CN106559342A - It is a kind of based on the protocol port guard method of SDN, device and system - Google Patents
It is a kind of based on the protocol port guard method of SDN, device and system Download PDFInfo
- Publication number
- CN106559342A CN106559342A CN201610991115.0A CN201610991115A CN106559342A CN 106559342 A CN106559342 A CN 106559342A CN 201610991115 A CN201610991115 A CN 201610991115A CN 106559342 A CN106559342 A CN 106559342A
- Authority
- CN
- China
- Prior art keywords
- message
- address
- protocol port
- source
- sdn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/20—Traffic policing
Abstract
The present invention provides a kind of based on the protocol port guard method of SDN, device and system, and wherein method includes:Controller pre-sets the protocol port protection algorism configuration task sequence based on SDN, and the task sequence includes static protocol port Policy Table;What desampler was reported does not match the message of flow table, obtains source IP address, purpose IP address and the type of message of message, matched static protocol port Policy Table;If there is matching list item, network topology structure is obtained then, forward-path is determined according to source IP address, purpose IP address and network topology structure, and forward-path is added in flow table is handed down to switch, so that switch forwards the message according to the forward-path.The present invention is based on SDN, and all of configuration all concentrates on controller, and configuration is conveniently simple.
Description
Technical field
Embodiment of the present invention is related to data communication technology field, more particularly to a kind of based on SDN (Software
Defined Network, software defined network) webpage level load equalization methods, device and system.
Background technology
Attack of traditional protocol port protection algorism for protection equipment not by other users on network to port,
Under default conditions, each protocol status on each access interface of equipment are to close, the related protocol report that miscellaneous equipment is sended over
Text will not be processed by system, will not thus be attacked.Only after the related protocol on the port is enabled, the port of the agreement
Number just it is released, system just can normal process.
Traditional protocol port protection algorism whole process is as shown in Figure 1.Client and server is communicated by switch,
Such as switch S1 and switch S2.During client's point sends message to server, switch S1 and switch S2 point
Protocol port protection is not carried out.
In implementing the present invention, it may, inventor has found prior art, and at least there are the following problems:
Traditional protocol port protection algorism is that, based on a certain forwarding unit, Control granularity is based only on port, causes
Control granularity is excessive, and entirely configuration is distributed, and configuration is complicated and easily malfunctions.
It should be noted that above the introduction of technical background is intended merely to it is convenient technical scheme is carried out it is clear,
Complete explanation, and facilitate the understanding of those skilled in the art and illustrate.Can not be merely because these schemes be the present invention's
Background section is set forth and thinks that above-mentioned technical proposal is known to those skilled in the art.
The content of the invention
For the problems referred to above, the purpose of embodiment of the present invention is to provide a kind of protocol port protection side based on SDN
Method, device and system, the protocol port protection based on SDN is end-to-end, is uniformly controlled by controller, and all of configuration all collects
In in controller, configuration is convenient and simple.
For achieving the above object, embodiment of the present invention provides a kind of protocol port guard method based on SDN, including:
Controller pre-sets the protocol port protection algorism configuration task sequence based on SDN, and the task sequence includes static agreement
Port policy table, the configuration field of the static protocol port Policy Table include source IP address, purpose IP address and type of message;
What controller desampler was reported does not match the message of flow table, obtains source IP address, purpose IP address and the report of the message
Literary type, and the source IP address according to the message, purpose IP address and type of message match the static protocol port strategy
Table;If there is matching list item in the static protocol port Policy Table, controller obtains network topology structure, according to described
The source IP address of message, purpose IP address and the network topology structure determine forward-path, and forward-path is added to stream
Switch is handed down in table, so that switch forwards the message according to the forward-path.
Further, the protocol port protection algorism configuration task sequence based on SDN also includes:Association based on SDN
View port protection algorithm function, for opening or closing the protocol port protection algorism function based on SDN;The static agreement end
In mouth Policy Table, the source IP address specifies the source IP address of stream, and the purpose IP address specify the purpose IP address of stream, described
Type of message includes the message for needing to carry out flow control.
Further, the message for not matching flow table that the controller desampler is reported, including:When message is entered into
After SDN, access switch obtains source IP address, purpose IP address and the type of message of message, and according to the message
Source IP address, purpose IP address and type of message inquiry flow table, if message matching flow table, by the message according to stream
Forward-path in table is forwarded;If the message does not match flow table, the message is reported into controller.
Further, if described have matching list item in the static protocol port Policy Table, controller obtains net
Network topological structure, the source IP address, purpose IP address and the network topology structure according to the message determine forward-path, and
Forward-path is added in flow table and is handed down to switch, including:Source IP address, purpose IP ground of the controller according to the message
Location and type of message match the static protocol port Policy Table;If there is matching list in the static protocol port Policy Table
, then controller finds protocol generation network topology according to linking layer, source IP address, purpose IP address according to the message and
The network topology structure determines forward-path, and according to the matching list item of the static protocol port Policy Table to the forwarding
On path, all switches issue flow table;If there is no matching list item, controller in the static protocol port Policy Table
Abandon the message.
Further, methods described also includes:The flow table that switch in SDN and controller are supported is expanded, is expanded
The matching field of flow table afterwards includes source IP address, purpose IP address and type of message;According to source IP address, purpose IP address and
Type of message matches the flow table, if it does, normal forward;If mismatched, it is sent to controller and goes to matched static agreement end
Mouth Policy Table;The static protocol port Policy Table is matched according to source IP address, purpose IP address and type of message, if
Match somebody with somebody, issue flow table, then the protocol port number of this stream on forward-path is released;If mismatched, dropping packets.
For achieving the above object, embodiment of the present invention also provides a kind of protocol port protection system based on SDN, bag
Include:Switch, for the message of flow table is not matched to controller report;Controller, for pre-setting the agreement end based on SDN
Mouth protection algorism configuration task sequence, the task sequence include static protocol port Policy Table, the static protocol port plan
The configuration field of sketch form includes source IP address, purpose IP address and type of message;What desampler was reported does not match flow table
Message, obtains source IP address, purpose IP address and the type of message of the message, and the source IP address according to the message, mesh
IP address and type of message match the static protocol port Policy Table;If existed in the static protocol port Policy Table
List item is matched, then controller obtains network topology structure, the source IP address, purpose IP address and the network according to the message
Topological structure determines forward-path, and forward-path is added in flow table is handed down to switch;The switch, is additionally operable to root
The message is forwarded according to the forward-path.
For achieving the above object, embodiment of the present invention also provides a kind of control dress that the protocol port based on SDN is protected
Put, including:First processing module, for pre-setting the protocol port protection algorism configuration task sequence based on SDN, described
Business sequence includes static protocol port Policy Table, and the configuration field of the static protocol port Policy Table includes source IP address, mesh
IP address and type of message;Second processing module, for the message for not matching flow table that desampler is reported, obtains described
The source IP address of message, purpose IP address and type of message, and the source IP address according to the message, purpose IP address and message
Static protocol port Policy Table described in type matching;3rd processing module, if in the static protocol port Policy Table
There is matching list item, then obtain network topology structure, the source IP address, purpose IP address and the network according to the message is opened up
Structure determination forward-path is flutterred, and forward-path is added in flow table is handed down to switch, so that switch is according to described turn
Send out path and forward the message.
Therefore, the present invention provide based on the protocol port guard method of SDN, device and system, by controller
It is pre-configured with the protocol port protection algorism function based on SDN and the list item of static protocol port Policy Table is set, according to report
The source IP address of text, purpose IP address and type of message match the flow table, if it does, normal forward;If mismatched, send
Matched static protocol port Policy Table is gone toward controller;Matched according to source IP address, purpose IP address and type of message described quiet
State protocol port Policy Table, if it does, issuing flow table, then the protocol port number of this stream on forward-path is released;If
Mismatch, dropping packets.So as to realize being uniformly controlled by controller, all of configuration all concentrates on controller, configuration it is convenient and
Simply.
Description of the drawings
In order to be illustrated more clearly that embodiment of the present invention or technical scheme of the prior art, below will be to embodiment
Or accompanying drawing to be used simply is introduced one by one needed for description of the prior art, it should be apparent that, drawings in the following description are
Some embodiments of the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, also
Other accompanying drawings can be obtained according to these accompanying drawings.
Fig. 1 is traditional protocol port protection schematic diagram;
The configuration diagram of the protocol port protection system based on SDN that Fig. 2 is provided for embodiment of the present invention;
The schematic flow sheet of the protocol port guard method based on SDN that Fig. 3 is provided for embodiment of the present invention;
Fig. 4 is the application example schematic diagram based on method shown in Fig. 3;
The structural representation of the device that protocol port of the control that Fig. 5 is provided for embodiment of the present invention based on SDN is protected.
Specific embodiment
To make purpose, technical scheme and the advantage of embodiment of the present invention clearer, below in conjunction with present invention enforcement
Accompanying drawing in mode, is clearly and completely described to the technical scheme in embodiment of the present invention, it is clear that described reality
The mode of applying is a part of embodiment of the invention, rather than the embodiment of whole.Based on the embodiment in the present invention, ability
The every other embodiment obtained under the premise of creative work is not made by domain those of ordinary skill, belongs to the present invention
The scope of protection.
SDN is a kind of new network architecture, and which can pass through OpenFlow (open flows) technologies by the control of the network equipment
Face processed is separated with data surface, so as to realize the flexible control to network traffics.In SDN, comprising realizing chain of command function
Controller and some switches for realizing data surface function.
Embodiment of the present invention provides a kind of protocol port protection system based on SDN, as shown in Fig. 2 wrapping in SDN
Controller and switch are included, wherein the switch in SDN is by the controller management concentrated.Additionally, client and server
Connect with switch respectively, communicated by SDN.
Embodiment of the present invention provides a kind of protocol port guard method based on SDN.Fig. 3 is referred to, methods described should
For the controller in SDN, comprise the following steps:
Step S31:Controller pre-sets the protocol port protection algorism configuration task sequence based on SDN.
In the present embodiment, controller pre-sets the protocol port protection algorism configuration task sequence based on SDN, should
The configuration item of task sequence includes the protocol port protection algorism function based on SDN and static protocol port Policy Table, wherein institute
It is to open or close the protocol port protection algorism function based on SDN to state based on the protocol port protection algorism function of SDN, described
Static protocol port Policy Table is that user concentrates the static protocol port Policy Table of configuration on the controller, shown in table specific as follows 1.
Table 1
Further, privately owned static protocol port Policy Table can be by user's static configuration, shown in table specific as follows 2.
Table 2
Step S32:The list item of static protocol port Policy Table is configured on the controller.
In the present embodiment, privately owned static protocol port Policy Table can be by user's static configuration, according to pre-setting
Static protocol port Policy Table, table of the user according to configuration field static configuration static state protocol port Policy Table on the controller
.
Step S33:What controller desampler was reported does not match the message of flow table, obtains the source IP ground of the message
Location, purpose IP address and type of message.
In the present embodiment, after message enters into SDN, access switch obtains the source IP address of message, mesh
IP address and type of message, and the source IP address according to the message, purpose IP address and type of message inquiry flow table, if
The message matches flow table, then the message is forwarded according to the forward-path in flow table;If the message is not matched
Flow table, then report controller by the message.
When desampler report do not match flow table message when, from the message obtain message source IP address,
Purpose IP address and type of message.
Step S34:Controller matches the static state according to the source IP address of the message, purpose IP address and type of message
Protocol port Policy Table, if matching list item, carries out step S35;If not matching list item, step S36 is carried out.
Step S35:Controller obtains network topology structure, the source IP address, purpose IP address and institute according to the message
State network topology structure and determine forward-path, and forward-path is added in flow table is handed down to switch, so that switch root
The message is forwarded according to the forward-path.
In the present embodiment, if there is matching list item in the static protocol port Policy Table, controller according to
LLDP (Link Layer Discovery Protocol, linking layer have found agreement) generates network topology.
And, controller determines according to the source IP address of the message, purpose IP address and the network topology structure and turns
Path is sent out, stream is issued to all switches on the forward-path according to the matching list item of the static protocol port Policy Table
Table, so that the switch for receiving the flow table forwards the message according to the forward-path.
Step S36:Abandon the message.
In the present embodiment, if not matching list item in the static protocol port Policy Table, can be by institute
State message directly to abandon.
Additionally, with unlike prior art, the flow table that in the present embodiment switch in SDN and controller are supported
Expanded, the concrete content for expanding is as shown in table 3.
Table 3
Fig. 4 is application example schematic diagram.Client and server is communicated by SDN.
Controller arranges protocol port protection algorism configuration task sequence based on SDN, wherein the task sequence based on
To open, the list item of static protocol port Policy Table is configured to source IP 10.1.1.1 to the protocol port protection algorism function of SDN,
Purpose IP 100.1.1.1, protocol number are TFTP.
After message enters SDN, source IP address, purpose IP address and the type of message of message, the source IP of flow one are obtained
10.1.1.1, purpose IP 100.1.1.1, type of message are FTP, then the list item of flow one and static protocol port Policy Table is not
Matching, is prohibited;The source IP 10.1.1.1 of flow two, purpose IP 100.1.1.1, type of message are TFTP, then two He of flow
The list item matching of static protocol port Policy Table, can pass through.
Please continue to refer to Fig. 2.Embodiment of the present invention provides a kind of protocol port protection system based on SDN, including:
Switch, for the message of flow table is not matched to controller report;
Controller, for pre-setting the protocol port protection algorism configuration task sequence based on SDN, the task sequence
Including static protocol port Policy Table, the configuration field of the static protocol port Policy Table includes source IP address, purpose IP ground
Location and type of message;What desampler was reported does not match the message of flow table, obtains source IP address, the purpose IP ground of the message
Location and type of message, and the source IP address according to the message, purpose IP address and type of message match the static agreement end
Mouth Policy Table;If there is matching list item in the static protocol port Policy Table, controller obtains network topology structure, root
Forward-path is determined according to the source IP address of the message, purpose IP address and the network topology structure, and forward-path is added
Switch is handed down in being added to flow table;
The switch, is additionally operable to forward the message according to the forward-path..
Wherein,
The switch, specifically for:After message enters into SDN, access switch obtains the source IP ground of message
Location, purpose IP address and type of message, and the source IP address according to the message, purpose IP address and type of message inquiry stream
Table, if message matching flow table, the message is forwarded according to the forward-path in flow table;If the message
Flow table is not matched, then the message is reported into controller.
The controller, specifically for:Source IP address, purpose IP address and type of message matching institute according to the message
State static protocol port Policy Table;If there is matching list item in the static protocol port Policy Table, sent out according to linking layer
Existing protocol generation network topology, source IP address, purpose IP address and the network topology structure determination according to the message turn
Path is sent out, and stream is issued to all switches on the forward-path according to the matching list item of the static protocol port Policy Table
Table;If there is no matching list item in the static protocol port Policy Table, the message is abandoned.
Refer to Fig. 5.Embodiment of the present invention provides a kind of control device that the protocol port based on SDN is protected, including:
First processing module, for pre-setting the protocol port protection algorism configuration task sequence based on SDN, described
Business sequence includes static protocol port Policy Table, and the configuration field of the static protocol port Policy Table includes source IP address, mesh
IP address and type of message;
Second processing module, for the message for not matching flow table that desampler is reported, obtains the source IP of the message
Address, purpose IP address and type of message, and the source IP address according to the message, purpose IP address and type of message matching institute
State static protocol port Policy Table;
3rd processing module, if for there is matching list item in the static protocol port Policy Table, obtaining network
Topological structure, the source IP address, purpose IP address and the network topology structure according to the message determine forward-path, and will
Forward-path is handed down to switch in being added to flow table, so that switch forwards the message according to the forward-path.
Wherein,
3rd processing module, specifically for:Source IP address, purpose IP address and type of message according to the message
Match the static protocol port Policy Table;If there is matching list item in the static protocol port Policy Table, according to chain
Connect layer and find protocol generation network topology, the source IP address, purpose IP address and the network topology structure according to the message
Determine forward-path, and according to the matching list item of the static protocol port Policy Table to all switches on the forward-path
Issue flow table;If there is no matching list item in the static protocol port Policy Table, the message is abandoned.
The particular technique details of the above-mentioned protocol port protection device based on SDN being related to and system and it is based on SDN
Protocol port guard method in it is similar, therefore here is no longer specifically repeated.
Therefore, the present invention provide based on the protocol port guard method of SDN, device and system, by controller
It is pre-configured with the protocol port protection algorism function based on SDN and the list item of static protocol port Policy Table is set, according to report
The source IP address of text, purpose IP address and type of message match the flow table, if it does, normal forward;If mismatched, send
Matched static protocol port Policy Table is gone toward controller;Matched according to source IP address, purpose IP address and type of message described quiet
State protocol port Policy Table, if it does, issuing flow table, then the protocol port number of this stream on forward-path is released;If
Mismatch, dropping packets.So as to realize being uniformly controlled by controller, all of configuration all concentrates on controller, configuration it is convenient and
Simply.
Each embodiment in this specification is described by the way of progressive, identical similar between each embodiment
Part mutually referring to what each embodiment was stressed is the difference with other embodiment.
Finally it should be noted that:Description to the various embodiments of the present invention above is supplied to ability with the purpose for describing
Field technique personnel.It is not intended to exhaustion or be not intended to limit the invention to single disclosed embodiment.As above institute
State, the various replacements of the present invention and change are will be apparent for above-mentioned technology one of ordinary skill in the art.Therefore,
Although specifically discuss the embodiment of some alternatives, other embodiment will be apparent, or ability
Field technique personnel relatively easily draw.It is contemplated that all replacements of the present invention discussed including here, modification and
Change, and the other embodiment in the spirit and scope of above-mentioned application that falls.
Claims (10)
1. a kind of protocol port guard method based on SDN, it is characterised in that include:
Controller pre-sets the protocol port protection algorism configuration task sequence based on SDN, and the task sequence includes static state
Protocol port Policy Table, the configuration field of the static protocol port Policy Table include source IP address, purpose IP address and message
Type;
What controller desampler was reported does not match the message of flow table, obtains source IP address, the purpose IP address of the message
And type of message, and the source IP address according to the message, purpose IP address and type of message match the static protocol port
Policy Table;
If there is matching list item in the static protocol port Policy Table, controller obtains network topology structure, according to institute
Source IP address, purpose IP address and the network topology structure for stating message determines forward-path, and forward-path is added to
Switch is handed down in flow table, so that switch forwards the message according to the forward-path.
2. the protocol port guard method based on SDN according to claim 1, it is characterised in that the association based on SDN
View port protection algorithm configuration task sequence also includes:Based on the protocol port protection algorism function of SDN, for opening or closing
Protocol port protection algorism function based on SDN;
In the static protocol port Policy Table, the source IP address specifies the source IP address of stream, the purpose IP address to specify
The purpose IP address of stream, the type of message include the message for needing to carry out flow control.
3. the protocol port guard method based on SDN according to claim 1, it is characterised in that the controller is received
What switch was reported does not match the message of flow table, including:
After message enters into SDN, access switch obtains source IP address, purpose IP address and the type of message of message,
And the source IP address according to the message, purpose IP address and type of message inquiry flow table, if message matching flow table,
The message is forwarded according to the forward-path in flow table;If the message does not match flow table, by the message
Offer controller.
4. the protocol port guard method based on SDN according to claim 1, it is characterised in that if described described
There is matching list item in static protocol port Policy Table, then controller obtains network topology structure, according to the source IP ground of the message
Location, purpose IP address and the network topology structure determine forward-path, and forward-path is added in flow table is handed down to friendship
Change planes, including:
Controller matches the static protocol port strategy according to the source IP address of the message, purpose IP address and type of message
Table;
If there is matching list item in the static protocol port Policy Table, controller finds protocol generation net according to linking layer
Network topology, the source IP address, purpose IP address and the network topology structure according to the message determine forward-path, and according to
The matching list item of the static protocol port Policy Table issues flow table to all switches on the forward-path;
If there is no matching list item in the static protocol port Policy Table, controller abandons the message.
5. the protocol port guard method based on SDN according to claim 4, it is characterised in that methods described also includes:
The flow table that switch in SDN and controller are supported is expanded, the matching field of the flow table after expansion includes source IP address, mesh
IP address and type of message;
The flow table is matched according to source IP address, purpose IP address and type of message, if it does, normal forward;If not
Match somebody with somebody, be sent to controller and go matched static protocol port Policy Table;
The static protocol port Policy Table is matched according to source IP address, purpose IP address and type of message, if it does, issuing
Flow table, then this protocol port number for flowing on forward-path are released;If mismatched, dropping packets.
6. a kind of protocol port protection system based on SDN, it is characterised in that include:
Switch, for the message of flow table is not matched to controller report;
Controller, for pre-setting the protocol port protection algorism configuration task sequence based on SDN, the task sequence includes
Static protocol port Policy Table, the configuration field of the static protocol port Policy Table include source IP address, purpose IP address and
Type of message;What desampler was reported the do not match message of flow table, obtain the source IP address of the message, purpose IP address and
Type of message, and the source IP address according to the message, purpose IP address and type of message match the static protocol port plan
Sketch form;If there is matching list item in the static protocol port Policy Table, controller obtains network topology structure, according to institute
Source IP address, purpose IP address and the network topology structure for stating message determines forward-path, and forward-path is added to
Switch is handed down in flow table;
The switch, is additionally operable to forward the message according to the forward-path.
7. the protocol port protection system based on SDN according to claim 6, it is characterised in that the switch, specifically
For:
After message enters into SDN, access switch obtains source IP address, purpose IP address and the type of message of message,
And the source IP address according to the message, purpose IP address and type of message inquiry flow table, if message matching flow table,
The message is forwarded according to the forward-path in flow table;If the message does not match flow table, by the message
Offer controller.
8. the protocol port protection system based on SDN according to claim 7, it is characterised in that the controller, specifically
For:
Source IP address, purpose IP address and type of message according to the message matches the static protocol port Policy Table;
If there is matching list item in the static protocol port Policy Table, find that protocol generation network is opened up according to linking layer
Flutter, the source IP address, purpose IP address and the network topology structure according to the message determines forward-path, and according to described
The matching list item of static protocol port Policy Table issues flow table to all switches on the forward-path;
If there is no matching list item in the static protocol port Policy Table, the message is abandoned.
9. the device that a kind of protocol port of control based on SDN is protected, it is characterised in that include:
First processing module, for pre-setting the protocol port protection algorism configuration task sequence based on SDN, the task sequence
Row include static protocol port Policy Table, and the configuration field of the static protocol port Policy Table includes source IP address, purpose IP
Address and type of message;
Second processing module, for the message for not matching flow table that desampler is reported, obtain the message source IP address,
Purpose IP address and type of message, and the matching of the source IP address according to the message, purpose IP address and type of message is described quiet
State protocol port Policy Table;
3rd processing module, if for there is matching list item in the static protocol port Policy Table, obtaining network topology
Structure, the source IP address, purpose IP address and the network topology structure according to the message determine forward-path, and will forwarding
Switch is handed down in being added to flow table in path, so that switch forwards the message according to the forward-path.
10. the device that protocol port of the control according to claim 9 based on SDN is protected, it is characterised in that the described 3rd
Processing module, specifically for:
Source IP address, purpose IP address and type of message according to the message matches the static protocol port Policy Table;
If there is matching list item in the static protocol port Policy Table, find that protocol generation network is opened up according to linking layer
Flutter, the source IP address, purpose IP address and the network topology structure according to the message determines forward-path, and according to described
The matching list item of static protocol port Policy Table issues flow table to all switches on the forward-path;
If there is no matching list item in the static protocol port Policy Table, the message is abandoned.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610991115.0A CN106559342A (en) | 2016-11-10 | 2016-11-10 | It is a kind of based on the protocol port guard method of SDN, device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610991115.0A CN106559342A (en) | 2016-11-10 | 2016-11-10 | It is a kind of based on the protocol port guard method of SDN, device and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106559342A true CN106559342A (en) | 2017-04-05 |
Family
ID=58443910
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610991115.0A Pending CN106559342A (en) | 2016-11-10 | 2016-11-10 | It is a kind of based on the protocol port guard method of SDN, device and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106559342A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108391269A (en) * | 2018-02-28 | 2018-08-10 | 南京铁道职业技术学院 | A kind of method that attack AP equipment is prevented in WLAN |
CN108881014A (en) * | 2017-05-12 | 2018-11-23 | 北京猎户星空科技有限公司 | A kind of data Transmission system and method |
CN110224942A (en) * | 2018-03-01 | 2019-09-10 | 中兴通讯股份有限公司 | A kind of message processing method, device and storage medium |
CN110768930A (en) * | 2018-07-25 | 2020-02-07 | 成都鼎桥通信技术有限公司 | Data forwarding method and device for server |
CN110971540A (en) * | 2018-09-28 | 2020-04-07 | 中国移动通信有限公司研究院 | Data information transmission method and device, switch and controller |
CN112929417A (en) * | 2021-01-22 | 2021-06-08 | 新华三信息安全技术有限公司 | Message processing method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104994065A (en) * | 2015-05-20 | 2015-10-21 | 上海斐讯数据通信技术有限公司 | Access control list operation system and method based on software-defined network |
US20160036730A1 (en) * | 2013-04-12 | 2016-02-04 | Nec Europe Ltd. | Method and system for providing an information centric network |
CN105429876A (en) * | 2015-11-04 | 2016-03-23 | 上海斐讯数据通信技术有限公司 | SDN-based data forwarding method |
CN105933225A (en) * | 2016-04-20 | 2016-09-07 | 上海斐讯数据通信技术有限公司 | Strategy routing method and system based on SDN |
CN105959222A (en) * | 2016-04-25 | 2016-09-21 | 上海斐讯数据通信技术有限公司 | Message forwarding method, route nodes, and software defined network |
-
2016
- 2016-11-10 CN CN201610991115.0A patent/CN106559342A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160036730A1 (en) * | 2013-04-12 | 2016-02-04 | Nec Europe Ltd. | Method and system for providing an information centric network |
CN104994065A (en) * | 2015-05-20 | 2015-10-21 | 上海斐讯数据通信技术有限公司 | Access control list operation system and method based on software-defined network |
CN105429876A (en) * | 2015-11-04 | 2016-03-23 | 上海斐讯数据通信技术有限公司 | SDN-based data forwarding method |
CN105933225A (en) * | 2016-04-20 | 2016-09-07 | 上海斐讯数据通信技术有限公司 | Strategy routing method and system based on SDN |
CN105959222A (en) * | 2016-04-25 | 2016-09-21 | 上海斐讯数据通信技术有限公司 | Message forwarding method, route nodes, and software defined network |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881014A (en) * | 2017-05-12 | 2018-11-23 | 北京猎户星空科技有限公司 | A kind of data Transmission system and method |
CN108881014B (en) * | 2017-05-12 | 2021-10-01 | 北京猎户星空科技有限公司 | Data sending system and method |
CN108391269A (en) * | 2018-02-28 | 2018-08-10 | 南京铁道职业技术学院 | A kind of method that attack AP equipment is prevented in WLAN |
CN108391269B (en) * | 2018-02-28 | 2020-12-01 | 南京铁道职业技术学院 | Method for preventing AP equipment attack in wireless local area network |
CN110224942A (en) * | 2018-03-01 | 2019-09-10 | 中兴通讯股份有限公司 | A kind of message processing method, device and storage medium |
CN110224942B (en) * | 2018-03-01 | 2023-08-04 | 中兴通讯股份有限公司 | Message processing method, device and storage medium |
CN110768930A (en) * | 2018-07-25 | 2020-02-07 | 成都鼎桥通信技术有限公司 | Data forwarding method and device for server |
CN110768930B (en) * | 2018-07-25 | 2022-03-29 | 成都鼎桥通信技术有限公司 | Data forwarding method and device for server |
CN110971540A (en) * | 2018-09-28 | 2020-04-07 | 中国移动通信有限公司研究院 | Data information transmission method and device, switch and controller |
CN110971540B (en) * | 2018-09-28 | 2023-04-07 | 中国移动通信有限公司研究院 | Data information transmission method and device, switch and controller |
CN112929417A (en) * | 2021-01-22 | 2021-06-08 | 新华三信息安全技术有限公司 | Message processing method and device |
CN112929417B (en) * | 2021-01-22 | 2022-05-27 | 新华三信息安全技术有限公司 | Message processing method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106559342A (en) | It is a kind of based on the protocol port guard method of SDN, device and system | |
CN106789640A (en) | A kind of priority classification methods, devices and systems based on SDN | |
EP3488567B1 (en) | Detecting and preventing network loops | |
CN103491095B (en) | Flow cleaning framework, device and flow lead, flow re-injection method | |
CN104270298B (en) | Message forwarding method and device in a kind of VXLAN networks | |
CN101436995B (en) | Method for rapidly plugging IP address based on BGP virtual next-hop | |
CN104243270A (en) | Tunnel setup method and tunnel setup device | |
Jin et al. | Telekinesis: Controlling legacy switch routing with openflow in hybrid networks | |
US10805390B2 (en) | Automated mirroring and remote switch port analyzer (RSPAN) functions using fabric attach (FA) signaling | |
CN106487558B (en) | A kind of method and apparatus for realizing the scalable appearance of access device | |
KR20150051107A (en) | Method for fast flow path setup and failure recovery | |
CN108243123B (en) | Broadcast message processing method and device, controller and switch | |
CN107181691B (en) | Method, equipment and system for realizing message routing in network | |
WO2015106729A1 (en) | A load balancing method, device, system and computer storage medium | |
CN105847185B (en) | Message processing method, device and the distributed apparatus of distributed apparatus | |
CN103763310A (en) | Firewall service system and method based on virtual network | |
CN106713026A (en) | Service chain topological structure, service chain setting method and controller | |
CN106385365B (en) | The method and apparatus for realizing cloud platform safety based on open flows Openflow table | |
CN106656905A (en) | Firewall cluster realization method and apparatus | |
CN104811393A (en) | Multicasting message duplicating handling method and device and open flow controller (OFC) | |
CN106533940B (en) | A kind of equivalent route Hash route selecting method based on SDN, device and system | |
CN105515991A (en) | Method for extending the routing table capacity of three-layer forwarding equipment, and forwarding equipment | |
CN104283790A (en) | Topology discovery method and equipment of resilient packet ring (RPR) in SDN | |
CN105681102A (en) | Behavioral strategy method and system based on SDN | |
CN104980302A (en) | STP-based method for removing redundancy link under SDN framework |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170405 |
|
RJ01 | Rejection of invention patent application after publication |