CN109981407B - Anti-attack message method and device - Google Patents

Anti-attack message method and device Download PDF

Info

Publication number
CN109981407B
CN109981407B CN201910227728.0A CN201910227728A CN109981407B CN 109981407 B CN109981407 B CN 109981407B CN 201910227728 A CN201910227728 A CN 201910227728A CN 109981407 B CN109981407 B CN 109981407B
Authority
CN
China
Prior art keywords
utilization rate
target
wire
hard
board
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910227728.0A
Other languages
Chinese (zh)
Other versions
CN109981407A (en
Inventor
朱士玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Information Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201910227728.0A priority Critical patent/CN109981407B/en
Publication of CN109981407A publication Critical patent/CN109981407A/en
Application granted granted Critical
Publication of CN109981407B publication Critical patent/CN109981407B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/24Multipath
    • H04L45/245Link aggregation, e.g. trunking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the disclosure provides an anti-attack message method and device, and relates to the technical field of information transmission. The method comprises the steps of obtaining the utilization rate of the hard wire of each wire clamping plate in the communication equipment, comparing the utilization rate of the hard wire of the maintenance plate with a first preset threshold value, if the utilization rate of the hard wire of the maintenance plate is larger than the first preset threshold value, selecting the wire clamping plate meeting the preset requirement from the rest wire clamping plates as a new maintenance plate, wherein the new maintenance plate is used for continuously receiving BFD protocol messages, comparing the utilization rate of the hard wire of the maintenance plate with the first preset threshold value, switching the maintenance plate with the utilization rate larger than the first preset threshold value, and switching the maintenance plate into the wire clamping plate meeting the preset condition, so that the problems that a large number of attack messages squeeze the normal BFD protocol messages, further protocol oscillation is generated, and even service forwarding packet loss is caused are solved.

Description

Anti-attack message method and device
Technical Field
The present disclosure relates to the field of information transmission technologies, and in particular, to a method and an apparatus for preventing an attack packet.
Background
With the development of networks and the advancement of technologies, the requirements of communication devices on reliability are higher and higher, for example, in order to reduce the influence of device failure on services and improve the reliability of communication, communication failure needs to be detected as soon as possible between communication devices, so that measures are taken in time to ensure that services continue.
At present, the BFD (Bidirectional Forwarding Detection) can realize fast Detection and monitor the Forwarding connectivity state of a link or an IP route in a network, and improve the network performance. BFD establishes a session on two communication devices for detecting a bidirectional forwarding path between the communication devices to serve upper layer applications. After the served upper layer application informs the neighbor information of the served upper layer application to establish a session, the BFD periodically sends a BFD protocol message through a line card board serving as a maintenance board on the communication equipment, and if the maintenance board does not receive the BFD protocol message sent by opposite-end communication equipment within the detection time, the link is considered to have a fault.
However, the BFD protocol messages received by the maintenance board in the communication device are processed by a hard thread alone, and the BFD protocol messages matching the BFD white list are not speed-limited, so when a BFD protocol attack message reaches the maintenance board, the hard thread cannot distinguish normal BFD protocol messages from attack messages, and still processes the messages according to the order of the received messages, which may cause a large number of attack messages to squeeze out the normal BFD protocol messages, and further cause protocol oscillation, even cause service forwarding packet loss, and affect service forwarding.
Disclosure of Invention
The disclosed embodiments aim to provide an attack message prevention method and device, so as to solve the problem that when two communication devices communicate with each other, a thread cannot distinguish normal BFD protocol messages from attack messages, and still processes the messages according to the order of the received messages, which may cause a large number of attack messages to squeeze the normal BFD protocol messages, thereby causing protocol oscillation, even causing service forwarding packet loss, and affecting service forwarding.
In order to achieve the above purpose, the embodiments of the present disclosure adopt the following technical solutions:
in a first aspect, an embodiment of the present disclosure provides an attack message prevention method, which is applied to a main control board of a communication device, where the communication device includes a plurality of line card boards, the line card boards form a cross-board aggregation, and one of the line card boards serves as a maintenance board and is configured to receive a BFD protocol message, and the method includes:
acquiring the utilization rate of the hard wire of each wire clamping plate in the communication equipment;
judging whether the utilization rate of the hard thread of the maintenance plate reaches a first preset threshold value or not;
if the first preset threshold is reached, determining the wire clamping board with the minimum hard wire utilization rate in the rest wire clamping boards as a target wire clamping board;
judging whether the target line card board meets a preset condition or not according to the hard wire utilization rate of the target line card board;
and if the preset condition is met, taking the target wire clamping plate as a maintenance plate.
Optionally, judging whether the target cable-clamping board meets a preset condition according to the hard-wire utilization rate of the target cable-clamping board includes: calculating the sum of the hard wire utilization rate of the target wire clamping plate and a reference value; judging whether the sum of the hard wire utilization rate of the target wire clamping plate and a reference value is smaller than a second preset threshold value or not;
if the preset condition is met, the target cable clamping plate is used as a maintenance plate, and the method comprises the following steps:
and if the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is smaller than a second preset threshold value, taking the target wire clamping plate as a maintenance plate.
Optionally, if the preset condition is met, taking the target cable clamping board as a maintenance board, further comprising:
and if the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is not less than a second preset threshold value, terminating the switching process of the maintenance plate.
Optionally, the calculating a sum of the hard wire utilization of the target cable-clamp board and a reference value includes:
judging whether the hard wire utilization rate of the target wire clamping plate is smaller than a third preset threshold value or not;
and if the hard wire utilization rate of the target wire clamping plate is smaller than the third preset threshold value, calculating the sum of the hard wire utilization rate corresponding to the target wire clamping plate and a reference value.
Optionally, after determining whether the hard-line utilization of the target cable card board is smaller than the third preset threshold, the method further includes:
and if the utilization rate of the hard wire of the target wire clamping plate is not less than the third preset threshold value, terminating the switching process of the maintenance plate.
In a second aspect, an embodiment of the present disclosure further provides an attack message prevention device, which is applied to a main control board of a communication device, where the communication device includes a plurality of line card boards, the line card boards form a cross-board aggregation, and one of the line card boards serves as a maintenance board and is used to receive a BFD protocol message, and the device includes: the device comprises an acquisition module, a judgment module and a selection module;
the acquisition module is used for acquiring the utilization rate of the hard wire of each wire clamping plate in the communication equipment;
the judging module is used for judging whether the utilization rate of the hard wire of the maintenance plate reaches a first preset threshold value;
the selecting module is used for determining the wire clamping plate with the minimum hard wire utilization rate in the other wire clamping plates as a target wire clamping plate if the judging module judges that the hard wire utilization rate of the maintenance plate reaches a first preset threshold value; judging whether the target line card board meets a preset condition or not according to the hard wire utilization rate of the target line card board; and if the preset condition is met, taking the target wire clamping plate as a maintenance plate.
Optionally, the selecting module is specifically configured to calculate a sum of a hard-wire utilization rate of the target cable-clamping board and a reference value; judging whether the sum of the hard wire utilization rate of the target wire clamping plate and a reference value is smaller than a second preset threshold value or not; and if the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is smaller than a second preset threshold value, taking the target wire clamping plate as a maintenance plate.
Optionally, the selecting module is further configured to terminate the switching process of the maintenance board if the sum of the hard-line utilization rate of the target line card board and the reference value is not less than a second preset threshold.
Optionally, the selecting module is specifically configured to determine whether a hard-line utilization rate of the target line card board is less than a third preset threshold; and if the hard wire utilization rate of the target wire clamping plate is smaller than the third preset threshold value, calculating the sum of the hard wire utilization rate corresponding to the target wire clamping plate and a reference value.
Optionally, the selecting module is further configured to terminate the switching process of the maintenance board if the hard-line utilization rate of the target line card board is not less than the third preset threshold.
In a third aspect, an embodiment of the present disclosure further provides a communication device, including a main control board and a plurality of line card boards, where each line card board is provided with a convergence port and a non-convergence port; the main control board comprises a storage medium storing a computer program and a processor, and the computer program is read by the processor and executed to implement the method of the first aspect.
In a fourth aspect, an embodiment of the present disclosure further provides a storage medium, where the storage medium stores a computer program, and when the computer program is read and executed by a processor, the storage medium implements the method according to the first aspect.
Compared with the prior art, the embodiment of the disclosure has the following beneficial effects:
in the embodiment of the disclosure, two communication devices communicate with each other, each communication device includes a plurality of line card boards, one line card board is used as a maintenance board for receiving a protocol message, if the hard wire utilization rate of the maintenance board reaches a first preset threshold, a line card board with the minimum hard wire utilization rate among the other line card boards is selected according to a preset requirement to be determined as a target line card board, and if the target line card board meets a preset condition, the target line card board is used as the maintenance board, so that the problem that a large amount of attack messages push away normal BFD protocol messages, and further protocol oscillation occurs, and even service forwarding and packet loss are caused is solved.
Additional features and advantages of the disclosure will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the disclosure. The objectives and other advantages of the disclosure may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
To more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present disclosure and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings may be obtained from the drawings without inventive effort.
Fig. 1 illustrates an aggregated link schematic provided by an embodiment of the present disclosure;
fig. 2 shows a schematic structural diagram of a communication device provided in an embodiment of the present disclosure;
fig. 3 is a schematic flow chart illustrating an attack message prevention method provided by the embodiment of the present disclosure;
fig. 4 is a schematic flow chart illustrating another anti-attack message method provided in the embodiment of the present disclosure;
fig. 5 is a schematic flow chart illustrating another anti-attack message method provided in the embodiment of the present disclosure;
fig. 6 shows a block diagram of another anti-attack message device provided in the embodiment of the present disclosure;
fig. 7 shows a schematic diagram of a main control board structure of a communication device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. The components of the embodiments of the present disclosure, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present disclosure, presented in the figures, is not intended to limit the scope of the claimed disclosure, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the disclosure without making creative efforts, shall fall within the protection scope of the disclosure.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present disclosure, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Referring to fig. 1, fig. 1 shows a schematic diagram of an aggregated link according to an embodiment of the present disclosure. BFD establishes sessions on two communication devices, which may be switches, routers, etc., for detecting bidirectional forwarding paths between the communication devices to serve upper layer protocols, and is not limited herein. BFD does not have a neighbor discovery mechanism by itself, but relies on the upper layer protocol being served to inform its neighbor information to establish a session. After the session is established, the BFD protocol message can be periodically and quickly sent, if the BFD protocol message is not received in the detection time, the link which is bidirectionally forwarded is considered to have a fault, and the upper layer protocol which is served is informed to carry out corresponding processing. The session workflow is briefly described below by taking OSPF (Open Shortest Path First) and BFD as an example in linkage.
In order to reduce the influence of link failure on the service and improve the reliability of the network, the communication device needs to be able to detect the communication failure with the adjacent device as soon as possible, so as to take measures in time and ensure the service to continue. In existing networks, some links typically detect link failures by hardware detection signals, such as SDH (Synchronous Digital Hierarchy) alarms, but not all media are capable of providing hardware detection. At this time, the application needs to rely on the Hello message mechanism of the upper layer protocol for fault detection. The detection time of the upper layer protocol is more than 1 second, and the fault detection time cannot be tolerated for some applications. Meanwhile, in some small three-layer networks, if a routing protocol is not deployed, a Hello message mechanism of the routing protocol cannot be used to detect a fault.
Bidirectional Forwarding Detection (BFD) is a unified Detection mechanism in the whole network, and is used to quickly detect and monitor the Forwarding connectivity status of links or IP routes in the network.
In the detection mechanism, through Ethernet link aggregation, a plurality of Ethernet physical links are bound together to form an Ethernet logical link, so that the purpose of increasing the link bandwidth is achieved, and meanwhile, the bound links can effectively improve the reliability of the link through mutual dynamic backup. Be provided with a plurality of line cardboard in equipment A and the equipment B, a plurality of otter boards and main control board, for example, as shown in fig. 2, be provided with three line cardboard (being line cardboard 1, line cardboard 2 and line cardboard 3), the otter board of connecting the line cardboard and be connected to the main control board of otter board in the equipment A. When the cross-board polymerization is formed between the device a and the device B, the line card board 1, the line card board 2 and the line card board 3 are respectively provided with a polymerization port, and a polymerization link is formed through the polymerization ports, so as to increase the reliability of the BFD protocol message transmission between the links, and in addition, the line card board further comprises a non-polymerization port. In a plurality of line card boards forming the aggregation link, one line card board is determined to serve as a maintenance board, and assuming that the line card board is the line card board 1, the line card board 1 detects the communication state of the aggregation link, that is, the BFD protocol message is sent to the device B through the aggregation port 1.
BFD maintains the session through periodic BFD messages. Each wire clamping plate is provided with a processor, the processor can be a multi-core processor, one processor core is used for executing BFD messages, the utilization rate of the processor core is the utilization rate of the hard wire, of course, the processor core can be only one processor core, and at the moment, the utilization rate of the hard wire is the utilization rate of the processor. The processor on the main control board can acquire the running condition of the processor on each line card board, so that the hard thread utilization rate of the processor core for executing the BFD protocol can be known. When an aggregation port of the maintenance board is attacked by a BFD protocol, a large number of BFD protocol messages can be received, the attack messages can also be uploaded to a processor of the cable clamping board 1 for processing, and the BFD protocol messages are processed in sequence, so that the BFD protocol messages received from the aggregation port 1 cannot be processed in time, BFD detection fails, and finally, the problems of oscillation of an upper-layer protocol and service forwarding packet loss are caused.
As shown in fig. 3, fig. 3 is a schematic flow chart of an attack prevention message method provided by the embodiment of the present disclosure. The method is applied to a main control board of communication equipment, one communication equipment comprises a plurality of line card boards, the line card boards form cross-board aggregation, one line card board for receiving BFD protocol messages serves as a maintenance board, one line card board (namely, the line card board 1) in the equipment A is used for sending the BFD protocol messages and transmitting the BFD protocol messages through an aggregation port, and one line card board (not shown) in the equipment B is used for receiving the BFD protocol messages.
It should be noted that the attack prevention message method according to the embodiment of the present disclosure is not limited by fig. 3 and the following specific sequence, and it should be understood that, in other embodiments, the sequence of some steps in the attack prevention message method according to the embodiment of the present disclosure may be interchanged according to actual needs, or some steps may be omitted or deleted. The flow shown in fig. 3 will be explained in detail in conjunction with the networking structure and the communication device structure of fig. 1 and fig. 2:
s101, obtaining the utilization rate of the hard wire of each wire clamping plate in the communication equipment.
The networking includes a device a and a device B. The equipment A comprises a main control board, a screen plate and three line clamping boards (namely, the line clamping boards 1, the line clamping boards 2 and the line clamping boards 3), wherein each line clamping board is provided with an aggregation port (namely, the aggregation port 1, the aggregation port 2 and the aggregation port 3) for forming a polymerization link for cross-board polymerization with the equipment B at the opposite end, and each line clamping board can also be provided with a non-aggregation port for processing services different from the aggregation ports. The line card board 1 is selected as a maintenance board for detecting the communication state of the aggregation link, a BFD session is established with the device B, and the device A and the device B mutually transmit a BFD protocol message. At this time, the line card board 1 periodically transmits BFD protocol packets to the device B as a maintenance board, and receives the BFD protocol packets transmitted by the device B, and the received BFD protocol packets are uploaded to a processor (CPU) of the line card board 1 to be processed, so as to maintain the BFD session in an UP state.
The aggregation ports and the non-aggregation ports are physical ports, each aggregation port can also be called as a member port of the aggregation, the aggregation ports form aggregation links to communicate with opposite-end equipment, and the non-aggregation ports individually communicate with the opposite-end equipment based on the links formed by the non-aggregation ports.
At this moment, the CPU of the main control board can acquire the hard-line utilization rate of the processor on each line card board in real time, so as to know the current working state of each line card board. Because BFD detection may also exist on the non-aggregation port or BFD detection is performed on an aggregation port forming another aggregation link, the utilization rate of the hard thread of each line card board is increased under the normal working condition of the communication equipment. In this example, the hard-line utilization rate is the utilization rate of the CPU core involved in processing the BFD protocol packet in the CPU on the line card board, the hard-line utilization rate of the line card board 1 is 96%, the hard-line utilization rate of the line card board 2 is 20%, and the hard-line utilization rate of the line card board 3 is 10%.
S102, judging whether the utilization rate of the hard thread of the maintenance plate reaches a first preset threshold value.
The main control board compares the hard thread utilization rate of the maintenance board with a first preset threshold according to the obtained hard thread utilization rate of the maintenance board. If the hard thread utilization rate of the maintenance plate is larger than a first preset threshold value, it indicates that the hard thread utilization rate of the maintenance plate is too high and is no longer suitable for continuously receiving BFD protocol messages, and if the hard thread utilization rate of the maintenance plate is not larger than the first preset threshold value, it indicates that the hard thread utilization rate of the maintenance plate can also be continuously used for receiving BFD protocol messages. In practical application, a first preset threshold value is set according to actual needs. Taking the communication device shown in fig. 2 as an example, when the aggregation port of the line card board 1 is attacked by the BFD protocol, the hard thread utilization rate of the CPU on the line card board 1 may abnormally increase to 96%, and at this time, if the first preset threshold is set to 90%, it may be considered that the line card board 1 is greater than the first preset threshold.
And S103, if the first preset threshold is reached, determining the wire clamping plate with the minimum hard wire utilization rate in the rest wire clamping plates as a target wire clamping plate.
If the hard thread utilization rate of the maintenance plate is determined to be greater than the first preset threshold value, it indicates that the maintenance plate may be attacked and is no longer suitable for continuously receiving the BFD protocol messages, and it is necessary to select other line card plates meeting the preset requirements in the communication device as the maintenance plate for continuously receiving the BFD protocol messages.
Optionally, when the hard wire utilization rate of the maintenance board is greater than a first preset threshold, the hard wire utilization rates of all the wire clamping boards may be sorted in the order from small to large, then the wire clamping board with the smallest hard wire utilization rate among the remaining wire clamping boards is selected, the wire clamping board is used as a target wire clamping board, and whether switching is performed or not is further judged according to preset conditions. For example, for the apparatus a, the wire chuck plate 3 may be selected as the target wire chuck plate.
And S104, judging whether the target line card board meets the preset condition according to the hard wire utilization rate of the target line card board.
The target line card board is not necessarily suitable for receiving the BFD protocol message, and the hard line utilization rate of the line card board with the minimum obtained hard line utilization rate needs to be further judged, whether the hard line utilization rate of the line card board meets a preset condition is judged, the preset condition is set according to actual needs, no specific limitation is made here, and the preset condition is used for judging whether the target line card board can be used as a maintenance board to carry out detection of a polymerization link.
And S105, if the preset conditions are met, taking the target wire clamping plate as a maintenance plate.
And if the hard thread utilization rate of the target line card board meets the preset condition, taking the target line card board as a new maintenance board for continuously receiving the BFD protocol message.
The preset condition can be setting a preset threshold value, comparing the hard wire utilization rate of the target wire clamping plate with the preset threshold value, if the hard wire utilization rate of the target wire clamping plate is not larger than the preset threshold value, taking the target wire clamping plate as a new maintenance plate, if the hard wire utilization rate of the target wire clamping plate is larger than the preset threshold value, the current maintenance plate is not switched, the current maintenance plate continues to send and receive BFD protocol messages, and BFD conversation is maintained.
It should be noted that, if the hard wire utilization rate of the target wire clamping plate is compared with a preset threshold, and if the hard wire utilization rate of the target wire clamping plate is not greater than the preset threshold, the target wire clamping plate is used as a new maintenance plate, and at this time, the preset threshold needs to be smaller than a first preset threshold.
According to the attack message prevention method provided by the embodiment, the hard wire utilization rate of each wire clamping plate in the communication equipment is obtained, then the hard wire utilization rate of the maintenance plate is compared with a first preset threshold value, if the hard wire utilization rate of the maintenance plate is larger than the first preset threshold value, the wire clamping plate meeting the preset requirement is selected from the rest wire clamping plates to serve as a new maintenance plate, the new maintenance plate is used for continuously receiving BFD protocol messages, the maintenance plate with the utilization rate larger than the first preset threshold value is switched to be the wire clamping plate meeting the preset condition through comparing the hard wire utilization rate of the maintenance plate with the first preset threshold value, and therefore the problems that a large number of attack messages squeeze normal BFD protocol messages out, protocol oscillation is generated, and even service forwarding packet loss is caused are solved.
Optionally, fig. 4 shows a schematic flow chart of another anti-attack message method provided by the embodiment of the present disclosure. As shown in figure 4 of the drawings,
the above-mentioned hard line utilization ratio according to the target line cardboard judges whether the target line cardboard satisfies preset conditions, include:
s201, calculating the sum of the hard wire utilization rate of the target wire clamping plate and a reference value.
The reference value may be a pre-configured value or a value calculated according to other parameters. For example, the mapping relationship is established according to the utilization rate of the hard thread, the number of sessions, etc., and the disclosure is not particularly limited.
Alternatively, the reference value is related to the processing capability of the CPU, for example, when the communication device has 128 BFD sessions of 10ms × 3, the value of the hard thread utilization rate of the device is determined, and the value of the hard thread utilization rate is obtained as the reference value of the device. Namely, the utilization rate of the hard thread when the preset session is satisfied is used as a reference value.
S202, judging whether the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is smaller than a second preset threshold value.
A second preset threshold, for example, 50%, is preset, and the second preset threshold is used to determine whether the target cable chuck plate can be used as a new maintenance plate. Specifically, the hard wire utilization rate of the target wire clamping plate and the reference value of the target wire clamping plate are obtained, the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is obtained, and whether the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is smaller than a second preset threshold value or not is judged.
If the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is smaller than a second preset threshold value, taking the target wire clamping plate as a new maintenance plate for receiving a BFD protocol message; if the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is not less than a second preset threshold value, no wire clamping plate in the equipment meets the condition of serving as a maintenance plate, and the BFD protocol message in the maintenance plate is kept alive.
Correspondingly, if the preset condition is met, the step of using the target cable clamp plate as a maintenance plate includes: and if the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is smaller than a second preset threshold value, taking the target wire clamping plate as a maintenance plate, namely taking the target wire clamping plate as a new maintenance plate for continuously receiving the BFD protocol message.
For example, if the obtained hard wire utilization rate of the maintenance board is 96%, the first preset threshold is 90%, and the obtained hard wire utilization rate is greater than the first preset threshold, then in the communication device, if the obtained hard wire utilization rate of the target wire clamping board is 10%, the reference value is 30%, the second preset threshold is 50%, the sum of the hard wire utilization rate of the target wire clamping board and the reference value is 40%, and is less than the second preset threshold 50%, the target wire clamping board is used as the maintenance board, and for an aggregation link formed by the aggregation port 1 of the wire clamping board 1, the aggregation port 2 of the wire clamping board 2, and the aggregation port 3 of the wire clamping board 3, the wire clamping board 3 can be used as the maintenance board for continuously receiving the BFD protocol message.
Optionally, if the preset condition is met, taking the target cable clamping board as a maintenance board, further comprising:
if the sum of the hard thread utilization rate of the target line card board and the reference value is not less than the second preset threshold, it is indicated that it is difficult to ensure the stability of the aggregation link even if the maintenance board is switched. At this time, the switching process of the maintenance board is terminated, that is, the original maintenance board still receives the BFD protocol message without switching the maintenance board, and an alarm is given to prompt that a problem of protocol oscillation may occur on the aggregation link.
Optionally, fig. 5 shows a schematic flow chart of another anti-attack message method provided in the embodiment of the present disclosure. As shown in fig. 5, the calculating the sum of the hard-wire utilization ratio of the target cable-clamp board and the preset reference value may include:
s301, judging whether the utilization rate of the hard wire of the target wire clamping plate is smaller than a third preset threshold value.
And S302, if the hard wire utilization rate of the target wire clamping plate is smaller than the third preset threshold, calculating the sum of the hard wire utilization rate corresponding to the target wire clamping plate and a reference value.
Before the sum of the hard wire utilization rate of the target wire clamping plate and the preset reference value is calculated, the target wire clamping plate can be screened once, so that the process of calculating the sum of the hard wire utilization rate and the preset reference value is reduced. At this time, the hard wire utilization rate of the target wire clamping plate can be directly compared with a third preset threshold, if the hard wire utilization rate of the target wire clamping plate is directly greater than the third preset threshold, the judgment of whether the sum of the hard wire utilization rate of the target wire clamping plate and the reference value of the target wire clamping plate is smaller than the second preset threshold is not needed, if the hard wire utilization rate of the target wire clamping plate is not directly greater than the third preset threshold, the judgment of whether the sum of the hard wire utilization rate of the target wire clamping plate and the reference value of the target wire clamping plate is smaller than the second preset threshold is needed, of course, whether the hard wire utilization rate of the target wire clamping plate is smaller than the third preset threshold can also be directly judged, and the invention is not limited.
Optionally, after determining whether the hard-line utilization of the target cable card board is smaller than the third preset threshold, the method further includes: and if the utilization rate of the hard wire of the target wire clamping plate is not less than the third preset threshold value, terminating the switching process of the maintenance plate.
It should be noted that, in the embodiment of the present disclosure, the first preset threshold, the second preset threshold, and the third preset threshold may be equal or unequal, and the specific values of the first preset threshold, the second preset threshold, and the third preset threshold are set according to actual needs.
In the attack message prevention method provided by the embodiment, the utilization rate of the hard wire of each wire clamping board in the communication equipment is obtained; judging whether the utilization rate of the hard thread of the maintenance plate reaches a first preset threshold value or not; if the service requirement meets the first preset threshold value, selecting the wire clamping plate meeting the preset requirement from the other wire clamping plates as the maintenance plate, and monitoring the utilization rate of the hard wire of the maintenance plate, when the utilization rate of the hard wire reaches the first preset threshold value, selecting the wire clamping plate meeting the preset requirement from the other existing wire clamping plates as a new maintenance plate, and using the wire clamping plate with enough resources to contain the BFD protocol message as the new maintenance plate to receive the BFD protocol message, so that when an aggregation port receives the new BFD protocol message, the communication equipment switches the maintenance plate receiving the BFD protocol message to the wire clamping plate with the hard wire utilization rate meeting the preset requirement in advance, thereby solving the problems that in the prior art, a large amount of attack messages squeeze the normal BFD protocol message, further protocol oscillation occurs, and even service forwarding packet loss is caused.
It should be noted that the deployment of the aggregated link and the normal link on the communication device is not limited to the case shown in fig. 2, and multiple groups of aggregated links and non-aggregated links may be simultaneously set on one communication device, and different BFD sessions are respectively maintained between the aggregated links. Therefore, on a maintenance board, if the utilization rate of the hard thread reaches a certain value, it can at least indicate that an aggregated link or a normal link is attacked by the BFD protocol. At this time, although the attacked aggregated link can always maintain the BFD session, and the problem of setting the BFD session DOWN does not occur, from the perspective of the cable card board, the BFD session maintaining other aggregated links and/or normal links is still affected, and a maintenance board needs to be switched to maintain the optimal BFD detection.
As shown in fig. 6, fig. 6 is a block diagram illustrating a structure of an attack prevention message device according to an embodiment of the present disclosure. The utility model provides a prevent attacking message device, be applied to communication equipment's main control board, communication equipment includes polylith line cardboard, polylith line cardboard forms the cross board polymerization, and one of them line cardboard is as the maintenance board for receive BFD protocol message, the device includes: an acquisition module 401, a judgment module 402 and a selection module 403;
an obtaining module 401, configured to obtain a hard-line utilization rate of each line card board in the communication device;
a judging module 402, configured to judge whether a hard-line utilization rate of the maintenance board reaches a first preset threshold;
a selecting module 403, configured to determine, if the determining module 402 determines that the hard wire utilization rate of the maintenance plate reaches a first preset threshold, a wire clamping plate with the smallest hard wire utilization rate among the other wire clamping plates as a target wire clamping plate; judging whether the target line card board meets a preset condition or not according to the hard wire utilization rate of the target line card board; and if the preset condition is met, taking the target wire clamping plate as a maintenance plate.
Optionally, the selecting module 403 is specifically configured to calculate a sum of a hard-line utilization rate of the target line card board and a reference value; judging whether the sum of the hard wire utilization rate of the target wire clamping plate and a reference value is smaller than a second preset threshold value or not; and if the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is smaller than a second preset threshold value, taking the target wire clamping plate as a maintenance plate.
Optionally, the selecting module 403 is further configured to terminate the switching process of the maintenance board if the sum of the hard-line utilization ratio of the target line card board and the reference value is not less than a second preset threshold.
Optionally, the selecting module 403 is specifically configured to determine whether a hard-line utilization rate of the target line card board is less than the third preset threshold; and if the hard wire utilization rate of the target wire clamping plate is smaller than the third preset threshold value, calculating the sum of the hard wire utilization rate corresponding to the target wire clamping plate and a reference value.
Optionally, the selecting module 403 is further configured to terminate the switching process of the maintenance board if the hard-line utilization rate of the target line card board is not less than the third preset threshold.
The device for preventing the attack message provided by the embodiment comprises: the device comprises an acquisition module, a judgment module and a selection module; the hard wire utilization rate of each wire clamping plate in the communication equipment is obtained; judging whether the utilization rate of the hard thread of the maintenance plate reaches a first preset threshold value or not; if the service transmission rate reaches the first preset threshold value, selecting the wire clamping board meeting the preset requirement from the other wire clamping boards as the maintenance board, and monitoring the utilization rate of the hard wire of the maintenance board, when the utilization rate of the hard wire reaches the first preset threshold value, selecting the wire clamping board meeting the preset requirement from the other existing wire clamping boards as a new maintenance board, and using the wire clamping board which can sufficiently contain the BFD protocol message in the internal space as the new maintenance board to receive the BFD protocol message, so that when the new BFD protocol message is received by an aggregation port, the communication equipment switches the maintenance board receiving the BFD protocol message to the wire clamping board which can meet the preset requirement of the utilization rate of the hard wire in advance, thereby solving the problems that in the prior art, a large amount of attack messages design and adjust the normal BFD protocol message, protocol oscillation is generated, and even service forwarding packet loss is caused.
Referring to fig. 7, fig. 7 is a schematic diagram illustrating a main board structure of a communication device according to an embodiment of the present disclosure. The embodiment of the disclosure also provides a communication device, which comprises a main control board and a plurality of line card boards, wherein each line card board is provided with a polymerization port and a non-polymerization port; the main control board includes a storage medium 501 and a processor 502, where a computer program is stored, and when the computer program is read and executed by the processor 502, the method for preventing the attack message provided by the embodiment of the present disclosure is implemented.
The embodiment of the invention also provides a storage medium, wherein the storage medium stores a computer program, and when the computer program is read and operated by a processor, the method for preventing the message from being attacked provided by the embodiment of the invention is provided.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above is merely a preferred embodiment of the present disclosure and is not intended to limit the present disclosure, which may be variously modified and varied by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.

Claims (10)

1. An anti-attack message method is applied to a main control board of communication equipment, and is characterized in that the communication equipment comprises a plurality of line card boards, the line card boards form cross board aggregation, one line card board serves as a maintenance board and is used for receiving Bidirectional Forwarding Detection (BFD) protocol messages, and the method comprises the following steps:
acquiring the utilization rate of the hard wire of each wire clamping plate in the communication equipment;
judging whether the utilization rate of the hard thread of the maintenance plate reaches a first preset threshold value or not;
if the first preset threshold is reached, determining the wire clamping board with the minimum hard wire utilization rate in the rest wire clamping boards as a target wire clamping board;
judging whether the target line card board meets a preset condition or not according to the hard wire utilization rate of the target line card board;
and if the preset condition is met, taking the target wire clamping plate as a maintenance plate.
2. The method according to claim 1, wherein the determining whether the target cable-line card board meets a preset condition according to the hard-wire utilization rate of the target cable-line card board comprises:
calculating the sum of the hard wire utilization rate of the target wire clamping plate and a reference value;
judging whether the sum of the hard wire utilization rate of the target wire clamping plate and a reference value is smaller than a second preset threshold value or not;
if the preset condition is met, the target cable clamping plate is used as a maintenance plate, and the method comprises the following steps:
and if the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is smaller than a second preset threshold value, taking the target wire clamping plate as a maintenance plate.
3. The method according to claim 2, wherein if the preset condition is satisfied, using the target cable-clamping board as a maintenance board further comprises:
and if the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is not less than a second preset threshold value, terminating the switching process of the maintenance plate.
4. The method according to claim 2, wherein the calculating the sum of the hard wire utilization of the target wire-line card board and a reference value comprises:
judging whether the hard wire utilization rate of the target wire clamping plate is smaller than a third preset threshold value or not;
and if the hard wire utilization rate of the target wire clamping plate is smaller than the third preset threshold value, calculating the sum of the hard wire utilization rate corresponding to the target wire clamping plate and a reference value.
5. The method according to claim 4, further comprising, after determining whether the hard-wire utilization of the target cable card board is less than the third preset threshold:
and if the utilization rate of the hard wire of the target wire clamping plate is not less than the third preset threshold value, terminating the switching process of the maintenance plate.
6. The utility model provides an attack prevention message device, is applied to communication equipment's main control board, its characterized in that, communication equipment includes polylith line cardboard, polylith line cardboard forms the polymerization of striding the board, and one of them line cardboard is as the maintenance board for receive two-way detection mechanism BFD agreement message that forwardds, the device includes: the device comprises an acquisition module, a judgment module and a selection module;
the acquisition module is used for acquiring the utilization rate of the hard wire of each wire clamping plate in the communication equipment;
the judging module is used for judging whether the utilization rate of the hard wire of the maintenance plate reaches a first preset threshold value;
the selecting module is used for determining the wire clamping plate with the minimum hard wire utilization rate in the other wire clamping plates as a target wire clamping plate if the judging module judges that the hard wire utilization rate of the maintenance plate reaches a first preset threshold value; judging whether the target line card board meets a preset condition or not according to the hard wire utilization rate of the target line card board; and if the preset condition is met, taking the target wire clamping plate as a maintenance plate.
7. The apparatus according to claim 6, wherein the selecting module is specifically configured to calculate a sum of a hard-wire utilization ratio of the target cable-clamping board and a reference value; judging whether the sum of the hard wire utilization rate of the target wire clamping plate and a reference value is smaller than a second preset threshold value or not; and if the sum of the hard wire utilization rate of the target wire clamping plate and the reference value is smaller than a second preset threshold value, taking the target wire clamping plate as a maintenance plate.
8. The apparatus according to claim 7, wherein the selecting module is further configured to terminate the switching process of the maintenance board if the sum of the hard-wire utilization ratio of the target wire clamping board and the reference value is not less than a second preset threshold.
9. The apparatus according to claim 7, wherein the selecting module is specifically configured to determine whether a hard-line utilization rate of the target line card is less than a third preset threshold; and if the hard wire utilization rate of the target wire clamping plate is smaller than the third preset threshold value, calculating the sum of the hard wire utilization rate corresponding to the target wire clamping plate and a reference value.
10. The apparatus according to claim 9, wherein the selecting module is further configured to terminate the switching process of the maintenance board if the hard-line utilization of the target line card board is not less than the third preset threshold.
CN201910227728.0A 2019-03-25 2019-03-25 Anti-attack message method and device Active CN109981407B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910227728.0A CN109981407B (en) 2019-03-25 2019-03-25 Anti-attack message method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910227728.0A CN109981407B (en) 2019-03-25 2019-03-25 Anti-attack message method and device

Publications (2)

Publication Number Publication Date
CN109981407A CN109981407A (en) 2019-07-05
CN109981407B true CN109981407B (en) 2021-02-09

Family

ID=67080413

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910227728.0A Active CN109981407B (en) 2019-03-25 2019-03-25 Anti-attack message method and device

Country Status (1)

Country Link
CN (1) CN109981407B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112311765B (en) * 2020-09-29 2022-05-27 新华三信息安全技术有限公司 Message detection method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7499395B2 (en) * 2005-03-18 2009-03-03 Cisco Technology, Inc. BFD rate-limiting and automatic session activation
CN101800673A (en) * 2010-02-03 2010-08-11 中兴通讯股份有限公司 Method and device of bidirectional forwarding detection (BFD) oscillation damping
CN105429814A (en) * 2014-09-17 2016-03-23 中兴通讯股份有限公司 Method and device for BFD protection by utilizing multiple board cards
CN106330586A (en) * 2015-06-29 2017-01-11 中兴通讯股份有限公司 Method and device for improving service detection reliability in switch network link
CN107493209A (en) * 2017-09-12 2017-12-19 安徽皖通邮电股份有限公司 The processing unit and method of a kind of bidirectional forward detection report

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7499395B2 (en) * 2005-03-18 2009-03-03 Cisco Technology, Inc. BFD rate-limiting and automatic session activation
CN101800673A (en) * 2010-02-03 2010-08-11 中兴通讯股份有限公司 Method and device of bidirectional forwarding detection (BFD) oscillation damping
CN105429814A (en) * 2014-09-17 2016-03-23 中兴通讯股份有限公司 Method and device for BFD protection by utilizing multiple board cards
CN106330586A (en) * 2015-06-29 2017-01-11 中兴通讯股份有限公司 Method and device for improving service detection reliability in switch network link
CN107493209A (en) * 2017-09-12 2017-12-19 安徽皖通邮电股份有限公司 The processing unit and method of a kind of bidirectional forward detection report

Also Published As

Publication number Publication date
CN109981407A (en) 2019-07-05

Similar Documents

Publication Publication Date Title
US7742400B2 (en) Method and system for detecting link failure between nodes in a hybrid network
US8027246B2 (en) Network system and node apparatus
CN102624584B (en) Chain circuit detecting method and device
EP2319209B1 (en) Methods for establishing a traffic connection and an associated monitoring connection
CN107070689B (en) Method and apparatus for reducing false alarms when using network keep-alive messages
US9571383B2 (en) Rerouting technique
CN101132320B (en) Method for detecting interface trouble and network node equipment
CN102577332B (en) For system, the method and computer program of multidirectional Path selection
CN101159669A (en) Service flow switching method and apparatus
CN100484088C (en) Technique for notifying EIGRP neighbors when destroying adjacencies in a computer network
CA2311197A1 (en) Enhanced dual counter rotating ring network control system
US8681637B2 (en) Methods for establishing a traffic connection and an associated monitoring connection
WO2022057514A1 (en) Link fault detection method and apparatus and computer-readable storage medium
CN104283711A (en) Fault detection method based on BFD, nodes and system
WO2016106482A1 (en) Error code information transfer method, network device and communication system
WO2011131069A1 (en) Binding links detection method and distributed device
CN109981407B (en) Anti-attack message method and device
CN106487696B (en) Link failure detection method and device
US8351324B2 (en) Analyzing service impacts on virtual private networks
US11290319B2 (en) Dynamic distribution of bidirectional forwarding detection echo sessions across a multi-processor system
CN101030967B (en) Method for inspecting and maintaining network controlling channel accessibility
CN113037622B (en) System and method for preventing BFD from vibrating
EP2030379B1 (en) Efficient restoration of connections in communication networks having an ip-based control plane
CN116133004A (en) Link detection method, device, network equipment and network element node
CN114363342A (en) Fault convergence method and related device and load balancing cluster thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230710

Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466

Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right