CN108667741A - A kind of control method and system for industrial network data forwarding - Google Patents

A kind of control method and system for industrial network data forwarding Download PDF

Info

Publication number
CN108667741A
CN108667741A CN201810385735.9A CN201810385735A CN108667741A CN 108667741 A CN108667741 A CN 108667741A CN 201810385735 A CN201810385735 A CN 201810385735A CN 108667741 A CN108667741 A CN 108667741A
Authority
CN
China
Prior art keywords
forwarding
module
network data
industrial network
forwarding strategy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810385735.9A
Other languages
Chinese (zh)
Other versions
CN108667741B (en
Inventor
刁文钦
肖海涛
滕建桓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bao Mu Science And Technology (tianjin) Co Ltd
Original Assignee
Bao Mu Science And Technology (tianjin) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bao Mu Science And Technology (tianjin) Co Ltd filed Critical Bao Mu Science And Technology (tianjin) Co Ltd
Priority to CN201810385735.9A priority Critical patent/CN108667741B/en
Publication of CN108667741A publication Critical patent/CN108667741A/en
Application granted granted Critical
Publication of CN108667741B publication Critical patent/CN108667741B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2425Traffic characterised by specific attributes, e.g. priority or QoS for supporting services specification, e.g. SLA
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • H04L43/106Active monitoring, e.g. heartbeat, ping or trace-route using time related information in packets, e.g. by adding timestamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/30Routing of multiclass traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • H04L45/7453Address table lookup; Address filtering using hashing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/29Flow control; Congestion control using a combination of thresholds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/32Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of control methods and system for industrial network data forwarding, industrial network data packet passes through one delivery protocols stack module of network interface card, industrial network data packet is forwarded to industry control agreement and connects tracking module by protocol stack module, while copying industrial network data packet to DPI modules;DPI modules are detected industrial network data packet according to default rule, generate the forwarding strategy of industrial network data packet and are sent to forwarding strategy and issue module;A kind of control method and system for industrial network data forwarding of the invention, module and forwarding control module are issued with the use of protocol stack module, industry control agreement connection tracking module, DPI modules, forwarding strategy, the procedure control for realizing industrial network data forwarding has the characteristics that data forwarding is efficient, occupying system resources are few, forwarding timeliness is strong and Information Security is high.

Description

A kind of control method and system for industrial network data forwarding
Technical field
The invention belongs to filed of network information security, more particularly, to a kind of controlling party for industrial network data forwarding Method and system.
Background technology
With the development of modern information technologies, industrial network gradually moves towards open, interconnection and general, and then to industrial network Safety higher requirements are also raised.It must assure that the real-time of data forwarding, stability and safety in industrial network.
Under prior art conditions, the data forwarding in industrial network mainly uses application layer DPI forwardings+bypass (other Road) forwarding.Data packet is collected from kernel spacing by application layer DPI modules, and parses data packet, by message and application layer DPI The safety that the rule of maintenance carries out matching judgement message is then sent message by application layer DPI modules when judging that message is safe Kernel transfers to protocol stack to send out message.When DPI is abnormal or busy, Bypass functions, industrial network data traffic can be opened No longer by protecting equipment, directly into downlink.
It is forwarded using this application layer DPI, industrial network data packet first need to be gone to application layer from inner nuclear layer, by application layer After DPI analyses, then data are given to inner nuclear layer from application layer and are sent out, centre is related to the data between inner nuclear layer and application layer twice Copy, reduces forward efficiency.When application layer DPI is busy, forward efficiency can further decrease, and normally behave as network delay Increase, it is difficult to meet the requirement of real-time of industrial network.When application layer DPI module exceptions, industrial control system network traffic will disconnect, This cannot meet the stability requirement of industrial network.Bypass forwardings are further used, handles not in time or answers in application layer DPI When with layer DPI exceptions, Bypass functions can be opened, industrial control system network traffic is no longer influenced by safeguard protection at this time, and data are forwarded directly to Downlink, unsafe data can also be forwarded directly to downlink, this makes industrial network, and there are security risks, cannot meet it Security requirement.
Invention content
In view of this, the present invention is directed to propose a kind of control method and system for industrial network data forwarding, cooperation Module and forwarding control module are issued using protocol stack module, industry control agreement connection tracking module, DPI modules, forwarding strategy, it is real The procedure control for having showed industrial network data forwarding, with data forwarding is efficient, occupying system resources are few, forwarding timeliness is strong And the feature that Information Security is high.
In order to achieve the above objectives, the technical proposal of the invention is realized in this way:
A kind of control method for industrial network data forwarding, including:
Step 1:Industrial network data packet is by one delivery protocols stack module of network interface card, and protocol stack module is by industrial network data Packet is forwarded to industry control agreement connection tracking module, while copying industrial network data packet to DPI modules;
Step 2:DPI modules are detected the industrial network data packet sent in step 1 according to default rule, generate The forwarding strategy of industrial network data packet is simultaneously sent to forwarding strategy and issues module;
Step 3:Forwarding strategy issues the forwarding strategy that module caching DPI modules are sent and issues forwarding strategy to step 1 In industry control agreement connect tracking module;
Step 4:Industry control agreement connection tracking module is receiving forwarding strategy and corresponding connection tracking information and corresponding Industrial network data packet is sent to forwarding control module;
When industrial network data packet gets its corresponding connection tracking information, need to update its connect tracking information when Between stab.If in a digestion period, connection tracking information is not updated, then this connection tracking information can be aging, with This come ensure connect tracking information timeliness.
Step 5:Forwarding control module is handled corresponding industrial network data packet according to the forwarding strategy received;When Forwarding strategy is to let pass, then corresponding industrial network data packet is sent to protocol stack module, and downlink chain is forwarded to via network interface card two Road;When forwarding strategy is DROP, then corresponding industrial network data packet directly abandons;When forwarding strategy is REJECT, such as The corresponding industrial network data packet of fruit is Transmission Control Protocol, then replys RST packets to protocol stack module, beamed back via network interface card one;If right The industrial network data packet answered is udp protocol, then replys ICMP UNREACHABLE packets to protocol stack module, sent out via network interface card one It returns;
In step 2, forwarding strategy includes:Industrial network data packet five-tuple information and DROP/REJECT strategies;
In step 3, forwarding strategy issues the mechanism that module issues forwarding strategy and includes:Based on forwarding strategy entry number and Issuing mechanism based on forwarding strategy generated time;It is when forwarding strategy issues module caching based on forwarding strategy entry number Forwarding strategy entry number when reaching a certain threshold value, batch is carried out to forwarding strategy and is issued, is reduced when user issues respectively to being The occupancy for resource of uniting;Based on forwarding strategy generated time, that is, refer to when forwarding strategy issues the forwarding strategy of module caching at certain When being not up to entry number threshold value in threshold time, then current buffered all forwarding strategies are directly issued, ensures to turn with this Send out the timeliness of policy distribution;
In step 3, it is dual-thread design that forwarding strategy, which issues module,:One thread is responsible for collecting forwarding from DPI modules Strategy, another thread issues forwarding strategy the entry number of the forwarding plan of module caching and generated time is monitored, and right Forwarding strategy is issued.
Further, in step 3, the issuing mechanism given threshold based on forwarding strategy entry number is 50.
Further, in step 3, the issuing mechanism given threshold based on forwarding strategy generated time is one second.
Further, in step 4, if there is industrial network data packet does not have corresponding connection tracking information and forwarding plan Slightly, then industry control agreement connection tracking module can be the industrial network data packet one new connection tracking information of establishment, and default By letting pass, strategy handles this industrial network data packet.
Further, in step 4, industrial network data packet is carried out using exclusive or hash algorithm or jhash algorithms fast Quick checking is looked for.
The forward efficiency of data can be effectively increased substantially using exclusive or hash algorithm or jhash algorithms.
A kind of control system for industrial network data forwarding, including network interface card one, network interface card two, protocol stack module, DPI moulds Block, forwarding strategy issue module, industry control agreement connection tracking module and forwarding control module;Network interface card one, network interface card two, industry control agreement Connection tracking module and forwarding control module are connect with protocol stack module respectively, and protocol stack module connects DPI modules, DPI modules Connection forwarding strategy issues module, and forwarding strategy issues module connection industry control agreement connection tracking module, the connection of industry control agreement with Track module connection forwarding control module.
Compared with the existing technology, a kind of control method and system for industrial network data forwarding of the invention, with Lower advantage:
A kind of control method and system for industrial network data forwarding of the invention, with the use of protocol stack module, work Control agreement connection tracking module, DPI modules, forwarding strategy issue module and forwarding control module, realize industrial network data The procedure of forwarding controls, with data forwarding is efficient, occupying system resources are few, forwarding timeliness is strong and Information Security is high Feature.
Description of the drawings
The attached drawing for constituting the part of the present invention is used to provide further understanding of the present invention, schematic reality of the invention Example and its explanation are applied for explaining the present invention, is not constituted improper limitations of the present invention.
In the accompanying drawings:
Fig. 1 is a kind of control method principle schematic for industrial network data forwarding of the embodiment of the present invention;
Fig. 2 is that a kind of control method exclusive or hash algorithm principle for industrial network data forwarding of the embodiment of the present invention is shown It is intended to;
Specific implementation mode
It should be noted that in the absence of conflict, the feature in embodiment and embodiment in the present invention can phase Mutually combination.
In the description of the present invention, it is to be understood that, term "center", " longitudinal direction ", " transverse direction ", "upper", "lower", The orientation or positional relationship of the instructions such as "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is It is based on the orientation or positional relationship shown in the drawings, is merely for convenience of description of the present invention and simplification of the description, rather than instruction or dark Show that signified device or element must have a particular orientation, with specific azimuth configuration and operation, therefore should not be understood as pair The limitation of the present invention.In addition, term " first ", " second " etc. are used for description purposes only, it is not understood to indicate or imply phase To importance or implicitly indicate the quantity of indicated technical characteristic.The feature for defining " first ", " second " etc. as a result, can To express or implicitly include one or more this feature.In the description of the present invention, unless otherwise indicated, " multiple " It is meant that two or more.
In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can Can also be electrical connection to be mechanical connection;It can be directly connected, can also indirectly connected through an intermediary, Ke Yishi Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood by concrete condition Concrete meaning in the present invention.
The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
As shown in Figure 1, a kind of control method for industrial network data forwarding, including:
Step 1:Industrial network data packet is by one delivery protocols stack module of network interface card, and protocol stack module is by industrial network data Packet is forwarded to industry control agreement connection tracking module, while copying industrial network data packet to DPI modules;
Step 2:DPI modules are detected the industrial network data packet sent in step 1 according to default rule, generate The forwarding strategy of industrial network data packet is simultaneously sent to forwarding strategy and issues module;
Step 3:Forwarding strategy issues the forwarding strategy that module caching DPI modules are sent and issues forwarding strategy to step 1 In industry control agreement connect tracking module;
Step 4:Industry control agreement connection tracking module is receiving forwarding strategy and corresponding connection tracking information and corresponding Industrial network data packet is sent to forwarding control module;
When industrial network data packet gets its corresponding connection tracking information, need to update its connect tracking information when Between stab.If in a digestion period, connection tracking information is not updated, then this connection tracking information can be aging, with This come ensure connect tracking information timeliness.
Step 5:Forwarding control module is handled corresponding industrial network data packet according to the forwarding strategy received;When Forwarding strategy is to let pass, then corresponding industrial network data packet is sent to protocol stack module, and downlink chain is forwarded to via network interface card two Road;When forwarding strategy is DROP, then corresponding industrial network data packet directly abandons;When forwarding strategy is REJECT, such as The corresponding industrial network data packet of fruit is Transmission Control Protocol, then replys RST packets to protocol stack module, beamed back via network interface card one;If right The industrial network data packet answered is udp protocol, then replys ICMP UNREACHABLE packets to protocol stack module, sent out via network interface card one It returns;
In step 2, forwarding strategy includes:Industrial network data packet five-tuple information and DROP/REJECT strategies;
In step 3, forwarding strategy issues the mechanism that module issues forwarding strategy and includes:Based on forwarding strategy entry number and Issuing mechanism based on forwarding strategy generated time;It is when forwarding strategy issues module caching based on forwarding strategy entry number Forwarding strategy entry number when reaching a certain threshold value, batch is carried out to forwarding strategy and is issued, is reduced when user issues respectively to being The occupancy for resource of uniting;Based on forwarding strategy generated time, that is, refer to when forwarding strategy issues the forwarding strategy of module caching at certain When being not up to entry number threshold value in threshold time, then current buffered all forwarding strategies are directly issued, ensures to turn with this Send out the timeliness of policy distribution;
In step 3, it is dual-thread design that forwarding strategy, which issues module,:One thread is responsible for collecting forwarding from DPI modules Strategy, another thread issues forwarding strategy the entry number of the forwarding plan of module caching and generated time is monitored, and right Forwarding strategy is issued.
In step 3, the issuing mechanism given threshold based on forwarding strategy entry number is 50.
In step 3, the issuing mechanism given threshold based on forwarding strategy generated time is one second.
In step 4, if there is industrial network data packet does not have corresponding connection tracking information and forwarding strategy, then industry control It can be the industrial network data packet one new connection tracking information of establishment that agreement, which connects tracking module, and default by strategy of letting pass Handle this industrial network data packet.
As shown in Fig. 2, in the present embodiment, in step 4, being carried out to industrial network data packet using exclusive or hash algorithm Quickly search.
As shown in Fig. 2, in the present embodiment, exclusive or hash algorithm is as follows:
Hash=(1^3^5^7^9^11^13) & (2^4^6^8^10^12)
Algorithm flow is:First five-tuple information symmetrical is arranged, odd-even interleaving exclusive or is then carried out, finally by exclusive or result Juxtaposition exports, and the forward efficiency of data can be effectively increased substantially using exclusive or hash algorithm.
A kind of control system for industrial network data forwarding, including network interface card one, network interface card two, protocol stack module, DPI moulds Block, forwarding strategy issue module, industry control agreement connection tracking module and forwarding control module;Network interface card one, network interface card two, industry control agreement Connection tracking module and forwarding control module are connect with protocol stack module respectively, and protocol stack module connects DPI modules, DPI modules Connection forwarding strategy issues module, and forwarding strategy issues module connection industry control agreement connection tracking module, the connection of industry control agreement with Track module connection forwarding control module.
The above is merely preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and Within principle, any modification, equivalent replacement, improvement and so on should all be included in the protection scope of the present invention.

Claims (6)

1. a kind of control method for industrial network data forwarding, it is characterised in that:Including:
Step 1:Industrial network data packet is by one delivery protocols stack module of network interface card, and the protocol stack module is by the industrial network Data packet is forwarded to industry control agreement connection tracking module, while copying the industrial network data packet to DPI modules;
Step 2:The DPI modules are detected the industrial network data packet sent in step 1 according to default rule, It generates the forwarding strategy of the industrial network data packet and is sent to forwarding strategy and issue module;
Step 3:The forwarding strategy issues module and caches the forwarding strategy of the DPI modules transmission and issue forwarding strategy to step The industry control agreement in rapid 1 connects tracking module;
Step 4:Industry control agreement connection tracking module is receiving forwarding strategy and corresponding connection tracking information and corresponding The industrial network data packet, is sent to forwarding control module;
Step 5:The forwarding control module according to the forwarding strategy received to the corresponding industrial network data packet at Reason;When forwarding strategy is to let pass, then the corresponding industrial network data packet is sent to the protocol stack module, via network interface card two It is forwarded to downlink;When forwarding strategy is DROP, then the corresponding industrial network data packet directly abandons;When forwarding plan When being slightly REJECT, if the corresponding industrial network data packet is Transmission Control Protocol, RST packets are replied to the protocol stack mould Block is beamed back via the network interface card one;If the corresponding industrial network data packet is udp protocol, ICMP is replied UNREACHABLE packets are beamed back to the protocol stack module via the network interface card one;
In step 2, forwarding strategy includes:The industrial network data packet five-tuple information and DROP/REJECT strategies;
In step 3, the forwarding strategy issues the mechanism that module issues forwarding strategy and includes:Based on forwarding strategy entry number and Issuing mechanism based on forwarding strategy generated time;It is when the forwarding strategy issues module based on forwarding strategy entry number When the forwarding strategy entry number of caching reaches a certain threshold value, batch is carried out to forwarding strategy and is issued, when reduction user issues respectively To the occupancy of system resource;Based on forwarding strategy generated time, that is, refer to when the forwarding strategy issues the forwarding of module caching When strategy is not up to entry number threshold value in certain threshold time, then current buffered all forwarding strategies are directly issued, with This ensures the timeliness that forwarding strategy issues;
In step 3, it is dual-thread design that the forwarding strategy, which issues module,:One thread is responsible for collecting from the DPI modules Forwarding strategy, another thread issues the forwarding strategy entry number of the forwarding plan of module caching and generated time supervises Control, and forwarding strategy is issued.
2. a kind of control method for industrial network data forwarding according to claim 1, it is characterised in that:The step In rapid 3, the issuing mechanism given threshold based on forwarding strategy entry number is 50.
3. a kind of control method for industrial network data forwarding according to claim 2, it is characterised in that:The step In rapid 3, the issuing mechanism given threshold based on forwarding strategy generated time is one second.
4. a kind of control method for industrial network data forwarding according to claim 3, it is characterised in that:In step In 4, if there is the industrial network data packet does not have corresponding connection tracking information and forwarding strategy, then the industry control agreement connects Connecing tracking module can be that the industrial network data packet creates a new connection tracking information, and it is default by strategy of letting pass at Manage this industrial network data packet.
5. a kind of control method for industrial network data forwarding according to claim 1, it is characterised in that:In step In 4, the industrial network data packet is quickly searched using exclusive or hash algorithm or jhash algorithms.
6. a kind of control system for industrial network data forwarding, it is characterised in that:Including network interface card one, network interface card two, protocol stack Module, DPI modules, forwarding strategy issue module, industry control agreement connection tracking module and forwarding control module;The network interface card one, The network interface card two, industry control agreement connection tracking module and the forwarding control module connect with the protocol stack module respectively It connects, the protocol stack module connects the DPI modules, and the DPI modules connect the forwarding strategy and issue module, the forwarding Policy distribution module connects the industry control agreement and connects tracking module, and the industry control agreement connection tracking module connects the forwarding Control module.
CN201810385735.9A 2018-04-26 2018-04-26 Control method and system for industrial network data forwarding Active CN108667741B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810385735.9A CN108667741B (en) 2018-04-26 2018-04-26 Control method and system for industrial network data forwarding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810385735.9A CN108667741B (en) 2018-04-26 2018-04-26 Control method and system for industrial network data forwarding

Publications (2)

Publication Number Publication Date
CN108667741A true CN108667741A (en) 2018-10-16
CN108667741B CN108667741B (en) 2021-11-12

Family

ID=63781154

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810385735.9A Active CN108667741B (en) 2018-04-26 2018-04-26 Control method and system for industrial network data forwarding

Country Status (1)

Country Link
CN (1) CN108667741B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019431A (en) * 2019-05-29 2020-12-01 阿里巴巴集团控股有限公司 Method, device and equipment for processing forwarding rule

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110258324A1 (en) * 2009-06-08 2011-10-20 Comcast Cable Communications, Llc Management of Shared Access Network
CN104283801A (en) * 2013-07-04 2015-01-14 中兴通讯股份有限公司 Method and system for processing service data
CN104639451A (en) * 2013-11-14 2015-05-20 中兴通讯股份有限公司 Data flow distribution method and controller
CN104717101A (en) * 2013-12-13 2015-06-17 中国电信股份有限公司 Deep packet inspection method and system
CN104753704A (en) * 2013-12-27 2015-07-01 中兴通讯股份有限公司 State migration method in SDN (software defined network) and switch
CN105281986A (en) * 2014-05-28 2016-01-27 中国移动通信集团公司 Method, device and system for transmitting data stream
CN106375309A (en) * 2016-08-31 2017-02-01 北京青石绿网科技有限公司 DPI data security management method of mobile device
CN106911588A (en) * 2015-12-22 2017-06-30 中国电信股份有限公司 Methods, devices and systems for realizing deep-packet detection optimization
CN106972985A (en) * 2017-03-29 2017-07-21 网宿科技股份有限公司 Accelerate the method and DPI equipment of the processing of DPI device datas and forwarding
CN107078946A (en) * 2015-09-30 2017-08-18 华为技术有限公司 Processing method, the device and system of business stream process strategy
US9800508B2 (en) * 2015-01-09 2017-10-24 Dell Products L.P. System and method of flow shaping to reduce impact of incast communications

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110258324A1 (en) * 2009-06-08 2011-10-20 Comcast Cable Communications, Llc Management of Shared Access Network
CN104283801A (en) * 2013-07-04 2015-01-14 中兴通讯股份有限公司 Method and system for processing service data
CN104639451A (en) * 2013-11-14 2015-05-20 中兴通讯股份有限公司 Data flow distribution method and controller
CN104717101A (en) * 2013-12-13 2015-06-17 中国电信股份有限公司 Deep packet inspection method and system
CN104753704A (en) * 2013-12-27 2015-07-01 中兴通讯股份有限公司 State migration method in SDN (software defined network) and switch
CN105281986A (en) * 2014-05-28 2016-01-27 中国移动通信集团公司 Method, device and system for transmitting data stream
US9800508B2 (en) * 2015-01-09 2017-10-24 Dell Products L.P. System and method of flow shaping to reduce impact of incast communications
CN107078946A (en) * 2015-09-30 2017-08-18 华为技术有限公司 Processing method, the device and system of business stream process strategy
CN106911588A (en) * 2015-12-22 2017-06-30 中国电信股份有限公司 Methods, devices and systems for realizing deep-packet detection optimization
CN106375309A (en) * 2016-08-31 2017-02-01 北京青石绿网科技有限公司 DPI data security management method of mobile device
CN106972985A (en) * 2017-03-29 2017-07-21 网宿科技股份有限公司 Accelerate the method and DPI equipment of the processing of DPI device datas and forwarding

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019431A (en) * 2019-05-29 2020-12-01 阿里巴巴集团控股有限公司 Method, device and equipment for processing forwarding rule

Also Published As

Publication number Publication date
CN108667741B (en) 2021-11-12

Similar Documents

Publication Publication Date Title
US10484278B2 (en) Application-based network packet forwarding
KR101900154B1 (en) SDN capable of detection DDoS attacks and switch including the same
CN100555991C (en) The method of message access control, forwarding engine device and communication equipment
CN101924764B (en) Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism
US8694651B2 (en) Method and system for implementing network proxy
CN101083563A (en) Method and apparatus for preventing distributed refuse service attack
CA2540802A1 (en) Method and apparatus for traffic control of dynamic denial of service attacks within a communications network
CN104104558B (en) A kind of method that network storm suppresses in transformer station process layer communication
CN102325092B (en) Message processing method and equipment
CN101227289A (en) Uniform intimidation managing device and loading method of intimidation defense module
CN105610813B (en) Honey pot system and method between a kind of mobile radio communication
CN105631743A (en) Method and system for ATM transaction real-time traffic control
CN102394925A (en) Communication method and device for remote monitoring diagnosis center and area regulation center
EP1804465A1 (en) Collaborative communication traffic control network
CN103117946A (en) Flow sharing method based on combined application of isolating device and isolation gateway
TW201124876A (en) System and method for guarding against dispersive blocking attacks
CN101917425A (en) Centralized cleaning system and method for internet bar flow in manner of bidirectional online
CN101494639A (en) Method and apparatus for preventing aggression in packet communication system
CN103067359A (en) System and method based on connection multiplexing and capable of improving server concurrent processing capacity
CN106534048A (en) Method of preventing SDN denial of service attack, switch and system
CN103747472B (en) Noninductive tandem system on basis of circuit switch domain No.7 signaling network
CN104519012A (en) SIP-protocol-based method and system for detecting communication network attack
CN108667741A (en) A kind of control method and system for industrial network data forwarding
CN105959334A (en) DDos attack automatic defense system and method
CN102082734B (en) Service message transmission method and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant