CN106961394A - Suppress interchanger to flood the method and apparatus of storm - Google Patents
Suppress interchanger to flood the method and apparatus of storm Download PDFInfo
- Publication number
- CN106961394A CN106961394A CN201710211212.8A CN201710211212A CN106961394A CN 106961394 A CN106961394 A CN 106961394A CN 201710211212 A CN201710211212 A CN 201710211212A CN 106961394 A CN106961394 A CN 106961394A
- Authority
- CN
- China
- Prior art keywords
- attribute information
- network
- cloud management
- management platform
- network attribute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
Abstract
Present disclose provides a kind of operating method of cloud management platform, data interaction can be carried out with network controller, this method includes:The operation of user is monitored, at least one network attribute information is recorded;Network attribute information is sent to network controller by the request in response to network controller, the network attribute information in network controller is consistent with the network attribute information in cloud management platform in preset time range.The disclosure additionally provides the flood method of storm, a kind of cloud management platform, a kind of network controller and a kind of interchanger that suppresses of a kind of operating method of network controller, a kind of suppression interchanger and flooded the device of storm.
Description
Technical field
This disclosure relates to which a kind of flood a kind of method and suppression interchanger of storm of interchanger that suppress floods the device of storm.
Background technology
Interchanger can be divided into wide-area network switch and LAN switch, the friendship of wide area according to the difference of operating position
It is exactly a kind of equipment for completing information exchange functions in a communications system to change planes, and interchanger works in the second of OSI Reference Model
Layer, i.e. data link layer.When CPU inside interchanger can be successfully connected in each port, by by MAC Address and port pair
Should, form a MAC table.
Interchanger possesses the back bus and internal switch fabric of a very high bandwidth.All ports of interchanger are all hung
Be connected in this back bus, after control circuit receives packet, processing port can search the address translation table in internal memory with
Determine which port purpose MAC (hardware address of network interface card) NIC (network interface card) is articulated on, rapidly will by internal switch fabric
Packet is sent to destination interface, if purpose MAC is not present, and flood forwarding to all ports, after receiving port is responded, and exchanges
The new MAC Address of chance " study ", and it is added into internal mac address table.In addition, interchanger often uses trunk mouthfuls
Set associative, the storm that so floods is easy to that the whole network can be expanded to.Principle is forwarded according to this, naturally occurring one for switch device
Plant " design defect that can not evade ", i.e., there is no the directional attack of target MAC (Media Access Control) address to a broadcast domain, will trigger
The serious storm that floods, cause regular traffic message can not proper communication, bandwidth resources utilization rate is low, internet security reduction.
The content of the invention
An aspect of this disclosure provides a kind of operating method of cloud management platform, and the cloud management platform can be with network
Controller carries out data interaction, and this method includes:
By monitoring the operation of user, at least one network attribute information is recorded;
Network attribute information is sent to network controller by the request in response to network controller, is made in network controller
Network attribute information is consistent with the network attribute information in cloud management platform in preset time range.
Alternatively, reaching the standard grade and/or offline operation for physical server is carried out, and/or carries out the establishment and/or deletion of empty machine
During operation, above-mentioned cloud management platform need to update the network attribute information of its record.
Alternatively, above-mentioned cloud management platform completes the renewal of network attribute information by redis management services.
Alternatively, above-mentioned network attribute information includes the network attribute information of empty machine and/or physical server.
Alternatively, above-mentioned network attribute information includes legal and real mac address information.
Alternatively, above-mentioned cloud management platform response, will in the regular request, requirement request or change request of network controller
Network attribute information is sent to network controller, makes the network attribute information in network controller and the network in cloud management platform
Attribute information is consistent in preset time range.
Alternatively, above-mentioned cloud management platform response once pulls request in network controller, and network attribute information is sent out
Give network controller.
Another aspect of the disclosure provides a kind of operating method of network controller, wherein, network controller can
Enter row data communication with cloud management platform and interchanger respectively, cloud management platform complete documentation has network attribute information, this method
Including:
Network attribute information is obtained from cloud management platform, makes the network attribute information and cloud management platform in network controller
In network attribute information be consistent in preset time range;
Acquired network attribute information is issued to interchanger.
Alternatively, the network attribute information of acquisition is issued to interchanger, is by being believed according to interchanger and network attribute
The correlation of breath, is divided into some subsets, and the network attribute information of some subsets is issued into phase by network attribute information
The interchanger matched somebody with somebody.
Alternatively, above-mentioned network attribute information includes the network attribute information of empty machine and/or physical server.
Alternatively, above-mentioned interchanger includes physical switches and/or virtual switch.
Alternatively, it is that the south orientation provided by interchanger connects the network attribute information of acquisition to be issued into interchanger
Mouthful.
Alternatively, make the network attribute information in network controller with the network attribute information in cloud management platform default
The step of being consistent in time range includes:In network controller initial start-up, cloud is disposably obtained from cloud management platform
The network attribute information of management platform record.
Alternatively, make the network attribute information in network controller with the network attribute information in cloud management platform default
The step of being consistent in time range includes:With regular request mode, requirement request mode or change request mode to cloud pipe
Platform sends request, obtains the network attribute information of cloud management platform record.
Another aspect of the disclosure provides a kind of interchanger that suppresses and flooded the method for storm, the interchanger and network control
Device processed carries out data interaction, and network controller can enter row data communication with cloud management platform, and this method includes:
Cloud management platform monitors the operation of user, records at least one network attribute information;
Network controller obtains network attribute information from cloud management platform, make network attribute information in network controller with
Network attribute information in cloud management platform is consistent in preset time range;
The network attribute information of acquisition is issued to interchanger by network controller;
Interchanger is according to the network attribute information of reception, the data message progress validity checking to that need to forward, and according to
Inspection result is forwarded to the data message that need to be forwarded or directly abandoned.
Another aspect of the disclosure provides a kind of cloud management platform, and the cloud management platform can enter with network controller
Row data interaction, including:
First memory, the network attribute information of at least one empty machine of complete documentation;
Transceiver, is communicated with network controller;
Processor;And
Second memory, be stored with machine-executable instruction, and the instruction is when being executed by processor so that computing device
Operation, including:
In response to the request of network controller, network attribute information is sent to network controller, made in network controller
Network attribute information be consistent with the network attribute information in cloud management platform in preset time range.
Another aspect of the disclosure provides a kind of network controller, and the network controller can be flat with cloud management respectively
Platform and interchanger enter row data communication, and wherein cloud management platform complete documentation has network attribute information, and the network controller includes:
First transceiver, is communicated with cloud management platform;
Second transceiver, is communicated with interchanger;
Processor;And
Memory, be stored with machine-executable instruction, and the instruction is when being executed by processor so that computing device is grasped
Make, including:
Using first transceiver network attribute information is obtained from cloud management platform;And
The network attribute information of acquisition is issued to interchanger using second transceiver.
Another aspect of the disclosure provides a kind of cloud management platform, and the cloud management platform can enter with network controller
Row data interaction, including:
Logging modle, the network attribute information of at least one empty machine for complete documentation;
Communication module, for network attribute information to be sent into network controller according to the request of network controller, the net
Network attribute information is used to be issued to interchanger.
Another aspect of the disclosure provides a kind of network controller, and the network controller can be flat with cloud management respectively
Platform and interchanger enter row data communication, and cloud management platform complete documentation has network attribute information, and the network controller includes:
Transceiver module, for obtaining network attribute information from cloud management platform;
Module is issued, for the network attribute information of acquisition to be issued into interchanger.
Another aspect of the disclosure provides a kind of interchanger that suppresses and flooded the device of storm, including:
Cloud management platform, the operation for monitoring user, records at least one network attribute information;
Network controller, for obtaining network attribute information from cloud management platform, makes the network attribute in network controller
Information is consistent with the network attribute information in cloud management platform in preset time range, and by the network attribute of acquisition
Information is issued to interchanger, so that interchanger carries out validity checking to the data message that need to be forwarded, and according to inspection result pair
The data message that need to be forwarded is forwarded or directly abandoned.
Brief description of the drawings
For a more complete understanding of the present invention and its advantage, referring now to the following description with reference to accompanying drawing, wherein:
Fig. 1 diagrammatically illustrates the operational flowchart of cloud management platform according to an embodiment of the invention;
Fig. 2 diagrammatically illustrates the operational flowchart of network controller according to an embodiment of the invention;
Fig. 3, which to be diagrammatically illustrated, suppress according to an embodiment of the invention interchanger and flood the method flow diagram of storm;
Fig. 4, which to be diagrammatically illustrated, suppress according to an embodiment of the invention interchanger and flood the device block diagram of storm;
Fig. 5 diagrammatically illustrates the block diagram of cloud management platform according to an embodiment of the invention;
Fig. 6 diagrammatically illustrates the block diagram of network controller according to an embodiment of the invention;
Fig. 7, which to be diagrammatically illustrated, suppress according to an embodiment of the invention interchanger and flood the application scenarios of storm device.
Embodiment
According to reference to accompanying drawing to the described in detail below of exemplary embodiment of the present, other side of the invention, advantage
It is will become obvious with prominent features for those skilled in the art.
In the present invention, term " comprising " and " containing " and its derivative mean including and it is unrestricted;Term "or" is bag
Containing property, mean and/or.
In this manual, following various embodiments for being used to describe the principle of the invention are explanation, should not be with any
Mode is construed to the scope of limitation invention.Referring to the drawings described below is used to help comprehensive understanding by claim and its equivalent
The exemplary embodiment of the invention that thing is limited.It is described below to help to understand including a variety of details, but these details should
Think what is be merely exemplary.Therefore, it will be appreciated by those of ordinary skill in the art that without departing substantially from scope and spirit of the present invention
In the case of, embodiment described herein can be made various changes and modifications.In addition, for clarity and brevity,
Eliminate the description of known function and structure.In addition, through accompanying drawing, same reference numbers are used for identity function and operation.
A kind of method of storm that flooded The embodiment provides suppression interchanger and the device of implementation this method.
This method includes the operation that cloud management platform monitors user, records at least one network attribute information.In cloud management platform record
After network attribute information, network controller obtains network attribute information from cloud management platform, makes the network in network controller
Attribute information is consistent with the network attribute information in cloud management platform in preset time range.Obtained in network controller
To after network attribute information, the network attribute information of acquisition is issued to interchanger.Interchanger is believed according to the network attribute of reception
Breath, carries out validity checking, and the data message that need to be forwarded is forwarded according to inspection result to the data message that need to be forwarded
Or directly abandon.
Fig. 1 diagrammatically illustrates the flow chart of the operating method of cloud management platform.
As shown in figure 1, in step S101, the operation of cloud management platform monitoring user records at least one network attribute letter
Breath.The network attribute information is the network attribute information of physical server and/or virtual machine, for example, can be composition physical server
All network interface cards legal and real mac address information, can also for composition virtual machine all Microsoft Loopback Adapters legal and
Real mac address information.
Embodiments in accordance with the present invention, the mac address information of cloud management platform record, according to the operation of user, should be carried out
Real-time update, its renewal is completed by redis management services.Specifically, when user carries out empty machine on a physical server
Establishment operation when, can give empty owner dynamic distribution MAC Address, cloud management platform can directly obtain legal and true by management interface
Real storage empty machine mac address information.When user carries out the deletion action of empty machine on a physical server, this is assigned to
The MAC Address of empty machine is eliminated automatically, so that according to management interface feedack by the empty machine of storage on cloud management platform
MAC Address is deleted.When there is physical server to reach the standard grade, user reads the mac address information of the physical server reached the standard grade, and leads to
Communication interface is crossed to fill in the mac address information to cloud management platform.When there is physical server offline, it is offline that user reads this
Physical server mac address information, and by communication interface by the mac address information from cloud management platform delete.Pass through
The above method, it is ensured that the network attribute information of cloud management platform record obtains real-time update.Therefore, the present invention is ingenious make use of
The empty machine of cloud environment management platform and the network attribute of physical server are all known, obtain legal so as to effectively
And authentic and valid empty machine and/or the mac address information of physical server.
In step S102, cloud management platform response belongs to the network of record in the request of connected network controller
Property information be sent to network controller, network attribute information in network controller is believed with the network attribute in cloud management platform
Breath is consistent in preset time range.It thereby may be ensured that in preset time range, the network category in network controller
Property information be existing empty machine and/or physical server in all network interface cards network attribute information, to ensure valid data message
Normal forwarding.
Embodiments in accordance with the present invention, by the mode of " once pulling, repeatedly push ", make the network in network controller
Attribute information is consistent with the network attribute information in cloud management platform in preset time range.Wherein, once pull
Specific method is, in network controller initial start-up, is sent to cloud management platform and once pulls request, in response to the request,
The network attribute information of record is disposably sent to network controller by cloud management platform.Repeatedly pushing to be:Yun Guan
The network attribute information of renewal is pushed to network controller by platform in response to the regular request of network controller.Specifically,
Network controller can periodically be sent and ask, occur to obtain in the cycle according to a setting cycle to cloud management platform
The all-network attribute information that cloud management platform is recorded in the network attribute information of change, or the cycle.So that network control
Network attribute information in device processed is the network attribute information of all network interface cards in existing empty machine and/or physical server.
Embodiments in accordance with the present invention, repeatedly pushing to be:Cloud management platform response is in the demand of network controller
Request, network controller is pushed to by the network attribute information of renewal.Specifically, when the interchanger being connected with network controller
In, during the data message increase New raxa that need to be forwarded, the network attribute information of cloud management platform record may change, then net
Network controller sends requirement request to cloud management platform, to obtain under present case, the all-network of cloud management platform record
Attribute information.So that the network attribute information in network controller is all nets in existing empty machine and/or physical server
The network attribute information of card.
Embodiments in accordance with the present invention, repeatedly pushing to be:Cloud management platform response is in the change of network controller
Request, network controller is pushed to by the network attribute information of renewal.Wherein, specifically, when have physical server reach the standard grade or under
Line is operated, or when the new empty machine of user's foundation or the existing empty machine of deletion, network controller sends change request to cloud management platform,
To obtain under present case, the all-network attribute information of cloud management platform record.So that the net in network controller
Network attribute information is the network attribute information of all network interface cards in existing empty machine and/or physical server.
Fig. 2 diagrammatically illustrates the flow chart of the operating method of network controller.
As shown in Fig. 2 in step S201, network controller has the cloud management platform of network attribute information from record, obtains
All network attribute informations of current record.This acquisition modes can be " once pulling, repeatedly push ".I.e. in network control
During device initial start-up, all network attribute informations recorded under present case, follow-up work are disposably obtained from cloud management platform
During work, request is periodically sent, or sends request as needed, or request is sent when changing, to obtain present case
All network attribute informations recorded in lower cloud management platform.So that the network attribute information in network controller is existing
There is the network attribute information of all network interface cards in empty machine and/or physical server.
In step S202, the step S201 network attribute informations obtained are issued to interchanger by network controller.Wherein, may be used
Issuing for network attribute information is realized by the southbound interface of interchanger.Wherein, southbound interface is south orientation DLL, can be with
For the southbound interface of standard agreement, or the privately owned interface of manufacturer.
Embodiments in accordance with the present invention, the interchanger can include physical switches and/or virtual switch.It is described to hand over
Change planes for the network attribute information according to reception, after the data message for needing to forward is received, carry out strict legitimacy inspection
Look into, if data message is legal, directly forward, if illegal, directly abandon.For example, by the MAC for the data message that need to be forwarded
Address information is contrasted with the mac address information table for coming from network controller received, if the data message that need to be forwarded
Mac address information belongs to mac address information table, then is directly forwarded, if the mac address information for the data message that need to be forwarded is not
In information table, then the data message that illustrating this need to forward is the aggressive message of illegal forgery, then the aggressive message is straight
Connect discarding.
Embodiments in accordance with the present invention, the network controller, will be from cloud according to the correlation of the interchanger communicated with
The network attribute information that management platform is obtained, is divided into multiple small network attribute information subsets as far as possible, and by the plurality of network
Attribute information subset is issued to corresponding interchanger.Wherein, under the quantity and present case of network attribute information subset, with net
The number for the interchanger that network controller is communicated is equal.So as to ensure that interchanger effectively stores corresponding network attribute information
Subset.
Fig. 3, which is diagrammatically illustrated, to be suppressed interchanger and floods the flow chart of storm method.
As shown in figure 3, in step S301, cloud management platform records at least one network category by monitoring the operation of user
Property information.For example, cloud management platform creates virtual machine according to user, deletes virtual machine, unlatching one and/or many physical services
Under device, the operation for closing one and/or many physical server, record present case, all possible network interface card and Microsoft Loopback Adapter
Legal and real mac address information, so as to ensure that legal data message is normally forwarded.
In step S302, network controller obtains network attribute information from cloud management platform.For example, first opening network control
Device processed, network controller obtains all nets recorded under present case by way of once pulling from cloud management platform
Network attribute information.
In step S303, the network attribute information of acquisition is issued to interchanger by network controller.For example, the interchanger bag
Include physical switches and virtual switch, its quantity is total up to m, network controller according to the correlation of existing interchanger,
The mac address information of acquisition is divided into m subset, and m subset being divided into is provided according to correlation by m interchanger
Southbound interface give the m interchanger matched.
Embodiments in accordance with the present invention, in order to ensure mac address information subset, for some virtual switch and/or thing
Manage for interchanger, according to its correlation, accomplish smallest subset, when interchanger receives mac address information subset, to network
Controller feedback information receives signal.If network controller receives the feedback signal of all current m interchangers, after carrying out
Continuous operation, if the feedback signal that network controller is received, according to the feedback signal received, judges present case less than m
Under in running order interchanger, and according to the correlation of in running order interchanger, again to all MAC Address
Information is grouped.By aforesaid operations, can avoid during MAC Address is issued to interchanger, some or it is some exchange
Machine goes offline, so that the situation that Section MAC address information is lost.
In step S304, interchanger receives network attribute information, and validity checking is carried out to the data message that need to be forwarded, and
According to inspection result, the data message that need to be forwarded is forwarded or directly abandoned.For example, what m interchanger was received according to it
The subset of the mac address information matched, the mac address information that the data message forwarded the need for receiving is carried, with phase
Mac address information in the subset table for the mac address information matched somebody with somebody is compared one by one, if the MAC that the data message that need to be forwarded is carried
Location information is present in the subset table of mac address information, then the interchanger to this receive the need for the data message that forwards turned
Hair, if the mac address information that the data message that need to be forwarded is carried is not present in the subset table of mac address information, the interchanger
The data message forwarded the need for directly receiving is abandoned.Wherein, interchanger is physical switches and/or virtual switch.Cause
This, the present invention is fully transparent to virtual switch and physical switches, it is only necessary to which network controller will be legal by southbound interface
And real mac address table is issued to virtual switch and physical switches, you can effectively suppress the storm that floods of interchanger.
As a result of cloud management platform and network controller, come that complete documentation is all legal and real network attribute letter
Breath, therefore the suppression interchanger of the present invention floods storm method, the special standby cloud computing environment for being applied to large scale deployment, and empty machine
Two layers of scale of network are bigger, more need the method for the present invention to disinthibite the storm that floods, the regular traffic message such as packaging.
Fig. 4 diagrammatically illustrate suppress interchanger flood storm device structured flowchart.
As shown in figure 4, suppression interchanger floods, the device 100 of storm includes cloud management platform 400 and network controller
500.The suppression interchanger flood storm device 100 can perform above with reference to Fig. 3 describe method, for suppressing interchanger
The storm that floods.
Specifically, cloud management platform 400 detects the operation of user, records at least one network attribute information.Network is controlled
Device 500 obtains network attribute information from cloud management platform, makes in the network attribute information and cloud management platform in network controller
Network attribute information be consistent in preset time range.Network controller 500 is also by under the network attribute information of acquisition
Interchanger is dealt into, so that interchanger carries out validity checking to the data message that need to forward, according to inspection result to that need to forward
Data message is forwarded or directly abandoned.
Embodiments in accordance with the present invention, cloud management platform creates virtual machine according to user, deletes virtual machine, unlatching one
And/or many physical servers, the operations of one and/or many physical server of closing, record under present case, be possible to
Network interface card and Microsoft Loopback Adapter legal and real mac address information, so as to ensure that legal data message is normally forwarded.
Embodiments in accordance with the present invention, the network attribute information is mac address information.In order to ensure mac address information
Subset, for some virtual switch and/or physical switches, according to its correlation, accomplishes smallest subset, works as interchanger
When receiving mac address information subset, signal is received to network controller feedback information.If network controller receives all work as
The feedback signal of preceding m interchanger, then carry out subsequent operation, if the feedback signal that network controller is received is less than m, basis
The feedback signal received, judges interchanger in running order under present case, and according in running order exchange
The correlation of machine, is grouped to all mac address informations again.By aforesaid operations, it can avoid being issued in MAC Address
During interchanger, some or some interchangers go offline, so that the situation that Section MAC address information is lost.
Fig. 5 diagrammatically illustrates the structured flowchart of cloud management platform.
Deposited as shown in figure 5, cloud management platform 400 includes first memory 401, transceiver 402, processor 403 and second
Reservoir 404.The cloud management platform 400 can perform the method described above with reference to Fig. 1, to realize the record of network attribute information
And the communication between network controller.
Specifically, the complete documentation of first memory 401 has the network attribute information of at least one empty machine.Transceiver 402 with
Network controller is communicated, and receives the request from network controller.Second memory 404 is stored with, and machine is executable to be referred to
Order, the instruction by processor 403 when being performed so that processor 403 performs operation, and the operation includes:In response to network control
The request of device, network controller is sent to by network attribute information, makes the network attribute information and cloud management in network controller
Network attribute information in platform is consistent in preset time range.
Embodiments in accordance with the present invention, some or multiple empty machines therein may be based on the void that a physical server is set up
Machine, then this some or multiple empty machines network attribute information be corresponding physical server network attribute information.Wherein
Some or multiple empty machines may be based on one or more of n void machine that a physical server is set up, now, this some
Or the network attribute information of multiple empty machines is the network attribute information of its own.
Fig. 6 diagrammatically illustrates the structured flowchart of network controller.
As shown in fig. 6, network controller 500 include first transceiver 501, second transceiver 502, processor 503 and
Memory 504.The network controller 500 can perform the method described above with reference to Fig. 2, to realize and cloud management platform and friendship
The interaction changed planes.
Specifically, first transceiver 501 is communicated with cloud management platform, sends a request to cloud management platform, and receive
The network attribute information that cloud management platform is sent.Second transceiver 502 is communicated with interchanger, issues network attribute information extremely
Interchanger, and the reception signal of desampler feedback.Memory 504 is stored with machine-executable instruction, and the instruction is being located
When managing the execution of device 503 so that processor 503 performs operation, and the operation includes:Using first transceiver 501 from cloud management platform
Network attribute information is obtained, and the network attribute information of acquisition is issued to interchanger using second transceiver 502.
Fig. 7, which is diagrammatically illustrated, to be suppressed interchanger and floods the application scenarios of storm device.
As shown in fig. 7, the suppression interchanger floods, storm device is used to be directed to cloud environment virtual network and traditional environment net
Network, carries out the suppression of storm of flooding.Interchanger therein includes two virtual switches and two physical switches.
Specifically, under the operation of cloud management detection of platform user, record present case, all virtual machines and/or physical machine
Mac address information.Network controller obtains all MAC from cloud management platform using " once pulling, repeatedly push " mode
Address information, and according to two physical switches and the correlation of two virtual switches, all MAC Address of acquisition are believed
Breath is divided into 4 mac address information subset tables, the southbound interface that 4 mac address information subset tables are provided by 4 interchangers,
4 interchangers are issued to, 4 interchangers are received after mac address information subset table, believed to network controller feedback reception
Number, to illustrate to receive MAC Address subset table.When 4 interchangers receive the data message that need to be forwarded, it will be carried in data message
Mac address information and the mac address information subset table that receives compare one by one to carry out strict validity checking, if datagram
The mac address information carried in text is legal and real target MAC (Media Access Control) address message, that is, is present in MAC Address subset table, then
Normally forwarded.If there is the mac address information carried in data message in the middle part of MAC Address subset table, illustrate the need
The data message of forwarding is the aggressive message illegally forged, and is directly abandoned.
Because the present invention uses cloud management platform and network controller, come that complete documentation is all legal and real network category
In property information, the mac address information subset table that the mac address information that interchanger need to only carry data message is received with it
MAC Address is contrasted one by one, if legal forwarded, if it is aggressive message not conform to rule explanation, progress directly abandons operation and is
Can, without continuing to issue, therefore it can effectively suppress the storm that floods of interchanger.
Although the present invention, art technology has shown and described with reference to the certain exemplary embodiments of the present invention
Personnel it should be understood that without departing substantially from appended claims and its equivalent restriction the spirit and scope of the present invention in the case of,
Can be to a variety of changes in carry out form and details of the present invention.Therefore, the scope of the present invention should not necessarily be limited by above-described embodiment,
But not only should be determined by appended claims, also it is defined by the equivalent of appended claims.
Claims (17)
1. a kind of operating method of cloud management platform, can carry out data interaction, methods described includes with network controller:
The operation of user is monitored, at least one network attribute information is recorded;
The network attribute information is sent to the network controller by the request in response to the network controller, makes the net
Network attribute information in network controller is kept with the network attribute information in the cloud management platform in preset time range
Unanimously.
2. the method for claim 1, wherein carrying out reaching the standard grade and/or offline operation for physical server, and/or carry out
When the establishment of empty machine and/or deletion action, the cloud management platform need to update the network attribute information of its record.
3. the method for claim 1, wherein the cloud management platform response please in the regular of the network controller
Ask, requirement request or change request, the network attribute information is sent to the network controller, makes the network controller
In network attribute information be consistent with the network attribute information in the cloud management platform in preset time range.
4. the method for claim 1, wherein cloud management platform response once pulling in the network controller
Request, the network controller is sent to by the network attribute information.
5. a kind of operating method of network controller, the network controller can be carried out with cloud management platform and interchanger respectively
Data communication, the cloud management platform complete documentation has network attribute information, and methods described includes:
The network attribute information is obtained from the cloud management platform, makes the network attribute information in the network controller and institute
The network attribute information stated in cloud management platform is consistent in preset time range;
Acquired network attribute information is issued to interchanger.
6. method as claimed in claim 5, wherein, the network attribute information of acquisition is issued to interchanger, is to pass through
According to the interchanger and the correlation of the network attribute information, the network attribute information is divided into some subsets, and will
The network attribute information of some subsets is issued to the interchanger matched.
7. method as claimed in claim 5, wherein, make the network attribute information and the cloud management in the network controller
The step of network attribute information in platform is consistent in preset time range includes:Opened for the first time in the network controller
When dynamic, the network attribute information of cloud management platform record is disposably obtained from the cloud management platform.
8. method as claimed in claim 5, wherein, make the network attribute information and the cloud management in the network controller
The step of network attribute information in platform is consistent in preset time range includes:Asked with regular request mode, demand
Ask mode or change request mode to send to the cloud management platform to ask, obtain the network attribute of the cloud management platform record
Information.
A kind of method of storm 9. suppression interchanger floods, the interchanger carries out data interaction, the net with network controller
Network controller can enter row data communication with cloud management platform, and methods described includes:
Cloud management platform monitors the operation of user, records at least one network attribute information;
Network controller obtains the network attribute information from the cloud management platform, belongs to the network in the network controller
Property information is consistent with the network attribute information in the cloud management platform in preset time range;
The network attribute information of acquisition is issued to the interchanger by network controller;
Interchanger is according to the network attribute information of reception, the data message progress validity checking to that need to forward, and according to
Inspection result is forwarded to the data message that need to be forwarded or directly abandoned.
10. method as claimed in claim 9, wherein, reached the standard grade and/or offline operation when carrying out physical server, and/or carry out
When empty machine establishment and/or deletion action, the cloud management platform need to update the network attribute information of its record.
11. method as claimed in claim 9, wherein, make the network attribute information and the cloud pipe in the network controller
The step of network attribute information in platform is consistent in preset time range includes:It is first in the network controller
During startup, the network attribute information of cloud management platform record is disposably obtained from the cloud management platform.
12. method as claimed in claim 9, wherein, make the network attribute information and the cloud pipe in the network controller
The step of network attribute information in platform is consistent in preset time range includes:With regular request mode, demand
Request method or change request mode are sent to the cloud management platform asks, and obtains the network category of the cloud management platform record
Property information.
13. method as claimed in claim 9, wherein, the network attribute information of acquisition is issued to interchanger, is to pass through
According to the interchanger and the correlation of the network attribute information, the network attribute information is divided into some subsets, and will
The network attribute information of some subsets is issued to the interchanger matched.
14. method as claimed in claim 9, wherein, the interchanger includes physical switches and/or virtual switch.
15. a kind of cloud management platform, can carry out data interaction, the cloud management platform includes with network controller:
First memory, the network attribute information of at least one empty machine of complete documentation;
Transceiver, is communicated with network controller;
Processor;And
Second memory, be stored with machine-executable instruction, and the instruction is when being executed by processor so that computing device is grasped
Make, including:
In response to the request of the network controller, the network attribute information is sent to network controller, makes the network
Network attribute information in controller keeps one with the network attribute information in the cloud management platform in preset time range
Cause.
16. a kind of network controller, the network controller can enter row data communication with cloud management platform and interchanger respectively,
The cloud management platform complete documentation has network attribute information, and the network controller includes:
First transceiver, is communicated with cloud management platform;
Second transceiver, is communicated with interchanger;
Processor;And
Memory, be stored with machine-executable instruction, and the instruction is when being executed by processor so that computing device is operated,
Including:
Using first transceiver the network attribute information is obtained from cloud management platform;And
The network attribute information of the acquisition is issued to interchanger using second transceiver.
The device of storm 17. a kind of suppression interchanger floods, including
Cloud management platform, the operation for monitoring user, records at least one network attribute information;
Network controller, for obtaining the network attribute information from the cloud management platform, makes in the network controller
Network attribute information is consistent with the network attribute information in the cloud management platform in preset time range;And will obtain
The network attribute information taken is issued to the interchanger, so that interchanger carries out legitimacy inspection to the data message that need to be forwarded
Look into, and the data message that need to be forwarded is forwarded according to inspection result or directly abandoned.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710211212.8A CN106961394A (en) | 2017-03-31 | 2017-03-31 | Suppress interchanger to flood the method and apparatus of storm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710211212.8A CN106961394A (en) | 2017-03-31 | 2017-03-31 | Suppress interchanger to flood the method and apparatus of storm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106961394A true CN106961394A (en) | 2017-07-18 |
Family
ID=59483967
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710211212.8A Pending CN106961394A (en) | 2017-03-31 | 2017-03-31 | Suppress interchanger to flood the method and apparatus of storm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106961394A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019080163A1 (en) * | 2017-10-23 | 2019-05-02 | 国云科技股份有限公司 | Method for identifying fake source communication of cloud platform virtual switch |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103763121A (en) * | 2013-12-24 | 2014-04-30 | 杭州华三通信技术有限公司 | Method and device for quickly issuing network configuration information |
| CN103812779A (en) * | 2012-11-08 | 2014-05-21 | 华为技术有限公司 | Topology grading method and apparatus, and flooding processing method and apparatus |
| CN104243608A (en) * | 2014-09-29 | 2014-12-24 | 华为技术有限公司 | Communication method, cloud management server and virtual switch |
| CN104539743A (en) * | 2015-01-26 | 2015-04-22 | 中国联合网络通信集团有限公司 | Cloud computing system and control method thereof |
| CN104767676A (en) * | 2014-01-03 | 2015-07-08 | 华为技术有限公司 | Data message forwarding method and data message forwarding system in software defined network (SDN) |
| CN105391568A (en) * | 2014-09-05 | 2016-03-09 | 华为技术有限公司 | SDN (Software Defined Network) implementation method, device and system |
| CN105429811A (en) * | 2016-01-11 | 2016-03-23 | 刘昱 | Network management system and method |
| CN106161457A (en) * | 2016-07-26 | 2016-11-23 | 刘昱 | Network domains isolating device based on SDN and method |
| CN106506295A (en) * | 2016-11-15 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of method and device of virtual machine access network |
-
2017
- 2017-03-31 CN CN201710211212.8A patent/CN106961394A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103812779A (en) * | 2012-11-08 | 2014-05-21 | 华为技术有限公司 | Topology grading method and apparatus, and flooding processing method and apparatus |
| CN103763121A (en) * | 2013-12-24 | 2014-04-30 | 杭州华三通信技术有限公司 | Method and device for quickly issuing network configuration information |
| CN104767676A (en) * | 2014-01-03 | 2015-07-08 | 华为技术有限公司 | Data message forwarding method and data message forwarding system in software defined network (SDN) |
| CN105391568A (en) * | 2014-09-05 | 2016-03-09 | 华为技术有限公司 | SDN (Software Defined Network) implementation method, device and system |
| CN104243608A (en) * | 2014-09-29 | 2014-12-24 | 华为技术有限公司 | Communication method, cloud management server and virtual switch |
| CN104539743A (en) * | 2015-01-26 | 2015-04-22 | 中国联合网络通信集团有限公司 | Cloud computing system and control method thereof |
| CN105429811A (en) * | 2016-01-11 | 2016-03-23 | 刘昱 | Network management system and method |
| CN106161457A (en) * | 2016-07-26 | 2016-11-23 | 刘昱 | Network domains isolating device based on SDN and method |
| CN106506295A (en) * | 2016-11-15 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of method and device of virtual machine access network |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019080163A1 (en) * | 2017-10-23 | 2019-05-02 | 国云科技股份有限公司 | Method for identifying fake source communication of cloud platform virtual switch |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103825954B (en) | A kind of OpenFlow control methods and corresponding plug-in unit, platform and network | |
| CN104468358B (en) | The message forwarding method and equipment of the distributed virtual switch system | |
| CN103812823B (en) | Configuration information is migrated during live migration of virtual machine method, equipment and system | |
| CN101605084B (en) | Method and system for processing virtual network messages based on virtual machine | |
| CN104753697B (en) | A kind of method, equipment and system controlling the automatic beginning of the network equipment | |
| CN106712988B (en) | A kind of virtual network management method and device | |
| CN103441932B (en) | A kind of Host routes list item generates method and apparatus | |
| CN111638957B (en) | Method for realizing cluster sharing type public cloud load balance | |
| CN106878343B (en) | It is the system serviced that network security is provided under a kind of cloud computing environment | |
| CN104040964B (en) | Method, device and data center network across service area communication | |
| CN103024611A (en) | Method and device for pre-configuration management of ONU (optical network unit) by OLT (optical line terminal) | |
| CN104038570B (en) | A kind of data processing method and device | |
| CN107979614A (en) | Data packet detection method and device | |
| CN108777640A (en) | A kind of server detection method, device, system and storage medium | |
| CN106899503A (en) | The route selection method and network manager of a kind of data center network | |
| CN107819602A (en) | Customer flow distribution method and system | |
| CN102158406B (en) | Intelligent routing method for computer network links | |
| CN107835095A (en) | A kind of processing method and processing device of daily record | |
| CN107509128A (en) | A kind of method and system of core network access | |
| CN106878106A (en) | A kind of accessible detecting method and device | |
| CN106878075B (en) | A kind of message processing method and device | |
| CN106961394A (en) | Suppress interchanger to flood the method and apparatus of storm | |
| CN102316035A (en) | Foreground and background communication and data safety processing method in cluster router system | |
| CN107196856A (en) | A kind of method and apparatus for determining routing forwarding path | |
| CN107547394A (en) | A kind of load-balancing device dispositions method more living and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170718 |