CN113727222A - Method and device for detecting MAC address drift in PON system - Google Patents
Method and device for detecting MAC address drift in PON system Download PDFInfo
- Publication number
- CN113727222A CN113727222A CN202110945762.9A CN202110945762A CN113727222A CN 113727222 A CN113727222 A CN 113727222A CN 202110945762 A CN202110945762 A CN 202110945762A CN 113727222 A CN113727222 A CN 113727222A
- Authority
- CN
- China
- Prior art keywords
- mac address
- message
- port
- drift
- learned
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 230000002159 abnormal effect Effects 0.000 claims abstract description 77
- 238000001514 detection method Methods 0.000 claims abstract description 38
- 238000011144 upstream manufacturing Methods 0.000 claims description 17
- 230000003287 optical effect Effects 0.000 abstract description 5
- 230000009286 beneficial effect Effects 0.000 abstract 1
- 230000006399 behavior Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000011895 specific detection Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 230000010355 oscillation Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q11/0067—Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5053—Lease time; Renewal aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q2011/0079—Operation or maintenance aspects
- H04Q2011/0083—Testing; Monitoring
Abstract
The invention discloses a method and a device for detecting MAC address drift in a PON system, which relate to the field of passive optical networks and comprise the following steps: and establishing an uplink MAC address learning table and a downlink MAC address learning table, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information. And when the two-layer service port receives an external data message, learning the source MAC address of the message, and positioning the abnormal drift ONU and the service flow attribute thereof according to the learning condition. The invention has the beneficial effects that: under the condition of not increasing the complexity of the PON system too much, the learning content of the OLT line card is optimized, the MAC address drift is rapidly detected and processed, and the detection precision and the detection efficiency are improved.
Description
Technical Field
The present invention relates to the technical field of PON (Passive Optical Network ), and in particular, to a method and an apparatus for detecting MAC address drift in a PON system.
Background
With the complete landing of the last kilometer of light entering and exiting of the broadband access network, the PON technology and equipment are applied in a large scale.
The PON system is composed of an OLT (Optical Line Terminal), an ODN (Optical Distribution Network), and an ONU (Optical Network Unit), where the ONU includes an SFU (Single family Unit, Single Dwelling Unit) and an MDU (Multi-Dwelling Unit ).
In the prior art, when identifying a Medium Access Control (MAC) address drift of an OLT line card end, a Central Processing Unit (CPU) of the OLT line card has a high Processing pressure, a detection granularity of the CPU is only based on a PON port, drift inside a rogue ONU cannot be located, a specific ONU and a service flow of the specific ONU cannot be located, and detection accuracy and detection efficiency are low.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to overcome the defects in the prior art, and provides a method and a device for detecting the MAC address drift in a PON system, so that the MAC address drift can be quickly detected and processed by optimizing the learning content of an OLT line card under the condition of not increasing the complexity of the PON system too much.
In order to achieve the above purposes, the technical scheme adopted by the invention is as follows:
a method for detecting MAC address drift in a PON system comprises the following steps:
establishing an uplink MAC address learning table and a downlink MAC address learning table, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information;
and when the two-layer service port receives an external data message, learning the source MAC address of the message, and positioning the abnormal drift ONU and the service flow attribute thereof according to the learning condition.
On the basis of the technical scheme, each item of MAC address table information of the uplink MAC address learning table comprises an MAC address, link information and a UNI port number;
each item of MAC address table information of the downlink MAC address learning table comprises an MAC address and an NNI port number;
when the PON system is an EPON system, the link information is LLID;
and when the PON system is a GPON system, the link information is the GEMPORT ID.
On the basis of the above technical solution, when the two-layer service port receives an external data packet, the learning of the source MAC address of the packet specifically includes:
judging whether the source MAC address of the message is learned or not based on the uplink MAC address learning table and the downlink MAC address learning table;
if the source MAC address of the message is learned, judging whether MAC address drift occurs or not and judging the type of the MAC address drift according to the consistency between the port of the source MAC address and the port of the message which is currently received and the consistency between the link information of the source MAC address and the link information of the message;
if the port of the source MAC address is learned to be consistent with the port of the message currently received, and the link information of the source MAC address is learned to be consistent with the link information of the message, the learning condition is that the MAC address drift does not occur.
On the basis of the above technical solution, the determining the type of the MAC address drift includes:
for the uplink data message, if the source MAC address of the message is not learned in the uplink MAC address learning table, but the source MAC address of the message is learned in the downlink MAC address learning table, judging that abnormal MAC address drift occurs from the NNI port to the UNI port;
for an uplink data message, if a source MAC address of the message is learned in an uplink MAC address learning table, a port of the source MAC address is learned to be consistent with a port of the message currently received, and link information of the source MAC address is learned to be inconsistent with link information of the message, abnormal MAC address drift is judged to occur in the same UNI port;
for an uplink data message, if a source MAC address of the message is learned in an uplink MAC address learning table, and a port of the source MAC address is not consistent with a port of the message currently received, judging that abnormal MAC address drift occurs between different UNI ports;
for the downlink data message, if the source MAC address of the message is not learned in the downlink MAC address learning table, but the source MAC address of the message is learned in the uplink MAC address learning table, the normal MAC address drift from the UNI port to the NNI port is judged.
On the basis of the technical scheme, the positioning of the abnormal drift ONU and the service flow attribute thereof according to the learning condition specifically comprises the following steps:
and when the learning condition is that abnormal MAC address drift is judged to occur, reporting a source MAC address and link information contained in the message and a port number currently receiving the message to a CPU of the OLT line card, and discarding the message after the CPU positions the abnormal drift ONU and the service flow attribute thereof according to the source MAC address, the link information and the port number.
The invention also provides a device for detecting the MAC address drift in the PON system, which is arranged in the OLT line card and comprises:
a MAC address learning table configuration module, configured to: establishing an uplink MAC address learning table and a downlink MAC address learning table, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information;
a message processing module, configured to: when the two-layer service port receives an external data message, the source MAC address of the message is learned, and the abnormal drift ONU and the service flow attribute thereof are positioned according to the learning condition.
On the basis of the technical scheme, each item of MAC address table information of the uplink MAC address learning table comprises an MAC address, link information and a UNI port number;
each item of MAC address table information of the downlink MAC address learning table comprises an MAC address and an NNI port number;
when the PON system is an EPON system, the link information is LLID;
and when the PON system is a GPON system, the link information is the GEMPORT ID.
On the basis of the above technical solution, when the message processing module determines that the external data message is received by the two-layer service port, the specific operation of learning the source MAC address of the message includes:
the message processing module judges whether the source MAC address of the message is learned or not based on the uplink and downlink MAC address learning tables;
if the source MAC address of the message is learned, judging whether MAC address drift occurs or not and judging the type of the MAC address drift according to the consistency between the port of the source MAC address and the port of the message which is currently received and the consistency between the link information of the source MAC address and the link information of the message;
if the port of the source MAC address is learned to be consistent with the port of the message currently received, and the link information of the source MAC address is learned to be consistent with the link information of the message, the learning condition is that the MAC address drift does not occur.
On the basis of the above technical solution, the determining the type of the MAC address drift includes:
for the uplink data message, if the source MAC address of the message is not learned in the uplink MAC address learning table, but the source MAC address of the message is learned in the downlink MAC address learning table, judging that abnormal MAC address drift occurs from the NNI port to the UNI port;
for an uplink data message, if a source MAC address of the message is learned in an uplink MAC address learning table, a port of the source MAC address is learned to be consistent with a port of the message currently received, and link information of the source MAC address is learned to be inconsistent with link information of the message, abnormal MAC address drift is judged to occur in the same UNI port;
for an uplink data message, if a source MAC address of the message is learned in an uplink MAC address learning table, and a port of the source MAC address is not consistent with a port of the message currently received, judging that abnormal MAC address drift occurs between different UNI ports;
for the downlink data message, if the source MAC address of the message is not learned in the downlink MAC address learning table, but the source MAC address of the message is learned in the uplink MAC address learning table, the normal MAC address drift from the UNI port to the NNI port is judged.
On the basis of the above technical solution, the specific operation of the message processing module to locate the abnormal drift ONU and its service flow attribute according to the learning condition includes:
and when the learning condition is that abnormal MAC address drift occurs, the message processing module reports a source MAC address and link information contained in the message and a port number currently receiving the message to a CPU of the OLT line card, and the CPU discards the message after positioning the abnormal drift ONU and the service flow attribute thereof according to the source MAC address, the link information and the port number.
Compared with the prior art, the invention has the advantages that:
the method has the advantages that the MAC address learning mode of the OLT line card is optimized, link information is added in an uplink MAC address learning table to accurately represent the ONU and the service flow of the ONU, the rapid detection and processing of the MAC address drift are realized by monitoring the port corresponding to the source MAC address and the change of the link information, when the abnormal MAC address drift is judged, partial key information of an abnormal message is notified to a CPU of the OLT line card through an event mode, the detection flow is simplified, the pressure of the CPU is reduced, the drift inside the ONU can be detected, the specific ONU and the service flow of the specific ONU can be positioned, a specific detection message does not need to be constructed, the ONU is not influenced by the transparent transmission characteristic connected with a UNI interface downwards, the detection message is not influenced by the loss of the detection message, the requirements on the OLT line card and the ONU are not high, and the detection efficiency and the detection precision can be improved.
Drawings
Fig. 1 is a schematic flow chart of a method for detecting MAC address drift in a PON system according to an embodiment of the present invention.
Fig. 2 is a schematic flow chart illustrating a process of learning a source MAC address of an upstream data packet when a UNI port of an OLT line card receives the packet.
Fig. 3 is a schematic flow chart illustrating a process of learning a source MAC address of a downlink data packet when the NNI port of the OLT line card receives the packet.
Fig. 4 is a schematic diagram of a functional module of a detection apparatus for MAC address drift in a PON system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
In an engineering scenario of the PON system, regarding MAC address drift, there are theoretically the following scenarios:
scene one: MAC address drift occurs in the same UNI port, namely, a certain malicious user on the ONU side pretends to be the MAC address of a normal ONU user to surf the internet from different two-layer service ports of different SFUs, so that the normal ONU user can not surf the internet.
Scene two: MAC address drift occurs in the same UNI port, namely, a malicious user pretends to be the MAC address of a normal user to surf the internet from different ports of the same MDU, so that the normal ONU user can not surf the internet.
Scene three: the MAC address drifts from the NNI port to the UNI port, that is, a malicious user spoofs the MAC address coming from the NNI side of the OLT (Network Interface Network — Network Interface side, that is, Network side), which causes that the message at the Network side cannot be forwarded normally and the associated ONU user cannot surf the internet normally.
Scene four: MAC address drifting occurs in the same UNI port or between different UNI ports, namely, loops are formed between different ONUs of the same PON system, the UNI side of the OLT receives messages sent by the OLT, MAC address oscillation is formed on the UNI side, and therefore ONU users cannot surf the internet normally.
For such malicious or abnormal MAC address drift, from the perspective of an operator, it is desirable to detect and track its malicious behavior, and further limit the internet access behavior of a malicious user, so as to achieve the purpose of protecting a normal internet access user.
For the first, second and third scenes, the conventional MAC address drift detection method locates the malicious ONU through the network management information, and the MAC address drift is obtained by querying the network management information, so that the positioning efficiency and the positioning accuracy are also problematic, for example, the malicious MAC address drift in the rogue ONU cannot be detected, which results in low positioning accuracy. In the existing MAC address drift detection method, abnormal information is obtained by monitoring an update event of MAC address table information in an OLT line card switch chip, and the detection granularity is only based on the PON port, and can detect drift between different PON ports and cannot locate a specific ONU and a service flow of the specific ONU.
For the fourth scenario, the conventional MAC address drift detection method detects the drift of the MAC address by sending a specific loopback detection message to the ONU by the OLT, and if the OLT receives the loopback message sent by itself from the ONU, it is determined that an abnormal loop appears in the side loop of the ONU. However, the method has the disadvantage that the detection fails once the loopback detection message is discarded in a certain link of the network.
In an actual engineering scenario, the NNI side does not directly face the user, and generally faces upstream devices of an operator, and the network environment is relatively clean, so that MAC address drift between different NNI ports or inside the same NNI port rarely occurs, but there is a possibility that a MAC address drifts from a UNI port to an NNI port. The UNI side directly faces the user, and there are many problems of malicious user attack or counterfeiting, so the above four scenarios are more appeared. In view of this, how to adopt an accurate, effective and cheap method to detect malicious or abnormal MAC address drift of the ONU, and efficiently trace back the abnormal situation has great significance for telecommunication operators. The invention mainly solves the problem of how to quickly detect and process the MAC address drift.
As shown in fig. 1, the present invention provides a method for detecting MAC address drift in a PON system, including:
s1, establishing an uplink MAC address learning table and a downlink MAC address learning table in the memory of the OLT line card, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information.
Specifically, in the embodiment, in the uplink direction, the user equipment is docked on the UNI side of the OLT line card, and there are a lot of attack or counterfeit problems of malicious users, and it is necessary to consider whether abnormal MAC address drift occurs from the NNI port to the UNI port, whether abnormal MAC address drift occurs inside the same UNI port, or whether abnormal MAC address drift occurs between different UNI ports. Therefore, link information is added to the uplink MAC address learning table to accurately represent the ONU and its traffic attributes, and each item of MAC address table information of the uplink MAC address learning table includes a MAC address, link information, and a UNI port number. And after the OLT line card starts MAC address drift detection, judging whether abnormal MAC address drift occurs or not and the type of the abnormal MAC address drift according to whether the port number corresponding to the source MAC address of the uplink data message and the link information change or not, and positioning the abnormal drift ONU and the service flow attribute thereof based on the link information and the UNI port number, wherein the abnormal drift ONU is the ONU with the MAC address abnormal drift.
In the downstream direction, upstream devices such as BRAS (Broadband Access Server) devices, data switches, video servers and the like are butted on the NNI side of the OLT line card, the NNI side does not directly face users, the network environment is relatively clean (namely, MAC address drifting inside an NNI port or between NNI ports does not occur by default), and the method does not need to identify MAC address drifting caused by malicious users on the NNI side or locate abnormal MAC address drifting on the NNI side, and only needs to consider whether normal MAC address drifting from the UNI port to the NNI port exists or not. Therefore, each item of MAC address table information of the downstream MAC address learning table includes a MAC address, a VLAN ID, and an NNI port number. And after starting MAC address drift detection by the OLT line card, judging whether normal MAC address drift occurs according to whether the port number corresponding to the source MAC address of the downlink data message changes.
The invention allows the MAC address to drift from the UNI port to the NNI port, judges the MAC address to drift from the UNI port to the NNI port as normal MAC address drift, defaults that the MAC address drift does not occur inside the same NNI port and between different NNI ports, and judges the other MAC address drifts as abnormal MAC address drift.
When the external data message is a downlink data message, the port number is the port number of the NNI port, namely the NNI port number, and when the external data message is an uplink data message, the port number is the port number of the UNI port, namely the UNI port number.
When the PON system is an EPON system, the link information is a GEMPORT ID (GEM port identifier). When the PON system is an EPON system, the Link information is LLID (Logical Link Identifier).
And step S2, when the two-layer service port of the OLT line card receives an external data message, learning the source MAC address of the message based on the uplink and downlink MAC address learning tables to obtain a corresponding learning condition, and positioning the abnormal drift ONU and the service flow attribute thereof according to the learning condition.
Specifically, in this embodiment, after receiving a service flow sent by a downstream user equipment from a UNI port, an OLT line card needs to extract a source MAC address and link information from an uplink data packet, acquire a UNI port number of the currently received packet, and determine whether the source MAC address of the packet is learned by an uplink MAC address learning table and a downlink MAC address learning table:
and if the source MAC address of the message is not learned by the upstream MAC address learning table and the downstream MAC address learning table, updating the upstream MAC address learning table according to the source MAC address, the link information and the UNI port number corresponding to the message.
If the source MAC address of the message is learned by the uplink MAC address learning table, and the port of the source MAC address is learned to be consistent with the port of the message currently received, and the link information of the source MAC address is learned to be consistent with the link information of the message, the learning condition is that the MAC address drift does not occur.
If the source MAC address of the message is learned by the upstream MAC address learning table, the port of the source MAC address is learned to be consistent with the port of the message which is currently received, and the link information of the source MAC address is learned to be inconsistent with the link information of the message, the learning condition is to judge that the abnormal MAC address drifting occurs in the same UNI port.
If the source MAC address of the message is learned by the upstream MAC address learning table, the port of the source MAC address is not consistent with the port of the message which is currently received, and the port of the source MAC address is learned to be a UNI port, the learning condition is to judge that abnormal MAC address drifting occurs between different UNI ports.
If the source MAC address of the message is learned by the downstream MAC address learning table, the port of the source MAC address is not consistent with the port of the message which is currently received, and the port of the source MAC address is learned to be an NNI port, the learning condition is that abnormal MAC address drifting from the NNI port to the UNI port is judged.
After receiving the service flow sent by the upstream application business equipment from the NNI, the OLT line card needs to extract a source MAC address from a downlink data message, acquire the number of the NNI port currently receiving the message, and judge whether the source MAC address of the message is learned by an uplink MAC address learning table and a downlink MAC address learning table:
and if the source MAC address of the message is not learned by the uplink MAC address learning table and the downlink MAC address learning table, updating the downlink MAC address learning table according to the source MAC address corresponding to the message and the NNI port number.
If the source MAC address of the message is learned by the downlink MAC address learning table and the port of the source MAC address is an NNI port, the learning condition is that no MAC address drift occurs.
If the source MAC address of the message is learned by the upstream MAC address learning table, the port of the source MAC address is not consistent with the port of the message which is currently received, and the learned port is the UNI port, the learning condition is to judge that normal MAC address drifting from the UNI port to the NNI port occurs, and then the downstream MAC address learning table is updated according to the source MAC address corresponding to the message and the NNI port number.
Further, in this embodiment, if the learning condition is that it is determined that there is an abnormal MAC address drift, the source MAC address, link information, and port number corresponding to the abnormal packet are directly reported to the CPU of the OLT line card, and all information of the abnormal packet does not need to be sent to the CPU, so that the detection process is simplified, the CPU pressure is reduced, and the subsequent OLT line card discards the packet after completing the abnormal positioning.
The OLT line card can backtrack and backcheck the ONU ID corresponding to the abnormal message and acquire the service flow attribute (the service flow attribute is complete service information and comprises a source MAC address, link information and a port number) corresponding to the abnormal message based on the link information and the UNI port number, and can shield the network behavior of a malicious user by accurately reaching the link information level.
In summary, the MAC address learning method of the OLT line card is optimized, link information is added to the uplink MAC address learning table to accurately represent the ONU and its service flow, rapid detection and processing of MAC address drift are realized by monitoring the port corresponding to the source MAC address and the change of the link information, when it is determined that abnormal MAC address drift occurs, a CPU of the OLT line card is notified of part of key information of the abnormal message in an event manner, a detection flow is simplified, the pressure of the CPU is reduced, drift inside the ONU can be detected, a specific ONU and a service flow of the specific ONU can be located, a specific detection message does not need to be constructed, the detection is not affected by transparent transmission characteristics of the ONU connected to the interface, the detection message is not affected by loss, the requirements on the OLT line card and the ONU are not high, and detection accuracy and detection efficiency can be improved.
Based on the above embodiments, the source MAC address of the packet is learned based on the uplink and downlink MAC address learning tables in step S2 to obtain corresponding learning conditions through different embodiments, and after the two-layer service port of the OLT line card receives the external data packet, the processing methods for the uplink data packet and the downlink data packet are different.
As shown in fig. 2, in step S2, when the UNI port of the OLT line card receives an upstream data packet, the specific step of learning the source MAC address of the packet based on the upstream and downstream MAC address learning tables to obtain a corresponding learning condition includes:
step S21a, the OLT line card extracts the source MAC address and link information from the uplink data packet, acquires the UNI port number of the currently received packet, and determines whether the source MAC address of the packet is learned by the uplink and downlink MAC address learning tables:
if yes, go to step S22 a;
if not, updating the uplink MAC address learning table according to the source MAC address, the link information and the UNI port number corresponding to the message;
step S22a, determining whether the source MAC address of the packet is learned from the upstream MAC address learning table:
if yes, go to step S23 a;
if not, the learning condition is to judge that abnormal MAC address drift occurs from the NNI port to the UNI port;
step S23a, determining whether the port that learns the source MAC address is consistent with the port that currently receives the packet:
if yes, go to step S24 a;
if not, the learning condition is to judge that abnormal MAC address drift occurs among different UNI ports;
step S24a, determining whether the learned link information of the source MAC address is consistent with the link information of the packet:
if yes, the learning condition is that the MAC address drift does not occur;
if not, the learning condition is to judge that abnormal MAC address drift occurs in the same UNI port.
In this embodiment, in step S21a, if it is determined that the source MAC address of the uplink data packet has been learned by the uplink MAC address learning table or the downlink MAC address learning table, step S22a is performed. And if the message is not learned by the uplink MAC address learning table or the downlink MAC address learning table, updating the uplink MAC address learning table according to the source MAC address, the link information and the UNI port number corresponding to the message.
In step S22a, for the upstream packet, if the source MAC address of the packet is not learned in the upstream MAC address learning table but is learned in the downstream MAC address learning table, it is determined that an abnormal MAC address drift occurs from the NNI port to the UNI port.
As shown in fig. 3, in step S2, when the NNI port of the OLT line card receives a downlink data packet, the specific step of learning the source MAC address of the packet based on the uplink and downlink MAC address learning tables to obtain a corresponding learning condition includes:
step S21b, the OLT line card extracts the source MAC address from the downlink data packet, obtains the NNI port number of the currently received packet, and determines whether the source MAC address of the packet is learned by the uplink and downlink MAC address learning tables:
if yes, go to step S22 b;
if not, updating a downlink MAC address learning table according to the source MAC address corresponding to the message and the NNI port number;
step S22b, determining whether the source MAC address of the packet is learned from the downlink MAC address learning table:
if yes, the learning condition is that the MAC address drift does not occur;
if not, the learning condition is to judge that normal MAC address drift from the UNI port to the NNI port occurs, and the downlink MAC address learning table is updated according to the source MAC address corresponding to the message and the NNI port number.
In this embodiment, in step S21b, if it is determined that the source MAC address of the downlink data packet has been learned by the uplink MAC address learning table or the downlink MAC address learning table, step S22b is performed. And if the message is not learned by the uplink MAC address learning table or the downlink MAC address learning table, updating the downlink MAC address learning table according to the source MAC address, the link information and the UNI port number corresponding to the message.
In step S22b, for a downlink data packet, if the source MAC address of the packet is not learned in the downlink MAC address learning table, but the source MAC address of the packet is learned in the uplink MAC address learning table, it is determined that a normal MAC address drift occurs from the UNI port to the NNI port.
Further, when it is determined in step S2 that an abnormal MAC address drift occurs, in step S3, the source MAC address, link information, and the UNI port number corresponding to the abnormal packet are directly reported to the CPU of the OLT line card, and the CPU notifies the device gateway of the information and discards the abnormal packet. The OLT line card can backtrack and backcheck the ONU ID corresponding to the uplink data message according to the link information and the UNI port number, thereby positioning the abnormal drift ONU and acquiring the service flow attribute containing the source MAC address, the link information and the UNI port number.
As shown in fig. 4, an embodiment of a detection apparatus for MAC address drift in a PON system is provided. The device comprises an MAC address learning table configuration module 1 and a message processing module 2 which are arranged in an OLT line card.
The MAC address learning table configuration module 1 is configured to: establishing an uplink MAC address learning table and a downlink MAC address learning table in a memory of an OLT line card, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information.
The message processing module 2 is configured to: when a two-layer service port of an OLT line card receives an uplink data message, a source MAC address of the message is learned based on an uplink MAC address learning table and a downlink MAC address learning table, and an abnormal drifting ONU and the service flow attribute thereof are positioned according to the learning condition.
And the message processing module 2 positions the abnormal drifting ONU and the service flow attribute thereof according to the link information and UNI port number corresponding to the uplink data message when the learning condition is that the abnormal MAC address drifting occurs. In this embodiment, since the ONU ID corresponding to the upstream data packet can be backtracked according to the link information and the UNI socket number, the network behavior of the malicious user can be shielded by accurately reaching the link information level according to the information of the maliciously drifting MAC.
Further, the specific operation of the MAC address learning table configuration module 1 for establishing the uplink and downlink MAC address learning tables includes:
each item of MAC address table information in the uplink MAC address learning table is configured to comprise a MAC address, a VLAN ID, link information and a UNI port number.
Configuring each item of MAC address table information in the downlink MAC address learning table to include an MAC address, a VLAN ID and an NNI port number.
And when the PON system is an EPON system, the link information is LLID.
And when the PON system is a GPON system, the link information is the GEMPORT ID.
In the embodiment, the MAC address learning mode of the OLT line card is optimized, link information is added into the uplink MAC address learning table to accurately represent the ONU and the service flow of the ONU, the rapid detection and processing of the MAC address drift are realized by monitoring the port corresponding to the source MAC address and the change of the link information, when the abnormal MAC address drift is judged to occur, partial key information of the abnormal message is notified to the CPU of the OLT line card through an event mode, the detection flow is simplified, the pressure of the CPU is reduced, the drift inside the ONU can be detected, the specific ONU and the service flow of the specific ONU can be positioned, a specific detection message does not need to be constructed, the influence of the transparent transmission characteristic of the ONU under the UNI interface is avoided, the influence of the loss of the detection message is avoided, the requirements on the OLT line card and the ONU are not high, and the detection precision and the detection efficiency can be improved.
Specifically, in some embodiments, when the message processing module 2 determines that the two-layer service port of the OLT line card receives an external data message, it determines whether the source MAC address of the message has been learned based on the uplink and downlink MAC address learning tables:
if not, the learning condition is to learn the source MAC address of the message, and to search the forwarding path for forwarding according to the destination MAC and VLAN ID of the message.
If the source MAC address of the message is learned, judging whether the MAC address drifting occurs or not and the type of the MAC address drifting according to the consistency between the port of the source MAC address and the port of the message which is currently received and the consistency between the link information of the source MAC address and the link information of the message.
If the port of the source MAC address is learned to be consistent with the port of the message currently received, and the link information of the source MAC address is learned to be consistent with the link information of the message, the learning condition is that the MAC address drift does not occur.
And for the uplink data message, if the source MAC address of the message is learned in the downlink MAC address learning table, judging that abnormal MAC address drift occurs from the NNI port to the UNI port.
For the uplink data message, if the source MAC address of the message is learned in the uplink MAC address learning table, the port of the source MAC address is learned to be consistent with the port of the message which is currently received, and the link information of the source MAC address is learned to be inconsistent with the link information of the message, the abnormal MAC address drift is judged to occur in the same UNI port.
For the uplink data message, if the source MAC address of the message is learned in the uplink MAC address learning table, and the port of the source MAC address is not consistent with the port of the currently received message, the abnormal MAC address drift between different UNI ports is judged.
And for the downlink data message, if the source MAC address of the message is learned in the uplink MAC address learning table, judging that normal MAC address drift occurs from the UNI port to the NNI port.
Further, the specific operation of the message processing module 2 for positioning the abnormal drift ONU and the service flow attribute thereof according to the learning condition includes:
and when the learning condition is that abnormal MAC address drift occurs, the message processing module reports a source MAC address and link information contained in the message and a port number currently receiving the message to a CPU of the OLT line card, and the CPU discards the message after positioning the abnormal drift ONU and the service flow attribute thereof according to the source MAC address, the link information and the port number.
In the embodiment, the abnormal MAC address drift in the same UNI port can be detected directly through the link information and the UNI port number in the message, and the abnormal ONU and the service flow attribute thereof are positioned, so that the detection flow is simplified, the CPU pressure is reduced, and the detection precision and the detection efficiency are improved.
The present invention is not limited to the above-described embodiments, and it will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and such modifications and improvements are also considered to be within the scope of the present invention. Those not described in detail in this specification are within the skill of the art.
Claims (10)
1. A method for detecting MAC address drift in a PON system, the method comprising:
establishing an uplink MAC address learning table and a downlink MAC address learning table, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information;
and when the two-layer service port receives an external data message, learning the source MAC address of the message, and positioning the abnormal drift ONU and the service flow attribute thereof according to the learning condition.
2. The method as claimed in claim 1, wherein each item of MAC address table information in the upstream MAC address learning table includes a MAC address, link information, and a UNI port number;
each item of MAC address table information of the downlink MAC address learning table comprises an MAC address and an NNI port number;
when the PON system is an EPON system, the link information is LLID;
and when the PON system is a GPON system, the link information is the GEMPORT ID.
3. The method for detecting MAC address drift in a PON system according to claim 1, wherein when the two-layer service port receives an external data packet, learning a source MAC address of the packet specifically comprises:
judging whether the source MAC address of the message is learned or not based on the uplink MAC address learning table and the downlink MAC address learning table;
if the source MAC address of the message is learned, judging whether MAC address drift occurs or not and judging the type of the MAC address drift according to the consistency between the port of the source MAC address and the port of the message which is currently received and the consistency between the link information of the source MAC address and the link information of the message;
if the port of the source MAC address is learned to be consistent with the port of the message currently received, and the link information of the source MAC address is learned to be consistent with the link information of the message, the learning condition is that the MAC address drift does not occur.
4. The method for detecting MAC address drift in a PON system according to claim 3, wherein the determining the type of MAC address drift comprises:
for the uplink data message, if the source MAC address of the message is not learned in the uplink MAC address learning table, but the source MAC address of the message is learned in the downlink MAC address learning table, judging that abnormal MAC address drift occurs from the NNI port to the UNI port;
for an uplink data message, if a source MAC address of the message is learned in an uplink MAC address learning table, a port of the source MAC address is learned to be consistent with a port of the message currently received, and link information of the source MAC address is learned to be inconsistent with link information of the message, abnormal MAC address drift is judged to occur in the same UNI port;
for an uplink data message, if a source MAC address of the message is learned in an uplink MAC address learning table, and a port of the source MAC address is not consistent with a port of the message currently received, judging that abnormal MAC address drift occurs between different UNI ports;
for the downlink data message, if the source MAC address of the message is not learned in the downlink MAC address learning table, but the source MAC address of the message is learned in the uplink MAC address learning table, the normal MAC address drift from the UNI port to the NNI port is judged.
5. The method for detecting MAC address drift in a PON system according to claim 4, wherein the positioning of the abnormally drifting ONU and its traffic flow attributes according to the learning condition specifically comprises the steps of:
and when the learning condition is that abnormal MAC address drift is judged to occur, reporting a source MAC address and link information contained in the message and a port number currently receiving the message to a CPU of the OLT line card, and discarding the message after the CPU positions the abnormal drift ONU and the service flow attribute thereof according to the source MAC address, the link information and the port number.
6. The utility model provides a detection apparatus for MAC address drifts among PON system which characterized in that sets up in the OLT ply-yarn drill, includes:
a MAC address learning table configuration module, configured to: establishing an uplink MAC address learning table and a downlink MAC address learning table, wherein each item of MAC address table information of the uplink MAC address learning table comprises link information;
a message processing module, configured to: when the two-layer service port receives an external data message, the source MAC address of the message is learned, and the abnormal drift ONU and the service flow attribute thereof are positioned according to the learning condition.
7. The apparatus for detecting MAC address drift in a PON system according to claim 6, wherein each item of MAC address table information in the upstream MAC address learning table includes a MAC address, link information, and a UNI port number;
each item of MAC address table information of the downlink MAC address learning table comprises an MAC address and an NNI port number;
when the PON system is an EPON system, the link information is LLID;
and when the PON system is a GPON system, the link information is the GEMPORT ID.
8. The apparatus for detecting MAC address drift in a PON system according to claim 6, wherein the specific operation of the message processing module, when determining that the external data message is received by the two-layer service port, learning the source MAC address of the message includes:
the message processing module judges whether the source MAC address of the message is learned or not based on the uplink and downlink MAC address learning tables;
if the source MAC address of the message is learned, judging whether MAC address drift occurs or not and judging the type of the MAC address drift according to the consistency between the port of the source MAC address and the port of the message which is currently received and the consistency between the link information of the source MAC address and the link information of the message;
if the port of the source MAC address is learned to be consistent with the port of the message currently received, and the link information of the source MAC address is learned to be consistent with the link information of the message, the learning condition is that the MAC address drift does not occur.
9. The apparatus for detecting MAC address drift in a PON system according to claim 8, wherein the determining the type of MAC address drift comprises:
for the uplink data message, if the source MAC address of the message is not learned in the uplink MAC address learning table, but the source MAC address of the message is learned in the downlink MAC address learning table, judging that abnormal MAC address drift occurs from the NNI port to the UNI port;
for an uplink data message, if a source MAC address of the message is learned in an uplink MAC address learning table, a port of the source MAC address is learned to be consistent with a port of the message currently received, and link information of the source MAC address is learned to be inconsistent with link information of the message, abnormal MAC address drift is judged to occur in the same UNI port;
for an uplink data message, if a source MAC address of the message is learned in an uplink MAC address learning table, and a port of the source MAC address is not consistent with a port of the message currently received, judging that abnormal MAC address drift occurs between different UNI ports;
for the downlink data message, if the source MAC address of the message is not learned in the downlink MAC address learning table, but the source MAC address of the message is learned in the uplink MAC address learning table, the normal MAC address drift from the UNI port to the NNI port is judged.
10. The apparatus for detecting MAC address drift in a PON system according to claim 9, wherein the specific operation of the message processing module to locate an abnormally drifting ONU and its traffic stream attribute according to the learning condition includes:
and when the learning condition is that abnormal MAC address drift occurs, the message processing module reports a source MAC address and link information contained in the message and a port number currently receiving the message to a CPU of the OLT line card, and the CPU discards the message after positioning the abnormal drift ONU and the service flow attribute thereof according to the source MAC address, the link information and the port number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110945762.9A CN113727222B (en) | 2021-08-16 | 2021-08-16 | Method and device for detecting MAC address drift in PON system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110945762.9A CN113727222B (en) | 2021-08-16 | 2021-08-16 | Method and device for detecting MAC address drift in PON system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113727222A true CN113727222A (en) | 2021-11-30 |
| CN113727222B CN113727222B (en) | 2023-11-03 |
Family
ID=78676131
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110945762.9A Active CN113727222B (en) | 2021-08-16 | 2021-08-16 | Method and device for detecting MAC address drift in PON system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113727222B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114257891A (en) * | 2021-12-22 | 2022-03-29 | 苏州盛科通信股份有限公司 | Method for controlling MAC drift in passive optical network and application |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20070025856A (en) * | 2005-09-05 | 2007-03-08 | 한국전자통신연구원 | Epon bridge apparatus and method for forwarding thereof |
| CN101114882A (en) * | 2006-07-27 | 2008-01-30 | 中兴通讯股份有限公司 | Method for processing data traffic in GPON |
| WO2012095040A2 (en) * | 2012-02-17 | 2012-07-19 | 华为技术有限公司 | Method for transmitting data in passive optical network, user-side equipment, and system |
| US20130258899A1 (en) * | 2012-04-03 | 2013-10-03 | International Business Machines Corporation | Layer 2 packet switching without look-up table for ethernet switches |
| CN103685265A (en) * | 2013-12-09 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | Security detection method and system of passive optical network |
| WO2015154548A1 (en) * | 2014-09-11 | 2015-10-15 | 中兴通讯股份有限公司 | Port processing method and device |
| CN105553739A (en) * | 2015-12-25 | 2016-05-04 | 瑞斯康达科技发展股份有限公司 | Method and device for tracking MAC addresses |
| CN106941634A (en) * | 2017-05-18 | 2017-07-11 | 烽火通信科技股份有限公司 | The method and system of OLT loopback detections in a kind of GPON systems |
| US9992114B1 (en) * | 2016-12-02 | 2018-06-05 | Adtran, Inc. | Selective MAC address learning |
| CN109327462A (en) * | 2018-11-14 | 2019-02-12 | 盛科网络(苏州)有限公司 | A kind of MAC address authentication method based on L2VPN network |
| CN110958502A (en) * | 2019-11-27 | 2020-04-03 | 烽火通信科技股份有限公司 | Method and system for realizing intercommunication between different ONUs in same PON |
-
2021
- 2021-08-16 CN CN202110945762.9A patent/CN113727222B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20070025856A (en) * | 2005-09-05 | 2007-03-08 | 한국전자통신연구원 | Epon bridge apparatus and method for forwarding thereof |
| CN101114882A (en) * | 2006-07-27 | 2008-01-30 | 中兴通讯股份有限公司 | Method for processing data traffic in GPON |
| WO2012095040A2 (en) * | 2012-02-17 | 2012-07-19 | 华为技术有限公司 | Method for transmitting data in passive optical network, user-side equipment, and system |
| US20130258899A1 (en) * | 2012-04-03 | 2013-10-03 | International Business Machines Corporation | Layer 2 packet switching without look-up table for ethernet switches |
| CN103685265A (en) * | 2013-12-09 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | Security detection method and system of passive optical network |
| WO2015154548A1 (en) * | 2014-09-11 | 2015-10-15 | 中兴通讯股份有限公司 | Port processing method and device |
| CN105553739A (en) * | 2015-12-25 | 2016-05-04 | 瑞斯康达科技发展股份有限公司 | Method and device for tracking MAC addresses |
| US9992114B1 (en) * | 2016-12-02 | 2018-06-05 | Adtran, Inc. | Selective MAC address learning |
| CN106941634A (en) * | 2017-05-18 | 2017-07-11 | 烽火通信科技股份有限公司 | The method and system of OLT loopback detections in a kind of GPON systems |
| CN109327462A (en) * | 2018-11-14 | 2019-02-12 | 盛科网络(苏州)有限公司 | A kind of MAC address authentication method based on L2VPN network |
| CN110958502A (en) * | 2019-11-27 | 2020-04-03 | 烽火通信科技股份有限公司 | Method and system for realizing intercommunication between different ONUs in same PON |
Non-Patent Citations (1)
| Title |
|---|
| 贺健;: "一种EPON网络环路问题解决方案", 有线电视技术, no. 12 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114257891A (en) * | 2021-12-22 | 2022-03-29 | 苏州盛科通信股份有限公司 | Method for controlling MAC drift in passive optical network and application |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113727222B (en) | 2023-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9432114B2 (en) | Method for identifying the optical network unit power off reason | |
| CN101505191B (en) | Fault processing method and system for Ethernet passive optical network | |
| US8285139B2 (en) | Method, system, and apparatus for managing alarms in long-reach passive optical network system | |
| US9755749B2 (en) | ONU, communication system and communication method for ONU | |
| CN112567647B (en) | PON fault positioning method and device | |
| JP2004096734A (en) | Apparatus and method for duplexing gigabit ethernet (r) passive optical network system, and frame format for controlling the same | |
| CN101931460B (en) | Link fault detection method, device and system | |
| CN102130718B (en) | A kind of network element device of protection switching of backbone optical path and method | |
| US20090245781A1 (en) | Apparatus and method for detecting timeslot conflict between optical network units in optical communication network | |
| WO2008011780A1 (en) | Method, system and apparatus for detecting a faulty network terminal in pon | |
| US10110301B2 (en) | Method, apparatus, and system for detecting rogue optical network unit | |
| CN110460371B (en) | Optical resource checking method and system | |
| CN102611519B (en) | Method and device for link protection of passive optical network | |
| WO2017219984A1 (en) | Link state detection method and system | |
| US20160234582A1 (en) | Method and system for redundancy in a passive optical network | |
| CN106301837A (en) | EPON alarm detection method and device | |
| CN103685265A (en) | Security detection method and system of passive optical network | |
| CN113727222B (en) | Method and device for detecting MAC address drift in PON system | |
| US20050147410A1 (en) | Method and system configured for providing passive optical network fiber protection | |
| EP0942544B1 (en) | A method to provide a management channel, a line terminator, a first network terminator card and a second network terminator card realizing such a method | |
| US20140147108A1 (en) | Method and apparatus for processing alarm under power-saving mode in passive optical network (pon) system | |
| CN102740171A (en) | Round trip detection method and system for passive optical network | |
| CN107979412B (en) | Optical network unit loop detection method and device | |
| US9391833B2 (en) | Fault signaling for ethernet | |
| KR20090114191A (en) | Communication error processing apparatus and method for a subscriber's equipment on Passive Optical Network based on L3/L2 network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |