CN108667741A - A kind of control method and system for industrial network data forwarding - Google Patents
A kind of control method and system for industrial network data forwarding Download PDFInfo
- Publication number
- CN108667741A CN108667741A CN201810385735.9A CN201810385735A CN108667741A CN 108667741 A CN108667741 A CN 108667741A CN 201810385735 A CN201810385735 A CN 201810385735A CN 108667741 A CN108667741 A CN 108667741A
- Authority
- CN
- China
- Prior art keywords
- forwarding
- module
- network data
- industrial network
- forwarding strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2425—Traffic characterised by specific attributes, e.g. priority or QoS for supporting services specification, e.g. SLA
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
- H04L43/106—Active monitoring, e.g. heartbeat, ping or trace-route using time related information in packets, e.g. by adding timestamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/30—Routing of multiclass traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
- H04L45/7453—Address table lookup; Address filtering using hashing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/29—Flow control; Congestion control using a combination of thresholds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of control methods and system for industrial network data forwarding, industrial network data packet passes through one delivery protocols stack module of network interface card, industrial network data packet is forwarded to industry control agreement and connects tracking module by protocol stack module, while copying industrial network data packet to DPI modules;DPI modules are detected industrial network data packet according to default rule, generate the forwarding strategy of industrial network data packet and are sent to forwarding strategy and issue module;A kind of control method and system for industrial network data forwarding of the invention, module and forwarding control module are issued with the use of protocol stack module, industry control agreement connection tracking module, DPI modules, forwarding strategy, the procedure control for realizing industrial network data forwarding has the characteristics that data forwarding is efficient, occupying system resources are few, forwarding timeliness is strong and Information Security is high.
Description
Technical field
The invention belongs to filed of network information security, more particularly, to a kind of controlling party for industrial network data forwarding
Method and system.
Background technology
With the development of modern information technologies, industrial network gradually moves towards open, interconnection and general, and then to industrial network
Safety higher requirements are also raised.It must assure that the real-time of data forwarding, stability and safety in industrial network.
Under prior art conditions, the data forwarding in industrial network mainly uses application layer DPI forwardings+bypass (other
Road) forwarding.Data packet is collected from kernel spacing by application layer DPI modules, and parses data packet, by message and application layer DPI
The safety that the rule of maintenance carries out matching judgement message is then sent message by application layer DPI modules when judging that message is safe
Kernel transfers to protocol stack to send out message.When DPI is abnormal or busy, Bypass functions, industrial network data traffic can be opened
No longer by protecting equipment, directly into downlink.
It is forwarded using this application layer DPI, industrial network data packet first need to be gone to application layer from inner nuclear layer, by application layer
After DPI analyses, then data are given to inner nuclear layer from application layer and are sent out, centre is related to the data between inner nuclear layer and application layer twice
Copy, reduces forward efficiency.When application layer DPI is busy, forward efficiency can further decrease, and normally behave as network delay
Increase, it is difficult to meet the requirement of real-time of industrial network.When application layer DPI module exceptions, industrial control system network traffic will disconnect,
This cannot meet the stability requirement of industrial network.Bypass forwardings are further used, handles not in time or answers in application layer DPI
When with layer DPI exceptions, Bypass functions can be opened, industrial control system network traffic is no longer influenced by safeguard protection at this time, and data are forwarded directly to
Downlink, unsafe data can also be forwarded directly to downlink, this makes industrial network, and there are security risks, cannot meet it
Security requirement.
Invention content
In view of this, the present invention is directed to propose a kind of control method and system for industrial network data forwarding, cooperation
Module and forwarding control module are issued using protocol stack module, industry control agreement connection tracking module, DPI modules, forwarding strategy, it is real
The procedure control for having showed industrial network data forwarding, with data forwarding is efficient, occupying system resources are few, forwarding timeliness is strong
And the feature that Information Security is high.
In order to achieve the above objectives, the technical proposal of the invention is realized in this way:
A kind of control method for industrial network data forwarding, including:
Step 1:Industrial network data packet is by one delivery protocols stack module of network interface card, and protocol stack module is by industrial network data
Packet is forwarded to industry control agreement connection tracking module, while copying industrial network data packet to DPI modules;
Step 2:DPI modules are detected the industrial network data packet sent in step 1 according to default rule, generate
The forwarding strategy of industrial network data packet is simultaneously sent to forwarding strategy and issues module;
Step 3:Forwarding strategy issues the forwarding strategy that module caching DPI modules are sent and issues forwarding strategy to step 1
In industry control agreement connect tracking module;
Step 4:Industry control agreement connection tracking module is receiving forwarding strategy and corresponding connection tracking information and corresponding
Industrial network data packet is sent to forwarding control module;
When industrial network data packet gets its corresponding connection tracking information, need to update its connect tracking information when
Between stab.If in a digestion period, connection tracking information is not updated, then this connection tracking information can be aging, with
This come ensure connect tracking information timeliness.
Step 5:Forwarding control module is handled corresponding industrial network data packet according to the forwarding strategy received;When
Forwarding strategy is to let pass, then corresponding industrial network data packet is sent to protocol stack module, and downlink chain is forwarded to via network interface card two
Road;When forwarding strategy is DROP, then corresponding industrial network data packet directly abandons;When forwarding strategy is REJECT, such as
The corresponding industrial network data packet of fruit is Transmission Control Protocol, then replys RST packets to protocol stack module, beamed back via network interface card one;If right
The industrial network data packet answered is udp protocol, then replys ICMP UNREACHABLE packets to protocol stack module, sent out via network interface card one
It returns;
In step 2, forwarding strategy includes:Industrial network data packet five-tuple information and DROP/REJECT strategies;
In step 3, forwarding strategy issues the mechanism that module issues forwarding strategy and includes:Based on forwarding strategy entry number and
Issuing mechanism based on forwarding strategy generated time;It is when forwarding strategy issues module caching based on forwarding strategy entry number
Forwarding strategy entry number when reaching a certain threshold value, batch is carried out to forwarding strategy and is issued, is reduced when user issues respectively to being
The occupancy for resource of uniting;Based on forwarding strategy generated time, that is, refer to when forwarding strategy issues the forwarding strategy of module caching at certain
When being not up to entry number threshold value in threshold time, then current buffered all forwarding strategies are directly issued, ensures to turn with this
Send out the timeliness of policy distribution;
In step 3, it is dual-thread design that forwarding strategy, which issues module,:One thread is responsible for collecting forwarding from DPI modules
Strategy, another thread issues forwarding strategy the entry number of the forwarding plan of module caching and generated time is monitored, and right
Forwarding strategy is issued.
Further, in step 3, the issuing mechanism given threshold based on forwarding strategy entry number is 50.
Further, in step 3, the issuing mechanism given threshold based on forwarding strategy generated time is one second.
Further, in step 4, if there is industrial network data packet does not have corresponding connection tracking information and forwarding plan
Slightly, then industry control agreement connection tracking module can be the industrial network data packet one new connection tracking information of establishment, and default
By letting pass, strategy handles this industrial network data packet.
Further, in step 4, industrial network data packet is carried out using exclusive or hash algorithm or jhash algorithms fast
Quick checking is looked for.
The forward efficiency of data can be effectively increased substantially using exclusive or hash algorithm or jhash algorithms.
A kind of control system for industrial network data forwarding, including network interface card one, network interface card two, protocol stack module, DPI moulds
Block, forwarding strategy issue module, industry control agreement connection tracking module and forwarding control module;Network interface card one, network interface card two, industry control agreement
Connection tracking module and forwarding control module are connect with protocol stack module respectively, and protocol stack module connects DPI modules, DPI modules
Connection forwarding strategy issues module, and forwarding strategy issues module connection industry control agreement connection tracking module, the connection of industry control agreement with
Track module connection forwarding control module.
Compared with the existing technology, a kind of control method and system for industrial network data forwarding of the invention, with
Lower advantage:
A kind of control method and system for industrial network data forwarding of the invention, with the use of protocol stack module, work
Control agreement connection tracking module, DPI modules, forwarding strategy issue module and forwarding control module, realize industrial network data
The procedure of forwarding controls, with data forwarding is efficient, occupying system resources are few, forwarding timeliness is strong and Information Security is high
Feature.
Description of the drawings
The attached drawing for constituting the part of the present invention is used to provide further understanding of the present invention, schematic reality of the invention
Example and its explanation are applied for explaining the present invention, is not constituted improper limitations of the present invention.
In the accompanying drawings:
Fig. 1 is a kind of control method principle schematic for industrial network data forwarding of the embodiment of the present invention;
Fig. 2 is that a kind of control method exclusive or hash algorithm principle for industrial network data forwarding of the embodiment of the present invention is shown
It is intended to;
Specific implementation mode
It should be noted that in the absence of conflict, the feature in embodiment and embodiment in the present invention can phase
Mutually combination.
In the description of the present invention, it is to be understood that, term "center", " longitudinal direction ", " transverse direction ", "upper", "lower",
The orientation or positional relationship of the instructions such as "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is
It is based on the orientation or positional relationship shown in the drawings, is merely for convenience of description of the present invention and simplification of the description, rather than instruction or dark
Show that signified device or element must have a particular orientation, with specific azimuth configuration and operation, therefore should not be understood as pair
The limitation of the present invention.In addition, term " first ", " second " etc. are used for description purposes only, it is not understood to indicate or imply phase
To importance or implicitly indicate the quantity of indicated technical characteristic.The feature for defining " first ", " second " etc. as a result, can
To express or implicitly include one or more this feature.In the description of the present invention, unless otherwise indicated, " multiple "
It is meant that two or more.
In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
Can also be electrical connection to be mechanical connection;It can be directly connected, can also indirectly connected through an intermediary, Ke Yishi
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood by concrete condition
Concrete meaning in the present invention.
The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
As shown in Figure 1, a kind of control method for industrial network data forwarding, including:
Step 1:Industrial network data packet is by one delivery protocols stack module of network interface card, and protocol stack module is by industrial network data
Packet is forwarded to industry control agreement connection tracking module, while copying industrial network data packet to DPI modules;
Step 2:DPI modules are detected the industrial network data packet sent in step 1 according to default rule, generate
The forwarding strategy of industrial network data packet is simultaneously sent to forwarding strategy and issues module;
Step 3:Forwarding strategy issues the forwarding strategy that module caching DPI modules are sent and issues forwarding strategy to step 1
In industry control agreement connect tracking module;
Step 4:Industry control agreement connection tracking module is receiving forwarding strategy and corresponding connection tracking information and corresponding
Industrial network data packet is sent to forwarding control module;
When industrial network data packet gets its corresponding connection tracking information, need to update its connect tracking information when
Between stab.If in a digestion period, connection tracking information is not updated, then this connection tracking information can be aging, with
This come ensure connect tracking information timeliness.
Step 5:Forwarding control module is handled corresponding industrial network data packet according to the forwarding strategy received;When
Forwarding strategy is to let pass, then corresponding industrial network data packet is sent to protocol stack module, and downlink chain is forwarded to via network interface card two
Road;When forwarding strategy is DROP, then corresponding industrial network data packet directly abandons;When forwarding strategy is REJECT, such as
The corresponding industrial network data packet of fruit is Transmission Control Protocol, then replys RST packets to protocol stack module, beamed back via network interface card one;If right
The industrial network data packet answered is udp protocol, then replys ICMP UNREACHABLE packets to protocol stack module, sent out via network interface card one
It returns;
In step 2, forwarding strategy includes:Industrial network data packet five-tuple information and DROP/REJECT strategies;
In step 3, forwarding strategy issues the mechanism that module issues forwarding strategy and includes:Based on forwarding strategy entry number and
Issuing mechanism based on forwarding strategy generated time;It is when forwarding strategy issues module caching based on forwarding strategy entry number
Forwarding strategy entry number when reaching a certain threshold value, batch is carried out to forwarding strategy and is issued, is reduced when user issues respectively to being
The occupancy for resource of uniting;Based on forwarding strategy generated time, that is, refer to when forwarding strategy issues the forwarding strategy of module caching at certain
When being not up to entry number threshold value in threshold time, then current buffered all forwarding strategies are directly issued, ensures to turn with this
Send out the timeliness of policy distribution;
In step 3, it is dual-thread design that forwarding strategy, which issues module,:One thread is responsible for collecting forwarding from DPI modules
Strategy, another thread issues forwarding strategy the entry number of the forwarding plan of module caching and generated time is monitored, and right
Forwarding strategy is issued.
In step 3, the issuing mechanism given threshold based on forwarding strategy entry number is 50.
In step 3, the issuing mechanism given threshold based on forwarding strategy generated time is one second.
In step 4, if there is industrial network data packet does not have corresponding connection tracking information and forwarding strategy, then industry control
It can be the industrial network data packet one new connection tracking information of establishment that agreement, which connects tracking module, and default by strategy of letting pass
Handle this industrial network data packet.
As shown in Fig. 2, in the present embodiment, in step 4, being carried out to industrial network data packet using exclusive or hash algorithm
Quickly search.
As shown in Fig. 2, in the present embodiment, exclusive or hash algorithm is as follows:
Hash=(1^3^5^7^9^11^13) & (2^4^6^8^10^12)
Algorithm flow is:First five-tuple information symmetrical is arranged, odd-even interleaving exclusive or is then carried out, finally by exclusive or result
Juxtaposition exports, and the forward efficiency of data can be effectively increased substantially using exclusive or hash algorithm.
A kind of control system for industrial network data forwarding, including network interface card one, network interface card two, protocol stack module, DPI moulds
Block, forwarding strategy issue module, industry control agreement connection tracking module and forwarding control module;Network interface card one, network interface card two, industry control agreement
Connection tracking module and forwarding control module are connect with protocol stack module respectively, and protocol stack module connects DPI modules, DPI modules
Connection forwarding strategy issues module, and forwarding strategy issues module connection industry control agreement connection tracking module, the connection of industry control agreement with
Track module connection forwarding control module.
The above is merely preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and
Within principle, any modification, equivalent replacement, improvement and so on should all be included in the protection scope of the present invention.
Claims (6)
1. a kind of control method for industrial network data forwarding, it is characterised in that:Including:
Step 1:Industrial network data packet is by one delivery protocols stack module of network interface card, and the protocol stack module is by the industrial network
Data packet is forwarded to industry control agreement connection tracking module, while copying the industrial network data packet to DPI modules;
Step 2:The DPI modules are detected the industrial network data packet sent in step 1 according to default rule,
It generates the forwarding strategy of the industrial network data packet and is sent to forwarding strategy and issue module;
Step 3:The forwarding strategy issues module and caches the forwarding strategy of the DPI modules transmission and issue forwarding strategy to step
The industry control agreement in rapid 1 connects tracking module;
Step 4:Industry control agreement connection tracking module is receiving forwarding strategy and corresponding connection tracking information and corresponding
The industrial network data packet, is sent to forwarding control module;
Step 5:The forwarding control module according to the forwarding strategy received to the corresponding industrial network data packet at
Reason;When forwarding strategy is to let pass, then the corresponding industrial network data packet is sent to the protocol stack module, via network interface card two
It is forwarded to downlink;When forwarding strategy is DROP, then the corresponding industrial network data packet directly abandons;When forwarding plan
When being slightly REJECT, if the corresponding industrial network data packet is Transmission Control Protocol, RST packets are replied to the protocol stack mould
Block is beamed back via the network interface card one;If the corresponding industrial network data packet is udp protocol, ICMP is replied
UNREACHABLE packets are beamed back to the protocol stack module via the network interface card one;
In step 2, forwarding strategy includes:The industrial network data packet five-tuple information and DROP/REJECT strategies;
In step 3, the forwarding strategy issues the mechanism that module issues forwarding strategy and includes:Based on forwarding strategy entry number and
Issuing mechanism based on forwarding strategy generated time;It is when the forwarding strategy issues module based on forwarding strategy entry number
When the forwarding strategy entry number of caching reaches a certain threshold value, batch is carried out to forwarding strategy and is issued, when reduction user issues respectively
To the occupancy of system resource;Based on forwarding strategy generated time, that is, refer to when the forwarding strategy issues the forwarding of module caching
When strategy is not up to entry number threshold value in certain threshold time, then current buffered all forwarding strategies are directly issued, with
This ensures the timeliness that forwarding strategy issues;
In step 3, it is dual-thread design that the forwarding strategy, which issues module,:One thread is responsible for collecting from the DPI modules
Forwarding strategy, another thread issues the forwarding strategy entry number of the forwarding plan of module caching and generated time supervises
Control, and forwarding strategy is issued.
2. a kind of control method for industrial network data forwarding according to claim 1, it is characterised in that:The step
In rapid 3, the issuing mechanism given threshold based on forwarding strategy entry number is 50.
3. a kind of control method for industrial network data forwarding according to claim 2, it is characterised in that:The step
In rapid 3, the issuing mechanism given threshold based on forwarding strategy generated time is one second.
4. a kind of control method for industrial network data forwarding according to claim 3, it is characterised in that:In step
In 4, if there is the industrial network data packet does not have corresponding connection tracking information and forwarding strategy, then the industry control agreement connects
Connecing tracking module can be that the industrial network data packet creates a new connection tracking information, and it is default by strategy of letting pass at
Manage this industrial network data packet.
5. a kind of control method for industrial network data forwarding according to claim 1, it is characterised in that:In step
In 4, the industrial network data packet is quickly searched using exclusive or hash algorithm or jhash algorithms.
6. a kind of control system for industrial network data forwarding, it is characterised in that:Including network interface card one, network interface card two, protocol stack
Module, DPI modules, forwarding strategy issue module, industry control agreement connection tracking module and forwarding control module;The network interface card one,
The network interface card two, industry control agreement connection tracking module and the forwarding control module connect with the protocol stack module respectively
It connects, the protocol stack module connects the DPI modules, and the DPI modules connect the forwarding strategy and issue module, the forwarding
Policy distribution module connects the industry control agreement and connects tracking module, and the industry control agreement connection tracking module connects the forwarding
Control module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810385735.9A CN108667741B (en) | 2018-04-26 | 2018-04-26 | Control method and system for industrial network data forwarding |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810385735.9A CN108667741B (en) | 2018-04-26 | 2018-04-26 | Control method and system for industrial network data forwarding |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108667741A true CN108667741A (en) | 2018-10-16 |
CN108667741B CN108667741B (en) | 2021-11-12 |
Family
ID=63781154
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810385735.9A Active CN108667741B (en) | 2018-04-26 | 2018-04-26 | Control method and system for industrial network data forwarding |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108667741B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112019431A (en) * | 2019-05-29 | 2020-12-01 | 阿里巴巴集团控股有限公司 | Method, device and equipment for processing forwarding rule |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110258324A1 (en) * | 2009-06-08 | 2011-10-20 | Comcast Cable Communications, Llc | Management of Shared Access Network |
CN104283801A (en) * | 2013-07-04 | 2015-01-14 | 中兴通讯股份有限公司 | Method and system for processing service data |
CN104639451A (en) * | 2013-11-14 | 2015-05-20 | 中兴通讯股份有限公司 | Data flow distribution method and controller |
CN104717101A (en) * | 2013-12-13 | 2015-06-17 | 中国电信股份有限公司 | Deep packet inspection method and system |
CN104753704A (en) * | 2013-12-27 | 2015-07-01 | 中兴通讯股份有限公司 | State migration method in SDN (software defined network) and switch |
CN105281986A (en) * | 2014-05-28 | 2016-01-27 | 中国移动通信集团公司 | Method, device and system for transmitting data stream |
CN106375309A (en) * | 2016-08-31 | 2017-02-01 | 北京青石绿网科技有限公司 | DPI data security management method of mobile device |
CN106911588A (en) * | 2015-12-22 | 2017-06-30 | 中国电信股份有限公司 | Methods, devices and systems for realizing deep-packet detection optimization |
CN106972985A (en) * | 2017-03-29 | 2017-07-21 | 网宿科技股份有限公司 | Accelerate the method and DPI equipment of the processing of DPI device datas and forwarding |
CN107078946A (en) * | 2015-09-30 | 2017-08-18 | 华为技术有限公司 | Processing method, the device and system of business stream process strategy |
US9800508B2 (en) * | 2015-01-09 | 2017-10-24 | Dell Products L.P. | System and method of flow shaping to reduce impact of incast communications |
-
2018
- 2018-04-26 CN CN201810385735.9A patent/CN108667741B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110258324A1 (en) * | 2009-06-08 | 2011-10-20 | Comcast Cable Communications, Llc | Management of Shared Access Network |
CN104283801A (en) * | 2013-07-04 | 2015-01-14 | 中兴通讯股份有限公司 | Method and system for processing service data |
CN104639451A (en) * | 2013-11-14 | 2015-05-20 | 中兴通讯股份有限公司 | Data flow distribution method and controller |
CN104717101A (en) * | 2013-12-13 | 2015-06-17 | 中国电信股份有限公司 | Deep packet inspection method and system |
CN104753704A (en) * | 2013-12-27 | 2015-07-01 | 中兴通讯股份有限公司 | State migration method in SDN (software defined network) and switch |
CN105281986A (en) * | 2014-05-28 | 2016-01-27 | 中国移动通信集团公司 | Method, device and system for transmitting data stream |
US9800508B2 (en) * | 2015-01-09 | 2017-10-24 | Dell Products L.P. | System and method of flow shaping to reduce impact of incast communications |
CN107078946A (en) * | 2015-09-30 | 2017-08-18 | 华为技术有限公司 | Processing method, the device and system of business stream process strategy |
CN106911588A (en) * | 2015-12-22 | 2017-06-30 | 中国电信股份有限公司 | Methods, devices and systems for realizing deep-packet detection optimization |
CN106375309A (en) * | 2016-08-31 | 2017-02-01 | 北京青石绿网科技有限公司 | DPI data security management method of mobile device |
CN106972985A (en) * | 2017-03-29 | 2017-07-21 | 网宿科技股份有限公司 | Accelerate the method and DPI equipment of the processing of DPI device datas and forwarding |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112019431A (en) * | 2019-05-29 | 2020-12-01 | 阿里巴巴集团控股有限公司 | Method, device and equipment for processing forwarding rule |
Also Published As
Publication number | Publication date |
---|---|
CN108667741B (en) | 2021-11-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10484278B2 (en) | Application-based network packet forwarding | |
KR101900154B1 (en) | SDN capable of detection DDoS attacks and switch including the same | |
CN100555991C (en) | The method of message access control, forwarding engine device and communication equipment | |
CN101924764B (en) | Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism | |
US8694651B2 (en) | Method and system for implementing network proxy | |
CN101083563A (en) | Method and apparatus for preventing distributed refuse service attack | |
CA2540802A1 (en) | Method and apparatus for traffic control of dynamic denial of service attacks within a communications network | |
CN104104558B (en) | A kind of method that network storm suppresses in transformer station process layer communication | |
CN102325092B (en) | Message processing method and equipment | |
CN101227289A (en) | Uniform intimidation managing device and loading method of intimidation defense module | |
CN105610813B (en) | Honey pot system and method between a kind of mobile radio communication | |
CN105631743A (en) | Method and system for ATM transaction real-time traffic control | |
CN102394925A (en) | Communication method and device for remote monitoring diagnosis center and area regulation center | |
EP1804465A1 (en) | Collaborative communication traffic control network | |
CN103117946A (en) | Flow sharing method based on combined application of isolating device and isolation gateway | |
TW201124876A (en) | System and method for guarding against dispersive blocking attacks | |
CN101917425A (en) | Centralized cleaning system and method for internet bar flow in manner of bidirectional online | |
CN101494639A (en) | Method and apparatus for preventing aggression in packet communication system | |
CN103067359A (en) | System and method based on connection multiplexing and capable of improving server concurrent processing capacity | |
CN106534048A (en) | Method of preventing SDN denial of service attack, switch and system | |
CN103747472B (en) | Noninductive tandem system on basis of circuit switch domain No.7 signaling network | |
CN104519012A (en) | SIP-protocol-based method and system for detecting communication network attack | |
CN108667741A (en) | A kind of control method and system for industrial network data forwarding | |
CN105959334A (en) | DDos attack automatic defense system and method | |
CN102082734B (en) | Service message transmission method and equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |