CN112367313A - Message anti-attack method and device - Google Patents
Message anti-attack method and device Download PDFInfo
- Publication number
- CN112367313A CN112367313A CN202011197174.3A CN202011197174A CN112367313A CN 112367313 A CN112367313 A CN 112367313A CN 202011197174 A CN202011197174 A CN 202011197174A CN 112367313 A CN112367313 A CN 112367313A
- Authority
- CN
- China
- Prior art keywords
- punishment
- interface
- count value
- counter
- hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a message anti-attack method and equipment, and the method comprises the following steps: setting an inter-chip communication mode for each protocol type; setting a hardware global counter and a software global counter for each protocol type; searching an output port of the received message based on the hardware forwarding table item, and sending the received message of which the output port is an inter-chip port to a CPU (central processing unit) of the processor according to an inter-chip communication mode corresponding to the protocol type of the received message; counting the number of communication messages between the chips of each protocol type sent to the CPU in each counting period through each hardware global counter; and when any hardware global counter reaches the maximum count value in a counting period, stopping the corresponding inter-chip communication mode in the counting period.
Description
Technical Field
The present application relates to communications technologies, and in particular, to a method and a device for preventing a packet from being attacked.
Background
The forwarding process of the Ethernet switch consists of two parts, namely CPU system software forwarding and hardware forwarding of a switching chip. Inside the switch, the CPU system is mainly responsible for the control plane, managing the entire device, the generation and maintenance of software entries, the configuration and synchronization of hardware forwarding entries, and the management of the running and forwarding states of various communication protocols. The switching chip mainly learns hardware table items according to received data messages, refreshes the hardware table items according to the synchronous forwarding table items and rules of the CPU, searches an output interface corresponding to a destination address for the received data messages/service messages according to the learned and synchronous hardware table items, executes hardware forwarding, and meanwhile modifies the messages according to the synchronous rules of the CPU in the hardware forwarding process, so that the hardware forwarding quality is ensured. The exchange chip provides a message channel for the CPU system to realize protocol message communication and routing data interaction.
Therefore, in the switch, the switch chip needs to send a large amount of data messages and protocol messages to the CPU for processing through a corresponding inter-chip communication mode. However, the hardware forwarding speed of the message of the switch chip is far faster than the processing speed of the message processed by the CPU software, and in order to prevent the software system running on the CPU from being crashed due to too many messages sent to the CPU by the switch chip, the speed of sending various messages to the CPU by the switch chip needs to be limited.
In the existing anti-attack mode, a Soft Car module of a CPU (Central processing Unit) firstly sets a plurality of global speed limiting ACL (access control list) entries on a switching chip, and a switch sends a message to the CPU according to forwarding speeds set by different ACL entries. When the soft Car of the CPU detects that the attack message received by a certain port exceeds the threshold value, a port ACL table entry is set on a receiving network interface of the attack message of the switching chip, and the receiving speed of the attack message on the port is further limited.
However, the hardware storage space of the switch chip is limited, which results in a limited number of ACL entries of the switch chip, and with the increase of protocol types supported by the switch and the improvement of hardware port capability, a large number of global speed-limiting ACL entries and more port ACL entries need to be set on the switch chip, which occupies hardware ACL entry resources required by the switch chip to implement other forwarding functions.
Disclosure of Invention
The application aims to provide a message anti-attack method and device, which do not need to use a hardware forwarding control table entry to limit the speed of sending a message to a processor.
In order to achieve the above object, the present application provides a method for preventing a message from being attacked, including: setting an inter-chip communication mode for each protocol type; setting a hardware global counter and a software global counter for each protocol type; the maximum count value of the hardware global counter of each protocol type is the maximum value of the inter-chip communication messages in a counting period; the maximum count value of the software global counter of each protocol type is an anti-attack punishment threshold in a counting period; the maximum count value of the hardware global counter of each protocol type is greater than the maximum count value of the software global counter; searching an output port of the received message based on the hardware forwarding table item, and sending the received message of which the output port is an inter-chip port to a CPU (central processing unit) of the processor according to an inter-chip communication mode corresponding to the protocol type of the received message; counting the number of communication messages between the chips of each protocol type sent to the CPU in each counting period through each hardware global counter; and when any hardware global counter reaches the maximum count value in a counting period, stopping the corresponding inter-chip communication mode in the counting period.
In order to achieve the above object, the present application further provides a device for preventing attack on a packet, which includes a network interface, a switch chip connected to the network interface, a processor CPU, and a memory; the memory is used for storing CPU executable instructions; the inter-chip port of the exchange chip communicates with the CPU through an inter-chip channel; the CPU is used for executing the software speed limiting module by operating the processor executable instruction in the memory;
the software speed limit module is used for setting an inter-chip communication mode for each protocol type; setting a hardware global counter and a software global counter for each protocol type; the maximum count value of the hardware global counter of each protocol type is the maximum value of the inter-chip communication messages in a counting period; the maximum count value of the software global counter of each protocol type is an anti-attack punishment threshold in a counting period; the maximum count value of the hardware global counter of each protocol type is greater than the maximum count value of the software global counter; the switching chip is used for searching an output port of the received message based on the hardware forwarding table item and sending the received message of which the output port is the inter-chip port to the CPU according to the inter-chip communication mode corresponding to the protocol type of the received message; counting the number of the inter-chip communication messages of each protocol type sent to the CPU in each counting period through each hardware global counter; and when any hardware global counter reaches the maximum count value in a counting period, stopping the corresponding inter-chip communication mode in the counting period.
The method and the device have the advantages that counting is carried out according to the number of the messages sent to the CPU in the inter-chip communication mode, when the count value of the hardware counter reaches the maximum count value, the messages are stopped to be sent to the CPU through the corresponding inter-chip communication mode, the message sending speed of each inter-chip communication mode in each counting period is limited, the message sending speed to the processor is not limited by using the global speed limit ACL table, and resources of the hardware ACL table are saved.
Drawings
Fig. 1 is a schematic diagram of an embodiment of a message attack prevention method provided in the present application;
FIG. 2 is a schematic diagram of an embodiment of a global speed limit anti-attack system provided by the present application;
FIG. 3 is a schematic diagram of a dual speed-limiting anti-attack embodiment provided by the present application;
fig. 4 is a schematic diagram of an embodiment of a single penalty attack prevention provided by the present application.
Detailed Description
A detailed description will be given of a number of examples shown in a number of figures. In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the present application. Well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the examples.
The term "including" as that term is used is meant to include, but is not limited to; the term "comprising" means including but not limited to; the terms "above," "within," and "below" include the instant numbers; the terms "greater than" and "less than" mean that the number is not included. The term "based on" means based on at least a portion thereof.
Fig. 1 is a flowchart of an embodiment of a method for preventing a packet from being attacked, where the method includes:
102, setting a hardware global counter and a software global counter for each protocol type;
the maximum count value of the hardware global counter of each protocol type is the maximum value of the inter-chip communication messages in a counting period; the maximum count value of the software global counter of each protocol type is an anti-attack punishment threshold in a counting period; the maximum count value of the hardware global counter for each protocol type is greater than the maximum count value of the software global counter.
103, searching an output port of the received message based on the hardware forwarding table entry, and sending the received message with the output port being an inter-chip port to a CPU (central processing unit) of the processor according to an inter-chip communication mode corresponding to the protocol type of the received message;
104, counting the number of the inter-chip communication messages of each protocol type sent to the CPU in each counting period through each hardware global counter;
and 105, stopping the corresponding inter-chip communication mode in a counting period when any hardware global counter reaches the maximum counting value in the counting period.
The method shown in fig. 1 has the advantages that the number of messages of each protocol type sent to the CPU in one counting period is limited according to the hardware global counter, so that the speed of sending each protocol type to the CPU by the switch chip in each counting period is limited, ACL table resource serving as a hardware forwarding table entry is not required to limit the speed of sending the messages to the CPU, and the resource of the hardware ACL table entry is saved.
Fig. 2 is a schematic diagram of an embodiment of a global speed limit anti-attack provided in the present application, where the embodiment is applicable to a switch device including a network interface, a switch chip, a processor CPU, and a memory. As shown in fig. 2, a Port Group (Port Group) of a switching chip of a device provides a plurality of network interfaces for receiving and sending protocol packets and data packets; the memory is used for storing CPU executable instructions; the interchip ports of the switch chips communicate with the CPU through interchip channels. The CPU executes the software speed limit module by executing processor-executable instructions in the memory.
The software speed limit module is used for setting communication modes among chips for various protocol types; a hardware global counter is set on the switch chip for each protocol type.
Because the inter-chip communication modes between the switch chip and the CPU are different according to the types of the protocols, a large number of different inter-chip communication modes exist, and the examples cannot be exhaustive, and the inter-chip communication modes supported by different switch chips are limited and are not improved.
In this embodiment, a DHCP protocol and an ARP protocol are taken as examples for explanation. The software speed limiting module sets an inter-chip communication mode 1 for an ARP protocol, a global counter 1 for the ARP protocol is set on a switching chip, and a software global counter 11 for the ARP protocol is set in the software speed limiting module. The maximum count value of a global counter 1 of the ARP protocol is the maximum value of the inter-chip communication messages of the ARP protocol in a counting period; the maximum count value of the global counter 11 of the ARP protocol is an anti-attack punishment threshold of the ARP protocol in a counting period; the maximum count value of global counter 1 of the ARP protocol is greater than the maximum count value of software global counter 11 of the ARP protocol.
The software speed limiting module sets a chip-to-chip communication mode 2 for a DHCP protocol, a global counter 2 is set on a switching chip, and a software global counter 12 is set for the DHCP protocol in the software speed limiting module. The maximum count value of a global counter 2 of the DHCP protocol is the maximum value of the inter-chip communication messages in a counting period; the maximum count value of the global counter 12 of the DHCP protocol is an anti-attack punishment threshold of the DHCP protocol in a counting period; the maximum count value of the global counter 2 of the DHCP protocol is greater than the maximum count value of the software global counter 12 of the DHCP protocol.
The switching chip receives the message through the network interface of the port group, and searches the output port of the received message according to the hardware forwarding table entry of the hardware forwarding table. The switching chip can search the address of the received message or the output port corresponding to the data flow or the message characteristic information according to the ACL table entry of the ACL forwarding table. Or, the switching chip searches the output port corresponding to the destination address of the received message according to the addressing forwarding table entry of the addressing forwarding table.
And when the switching chip finds out that the output port of the ARP protocol message or the DHCP protocol message is the port between the chips according to the hardware forwarding table item, the switching chip sends the ARP protocol message or the DHCP protocol message to the CPU according to the communication mode between the chips.
The global counters 1 and 2 of the exchange chip are hardware counters, and count the number of messages communicated between chips in each counting period by the ARP protocol and the DHCP protocol respectively.
In fig. 2, when the count value of the global counter 1 reaches the maximum count value in one counting period, the switching chip stops the corresponding inter-chip communication mode in the counting period, so that the ARP protocol packet is not sent to the CPU any more. For example, the maximum count value of the global counter 1 is 2000 per second, and when the maximum count value of the global counter 1 is reached, the ARP protocol messages received by different network interfaces cannot be sent to the CPU for software forwarding or software processing.
The exchange chip limits the number of ARP protocol messages sent to the CPU in the counting period through the global counter 1, and limits the speed of sending the ARP protocol messages to the CPU in the counting period.
In fig. 2, the switching chip can limit the speed of sending the message to the processor without using the hardware ACL entry, so that resources of the hardware ACL entry are saved, the limited ACL entry resources can be used to set forwarding entries of the ACL forwarding table, the limited hardware entry resources are released for forwarding and processing messages with different functions, and the flexibility of service processing of the device can be improved.
Fig. 3 is a schematic diagram of a dual speed-limiting anti-attack embodiment provided in the present application, in which a global counter 11 counts ARP protocol messages received by a CPU in each counting period. When the global counter 11 reaches the maximum count value, the software speed limit module obtains the receiving network interface of each ARP protocol message sent to the CPU according to the receiving interface identification carried in the ARP protocol message received by the CPU.
In this embodiment, when a large number of free ARP messages are received by the network interface 1 (not shown in the figure), the software speed-limiting module recognizes that the number of the received messages of the network interface 1 exceeds the port attack threshold, and sets an interface counter a of the ARP protocol of the network interface 1 on the switch chip.
The switching chip continues to receive the attack message disguised as a free ARP message from the network interface 1, and finds out that the output port is an inter-chip port according to the hardware forwarding table entry. The interface counter A of the exchange chip counts the number of ARP protocol messages received by the network interface 1 in each counting period.
Because a large number of free ARP messages reach the network interface 1, the interface counter A counts the maximum count value reached by the network interface 1 in a counting period, the exchange chip discards the ARP protocol messages reaching the network interface 1 in the counting period, and the network interface 1 is subjected to double punishment.
Therefore, when the network interface 1 is attacked by the network, the number of attack messages sent to the CPU in the counting period is limited, the number of attack messages reaching the network interface 1 is also limited, the attack messages are not forwarded and processed, the co-workers of preventing the messages from being attacked are realized, the number and the speed of the messages sent to the CPU are reduced, and the processing load of the CPU is reduced.
Fig. 4 is a schematic diagram of an embodiment of a single penalty attack prevention provided by the present application. The global counter 12 of the switch chip counts the messages received by the CPU in each counting period. Although the hardware global counter 2 on the switching chip does not reach the maximum count value, the software global counter 12 of the software speed limit module reaches the maximum count value, and the anti-attack processing is triggered. And the software speed limiting module acquires a receiving network interface of each DHCP protocol message sent to the CPU according to a receiving interface identifier carried in the DHCP protocol message received by the CPU. In this embodiment, when the network interface 2 (not shown) receives an attack message disguised as a DHCP request message, the software speed limit module recognizes that the number of DHCP protocol messages received by the network interface 2 exceeds the port attack threshold, sets an interface counter B on the switch chip, and counts the number of DHCP protocol messages received by the network interface 2.
And an interface counter B of the exchange chip counts the number of the DCHP protocol messages received by the network interface 2 in each counting period. When the interface counter B reaches the maximum count value in a counting period, the exchange chip discards the DHCP protocol message reaching the network interface 2 in the counting period, and performs single punishment on the network interface 2.
Therefore, even if the total amount of DCHP protocol messages sent to the CPU in the equipment does not exceed the preset allowable message amount, the port receiving the attack message is quickly found through the software speed limiting module, and the port is punished independently.
In the embodiment shown in fig. 3 and 4, the software speed limit module reads the count values of the interface counter a and the interface counter B in each counting period. The software speed limiting module determines that the count value of the interface counter A in continuous M cycles does not reach the maximum count value and reaches a preset recovery cycle number M, and the software speed limiting module deletes the interface counter A and does not limit the number of the network interface 1 for receiving the ARP protocol messages.
Similarly, the software speed limit module determines that the count value of the interface counter B in continuous M weeks does not reach the maximum count value and reaches the preset recovery period number M, and the software speed limit module deletes the interface counter B and does not limit the number of the network interface 2 for receiving the DHCP protocol messages.
The present invention is not intended to be limited to the particular embodiments shown and described, but is to be accorded the widest scope consistent with the principles and novel features herein disclosed.
Claims (10)
1. A message anti-attack method is characterized in that the method comprises the following steps,
setting an inter-chip communication mode for each protocol type;
setting a hardware global counter and a software global counter for each protocol type; the maximum count value of each protocol type hardware global counter is the maximum value of the inter-chip communication messages in a counting period; the maximum count value of the software global counter of each protocol type is an anti-attack punishment threshold in a counting period; the maximum count value of the hardware global counter of each protocol type is greater than the maximum count value of the software global counter;
searching an output port of a received message based on a hardware forwarding table item, and sending the received message of which the output port is the inter-chip port to a CPU (central processing unit) of the processor according to an inter-chip communication mode corresponding to the protocol type of the received message;
counting the number of the inter-chip communication messages of each protocol type sent to the CPU in each counting period through each hardware global counter; and when any hardware global counter reaches the maximum count value in a counting period, stopping the corresponding inter-chip communication mode in the counting period.
2. The method of claim 1, further comprising:
when the software global counter of the protocol type corresponding to the global counter reaching the maximum count value reaches the maximum count value in any counting period, acquiring a receiving network interface of each message sent to the CPU through an inter-chip communication mode corresponding to the global counter reaching the maximum count value, and identifying a dual punishment interface exceeding the attack prevention threshold value;
setting a dual punishment interface hardware counter for the dual punishment interface;
counting the number of messages of the protocol type received by the dual punishment interface in each counting period according to the dual punishment interface hardware counter; and when the maximum count value of the hardware counter of the dual punishment interface reaches in any counting period, discarding the message of the corresponding protocol type which passes through the dual punishment interface.
3. The method of claim 2, further comprising:
reading the count value of the dual punishment interface hardware counter in each counting period, determining that the number of the counting periods of the dual punishment interface hardware counter which does not reach the maximum count value reaches the preset number of recovery periods, and deleting the dual punishment interface hardware counter.
4. The method of claim 1, further comprising:
when the other software global counters reach the maximum count value in any counting period; acquiring receiving network interfaces of messages sent to the CPU through communication modes between chips corresponding to other global counters, and identifying an individual punishment interface exceeding the port attack threshold value;
setting an individual punishment interface hardware counter for the individual punishment interface;
the hardware counter of the single punishment interface counts the number of the messages of the corresponding protocol type received by the single punishment interface in each counting period; and when the maximum count value of the hardware counter of the single punishment interface reaches in any counting period, discarding the message of the corresponding protocol type reaching the single punishment interface.
5. The method of claim 4, further comprising:
reading the count value of the single punishment interface hardware counter in each counting period, determining that the number of the counting periods of the single punishment interface hardware counter which does not reach the maximum count value reaches the number of the recovery periods, and deleting the single punishment interface hardware counter.
6. The message anti-attack equipment is characterized by comprising a network interface, a switching chip connected with the network interface, a processor CPU and a memory; the memory is used for storing CPU executable instructions; the inter-chip port of the exchange chip is communicated with the CPU through an inter-chip channel; the CPU is used for executing a software speed limiting module by operating the processor executable instruction in the memory;
the software speed limiting module is used for setting an inter-chip communication mode for each protocol type; setting a hardware global counter and a software global counter for each protocol type; the maximum count value of each protocol type hardware global counter is the maximum value of the inter-chip communication messages in a counting period; the maximum count value of the software global counter of each protocol type is an anti-attack punishment threshold in a counting period; the maximum count value of the hardware global counter of each protocol type is greater than the maximum count value of the software global counter;
the switching chip is used for searching an output port of a received message based on a hardware forwarding table item and sending the received message of which the output port is the inter-chip port to a CPU (central processing unit) of the processor according to an inter-chip communication mode corresponding to the protocol type of the received message; counting the number of the inter-chip communication messages of each protocol type sent to the CPU in each counting period through each hardware global counter; and when any hardware global counter reaches the maximum count value in a counting period, stopping the corresponding inter-chip communication mode in the counting period.
7. The apparatus of claim 6,
the software speed limiting module is also used for acquiring a receiving network interface of each message sent to the CPU through an inter-chip communication mode corresponding to the global counter reaching the maximum count value when the software global counter of the protocol type of the hardware global counter reaching the maximum count value reaches the maximum count value in any counting period, identifying a double punishment interface exceeding the anti-attack threshold value, and setting a double punishment interface hardware counter for the double punishment interface;
the exchange chip counts the number of messages of the corresponding protocol type received by the dual punishment interface in each counting period according to the dual punishment interface hardware counter; and when the maximum count value of the hardware counter of the dual punishment interface reaches in any counting period, discarding the message of the corresponding protocol type which passes through the dual punishment interface.
8. The apparatus of claim 7,
the software speed limiting module is further configured to read a count value of the dual punishment interface hardware counter in each count period, determine that the number of the statistical periods in which the dual punishment interface hardware counter does not reach the maximum count value reaches a predetermined recovery period number, and delete the dual punishment interface hardware counter.
9. The apparatus of claim 6, wherein the method further comprises:
the software speed limit module is also used for acquiring a corresponding receiving network interface of each message sent to the CPU by each inter-chip communication mode according to other software global counters reaching the maximum count value in any counting period, and identifying an individual punishment interface exceeding the port attack threshold value; setting an individual punishment interface hardware counter for the individual punishment interface;
the switching chip is used for counting the number of the messages of the corresponding protocol type received by the single punishment interface in each counting period according to the set single punishment interface hardware counter; and when the maximum count value of the hardware counter of the single punishment interface reaches in any counting period, discarding the message of the corresponding protocol type reaching the single punishment interface.
10. The apparatus of claim 9,
and the software speed limiting module is used for reading the count value of the single punishment interface hardware counter in each counting period, determining that the number of the statistical periods of the single punishment interface hardware counter which does not reach the maximum count value reaches the recovery period number, and deleting the single punishment interface hardware counter.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011197174.3A CN112367313B (en) | 2020-10-30 | 2020-10-30 | Message anti-attack method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011197174.3A CN112367313B (en) | 2020-10-30 | 2020-10-30 | Message anti-attack method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112367313A true CN112367313A (en) | 2021-02-12 |
| CN112367313B CN112367313B (en) | 2022-07-12 |
Family
ID=74512399
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011197174.3A Active CN112367313B (en) | 2020-10-30 | 2020-10-30 | Message anti-attack method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112367313B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112994943A (en) * | 2021-02-28 | 2021-06-18 | 新华三信息安全技术有限公司 | Message statistical method and device |
| CN113472643A (en) * | 2021-06-15 | 2021-10-01 | 新华三信息安全技术有限公司 | Fault processing method and device |
| CN113934671A (en) * | 2021-11-01 | 2022-01-14 | 新华三技术有限公司合肥分公司 | Interface control chip and network equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080282005A1 (en) * | 2007-05-02 | 2008-11-13 | Edward Chencinski | Method and processing unit for inter-chip communication |
| CN101340276A (en) * | 2008-08-11 | 2009-01-07 | 杭州华三通信技术有限公司 | Method, apparatus and exchange routing apparatus preventing IPv6 data packet attack |
| CN102447711A (en) * | 2012-01-18 | 2012-05-09 | 中兴通讯股份有限公司 | Method and device for sending protocol messages |
| CN105391519A (en) * | 2015-10-20 | 2016-03-09 | 江苏鑫软图无线技术有限公司 | Channel quality indication (CQI) adjustment method based on punishment threshold |
| WO2016101870A1 (en) * | 2014-12-26 | 2016-06-30 | 中兴通讯股份有限公司 | Network attack analysis method and device |
| CN109510780A (en) * | 2018-12-12 | 2019-03-22 | 锐捷网络股份有限公司 | Flow control method, exchange chip and the network equipment |
| CN110071853A (en) * | 2019-04-30 | 2019-07-30 | 新华三技术有限公司 | A kind of message statistical method and the network equipment |
-
2020
- 2020-10-30 CN CN202011197174.3A patent/CN112367313B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080282005A1 (en) * | 2007-05-02 | 2008-11-13 | Edward Chencinski | Method and processing unit for inter-chip communication |
| CN101340276A (en) * | 2008-08-11 | 2009-01-07 | 杭州华三通信技术有限公司 | Method, apparatus and exchange routing apparatus preventing IPv6 data packet attack |
| CN102447711A (en) * | 2012-01-18 | 2012-05-09 | 中兴通讯股份有限公司 | Method and device for sending protocol messages |
| WO2016101870A1 (en) * | 2014-12-26 | 2016-06-30 | 中兴通讯股份有限公司 | Network attack analysis method and device |
| CN105391519A (en) * | 2015-10-20 | 2016-03-09 | 江苏鑫软图无线技术有限公司 | Channel quality indication (CQI) adjustment method based on punishment threshold |
| CN109510780A (en) * | 2018-12-12 | 2019-03-22 | 锐捷网络股份有限公司 | Flow control method, exchange chip and the network equipment |
| CN110071853A (en) * | 2019-04-30 | 2019-07-30 | 新华三技术有限公司 | A kind of message statistical method and the network equipment |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112994943A (en) * | 2021-02-28 | 2021-06-18 | 新华三信息安全技术有限公司 | Message statistical method and device |
| CN112994943B (en) * | 2021-02-28 | 2022-05-27 | 新华三信息安全技术有限公司 | Message statistical method and device |
| CN113472643A (en) * | 2021-06-15 | 2021-10-01 | 新华三信息安全技术有限公司 | Fault processing method and device |
| CN113472643B (en) * | 2021-06-15 | 2023-08-18 | 新华三信息安全技术有限公司 | Fault processing method and device |
| CN113934671A (en) * | 2021-11-01 | 2022-01-14 | 新华三技术有限公司合肥分公司 | Interface control chip and network equipment |
| CN113934671B (en) * | 2021-11-01 | 2024-02-23 | 新华三技术有限公司合肥分公司 | Interface control chip and network equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112367313B (en) | 2022-07-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112367313B (en) | Message anti-attack method and device | |
| US9262191B2 (en) | Method, apparatus, and system for processing service flow | |
| US7050431B2 (en) | Linked network switch configuration | |
| US7035255B2 (en) | Linked network switch configuration | |
| US7768914B2 (en) | Switch and a switching method | |
| US7792104B2 (en) | Linked network switch configuration | |
| CN111294291A (en) | Protocol message processing method and device | |
| US9755947B2 (en) | Hierarchical self-organizing classification processing in a network switch | |
| US7035286B2 (en) | Linked network switch configuration | |
| EP0962077B1 (en) | Integrated multiport switch having management information base (mib) interface temporary storage | |
| US6762995B1 (en) | Network switch including hysteresis in signalling fullness of transmit queues | |
| JP2004015561A (en) | Packet processing device | |
| US20020027917A1 (en) | Network routing apparatus | |
| CN106878164B (en) | Message transmission method and device | |
| EP0996256A2 (en) | Ring configuration for network switches | |
| CN101083563A (en) | Method and apparatus for preventing distributed refuse service attack | |
| EP1249988B1 (en) | System and method for slot based arl table learning and searching using insertion blocking | |
| WO2017000861A1 (en) | Method and apparatus for learning mac address in virtual local area network of switch | |
| CN112615789A (en) | Out-of-band flow control method and device | |
| US20110075561A1 (en) | Method and Apparatus for Handling a Switch Using a Preferred Destination List | |
| EP1253765B1 (en) | System and method for slot based ARL table learning and searching using write snoop | |
| JP4293703B2 (en) | Queue control unit | |
| EP3157212B1 (en) | Packet processing method and device, and line card | |
| CN113422741B (en) | Time-triggered Ethernet switch structure | |
| US8873389B1 (en) | Method for flow control in a packet switched network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |