CN107809498B - Communication method and communication device - Google Patents
Communication method and communication device Download PDFInfo
- Publication number
- CN107809498B CN107809498B CN201711015635.9A CN201711015635A CN107809498B CN 107809498 B CN107809498 B CN 107809498B CN 201711015635 A CN201711015635 A CN 201711015635A CN 107809498 B CN107809498 B CN 107809498B
- Authority
- CN
- China
- Prior art keywords
- port
- dhcp server
- target
- mac address
- target dhcp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiment of the invention provides a communication method and a communication device, and relates to the field of communication. The method comprises the following steps: after a first port monitors a DHCP Discover message sent by a user terminal, a second port corresponding to the user terminal and a target DHCP server are obtained; and forwarding the DHCP Discover message to the target DHCP server through the second port. The technical scheme provided by the invention can effectively avoid the situation that the user terminal cannot normally access the network due to the fact that the user terminal acquires the IP address from the illegal DHCP server, and the network experience of the user terminal is improved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a communication method and a communication apparatus.
Background
At present, the DHCP server is applied to almost all network environments for realizing dynamic allocation of IP addresses of terminals. The inventor of the application finds that in the process of allocating the IP address, the user terminal of the DHCP server cannot judge the legality of the DHCP server, so that the IP address is often acquired from an illegal DHCP server, and the network cannot be normally accessed.
Disclosure of Invention
In order to overcome the above disadvantages in the prior art, an object of the present invention is to provide a communication method and a communication device, which can effectively avoid the situation that a user terminal cannot normally access a network due to acquiring an IP address from an illegal DHCP server, and improve the network experience of the user terminal.
In order to achieve the above object, the preferred embodiment of the present invention adopts the following technical solutions:
the preferred embodiment of the present invention provides a communication method, which includes:
after a first port monitors a DHCP Discover message sent by a user terminal, a second port corresponding to the user terminal and a target DHCP server are obtained;
and forwarding the DHCP Discover message to the target DHCP server through the second port.
In a preferred embodiment of the present invention, the acquiring the second port and the target DHCP server corresponding to the user terminal includes:
and searching a second port corresponding to the first port and the MAC address of the target DHCP server based on the established corresponding relation among the first port, the MAC address of the target DHCP server and the second port.
In a preferred embodiment of the present invention, the forwarding the DHCP Discover message to the target DHCP server through the second port includes:
acquiring the MAC address of the target DHCP server;
determining the MAC address as a target MAC address in the DHCP Discover message;
and forwarding the DHCP Discover message to the target DHCP server through the second port based on the target MAC address.
In a preferred embodiment of the present invention, before the first port monitors a DHCP Discover message sent by the user terminal, the method further includes:
sending a gratuitous ARP request message to the target DHCP server through the second port based on the IP address of the target DHCP server designated for the first port;
receiving an ARP response message sent by the target DHCP server, and acquiring an MAC address of the target DHCP server;
and establishing a corresponding relation among the first port, the MAC address of the target DHCP server and the second port.
In a preferred embodiment of the present invention, before the first port monitors a DHCP Discover message sent by the user terminal, the method further includes:
sending a gratuitous ARP request message to the target DHCP server through the second port based on the IP address of the target DHCP server with the highest priority appointed for the first port;
judging whether an ARP response message sent by the target DHCP server with the highest priority is received or not, if not, sending a free ARP request message to the target DHCP server with the second highest priority through the second port based on the IP address of the target DHCP server with the second highest priority appointed by the first port;
when an ARP response message sent by the target DHCP server with the next highest priority is received, the MAC address of the target DHCP server with the next highest priority is obtained;
and establishing a corresponding relation among the first port, the MAC address of the target DHCP server with the second highest priority and the second port.
In a preferred embodiment of the present invention, after the establishing the correspondence relationship between the first port, the MAC address of the target DHCP server with the second highest priority, and the second port, the method further includes:
sending a free ARP request message to the target DHCP server with the highest priority through the second port at intervals of a preset period;
if an ARP request message sent by the target DHCP server with the highest priority is received at any time, establishing a corresponding relation among the first port, the MAC address of the target DHCP server with the highest priority and the second port according to the ARP response message, wherein the priority of the corresponding relation among the first port, the MAC address of the target DHCP server with the highest priority and the second port is greater than the priority of the corresponding relation among the first port, the MAC address of the target DHCP server with the next highest priority and the second port.
A preferred embodiment of the present invention further provides a communication apparatus, including:
the first acquisition module is used for acquiring a second port and a target DHCP server corresponding to the user terminal after the first port monitors a DHCP Discover message sent by the user terminal;
and the forwarding module is used for forwarding the DHCP Discover message to the target DHCP server through the second port.
Compared with the prior art, the invention has the following beneficial effects:
the embodiment of the invention provides a communication method and a communication device, wherein after a first port monitors a DHCP Discover message sent by a user terminal, a second port and a target DHCP server corresponding to the user terminal are obtained, and then the DHCP Discover message is forwarded to the target DHCP server through the second port. Based on the technical scheme, compared with the prior art, the situation that the user terminal cannot normally access the network due to the fact that the user terminal obtains the IP address from the illegal DHCP server can be effectively avoided, and the network experience of the user terminal is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic view of an application scenario of a communication device according to a preferred embodiment of the present invention;
fig. 2 is a flowchart illustrating a communication method according to a preferred embodiment of the present invention;
FIG. 3 is a functional block diagram of a communication device according to a preferred embodiment of the present invention;
FIG. 4 is a block diagram of another embodiment of a communication device;
FIG. 5 is a block diagram of another embodiment of a communication device;
icon: 100-a communication device; 101-a first sending module; 102-a receiving module; 103-a first establishing module; 104-a second sending module; 105-a judging module; 106-a second acquisition module; 107-a second setup module; 110-a first acquisition module; 120-a forwarding module; 200-a user terminal; 300-DHCP server.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present invention, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
In the prior art, because the user terminal cannot judge the validity of the DHCP server in the IP address allocation process of the DHCP server, the user terminal often acquires an IP address from an illegal DHCP server, and thus the user terminal cannot normally access a network. The inventor of the present application finds that the current solution to the above problem is mainly the DHCP Snooping scheme. The DHCP Snooping is a safety characteristic of DHCP, and the user terminal and the DHCP server are connected through a two-layer Snooping device which enables the DHCP Snooping function, on one hand, the Snooping device divides a port into an untrusty type and a truy type, and after the untrusty port receives DHCP ACK, NAK and Offer messages responded by the server, the messages are discarded, so that the user terminal is prevented from obtaining an IP address from an illegal server. However, through research by the present inventors, it is found that although DHCP Snooping can prevent an illegal DHCP server in some scenarios, if a trust port of a Snooping device is not directly connected to the DHCP server, for example, a lan in an upper layer to which the trust port is connected, and there are many DHCP servers in the lan, the Snooping device cannot further distinguish the legal DHCP server from the illegal DHCP server. In the above scenario, the user terminal may still obtain an IP address from an illegal DHCP server or other mismatched DHCP servers, which may result in a failure to access the network normally.
Because the existing general security mechanism of DHCP is less, DHCP Snooping is the most common security characteristic of DHCP, the application is very wide, the use scenes are also various, and the trust port can not further distinguish the DHCP server, thus embodying the security vulnerability of the characteristic and limiting the flexibility of networking. In view of the above problems, the present inventors have conducted extensive research and research to provide the following embodiments to solve the above problems. The following describes embodiments of the present invention in detail with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.
Fig. 1 is a schematic view of an application scenario of a communication device 100 according to a preferred embodiment of the present invention. In this embodiment, the communication device 100 may be connected to the user terminal 200 in a communication manner and connected to the DHCP server 300 through a local area network in a communication manner, but in other embodiments, the communication device 100 may be directly connected to the DHCP server 300 in a communication manner. In this application scenario, it can be seen that the communication device 100 is a communication device 100 under a two-layer network, and as an embodiment, the communication device 100 may be a switch.
The user terminal 200 may be a device with wireless transceiving function, including indoor or outdoor, hand-held, wearable, or vehicle-mounted, or may be deployed on the water surface (such as a ship), or may be deployed in the air (such as an airplane, a balloon, and a satellite). The user terminal 200 may be a mobile phone (mobile phone), a tablet computer (Pad), a computer with a wireless transceiving function, a Virtual Reality (VR) terminal device, an Augmented Reality (AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in self driving (self driving), a wireless terminal in remote medical (remote medical), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in home (smart home), and so on. The embodiments of the present application do not limit the application scenarios. User terminal 200 may also sometimes be referred to as a User Equipment (UE), an access terminal, a UE unit, a UE station, a mobile station, a distant station, a remote terminal, a mobile device, a UE terminal, a terminal device, a wireless communication device, a UE agent, or a UE device, etc.
Referring to fig. 2, a flow chart of a communication method according to a preferred embodiment of the invention is shown, which can be executed by the communication device 100 shown in fig. 1. It should be noted that the communication method provided by the embodiment of the present invention is not limited by the specific sequence shown in fig. 2 and described below. The method comprises the following specific steps:
step S110, after the first port monitors the DHCP Discover message sent by the user terminal 200, obtain a second port and a target DHCP server corresponding to the user terminal 200.
Specifically, the DHCP Discover message is a broadcast message used to find the DHCP server 300 in the local area network, and generally, the DHCP Discover message includes an active MAC address and a destination MAC address, where the active MAC address is the MAC address of the user terminal 200 that sends the DHCP Discover message, the destination MAC address is a broadcast of ffff. In a local area network, the user terminal 200 may detect the DHCP server 300 in the network using a DHCP Discover message, and after receiving the DHCP Discover message sent by the user terminal 200, the DHCP server 300 may take out an unassigned IP address and a parameter (e.g., mask, DNS, gateway, domain name, lease … …) in an address pool, and then send out the DHCP Offer message, where the DHCP Offer message includes the IP address assigned to the user terminal 200, and the user terminal 200 may obtain the IP address after receiving the DHCP Offer message, so as to execute a corresponding terminal task.
In this embodiment, the communication device 100 may include a first port for communication connection with the user terminal 200, and a second port for communication connection with the DHCP server 300. The first port connected to the user terminal 200 is set as an untrusty port, and the second port connected to the DHCP server is set as a trust port. Further, the communication device 100 may further store the established correspondence between the first port, the MAC address of the target DHCP server, and the second port.
In actual implementation, if the user terminal 200 is connected to the communication apparatus 100 through the first port on the communication apparatus 100, after the first port monitors the DHCP Discover message sent by the user terminal 200, the communication apparatus 100 searches for the second port corresponding to the first port and the MAC address of the target DHCP server based on the established correspondence between the first port, the MAC address of the target DHCP server, and the second port.
Step S120, forwarding the DHCP Discover message to the target DHCP server through the second port.
Specifically, in this embodiment, after finding the second port corresponding to the first port and the MAC address of the target DHCP server, the MAC address of the target DHCP server is first obtained, then the MAC address is determined as the destination MAC address in the DHCP Discover message, and then the DHCP Discover message is forwarded to the target DHCP server through the second port based on the destination MAC address. And after receiving the DHCP Discover message, the target DHCP server allocates an IP address to the user terminal 200.
Based on the above design, in the communication method provided in this embodiment, after the first port monitors the DHCP Discover message sent by the user terminal 200, the second port and the target DHCP server corresponding to the user terminal 200 are obtained, and the DHCP Discover message is forwarded to the target DHCP server through the second port, so that the DHCP Discover message is forwarded in a unicast manner, thereby avoiding other illegal DHCP servers 300 responding to the DHCP Discover message, avoiding a situation that the user terminal 200 cannot normally access the network due to obtaining an IP address from the illegal DHCP server 300, improving the network experience of the user terminal 200, and ensuring the internet access security of the user terminal 200. In addition, in the whole process, the DHCP server 300 and the user terminal 200 do not need to modify any configuration, so the scheme also has good compatibility and applicability.
Further, as an embodiment, first, an IP address of the target DHCP server is specified for the first port in the communication device 100, and then a gratuitous ARP request message may be periodically sent to the target DHCP server through the second port based on the IP address, and the target DHCP server sends an ARP response message to the communication device 100 after receiving the gratuitous ARP request message. The communication device 100 receives the ARP response packet fed back by the target DHCP server, acquires the MAC address of the target DHCP server in the ARP response packet, and establishes a correspondence between the first port, the MAC address of the target DHCP server, and the second port. The correspondence may further include an IP address and update time of the DHCP server, and further, in order to improve reliability, the communication apparatus 100 may further designate IP addresses of a plurality of target DHCP servers to the first port and set a priority of each target DHCP server. As an embodiment, the communication device 100 first determines, based on the IP address of the highest priority target DHCP server assigned to the first port, sending a gratuitous ARP request message to the target DHCP server through the second port, and judges whether the ARP response message sent by the target DHCP server is received, if not, based on the IP address of the next highest priority target DHCP server assigned for the first port, sending a gratuitous ARP request message to a target DHCP server with the second highest priority through the second port, if the ARP response message fed back by the target DHCP server with the second highest priority is received, and analyzing the MAC address of the target DHCP server with the next highest priority in the ARP response message, and establishing the corresponding relation among the first port, the MAC address of the target DHCP server with the next highest priority and the second port.
In addition, if the communication apparatus 100 still does not receive the ARP response packet fed back by the target DHCP server with the next highest priority, the communication apparatus continues to send a gratuitous ARP request packet based on the target DHCP server with the next highest priority until receiving the ARP response packet fed back by the target DHCP server, and then generates a corresponding relationship with the first port.
If all the designated target DHCP servers of the first port are not reachable, that is, no ARP response message is fed back, the communication device 100 updates the corresponding relationship of the first port to display that the MAC address of the target DHCP server is "unknown", and at this time, when receiving the DHCP Discover message sent by the user terminal 200, directly discards the message.
Further, the communication device 100 may further send a gratuitous ARP request packet to the highest priority target DHCP server through the second port at intervals of a preset period, and if the ARP request packet sent by the highest priority target DHCP server is received at any time, establish a correspondence between the first port, the MAC address of the highest priority target DHCP server, and the second port according to the ARP response packet. The priority of the corresponding relation among the first port, the MAC address of the target DHCP server with the highest priority and the second port is greater than the priority of the corresponding relation among the first port, the MAC address of the target DHCP server with the second highest priority and the second port. Therefore, the DHCP service can be carried out at the first time when the target DHCP server with the highest priority recovers.
Based on the above design, the communication device 100 periodically sends a free ARP request message to obtain an ARP response message of the target DHCP server of each priority, thereby ensuring that the correspondence among the first port, the target DHCP server, and the second port is continuously updated, and improving the reliability of the network. Meanwhile, by assigning the IP addresses of a plurality of target DHCP servers to the same first port and setting the priority of each target DHCP server, the reliability of the network can be further improved, and the situation that the user terminal 200 cannot acquire an IP address when the originally assigned target DHCP server fails is prevented.
Further, referring to fig. 3, a communication device 100 according to a preferred embodiment of the present invention is further provided, the device including:
the first obtaining module 110 is configured to obtain a second port and a target DHCP server corresponding to the user terminal 200 after the first port monitors a DHCP Discover message sent by the user terminal 200.
A forwarding module 120, configured to forward the DHCP Discover message to the target DHCP server through the second port.
Optionally, the first obtaining module 110 is further configured to search for a second port corresponding to the first port and an MAC address of the target DHCP server based on an established correspondence between the first port, the MAC address of the target DHCP server, and the second port.
Optionally, the forwarding module 120 is further configured to obtain an MAC address of the target DHCP server, determine the MAC address as a destination MAC address in the DHCP Discover message, and forward the DHCP Discover message to the target DHCP server through the second port based on the destination MAC address.
Optionally, referring to fig. 4, the apparatus may further include:
a first sending module 101, configured to send a gratuitous ARP request packet to the target DHCP server through the second port based on the IP address of the target DHCP server specified for the first port.
The receiving module 102 is configured to receive the ARP response packet sent by the target DHCP server, and obtain the MAC address of the target DHCP server.
A first establishing module 103, configured to establish a corresponding relationship between the first port, the MAC address of the target DHCP server, and the second port.
Optionally, referring to fig. 5, the apparatus may further include:
a second sending module 104, configured to send a gratuitous ARP request packet to a target DHCP server through the second port based on the IP address of the target DHCP server with the highest priority specified for the first port.
A judging module 105, configured to judge whether an ARP response packet sent by the highest-priority target DHCP server is received, and if not, send a free ARP request packet to the next-highest-priority target DHCP server through the second port based on the IP address of the next-highest-priority target DHCP server specified for the first port;
a second obtaining module 106, configured to obtain the MAC address of the target DHCP server with the next highest priority when receiving the ARP response packet sent by the target DHCP server with the next highest priority;
a second establishing module 107, configured to establish a corresponding relationship between the first port, the MAC address of the target DHCP server with the second highest priority, and the second port.
Optionally, the second sending module 104 is further configured to send a gratuitous ARP request packet to the target DHCP server with the highest priority through the second port at intervals of a preset period.
The second establishing module 107 is further configured to, if an ARP request packet sent by the highest priority target DHCP server is received at any time, establish a correspondence between the first port, the MAC address of the highest priority target DHCP server, and the second port according to the ARP response packet. The priority of the corresponding relation among the first port, the MAC address of the target DHCP server with the highest priority and the second port is greater than the priority of the corresponding relation among the first port, the MAC address of the target DHCP server with the second highest priority and the second port.
In addition, it should be particularly noted that, as those skilled in the art can easily think that, in order to implement the communication method of the embodiment of the present invention, the communication device 100 needs to configure at least a processor, a memory, and a first port and a second port for network communication in addition to the above modules, so that the communication device 100 can also be implemented by using the following: one or more FPGAs (field programmable gate arrays), PLDs (programmable logic devices), controllers, state machines, gate logic, discrete hardware components, any other suitable circuitry, or any combination of circuitry capable of performing the various functions described throughout this disclosure.
A processor may be implemented using one or more general-purpose processors and/or special-purpose processors. Examples of processors include microprocessors, microcontrollers, DSP processors, and other circuits capable of executing software. Software should be construed broadly to mean instructions, data, or any combination thereof, whether referred to as software, firmware, middleware, microcode, hardware description language, or otherwise.
In summary, embodiments of the present invention provide a communication method and a communication device 100, where after a first port monitors a DHCP Discover message sent by a user terminal 200, a second port and a target DHCP server corresponding to the user terminal 200 are obtained, and then the DHCP Discover message is forwarded to the target DHCP server through the second port. Based on the above technical scheme, compared with the prior art, the situation that the user terminal 200 cannot normally access the network due to acquiring the IP address from the illegal DHCP server can be effectively avoided, and the network experience of the user terminal 200 is improved.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, system, and method may be implemented in other ways. The apparatus, system, and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
Alternatively, all or part of the implementation may be in software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A method of communication, the method comprising:
before a first port monitors a DHCP Discover message sent by a user terminal, sending a free ARP request message to a target DHCP server through a second port based on an IP address of the target DHCP server appointed for the first port;
receiving an ARP response message sent by the target DHCP server, and acquiring an MAC address of the target DHCP server;
establishing a corresponding relation among the first port, the MAC address of the target DHCP server and the second port;
after a first port monitors a DHCP Discover message sent by a user terminal, a second port corresponding to the user terminal and a target DHCP server are obtained;
and forwarding the DHCP Discover message to the target DHCP server through the second port.
2. The communication method according to claim 1, wherein the obtaining the target DHCP server and the second port corresponding to the user terminal includes:
and searching a second port corresponding to the first port and the MAC address of the target DHCP server based on the established corresponding relation among the first port, the MAC address of the target DHCP server and the second port.
3. The communication method according to claim 1 or 2, wherein the forwarding the DHCP Discover message to the target DHCP server through the second port includes:
acquiring the MAC address of the target DHCP server;
determining the MAC address as a target MAC address in the DHCP Discover message;
and forwarding the DHCP Discover message to the target DHCP server through the second port based on the target MAC address.
4. The communication method according to claim 1 or 2, wherein before the first port monitors a DHCP Discover message sent by the user terminal, the method further comprises:
sending a gratuitous ARP request message to the target DHCP server through the second port based on the IP address of the target DHCP server with the highest priority appointed for the first port;
judging whether an ARP response message sent by the target DHCP server with the highest priority is received or not, if not, sending a free ARP request message to the target DHCP server with the second highest priority through the second port based on the IP address of the target DHCP server with the second highest priority appointed by the first port;
when an ARP response message sent by the target DHCP server with the next highest priority is received, the MAC address of the target DHCP server with the next highest priority is obtained;
and establishing a corresponding relation among the first port, the MAC address of the target DHCP server with the second highest priority and the second port.
5. The communication method according to claim 4, wherein after the establishing the correspondence relationship between the first port, the MAC address of the second highest-priority target DHCP server, and the second port, the method further comprises:
sending a free ARP request message to the target DHCP server with the highest priority through the second port at intervals of a preset period;
if an ARP response message sent by the highest-priority target DHCP server is received at any moment, establishing a corresponding relation among the first port, the MAC address of the highest-priority target DHCP server and the second port according to the ARP response message, wherein the priority of the corresponding relation among the first port, the MAC address of the highest-priority target DHCP server and the second port is greater than the priority of the corresponding relation among the first port, the MAC address of the next-highest-priority target DHCP server and the second port.
6. A communications apparatus, the apparatus comprising:
the first acquisition module is used for acquiring a second port and a target DHCP server corresponding to the user terminal after the first port monitors a DHCP Discover message sent by the user terminal;
a forwarding module, configured to forward the DHCP Discover message to the target DHCP server through the second port;
a first sending module, configured to send a gratuitous ARP request packet to the target DHCP server through the second port based on the IP address of the target DHCP server specified for the first port;
the receiving module is used for receiving the ARP response message sent by the target DHCP server and acquiring the MAC address of the target DHCP server;
and the first establishing module is used for establishing the corresponding relation among the first port, the MAC address of the target DHCP server and the second port.
7. The communication device of claim 6, wherein:
the first obtaining module is further configured to search for a second port corresponding to the first port and an MAC address of the target DHCP server based on the established correspondence between the first port, the MAC address of the target DHCP server, and the second port.
8. The communication device according to claim 6 or 7, wherein:
the forwarding module is further configured to obtain an MAC address of the target DHCP server, determine the MAC address as a destination MAC address in the DHCP Discover message, and forward the DHCP Discover message to the target DHCP server through the second port based on the destination MAC address.
9. The communication apparatus according to claim 6 or 7, characterized in that the apparatus further comprises:
a second sending module, configured to send a gratuitous ARP request packet to a target DHCP server through a second port based on an IP address of the target DHCP server with a highest priority specified for the first port;
the judging module is used for judging whether an ARP response message sent by the target DHCP server with the highest priority is received or not, and if not, sending a free ARP request message to the target DHCP server with the next highest priority through the second port based on the IP address of the target DHCP server with the next highest priority appointed for the first port;
the second acquisition module is used for acquiring the MAC address of the target DHCP server with the next highest priority when receiving the ARP response message sent by the target DHCP server with the next highest priority;
and the second establishing module is used for establishing the corresponding relation among the first port, the MAC address of the target DHCP server with the second highest priority and the second port.
10. The communication device of claim 9, wherein:
the second sending module is further configured to send a gratuitous ARP request message to the target DHCP server with the highest priority through the second port every preset period;
the second establishing module is further configured to establish, according to an ARP response packet sent by the highest-priority target DHCP server, a correspondence between the first port, the MAC address of the highest-priority target DHCP server, and the second port if the ARP response packet sent by the highest-priority target DHCP server is received at any time, where a priority of the correspondence between the first port, the MAC address of the highest-priority target DHCP server, and the second port is greater than a priority of the correspondence between the first port, the MAC address of the next-highest-priority target DHCP server, and the second port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711015635.9A CN107809498B (en) | 2017-10-26 | 2017-10-26 | Communication method and communication device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711015635.9A CN107809498B (en) | 2017-10-26 | 2017-10-26 | Communication method and communication device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107809498A CN107809498A (en) | 2018-03-16 |
| CN107809498B true CN107809498B (en) | 2021-02-02 |
Family
ID=61582277
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711015635.9A Active CN107809498B (en) | 2017-10-26 | 2017-10-26 | Communication method and communication device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107809498B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594839A (en) * | 2012-03-16 | 2012-07-18 | 杭州华三通信技术有限公司 | Method for distinguishing pseudo dynamic host configuration protocol (DHCP) servers and switchboards |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101471966B (en) * | 2006-07-06 | 2011-07-20 | 华为技术有限公司 | System and device for preventing IP address from leakage |
| CN100473037C (en) * | 2007-03-19 | 2009-03-25 | 中兴通讯股份有限公司 | Method for realizing distributed DHCP relay |
| CN101321102A (en) * | 2007-06-07 | 2008-12-10 | 杭州华三通信技术有限公司 | Detection method and access equipment of DHCP server |
| CN102438028B (en) * | 2012-01-19 | 2016-06-15 | 神州数码网络(北京)有限公司 | A kind of prevent Dynamic Host Configuration Protocol server from cheating method, Apparatus and system |
| CN102710811B (en) * | 2012-06-14 | 2016-02-03 | 杭州华三通信技术有限公司 | Realize method and the switch of dhcp address safety distribution |
| CN102752413B (en) * | 2012-07-02 | 2015-08-12 | 杭州华三通信技术有限公司 | Dynamic Host Configuration Protocol server system of selection and the network equipment |
| CN103051738B (en) * | 2012-12-10 | 2016-01-06 | 上海斐讯数据通信技术有限公司 | A kind of dhcp address distribution method and system |
-
2017
- 2017-10-26 CN CN201711015635.9A patent/CN107809498B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594839A (en) * | 2012-03-16 | 2012-07-18 | 杭州华三通信技术有限公司 | Method for distinguishing pseudo dynamic host configuration protocol (DHCP) servers and switchboards |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107809498A (en) | 2018-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101883158B (en) | Method and client for acquiring VLAN (Virtual Local Area Network) IDs (Identifiers) and network protocol addresses | |
| US9729501B2 (en) | System and data card for stateless automatic configuration of IPv6 address and method for implementing the same | |
| CN107113892B (en) | Method and device for automatically networking gateway equipment | |
| US9438557B2 (en) | Adaptive dynamic host configuration protocol assignment with virtual local area network pool | |
| EP1100232A2 (en) | System, device, and method for allocating virtual circuits in a communication network | |
| CN110493366B (en) | Method and device for adding access point into network management | |
| CN110011919B (en) | Message forwarding method, device, network equipment and storage medium | |
| CN107094110B (en) | DHCP message forwarding method and device | |
| CN107809386B (en) | IP address translation method, routing device and communication system | |
| WO2018103400A1 (en) | Wireless fidelity wifi connection method and related product | |
| CN107517129B (en) | Method and device for configuring uplink interface of equipment based on OpenStack | |
| CN102801716B (en) | DHCP (Dynamic Host Configuration Protocol) anti-attacking method and device | |
| CN106899706B (en) | Flooding inhibition method and device | |
| US20140108650A1 (en) | Identification of servers by common wide area network addresses | |
| CN108023971B (en) | DHCP message forwarding method and device | |
| CN108667957B (en) | IP address allocation method, first electronic device and first server | |
| CN106302845A (en) | The Domain Name System addresses collocation method of data channel product and device | |
| CN107809498B (en) | Communication method and communication device | |
| CN110868762B (en) | Data stream processing method, device and system | |
| WO2016177185A1 (en) | Method and apparatus for processing media access control (mac) address | |
| CN108989173B (en) | Message transmission method and device | |
| KR100595524B1 (en) | Device discovery system and method on network | |
| CN107689881B (en) | Message processing method and device | |
| CN113098834B (en) | Access control method, device, equipment and system | |
| WO2017147840A1 (en) | Message routing method and device, and diameter routing entity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |