CN117061625A - Method for detecting path maximum transmission unit and related equipment - Google Patents
Method for detecting path maximum transmission unit and related equipment Download PDFInfo
- Publication number
- CN117061625A CN117061625A CN202310975785.3A CN202310975785A CN117061625A CN 117061625 A CN117061625 A CN 117061625A CN 202310975785 A CN202310975785 A CN 202310975785A CN 117061625 A CN117061625 A CN 117061625A
- Authority
- CN
- China
- Prior art keywords
- network
- mtu
- ipv6 network
- ipv6
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000005540 biological transmission Effects 0.000 title claims abstract description 43
- 238000001514 detection method Methods 0.000 claims abstract description 20
- 238000012360 testing method Methods 0.000 claims abstract description 17
- 230000003213 activating effect Effects 0.000 claims abstract description 10
- 239000000523 sample Substances 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 13
- 238000003860 storage Methods 0.000 claims description 11
- 238000010586 diagram Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 13
- 238000005457 optimization Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 11
- 238000012545 processing Methods 0.000 description 8
- 230000011218 segmentation Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 238000000926 separation method Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000013523 data management Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008521 reorganization Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 235000008694 Humulus lupulus Nutrition 0.000 description 1
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000001364 causal effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/741—Routing in networks with a plurality of addressing schemes, e.g. with both IPv4 and IPv6
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/167—Adaptation for transition between two IP versions, e.g. between IPv4 and IPv6
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a detection method of a path maximum transmission unit and related equipment, wherein in the method, a network is an IPv6 network, a network node corresponding to the network is generated according to detection data of the network, and a twin network of the network is established; injecting configuration information of network equipment in a network into corresponding network equipment in a twin network, activating a routing protocol corresponding to the network, and configuring routing parameters and system parameters which are the same as those of the network; determining MTU of each route under different routing strategies by detecting ICMPv6 information obtained after sending test messages; configuring a plurality of MTUs in a twin network, and selecting a target MTU from the MTUs; and sending the target MTU and the target route corresponding to the target MTU to the network as a target PMTU. The potential problems and risks in message transmission of the IPv6 network are reduced.
Description
Technical Field
The present application relates to the field of network transmission technologies, and in particular, to a method and related device for detecting a path maximum transmission unit.
Background
IPv6 networks have achieved scale deployment as an information infrastructure for the next generation of the internet. However, it is difficult to achieve both efficiency and security of message delivery in the IPv6 network.
In the related art, in order to improve the message transmission efficiency of the IPv6 network and simplify the function of the message forwarding device, the message forwarding network device in the IPv6 network does not segment the ultralong message, but directly discards the message, and notifies the message sender of the reason of discarding the message and the supported message length through the ICMPv6 message. The message sender segments and retransmits the message according to the message length supported by the received network equipment, and when the message reaches the message receiver, the message receiver reorganizes the message. Whether the message is segmented or not depends on the maximum message length supported by the network equipment interface on the route or the defined message length, but the segmentation and the reorganization of the message are responsible for the sender and the receiver of the message, and the separation between the segmentation decision and the segmentation behavior of the message brings potential risks to the IPv6 network, for example, icMPV6 message storm can seriously affect the network performance or face DoS attack risks.
Therefore, the PMTU discovery process in the related art is considered locally segment by segment, and potential problems and risks caused by the PMTU discovery process and the separation of the segments from the length restrictions in the IPv6 network are not fundamentally solved.
Disclosure of Invention
The exemplary embodiment of the application provides a detection method of a path maximum transmission unit and related equipment, which are used for reducing potential problems and risks in message transmission of an IPv6 network.
According to a first aspect in an exemplary embodiment, there is provided a method of detecting a path maximum transmission unit, the method comprising at least the steps of:
generating a network node corresponding to the IPv6 network according to the probe data of the IPv6 network, and establishing a twin IPv6 network of the IPv6 network;
injecting configuration information of network equipment in the IPv6 network into corresponding network equipment in the twin IPv6 network, and activating a routing protocol corresponding to the IPv6 network, and configuring routing parameters and system parameters which are the same as those of the IPv6 network;
determining MTU of each route under different routing strategies by detecting ICMPv6 information obtained after sending test messages;
configuring a plurality of MTUs in a twin IPv6 network, and selecting a target MTU from the MTUs;
and sending the target MTU and the target route corresponding to the target MTU to the IPv6 network as a target PMTU.
According to a second aspect in an exemplary embodiment, there is provided a detection device of a path maximum transmission unit, the device comprising:
a generating unit for: generating a network node corresponding to the IPv6 network according to the probe data of the IPv6 network, and establishing a twin IPv6 network of the IPv6 network;
a configuration unit for: injecting configuration information of network equipment in the IPv6 network into corresponding network equipment in the twin IPv6 network, and activating a routing protocol corresponding to the IPv6 network, and configuring routing parameters and system parameters which are the same as those of the IPv6 network;
a determining unit configured to: determining MTU of each route under different routing strategies by detecting ICMPv6 information obtained after sending test messages;
a selecting unit, configured to configure a plurality of MTUs in the twin IPv6 network, and select a target MTU from the plurality of MTUs;
a transmission unit configured to: and sending the target MTU and the target route corresponding to the target MTU to the IPv6 network as a target PMTU.
According to a third aspect of the exemplary embodiments, there is provided a detection device for a path maximum transmission unit, including a memory and a processor, on which a computer program is stored which is executable on the processor, the method for detecting a path maximum transmission unit as described in the first aspect being implemented when the computer program is executed by the processor.
According to a fourth aspect in an exemplary embodiment, a computer storage medium is provided, in which computer program instructions are stored which, when run on a computer, cause the computer to perform the method of detecting a path maximum transmission unit as described in the first aspect.
The technical effects caused by any implementation manner of the second aspect to the fourth aspect may refer to the technical effects caused by the corresponding implementation manner of the first aspect, and are not described herein.
According to the embodiment of the application, firstly, according to the probe data of the IPv6 network, the network node corresponding to the IPv6 network is generated, and the twin IPv6 network of the IPv6 network is established. Injecting configuration information of network equipment in the IPv6 network into corresponding network equipment in the twin IPv6 network, activating a routing protocol corresponding to the IPv6 network, configuring routing parameters and system parameters which are the same as those of the IPv6 network, and ensuring that the configuration and parameters of the twin IPv6 network are the same as those of the IPv6 network, so that the twin IPv6 network can realize the function of the IPv6 network, therefore, MTU of each route under different routing strategies is determined by detecting ICMPv6 information obtained after a test message is sent, a plurality of MTUs are configured and verified in the twin IPv6 network, and a target MTU is selected from the plurality of MTUs; and sending the target MTU and the target route corresponding to the target MTU to the IPv6 network as a target PMTU. The verified target PMTU is implemented in the IPv6 network, so that the network performance is improved, and potential problems and risks in message transmission of the IPv6 network are reduced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it will be apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 illustrates an application scenario diagram for discovering a PMTU according to an embodiment of the present application;
fig. 2 is a flowchart schematically illustrating a method for detecting a path maximum transmission unit according to an embodiment of the present application;
fig. 3 schematically illustrates a PMTU optimization system according to an embodiment of the present application;
fig. 4 schematically illustrates an optimization example of a PMTU provided by an embodiment of the present application;
fig. 5 schematically illustrates a structural diagram of a detection device of a path maximum transmission unit according to an embodiment of the present application;
fig. 6 schematically illustrates a structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application.
For convenience of understanding, the terms involved in the embodiments of the present application are explained below:
(1) A maximum transmission unit (maximum transmission unit, MTU) for informing the opposite party of the maximum size of the data service units that can be received, indicating the size of the payload that the sender can receive.
(2) A path maximum transmission unit (path maximum transmission unit, PMTU) is defined as the minimum of the maximum transmission units of all IP hops on the "path" traversed from the source address to the destination address.
(3) H100 and H101 each represent a host.
(4) C100, C101, each represent a network device of provider a.
(5) F100, F101, F102 each represent a network device of provider B.
(6) F200, F201, F202 each represent a network device of the provider C.
(7) XC100, XC101 each represent an edge network device.
(8) XF100, XF101, XF102, XF200, XF201, XF202, all represent forwarding network devices.
(9) XH100 represents selecting a network device; XH101 represents a network device of destination addresses.
(10) The iNBrain is a system core and comprises functions of data management, data analysis, network twinning, routing strategies and the like, and is responsible for establishing and driving an IPv6 twinning network. The system in the embodiment of the application can be a system for optimizing PMTU.
(11) NDx, NDy, NDz, …, etc. are mapping modules of virtual network devices, ibrain invokes and establishes a twin network node according to the network configuration.
(12) NWDR is a data management system of an IPv6 network, and is an interface between the IPv6 network and the isbirin, and may be a network operation system, or may be a network device or a network operation data center.
In the related art, in order to improve the message transmission efficiency of the IPv6 network and simplify the function of the message forwarding device, the message forwarding network device in the IPv6 network does not segment the overlength message, but directly discards the message, and notifies the message sender of the reason of discarding the message and the supported message length through the ICMPv6 message, the message sender segments and retransmits the message according to the received message length supported by the network device, and after the message reaches the message receiver, the message receiver reassembles the message. Whether the message is segmented or not depends on the maximum message length supported by the network equipment interface on the route or the defined message length, but the segmentation and the reorganization of the message are responsible for the sender and the receiver of the message, and the separation between the segmentation decision and the segmentation behavior of the message brings potential risks to the IPv6 network, for example, icMPV6 message storm can seriously affect the network performance or face DoS attack risks.
Among other things, ICMPV6 message storms may severely impact network performance. Because of the complexity of the network, different manufacturer devices, different entities and personnel are involved in planning, designing, constructing and operating and maintaining, different interface types, even if the same device may have a plurality of interfaces or a plurality of interfaces of different types, human errors of interface message maximum length threshold configuration are easy to occur, the human errors may be objectively limited by interface capability, if some key network nodes occur that the message maximum length threshold is set unreasonably, a large number of messages with overlarge ICMPV6 messages are transmitted in the network, a large number of bandwidth resources are occupied, thereby greatly reducing the utilization efficiency of network resources, even seriously affecting the network performance, and even possibly forming connection black holes, resulting in the situation that communication is impossible although connection is established.
In addition, in DoS attack risk, since the PMTU of the IPv6 network in the related art is discovered segment by segment, the message exceeding the PMTU length threshold will be discarded, and the network attacker can send the message exceeding the PMTU with high strength to seriously affect the network, unable to connect, even cause network paralysis, or the message is blocked by too long message, so that the sender cannot receive the message too long message, and the sender will not know the PMTU length on the message transmission path, thereby failing to communicate.
Therefore, the PMTU discovery process in the related art is considered locally segment by segment, and potential problems and risks caused by the PMTU discovery process and the separation of the segments from the length restrictions in the IPv6 network are not fundamentally solved.
To this end, an embodiment of the present application provides a method for detecting a path maximum transmission unit, where in the method, a network node corresponding to an IPv6 network is generated according to detection data of the IPv6 network, a twin IPv6 network of the IPv6 network is established, configuration information of network devices in the IPv6 network is injected into corresponding network devices in the twin IPv6 network, a routing protocol corresponding to the IPv6 network is activated, and routing parameters and system parameters that are the same as those of the IPv6 network are configured. In this way, the MTU of each route under different routing strategies can be determined by detecting ICMPv6 information obtained after sending the test message, a plurality of MTUs are configured in the twin IPv6 network, and a target MTU is selected from the plurality of MTUs; and sending the target MTU and the target route corresponding to the target MTU to the IPv6 network for implementation as a target PMTU.
After the design idea of the embodiment of the present application is introduced, some simple descriptions are made below for application scenarios applicable to the technical solution of the embodiment of the present application, and it should be noted that the application scenarios described below are only used for illustrating the embodiment of the present application and are not limiting. In the specific implementation, the technical scheme provided by the embodiment of the application can be flexibly applied according to actual needs.
Referring to fig. 1, an application scenario diagram for discovering PMTU is shown, where H100 sends a message with MTU of 1600 (bytes).
First case, case where C100 initially selects a route via F100: since the MTU of 200, 301 and 302 are 1600, 1800 and 1600 respectively, the message is successfully forwarded; but mtu=1500 of 303, smaller than the message sent by H100 (mtu=1600), F101 discards the message and sends ICMPv6 message to H100: the message is oversized (TYPE=2) and informs the H100 that the MTU=1500 supported by F101, and after the H100 receives the ICMPv6 message, the sent message is split into messages with the length smaller than 1500 and is resent; the C100 receives the message retransmitted after the H100 is split (mtu=1500), and the C100 selects 301 route, the message can be successfully sent, because the message length supported by 304 and 201 is 1600.
Second case, case where C100 initially selects a route via F200: c100 will return ICMPv6 message carrying mtu=1500 and the reason for the discard of the message (too large) to H100, H100 re-split the message (mtu=1500) and resend the message. F200 finds that the split message exceeds its MTU (=1400) supported by the route to H101, F200 discards the message and returns ICMPv6 message carrying mtu=1400 and the reason for discarding the message to H100; f202 finds that the message length exceeds the MTU (=1280) of the message to the H101 route after receiving the message, and F202 discards the message and returns the discard reason and the MTU (=1280) supported by the interface; and H100 receives ICMPv6 information returned by F202, re-splits the information according to MTU in the information and retransmits the information, and the information can successfully reach H101.
The routing policy will complicate the PMTU discovery process even more. For example, if the two routes 301 and 401 of the C100 use the load balancing routing policy, the retransmitted message does not have to walk back to the route of the previous discarded message, so that the network performance cannot reach the optimum, and the network resources are fully utilized. If a priority routing policy is used, the message can be routed from the more efficient 301 and signaling traffic on the network can be reduced.
In order to further explain the technical solution provided by the embodiments of the present application, the following details are described with reference to the accompanying drawings and the detailed description. Although embodiments of the present application provide the method operational steps shown in the following embodiments or figures, more or fewer operational steps may be included in the method based on routine or non-inventive labor. In steps where there is logically no necessary causal relationship, the execution order of the steps is not limited to the execution order provided by the embodiments of the present application.
In the following, referring to a flowchart of a detection method of a path maximum transmission unit shown in fig. 2 in conjunction with the application scenario shown in fig. 1, the method is applied to a detection device of the path maximum transmission unit, where a system for optimizing a PMTU is provided. The technical scheme provided by the embodiment of the application is explained.
S201: according to the detection data of the IPv6 network, generating a network node corresponding to the IPv6 network, and establishing a twin IPv6 network of the IPv6 network.
S202: injecting configuration information of network equipment in the IPv6 network into corresponding network equipment in the twin IPv6 network, and activating a routing protocol corresponding to the IPv6 network, and configuring routing parameters and system parameters which are the same as those of the IPv6 network.
S203: and determining the MTU of each route under different routing strategies by detecting ICMPv6 information obtained after the test message is sent.
S204: the multiple MTUs are configured in the twin IPv6 network, and one target MTU is selected from the multiple MTUs.
S205: and sending the target MTU and the target route corresponding to the target MTU to the IPv6 network as a target PMTU.
According to the embodiment of the application, firstly, according to the probe data of the IPv6 network, the network node corresponding to the IPv6 network is generated, and the twin IPv6 network of the IPv6 network is established. Injecting configuration information of network equipment in the IPv6 network into corresponding network equipment in the twin IPv6 network, activating a routing protocol corresponding to the IPv6 network, configuring routing parameters and system parameters which are the same as those of the IPv6 network, and ensuring that the configuration and parameters of the twin IPv6 network are the same as those of the IPv6 network, so that the twin IPv6 network can realize the function of the IPv6 network, therefore, MTU of each route under different routing strategies is determined by detecting ICMPv6 information obtained after a test message is sent, a plurality of MTUs are configured and verified in the twin IPv6 network, and a target MTU is selected from the plurality of MTUs; and sending the target MTU and the target route corresponding to the target MTU to the IPv6 network as a target PMTU. The verified target PMTU is implemented in the IPv6 network, so that the network performance is improved, and potential problems and risks in message transmission of the IPv6 network are reduced.
S201 is concerned, wherein the probe data includes network configuration data, network device data, and topology relationship data. The network configuration data is stored in a network configuration database, the device data is stored in a device database, and the topology relationship data is stored in a topology database. These three databases may also be stored in the same database, referred to as the target database, and are not limited herein. The content of each database is updated in real time.
By way of example, the method can be that the iNBrain collects probe data of an IPv6 network through an NWD, and network equipment data comprises equipment configuration information, supported routing protocols, system parameters and the like; the probe data may also include routing information (active routing protocols and their associated routing tables and parameters), network operation data, and the like.
This step can be realized in particular by steps A1-A3:
a1: a target database is determined.
The target databases herein may include network configuration databases, device databases, and topology databases.
A2: and identifying the probe data in the target database, and obtaining the type, the number, the suppliers and the virtual network devices of different suppliers of the network devices of the IPv6 network.
Wherein the type of network device may be of the type indicated at the beginning of C or at the beginning of F, and the virtual network device modules of different providers may be hardware devices that perform the same function as the network device.
A3: according to the type, the number, the suppliers and the virtual network devices of different suppliers of the IPv6 network, generating network nodes corresponding to the IPv6 network, and establishing a twin IPv6 network of the IPv6 network.
Illustratively, a network node corresponding to an IPv6 network is generated, and a twinned IPv6 network is established in conjunction with a topology database. The functions, network topological relations and configuration of the twin IPv6 network are consistent with those of the IPv6 network; network devices in the twinning network can be deployed in a centralized manner or in different areas.
Reference is made to S202: injecting configuration information of network equipment in the IPv6 network into corresponding network equipment in the twin IPv6 network, and activating a routing protocol corresponding to the IPv6 network, and configuring routing parameters and system parameters which are the same as those of the IPv6 network.
Referring to S203, in order to verify the effect in the twin IPv6 network, the ICMPv6 message obtained after sending the test packet may be acquired to determine the MTU of each route under different routing policies. The test message may be a message sent specifically, or a message normally transmitted by the IPv6 network. In the embodiment of the application, the MTU of each route under different routing strategies is determined by detecting ICMPv6 information obtained after the test message is sent.
Each route refers to a route in which ICMPv6 messages (type=2, report Wen Guochang) are statistically analyzed by the iscrain, flows in each direction are ordered by analyzing IPv6 operation data, a PMTU optimization process is focused on a flow rank on top (N may be set according to an analysis of network operation data or a target of network optimization), and ICMPv6 messages (type=2) rank top (M needs to be set according to an analysis of network operation data or an optimization target). The respective routes are determined according to the traffic for carrying the test messages and the number of ICMPv6 messages.
Taking any route as an example, the process of determining the MTU of the route is implemented through steps B1-B4:
b1: for a first route, ICMPv6 messages belonging to the first route are identified, resulting in MTUs between every two adjacent network devices.
Wherein the first route is any one of different routes. By combining network configuration and routing configuration, network equipment and interface types passed by a route can be obtained, and message lengths configured by interfaces on a first route are obtained at the same time, so that MTU between every two adjacent network equipment is obtained.
B2: among the MTUs between every two adjacent network devices, the largest MTU is taken as the first MTU.
Illustratively, the maximum message length supported by the first route, i.e., the first MTU, is obtained by comparing the MTU settings of which different interface the first route is, denoted as PMTUmax.
B3: a second MTU supported by a provider to which the network device under the first route belongs is determined.
According to the device database, the interface type of the network device and the maximum length of the message supported by the interface type are obtained, the interface capability of the network device on the first route is compared, and according to the configuration of the network device through which the first route passes, the minimum value of the maximum length of the message supported by the interface of the network device on the route, namely the second MTU, is represented by minMTUintmax.
B4: the smaller of the first MTU and the second MTU is taken as the MTU of the first route.
For example, if minMTUintmax is not less than PMTUmax, all interfaces MTUint on route R are set to PMTUmax; if the MINMTUintmax is smaller than the PMTUmax, the message length supported by all interfaces on the first route is set to be minMTUintmax.
In the embodiment of the application, the relation between the MTU of other routes and the MTU of the first route is determined according to the routing strategy. For example, if the routing policy is a load balancing policy, the MTU of the corresponding other route is the same as the MTU of the first route; if the routing policy is a priority routing policy or a separate routing, the MTU of the corresponding other route is the same as the MTU supported by the provider.
Specifically, the setting of the routing MTU is determined according to different routing strategies. Such as the relevant route of the load balancing strategy, the PMTU configuration of the route is basically the same; if a route is preferred, there may be a difference in PMTU configuration of the route. And obtaining the minimum MTU (minMTUintmax) and interface types supported by the network equipment interfaces through route configuration by using a load-balanced route group, setting the same type of interface MTU in the route group to be not more than minMTUintmax, setting the interface MTU to be not more than PMTUmax if the minMTUintmax is not less than PMTUmax, and setting the interface MTU to be not more than minMTUintmax if the minMTUintmax is less than PMTUmax. For some cases, it is difficult to achieve consistency of the MTU configuration of the interfaces due to the limitation of the interface type capability, at this time, it should be considered that the devices on the same route use the same type of interface as much as possible using the priority routing policy or the separate route. The interface MTU configuration method is the same as the individual routing configuration using the routing group of the priority routing policy.
S204: the multiple MTUs are configured in the twin IPv6 network, and one target MTU is selected from the multiple MTUs.
Wherein, multiple MTUs are configured and verified in the twin IPv6 network. Specifically, the ibrain configures a series of MTU values in the twin IPv6 network in combination with respective routes, and verifies in the twin network using operation data of the IPv6 network. I.e. the isbra select network device (e.g. XH 100) sends a message to another network device representing the destination address (e.g. XH 101) in the twin network, verifying the effect of the optimized PMTU value: the edge network device (XC 100) controls the message size of the message sending devices XH100, XH101, and the delay is reduced between forwarding network devices (XF 100, XF101, XF102, XF200, XF201, XF202, etc.), and between the edge network devices (XC 100, XC101, etc.) and the forwarding network devices (XFx) by minimizing or even not generating ICMPv6 message (type=2) of "too large message", which indicates that the PMTU optimization is effective, and the scheme is verified.
S205: and sending the target MTU and the target route corresponding to the target MTU to the IPv6 network as a target PMTU.
In this way, the risk of an IPv6 network is avoided, and the IPv6 network can be implemented directly from the target PMTU.
The application solves the potential problems and risks brought by PMTU discovery process from the IPv6 network, constructs an IPv6 twin network by utilizing IPv6 network equipment data, topological relation and configuration data, searches the optimal solution of the PMTU in the IPv6 network by continuous iterative optimization, avoids artificial errors by verification in the twin network, avoids the uncertainty possibly brought by implementing the unverified PMTU solution, improves the network reliability, and the constructed 'soft' twin network has the characteristics of low cost, flexible deployment and strong adaptability, can quickly adapt to the network topology adjustment, the change of network equipment and the update of network configuration, and enables the PMTU solution to be more close to the actual situation of the network, so that ICMPv6 message storm is not generated in the network any more, thereby eliminating the connection black hole, greatly improving the message forwarding efficiency and the utilization rate of network resources, achieving the cost reduction and efficiency enhancement, and finally realizing the intermediate smoothness and edge control of the IPv6 network, thereby eliminating the DoS attack risk based on the PMTU and realizing the self-optimization of the PMTU in the IPv6 network.
In order to make the technical scheme of the application more complete, the following uses a specific example to illustrate the process of the embodiment of the application:
still taking the network structure and configuration of fig. 1 as an example. The network device is provided by three suppliers, cx being supplier a, F10x being supplier B, F20x being supplier C, H10x being the host. Fig. 3 is a schematic diagram of a PMTU optimization system according to an embodiment of the present application, and fig. 4 is a schematic diagram of an optimization example of a PMTU according to an embodiment of the present application.
Referring to the figure, the isbra configures NDa, NDb, NDc and the general host function Hx unit according to the network device type and vendor. According to the network device configuration, call NDa, NDb, NDc builds XC100, XC101, XF100, XF101, XF102, and XF200, XF201, XF202, respectively, and call Hx builds XH100, XH101.
Referring to fig. 3, according to the interface configuration and the topology relationship of the network device, corresponding interfaces are configured for XC100, XC101, XF100, XF101, XF102, XF200, XF201, XF202 and XH100, XH101, the topology relationship is constructed, and an IPv6 cloud twin network is established.
By analyzing ICMPv6 message (type=2, message too large) of IPv6 network, iscrain can learn that, in the route where H100 is sent to H101, the message is most likely to be discarded on the F20x route due to the too long message. The ismrain is configured through network equipment, and can learn that the F20x route comprises devices such as C100, F200, F201, F202, C101 and the like, wherein the interface MTU between H100 and C100 is=1600, the MTU between C100 and F200 is=1500, the MTU between F200 and F201 is 1400, the MTU between F201 and F202 is=1500, the MTU between F202 and C101 is=1280, and the MTU between C101 and H101 is=1600. It can be seen that pmtumax=1600 configured on this route.
The imbrin queries the device database, finds that the device C10x provided by the a vendor supports MTUintmax as 1600, the device F20x provided by the vendor C supports MTUintmax as 1500, and determines that minmtuintmax=1500 supported by the device and minMTUintmax is less than PMTUmax through comparison, thus setting MTU on F20x route as 1500.
The isfrain analyzes the route to H101 and also includes F10x, and the two routes F10x and F20x are load sharing, the device F10x provided by the B vendor supports MTUintmax as 1800, but is limited by the supporting capability of the C10x device, the isfrain analyzes the two route load cases, and if the route is found to belong to a light load, the MTU on the F10x route will be the same as the configuration of F20x, i.e., mtu=1500, if the difference between mtu=1500 and mtu=1600 is not large. If the route is highly loaded, the routing policy may need to be changed and the MTU of the F10x route will be set to 1800, suggesting that the C100, C101 devices be upgraded to support the processing of longer messages.
After the ibrain determines the PMTU solution, deployment will be performed in the IPv6 cloud twinning network and it is required that XH100 send multiple sets of messages of different sizes to XH101 to check the validity of the solution. The description scheme is effective if the forwarding efficiency is improved and the forwarding efficiency on other routes is not deteriorated. The isbra will automatically generate enforcement instructions for the network devices of different vendors and submit the enforcement.
The objective of PMTU optimization is to improve the message forwarding efficiency. By optimizing the PMTU such that ICMPv6 messages of type=2 are not substantially present in the network, PMTU control is only present at the edge network device, i.e. C10X.
As shown in fig. 5, based on the same inventive concept, an embodiment of the present application provides a detection apparatus of a path maximum transmission unit, including a generation unit 51, a configuration unit 52, a determination unit 53, a selection unit 54, and a transmission unit 55.
A generating unit 51 for: generating a network node corresponding to an IPv6 network according to the probe data of the IPv6 network, and establishing a twin IPv6 network of the IPv6 network;
a configuration unit 52 for: injecting configuration information of network equipment in the IPv6 network into corresponding network equipment in the twin IPv6 network, activating a routing protocol corresponding to the IPv6 network, and configuring routing parameters and system parameters which are the same as those of the IPv6 network;
a determining unit 53 for: determining MTU of each route under different routing strategies by detecting ICMPv6 information obtained after sending test messages;
a selecting unit 54, configured to configure a plurality of MTUs in the twin IPv6 network, and select a target MTU from the plurality of MTUs;
a transmission unit 55 for: and sending the target MTU and the target route corresponding to the target MTU to the IPv6 network as a target PMTU.
In a possible embodiment, the generating unit 51 is specifically configured to:
determining a target database; the target database comprises a network configuration database, a device database and a topology database, and the detection data comprises network configuration data, network device data and topology relation data; the network configuration data is stored in the network configuration database, the equipment data is stored in the equipment database, and the topological relation data is stored in the topological database;
identifying the detection data in the target database, and obtaining the type, the number, the suppliers and the virtual network devices of different suppliers of the network devices of the IPv6 network;
generating network nodes corresponding to the IPv6 network according to the type, the number, the suppliers and the virtual network devices of different suppliers of the IPv6 network, and establishing a twin IPv6 network of the IPv6 network.
In a possible embodiment, the determining unit 53 is specifically configured to:
identifying ICMPv6 messages belonging to a first route aiming at the first route to obtain MTU between every two adjacent network devices; wherein the first route is any one of different routes;
among the MTUs between every two adjacent network devices, taking the maximum MTU as a first MTU;
determining a second MTU supported by a provider to which the network device under the first route belongs;
the smaller of the first MTU and the second MTU is taken as the MTU of the first route.
In one possible implementation, if the routing policy is a load balancing policy, the MTU of the corresponding other route is the same as the MTU of the first route;
if the routing policy is a priority routing policy or a separate routing, the MTU of the corresponding other route is the same as the MTU supported by the provider.
In a possible implementation manner, the routes are determined according to the traffic used for carrying the test message and the number of ICMPv6 messages.
In one possible embodiment, the transmission unit 55 is specifically configured to:
and acquiring the probe data of the IPv6 network through an interface between the probe data and the IPv6 network.
In one possible implementation, the network devices in the twin IPv6 network are deployed centrally or in a partitioned area.
Since the device is the device in the method according to the embodiment of the present application, and the principle of the device for solving the problem is similar to that of the method, the implementation of the device may refer to the implementation of the method, and the repetition is omitted.
The detection device of the path maximum transmission unit provided by the embodiment of the application may be an electronic device, and fig. 6 is a schematic structural diagram of the electronic device provided by the embodiment of the application; as shown in fig. 6, in an embodiment of the present application, taking an electronic device as an example, the electronic device 100 includes: a processor 101, a display 102, a memory 103, an input device 106, a bus 105, and a communication module 104; the processor 101, memory 103, input device 106, display 102, and communication module 104 are all coupled via a bus 105, and the bus 105 is used to transfer data between the processor 101, memory 103, display 102, communication module 104, and input device 106.
The memory 103 may be used to store software programs and modules, such as program instructions/modules corresponding to the method for detecting the path maximum transmission unit in the embodiment of the present application, and the processor 101 executes the software programs and modules stored in the memory 103, thereby executing various functional applications and data processing of the electronic device 100, such as the method for detecting the path maximum transmission unit provided in the embodiment of the present application. The memory 103 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program of at least one application, and the like; the storage data area may store data created according to the use of the electronic device 100 (e.g., relevant data such as vulnerability rules), etc. In addition, memory 103 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
The processor 101 is a control center of the electronic device 100, connects various parts of the entire electronic device 100 using the bus 105 and various interfaces and lines, and performs various functions of the electronic device 100 and processes data by running or executing software programs and/or modules stored in the memory 103, and invoking data stored in the memory 103. Alternatively, the processor 101 may include one or more processing units, such as a CPU, GPU, digital processing unit, or the like.
The processor 101 may present the alert information to the user via the display 102.
The processor 101 may also be connected to a network through the communication module 104 to obtain a user request, etc.
The input device 106 is mainly used to obtain input operations by a user, and the input device 106 may be different when the electronic devices are different. For example, when the electronic device is a computer, the input device 106 may be an input device such as a mouse, keyboard, etc.; when the electronic device is a portable device such as a smart phone or a tablet computer, the input device 106 may be a touch screen.
The embodiment of the application also provides a computer readable storage medium for the detection method of the path maximum transmission unit, namely the content is not lost after power failure. The storage medium has stored therein a software program comprising program code which, when executed on a computing device, when read and executed by one or more processors, implements aspects of the method of probing a path maximization transfer unit of any of the above embodiments of the application.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. A method for detecting a path maximum transmission unit, comprising:
generating a network node corresponding to an IPv6 network according to the probe data of the IPv6 network, and establishing a twin IPv6 network of the IPv6 network;
injecting configuration information of network equipment in the IPv6 network into corresponding network equipment in the twin IPv6 network, activating a routing protocol corresponding to the IPv6 network, and configuring routing parameters and system parameters which are the same as those of the IPv6 network;
determining MTU of each route under different routing strategies by detecting ICMPv6 information obtained after sending test messages;
configuring a plurality of MTUs in a twin IPv6 network, and selecting a target MTU from the MTUs;
and sending the target MTU and the target route corresponding to the target MTU to the IPv6 network as a target PMTU.
2. The method according to claim 1, wherein generating a network node corresponding to the IPv6 network from probe data of the IPv6 network and establishing a twin IPv6 network of the IPv6 network, comprises:
determining a target database; the target database comprises a network configuration database, a device database and a topology database, and the detection data comprises network configuration data, network device data and topology relation data; the network configuration data is stored in the network configuration database, the equipment data is stored in the equipment database, and the topological relation data is stored in the topological database;
identifying the detection data in the target database, and obtaining the type, the number, the suppliers and the virtual network devices of different suppliers of the network devices of the IPv6 network;
generating network nodes corresponding to the IPv6 network according to the type, the number, the suppliers and the virtual network devices of different suppliers of the IPv6 network, and establishing a twin IPv6 network of the IPv6 network.
3. The method according to claim 1, wherein determining the MTU of each route under different routing policies by detecting ICMPv6 messages obtained after sending test messages includes:
identifying ICMPv6 messages belonging to a first route aiming at the first route to obtain MTU between every two adjacent network devices; wherein the first route is any one of different routes;
among the MTUs between every two adjacent network devices, taking the maximum MTU as a first MTU;
determining a second MTU supported by a provider to which the network device under the first route belongs;
the smaller of the first MTU and the second MTU is taken as the MTU of the first route.
4. A method according to claim 3, characterized in that the method further comprises:
if the routing strategy is a load balancing strategy, the MTU of the corresponding other routes is the same as the MTU of the first route;
if the routing policy is a priority routing policy or a separate routing, the MTU of the corresponding other route is the same as the MTU supported by the provider.
5. A method according to claim 3, wherein the respective routes are determined based on the traffic for carrying the test message and the number of ICMPv6 messages.
6. The method according to claim 1, wherein the method further comprises:
and acquiring the probe data of the IPv6 network through an interface between the probe data and the IPv6 network.
7. The method of any of claims 1-6, wherein network devices in the twin IPv6 network are deployed centrally or in a partitioned area.
8. A detection apparatus for a path maximum transmission unit, comprising:
a generating unit for: generating a network node corresponding to an IPv6 network according to the probe data of the IPv6 network, and establishing a twin IPv6 network of the IPv6 network;
a configuration unit for: injecting configuration information of network equipment in the IPv6 network into corresponding network equipment in the twin IPv6 network, activating a routing protocol corresponding to the IPv6 network, and configuring routing parameters and system parameters which are the same as those of the IPv6 network;
a determining unit configured to: determining MTU of each route under different routing strategies by detecting ICMPv6 information obtained after sending test messages;
a selecting unit, configured to configure a plurality of MTUs in a twin IPv6 network, and select a target MTU from the plurality of MTUs;
a transmission unit configured to: and sending the target MTU and the target route corresponding to the target MTU to the IPv6 network as a target PMTU.
9. A path maximum transmission unit detection apparatus comprising a memory and a processor, the memory having stored thereon a computer program executable on the processor, which when executed by the processor, implements the path maximum transmission unit detection method of any one of claims 1 to 7.
10. A computer readable storage medium having a computer program stored therein, characterized in that the computer program, when executed by a processor, implements the method of detecting a path maximum transmission unit according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310975785.3A CN117061625A (en) | 2023-08-03 | 2023-08-03 | Method for detecting path maximum transmission unit and related equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310975785.3A CN117061625A (en) | 2023-08-03 | 2023-08-03 | Method for detecting path maximum transmission unit and related equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117061625A true CN117061625A (en) | 2023-11-14 |
Family
ID=88656526
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310975785.3A Pending CN117061625A (en) | 2023-08-03 | 2023-08-03 | Method for detecting path maximum transmission unit and related equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117061625A (en) |
-
2023
- 2023-08-03 CN CN202310975785.3A patent/CN117061625A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8949459B1 (en) | Methods and apparatus for distributed backbone internet DDOS mitigation via transit providers | |
US20200374127A1 (en) | Blockchain-powered cloud management system | |
CN110784400B (en) | N: 1 method, system and standby service gateway for redundancy of stateful application gateway | |
US20120311182A1 (en) | System and method for supporting controlled re-routing in an infiniband (ib) network | |
US10439901B2 (en) | Messaging queue spinning engine | |
EP2731313A1 (en) | Distributed cluster processing system and message processing method thereof | |
US10530669B2 (en) | Network service aware routers, and applications thereof | |
CN110912727B (en) | System and method for non-intrusive network performance monitoring | |
CN113472646B (en) | Data transmission method, node, network manager and system | |
US11082338B1 (en) | Distributed connection state tracking for large-volume network flows | |
US8886913B2 (en) | Apparatus and method for identifier management | |
CN112333172B (en) | Signature verification method and system | |
US8964596B1 (en) | Network service aware routers, and applications thereof | |
CN101102231B (en) | An automatic discovery method and device of PPP link routing device | |
CN117061625A (en) | Method for detecting path maximum transmission unit and related equipment | |
Shao et al. | Accelerating bgp configuration verification through reducing cycles in smt constraints | |
Sanjeetha et al. | Mitigation of controller induced DDoS attack on primary server in high traffic scenarios of software defined networks | |
You et al. | A coordinated algorithm with resource evaluation for service function chain allocation | |
US9401837B2 (en) | Network management method and network management system | |
Safdar et al. | ARP Overhead Reduction Framework for Software Defined Data Centers | |
US11882019B1 (en) | Source address validation for asymmetric routing | |
CN107113244B (en) | Data forwarding method, device and system | |
US12009968B1 (en) | Managing regional failover via DNS queries | |
CN111835550B (en) | Network node | |
CN116781303A (en) | DDoS attack protection method and related device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |