CN113746944A - IPv6 network point management method and equipment - Google Patents
IPv6 network point management method and equipment Download PDFInfo
- Publication number
- CN113746944A CN113746944A CN202010474400.1A CN202010474400A CN113746944A CN 113746944 A CN113746944 A CN 113746944A CN 202010474400 A CN202010474400 A CN 202010474400A CN 113746944 A CN113746944 A CN 113746944A
- Authority
- CN
- China
- Prior art keywords
- packet
- ipv6
- website
- mesh point
- ipv6 address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 108
- 238000004458 analytical method Methods 0.000 claims abstract description 30
- 238000001514 detection method Methods 0.000 claims description 16
- 230000000903 blocking effect Effects 0.000 claims description 13
- 210000001072 colon Anatomy 0.000 claims description 11
- 238000006243 chemical reaction Methods 0.000 claims description 10
- 238000003491 array Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 5
- 238000000034 method Methods 0.000 abstract description 9
- 238000010586 diagram Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/659—Internet protocol version 6 [IPv6] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5046—Resolving address allocation conflicts; Testing of addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to an IPv6 network point management method, which comprises the following steps: the method comprises a packet collection step, a packet analysis step and an IPv6 address allocation step, and is used for allocating a website management IPv6 address with a naked eye recognizable address suffix to an object website, so that the recognition of the IPv6 address of the object website is improved, and the website management is facilitated. By adopting the technical means adopted by the invention, when the IPv6 address is distributed by the DHCPv6, the suffix of the IPv6 address acquired by the object website is the same as the IPv4address, namely, the website management IPv6 address with the address suffix which can be identified by naked eyes is adopted, so that the identification of the IPv6 address of the object website is improved, and the website management is facilitated.
Description
Technical Field
The present invention relates to IP address management, and in particular, to a method and apparatus for IPv6 website management.
Background
An IP address (Internet Protocol address) is a digital tag assigned to each device (i.e., a network site) using an Internet Protocol (Internet Protocol) on a network, wherein IPv4 (Internet Protocol version 4) is the first widely deployed and used version. IPv4 uses 32-bit (4-byte) addresses, while limiting address space to 4294967296 (2)32) The individual addresses, IPv4, can be represented in any notation that represents 32-bit integer values, and are typically written in dot-decimal (dot-decimal) form.
With the explosion of the Internet, a new generation of IPv6 (Internet Protocol version 6) is being proposed to gradually replace IPv4 to address the IPv4address exhaustion (IPv4address exhaustion) problem. Therefore, in recent networks, it is common that IPv6 addresses and IPv4 addresses coexist. However, the IPv6 address has 128 bits and its representation form is different from that of the IPv4address, so that it is very difficult to manually identify and manage the IPv4 site and the IPv6 site in a network environment where the IPv6 address and the IPv4address coexist, and it is necessary to improve the artificial identification.
Disclosure of Invention
Therefore, an object of the present invention is to provide a method and an apparatus for IPv6 website management, which can improve the management identification of the website to facilitate manual identification and management of the website.
The present invention provides a method for managing an IPv6 mesh point, which is applied to a network environment where IPv6 address and IPv4address coexist, and manages the mesh point belonging to the network environment, wherein the method for managing an IPv6 mesh point includes the following steps: a packet collection step, in which a packet collection module is used for collecting the network point packets of each network point in the network environment; a packet analysis step, in which each network point packet collected in the packet collection step is analyzed by a packet analysis module, network point information about each network point is obtained from the network point packet, the network point information contains IP address information and MAC address information, and an IP and MAC corresponding relation table is established according to the network point information; and an IPv6 address allocation step, wherein a DHCPv6 service module allocates the website management IPv6 address generated according to the IP and MAC correspondence table to the target website requesting to allocate the IPv6 address, wherein the DHCPv6 service module directly substitutes the number of the individual decimal point array in the configured IPv4address of the target website without carry conversion into the number of the hexadecimal colon number array of the colon number corresponding to the individual tail position in the website management IPv6 address, so as to generate the website management IPv6 address with a naked-eye-identified address suffix.
In an embodiment of the present invention, an IPv6 mesh point management method is provided, wherein in the packet analysis step, the IP address information of the mesh point information includes IPv6 address information of the mesh point, and the packet analysis module obtains the mesh point information including the IPv6 address information and/or the MAC address information from a neighbor solicitation packet and/or a neighbor advertisement packet belonging to a neighbor discovery protocol in the mesh point packet.
In an embodiment of the present invention, an IPv6 mesh point management method is provided, wherein in the packet analyzing step, obtaining the mesh point information including the IPv6 address information and/or the MAC address information from the mesh point packet includes the following steps: an IPv6 packet classifying sub-step, classifying the network node packet whose Ethernet type field content is judged to be '0 x86 DD' into an IPv6 classified packet; an ICMPv6 packet classification sub-step of classifying the IPv6 classified packet whose content of the next header field of the packet is determined to be "58" into an ICMPv6 classified packet; and an information extraction sub-step, wherein the network point information including the IPv6 address information and/or the MAC address information is extracted from the ICMPv6 classification packet whose packet type field content is determined as '135' or '136'.
In an embodiment of the present invention, in the IPv6 address allocating step, the DHCPv6 service module directly substitutes the numbers of all four decimal arrays in the configured IPv4address of the target mesh point into the numbers of the colon hexadecimal array serving as the last four corresponding positions in the IPv6 address managed by the mesh point, respectively, without carrying conversion.
In an embodiment of the present invention, an IPv6 mesh point management method is provided, wherein in the IPv6 address allocation step, when the object mesh point is not configured with an IPv4address, the DHCPv6 service module generates the mesh point management IPv6 address by using an emulated configuration IPv4address as a configured IPv4address of the object mesh point, wherein the emulated configuration IPv4address is selected from an out-of-range IPv4address outside an IPv4address allocation range of the network environment, or the emulated configuration IPv4address is selected from a non-canonical IPv4address, and the non-canonical IPv4address contains at least one hexadecimal number of "a" to "F", or at least one dot decimal number of the non-canonical IPv4address exceeds 8 bits.
In an embodiment of the present invention, an IPv6 node management method is provided, further including an illegal node blocking step of comparing a preset allowed node list with the node information obtained in the packet analysis step, to determine whether a node to which an IPv6 address belongs is a legal node or an illegal node, and blocking the node determined to be an illegal node.
In an embodiment of the present invention, an IPv6 node management method is provided, which further includes an accelerated detection step, wherein the method performs an operation on IP address information of each node in the current IP and MAC correspondence table and an IPv6 address allocation range of the network environment, so as to obtain a potential IPv6 address range of an undiscovered node in the IP and MAC correspondence table, and sends a detection packet for an IPv6 address within the potential IPv6 address range of the undiscovered node, so as to drive the corresponding node in the network environment to send the packet containing the node information.
In an embodiment of the present invention, an IPv6 node management apparatus is provided for executing the IPv6 node management method, the IPv6 node management apparatus is disposed in the network environment where an IPv6 address and an IPv4address coexist, and manages nodes to which the network environment belongs, the IPv6 node management apparatus includes: the packet collection module is configured to collect the network point packets of each network point in the network environment; the packet analysis module is connected with the packet collection module and configured to analyze each website packet collected by the packet collection module, obtain website information about each website from the website packet, wherein the website information comprises the IP address information and the MAC address information, and establish the IP and MAC corresponding relation table according to the website information; and the DHCPv6 service module connected to the packet analysis module, the DHCPv6 service module being configured to allocate the dot management IPv6 address generated according to the IP and MAC correspondence table to the object dot requesting allocation of an IPv6 address, wherein the DHCPv6 service module directly substitutes the numbers of the respective dot decimal arrays in the allocated IPv4address of the object dot without carry conversion into the numbers of the colon hexadecimal arrays as the last corresponding position in the dot management IPv6 address, respectively, to generate the dot management IPv6 address having the eye-recognizable address suffix.
In an embodiment of the present invention, an IPv6 node management apparatus is provided, further including a node management module connected to the packet analysis module, where the node management module is configured to compare a preset allowed node list with the node information obtained by the packet analysis module, to determine that a node to which an IPv6 address belongs is a legitimate node or an illegitimate node, and to block the node determined to be an illegitimate node.
By adopting the technical means adopted by the invention, when the IPv6 address is distributed by the DHCPv6, the suffix of the IPv6 address acquired by the object website is the same as the IPv4address, namely, the website management IPv6 address with the address suffix which can be identified by naked eyes is adopted, so that the identification of the IPv6 address of the object website is improved, and the website management is facilitated.
Drawings
Fig. 1 is a flowchart illustrating an IPv6 mesh point management method according to an embodiment of the present invention;
fig. 2 is a diagram showing an IPv6 mesh point management apparatus according to an embodiment of the present invention;
fig. 3 is a block diagram illustrating an IPv6 mesh point management apparatus according to an embodiment of the present invention;
fig. 4 is a diagram illustrating a packet analysis step of an IPv6 mesh point management method according to an embodiment of the present invention;
fig. 5 is a diagram showing an IPv6 address allocation step of an IPv6 mesh point management method according to an embodiment of the present invention;
fig. 6 is a flowchart illustrating an IPv6 mesh point management method according to another embodiment of the present invention;
fig. 7 is a diagram illustrating an illegal mesh point blocking step of an IPv6 mesh point management method according to an embodiment of the present invention;
fig. 8 is a flowchart illustrating an IPv6 mesh point management method according to another embodiment of the present invention;
fig. 9 is a schematic diagram illustrating an accelerated detection procedure of an IPv6 mesh point management method according to an embodiment of the invention.
Reference numerals:
100 IPv6 network point management equipment
1 package collection module
2 package analysis module
21 IP and MAC correspondence table
3 DHCPv6 service module
4-network management module
41 allowed mesh point list
E network environment
N-site
S1 packet collection step
S2 packet analysis step
S21 IPv6 packet classification substep
S22 ICMPv6 packet classification substep
S23 information extraction sub-step
S3 IPv6 address allocation step
S31 substep
S32 substep
S33 substep
S34 substep
S35 substep
S4 illegal net point blocking step
S41 substep
S42 substep
S43 substep
S44 substep
S5 acceleration detection step
S51 substep
S52 substep
Detailed Description
Embodiments of the present invention will be described below with reference to fig. 1 to 9. The description is not intended to limit the embodiments of the present invention, but is one example of the present invention.
As shown in fig. 1 to 5, an IPv6 mesh point management method according to an embodiment of the present invention is applied to a network environment E where IPv6 addresses and IPv4 addresses coexist, and manages a mesh point N to which the network environment E belongs. An IPv6 mesh point management device 100 is provided in the network environment E, and the IPv6 mesh point management device 100 includes: the system comprises a packet collection module 1, a packet analysis module 2 connected to the packet collection module 1, and a DHCPv6 service module 3 connected to the packet analysis module 2. The IPv6 network point management method comprises the following steps: a packet collection step S1, a packet analysis step S2 and an IPv6 address assignment step S3.
As shown in fig. 1 to fig. 3, in the packet collection step S1, the packet collection module 1 is used to collect the node packets of each node N in the network environment E. Specifically, collecting network packets of nodes (i.e., node packets) from the network environment for subsequent analysis is a commonly used means in network management, so that any method for collecting node packets known to those skilled in the art can be applied to the packet collection step S1, and the present invention is not limited thereto.
Furthermore, in the present invention, since the network environment E is a network environment in which IPv6 addresses and IPv4 addresses coexist, the mesh point packets collected include IPv6 packets and IPv4 packets. In this case, in the present invention, the IPv6 packet and the IPv4 packet can be collected separately, or the IPv6 packet and the IPv4 packet can be collected together in a single manner, which is not limited in any way.
As shown in fig. 1 to 3, in the packet analyzing step S2, the packet analyzing module 2 analyzes each node packet collected in the packet collecting step S1, and obtains node information about each node N from the node packet, where the node information includes IP address information and MAC address information, and establishes an IP and MAC correspondence table 21 according to the node information.
Specifically, in the packet analysis step S2, the IP address information of the node information includes IPv6 address information of the node N, and the packet analysis module 2 obtains the node information including the IPv6 address information and/or the MAC address information from a Neighbor Solicitation (NS) packet and/or a Neighbor Advertisement (NA) packet belonging to a Neighbor Discovery Protocol (NDP) in the node packet, thereby establishing the IP and MAC correspondence table 21.
The neighbor discovery protocol is a part of the IPv6 network communication specification protocol and is used for information exchange of the OSI third layer of network communication. The neighbor discovery protocol defines five ICMPv6 packet types, including: route request (Type 133), route Advertisement (Type 134), Neighbor request (Type 135), Neighbor Advertisement (Type 136), and Redirect (Type 137). The neighbor request can be used to determine the MAC address of the neighbor, or determine whether the MAC address of the neighbor cache (neighbor cache) is reachable, and also be used for the network node to perform repeated IP address detection. The neighbor advertisement is used for a response sent by the neighbor solicitation or as a notification sent to the neighbor mesh point when the IP address/MAC address changes.
As shown in fig. 4, in the packet analyzing step S2, the step of obtaining the mesh point information including the IPv6 address information and/or the MAC address information from the mesh point packet includes the following steps: an IPv6 packet classification substep S21, an ICMPv6 packet classification substep S22, and an information extraction substep S23.
In the IPv6 packet classification sub-step S21, for the mesh point packet collected in the packet collection step S1, the mesh point packet whose content of the ethernet type (EtherType) field of the packet is determined to be "0 x86 DD" is classified as an IPv6 classification packet. The Ethernet type is a two-byte field (two-octet field) in an Ethernet frame (Ethernet frame) that represents what protocol is encapsulated in the Ethernet frame. Since the protocol represented by the ethernet type field of "0 x86 DD" is IPv6 and IPv4 is numbered with "0 x 0800", the mesh point packet belonging to IPv6 can be separated from the mesh point packet belonging to IPv4 by classifying the mesh point packet whose content of the ethernet type field is "0 x86 DD" as an IPv6 classified packet in the packet collection step S1.
In the ICMPv6 packet classification sub-step S22, the IPv6 classified packet whose content of the next header field of the packet is determined to be "58" is classified as an ICMPv6 classified packet. Specifically, the Next Header field value "58" of the IPv6 packet classification represents "ICMPv 6", and therefore, in ICMPv6 packet classification sub-step S22, such packet is further classified as the ICMPv6 packet classification.
In the information extraction substep S23, the mesh point information including the IPv6 address information and/or the MAC address information is extracted from the ICMPv6 classification packet whose content of the type field of the packet is determined to be "135" or "136". Specifically, when the Type (Type) field value is "135", it represents that the ICMPv6 classification packet belongs to a Neighbor Solicitation (NS) packet, and when the Type (Type) field value is "136", it represents that the ICMPv6 classification packet belongs to a Neighbor Advertisement (NA) packet. As described above, the mesh point information including the IPv6 address information and/or the MAC address information can be obtained from the two types of packets, so as to establish the IP and MAC correspondence table 21.
As shown in fig. 1 to 3, in the IPv6 address assigning step S3, the DHCPv6 service module 3 assigns the site management IPv6 address generated according to the IP and MAC correspondence table 21 to the target site N requesting to assign the IPv6 address, wherein the DHCPv6 service module 3 directly substitutes the number of the respective dotted decimal array in the configured IPv4address of the target site N with the number of the dotted hexadecimal array as the tail respective corresponding position in the site management IPv6 address without carry conversion, and generates the site management IPv6 address having a visually recognizable address suffix.
Specifically, DHCPv6 (Dynamic Host Configuration Protocol version 6) is a network Protocol for configuring IP addresses, IP prefixes and/or other configurations of IPv6 hosts operating on an IPv6 network, and the DHCPv6 service module 3 allocates IPv6 addresses to the target mesh point N based on the Protocol.
IPv6 addresses are typically marked with a colon ": "eight spaced apart groups of 4-bit hexadecimal digits, i.e., colon-hexadecimal notation, and thus, in the present invention, groups spaced apart by colons are referred to as a colon-hexadecimal array. For example, in the exemplary IPv6 addresses "2001: 0DB8:0000:0000:0000: FF00:0042: 8329", 2001 "," 0DB8 "," 0000 "," FF00 "," 0042 "," 8329 "are colon hexadecimal arrays, respectively.
Compared with the IPv4address (for example, "192.168.1.235") expressed in dotted decimal form, the IPv6 address is not only longer, but also uses more complex hexadecimal numbers, so it is difficult for network administrators to remember and identify the correspondence between a website and the IPv6 address, and it is also inconvenient for management. Thus, in the IPv6 address assigning step S3, the DHCPv6 service module 3 is configured to assign the site management IPv6 address having a visually recognizable address suffix to the subject site N to improve the identifiability of the IPv6 address of the subject site N.
Specifically, as shown in fig. 5, in the present embodiment, the DHCPv6 service module 3 first receives a DHCPv6 allocation request of the target mesh point N (sub-step S31), that is, requests allocation of an IPv6 address. Next, the DHCPv6 service module 3 acquires the IP and MAC mapping table 21 generated in the packet analysis step S2 (step S32). From the IP and MAC correspondence table 21, it is possible to confirm whether or not the target mesh point N has an IPv4address allocated (substep S33).
In the case where the object mesh point N has been configured with an IPv4address, the mesh point management IPv6 address is generated with the configured IPv4address of the object mesh point N (sub-step S34). For example, as shown in Table 1 below, when the target mesh point N is configured with an IPv4address (e.g., "192.168.1.235"), the DHCPv6 service module 3 directly substitutes the numbers (i.e., "192", "168", "1", "235") of the decimal array of the individual points in the configured IPv4address of the target mesh point N into the corresponding positions at the end of the preset IPv6 address to be allocated (e.g., "2001: 0DB8:0000: 0000:: 0235") without carrying conversion, so as to generate the mesh point management IPv6 address (i.e., "2001: 0DB8:0000:0000:0192:0168:0001: 0235"). In addition, since the IPv6 address is expressed by omitting the leading 0 of each group of numbers for convenience, the mesh point management IPv6 address is expressed as "2001: DB8:0:0:192:168:1: 235" or further expressed by omitting the consecutive 0 as "2001: DB8: 192:168:1: 235". In this way, the suffix (i.e., "192: 168:1: 235") of the site management IPv6 address has the same number as the configured IPv4address "192.168.1.235" of the target site N, so that a network administrator can easily recognize the correspondence between the site management IPv6 address and the site N with the naked eye without remembering the entire string of IPv6 addresses.
[ Table 1 ]
| Configured IPv4address for mesh points of objects | 192.168.1.235 |
| Preset IPv6 address to be assigned | 2001:0DB8:0000:0000:????:????:????:???? |
| Mesh point management IPv6 address | 2001:0DB8:0000:0000:0192:0168:0001:0235 |
| Mesh point management IPv6 address (omit leading 0) | 2001:DB8:0:0:192:168:1:235 |
| Net point management IPv6 address (omit continuous 0) | 2001:DB8::192:168:1:235 |
In the above example, the DHCPv6 service module 3 substitutes the numbers of all four dot decimal arrays in the configured IPv4address of the target mesh point N directly into the numbers of the colon hexadecimal array as the last four corresponding positions in the mesh point management IPv6 address, respectively, without carrying conversion. However, the invention is not limited thereto. By way of example, an IPv4address can generally be divided into two parts: a network identifier (network ID) and a host identifier (host ID). In the same lan, the host identifier will change from mesh point to mesh point, but the network identifiers are usually the same. In other words, a mesh point can be identified only by a host identifier. Therefore, as shown in Table 2 below, in other embodiments, only the digits of the decimal array of dots belonging to the host identifier (e.g., "1" and "235") in the configured IPv4address of the target mesh point N can be directly substituted without carry conversion into the digits of the hexadecimal array of colon marks as the last individual corresponding positions (i.e., the last two corresponding positions) in the mesh point management IPv6 address to generate the mesh point management IPv6 address with a visually recognizable address suffix (i.e., "2001: DB8:: FF00:1: 235").
[ Table 2 ]
| Configured IPv4address for mesh points of objects | 192.168.1.235 |
| Preset IPv6 address to be assigned | 2001:0DB8:0000:0000:0000:FF00:????:???? |
| Mesh point management IPv6 address | 2001:0DB8:0000:0000:0000:FF00:0001:0235 |
| Mesh point management IPv6 address (omit leading 0) | 2001:DB8:0:0:0:FF00:1:235 |
| Net point management IPv6 address (omit continuous 0) | 2001:DB8::FF00:1:235 |
On the other hand, as shown in fig. 5, in the case that the target mesh point N is not configured with an IPv4address, the DHCPv6 service module 3 generates the mesh point management IPv6 address according to a preset allocation rule (sub-step S35). In order to improve the identification of the mesh point management IPv6 address of the mesh point N not configured with IPv4address, in the embodiment, the DHCPv6 service module 3 generates the mesh point management IPv6 address by using the emulated configuration IPv4address as the configured IPv4address of the target mesh point N, wherein the emulated configuration IPv4address is selected from the IPv4 addresses outside the IPv4address allocation range of the network environment E, or the emulated configuration IPv4address is selected from the non-regular IPv4address, and the non-regular IPv4address contains at least one hexadecimal number from "a" to "F", or at least one dot decimal number of the non-regular IPv4address exceeds 8 bits.
In the present invention, the network environment E is a network environment in which IPv6 addresses and IPv4 addresses coexist, so in addition to allocating IPv6 addresses, IPv4 addresses are also allocated to mesh points N in the network environment E, the IPv4 addresses to be allocated are all selected from a set IPv4address allocation range, and IPv4 addresses outside the IPv4address allocation range are referred to as "out-of-range IPv4 addresses". By selecting the IPv4address from the IPv4 addresses outside the range, the IPv4address allocation range of the network environment E can be avoided, so as to effectively avoid occupying the mesh point management IPv6 address of the mesh point N configured with the IPv4 address. In addition, in the regular IPv4address, the numbers of each decimal array are decimal numbers and no more than 8 bits (i.e., 0 to 255), and the IPv4address in which the numbers include hexadecimal numbers of "a" to "F" or the numbers exceed 8 bits is called a "non-regular IPv4 address". By selecting the simulated configuration IPv4address from the non-regular IPv4address, the possible configured IPv4address of the mesh point N can be avoided, and the mesh point management IPv6 address occupying the mesh point N configured with the IPv4address is effectively avoided.
Specifically, as shown in table 3 below, in the present embodiment, when the target mesh point N is not configured with the IPv4address, the DHCPv6 service module 3 may select the IPv4address (for example, "192.168.1. F", "192.168. a.1. 192.168. a.255" or "192.168.1.256. 192.168.1. ff") as the configured IPv4address of the target mesh point N from the IPv4 addresses (for example, "192.168.1.1. 192. 192.168.2.255", "10.0.0.1. 10.0.255" when the IPv4address allocation range is "192.168.1. 192.1. to 192.168.1.255" or "the non-regular IPv4 addresses" (for example, "192.168.1. a") outside the range. Therefore, the generated site management IPv6 address (namely '2001: DB8: 192:168:1: A') also has a macroscopic address suffix '192: 168:1: A', so that a network administrator can conveniently remember and identify the object site N and can further identify that the object site N is not configured with an IPv4 address.
[ Table 3 ]
| Configured IPv4address for mesh points of objects | Is free of |
| Emulated configuration IPv4address | 192.168.1.A |
| Mesh point management IPv6 address | 2001:0DB8:0000:0000:0192:0168:0001:000A |
| Mesh point management IPv6 address (omit leading 0) | 2001:DB8:0:0:192:168:1:A |
| Net point management IPv6 address (omit continuous 0) | 2001:DB8::192:168:1:A |
As shown in fig. 6 and 3, in another embodiment of the present invention, the IPv6 node management method further includes an illegal node blocking step S4, comparing a preset allowed node list 41 with the node information obtained in the packet analysis step S2, determining that the node N with the IPv6 address to which the network environment E belongs is a legitimate node or an illegal node, and blocking the node N determined to be an illegal node. The illegitimate mesh blocking step S4 and the IPv6 address allocating step S3 do not affect each other, so the illegitimate mesh blocking step S4 may be performed before, after, or simultaneously with the IPv6 address allocating step S3, which is not limited by the present invention.
As shown in fig. 7 and fig. 3, in the present embodiment, the IPv6 mesh point management apparatus 100 further includes a mesh point management module 4, configured to execute the illegal mesh point blocking step S4. Specifically, the node management module 4 is configured to compare the preset allowed node list 41 with the node information obtained by the packet analysis module 2 (step S41), thereby determining whether the node N is a legal node existing in the allowed node list 41 (step S42). When the mesh point N is a legitimate mesh point, the mesh point N is allowed to exist in the network environment E (sub-step S43). When the mesh point N is an illegal mesh point, the mesh point N is blocked (sub-step S44). For example, neighbor advertisement packets of the spoofed gateway related ICMPv6 are sent to the rogue mesh points. Of course, the present invention is not limited thereto, and any conventional method for blocking dots can be applied to the illegal dot blocking step S4.
As shown in fig. 8, 9 and 3, in another embodiment of the present invention, the IPv6 node management method further includes an accelerated detection step S5, which performs an operation on the IP address information of each node N existing in the current IP and MAC correspondence table 21 and the IPv6 address allocation range of the network environment E to obtain an undiscovered node possible IPv6 address range of the IP and MAC correspondence table (sub-step S51), and sends a detection packet for the IPv6 address within the undiscovered node possible IPv6 address range, so as to drive the corresponding node N in the network environment E to send the node packet containing the node information (sub-step S52). Specifically, since the mesh point N in the network environment E may use the static IPv6 address or the mesh point packet (e.g., neighbor solicitation packet, neighbor advertisement packet) for which IPv6 address information is not collected yet, the mesh point information of the mesh point N is not found in the current IP and MAC mapping table 21. Through the accelerated detection step S5, the undetected nodes N can be driven to send out node packets containing node information as soon as possible, so as to accelerate updating of the IP and MAC correspondence table 21, so that the IPv6 node management apparatus 100 can master and manage all nodes N in the network environment E as soon as possible.
The IPv6 address allocation range refers to the set of IPv6 addresses provided by an Internet Service Provider (ISP) to be allocated to the mesh point N in the network environment E. The IPv6 addresses are set by estimating the IPv6 addresses possible for each mesh point N in the network environment E by arithmetic processing based on the IPv6 address allocation range and the IPv4address information existing in the IP and MAC correspondence table 21. By comparing the set of possible IPv6 addresses with the IPv6 address information existing in the IP and MAC correspondence table 21 at present, it can be determined that, in the set of possible IPv6 addresses, the unknown IPv6 addresses in the IP and MAC correspondence table 21 at present are, and the set of unknown IPv6 addresses is the range of the potential IPv6 addresses of the undiscovered mesh point. Then, a Detection packet, for example, a DAD (Duplicate Address Detection) Detection packet, is sent to the IPv6 Address within the possible IPv6 Address range of the undiscovered mesh point, so as to force the corresponding mesh point N to send out a mesh point packet (e.g., neighbor advertisement packet) containing mesh point information when detected. In this way, the IPv6 node management apparatus 100 can collect the node packet, and accelerate the updating of the node information about the node N in the IP and MAC mapping table 21. Compared with the method of detecting the entire IPv6 address allocation range of the network environment E, the step of speeding up the detection S5 reduces the amount of detection required to a smaller range (the undiscovered mesh point may be the IPv6 address range), so that the detection speed is faster and more efficient.
By adopting the technical means adopted by the invention, when the IPv6 address is distributed by the DHCPv6, the suffix of the IPv6 address acquired by the object website is the same as the IPv4address, namely, the website management IPv6 address with the address suffix which can be identified by naked eyes is adopted, so that the identification of the IPv6 address of the object website is improved, and the website management is facilitated.
While the foregoing description and description are of the preferred embodiment of the present invention, other modifications will be apparent to those skilled in the art from this description and it is intended that all such modifications be included within the spirit and scope of the present invention.
In this specification, the invention has been described with reference to specific embodiments thereof. It will, however, be evident that various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.
Claims (9)
1. An IPv6 network point management method is applied to a network environment with coexisting IPv6 address and IPv4address, and for the network point belonging to the network environment to manage, the IPv6 network point management method includes the following steps:
a packet collection step, in which a packet collection module is used for collecting the network point packets of each network point in the network environment;
a packet analyzing step, analyzing each network node packet collected in the packet collecting step by a packet analyzing module, obtaining network node information about each network node from the network node packet, wherein the network node information contains IP address information and MAC address information, and establishing an IP and MAC corresponding relation table according to the network node information; and
an IPv6 address allocation step, which is to allocate the IP 6 address generated according to the IP and MAC correspondence table to the target site requesting to allocate IPv6 address by DHCPv6 service module, wherein the DHCPv6 service module substitutes the number of the individual decimal point array in the configured IPv4address of the target site directly into the number of the hexadecimal point array as the colon number of the tail individual corresponding position in the site management IPv6 address without carry conversion, so as to generate the site management IPv6 address with naked eye identification address suffix.
2. The IPv6 mesh point management method of claim 1, wherein in the packet analysis step, the IP address information of the mesh point information includes IPv6 address information of the mesh point, and the packet analysis module derives the mesh point information including the IPv6 address information and/or the MAC address information from a neighbor solicitation packet and/or a neighbor advertisement packet belonging to a neighbor discovery protocol in the mesh point packet.
3. The IPv6 mesh point management method according to claim 2, wherein in the packet analysis step, deriving the mesh point information including the IPv6 address information and/or the MAC address information from the mesh point packet includes the steps of:
an IPv6 packet classifying sub-step, classifying the network node packet whose Ethernet type field content is judged to be '0 x86 DD' into an IPv6 classified packet;
an ICMPv6 packet classification sub-step of classifying the IPv6 classified packet whose content of the next header field of the packet is determined to be "58" into an ICMPv6 classified packet; and
an information extraction sub-step of extracting the mesh point information including the IPv6 address information and/or the MAC address information from the ICMPv6 classification packet in which the content of the type field of the packet is determined to be "135" or "136".
4. The IPv6 mesh point management method according to claim 1, wherein, in the IPv6 address assignment step, the DHCPv6 service module substitutes directly, without carry conversion, the numbers of all four dot decimal arrays in the configured IPv4address of the target mesh point into the numbers of the colon hexadecimal array as the last four corresponding positions in the mesh point management IPv6 address, respectively.
5. The IPv6 mesh point management method according to claim 1, wherein in the IPv6 address allocation step, when the object mesh point is not configured with an IPv4address, the DHCPv6 service module generates the mesh point management IPv6 address by using an emulated configuration IPv4address as a configured IPv4address of the object mesh point, wherein the emulated configuration IPv4address is selected from an out-of-range IPv4address outside an IPv4address allocation range of the network environment, or the emulated configuration IPv4address is selected from a non-regular IPv4address, and the non-regular IPv4address contains at least one hexadecimal number from "a" to "F", or at least one point of the non-regular IPv4 addresses has a decimal number exceeding 8 bits.
6. The IPv6 website management method of claim 1, further comprising an illegal website blocking step of comparing a preset allowed website list with the website information obtained in the packet analysis step to determine whether the website to which the IPv6 address belongs is a legitimate website or an illegal website, and blocking the website determined to be an illegal website.
7. The IPv6 node management method of claim 1, further comprising an accelerated detection step of performing an operation on IP address information of each node existing in the current IP and MAC mapping table and the IPv6 address allocation range of the network environment to obtain an undiscovered node possible IPv6 address range associated with the IP and MAC mapping table, and sending a detection packet for an IPv6 address within the undiscovered node possible IPv6 address range to drive the corresponding node in the network environment to send the node packet containing the node information.
8. An IPv6 mesh point management apparatus for executing the IPv6 mesh point management method according to any one of claims 1 to 7, the IPv6 mesh point management apparatus being provided in the network environment where an IPv6 address and an IPv4address coexist, and managing a mesh point to which the network environment belongs, the IPv6 mesh point management apparatus comprising:
the packet collection module is configured to collect the network node packets of each network node in the network environment;
the packet analysis module is connected with the packet collection module, is configured to analyze each website packet collected by the packet collection module, obtains website information about each website from the website packet, contains the IP address information and the MAC address information, and establishes the IP and MAC corresponding relation table according to the website information; and
the DHCPv6 service module is connected to the packet analysis module, and the DHCPv6 service module is configured to allocate the website management IPv6 address generated according to the IP and MAC correspondence table to the target website requesting allocation of an IPv6 address, wherein the DHCPv6 service module directly substitutes the number of the respective dotted decimal array in the allocated IPv4address of the target website without carry conversion into the number of the dotted hexadecimal array as the tail corresponding position in the website management IPv6 address, respectively, to generate the website management IPv6 address having the macroscopic address suffix.
9. The IPv6 website management apparatus of claim 8, further comprising a website management module connected to the packet analysis module, the website management module being configured to compare the preset allowed website list with the website information obtained by the packet analysis module, determine whether the website to which the IPv6 address is configured belongs is a legitimate website or an illegitimate website, and block the website determined to be an illegitimate website.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010474400.1A CN113746944B (en) | 2020-05-29 | 2020-05-29 | IPv6 network point management method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010474400.1A CN113746944B (en) | 2020-05-29 | 2020-05-29 | IPv6 network point management method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113746944A true CN113746944A (en) | 2021-12-03 |
| CN113746944B CN113746944B (en) | 2024-05-14 |
Family
ID=78724598
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010474400.1A Active CN113746944B (en) | 2020-05-29 | 2020-05-29 | IPv6 network point management method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113746944B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101199166A (en) * | 2005-04-29 | 2008-06-11 | 艾利森电话股份有限公司 | Operator shop selection in broadband access |
| CN101848247A (en) * | 2009-03-26 | 2010-09-29 | 华为技术有限公司 | Method for implementing access of IPv6 host to IPv4 host, method for acquiring IPv6 address prefix and conversion device |
| CN102447617A (en) * | 2010-10-09 | 2012-05-09 | 华为技术有限公司 | Method, terminals and gateway for transmitting IPv6 (Internet Protocol version 6) message in IPv4 network |
| CN103051744A (en) * | 2013-01-08 | 2013-04-17 | 中兴通讯股份有限公司 | Method and device for converting multicast address |
| JP2014007510A (en) * | 2012-06-22 | 2014-01-16 | Nippon Telegr & Teleph Corp <Ntt> | IPv4-IPv6 CONVERSION PROCESSING METHOD, IPv4-IPv6 CONVERSION PROCESSING APPARATUS AND IPv4-IPv6 INTEGRATION NETWORK SYSTEM |
| WO2014089677A1 (en) * | 2012-12-10 | 2014-06-19 | Bluecat Networks Inc | System and method for ip network semantic label storage and management |
| CN104734963A (en) * | 2015-03-24 | 2015-06-24 | 电子科技大学 | IPv4 and IPv6 network interconnection method based on SDN |
| CN104883407A (en) * | 2014-02-28 | 2015-09-02 | 中兴通讯股份有限公司 | IPv6 address handling method and apparatus and DHCPv6 relay |
-
2020
- 2020-05-29 CN CN202010474400.1A patent/CN113746944B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101199166A (en) * | 2005-04-29 | 2008-06-11 | 艾利森电话股份有限公司 | Operator shop selection in broadband access |
| CN101848247A (en) * | 2009-03-26 | 2010-09-29 | 华为技术有限公司 | Method for implementing access of IPv6 host to IPv4 host, method for acquiring IPv6 address prefix and conversion device |
| CN102447617A (en) * | 2010-10-09 | 2012-05-09 | 华为技术有限公司 | Method, terminals and gateway for transmitting IPv6 (Internet Protocol version 6) message in IPv4 network |
| JP2014007510A (en) * | 2012-06-22 | 2014-01-16 | Nippon Telegr & Teleph Corp <Ntt> | IPv4-IPv6 CONVERSION PROCESSING METHOD, IPv4-IPv6 CONVERSION PROCESSING APPARATUS AND IPv4-IPv6 INTEGRATION NETWORK SYSTEM |
| WO2014089677A1 (en) * | 2012-12-10 | 2014-06-19 | Bluecat Networks Inc | System and method for ip network semantic label storage and management |
| CN103051744A (en) * | 2013-01-08 | 2013-04-17 | 中兴通讯股份有限公司 | Method and device for converting multicast address |
| CN104883407A (en) * | 2014-02-28 | 2015-09-02 | 中兴通讯股份有限公司 | IPv6 address handling method and apparatus and DHCPv6 relay |
| CN104734963A (en) * | 2015-03-24 | 2015-06-24 | 电子科技大学 | IPv4 and IPv6 network interconnection method based on SDN |
Non-Patent Citations (1)
| Title |
|---|
| CONGXIAO BAO;XING LI;: "IVI/MAP-T/MAP-E:Unified IPv4/IPv6 Stateless Translation and Encapsulation Technologies", ZTE COMMUNICATIONS, no. 03, 25 September 2013 (2013-09-25) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113746944B (en) | 2024-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11418444B2 (en) | IPv6 network node managing method and equipment | |
| US6618755B1 (en) | Automatically identifying subnetworks in a network | |
| US7624445B2 (en) | System for dynamic network reconfiguration and quarantine in response to threat conditions | |
| US8578034B2 (en) | Optimized network device discovery | |
| US8447846B2 (en) | Using unique local unicast addresses in a global domain name server by providing a centralized registry | |
| EP2191634B1 (en) | A system and method for generating functional addresses | |
| US8699515B2 (en) | Limiting of network device resources responsive to IPv6 originating entity identification | |
| CN107360270B (en) | DNS (Domain name Server) analysis method and device | |
| CN103229488B (en) | IPv6 address source tracing method, device and system | |
| CN107948150B (en) | Message forwarding method and device | |
| EP1993238A1 (en) | A device and method and system for acquiring ipv6 address | |
| CN114422474A (en) | User IPv6 address generation method based on RADIUS server | |
| US7948916B2 (en) | Method and apparatus for discovering topology information in a network | |
| US9667592B2 (en) | Efficient utilization of internet protocol addresses | |
| US20150372968A1 (en) | A Method of and a Processing Device Handling a Protocol Address in a Network | |
| CN113746944B (en) | IPv6 network point management method and equipment | |
| US20230015347A1 (en) | System and method for forwarding packets in a hierarchical network architecture using variable length addresses | |
| JP5587254B2 (en) | Allocation apparatus, allocation program, allocation method, and allocation system | |
| CN113301001B (en) | Attacker determination method, attacker determination device, computing equipment and attacker determination medium | |
| KR20070026967A (en) | Network system of allocating to ipv6 address and method thereof | |
| KR100846014B1 (en) | METHOD OF CONFIGURING IPv6 LINK-LOCAL ADDRESSES USING PSEUDO EUI-64 IDENTIFIERS IRRESPECTIVE OF TYPE OF PHYSICAL MEDIA | |
| KR101982164B1 (en) | Apparatus and method for managing network | |
| KR100547119B1 (en) | The method for generating IPv6 address using interface ID and device thereof | |
| CN112995353A (en) | IPv6 address survivability scanning system and method based on flow analysis | |
| US11929920B2 (en) | Managing processing queue allocation based on addressing attributes of an inner packet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |