CN107086965B - ARP (Address resolution protocol) table entry generation method and device and switch - Google Patents
ARP (Address resolution protocol) table entry generation method and device and switch Download PDFInfo
- Publication number
- CN107086965B CN107086965B CN201710402903.6A CN201710402903A CN107086965B CN 107086965 B CN107086965 B CN 107086965B CN 201710402903 A CN201710402903 A CN 201710402903A CN 107086965 B CN107086965 B CN 107086965B
- Authority
- CN
- China
- Prior art keywords
- preset
- address
- analyzed
- arp
- entry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method, a device and a switch for generating ARP table entries, wherein the method comprises the following steps: determining a first number of received IP addresses to be analyzed in a preset time; and when the first number is greater than or equal to a first preset number, generating a first table entry corresponding to the IP address to be analyzed in a preset ARP list, wherein the first table entry is used for recording a preset port corresponding to the IP address to be analyzed, and the preset port is used for discarding messages. By applying the embodiment of the invention, the generation quantity of the ARP table entries can be effectively reduced, and the problem that the ARP table entry resources are easy to be exhausted is solved.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a method and an apparatus for generating an ARP entry, and a switch.
Background
With the rapid development of internet data communication technology, the attack of hackers on network equipment through vulnerabilities in the network is rare, and ARP flooding attack is a common network attack mode.
In the prior art, when a switch device receives an IP address to be resolved, if the IP address to be resolved is an IP address that a hacker sets and cannot resolve an analysis result, the switch device generates an ARP entry for the IP address to be resolved. Because the ARP table entry resource of the switch equipment is limited, the ARP table entry resource is easy to be exhausted.
Disclosure of Invention
In view of this, the present invention provides a method, an apparatus and a switch for generating an ARP entry, so as to solve the problem that the ARP entry resource is easily exhausted.
In order to achieve the purpose, the invention provides the following technical scheme:
according to a first aspect of the present invention, a method for generating an ARP entry is provided, where the method includes:
determining a first number of received IP addresses to be analyzed in a preset time;
and when the first number is greater than or equal to a first preset number, generating a first table entry corresponding to the IP address to be analyzed in a preset ARP list, wherein the first table entry is used for recording a preset port corresponding to the IP address to be analyzed, and the preset port is used for discarding messages.
According to a second aspect of the present invention, an apparatus for generating an ARP entry is provided, the apparatus comprising:
the first determining module is used for determining the first number of the received IP addresses to be analyzed in the preset time length;
a first table entry generating module, configured to generate a first table entry corresponding to the to-be-analyzed IP address in a preset ARP list when the first number is greater than or equal to a first preset number, where the first table entry is used to record a preset port corresponding to the to-be-analyzed IP address, and the preset port is used to discard a packet;
and the address broadcasting module is used for broadcasting the IP address to be analyzed to the neighbor equipment when the first number is smaller than a first preset number.
According to a third aspect of the invention, a switch is proposed, the switch comprising: a CPU and a switching chip;
the CPU is used for determining a first number of received IP addresses to be analyzed in a preset time; when the first number is greater than or equal to a first preset number, generating a first table entry aiming at the IP address to be analyzed, wherein the first table entry is used for recording a preset port corresponding to the IP address to be analyzed, and the preset port is used for discarding messages; sending the first table item to the exchange chip;
the switching chip is used for storing the first table entry in the preset ARP list;
the CPU is further used for broadcasting the IP address to be analyzed to the neighbor equipment when the first number is smaller than the first preset number.
According to the technical scheme, the switch determines that a first number of the IP addresses to be analyzed are received within a preset time length, when the first number is larger than or equal to the first preset number, the switch generates a first table entry corresponding to the IP addresses to be analyzed in a preset ARP list, and under the condition that the switch receives a large number of same IP addresses to be analyzed within a short time, the switch can limit the number of the table entries generated in the preset ARP list through the first preset number; for the condition that the switch receives the discrete IP addresses to be analyzed, because the first number of the IP addresses to be analyzed does not reach the first preset number, the switch does not need to generate corresponding ARP table items for the IP addresses to be analyzed, so that when the switch receives the IP addresses to be analyzed under the two conditions, the generation number of the ARP table items can be effectively reduced, and the problem that ARP table item resources are easy to be exhausted is solved.
Drawings
FIG. 1A is a flowchart of an embodiment of a method for generating an ARP entry according to the present invention;
fig. 1B is a schematic diagram of an internal structure of a switch in the method for generating an ARP entry provided in the present invention;
FIG. 2 is a flowchart of another method for generating ARP entry according to an embodiment of the present invention;
FIG. 3 is a flowchart of another ARP entry generation method according to an embodiment of the present invention;
FIG. 4 is a hardware block diagram of a switch provided by the present invention;
FIG. 5 is a block diagram of an apparatus for generating an ARP entry according to an embodiment of the present invention;
fig. 6 is a block diagram of another ARP entry generation apparatus according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present invention. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Fig. 1A is a flowchart of an embodiment of a method for generating an ARP entry provided in the present invention, where the method for generating an Address Resolution Protocol (ARP) entry may be applied to a switch, as shown in fig. 1A, the method for generating an ARP entry includes the following steps 101 and 102:
step 101: determining a first number of received IP addresses to be analyzed in a preset time.
Step 102: it is determined whether the first number is greater than or equal to a first preset number, and when the first number is greater than or equal to the first preset number, step 103 is performed, and when the first number is less than the first preset number, step 104 is performed.
Step 103: and generating a first table entry corresponding to the IP address to be analyzed in a preset ARP list, wherein the first table entry is used for recording a preset port corresponding to the IP address to be analyzed, and the preset port is used for discarding the message.
Optionally, the method for generating an ARP entry may further include step 104: and broadcasting the IP address to be resolved to the neighbor equipment.
In step 101, in an embodiment, the preset time period may be counted by a timer or a timing device, and the preset time period is, for example, 1 second. The first number is the number of the IP addresses to be resolved that are received by the switch within the preset time duration, and it should be noted that, when the preset time duration is over, the switch clears the first number and recalculates the number of the IP addresses to be resolved. The IP address to be resolved is the IP address needing ARP resolution, and the description of the process of acquiring the IP address to be resolved can refer to the related content in the prior art. Taking the IP address to be resolved as 168.168.13.16 and the preset time duration as 1 second, the switch determines that the first number of IP addresses to be resolved 168.168.13.16 is received within 1 second.
In step 102, in an embodiment, a specific value of the first predetermined number may be determined according to a capability of the switch to process the total number of IP addresses to be resolved, and the first predetermined number is, for example, 100. The switch determines whether the first number is greater than or equal to a first preset number, when the switch determines that the first number of the received to-be-analyzed IP addresses in the preset time period is greater than or equal to the first preset number, the switch performs step 103, and when it determines that the first number of the received to-be-analyzed IP addresses in the preset time period is less than the first preset number, the switch performs step 104.
In step 103, in an embodiment, when it is determined that the first number of received to-be-analyzed IP addresses within the preset time period is greater than or equal to the first preset number, it indicates that a large number of to-be-analyzed IP addresses are requested to be analyzed within a short time period, which may be an ARP flooding attack initiated by a hacker, and therefore the switch needs to discard the subsequently received to-be-analyzed IP addresses. Specifically, the switch generates a first entry corresponding to the IP address to be resolved in a preset ARP list, where the first entry is used to record a preset port corresponding to the IP address to be resolved, and the preset port is used to discard the packet. The preset ARP list is used for recording relevant contents corresponding to the IP address to be analyzed, and the relevant contents comprise: a preset port (indicating that the IP address to be analyzed has not obtained an analysis result and the preset port is used for discarding the message), and an analysis result (indicating that the IP address to be analyzed has been analyzed, wherein the analysis result comprises the MAC address, the VLAN information and the output interface information). As shown in table 1, a structure example of the preset ARP list is:
TABLE 1
| IP address to be resolved | MAC address | VLAN information | Outbound interface information | Preset port |
| 168.168.14.15 | 44-45-53-54-00-00 | vlan-if2 | 86 | - |
| 168.168.12.18 | 43-23-14-36-00-00 | vlan-if1 | 87 | - |
| 168.168.13.16 | - | - | - | 47 |
In table 1, the to-be-resolved IP address 168.168.14.15 corresponds to the MAC address 44-45-53-54-00-00, the VLAN information VLAN-if2, and the egress interface information 86; the IP address to be analyzed 168.168.12.18 corresponds to the MAC address 43-23-14-36-00-00, the VLAN information VLAN-if1 and the output interface information 87; the IP address to be resolved 168.168.13.16 corresponds to the default port 47. The "-" in Table 1 indicates null, and no information is recorded. The to-be-analyzed IP address 168.168.13.16 does not record an analysis result, which indicates that the to-be-analyzed IP address 168.168.13.16 has not been successfully analyzed, or the to-be-analyzed IP address 168.168.13.16 is an unresolvable to-be-analyzed IP address maliciously sent by a hacker. In combination with step 101, taking the to-be-analyzed IP address as 168.168.13.16 as an example, the switch generates a first entry corresponding to the to-be-analyzed IP address 168.168.13.16 in a preset ARP list, where the first entry is used to record a preset port corresponding to the to-be-analyzed IP address 168.168.13.16, the preset port is used to discard a packet, and the preset port is, for example, port 47 (see the content in the fourth row in table 1), and when the switch receives the to-be-analyzed IP address 168.168.13.16 again, the switch finds the port 47 corresponding to the to-be-analyzed IP address 168.168.13.16 through the first entry recorded in the preset ARP list, and the switch discards the to-be-analyzed IP address 168.168.13.16 through the port 47.
In step 104, in one embodiment, the switch broadcasts the IP address to be resolved to the neighboring devices. When the switch determines that the first number of the received IP addresses to be analyzed in the preset time is smaller than the first preset number, the first number of the IP addresses to be analyzed is within the processing capacity range of the switch, so that the switch normally sends a broadcast to the neighbor equipment to analyze the IP addresses to be analyzed.
In the embodiment of the invention, the switch determines that a first number of IP addresses to be analyzed are received within a preset time, when the first number is greater than or equal to the first preset number, the switch generates a first table entry corresponding to the IP addresses to be analyzed in a preset ARP list, and for the condition that the switch receives a large number of same IP addresses to be analyzed in a short time, the switch can limit the number of table entries generated in the preset ARP list through the first preset number; for the condition that the switch receives the discrete IP addresses to be analyzed, because the first number of the IP addresses to be analyzed does not reach the first preset number, the switch does not need to generate corresponding ARP table items for the IP addresses to be analyzed, so that when the switch receives the IP addresses to be analyzed under the two conditions, the generation number of the ARP table items can be effectively reduced, and the problem that ARP table item resources are easy to be exhausted is solved.
Fig. 1B is a schematic diagram of an internal structure of a switch 11 in the method for generating an ARP entry provided by the present invention, where an embodiment of the present invention uses the switch 11 in the embodiment of fig. 1A to include: the CPU111 and the switch chip 112 are exemplified and explained in conjunction with fig. 1A. When the switch 11 receives a message carrying an IP address to be resolved, the switch 11 sends the resolved IP address to be resolved to the switch chip 112, and the switch chip 112 stores a preset ARP list. The switch chip 112 stores a preset ARP list, and the switch chip 112 searches whether related content corresponding to the to-be-resolved IP address exists in the preset ARP list, where the related content includes: a preset port (indicating that the IP address to be analyzed has not obtained an analysis result and the preset port is used for discarding the message), and an analysis result (indicating that the IP address to be analyzed has been analyzed, wherein the analysis result comprises the MAC address, the VLAN information and the output interface information). When the switch chip 112 does not find the relevant content corresponding to the IP address to be resolved in the preset ARP list, the switch chip 112 sends the IP address to be resolved to the CPU 111. The CPU111 determines a first number of received IP addresses to be resolved within a preset time duration. When the first number is greater than or equal to a first preset number, the CPU111 generates a first entry for the to-be-analyzed IP address, where the first entry is used to record a preset port corresponding to the to-be-analyzed IP address, and the preset port is used to discard the packet. The CPU111 issues the first entry to the switch chip 112, and the switch chip 112 stores the first entry in a preset ARP list. When the first number is smaller than the first preset number, the CPU111 broadcasts the IP address to be resolved to the neighbor device. When the CPU111 receives an analysis result corresponding to the to-be-analyzed IP address, the CPU111 generates a second entry for the to-be-analyzed IP address, where the second entry is used to record the analysis result corresponding to the to-be-analyzed IP address. The CPU111 issues the second entry to the switch chip 112, the switch chip 112 stores the second entry in the preset ARP list, and if the preset ARP list includes the first entry corresponding to the IP address to be resolved, the switch chip 112 deletes the first entry recorded in the preset ARP list. Specifically, with reference to fig. 1A, taking an IP address to be resolved as 168.168.13.16, a first preset number as 100, a preset duration as 1 second, a preset port as 47, an MAC address 21-53-59-75-00-00, VLAN information VLAN-if3, and egress interface information 60 as examples, when the switch chip 112 does not find a relevant content corresponding to the IP address 168.168.13.16 to be resolved in the preset ARP list, the switch chip 112 sends the IP address 168.168.13.16 to be resolved to the CPU 111. The CPU111 determines a first number of received to-be-resolved IP addresses 168.168.13.16 within a preset time period of 1 second. When the first number is greater than or equal to the first preset number 100, the CPU111 generates a first entry for the to-be-resolved IP address 168.168.13.16, where the first entry is used to record the preset port 47 corresponding to the to-be-resolved IP address. The CPU111 issues the first entry to the switch chip 112, and the switch chip 112 stores the first entry in a preset ARP list. When the first number is less than the first preset number 100, the CPU111 broadcasts the to-be-resolved IP address 168.168.13.16 to the neighbor device. When the CPU111 receives the analysis result (the MAC address 21-53-59-75-00-00, the VLAN information VLAN-if3, and the egress interface information 60) corresponding to the to-be-analyzed IP address 168.168.13.16, the CPU111 generates a second entry for the to-be-analyzed IP address, where the second entry is used to record the analysis result corresponding to the to-be-analyzed IP address. The CPU111 issues the second entry to the switch chip 112, the switch chip 112 stores the second entry in the preset ARP list, and if the preset ARP list includes the first entry corresponding to the IP address to be resolved, the switch chip 112 deletes the first entry recorded in the preset ARP list.
According to the embodiment of the invention, the CPU111 limits the number of the generated table entries in the preset ARP list through the first preset number; for the condition that the CPU111 receives the discrete IP addresses to be resolved, because the first number of the IP addresses to be resolved does not reach the first preset number, the CPU111 does not need to generate the corresponding ARP entry for the IP addresses to be resolved, so that when the CPU111 receives the IP addresses to be resolved under the two conditions, the generation number of the ARP entries can be effectively reduced, and the problem that the ARP entry resources are easily exhausted is solved; when the first number is greater than or equal to the first preset number, the CPU111 generates a first entry for the to-be-analyzed IP address, where the first entry is used to record a preset port corresponding to the to-be-analyzed IP address, and the preset port is used to discard a packet, and when the switch 11 receives the to-be-analyzed IP address again, the to-be-analyzed IP address is forwarded to the preset port through the switch chip 112, and the to-be-analyzed IP address does not need to be uploaded to the CPU111, so that the processing pressure of the CPU is relieved.
Fig. 2 is a flowchart of another method for generating an ARP entry according to another embodiment of the present invention, which is exemplarily described with reference to fig. 1A, and as shown in fig. 2, the method includes the following steps:
step 201: and determining a second number of current entries in the preset ARP list.
Step 202: and when the second number is smaller than the second preset number, generating a first table entry corresponding to the IP address to be analyzed in a preset ARP list.
In step 201, the switch determines a second number of current entries in the preset ARP list, where the second number is the number of entries that are currently recorded in the preset ARP list.
In step 202, the second preset number is the total number of switch ARP entry resources. When the second number is smaller than the second preset number, it indicates that an ARP entry can be newly added in the preset ARP list, and the switch performs the step of generating the first entry corresponding to the to-be-resolved IP address in the preset ARP list in step 102.
In the embodiment of the invention, the switch determines the second number of the current table entries in the preset ARP list, determines whether the second number is smaller than the total number of ARP table entry resources of the switch, and if so, the switch generates the first table entry corresponding to the IP address to be analyzed in the preset ARP list, thereby ensuring that the established first table entry does not exceed the total number of the ARP table entry resources and ensuring the working reliability and stability of the switch.
Fig. 3 is a flowchart of another method for generating an ARP entry according to another embodiment of the present invention, and the embodiment of the present invention, with reference to fig. 1A and fig. 2, illustrates how a switch receives an analysis result corresponding to an IP address to be analyzed, and as shown in fig. 3, includes the following steps:
step 301: and when an analysis result corresponding to the IP address to be analyzed is received, generating a second table entry corresponding to the IP address to be analyzed in the preset ARP list, wherein the second table entry is used for recording the analysis result corresponding to the IP address to be analyzed.
Step 302: and deleting the first table entry recorded in the preset ARP list.
In step 301, with the IP address to be resolved as 168.168.13.16, the resolution result includes: for example, the MAC address 21-53-59-75-00-00, the VLAN information VLAN-if3, and the egress interface information 60 are used, when the switch receives the resolution result (the MAC address 21-53-59-75-00, the VLAN information VLAN-if3, and the egress interface information 60) corresponding to the IP address 168.168.13.16 to be resolved, the switch generates a second entry corresponding to the IP address 168.168.13.16 to be resolved in the preset ARP list, where the second entry is used to record the resolution result (the MAC address 21-53-59-75-00-00, the VLAN information VLAN-if3, and the egress interface information 60) corresponding to the IP address 168.168.13.16 to be resolved.
In step 302, after the step of generating the first entry corresponding to the IP address to be resolved in the preset ARP list, as shown in table 1, if the first entry is already recorded in the preset ARP list, the switch deletes the first entry recorded in the preset ARP list, as shown in table 2, which is a structural example of the preset ARP list after steps 301 to 302 are performed on the basis of table 1:
TABLE 2
| IP address to be resolved | MAC address | VLAN information | Outbound interface information | Preset port |
| 168.168.14.15 | 44-45-53-54-00-00 | vlan-if2 | 86 | - |
| 168.168.12.18 | 43-23-14-36-00-00 | vlan-if1 | 87 | - |
| 168.168.13.16 | 21-53-59-75-00-00 | vlan-if3 | 60 | - |
In table 2, the first entry corresponding to the to-be-resolved IP address 168.168.13.16 has been deleted, and instead, the fourth row of content corresponding to the to-be-resolved IP address 168.168.13.16 is the second entry.
In the embodiment of the invention, when the switch receives the analysis result corresponding to the IP address to be analyzed, the switch generates the second table entry corresponding to the IP address to be analyzed in the preset ARP list, and the switch deletes the first table entry recorded in the preset ARP list, so that the switch can normally forward the IP address to be analyzed when the subsequent switch receives the IP address to be analyzed, and simultaneously, more ARP table entry resources can be vacated by deleting the first table entry, and the ARP table entry resources are utilized more efficiently.
Corresponding to the method for generating the ARP entry, the present invention also provides a hardware structure diagram of the switch shown in fig. 4. Referring to fig. 4, at the hardware level, the switch includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, but may also include hardware required for other services. The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the ARP table entry generation device on the logic level. Of course, besides the software implementation, the present invention does not exclude other implementations, such as logic devices or combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may be hardware or logic devices.
Fig. 5 is a block diagram of an embodiment of an apparatus for generating an ARP entry provided in the present invention, and as shown in fig. 5, the apparatus for generating an ARP entry may include: a first determining module 51, a first table entry generating module 52, and an address broadcasting module 53, wherein:
a first determining module 51, configured to determine a first number of received IP addresses to be resolved within a preset time period;
a first table entry generating module 52, configured to generate a first table entry corresponding to the to-be-analyzed IP address in a preset ARP list when the first number is greater than or equal to a first preset number, where the first table entry is used to record a preset port corresponding to the to-be-analyzed IP address, and the preset port is used to discard the packet;
and the address broadcasting module 53 is configured to broadcast the to-be-resolved IP address to the neighboring device when the first number is smaller than the first preset number.
Fig. 6 is a block diagram of another embodiment of an ARP entry generation apparatus provided by the present invention, and as shown in fig. 6, on the basis of the embodiment shown in fig. 5, the ARP entry generation apparatus further includes:
a second determining module 54, configured to determine a second number of current entries in the preset ARP list, and when the second number is smaller than the second preset number, execute the step of generating, in the first entry generating module 52, the first entry corresponding to the to-be-resolved IP address in the preset ARP list.
In an embodiment, the apparatus for generating an ARP entry further includes:
and a second table entry generating module 55, configured to generate, when receiving an analysis result corresponding to the to-be-analyzed IP address, a second table entry corresponding to the to-be-analyzed IP address in the preset ARP list, where the second table entry is used to record the analysis result corresponding to the to-be-analyzed IP address.
In an embodiment 56, the apparatus for generating an ARP entry further includes:
and an entry deleting module, configured to delete the first entry recorded in the preset ARP list after the step of generating the first entry corresponding to the to-be-resolved IP address in the preset ARP list in the first entry generating module 52.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the invention. One of ordinary skill in the art can understand and implement it without inventive effort.
As can be seen from the above embodiments, the switch determines that a first number of IP addresses to be resolved are received within a preset time period, and when the first number is greater than or equal to the first preset number, the switch generates a first entry corresponding to the IP address to be resolved in a preset ARP list, and for a case that the switch receives a large number of identical IP addresses to be resolved within a short time period, the switch can limit the number of entries generated in the preset ARP list by the first preset number; for the condition that the switch receives the discrete IP addresses to be analyzed, because the first number of the IP addresses to be analyzed does not reach the first preset number, the switch does not need to generate corresponding ARP table items for the IP addresses to be analyzed, so that when the switch receives the IP addresses to be analyzed under the two conditions, the generation number of the ARP table items can be effectively reduced, and the problem that ARP table item resources are easy to be exhausted is solved.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A method for generating an ARP table entry, the method comprising:
determining a first number of received IP addresses to be analyzed in a preset time; the IP address to be analyzed is an IP address which cannot be analyzed to obtain an analysis result after ARP analysis;
and when the first number is greater than or equal to a first preset number, issuing a first table entry corresponding to the IP address to be analyzed to a preset ARP list stored in a switching chip, wherein the first table entry is used for recording a preset port corresponding to the IP address to be analyzed, and the preset port is used for discarding messages.
2. The method of claim 1, further comprising:
determining a second number of current table entries in the preset ARP list;
and when the second number is smaller than a second preset number, executing a step of generating a first table entry corresponding to the IP address to be analyzed in the preset ARP list.
3. The method of claim 1, further comprising:
and when an analysis result corresponding to the IP address to be analyzed is received, generating a second table entry corresponding to the IP address to be analyzed in the preset ARP list, wherein the second table entry is used for recording the analysis result corresponding to the IP address to be analyzed.
4. The method according to claim 3, wherein after the step of generating the first entry corresponding to the IP address to be resolved in the pre-configured ARP list, the method further comprises:
and deleting the first table entry recorded in the preset ARP list.
5. The method of claim 1, further comprising:
and broadcasting the IP address to be analyzed to neighbor equipment when the first number is smaller than a first preset number.
6. An apparatus for generating an ARP entry, the apparatus comprising:
the first determining module is used for determining the first number of the received IP addresses to be analyzed in the preset time length; the IP address to be analyzed is an IP address which cannot be analyzed to obtain an analysis result after ARP analysis;
a first entry issuing module, configured to issue a first entry corresponding to the to-be-analyzed IP address to a preset ARP list stored in a switch chip when the first number is greater than or equal to a first preset number, where the first entry is used to record a preset port corresponding to the to-be-analyzed IP address, and the preset port is used to discard a packet;
and the address broadcasting module is used for broadcasting the IP address to be analyzed to the neighbor equipment when the first number is smaller than a first preset number.
7. The apparatus of claim 6, further comprising:
and the second determining module is used for determining a second number of the current table entries in the preset ARP list, and when the second number is smaller than the second preset number, executing the step of generating the first table entries corresponding to the IP addresses to be analyzed in the preset ARP list in the first table entry generating module.
8. The apparatus of claim 6, further comprising:
and the second table entry generating module is used for generating a second table entry corresponding to the IP address to be analyzed in the preset ARP list when an analysis result corresponding to the IP address to be analyzed is received, wherein the second table entry is used for recording the analysis result corresponding to the IP address to be analyzed.
9. The apparatus of claim 6, further comprising:
and the table item deleting module is used for deleting the first table item recorded in the preset ARP list after the step of generating the first table item corresponding to the IP address to be analyzed in the preset ARP list in the first table item generating module.
10. A switch, characterized in that the switch comprises: a CPU and a switching chip;
the CPU is used for determining a first number of received IP addresses to be analyzed in a preset time; the IP address to be analyzed is an IP address which cannot be analyzed to obtain an analysis result after ARP analysis; when the first number is greater than or equal to a first preset number, generating a first table entry aiming at the IP address to be analyzed, wherein the first table entry is used for recording a preset port corresponding to the IP address to be analyzed, and the preset port is used for discarding messages; sending the first table item to the exchange chip;
the switching chip is used for storing the first table entry in the preset ARP list;
the CPU is further used for broadcasting the IP address to be analyzed to the neighbor equipment when the first number is smaller than the first preset number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710402903.6A CN107086965B (en) | 2017-06-01 | 2017-06-01 | ARP (Address resolution protocol) table entry generation method and device and switch |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710402903.6A CN107086965B (en) | 2017-06-01 | 2017-06-01 | ARP (Address resolution protocol) table entry generation method and device and switch |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107086965A CN107086965A (en) | 2017-08-22 |
| CN107086965B true CN107086965B (en) | 2020-04-03 |
Family
ID=59608708
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710402903.6A Active CN107086965B (en) | 2017-06-01 | 2017-06-01 | ARP (Address resolution protocol) table entry generation method and device and switch |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107086965B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109561111B (en) * | 2019-01-24 | 2021-07-23 | 新华三技术有限公司 | Method and device for determining attack source |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345755A (en) * | 2008-08-29 | 2009-01-14 | 中兴通讯股份有限公司 | Method and system for preventing address analysis protocol message attack |
| CN101605061A (en) * | 2008-06-10 | 2009-12-16 | 上海贝尔阿尔卡特股份有限公司 | Prevent the method and the device thereof of Denial of Service attack in a kind of access network |
| CN105791248A (en) * | 2014-12-26 | 2016-07-20 | 中兴通讯股份有限公司 | Network attack analysis method and device |
| CN106506531A (en) * | 2016-12-06 | 2017-03-15 | 杭州迪普科技股份有限公司 | The defence method and device of ARP attack messages |
| CN106792684A (en) * | 2016-12-13 | 2017-05-31 | 国家电网公司信息通信分公司 | The wireless network secure guard system and means of defence of a kind of multiple-protection |
-
2017
- 2017-06-01 CN CN201710402903.6A patent/CN107086965B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101605061A (en) * | 2008-06-10 | 2009-12-16 | 上海贝尔阿尔卡特股份有限公司 | Prevent the method and the device thereof of Denial of Service attack in a kind of access network |
| CN101345755A (en) * | 2008-08-29 | 2009-01-14 | 中兴通讯股份有限公司 | Method and system for preventing address analysis protocol message attack |
| CN105791248A (en) * | 2014-12-26 | 2016-07-20 | 中兴通讯股份有限公司 | Network attack analysis method and device |
| CN106506531A (en) * | 2016-12-06 | 2017-03-15 | 杭州迪普科技股份有限公司 | The defence method and device of ARP attack messages |
| CN106792684A (en) * | 2016-12-13 | 2017-05-31 | 国家电网公司信息通信分公司 | The wireless network secure guard system and means of defence of a kind of multiple-protection |
Non-Patent Citations (1)
| Title |
|---|
| "ARP攻击防范技术白皮书";wqm54335;《百度文库》;20100808;1-17 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107086965A (en) | 2017-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10084713B2 (en) | Protocol type identification method and apparatus | |
| US10148573B2 (en) | Packet processing method, node, and system | |
| US8630294B1 (en) | Dynamic bypass mechanism to alleviate bloom filter bank contention | |
| CN108259347B (en) | Message transmission method and device | |
| WO2015161780A1 (en) | Forwarding data packets | |
| CN107547507B (en) | Anti-attack method and device, router equipment and machine readable storage medium | |
| CN108306832B (en) | Network traffic shunting method and device | |
| CN109714274B (en) | Method for acquiring corresponding relation and routing equipment | |
| CN110519265B (en) | Method and device for defending attack | |
| CN108600109B (en) | Message forwarding method and device | |
| CN106921578B (en) | Method and device for generating forwarding table item | |
| US10924457B2 (en) | Packet cleaning method and apparatus | |
| WO2017156908A1 (en) | Method and device for forwarding packet | |
| US11316804B2 (en) | Forwarding entry update method and apparatus in a memory | |
| CN110430135B (en) | Message processing method and device | |
| CN107547346B (en) | Message transmission method and device | |
| US11695710B2 (en) | Buffer management method and apparatus | |
| CN106507414B (en) | Message forwarding method and device | |
| CN107547535B (en) | Anti-attack MAC address learning method and device and network equipment | |
| WO2022268226A1 (en) | Client identification method and apparatus, and storage medium and network device | |
| CN113285918A (en) | ACL (access control list) filtering table item establishing method and device for network attack | |
| CN110290234B (en) | Method, device, system, equipment and storage medium for tracing node address | |
| CN107086965B (en) | ARP (Address resolution protocol) table entry generation method and device and switch | |
| US9967178B1 (en) | Flow record size reduction | |
| CN106254252B (en) | Flow spec route issuing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |