CN107493234A - A kind of message processing method and device based on virtual bridge - Google Patents

A kind of message processing method and device based on virtual bridge Download PDF

Info

Publication number
CN107493234A
CN107493234A CN201610409339.6A CN201610409339A CN107493234A CN 107493234 A CN107493234 A CN 107493234A CN 201610409339 A CN201610409339 A CN 201610409339A CN 107493234 A CN107493234 A CN 107493234A
Authority
CN
China
Prior art keywords
port
source
mac
address
clear text
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610409339.6A
Other languages
Chinese (zh)
Other versions
CN107493234B (en
Inventor
朱良伟
李星
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201610409339.6A priority Critical patent/CN107493234B/en
Publication of CN107493234A publication Critical patent/CN107493234A/en
Application granted granted Critical
Publication of CN107493234B publication Critical patent/CN107493234B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

A kind of message processing method based on virtual bridge of disclosure, including:Clear text is received from source port;The clear text carries source MAC and target MAC (Media Access Control) address;The corresponding entry that the target MAC (Media Access Control) address be present is searched whether in default MAC Address and port corresponding relation, if being not present, performs next step;The destination interface for meeting specified conditions is chosen according to the port attribute pre-set, and the clear text is sent by the destination interface.The message processing method based on virtual bridge, avoid and all of the port outside the source port is sent into the clear text all as destination interface, reduce the number for the destination interface for sending the clear text, reduce and send the resource that the clear text is consumed.

Description

A kind of message processing method and device based on virtual bridge
Technical field
The application is related to technical field of network security, and in particular to a kind of message processing method based on virtual bridge.This Application is related to a kind of message process device based on virtual bridge simultaneously.
Background technology
In cloud computing era, the cloud product oneself developed is opened to the outside world and used by many cloud service commercial cities, especially publicly-owned Cloud is widely applied and popularized.Public cloud is often referred to the cloud platform that can be used that cloud service provider provides the user, for Family provides resource sharing service, and user can access the shared service that public cloud provides by internet, realize the shared of resource And exchange.Many publicly-owned cloud platforms are directed to each user, provide domain name for users to use respectively, user is publicly-owned by domain name access During cloud platform service provided, these domain names are highly susceptible to the attack of attacker, for example, publicly-owned cloud platform some User, in different purposes, have brokenly the publicly-owned cloud platform of ring or even attack the behavior of other users, cause public cloud platform to face Potential safety hazard, meanwhile, the privacy of user data also Problems.
Bridge (Bridge) in physical network, a kind of storage/forwarding unit of multiple network segments is usually connected, being can be with One network segment is divided into multiple network segments, or the real equipment by the interconnection of multiple network segments for a logical segment.Virtual network In virtual bridge as shown in Figure 1, it is similar with the effect of the bridge in physical network, multiple virtual machines are interconnected, it is empty It can be communicated between plan machine (Virtual Machine, VM) by virtual bridge, in addition, virtual machine and VLAN It can also be communicated between (VLAN, Virtual Local Area Network) by virtual bridge.
The message processing method that prior art provides, receives message from port A first, and message carries source MAC and mesh MAC Address, port A corresponding entry is inquired about in mac address table, if not inquiring port A pair in mac address table Entry is answered, then establishes source MAC and port A corresponding relation and writes among mac address table;Secondly, inquired about in mac address table The corresponding entry of target MAC (Media Access Control) address, if port A corresponding entry is inquired in mac address table, according in corresponding entry The port B of record, message is sent from port B;, can not if not inquiring port A corresponding entry in mac address table It is determined that sending the port of message, therefore flooding (flooding) mode is taken to send report to all of the port outside source port A Text;Finally, from port B receive target MAC (Media Access Control) address corresponding to main frame send response message, establish the target MAC (Media Access Control) address with Port B corresponding relation is simultaneously write among mac address table.
The defects of obvious be present in the message processing method that above-mentioned prior art provides.
The message processing method that prior art provides, a virtual bridge on Classic (classics) network can connect more Individual virtual machine, when the target MAC (Media Access Control) address that message carries, corresponding entry of the inquiry less than target MAC (Media Access Control) address in mac address table When, message can be sent (except the port for receiving message) by other all of the ports, for example, receiving report from the port of virtual bridge Text, the corresponding entry of the message is not present in mac address table, other 10 ports will be passed through and send messages, message sends meeting Carry out 10 times, message is sent compared to corresponding destination interface, message related to resources caused by being sent due to message is also changed into 10 times, increase Resource consumption caused by message is sent.
The content of the invention
The application provides a kind of message processing method based on virtual bridge, to solve resource consumption existing for prior art The problem of serious.
The application is related to a kind of message process device based on virtual bridge simultaneously.
The application provides a kind of message processing method based on virtual bridge, including:
Clear text is received from source port;The clear text carries source MAC and target MAC (Media Access Control) address;
The corresponding entry that the target MAC (Media Access Control) address be present is searched whether in default MAC Address and port corresponding relation, If being not present, next step is performed;
The destination interface for meeting specified conditions is chosen according to the port attribute pre-set, and is sent out by the destination interface Send the clear text.
Optionally, the type of the source port is:Virtual port or the network port;
The type of the destination interface is:Virtual port or the network port.
Optionally, the port attribute includes:
First port attribute, second port attribute and the 3rd port attribute.
Optionally, it is described to be received from source port after clear text step performs, and it is described in default MAC Address and Before searching whether that the corresponding entry step that the target MAC (Media Access Control) address be present performs in the corresponding relation of port, following step is performed:
Judge whether the property value of the first port attribute of the source port is consistent with the first preset attribute value, if so, holding Row is in next step;
Validity checking is carried out to the source MAC of the clear text.
Optionally, the source MAC to the clear text carries out validity checking, real in the following way It is existing:
Judge the source MAC and corresponding entry of the source port in the MAC Address and port corresponding relation Whether the MAC Address of middle record is consistent, if it is inconsistent, performing next step;
Abandon the clear text.
Optionally, it is described to judge the source MAC and the source port in the MAC Address and port corresponding relation In corresponding entry in before the whether consistent sub-step of the MAC Address that records performs, perform following sub-steps:
The corresponding entry that the source port be present is searched whether in the MAC Address and port corresponding relation, if in the presence of, Perform the judgement source MAC and corresponding entry of the source port in the MAC Address and port corresponding relation The whether consistent sub-step of the MAC Address of middle record.
Optionally, the correspondence for searching whether to have the source port in the MAC Address and port corresponding relation Entry sub-step, if not finding the corresponding entry of the source port in the MAC Address and port corresponding relation, perform Following sub-steps:
Judge whether property value and the second preset attribute value of the second port attribute of the source port are consistent, if so, holding Row is in next step;
The corresponding relation of the source MAC and the source port is established, and adds the corresponding pass of the MAC Address and port In system.
Optionally, the property value of the first port attribute for judging the source port whether with the first preset attribute value one Step is caused, if the property value of the first port attribute of the source port and the first preset attribute value are inconsistent, is performed next Step;
Judge whether property value and the second preset attribute value of the second port attribute of the source port are consistent, if so, holding Row is in next step;
The corresponding relation of the source MAC and the source port is established, and adds the corresponding pass of the MAC Address and port In system.
Optionally, the property value of the second port attribute for judging the source port and the second preset attribute value whether one Cause, if the property value of the second port attribute of the source port and the second preset attribute value are inconsistent, execution described in The corresponding entry step that the target MAC (Media Access Control) address be present is searched whether in default MAC Address and port corresponding relation.
Optionally, it is described to be received from source port after clear text step performs, and it is described in default MAC Address and Before searching whether that the corresponding entry step that the target MAC (Media Access Control) address be present performs in the corresponding relation of port, following step is performed:
The corresponding entry that the source port be present is searched whether in the MAC Address and port corresponding relation;
If in the presence of, judge the MAC Address that is recorded in the corresponding entry of the source MAC and the source port whether one Cause, if it is inconsistent, abandoning the clear text;
If being not present, establish the corresponding relation of the source MAC and the source port, and add the MAC Address and In the corresponding relation of port.
Optionally, it is described to be received from source port after clear text step performs, and it is described in default MAC Address and Before searching whether that the corresponding entry step that the target MAC (Media Access Control) address be present performs in the corresponding relation of port, following step is performed:
Judge whether property value and the second preset attribute value of the second port attribute of the source port are consistent, if so, holding Row is in next step;
The corresponding relation of the source MAC and the source port is established, and adds the corresponding pass of the MAC Address and port In system.
Optionally, it is described to search whether the target MAC (Media Access Control) address be present in default MAC Address and port corresponding relation Corresponding entry step, if the corresponding entry of the target MAC (Media Access Control) address in the MAC Address and port corresponding relation be present, lead to Cross in the corresponding entry port recorded and send the clear text.
Optionally, the port attribute that the basis is pre-set chooses the destination interface for meeting specified conditions, and passes through institute State destination interface and send the clear text, realized using following manner:
For each port in candidate ports, operations described below is performed:
Judge whether the property value of the 3rd port attribute of the port is consistent with the 3rd preset attribute value;
If so, choosing the port as the destination interface, and the clear text is sent by the port;
Wherein, the candidate ports include:All of the port outside the source port.
Optionally, if the port in the candidate ports all judges to finish, following step is performed:
Judge whether to choose and arrive at least one destination interface, if it is not, abandoning the clear text.
Optionally, the port attribute that the basis is pre-set chooses the destination interface for meeting specified conditions, and passes through institute After stating the destination interface transmission clear text step execution, following step is performed:
Response message corresponding to the clear text is received from the destination interface.
Optionally, it is described to perform it from response message step corresponding to the destination interface reception clear text Afterwards, following step is performed:
Judge to receive the second port attribute of the port of the response message property value, with the second preset attribute value whether Unanimously, if so, performing next step;
The corresponding relation of port of the target MAC (Media Access Control) address with receiving the response message is established, and with adding the MAC In location and port corresponding relation.
The application provides a kind of message process device based on virtual bridge in addition, including:
Clear text receiving unit, for receiving clear text from source port;The clear text carries source MAC Address and target MAC (Media Access Control) address;
Target MAC (Media Access Control) address searches judging unit, for searching whether to deposit in default MAC Address and port corresponding relation In the corresponding entry of the target MAC (Media Access Control) address, if being not present, clear text transmitting element is run;
The clear text transmitting element, the mesh of specified conditions is met for being chosen according to the port attribute pre-set Port, and pass through the destination interface and send the clear text.
Optionally, the type of the source port is:Virtual port or the network port;
The type of the destination interface is:Virtual port or the network port.
Optionally, the port attribute includes:
First port attribute, second port attribute and the 3rd port attribute.
Optionally, the message process device based on virtual bridge, including:
First port determined property unit, for judge the source port first port attribute property value whether with One preset attribute value is consistent, if so, operation source MAC inspection unit;
The source MAC inspection unit, for carrying out validity checking to the source MAC of the clear text.
Optionally, the source MAC inspection unit, including:
Source MAC judgment sub-unit, for judging the source MAC, with the source port in the MAC Address and Whether the MAC Address recorded in the corresponding entry in the corresponding relation of port is consistent, if inconsistent, operation clear text abandons Subelement;
The clear text abandons subelement, for abandoning the clear text.
Optionally, the source MAC inspection unit, including:
Corresponding entry searches subelement, for being searched whether in the MAC Address and port corresponding relation in the presence of described The corresponding entry of source port, if in the presence of running the source MAC judgment sub-unit.
Optionally, the source MAC inspection unit also includes:Second port determined property subelement and source MAC Learn subelement;
The operation result of subelement is searched according to the corresponding entry, if not having in the MAC Address and port corresponding relation There is the corresponding entry for finding the source port, run the second port determined property subelement;
The second port determined property subelement, for judge the source port second port attribute property value with Whether the second preset attribute value is consistent, if so, running the source MAC study subelement;
The source MAC learns subelement, for establishing the corresponding relation of the source MAC and the source port, And add in the MAC Address and port corresponding relation.
Optionally, the message process device based on virtual bridge, including:
Source port searching unit, for searching whether the source be present in the MAC Address and port corresponding relation The corresponding entry of mouth;
If in the presence of operation source MAC judging unit;
The source MAC judging unit, for judging the source MAC with remembering in the corresponding entry of the source port Whether the MAC Address of record is consistent, if it is inconsistent, abandoning the clear text;
If being not present, source MAC unit is run;
The source MAC unit, for establishing the corresponding relation of the source MAC and the source port, and Add in the MAC Address and port corresponding relation.
Optionally, the message process device based on virtual bridge, including:
Second port determined property unit, it is pre- for the property value of the second port attribute that judges the source port and second If whether property value is consistent, if so, operation source port unit;
The source port unit, for establishing the corresponding relation of the source MAC and the source port, and add In the MAC Address and port corresponding relation.
Optionally, the message process device based on virtual bridge, including:
Second clear text transmitting element;
The operation result of judging unit is searched according to the target MAC (Media Access Control) address, if the MAC Address and port corresponding relation The middle corresponding entry that the target MAC (Media Access Control) address be present, run the second clear text transmitting element;
Wherein, the second clear text transmitting element, sent for the port by being recorded in the corresponding entry The clear text.
Optionally, the clear text transmitting element includes:3rd port attribute judgment sub-unit;
For each port in candidate ports, the 3rd port attribute judgment sub-unit is run:
The 3rd port attribute judgment sub-unit, for judge the port the 3rd port attribute property value whether It is consistent with the 3rd preset attribute value;
If so, choosing the port as the destination interface, and the clear text is sent by the port;
Wherein, the candidate ports include:All of the port outside the source port.
Optionally, the clear text transmitting element also includes:Abandon judgment sub-unit;
If the port in the candidate ports all judges to finish, the discarding judgment sub-unit is run:
The discarding judgment sub-unit, at least one destination interface is arrived for judging whether to choose, if it is not, abandoning institute State clear text.
Optionally, the message process device based on virtual bridge, including:
Response message receiving unit, for receiving response message corresponding to the clear text from the destination interface.
Optionally, the message process device based on virtual bridge, including:
Target MAC (Media Access Control) address judgment of learning unit, the second port attribute of the port for judging to receive the response message Property value, whether consistent with the second preset attribute value, if so, operation target MAC (Media Access Control) address unit;
The target MAC (Media Access Control) address unit, for the end established the target MAC (Media Access Control) address with receive the response message The corresponding relation of mouth, and add in the MAC Address and port corresponding relation.
Compared with prior art, the application has advantages below:
The message processing method based on virtual bridge that the application provides, including:Clear text is received from source port;Institute State clear text and carry source MAC and target MAC (Media Access Control) address;Being searched in default MAC Address and port corresponding relation is No have the corresponding entry of the target MAC (Media Access Control) address, if being not present, performs next step;Selected according to the port attribute pre-set The destination interface for meeting specified conditions is taken, and the clear text is sent by the destination interface.
The message processing method based on virtual bridge that the application provides, clear text, root are received from source port The target MAC (Media Access Control) address carried according to the clear text, searches whether exist in default MAC Address and port corresponding relation The corresponding entry of the target MAC (Media Access Control) address, if it does not, representing that the clear text is unknown message, then according in advance The port attribute of setting, which is chosen, meets that the destination interface of specified conditions sends the clear text, avoids for unknown message Take flooding (flooding) mode to be transmitted, that is, avoid all of the port outside the source port all as purpose Port sends the clear text, so as to reduce the number for the destination interface for sending the clear text, reduces Send the resource that the clear text is consumed.
Brief description of the drawings
A kind of schematic diagram for virtual bridge that the application of accompanying drawing 1 provides;
Accompanying drawing 2 is a kind of process chart for message processing method embodiment based on virtual bridge that the application provides;
The schematic diagram for another virtual bridge that the embodiment of the present application of accompanying drawing 3 provides;
Accompanying drawing 4 is a kind of schematic diagram for message process device embodiment based on virtual bridge that the application provides.
Embodiment
Many details are elaborated in the following description in order to fully understand the application.But the application can be with Much it is different from other modes described here to implement, those skilled in the art can be in the situation without prejudice to the application intension Under do similar popularization, therefore the application is not limited by following public specific implementation.
The application provides a kind of message processing method based on virtual bridge, and the application also provides one kind and is based on virtual bridge Message process device.The accompanying drawing of the embodiment provided below in conjunction with the application is described in detail one by one, and other side Each step of method illustrates.
A kind of message processing method embodiment based on virtual bridge that the application provides is as follows:
Referring to the drawings 2, it illustrates a kind of message processing method embodiment based on virtual bridge of the application offer Process chart, referring to the drawings 3, a kind of schematic diagram of the virtual bridge provided it illustrates the present embodiment.In addition, described be based on Relation between each step of the message processing method embodiment of virtual bridge, please 2 determine with reference to the accompanying drawings.
Step S201, clear text is received from source port.
Virtual bridge is practiced without limitation to specific operating system, and the field of row data communication is entered suitable for connection different segment Scape, being particularly suitable for use in needs the scene that data forwarding is carried out in same physical machine.Virtual bridge as shown in Figure 3, it is provided with more Individual port, the type of the port include:Virtual port and the network port;Wherein, the virtual port respectively with corresponding void Plan machine is bound, for example, the Port1 to Portn shown in accompanying drawing 3, binds with the virtual machine shown in VM1 to VMn respectively.The network Port and VLAN establish connection, for example, the Port_1 to Port_m shown in accompanying drawing 3, can respectively with the void in physical machine Intend LAN (VLAN) and establish connection.
Source port described in the embodiment of the present application, refer to the port for currently receiving the clear text, therefore, the source The type of mouth is the virtual port or the network port, still, receives the source port of the clear text only There can be one.For example, as shown in figure 3, source port is the virtual port (Port1) with virtual machine 1 (VM1) binding.The purpose Port, refer to the port for sending clear text.It is similar, the type of the destination interface for the virtual port or The network port, for the clear text received from the source port, sends the clear text, it is necessary to explanation Destination interface be probably one, it is also possible to it is multiple;If there is multiple destination interfaces, the type of the destination interface It can be the virtual port or the network port with identical, but be also possible to difference, the type of a part of destination interface is The virtual port, the type of another part destination interface is the network port.
Message (Message) is that the data cell (i.e. data block) with transmission, the message transmission procedure are exchanged in network In can constantly be packaged into the various forms such as packet, bag, frame and be transmitted, the packaged type of the message is exactly to add some letters Section is ceased, for example, including the data messages such as type of message, message version, message length, message entity in the message segment of addition.This Apply embodiment described in clear text, refer to virtual bridge received from the source port, etc. to be forwarded to other ports report Text.The clear text carries source MAC and target MAC (Media Access Control) address, two layer physical networks can be according to the clear texts The target MAC (Media Access Control) address of carrying forwards to it.
For example, the clear text shown in following table:
Data Source IP address Purpose IP address Source MAC Target MAC (Media Access Control) address
This step receives the clear text from the source port.In the specific implementation, for being connect from the source port The clear text is received, its security can not be also determined, it is necessary to determine whether.For example, under public cloud environment, virtual machine The clear text that inside issues, the source MAC that it is carried is not necessarily credible, it is understood that there may be the situation of MAC deceptions, if The MAC Address that virtual machine uses when sending clear text is not the MAC Address of cloud platform distribution, but other equipment MAC Address, virtual bridge just will be considered that same MAC Address pair after the source port receives the clear text Different equipment is answered, it is likely that cause the Network Abnormal of cloud environment, very big risk be present.Therefore, for described pending The source MAC that message carries, performs validity checking operation, and the validity checking operation is implemented as follows:
1) judge whether the property value of the first port attribute of the source port is consistent with the first preset attribute value;
In the present embodiment, the port of virtual bridge, i.e., described virtual port and the network port are previously provided with respectively Respective port attribute.The port attribute includes:First port attribute, second port attribute and the 3rd port attribute;
Wherein, the first port attribute is the foundation that the source port and the destination interface carry out validity checking, As described above, the type of the source port is the virtual port or the network port, therefore, according to the virtual port The first port attribute of setting, the source MAC that the clear text received from the virtual port carries can be directed to and carried out Validity checking;Equally, the first port attribute set according to the network port, it can be directed to from the network port and receive Clear text carry source MAC carry out validity checking.
In this step, judge the source port first port attribute property value whether with the first preset attribute value one Cause;
If so, then demonstrate the need for carrying out legitimacy to the source MAC that the clear text that the source port receives carries Check, perform following source MACs to the clear text and carry out validity checking step;
If it is not, then show that the source MAC that the clear text without being received to the source port carries carries out legitimacy Check, the corresponding relation that can perform following MAC Address and port judges to operate;In addition, in the specific implementation, can also be straight Connect and perform following step S202, search whether the target MAC (Media Access Control) address be present in default MAC Address and port corresponding relation Corresponding entry.
For example, the first port attribute src_mac_check of virtual port is configured to the 1, while first preset attribute value 1 is configured to, the two is consistent, then needs the source MAC for being directed to the clear text carrying received from virtual port to carry out legal Property inspection, reason are:Under public cloud environment, clear text that virtual machine internal issues, its source MAC carried It is not necessarily credible, it is understood that there may be the situation of MAC deceptions;The first port attribute src_mac_check of the network port is set to 0, nothing The source MAC that the clear text received from the network port carries need to be directed to and carry out validity checking, reason is:Network-side The VLAN of mouth connection is Intranet, and its security is guaranteed, therefore need not carry out validity checking.
Whether the property value for judging first port attribute src_mac_check is 1, if 1, then shows the source port Type is the virtual port, carries out the validity checking of source MAC;If not 1, then the type for showing the source port is The network port, without carrying out the validity checking of source MAC.
2) validity checking is carried out to the source MAC of the clear text.
The MAC Address and port corresponding relation, for storing the corresponding relation of the source port and source MAC, with And the corresponding relation of the destination interface and target MAC (Media Access Control) address, i.e.,:For store the virtual port and source MAC or The corresponding relation of target MAC (Media Access Control) address, and the network port and source MAC or the corresponding relation of target MAC (Media Access Control) address.Example Such as, the mac address table shown in accompanying drawing 3 is as shown in the table:
MAC Address Port
00:16:3e:02:01:83 Port1
e0:06:e6:87:8e:c2 Port_1
··· ···
In the specific implementation, the bar of MAC Address and the corresponding relation of port in the MAC Address and port corresponding relation Mesh, it can be added by dynamic learning;Further, it is also possible to static configuration, i.e., in advance in the corresponding pass of the MAC Address and port MAC Address and the corresponding relation of port have been configured in system, unlike dynamic learning, using static configuration MAC Address with The entry of the corresponding relation of port, it is also static, it will not go out of use or be updated by the entry of new corresponding relation.
In the present embodiment, the validity checking is realized in the following way:
Judge the source MAC and corresponding entry of the source port in the MAC Address and port corresponding relation Whether the MAC Address of middle record is consistent;
If consistent, show the MAC Address that the source port uses cloud platform to distribute, the source MAC is can It is letter, safe;
If inconsistent, it is not the MAC Address distributed using cloud platform to show the source port, but uses other equipment MAC Address, it is understood that there may be MAC deception situation, the source MAC is insincere, then abandons the clear text, no longer The clear text is sent by other ports.
Operated by above-mentioned validity checking, to judge that the source MAC included in the clear text whether there is The situation of MAC deceptions, once the source MAC has MAC deceptions, shows to include the clear text of the source MAC It is fly-by-night, illegal, then directly abandons the clear text, the clear text is no longer passed through into other ends Mouth is sent, and avoids the other users for the user's attack cloud platform for sending the clear text, improves the safety of cloud platform Property.
When it is implemented, in the above-mentioned judgement source MAC and the source port in the MAC Address and port pair Before the whether consistent sub-step of the MAC Address recorded in corresponding entry in should being related to performs, can also in the MAC Address and The source port is searched in the corresponding relation of port to whether there is, and the validity checking operation is further improved, specifically, in institute State the corresponding entry for searching whether the source port be present in MAC Address and port corresponding relation;
If in the presence of showing the source port, and the source port in the MAC Address and port corresponding relation be present Corresponding source MAC, perform and described judge the source MAC, corresponding in the MAC Address and port with the source port The whether consistent sub-step of the MAC Address recorded in corresponding entry in relation;
If being not present, show that the source port is not yet recorded among the MAC Address and port corresponding relation, can The corresponding relation for performing following MAC Address and port judges to operate.
In the present embodiment, the corresponding relation of the MAC Address and port judges that operation is implemented as follows:
The MAC Address and the corresponding relation of port judge to operate, and are using the second port attribute as according to progress. The second port attribute is to judge whether that the clear text that study receives from the source port and the destination interface carries Source MAC and target MAC (Media Access Control) address foundation, i.e.,:Judge whether source port pass corresponding with the source MAC Among system's write-in MAC Address and port corresponding relation, and judge whether the destination interface and the target MAC (Media Access Control) address Corresponding relation is write among the MAC Address and port corresponding relation.
Judge whether property value and the second preset attribute value of the second port attribute of the source port are consistent;
If consistent, the corresponding source MAC of the source port can be learnt, establish the source MAC and described The corresponding relation of source port, and add in the MAC Address and port corresponding relation;
If it is inconsistent, without the corresponding source MAC of source port described in calligraphy learning, following step can perform S202, the corresponding entry that the target MAC (Media Access Control) address be present is searched whether in default MAC Address and port corresponding relation.Remove Outside this, in the specific implementation, in order to ensure security, the clear text can be directly abandoned, no longer waits to locate by described Reason message is sent by other ports, meanwhile, the corresponding relation of the source MAC and the source port is no longer also added into institute State in MAC Address and port corresponding relation.
For example, the second preset attribute value is configured to 1, virtual port Port2 second port attribute src_mac_ Learning is configured to 0, and network port Port_3 second port attribute src_mac_learning is configured to 1;Judge second Whether port attribute src_mac_learning property value is 1;
If so, the corresponding source MAC of the source port can be learnt, the source MAC and the source are established The corresponding relation of mouth, and add in the MAC Address and port corresponding relation;
If it is not, then show the corresponding source MAC of source port described in no calligraphy learning.
According to judged result, virtual port Port2 is without the corresponding source MAC of source port described in calligraphy learning, network Port Port_3 can learn the corresponding source MAC of the source port, i.e.,:Can be by source MAC and network port Port_ In 3 corresponding relation write-in mac address table.
It should be noted that the MAC Address and the corresponding relation of port judge that operation can both be examined in above-mentioned legitimacy Look on the basis of operating and perform, in addition, the corresponding relation of the MAC Address and port judges that operation can also independently be held OK, i.e.,:Described after source port receives the execution of clear text step, and before following step S202 execution, perform Following step:
Judge whether property value and the second preset attribute value of the second port attribute of the source port are consistent;
If so, establishing the corresponding relation of the source MAC and the source port, and add the MAC Address and port In corresponding relation;
If it is not, performing following step S202, searched whether in default MAC Address and port corresponding relation in the presence of described The corresponding entry of target MAC (Media Access Control) address.
In actual applications, a variety of concrete implementation modes can be used, realize validity checking operation and described MAC Address and the corresponding relation of port judge to operate, for example, searching whether to deposit in the MAC Address and port corresponding relation In the corresponding entry of the source port;If in the presence of judging what is recorded in the corresponding entry of the source MAC and the source port Whether MAC Address is consistent, if it is inconsistent, abandoning the clear text;If being not present, establish the source MAC and The corresponding relation of the source port, and add in the MAC Address and port corresponding relation.Realize the validity checking operation The various forms of changes of operation, all simply change of specific implementation are judged with the MAC Address and the corresponding relation of port More, all without departing from the core of the application, therefore all within the protection domain of the application.
Step S202, search whether the target MAC (Media Access Control) address be present in default MAC Address and port corresponding relation Corresponding entry.
In this step, pair that the target MAC (Media Access Control) address be present is searched whether in the MAC Address and port corresponding relation Answer entry;
If in the presence of passing through the port that is recorded in the corresponding entry and send the clear text;
If being not present, show that the target MAC (Media Access Control) address that the clear text carries is corresponding in the MAC Address and port Be not present in relation, can not according to corresponding to the MAC Address and port corresponding relation determine the target MAC (Media Access Control) address port, It can not determine to send the destination interface of the clear text, then following step S203 be performed, according to the port pre-set Attribute chooses the destination interface for meeting specified conditions, and sends the clear text by the destination interface.
Step S203, the destination interface for meeting specified conditions is chosen according to the port attribute pre-set, and by described Destination interface sends the clear text.
The premise for performing this step is above-mentioned steps S202, is not searched in the MAC Address and port corresponding relation The corresponding entry of the target MAC (Media Access Control) address, i.e., the target MAC (Media Access Control) address that described clear text carries is at the MAC Address and end It is not present in mouth corresponding relation, can not determines to send the destination interface of the clear text.Due to that can not determine described in transmission The destination interface of clear text, therefore, each port outside the source port are likely to turn into and wait to locate described in transmission Manage the destination interface of message.In this step, the 3rd port attribute that is pre-set according to the candidate ports, choose and meet The destination interface of specified conditions, and the clear text is sent by the destination interface.The candidate ports, refer to described All of the port outside source port.The specified conditions, the property value and the described 3rd for referring to the 3rd port attribute are preset Property value is consistent.
3rd port attribute is the foundation that destination interface is chosen from the candidate ports.It is well known that when described The target MAC (Media Access Control) address that clear text carries is searched not then in the MAC Address and port corresponding relation, can be taken Flooding (flooding) mode broadcasts the clear text, i.e., is sent by each port outside the source port The clear text.The application to the port on virtual bridge by setting the 3rd port attribute, according to the described 3rd Port attribute chooses the port for meeting the specified conditions as the destination interface, avoids by the candidate ports Each port sends the clear text, so as to reduce the number for the destination interface for sending the clear text, drop The resource that the low transmission clear text is consumed.
In the present embodiment, for each port in the candidate ports, operations described below is performed:
Judge whether the property value of the 3rd port attribute of the port is consistent with the 3rd preset attribute value;
If so, choosing the port as the destination interface, and the clear text is sent by the port;
If it is not, whether the property value for then returning to execution the 3rd port attribute for judging the port is preset with the 3rd and is belonged to Property the consistent step of value, until the candidate ports in port all judge finish.
For example, the 3rd port attribute uufb_enable of virtual port is configured to 1, the 3rd port attribute of the network port Uufb_enable is configured to 0, and the 3rd preset attribute value is configured to 1;
Judge that Port2 to Portn, Port_1 to Port_m each port, chooses wherein the 3rd port attribute successively The port that uufb_enable property value is 1 is as destination interface, according to the 3rd port attribute uufb_ of virtual port Enable property value, and the 3rd port attribute uufb_enable of network port property value, it is final to choose the mesh obtained Port be:Port2 to Portn corresponds to virtual port.
In the specific implementation, after the port in the candidate ports all judges to finish, it is understood that there may be do not choose To the situation of the destination interface, that is, the number for the destination interface chosen is 0, in this case, the pending report Text can not be sent.Therefore, for such case, after the port in the candidate ports all judges to finish, perform following Step:
Judge whether to choose and arrive at least one destination interface;
If so, representing the destination interface chosen to the clear text is sent, pass through the destination interface chosen Send the clear text;
If it is not, represent not leading to without the destination interface chosen to the transmission clear text, the clear text The port for crossing virtual bridge setting is sent, therefore abandons the clear text.
In addition, in the specific implementation, it is above-mentioned that the destination interface is chosen according to the 3rd port attribute, and pass through institute After stating the destination interface transmission clear text, the response message of the clear text can be received, i.e., from described in transmission The destination interface of clear text receives the response message.On this basis, after the response message is received, can learn The destination interface for receiving the response message and the target MAC (Media Access Control) address are practised, i.e.,:The target MAC (Media Access Control) address is established with receiving The corresponding relation of the destination interface of the response message, and add in the MAC Address and port corresponding relation, specific implementation is such as Under:
Judge to receive the property value of the second port attribute of the destination interface of the response message, preset category with described second Whether property value is consistent;
If so, establishing the corresponding relation of destination interface of the target MAC (Media Access Control) address with receiving the response message, and add In the MAC Address and port corresponding relation;
If it is not, do not deal with.
In summary, the message processing method based on virtual bridge that the application provides, is received from source port from treating Message is managed, the target MAC (Media Access Control) address carried according to the clear text, is looked into default MAC Address and port corresponding relation The corresponding entry with the presence or absence of the target MAC (Media Access Control) address is looked for, if it does not, represent that the clear text is unknown message, Then chosen according to the port attribute pre-set and meet that the destination interface of specified conditions sends the clear text, avoid pin Take unknown message flooding (flooding) mode to be transmitted, that is, avoid all of the port outside the source port The clear text all is sent as destination interface, so as to reduce the number for the destination interface for sending the clear text Mesh, reduce and send the resource that the clear text is consumed.
A kind of message process device embodiment based on virtual bridge that the application provides is as follows:
In the above-described embodiment, there is provided a kind of message processing method based on virtual bridge, it is corresponding, this Application additionally provides a kind of message process device based on virtual bridge, illustrates below in conjunction with the accompanying drawings.
Referring to the drawings 4, it illustrates a kind of message process device embodiment based on virtual bridge of the application offer Schematic diagram.
Because device embodiment is substantially similar to embodiment of the method, so describing fairly simple, related part please join The corresponding explanation of the embodiment of the method for above-mentioned offer is provided.Device embodiment described below is only schematical.
The application provides a kind of message process device based on virtual bridge, including:
Clear text receiving unit 401, for receiving clear text from source port;The clear text carries source MAC Address and target MAC (Media Access Control) address;
Target MAC (Media Access Control) address searches judging unit 402, is for being searched in default MAC Address and port corresponding relation No have the corresponding entry of the target MAC (Media Access Control) address, if being not present, operation clear text transmitting element 403;
The clear text transmitting element 403, meet specified conditions for being chosen according to the port attribute pre-set Destination interface, and pass through the destination interface and send the clear text.
Optionally, the type of the source port is:Virtual port or the network port;
The type of the destination interface is:Virtual port or the network port.
Optionally, the port attribute includes:
First port attribute, second port attribute and the 3rd port attribute.
Optionally, the message process device based on virtual bridge, including:
First port determined property unit, for judge the source port first port attribute property value whether with One preset attribute value is consistent, if so, operation source MAC inspection unit;
The source MAC inspection unit, for carrying out validity checking to the source MAC of the clear text.
Optionally, the source MAC inspection unit, including:
Source MAC judgment sub-unit, for judging the source MAC, with the source port in the MAC Address and Whether the MAC Address recorded in the corresponding entry in the corresponding relation of port is consistent, if inconsistent, operation clear text abandons Subelement;
The clear text abandons subelement, for abandoning the clear text.
Optionally, the source MAC inspection unit, including:
Corresponding entry searches subelement, for being searched whether in the MAC Address and port corresponding relation in the presence of described The corresponding entry of source port, if in the presence of running the source MAC judgment sub-unit.
Optionally, the source MAC inspection unit also includes:Second port determined property subelement and source MAC Learn subelement;
The operation result of subelement is searched according to the corresponding entry, if not having in the MAC Address and port corresponding relation There is the corresponding entry for finding the source port, run the second port determined property subelement;
The second port determined property subelement, for judge the source port second port attribute property value with Whether the second preset attribute value is consistent, if so, running the source MAC study subelement;
The source MAC learns subelement, for establishing the corresponding relation of the source MAC and the source port, And add in the MAC Address and port corresponding relation.
Optionally, according to the operation result of the first port determined property unit, if the first port of the source port The property value of attribute and the first preset attribute value are inconsistent, run source port determined property unit;
The source port determined property unit, the property value and second of the second port attribute for judging the source port Whether preset attribute value is consistent, if so, establishing the corresponding relation of the source MAC and the source port, and adds the MAC In address and port corresponding relation.
Optionally, according to the operation result of the second port determined property subelement, if the second end of the source port The property value of mouth attribute and the second preset attribute value are inconsistent, then run the clear text transmitting element 403;
Or the implementing result according to the source port determined property unit, if the second port attribute of the source port Property value and the second preset attribute value it is inconsistent, then run the clear text transmitting element 403.
Optionally, the message process device based on virtual bridge, including:
Source port searching unit, for searching whether the source be present in the MAC Address and port corresponding relation The corresponding entry of mouth;
If in the presence of operation source MAC judging unit;
The source MAC judging unit, for judging the source MAC with remembering in the corresponding entry of the source port Whether the MAC Address of record is consistent, if it is inconsistent, abandoning the clear text;
If being not present, source MAC unit is run;
The source MAC unit, for establishing the corresponding relation of the source MAC and the source port, and Add in the MAC Address and port corresponding relation.
Optionally, the message process device based on virtual bridge, including:
Second port determined property unit, it is pre- for the property value of the second port attribute that judges the source port and second If whether property value is consistent, if so, operation source port unit;
The source port unit, for establishing the corresponding relation of the source MAC and the source port, and add In the MAC Address and port corresponding relation.
Optionally, the message process device based on virtual bridge, including:Second clear text transmitting element;
The operation result of judging unit 402 is searched according to the target MAC (Media Access Control) address, if the MAC Address and port are corresponding The corresponding entry of the target MAC (Media Access Control) address in relation be present, run the second clear text transmitting element;
Wherein, the second clear text transmitting element, sent for the port by being recorded in the corresponding entry The clear text.
Optionally, the clear text transmitting element 403 includes:3rd port attribute judgment sub-unit;
For each port in candidate ports, the 3rd port attribute judgment sub-unit is run:
The 3rd port attribute judgment sub-unit, for judge the port the 3rd port attribute property value whether It is consistent with the 3rd preset attribute value;
If so, choosing the port as the destination interface, and the clear text is sent by the port;
Wherein, the candidate ports include:All of the port outside the source port.
Optionally, the clear text transmitting element 403 also includes:Abandon judgment sub-unit;
If the port in the candidate ports all judges to finish, the discarding judgment sub-unit is run:
The discarding judgment sub-unit, at least one destination interface is arrived for judging whether to choose, if it is not, abandoning institute State clear text.
Optionally, the message process device based on virtual bridge, including:
Response message receiving unit, for receiving response message corresponding to the clear text from the destination interface.
Optionally, the message process device based on virtual bridge, including:
Target MAC (Media Access Control) address judgment of learning unit, the second port attribute of the port for judging to receive the response message Property value, whether consistent with the second preset attribute value, if so, operation target MAC (Media Access Control) address unit;
The target MAC (Media Access Control) address unit, for the end established the target MAC (Media Access Control) address with receive the response message The corresponding relation of mouth, and add in the MAC Address and port corresponding relation.
Although the application is disclosed as above with preferred embodiment, it is not for limiting the application, any this area skill Art personnel are not being departed from spirit and scope, can make possible variation and modification, therefore the guarantor of the application Shield scope should be defined by the scope that the application claim is defined.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net Network interface and internal memory.
Internal memory may include computer-readable medium in volatile memory, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium Example.
1st, computer-readable medium can be by any side including permanent and non-permanent, removable and non-removable media Method or technology realize that information stores.Information can be computer-readable instruction, data structure, the module of program or other numbers According to.The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), dynamic random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), Electrically Erasable Read Only Memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc are read-only Memory (CD-ROM), digital versatile disc (DVD) or other optical storages, magnetic cassette tape, tape magnetic rigid disk storage or Other magnetic storage apparatus or any other non-transmission medium, the information that can be accessed by a computing device available for storage.According to Herein defines, and computer-readable medium does not include non-temporary computer readable media (transitory media), such as modulates Data-signal and carrier wave.
2nd, it will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program production Product.Therefore, the application can use the embodiment in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Form.Moreover, the application can use the computer for wherein including computer usable program code in one or more can use The computer program product that storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) Form.

Claims (30)

  1. A kind of 1. message processing method based on virtual bridge, it is characterised in that including:
    Clear text is received from source port;The clear text carries source MAC and target MAC (Media Access Control) address;
    The corresponding entry that the target MAC (Media Access Control) address be present is searched whether in default MAC Address and port corresponding relation, if not In the presence of performing next step;
    The destination interface for meeting specified conditions is chosen according to the port attribute pre-set, and institute is sent by the destination interface State clear text.
  2. 2. the message processing method according to claim 1 based on virtual bridge, it is characterised in that the class of the source port Type is:Virtual port or the network port;
    The type of the destination interface is:Virtual port or the network port.
  3. 3. the message processing method according to claim 2 based on virtual bridge, it is characterised in that the port attribute bag Include:
    First port attribute, second port attribute and the 3rd port attribute.
  4. 4. the message processing method according to claim 3 based on virtual bridge, it is characterised in that described to be connect from source port Receive after clear text step performs, and described search whether institute be present in default MAC Address and port corresponding relation Before the corresponding entry step execution for stating target MAC (Media Access Control) address, following step is performed:
    Judge whether the property value of the first port attribute of the source port is consistent with the first preset attribute value, if so, under performing One step;
    Validity checking is carried out to the source MAC of the clear text.
  5. 5. the message processing method according to claim 4 based on virtual bridge, it is characterised in that described to wait to locate to described The source MAC for managing message carries out validity checking, realizes in the following way:
    Judge the source MAC, with remembering in corresponding entry of the source port in the MAC Address and port corresponding relation Whether the MAC Address of record is consistent, if it is inconsistent, performing next step;
    Abandon the clear text.
  6. 6. the message processing method according to claim 5 based on virtual bridge, it is characterised in that described to judge the source MAC Address, the MAC Address with being recorded in corresponding entry of the source port in the MAC Address and port corresponding relation are Before no consistent sub-step performs, following sub-steps are performed:
    The corresponding entry that the source port be present is searched whether in the MAC Address and port corresponding relation, if in the presence of execution It is described to judge the source MAC, with remembering in corresponding entry of the source port in the MAC Address and port corresponding relation The whether consistent sub-step of the MAC Address of record.
  7. 7. the message processing method according to claim 6 based on virtual bridge, it is characterised in that described in the MAC The corresponding entry sub-step that the source port be present is searched whether in address and port corresponding relation, if the MAC Address and end The corresponding entry of the source port is not found in mouth corresponding relation, then performs following sub-steps:
    Judge whether property value and the second preset attribute value of the second port attribute of the source port are consistent, if so, under performing One step;
    The corresponding relation of the source MAC and the source port is established, and adds the MAC Address and port corresponding relation In.
  8. 8. the message processing method according to claim 4 based on virtual bridge, it is characterised in that described to judge the source The property value of the first port attribute of port step whether consistent with the first preset attribute value, if the first port of the source port The property value of attribute and the first preset attribute value are inconsistent, perform next step;
    Judge whether property value and the second preset attribute value of the second port attribute of the source port are consistent, if so, under performing One step;
    The corresponding relation of the source MAC and the source port is established, and adds the MAC Address and port corresponding relation In.
  9. 9. the message processing method based on virtual bridge according to claim 7 or 8, it is characterised in that the judgement institute Whether consistent property value and the second preset attribute value of the second port attribute of source port are stated, if the second port of the source port The property value of attribute and the second preset attribute value are inconsistent, then perform described in the corresponding pass of default MAC Address and port The corresponding entry step that the target MAC (Media Access Control) address be present is searched whether in system.
  10. 10. the message processing method according to claim 3 based on virtual bridge, it is characterised in that described from source port Receive after clear text step performs, and described search whether exist in default MAC Address and port corresponding relation Before the corresponding entry step of the target MAC (Media Access Control) address performs, following step is performed:
    The corresponding entry that the source port be present is searched whether in the MAC Address and port corresponding relation;
    If in the presence of judging whether the source MAC and the MAC Address recorded in the corresponding entry of the source port are consistent, such as Fruit is inconsistent, then abandons the clear text;
    If being not present, the corresponding relation of the source MAC and the source port is established, and adds the MAC Address and port In corresponding relation.
  11. 11. the message processing method according to claim 3 based on virtual bridge, it is characterised in that described from source port Receive after clear text step performs, and described search whether exist in default MAC Address and port corresponding relation Before the corresponding entry step of the target MAC (Media Access Control) address performs, following step is performed:
    Judge whether property value and the second preset attribute value of the second port attribute of the source port are consistent, if so, under performing One step;
    The corresponding relation of the source MAC and the source port is established, and adds the MAC Address and port corresponding relation In.
  12. 12. the message processing method according to claim 3 based on virtual bridge, it is characterised in that described default The corresponding entry step that the target MAC (Media Access Control) address be present is searched whether in MAC Address and port corresponding relation, if the MAC The corresponding entry of the target MAC (Media Access Control) address in location and port corresponding relation be present, pass through the port recorded in the corresponding entry Send the clear text.
  13. 13. the message processing method according to claim 3 based on virtual bridge, it is characterised in that the basis is advance The port attribute of setting chooses the destination interface for meeting specified conditions, and sends the pending report by the destination interface Text, realized using following manner:
    For each port in candidate ports, operations described below is performed:
    Judge whether the property value of the 3rd port attribute of the port is consistent with the 3rd preset attribute value;
    If so, choosing the port as the destination interface, and the clear text is sent by the port;
    Wherein, the candidate ports include:All of the port outside the source port.
  14. 14. the message processing method according to claim 13 based on virtual bridge, it is characterised in that if the candidate end Port in mouthful all judges to finish, and performs following step:
    Judge whether to choose and arrive at least one destination interface, if it is not, abandoning the clear text.
  15. 15. the message processing method according to claim 3 based on virtual bridge, it is characterised in that the basis is advance The port attribute of setting chooses the destination interface for meeting specified conditions, and sends the clear text by the destination interface After step performs, following step is performed:
    Response message corresponding to the clear text is received from the destination interface.
  16. 16. the message processing method according to claim 15 based on virtual bridge, it is characterised in that described from the mesh Port receive after response message step performs corresponding to the clear text, perform following step:
    Judge to receive the second port attribute of the port of the response message property value, with the second preset attribute value whether one Cause, if so, performing next step;
    Establish the corresponding relation of port of the target MAC (Media Access Control) address with receiving the response message, and add the MAC Address and In the corresponding relation of port.
  17. A kind of 17. message process device based on virtual bridge, it is characterised in that including:
    Clear text receiving unit, for receiving clear text from source port;The clear text carries source MAC And target MAC (Media Access Control) address;
    Target MAC (Media Access Control) address searches judging unit, for searching whether institute be present in default MAC Address and port corresponding relation The corresponding entry of target MAC (Media Access Control) address is stated, if being not present, runs clear text transmitting element;
    The clear text transmitting element, the destination of specified conditions is met for being chosen according to the port attribute pre-set Mouthful, and the clear text is sent by the destination interface.
  18. 18. the message process device according to claim 17 based on virtual bridge, it is characterised in that the source port Type is:Virtual port or the network port;
    The type of the destination interface is:Virtual port or the network port.
  19. 19. the message process device according to claim 18 based on virtual bridge, it is characterised in that the port attribute Including:
    First port attribute, second port attribute and the 3rd port attribute.
  20. 20. the message process device according to claim 19 based on virtual bridge, it is characterised in that including:
    First port determined property unit, for judge the source port first port attribute property value whether with it is first pre- If property value is consistent, if so, operation source MAC inspection unit;
    The source MAC inspection unit, for carrying out validity checking to the source MAC of the clear text.
  21. 21. the message process device according to claim 20 based on virtual bridge, it is characterised in that the source MAC Location inspection unit, including:
    Source MAC judgment sub-unit, for judging the source MAC, with the source port in the MAC Address and port Whether the MAC Address recorded in the corresponding entry in corresponding relation is consistent, if inconsistent, it is single that operation clear text abandons son Member;
    The clear text abandons subelement, for abandoning the clear text.
  22. 22. the message process device according to claim 21 based on virtual bridge, it is characterised in that the source MAC Location inspection unit, including:
    Corresponding entry searches subelement, for searching whether the source be present in the MAC Address and port corresponding relation Mouthful corresponding entry, if in the presence of running the source MAC judgment sub-unit.
  23. 23. the message process device according to claim 22 based on virtual bridge, it is characterised in that the source MAC Location inspection unit also includes:Second port determined property subelement and source MAC study subelement;
    The operation result of subelement is searched according to the corresponding entry, if not looked into the MAC Address and port corresponding relation The corresponding entry of the source port is found, runs the second port determined property subelement;
    The second port determined property subelement, the property value and second of the second port attribute for judging the source port Whether preset attribute value is consistent, if so, running the source MAC study subelement;
    The source MAC learns subelement, for establishing the corresponding relation of the source MAC and the source port, and adds Enter in the MAC Address and port corresponding relation.
  24. 24. the message process device according to claim 19 based on virtual bridge, it is characterised in that including:
    Source port searching unit, for searching whether the source port be present in the MAC Address and port corresponding relation Corresponding entry;
    If in the presence of operation source MAC judging unit;
    The source MAC judging unit, record in the corresponding entry for judging the source MAC and the source port Whether MAC Address is consistent, if it is inconsistent, abandoning the clear text;
    If being not present, source MAC unit is run;
    The source MAC unit, for establishing the corresponding relation of the source MAC and the source port, and add In the MAC Address and port corresponding relation.
  25. 25. the message process device according to claim 19 based on virtual bridge, it is characterised in that including:
    Second port determined property unit, for the property value and the second default category of the second port attribute for judging the source port Property value it is whether consistent, if so, operation source port unit;
    The source port unit, for establishing the corresponding relation of the source MAC and the source port, and described in addition In MAC Address and port corresponding relation.
  26. 26. the message process device according to claim 19 based on virtual bridge, it is characterised in that including:Second treats Handle packet sending unit;
    The operation result of judging unit is searched according to the target MAC (Media Access Control) address, if being deposited in the MAC Address and port corresponding relation In the corresponding entry of the target MAC (Media Access Control) address, the second clear text transmitting element is run;
    Wherein, the second clear text transmitting element, for described in the port transmission by being recorded in the corresponding entry Clear text.
  27. 27. the message process device according to claim 19 based on virtual bridge, it is characterised in that the pending report Literary transmitting element includes:3rd port attribute judgment sub-unit;
    For each port in candidate ports, the 3rd port attribute judgment sub-unit is run:
    The 3rd port attribute judgment sub-unit, for judge the port the 3rd port attribute property value whether with Three preset attribute values are consistent;
    If so, choosing the port as the destination interface, and the clear text is sent by the port;
    Wherein, the candidate ports include:All of the port outside the source port.
  28. 28. the message process device according to claim 27 based on virtual bridge, it is characterised in that the pending report Literary transmitting element also includes:Abandon judgment sub-unit;
    If the port in the candidate ports all judges to finish, the discarding judgment sub-unit is run:
    The discarding judgment sub-unit, at least one destination interface is arrived for judging whether to choose, if it is not, being treated described in abandoning Handle message.
  29. 29. the message process device according to claim 19 based on virtual bridge, it is characterised in that including:
    Response message receiving unit, for receiving response message corresponding to the clear text from the destination interface.
  30. 30. the message process device according to claim 29 based on virtual bridge, it is characterised in that including:
    Target MAC (Media Access Control) address judgment of learning unit, the category of the second port attribute of the port for judging to receive the response message Property value, whether consistent with the second preset attribute value, if so, operation target MAC (Media Access Control) address unit;
    The target MAC (Media Access Control) address unit, for establishing port of the target MAC (Media Access Control) address with receiving the response message Corresponding relation, and add in the MAC Address and port corresponding relation.
CN201610409339.6A 2016-06-12 2016-06-12 Message processing method and device based on virtual network bridge Active CN107493234B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610409339.6A CN107493234B (en) 2016-06-12 2016-06-12 Message processing method and device based on virtual network bridge

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610409339.6A CN107493234B (en) 2016-06-12 2016-06-12 Message processing method and device based on virtual network bridge

Publications (2)

Publication Number Publication Date
CN107493234A true CN107493234A (en) 2017-12-19
CN107493234B CN107493234B (en) 2021-01-29

Family

ID=60642706

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610409339.6A Active CN107493234B (en) 2016-06-12 2016-06-12 Message processing method and device based on virtual network bridge

Country Status (1)

Country Link
CN (1) CN107493234B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109413082A (en) * 2018-11-12 2019-03-01 郑州云海信息技术有限公司 Message processing method and device in cloud computing system
CN110545244A (en) * 2019-08-12 2019-12-06 视联动力信息技术股份有限公司 message distribution method and device
CN112003771A (en) * 2020-08-25 2020-11-27 四川九州电子科技股份有限公司 Method for realizing intelligent network access of LAN side terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719877A (en) * 2010-01-15 2010-06-02 福建星网锐捷网络有限公司 Message forwarding device, network equipment and method
CN102014142A (en) * 2010-12-31 2011-04-13 中国科学院计算技术研究所 Source address validation method and system
CN102480485A (en) * 2010-11-30 2012-05-30 杭州华三通信技术有限公司 System, method and switching device for realizing cross-device isolation of ports in same VLAN (virtual local area network)
CN102843440A (en) * 2011-06-24 2012-12-26 中兴通讯股份有限公司 Method of preventing media access control address drifting and network processing device
CN102932227A (en) * 2012-10-29 2013-02-13 烽火通信科技股份有限公司 Method for realizing virtual local area network (VLAN) network bridge connection technology
US20130215895A1 (en) * 2012-02-22 2013-08-22 Broadcom Corporation Encoding virtual lan tags

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719877A (en) * 2010-01-15 2010-06-02 福建星网锐捷网络有限公司 Message forwarding device, network equipment and method
CN102480485A (en) * 2010-11-30 2012-05-30 杭州华三通信技术有限公司 System, method and switching device for realizing cross-device isolation of ports in same VLAN (virtual local area network)
CN102014142A (en) * 2010-12-31 2011-04-13 中国科学院计算技术研究所 Source address validation method and system
CN102843440A (en) * 2011-06-24 2012-12-26 中兴通讯股份有限公司 Method of preventing media access control address drifting and network processing device
US20130215895A1 (en) * 2012-02-22 2013-08-22 Broadcom Corporation Encoding virtual lan tags
CN102932227A (en) * 2012-10-29 2013-02-13 烽火通信科技股份有限公司 Method for realizing virtual local area network (VLAN) network bridge connection technology

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王琳: ""云计算环境下基于EVB技术的虚拟机间通信的研究与实现"", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109413082A (en) * 2018-11-12 2019-03-01 郑州云海信息技术有限公司 Message processing method and device in cloud computing system
CN110545244A (en) * 2019-08-12 2019-12-06 视联动力信息技术股份有限公司 message distribution method and device
CN112003771A (en) * 2020-08-25 2020-11-27 四川九州电子科技股份有限公司 Method for realizing intelligent network access of LAN side terminal

Also Published As

Publication number Publication date
CN107493234B (en) 2021-01-29

Similar Documents

Publication Publication Date Title
US10798058B2 (en) Distributed identity-based firewalls
JP6737965B2 (en) Virtual network verification service
CN107566150A (en) Handle the method and physical node of cloud resource
CN104718723B (en) For the networking in virtual network and the frame of security service
CN103930882B (en) The network architecture with middleboxes
EP2206052B1 (en) Methods and apparatus for managing addresses related to virtual partitions of a session exchange device
CN104320418B (en) Local security network access to remote service is provided
CN103946834B (en) virtual network interface objects
US9565138B2 (en) Rule-based network traffic interception and distribution scheme
CN107925589A (en) Remote device management attribute is distributed to service node for service regulation processing
CN107005555A (en) The distributed fire wall of context-aware
CN106254256B (en) Data message forwarding method and equipment based on three layers of VXLAN gateway
CN104038422B (en) Message forwarding method and gateway
CN103731356B (en) Message processing method and device
CN107005561A (en) Autonomous positioning device/identifier the separated protocol extended for safe mixed cloud
CN104780221B (en) Medium-sized and small enterprises intellectual property synthetic service platform system
CN107077367A (en) Privately owned alias end points for isolating virtual network
CN104967609A (en) Intranet development server access method, intranet development server access device and intranet development server access system
JP2021528749A (en) Automatic packetless network reachability analysis
CN105490995B (en) A kind of method and apparatus that NVE E-Packets in NVO3 networks
US9813357B2 (en) Filtration of network traffic using virtually-extended ternary content-addressable memory (TCAM)
CN107493234A (en) A kind of message processing method and device based on virtual bridge
CN109728984A (en) A kind of access system, method and device
CN106533973A (en) Method and system for distributing service message, and equipment
CN107682470A (en) The method and device of public network IP availability in a kind of detection nat address pool

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant