CN108259294B - Message processing method and device - Google Patents

Message processing method and device Download PDF

Info

Publication number
CN108259294B
CN108259294B CN201710114261.XA CN201710114261A CN108259294B CN 108259294 B CN108259294 B CN 108259294B CN 201710114261 A CN201710114261 A CN 201710114261A CN 108259294 B CN108259294 B CN 108259294B
Authority
CN
China
Prior art keywords
address
message
matched
arp message
arp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710114261.XA
Other languages
Chinese (zh)
Other versions
CN108259294A (en
Inventor
杨正广
张然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201710114261.XA priority Critical patent/CN108259294B/en
Publication of CN108259294A publication Critical patent/CN108259294A/en
Application granted granted Critical
Publication of CN108259294B publication Critical patent/CN108259294B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1475Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The application provides a message processing method and a message processing device, which are applied to VTEP equipment, and the method comprises the following steps: receiving an ARP message, and judging whether the IP address of a sending end of the ARP message is matched with a preset gateway IP address and the MAC address of the sending end of the ARP message is matched with a preset gateway MAC address; if the ARP message and the ARP message are matched, checking whether the forwarding direction of the ARP message is correct, and if the forwarding direction is wrong, discarding the ARP message; and if the IP address of the sending end is not matched with the preset gateway IP address, or the MAC address of the sending end is not matched with the preset gateway MAC address, discarding the ARP message. According to the method and the device, the IP address of the sending end of the ARP message, the IP address of the preset gateway, the MAC address of the sending end of the ARP message and the MAC address of the preset gateway are matched, the attack message is identified according to the matching result, the ARP message is discarded, the attack message can be prevented from being sent to the gateway, and network faults are reduced.

Description

Message processing method and device
Technical Field
The present application relates to communications technologies, and in particular, to a method and an apparatus for processing a packet.
Background
VXLAN (Virtual eXtensible Virtual local area network) is a two-layer Virtual Private Network (VPN) technology based on Internet Protocol (IP) networks in the form of a "media access control in user datagram protocol" (MAC in UDP) encapsulation. VXLAN is used primarily in data center networks.
Among them, stateless gateway networking of VXLAN is a very wide application, as shown in fig. 1, stateless gateway networking of VXLAN includes a plurality of VXLAN Gateways (GWs), and all VXLAN gateways are stateless gateways, that is, IP addresses and Media Access Control (MAC) addresses of all VXLAN gateways are identical, so that all VXLAN gateways correspond to one device for VXLAN tunnel endpoint (VXLAN Tunneling Point, VTEP) devices, and the VTEP devices do not need to distinguish VXLAN gateways.
However, in the stateless gateway networking shown in fig. 1, if a Virtual Machine (VM) is attacked and an Address Resolution Protocol (ARP) broadcast spoofing as a gateway is sent out, all other VMs receive the ARP broadcast, which results in that all packets sent to the gateway are encapsulated incorrectly, resulting in a failure of the entire network.
Disclosure of Invention
In view of this, the present application provides a message processing method and apparatus.
Specifically, the method is realized through the following technical scheme:
according to a first aspect of the embodiments of the present invention, there is provided a packet processing method, applied to a VTEP device, the method including:
receiving an ARP message;
judging whether the IP address of the sending end of the ARP message is matched with a preset gateway IP address and the MAC address of the sending end of the ARP message is matched with a preset gateway MAC address;
if the ARP message and the ARP message are matched, checking whether the forwarding direction of the ARP message is correct, and if the forwarding direction is wrong, discarding the ARP message;
and if the IP address of the sending end is not matched with the preset gateway IP address, or the MAC address of the sending end is not matched with the preset gateway MAC address, discarding the ARP message.
According to a second aspect of the embodiments of the present invention, there is provided a packet processing apparatus, applied to a VTEP device which is a tunnel endpoint of an extensible virtual local area network, the apparatus including:
the receiving module is used for receiving the ARP message;
the matching module is used for judging whether the IP address of the sending end of the ARP message received by the receiving module is matched with a preset gateway IP address and the MAC address of the sending end of the ARP message is matched with the preset gateway MAC address;
a checking and discarding module, configured to check whether the forwarding direction of the ARP packet is correct if the matching result of the matching module is that both are matched, and discard the ARP packet if the forwarding direction is wrong;
and the discarding module is used for discarding the ARP message if the matching result of the matching module is that the IP address of the sending end is not matched with the preset gateway IP address or the MAC address of the sending end is not matched with the preset gateway MAC address.
In the embodiment of the application, the IP address of the sending end of the ARP message is matched with the preset gateway IP address and the MAC address of the sending end of the ARP message is matched with the preset gateway MAC address, the attack message is identified according to the matching result, and the ARP message belonging to the attack message is discarded, so that the attack message can be prevented from being sent to the gateway, and network faults are reduced.
Drawings
Fig. 1 is a schematic diagram of a stateless gateway networking, shown in an example embodiment;
fig. 2 is a flowchart illustrating a message processing method according to an exemplary embodiment of the present application;
fig. 3 is a flowchart illustrating another message processing method according to an exemplary embodiment of the present application;
fig. 4 is a flowchart illustrating another message processing method according to an exemplary embodiment of the present application;
fig. 5 is a hardware structure diagram of a VTEP device in which the message processing apparatus of the present application is located;
FIG. 6 is a block diagram of a message processing apparatus according to an exemplary embodiment of the present application;
fig. 7 is a block diagram of a message processing apparatus according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In the embodiment of the present application, the VTEP is used as an access device and is responsible for encapsulating the southbound incoming packet and decapsulating the southbound outgoing packet, so that the packet sent by the VM needs to be encapsulated by VXLAN through the VTEP. In view of this, in the embodiment of the present application, a packet is processed on a VTEP, and in the embodiment of the present application, gateway IP addresses and MAC addresses of all VXLANs are preset on the VTEP, and a Sender IP address (Sender IP address) of an ARP packet is matched with the preset gateway IP address and a Sender MAC address (Sender MAC address) of the ARP packet is matched with the preset gateway MAC address, and then it is determined whether the packet is an attack packet according to a matching result, and the attack packet is discarded, so as to avoid sending the attack packet to a gateway, thereby reducing network failures. The following describes in detail an implementation process of the present application with reference to specific embodiments.
Fig. 2 is a flowchart illustrating a message processing method according to an exemplary embodiment of the present application, which is described from the VTEP side. As shown in fig. 2, the message processing method includes:
step S201, receives an ARP packet.
Step S202, determining whether the sending end IP address of the ARP packet matches the preset gateway IP address, and the sending end MAC address of the ARP packet matches the preset gateway MAC address, if yes, performing step S203, and if the sending end IP address does not match the preset gateway IP address, or the sending end MAC address does not match the preset gateway MAC address, performing step S204.
Wherein, the VTEP device can receive and store the preset gateway IP address and the gateway MAC address.
Step S203, checking whether the forwarding direction of the ARP packet is correct, and if the forwarding direction is wrong, executing step S204.
In this embodiment, if both of the two are successfully matched, it is necessary to perform a one-step check on whether the forwarding direction of the packet is correct, where the manner of checking whether the forwarding direction of the packet is correct may be: and checking whether the forwarding direction of the message is the direction to the virtual machine accessed by the VTEP device, namely from north to south, and if the forwarding direction is not from north to south, determining that the message is an attack message.
Step S204, discarding the ARP message.
And if only one field information is successfully matched, the message is regarded as an attack message. And after confirming that the ARP message is an attack message, discarding the ARP message.
In the embodiment, the sending end IP address of the ARP message is matched with the preset gateway IP address, and the sending end MAC address of the ARP message is matched with the preset gateway MAC address, and the attack message is identified according to the matching result, and the ARP message belonging to the attack message is discarded, so that the attack message can be prevented from being sent to the gateway, and network faults are reduced.
Fig. 3 is a flowchart of another message processing method according to an exemplary embodiment of the present application, and as shown in fig. 3, after S204 in fig. 2, the method may further include:
step S205, outputting the fault location information related to the ARP packet for locating the fault point.
In this embodiment, after confirming that the message is an attack message, fault location information related to the ARP message may be output to a network administrator in various manners, such as log information (log) or alarm information, where the fault location information may include, but is not limited to, a message content and a physical port receiving the ARP message, so as to facilitate the network administrator to quickly and effectively locate a fault point accordingly.
According to the embodiment, the fault positioning information related to the ARP message is output to the network administrator, so that the network administrator can conveniently and effectively position the fault point.
Fig. 4 is a flowchart of another message processing method according to an exemplary embodiment of the present application, where as shown in fig. 4, the method includes:
step S401, ARP message is received.
Step S402, judging whether the sending end IP address and the gateway IP address of the ARP message and the sending end MAC address and the gateway MAC address of the ARP message are matched, if not, executing step S403, if so, executing step S404, and if only one is matched successfully, executing step S405.
Step S403, the ARP packet is forwarded, and the operation is ended.
If the two are not matched, the message is considered to be a normal message, and the message is forwarded according to the original forwarding rule of the message.
Step S404, checking whether the forwarding direction of the ARP packet is correct, if the forwarding direction is correct, executing step S403, and if the forwarding direction is wrong, executing step S405.
Step S405, discarding the ARP message and informing a network administrator to check.
In the embodiment, the sending end IP address of the ARP message is matched with the preset gateway IP address and the sending end MAC address of the ARP message is matched with the preset gateway MAC address, and the ARP message is forwarded or discarded according to the matching result, so as to avoid sending the attack message to the gateway, thereby reducing network faults.
Corresponding to the embodiment of the message processing method, the application also provides an embodiment of a message processing device.
The embodiment of the message processing device can be applied to VTEP equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for running through the processor of the VTEP device where the software implementation is located as a logical means. In terms of hardware, as shown in fig. 5, the present application is a hardware structure diagram of a VTEP device in which a message processing apparatus 500 is located, and except for the processor 510, the memory 520, the network interface 530, and the nonvolatile memory 540 shown in fig. 5, the VTEP device in which the apparatus is located in the embodiment may also include other hardware according to its actual functions, which is not described again.
Fig. 6 is a block diagram of a message processing apparatus according to an exemplary embodiment of the present application, where the apparatus is applicable to a VTEP device, and as shown in fig. 6, the message processing apparatus includes: a receiving module 61, a matching module 62, a check discard module 63 and a discard module 64.
The receiving module 61 is configured to receive an ARP packet.
The matching module 62 is configured to determine whether the sending end IP address of the ARP packet received by the receiving module 61 matches the preset gateway IP address, and whether the sending end MAC address of the ARP packet matches the preset gateway MAC address.
The checking and discarding module 63 is configured to check whether the forwarding direction of the ARP packet is correct if the matching result of the matching module 62 is that both are matched, and discard the ARP packet if the forwarding direction is wrong.
The discarding module 64 is configured to discard the ARP packet if the matching result of the matching module 62 is that the sending end IP address is not matched with the preset gateway IP address, or the sending end MAC address is not matched with the preset gateway MAC address.
In an optional embodiment, the apparatus may further comprise: and an output module 65.
The output module 65 is configured to output the fault location information related to the ARP packet after the packet is discarded by the checking and discarding module 63 or the discarding module 64, so as to locate the fault point.
In another alternative embodiment, the apparatus may further comprise: a first forwarding module 66.
The first forwarding module 66 is configured to forward the ARP packet if the matching module 62 determines whether the IP address of the sending end of the ARP packet matches the preset gateway IP address, and the MAC address of the sending end of the ARP packet does not match the preset gateway MAC address.
In another alternative embodiment, the apparatus may further comprise: a second forwarding module 67.
The second forwarding module 67 is configured to, after the checking and discarding module 63 checks whether the forwarding direction of the ARP packet is correct, forward the ARP packet if the forwarding direction is correct.
In another alternative embodiment, as shown in fig. 7, the inspection discard module 63 may include: an examination sub-module 631 and a determination sub-module 632.
The checking sub-module 631 is configured to check whether a forwarding direction of the ARP packet is a direction to a virtual machine accessed by the VTEP device.
The determining sub-module 632 is configured to determine that the forwarding direction is correct if the checking sub-module 631 checks that the ARP packet is directed to the virtual machine accessed by the VTEP device, and determine that the forwarding direction is incorrect if the checking sub-module 631 checks that the ARP packet is not directed to the virtual machine accessed by the VTEP device.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
According to the message processing device, the IP address of the sending end of the ARP message is matched with the preset gateway IP address and the MAC address of the sending end of the ARP message is matched with the preset gateway MAC address, the attack message is identified according to the matching result, the ARP message belonging to the attack message is discarded, the attack message can be prevented from being sent to the gateway, and network faults are reduced.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (8)

1. A message processing method is applied to a virtual local area network tunnel endpoint (VTEP) device, and comprises the following steps:
receiving an ARP message;
judging whether the IP address of the sending end of the ARP message is matched with a preset gateway IP address and the MAC address of the sending end of the ARP message is matched with a preset gateway MAC address;
if the ARP message and the VTEP message are matched, checking whether the forwarding direction of the ARP message is the direction to the virtual machine accessed by the VTEP equipment, and if the forwarding direction is not the direction to the virtual machine accessed by the VTEP equipment, discarding the ARP message;
and if the IP address of the sending end is not matched with the preset gateway IP address, or the MAC address of the sending end is not matched with the preset gateway MAC address, discarding the ARP message.
2. The method of claim 1, wherein after said discarding said packet, said method further comprises:
and outputting fault positioning information related to the ARP message for positioning fault points.
3. The method according to claim 1, wherein after said determining whether the sending end IP address of the ARP packet matches the predetermined gateway IP address and the sending end MAC address of the ARP packet matches the predetermined gateway MAC address, the method further comprises:
and if the ARP message and the ARP message are not matched, forwarding the ARP message.
4. The method of claim 1, further comprising:
and if the forwarding direction is the direction of the virtual machine accessed by the VTEP equipment, forwarding the ARP message.
5. A message processing apparatus, applied to a tunnel endpoint VTEP device in an extensible virtual local area network, the apparatus comprising:
the receiving module is used for receiving the ARP message;
the matching module is used for judging whether the IP address of the sending end of the ARP message received by the receiving module is matched with a preset gateway IP address and the MAC address of the sending end of the ARP message is matched with the preset gateway MAC address;
a checking and discarding module, configured to check whether a forwarding direction of the ARP packet is a direction to a virtual machine to which the VTEP device is accessed if the matching result of the matching module is that both match, and discard the ARP packet if the forwarding direction is not the direction to the virtual machine to which the VTEP device is accessed;
and the discarding module is used for discarding the ARP message if the matching result of the matching module is that the IP address of the sending end is not matched with the preset gateway IP address or the MAC address of the sending end is not matched with the preset gateway MAC address.
6. The apparatus of claim 5, further comprising:
and the output module is used for outputting the fault positioning information related to the ARP message after the message is discarded by the checking and discarding module or the discarding module so as to position a fault point.
7. The apparatus of claim 5, further comprising:
and the first forwarding module is used for forwarding the ARP message if the transmitting end IP address of the ARP message is not matched with the preset gateway IP address and the transmitting end MAC address of the ARP message is not matched with the preset gateway MAC address after the matching module judges whether the transmitting end IP address of the ARP message is matched with the preset gateway IP address or not.
8. The apparatus of claim 5, further comprising:
and a second forwarding module, configured to forward the ARP packet if the forwarding direction is a direction to a virtual machine to which the VTEP device is accessed.
CN201710114261.XA 2017-02-28 2017-02-28 Message processing method and device Active CN108259294B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710114261.XA CN108259294B (en) 2017-02-28 2017-02-28 Message processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710114261.XA CN108259294B (en) 2017-02-28 2017-02-28 Message processing method and device

Publications (2)

Publication Number Publication Date
CN108259294A CN108259294A (en) 2018-07-06
CN108259294B true CN108259294B (en) 2021-01-26

Family

ID=62721763

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710114261.XA Active CN108259294B (en) 2017-02-28 2017-02-28 Message processing method and device

Country Status (1)

Country Link
CN (1) CN108259294B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112165447B (en) * 2020-08-21 2023-12-19 杭州安恒信息技术股份有限公司 WAF equipment-based network security monitoring method, system and electronic device
CN113259162B (en) * 2021-05-08 2022-09-16 中国工商银行股份有限公司 Network fault determination method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170515A (en) * 2007-12-04 2008-04-30 华为技术有限公司 A method, system and gateway device for processing packets
CN101488951A (en) * 2008-12-31 2009-07-22 成都市华为赛门铁克科技有限公司 Method, equipment and communication network for preventing from address resolution protocol attack
CN101789940A (en) * 2010-01-28 2010-07-28 联想网御科技(北京)有限公司 Method for preventing flood attack of DNS request message and device thereof
CN105407096A (en) * 2015-11-26 2016-03-16 深圳市风云实业有限公司 Message data detection method based on stream management
CN105743993A (en) * 2016-03-31 2016-07-06 杭州数梦工场科技有限公司 Message processing method and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243265B (en) * 2014-09-05 2018-01-05 华为技术有限公司 A kind of gateway control method, apparatus and system based on virtual machine (vm) migration
CN105429870B (en) * 2015-11-30 2018-10-02 北京瑞和云图科技有限公司 VXLAN security gateway devices under SDN environment and its application process

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170515A (en) * 2007-12-04 2008-04-30 华为技术有限公司 A method, system and gateway device for processing packets
CN101488951A (en) * 2008-12-31 2009-07-22 成都市华为赛门铁克科技有限公司 Method, equipment and communication network for preventing from address resolution protocol attack
CN101789940A (en) * 2010-01-28 2010-07-28 联想网御科技(北京)有限公司 Method for preventing flood attack of DNS request message and device thereof
CN105407096A (en) * 2015-11-26 2016-03-16 深圳市风云实业有限公司 Message data detection method based on stream management
CN105743993A (en) * 2016-03-31 2016-07-06 杭州数梦工场科技有限公司 Message processing method and system

Also Published As

Publication number Publication date
CN108259294A (en) 2018-07-06

Similar Documents

Publication Publication Date Title
US10237230B2 (en) Method and system for inspecting network traffic between end points of a zone
US11196589B2 (en) Forwarding entry generation
US8498295B1 (en) Modular lightweight tunneling mechanisms for transitioning between network layer protocols
CN111130931B (en) Detection method and device for illegal external connection equipment
CN108718269B (en) Message processing method and device
CN108881328B (en) Data packet filtering method and device, gateway equipment and storage medium
EP3570524B1 (en) Packet fragment forwarding without reassembly
CN106656615B (en) Message processing method and device based on TRACERT command
CN108600109B (en) Message forwarding method and device
US11838318B2 (en) Data plane with connection validation circuits
CN108076066B (en) Method and device for protecting GRE (generic routing encapsulation) message
CN113595891B (en) Data communication method and device and electronic equipment
US20230208721A1 (en) Determining network topology based on packet traffic
CN108259294B (en) Message processing method and device
CN107241294B (en) Network flow processing method and device, cleaning equipment and network equipment
US20150089047A1 (en) Cut-through packet management
US20210203695A1 (en) Anti-spoofing attack check method, device, and system
CN116762320A (en) Traffic flow based mapping cache flushing for supporting device and dynamic policy updating thereof
CN111131548B (en) Information processing method, apparatus and computer readable storage medium
CN106357652B (en) Method and device for preventing VXLAN message from being attacked
US20170187844A1 (en) User datagram protocol networking method for stability improvement
CN111654474B (en) Safety detection method and device
Kang et al. ARP modification for prevention of IP spoofing
US20220303231A1 (en) Packet fragmentation using outer header
CN105791458B (en) Address configuration method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant