CN112968846A - Detection system for illegal short circuit of switch port - Google Patents

Detection system for illegal short circuit of switch port Download PDF

Info

Publication number
CN112968846A
CN112968846A CN202110140934.5A CN202110140934A CN112968846A CN 112968846 A CN112968846 A CN 112968846A CN 202110140934 A CN202110140934 A CN 202110140934A CN 112968846 A CN112968846 A CN 112968846A
Authority
CN
China
Prior art keywords
port
loop
lldp
illegal
self
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110140934.5A
Other languages
Chinese (zh)
Other versions
CN112968846B (en
Inventor
张朋飞
刘洋
周厚明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Maiwei Communications Co ltd
Original Assignee
Wuhan Maiwei Communications Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Maiwei Communications Co ltd filed Critical Wuhan Maiwei Communications Co ltd
Priority to CN202110140934.5A priority Critical patent/CN112968846B/en
Publication of CN112968846A publication Critical patent/CN112968846A/en
Application granted granted Critical
Publication of CN112968846B publication Critical patent/CN112968846B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/55Prevention, detection or correction of errors
    • H04L49/555Error detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks

Abstract

The invention provides a system for detecting illegal short circuit of a port of a switch, which comprises a link scanning module and an LLDP module; the link scanning module is used for polling and monitoring the connection state of each port of the switch, and sending a link change trap message to the LLDP module when the connection state of the port changes; the LLDP module is used for reading the LLDP neighbor information of the new promotion linkup port according to the received link change trap message; comparing and analyzing the LLDP neighbor information, and performing illegal self-loop check on the new promotion linkup port; the new promotion linkup port is a port of which the connection state is changed from the linkdown state to the linkup state. The invention can solve the problem that the port of the exchanger is artificially illegally short-circuited (also called illegal self-loop) by a simpler method under the condition that the exchanger does not start the loop-back detection.

Description

Detection system for illegal short circuit of switch port
Technical Field
The invention relates to the technical field of communication, in particular to a system for detecting illegal short circuit of a port of a switch.
Background
Industrial switches are currently widely used in the fields of energy, mineral products, traffic, etc., wherein the procurement percentage of industrial switches in the field of energy and mineral products is up to 50%. At present, many coal mine clients reflect the following two problems in mines: one is that a person steals the mine on the mine, and two net ports of the switch are intentionally and artificially short-circuited to cause a full-network storm; the other is that the mine is too large, the switch networking is complex, the phenomenon of network storm caused by careless misconnection to form a ring exists, and the probability is high.
The most common way to solve this problem is to enable spanning tree protocol or loop detection (also loop detection) functionality for the entire network. But if the full net port enables spanning tree, the load of the switch is very large. And some clients do not select the spanning tree function but adopt other ring network protocols due to the requirement of the networking function. And not all switches support the loop detection function. Moreover, different configurations are required for different switch ports to ensure that the lan network is always in an efficient operating state, and if a network loopback detection function is proactively enabled for all the switch ports, a rare fault phenomenon may occur in the lan.
Therefore, under the condition that the switch does not enable loopback detection, other solutions need to be adopted to avoid the problem of illegal short circuit of two network ports.
Disclosure of Invention
The invention provides a detection system for illegal short circuit of a switch port, which overcomes the problems or at least partially solves the problems, and comprises a link scanning module and an LLDP module; the link scanning module is used for polling and monitoring the connection state of each port of the switch, and sending a link change trap message to the LLDP module when the connection state of the port changes; the LLDP module is used for reading the LLDP neighbor information of the new promotion linkup port according to the received link change trap message; comparing and analyzing the LLDP neighbor information, and performing illegal self-loop check on the new promotion linkup port; and the new promotion linkup port is a port of which the connection state is changed from a linkdown state to a linkup state.
On the basis of the technical scheme, the invention can be improved as follows.
Optionally, the link scanning module is configured to poll and monitor a connection state of each port of the switch, and send a link change trap message to the LLDP module when the connection state of the port changes, where the link change trap message includes: when the connection state of the port is converted into a linkdown state from a linkup state or is converted into a linkup state from a linkdown state, sending a link change trap message to the LLDP module; the content of the link change trap message includes a trap type, a name or a number of a port with a changed connection state, and a current connection state of the port with the changed connection state, where the current connection state is a linkup state or a linkdown state.
Optionally, the LLDP module is configured to read LLDP neighbor information of a new promotion linkup port according to the received link change trap message, and includes: extracting the name or number of a port with changed connection state and the current connection state in a link change trap message sent by the link scanning module, and reading the LLDP neighbor information of a new promotion linkup port in the port; or reading the LLDP neighbor information of the new promotion linkup port and the LLDP local information of all the linkup ports.
Optionally, the LLDP neighbor information of the link up port includes a name or a number of the link up port, an MAC address of a neighbor port of the link up port, a name or a number of the neighbor port, and a VLAN ID where the neighbor port is located; the LLDP local information of the linkup port includes the name or number of the linkup port, the MAC address of the linkup port, and the VLAN ID where the linkup port is located.
Optionally, the LLDP module is configured to compare and analyze LLDP neighbor information of the new promoting linkup port, and perform illegal self-loop check on the new promoting linkup port, where the method includes: taking the new promotion linkup port as a port to be checked, and when reading the LLDP neighbor information of the new promotion linkup port, if the MAC address of the LLDP neighbor port of the port to be checked is in the MAC address range of the port of the switch, the port to be checked and the LLDP neighbor port thereof are in a self-ring state; or, when reading the LLDP neighbor information of a new promotion linkup port and the LLDP local information of all linkup ports, if the MAC address of the LLDP neighbor port of the port to be checked is the same as the MAC address of one LLDP local port in the local switch, the port to be checked and the LLDP neighbor port thereof are in a self-loop state;
on the basis that the port to be inspected and the LLDP neighbor port thereof are in the self-loop state, if the VLAN ID of the port to be inspected is the same as the VLAN ID of the LLDP neighbor port thereof, and the port to be inspected and the LLDP neighbor port thereof are not the group loop ports of the same loop in any loop network protocol and are not the ports participating in the spanning tree, the port to be inspected and the LLDP neighbor port thereof are determined to be in the illegal self-loop state currently.
Optionally, the LLDP module is further configured to update the illegal self-ring tags of all the ports in real time, where the update includes: when any port is not an illegal self-loop port before but is an illegal self-loop port currently, considering that any port is a newly promoted illegal self-loop port, and setting an illegal self-loop mark of any port to be 1; when any port is an illegal self-loop port before but is not an illegal self-loop port currently or the current connection state of any port is a linkdown state, the illegal self-loop state of any port is considered to be released, and the illegal self-loop mark of any port is set to be 0.
Optionally, the LLDP module is further configured to: and when the port to be detected is a new promotion illegal self-loop port, setting the port state of the port to be detected to be a forbidden state, and starting an illegal short circuit timer of the port to be detected for timing.
Optionally, the LLDP module is further configured to: if the illegal short-circuit timer of the port to be inspected is overtime, the port to be inspected is enabled temporarily, neighbor information of the port to be inspected is read again actively, and illegal self-loop inspection is performed on the port to be inspected again by analyzing the neighbor information; or, after receiving a link change trap message of the port linkup sent by the link scanning module when detecting that the port to be checked is enabled again, reading the neighbor information of the port to be checked again, and performing illegal self-loop check on the port to be checked again;
if the port to be detected is judged to have the removed illegal self-loop state, the enabling state of the port to be detected is continuously kept, the illegal self-loop mark is cleared, and the corresponding illegal short-circuit timer is deleted; if the port to be detected is still in the illegal self-loop state, the port to be detected is forbidden again, and the corresponding illegal short-circuit timer is reset to zero after the overtime time is cleared, and then timing is restarted.
Optionally, the LLDP module is further configured to: and for the port of which the connection state is converted into the linkdown state from the linkup state, if the port is an illegal self-loop port before, enabling the port, resetting the illegal self-loop mark of the port, and deleting the corresponding illegal short-circuit timer.
Optionally, the system further comprises an alarm module; the alarm module is used for receiving a port illegal self-loop trap message or a port illegal self-loop-releasing trap message sent by the LLDP module; triggering or removing the illegal self-loop alarm output of the corresponding port according to the illegal self-loop trap message of the port or the illegal self-loop trap message of the port; when the port is an illegal self-loop port of new promotion, the LLDP module sends an illegal self-loop trap message of the port to the alarm module; when the port removes the illegal self-loop state, the LLDP module sends a trap message of removing the illegal self-loop of the port to the alarm module; the contents of the port illegal self-loop trap message or the port illegal self-loop trap message release include a trap type, a name or a number of an illegal self-loop state change port, and a current illegal self-loop state of the illegal self-loop state change port, where the current illegal self-loop state is an illegal self-loop or an illegal self-loop release.
The invention provides a system for detecting illegal short circuit of a port of a switch, which comprises a link scanning module and an LLDP module; the link scanning module is used for polling and monitoring the connection state of each port of the switch, and sending a link change trap message to the LLDP module when the connection state of the port changes; the LLDP module is used for reading the LLDP neighbor information of the new promotion linkup port according to the received link change trap message; comparing and analyzing the LLDP neighbor information, and performing illegal self-loop check on the new promotion linkup port; and the new promotion linkup port is a port of which the connection state is changed from a linkdown state to a linkup state. The invention can solve the problem that the port of the exchanger is artificially illegally short-circuited (also called illegal self-loop) by a simpler method under the condition that the exchanger does not start the loop-back detection.
Drawings
Fig. 1 is a schematic structural diagram of a system for detecting an illegal short circuit of a switch port according to the present invention;
fig. 2 is a schematic flow chart illustrating illegal self-loop check of a port by an LLDP module according to the present invention;
fig. 3 is a schematic diagram illustrating an alternative flow of performing illegal self-loop check on a port by an LLDP module according to the present invention;
FIG. 4 is a flowchart illustrating the process of detecting illegal short-circuiting of ports according to the present invention;
fig. 5 is a schematic flow chart of a method for detecting an illegal short circuit of a switch port according to the present invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
Fig. 1 is a system for detecting an illegal short circuit of a switch port according to an embodiment of the present invention, and as shown in fig. 1, the system includes a link scanning module 101 and an LLDP module 102.
The link scanning module 101 is configured to poll and monitor a connection state of each port of the switch, and send a link change trap message to the LLDP module 102 when the connection state of a port changes. The LLDP module 102 is configured to read LLDP neighbor information of a new promotion linkup port according to the received link change trap message; comparing and analyzing LLDP neighbor information, and carrying out illegal self-loop check on a new promotion linkup port; the new promotion linkup port is a port of which the connection state is changed from the linkdown state to the linkup state. For convenience of description, the following link ports refer to ports whose current connection state is a link state, and the link down ports refer to ports whose current connection state is a link down state.
It can be appreciated that in view of the deficiencies in the background art, the present invention provides a system that can check for an illegal short (also referred to as an illegal self-loop) on a port of a switch without enabling loop-back detection.
The system mainly comprises a Link scanning module 101 and an LLDP (Link Layer Discovery Protocol) module 102 on the same switch, wherein the two modules are communicated through a trap message, and the system requires that the LLDP functions of all ports of the switch are in an enabling state.
The link scanning module 101 continuously polls and monitors the network connection state of each port on the switch, wherein the polling time interval of the link scanning module 101 is defaulted to 1s, and can also be set according to the requirement. The network connection status of each port is divided into a link up status (network connection) and a link down status (network down status), and once the change of the connection status of the port is found, a link change trap message is sent to the LLDP module 102. The LLDP module 102 reads LLDP neighbor information of a port (also referred to as a new link up port) whose connection state is changed from linkdown to link up according to a link change trap message sent by the link scanning module 101, and performs illegal self-loop (also referred to as illegal short circuit) check on the new link up port by analyzing the content of the LLDP neighbor information of the new link up port.
The system for carrying out illegal self-loop check on the port can solve the problem that the port of the switch is artificially illegally shorted (also called illegal self-loop) by a simpler method under the condition that the switch does not start the loop detection.
In a possible embodiment, it is understood that, the link scanning module 101 is configured to poll and monitor connection statuses of ports of a switch, and when there is a change in the connection status of a port, send a link change trap message to the LLDP module 102, including: when the connection state of the port is converted from the link up state to the link down state or from the link down state to the link up state, sending a link change trap message to the LLDP module 102; the content of the link change trap message includes a trap type (such as link-change, which can be customized), a name or a number of a port whose connection state changes, and a current connection state of the port whose connection state changes, where the current connection state is a link up state or a link down state.
In a possible embodiment, the LLDP module 102 is configured to read LLDP neighbor information of a new promotion linkup port according to a received link change trap message, and includes: the method includes the steps of extracting the name or number of a port with a changed connection state and the current connection state in a link change trap message sent by a link scanning module 101, and reading LLDP neighbor information of a new promotion linkup port, or simultaneously reading the LLDP neighbor information of the new promotion linkup port and LLDP local information of all ports (called linkup ports for short) in the linkup state.
It is understood that, when the LLDP module 102 receives the link change trap message from the link scanning module 101, the name/number of the connection status change port and the current connection status in the link change trap message are extracted. Reading the LLDP neighbor information of the port (also called new link up port) whose connection state is changed from linkdown to linkup, or simultaneously reading the LLDP neighbor information of the new link up port and the LLDP local information of all the linkup ports on the switch, and performing illegal self-loop check on the port by comparing and analyzing the content of the neighbor information.
Wherein, the LLDP neighbor information of the link port includes a name or a number of the link port, a MAC (media access control) address of a neighbor port of the link port, a name or a number of the neighbor port, and a Virtual Local Area Network (VLAN) ID (identity) of the neighbor port; the LLDP local information of the linkup port includes the name or number of the linkup port, the MAC address of the linkup port, and the VLAN ID where the linkup port is located.
In a possible embodiment, the LLDP module 102 is configured to compare and analyze LLDP neighbor information of the new promoting linkup port, and perform illegal self-loop check on the new promoting linkup port, where the method includes: taking a new promotion linkup port as a port to be checked, and when the LLDP neighbor information of the new promotion linkup port is read, if the MAC (media access Control) address of the LLDP neighbor port of the port to be checked is in the MAC address range of the port of the switch, the port to be checked and the LLDP neighbor port thereof are in a self-loop state; or, when the LLDP neighbor information of the new promotion linkup port and the LLDP local information of all linkup ports on the switch are read, if the MAC address of the LLDP neighbor port of the port to be checked is the same as the MAC address of one LLDP local port of the switch, the port to be checked and the LLDP neighbor port thereof are in a self-ring state. On the basis that the port to be inspected and the LLDP neighbor port thereof are in the self-loop state, if the VLAN ID of the port to be inspected is the same as the VLAN ID of the LLDP neighbor port thereof, and the port to be inspected and the LLDP neighbor port thereof are not the group loop ports of the same loop in any loop network protocol and are not the ports participating in the spanning tree, the port to be inspected and the LLDP neighbor port thereof are determined to be in the illegal self-loop state currently.
It can be understood that, when the LLDP module 102 receives the link change trap message sent by the link scanning module 101, the LLDP module 102 may read LLDP neighbor information of a new link up port therein, or may obtain LLDP local information of all link up ports in the switch at the same time.
The new promotion linkup port is a port to be checked, comparison and analysis are carried out according to LLDP neighbor information of the port to be checked, and two checking methods are adopted when illegal self-loop checking is carried out on the port to be checked.
The first illegal self-ring checking method can be seen from fig. 2, where the LLDP module 102 reads the LLDP neighbor information of the port to be checked and the MAC address range of the port of the switch, and if the MAC address of the LLDP neighbor port of the port to be checked is within the MAC address range of the port of the switch, the port to be checked and the neighbor port thereof are in a self-ring state. At this time, it is determined whether VLAN IDs of the port to be checked and the neighboring port are the same, and if yes, the port to be checked and the neighboring port are not a ring group port of the same ring in any ring network protocol, nor a port participating in spanning tree, and when the above conditions are satisfied, the LLDP module 102 considers that the port to be checked and the neighboring port are in an illegal short-circuit state (illegal self-ring state), and both the two ports are illegal short-circuit ports. As long as one of the conditions is not satisfied, the LLDP block 102 considers that the port to be checked is not an illegally shorted port.
A second optional illegal self-ring checking method can be seen from fig. 3, where the LLDP module 102 reads the LLDP neighbor information of the current port to be checked and the local information of all LLDP ports on the switch, and if the MAC address of the LLDP neighbor port of the port to be checked is the same as the MAC address of one of the LLDP local ports of the switch, the port to be checked and its neighbor port are considered to be in a self-ring state. At this time, it is determined whether VLAN (Virtual local area network) IDs (identities) of the port to be checked and the neighboring ports are the same, and if so, the port to be checked and the neighboring ports are not a group ring port of the same ring in any ring network protocol, nor a participating spanning tree port, and when the above conditions are satisfied, the LLDP module 102 considers that the port to be checked and the neighboring ports are in an illegal short-circuit state (illegal self-loop state), and both the ports are illegal short-circuit ports. As long as one of the conditions is not satisfied, the LLDP block 102 considers that the port to be checked is not an illegally shorted port.
In a possible embodiment, the LLDP module 102 is further configured to update the illegal self-ring tags of all the ports in real time, where the update process includes: when any port is not an illegal self-loop port before but is an illegal self-loop port currently, considering that any port is a newly promoted illegal self-loop port, and setting an illegal self-loop mark of any port to be 1; when the port is not the illegal self-ring port before but is in the linkdown state currently, the port is considered to have the illegal self-ring state removed, and the illegal self-ring flag of the port is set to 0.
It will be appreciated that the illegal self-loop tag of each port on the switch reflects the illegal self-loop status of the port in real time. For example, when a port is in an illegal self-loop state, the illegal self-loop of the port is marked as 1; when a port is not in an illegal self-loop state, the illegal self-loop flag of the port is 0.
After performing illegal self-loop check on the port to be checked according to the LLDP neighbor information of the port to be checked, the LLDP module 102 re-marks the illegal self-loop state of the port to be checked according to the illegal self-loop check result. If the port is not an illegal self-ring port before (the previous illegal self-ring flag is 0), and is now an illegal self-ring port, the LLDP module 102 may consider the port as a new promoted illegal self-ring port, and set its illegal self-ring flag to 1; if the port is previously an illegal self-ring port (the previous illegal self-ring is marked as 1), and is not an illegal self-ring port now, the LLDP module 102 considers that the port has released the illegal self-ring state and sets its illegal self-ring flag to 0.
In a possible implementation manner, the LLDP module 102 is further configured to: and when the port to be detected is a new promotion illegal self-loop port, setting the port state of the port to be detected to be a forbidden state, and starting an illegal short circuit timer of the port to be detected for timing.
It can be understood that, when the LLDP module 102 receives the port link up message sent by the link scan module, the LLDP module 102 reads the neighbor information of the port, and by analyzing the content of the neighbor information of the port, the LLDP module 102 performs illegal self-loop check on the port. When the port is determined to be a new promoted illegal self-loop port, the LLDP module 102 sets the illegal self-loop flag of the port to 1, and then disables the port (i.e. sets the port status to disable) so as to avoid generating a loop storm. Meanwhile, the illegal short-circuit timer of the port is started for timing, the overtime time of all the illegal short-circuit timers of the port can be uniformly configured, and the default time is 5 minutes.
When the LLDP module 102 receives the port linkdown message sent by the link scanning module, the LLDP module 102 checks the illegal self-loop flag before the port, and if the illegal self-loop flag before the port is 1, that is, the port is an illegal self-loop port before the port, the port is considered to have released the illegal self-loop state, the port is enabled (that is, the port state is set to enable), and meanwhile, the illegal self-loop flag of the port is cleared, and the illegal short-circuit timer of the port is deleted.
In a possible implementation manner, the LLDP module 102 is further configured to: if the illegal short-circuit timer of the port to be inspected is overtime, the port to be inspected is enabled temporarily, the neighbor information of the port to be inspected is read again, and the illegal self-loop inspection is performed on the port to be inspected again by analyzing the neighbor information; if the port to be detected is judged to have the removed illegal self-loop state, the enabling state of the port to be detected is continuously kept, the illegal self-loop mark is cleared, and the corresponding illegal short-circuit timer is deleted; if the port to be detected is still in the illegal self-loop state, the port to be detected is forbidden again, and the corresponding illegal short-circuit timer is reset to zero after the overtime time is cleared, and then timing is restarted.
It is understood that whenever the illegal short timer of a certain port times out, the LLDP module 102 will temporarily enable the port and read the neighbor information of the port again, and by analyzing the content of the neighbor information of the port, the LLDP module 102 will perform illegal self-loop check on the port again. If the port is judged to have removed the illegal self-loop state, the LLDP module 102 will continue to maintain the enabled state of the port, clear the illegal self-loop flag of the port, and delete the illegal short-circuit timer of the port; if the port is still in the illegal self-loop state, the port is forbidden again, and the illegal short-circuit timer of the port is cleared to zero and then timing is restarted. Since the time period of the re-enabling-illegal self-loop checking-disabling of the illegal self-loop port is within 1 second and is very short, the network communication is not obviously influenced.
In a possible embodiment, the link scanning module 101 is further configured to: after detecting that the disabled connected port is re-enabled, a link up message of the re-enabled port is also sent to the LLDP module 102, so that after receiving the link up message, the LLDP module 102 reads the neighbor information of the re-enabled port again, and performs illegal self-loop check on the neighbor information.
It is understood that the link scan module 101 sends a message of the port linkup to the LLDP module 102 after detecting that the disabled connected port is re-enabled. After receiving the linkup message of the port, the LLDP module 102 may also read the neighbor information of the port again according to the above operation steps, perform illegal self-loop check on the port, and perform corresponding subsequent processing according to the result of the illegal self-loop check. However, since there is a certain delay in message passing between modules, this scheme is only used as a supplementary measure to prevent illegal self-loop check omission.
In a possible embodiment, the system further includes an alarm module 103, where the alarm module 103 is configured to receive a port illegal self-loop trap message sent by the LLDP module 102 or a trap message of a port removing the illegal self-loop; and triggering or removing the illegal self-loop alarm output of the corresponding port according to the illegal self-loop trap message of the port or the illegal self-loop trap message of the port. When the port is an illegal self-loop port of new promotion, the LLDP module sends an illegal self-loop trap message of the port to the alarm module; when the port removes the illegal self-loop state, the LLDP module sends a trap message of removing the illegal self-loop of the port to the alarm module; the contents of the port illegal self-loop trap message or the port illegal self-loop trap message release include a trap type, a name or a number of the illegal self-loop state change port, and a current illegal self-loop state of the illegal self-loop state change port, where the current illegal self-loop state is an illegal self-loop or an illegal self-loop release.
It is understood that when the LLDP module 102 detects that a port is a new promoted illegal self-loop port or a port has released the illegal self-loop state, it will send a port illegal self-loop trap message or a release illegal self-loop trap message to the alarm module 103. When a port is not in the illegal self-loop state before, and is in the illegal self-loop state now, the LLDP module 102 sends a port illegal self-loop trap message to the alarm module 103; when a port is in the illegal self-loop state before, and is not in the illegal self-loop state now, the LLDP module 102 sends a port de-illegal self-loop trap message to the alarm module 103.
The contents of the port illegal self-loop trap message or the port illegal self-loop trap message release include a trap type (such as self-defining), a name or a number of the illegal self-loop state change port, a current illegal self-loop state of the illegal self-loop state change port, and the current illegal self-loop state is an illegal self-loop or an illegal self-loop release.
After receiving the port illegal self-loop trap message or the port illegal self-loop trap message released from the LLDP module 102, the alarm module 103 triggers or releases the display of the illegal self-loop alarm information of the corresponding port according to the content of the message, and turns on or off the relay, the indicator light, the upper computer and other related alarm outputs.
Referring to fig. 4, it is a flowchart of the whole process of performing the illegal short detection processing on the switch port according to the present invention, specifically, the link scanning module continuously polls and monitors the linkup state and the linkdown state of each port of the switch, and when detecting that the connection state of the port changes, sends a link change trap message to the LLDP module.
And when the connection state of the port is changed from the linkdown state to the linkup state, the link scanning module sends a link change trap message of the port linkup to the LLDP module. And when the LLDP module receives the link change trap message of the port linkup, reading the neighbor information of the port, carrying out illegal self-loop check on the port according to the neighbor information of the port, and then carrying out corresponding processing according to the result of the illegal self-loop check.
If the port is an illegal self-loop port, determine whether the port is an illegal self-loop port of the new promotion (by checking whether the illegal self-loop flag before the port is 0). If the port is an illegal self-loop port of new promotion, the LLDP module sets the illegal self-loop mark of the port to 1, sends a trap message of the illegal self-loop of the port to the alarm module, then forbids the port, and simultaneously starts an illegal short-circuit timer of the port for timing. And after receiving the port illegal self-loop trap message sent by the LLDP module, the alarm module triggers the display of the illegal self-loop alarm information of the corresponding port and turns on a relay, an indicator light, an upper computer and other related alarm outputs. If the port is not the new promotion illegal self-loop port, the LLDP module disables the port again, and starts timing again after the timeout time of the illegal short circuit timer of the port is cleared. When the illegal short-circuit timer of the port is overtime, the LLDP module can temporarily enable the port, re-read the neighbor information of the port, and perform illegal self-loop check and subsequent illegal self-loop mark updating processing on the port.
If the port is not an illegal self-loop port, the LLDP module checks the illegal self-loop mark of the port, if the port is an illegal self-loop port before (the previous illegal self-loop mark is 1), the LLDP module enables the port, clears the illegal self-loop mark of the port to zero, deletes the illegal short-circuit timer of the port, and sends a trap message for removing the illegal self-loop of the port to the alarm module. And after receiving the port illegal self-loop trap removing message sent by the LLDP module, the alarm module removes the display of the illegal self-loop alarm information of the corresponding port and closes all other related alarm outputs such as a relay, an indicator light, an upper computer and the like.
And when the connection state of the port is changed from the linkup state to the linkdown state, the link scanning module sends a link change trap message of the port linkdown to the LLDP module. When the LLDP module receives a link change trap message of a port linkdown sent by the link scanning module, checking an illegal self-loop mark of the port, enabling the port by the LLDP module if the port is an illegal self-loop port (the previous illegal self-loop mark is 1), clearing the illegal self-loop mark of the port, deleting an illegal short-circuit timer of the port, and sending the trap message of removing the illegal self-loop of the port to the alarm module. And after receiving the port illegal self-loop trap removing message sent by the LLDP module, the alarm module removes the display of the illegal self-loop alarm information of the corresponding port and closes all other related alarm outputs such as a relay, an indicator light, an upper computer and the like.
Referring to fig. 5, the method for detecting an illegal short circuit of a switch port according to the present invention mainly includes: 501. polling and monitoring the connection state of each port of the switch; 502. and when the connection state of the port is changed, reading and analyzing the LLDP neighbor information of the new promoting linkup port, and carrying out illegal self-loop check on the port, wherein the new promoting linkup port is a port of which the connection state is changed from linkdown to linkup.
Reading and analyzing LLDP neighbor information of a new promotion linkup port, and performing illegal self-loop check on the new promotion linkup port comprises the following steps: taking the new promotion linkup port as a port to be checked, and if the MAC address of the LLDP neighbor port of the port to be checked is in the MAC address range of the port of the switch, or the MAC address of the LLDP neighbor port of the port to be checked is the same as the MAC address of one LLDP local port of the switch, enabling the port to be checked and the LLDP neighbor port thereof to be in a self-loop state; on the basis that the port to be checked and the LLDP neighbor port thereof are in the self-loop state, if the VLAN IDs of the port to be checked and the LLDP neighbor port thereof are the same, and the port to be checked and the LLDP neighbor port thereof are not the group loop ports of the same loop in any ring network protocol, nor the ports participating in the spanning tree, the port to be checked and the LLDP neighbor port thereof are determined to be in the illegal self-loop state currently.
It can be understood that the method for detecting an illegal short circuit of a switch port provided in this embodiment corresponds to the system for detecting an illegal short circuit of a switch port provided in each of the foregoing embodiments, and the relevant technical features of the method for detecting an illegal short circuit of a switch port may refer to the relevant technical features of the system for detecting an illegal short circuit of a switch port, and will not be described again here.
The invention provides a detection system and a detection method for illegal short circuit of ports of a switch, which poll and monitor the connection state of each port of the switch; when the connection state of the port is changed, reading LLDP neighbor information of the port (also called a new promotion link port) of which the connection state is changed from linkdown to linkup, comparing and analyzing the LLDP neighbor information, carrying out illegal self-loop check on the new promotion link port, and carrying out real-time update processing on illegal self-loop marks of all the ports; the invention can solve the problem that the port of the exchanger is artificially illegally short-circuited (also called illegal self-loop) by a simpler method under the condition that the exchanger does not start the loop-back detection.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A detection system for illegal short circuit of a port of a switch is characterized by comprising a link scanning module and an LLDP module;
the link scanning module is used for polling and monitoring the connection state of each port of the switch, and sending a link change trap message to the LLDP module when the connection state of the port changes;
the LLDP module is used for reading the LLDP neighbor information of the new promotion linkup port according to the received link change trap message; comparing and analyzing the LLDP neighbor information, and performing illegal self-loop check on the new promotion linkup port;
and the new promotion linkup port is a port of which the connection state is changed from a linkdown state to a linkup state.
2. The detection system according to claim 1, wherein the link scanning module is configured to poll and monitor connection statuses of the ports of the switch, and when there is a change in the connection status of a port, send a link change trap message to the LLDP module, and includes:
when the connection state of the port is converted into a linkdown state from a linkup state or is converted into a linkup state from a linkdown state, sending a link change trap message to the LLDP module;
the content of the link change trap message includes a trap type, a name or a number of a port with a changed connection state, and a current connection state of the port with the changed connection state, where the current connection state is a linkup state or a linkdown state.
3. The detection system according to claim 2, wherein the LLDP module is configured to read LLDP neighbor information of a new promoting linkup port according to the received link change trap message, and includes:
extracting the name or number of a port with changed connection state and the current connection state in a link change trap message sent by the link scanning module, and reading the LLDP neighbor information of a new promotion linkup port in the port;
or reading the LLDP neighbor information of the new promotion linkup port and the LLDP local information of all the linkup ports.
4. The detection system according to claim 3, wherein the LLDP neighbor information of the new promotional linkup port includes a name or number of the linkup port, a MAC address of a neighbor port of the linkup port, a name or number of the neighbor port, and a VLANID of the neighbor port;
the LLDP local information of the linkup port comprises the name or the number of the linkup port, the MAC address of the linkup port and the VLANID where the linkup port is located.
5. The detection system according to claim 4, wherein the LLDP module is configured to compare and analyze LLDP neighbor information of the new promoting linkup port, and perform illegal self-loop check on the new promoting linkup port, and includes:
taking the new promotion linkup port as a port to be checked, and when reading the LLDP neighbor information of the new promotion linkup port, if the MAC address of the LLDP neighbor port of the port to be checked is in the MAC address range of the port of the switch, the port to be checked and the LLDP neighbor port thereof are in a self-ring state; or, when reading the LLDP neighbor information of a new promotion linkup port and the LLDP local information of all linkup ports, if the MAC address of the LLDP neighbor port of the port to be checked is the same as the MAC address of one LLDP local port in the local switch, the port to be checked and the LLDP neighbor port thereof are in a self-loop state;
on the basis that the port to be checked and the LLDP neighbor port thereof are in the self-loop state, if the VLANID of the port to be checked and the LLDP neighbor port thereof is the same, and the port to be checked and the LLDP neighbor port thereof are not the group loop ports of the same loop in any loop network protocol and are not the ports participating in the spanning tree, determining that the port to be checked and the LLDP neighbor port thereof are currently in the illegal self-loop state.
6. The detection system according to claim 5, wherein the LLDP module is further configured to update the illegal self-loop tags of all the ports in real time, and includes:
when any port is not an illegal self-loop port before but is an illegal self-loop port currently, considering that any port is a newly promoted illegal self-loop port, and setting an illegal self-loop mark of any port to be 1;
and when the any port is not the illegal self-loop port before but is the illegal self-loop port currently or the current connection state of the any port is the linkdown state, considering that the illegal self-loop state of the any port is released, and setting the illegal self-loop mark of the any port to be 0.
7. The detection system of claim 6, wherein the LLDP module is further configured to:
and when the port to be checked is a newly promoted illegal self-loop port, setting the port state of the port to be checked to be a forbidden state, and starting an illegal short circuit timer of the port to be checked for timing.
8. The detection system of claim 7, wherein the LLDP module is further configured to:
if the illegal short-circuit timer of the port to be inspected is overtime, the port to be inspected is enabled temporarily, neighbor information of the port to be inspected is read again actively, and illegal self-loop inspection is performed on the port to be inspected again by analyzing the neighbor information; or, after receiving a link change trap message of the port linkup sent by the link scanning module when detecting that the port to be checked is enabled again, reading the neighbor information of the port to be checked again, and performing illegal self-loop check on the port to be checked again;
if the port to be detected is judged to have the removed illegal self-loop state, the enabling state of the port to be detected is continuously kept, the illegal self-loop mark is cleared, and the corresponding illegal short-circuit timer is deleted;
if the port to be detected is still in the illegal self-loop state, the port to be detected is forbidden again, and the corresponding illegal short-circuit timer is reset to zero after the overtime time is cleared, and then timing is restarted.
9. The detection system of claim 8, wherein the LLDP module is further configured to:
and for the port of which the connection state is converted into the linkdown state from the linkup state, if the port is an illegal self-loop port before, enabling the port, resetting the illegal self-loop mark of the port, and deleting the corresponding illegal short-circuit timer.
10. The detection system according to any one of claims 1-9, wherein the system further comprises an alarm module;
the alarm module is used for receiving a port illegal self-loop trap message or a port illegal self-loop-released trap message sent by the LLDP module; triggering or removing the illegal self-loop alarm output of the corresponding port according to the illegal self-loop trap message of the port or the illegal self-loop trap message of the port;
when the port is an illegal self-loop port of new promotion, the LLDP module sends an illegal self-loop trap message of the port to the alarm module; when the port removes the illegal self-loop state, the LLDP module sends a trap message of removing the illegal self-loop of the port to the alarm module;
the contents of the port illegal self-loop trap message or the port illegal self-loop trap message release include a trap type, a name or a number of an illegal self-loop state change port, and a current illegal self-loop state of the illegal self-loop state change port, where the current illegal self-loop state is an illegal self-loop or an illegal self-loop release.
CN202110140934.5A 2021-02-02 2021-02-02 Detection system for illegal short circuit of switch port Active CN112968846B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110140934.5A CN112968846B (en) 2021-02-02 2021-02-02 Detection system for illegal short circuit of switch port

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110140934.5A CN112968846B (en) 2021-02-02 2021-02-02 Detection system for illegal short circuit of switch port

Publications (2)

Publication Number Publication Date
CN112968846A true CN112968846A (en) 2021-06-15
CN112968846B CN112968846B (en) 2022-08-16

Family

ID=76273231

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110140934.5A Active CN112968846B (en) 2021-02-02 2021-02-02 Detection system for illegal short circuit of switch port

Country Status (1)

Country Link
CN (1) CN112968846B (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1859230A (en) * 2005-12-31 2006-11-08 华为技术有限公司 Method for detecting link physical self ring
CN101459536A (en) * 2008-12-29 2009-06-17 杭州华三通信技术有限公司 Port configuration method and switching device
CN101707538A (en) * 2009-11-25 2010-05-12 烽火通信科技股份有限公司 Method for detecting and automatically recovering Ethernet loopback
CN102271063A (en) * 2011-07-22 2011-12-07 中兴通讯股份有限公司 Self loop detecting method and system
CN103858388A (en) * 2013-10-08 2014-06-11 华为技术有限公司 Loop detection method and apparatus
US20160072694A1 (en) * 2014-09-04 2016-03-10 Accedian Networks Inc. System and method for loopback and network loop detection and analysis
CN105933180A (en) * 2016-04-12 2016-09-07 上海斐讯数据通信技术有限公司 Switch-based loop detection device and loop detection method
CN108337111A (en) * 2018-01-05 2018-07-27 新华三技术有限公司 Obtain the method and device of network node topology
CN109347705A (en) * 2018-12-07 2019-02-15 北京东土科技股份有限公司 A kind of loop detecting method and device
CN109391526A (en) * 2018-11-27 2019-02-26 锐捷网络股份有限公司 A kind of detection method and device of network loop
CN110391957A (en) * 2019-07-26 2019-10-29 新华三技术有限公司合肥分公司 Loop detecting method and device
CN111314180A (en) * 2020-02-27 2020-06-19 深圳震有科技股份有限公司 Ethernet link test method, terminal and storage medium
CN111901234A (en) * 2020-08-12 2020-11-06 深圳市信锐网科技术有限公司 Network loop processing method, system and related equipment
CN112134775A (en) * 2020-09-25 2020-12-25 苏州浪潮智能科技有限公司 Switch loop detection method and device

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1859230A (en) * 2005-12-31 2006-11-08 华为技术有限公司 Method for detecting link physical self ring
CN101459536A (en) * 2008-12-29 2009-06-17 杭州华三通信技术有限公司 Port configuration method and switching device
CN101707538A (en) * 2009-11-25 2010-05-12 烽火通信科技股份有限公司 Method for detecting and automatically recovering Ethernet loopback
CN102271063A (en) * 2011-07-22 2011-12-07 中兴通讯股份有限公司 Self loop detecting method and system
CN103858388A (en) * 2013-10-08 2014-06-11 华为技术有限公司 Loop detection method and apparatus
US20160072694A1 (en) * 2014-09-04 2016-03-10 Accedian Networks Inc. System and method for loopback and network loop detection and analysis
CN105933180A (en) * 2016-04-12 2016-09-07 上海斐讯数据通信技术有限公司 Switch-based loop detection device and loop detection method
CN108337111A (en) * 2018-01-05 2018-07-27 新华三技术有限公司 Obtain the method and device of network node topology
CN109391526A (en) * 2018-11-27 2019-02-26 锐捷网络股份有限公司 A kind of detection method and device of network loop
CN109347705A (en) * 2018-12-07 2019-02-15 北京东土科技股份有限公司 A kind of loop detecting method and device
CN110391957A (en) * 2019-07-26 2019-10-29 新华三技术有限公司合肥分公司 Loop detecting method and device
CN111314180A (en) * 2020-02-27 2020-06-19 深圳震有科技股份有限公司 Ethernet link test method, terminal and storage medium
CN111901234A (en) * 2020-08-12 2020-11-06 深圳市信锐网科技术有限公司 Network loop processing method, system and related equipment
CN112134775A (en) * 2020-09-25 2020-12-25 苏州浪潮智能科技有限公司 Switch loop detection method and device

Also Published As

Publication number Publication date
CN112968846B (en) 2022-08-16

Similar Documents

Publication Publication Date Title
CN108429637B (en) System and method for dynamically detecting process layer network topology of intelligent substation
CN108306748B (en) Network fault positioning method and device and interaction device
US7672245B2 (en) Method, device, and system for detecting layer 2 loop
CN109104438B (en) Botnet early warning method and device in narrow-band Internet of things and readable storage medium
US20060034305A1 (en) Anomaly-based intrusion detection
KR101375813B1 (en) Active security sensing device and method for intrusion detection and audit of digital substation
CN111988309B (en) ICMP hidden tunnel detection method and system
CN112769833B (en) Method and device for detecting command injection attack, computer equipment and storage medium
CN103051597A (en) Method for realizing address resolution protocol (ARP) deception detection on switch
CN111800432A (en) Anti-brute force cracking method and device based on log analysis
CN113225342B (en) Communication abnormality detection method and device, electronic equipment and storage medium
CN112968846B (en) Detection system for illegal short circuit of switch port
CN107241216A (en) Maintain the method and device of the stable transmission of critical data
CN102104606B (en) Worm detection method of intranet host
US8064454B2 (en) Protocol incompatibility detection
CN110535699B (en) Infrastructure determination method and device, electronic equipment and readable storage medium
CN112583763B (en) Intrusion detection device and intrusion detection method
CN111835641B (en) Fault detection method, server and acquisition equipment
US9565583B2 (en) Monitoring device and monitoring system
CN110908956A (en) Information protection main station system and fault information filing method thereof
CN114285769B (en) Shared internet surfing detection method, device, equipment and storage medium
CN112565259B (en) Method and device for filtering DNS tunnel Trojan communication data
CN104348676A (en) Link detection method and device based on operation administration and maintenance
CN112787846A (en) Equipment discovery method and device and computer equipment
CN103368850B (en) The processing method of a kind of purpose unknown unicast message and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant