CN114039913B - Multicast forwarding method, device, system, equipment and medium - Google Patents

Multicast forwarding method, device, system, equipment and medium Download PDF

Info

Publication number
CN114039913B
CN114039913B CN202111630227.0A CN202111630227A CN114039913B CN 114039913 B CN114039913 B CN 114039913B CN 202111630227 A CN202111630227 A CN 202111630227A CN 114039913 B CN114039913 B CN 114039913B
Authority
CN
China
Prior art keywords
multicast
data
target
application layer
receiving
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111630227.0A
Other languages
Chinese (zh)
Other versions
CN114039913A (en
Inventor
温卓然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Tianrongxin Network Security Technology Co ltd
Original Assignee
Shanghai Tianrongxin Network Security Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Tianrongxin Network Security Technology Co ltd filed Critical Shanghai Tianrongxin Network Security Technology Co ltd
Priority to CN202111630227.0A priority Critical patent/CN114039913B/en
Publication of CN114039913A publication Critical patent/CN114039913A/en
Application granted granted Critical
Publication of CN114039913B publication Critical patent/CN114039913B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/16Multipoint routing

Abstract

The embodiment of the application provides a method, a device, a system, equipment and a medium for multicast forwarding, wherein the method comprises the following steps: acquiring multicast data sent by a multicast source, wherein the multicast source is positioned in a first subnet domain, and the multicast data comprises a target IP address and a target port number; and transmitting the application layer data carried by the multicast data to a transmitting and receiving end of a second subnet domain in a target unicast mode so that the transmitting and receiving end of the second subnet domain transmits the application layer data to a target multicast group. In some embodiments of the present application, because the forwarded data is application layer data that does not include information related to the multicast source, the IP address information of the multicast source cannot be determined even if the multicast source receives the multicast data at the destination multicast source, so that the identity of the multicast source is well hidden, and the security in the multicast forwarding process is improved.

Description

Multicast forwarding method, device, system, equipment and medium
Technical Field
The embodiment of the application relates to the field of multicasting, in particular to a method, a device, a system, equipment and a medium for multicasting forwarding.
Background
In the related art, with the development of computer networks, multicast technology is widely used in various industries, such as media broadcasting, media pushing, status monitoring, etc. In the existing multicast forwarding process, when a target host receives multicast data, the target host can acquire information of a multicast source at the same time, so that the security in the multicast data forwarding process is reduced.
Therefore, how to improve the security of multicast forwarding is a problem to be solved.
Disclosure of Invention
The embodiments of the present application provide a method, apparatus, system, device, and medium for multicast forwarding, by which a destination multicast group can only accept and obtain application layer data, so that the destination multicast source cannot determine the IP address information of the multicast source when receiving the multicast data, thereby hiding the multicast source identity well, and improving the security in the multicast forwarding process.
In a first aspect, an embodiment of the present application provides a method for multicast forwarding, which is applied to a transceiver end of a first subnet domain, where the method includes: acquiring multicast data sent by a multicast source, wherein the multicast source is positioned in a first subnet domain, and the multicast data comprises a target IP address and a target port number; and transmitting the application layer data carried by the multicast data to a transmitting and receiving end of a second subnet domain in a target unicast mode so that the transmitting and receiving end of the second subnet domain transmits the application layer data to a target multicast group.
Therefore, in the embodiment of the application, the application layer data is sent in the target unicast mode, so that the forwarded data does not contain the multicast source related information, and therefore, the IP address information of the multicast source cannot be determined even if the multicast source receives the multicast data, and the identity of the multicast source is well hidden. In addition, the data is forwarded to the receiving and transmitting end of the second subnet in the target unicast mode, so that the receiving and transmitting end of the first subnet can realize multicast forwarding without accessing the target multicast group, the safety performance of the system is improved, and the threat of the data of the first subnet to the target multicast group is prevented.
With reference to the first aspect, in an embodiment of the present application, the transceiver side of the second subnet domain provides the application layer data to the destination multicast group by: receiving the application layer data and confirming that the application layer data accords with a multicast strategy, wherein the multicast strategy comprises an IP address and a port number of the target multicast group and an IP address of the multicast source; and sending the application layer data to the target multicast group.
Therefore, the embodiment of the application sends the application layer data to the target multicast group through the receiving and transmitting end of the second subnet, can intercept the information such as the IP address and the like related to the equipment in the first subnet at the receiving and transmitting end of the second subnet, so that each target host in the target multicast group only receives the application layer data and does not receive the information related to the multicast source, thereby ensuring the safety of multicast forwarding and simultaneously ensuring the independence of the first subnet and the second subnet.
With reference to the first aspect, in an embodiment of the present application, before sending the application layer data of the multicast data bearer to the transceiver end of the second subnet domain in the target unicast form, the method further includes: extracting the application layer data from the multicast data; encapsulating the application layer data into unicast data; and transmitting the unicast data to a transmitting and receiving end of the second subnet domain in the target unicast mode.
Therefore, the embodiment of the application can delete the information related to the multicast source, such as the IP address, the port number and the like, in the multicast data by transmitting the application layer data to the receiving and transmitting end of the second subnet domain in a unicast mode, so that the destination multicast group only acquires the data content and does not acquire the information related to the multicast source, thereby improving the security of multicast forwarding.
With reference to the first aspect, in an embodiment of the present application, before the obtaining the multicast data sent by the multicast source, the method further includes: establishing a multicast strategy on a receiving end of the first subnet domain; wherein prior to said encapsulating said application layer data into unicast data, said method further comprises: and confirming that the multicast data accords with the multicast strategy.
Therefore, the embodiment of the application can intercept the multicast data with incorrect purpose by establishing the multicast strategy and forwarding the multicast data conforming to the multicast strategy, thereby ensuring the security of the multicast forwarding process.
With reference to the first aspect, in an embodiment of the present application, before the obtaining the multicast data sent by the multicast source, the method further includes: and confirming that the receiving and transmitting end of the second subnet domain is positioned in the target multicast group.
Therefore, the embodiment of the application can ensure that all the devices can receive the multicast data by verifying whether the devices exist in the target multicast group, and simultaneously avoid the loss of the multicast data caused by the condition that the devices are not found in time.
In a second aspect, an embodiment of the present application provides an apparatus for multicast forwarding, where the apparatus includes: the data acquisition module is configured to acquire multicast data sent by a multicast source, wherein the multicast source is positioned in a first subnet domain, and the multicast data comprises a target IP address and a target port number; and the data transmitting module is configured to transmit the application layer data carried by the multicast data to the transmitting and receiving end of the second subnet domain in a target unicast mode so that the transmitting and receiving end of the second subnet domain transmits the application layer data to a target multicast group.
With reference to the second aspect, in one embodiment of the present application, the transceiver end of the second subnet domain provides the application layer data to the destination multicast group by: receiving the application layer data and confirming that the application layer data accords with a multicast strategy, wherein the multicast strategy comprises an IP address and a port number of the target multicast group and an IP address of the multicast source; and sending the application layer data to the target multicast group.
With reference to the second aspect, in an embodiment of the present application, the data sending module is further configured to: extracting the application layer data from the multicast data; encapsulating the application layer data into unicast data; and transmitting the unicast data to a transmitting and receiving end of the second subnet domain in the target unicast mode.
With reference to the second aspect, in an embodiment of the present application, the data acquisition module is further configured to: establishing a multicast strategy on a receiving end of the first subnet domain; wherein prior to said encapsulating said application layer data into unicast data, said method further comprises: and confirming that the multicast data accords with the multicast strategy.
With reference to the second aspect, in an embodiment of the present application, the data acquisition module is further configured to: and confirming that the receiving and transmitting end of the second subnet domain is positioned in the target multicast group.
In a third aspect, an embodiment of the present application provides a system for multicast forwarding, where the system includes: a multicast source for generating multicast data; a transceiver of the first subnet configured to obtain multicast data sent by the multicast source and perform the multicast rebroadcasting method as described in the first aspect and any embodiment thereof; the receiving and transmitting end of the second subnet domain is configured to send the application layer data carried by the multicast data to a target multicast group; at least one target host configured to receive the application layer data, wherein the destination multicast group includes the at least one target host.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory, and a bus; the processor is connected to the memory via the bus, the memory storing computer readable instructions for implementing the method according to the first aspect and any embodiment thereof, when the computer readable instructions are executed by the processor.
In a fifth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which when executed implements a method according to the first aspect and any of its embodiments.
Drawings
Fig. 1 is a schematic diagram of a multicast forwarding system according to an embodiment of the present application;
fig. 2 is a flowchart of a method for multicast forwarding according to an embodiment of the present application;
fig. 3 is a block diagram of a multicast forwarding device according to an embodiment of the present application;
fig. 4 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments of the present application. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by a person skilled in the art without any inventive effort, are intended to be within the scope of the present application based on the embodiments of the present application.
The embodiment of the application can be applied to a scene of forwarding multicast data, and in order to solve the problems in the background technology, in some embodiments of the application, the multicast data is forwarded to a target multicast group by using a receiving end of a first subnet domain and a receiving end of a second subnet domain. For example, the transmitting and receiving end of the first subnet transmits the multicast data acquired from the multicast source to the transmitting and receiving end of the second subnet in a unicast mode, and the transmitting and receiving end of the second subnet transmits the multicast data to the target multicast group according to the multicast policy.
For example, the transceiver end of the first subnet domain extracts the application layer data in the multicast data, encapsulates the application layer data into unicast data, and sends the unicast data to the transceiver end of the second subnet domain. The receiving and transmitting end of the second subnet transmits the application layer data contained in the unicast data to at least one target host to realize the safe forwarding of the multicast data.
It should be noted that, the multicast source may be an external network device that sends multicast data, and the destination multicast group may be an internal network device that receives multicast data. For example, assuming that the intranet is secure, the multicast source is referred to as an extranet device. The size of the intranet is not limited by the embodiments of the present application. For example, the intranet may be a university corresponding network, a company corresponding network, a city corresponding network, etc., and if the intranet is a university network, the multicast source is all the external network devices attempting to send multicast data to the destination multicast group.
It is understood that the transceiver of the first subnet and the transceiver of the second subnet may be gateway devices, such as firewalls, and other devices used in the fields of network switching, network security, etc. The embodiments of the present application are not limited thereto.
Fig. 1 provides a block diagram of a system for multicast forwarding in some embodiments of the present application, the system comprising: multicast source 110, first router 120, transceiver end 130 of the first subnet domain, transceiver end 140 of the second subnet domain, second router 150, first target host 161, second target host 162, and third target host 163. Specifically, the multicast source 110 sends the multicast data to be forwarded to the transceiver 130 of the first subnet domain via the first router 120, and the transceiver 130 of the first subnet domain encapsulates the multicast data into unicast data and sends the unicast data to the transceiver 140 of the second subnet domain. After receiving the unicast data, the transceiver 140 of the second subnet domain analyzes the unicast data and sends the application layer data obtained by analyzing the unicast data to the first target host 161, the second target host 162 and the third target host 163 through the second router 150.
It should be noted that, the target host is a host that receives the application layer data, and the target host may be one or more. As a specific embodiment of the present application, the target host may be a network device such as a computer, a server, etc.
Therefore, the multicast forwarding system in the embodiment of the present application adopts a symmetrical dual-architecture form, and is logically divided into a receiving end (i.e., a transmitting end of the first subnet domain) and a transmitting end (i.e., a transmitting end of the second subnet domain) of multicast data. Running the process in the multicast forwarding through the receiving end and the transmitting end, wherein the process in the multicast forwarding comprises the following steps: identification of multicast data, matching of policies, keep-alive of devices, and forwarding of multicast data.
Unlike the embodiment of the present application, in the multicast forwarding process of the related art, all multicast data is directly sent to the destination multicast group through the router, where the multicast data carries the application layer data, the multicast source IP address and port number, and the IP addresses and port numbers of all hosts included in the destination multicast group. Therefore, when receiving multicast data, the target host can obtain information of the multicast source at the same time, so that the security in the process of forwarding the multicast data is reduced. The embodiment of the application can effectively block the interaction of information irrelevant to the application layer data in two different network domains (for example, the IP address and the port number of a multicast source are not carried in unicast data, and the IP address and the port number of all hosts of a target multicast group are not carried) by adding the receiving and transmitting end of the first subnet domain and the receiving and transmitting end of the second subnet domain as the media for forwarding the multicast data, thereby ensuring the security of multicast forwarding.
At least to solve the above problem, as shown in fig. 2, some embodiments of the present application provide a method for multicast forwarding, which is applied to a transmitting and receiving end of a first subnet domain, and the method includes:
s210, obtaining the multicast data sent by the multicast source.
It should be noted that, in the embodiment of the present application, the multicast source is located in the first subnet domain, and may be a server or a client. The multicast source may be one or more. The embodiments of the present application are not limited thereto.
It can be understood that the multicast data may be a message or an instruction sent to the destination multicast group, and the destination multicast group performs further operations according to the multicast data after receiving the multicast data. As a specific embodiment of the present application, in the case where the multicast data is a video, the destination multicast group plays the video after receiving the video. As another embodiment of the present application, in the case that the multicast data is notification information, the destination multicast group performs further operations according to the notification information after receiving the notification information. For example, if the notification information is a shutdown instruction, each target host in the target multicast group performs shutdown according to the shutdown instruction.
And S220, transmitting the application layer data carried by the multicast data to a transmitting and receiving end of the second subnet domain in a target unicast mode.
It should be noted that the first subnet and the second subnet are two different subnets. In the multicast forwarding process, multicast data can be forwarded from the first subnet domain to the second subnet domain, and also can be forwarded from the second subnet domain to the first subnet domain.
The transceiver of the first subnet domain and the transceiver of the second subnet domain may be two devices or may be integrated into one device. That is, the multicast forwarding system includes a transceiver device, where the transceiver device is obtained by integrating a transceiver of the first subnet domain and a transceiver of the second subnet domain.
The target unicast form in the present application may be a unicast form transmitted in a user packet protocol (User Datagram Protocol, UDP) or a unicast form transmitted in a transmission control protocol (Transmission Control Protocol, TCP). The embodiments of the present application are not limited thereto.
In one embodiment of the present application, before S210, the method further includes: and establishing a multicast strategy on the receiving and transmitting end of the first subnet domain and the receiving and transmitting end of the second subnet domain.
That is, the implementation of multicast forwarding depends on a multicast policy, and information such as a target IP and a check condition included in the multicast policy may provide support for multicast forwarding, so that before multicast forwarding is performed, the multicast policy needs to be established on the transceiver side of the first subnet domain and the transceiver side of the second subnet domain, and stored in a memory. The multicast strategy can be added, deleted, modified, displayed and the like in the command line through the command form. When the strategy is configured, a callback function is triggered to integrate a plurality of pieces of information in the configured multicast strategy into one configuration file. One piece of information in the multicast strategy corresponds to one configuration block in the configuration file, and at least one configuration instruction is corresponding to one configuration block.
Specifically, in the multicast policy configured for the transceiver end of the first subnet, the plurality of pieces of information include: the IP address of the multicast source, the port number of the multicast source, the mode of joining the multicast group in which the multicast source is located, the domain name of the first subnet domain, the domain name of the second subnet domain, etc. The matching instruction corresponding to the IP address of the multicast source comprises: if the IP address of the current multicast source is different from the IP address of the multicast source configured in the multicast strategy, intercepting the multicast data; and if the IP address of the current multicast source is the same as the IP address of the multicast source configured in the multicast strategy, sending the multicast data to the receiving and transmitting end of the second subnet domain.
Specifically, in the multicast policy configured for the transceiver end of the second subnet, the plurality of pieces of information include: the IP address of each target host, the port number of each target host, the mode of joining the target multicast group, the domain name of the second subnet domain, etc. The matching instruction corresponding to the IP address of each target host comprises: if the IP address of the current target host is different from the IP address of each target host configured in the multicast strategy, intercepting the multicast data; and forwarding the multicast data if the IP address of the current target host is the same as the IP address of each target host configured in the multicast strategy.
When the destination multicast group and the multicast source are replaced, after the new multicast strategy is configured, multicast data between the original multicast source and the destination multicast group is forwarded by using the original multicast strategy, and then the multicast data is switched to the updated destination multicast group and the updated multicast source for multicast forwarding.
It can be understood that the devices in the multicast forwarding system (including but not limited to the transceiver of the first subnet domain and the transceiver of the second subnet domain) join the corresponding multicast group through the IP address and the port number of each multicast group, and can accept or send the multicast data after joining. The mode of joining the Multicast group may be Any Source Multicast (ASM), designated Source Multicast (Source-Specific Multicast, SSM), source filter Multicast (Source-Filtered Multicast, SFM), etc. The embodiments of the present application are not limited thereto.
Therefore, the embodiment of the application can intercept the multicast data with incorrect purpose by establishing the multicast strategy and forwarding the multicast data conforming to the multicast strategy, thereby ensuring the security of the multicast forwarding process.
In one embodiment of the present application, before S210, the method further includes: and confirming that the receiving and transmitting end of the second subnet domain is positioned in the target multicast group.
That is, in order to ensure normal forwarding of the multicast data, it is necessary to confirm that the transmitting and receiving end of the second subnet domain is located in the destination multicast group before transmitting the multicast data. Specifically, in the multicast forwarding system, the second router or the three-layer switch responsible for maintaining the multicast data distribution of the second subnet domain may send an IGMP Query message before the multicast source sends the multicast data, so as to inquire whether the receiving and transmitting end of the second subnet domain and each destination host exist in the destination multicast group. If the receiving and transmitting end of the second subnet domain or each destination host does not respond after receiving the IGMP Query message three times continuously, the router or the three-layer switch considers that the equipment is not in the destination multicast group; if the receiving and transmitting end of the second subnet and each destination host respond to the IGMP Query message, the receiving and transmitting end and each destination host confirm that the IGMP Query message is positioned in the destination multicast group, and the forwarding of multicast data can be performed.
In addition, before receiving or transmitting the multicast data, the transceiver end of the second subnet needs to join the destination multicast group. Specifically, firstly, in the process of initializing a receiving and transmitting end of a second subnet, a socket network socket is established according to a multicast strategy, an IGMP report message is sent, and a target multicast group is designated to be added; then, an IGMP report message is sent (when the target multicast group is first added), and the receiving and transmitting end of the second subnet domain is ensured to be always in the target multicast group in response to the IGMP query message.
In the multicast forwarding process, an IGMP Query message is also sent to the receiving and transmitting end of the second subnet domain and each destination host at a set time, and if it is confirmed that the IGMP Query message is not in the destination multicast group, the subsequent multicast data is not forwarded to the device.
Therefore, the embodiment of the application can ensure that all the devices can receive the multicast data by verifying whether the devices exist in the target multicast group, and simultaneously avoid the loss of the multicast data caused by the condition that the devices are not found in time.
In one embodiment of the present application, the specific implementation procedure of S220 is as follows:
step one: and extracting application layer data from the multicast data, and confirming that the multicast data accords with the multicast strategy.
That is, after receiving the multicast device, the transceiver of the first subnet firstly extracts the application layer data in the multicast data, then judges whether the message included in the multicast data is a multicast message, if so, further judges whether the message can be forwarded according to the configuration file; if not, discarding the multicast data. Specifically, the process of judging whether forwarding is possible further according to the configuration file is as follows: judging whether the IP address and port number of the multicast source corresponding to the current multicast data, the address (i.e. the target IP address) and the port (i.e. the target port number) of the target multicast group accord with the strategy in the configuration file or not. If yes, executing the second step; if not, discarding the multicast data.
Step two: and encapsulating the application layer data into unicast data, and transmitting the unicast data to a transmitting and receiving end of the second subnet domain in a target unicast mode.
That is, after confirming that the multicast data accords with the policy in the configuration file, the application layer data in the multicast data is encapsulated into unicast data, and the application layer data is sent to the transceiver end of the second subnet domain in a unicast mode through the UDP protocol according to the target IP address and the target port number in the configuration file.
Therefore, the embodiment of the application can delete the information related to the multicast source, such as the IP address, the port number and the like, in the multicast data by transmitting the application layer data to the receiving and transmitting end of the second subnet domain in a unicast mode, so that the destination multicast group only acquires the data content and does not acquire the information related to the multicast source, thereby improving the security of multicast forwarding.
In one embodiment of the present application, the transceiver end of the second subnet domain provides the application layer data to the destination multicast group by:
step one: and receiving the application layer data and confirming that the application layer data accords with the multicast strategy.
That is, after the transceiver end of the first subnet transmits the application layer data, the transceiver end of the second subnet receives the application layer data, and then determines whether the information corresponding to the application layer data accords with the multicast policy again, if so, the application layer data is forwarded to the destination multicast group according to the multicast policy, and if not, the application layer data is intercepted. For example, it is determined whether the destination IP address and the destination port number corresponding to the application layer data are the same as those set in the multicast policy.
Step two: and sending the application layer data to the destination multicast group.
That is, in the case that the application layer data is determined to conform to the multicast policy in the step one, the transmitting and receiving end of the second subnet domain sends the application layer data to each destination host in the destination multicast group.
Therefore, the embodiment of the application sends the application layer data to the target multicast group through the receiving and transmitting end of the second subnet domain, and can intercept the information such as the IP address and the like related to the equipment in the first subnet domain at the receiving and transmitting end of the second subnet domain, so that each target host in the target multicast group only receives the application layer data and does not receive the information related to the multicast source, thereby ensuring the security of multicast forwarding.
It should be noted that, the multicast data may also be sent from the destination host located in the second subnet to the multicast source located in the first subnet through the transceiver end of the second subnet. The transmission method is the same as the above method, and will not be described here again.
Therefore, the method for multicast forwarding is used for multicast forwarding between network areas where an intranet and an extranet cannot directly communicate, a multicast strategy is deployed on a receiving and transmitting end, and only if the corresponding multicast strategy is matched, illegal traffic is allowed to pass through and discarded in a white list and switch mode. Meanwhile, the unified closing function of the switch is supported, the specified multicast source IP is supported, namely, only multicast data sent by the multicast sources in the list is accepted, and meanwhile, the system also has the multicast source filtering function, namely, the multicast data in the blacklist is discarded. Thus, the present application provides a variety of configurations, which a user can configure as desired. The method is suitable for the requirement of multicast communication between the intranet area with higher protection level and the extranet, and has the effects of simple deployment and strong expansibility.
The foregoing describes an embodiment of a method for multicast forwarding according to the present application, and a device for multicast forwarding according to the present application will be described below.
As shown in fig. 3, an apparatus 300 for multicast forwarding includes: the data acquisition module 310 and the data transmission module 320.
The embodiment of the application provides a multicast forwarding device 300, which comprises: a data obtaining module 310, configured to obtain multicast data sent by a multicast source, where the multicast source is located in a first subnet domain, and the multicast data includes a target IP address and a target port number; the data sending module 320 is configured to send the application layer data carried by the multicast data to the transceiver of the second subnet domain in the form of target unicast, so that the transceiver of the second subnet domain sends the application layer data to the target multicast group.
In one embodiment of the present application, the transceiver of the second subnet domain provides the application layer data to the destination multicast group by: receiving the application layer data and confirming that the application layer data accords with a multicast strategy, wherein the multicast strategy comprises an IP address and a port number of the target multicast group and an IP address of the multicast source; and sending the application layer data to the target multicast group.
In one embodiment of the present application, the data transmission module 320 is further configured to: extracting the application layer data from the multicast data; encapsulating the application layer data into unicast data; and transmitting the unicast data to a transmitting and receiving end of the second subnet domain in the target unicast mode.
In one embodiment of the present application, the data acquisition module 310 is further configured to: establishing a multicast strategy on a receiving end of the first subnet domain; wherein prior to said encapsulating said application layer data into unicast data, said method further comprises: and confirming that the multicast data accords with the multicast strategy.
In one embodiment of the present application, the data acquisition module 310 is further configured to: and confirming that the receiving and transmitting end of the second subnet domain is positioned in the target multicast group.
In an embodiment of the present application, the module shown in fig. 3 is capable of implementing various processes in the embodiments of the methods of fig. 1 and 2. The operation and/or function of the individual modules in fig. 3 are for the purpose of realizing the respective flows in the method embodiments in fig. 1 and 2, respectively. Reference is specifically made to the description in the above method embodiments, and detailed descriptions are omitted here as appropriate to avoid repetition.
As shown in fig. 4, an embodiment of the present application provides an electronic device 400, including: a processor 410, a memory 420 and a bus 430, said processor being connected to said memory by means of said bus, said memory storing computer readable instructions for implementing the method according to any of the above-mentioned embodiments, when said computer readable instructions are executed by said processor, see in particular the description of the above-mentioned method embodiments, and detailed descriptions are omitted here as appropriate for avoiding repetition.
Wherein the bus is used to enable direct connection communication of these components. The processor in the embodiment of the application can be an integrated circuit chip with signal processing capability. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but may also be a Digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The Memory may be, but is not limited to, random access Memory (Random Access Memory, RAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc. The memory has stored therein computer readable instructions which, when executed by the processor, perform the method described in the above embodiments.
It will be appreciated that the configuration shown in fig. 4 is illustrative only and may include more or fewer components than shown in fig. 4 or have a different configuration than shown in fig. 4. The components shown in fig. 4 may be implemented in hardware, software, or a combination thereof.
Embodiments of the present application also provide a computer readable storage medium, on which a computer program is stored, which when executed by a server, implements a method according to any one of the foregoing embodiments, and specifically reference may be made to the description in the foregoing method embodiments, and detailed descriptions are omitted herein as appropriate for avoiding repetition.
The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application. It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (8)

1. A method for multicast forwarding, applied to a transceiver end of a first subnet domain, the method comprising:
acquiring multicast data sent by a multicast source, wherein the multicast source is positioned in a first subnet domain, and the multicast data comprises a target IP address and a target port number;
transmitting the application layer data carried by the multicast data to a receiving and transmitting end of a second subnet domain in a target unicast mode, so that the receiving and transmitting end of the second subnet domain transmits the application layer data to a target multicast group;
the unicast data does not carry the IP address and port number of the multicast source, and does not carry the IP addresses and port numbers of all hosts of the target multicast group;
the unicast data is sent to the receiving and transmitting end of the second subnet domain in a unicast mode through a protocol according to a target IP address and a target port number in a configuration file, and the configuration file comprises a plurality of pieces of information in a multicast strategy;
before the multicast data sent by the multicast source is obtained, the method further comprises:
establishing a multicast strategy on the receiving and transmitting end of the first subnet domain and the receiving and transmitting end of the second subnet domain, and triggering a callback function to integrate a plurality of pieces of information in the configured multicast strategy into a configuration file when the multicast strategy is configured;
confirming that the receiving and transmitting end of the second subnet domain is positioned in the target multicast group;
wherein prior to said encapsulating said application layer data into unicast data, said method further comprises:
and confirming that the multicast data accords with the multicast strategy.
2. The method of claim 1, wherein the transceiver side of the second subnet domain provides the application layer data to the destination multicast group by:
receiving the application layer data and confirming that the application layer data accords with a multicast strategy, wherein the multicast strategy comprises an IP address and a port number of the target multicast group and an IP address of the multicast source;
and sending the application layer data to the target multicast group.
3. The method according to any of claims 1-2, wherein said sending the application layer data of the multicast data bearer to the transceiver side of the second subnet domain in a target unicast form comprises:
extracting the application layer data from the multicast data;
encapsulating the application layer data into unicast data;
and transmitting the unicast data to a transmitting and receiving end of the second subnet domain in the target unicast mode.
4. An apparatus for multicast forwarding, the apparatus comprising:
the data acquisition module is configured to acquire multicast data sent by a multicast source, wherein the multicast source is positioned in a first subnet domain, and the multicast data comprises a target IP address and a target port number;
the data sending module is configured to send the application layer data carried by the multicast data to the receiving and sending end of the second subnet domain in a target unicast mode so that the receiving and sending end of the second subnet domain sends the application layer data to a target multicast group;
the unicast data does not carry the IP address and port number of the multicast source, and does not carry the IP addresses and port numbers of all hosts of the target multicast group;
the unicast data is sent to the receiving and transmitting end of the second subnet domain in a unicast mode through a protocol according to a target IP address and a target port number in a configuration file, and the configuration file comprises a plurality of pieces of information in a multicast strategy;
before the data acquisition module acquires multicast data sent by a multicast source, a multicast strategy is established on a receiving end of the first subnet domain and a receiving end of the second subnet domain, and when the multicast strategy is configured, a callback function is triggered to integrate a plurality of pieces of information in the configured multicast strategy into a configuration file; confirming that the receiving and transmitting end of the second subnet domain is positioned in the target multicast group;
before the application layer data is encapsulated into unicast data, the method further comprises: and confirming that the multicast data accords with the multicast strategy.
5. The apparatus of claim 4, wherein the providing the application layer data to the destination multicast group by the transceiver of the second subnet domain comprises:
receiving the application layer data and confirming that the application layer data accords with a multicast strategy, wherein the multicast strategy comprises an IP address and a port number of the target multicast group and an IP address of the multicast source;
and sending the application layer data to the target multicast group.
6. A system for multicast forwarding, the system comprising:
a multicast source for generating multicast data;
a transceiver of a first subnet configured to obtain the multicast data and perform the multicast rebroadcasting method according to any one of claims 1-3;
the receiving and transmitting end of the second subnet domain is configured to send the application layer data carried by the multicast data to a target multicast group;
at least one target host configured to receive the application layer data, wherein the destination multicast group includes the at least one target host.
7. An electronic device, comprising: a processor, a memory, and a bus;
the processor is connected to the memory via the bus, the memory storing computer readable instructions which, when executed by the processor, are adapted to carry out the method of any one of claims 1-3.
8. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed, implements the method according to any of claims 1-3.
CN202111630227.0A 2021-12-28 2021-12-28 Multicast forwarding method, device, system, equipment and medium Active CN114039913B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111630227.0A CN114039913B (en) 2021-12-28 2021-12-28 Multicast forwarding method, device, system, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111630227.0A CN114039913B (en) 2021-12-28 2021-12-28 Multicast forwarding method, device, system, equipment and medium

Publications (2)

Publication Number Publication Date
CN114039913A CN114039913A (en) 2022-02-11
CN114039913B true CN114039913B (en) 2023-09-05

Family

ID=80147269

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111630227.0A Active CN114039913B (en) 2021-12-28 2021-12-28 Multicast forwarding method, device, system, equipment and medium

Country Status (1)

Country Link
CN (1) CN114039913B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1744574A (en) * 2005-09-02 2006-03-08 杭州华为三康技术有限公司 Method for multicasting message to traverse non multicasting network and its applied network system
CN101702672A (en) * 2009-11-04 2010-05-05 华为技术有限公司 Forwarding method and forwarding device for multicast data message
CN102917080A (en) * 2012-09-21 2013-02-06 中国科学院声学研究所 Mapping-table based application layer data relay transmission method and device
WO2013063797A1 (en) * 2011-11-04 2013-05-10 华为技术有限公司 Internet protocol version 6 multicast address generation method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1744574A (en) * 2005-09-02 2006-03-08 杭州华为三康技术有限公司 Method for multicasting message to traverse non multicasting network and its applied network system
CN101702672A (en) * 2009-11-04 2010-05-05 华为技术有限公司 Forwarding method and forwarding device for multicast data message
WO2013063797A1 (en) * 2011-11-04 2013-05-10 华为技术有限公司 Internet protocol version 6 multicast address generation method and device
CN102917080A (en) * 2012-09-21 2013-02-06 中国科学院声学研究所 Mapping-table based application layer data relay transmission method and device

Also Published As

Publication number Publication date
CN114039913A (en) 2022-02-11

Similar Documents

Publication Publication Date Title
Rahman et al. Group communication for the constrained application protocol (CoAP)
US10298600B2 (en) Method, apparatus, and system for cooperative defense on network
US10805325B2 (en) Techniques for detecting enterprise intrusions utilizing active tokens
US7472411B2 (en) Method for stateful firewall inspection of ICE messages
CN113132342B (en) Method, network device, tunnel entry point device, and storage medium
US11741801B2 (en) Network sanitization for dedicated communication function and edge enforcement
CN1938982B (en) Method and apparatus for preventing network attacks by authenticating internet control message protocol packets
CN101399838B (en) Method, apparatus and system for processing packet
EP3188440A1 (en) Network session data sharing
DE112013002272T5 (en) Protect ARP / ND cache from denial-of-service attacks
CN104852826A (en) Loop detecting method and device
CN108574673A (en) ARP message aggression detection method and device applied to gateway
CN113422768B (en) Application access method and device in zero trust and computing equipment
CN112118258B (en) System and method for acquiring attacker information in honeypot scene
CN114039913B (en) Multicast forwarding method, device, system, equipment and medium
CN112217783A (en) Device and method for attack recognition in a communication network
CN114584352B (en) Method, device and system for detecting network violation external connection of multi-network interconnection
Rahman et al. RFC 7390: Group Communication for the Constrained Application Protocol (CoAP)
CN112333088B (en) Compatible instant messaging transmission method
CN113067910B (en) NAT traversal method and device, electronic equipment and storage medium
US8625456B1 (en) Withholding a data packet from a switch port despite its destination address
US20160020971A1 (en) Node information detection apparatus, node information detection method, and program
Casparsen et al. Closing the security gaps in some/ip through implementation of a host-based intrusion detection system
CN114363083B (en) Security protection method, device and equipment of intelligent gateway
CN113056896B (en) Method for collaboration and request collaboration between protection services associated with at least one domain, corresponding agent and computer program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20230728

Address after: 200136 Room 6C, 720 and 728 Pudong Avenue, China (Shanghai) Pilot Free Trade Zone, Pudong New Area, Shanghai

Applicant after: Shanghai Tianrongxin Network Security Technology Co.,Ltd.

Address before: 100085 4th floor, building 3, yard 1, Shangdi East Road, Haidian District, Beijing

Applicant before: Beijing Topsec Network Security Technology Co.,Ltd.

Applicant before: Topsec Technologies Inc.

Applicant before: BEIJING TOPSEC SOFTWARE Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant