source IP address of text, purpose IP address and type of message match the flow table, if it does, normal forward;If mismatched, send Matched static protocol port Policy Table is gone toward controller;Matched according to source IP address, purpose IP address and type of message described quiet State protocol port Policy Table, if it does, issuing flow table, then the protocol port number of this stream on forward-path is released;If Mismatch, dropping packets.So as to realize being uniformly controlled by controller, all of configuration all concentrates on controller, configuration it is convenient and Simply.
Description of the drawings
In order to be illustrated more clearly that embodiment of the present invention or technical scheme of the prior art, below will be to embodiment Or accompanying drawing to be used simply is introduced one by one needed for description of the prior art, it should be apparent that, drawings in the following description are Some embodiments of the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, also Other accompanying drawings can be obtained according to these accompanying drawings.
Fig. 1 is traditional protocol port protection schematic diagram;
The configuration diagram of the protocol port protection system based on SDN that Fig. 2 is provided for embodiment of the present invention;
The schematic flow sheet of the protocol port guard method based on SDN that Fig. 3 is provided for embodiment of the present invention;
Fig. 4 is the application example schematic diagram based on method shown in Fig. 3;
The structural representation of the device that protocol port of the control that Fig. 5 is provided for embodiment of the present invention based on SDN is protected.
Specific embodiment
To make purpose, technical scheme and the advantage of embodiment of the present invention clearer, below in conjunction with present invention enforcement Accompanying drawing in mode, is clearly and completely described to the technical scheme in embodiment of the present invention, it is clear that described reality The mode of applying is a part of embodiment of the invention, rather than the embodiment of whole.Based on the embodiment in the present invention, ability The every other embodiment obtained under the premise of creative work is not made by domain those of ordinary skill, belongs to the present invention The scope of protection.
SDN is a kind of new network architecture, and which can pass through OpenFlow (open flows) technologies by the control of the network equipment Face processed is separated with data surface, so as to realize the flexible control to network traffics.In SDN, comprising realizing chain of command function Controller and some switches for realizing data surface function.
Embodiment of the present invention provides a kind of protocol port protection system based on SDN, as shown in Fig. 2 wrapping in SDN Controller and switch are included, wherein the switch in SDN is by the controller management concentrated.Additionally, client and server Connect with switch respectively, communicated by SDN.
Embodiment of the present invention provides a kind of protocol port guard method based on SDN.Fig. 3 is referred to, methods described should For the controller in SDN, comprise the following steps:
Step S31:Controller pre-sets the protocol port protection algorism configuration task sequence based on SDN.
In the present embodiment, controller pre-sets the protocol port protection algorism configuration task sequence based on SDN, should The configuration item of task sequence includes the protocol port protection algorism function based on SDN and static protocol port Policy Table, wherein institute It is to open or close the protocol port protection algorism function based on SDN to state based on the protocol port protection algorism function of SDN, described Static protocol port Policy Table is that user concentrates the static protocol port Policy Table of configuration on the controller, shown in table specific as follows 1.
Table 1
Further, privately owned static protocol port Policy Table can be by user's static configuration, shown in table specific as follows 2.
Table 2
Step S32:The list item of static protocol port Policy Table is configured on the controller.
In the present embodiment, privately owned static protocol port Policy Table can be by user's static configuration, according to pre-setting Static protocol port Policy Table, table of the user according to configuration field static configuration static state protocol port Policy Table on the controller .
Step S33:What controller desampler was reported does not match the message of flow table, obtains the source IP ground of the message Location, purpose IP address and type of message.
In the present embodiment, after message enters into SDN, access switch obtains the source IP address of message, mesh IP address and type of message, and the source IP address according to the message, purpose IP address and type of message inquiry flow table, if The message matches flow table, then the message is forwarded according to the forward-path in flow table;If the message is not matched Flow table, then report controller by the message.
When desampler report do not match flow table message when, from the message obtain message source IP address, Purpose IP address and type of message.
Step S34:Controller matches the static state according to the source IP address of the message, purpose IP address and type of message Protocol port Policy Table, if matching list item, carries out step S35;If not matching list item, step S36 is carried out.
Step S35:Controller obtains network topology structure, the source IP address, purpose IP address and institute according to the message State network topology structure and determine forward-path, and forward-path is added in flow table is handed down to switch, so that switch root The message is forwarded according to the forward-path.
In the present embodiment, if there is matching list item in the static protocol port Policy Table, controller according to LLDP (Link Layer Discovery Protocol, linking layer have found agreement) generates network topology.
And, controller determines according to the source IP address of the message, purpose IP address and the network topology structure and turns Path is sent out, stream is issued to all switches on the forward-path according to the matching list item of the static protocol port Policy Table Table, so that the switch for receiving the flow table forwards the message according to the forward-path.
Step S36:Abandon the message.
In the present embodiment, if not matching list item in the static protocol port Policy Table, can be by institute State message directly to abandon.
Additionally, with unlike prior art, the flow table that in the present embodiment switch in SDN and controller are supported Expanded, the concrete content for expanding is as shown in table 3.
Table 3
Fig. 4 is application example schematic diagram.Client and server is communicated by SDN.
Controller arranges protocol port protection algorism configuration task sequence based on SDN, wherein the task sequence based on To open, the list item of static protocol port Policy Table is configured to source IP 10.1.1.1 to the protocol port protection algorism function of SDN, Purpose IP 100.1.1.1, protocol number are TFTP.
After message enters SDN, source IP address, purpose IP address and the type of message of message, the source IP of flow one are obtained 10.1.1.1, purpose IP 100.1.1.1, type of message are FTP, then the list item of flow one and static protocol port Policy Table is not Matching, is prohibited;The source IP 10.1.1.1 of flow two, purpose IP 100.1.1.1, type of message are TFTP, then two He of flow The list item matching of static protocol port Policy Table, can pass through.
Please continue to refer to Fig. 2.Embodiment of the present invention provides a kind of protocol port protection system based on SDN, including:
Switch, for the message of flow table is not matched to controller report;
Controller, for pre-setting the protocol port protection algorism configuration task sequence based on SDN, the task sequence Including static protocol port Policy Table, the configuration field of the static protocol port Policy Table includes source IP address, purpose IP ground Location and type of message;What desampler was reported does not match the message of flow table, obtains source IP address, the purpose IP ground of the message Location and type of message, and the source IP address according to the message, purpose IP address and type of message match the static agreement end Mouth Policy Table;If there is matching list item in the static protocol port Policy Table, controller obtains network topology structure, root Forward-path is determined according to the source IP address of the message, purpose IP address and the network topology structure, and forward-path is added Switch is handed down in being added to flow table;
The switch, is additionally operable to forward the message according to the forward-path..
Wherein,
The switch, specifically for:After message enters into SDN, access switch obtains the source IP ground of message Location, purpose IP address and type of message, and the source IP address according to the message, purpose IP address and type of message inquiry stream Table, if message matching flow table, the message is forwarded according to the forward-path in flow table;If the message Flow table is not matched, then the message is reported into controller.
The controller, specifically for:Source IP address, purpose IP address and type of message matching institute according to the message State static protocol port Policy Table;If there is matching list item in the static protocol port Policy Table, sent out according to linking layer Existing protocol generation network topology, source IP address, purpose IP address and the network topology structure determination according to the message turn Path is sent out, and stream is issued to all switches on the forward-path according to the matching list item of the static protocol port Policy Table Table;If there is no matching list item in the static protocol port Policy Table, the message is abandoned.
Refer to Fig. 5.Embodiment of the present invention provides a kind of control device that the protocol port based on SDN is protected, including:
First processing module, for pre-setting the protocol port protection algorism configuration task sequence based on SDN, described Business sequence includes static protocol port Policy Table, and the configuration field of the static protocol port Policy Table includes source IP address, mesh IP address and type of message;
Second processing module, for the message for not matching flow table that desampler is reported, obtains the source IP of the message Address, purpose IP address and type of message, and the source IP address according to the message, purpose IP address and type of message matching institute State static protocol port Policy Table;
3rd processing module, if for there is matching list item in the static protocol port Policy Table, obtaining network Topological structure, the source IP address, purpose IP address and the network topology structure according to the message determine forward-path, and will Forward-path is handed down to switch in being added to flow table, so that switch forwards the message according to the forward-path.
Wherein,
3rd processing module, specifically for:Source IP address, purpose IP address and type of message according to the message Match the static protocol port Policy Table;If there is matching list item in the static protocol port Policy Table, according to chain Connect layer and find protocol generation network topology, the source IP address, purpose IP address and the network topology structure according to the message Determine forward-path, and according to the matching list item of the static protocol port Policy Table to all switches on the forward-path Issue flow table;If there is no matching list item in the static protocol port Policy Table, the message is abandoned.
The particular technique details of the above-mentioned protocol port protection device based on SDN being related to and system and it is based on SDN Protocol port guard method in it is similar, therefore here is no longer specifically repeated.
Therefore, the present invention provide based on the protocol port guard method of SDN, device and system, by controller It is pre-configured with the protocol port protection algorism function based on SDN and the list item of static protocol port Policy Table is set, according to report The source IP address of text, purpose IP address and type of message match the flow table, if it does, normal forward;If mismatched, send Matched static protocol port Policy Table is gone toward controller;Matched according to source IP address, purpose IP address and type of message described quiet State protocol port Policy Table, if it does, issuing flow table, then the protocol port number of this stream on forward-path is released;If Mismatch, dropping packets.So as to realize being uniformly controlled by controller, all of configuration all concentrates on controller, configuration it is convenient and Simply.
Each embodiment in this specification is described by the way of progressive, identical similar between each embodiment Part mutually referring to what each embodiment was stressed is the difference with other embodiment.
Finally it should be noted that:Description to the various embodiments of the present invention above is supplied to ability with the purpose for describing Field technique personnel.It is not intended to exhaustion or be not intended to limit the invention to single disclosed embodiment.As above institute State, the various replacements of the present invention and change are will be apparent for above-mentioned technology one of ordinary skill in the art.Therefore, Although specifically discuss the embodiment of some alternatives, other embodiment will be apparent, or ability Field technique personnel relatively easily draw.It is contemplated that all replacements of the present invention discussed including here, modification and Change, and the other embodiment in the spirit and scope of above-mentioned application that falls.

Claims (10)

1. a kind of protocol port guard method based on SDN, it is characterised in that include:
Controller pre-sets the protocol port protection algorism configuration task sequence based on SDN, and the task sequence includes static state Protocol port Policy Table, the configuration field of the static protocol port Policy Table include source IP address, purpose IP address and message Type;
What controller desampler was reported does not match the message of flow table, obtains source IP address, the purpose IP address of the message And type of message, and the source IP address according to the message, purpose IP address and type of message match the static protocol port Policy Table;
If there is matching list item in the static protocol port Policy Table, controller obtains network topology structure, according to institute Source IP address, purpose IP address and the network topology structure for stating message determines forward-path, and forward-path is added to Switch is handed down in flow table, so that switch forwards the message according to the forward-path.
2. the protocol port guard method based on SDN according to claim 1, it is characterised in that the association based on SDN View port protection algorithm configuration task sequence also includes:Based on the protocol port protection algorism function of SDN, for opening or closing Protocol port protection algorism function based on SDN;
In the static protocol port Policy Table, the source IP address specifies the source IP address of stream, the purpose IP address to specify The purpose IP address of stream, the type of message include the message for needing to carry out flow control.
3. the protocol port guard method based on SDN according to claim 1, it is characterised in that the controller is received What switch was reported does not match the message of flow table, including:
After message enters into SDN, access switch obtains source IP address, purpose IP address and the type of message of message, And the source IP address according to the message, purpose IP address and type of message inquiry flow table, if message matching flow table, The message is forwarded according to the forward-path in flow table;If the message does not match flow table, by the message Offer controller.
4. the protocol port guard method based on SDN according to claim 1, it is characterised in that if described described There is matching list item in static protocol port Policy Table, then controller obtains network topology structure, according to the source IP ground of the message Location, purpose IP address and the network topology structure determine forward-path, and forward-path is added in flow table is handed down to friendship Change planes, including:
Controller matches the static protocol port strategy according to the source IP address of the message, purpose IP address and type of message Table;
If there is matching list item in the static protocol port Policy Table, controller finds protocol generation net according to linking layer Network topology, the source IP address, purpose IP address and the network topology structure according to the message determine forward-path, and according to The matching list item of the static protocol port Policy Table issues flow table to all switches on the forward-path;
If there is no matching list item in the static protocol port Policy Table, controller abandons the message.
5. the protocol port guard method based on SDN according to claim 4, it is characterised in that methods described also includes: The flow table that switch in SDN and controller are supported is expanded, the matching field of the flow table after expansion includes source IP address, mesh IP address and type of message;
The flow table is matched according to source IP address, purpose IP address and type of message, if it does, normal forward;If not Match somebody with somebody, be sent to controller and go matched static protocol port Policy Table;
The static protocol port Policy Table is matched according to source IP address, purpose IP address and type of message, if it does, issuing Flow table, then this protocol port number for flowing on forward-path are released;If mismatched, dropping packets.
6. a kind of protocol port protection system based on SDN, it is characterised in that include:
Switch, for the message of flow table is not matched to controller report;
Controller, for pre-setting the protocol port protection algorism configuration task sequence based on SDN, the task sequence includes Static protocol port Policy Table, the configuration field of the static protocol port Policy Table include source IP address, purpose IP address and Type of message;What desampler was reported the do not match message of flow table, obtain the source IP address of the message, purpose IP address and Type of message, and the source IP address according to the message, purpose IP address and type of message match the static protocol port plan Sketch form;If there is matching list item in the static protocol port Policy Table, controller obtains network topology structure, according to institute Source IP address, purpose IP address and the network topology structure for stating message determines forward-path, and forward-path is added to Switch is handed down in flow table;
The switch, is additionally operable to forward the message according to the forward-path.
7. the protocol port protection system based on SDN according to claim 6, it is characterised in that the switch, specifically For:
After message enters into SDN, access switch obtains source IP address, purpose IP address and the type of message of message, And the source IP address according to the message, purpose IP address and type of message inquiry flow table, if message matching flow table, The message is forwarded according to the forward-path in flow table;If the message does not match flow table, by the message Offer controller.
8. the protocol port protection system based on SDN according to claim 7, it is characterised in that the controller, specifically For:
Source IP address, purpose IP address and type of message according to the message matches the static protocol port Policy Table;
If there is matching list item in the static protocol port Policy Table, find that protocol generation network is opened up according to linking layer Flutter, the source IP address, purpose IP address and the network topology structure according to the message determines forward-path, and according to described The matching list item of static protocol port Policy Table issues flow table to all switches on the forward-path;
If there is no matching list item in the static protocol port Policy Table, the message is abandoned.
9. the device that a kind of protocol port of control based on SDN is protected, it is characterised in that include:
First processing module, for pre-setting the protocol port protection algorism configuration task sequence based on SDN, the task sequence Row include static protocol port Policy Table, and the configuration field of the static protocol port Policy Table includes source IP address, purpose IP Address and type of message;
Second processing module, for the message for not matching flow table that desampler is reported, obtain the message source IP address, Purpose IP address and type of message, and the matching of the source IP address according to the message, purpose IP address and type of message is described quiet State protocol port Policy Table;
3rd processing module, if for there is matching list item in the static protocol port Policy Table, obtaining network topology Structure, the source IP address, purpose IP address and the network topology structure according to the message determine forward-path, and will forwarding Switch is handed down in being added to flow table in path, so that switch forwards the message according to the forward-path.
10. the device that protocol port of the control according to claim 9 based on SDN is protected, it is characterised in that the described 3rd Processing module, specifically for:
Source IP address, purpose IP address and type of message according to the message matches the static protocol port Policy Table;
If there is matching list item in the static protocol port Policy Table, find that protocol generation network is opened up according to linking layer Flutter, the source IP address, purpose IP address and the network topology structure according to the message determines forward-path, and according to described The matching list item of static protocol port Policy Table issues flow table to all switches on the forward-path;
If there is no matching list item in the static protocol port Policy Table, the message is abandoned.
CN201610991115.0A 2016-11-10 2016-11-10 It is a kind of based on the protocol port guard method of SDN, device and system Pending CN106559342A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610991115.0A CN106559342A (en) 2016-11-10 2016-11-10 It is a kind of based on the protocol port guard method of SDN, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610991115.0A CN106559342A (en) 2016-11-10 2016-11-10 It is a kind of based on the protocol port guard method of SDN, device and system

Publications (1)

Publication Number Publication Date
CN106559342A true CN106559342A (en) 2017-04-05

Family

ID=58443910

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610991115.0A Pending CN106559342A (en) 2016-11-10 2016-11-10 It is a kind of based on the protocol port guard method of SDN, device and system

Country Status (1)

Country Link
CN (1) CN106559342A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108391269A (en) * 2018-02-28 2018-08-10 南京铁道职业技术学院 A kind of method that attack AP equipment is prevented in WLAN
CN108881014A (en) * 2017-05-12 2018-11-23 北京猎户星空科技有限公司 A kind of data Transmission system and method
CN110224942A (en) * 2018-03-01 2019-09-10 中兴通讯股份有限公司 A kind of message processing method, device and storage medium
CN110768930A (en) * 2018-07-25 2020-02-07 成都鼎桥通信技术有限公司 Data forwarding method and device for server
CN110971540A (en) * 2018-09-28 2020-04-07 中国移动通信有限公司研究院 Data information transmission method and device, switch and controller
CN112929417A (en) * 2021-01-22 2021-06-08 新华三信息安全技术有限公司 Message processing method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104994065A (en) * 2015-05-20 2015-10-21 上海斐讯数据通信技术有限公司 Access control list operation system and method based on software-defined network
US20160036730A1 (en) * 2013-04-12 2016-02-04 Nec Europe Ltd. Method and system for providing an information centric network
CN105429876A (en) * 2015-11-04 2016-03-23 上海斐讯数据通信技术有限公司 SDN-based data forwarding method
CN105933225A (en) * 2016-04-20 2016-09-07 上海斐讯数据通信技术有限公司 Strategy routing method and system based on SDN
CN105959222A (en) * 2016-04-25 2016-09-21 上海斐讯数据通信技术有限公司 Message forwarding method, route nodes, and software defined network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160036730A1 (en) * 2013-04-12 2016-02-04 Nec Europe Ltd. Method and system for providing an information centric network
CN104994065A (en) * 2015-05-20 2015-10-21 上海斐讯数据通信技术有限公司 Access control list operation system and method based on software-defined network
CN105429876A (en) * 2015-11-04 2016-03-23 上海斐讯数据通信技术有限公司 SDN-based data forwarding method
CN105933225A (en) * 2016-04-20 2016-09-07 上海斐讯数据通信技术有限公司 Strategy routing method and system based on SDN
CN105959222A (en) * 2016-04-25 2016-09-21 上海斐讯数据通信技术有限公司 Message forwarding method, route nodes, and software defined network

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881014A (en) * 2017-05-12 2018-11-23 北京猎户星空科技有限公司 A kind of data Transmission system and method
CN108881014B (en) * 2017-05-12 2021-10-01 北京猎户星空科技有限公司 Data sending system and method
CN108391269A (en) * 2018-02-28 2018-08-10 南京铁道职业技术学院 A kind of method that attack AP equipment is prevented in WLAN
CN108391269B (en) * 2018-02-28 2020-12-01 南京铁道职业技术学院 Method for preventing AP equipment attack in wireless local area network
CN110224942A (en) * 2018-03-01 2019-09-10 中兴通讯股份有限公司 A kind of message processing method, device and storage medium
CN110224942B (en) * 2018-03-01 2023-08-04 中兴通讯股份有限公司 Message processing method, device and storage medium
CN110768930A (en) * 2018-07-25 2020-02-07 成都鼎桥通信技术有限公司 Data forwarding method and device for server
CN110768930B (en) * 2018-07-25 2022-03-29 成都鼎桥通信技术有限公司 Data forwarding method and device for server
CN110971540A (en) * 2018-09-28 2020-04-07 中国移动通信有限公司研究院 Data information transmission method and device, switch and controller
CN110971540B (en) * 2018-09-28 2023-04-07 中国移动通信有限公司研究院 Data information transmission method and device, switch and controller
CN112929417A (en) * 2021-01-22 2021-06-08 新华三信息安全技术有限公司 Message processing method and device
CN112929417B (en) * 2021-01-22 2022-05-27 新华三信息安全技术有限公司 Message processing method and device

Similar Documents

Publication Publication Date Title
CN106559342A (en) It is a kind of based on the protocol port guard method of SDN, device and system
CN106789640A (en) A kind of priority classification methods, devices and systems based on SDN
EP3488567B1 (en) Detecting and preventing network loops
CN103491095B (en) Flow cleaning framework, device and flow lead, flow re-injection method
CN104270298B (en) Message forwarding method and device in a kind of VXLAN networks
CN101436995B (en) Method for rapidly plugging IP address based on BGP virtual next-hop
CN104243270A (en) Tunnel setup method and tunnel setup device
Jin et al. Telekinesis: Controlling legacy switch routing with openflow in hybrid networks
US10805390B2 (en) Automated mirroring and remote switch port analyzer (RSPAN) functions using fabric attach (FA) signaling
CN106487558B (en) A kind of method and apparatus for realizing the scalable appearance of access device
KR20150051107A (en) Method for fast flow path setup and failure recovery
CN108243123B (en) Broadcast message processing method and device, controller and switch
CN107181691B (en) Method, equipment and system for realizing message routing in network
WO2015106729A1 (en) A load balancing method, device, system and computer storage medium
CN105847185B (en) Message processing method, device and the distributed apparatus of distributed apparatus
CN103763310A (en) Firewall service system and method based on virtual network
CN106713026A (en) Service chain topological structure, service chain setting method and controller
CN106385365B (en) The method and apparatus for realizing cloud platform safety based on open flows Openflow table
CN106656905A (en) Firewall cluster realization method and apparatus
CN104811393A (en) Multicasting message duplicating handling method and device and open flow controller (OFC)
CN106533940B (en) A kind of equivalent route Hash route selecting method based on SDN, device and system
CN105515991A (en) Method for extending the routing table capacity of three-layer forwarding equipment, and forwarding equipment
CN104283790A (en) Topology discovery method and equipment of resilient packet ring (RPR) in SDN
CN105681102A (en) Behavioral strategy method and system based on SDN
CN104980302A (en) STP-based method for removing redundancy link under SDN framework

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170405

RJ01 Rejection of invention patent application after publication